Name: Worldline
Price range: $

Please take the time to read the terms & conditions applicable to your product below. You should read the entire terms and conditions carefully, as they form part of a legally binding agreement between you, the merchant, and Bambora.

Updated: June 26, 2019

This agreement applies to all users of the Bambora Online payment service who have been approved to accept Visa and MasterCard transactions. This agreement is made between (1) You, the merchant; (2) National Australia Bank Limited (NAB); and (3) Bambora Online Pty Ltd (Bambora).

1. DEFINITIONS

1.1 Unless the contrary intention appears, the following words have these meanings in this Agreement:

Banking Day means a day on which banks are open for general banking business in Melbourne Australia except for Saturdays, Sundays and National Public Holidays in Australia.

Bambora Online refers to Bambora Online Pty Ltd, ABN 86 095 635 680.

Card Schemes means, unless otherwise agreed by the parties, Visa and MasterCard.

Card Scheme Rules means the rules and regulations which regulate participants in the Card Schemes.

Cardholder means the Person in whose name the Card has been issued.

Chargeback is the reversal of a sales transaction.

Card means a card that has been designated by the issuer as a Visa or MasterCard card or a card issued by any other card scheme which you have agreed to accept and We have agreed to process.

Data Breach means any occurrence which results in the unauthorised access by a third party to confidential data relating to card transactions stored by Your business or any entity engaged by you to provide storage or transmission services in respect of that data.

Data Security Standards means the Payment Card Industry Data Security Standards (“PCIDSS”) mandated by the Card Schemes for the protection of Cardholder details and transaction information, and any additional or replacement standards of which You are advised from time to time.

NAB refers to the National Australia Bank Limited, ABN 12 004 044 937.

Payment Service means the service provided by Bambora.

Person includes an individual, firm, body corporate, unincorporated body or association, partnership, joint venture and any government agency or authority.

Personal Information refers to information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, which is received by You from any source as a consequence of the performance of the rights and obligations under this Agreement.

PIN means the personal identification number allocated by NAB, a card issuer or personally selected by the account holder.

Privacy Law means all legislation and principles relating to the collection, use, disclosure, storage and granting of access rights to Personal Information.

Related Body Corporate has the meaning given to it in the Corporations Act, 2001 (Cth).

Relevant Law means any:

(a) statute, ordinance, code or other law including regulations and other instruments under them that are relevant to the obligations and rights of this Agreement; and

(b) any code of practice, guidelines or standards issued by relevant regulators or industry bodies, including any card scheme rules relevant to this Agreement.

Transaction Receipt means a document used to evidence a transaction.

We, Us and Our means, collectively, NAB and Bambora.

You and Your means the Person to whom the Payment Service is provided by Us

2. APPROVAL TO USE PAYMENT SERVICES

2.1 You acknowledge that:

(a) the operation of this Agreement is conditional on NAB approving an application for Bambora to provide the Payment Services to You; and

(b) in relation to information provided by You to Bambora in connection with Your application:

(i) Bambora may provide that information to NAB;

(ii) We may rely on such information as being complete, accurate and not misleading or deceptive; and

(iii) NAB is not obliged to verify the completeness or accuracy of the information it receives from Bambora; and

(c) We may obtain from any Card Scheme or a person who is involved in any Card Scheme, any credit reporting agency or any other person, information about Your merchant history or Personal Information about You, a Related Body Corporate, Your officers, employees or agents for any purpose relating to the operation of those Card Schemes and We can use any such information to assess an application from Us under clause 2.1 (a);

(d) We can disclose information about Your merchant history, a data breach and relevant Personal Information in the following circumstances:

(i) to any Card Scheme or to any person who is involved in any Card Scheme, information about You for any purpose related to the operation of those schemes, card fraud detection agencies (including information about termination of merchant solutions and reason(s) for termination of NAB merchant solutions; and

(ii) where the law requires or permits Us to do so; and

(iii) where We have reasonable grounds to believe that either you are involved in dishonest or criminal activity, are a victim of such activity, may have information relevant to an inquiry into such activity or have experienced a data breach, to any state or federal law enforcement or regulatory agency whether or not We have been requested by that agency to provide such information; and

(e) We can disclose Your information to any related entities of ours and to any outsourced service providers engaged by Us (for example, mail houses, debt collection agencies (where necessary) or data analytics providers); and

(f) the decision whether to approve Your application is at NAB’s sole discretion and the reason for any decision which is made may not be given to You;

(g) an approval by NAB is specific to Bambora providing payment services to you and does not in any way constitute a representation by NAB that you will able to use the services of another payment service provider or of NAB directly should you cease using Bambora’s payment services for any reason; and

(h) any information obtained by NAB during its assessment of an application under clause 2(a) is and remains confidential to NAB and will not be shared with You. NAB is bound by Card Scheme Rules and all correspondence and discussions between Card Schemes and NAB are confidential as between NAB and the Card Schemes.

2.2 You represent and warrant that:

(a) any information You provide to Bambora in connection with an application for Bambora to provide the Services is complete, accurate and not misleading or deceptive; and

(b) if You have disclosed Personal Information to Bambora in connection with the application under clause 2.1(a), You have obtained the relevant individual’s prior consent to the disclosure and otherwise complied with Your obligations under Privacy Law; and

2.3 You acknowledge and agree that:

(a) Bambora and NAB are authorised to obtain from third parties financial and credit information relating to You in connection with our decision to approve Your application and in respect of our continuing evaluation of Your financial and credit worthiness; and

(b) any information collected by Bambora may be disclosed by Us to NAB.

2.4 The Parties agree that no Party is or will be bound by this Agreement unless and until NAB has confirmed its approval for Bambora to provide the Payment Services to You.

3.1 You:

(a) must immediately notify Bambora of any change to Your financial position which may affect Your ability to perform Your obligations under this Agreement; and

(b) must provide Bambora with ten (10) Banking Days’ prior written notice of any change in Your place of business, internet address, website name, email address or telephone number, must not carry on business in a place which has not been approved by Bambora and must not move Your place of business without our prior written consent; and

(c) must not change Your business name or ownership of Your business without giving Bambora ten (10) Banking Days’ notice prior notice and not substantially change the type of goods and services You sell without Our prior written consent; and

(d) only submit a sales transaction where You are the supplier of the goods and/or services; and

(e) not submit transactions on behalf of a third party. For the avoidance of doubt, this includes submitting transactions for goods or services sold on another Person’s website; and

(f) must allow the employees, contractors or agents of Us or those of any Card Scheme reasonable access to Your premises during normal business hours to check Your compliance with this Agreement, the Data Security Standards or for the purposes of the relevant Card Scheme Rules; and

(g) must provide Bambora and NAB with all information and assistance reasonably required to perform their obligations and to deal with any queries in relation to the Payment Service; and

(h) must comply with all applicable Card Scheme Rules and Relevant Laws and contractual requirements in accepting card payments and performing Your obligations under this Agreement; and

(i) will observe and implement the fraud prevention procedures set out in the manuals, guides or directions provided to You, unless otherwise mutually agreed to by the parties.

3. Data Security Standards

3.2 This clause applies to You if You collect payment data directly from a cardholder or store any cardholder data. In addition to the other provisions of this agreement, You acknowledge and agree:

(a) You must protect stored cardholder data, regardless of the method used to store such data. Data storage also includes physical storage and security of cardholder data. Some examples of other data storage which must be secured include an access or excel database and hard copy files. Storage should be kept to the minimum required for business, legal, and/or regulatory purposes; and

(b) You must not store the personal identification number (PIN) or sensitive authentication data after authorization (even if encrypted); and

(c) if Bambora or NAB tell You that You must comply with the Data Security Standards, You must, at Your cost, successfully complete the protocols for the Data Security Standard within the time frame stipulated by Bambora or the Card Schemes, implement processes and procedures that enable You to meet the Data Security Standards, and follow those processes and procedures. You acknowledge and agree that if you fail to do so:

(i) Bambora or NAB may terminate the merchant services; and

(ii) You are liable for any fine imposed upon NAB by the Card Schemes as a result of Your failure to comply; and

(iii) You are liable for any fines which the Card Schemes levy in the event that You suffer a card data compromise incident, and have not complied with the PCIDSS Accreditation program; and

(d) NAB is obliged to report all Data Breach events to Card Schemes, law enforcement agencies and/or Australian regulators. You grant irrevocable and enduring consent for NAB to release details of any such Data Breach to the aforementioned bodies;

(e) You must immediately notify Us if you become aware of any Data Breach or a suspected, potential, anticipated or attempted Data Breach relating to cardholder data held by You or on Your behalf; and

(f) If You have suffered a Data Breach or if We become aware of, or suspect, any such Data Breach:

(i) You must give NAB and its agents full access to Your systems and databases to facilitate a forensic analysis to ascertain:

(A) what card data has been compromised; and

(B) what weaknesses in the system permitted the unauthorised access to the database; and

(ii) all costs of the forensic analysis must be paid by You; and

(iii) in order to continue processing card transactions, You must undergo a full Payment Card Industry Data Security Standard (“PCIDSS”) accreditation. All costs of this accreditation exercise must be paid by You.

Your duties to Cardholders

3.3 Subject to the other provisions of this Agreement, You:

(a) must accept any valid and acceptable Card in a transaction; and

(b) must only send Bambora a sales transaction when You have committed to provide the goods and services to the customer; and

(d) must perform all obligations (including supplying all goods and/or services) to the cardholder in connection with the sale; and

(e) must not sell, purchase, provide or exchange any information or document relating to a Cardholder’s account number, or Card number, or a transaction, to any Person other than:

(i) Bambora;

(ii) NAB; and

(iii) the card issuer; or

(iv) as required by law; and

(f) must destroy any document that is no longer required to be retained by applicable law or card scheme rules, in a manner which makes the information unreadable; and

(g) must take reasonable steps to ensure that the information and documents mentioned in (e) are protected from misuse and loss and from unauthorised access, modification or disclosure; and

(h) must not make any representation in connection with any goods or services which may bind Bambora, NAB or any Card Scheme; and

(i) must not indicate or imply that We or any Card Scheme endorse any goods or services or refer to a nominated Card in stating eligibility for goods, services, or any membership; and

(j) must not accept a Card or a transaction which is of a type You have been previously advised is not acceptable; and

(k) must prominently and unequivocally inform the Cardholder of Your identity at all points of Cardholder interaction (including on any relevant web site, promotional material and invoice) so that the Cardholder can readily distinguish You from Bambora, any supplier of goods or services to You, or any other third party; and

(l) must provide notice to any Cardholder with whom You enter into a transaction that You are responsible for that transaction, including for any goods or services provided, any payment transaction, related service enquiries, dispute resolution, and performance of the terms and conditions of the transaction; and

(m) must not unfairly distinguish between issuers of a Card when accepting a transaction; and

(n) must not refuse to complete a transaction solely because a Cardholder refuses to provide additional identification information in circumstances where We do not require You to obtain it; and

(o) if You collect or store Cardholder information, You must comply with any Data Security Standards notified to You; and

(p) You may must not transfer or attempt to transfer financial liability under this Agreement by asking or requiring a Cardholder to waive his or her dispute rights.

Recurring transactions

3.4 You may only process a transaction as a recurring transaction if:

(a) You have obtained cardholder permission (either electronically or in hardcopy) to periodically charge for a recurring service; and

(b) You retain this permission for the duration of the recurring services and make it available to Us on request; and

(c) You provide a simple and accessible online cancellation procedure, if the cardholder request for the goods or services was initially accepted online.

Indemnity

3.5 You agree to indemnify and hold NAB harmless from and against any fines imposed on NAB by a Card Scheme because of Your conduct in relation to the merchant services, including any fines imposed as a result of an unacceptable rate of chargebacks.

4. WEBSITE REQUIREMENTS

4.1 Unless You are otherwise notified in writing, You must, before You accept any electronic commerce transaction over the Internet, establish and maintain at Your own expense a web site that complies with the requirements of clause 4.2.

