Terms & Conditions - Digital River - EN

Terms & Conditions

Connector Solution

Commerce Solution

Terms and Conditions

These Terms were last updated on April 20, 2021.

General Terms and Conditions

  1. General Terms and Conditions.
    1. These Terms and Conditions (“Terms”) Govern our Solution. WHEN YOU SIGN AN ORDER FORM WITH US, OR CONTINUE TO USE OUR SOLUTION AFTER THE “LAST UPDATED” DATE OF THESE TERMS, YOU ARE AGREEING TO THESE TERMS ON BEHALF OF YOUR ORGANIZATION. These Terms refer to Digital River as “us,” “we,” or “our” and to your business organization as “you” or “your”. For purposes of these Terms, we refer to the sale of a license to digital product(s) and the sale of a service use right to services as a “sale” of a “product,” even though digital product(s) and services are licensed and not sold.
    2. The Digital River Goal. Our goal at the Digital River family of companies (including Digital River, Inc., Digital River Ireland Limited, Digital River GmbH and/or DR globalTech, Inc.) is to help you simplify and expand your ecommerce sales on a global basis. We do this by optimizing your trading pattern without your need to invest in the local infrastructures required to manage the complex and ever-changing landscape of local regulations and taxes. You control your shopper experiences, and our solution helps you increase your global sales and comply with applicable laws.
    3. Our Solution; Appointment of Digital River as Reseller. Digital River’s core product is a fully-integrated suite of back-end services – payments, tax, fraud and compliance – called Global Seller Services (“GSS”) that is delivered through our proprietary technology. GSS incorporates and is enabled by our business model, where we act as an online reseller of your products. GSS is bundled with other technological capabilities to offer a product suite designed to facilitate your use of GSS (collectively, the “Solution”), as applicable to your industry segment or vertical. When you use our Solution to sell your products, you appoint Digital River, and Digital River accepts the appointment, to resell and distribute your products to shoppers.
    4. Applicable Terms. Use of the Solution is governed by these Terms, the Standards listed below, and mutually approved Order Form(s) that identifies pricing and specifics for the Solution you order (collectively, the “Agreement”). The Order Form is the only portion of the Agreement you will sign.Standards for the Solution:
      • Service Level Agreement
      • Data Handling Standards
      • Guidelines & Best Practices – Our proprietary guidelines to ecommerce which describe the legal framework(s), Application Programming Interface(s) (“APIs”) and implementation guidance necessary to conduct online commerce in compliance with local regulations using our Solution. These may not be accessed without a non-disclosure agreement between us.
    5. Your Business and Shopper Experience. As between you and us, you are fully responsible for all aspects of your business and shopper experiences, including: (i) your website and online shopping experience; (ii) your online order capture experience (to the extent we are not directly providing the capture experience for you); (iii) your products and services (and the use or misuse of your products and services), any warranties or recalls related to your products and services, and any infringement issues; (iv) shopper relations, including support service for any installation, use, configuration and operation of your products and services; (v) your systems or the systems you procure from third parties, including any downtime, errors or fraud on such systems; (vi) your personnel; and (vii) your compliance with all laws, rules and regulations applicable to your responsibilities, including without limitation those relating to consumer protection, privacy, import or export compliance, money laundering, and data security. In order to connect to and use the Solution you must implement and maintain your ecommerce shopper experience in accordance with the Agreement and APIs for the Solution and territories listed in your Order Form so that your shopper/transaction data follows the rules required to transact business related to the Solution in the applicable territory. If, from time to time, there are material changes to the Agreement and/or APIs as they apply to the Solution (for example, due to changes in local laws or regulations), we will notify you in advance where governmental and regulatory communication timelines permit and you must comply with those changes to continue using the Solution.
    6. Information You Provide. Our Solution is dependent upon the information you provide to us (e.g., we must know about your products in order for our Solution to legitimately resell your products, process payments for your products, calculate any taxes due, and for our software logic to help determine if a purchase is fraudulent), so you must provide to us in a timely manner all information in your control reasonably required by us to comply with our obligations. You must respond promptly to any request for direction, information, or approval that are reasonably necessary for us to deliver the Solution for you or protect our rights under the Agreement. The information you provide must be accurate, true and complete, and if any information is or becomes inaccurate or incomplete, you must immediately notify us, and we may require you to obtain additional risk and/or compliance approval from us and we, as a condition to such approval, may require additional obligations from you. In order to verify your information and compliance with the Agreement and as may be required of us by the card associations, processor/acquiring banks or legal or regulatory payment authorities in connection with our resale of your products through the Solution, we may require you to verify your information or to permit a third party auditor approved by us to conduct an audit of your information, and you must fully cooperate with any reasonable requests for information or assistance by us or the auditor. We may share the reports with the card associations, processor/acquiring banks or legal or regulatory payment authorities used to provide the Solution to you as they require of us.
    7. Fees. You agree to pay our fees and reimbursable expenses for the Solution you order in accordance with applicable Order Form and as calculated under these Terms.
    8. Licenses. During the term of your use of the Solution, (i) we grant you a license to use our APIs and/or administration interface applicable to the Solution solely for your use of the Solution, and (ii) if the Solution requires either of us to use the other party’s trademarks and logos to perform or use the Solution, we each hereby grant the other party a license to do so solely as required in connection with the performance or use of the Solution under the Agreement, and only in the form and with appropriate legends as required by the other party. With your express written permission, we may also include your company name and logo in our marketing materials.
    9. Ownership and Intellectual Property. As between you and us, you own all of your Confidential Information and materials you provide to us, whether electronic or physical, in the course of performing your obligations under these Terms (including without limitation your products, trademarks and logos, as may be applicable) and all proprietary and intellectual property rights thereto. As between us and you, we own the Solution, its constituent parts, our software, marks, logos, work product, information prepared by, provided by, or used by us (other than the materials you provide to us), and any modifications or improvements to them, and all proprietary and intellectual property rights thereto.
    10. Confidentiality and Protection of Personal Data. We and you each agree, as it relates to our or your respective handling of confidential information, to maintain in strict confidence and to use only to deliver or use the Solution or as otherwise authorized by the other party, all information received under the Agreement which is of a confidential nature concerning the other party’s business operations, technical and financial information, employees, suppliers, providers or shoppers (“Confidential Information“). Information will not be deemed Confidential Information if it is or becomes generally available to the public without breach of the Agreement or is independently developed by the non-disclosing party or its personnel or representatives without reliance in any way on Confidential Information of the disclosing party.In connection with our performance, tracking and improvement of the Solution we may disclose Confidential Information to our third-party providers (such as our corporate affiliates, merchant/acquiring banks and contractors) and we will remain liable for any breach by them of this confidentiality provision. You may disclose Confidential Information to your third-party providers who are subject to a written confidentiality obligation no less restrictive than this provision only to the extent necessary for your use of the Solution, and you will remain liable for any breach by them of this confidentiality provision. You or we may disclose Confidential Information required to be disclosed by law or court order so long as the disclosing party provides prompt written notice to the other party (if not prohibited by law), tries to limit the disclosure to the minimum amount required and obtains confidential treatment or a protective order, and, if requested, cooperates with the other party to do so. We may also use and disclose anonymized and/or aggregated information relating to usage of the Solution that does not identify you or any particular shopper or supplier (such as aggregated conversion data to help optimize future sales conversion rates and fraud data to continually improve our anti-fraud logic for future transactions), and we may disclose information stored in our Solution if we believe it is required to do so by law or to reduce risk of credit or other kind of fraud.
      ‌We and you each agree, as applicable, to comply with all applicable data protection and data privacy laws, rules, and regulations as they relate to our or your respective handling, control of and/or processing of personal data (or similar defined terms under applicable laws) as set forth in the Data Handling Standards. We agree to be liable for any breach of this paragraph by our subcontractors or agents, if any are involved in performing the Solution.‌We are committed to maintaining Service Organization Controls (SOC 1 and SOC 2) for financial and security controls. You may visit the Digital River compliance site to request access and review our compliance reports, which are our Confidential Information. Our compliance site is found at https://www.digitalriver.com/compliance..
    11. Change in Circumstances. If you are subject to a material change in circumstances (including without limitation a change in ownership, a material change in your financial condition, a material change in your products or services, or a change in the laws or regulations applicable to your business) that we believe, in good faith, is likely to cause you or us to be in violation of an applicable law, rule or regulation or which represents a significant economic or liability risk to us, we may immediately, on notice to you, (i) require you to establish and maintain a deposit account with us in an amount we in good faith specify, which may be funded by deductions from payments due to you from us, or by charging your account with us, or a deposit by you; (ii) institute a delay in our periodic payments to you; (iii) suspend or limit your use of the Solution; or (iv) terminate this Agreement.
    12. Term. The Agreement governs your use of the Solution until for as long as you use the Solution. The term for each Solution is defined in the Order Form and will automatically renew for one (1) year periods unless either party provides written notice of termination to the other at least ninety (90) days in advance of the end of the then-current term.
    13. Termination.
      1. Either party may terminate the Agreement or an affected Solution (i) upon thirty (30) days’ advance written notice to the other if the other party is in breach of the Agreement and does not cure the breach within the 30-day notice period, or (ii) if the other party initiates or has initiated against it any proceeding under any statute or law for the modification or adjustment of the rights of creditors which is not dismissed within sixty (60) calendar days from the date of filing.
      2. In addition, you may terminate the Agreement or an affected Solution on thirty (30) days’ advance notice if we (i) modify the Agreement or a Solution in a manner that materially impairs the Solution, you provide us written notice of termination detailing the impairment within thirty (30) days after the modification becomes effective, and we do not rectify the impairment within the 30-day notice period, or (ii) consistently and repeatedly fail to make timely payments for sales transactions to you.
      3. In addition, we may suspend or terminate the Agreement or the Solution without penalty immediately upon written notice to you (i) if we determine in good faith that you are in breach of this Agreement as a result of activity that (a) is illegal, (b) is a violation of applicable rules, regulations or guidelines of a card association, processor/acquiring bank, or legal or regulatory payment authority with which we must comply when reselling your products, (c) violates our territorial restrictions for permitted commerce, or (d) violates our restrictions for the types of product we will resell; (ii) if we are directed to do so by a card association, processor/acquiring bank, or legal or regulatory payment authority; or (iii) in accordance with Section 1.11. We will notify you of any suspension or termination of your use of the Solution and where possible will consult with you before taking such action.
      4. Upon termination (or after any applicable wind down period included in the Agreement), (a) you may no longer use the Solution (including any of our software, such as our APIs and/or administration interface) and we will stop providing them, (b) each party must promptly return or destroy the other party’s Confidential Information (and, if requested, provide an officer’s certification of destruction), (c) subject to all legal requirements, we will provide a facility for thirty (30) days for you to export the personal information of shoppers of your products (except their payment information, such as credit/debit card and account information) provided to us when we perform the Solution, after which we may delete shopper data, except to the extent we are required by law to maintain it, (d) we will work with you in good faith to promptly and expeditiously transfer to you the information necessary for recurring payments for products we have resold, provided that you are PCI compliant, the data is transferred in a PCI-compliant manner, and the transfer is compliant with all legal, regulatory, or other requirements applicable to us as the holder of the data, including any applicable notice requirements, which may vary by jurisdiction, and (e) the provisions of the Agreement that require or may require performance after termination will survive.
      5. Following any notice of termination or non-renewal, we may create a deposit from remaining payments due to you in an amount we reasonably estimate to cover potential liabilities associated with providing the services set forth in this Agreement that may occur following the effective date of termination (the “Wind-down Deposit”). After termination of this Agreement, we will release portions of the Wind-down Deposit in monthly steps, as determined in our sole discretion, to account for the decrease in risk exposure until the full Wind-down Deposit is released, no later than one hundred and eighty (180) days following the termination of this Agreement.
    14. Representations and Warranties; Limitations on Liability; Indemnification.
      1. Representations and Warranties. You represent, warrant and covenant that:
        • You have all necessary rights, authorizations, licenses and permits for your operations, and you have undertaken and fulfilled all actions and conditions to enter, to perform under, and to comply with your obligations under the Agreement.
        • You will operate your business, including your websites and online shopping experience(s), in a professional manner in accordance with all applicable laws, rules, regulations and generally accepted standards and practices in your industry, including export/import restrictions relating to your products and services (including without limitation those restricting the parties with whom you or we may engage in business due to their location in an embargoed or sanctioned country or their designation on any governmental Restricted Parties List, and those restricting the sale of products for prohibited end-uses).
        • Your products, services and websites (i) do not contain any viruses, spyware, malware or other disruptive software, or any violent, sexual or otherwise offensive or illegal material that may give rise to civil liability on our part (except with respect to video games, within guidelines acceptable by the governing rating agencies, for which you will remain fully responsible), and (ii) do not violate any product-related laws or infringe or misappropriate any third party intellectual property or proprietary rights.
        • You will only provide us with information, items and materials that are complete, accurate and timely, that you own or otherwise have the right to enter into the Solution or provide to us, and that we may use in connection with the Solution without infringing or misappropriating any third party’s privacy, confidentiality or other rights.
      2. Limited Warranty and Disclaimers. We warrant that we will perform the Solution in a professional manner in accordance with all applicable laws, rules, regulations and generally accepted standards and practices in our industry.YOU ACKNOWLEDGE THAT OUR SOLUTION SUPPORTS YOUR ECOMMERCE BUSINESS AND IS RELIANT UPON YOUR COMPLIANCE WITH THE AGREEMENT TERMS. IF YOU ARE NON-COMPLIANT WITH THE AGREEMENT AND/OR APIs, YOU PROCEED AT YOUR OWN RISK AND WE CANNOT AND DO NOT PROVIDE ANY WARRANTIES FOR OUR SOLUTION, INCLUDING WITHOUT LIMITATION ANY WARRANTY THAT YOUR SALES TRANSACTIONS WILL BE PROCESSED IN ACCORDANCE WITH APPLICABLE LAWS, RULES OR REGULATIONS. EXCEPT AS SET FORTH IN THESE TERMS AND THE STANDARDS, THE SOLUTION IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, AND WE DISCLAIM ALL OTHER WARRANTIES, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
      3. Limitations on Liability IN ACCORDANCE WITH RISK ALLOCATIONS THAT ARE STANDARD WITHIN THE SELLER AND PAYMENT SERVICES INDUSTRY, THE PRICING FOR WHICH THE SOLUTION IS MADE AVAILABLE TO CLIENTS, AND THE REVENUE WE EARN UNDER THE AGREEMENT COMPARED TO THE REVENUE EARNED BY CLIENTS FOR TRANSACTIONS USING THE SOLUTION, RISKS BETWEEN US ARE ECONOMICALLY ALIGNED AS FOLLOWS: THE AMOUNT OF OUR LIALBILITY IS UNLIMITED FOR OUR INDEMNIFICATION OBLIGATIONS UNDER SECTION 1.14.4, OUR PAYMENT OBLIGATIONS, OR TO THE EXTENT WE ARE GROSSLY NEGLIGENT OR COMMIT WILLFUL MISCONDUCT. OTHERWISE YOUR EXCLUSIVE REMEDY AND OUR ENTIRE LIABILITY FOR ANY CLAIM RELATED TO THE SUBJECT MATTER OF THE AGREEMENT, WHETHER IN CONTRACT, WARRANTY, TORT, OR ANY OTHER LEGAL THEORY, IS LIMITED TO THE TOTAL AMOUNT OF ALL RECURRING FEES WE RECEIVED UNDER THE AGREEMENT DURING THE TWELVE MONTHS PRIOR TO WHEN THE FIRST CLAIM AROSE. WE WILL NOT BE LIABLE FOR ANY (i) LOSS OR INTERRUPTION OF BUSINESS, (ii) ACCESS LIMITATIONS, DELAYS, INTERRUPTIONS OR DISTURBANCES TO THE SOLUTION, (iii) MISTAKES, DISTORTIONS OR DELAYS IN TRANSMISSIONS OF ELECTRONICALLY STORED INFORMATION, INCLUDING DISAPPEARANCES OF SUCH INFORMATION, (iv) ACTIONS OR INACTIONS BY YOU OR OF THIRD PARTIES (SUCH AS SHOPPERS OR YOUR SUPPLIERS), (v) AGREEMENTS YOU HAVE WITH YOUR SHOPPERS OR SUPPLIERS, OR FOR YOUR PRODUCTS, SERVICES, OR SYSTEMS, OR (vi) EVENTS BEYOND OUR REASONABLE CONTROL.ALSO IN ACCORDANCE WITH RISK ALLOCATIONS THAT ARE STANDARD WITHIN THE SELLER AND PAYMENT SERVICES INDUSTRY, EXCEPT FOR ANY GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR LIABILITIES WHICH AS A MATTER OF LAW CANNOT BE LIMITED, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, OR FOR LOST PROFITS, LOST REVENUE, OR FAILURE TO REALIZE EXPECTED SAVINGS, ARISING UNDER THE AGREEMENT OR RELATING TO THE SOLUTION, EVEN IF THE PARTY WAS ADVISED OF OR COULD HAVE REASONABLY FORESEEN THE POSSIBILITY OF SUCH DAMAGES. THE LIMITATIONS OF LIABILITY IN THESE TERMS APPLY EVEN IF A REMEDY IS DEEMED TO HAVE FAILED ITS ESSENTIAL PURPOSE. EACH PARTY ACKNOWLEDGES THAT THE OTHER PARTY’S ACCEPTANCE OF THIS SECTION HAS MATERIALLY INDUCED THE OTHER PARTY TO ENTER INTO THE AGREEMENT AND PERMIT THE USE OF AND/OR USE THE SOLUTION. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH JURISDICTIONS, EACH PARTY’S LIABILITY IS LIMITED TO THE EXTENT PERMITTED BY LAW.
      4. Indemnification. Each party agrees to indemnify, defend and hold the other party harmless against any third party claim, and resulting liabilities, damages and expenses, including reasonable attorneys’ fees (“Claims”), that its business, products or services (in our case, the Solution) violate any law, rule or regulation or any third party intellectual property rights, or for its fraud, willful misconduct or gross negligence. In addition, because you are responsible for your products and your business, and because our Solution relies on and processes the information and instructions you provide to us, you agree to indemnify, defend and hold us harmless against any Claims for (i) your failure to comply with Section 1.5 (Your Business), Section 1.6 (Information You Provide), or Section 1.15 (Our “Know Your Customer” and Anti-Money Laundering Regulatory Obligations) of these Terms, and (ii) any failure to comply with applicable laws, rules or regulations to the extent the failure is caused by or results from your instructions, actions or omissions.To be indemnified, the party seeking indemnity must give the indemnifying party prompt written notice of the claim, reasonable assistance and sole authority to defend and settle the claim. In the defense or settlement of an infringement claim hereunder (or if we reasonably believe the Solution or any portion of the Solution does or may infringe the rights of a third party), we will have the option at our expense to (iii) modify the Solution to become non-infringing, or (iv) obtain for you the right to continue using the Solution, or if we determine in our discretion that (iii) or (iv) is not reasonably commercially available, then (v) terminate the Agreement with respect to the Solution and provide you a prorated refund of recurring fees previously received by us hereunder for the Solution corresponding to any period after the effective date of such termination.
    15. Insurance.For so long as this Agreement is in effect plus two years after, we and you must each maintain insurance coverage with reputable insurance carriers of at least: $1,000,000 per occurrence and $2,000,000 in the aggregate for each of the following – products liability, commercial general liability, professional liability/errors and omissions with cyber risk and privacy coverage, and worker’s compensation with statutory limits. A party shall provide the other party with certificates of insurance upon request.
    16. Our “Know Your Customer” and Anti Money Laundering Regulatory Obligations. When we enter into an Order Form with you, we will be taking on online sales related risks on your behalf by acting as your online reseller, processing regulatory requirements, taxes and payments for you and delivering the Solution for you. To set up your account, you must provide us certain information we will request, which includes completing our Know Your Customer account verification form and may include you providing additional information required to comply with anti-money laundering regulations. As part of our diligence, we may engage in any investigation of your finances, activities, and operations that we reasonably deem necessary to confirm your eligibility for and use of the Solution, and you agree to provide us with any information required to complete such investigation. You authorize us to share any information we collect or receive from or about you with the card associations, processor/acquiring banks or legal or regulatory payment authorities. We will also conduct, and you authorize us to conduct, a customary commercial background check for these purposes and to assess the risk of our doing business with you. You agree to provide us with written notice not more than five (5) days after you receive a subpoena, civil investigative demand, or similar request for information from a federal, state, or local government, agency, or entity relating to your products and services sold through the Solution or your use of the Solution. Your failure to provide true, accurate and complete information to us may result in us denying your account registration or suspending or terminating the Agreement.
