This End User License Addendum, together with Datatel’s Privacy Policy, adds additional terms and conditions to the IVR Secure Payment Solution Order Form between Customer and ReCo. The terms of this Addendum apply to Customer’s use of any of Datatel’s Hosted Payment Applications (the “Application”), including use of i) CryptoIVR, ii) WebPay, iii) Power Payment Links, and iv) any other Datatel Payment Applications that process Card transactions.

The terms of this Addendum shall take precedence in the event of any conflict between the terms of this Addendum and the IVR Secure Payment Solution Order Form. By subscribing, accessing or using the Application Customer agrees to be bound by the terms of this Addendum. Furthermore, by accepting this Agreement, Customer agrees to Datatel’s Privacy Policy located at https://www.datatel-systems.com/privacy-policy/ (the “Privacy Policy”). If Customer does not agree to the terms of this Addendum, Datatel is not willing to license any right to use or access the Application to Customer and Customer may not access or use the Application.

DEFINITIONS

1. (a)  “Card” means any valid credit card o rdebit card bearing the name and logo of Visa®, MasterCard®, American Express® or Discover® credit card associations or the issuer of any other credit card or debit card of any association or network.
2. (b)  “Card Association” means Visa®, MasterCard®, American Express® or Discover® or the issuer of any other Card.
3. (c)  “Card Association Rules” means rules, regulations, standards, policies, manuals and procedures published and implemented from time to time by any one or more Card Association(s), including, but not limited to, the Payment Card Industry Data Security Standard.

APPLICATION ACCESS AND USE LICENSE

The Application is licensed to Customer, not sold. Except for the limited license granted in this Addendum, Datatel and its licensors retain all right, title and interest in the Application, all documentation thereof, and all proprietary rights in the Application, including copyrights, patents, trademarks and trade secret rights.

1. GRANT OF LICENSE.

This Addendum grants Customer the following rights, as applicable:

1. (a)  License. In exchange for any fees charged under separate invoice and conditioned on your continued compliance with this Addendum, Datatel grants Customer a royalty free, revocable, nontransferable, nonexclusive license during the Term to use the Application solely for use within Customer’s organization in connection with payment processing services provided by Customer’s third-party gateway service provider.
2. (b)  Third Party Applications and Services. The Application may interact with Third Party applications and services that are not affiliated with Datatel and over which Datatel has no control (“Third Party Services”). Any use of or interaction with Third Party Services is at your own risk and Customer hereby agrees to (i) comply with all terms of service or other agreements applicable to the Third- Party Services and (ii) indemnify and hold harmless Datatel and its licensors from any claims arising from your breach of such terms of service.
3. (c)  Term. The license will commence on the activation date for Customer’s Application and continue in effect until the Services are terminated as provided for in the Master Service Agreement.

2. LIMITATIONS ON LICENSE.

The license to the Application granted to Customer under this Addendum is restricted as follows:

1. (a)  Limitations on Reverse Engineering and Copying. Customer may not reverse engineer or create works derivative of the Application or use the Application to create any competing product.
2. (b)  Sublicense or Rental for Third-Party Use. Customer may not assign, sublicense, rent or otherwise transfer or use the Application for the benefit of a third party or to operate a service bureau, except as otherwise provided in the Agreement.
3. (c)  Proprietary Notices. Customer may not remove any proprietary notices (e.g., copyright and trademark notices) from the Application Documentation.
4. (d)  Use in Accordance with Documentation. All use of the Application shall be in accordance with its then current documentation.
5. (e)  Compliance with Applicable Laws. Customer shall be solely responsible for ensuring that Customer’s use of the Application complies with all applicable federal, state, provincial, and local laws, and rules and regulations, including any applicable Card Association Rules.
6. (f)  Confidential Information. Customer acknowledges and agrees the Application and all associated documentation constitute valuable proprietary intellectual property and Confidential Information of Datatel or its licensors, and that in addition to any other remedies that may be available in law, in equity or otherwise, Datatel shall be entitled to obtain injunctive relief to prevent such unauthorized use or disclosure. Customer shall not use any information or data disclosed by Datatel in connection with this Addendum to contest the validity of any Datatel intellectual property. Any such use of Datatel’s information and data shall constitute a material, non-curable breach of this Addendum.