4.2 The web site must clearly display the following information:

(a) Your business name (and Australian Business Number as applicable); and

(b) the address of Your approved place of business; and

(d) a complete description of the goods and services available for purchase on Your web site with the price advertised in Australian dollars or, if We have agreed that You can process transactions in another currency, that currency; and

(e) details of Your return and refund policy, including how a transaction can be cancelled by a Cardholder; and

(f) details of Your delivery times for goods and services. Delivery times are to be appropriate for the type of business carried on by You. If the delivery is to be delayed, the Cardholder must be notified of the delay and an option provided to them to obtain a refund; and

(g) details of any Australian export restrictions (if applicable); and

(h) details of Your privacy policy and how You intend to deal with, or share, Personal Information obtained from and about the Cardholder; and

(i) a description of the measures You have to maintain the security of:

(i) Cardholders’ account data; and

(ii) any other information which, by notice, We or NAB require You to display from time to time; and

(j) any other information required for the purpose of complying with card scheme rules.

4.3 You must provide Us reasonable access to view, monitor and audit the pages of Your web site.

4.4 Your web site payments page must be protected by Secure Sockets Layer or any other

form of security method approved in writing by Us.

4.5 You must:

(a) maintain a relationship with an internet service provider at Your own expense for the purposes of maintaining the website for customers and facilitating electronic communications; and

(b) ensure that Your business name corresponds with the name of Your website and the name that will appear on cardholder statements and as advised on the transaction receipt.

4.6 Prior to commencing live operation of the merchant service on Your website, You must successfully complete and satisfy all test scripts supplied by Bambora and undertake Your own testing in the test mode to ensure:

(a) transactions are accessible by You through the internet payments merchant reporting module; and

(b) any reporting requirements You have are working to Your satisfaction; and

4.7 You agree that We may, at our discretion, periodically have a card scheme endorsed third party review Your website to ensure compliance with any relevant laws.

4.8 You agree that We may, using a card scheme endorsed and certified third party, periodically perform information security or “vulnerability” scans on Your website and/or servers to ensure that You are complying with the Data Security Standards.

4.9 If you wish to undertake any substantial changes to Your website, You must give Us at least ten (10) Banking Days’ notice. You must undertake and satisfy testing in accordance with the procedure set out in clause 4.6 prior to any such changes going into live operation. We shall not be obliged to continue the live operation of the merchant service until We are satisfied that all of Our operational requirements are met and it is acceptable to continue with the merchant service.

4.10 Your website payments page must request that the cardholder provides the card CVC2 or CVV2 (as relevant) when entering the card details for the transaction.

4.11 We may require you to make alterations to Your card acceptance policies and procedures to ensure You remain in compliance with the card scheme rules, including alterations to Your website.

5. CARD ACCEPTANCE REQUIREMENTS

5.1 You must:

(a) use reasonable care to detect forged or unauthorised signatures or the unauthorised use or forgery of a Card; and

(b) notify Bambora if You become aware of or suspect fraud on the part of a Cardholder; and

(i) splitting a transaction into two or more transactions; or

(ii) allowing a Cardholder to purchase items separately; and

(d) establish a fair policy for dealing with refunds and disputes about transactions and include information about that policy on Transaction Receipts as required by Bambora; and

(e) only submit a transaction as a refund to a Cardholder if it is a genuine refund of a previous sale transaction. The refund must be processed to the same card that was used in the original sales transaction and be for the original sale amount; and

(f) give refunds for transactions by means of credit and not in cash or cheque; and

(g) not process a refund transaction as a way of transferring funds between Your accounts; and

(h) if a transaction for a sale does not cover the full amount of the sale:

(i) in the situation in which the Card is used to make a deposit or pay an instalment You may accept the Card in payment of all or part of the outstanding balance; and

(ii) in any other circumstance You must obtain the balance due at the time the sale is completed in cash; and

(i) not state or set a minimum or maximum amount for a Card transaction without our prior written consent; and

(j) not ask a Cardholder to reveal their PIN or any other secret identifier; and

(k) contact Bambora for instructions if the identification of a Cardholder or the validity of the Card is uncertain; and

(l) not knowingly submit for processing any transaction that is illegal or that You should have known is illegal.

5.2 For remote transactions, You must:

(a) take reasonable steps to verify the identity of the Person You are dealing with, in order to confirm that they are the genuine Cardholder; and

(b) record reasonable identification details of the Person You are dealing with, as well as the commencement and expiry dates of the Card.

6. SURCHARGING

Amount of surcharge

6.1 Where You elect to charge a cardholder a surcharge in respect of a transaction, You must not impose a surcharge in excess of the reasonable cost of card acceptance.

6.2 Upon request by Us or any card schemes, You must produce supporting information to substantiate Your costs of card acceptance. Where the card scheme dictates the format of the required substantiation, eg. through use of a “reasonable cost of acceptance calculator”, You must provide details of Your costs in the required format.

6.3 Where required by a card scheme, You must submit, at Your cost, to an audit of Your costs of card acceptance by an independent auditor approved by the card scheme requiring the audit. The audit must be completed and results reported back to the relevant card scheme within the timeframe specified by the card scheme.

6.4 Where, following an investigation into Your surcharging and cost of card acceptance, We or a card scheme determine that the amount that You are surcharging exceeds the reasonable costs of card acceptance, We may by 30 days notice to You require You to reduce Your surcharge level to an amount that does not exceed the reasonable costs of card acceptance.

6.5 Without limiting any other rights that We may have under this agreement, We may, by notice to You, terminate this agreement if, following receipt of notice under clause [5], You fail to reduce Your surcharge level to an amount that does not exceed the reasonable costs of card acceptance.

6.6 You acknowledge that excessive surcharging by You could expose NAB to fines from card schemes. You agree to indemnify NAB against any fines imposed by card schemes in relation to Your surcharging practices.

6.7 You acknowledge that card issuers may from time to time change the classification of a credit card (ie. standard or premium) and, as a result, when applying a surcharge rate to a cardholder, it cannot be guaranteed that the classification of the card (ie. standard or premium) on which You have based the surcharge will be same as the classification on which You are charged Your merchant service fee in relation to the same transaction.

Disclosure of surcharge

6.8 You must clearly disclose to the cardholder before the transaction is completed any surcharge that You will charge for completing the transaction, and do it in such a way that allows the transaction to be cancelled without the cardholder occurring any cost.

6.9 You must display on the payment page on Your website a notice stating:

(a) that You charge a surcharge; and

(b) the exact amount or percentage of the surcharge.

6.10 You must not represent or otherwise imply that the surcharge is levied by a card scheme or by Us or any other financial institution.

6.11 Definitions

“Surcharge” means any fee charged by a merchant to a cardholder that is added to a

transaction for the acceptance of a card.

Costs that form Your “reasonable costs of card acceptance” will be determined having regard to the Reserve Bank of Australia’s Guidance Note: Interpretation of Surcharging Standards, as amended or replaced from time to time

7. TRANSACTION RECEIPT

7.1 Unless We have agreed that We will provide the transaction receipt to the cardholder, You must give the Cardholder a copy of the Transaction Receipt for each transaction, but You must not charge a fee for doing so.

7.2 If You are notified that You must prepare the Transaction Receipt, You must ensure the information contained in the Transaction Receipt:

(a) is identical with the information on any other copy; and

(b) legibly includes the information notified to You.

7.3 You must provide Bambora with the Transaction Receipt and any other required evidence of the transaction within seven (7) days if You are asked by Bambora to provide it.

7.4 If You wish to change Your Internet or email address, or telephone number appearing on the Transaction Receipt, You must notify Bambora in writing at least fifteen (15) Banking Days prior to the change taking effect.

8. INVALID OR UNACCEPTABLE TRANSACTIONS

8.1 A transaction is not valid if:

(a) the transaction is illegal as per applicable laws; or

(b) if applicable, the signature on the voucher, Transaction Receipt or authority is forged or unauthorised; or

(d) You have been told not to accept the Card; or

(e) the transaction is not authorised by the Cardholder; or

(f) the particulars on the copy of the voucher or Transaction Receipt given to the Cardholder are not identical with the particulars on any other copy; or

(g) the price charged for the goods or services is inflated to include an undisclosed surcharge for card payments; or

(h) another person has provided or is to provide the goods or services the subject of the transaction to a Cardholder; or

(i) You did not actually supply the goods or services to a genuine Cardholder as required by the terms of the transaction, or have indicated Your intention not to do so; or

(j) the transaction did not relate to the actual sale of goods or services to a genuine Cardholder; or

(k) the transaction is offered, recorded or billed in a currency We have not authorised You to accept; or

(l) this Agreement was terminated before the date of the transaction; or

(m) You have not complied with Your obligations in clause 3.3; or

(n) it is a credit transaction in which:

(i) the amount of the transaction or transactions on the same occasion is more than

any applicable limit notified to You; or

(ii) You collected or refinanced an existing debt including, without limitation, the

collection of a dishonoured cheque or payment for previous card charges; or

(iii) You provide a Cardholder with cash; or

(o) it occurs during a period in which Your rights under this Agreement were suspended under or after this Agreement was terminated; or

(p) You cannot give a Transaction Receipt as required by clause 7 provided for herein; or

(q) for any other reason, the Cardholder is entitled under the Card Scheme Rules to a chargeback of the transaction.

8.2 A transaction for a sale or refund is not acceptable if:

(a) the Cardholder disputes liability for the transaction for any reason or makes a claim for set-off or a counterclaim; or

(b) it is of a class which NAB or Bambora decide, in their discretion, is not acceptable.

8.3 You acknowledge and agree that NAB or Bambora may:

(a) refuse to accept a transaction if it is invalid or unacceptable, or may charge it back to You if it has already been processed, even if We have given You an authorisation; and

(b) reverse a sales transaction as a chargeback, and debit Your account for the amount of the chargeback, for any of the reasons in clauses 8.1 and 8.2 and any other reason We notify You of from time to time; and

(c) without limiting the above, delay, block, freeze or refuse to accept any transaction where NAB or Bambora has reasonable grounds to believe that the transaction breaches Australian law or sanctions or the laws or sanctions of any other country.

9. SETTLEMENT OF TRANSACTIONS

9.1 NAB will provide settlement to Bambora on each business day for the gross amount of all funds received from the card schemes in respect of transactions processed under this agreement, less any chargebacks or refunds.

9.2 Bambora is responsible for disbursing to You, in accordance with Your funding, reserve and payment arrangements with Bambora, any settlement amounts received from NAB in respect of transactions processed under this agreement.

9.3 You agree to direct any queries regarding settlement to Bambora.

9.4 Unless We agree otherwise, You must nominate an account with an Australian registered bank for recording transactions in Australian dollars.

9.5 If We agree that you may process transactions in an approved foreign currency then, unless We agree otherwise, You must, if We so require, also have an account with an Australian registered bank for recording transactions in that foreign currency which account can be used for the purposes referred to in clauses 9.6 and 9.7.

9.6 Subject to clause 9.8, Bambora will pay to the account You nominated in clause 9.4 or 9.5 (as applicable) the full amount of all valid and acceptable sales and cash transactions processed by You in the applicable currency, which shall be Australian dollars unless We agree otherwise.

9.7 Bambora will debit Your nominated account with the full amount of all:

(a) valid and acceptable refund transactions processed by You; and

(b) chargebacks, in the applicable currency, which shall be Australian dollars unless We agree otherwise.

9.8 Bambora reserves the right to withhold payment to Your nominated account of any amount for such period as it considers necessary, where Bambora has reasonable grounds to suspect You have processed transactions otherwise than in accordance with this agreement.

9.9 Where Bambora exercises its rights under clause 9.8, Bambora will notify You in writing of any action taken within two (2) Banking Days of such action being taken.