    17. Modifications. From time to time in the course of our business we may modify the Agreement and/or the Solution (for example, to remain in compliance with changing laws, rules, regulations and market conditions around the world, or as required by the card associations or our third-party providers). We will provide at least thirty (30) days’ advance notice via electronic posting or e-mail of any material change to the Agreement or to the Solution, unless applicable laws or regulatory requirements require us to give earlier notice. We will provide at least forty-five (45) days’ advance notice via e-mail to the Legal Notice email address stated on the Order Form for any changes to Section 1, General Terms and Conditions. If the change materially impairs the Solution, you may terminate the Agreement and your use of the Solution in accordance with Section 1.13.2. Subject to your termination rights in Section 1.13.2, your continued use of the Solution after the effective date of any modification to the Solution or the Agreement constitutes your acceptance of such modification.
    18. Electronic Documents. We provide our documents electronically rather than in paper form. We will notify you that a document is available with a link to that document. At any time and without giving advance notice, we may elect not to send a document electronically, in which case a paper copy of the document will be sent to you at your corporate address on file.
    19. Miscellaneous. These Terms, the applicable Standards, including the Guidelines and Best Practices, and the relevant mutually approved Order Form(s) constitute the entire agreement between the parties with respect to the subject matter hereof and in the applicable Order Form(s), and supersede any previous and contemporaneous agreements and understandings with respect to the subject matter hereof. No provisions in your purchase orders or your other business forms will alter the Agreement. Amendments may only be made by a written agreement in an Order Form executed by authorized officers of both parties and by us in accordance with Section 1.16. If there is any conflict between the provisions in the Agreement and any mutually approved Order Form between the parties, the mutually approved Order Form will control.
    20. Notices. Notices sent to either party must be given in writing and will be deemed effective on the date of delivery: to you, at the most recent postal or e-mail address you provided to us in your account registration, or to us, at our corporate office identified on our website, attention General Counsel, when delivered by commercial carrier and evidenced by the delivery receipt.
    21. Independent Contractors. The parties are independent contractors, and not partners or joint venturers. Neither party has the right, power or authority to act or create any obligation on behalf of the other party. We may engage the services of subcontractors or agents to assist us in the performance of our obligations. Because a subcontractor (such as a payment provider) or agent may perform the same function for many or all clients, and we require flexibility to switch or alternate subcontractors and agents to ensure service level standards, pricing commitments or other obligations under this Agreement, we are unable to inform individual clients or seek approval from individual clients each time there is a change or reassignment of a subcontractor or agent; however we will be responsible for the acts and omissions of our subcontractors and agents in the performance of such obligations under the Agreement.
    22. Third Party Requirements. These Terms are designed for the Solution to coordinate with the requirements of our third-party providers and comply with applicable legal regulations around the world, so they are not modifiable on an individual client basis. You may be required to agree to additional appendices and/or agreements with us and/or our third-party financial institutions, processors, or card associations that contain terms and obligations specific to certain solutions under our Global Seller Services. We do not warrant that a third-party financial institution, processor or payment services provider will enter into a relationship with you to provide any portion of the GSS. Any third-party financial institution, processor or payment services provider is an independent third party and we are not liable for any actions or inactions of third parties, included but not limited to, a third party’s unwillingness to work with you.
    23. Assignment. Neither party may assign the Agreement without the prior written consent of the other party except in connection with a merger or sale of all or substantially all of its assets or equity, but in such event the assigning party must provide prompt written notice to the non-assigning party of the change and the non-assigning party may terminate the Agreement if the assignment is to a direct competitor of the non-assigning party. The Agreement will be binding upon and inure to the benefit of the parties and their permitted successors and assigns.
    24. No Third-Party Beneficiaries. The Agreement is for the sole benefit of the parties hereto (including our corporate affiliates) and does not create any third-party beneficiaries, whether intended or incidental.
    25. Waiver. No waiver of any provision or breach of the Agreement will be effective unless made in writing, nor will it be construed to be a continuing waiver of such provision or breach.
    26. Choice of Law & Venue. If our U.S. entities are parties to the Agreement as defined in the Order Form, disputes related to the Agreement are governed by the laws of the State of New York, USA, without regard to any conflict of law provisions, and the parties expressly agree to submit to the personal and exclusive jurisdiction of the courts located in Hennepin County, Minnesota, USA for such disputes. If our European entities but not our U.S. entities are parties to the Agreement as defined in the Order Form, disputes related to the Agreement are governed by the laws of England and Wales, without regard to any conflict of law provisions, and the parties expressly agree to submit to the personal and exclusive jurisdiction of the courts located in London, England for such disputes. The parties specifically disclaim application (i) of the United Nations Convention on the International Sale of Goods, 1980, and (ii) of Article 2 of the Uniform Commercial Code as codified. The prevailing party in any action to interpret or enforce the Agreement will be entitled to its reasonable attorneys’ fees as well as all other remedies available to it.
    27. Injunctive Relief. A party may seek injunctive relief for any breach of the Agreement, without the necessity of posting a bond in connection therewith. The availability of injunctive relief will be a cumulative, and not an exclusive, remedy available to the parties.
    28. Enforceability. If any provision of the Agreement is found to be legally unenforceable, that provision will be enforced to the maximum extent possible and any such unenforceability will not prevent enforcement of any other provision of the Agreement.
    29. Time to Dispute. Any claim by us or you for breach of the Agreement must be brought within two (2) years of the date the party first learns of the breach or else the claim will be forever barred.
    30. Force Majeure. No party will be in breach of the Agreement if it is unable to perform its obligations (other than payment obligations) due to conditions beyond its reasonable control, but if the condition remains in effect for more than thirty (30) calendar days (or if the condition causes, or a party believes in good faith it is likely to cause, a violation of applicable law, rule or regulation or a significant economic or liability risk), either party may terminate the Agreement without cause upon written notice to the other party.
  2. Global Seller Services Terms and Conditions.
    1. Your Shopping Experience. Your online shopping experience must comply with our Guidelines and Best Practices.
    2. Your Product(s). You are solely responsible for the product(s) you offer for sale to us. Upon our request you will provide to us written certification of your compliance with your obligations signed by an officer and such other information related to such compliance as we may reasonably request from time to time.
    3. Resale Transactions. An offer to purchase a product submitted by a shopper through your ecommerce website represents an offer to purchase the product from Digital River. If Digital River accepts the offer from the shopper, Digital River will contract directly with the shopper for the products and will identify itself, and be identified by you, as a reseller of the products (the “merchant” for purposes of the sales transaction). Digital River will purchase the product that the shopper has offered to purchase from you, and you will immediately sell and transfer title to that product to Digital River for our resale of the product to the shopper. As the authorized reseller and merchant, Digital River is entitled to retain the full amount of the purchase price, including any related taxes and fees, for the products sold to shoppers by Digital River, net of any amounts owed by Digital River to you for Digital River’s initial purchase of that Product for resale or as otherwise set forth in this Agreement.
    4. Transaction Information. GSS will receive from your connected online shopping experience the transaction information from you as defined in the Order Form. Details regarding the specific information and materials you must provide can be found in the Guidelines and Best Practices. We may rely and act on all details you give to us and/or that GSS collects regarding the shopper orders.
    5. Notice to Shoppers. You must provide notice to the shopper addressing our role as your reseller and our collection of personal information, as further described in our Guidelines and Best Practices. You must provide our terms of sale to the shopper, which will govern our resale of the product to the shopper.
    6. Trade Compliance Services. All offers for sale using GSS are subject to export control requirements and antitrust and fair-trade regulations and laws as set forth in our Guidelines and Best Practices. You must not submit to us any transaction or offer any product for resale by us that violates the export and/or other trade compliance provisions in the Guidelines and Best Practices. We may cancel or not process any transaction, or decline to resell a product, suspend the resale of a product, and/or remove any product from GSS, that we believe in good faith does not comply with the Guidelines and Best Practices. We will notify you of any suspension of the sale of a product and, where possible, will consult with you before acting with respect to the suspension of the sale of a product.
    7. Fraud Screening. We will use fraud screening tools to screen for, detect, prevent, and take such other actions as we deem reasonably necessary to detect and/or prevent fraudulent activity in connection with sales from a shopping or order capture experience connected to GSS. The existence of fraud, or the possibility of the existence of fraud, will be determined by us, based in part on fraud data points you are required to provide to us in accordance with the Agreement plus your input where we request it to assist our anti-fraud efforts.
    8. Other Risk Mitigation. We may take other measures in our reasonable discretion to avert, minimize or mitigate any potential loss, corruption, theft of data or other security risk, including, but not limited to, the limitation or temporary suspension of the provision of GSS, without any liability to you.
    9. Taxes.
      1. Transaction Taxes and Regulatory Fees. We will collect and remit the appropriate taxes and regulatory compliance fee(s) for sellers, if any are applicable.
      2. Tax Identification Management. For certain jurisdictions where it is relevant, we will provide services to collect tax identifiers from shoppers to determine the tax treatment for the order.
      3. Tax Exemption Management. For certain jurisdictions, we will provide services to collect and administer tax exemption certificates from shoppers where you provide us with the information necessary for GSS to collect and administer the tax exemption certificates.
      4. Taxes and Fees on Sales by Us to Shoppers. We will use our entity structure, local tax registrations, and third-party tax software to calculate the appropriate taxes a shopper is responsible for paying on an order and we (as the reseller to the shopper) will be responsible for tax compliance related to that transaction. If a jurisdiction audits the tax related to sales to a shopper, we will be the subject of the audit as the reseller to the shopper but may request reasonable information from you in addition to the data we already possess which may be necessary for us to respond to these inquiries.
      5. Statutory Invoicing. We will use commercially reasonable efforts to enable providing shoppers with the proper country specific tax invoice required for the order.
      6. Taxes on Sales by You to Us. You are solely responsible for the collection and remittance of any applicable GST, value-added tax, or other consumption-based taxes on sales of product(s) by you to us (e.g., for sales of product(s) by you to us outside of United States jurisdictions) and, unless otherwise agreed, you will provide us with a valid tax invoice for any taxes payable by us to you. You will hold us harmless from and against your failure to promptly and properly collect taxes from us on the sale of a product from you to us (including without limitation interest and penalties resulting therefrom).
      7. No Declared Value Sales. For any product(s) you provide to us at no charge for our distribution with no sales price to the shopper through transactions processed through GSS, you will be responsible for, and will hold us harmless from and against, any regulatory, sales or use taxes associated with such product(s).
      8. Income Tax. In no event are we responsible for any tax based on your net income or similar basis (including without limitation amounts for non-resident withholding taxes retained from amounts due to you and remitted to a taxing authority by us if we are required to do so), or the preparation of any tax return related thereto.
    10. Payment Transaction Processing. You will only submit payment data that is derived from a shopper order that is valid and authorized by the shopper from your online shopping or order capture experience connected to GSS. We will use Digital River-owned merchant accounts and GSS will process the payment transaction as set forth herein and in accordance with the specific payment methods and costs for accepting the payment methods, as well any local currencies, and if necessary, currency conversions, defined in the Order Form. If we request, you will provide shopper order validation and authorization information to us. You will immediately inform us if there is any reason to believe that any information and/or instructions you provided to us have been incorrectly processed or sent to us (including, but not limited to, incorrect instructions about refunded payments).
    11. PCI Compliance. We hold and will continue to hold through the term of your use of GSS, a PCI Data Security Standard (PCI-DSS) certification appropriate for the card volume we process annually. In addition, we will tokenize all card transactions in a PCI compliant manner. At your request, we will provide a copy of our then-current annual Attestation of Compliance. See www.digitalriver.com/compliance.Unless you use our secure payment form, you will be and will remain PCI-DSS compliant. In addition, you must periodically provide proof of PCI-DSS compliance according to the regulations or guidelines imposed by banks, card associations or legal or regulatory payment authorities, which will include at least the PCI DSS self-assessment questionnaire.
    12. Payment Instrument Validation. We use a payment service to determine if the payment instrument can be validated or authorized and if the order’s payment type cannot be settled until further action is taken by the shopper, we will hold the order pending that action.
    13. Billing Optimization. We will leverage our proprietary billing optimization tools and our network of global and local payment partners to reduce the number of transactions declined by payment processors.
    14. Process Authorizations, Refunds and Chargebacks. We will process authorization(s), capture, refund and chargeback transactions for both single purchase transactions and recurring billing transactions through one of our payment processing relationships.
      1. Refunds. We may use a payment service to initiate a refund if you have generated a refund through GSS.
      2. Unreferenced Refunds Prohibited. GSS does not support unreferenced refunds. It will only support a refund associated with a sale transaction processed by GSS.
      3. Not a Bank. We are not a bank and we do not provide loans or extend credit. To the extent pre-authorized by us and offered in your online shopping or order capture experience, we may accept payment for product(s) or services not immediately deliverable to the shopper, and may, in our sole discretion, initiate reversals or hold reserves for all or a portion of the charges processed by us.
      4. Payment Method Availability. We may, upon notice to you, disable and/or remove a payment method that (i) experiences excessive levels of fraud or chargeback rates, (ii) is no longer supported by our payment processing relationships, or (iii) we no longer accept as an authorized payment method across our client base.
    15. Order Orchestration.
      1. Fulfillment Responsibility. We are responsible for fulfillment of products we resell to shoppers. We may appoint you or a third-party distributor to act as our fulfillment agent.
      2. Fulfillment Information Required. You may select in the Order Form to use our optional Fulfillment Service or alternative services for fulfillment of products we resell. If you select alternative fulfillment services, you are responsible for an integration between GSS and those services to enable GSS to receive and respond to fulfillment requests or notices. If you are using our optional Fulfillment Service, the optional Fulfillment Terms will apply.
      3. Fulfillment Status. You are solely responsible for sending a fulfillment request or notice in a timely manner in accordance with our Guidelines and Best Practices.
      4. Notifications. GSS is configured to enable transactional notifications related to shopper and order events, including order confirmation, cancellation, and refunds. You are responsible for an integration between the notification functionality of any third-party commerce platform you have chosen to enable notifications in GSS.
    16. Shopper Support Services.
      1. Sole Responsibility. As the reseller we are subject to strict oversight on controlling who has access to shopper data (including payment card details) so you agree that you will not subcontract your shopper service for the sale and fulfillment of product(s) offered on GSS to a third party without our express prior written approval to do so, such approval not to be unreasonably withheld, delayed or conditioned.
      2. Online Order Support. We will provide you with access to our administration interface and/or APIs or reports for you to provide support to shoppers in connection with the sale and fulfillment of product(s) at a rate as set forth in an Order Form. Please note that the information accessible through the administration interface and/or APIs and through the reports may differ due to the timing of the use of the administration interface and/or APIs and the processing of the reports.
      3. Additional Order Support. If you would like us to aid you with resolution of an escalated shopper service inquiry in connection with the sale or fulfillment of a product, we will provide escalated shopper service support at rates set forth in Order Form.
    17. Warranty and Recalls. You are solely responsible for all warranty and recall obligations relating to product(s) in accordance with your warranty policy, but in no event inconsistent with the laws and regulations of the jurisdictions in which the product(s) are sold. You will notify us of any public or private recall or claim of infringement, or of any other liability or claims involving or relating to a product we offer for resale through GSS. We will provide reasonable assistance in such cases, so long as you will pay all our related expenses.
    18. Financial Dashboard. We will provide you access to a financial dashboard which lists all payments made to you. You will have access through the financial dashboard to a periodic sales summary which represents aggregate payment information for a defined period of time as well as access to individual sales transactions. If you believe the financial dashboard has errors, you must notify us of the error(s) within sixty (60) days of when the data was made available to you in order to be able to dispute the error(s).
    19. Payments to You. Once we have received notification of fulfillment for processed transactions, GSS will, directly or through a payment service provider, collect and reconcile the funds paid by the shopper for the purchase of your product, and payments to you through GSS for such settled transactions will be aggregated into a payment to you in accordance with the applicable Order Form.
      1. Payment Calculations. Payments to you are computed by taking the amounts collected, net of Transaction Costs (defined below), and then offsetting any refunds, chargebacks and penalties, and our charges due to us under the Agreement in accordance with the applicable Order Form. If the collected amounts are not enough to cover the offsets, we will invoice you for the difference in accordance with the payment terms in the applicable Order Form. “Transaction Costs” are defined as amounts assessed or charged by third parties, including governments or other regulatory bodies, in connection with a transaction, such as any shipping charges and tax or regulatory charges we are obligated to pay, including any tax or other fee assessed against the value of individual transactions or assessed on a per item or per order basis (including but not limited to digital service tax), but specifically not including third party costs that are otherwise addressed in the Agreement, such as costs for payment methods or currency conversions.
      2. Treatment of Refunds & Cancellations. We are entitled to retain the Transaction Costs to the extent not capable of being recaptured by us and charges earned on product(s) sold by us, even if the transactions cannot be successfully settled, or if such product(s) or associated transactions become subject to refund or cancellation. We are responsible for the remittance of Transaction Costs to third parties as applicable, and the third-party Transaction Costs shall not be remitted to you as this is part of our value proposition.
      3. Authorization or Receipt of Payment Does Not Equal Payment. The issuance of an authorization for a transaction or the payment for a transaction is not an assurance of that transaction’s validity. Any transaction may be subject to a reversed payment if permissible under the regulations or guidelines imposed by banks, card associations or legal or regulatory payment authorities. GSS does not guarantee any shopper payment. We will have complete discretion regarding the settlement of any kind of reversed payments and/or disputes with partner banks, including but not limited to, the settlement of disputes regarding reversed payments. You agree to take reasonable steps to assist us in handling any such dispute and you will be responsible for any chargeback fines imposed by the banks arising from errors or omissions created or contributed to by your online shopping or order capture experience.
      4. Payment Reversals. We may charge you for each payment transaction reversal as set forth in an Order Form. We will treat any non-fraudulent payment reversal and any transaction identified as fraudulent or potentially fraudulent after settlement of payment but prior to receipt of a payment reversal for such transaction, as a refund validly provided by us, if we remain entitled to the charge for handling the payment reversal. Further, any sale where the fulfillment of that product was initiated pursuant to a valid payment authorization but is subsequently rejected or cancelled prior to settlement by us, the merchant bank or payment processor, will not be treated as a completed sale to a shopper by us for the purposes of calculating payments due to you.
  3. Additional Services – Physical Product(s).
    The following sections apply if the product(s) we resell include physical product(s) The type of product(s) (digital, physical, or services) we offer for sale to shoppers under the Agreement will be specified in an Order Form.

