Forwarding Services Terms
Forwarding Services Terms
-
Forwarding Services. PayPal provides a service that enables Merchant to send Customer Data and other details from the Braintree vault to other PCI-DSS compliant third parties (“End Point”) whose Attestation of Compliance was completed by a Qualified Security Assessor (the “Forwarding Services”). Merchant agrees that the Forwarding Services shall be deemed part of (and included in) the definition of Gateway Services under the Payment Services Agreement found here: https://www.braintreepayments.com/legal/payment-services-agreement (“Agreement”).
-
Fees. In addition to any other amounts Merchant is responsible for pursuant to the Agreement, Merchant will also pay PayPal the fees and charges as agreed in writing. Fees charged pursuant to these terms will be subject to Section 2 of the Agreement (entitled Fees and Taxes).
-
Information Security. Prior to any forwarding of Customer Data hereunder to an End Point, and on an annual basis thereafter, Merchant shall provide PayPal a copy of End Point’s most current PCI-DSS Attestation of Compliance completed by a Qualified Security Assessor. Merchant shall also provide PayPal with any additional information as PayPal may reasonably request in order to confirm that the systems in which any Customer Data will be used, stored or transferred do not pose a material risk to the security or integrity of the Customer Data.
-
Representations and Warranties. Merchant represents and warrants that (i) it shall use the Forwarding Services only in compliance with applicable laws, regulations and Association Rules, (ii) it shall obtain all consents from its Customers to use, store and share Customer Data and (iii) that its privacy policies allow for the sharing of Customer Data and that it will comply with such policies.
-
End Points. Prior to forwarding any Customer Data to End Point, Merchant shall enter into an agreement with such End Point obligating End Point to abide by and fully comply with PCI-DSS in connection with any and all processing, storage and use of the Customer Data by the End Point; provided, however, that before Merchant and any End Point enter into such agreement, Merchant will conduct a due diligence review on End Point and will not enter into an agreement with End Point or otherwise provide access to the Customer Data under circumstances in which Merchant knows or should know that such End Point would post a material risk to the security or integrity of the Customer Data. Merchant agrees that PayPal, in its sole discretion, may contact the End Point to help verify PCI-DSS compliance, and if necessary PayPal may request that End Point provide PayPal with documentation or enter into an agreement regarding the safeguarding of the Customer Data. Merchant will provide notice to PayPal immediately upon becoming aware End Point (a) is non-compliant with PCI-DSS standards, or (b) fails to properly safeguard Customer Data.
-
Indemnification. Merchant shall indemnify, defend and hold harmless PayPal, its affiliates and their respective directors, officers, employees, contractors, service providers, successors and assigns from and against any and all third party claims, losses, liabilities, damages, suits, actions, government procedures, card association fines, taxes, penalties or interest, associated auditing and legal expenses and other costs (including reasonable attorneys’ fees and costs of suit) arising from or relating to Merchant’s breach of these terms and Merchant’s or End Point’s failure to safeguard the Customer Data, or as a result of PayPal’s forwarding of Customer Data to Merchant or End Point hereunder. In Merchant’s performance of its indemnification obligations, Merchant shall make no settlement that will be binding on PayPal without PayPal’s prior written consent.
-
Relationship to the Agreement. These terms are hereby incorporated into and made a part of the Agreement. To the extent that these terms conflict with the terms of the Agreement, these terms shall control with respect to matters concerning the Forwarding Services to the extent of such conflict. Except as amended by these terms, all terms and provisions of the Agreement shall continue and remain in full force and effect and binding upon the parties. Capitalized terms used herein and not otherwise defined shall have the meanings assigned to them in the Agreement.