9.10 Bambora must give You access to information each month showing the full amount of all transactions processed by Bambora during the previous month. You may raise any issue

that You have concerning an amount paid, or not paid to You, within three (3) months of the date of payment, or of the date the payment was due. Bambora may charge You a fee for investigating any such issue.

9.11 If You intend to advertise and bill transactions in a foreign currency then, unless We agree otherwise, that foreign currency must be an approved foreign currency and You must obtain Our prior written consent, which may be subject to conditions including, without Australian limitation, a requirement to enter into a new agreement.

9.12 We will notify You from time to time which foreign currencies are approved foreign currencies.

9.13 If a transaction is recorded in an approved foreign currency then, unless We agree otherwise, We will process in Australian dollars (using an exchange rate determined by Us) any event relating to that transaction (such as paying for the original transaction, making a chargeback or a refund in respect of that transaction).

9.14 You acknowledge that You will bear any additional costs, losses or benefits incurred as a result of movements in the exchange rate of an approved foreign currency between the time of the transaction and the time We convert the approved foreign currency to Australian dollars for posting to Your account.

9.15 You acknowledge that for transactions that are refunded or charged back, You will bear any additional costs, losses or benefits incurred as a result of movements in the exchange rate of an approved foreign currency between the time of the transaction and the time of the refund or chargeback.

9.16 You must provide Bambora with an authority and request in a form and subject to terms and conditions Bambora requires to direct debit Your nominated account with any amounts owing to Bambora under this agreement, and any fees owed to Bambora in connection with the payment services.

10. INTELLECTUAL PROPERTY

10.1 You acknowledge and agree that:

(a) the card scheme logos, names and holograms (“the Marks”) are owned solely and exclusively by the relevant card scheme; and

(b) You will not contest the ownership of the Marks for any reason; and

(c) the card schemes may at any time, immediately and without notice, prohibit You from using any of the Marks for any reason; and

(d) You may only use advertising and promotional material for the cards or which show a card scheme mark in the manner NAB approves, unless You have received authorization from the card schemes through other means.

10.2 You acknowledge that all intellectual property rights subsisting in the materials provided by Us or developed by or for Us, pursuant to, for the purpose of or in connection with this agreement, vest in NAB or Bambora (as applicable) and is NAB’s or Bambora’s property (as applicable) including, but not limited to:

(a) any lists of cardholder data (whether personalised or not) and the promotional material we supply you;

(b) any trademark, business name, trading style or get up;

(d) any report, file, script, inventory, database, record or information required to be created, maintained or provided to you pursuant to, for the purpose of or in connection with this agreement.

10.3 You must not without Our consent:

(a) use or alter any trade marks, business names, trading styles or get ups belonging to NAB, Bambora or the card schemes whether as part of your corporate or business name or on or in relation to any goods or services;

(b) reproduce or modify any of Our computer programs; or

(c) merge or use any report, file, script, inventory, database, record or information referred to in clause 10.2(d) in or with any other information which is held by You and which is not obtained or generated by You in connection with or in relation to the performance of this agreement.

11. REPRESENTATIONS AND WARRANTIES BY YOU

11.1 You represent and warrant that:

(a) by entering into this Agreement You are not currently and will not be in breach of any Relevant Law or any obligation owed to any Person; and

(b) where applicable, You are duly authorised to enter into this Agreement and the obligations under this Agreement are valid, binding and enforceable in accordance with its terms; and

(c) if You are an incorporated body, You validly exist under the laws of Your place of incorporation and have the power and authority to carry on Your business as that business is now being conducted and using any name under which that business is being conducted; and

(d) if You, a Related Body Corporate or any officer, employee or agent of You or a Related Body Corporate has at any time been listed on a database of terminated merchants maintained by any Card Scheme or have otherwise had merchant services terminated by another acquiring bank, You have disclosed that fact to Bambora.

11.2 The representations and warranties set out in this clause will be deemed to be repeated each day after the date You enter into this Agreement.

12. NO WARRANTIES BY US

Neither Bambora nor NAB make any warranties in respect of any of the services to provided under this agreement. To the maximum extent permitted by law, any and all implied warranties and guarantees are excluded. In respect of any warranty or guarantee which is unable to be excluded under any relevant law, our liability in respect of a breach of that warranty or guarantee is limited to the re-supply of the goods or services or the payment of the cost of having the goods or services supplied again.

13. EXCLUSION OF LIABILITY

To the maximum extent permitted by applicable law We are not liable to You or to any person for any act or omission (including negligence) of ours that results in any direct or indirect loss (including loss of profits), damage, injury or inconvenience You suffer because of any service failure, including any unavailability of the service, any delays or any errors. Under no circumstances will be liable to You for any lost sales, revenue or profit or loss of custom due to any service failure which results in You being unable to promptly accept payments from Your customers.

14. TERMINATION AND SUSPENSION

14.1 NAB or Bambora may suspend or terminate this Agreement or suspend then terminate this Agreement or any part of it at any time if:

(a) You are in breach of Your obligations under or arising out of this Agreement; or

(b) if in Bambora’s or NAB’s reasonable opinion, the processing of Your transactions exposes Bambora or NAB to an unacceptable level of risk; or

(c) You are or have engaged in conduct which exposes Bambora or NAB to potential fines or penalties imposed under Relevant Law; or

(d) Your business or Equipment is or has been targeted by a person engaged in fraudulent or dishonest activity whether with or without Your knowledge; or

(e) You or any service provider (other than Bambora or NAB) that You use in connection with Your merchant services has suffered a data breach

(e) a direction is made by a card scheme or under Relevant Law that the Payment Service be suspended or terminated; or

(f) You have experienced an adverse change in financial circumstances; or

(g) We have concerns about Your solvency or if You come insolvent or are subject to any form of insolvency administration or a resolution is passed or an order is made for winding up; or

(h) You have a significant adverse credit event recorded against You.

14.2 This Agreement will terminate automatically and immediately if:

(a) Bambora’s registration as a member service provider or independent sales organisation with any card scheme is cancelled;

(b) Bambora’s agreement with NAB for the provision of merchant services is terminated for any reason; or

(c) any other agreement that You have with Bambora in respect of Bambora’s payment processing services is terminated for any reason.

14.3 You authorise NAB to disclose to any Card Scheme advice of termination of this Agreement and the reasons for the termination. You acknowledge that the information concerning termination of this Agreement then becomes available to any member of the Card Schemes. This information, available to any member of the Card Schemes, may be used in assessing subsequent applications for merchant facilities.

14.4 The suspension, expiration or termination of this agreement does not affect any of Your, or Our rights and obligations which arose before it ended or was suspended including, without limitation, in relation to Our right to chargeback transactions and to recover accrued fees, charges, penalties, fines and costs.

14.5 When any part of the agreement ends, or otherwise at our request, you must return Australian Application Form Confidential Page 14 of 15 to Us any materials provided by Us and You must remove any card scheme logo or any materials We have provided You with from any of Your business premises or websites and if any materials are held electronically by You or on Your behalf, You all must cease to use this material immediately, and, if We request, delete that material as soon as reasonably practicable

14.6 When any part of this agreement ends You must immediately pay Bambora any outstanding fees, charges and costs due under this agreement.

14.7 This clause 14 survives termination of this Agreement.

15. ASSIGNMENT

15.1 You may not assign or charge Your rights under this Agreement without our prior written consent.

15.2 Each of Us may, in Our sole discretion, assign, novate or transfer Our rights or obligations arising out of this Agreement by giving notice to the You.

16. AUSTRALIAN DOMICILE REQUIREMENTS

You acknowledge that We may only provide services to You under this Agreement where You:

(a) have a permanent establishment in Australia through which transactions are completed;

(b) are registered to do business in Australia;

(c) have a local address in Australia for correspondence and acceptance of judicial process, other than a post-office box or mail-forwarding address; and

(d) pay taxes in Australia (where required) in relation to the sales activity; and

(e) satisfy any other domesticity requirements imposed by card schemes from time to time.

In addition to any other right to terminate or suspend the services, We may immediately cease to accept transactions under this Agreement where You fail to satisfy the above requirements.

17. GOVERNING LAW

This agreement is governed by the laws of the State of Victoria. Each party submits to the jurisdiction of the courts of that State of Victoria and any courts of appeal from them.

18. AMENDMENT

We may vary this agreement on 30 days’ written notice to You.

19. NOTICES

19.1 You acknowledge that NAB or Bambora may deliver notices to You in any of the ways listed in clause 19.2.

19.2 A notice must be in writing and is taken to be received:

(a) if delivered personally, at the time of delivery;

(b) if sent by pre-paid post, on the third day after the posting;

(c) if sent by facsimile transmission, on the date the transmitting machine records transmission of the complete document;

(d) when the party sending the notice is the NAB or Bambora, if sent by email, at the time when the email enters Your information system.

19.3 The address, facsimile number or email address to be used for notices is the last address, facsimile number or email address advised by a party. You must inform Bambora immediately of any change of Your address, facsimile number or email address.

20. INDEMNITY AND SET-OFF

20.1 You must indemnify Us for all losses and liabilities We incur (including claims against Bambora by NAB) because:

(a) You did not observe any of Your obligations under this agreement;

(b) We could not exercise all or any part of Our rights under this agreement;

(d) of any wilful default, breach, negligence, fraud, act or omission by You or any of Your agents or representatives relating to this agreement;

(e) of any infringement by You or Your agents or representatives of another person’s intellectual property rights;

(f) any warranty that You made under this agreement is untrue;

(g) of any use of equipment owned by Us or others, by You, Your employees, contractors, agents or invitees including, without limitation, in relation to transactions involving nominated cards and those involving non-standard cards or loyalty programmes;

(h) of any event relating to a transaction in a foreign currency;

(i) We exercised any of Our rights under this agreement; or

(j) You have taken legal action against Us resulting in a costs order in Our favour or We have incurred legal costs against You in enforcing Our rights under this agreement on a solicitor and client basis or recovering any amounts You owe Us.

20.2 It is not necessary for Us to incur expense or make payment before enforcing a right of indemnity conferred by this agreement.

20.3 These indemnities survive termination of this agreement.

20.4 Bambora and NAB may at any time without notice to You set off any Liability owed by Bambora or and NAB (as the case may be), to You on any account against any Liability owed by You to Bambora or the NAB (as the case may be) under or in connection with this agreement. For the purpose of this clause, “Liability” means any debt or monetary liability, irrespective of whether the debt or monetary liability is future or present, actual or contingent.

21. CARDHOLDER’S CREDITWORTHINESS

You cannot infer from the fact that a Cardholder has been issued with a nominated Card, or that a transaction has been processed or an authorisation has been given (either by telephone or electronically), that We have guaranteed, endorsed or made representations about:

(a) the Cardholder’s creditworthiness;

(b) the correct identity of the Cardholder;

(d) that You have complied with Your obligations under this agreement; or

(e) the transaction will not be charged back or reversed, and You waive any right to claim that we do.

22. CONFIDENTIAL INFORMATION AND PRIVACY

22.1 You authorise Us to collect from, and disclose to, any person any information in connection with this agreement or in relation to Us providing the payment services to You, even where such information is subsequently shown to be inaccurate. You authorise any person to provide any information about You to Us which We may require in connection with this agreement. These authorisations survive the termination of this agreement.

22.2 You authorise Us to disclose to any card scheme advice of termination of this agreement and merchant services and the reasons (if any) for the termination. You acknowledge that the information concerning termination of this agreement and merchant services then becomes available to any member of the card schemes. This information, available to any member of the card schemes, may be used in assessing subsequent applications for merchant facilities.

22.3 You agree that We may disclose to any person the fact that all or part of this agreement or the merchant services has been terminated or suspended. You authorise Us to disclose information concerning the termination to any credit provider for the purpose of notifying that credit provider of that termination and the reason for it occurring. Termination and subsequent listing of the termination may affect Your ability to obtain merchant facilities with another acquirer.

