Features

Pricing

About

Knowledge Hub

Contact

DocsTry for free

Version: 10th of Jan. 2022
‍

Service Agreement

1. Definitions

As used in this PCI Proxy Service Agreement (“Agreement”), the following terms shall have the meanings set forth below:

• Counterparty: You or the legal entity you are representing, as the direct contract partner of Datatrans using Services of Datatrans.
• Datatrans: Datatrans AG, Kreuzbühlstrasse 26, 8008 Zürich; Service provider of the PCI Proxy Services.
  
• Fees: Prices published on the pricing page on the effective date of this Agreement for the chosen Service Package or Service, or pursuant to any other agreement between Counterparty and Datatrans, if any, which is intended to supersede the published pricing.
• Financial Service Providers: Persons or legal entities engaged in the business of providing financial services in terms of authorisation issued or registration granted by a financial sector regulator.
  
• PCI DSS: Payment Card Industry (PCI) Data Security Standard requirements in its effective and applicable version.
• Receiver: The Receiver is the party that receives data directly from Datatrans on behalf of the Counterparty. A Receiver is not necessarily a customer of Datatrans but may be a client or partner of the Counterparty.
• Services: The Services provided by Datatrans as described on Datatrans’ PCI Proxy website and the associated product documentation.
• Service Package: Package of bundled Services and the associated Fees chosen by the Counterparty on Datatrans’ PCI Proxy website.
  

2. Subject of the Agreement

The subject of the Agreement is the usage of Datatrans ’PCI Proxy Services pursuant to this Agreement and subject to the conditions of the Service Package chosen by the Counterparty.

3. Components of the Agreement

The following components form the contractual agreement between Datatrans and the Counterparty: (i) this Agreement and (ii) Datatrans’ PCI Proxy “General Contract Terms”

Information on how PCI Proxy processes personal data is available in the PCI Proxy Privacy Policy. In the event of conflicts between the Agreement and the General Contract Terms, the terms of the Agreement shall prevail.

4. Data Security / PCI DSS Compliance

The Counterparty represents and warrants that it has implemented state of the art technical and organizational measures to safeguard data, including personal data.
‍
The Counterparty represents and warrants that it treats access data (i.e. the credentials to access the Services) and any further information provided under this Agreement as confidential information. Such information shall be protected against loss, disclosure and unauthorized access by third parties.

The Counterparty further represents and warrants to fully comply with the PCIDSS during the term of this Agreement.
‍
The Counterparty also represents and warrants that integrated Receivers shall -at all the time - fully comply with the PCI DSS.

The Counterparty procures that its Receivers disclose to Datatrans their annual PCI DSS Certificate not later than ten (10) days after the date of the issuing date or anytime upon request by Datatrans

If such PCI DSS Certificate will not be provided to Datatrans as stipulated in the above paragraph, Datatrans reserves the right to cease the provision of Services to the affected Receiver until such documentation has been provided to Datatrans. The Counterparty procures that the correct type of certification is secured and disclosed to Datatrans by each and any of its Receivers according to the PCI DSS requirements. Datatrans may at its own discretion notify the respective Receiver directly in case of Receiver’s non-compliance with the PCI DSS.

The Counterparty informs Datatrans immediately if one of its own Receivers has lost its PCI DSS compliance or if there is evidence or other indications that may question the PCI DSS compliance of such Receivers.

5. Technical Implementation

The Counterparty further represents and warrants that it integrates and uses the Services of Datatrans only in accordance with the valid technical specifications available on Datatrans’ PCI Proxy website. The Counterparty may not use or access any Service unless it abides by all the terms in this Agreement.