3. ACCEPTABLE USE POLICY

3.1 Service Restrictions. Customer will, at all times, use the Services only as permitted by the Agreement and shall comply with all applicable Laws and Regulations in using the Services. Customer may not:

1. (a)  use the Application for any unlawful purpose, including misleading, deceptive, fraudulent or otherwise illegal activities, such as engaging in phishing or otherwise obtaining financial or other Personal Information for fraudulent or misleading purposes; initiate, submit, complete or otherwise engage in Transactions involving illegal goods or services; or to impersonate any other person or misrepresent Customer’s affiliation with any person or entity;
2. (b)  use the Application to infringe any third party’s intellectual property rights, contractual rights, privacy rights, defamation rights, or any other legal rights, including by the submission of any material;
3. (c)  use the Application in a manner that is libelous, defamatory, threatening, harassing, malicious or harmful to any third party, or in a manner that is invasive of their privacy;
4. (d)  interfere with, or attempt to interfere with, the Application in a way that could interrupt, damage, overburden, or limit the functionality the Services or compromise Security; for example, by fraudulently hacking into the Application or by inserting malicious code, such as viruses, bots, worms or harmful data into any systems, services or servers used by or with the Application;
5. (e)  collect, harvest or record any information or data from, or attempt to decipher any transmissions to or from any systems, services or servers used by or with the Application, including without limitation by using or launching any automated system, “robot” or “spider” to access the Services.

3.2 Customer Data. Customer is solely responsible for all Customer Data that they share with Datatel and Customer will not use the Application to share, transmit or collect any data or Personal Information that Customer does not have a lawful right, or applicable consent if required, to use for the Application’s intended purpose, including any Customer Data that:

(a) infringes any third-party intellectual property rights, privacy rights or Applicable Laws; or (b) violates any third-party confidentiality or fiduciary obligations that Customer might have; or (c) Customer does not have consent from the owner of such Personal Information if required;

Datatel may take remedial action if Customer Data violates this Section 3.2, however, Datatel is under no obligation to review Customer Data for accuracy or potential liability. Customer grants to Datatel a worldwide, royalty-free, non-exclusive license to use, host, copy, transmit, display, modify and create derivative works of the Customer Data that is shared or collected for the purposes of providing the Services to Customer during the Term.

3.3 Administration Portal Access and Security. Customer is provided with User accounts for their staff to access the Application’s administration portal, such as for viewing or extracting usage reports. Datatel shall supply a unique user identification name and password (“UserID”) for each staff User. Users may only access and use the Services with their assigned UserID. Customer is responsible for ensuring that UserIDs are not shared, and that Users retain the confidentiality of their UserIDs. Customer is responsible for any and all activity occurring under the UserIDs associated with Customer’s Account. Customer will promptly notify Datatel of any actual or suspected unauthorized use of the Services. Datatel may require that a UserID be replaced at any time.

4. CARD ASSOCIATION RULES.

Customer acknowledges and understands that, in connection with its acceptance of Cards and use of the Application under this Agreement, Customer is obligated, at its own expense, to comply with all Card Association Rules and guidelines including without limitation, Payment Card Industry Data Security Standards (“PCI DSS”), Visa’s Cardholder Information Security Program, MasterCard’s Site Data Protection Program and the Discover Information and Security Compliance program. Customer shall not use the Application in any manner, that may introduce excessive risk into the system or to Datatel.

5. COMPLIANCE RESPONSIBILITIES.

5.1 Validating Compliance. For purposes of Datatel’s compliance obligations under Card Association rules, Datatel may verify that Customer is performing its Card Association compliance responsibilities as required under this Agreement, and:

1. (a)  Datatel may request, and Customer agrees to provide information about Customer’s compliance with Card Association Rules, including, without limitation, validation of compliance by a Qualified Security Assessor and/or a self-assessment questionnaire as may be prescribed by PCI.
2. (b)  If Datatel determines that Customer is not in compliance with Card Association Rules, or is introducing excessive risk into the system, Customer will promptly take appropriate action to remedy the non-compliance.
3. (c)  Datatel may terminate this Agreement and/or suspend Customer’s use of the Services in the event that Datatel reasonably determines that Customer has become ineligible to use the Services.
4. (d)  Customer agrees to reimburse Datatel for any fines, fees and penalties issued by Visa, MasterCard, Discover or any card association arising out of or relating to your usage of the Application to process transactions.