22.4 You:

(a) must keep any confidential information confidential;

(b) may use the confidential information but only in relation to this agreement;

(c) may disclose the confidential information to enable You to perform Your obligations under this agreement but only to Your permitted personnel to the extent that they have a need to know;

(d) must not copy the confidential information or any part of it other than as strictly necessary for the purposes of this agreement and must mark if required by Us any such copy as Our confidential information;

(e) must implement security practices against any unauthorised copying, use, disclosure (whether that disclosure is oral, in writing or in any other form), access and damage or destruction;

(f) must immediately notify Us if You suspect or become aware of any unauthorised copying, use, disclosure, access, damage or destruction in any form and to any extent; and

(g) must comply with any of Our reasonable directions in relation to the confidential information.

22.5 On termination or expiry of this agreement, or earlier on reasonable request by Us, You must promptly return to Us or (if We request) destroy or delete any or all copies of confidential information and, in any event, Your right to use, copy and disclose that confidential information ceases on such termination or, if earlier, delivery of Our request.

22.6 Your obligations under this clause continue indefinitely in relation to confidential information, even if that confidential information is returned to Us, destroyed or deleted, or this agreement expires or is terminated.

22.7 This clause does not apply to the extent that You are obliged by law to disclose the confidential information. If You are so obliged to disclose any confidential information, You must before doing so:

(a) notify Us and provide details of the proposed disclosure;

(b) give Us a reasonable opportunity to take any steps We consider necessary to protect the confidentiality of that information;

(d) notify the third person that the information is Our confidential information.

22.8 You acknowledge and agree that:

(a) We may obtain from any of Our agents or contractors, any card scheme or a person who is involved in any card scheme, information about Your merchant history or personal information about You, a related body corporate, Your officers, employees or agents for any purpose relating to the operation of those card schemes. This could include, for example, information relating to previous services that are substantially similar to the merchant services or any part of them;

(b) We can use information about Your merchant history and personal information about You, a related body corporate, Your owners/shareholders, officers, employees or agents, including information about You collected from third parties to assess and process Your merchant application and use in relation to the ongoing provision, suspension or termination of the merchant services, or Our other rights and obligations under this agreement;

(c) We can disclose information about Your merchant history and relevant personal information in the following circumstances:

(i) to any of Our agents or contractors, any card scheme or to any person who is involved in any card scheme, information about You for any purpose related to the operation of those schemes, card fraud detection agencies (including information about termination or suspension of merchant services and reason(s) for termination or suspension of merchant services); and

(ii) where the law requires or permits Us to do so;

(d) We are bound by card scheme rules and obligations; and

(e) all correspondence and discussions between card schemes and Us are private and confidential as between Us and the card schemes and You are not entitled to participate in or otherwise request a copy of such correspondence.

23. SEVERABILITY

If any provision of this agreement is held to be unenforceable or invalid for any reason, then:

(a) that provision is deemed to be modified to the extent required to remedy the unenforceability or invalidity; or

(b) if it is not possible to remedy the unenforceability or invalidity, that provision is to be severed from this agreement, and this agreement will otherwise remain in full force.

Schedule 1

Fees and Charges

General Principles

1. You shall pay to us the following: (a) the Fees set out in this schedule 1, including fees for additional services outside the standard merchant services; (b) any applicable taxes that are your responsibility, unless you provide us with a tax exemption certificate; and (c) any other amounts that you owe to us resulting from your receipt of the merchant services.

2. You authorise us to debit your Bank Account for fees payable to us and you waive the right to receive advance notice for these debits. Alternatively, if we are unable to debit owed amounts, we reserve the right to invoice you for any such amounts, which amount shall be due and payable seven (7) days after the invoice date or on such earlier date as may be specified.

3. An email will be delivered to you providing notice that a statement is available online to review. You will review the statement no less frequently than every thirty (30) days. You will notify us in writing within thirty (30) days of the statement of any errors or omissions in the statement. After expiration of the thirty (30) days charges related to the transaction report shall be considered valid and you shall be deemed to have acknowledged the correctness of that invoice and to have waived the right to dispute that invoice.

4. In case of late payment, we have the right to charge a late payment service fee on any overdue amounts calculated on a pro-rata daily basis from the due date of payment at a rate equivalent to the Official Cash Rate (OCR) as published by the Reserve Bank of Australia plus five (5) percentage points or the maximum permitted by law in your jurisdiction (whichever is the lesser), until we have received full payment. In connection with the collection or enforcement of debt arising from unpaid amounts only, we shall be entitled to recover our reasonable attorney’s fees and costs associated therewith. Otherwise, no attorney’s fees or costs may be recoverable under this Agreement unless expressly so stated, nor under any other theory of law, including tort.

5. We shall have the right to adjust the fees at any time. Such changes may result from, but are not limited to, changes of card scheme rules and interchange fees, changes of international banking regulations, currency restrictions, or fee changes by a partner bank. You agree that we may pass these increased charges through to you by increasing the fees. We will use reasonable efforts to inform you of any such fee changes at least thirty (30) calendar days prior to the fee changes taking effect, unless we have been notified by the third party of the changes within a shorter timeframe or are required to pay such charges in a shorter timeframe.

6. We reserve the right to adjust the fees in the event of any changes to or deviations from the expected card, country and currency splits including payment volumes and values. We reserve the right to immediately pass-through such cost increases to you and you shall be liable for such cost increases immediately.

7. We reserve the right to upgrade, modify, develop or alter any part of the merchant services and our when required by us, our partner bank(s) and / or legislation. If such changes require you to act, you shall immediately integrate said alterations or modifications and will in all cases have the alterations or modifications finalised upon the effective date such alterations and / or modifications are to become live. We will not charge you for any such alterations or modifications if not agreed to in writing. You shall bear your own costs and expenses in relation to the integration of the alterations or modifications into its system.

8. All transactions are to be processed in Australian dollars. Credit Card transactions are processed online real time. You will be credited (to Your nominated settlement account) with the value of credit card transactions less our fees (net settlement) within 3 banking days of processing.

9. Processing Times – Credit Card

(a) Transactions that occur before 10.00pm AEST each banking day are processed on that business banking day.

(b) Transactions that occur after 10.00pm AEST on a banking day are processed on the next business banking day.

(c) Transactions that occur on non-banking days (weekends, public holidays, and bank holidays) are processed on the next banking day.

Bambora Fees

1. Merchant Service Fee (MSF): as per agreement between You and Us

2. Chargeback Fees: $30.00 per chargeback processed, plus any associated scheme costs

Updated: September 11, 2020

1. Parties

These Terms and Conditions form part of the Payments Processing Service Agreement made between You (as defined below) Bambora (as defined below) in relation to the Services.

2. Definitions

In the Agreement the words and expressions set out below shall have the following meanings:

“Account” means the bank account or credit card nominated by You for acceptance of debit entries under this Agreement and for related purposes.

“Agreement” or “Payments Processing Service Agreement” means the agreement between You and Bambora in relation to the Services which includes these Terms and Conditions, the Solution Overview Document, the Service Description Document and the Onboarding Form and all other attached schedules.

“Bambora”, “We”, “Us” or “Our” means Bambora Online Pty Ltd (ABN 86 095 635 680) with registered office located at Level 22-30 Chifley Drive, Preston, NSW 3072, Australia.

“Business Day” means a day other than a Saturday, Sunday or a public holiday in New South Wales or Victoria.

“Cardholder Data” means a payment card number, card expiry date or cardholder details.

“Commissioner” means the Office of the Australian Information Commissioner.

“Confidential Information” means and includes any documentation or information that is marked “Confidential” or “Proprietary” or that a reasonable person would treat as such or which by its nature is confidential that is supplied by one party of this Agreement to the other party including all scientific, technical, manufacturing, performance, sales, financial, commercial, contractual or marketing information.

“Data Breach” means an incident involving:

(a) the unauthorised access to, or unauthorised disclosure of Personal Information; or
(b) the loss of Personal Information where unauthorised access to, or unauthorised disclosure of that Personal Information is likely to occur.

“Data Breach Statement“ means a statement prepared in accordance with section 26WK of the Privacy Act 1988 (Cth).

“Eligible Data Breach” has the meaning given to that term in section 26WE of the Privacy Act 1988 (Cth) having regard to the exceptions contained in section 26WF.

“End-Users” means Your customers.

“Go Live” means an agreed date, post completion and sign off of User Acceptance Testing (“UAT”) when Your facility is live in production for processing transactions under this Agreement.

“Intellectual Property Rights” includes copyright and all rights conferred under statute, common law or equity in relation to trade marks (including logos and trade files), domain names, inventions (including patents and petty patents), utility models, designs, circuit layouts, rights in computer software, databases and lists, confidential information, trade secrets, know-how software (whether in object code or source code), and all other proprietary rights, whether registered or unregistered, and all equivalent rights and forms of protection anywhere in the world resulting from intellectual activity, together with all right, interest or licence in or to any of the foregoing.

“PCI Standards” means the Payment Card Industry standards and requirements mandated by the Payment Card Industry Data Security Council from time to time including the Payment Card Industry Data Security Standards (PCI DSS), PIN Transaction Security Standard and the Payment Application Data Security Standard, to the extent they are applicable to the Services being provided under this Agreement.

“Person” includes an individual, firm, body corporate, unincorporated body or association, partnership, joint venture or any government agency or authority.

“Personal Information” means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, which is received by Us from any source as a consequence of the performance of Our rights and obligations under this Agreement.

“Privacy Act” means the Privacy Act 1988 (Cth).

“Privacy Law” means all applicable legislation and principles relating to the collection, use, disclosure, storage or granting of access rights to the Personal Information, including the Privacy Act.

“Related Body Corporate” has the meaning given in the Corporations Act 2001 (Cth).

“Security Standards” means the PCI Standards and any other data protection or data security standards issued by Us with regard to the technical and security aspects of Our system and Services, an acquiring or End-Users bank and notified to you from time to time.

“Service(s)” means the Payments Processing Service selected by You in the Solution Overview Document and as further described in the Service Description Document.

“Transaction” means any message interacting with the Bambora Gateway, including but not limited to: Purchase, Refund, Independent Tokenisation, Pre-Authorisation, Direct Debit & Direct Credit.

“You”, “Your” means the Person We provide the Services (being the business identified in the Customer Details section of the Solution Overview Document).

3. Contractual Relationships

By signing the Execution section of the Solution Overview Document for the Payments Processing Service You agreed to accept these Terms and Conditions and attached Schedules as forming part of the Agreement for the Services associated with the provision of the Services.

4. Contract Term

The initial term of the Agreement is for a period of 3 years, unless terminated earlier in accordance with this Agreement. The initial term will commence upon execution of the Agreement. After the end of the initial term this Agreement will be extended automatically for additional terms of 1 year, unless terminated earlier in accordance with this Agreement.

5. Payments Processing Service

5.1 Provided that You and/or the End-Users are able to connect to the Service, We will make available to You the Services you have selected in the Solution Overview Document and as further described in the Service Description Document.

5.2 We grant You a personal, non-exclusive, non-transferable licence to use the Services and any associated documentation in Your operations in Australia for the term of this Agreement solely for Your own use. Except to the extent specifically authorised under this Agreement, You must not sub-license, transfer, assign, rent or sell any of our Services or any associated documentation.

5.3 You must not, and must not permit any other person to, copy, reproduce, translate, adapt, vary, repair or modify all or any of the Services or any associated documentation without our prior written consent.

6. Service Levels

We provide a highly available, reliable and comprehensive Payments Processing Service. The service levels are detailed in the Service Level Agreement in Appendix 1 which follows these Terms and Conditions.

7. Declines

From time to time Transactions will be declined. Declined Transactions will be reported to You as an exception.
Declines are to be followed up by You with the End-User directly.

8. Enquiries and Statements

8.1 An online enquiries facility is provided at www.ippayments.com.au/crm (or another designated location) for review of all transactions processed.

8.2 At the end of each month all transactions, fees and charges are summarised into an invoice. This invoice will be emailed to You.