6. Show API

Datatrans’ Show API can display individual credit card numbers as required. The Counterparty ensures that the Show API is implemented according to Datatrans’ documentation and the use of this functionality takes place in compliance with the PCI DSS. The Counterparty ensures that the user administration of the Show API is fully compliant with all requirements of the PCI DSS at any time, including but not limited to requirement 8 of the PCI DSS. The Counterparty guarantees that the user administration of the Show API and the access to the script is treated strictly confidential at any time, is permanently protected against unauthorized access through state of the art technical and organizational measures and that these measures are assessed and amended periodically. Datatrans may at its own discretion deactivate the Show API functionality if suspicious activities have been identified, the security and/or the compliance with the PCI DSS is endangered or pre-defined block limits of the system have been reached. Datatrans informs the Counterparty immediately about such deactivations. The Counterparty is liable for any abuse of the Show API and its user administration. Datatrans liability arising from the use of the Show API is fully excluded to the maximum extent possible according to the applicable law.

Appendix 1: General Contract Terms

1. Subject matter and Scope of Application

Subject matter of these General Contract Terms are the PCI Proxy Service Packages and/or Services ordered of Datatrans AG, Kreuzbühlstrasse 26, 8008 Zürich, Switzerland. The Service Packages and Services of Datatrans are exclusively directed at legal persons. 

These General Contract Terms can be accessed, saved, and printed under the following link.

Contractual terms and conditions deviating from the General Contract Terms, namely also those which the Counterparty declares to be applicable together with the acceptance of the Agreement, shall only be valid if and insofar as they have been expressly accepted by Datatrans in writing. 

The General Contract Terms in their valid version at the time of the purchase of Services are applicable.

2. Contracting Party

These General Contract Terms are concluded with Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland (Datatrans) and you, as the direct contract partner that integrates and uses the Service Packages and/or Services (Counterparty).

3. Registration of a User Account

To conclude a contract with Datatrans, the Counterparty must register a User Account within the “Get production ready“ section on Datatrans' PCI Proxy Dashboard.

To register a User Account, the Counterparty must provide Datatrans with its business name according to the relevant commercial register, address, name and email of the representative, telephone, business identification number, the URL of its website, the nature of the business or its activities and other information that Datatrans requires to complete the registration. To verify the accuracy and adequacy of the information provided, Datatrans may collect other personal data that is processed in accordance with the Privacy Policy.

The Counterparty and its representative registering the User Account confirm that such representative is duly authorized to register a User Account on behalf of the Counterparty and to bind the Counterparty to these General Contract Terms and any other agreement entered into by the Parties. Datatrans may request additional information at its sole discretion, including but not limited to verify the authorization to duly represent the Counterparty by a consent of the board or any other document deemed appropriate by Datatrans, at any time during the term of these General Contract Terms to assess the risk associated with the Counterparty’s business. Failure to provide such information may result in suspension or termination of the Counterparty’s User Account.

The Counterparty warrants to keep the information in its User Account current and correct at any time. Any changes affecting the Counterparty, its business activity, including the Counterparty being subject of any voluntary or involuntary bankruptcy or insolvency application, petition or proceeding or any other bankruptcy proceeding, if there is an adverse change in Counterparty's financial condition, if there is a planned or anticipated liquidation or substantial change in the basic nature of Counterparty's business, if Counterparty transfers or sells 25% or more of its total assets, or there is any change in the control or ownership of Counterparty's business or parent entity, if there is a change in the regulatory status of Counterparty's business or Counterparty's business has been notified that it is the subject of an investigation or enforcement action by a regulator or law enforcement, or Counterparty receives a judgment, writ or warrant of attachment or execution, lien or levy against 25% or more of its total assets, or any other relevant information, must be promptly notified to Datatrans. The failure to do so may result in suspension or termination of the Counterparty’s User Account.

4. Conclusion of the Agreement

The registration of a User Account is required to order Service Packages or Services. 

A binding order is only triggered once the Counterparty or its representative has chosen a service package, entered all of the data required pursuant to Clause 3 of these General Terms and Conditions, acknowledged the Agreement and clicked on the button “Enable production mode”. Until the Counterparty clicks this button, it may change the chosen package non-bindingly. By clicking the button “Enable production mode”, the Counterparty gives its consent to Datatrans for the conclusion of a contract.