6. WARRANTY DISCLAIMER.

THE APPLICATION IS PROVIDED ON AN “AS IS” BASIS. DATATEL AND ITS LICENSORS DISCLAIM ALL WARRANTIES OR CONDITIONS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, MERCHANTABLE QUALITY, DURABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND THOSE ARISING BY STATUTE, IN LAW OR FROM A COURSE OF DEALING OR USAGE OF TRADE. DATATEL DOES NOT WARRANTTHAT THE APPLICATION WILL MEET CUSTOMER’S REQUIREMENTS, OR WILL OPERATE UNINTERRUPTED OR ERROR-FREE. CUSTOMER EXPRESSLY ACKNOWLEDGES THAT ALTHOUGH DATATEL USES COMMERCIALLY REASONABLE EFFORTS TO PROTECT DATA, DATATEL DOES NOT GUARANTEE ABSOLUTE SECURITY. THE APPLICATION MAY BE USED TO ACCESS AND TRANSFER INFORMATION OVER THE INTERNET AND/OR THE PUBLIC TELEPHONE NETWORK. CUSTOMER ACKNOWLEDGES AND AGREES THAT DATATEL DOES NOT OPERATE OR CONTROL THESE NETWORKS AND THAT: (I) VIRUSES, WORMS, TROJAN HORSES, OR OTHER UNDESIRABLE DATA OR SOFTWARE; OR (II) UNAUTHORIZED USERS (E.G., HACKERS) MAY ATTEMPT TO OBTAIN ACCESS TO AND DAMAGE YOUR DATA, WEB SITES, SYSTEMS, OR NETWORKS. DATATEL SHALL NOT BE RESPONSIBLE FOR SUCH ACTIVITIES. YOU ARE SOLELY RESPONSIBLE FOR THE SECURITY AND INTEGRITY OF YOUR DATA AND SYSTEMS AND YOUR USE OF THE APPLICATION. DATATEL IS COMPLIANT WITH THE CURRENT PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (“PCI DSS”), AND SHALL MAINTAIN COMPLIANCE WITH CURRENT PCI DSS IN EACH YEAR DURING THE TERM AND RENEWAL TERM, EXCEPT FOR EXCLUSIONS CONFIRMED BY DATATEL’S THIRD PARTY AUDITORS AND VISA TO BE OUT OF SCOPE BASED ON CURRENT PCI DSS AND DATATEL’S SERVICE DESCRIPTION AS LISTED AND JUSTIFIED IN THE CURRENT DATATEL PCI DSS AOC AND THAT DATATEL IS AN APPROVED DATA STORAGE ENTITY (“DSE” – REG. # 12133) AND A THIRD PARTY AGENT (“TPA” – MERCHANT SERVICER, AGENT BID # 10069048), AS ISSUED BY VISA AND MASTERCARD RESPECTIVELY. CUSTOMER’S PCI DSS STATUS IS DEPENDENT UPON CUSTOMER’S COMPLIANCE FOR PCI ITEMS NOT INCLUDED AS PART OF THE SERVICES AND, THEREFORE, DATATEL DOES NOT REPRESENT, WARRANT OR GUARANTEE THAT CUSTOMER WILL BE COMPLETELY COMPLIANT WITH PCI DSS.

7. LIMITATION OF LIABILITY.

Except for claims that the Hosted Application infringes the intellectual property of a third-party, and to the maximum extent permitted by law, in no event shall Datatel or its licensors be liable to Customer or to any third party for any cover, set-off, special, indirect, consequential, incidental, punitive damages, or any other damages, including without limitation for lost profits, lost data and business interruption, arising out of the use or inability to use the application, whether such damages arise in contract or tort, including negligence or otherwise. In any case, the entire liability of Datatel and its licensors arising from this addendum for all damages of every kind and type, whether such damages arise in contract or tort, including negligence or otherwise, shall be limited to the Fees actually paid by Customer for the Services within the three (3) month period immediately preceding the date on which the cause of action arose. It is expressly understood and agreed that in the event any remedy hereunder is determined to have failed of its essential purpose, all limitations of liability and exclusions of damages set forth herein shall remain in effect.

8. INDEMNITY.

Customer agrees to indemnify, defend and hold harmless Datatel and its agents, affiliates, and licensors from and against any and all third-party claims of any kind arising out of, resulting from, or in connection with your breach of this Addendum or your use of the Application.