8.3 Where enquiries are not resolved online You can contact Us by email at support.apac@bambora.com or call Us on 1300 721 163.

9. Reporting Errors

We are not responsible for any communication errors, including without limitation errors in reporting authorisations or declines, arising from or related to errors by a bank or Scheme Card company . To the fullest extent permitted by law, We expressly exclude all liability for such errors. Any claims with respect to such errors shall be raised directly with the bank or Scheme Card company by You or the End-User.

10. Security

10.1 You must ensure that Your Service user name and password are kept secure and not disclosed to anyone (other than Your authorised personnel).If You suspect that the security of Your user name and password has been breached then You must (i) immediately change Your password on the Bambora website and (ii) promptly notify Us of the suspected breach.

10.2 You shall adhere to all relevant guidelines and standards (including Security Standards) from time to time reasonably laid down or identified by Us with regard to the technical and security aspects of Our system and Services.

10.3 If Your system or the system of your third party service provider is not compliant with the Security Standards, You should not store, process or transmit any Cardholder Data on Your system or Your third party’s non-compliant system. If You or Your third party service provider are not compliant with the Security Standards, any storing, processing or transmitting of Cardholder Data by You is at Your sole risk and responsibility and You indemnify Us and hold Us harmless from any against all liabilities, losses or costs which We may incur, directly or indirectly, by Your non-compliance with the Security Standards or breach of this Security clause.

10.4 We take information security seriously. As a PCI DSS-compliant organisation, We regularly conduct penetration testing and vulnerability assessments of Our infrastructure, and Cardholder Data environment, with the purposes of determining, and remedying, any identified vulnerabilities. Evidence of Our PCI DSS compliance is available on request.

10.5 You must not:
(a) use Our Services for any purpose other than as described in the Agreement; or
(b) use the software forming part of Our payment gateway independently of the other components of Our payment gateway unless We have given prior written consent; or
(c) merge all or any part of Our payment gateway with any other software unless We has given prior written consent.

10.6 You must not use the Services in any manner which has the effect of causing unnecessary interference or disruption of Our business operations or which results in repetitive processing of transactions with no commercial purpose.

10.7 You must not conduct penetration testing or undertake any vulnerability assessments of Our infrastructure. Our infrastructure is used by multiple customers for payments processing. Your testing may have a detrimental effect on the functioning of the infrastructure and negatively impact the infrastructure’s ability to provide efficient and effective payments processing services.

10.8 We have the right to decline or suspend the Services, or any transaction, if We believe it may expose You, Us or others to risks unacceptable to Us.

11. Variations and assignment of Agreement

11.1 We may vary any of the provisions of the Agreement (including any operating reference or user guide or fees and charges) by giving You 14 days notice by email (Variation Notice). The latest version of variations the Terms and Conditions shall also be published on Our web site www.ippayments.com.au/crm.

11.2 You shall be deemed to have accepted any proposed variations set out in the Variation Notice unless You provide Us with written notice that you do not accept the variation within 10 days of the transmission of the Variation Notice. If You choose not to accept the proposed variation, the Agreement will be deemed terminated by mutual consent with effect 14 days from You notifying Us that You do not accept the variation.

11.3 You may not transfer or assign any of Your liabilities or rights under this Agreement to any other person without Our prior written consent (such consent not to be unreasonably withheld provided We are satisfied as to the suitability of the assignee and You meet our reasonable costs in relation to the assignment). This Agreement
binds You and Your respective heirs, representatives and permitted and approved successors or any permitted assigns.

11.4 We may assign Our rights and obligations under this Agreement to any Related Body Corporate provided We give You at least one month’s prior written notice.

11.5 Any changes to the Services selected in the Solution Overview Document will be subject to the change process detailed below and will be subject to agreement and execution of a Change Request Form.

12. Termination

12.1 Either party (the First Party) may terminate this Agreement at any time and with immediate effect by notice in writing to the other party (the Second Party) if the Second Party:

12.1.1 fails to observe, discharge or perform any provision of this Agreement (Default) and either the then fails to remedy that Default within twenty-one (21) days of receiving written notice from the First Party of the Default;

12.1.2 commits any act of insolvency;

12.1.3 is presented with a creditors’ petition, or a resolution is passed by its shareholders or directors, for the winding up of that other party; or

12.1.4 it enters into a compromise or arrangement with creditors or a receiver, administrator or official manager is appointed in respect of its business or assets.

12.2 A party may terminate this Agreement with effect from the end of the initial term (or with effect from the end of any extended term) by giving the other party not less than 180 days’ notice in writing prior to the end of the initial term (or prior to the end of any extended term, as the case may be).

12.3 The termination or expiry of this Agreement (howsoever caused or arising) does not affect any of Your or Our rights, remedies and obligations that arose on or before it terminated or expired (as the case may be).

12.4 If a notice of termination is given to You pursuant to clause 12.1, We may, in addition to terminating the Agreement:

12.4.1 retain any money paid to Us prior to the date of termination (apart from monies due to End-Users as a result of selling a product or service);

12.4.2 charge a reasonable sum for work performed by Us in respect of work for which no such amount has been previously charged;

12.4.3 retake possession of all Our property in Your possession;

12.4.4 be regarded as discharged from any further obligations under this Agreement; and

12.4.5 pursue any additional or alternative remedies provided by law.

12.5 We may end the availability of any part of the Services if such service is no longer viable, is unable to be provided by Us or is to be withdrawn from general availability by Us. Where We replace a service with a new service that provides equivalent or better functionality at a similar price, You will not unreasonably refuse to migrate to that service. If We have withdrawn all Services in accordance with this clause 12.5, we will be entitled to terminate this Agreement on not less than one month’s notice to You.

12.6 We may immediately terminate or suspend this Agreement by written notice to You of its intention to do so if effective management or control of Your company is transferred to any person or company without Our prior written approval.

12.7 If this Agreement is terminated, Your right to use the Services and any associated documentation will automatically terminate and You must immediately remove all copies of the software forming part of the Service from Your system(s).

13. Fees and Payment

13.1 You must pay the fees and charges set out in Fee Schedule section of the Solution Overview Document.

13.2 If You request additional services, development work or a variation to the existing Service (other than ‘bug fixes’) then You must pay the Additional Fees described in the Fee Schedule or as set out in an agreed Change Request document or otherwise agreed with You.

13.3 Invoices will be sent to You electronically. All fees and charges must be paid within 7 days after the date of Our invoice. If You have signed a Direct Debit Request Form You have authorised Bambora to automatically debit Your nominated Account for the fees owed. If you have not signed a Direct Debit Request Form then payment of invoices must be made by electronic fund transfer.

13.4 If a fee change is necessary, Bambora will notify you in writing at least 14 days prior to the fee change coming into effect.

13.5 If fees remain unpaid for a period of 14 days We have the right to suspend Your access to the Service.

13.6 We have the right to also collect interest on overdue fees and recover all costs incurred collecting these fees including the fees of any agent we have engaged to collect overdue fees on our behalf.

13.7 Your and Your End-Users bank fees and charges remain the responsibility of You and the End-User.

13.8 If you dispute the amount of any invoice you must notify us within 5 Business Days of receiving the invoice of the grounds for the dispute. Any undisputed portion of an invoice will remain payable on the due date for payment. Provided you have notified us of the dispute within 5 Business Days, you will not be required to pay the disputed amount until the dispute has been resolved.

14. GST

14.1 The provisions of this clause apply only where a supply under the Agreement constitutes a taxable supply under the GST Act.

14.2 Except as otherwise provided by this clause, all consideration payable under the Agreement in relation to any supply is exclusive of GST.

14.3 To the extent that any supply under this Agreement constitutes a taxable supply, the consideration payable by You to Us will be increased by the applicable amount of GST (GST Amount), which shall be calculated by multiplying the amount upon which GST is payable by the prevailing rate of GST.

14.4 We must provide to You a valid tax invoice at or prior to the time of payment of any GST Amount.

14.5 To the extent that any adjustment occurs in relation to a taxable supply, We must issue an adjustment note to You within 7 days of becoming aware of the adjustment, and any payment necessary to give effect to such adjustment must be made within 7 days after the date of receipt of the adjustment note.

15. Intellectual Property

15.1 All Intellectual Property Rights in the Services, associated documentations, systems, any specifications, other documents, works, items, software, materials or information of whatever nature produced or developed by Us or under Our direction pursuant to or in the course of providing the Service shall remain exclusively owned by Us (or Our licensors)..You acknowledge that there is no transfer of title, Intellectual Property Rights, interest or ownership of the Services, associated documentation, systems, any specifications, documents, works, items, software, materials or information or any part of them under the Agreement. You will treat our Intellectual Property as confidential information.

15.2 You grant to Us a licence for the limited use of Your logos and trademarks as contemplated by this Agreement for the purpose of building a branded service.

15.3 We grant You a licence to use Our logos that we may supply to you from time to time in relation to the Services (in electronic format and as may be updated from time to time). You must only use the logos for the purpose provided and in accordance with our branding guidelines (as may be updated from time to time). Our logos must not be altered or used for any other purpose without Our prior written consent.

16. Exclusivity

Unless otherwise agreed, You will not for the duration of this Agreement, process payments via a product or service which is or could be an alternative to or competitive with the Services.

17. Confidentiality

17.1 Both parties must keep confidential, maintain proper and secure custody of and not use or reproduce in any form the Confidential Information unless with the other party’s prior written consent or as required by law.

17.2 Each party must immediately in accordance with the other party’s request deliver to the requesting party or destroy all Confidential Information and all changes to, reproductions of, extracts from and notes regarding the Confidential Information, in any form.

18 Exclusion of Implied Terms
Subject to clause 19.1, the parties intend and agree that all conditions, warranties, representations, indemnities and guarantees with respect to the Services (or any other goods or services that may be supplied or performed by Us under this Agreement), that but for this clause would otherwise be implied by statute, law, equity, trade custom, prior dealings between the parties or otherwise are not included in this Agreement and are hereby expressly excluded.

19. Exclusion of Liability

19.1 Nothing contained in this Agreement excludes, restricts, limits or modifies any:

19.1.1 condition, warranty, guarantee or obligation in relation to the Services where pursuant to an applicable law to do so is unlawful or void; or

19.1.2 right, or the exercise of any right, conferred by an applicable law where pursuant to that law to do so is unlawful or void; or

19.1.3 liability for an act or omission (including fraud or deceit) where pursuant to applicable law to do so is unlawful or void; or

19.1.4 liability for death or personal injury.

19.2 Subject to clause 19.1, We hereby exclude any liability to You or to any End-User or to any third party under or in connection with this Agreement or in respect of the performance, part-performance or non-performance of the Services for:

19.2.1 any loss, damage, cost or expense that is caused directly or indirectly by:
19.2.1.1 any third party;
19.2.1.2 acts or omissions that were expressly or impliedly authorised by You or by Your employees or agents;
19.2.1.3 products (including any hardware or software) not licensed or supplied by Us;
9.2.1.4 acts of God or acts outside Our control; or
19.2.1.5 any breach of Your obligations or responsibilities set out in this Agreement;

19.2.2 loss of earnings, revenue, profit or income;

19.2.3 loss of or failure to accrue an expected benefit, including anticipated savings;

19.2.4 loss of business opportunities;

19.2.5 business interruption costs or expenses;

19.2.6 loss of or damage to goodwill or reputation;

19.2.7 reliance costs or expenses suffered or incurred;

19.2.8 liability to any third party; or

19.2.9 incidental, consequential, special, exemplary or punitive damages of any nature.

19.3 You agree that You will not bring any claim against any of Our suppliers in connection with or in respect of the Services provided by Us under this Agreement.

20. Limitation of Liability

Except to the extent otherwise excluded, limited or provided for elsewhere in this Agreement, Our sole liability to You for any and all breaches of any term or terms of this Agreement, whether express or implied, shall be limited to:

20.1 the supplying of the Services again; or

20.2 the payment of the cost of having the Services supplied again, as We may elect.