    1. Shipping Methods and Rates. GSS receives available shipping method(s) and relevant respective shipping rates from the fulfillment service (which may be our Fulfillment Service).
    2. Delayed Payment Type Management. Orders using payment types that cannot be settled until further action is taken by the shopper will be held by us pending that action.
    3. Order Cancellation. Upon your instruction to GSS, we will communicate to the fulfillment service (which may be our Fulfillment Service) to withhold fulfillment of a physical product order if you cancel the order prior to it being sent for fulfillment (and upon confirmation, GSS will instruct the payment service to release any holds on the associated payment instrument(s)).
    4. Warehousing and Delivery. The party responsible for warehousing and delivery to the shopper of products we offer for sale under the Agreement will be specified in an Order Form. In the event of a conflict between the Agreement and any Incoterms, the Agreement will control.
    5. Export. For cross-border sales from us to online shoppers, we, or our forwarding agent (which may include you if you are the forwarding agent), are responsible for (i) the legal and lawful export from the country in which the warehouse is located, and (ii) completion of all applicable export documentation and reporting required by export control laws, including without limitation EEI filings.
    6. Physical Products Delivered by You as Our Fulfillment Agent.
      1. Inventory Controlled by You for Resale by Us. We will only accept for resale (i) inventory you own (which you will continue to own while in your warehouse) that is customs cleared (duty/tax paid) in free circulation available for resale, and (ii) inventory of the latest version of each product, appropriately labeled for use in the approved countries set forth in an Order Form, including all certifications, approvals and authorizations needed for use in those countries.
      2. Inventory Fulfilled by You. Where you are responsible for warehousing and delivering products to shoppers for us, you will do so as our fulfillment agent, and you accept the limited appointment as our fulfillment agent for this express purpose. You will deliver products or cancel delayed orders within timeframes required by law. You are responsible for all costs associated with the provision of warehousing and delivery services. You may use a third-party fulfillment agent approved by us (not to be unreasonably withheld or delayed) to perform your fulfillment obligation. Any third-party fulfillment agent must be defined in an Order Form, and any changes to the third-party fulfillment agent must be approved by us and defined in a new Order Form. You are responsible for the acts and omissions (and will be responsible for the acts and omissions of your third-party fulfillment agent) related to your obligations to fulfill orders for products purchased from us. You will provide us with timely proof of shipment for a given shipment upon our request. For all shipments of physical products to your warehouse, you will be importer of record (where applicable), will be responsible for all expenses associated with shipment, and will bear the risk of loss.
      3. Shipping Costs; Discounts. You will use your own or your agent’s shipping account for the shipment of physical products and are responsible for all risk of loss for your products while in your, or your agent’s, possession or control, and during shipment to the shopper. You will provide us with your warehousing and shipping rate schedule for the performance of your warehousing and delivery obligations as our fulfillment agent, which may be changed by you upon thirty (30) calendar days written notice to us. We will pay you the fees charged by us to the shopper for shipping and handling for each product fulfilled by you on our behalf. You agree that the fulfillment fee due to you will be reduced or waived for any discounted shipping promotion or free shipping promotion you offer to the shopper.
      4. Delivery Delays Caused by You. We will have no liability for any delays to shoppers created by the delivery of products by you, or the delivery of any non-conforming product to the description you provided to us.
      5. Exporter of Record (for Cross-Border Shipments). We will be the exporter of record with you or your third-party fulfillment agent acting as our agent for export control purposes. If required by law, we will execute a “designation of forwarding agent” in the form provided by us in connection with your role as our fulfillment agent for export control purposes.
      6. Importer of Record. The shopper will be the importer of record for any cross-border transactions. However, if we are deemed by law to be the importer of record for shipments of your products into a jurisdiction, you agree to reimburse us for all unrecoverable duties, taxes and clearance fees.
      7. Additional Shipping Requirement. You agree that for products sold and fulfilled as our agent using the Solution, you will prohibit any change to the delivery address unless initiated by us.
    7. Warehousing and Delivery by Distributors.
      1. Inventory Controlled by Your Distributor for Resale by Us. We will only accept for resale (i) inventory your distributor owns (which you or your distributor will continue to own while in the warehouse) that is customs cleared (duty/tax paid) in free circulation available for resale, and (ii) inventory of the latest version of each product, appropriately labeled for use in the approved countries set forth in an Order Form, including all certifications, approvals and authorizations needed for use in those countries.
      2. Your Distributor’s Obligations. If you have a contractual relationship with a distributor to sell your products to us for our resale, the distributor is responsible for warehousing and delivery of any products we purchase from the distributor for our resale through GSS. We will be the exporter of record with the distributor acting as our agent. The distributor will be responsible for fulfillment and returns of the products in accordance with the distribution and fulfillment agreement between us and the distributor. The distributor is solely responsible for product procurement, warehousing, inventory management, order processing, and pick/pack/ship, and you are solely responsible for ensuring that the distributor has adequate inventory of any of your products we purchase from the distributor for resale through GSS. You will be responsible for the accurate information for your products in the distributor’s warehouse, such as but not limited to, export classifications, proper packaging, labeling, certifications, approvals, and authorizations that will be used to complete export documentation for customs filings/requirements. If you offer a shipping discount to the shopper, we will have the right to offset the amount of the discount taken by the shopper from amounts due to you under the Agreement.
      3. Payment. Payments to you under the Agreement for our sale of a product we purchased from a distributor are computed by taking the net of the sales price of the product for those products for which we received payment less the sum of (a) the purchase price of the product by us from a distributor, inclusive of all applicable taxes and fees, (b) our charges as set forth in the Order Form attributable to the transaction, (c) amounts refunded to purchasers for products subject to return or cancellation (net of any credits we received from distributors for returned products), and (d) any amounts subject to chargeback.
    8. Returns of Physical Product(s).
      1. Returns. GSS will process information related to returns of physical product(s).
      2. Valid Return Reasons. GSS is able to capture select return reasons to allow you to compile data on returns of physical goods.
      3. Returns History. GSS captures authentications/approvals, reporting and recordation of returns of physical product(s).
  4. Optional Services – Fulfillment Services.
    The following sections apply if you are using our Fulfillment Services for physical products as indicated in an Order Form.

    1. Inventory Visibility. With appropriate configuration, our Fulfillment Service provides SKU level inventory availability data for physical goods from all inventory locations across your enterprise.
    2. Backorders. If permitted and applicable, you must configure rules for handling backorders in our Fulfillment Service.
    3. Fulfillment Routing. Our Fulfillment Service’s sourcing rules allow you to configure which inventory location will fulfill a given order.
    4. Order Splitting Rules. The Fulfillment Service can be configured with order splitting rules allowing you to determine if orders with multiple items can be shipped separately so they arrive faster, or shipped together, saving costs.
    5. Shipment Notification. Our Fulfillment Service will receive notifications that all or part of an order has been shipped. You must provide the GSS with updates to the status of all or part of an order that has been shipped.
    6. Tracking Information. Once an order leaves the warehouse, shipment-level tracking information is available through our Fulfillment Service for use by you (major carriers only).
    7. RMA Rules. The Fulfillment Service will use your configuration to determine and provide the appropriate return address and send a Return Merchandise Authorization (RMA) to a designated warehouse to alert them of the return of a physical product. The warehouse must provide to GSS notification of receipt of a return and its condition. GSS will determine if a refund should be generated upon receipt of notification of the return and its condition according to our Guidelines and Best Practices.
    8. Shipping / Order History. Your shopper’s historical order data will be stored in GSS, and made available only to you and us, in a manner consistent with all required regulations and rules.
      Digital River Managed Warehouse Service – Legacy.The following sections apply if you are using our legacy Managed Warehouse Service for physical products as indicated in an Order Form.
  5. Digital River Managed Warehouse Service – Legacy.
    1. Physical Products You Provide to Us. You will provide us with, and we will only accept (i) inventory you own (which you will continue to own while in our or our agent’s warehouse) that is customs cleared (duty/tax paid) in free circulation available for resale, (ii) inventory of the latest version of each product prepackaged and ready for shipment, appropriately labeled for use in the approved countries as set forth in an Order Form including all certifications, approvals and authorizations needed for use in those countries, and (iii) additional inventory we need from time to time to maintain adequate inventory to fill anticipated order volumes based on projected purchase patterns. For physical products you ship to us, you will be importer of record and will be responsible for all expenses associated with, and will bear the risk of loss for, the shipments.
      1. Loss of Product. We will use reasonable efforts to preserve at least ninety-nine and one-half percent (99.5%) of the products that you place in our custody or control in our or our agent’s warehouse, each calendar quarter. At the end of each calendar quarter, in the event of any loss of more than one-half percent (0.5%) of the warehoused inventory, we will pay you the replacement value of the physical materials constituting the lost products upon reasonable proof of the products’ replacement value (which must include, at a minimum, documentation of invoices for materials costs). If product is lost during shipment from our or our agent’s warehouse to the shopper, our liability is limited to the standards imposed by the common carrier.
      2. Shipping and Warehousing Costs; Discounts. We will use our or our agent’s warehousing for products before shipments to shoppers and shipping account for shipments to shoppers. We will provide you with our shipping and warehousing costs for each product we fulfill. The shipping and warehousing costs will be paid by the shopper, and if you offer a shipping discount to the shopper, then you will pay us an amount equal to the discount taken by the shopper so we receive our full shipping, handling and warehousing costs. If you have warehouse special project requests and we perform the request for you, you will pay us our warehouse account management fees, storage costs and costs relating to the warehouse special project request. We may offset any payments to you or invoice you for these warehouse costs.
      3. Delivery Delays Caused by You. We will have no liability for any delays to shoppers created by the delivery of products by you to us, or the delivery of any non-conforming product to the description you provided to us.
      4. Exporter of Record (for Cross-Border Shipments). You will be responsible for the accurate information for your products in our or our agent’s warehouse, such as but not limited to, export classifications, proper packaging, labeling, certifications, approvals and authorizations that will be used by us as exporter of record or our agent on our behalf to complete export documentation for customs filings/requirements. Our third party fulfillment agent will act as our agent for export control purposes and will be responsible for proper and accurate completion of all documents and customs filings/requirements on our behalf based on information you supplied for your products.
      5. Importer of Record. The shopper will be the importer of record for any cross-border transactions. However, if we are deemed by law to be the importer of record for shipments of your products into a jurisdiction, you agree to reimburse us for all unrecoverable duties, taxes and clearance fees.
      6. Excess Product. We will provide you notice if we are maintaining excess inventory of your products. You will have thirty (30) days from receipt of notice to collect any excess product at your cost. If you fail to collect the excess product within the 30-day period, at our option we may either (a) dispose of your products in any manner we choose and charge you reasonable fees to do so, and/or (b) charge you storage and/or handling costs or fees to hold the products for you.
      7. Inventory Transfers. You are responsible for all shipping arrangements and documents, including export documents, for all movements (in and out) of your inventory at our warehouse. We will arrange inventory transfers with our or our agent’s warehouse per your request. We will pass to you any required shipment information, including pick up confirmation number(s), for you to arrange pick up and shipment. We will pass shipment/export documents created by you or your agent to our or our agent’s warehouse to be included with the inventory for pick up/shipment. You will be responsible for, and we will charge you for, any fees or costs associated with inventory transfers.
      8. Local Warehouse Requirements. You are responsible for ensuring you have the requisite commercial requirements (such as licenses) to successfully complete a sale to us where our or our agent’s warehouse is located.