Upon reception of the binding order of the Counterparty by Datatrans, an automatically generated email will be sent to the Counterparty to confirm the reception of the order (Confirmation of Receipt). The Confirmation of Receipt will consist of information on the ordered Service Package or Services and the relevant documents of the Agreement. The Confirmation of Receipt does not automatically imply the conclusion of the agreement.  

Datatrans reserves the right to accept or decline the order. Datatrans is not obligated to conclude a contract based on an order. An order can be cancelled or rejected in particular if there is a violation of these General Contract Terms or a corresponding suspicion. Such a case exists particularly if the Counterparty has not paid for previous orders. The Counterparty will be informed about cancellations and refusals by email.
‍
The Agreement is concluded only upon Datatrans’ explicit confirmation of acceptance (i) by sending the Counterparty an invoice, (ii) by confirming the enablement of the Service Package or Services in the Counterparty’s User Account, or (iii) by enabling the Counterparty’s User Account for the Service Package or the Services without confirmation.  

5. Services

The Service Package or Services chosen by the Counterparty and provided by Datatrans are described in the current product documentation at the time of conclusion of the contract. Datatrans is entitled to adapt its Service Packages or Services, including software and connections, inter alia due technological advancements, changing or new requirements of Financial Service Providers or the PCI DSS provided that the functionality of the contractually agreed Service Packages or Services will be preserved. Datatrans will provide the Counterparty with advance notice of such changes within a reasonable period of time prior to the changes.

6. Availability of Services

Datatrans uses reasonable endeavours to maintain the availability of the Services to the Counterparty but does not guarantee 100% availability. Particularly, downtime caused directly or indirectly by any of the following is not considered a breach of these General Contact Terms:

• force majeure events;
  
• fault or failure of the Internet or any public telecommunications network;
• any breach by the Counterparty of the Agreement or these General Contract Terms;
• scheduled maintenance; or
  
• fault or failure of the Counterparty's IT systems or networks;
• non-availability of Financial Service Providers and/or any other third parties being involved in the service delivery.

The Counterparty is obliged to report functional failures, malfunctions or impairments of the Services immediately and as precisely as possible to Datatrans.

7. Suspicion of Unauthorised or Illegal Use of Services

Datatrans may refuse, condition, or suspend any transactions that it believes:

• may violate these General Contract Terms or other agreements the Counterparty may has with Datatrans;
  
• are unauthorised, fraudulent or illegal; or
• expose the Counterparty, Datatrans, or other third parties to risks unacceptable to Datatrans.

If Datatrans suspects or knows that the Counterparty is using or has used the Services for unauthorised, fraudulent, or illegal purposes, Datatrans may share any information related to such activity with the appropriate financial institution, regulatory authority, or competent law enforcement authority consistent with its legal obligations. Such information may include information about the Counterparty, its User Account, its customers, and transactions made through its use of the Services.

8. Datatrans’ Rights and Obligations

Datatrans is responsible for the operation and maintenance of the Datatrans Platform in accordance with the PCI DSS.

Datatrans guarantees uninterrupted maintenance of its own PCI DSS certification. The Counterparty can inspect Datatrans’ PCI DSS certification at any time during the term of this agreement.

Datatrans guarantees that its Services will be rendered in a technically correct and state-of-the-art manner in accordance with the respective applicable product documentation. The Services solely concern technical processing of data. Datatrans does not assume any collection role and does not take receipt of any customer funds.

9. Support and Monitoring

Datatrans will provide support with the Service Packages or Services selected. The service levels associated with the selected Service Package or Service is described in the documentation for each Service Package. The Datatrans Platform is monitored twenty-four (24) hours a day and seven (7) days a week.

10. Counterparty’s Rights and Obligations

The Counterparty is not entitled to resell the Service Packages, Services or any parts thereof provided by Datatrans to third parties, unless without a supplementary written agreement is concluded with Datatrans in writing. 