21. No representation or reliance

21.1 Each party acknowledges and confirms that no other party (nor any person acting on a party’s behalf) has made any representation or other inducement to it to enter into this Agreement, except for representations or inducements expressly set out in this Agreement.

21.2 Each party acknowledges and confirms that it does not enter into this Agreement in reliance on any
representation or other inducement by or on behalf of any other party, except for representations or inducements expressly set out in this Agreement.

21.3 Without limiting the generality of clauses 21.1 and 21.2, You acknowledge that:

21.3.1 no promise, representation, warranty or undertaking has been made or given by Us or any person on Our behalf in relation to the capacity, uses or benefits to be derived from, or any other consequences of or benefits to be obtained from the Services, or any other goods or services provided under this Agreement, except as expressly set out in this Agreement; and

21.3.2 You relied on Your own skill and judgement when You decided to procure the Services from Us and to enter into this Agreement.

22. Force Majeure

In the event that either party shall be prevented from performing any of its obligations due under the terms of this agreement by an act of God, by acts of war, terrorism, riot, or civil commotion, by an act of the government (State, Federal or municipal), by strikes, fire, flood, or by the occurrence of any other event beyond the control of the Parties hereto, that party shall be excused from any further performance of the obligations and undertakings set forth under the terms of this agreement.

23. Severability

23.1 If any term or clause or any part of any term or clause of this Agreement is prohibited, void, invalid or otherwise unenforceable in any jurisdiction, the term or clause, or the relevant part of the term or clause, will be
deemed as to that jurisdiction to be severed to the extent that it is prohibited, void, invalid or unenforceable in that jurisdiction but the remainder of that term or clause (and the whole of this Agreement in any other jurisdiction) will remain in full force and effect

23.2 In the event of any deemed severance pursuant to clause 23.1, the parties shall use all reasonable endeavours to agree within a reasonable time upon any lawful and enforceable variations to this Agreement that may be necessary in order to achieve, to the greatest extent possible the same commercial effect as would have been achieved by the clause, or the part of the clause, in question.

24. Privacy

24.1 You acknowledge that any personal information concerning You, Your personnel or any third party which is provided to Us at any time, whether in writing, by telephone, electronically or any other means, may be used by Us for the purposes of providing Services to You. You acknowledge and accept the Bambora Privacy Statement https://www.bambora.com/en/au/... You confirm and acknowledge that in order to provide the Services to You We may be required to collect personal information relating to You or Your personnel from third parties including (but not limited to) credit and information bureaus and Your bank for customer due diligence purposes. You warrant that if You have provided any Personal Information to Us in connection with this Agreement that You have the relevant individual’s prior consent to the disclosure and the you have otherwise complied with Your obligations under Privacy Law.

24.2 Each party must:

24.2.1 comply with the applicable Privacy Law;
24.2.2 only use, handle and disclose Personal Information in accordance with the Privacy Law; and
24.2.3 take all reasonable steps to protect Personal Information against misuse, loss, interference, and unauthorised access, modification or disclosure.

24.3 If an actual or suspected Data Breach occurs in respect of Personal Information held by Us, We will notify You of the occurrence of that Data Breach within 2 Business Days after We become aware of that occurrence.

24.4 Upon becoming aware of an actual or suspected Data Breach, We will:

24.4.1 take such steps as are reasonable in the circumstances to contain any Data Breach and minimise the probability of future incidents of the same type; and
24.4.2 commence investigating the actual or suspected Data Breach as a matter of priority.

24.5 For each Data Breach notified to You under clause 24.3, We will provide you within 2 Business Days after the initial notification and on an ongoing basis until all identified remediation activities have been completed, a report containing the following information (or as much as is then known by Us at the time of the relevant report) (“Data Breach Report”):

24.5.1 the source of the breach or the compromise;
24.5.2 the nature and type of the information compromised or subject to unauthorised access;
24.5.3 the individuals whose Personal Information has been impacted by the Data Breach;
24.5.4 the steps taken to stop the unauthorised access to or disclosure of the Personal Information;
24.5.5 the steps taken to prevent any future compromises of the same or a similar type; and
24.5.6 the steps taken to recover or rectify any compromised Personal Information.

24.6 Within 5 Business Days after We provide the initial Data Breach Report and after each material update to the Data Breach Report, You and We must meet (in person or via teleconference) in good faith to:

24.6.1 assess whether based on the information available there are reasonable grounds to believe that the Data Breach amounts to an Eligible Data Breach; and
24.6.2 consider what, if any, additional information is required to make such an assessment.

24.7 We must, using all reasonable efforts and as soon as reasonably achievable, provide any additional information required to make an assessment under clause 24.6.

24.8 You and We must take all reasonable steps to ensure that the assessment of whether there are reasonable grounds to believe that the relevant incident amounts to an Eligible Data Breach is completed within 30 days of Your or Us first becoming aware of the Data Breach.

24.9 If upon the completion of the assessment undertaken under clause 24.6, You and We mutually agree that there has been an Eligible Data Breach, You and We will as soon as reasonable practicable prepare and jointly lodge a Data Breach Statement in a form agreed by both parties with the Commissioner.

24.10 If You and We do not mutually agree that there are reasonable grounds to believe that there has been an Eligible Data Breach, or acting reasonably are unable to agree on the form of the joint Data Breach Statement prepared in accordance with clause 24.9, then either You and We may independently prepare and lodge a Data Breach Statement with the Commissioner, provided however that the party that does so first consults with and takes into account the reasonable requirements of the other party with respect to the content of the Data Breach Statement.

24.11 If the parties have jointly prepared and lodged with the Commissioner a Data Breach Statement in accordance with clause 24.9 that is notifiable to individuals, You will as soon as reasonably practicable after the completion of the preparation of the Data Breach Statement notify the contents of the statement to the individuals to whom the relevant information relates or who are at risk from the Eligible Data Breach (as the case may be) in accordance with Privacy Law.

24.12 We will bear all reasonable costs associated with the notification of a Data Breach Statement under clause 24.9 arising from a Data Breach directly caused or contributed to by negligent or wrongful acts or omissions on Our part.

25. Governing Law

This Agreement will be governed by and construed according to the law of the state of New South Wales, Australia. The parties irrevocably and unconditionally submit to the non-exclusive jurisdiction of the New South Wales courts and tribunals of that State and waive any right to object to proceedings being brought in those courts or tribunals.

26. Entire Contract

To the extent permitted by law, in relation to its subject matter, the parties intend and agree that this Agreement:

26.1 embodies and constitutes the entire legal and contractual relationship of the parties, including the entire terms agreed by the parties; and

26.2 supersedes, replaces and terminates by mutual consent any prior written or oral representations, negotiations, understandings.

27. Notices

27.1 All notices or other communications to be given under this Agreement must be in writing and will be deemed validly given if:
(a) in the case of notices to You, delivered by hand, registered mail or email to You at the respective addresses specified in the Customer Details section of the Solution Overview Document; and
(b) in the case of notices to Us sent by email at support.apac@bambora.com.

27.2 Receipt will be deemed upon delivery by hand, four Business Days after posting, or at the time at which the email is sent unless the sender subsequently receives an email delivery failure notification or similar (whichever is applicable).

28. Audit and Information Rights

You must allow Us (or Our employees, contractors or agents) reasonable access to your premises during normal business hours to check your compliance with this Payments Processing Service Agreement or the Security Standards.

29. Right to Suspend

We may, at any time without notice and with immediate effect, suspend Your right to use and prevent You from using the Services if:
(a) You fail to comply with any term of the Agreement (including for the avoidance of doubt, failure to pay an invoice in accordance with clause13;
(b) We consider on reasonable grounds that serious circumstances exist and that the principles of prudential banking relevant to operation of our Service;
(c) We believes a Transaction or Your use of the Service may expose You, Us, the End-Users, any bank, or any third party to risks unacceptable to Us;
(d) We consider that the Services are being, or is likely to be, used fraudulently or in a manner that will jeopardise the security, reputation or integrity of Our Service or systems or any bank systems;
(e) if effective management or control of Your entity is transferred to any other person or entity without Our prior written consent;
(f) maintenance and/or technical upgrades are necessary;
(g) (g) it is reasonably necessary for any other reason, including without limitation, for compliance with Our customer due diligence obligations.

If you breach any term of this Agreement We may disable your user names and passwords.

Additional Terms Relating to Your Direct Debit Request

The terms set out below apply where You have signed a Direct Debit Request Form (as provided in the Solution Overview Document) and set out the basis on which We undertake to periodically debit your nominated bank Account or credit card for the amounts identified in the Fees and Charges Schedule set out in the Solution Overview Document.

Bambora Direct Debit User Information

Debit User’s name: Bambora Online Pty Ltd ABN: 86 095 635 680
Debit User ID’s: 306033 and 252550

Drawing arrangements

The drawings under the Direct Debit Request will occur as follows:

At the end of each month You will be debited the monthly fees and payments processing fees
Other fees(for example, dishonour fees or agreed additional fees etc)) will be debited as they fall due

If any drawing falls due on a non-Business Day, it will be debited from your Account on the next Business Day following the scheduled drawing date.

We will give You at least 14 days notice when changes to the initial terms of the Direct Debit Request arrangement are made.

If you wish to discuss any of the notified changes please contact our customer service team by email at support.apac@bambora.com.

Your Rights

Changes to the Arrangement

If you want to make changes to the drawing arrangements, please contact our customer service team by email at support.apac@bambora.com.

These changes may include:

Deferring the drawing;
Altering the schedule;
Stopping an individual debit;
Suspending the Direct Debit Request;
Cancelling the Direct Debit Request completely.

Enquiries

Direct all enquiries to Us, rather than to your financial institution, and these should be made at least 3 Business Days prior to the next scheduled drawing date. All communication addressed to Us should include Your:

Business name
Contact person’s name
Contact person’s Email Address
Contact telephone number

We will not disclose to any Person any information You give Us on your Direct Debit Request, which is not generally available, unless:

You dispute any amount We draw under Your Direct Debit Request
You consent to that disclosure; or
We are required to disclose that information by law.

Disputes

If You believe that a drawing has been initiated incorrectly, We encourage You to take the matter up directly with Us by contacting Our customer service team by email at support.apac@bambora.com.

If You do not receive a satisfactory response from Us within 14 days, contact your financial institution who will respond to You with an answer to Your claim:

Within 5 Business Days (for claims lodged within 12 months of the disputed drawing); or
Within 30 Business Days (for claims lodged more than 12 months after the disputed drawing)

You will receive a refund of the drawing amount if We can not substantiate the reason for the drawing.

Note: Your financial institution will ask You to contact us to resolve Your disputed drawing prior to involving them.

Your Commitment to Us

It is Your responsibility to ensure that:

Your nominated account can accept direct debits (Your financial institution can confirm this); and
On the drawing date there is sufficient cleared funds in the nominated Account; and
You advise Us if the nominated Account is transferred or closed
You advise us of your new credit card expiry date (if applicable).

If Your drawing is returned or dishonoured by Your financial institution You will receive an email explaining that the Direct Debit Request has been declined and that you may be charged a dishonour fee. The drawing and dishonour fee will be recovered by re-drawing on your account in 7 days. We will charge You for any fees charged to Us by your financial institution as a result of the decline.

If the re-drawing from Your account is again declined We may recover the drawing and fees via the next scheduled settlement.

Additional Terms Relating to Scheme Card Processing Services via Your Facility

These terms apply where You have selected payment processing services for Scheme Cards

1. Definitions

For the purposes of this Schedule the words and expressions set out below shall have the following meanings:

“Cardholder” means a person to whom the Scheme Card has been issued.

“Chargeback” means a transaction that a Cardholder disputes that appears on their Scheme Card statement and is subsequently reversed back to the Cardholder.