Solution Service Level Standards

Effective as of July 15, 2020

These Standards apply to the Solutions and are in addition to the terms in the Agreement. Capitalized terms used in these Standards have the same meaning as they do in the Agreement. These Standards are dependent upon your compliance with the best practices for your integration and platform usage, as defined in the Guidelines and Best Practices for the Solution you select, and upon your compliance with your responsibilities as defined in these Standards.

Service Levels

  1. Uptime. The Solution under the Agreement is available at least 99.9% of the time measured over each calendar Quarter (January 1, April 1, July 1, October 1). Availability is calculated separately by platform in accordance with the following formula: Availability formula
    Availability = total minutes per quarter - total minutes unavailable per quarter
    (Total minutes per Quarter)
  2. Limitation: This availability commitment only applies if your usage is less than:
    1. 1,000,000 milliseconds of compute time per five (5)-minute interval; and
    2. 6,000,000,000 milliseconds of compute time per month.
  3. Unavailability. A “service interruption” is any time exceeding five (5) consecutive minutes where our Order Takers (a) do not respond to any valid shopper request, or (b) provide only HTTP response codes 500, 502, 503, or 504 responses to all valid shopper requests, or (c) some combination of (a) and (b).“Order Taker” is defined as those systems within our checkout flow which respond to web requests.A period of “unavailability” (i) commences as of the earlier of the time we detect an incidence of a service interruption or the time that you notify us of the service interruption, and (ii) ends when our Order Takers commence providing routine responses to your shopper requests again. Unavailability shall be monitored by us.Unavailability shall not include any interruption arising from:
    1. scheduled maintenance and/or upgrades, including any redundant environments,
    2. your failure to follow the Guidelines and Best Practices,
    3. our suspension or termination of your right to use the Solution in accordance with the Agreement, or
    4. any event beyond our control, which includes without limitation any external interruption of power or telecommunications; denial of service, virus/worm or other attack; the failure or substantial failure of the Internet; the internet service provider or internal telecommunications equipment experienced by you or any of your customers; the browser configurations, hardware and/or software of you or any shopper; and/or any other force majeure event (including without limitation acts of God, terrorism, natural disaster, war, riots, and labor strife).

    We use all reasonable efforts to avoid having to take any redundant environments offline for executing schedule maintenance. Should under exceptional circumstances such maintenance nevertheless prove necessary, we will provide as much notice as practically possible and plan such maintenance in a manner and on a date and time to minimize the potential number of affected potential transactions.

  4. Shared Responsibility to Mitigate Risk. Security and compliance are a shared responsibility between us and you.We are responsible for taking reasonable precautions to mitigate the risk of unavailability, including but not limited to (a) use of anti-virus and anti-trojan software; (b) installation of available hardware and software patches; (c) implementation of industry standard security measures, such as firewall-based network segmentation, intrusion detection, and anti-dedicated denial of service (“anti-DDOS”) measures; (d) implementation of business continuity and disaster recovery measures, such as application redundancy and scheduled backups; and (e) maintaining redundant infrastructure providers.You are responsible for taking reasonable precautions to mitigate the risk of unavailability of the Solution to you, including but not limited to: (i) implementing proper input filtering, (ii) applying intrusion detection and web application firewall (WAF) practices, (iii) applying anti-DDOS measures, (iv) jointly investigating and resolving security and compliance issues as they impact both you and us from time to time, and (v) properly interpreting HTTP response code 429 from the Solution and waiting the directed amount of time before retrying the intended request.
  5. Business Continuity and Disaster Recovery. We maintain a business continuity and disaster recovery plan designed to minimize the impact to our operations of a man-made or natural disaster or other similar events which could impact our business operations and/or technology infrastructure. We annually test our ability to comply with our business continuity and disaster recovery plan and will make our results available upon request.
  6. Issue Resolution. We target resolution of issues, based on their severity. In the event an issue could be classified within more than one Severity Level, we shall initially classify the issue; in addition, we may, upon notice to you, reclassify the priority level of an issue as fixes are rendered and/or developed or the severity of the issue decreases. In the event you disagree with our classification or reclassification, as appropriate, you may contact us to discuss when a further reclassification of the issue is appropriate.
    Severity Level Description
    Level 1
    • Impact: Critical
    • Our Classification: Solution is down
    • Acknowledgment: As soon as possible (dependent on circumstances)
    • Issue Resolution: As soon as possible (dependent on circumstances)
    Level 2
    • Impact: High
    • Our Classification: Disruptive problem to the Solution impacting performance or availability
    • Acknowledgment: Within twenty-four (24) hours
    • Issue Resolution: As soon as possible (dependent on circumstances)
    Level 3
    • Impact: Medium
    • Our Classification: Some impact to the Solution; however, not vital to immediate performance or availability
    • Acknowledgment: Within two (2) business days
    • Issue Resolution: Within 5-10 business days of Acknowledgment, unless notified otherwise
    Level 4
    • Impact: Low
    • Our Classification: Minimal impact to the Solution
    • Acknowledgment: Within two (2) business days
    • Issue Resolution: We will evaluate and incorporate into maintenance release as we deem appropriate

    For the purposes of this table, the “Acknowledgment” is the time from when we first learn of a problem to when we initially contact to you by email or telephone acknowledging such reported issue; and “Issue Resolution” is when we substantially resolve the issue or begin a plan to resolve the issue, whichever occurs first.

  7. Remedies. If we fail to meet our availability commitment in any calendar quarter during which we were compensated for your use of the Solution, your sole and exclusive remedy is a service level credit as follows, subject to your rights in case of a continuous failure as described in section 8 below. The service level credit is calculated by applying the service credit percentage to the charges we earned and received less the cost of payment processing for transactions we processed during that calendar quarter for your use of the Solution. We will apply any service credits only against future Solution charges otherwise due from you. Service credits will not entitle you to any refund or other payment from us. Subject to section 8 below, the foregoing is your sole and exclusive remedy for our breach.
    Quarterly Uptime Percentage Service Credit Percentage
    Less than 99.9% but greater than or equal to 99.0% 10%
    Less than 99.0% but greater than or equal to 95.0% 25%
    Less than 95.0% 50%

     

    1. Remedy Procedure. To receive a service credit, you must submit a claim by opening a case with our Customer Success Team. To be eligible, we must receive your credit request within 30 days’ after the end of the calendar quarter in which the service level commitment was not met and must include:
      1. the words “SLA Credit Request – Solution” in the subject line;
      2. the dates and times of each period of unavailability that you are claiming;
      3. the calendar quarter with respect to which you are claiming service credits;
      4. Your request logs that document the errors and corroborate your claimed outage (any confidential or sensitive information in the logs should be removed or replaced with asterisks).

      If we confirm the Quarterly Uptime Percentage is less than our service commitment, then we will issue you a service credit within one billing cycle following the quarter in which we confirm your request. If you don’t provide your request and other information needed above, you will be disqualified from receiving a service credit.

  8. Alternative Remedy in Case of Continuous Failure. Should we fail to meet our availability commitment in any two (2) consecutive calendar quarters during which we were compensated for your use of the Solution, you shall, as an alternative remedy, be entitled to terminate the Agreement upon thirty (30) days’ prior written notice to us. For the avoidance of doubts, in case you decide to terminate the Agreement based on this provision you shall not be entitled to receive additional service credits for the calendar quarter giving rise to such termination right.In the event you fail to provide us with notice of such termination within forty-five (45) calendar days of the end of the calendar quarter giving rise to such termination right, you shall be deemed to have waived its right to terminate the Agreement for such failure (but shall have the right to so terminate if the condition is met in any subsequent two (2) calendar quarters).

Data Handling Standards

Data Handling Standards

Effective as September 24, 2021

These Standards are in addition to the terms in the Agreement. Words used in these Standards with an initial capital letter have the same meaning (i) as defined in these standards in Section 13 “Definitions;” (ii) as found in the EU General Data Protection Regulation (GDPR); (iii) as found in the California Consumer Privacy Act (CCPA); or (iv) as found in the Agreement. Where a term in these Standards conflicts with a corresponding term in the Agreement, the term in these Standards will control with respect to the parties’ obligations under these Standards.

  1. Background and Purpose. Each party is responsible for privacy, data security, and compliance with any global Data Protection Legislation that may apply to your commerce solution. These Standards were created to allow us to have an open data sharing arrangement with you. The purpose is to ensure that any transfers of data between the parties are completed using appropriate safeguards, and that each party understands its obligations under Data Protection Legislation. Here, we have laid out the obligations of each party, including our respective responsibilities under Data Protection Legislation.

 

  1. Obligations of the Parties. You and we will each maintain the responsibility of being an (Independent) Data Controller for Personal Data. As such, each party is responsible for ensuring that Personal Data is Processed according to Data Protection Legislation and that there is a lawful basis for its Processing activities.

 

  1. Description of Personal Data and Purpose of Processing. Each party will process Personal Data of those purchasers that purchase a title, license right, and/or usage right to a product using our Service (the “Shopper”). Those categories of Personal Data may include names, addresses, email addresses, phone numbers, IP addresses, and other related transaction information.

 

The Personal Data will be processed independently by each party for the following purposes:

  • To provide the Shoppers with the services they have requested, in accordance with the relevant party’s privacy policy,
  • To ensure the performance of the parties’ obligations under the Agreement,
  • To provide other similar services to Shoppers where the Shoppers have, if applicable, consented to such services, and as decided by each party as its own (Independent) Data Controller,
  • To share the data with third parties, Service Providers, and use Processors to process the data so long as the parties comply with Data Protection Legislation; and
  • Digital River agrees that it will only independently process the Shopper Personal Data for the following purposes: performing its obligations under the Agreement, fulfilling Shopper transactions, collecting Shopper payments, conducting fraud screening, providing support to Shoppers,  preventing, detecting, or investigating fraud, employing independent fraud modeling, detection, and risk analytics, payment optimization, and generally complying with its contractual or other obligations to the Shopper and complying with its legal obligations. For clarity, DR will not process Shopper Personal Data to market to end users.

 

For the avoidance of doubt, the parties agree that neither party receives valuable consideration for, and no Sale has occurred as a result of the transfer of data from one party to another. Any transfer of data between the parties is done for the purpose of fulfilling and processing shopper-initiated transactions and for providing related support.

 

  1. Information Provided to Shoppers. The parties agree to include the applicable link to each party’s privacy policy, prior to the collection by such party, of the Shopper’s Personal Data, so that it is clear to the Shopper which privacy policy applies to the processing of their data. For the avoidance of doubt, your privacy policy will govern how you will process Personal Data and ours will govern how we will process Personal Data. We are each responsible for fulfilling our promises as outlined in our respective privacy policies.

Where applicable, you will gather and document the applicable consents from Shoppers for the processing of their data, such as for marketing activities. And, where there is another lawful basis for the processing (such as “Legitimate Interests”) you will also document the applicable lawful basis and your reasoning behind such decision(s).

 

  1. Data Handling Requests; Notifying the Other party. Data Protection Legislation, such as GDPR and CCPA, grants Shoppers certain rights regarding their personal data that a Data Controller holds and obligates Data Controllers to facilitate the exercise of those rights. As such, each party is responsible for facilitating the exercise of Shoppers’ rights under applicable law and must send any applicable data handling requests to the other party without undue delay.

Such rights may include the right to consent, and to withdraw the consent, the right of access, rectification, restriction of Processing, erasure, data portability, and the right to object to Processing. It is up to each party to ensure the Shoppers’ rights are honored as appropriate, considering applicable legal requirements. It is also each party’s responsibility to ensure that the Shopper has been appropriately authenticated under Data Protection Legislation prior to acting on any access request.

Specifically, as it relates to data erasure requests from a Shopper, we request that you log into our administration interface software (or successor user interface) and click on the “Request Removal of Personal Information” button, which will automatically trigger a notification to us. You may also send any communications related to such data handling requests to the Digital River contact point(s) noted in the Order Form under “Privacy.”

 

  1. Security of Personal Data. Each party agrees to take reasonable steps to provide a level of security appropriate to the sensitivity of the Personal Data in each party’s control.
    • Each party represents, warrants and covenants to the other party that (i) it has implemented technical and organizational security measures, which meet industry standards and comply with all applicable Data Protection Legislation, to prevent any unauthorized access, use or disclosure of Personal Data, and (ii) its processing of Personal Data will at all times be performed in accordance with such technical and organizational security measures; and
    • Each Party represents and warrants that it has in place and in writing a business continuity and disaster recovery plan; and
    • To the extent required by applicable law, the parties will not transfer the Personal Data to a processor, vendor, service provider, subcontractor or sub-processor (a “Processor”), unless (i) it has first concluded a written agreement with the Processor that imposes obligations and restrictions on the third-party at least as restrictive as those that apply to the other party under these Standards (“Processing Agreements”), and (ii) such transfer complies with applicable Data Protection Legislation; and
    • The party who has transferred Personal Data to the Processor shall be liable for the acts or omissions of that Processor with respect to Personal Data.
  2. Security Breach. With respect to any Security Breach, the parties will take all steps reasonably necessary to (i) investigate and remediate the effects of such occurrence, (ii) mitigate any harm to those Shoppers that are affected or could be affected by such occurrence, (iii) prevent the re-occurrence, and (iv) comply with applicable Data Protection Legislation.

Each party shall notify the other party in writing or by phone (for Digital River, the phone number is 952-253-1234, attention: Legal) after becoming aware of any compromise of the Personal Data that may affect the other party. The responsible party shall also notify the Supervisory Authority and Shoppers, where required and within the applicable time period under Data Protection Legislation. As such, the parties will coordinate with, consult with and keep the other party regularly informed related to its response to any Security Breach.

 

  1. Transfers of Personal Data Outside of the EEA or United Kingdom. A party shall not transfer Personal Data (nor permit any Personal Data to be transferred) to a territory outside of the EEA or the United Kingdom unless it has taken such measures as are necessary to ensure the transfer complies with applicable law. The parties acknowledge that adequate protection for the Personal Data must exist for any transfer and will, if needed, enter into an appropriate written agreement governing such transfer of Personal Data, including, but not limited to Standard Contractual Clauses, taking into account the level of protection of the third country and taking additional steps to guarantee protection if necessary, unless another appropriate safeguard for the transfer exists.