The Counterparty warrants that the email address provided in its User Account is active and appropriately monitored at any time. The receipt of alerting messages to this email address shall be deemed to be confirmed upon delivery by Datatrans.

The Counterparty is obligated to treat as strictly confidential all identifying characteristics that are used for the identification/authentication of the Counterparty in connection with its use of the Service Packages and/or Services provided by Datatrans. All actions and transactions executed with identifying characteristics of the Counterparty are deemed to be approved by the Counterparty.

The Counterparty is responsible:

• for the correct implementation of the Services in accordance with Datatrans’ specifications;
  
• transmission of data in accordance with Datatrans’ specification;
• installing and operating its own systems and connections;
• the processing and general use of data received in accordance with the PCI DSS, all applicable data protection laws, regulations and any other applicable law and ensuring that its Receivers process data accordingly.

To the extent tokenization is part of the Service Package or the Services selected by the Counterparty, the Counterparty ensures that the tokens are stored and protected against unauthorized access with state of the art technical and organizational measures.

The Counterparty represents and warrants that it uses the tokens of the Services only within its own environment. The transfer of tokens from the Counterparty’s environment to any third-party is only permitted with Datatrans’ prior written consent.

The Counterparty is required to use all verification methods available to verify its submitted data is correctly processed by Datatrans.

Towards its Receivers the Counterparty is solely responsible for the first level support.

11. Payment

The applicable Fees for Service Packages or Services selected by the Counterparty are governed by the Agreement. Unless indicated to the contrary, Fees are exclusive value added tax (VAT). For the avoidance of doubt, the Counterparty must pay all taxes, fees and other charges imposed by any governmental authority, including any VAT on the Service Packages or Services provided under this Agreement.  

The Counterparty agrees to pay the Fees assessed by Datatrans to Counterparty for providing the Services. The billing period will start at the date of the conclusion of this Agreement pursuant to Clause 4 of these General Terms and Conditions. Invoices from Datatrans are due for payment thirty (30) days after they have been issued. The Counterparty is prohibited to offset invoices from Datatrans against any amounts owed to it.

Datatrans may charge Counterparty’s credit card or other payment mechanism that Counterparty has selected and which has been confirmed by Datatrans with any Fee amounts due and payable.

Datatrans may amend the Fees at any time. Datatrans will provide the Counterparty with at least thirty (30) days’ advance notice before revisions of Fees become applicable. Datatrans provides the Counterparty the option to terminate its User Account in the event that Datatrans changes the price of a Service Package or Service Counterparty has subscribed to at the end of the month, subject to thirty (30) days’ notice. The Counterparty agrees that, if Datatrans is unable to collect the Fees owed by the Counterparty for the Services provided by Datatrans to the Counterparty, Datatrans may take all necessary steps to collect those Fees from the Counterparty and the Counterparty is liable for all costs and expenses related to Datatrans’ fee collection efforts including but not limited to collection fees, court and legal fees.

In addition, Counterparty agrees that Datatrans may charge interest at a rate of 1% per month on any unpaid amounts due.

12. Representations and Warranties

Datatrans does not represent and warrant that the Services are free of defect and/or mistake. Services are provided on an “as is” basis with all faults. 

Datatrans disclaims all representations and warranties, express or implied, with view to the Services:

• usability, condition or operation;
  
• merchantability;
• fitness for any particular purpose; or
• non-infringement of third-party intellectual property rights.

All of the Datatrans' representations and warranties in respect of the subject matter of these General Contract Terms are expressly set out in these General Contract Terms. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of these General Contract Terms will be implied into these General Contract Terms or any related agreement.

13. Acknowledgments

The counterparty acknowledges that the Service Packages and Services offered by Datatrans are technical measures to increase security and reduce the risk of abuse, but do not offer complete protection. The Counterparty is responsible for selection and adjustment of these Services and for compliance with the PCI DSS and other Financial Service Provider’s security regulations. 