“ecommerce/MOTO Merchant Facility ID” means that identification number supplied by either a bank or an issuer that allows You to accept Scheme Card payments via the internet or telephone.

“Merchant facility provider” means an acquirer that provides You with a merchant facility.

“Scheme Card” means:

a valid financial transaction card issued by a member or affiliate of MasterCard on which the MasterCard marks appear
a valid financial transaction card issued by a member or affiliate of Visa on which the Visa marks appear
a valid credit or charge card issued by either Amex, Diners or JCB.

2. Processing Scheme Card Transactions

Our facility enables You to accept payments from Scheme Cards where you supply an ecommerce/MOTO Merchant Facility ID.

It is Your responsibility to obtain a merchant facility in order to process transactions for Scheme Cards.

Scheme Card transactions are processed online and in real time to Your merchant facility provider.

Payments are settled to Your bank account in accordance with the terms of the merchant agreement You hold with Your merchant facility provider.

3. Chargebacks

Chargebacks are not Bambora’s responsibility and are a matter between You and Your merchant facility provider.

To the fullest extent permitted by law, We exclude all liability for Chargebacks.

4. Processing Times

Processing times are governed by Your Merchant facility provider, however typically:-

Transactions that occur before 6.00pm AEST each business banking day are processed on that business banking day.
Transactions that occur after 6.00pm AEST on a business banking day are processed on the next business banking day.
Transactions that occur on non-business banking days (weekends, public holidays, and bank holidays) are processed on the next business banking day.

5. Authorisation

An authorisation only confirms the Cardholder has funds available to cover the payment, and the card has not been reported lost or stolen. It does not protect You from the possibility of subsequent chargebacks or disputes.

6. Void/Stop Payments

Once a Scheme Card payment has been authorized it cannot be voided or stopped. You must offer the Cardholder a refund or exchange of goods worth the same amount as the original purchase.

7. Refunds

Our payment processing services for Scheme Cards enables You to process Scheme Card refunds electronically.

8. Cardholder Obligations

You must carry out all Your obligations to the Cardholder in connection with a transaction before You pass the transaction information to Us.

You must not make any statement or representation about goods and services which may place Us under any obligation to the Cardholder.

We do not guarantee any Cardholder’s creditworthiness. You cannot claim against Us for any loss You suffer because a Cardholder is not creditworthy.

Additional Terms Relating to Direct Debit Processing Services via your Facility

These terms apply when you have selected Direct Debit Processing Services via your Facility

1. Definitions

For the purposes of this Schedule the words and expressions set out below shall have the following meanings:

“ADI” means an Authorized Deposit Taking Institution.

“Account Holder” means the authorized signatory of the Bank Account.

“BECS” means Bulk Electronic Clearing System

“Direct Debit” means a debit transaction processed to a Bank Account

“Dishonour” means a transaction that is subsequently reversed back to the Account Holder.

“Bank Account” means a valid financial account held with an ADI that is a member or affiliate of the BECS payment system

“User ID” means the identification number supplied by Your bank that allows You to accept direct debit payments.

2. Processing Direct Debit Transactions

This facility enables You to accept Direct Debit transactions (Where You supply a Direct Debit User ID)

Direct Debit transactions are lodged with Us in real time and processed to the bank in an end of day batch.

Payments are settled to Your Bank Account in accordance with the Direct Debit User ID Agreement You hold with Your bank

3. Dishonours

Bambora is not responsible for dishonours and dishonours are a matter between You and Your bank and or the Account Holder.

To the fullest extent permitted by law,We expressly exclude all liability for Dishonours.

4. Processing Times – Direct Debits

Transactions that occur before 4.00pm AEST each business banking day are processed on that business banking day.
Transactions that occur after 4.00pm AEST on a business banking day are processed on the next business banking day.
Transactions that occur on non-business banking days (weekends, public holidays, and bank holidays) are processed on the next business banking day.

5. Receipt

A Bambora receipt number only confirms that the payment has been submitted to the bank for processing. It does not protect You from the possibility of subsequent Dishonours or disputes.

6. Void/Stop Payments

Once a Direct Debit payment has been lodged it can be voided or stopped until the status has changed to submitted. After the status has changed to submitted or cleared You must offer the Cardholder a refund or exchange of goods worth the same amount as the original purchase.

7. Refunds

The Direct Debit Payments Processing Service does not allow You to process refunds electronically.

8. Account Holder Obligations

You must carry out all Your obligations to the Account Holder in connection with a transaction before You pass the transaction information to Us.

You must not make any statement or representation about goods and services that may place Us under any obligation to the Account Holder.

We do not guarantee any Account Holder’s creditworthiness. You cannot claim against Us for any loss You suffer because an Account Holder is not creditworthy.

Terms Relating to Third Party Products:

These terms apply when you have selected a product provided by a third party (“Third Party Product”) in conjunction with our Services:

You agree to be bound by any terms of service related to the Third Party Product (as may be amended from time to time) required by the Third Party Product provider (“Third Party Terms”).
The Third Party Terms and any other documentation applicable to Third Party Product and/or the Third Party Product APIs are subject to change at any time, and it is your responsibility to periodically review the Third Party Terms and documentation in order to ensure that you are aware of, and comply with, the applicable requirements.
Your access to and use of a Third Party Product is based on your own evaluation and at your own risk.
Bambora disclaims all responsibility and liability for your use of a Third Party Product or the related Third Party Product APIs or documentation that are in breach of the Third Party Terms or the Payments Processing Service Agreement. You will indemnify Bambora and its affiliates, directors, officers, employees against all liabilities, damages, losses, costs, fees (including legal fees) and any expenses relating to any allegation relating to your misuse of any Third Party Product or breach or violation of the Third Party Terms.

Appendix 1: Service Level Agreement

1. Introduction

Bambora operates a highly available ecommerce payments platform. This platform is designed to be available 24x7 in accordance with the Service Availability Service Level stated below to ensure merchants and end-users can process transactions at a time that suits them.

2. Purpose

The purpose of this Service Level Agreement is to define:

The service levels offered by Bambora to partners and merchants.
The different types of outage categories and incident priorities.
The process Bambora partners and merchants should follow on discovering an incident.

3. Service Availability

Bambora will use its reasonable endeavours to meet a monthly Service Availability of 99.9%*.

*Bambora offers this service availability, calculated on a monthly basis. For the purpose of calculating the service availability in a given month, all Bambora scheduled outages and third-party scheduled or unscheduled outages are excluded.

4. Outage Windows

System outages can be classified into the following groups:

Scheduled Outage
Unscheduled Outage
Third-Party Outage

4.1 Scheduled Outage

These outages are defined as a planned window when the system is taken offline for maintenance or release updates.

Bambora will use its reasonable endeavours to provide at least 5 business days’ notice of such outages. This notification will include the following information:

Date and time of scheduled outage
Duration of outage
Client instructions (as appropriate)
Type of outage (e.g. Intermittent or Constant)

4.2 Unscheduled Outage

These outages are defined as unplanned; the service becomes unavailable due to a Bambora issue.

Bambora will immediately notify its Partners and/or Merchants of any unscheduled outage. This notification will include the following information:

Nature and priority of the incident
Impact of the incident
Steps being taken to rectify the problem
Client instructions (as appropriate)

4.3 Third-Party Outages

These outages are defined as planned or unplanned windows when the system becomes unavailable due to maintenance or issue at a third-party supplier to Bambora.

For the purposes of notification, Bambora may treat a third-party outage as either an unscheduled or scheduled outage. However, Bambora may not always be able to provide a minimum notice period of 5 business days for scheduled third party outages.

4.4 Outage notifications

All outage notifications will be published via Status Page with a follow up email sent to those partner and/or merchant contacts subscribed to the Bambora Status Page.

Merchants and/or partners may subscribe to the Bambora Status Page by clicking on the “subscribe to updates” button available at www.status.bambora.com and selecting the relevant components. If you are unsure of which components are required, please contact our Support Team for further assistance.

5. Bambora Support Centre

5.1 Bambora Support Hours

Bambora support hours are 8.00am to 6.00pm AEST/AEDT Monday to Friday.

5.2 Reporting an Incident

Bambora will use its reasonable endeavours to respond to all incident reported to Bambora in accordance with the response and resolution times stated in Section 5.2.1 below.

The Bambora Support team are available 24 x 7 for Priority 1 incidents and outages. We request all Priority 1 & 2 incidents please be reported via phone to 1300 721 163 with a follow up email to support.apac@bambora.com

All other incident priorities should be reported via email to support.apac@bambora.com.

5.2.1 Incident Priority

Bambora will determine the priority level in accordance with the classifications stated below:

Priority 1. Critical issue impacting production services Examples of service issues are: Payment processing outage.

Priority 2. Major issue impacting production services resulting in a degraded state and/or intermittent issues. Examples of service issues are: Intermittent payment processing outage, delayed batch processing.

Priority 3. Issue impacting production services resulting in partial or non-critical impact to a service. Example of affected services are: Standard reporting services.

Priority 4. Issue occurring on non-production service or a single-user issue

5.2.2 Incident Response & Resolution Times

Priority 1. Response: 15 Mins | Resolution: 4 Hours
Priority 2. Response: 1 Hour | Resolution: 2 Bus. Days
Priority 3. Response: 2 Hours | Resolution: 5 Bus. Days
Priority 4. Response: 1 Bus. Day | Resolution 20 Bus. Days

Note: Incident Management SLA timeframes are calculated based on the aforementioned Support Hours.

5.3 Requesting Assistance

The Support Team at Bambora is available as per our standard Support hours of 8.00am to 6.00pm AEST/AEDT Monday to Friday to assist our customers with questions relating to how to use the system.

To log a request please email your question to support.apac@bambora.com.

5.3.1 Request Priority

Bambora will prioritise all requests for such “how to” assistance or information as per Priority 5 below:

Priority 5. A Service Request is deemed to be a request from a customer for information on how to use their Bambora service.

5.3.2 Request Response & Resolution Times

Priority 5. Response: 1 Bus. Day | Resolution: 10 Bus. Days

SCHEDULE 1

Core Payments Service Description

Bambora BackOffice

Bambora Backoffice provides access to all relevant payment information stored on Our platform.

Core functionality includes the following capabilities:

User ID and Password protected access
Your staff will have the ability to perform the following:
- view an IP log of their access to the system.
- view and update their preferences (password and email address)
- run reports
- view transaction history
- administration staff to enable/disable operator User ID’s

Further detail can be found here: https://dev-apac.bambora.com/c...

We will provide the following reports:

Daily Settlement Reconciliation Report
Full Transaction Detail
Dishonoured Direct Debit Report

Reports can be:

Manually generated via Backoffice
Scheduled and emailed to specified recipient(s) inboxes (configured in Backoffice)
Retrieved using Bambora’s Reports API

Standalone Checkout (HPP)

A Level 1 PCI compliant hosted payments page template with some branding capabilities that does not integrate into Your application or website. The template can also be incorporated as an iFrame on Your website. The standalone checkout solution is device agnostic rendering responsively for web, mobile and tablet devices.

Integrated Checkout (iHPP)

A Level 1 PCI compliant integrated hosted payments page that accepts transaction data such as amount and customer reference prior to the end-user entering their card details. Transactions are processed in real time and responses are displayed to the end-user. A notification is sent back to You in real time for update of internal systems.

Custom Checkout

A set of Level 1 PCI compliant hosted card input fields integrated into Your application / website and presented on Your own checkout page. This provides You with the ability to retain control over UI/UX as with native DOM elements. The card input fields are device agnostic rendering responsively for web, mobile and tablet devices.

Transactions are processed and a notification of the transaction result is sent back to You in real-time for update of internal systems via the Payment API service.

Using the Payment API service, it is also possible for You to create its own standalone page using Custom Checkout. This will ensure the payment page is on Your web domain and not a Bambora web domain.
Further detail can be found here: https://dev-apac.bambora.com/c...