To the extent that that the Agreement involves the transfer of Personal Data outside of the EEA or United Kingdom, the parties agree that Standard Contractual Clauses shall be incorporated into the Agreement.  To that end, for agreements entered into on or after September 27, 2021 the Standard Contractual Clauses applicable to the transfer of Personal Data outside of the EEA (“EU SCCs”), available at https://www.digitalriver.com/legal-other/eu-standard-contractual-clauses-commerce-connector-solutions/, plus the Privacy details in the Order Form shall constitute the completed EU Standard Contractual Clauses. For agreements entered into prior to September 27, 2021, the contractual requirements for the transfer of Personal Data to Controllers established in third countries found in the European Commission’s Decision 2004/915/EC of 27 December 2004 plus the Privacy details in the Order form shall constitute completed Standard Contractual Clauses and shall remain in full force and effect until the Parties enter into an amendment adopting new Standard Contractual Clauses.  Where and to the extent Standard Contractual Clauses apply pursuant to this Clause, if there is any conflict between these Standards and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

 

  1. Liabilities and Indemnification. Each party agrees to be held solely liable for the performance of its obligations under Data Protection Legislation and these Standards, and any costs associated with a party’s failure to comply with Data Protection Legislation and these Standards, including any fines imposed by a Supervisory Authority (or its equivalent), shall be paid by the party that failed to comply.

While nothing in the Agreement or these Standards shall be construed as making the parties, acting as (Independent) Data Controllers, involved in the same processing, should, pursuant to Article 82(4) of the GDPR, a party be found to be liable for the entire damage arising from a breach or breaches of the GDPR relating to activities under these Standards, in order to ensure effective compensation of one or more individuals, then that party shall indemnify the other party for that portion of the compensation attributable to any breaches of the GDPR for which it is responsible.

 

  1. Requests from Supervisory Authorities. The parties agree to cooperate with each other when they receive a request from a Supervisory Authority or court of law that impacts the other party. Where one party receives the request (the “Receiving Party”), the Receiving Party shall communicate the request to the other party promptly, and where possible, prior to responding to the Supervisory Authority or court of law. However, if this is not possible due to the immediacy of the request, the Receiving Party shall communicate the request to the other party as soon as reasonably possible after submission of the response.
  2. Survival of these Standards. Regardless of whether the Agreement is terminated or expires, if either party has access to, processes or otherwise retains Personal Data, the parties agree to comply with all applicable requirements under Data Protection Legislation. Therefore, the applicable sections of these Standards that relate to the parties’ obligations under Data Protection Legislation, survives any termination or expiration of the Agreement. To the extent there are no further obligations of the parties under Data Protection Legislation, these Standards will terminate. Also, and for the avoidance of doubt, each party is responsible for destroying the Personal Data in accordance with applicable laws and neither party is required to return to the other party the Personal Data that is in their possession.
  3. Applicable Law and Dispute Resolution. These Standards (including the Agreement) constitute the entire agreement between the parties with respect to the subject matter hereof, and these Standards supersede all prior agreements or representations, oral or written, regarding such subject matter. These Standards are governed by the law governing the Agreement, except for where the applicable Standard Contractual Clauses are executed between the parties, which contain specific provisions on the applicable law in Clause IV, “Law applicable to the clauses.”
  4. Definitions. The following definitions apply to these Standards:
    • California Consumer Protection Act (CCPA) is the California state statute that created new consumer rights relating to the access to, deletion of, and sharing of personal information of California residents which became effective on January 1, 2020, and any subsequent modifications or amendments.
    • Data Protection Legislation means any applicable data protection, security, consumer protection and related regulatory and legal obligations globally, including, but not limited to, the CCPA and the GDPR, and any subsequent modifications or amendments.
    • General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 is that regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data, which was enforceable as of 25 May 2018 and any subsequent modifications or amendments.
    • Legitimate Interest means that processing is permitted if it is necessary for the purposes of a legitimate interest pursued by the controller (or by a third party), except where the controller’s interests are overridden by the interests, fundamental rights, or freedoms of the affected Shoppers which require protection.
      • Sale means any activity that qualifies as “sell,” “selling,” “sale,” or “sold,” under the CCPA.
    • Standard Contractual Clauses are the contractual requirements approved by a relevant authority to ensure the appropriate data protection safeguards are in place in the event of the international transfer of Personal Data.

 

 

Terms of Sale

LAST UPDATED: January 20, 2014

  1. SCOPE AND APPLICATION
    1. THESE TERMS OF SALE (“TERMS”) CONSTITUTE A BINDING LEGAL CONTRACT BETWEEN (A) US, DR GLOBALTECH, INC., WITH OFFICES AT 10380 BREN ROAD WEST, MINNETONKA, MN 55343, THE SELLER (WITH REFERENCES TO “US”, “WE”, OR “OUR” BEING CONSTRUED ACCORDINGLY), AND (B) YOU, THE PURCHASER (WITH REFERENCES TO “YOU” OR “YOUR” BEING CONSTRUED ACCORDINGLY).THESE TERMS APPLY TO ALL OFFERS, SALES AND PURCHASES OF THIRD PARTY PRODUCTS (INCLUDING, WITHOUT LIMITATION, HARDWARE, SOFTWARE, LICENSE RIGHTS, AND SERVICE USE RIGHTS RESOLD BY US) (“PRODUCTS”) OR ACCESS RIGHTS TO SERVICES WE DIRECTLY PROVIDE (INCLUDING, WITHOUT LIMITATION, EXTENDED DOWNLOAD SERVICE OR REGISTRATION BACKUP SERVICE) (“DR SERVICES”), WHICH OCCUR EITHER (A) THROUGH THE ONLINE STORE ON WHICH WE POST THESE TERMS, OR (B) THROUGH ANY OTHER MEANS THROUGH WHICH WE ENGAGE IN THE SALE OF PRODUCTS AND DR SERVICES, SUCH AS BUT NOT LIMITED TO ORDERS BY PHONE (THE WEBSITE AND SUCH OTHER MEANS, A “DR COMMERCE SOLUTION”). BY ORDERING ANY PRODUCT OR DR SERVICE THROUGH A DR COMMERCE SOLUTION OR BY VISITING THIS ONLINE STORE, YOU SIGNIFY YOUR ACCEPTANCE OF THIS AGREEMENT.
    2. We value our relationship with you and consider our approach to privacy of the information you provide in your use of the DR Commerce Solution to be an important aspect of that relationship. Our Privacy Statement governs the collection and use of information through the DR Commerce Solution. By submitting your personally identifiable information to us in relation to your order, you consent to such information being processed to fulfill your order and in accordance with our Privacy Statement. The Privacy Statement is incorporated by reference into and is made a part of this Agreement. To view the Privacy Statement applicable to our collection and use of information through the DR Commerce Solution, please click here.
    3. ALL ORDERS ARE SUBJECT TO YOUR CONSENT TO ANY APPLICABLE LICENSE AGREEMENT OR USAGE TERMS IS DELIVERED WITH, INCLUDED IN, OR PRESENTED IN CONNECTION WITH YOUR PRODUCT OR DR SERVICE. If you do not agree to the license or usage terms once you see them, do not accept them and contact customer service.
    4. When a customer enters a brick-and-mortar store, the customer is bound by the store rules in effect on the date of his or her visit. Similarly, you are bound by the version of these Terms in effect on the date of each order you place through this DR Commerce Solution. These Terms may change from time to time, so please review them upon submission of each order, even if you have reviewed them before.
    5. ALL ACCEPTED ORDERS ARE FINAL, NON-CANCELABLE AND NON-REFUNDABLE, EXCEPT AS SPECIFIED IN THE RETURNS POLICY APPLICABLE TO YOUR PURCHASE.
  2. ORDER PLACEMENT AND ACCEPTANCE; ONLINE CONTRACTING
    1. Commerce Solution as accurately as possible. However, we do not warrant that the prices, quotations, anticipated delivery dates, and descriptions made or referred to on the DR Commerce Solution or any related websites are accurate, complete, reliable, current, or error-free. The prices, quotations and descriptions made on the DR Commerce Solution are subject to availability, do not constitute an offer and may be withdrawn or revised at any time prior to our express Acceptance of your order (as described below).
    2. All Product specifications, illustrations, drawings, particulars, dimensions, performance data and other information on the DR Commerce Solution or related pages, or otherwise made available by us or a Product manufacturer or publisher, are intended to represent no more than a general illustration of the Products and do not constitute a warranty or representation by us that the Products will conform with the same. You must refer to the manufacturer’s specifications or warranty documentation to determine your rights and remedies in this regard.
    3. While we make every effort to ensure that items appearing on the DR Commerce Solution are available, we cannot guarantee that all items are in stock or immediately available when you submit your order. We may reject your order (without liability) if we are unable to process or fulfill it. If this is the case, we will refund any prior payment that you have made for that item.
    4. An order submitted by you only constitutes an offer by you to us to purchase Products or DR Services subject to these Terms at the price and on the terms stated in the order, and is subject to our subsequent Acceptance (as defined below), irrespective of whether the button or link you press or activate to submit your order to us includes words such as “complete order” or otherwise indicates that it is the final step in completion of your order. Any order confirmation email received by you prior to our Acceptance shall constitute an acknowledgment of our receipt of your offer only, and not an acceptance of your offer.
    5. You acknowledge and agree that if you are placing an order through a website, by clicking or activating the button or hyperlink to submit your order, you are placing a legally binding offer. You consent to: (i) the use of electronic communications in order to enter into contracts and place orders
      with us; and (ii) the electronic delivery of notices, policies and records of transactions initiated or completed by you online. You have the right to withdraw your consent to electronic contracting and to electronic delivery, but if you do, we may cancel your order and/or your access to DR Services and Third Party Services. If you do not consent to receive any notices electronically, you must stop using the DR Commerce Solution.
    6. Our acceptance of your order only occurs at such time that we have both (a) dispatched your Product order and/or provided you with access to DR Services, and (b) received payment of the purchase price of your order through settlement of funds via your provided credit card or other payment method (“Acceptance”). We may cancel your order at any time and for any lawful reason prior to Acceptance.
      Prior to Acceptance, an automatic e-mail acknowledgment of your order may be generated. Please note that any such automatic acknowledgment does not constitute a formal acceptance of your order.
    7. We may keep records of orders received, accouterments, acceptances and other contract records after Acceptance for a period not to exceed the maximum period permitted by law. We may be able to provide you with copies on written request; however you must make sure you print a copy of all such documents and these Terms for your own records.
    8. If we have cause to believe that you are unable to pay your debts as they fall due, you fail to pay any amount by the due date or breach any of these Terms, we believe you have engaged in fraud or criminal activity in connection with your use of the DR Commerce Solution, or we are unable to process payment to the payment method you provided with your offer, then, without prejudice to any of our other rights, we may do any or all of the following: (a) stop any Products in transit to you; (b) suspend further deliveries of Product if on an ongoing basis; (c) stop or suspend provision of DR Services; (d) cancel or revoke issues Service Use Rights for Third Party Services; (e) cancel any automatic renewal plan in which you have elected to participate; and/or (f) cancel any and all other contracts between us and you.
  3. PRICING AND PAYMENT TERMS
    1. Prices do not include shipping and handling, expedited service, or sales taxes, if applicable, which will be added to your total price. You are responsible for any shipping and handling charges and state and local sales or use taxes that may apply to your order. If the price of a Product is obviously incorrect, regardless of whether it is an error in a price posted on the DR Commerce Solution or otherwise communicated to you, then we reserve the right, at our sole discretion, to cancel your order and refund to you the amount that you paid, regardless of how the error occurred.
    2. Prices payable for Products or DR Services are those in effect at the time of Acceptance, unless otherwise expressly agreed. Prices may be indicated on the DR Commerce Solution or an order acknowledgment but the authoritative price in the event of any discrepancy, is the price that is notified to you on our Acceptance through the charge placed through your selected payment method. Payment shall be made by the payment method selected during your order completion process through the DR Commerce Solution. We will charge credit or debit cards on dispatch of the Product or commencement of DR Services. We reserve the right to verify and/or authorize credit or debit card payments prior to Acceptance.
    3. Except as expressly provided elsewhere in these Terms or the DR Commerce Solution, payment may be taken in full notwithstanding any claim for short delivery or defects.
    4. Where the payment is invoiced, each invoice shall be due and payable in full by the due date specified on the invoice, and if no date is specified on the invoice, within thirty (30) days of the date of invoice. If you fail to pay invoiced amount when due, we may (a) by notice declare all invoiced amounts unpaid at that date to be immediately due and payable, and (b) take all actions determined necessary and appropriate by us to collect such unpaid amount.
    5. No counterclaim or set-off may be deducted from any payment due without our written consent. We may also take action against you for the price of Products at any time after payment has become due even though title or rights to those Products may not yet have passed to you.
    6. If you elect to use the services of a third party payment or billing provider in connection with your purchase from us, your use of such services will be subject to the third party provider’s own terms and conditions. You may be required to create an account with such third party provider and/or provide that third party provider with your bank account or credit/debit card details. We are not responsible for, and you agree to hold us harmless from and against any liability resulting from, the acts or omissions of any third party payment or billing provider.
    7. Any extension of credit allowed to you may be changed or withdrawn at any time. Interest shall be chargeable on overdue amounts accruing on a daily basis at the maximum amount permitted under applicable law from the due date for payment until our receipt of the full amount (whether before or after judgment). You shall indemnify us on demand against any out of pocket expenses incurred in relation to recovery of any overdue amounts.
  4. DELIVERY
    1. We will use all commercially reasonable efforts to deliver Products in a timely manner. For Products delivered electronically, we will deliver such Products by electronic transmission or via download. Delivery timescales/dates specified on the DR Commerce Solution, in any order acknowledgment or elsewhere are estimates only.
    2. The places that we deliver to are listed on the Site (“Territory”). Delivery shall be to a valid address within the Territory submitted by you and subject to Acceptance (“Delivery Address”). You must check the Delivery Address on any order acknowledgment or Acceptance we provide, and notify us of errors or omissions as soon as possible. We reserve the right to charge you for any extra costs arising from changes you make to the Delivery Address after you submit an order.
    3. Where we deliver Products by installments, each installment constitutes a separate contract and any defect in any one or more installments shall not entitle you to repudiate the contract as a whole nor to cancel any subsequent installment.
    4. Save as otherwise provided in these Terms, risk of loss of or damage to the Products passes to you (a) for Products delivered digitally, upon the provision to you of a download link for Software, or of a license key or Service Use Rights, via email or other electronic delivery method; and (b) for Products delivered physically, upon delivery of a product to the delivery location (if no signature is required for delivery, you accept all risk of loss for theft or loss of the delivered product following delivery to the delivery location).
  5. REJECTION, DAMAGE OR LOSS IN TRANSIT; PRODUCT WARRANTY Except as set out above or under any applicable returns policy presented on the DR Commerce Solution and applicable to your purchase of a Product or DR Service (“Returns Policy”) and subject to any rights you have under applicable law that cannot be excluded or limited by these Terms:
    1. We shall not be liable and you shall not be entitled to reject Products or DR Services, except for:
      1. Damage to or loss of Products or any part thereof in transit (where the Products are carried by our own transport or by a carrier on our behalf) for which you notify us in writing of such damage or loss within 5 working days of your receipt of the Products (if damaged) or 5 working days of the anticipated delivery date of the Products (if lost);
      2. Defects in Products (not being defects caused by any act, neglect or default on your part) for which you notify us of such defect within 30 days of your receipt of the Products.
      3. Defective performance of DR Services (not being defects caused by any act, neglect or default on your art) for which you notify us of such defective performance within 5 days of such defect becoming apparent.
    2. We shall not be liable for any damage or losses arising from defective installation of the Products; from the use of the Products in connection with other defective, unsuitable or defectively installed equipment; your negligence; improper use; or use in any manner inconsistent with the manufacturer’s specifications or instructions.
    3. If you refuse or fail to take delivery of Products, any risk of loss or damage to the Products shall nonetheless pass to you, and without prejudice to any other rights or remedies we have:
      1. We shall remain entitled to payment in full for the Products or DR Services delivered;
      2. We may effect delivery by whatever means we consider appropriate or store Products at your risk, and you shall be liable for, and shall pay on our demand, all costs of Product storage and any additional costs incurred as a result of such refusal or failure to take delivery; and
      3. We shall be entitled 30 days after the agreed date for delivery to dispose of Products in such manner as we determine and may set off any proceeds of sale against any sums due from you.
    4. Except to the extent required as a result of any mandatory rights you have as a consumer under applicable law, you shall not be entitled to reject the Products in whole or in part by reason of short delivery and shall pay in full notwithstanding short delivery or non-delivery unless you notify us in writing of any claim within 7 days of the latest of the date of receipt of the relevant invoice or delivery whereupon you shall pay for the quantity actually delivered.
    5. Where there is a shortage or failure to deliver, or any defect in or damage to a Product or Service, we may at our option:
      1. (in the case of Product shortage or non-delivery) make good any such shortage or non-delivery and/or
      2. in the case of failure to perform or defective performance of a Service, make good such failure or defective performance; and/or
      3. in the case of damage or any defect(s) in the Product and in accordance with any applicable Returns Policy:
        1. Replace or repair the Product upon you returning the Product; or;
        2. Refund the price paid in respect of any Products found to be damaged or defective.