Datatrans does not represent or warrant that the Datatrans Service is entirely free from defects, errors, bugs and is completely secure as well as uninterruptedly accessible.

14. Force Majeure

Datatrans shall not be liable to the Counterparty nor shall any other remedy be extended in respect of anything which, apart from this provision, may constitute a breach of the terms of these General Contract Terms arising by reason of force majeure (i.e. any event beyond Datatrans' reasonable control, including acts of war, earthquakes, hurricanes, floods, fires or other similar casualties, embargos, riots, terrorism, sabotage, strikes, governmental acts, insurrections, pandemics, epidemics, failures of power, restrictive laws or regulations, court orders, condemnation, failure of the Internet or other event of a similar nature). If Datatrans is unable to provide the Services for a period in excess of thirty (30) consecutive calendar days due to an event of force majeure, then Datatrans or the Counterparty may terminate the relevant Service(s) upon written notice to the other Party.

15. Penalties

The Counterparty is responsible for any penalties or fines imposed in relation to its Datatrans User Account on itself, Datatrans or any third party resulting from Counterparty's use of Services in a manner not permitted by this Agreement or any applicable rules and regulations.

16. Indemnification

The Counterparty indemnifies Datatrans and its officers, directors and employees against all liability and costs, including the potential and actual costs of litigation, if any claim is brought against Datatrans by any third party, including Counterparty's employees, as a result of any act or omission by the Counterparty under its control or related to its business activities. The indemnification exists in particular in connection with claims of third parties with regard to:

• the use of the Services under this Agreement by the Counterparty;
• claims arising out of or in connection with the Show API or the cease of Services based on non-compliance with the PCI DSS or other suspicious activity;
• violations of these General Contract Terms or applicable law by the Counterparty.

Datatrans notifies the Counterparty immediately of any such claim and, to the extent legally permissible, gives the Counterparty the opportunity to defend itself against such claims. At the same time, the Counterparty immediately and completely informs Datatrans of all information available to the Counterparty regarding the facts of the claim.

17. Liability

Nothing in this Agreement shall limit or exclude the liability of Datatrans for:

• intent or for gross negligence
  
• death or personal injury;
• any act, omission or matter, for which liability may not be excluded or limited under applicable law.

Any further liability of Datatrans, in particular liability for slight negligence as well as liability for auxiliary persons and substitutes is excluded.

Datatrans shall not be liable for actions or omissions of the Financial Service Providers and/or any third parties being part of the payment process.

Datatrans is not liable for any damage arising out of the interruption or the cease of the Services in case of a suspicion of a compromise, if a data breach, a breach of PCI DSS by one of the Counterparty’s Receivers, a loss of PCI DSS compliance by one of the Counterparty’s Receivers, a breach of other obligations of the Counterparty or its Receivers, security and/or the compliance with the PCI DSS of Datatrans is endangered or pre-defined block limits of the system have been reached.

The Counterparty shall be liable to Datatrans for all damages resulting from the non-fulfilment or improper fulfilment of contractual duties and obligations by the Counterparty. In particular, Datatrans shall be entitled to charge the Counterparty any claims for damages of third parties as well as all other damages or other expenses caused by the improper compliance by the Counterparty with the present provisions. If the Counterparty calls in any third-party companies, it is liable for any damage caused by them, as if it had caused them itself.

18. Data Protection

The Counterparty confirms that it has read the privacy policy and is aware which data will be processed and how Datatrans handles personal data. If personal data is processed by Datatrans for the Counterparty, the Parties will conclude a data processing agreement.  Each Party represents and warrants that it complies with all applicable data protection laws and regulations.

The Counterparty represents and warrants that it has obtained valid consents under applicable data protection laws and regulations to disclose personal data to Datatrans or allow Datatrans processing personal data transferred to Datatrans by the Counterparty.

19. Term and Termination

These General Contract Terms and the Agreement are effective upon acceptance of Counterparty’s offer by Datatrans according to Clause 4 of the General Contract Terms. It is valid for an indefinite period of time as long as the Counterparty uses the Services and unless not terminated in accordance with this Clause, but at least for an initial term of one (1) month.