API – Payment Integration

API stands for Application Programming Interface and is a software intermediary that allows two applications to talk to each other. Our set of APIs are composed of 4 different endpoints:

Payment API – used to submit transactions for processing and links to Your hosted web facilities. Payments are processed in real time to Your settlement account. API functions such as Purchase, Auth, Capture, Refund & Void are offered as well as the ability for You to query the transaction results. Tokenisation of credit card details also available for recurring or future payments. Further detail can be found here: https://dev-apac.bambora.com/c...
Report – used to generate real time reports
Batch – used to submit a batch of transactions, authorise a previously uploaded file for processing or retrieve results for a batch of transactions previously submitted
SIPP – used to perform SIPP (Statement, Invoice Presentment & Payments) related activities such as registering a new end-user or tokenising a credit card

Mobile Software Development Kit (MSDK)

This solution provides You the ability to accept payments within native mobile apps across both iOS and Android platforms.
Features of the SDK include:

Registering cards
Managing cards
Token Payments
Card payments
Card.io
Handling errors
Customising the registration form
Customising the Card Payment form

Further detail can be found here: https://dev-apac.bambora.com/c...

Card Payment Processing

We can support the following scheme-based payment types:

Visa
Mastercard
Amex
Diners Club
JCB

It is the Your responsibility to obtain an online card-not-present merchant facility in order to process transactions through the above schemes.

Direct Debit/Credit

Direct Debit is used when an end-user requests You to debit funds from their bank account to pay for goods/services, often on a recurring basis. Direct Debit files are only processed on business days – excluding weekends and national public holidays.

Direct Debit Payment Submission Channels

API – SingleSubmit (SOAP API) with disbursement fields
PRM – One off, Recurring Schedule
RCP – One off, Recurring Schedule
Batch – You provide a file via API, SFTP or PRM containing a batch of CC purchase, auth or capture transactions or DD payments
Payment Pages

Direct Debit Transaction Life Cycle

When adhoc and/or payment Direct Debit transactions are submitted to Our system, high level validations are performed, and if successful, transactions will have a status of ‘LODGED’. At 4pm the daily Direct Debit process is run. Transactions up until the 4pm cut off are collected in an ABA file and transferred to each bank for processing. All the transactions will have their status updated to ‘SUBMITTED’. Funds usually settle to Your account overnight less any dishonours.

If dishonours are returned to Us in the subsequent minutes and days, the individual transactions will have their status updated to ‘SUBMITTED/DISHONOURED’. If no dishonours have been received for 3 days, the transactions will have their status updated to ‘SUBMITTED/CLEARED’. There will be a drawback of funds from You for any dishonours that can come through up to 4 days after being submitted.

We can support direct debit and direct credit from the following financial institutions:

ANZ
Heritage Bank
Bendigo Bank
CitibankNAB
St George
Westpac
Bank of Melbourne
Bank of SA

It is Your responsibility to obtain an APCA ID from their financial institution to process payments via direct debit.

Tokenisation

Tokenisation is the process We use to store sensitive card details in a secure manner. Our Tokenisation Service encrypts every piece of confidential payment data your end-user supplies and stores it in our PCI Level 1 certified server. A unique Token representing the card information is generated by Us and returned to You for later use. The new Token will be used in place of the card number for subsequent payments and multiple operations. Further detail can be found here: https://dev-apac.bambora.com/c...

Customer Registration – Credit Card & Bank Account

Customer Registration allows You to store a credit card or bank account against a unique reference (Customer Number) for future use with Us. The unique reference can subsequently be submitted by You for future recurring or one click payment requests. Once the Customer Number is submitted, We will look up the corresponding card or bank account data and process the transaction as normal.

Further detail can be found here: https://dev-apac.bambora.com/c...

Pre-Authorisation

A pre-authorised transaction is a temporary hold of funds on an end-user’s card for the purpose of a future payment transaction. After a pre-authorisation has been completed and if You want to proceed with the transaction, You must send a follow up capture request to notify Us to initiate the settlement process and charge the end-user.

Account Verify ($0 pre-authorisation)

Similar to a Pre-Authorisation however no amount is captured nor will require cancellation or completion. This feature is used to check the validity of a card.

Purchase

A Purchase transaction is used to request authorisation from the issuer of a credit card and, if successful, initiate the settlement which debits the funds from the end-user’s card. This is a one step process for authorisation and capture of the funds from the end-user’s card.

Recurring Payment Processing

The ability to create a payment schedule for end-users, allowing the processing of recurring (variable or fixed amount) payments in a secure, integrated and efficient manner. Recurring payments can be set up via Bambora Backoffice or API. A schedule can be set up on a pre-registered end-user whose details are stored in Our system or the end-user’s details can be submitted in the schedule request.
Further information can be found here: https://dev-apac.bambora.com/c...

Batch Processing

Batch Processing is ability to securely process a large volume of payments via uploading a file. Payments can be variable in amounts for multiple end-users at the same time. The file can be uploaded via Bambora Backoffice, API or SFTP. Links to Your hosted web facilities
Further detail can be found here: https://dev-apac.bambora.com/c...

Declined Payment Management System (DPMS)

We offer an advanced automated service for reprocessing failed recurring payments due to declined credit card or dishonoured bank account transactions. Failed payment declined codes include ‘insufficient funds’, ‘invalid accounts/card number’ & “expired credit card'. The service is designed to reduce manually dealing with failed payments. DPMS is configured to upload, manage and monitor the associated transactions via BackOffice.

Disbursements

Disbursements is the act of paying out funds previously collected. You can set this up for funds to be disbursed to a single bank account or many. Funds are transferred using Direct Credit process.

Surcharging

A Surcharge is an amount added on top of the goods/services amount to pay and allows for You to recoup some or all of the cost You incur in processing the payment. The amount can be either a percentage of the amount to pay or a fixed amount or a combination of fixed amount and percentage. Surcharges can be applied to Credit Card/Debit Card or Bank Account transactions. We can facilitate Surcharging through most of our solutions (excluding Batch Processing) and You can establish a fixed or variable (or combination of both) rate to apply to transactions:

Based on scheme type
Based on card subtype of Visa and Mastercard scheme types (Differential Surcharging)
- Domestic prepaid
- Domestic debit
- Domestic credit
- International prepaid
- International debit
- International credit
- Unknown/Undetermined

If required, the transaction can be split into two transactions that settle into different accounts. Each transaction would use a different MID and will generate multiple rows on the end-user’s credit card statement.

Interactive Voice Response (IVR)

Bambora Flash IVR is an off the shelf product giving You a simple pay-by-phone payment service which allows an end-user to make card payments to You over the phone in a secure PCI compliant manner.

Payments can be captured with reference data like an invoice or account number for easy reconciliation of payments.
Multiple payments allowed within same call for end-users wanting to pay for multiple goods and services.
Accepts all major credit cards (Visa/Mastercard/Amex/Diners).
Simple, convenient and fast way for end-users to make a credit card payment over the phone at any time of the day, 7 days a week.
Consolidated transactions and Settlement reporting (via Administration Portal) with Our other payment channels.

SMS Payments

SMS Payments provides the ability for Your operator to send an SMS to an end-user’s mobile device. The SMS provides a link to a payments page optimised for mobile devices. The end-users will have the ability to input their payment instructions including via Card Capture IO for card details. You have visibility across each stage of the process completed by the end-user to support whilst on the phone without getting exposure to the card details.

You have the following configuration choices as part of this service:

Define the name presented within the SMS
Payment types available through the checkout page
Style and configuration of the payment page
Pre-populated non-payment fields populated by You
Mandatory and optional fields to be inputted by the end-user
Sending out bulk SMS notifications to multiple end-users

Fraud Checking

Velocity rules

A transaction monitoring service to approve or decline transactions in real-time based on defined rules.

3D Secure v1

Authentication of the end-user through “Verified by Visa” and “MasterCard SecureCode” which shifts the liability for chargeback losses to the issuing bank.

The protocol ties the financial authorisation process with an online authentication. This authentication is based on a three-domain model:

Acquirer Domain - the merchant and the bank to which money is being paid.
Issuer Domain - the bank which issued the card being used.
Interoperability Domain - the infrastructure provided by the card scheme, to support the 3-D Secure protocol including the internet, MPI, ACS and other software providers.

Further detail can be found here: https://dev-apac.bambora.com/c...

ReD Shield

A real-time, multi-tiered fraud solution to support transactions and identify validation to isolate potentially fraud. ReD Shield uses machine learning models, predictive and behavioural analytics, end-user profiling techniques, transaction rules and shared data.

Fraud rules include:

Geo IP and IP address validation,
BIN list blocking,
Global blacklist data validation,
Pattern detection engines and
Neural network rating

Further detail can be found here: https://dev-apac.bambora.com/c...

Payment Facilitation

Bambora offers a merchant account capable of processing payment across Visa, Mastercard and AMEX card schemes.

Settlement will occur in the Merchant's account 3-days after the transaction minus Bambora fees.

Bambora will process Visa and Mastercard applications separately to AMEX applications. Company has the option to apply for just Visa/Mastercard or also AMEX.

Bambora provides the following services as part of this solution:

Blended surcharge rate that includes card gateway processing.
Separate surcharge rate for AMEX and Visa / Mastercard.

Bambora requires the following information to complete the appropriate AML/KYC/Credit checks:

Completed Bambora Agreement,
Audited financial statements if CC volumes are above threshold,
Identification documents of nominated individuals,
Proof of address documents of nominated individuals,
Proof of licenses of nominated individuals, and
Bank account verification,
Three of the most recent merchant statements.

Online Payments (Payment Facilitation)

1. DEFINITIONS

2. APPROVAL TO USE PAYMENT SERVICES

3. Data Security Standards

4. WEBSITE REQUIREMENTS

5. CARD ACCEPTANCE REQUIREMENTS

6. SURCHARGING

7. TRANSACTION RECEIPT

8. INVALID OR UNACCEPTABLE TRANSACTIONS

9. SETTLEMENT OF TRANSACTIONS

10. INTELLECTUAL PROPERTY

11. REPRESENTATIONS AND WARRANTIES BY YOU

12. NO WARRANTIES BY US

13. EXCLUSION OF LIABILITY

14. TERMINATION AND SUSPENSION

15. ASSIGNMENT

16. AUSTRALIAN DOMICILE REQUIREMENTS

17. GOVERNING LAW

18. AMENDMENT

19. NOTICES

20. INDEMNITY AND SET-OFF

21. CARDHOLDER’S CREDITWORTHINESS

22. CONFIDENTIAL INFORMATION AND PRIVACY

23. SEVERABILITY

Schedule 1

Fees and Charges

General Principles

Bambora Fees

Payments Processing Services (Gateway)

1. Parties

2. Definitions

3. Contractual Relationships

4. Contract Term

5. Payments Processing Service

6. Service Levels

7. Declines

8. Enquiries and Statements

9. Reporting Errors

10. Security

11. Variations and assignment of Agreement

12. Termination

13. Fees and Payment

14. GST

15. Intellectual Property

16. Exclusivity

17. Confidentiality

19. Exclusion of Liability

20. Limitation of Liability

21. No representation or reliance

22. Force Majeure

23. Severability

24. Privacy

25. Governing Law

26. Entire Contract

27. Notices

28. Audit and Information Rights

29. Right to Suspend

Additional Terms Relating to Your Direct Debit Request

Bambora Direct Debit User Information

Drawing arrangements

Your Rights

Changes to the Arrangement

Enquiries

Disputes

Your Commitment to Us

Additional Terms Relating to Scheme Card Processing Services via Your Facility

1. Definitions

2. Processing Scheme Card Transactions

3. Chargebacks

4. Processing Times

5. Authorisation

6. Void/Stop Payments

7. Refunds

8. Cardholder Obligations

Additional Terms Relating to Direct Debit Processing Services via your Facility

1. Definitions

2. Processing Direct Debit Transactions

3. Dishonours

4. Processing Times – Direct Debits

5. Receipt