      However, your rights of repair or replacement of any Products or any part or parts thereof which are found to be defective will (except where agreed otherwise) be negated or rendered void where Products have been repaired or altered by persons other than the manufacturer, us or any authorized dealer; defective Product or Products have not been returned together with full details in writing of the alleged defects within 30 days from the date on which such Products were delivered; and/or defects are due (wholly or partially) to mistreatment, improper use or storage or maintenance or installation, or failure to observe any manufacturers’ instructions or other directions issued or made available by us in connection with the delivered Products.

    6. You will have the benefit of any manufacturer’s, licensor’s or supplier’s warranty provided by the manufacturer, licensor or supplier to you in connection with your purchased Products and should refer to the relevant documentation supplied with the Product in this regard. (If applicable, the Returns Policy may also set out procedures applicable to repairs or replacement of defective Products delivered.)
  6. SOFTWARE AND SERVICE USE RIGHTS
    1. Where any Product supplied is or includes software (“Software”), this Software (a) is licensed to you (and not sold to you) by the licensor/owner subject to their license agreement or terms included with such Software or presented during your checkout process or software installation process (“License Terms”). In addition:
      1. Such Software may not be copied, adapted, translated, made available, distributed, varied, modified, disassembled, decompiled, reverse engineered or combined with any other software, save to the extent that (i) this is permitted in the License Terms, or (ii) applicable law expressly mandates such a right which cannot legally be excluded by contract.
      2. Save to the extent provided for in any applicable License Terms, your rights of return and/or to a refund under these Terms and any applicable Returns Policy do not apply in the event that you open the Software shrink-wrap and/or break the license seal and/or use the Software.
      3. Except to the extent expressly provided by us in writing or under relevant License Terms, Software is provided ‘as is’ without any warranties, terms or conditions as to quality, fitness for purpose, performance or correspondence with description and we do not offer any warranties or guarantees in relation to Software installation, configuration or error/defect correction. You are advised to refer to any License Terms with regards to determining your rights against a manufacturer, licensor or supplier of the Software.
    2. With respect to your purchase of an service use right associated with a software-as-a-service, platform-as-a-service, or infrastructure-as-a-service offering operated and provided by a third party (“Third Party Service”), we are selling you an intangible right to access, use, and/or participate in such Third Party Service for a specified usage duration (a “Service Use Right”) and we are not the provider or operator of such Third Party Service. Your use of a Third Party Service is subject to the relevant terms of use or other license terms between you and the Third Party Service operator (and not us) related to such Third Party Service (“Service Terms“). You agree and acknowledge that these Terms only apply to our sale of Service Use Rights to you, and do not apply to your use of a Third Party Service. The company or entity which operates the Third Party Service is solely responsible for fulfilling, operating and providing the Third Party Service for which we resell you a Service Use Right. You agree to hold us harmless from and against any liability resulting from your use of, or inability to use, a Third Party Service, except that we (either directly or through our subcontractor) will provide reasonable customer support to you in connection with the fulfillment to you of access credentials as part of your purchased Service Use Right. We disclaim any warranties, terms or conditions as to quality, fitness for purpose, performance or correspondence with description and we do not offer any warranties or guarantees in relation to the availability, use or results from using any Third Party Service for which we sell Service Use Rights. You are advised to refer to any Service Terms with regards to determining your rights against the operator of a Third Party Service.
  7. WAIVER AND LIMITATION OF LIABILITY; RISK ALLOCATION
    1. YOU UNDERSTAND AND AGREE THAT WE ARE NOT THE MANUFACTURER OF THE PRODUCTS WE OFFER FOR SALE THROUGH THE PROPERTY, AND ARE NOT THE OPERATOR OF THIRD PARTY SERVICES FOR WHICH WE OFFER SERVICE USE RIGHTS FOR SALE THROUGH THE PROPERTY. TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, THE PRODUCTS AND DR SERVICES THAT YOU PURCHASE FROM US ARE PROVIDED TO YOU “AS IS,” AND YOUR USE IS AT YOUR OWN RISK. WE DO NOT MAKE, AND HEREBY DISCLAIM, ANY AND ALL EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OF THIRD PARTY RIGHTS, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF OR LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS AND LIMITATIONS MAY NOT APPLY TO YOU. UNLESS AGREED OTHERWISE OR REQUIRED BY APPLICABLE LAW, ANY WARRANTIES PROVIDED IN RELATION TO PRODUCTS OR DR SERVICES ONLY EXTEND TO YOU ON THE UNDERSTANDING THAT YOU ARE A USER AND NOT A RESELLER OF THOSE PRODUCTS OR DR SERVICES.
    2. WE HAVE PRICED PRODUCTS AND DR SERVICES AVAILABLE FOR PURCHASE FROM US UPON THE UNDERSTANDING, AND YOU HEREBY ACKNOWLEDGE THE UNDERSTANDING, THAT TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND WHETHER OR NOT THE LIMITED REMEDIES PROVIDED HEREIN FAIL OF THEIR ESSENTIAL PURPOSE: (a) OUR AGGREGATE LIABILITY WHETHER FOR BREACH OF CONTRACT, TORT OR ANY OTHER LEGAL THEORY) SHALL IN NO CIRCUMSTANCES EXCEED THE AMOUNT ACTUALLY PAID BY YOU FOR THE APPLICABLE PRODUCTS AND/OR DR SERVICES WHICH GIVE RISE TO SUCH LIABILITY; AND (b) NEITHER WE NOR OUR SUPPLIERS OR LICENSORS SHALL BE RESPONSIBLE OR LIABLE TO YOU FOR ANY LOST PROFITS, COST OF SUBSTITUTE GOODS OR SERVICES, OR ANY SPECIAL, INCIDENTAL, INDIRECT, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY DESCRIPTION (INCLUDING WITHOUT LIMITATION LOSS OR INTERRUPTION OF BUSINESS) IN CONNECTION WITH YOUR USE OF THIS SITE OR YOUR PURCHASE OR USE OF ANY PRODUCT OR DR SERVICE, HOWEVER CAUSED AND WHETHER BASED ON CONTRACT, NEGLIGENCE, TORT, WARRANTY, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE WERE AWARE OR ADVISED OF THE POSSIBILITY OF DAMAGES, AND IRRESPECTIVE OF THE NUMBER OR NATURE OF CLAIMS.
    3. NOTWITHSTANDING THE FOREGOING, NOTHING CONTAINED IN THESE TERMS LIMIT OUR LIABILITY TO YOU FOR ANY LIABILITY TO THE EXTENT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED AS A MATTER OF APPLICABLE LAW.
    4. You agree to defend, indemnify and hold harmless us, our subsidiaries and affiliates, and their respective directors, officers, employees and agents from and against all claims and expenses, including attorneys’ fees, arising out of or related to (a) any Products purchased by you in connection with your use of the DR Commerce Solution (including without limitation your use of any Third Party Service for which you purchase Service Use Rights from us), or (b) the violation of Section 8 of these Terms by you, your employees, consultants, agents, distributors, or customers.
    5. To the fullest extent permitted by law and save where expressly set out in any License Terms or elsewhere, we shall have no liability to you in the event of the Products or DR Services infringing or being alleged to infringe the proprietary rights of any third party. In the event that the Products are or may be the subject of patent, copyright, database right, registered design, trade mark or other rights of any third party, you should refer to the relevant terms of the Product manufacturer and/or licensor/owner. We shall be obliged to transfer to you only such right or title as we have.
  8. EXPORT & CUSTOMS DUTIES
    1. Each Product and DR Service and any related items (including software, technology and technical information) sold, exported, transferred, supplied or licensed by us may be subject to and governed by the laws of the United States and other countries, including but not limited to the US Export Administration Regulations (EAR) and US Foreign Assets Control Regulations (FACR). You are required to comply with all applicable laws relating to the export, re-export, transfer, use, or import of any Product or related items. Diversion contrary to applicable law is prohibited. Notwithstanding any other request or agreement to the contrary, neither you nor DR shall take or be required to take any action prohibited or penalized under US or applicable foreign law.
    2. The tangible shipment of Products from one country for delivery in another country may be subject to customs duties, fees, taxes and/or other charges in the country of ultimate destination. Unless otherwise expressly stated by DR during the order process, (a) your payment for the order in question does not include any customs duties, fees, taxes and/or other charges that may be due and payable in the Product’s country of ultimate destination, and (b) the receiving party in the Product’s country of ultimate destination is responsible for making entry and properly declaring the merchandise to the appropriate customs authorities, paying any applicable customs duties/fees/taxes/charges, and/or satisfying any additional import-related requirements. You should contact the local customs authorities in the relevant jurisdiction for further information on the applicable customs requirements and procedures, duties, fees, taxes, and/or other charges that may be assessed against the Product.
    3. When you are making a Purchase, you may be given an option to prepay or not prepay import tariffs and customs duties that may be levied by the destination country, and any disbursement fees, advancement fees or similar fees that may be imposed by the shipper, broker, the customs authority of the destination country or other party (collectively, “Import Costs”). We will make commercially reasonable efforts to estimate the amount of Import Costs (said estimate, the “Estimate”). However, the Estimate may be more or less than the final actual amount of Import Costs due and payable. We have no control over the Import Costs and cannot always predict with 100% accuracy what the final actual amounts may be. For greater certainty, you should contact your local customs office for further information on the import tariffs and customs duties that may be applicable to your Purchase.
      1. If you choose to prepay the Import Costs, you agree and acknowledge that (a) the actual Import Costs may be more or less than the Estimate and (b) you will NOT be asked to pay more money OR receive any refund in the case that the actual Import Costs differ from the Estimate.
      2. If you choose to prepay the Import Costs contained in the Estimate, you agree and acknowledge that the receiving party in the Product’s country of ultimate destination remains ultimately responsible for making entry and properly declaring the merchandise to the appropriate customs authorities, paying any applicable customs duties/fees/taxes/charges, and/or satisfying any additional import-related requirements. You should contact the local customs authorities in the relevant jurisdiction for further information on the applicable customs requirements and procedures, duties, fees, taxes, and/or other charges that may be assessed against the Product.
      3. If you choose to not prepay the Import Costs, you agree and acknowledge that (i) the actual Import Costs may be more or less than the Estimate; (ii) you (and not digital river, the broker, the shipper, the supplier or any other party) must bear the responsibility of paying all actual Import Costs; (iii) in the case that any entity other than you must pay some or all of the actual Import Costs on your behalf to effect customs clearance, you will reimburse (upon request) that entity in full for the actual Import Costs paid on your behalf; and (iv) failure by you to pay Import Costs in a timely manner may not only cause delays beyond our original delivery estimates, but also may put you at risk of potential liability for tariffs and other fees.
  9. NOTICES
    1. Any notice or other communications in relation to these Terms may be given by sending the same by hand delivery, pre-paid post, fax or e-mail (a) with respect to notices and communications to you, to the address and contact information you provided in connection with your purchase of Products and/or DR Services; and (b) with respect to notices and communications to us, to the address listed at the beginning of these Terms or as otherwise specified in your order confirmation email or notification of Acceptance. These will also be the addresses for service of legal proceedings in the manner prescribed by law. Except as set out above in relation to cancellation of consumer orders, such notices or communications (where properly addressed) shall be considered received:
      1. In relation to hand delivery, on the date of delivery at the relevant address (or, if this is not a working date, the first working date thereafter);
      2. If posted, 5 working days after the date of posting;
      3. If by fax, on the date of the transmission as evidenced by a successful transmission contact report (or, if this is not a working date, the first working date thereafter).
      4. If sent by email, on the earliest of (i) the email being acknowledged by the recipient as received; (ii) receipt by the sender of an automated message indicating successful delivery or the email having been opened; or (iii) the expiry of 48 hours after transmission, provided that the sender has not received notification of unsuccessful transmission.
  10. AGREEMENT TO ARBITRATE
    1. We will make every reasonable effort to resolve any disagreements that you have with us. In the event that we cannot resolve a disagreement to your satisfaction (or if we cannot informally resolve a concern we may have with you after attempting to do so informally), then you and we agree that except as expressly provided in Section 10.2 below, any claim, dispute, or controversy you may have against us arising out of, relating to, or connected in any way with these Terms, the DR Commerce Solution, or the purchase or attempt to purchase of any Products or DR Services through the DR Commerce Solution shall be resolved exclusively by final and binding arbitration administered by the American Arbitration Association (“AAA”) and conducted before a single arbitrator pursuant to the applicable Rules and Procedures established by the AAA, including the AAA’s Supplementary Procedures for Consumer-Related Disputes (as applicable), as modified by this agreement to arbitrate in this Section 10 (“Rules and Procedures”). The AAA’s rules, and a form for initiating arbitration proceedings, are available on the AAA’s site at http://www.adr.org. The language of any dispute resolution procedure or any proceedings will be English.
    2. This Section 10 applies to all consumers to the fullest extent allowable by law. The disputes governed by these procedures in this Section 10 include without limitation (a) claims arising out of or relating to any aspect of the relationship between you and us; (b) claims that arose out of your use of the DR Commerce Solution; and (c) claims currently the subject of a purported class action litigation in which you are not a member of a certified class. However, the dispute resolution procedure specifically does not apply to (i) a claim relating to the enforcement or validity of your or our intellectual property rights; (ii) a claim relating to an allegation of theft, piracy, or unauthorized use; or (iii) claims for which class action litigation can be brought.
    3. YOU AND WE BOTH AGREE THAT (A) EACH OF US CAN ONLY BRING CLAIMS AGAINST THE OTHER ON AN INDIVIDUAL BASIS AND THERE SHALL BE NO AUTHORITY FOR ANY CLAIMS TO BE ARBITRATED ON A CLASS OR REPRESENTATIVE BASIS; (B) ARBITRATION CAN DECIDE ONLY YOUR AND/OR OUR INDIVIDUAL CLAIMS, AND THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S); AND (C) THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN THE CLAIMS OF OTHER PERSONS OR PARTIES WHO MAY BE SIMILARLY SITUATED AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING.
    4. If the value of the relief sought is $10,000 or less, either you or we may elect to have the arbitration conducted by telephone or based solely on written submissions, which election shall be binding on you and us (subject to the arbitrator’s discretion to require an in-person hearing based on the circumstances). Attendance at an in-person hearing may be made by telephone by you and/or us, unless the arbitrator requires otherwise. Any in-person arbitration shall be held at a location determined by the AAA pursuant to the Rules and Procedures (provided that such location is reasonably convenient for you), or at such other location as may be mutually agreed upon by you and us.
    5. You agree further that: (a) the arbitrator shall apply Minnesota law consistent with the Federal Arbitration Act and applicable statutes of limitations, including principles of equity, and shall honor claims of privilege recognized at law; (b) the arbitrator shall not be bound by rulings in prior arbitrations involving us, but is bound by rulings in prior arbitrations involving both you and us to the extent required by applicable law; (c) in the event that you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, we will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive.
    6. With the exception of Section 10.3 above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the Rules and Procedures established by the AAA, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, Section 10.3 above is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor we shall be entitled to arbitrate their dispute.
  11. GOVERNING LAW AND VENUE Any dispute arising out of or related to these Terms shall be governed by the internal laws of the State of Minnesota, without regard to or application of its choice of law rules or conflicts-of-laws principles, except that the Arbitration provision of these Terms shall be governed by the Federal Arbitration Act. In the event that the Agreement to Arbitrate above is found not to apply to you or to a particular claim or dispute, you agree that any claim or dispute that has arisen or may arise between you and us must be resolved exclusively by a state or federal court located in Hennepin County, Minnesota, and both you and us agree to submit to the personal jurisdiction of the courts located within Hennepin County, Minnesota for the purpose of litigating all such claims or disputes.
  12. GENERALThese Terms sets forth the entire understanding between you and us with respect to your use of the DR Commerce Solution and your purchase of Products and DR Services from us, and supersedes any and all prior or contemporaneous communications, agreements, and representations, whether written or oral, related thereto. No amendment to these Terms will be valid unless made in writing and signed by you and us. These Terms prevail over any other terms or conditions contained in or referred to elsewhere or implied by trade, custom or course of dealing. Any purported terms or conditions to the contrary are hereby excluded to the fullest extent legally permitted. DR may engage the services of subcontractors or agents to assist DR in the performance of its obligations related to these Terms. You may not assign or transfer your rights under these Terms, and any purported assignment or transfer shall be void. No relaxation, forbearance, delay or indulgence by either you or us in enforcing any of these Terms or the granting of time by either party to the other shall prejudice or restrict such rights and powers. No waiver of any term or condition of these Terms shall be effective unless made in writing and signed by us. The waiver of any breach of any Term shall not be construed as a waiver of any subsequent breach or condition. If for any reason we determine or a court of competent jurisdiction finds that any provision or portion of these Terms to be illegal, unenforceable, or invalid under applicable law in a particular jurisdiction: (a) these Terms will not be affected in other jurisdictions to the extent that such determination or finding has no application; and (b) in the relevant jurisdiction, the remainder of these Terms (to the fullest extent permitted by law) will continue in full force and effect. Neither you nor us shall be in breach of these Terms in the event that party is unable to perform its obligations as a result of any reason or condition beyond its reasonable control.