The Counterparty may terminate the Agreement as per the end of each calendar month, subject to thirty (30) days’ advance written notice thereof by closing its account directly by following the directions on Datatrans’ PCI Proxy Dashboard.

Datatrans may terminate this Agreement at any time upon providing the Counterparty with a fifteen (15) days’ notice.

The right to terminate the Agreement for good cause remains reserved. Good cause particularly exists:

• in the event of a breach of contract (including payment default) by the Counterparty that has been notified but not resolved within thirty (30) days after notification;
• if Datatrans determines in its sole discretion that the Counterparty is ineligible for the Services because of the risk associated with the Counterparty’s User Account, including but not limited to significant fraud risk or any other reason.
• in the event that tokens are passed on outside of the Counterparty’s environment without prior written permission of Datatrans;
• if one of the Counterparty’s Receivers does not comply with the PCI DSS or if Datatrans has justified suspicion and notified the Counterparty and the respective Receiver thereof and the compliance with the PCI DSS by one of the Counterparty’s Receivers has not been resolved within the indicated period in such notification;
• if the Counterparty is dissolved, ceases to conduct all (or substantially all) of its business, is or becomes unable to pay its debts as they fall due, is or becomes insolvent or is declared insolvent, or convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;
• an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the Counterparty;
• or an order is made for the winding up of the Counterparty, or the Counterparty passes a resolution for its winding up.

20. Effect of Termination

Termination does not immediately relieve the Counterparty of obligations incurred under these General Contract Terms. Upon termination the Counterparty agrees:

(i)   to stop accepting new data through the Service;
(ii)  to cease the use of the Service
(iii) to discontinue the use of and remove all Datatrans logos or other references from its website(s);
(iv) that Datatrans reserves the right to delete all information or account data stored on its servers; and
(v) that the Counterparty remains liable for any Fees or any other financial obligation incurred prior to termination.

21. Confidentiality

The Parties mutually agree to maintain strict confidentiality of all confidential information of the other Party. Datatrans is entitled to employ subcontractors and agents to assist in providing Services, but it must impose similar confidentiality undertakings on them.

Datatrans agrees to treat all transmitted data as confidential in relation to third parties.

22. Relationship between the Parties and to Third Parties

Neither Party is an agent or representative of the other Party nor has any authority to enter into obligations in favor of third parties.

23. References

Each Party can reference the other party for marketing purposes based on the prior written consent of the other Party.

24. Assignment

The Counterparty may not assign and/or transfer any rights and/or claims under these General Contract Terms without the prior written consent of Datatrans.

25. Amendments

Datatrans reserves the right to amend and to supplement these General Contract Terms at any time. The Counterparty will be notified in writing, whereby email is considered as sufficient, at least thirty (30) days before entering into force of the amendments and/or supplements to these General Contract Terms. If the Counterparty does not agree with the notified amendment or supplement, it has the right to terminate the Agreement or parts of it affected by the amendment and/or supplement at the time before the amendment and/or supplement enters into force. If such termination will not be requested by the time the amendment and/or supplement becomes effective, it is deemed to be accepted by the Counterparty and becomes integral part of the Agreement between the Parties.

26. Severability

Should any provision of these General Contract Terms become invalid or ineffective in whole or in part, such provision shall not affect the validity and effectiveness of the other provisions of these General Contract Terms and shall be replaced by a provision that reflects to the fullest extent possible the original intention of the Parties and the economic purpose that the Parties intended to achieve with such provision.

27. Applicable Law

The Agreement is governed by Swiss Law under the exclusion of the rules of conflicts of laws. The competent, ordinary courts in Zurich/Switzerland have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement or any other agreement between the Parties.

28. Jurisdiction

The competent, ordinary courts in Zurich (Switzerland) shall have exclusive jurisdiction over any dispute arising out of or in connection with this these General Contract Terms.