EU Standard Contractual Clauses for Commerce and Connector Solutions

STANDARD CONTRACTUAL CLAUSES

controller to controller

 

Section I

 

Clause 1

Purpose and scope

(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.

 

(b) The Parties:

(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”), and

(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)

have agreed to these standard contractual clauses (hereinafter: “Clauses”).

 

(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

 

(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

 

 

Clause 2

 

Effect and invariability of the Clauses

 

(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

 

(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

 

 

Clause 3

 

Third-party beneficiaries

 

(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:

(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii) Clause 8.5 (e) and Clause 8.9(b);

(iii) Clause 12(a) and (d);

(iv) Clause 13;

(v) Clause 15.1(c), (d) and (e);

(vi) Clause 16(e);

(vii) Clause 18(a) and (b).

 

(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

 

Clause 4

Interpretation

(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.

 

(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

 

(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

 

 

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

 

 

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

 

 

Clause 7

Docking clause

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.

 

(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.

 

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

 

Section II – Obligations of the Parties

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

8.1        Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I. B. It may only process the personal data for another purpose:

(i) where it has obtained the data subject’s prior consent;

(ii) where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or

(iii) where necessary in order to protect the vital interests of the data subject or of another natural person.

 

8.2        Transparency

(a) In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:

(i) of its identity and contact details;

(ii) of the categories of personal data processed;

(iii) of the right to obtain a copy of these Clauses;

(iv) where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.

 

(b) Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.

 

(c) On request, the Parties shall make a copy of these Clauses, including the Appendix as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Appendix prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.

 

(d) Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

 

8.3        Accuracy and data minimisation

(a) Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.

 

(b) If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.

 

(c) The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.

 

8.4        Storage limitation

The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation[1] of the data and all back-ups at the end of the retention period.

 

8.5        Security of processing

(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.

 

(b) The Parties have agreed on the technical and organisational measures set out in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.

 

(c) The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality

 

(d) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.

 

(e) In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.

 

(f) In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.

 

(g) The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.

 

8.6        Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter ‘sensitive data’), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.

 

8.7        Onward transfers

The data importer shall not disclose the personal data to a third party located outside the European Union(3)(in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:

(i) it is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;

(iii) the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;

(iv) it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;

(v) it is necessary in order to protect the vital interests of the data subject or of another natural person; or

(vi) where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

 

8.8        Processing under the authority of the data importer

The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.

 

8.9        Documentation and compliance

(a) Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.

 

(b) The data importer shall make such documentation available to the competent supervisory authority on request.

 

 

Clause 9

Use of sub-processors

N/A

 

Clause 10

Data subject rights

(a) The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request.[2] The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language.

 

(b) In particular, upon request by the data subject the data importer shall, free of charge:

(i) provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i);

(ii) rectify inaccurate or incomplete data concerning the data subject;

(iii) erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.

 

(c) Where the data importer processes the personal data for direct marketing purposes, it shall cease processing for such purposes if the data subject objects to it.

 

(d) The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter ‘automated decision’), which would produce legal effects concerning the data subject or similarly significantly affect him/her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:

(i) inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and

(ii) implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.

 

(e) Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.

 

(f) The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.

 

(g) If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.

 

 

Clause 11

 

Redress

 

(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

 

(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.

 

(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:

(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;

(ii) refer the dispute to the competent courts within the meaning of Clause 18.

 

(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.

 

(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.

 

(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

 

 

Clause 12

 

Liability

 

(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.

 

(b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.

 

(c) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.

 

(d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.

 

(e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

 

Clause 13

Supervision

 

(a) See Order Form.

 

(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

 

 

Section III – Local laws and obligations in case of access by public authorities

 

Clause 14

Local laws and practices affecting compliance with the Clauses

(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.

 

(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:

(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;

(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards[3];

(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.

 

(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.

 

(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.

 

(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).

 

(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

 

Clause 15

Obligations of the data importer in case of access by public authorities

15.1      Notification

(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:

(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or

(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.

 

(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.

 

(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).

 

(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.

 

(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

 

15.2      Review of legality and data minimization

(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).

 

(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.

 

(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

 

Section IV – Final provisions

Clause 16

Non-compliance with the Clauses and termination

(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.

 

(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).

 

(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:

(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;

(ii) the data importer is in substantial or persistent breach of these Clauses; or

(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.

 

(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

 

 

Clause 17

Governing law

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third- party beneficiary rights. The Parties agree that this shall be the law of Ireland.

 

 

Clause 18

Choice of form and jurisdiction

(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.

 

(b) The Parties agree that those shall be the courts of Ireland.

 

(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.

 

(d) The Parties agree to submit themselves to the jurisdiction of such courts.

 

 

 

Appendix

 

Annex I

 

A. List of Parties

Data exporter(s) [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]

 

1. Name: See Order Form

Address: See Order Form.

Contact person’s name, position and contact details: See Order Form.

Activities relevant to the data transferred under these Clauses: See Order Form.

Signature and date: See Order Form.

Role (controller/processor): See Order Form.

 

Data importer(s) [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]

 

1. Name: See Order Form

Address: See Order Form

Contact person’s name, position and contact details: See Order Form.

Activities relevant to the data transferred under these Clauses: See Order Form.

Signature and date: See Order Form.

Role (controller/processor): See Order Form.

 

B. Description of transfers

 

Categories of data subjects whose personal data is transferred

  • Shoppers and other persons (e.g., third parties) who do, or might do, business with the parties so as to conduct its business.
  • The parties’ employees and/or contractors who assist with the business relationship.

 

Categories of personal data transferred

  • Personal data from Shoppers such as information that can be used to identify an individual, either alone or in combination with other information available to the parties, such as a name, shipping or billing address, e-mail address, and phone number.
  • Contact and title information of employees and contractors who assist with the business relationship.

 

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

  • For clarity, the parties understand and agree that any payment information (e.g., purchaser payment account information, including but not limited to credit/debit card number, account and routing number, card expiration date, and card verification code or value) will be exclusively received and handled by Digital River and not be made available to you. As such, sensitive data will not be transferred between Digital River and you.

 

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

  • Continuous, for the duration of the contract.

 

Nature of the processing

  • Importer will process data for the as necessary to perform its obligations under the primary agreement with exporter, for fulfilling Shopper transactions, collecting payments, conducting fraud screening, providing support to shoppers, preventing, detecting, or investigating fraud, employing independent fraud modeling, detection, and risk analytics, payment optimization, and generally complying with its contractual or other obligations to the shopper and complying with its legal obligations.

 

Purpose(s) of the data transfer and further processing

  • To permit importer to comply with its obligations under the primary agreement with exporter and to complete sales transaction with shoppers seeking to purchase exporter’s goods and services.

 

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

  • Digital River will retain the data for as long as necessary to comply with its legal obligations as merchant and seller of record.

 

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

  • Not applicable.

 

C. Competent supervisory authority

 

Identify the competent supervisory authority/ies in accordance with Clause 13

  • See Order Form.

 

Annex II

Technical and organizational measures including technical and organizational measures to ensure the security of the data

 

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

 

Measures for ensuring physical security of locations at which personal data are processed:

  • Admission control system, document reader (magnet / chip card)
  • Door locks (electric door opener, number lock, etc.)
  • Protected doors / windows
  • Key administration / documentation of distribution of keys
  • Alarm system
  • Video surveillance
  • Special protective measures for the server room
  • Special protective measures for archiving back-ups and / or other data carriers
  • Employee and authorisation documents
  • Restricted areas
  • Visitor rules (e.g . pick-up at reception, documentation of visiting hours, visitor pass, accompanying visitors to exit after visit)

 

Measures for user identification and authorisation

  • Personal and individual user log-in for registration in the systems or company network
  • Authorization process for access authorizations
  • Limitation of authorized users
  • Single sign-on
  • Two factor authentication
  • BIOS passwords
  • Password procedures (indication of password parameters with regard to complexity and length)
  • Automated blocking of access for a certain time period in case of repeated incorrect entry of access data
  • Electronic documentation of passwords and protection of this documentation against unauthorized access
  • Additional system log-in for certain applications
  • Automatic blocking of clients after a certain period of user inactivity (also password-protected screensaver or automatic stand-by)
  • Firewall
  • System-specific protection against attacks / intrusion detection / intrusion prevention

 

Measures for internal IT and IT security governance and management

  • Administration and documentation of differentiated permissions
  • Authorization process for permissions
  • Profiles / roles
  • Regular checks on the authorization of permissions in accordance with the “need to know” principle
  • Encryption of CD / DVD-ROM, external hard disks and / or laptops (e.g. per operating system)
  • Measures to prevent unauthorized overwriting of data on externally used data carriers (e.g, copy protection, blocking of USB ports, “Data Loss Prevention (DLP) system”)
  • Segregation of duties
  • Irreversible deletion of data carriers

 

Measures for ensuring events logging

  • Logging of access
  • Logging the copying, editing or removal of data
  • System-side logging
  • Security / logging software
  • Logging / documentation of deletions
  • Evaluations / logging of data processing operations

 

Measures for ensuring accountability

  • Procedures for regular controls / audits
  • Risk Assessment
  • Processes for ensuring segaration of duties

 

Measures of pseudonymisation and encryption of personal data and Measures for the protection of data during storage

  • Encryption of laptops
  • Encryption of files
  • Encryption of systems / assets
  • Encrypted storage of passwords
  • Secured WLAN
  • Use of employee numbers instead of names
  • Authorization processes or approval routines for permission to process additional information for identification purposes

 

Measures for the protection of data during transmission

  • Encryption of emails and email attachments
  • Secured data sharing (e.g., SSL, FTPS, TLS)

 

Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services

  • Access rights
  • Functional responsibilities, organizationally specified responsibilities
  • Tunnelled remote data connections (VPN = virtual private network)
  • “Data Loss Prevention System” (DLP)
  • Redundant power supply
  • Sufficient capacity of IT systems and assets
  • Redundant systems / assets
  • Resilience and error management

 

Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

  • Data security concept for software and IT applications
  • Back-up processes
  • Ensuring data storage in secured network
  • Need-based installation of security updates
  • Installation of an uninterruptible power supply
  • Fire and / or extinguishing water protection of the server room
  • Fire and / or extinguishing water protection of the archiving premises
  • Air conditioned server room
  • Virus protection
  • Firewall
  • Emergency plan
  • Successful emergency exercises

 

Measures for ensuring limited data retention

  • Policies for data retention / erasure

 

Measures for ensuring data quality and Measures for certification/assurance of processes and products

  • Procedures for regular controls / audits
  • Concept for regular review, assessment and evaluation
  • Penetration tests
  • Emergency tests
  • Certification: SOC 1, SOC 2 and PCI-DSS

 

Presence of recognized certificates related to the abovementioned requirements (e. g. ISO 27000 series):

  • SOC 1
  • SOC 2
  • PCI-DSS
  • PrivacyMark

 

 

[1]  This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU) 2016/679, and that this process is irreversible.

[2]  That period may be extended by a maximum of two more months, to the extent necessary taking into account the complexity and number of requests. The data importer shall duly and promptly inform the data subject of any such extension.

[3]  As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies.

Terms and Conditions

These Terms were last updated on April 20, 2021.

  1. General Terms and Conditions.
    1. These Terms and Conditions (“Terms”) Govern our Solution. WHEN YOU SIGN AN ORDER FORM WITH US OR CONTINUE TO USE OUR SOLUTION AFTER THE “LAST UDPATED” DATE OF THESE TERMS, YOU ARE AGREEING TO THESE TERMS ON BEHALF OF YOUR ORGANIZATION. These Terms refer to Digital River as “us,” “we,” or “our” and to your business organization as “you” or “your”. For purposes of these Terms, we refer to the sale of a license to digital product(s) and the sale of a service use right to services as a “sale” of a “product,” even though digital product(s) and services are licensed and not sold.
    2. The Digital River Goal.  Our goal at the Digital River family of companies (including Digital River, Inc., Digital River Ireland Limited, Digital River GmbH and/or DR globalTech, Inc.) is to help you simplify and expand your ecommerce sales on a global basis. We do this by optimizing your trading pattern without your need to invest in the local infrastructures required to manage the complex and ever-changing landscape of local regulations and taxes. You control your shopper experiences, and our solution helps you increase your global sales and comply with applicable laws.
    3. Our Solution; Appointment of Digital River as Reseller.  Digital River’s core product is a fully-integrated suite of back-end services – payments, tax, fraud and compliance – called Global Seller Services (“GSS”) that is delivered through our proprietary technology. GSS incorporates and is enabled by our business model, where we act as an online reseller of your products. GSS is bundled with other technological capabilities to offer a product suite designed to facilitate your use of GSS (collectively, the “Solution”), as applicable to your industry segment or vertical. When you use our Solution to sell your products, you appoint Digital River, and Digital River accepts the appointment, to resell and distribute your products to shoppers.
    4. Applicable Terms. Use of the Solution is governed by these Terms, the Standards listed below, and mutually approved Order Form(s) that identifies pricing and specifics for the Solution you order (collectively, the “Agreement”). The Order Form is the only portion of the Agreement you will sign.
      • Standards for the Solution:
        • Service Level Agreement
        • Data Handling Standards
        • Guidelines & Best Practices – Our proprietary guidelines to ecommerce which describe the legal framework(s), Application Programming Interface(s) (“APIs”) and implementation guidance necessary to conduct online commerce in compliance with local regulations using our Solution. These may not be accessed without a non-disclosure agreement between us.
    5. Your Business and Shopper Experience.  As between you and us, you are fully responsible for all aspects of your business and shopper experiences, including: (i) your website and online shopping experience; (ii) your online order capture experience (to the extent we are not directly providing the capture experience for you); (iii) your products and services (and the use or misuse of your products and services), any warranties or recalls related to your products and services, and any infringement issues; (iv) shopper relations, including support service for any installation, use, configuration and operation of your products and services; (v) your systems or the systems you procure from third parties, including any downtime, errors or fraud on such systems; (vi) your personnel; and (vii) your compliance with all laws, rules and regulations applicable to your responsibilities, including without limitation those relating to consumer protection, privacy, import or export compliance, money laundering, and data security. In order to connect to and use the Solution you must implement and maintain your ecommerce shopper experience in accordance with the Agreement and APIs for the Solution and territories listed in your Order Form so that your shopper/transaction data follows the rules required to transact business related to the Solution in the applicable territory. If, from time to time, there are material changes to the Agreement and/or APIs as they apply to the Solution (for example, due to changes in local laws or regulations), we will notify you in advance where governmental and regulatory communication timelines permit and you must comply with those changes to continue using the Solution.
    6. Information You Provide. Our Solution is dependent upon the information you provide to us (e.g., we must know about your products in order for our Solution to legitimately resell your products, process payments for your products, calculate any taxes due, and for our software logic to help determine if a purchase is fraudulent), so you must provide to us in a timely manner all information in your control reasonably required by us to comply with our obligations. You must respond promptly to any request for direction, information, or approval that are reasonably necessary for us to deliver the Solution for you or protect our rights under the Agreement. The information you provide must be accurate, true and complete, and if any information is or becomes inaccurate or incomplete, you must immediately notify us, and we may require you to obtain additional risk and/or compliance approval from us and we, as a condition to such approval, may require additional obligations from you. In order to verify your information and compliance with the Agreement and as may be required of us by the card associations, processor/acquiring banks or legal or regulatory payment authorities in connection with our resale of your products through the Solution, we may require you to verify your information or to permit a third party auditor approved by us to conduct an audit of your information, and you must fully cooperate with any reasonable requests for information or assistance by us or the auditor. We may share the reports with the card associations, processor/acquiring banks or legal or regulatory payment authorities used to provide the Solution to you as they require of us.
    7. Fees.  You agree to pay our fees and reimbursable expenses for the Solution you order in accordance with applicable Order Form and as calculated under these Terms.
    8. Licenses.  During the term of your use of the Solution, (i) we grant you a license to use our APIs and/or administration interface applicable to the Solution solely for your use of the Solution, and (ii) if the Solution requires either of us to use the other party’s trademarks and logos to perform or use the Solution, we each hereby grant the other party a license to do so solely as required in connection with the performance or use of the Solution under the Agreement, and only in the form and with appropriate legends as required by the other party. With your express written permission, we may also include your company name and logo in our marketing materials.
    9. Ownership and Intellectual Property.  As between you and us, you own all of your Confidential Information and materials you provide to us, whether electronic or physical, in the course of performing your obligations under these Terms (including without limitation your products, trademarks and logos, as may be applicable) and all proprietary and intellectual property rights thereto. As between us and you, we own the Solution, its constituent parts, our software, marks, logos, work product, information prepared by, provided by, or used by us (other than the materials you provide to us), and any modifications or improvements to them, and all proprietary and intellectual property rights thereto.
    10. Confidentiality and Protection of Personal Data.  We and you each agree, as it relates to our or your respective handling of confidential information, to maintain in strict confidence and to use only to deliver or use the Solution or as otherwise authorized by the other party, all information received under the Agreement which is of a confidential nature concerning the other party’s business operations, technical and financial information, employees, suppliers, providers or shoppers (“Confidential Information“). Information will not be deemed Confidential Information if it is or becomes generally available to the public without breach of the Agreement or is independently developed by the non-disclosing party or its personnel or representatives without reliance in any way on Confidential Information of the disclosing party.

      In connection with our performance, tracking and improvement of the Solution we may disclose Confidential Information to our third-party providers (such as our corporate affiliates, merchant/acquiring banks and contractors) and we will remain liable for any breach by them of this confidentiality provision. You may disclose Confidential Information to your third-party providers who are subject to a written confidentiality obligation no less restrictive than this provision only to the extent necessary for your use of the Solution, and you will remain liable for any breach by them of this confidentiality provision. You or we may disclose Confidential Information required to be disclosed by law or court order so long as the disclosing party provides prompt written notice to the other party (if not prohibited by law), tries to limit the disclosure to the minimum amount required and obtains confidential treatment or a protective order, and, if requested, cooperates with the other party to do so. We may also use and disclose anonymized and/or aggregated information relating to usage of the Solution that does not identify you or any particular shopper or supplier (such as aggregated conversion data to help optimize future sales conversion rates and fraud data to continually improve our anti-fraud logic for future transactions), and we may disclose information stored in our Solution if we believe it is required to do so by law or to reduce risk of credit or other kind of fraud.
      ‌We and you each agree, as applicable, to comply with all applicable data protection and data privacy laws, rules, and regulations as they relate to our or your respective handling, control of and/or processing of personal data (or similar defined terms under applicable laws) as set forth in the Data Handling Standards.
      ‌We agree to be liable for any breach of this paragraph by our subcontractors or agents, if any are involved in performing the Solution.We are committed to maintaining Service Organization Controls (SOC 1 and SOC 2) for financial and security controls. You may visit the Digital River compliance site to request access and review our compliance reports, which are our Confidential Information. Our compliance site is found at https://www.digitalriver.com/compliance.
    11. Change in Circumstances. If you are subject to a material change in circumstances (including without limitation a change in ownership, a material change in your financial condition, a material change in your products or services, or a change in the laws or regulations applicable to your business) that we believe, in good faith, is likely to cause you or us to be in violation of an applicable law, rule or regulation or which represents a significant economic or liability risk to us, we may immediately, on notice to you, (i) require you to establish and maintain a deposit account with us in an amount we in good faith specify, which may be funded by deductions from payments due to you from us, or by charging your account with us, or a deposit by you; (ii) institute a delay in our periodic payments to you; (iii) suspend or limit your use of the Solution; or (iv) terminate this Agreement.
    12. Term.  The Agreement governs your use of the Solution until for as long as you use the Solution. The term for each Solution is defined in the Order Form and will automatically renew for one (1) year periods unless either party provides written notice of termination to the other at least ninety (90) days in advance of the end of the then-current term.
    13. Termination.
      1. Either party may terminate the Agreement or an affected Solution (i) upon thirty (30) days’ advance written notice to the other if the other party is in breach of the Agreement and does not cure the breach within the 30-day notice period, or (ii) if the other party initiates or has initiated against it any proceeding under any statute or law for the modification or adjustment of the rights of creditors which is not dismissed within sixty (60) calendar days from the date of filing.
      2. In addition, you may terminate the Agreement or an affected Solution on thirty (30) days’ advance notice if we (i) modify the Agreement or a Solution in a manner that materially impairs the Solution, you provide us written notice of termination detailing the impairment within thirty (30) days after the modification becomes effective, and we do not rectify the impairment within the 30-day notice period, or (ii) consistently and repeatedly fail to make timely payments for sales transactions to you.
      3. In addition, we may suspend or terminate the Agreement or the Solution without penalty immediately upon written notice to you (i) if we determine in good faith that you are in breach of this Agreement as a result of activity that (a) is illegal, (b) is a violation of applicable rules, regulations or guidelines of a card association, processor/acquiring bank, or legal or regulatory payment authority with which we must comply when reselling your products, (c) violates our territorial restrictions for permitted commerce, or (d) violates our restrictions for the types of product we will resell; (ii) if we are directed to do so by a card association, processor/acquiring bank, or legal or regulatory payment authority; or (iii) in accordance with Section 1.11. We will notify you of any suspension or termination of your use of the Solution and where possible will consult with you before taking such action.
      4. Upon termination (or after any applicable wind down period included in the Agreement), (a) you may no longer use the Solution (including any of our software, such as our APIs and/or administration interface) and we will stop providing them, (b) each party must promptly return or destroy the other party’s Confidential Information (and, if requested, provide an officer’s certification of destruction), (c) subject to all legal requirements, we will provide a facility for thirty (30) days for you to export the personal information of shoppers of your products (except their payment information, such as credit/debit card and account information) provided to us when we perform the Solution, after which we may delete shopper data, except to the extent we are required by law to maintain it, (d) we will work with you in good faith to promptly and expeditiously transfer to you the information necessary for recurring payments for products we have resold, provided that you are PCI compliant, the data is transferred in a PCI-compliant manner, and the transfer is compliant with all legal, regulatory, or other requirements applicable to us as the holder of the data, including any applicable notice requirements, which may vary by jurisdiction, and (e) the provisions of the Agreement that require or may require performance after termination will survive.
      5. Following any notice of termination or non-renewal, we may create a deposit from remaining payments due to you in an amount we reasonably estimate to cover potential liabilities associated with providing the services set forth in this Agreement that may occur following the effective date of termination (the “Wind-down Deposit”). After termination of this Agreement, we will release portions of the Wind-down Deposit in monthly steps, as determined in our sole discretion, to account for the decrease in risk exposure until the full Wind-down Deposit is released, no later than one hundred and eighty (180) days following the termination of this Agreement.
    14. Representations and Warranties; Limitations on Liability; Indemnification.
      1. Representations and Warranties. You represent, warrant and covenant that:
        • You have all necessary rights, authorizations, licenses and permits for your operations, and you have undertaken and fulfilled all actions and conditions to enter, to perform under, and to comply with your obligations under the Agreement.
        • You will operate your business, including your websites and online shopping experience(s), in a professional manner in accordance with all applicable laws, rules, regulations and generally accepted standards and practices in your industry, including export/import restrictions relating to your products and services (including without limitation those restricting the parties with whom you or we may engage in business due to their location in an embargoed or sanctioned country or their designation on any governmental Restricted Parties List, and those restricting the sale of products for prohibited end-uses).
        • Your products, services and websites (i) do not contain any viruses, spyware, malware or other disruptive software, or any violent, sexual or otherwise offensive or illegal material that may give rise to civil liability on our part (except with respect to video games, within guidelines acceptable by the governing rating agencies, for which you will remain fully responsible), and (ii) do not violate any product-related laws or infringe or misappropriate any third party intellectual property or proprietary rights.
        • You will only provide us with information, items and materials that are complete, accurate and timely, that you own or otherwise have the right to enter into the Solution or provide to us, and that we may use in connection with the Solution without infringing or misappropriating any third party’s privacy, confidentiality or other rights.
      2. Limited Warranty and Disclaimers. We warrant that we will perform the Solution in a professional manner in accordance with all applicable laws, rules, regulations and generally accepted standards and practices in our industry.YOU ACKNOWLEDGE THAT OUR SOLUTION SUPPORTS YOUR ECOMMERCE BUSINESS AND IS RELIANT UPON YOUR COMPLIANCE WITH THE AGREEMENT TERMS. IF YOU ARE NON-COMPLIANT WITH THE AGREEMENT AND/OR APIs, YOU PROCEED AT YOUR OWN RISK AND WE CANNOT AND DO NOT PROVIDE ANY WARRANTIES FOR OUR SOLUTION, INCLUDING WITHOUT LIMITATION ANY WARRANTY THAT YOUR SALES TRANSACTIONS WILL BE PROCESSED IN ACCORDANCE WITH APPLICABLE LAWS, RULES OR REGULATIONS. EXCEPT AS SET FORTH IN THESE TERMS AND THE STANDARDS, THE SOLUTION IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, AND WE DISCLAIM ALL OTHER WARRANTIES, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
      3. Limitations on Liability. IN ACCORDANCE WITH RISK ALLOCATIONS THAT ARE STANDARD WITHIN THE SELLER AND PAYMENT SERVICES INDUSTRY, THE PRICING FOR WHICH THE SOLUTION IS MADE AVAILABLE TO CLIENTS, AND THE REVENUE WE EARN UNDER THE AGREEMENT COMPARED TO THE REVENUE EARNED BY CLIENTS FOR TRANSACTIONS USING THE SOLUTION, RISKS BETWEEN US ARE ECONOMICALLY ALIGNED AS FOLLOWS: THE AMOUNT OF OUR LIALBILITY IS UNLIMITED FOR OUR INDEMNIFICATION OBLIGATIONS UNDER SECTION 1.14.4, OUR PAYMENT OBLIGATIONS, OR TO THE EXTENT WE ARE GROSSLY NEGLIGENT OR COMMIT WILLFUL MISCONDUCT. OTHERWISE YOUR EXCLUSIVE REMEDY AND OUR ENTIRE LIABILITY FOR ANY CLAIM RELATED TO THE SUBJECT MATTER OF THE AGREEMENT, WHETHER IN CONTRACT, WARRANTY, TORT, OR ANY OTHER LEGAL THEORY, IS LIMITED TO THE TOTAL AMOUNT OF ALL RECURRING FEES WE RECEIVED UNDER THE AGREEMENT DURING THE TWELVE MONTHS PRIOR TO WHEN THE FIRST CLAIM AROSE. WE WILL NOT BE LIABLE FOR ANY (i) LOSS OR INTERRUPTION OF BUSINESS, (ii) ACCESS LIMITATIONS, DELAYS, INTERRUPTIONS OR DISTURBANCES TO THE SOLUTION, (iii) MISTAKES, DISTORTIONS OR DELAYS IN TRANSMISSIONS OF ELECTRONICALLY STORED INFORMATION, INCLUDING DISAPPEARANCES OF SUCH INFORMATION, (iv) ACTIONS OR INACTIONS BY YOU OR OF THIRD PARTIES (SUCH AS SHOPPERS OR YOUR SUPPLIERS), (v) AGREEMENTS YOU HAVE WITH YOUR SHOPPERS OR SUPPLIERS, OR FOR YOUR PRODUCTS, SERVICES, OR SYSTEMS, OR (vi) EVENTS BEYOND OUR REASONABLE CONTROL.ALSO IN ACCORDANCE WITH RISK ALLOCATIONS THAT ARE STANDARD WITHIN THE SELLER AND PAYMENT SERVICES INDUSTRY, EXCEPT FOR ANY GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR LIABILITIES WHICH AS A MATTER OF LAW CANNOT BE LIMITED, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, OR FOR LOST PROFITS, LOST REVENUE, OR FAILURE TO REALIZE EXPECTED SAVINGS, ARISING UNDER THE AGREEMENT OR RELATING TO THE SOLUTION, EVEN IF THE PARTY WAS ADVISED OF OR COULD HAVE REASONABLY FORESEEN THE POSSIBILITY OF SUCH DAMAGES. THE LIMITATIONS OF LIABILITY IN THESE TERMS APPLY EVEN IF A REMEDY IS DEEMED TO HAVE FAILED ITS ESSENTIAL PURPOSE. EACH PARTY ACKNOWLEDGES THAT THE OTHER PARTY’S ACCEPTANCE OF THIS SECTION HAS MATERIALLY INDUCED THE OTHER PARTY TO ENTER INTO THE AGREEMENT AND PERMIT THE USE OF AND/OR USE THE SOLUTION. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH JURISDICTIONS, EACH PARTY’S LIABILITY IS LIMITED TO THE EXTENT PERMITTED BY LAW.
      4. Indemnification. Each party agrees to indemnify, defend and hold the other party harmless against any third party claim, and resulting liabilities, damages and expenses, including reasonable attorneys’ fees (“Claims”), that its business, products or services (in our case, the Solution) violate any law, rule or regulation or any third party intellectual property rights, or for its fraud, willful misconduct or gross negligence. In addition, because you are responsible for your products and your business, and because our Solution relies on and processes the information and instructions you provide to us, you agree to indemnify, defend and hold us harmless against any Claims for (i) your failure to comply with Section 1.5 (Your Business), Section 1.6 (Information You Provide), or Section 1.15 (Our “Know Your Customer” and Anti-Money Laundering Regulatory Obligations) of these Terms, and (ii) any failure to comply with applicable laws, rules or regulations to the extent the failure is caused by or results from your instructions, actions or omissions.To be indemnified, the party seeking indemnity must give the indemnifying party prompt written notice of the claim, reasonable assistance, and sole authority to defend and settle the claim. In the defense or settlement of an infringement claim hereunder (or if we reasonably believe the Solution or any portion of the Solution does or may infringe the rights of a third party), we will have the option at our expense to (iii) modify the Solution to become non-infringing, or (iv) obtain for you the right to continue using the Solution, or if we determine in our discretion that (iii) or (iv) is not reasonably commercially available, then (v) terminate the Agreement with respect to the Solution and provide you a prorated refund of recurring fees previously received by us hereunder for the Solution corresponding to any period after the effective date of such termination.
    15. Insurance.  For so long as this Agreement is in effect plus two years after, we and you must each maintain insurance coverage with reputable insurance carriers of at least: $1,000,000 per occurrence and $2,000,000 in the aggregate for each of the following – products liability, commercial general liability, professional liability/errors and omissions with cyber risk and privacy coverage, and worker’s compensation with statutory limits. A party shall provide the other party with certificates of insurance upon request.
    16. Our “Know Your Customer” and Anti Money Laundering Regulatory Obligations.  When we enter into an Order Form with you, we will be taking on online sales related risks on your behalf by acting as your online reseller, processing regulatory requirements, taxes and payments for you and delivering the Solution for you. To set up your account, you must provide us certain information we will request, which includes completing our Know Your Customer account verification form and may include you providing additional information required to comply with anti-money laundering regulations. As part of our diligence, we may engage in any investigation of your finances, activities, and operations that we reasonably deem necessary to confirm your eligibility for and use of the Solution, and you agree to provide us with any information required to complete such investigation. You authorize us to share any information we collect or receive from or about you with the card associations, processor/acquiring banks or legal or regulatory payment authorities. We will also conduct, and you authorize us to conduct, a customary commercial background check for these purposes and to assess the risk of our doing business with you. You agree to provide us with written notice not more than five (5) days after you receive a subpoena, civil investigative demand, or similar request for information from a federal, state, or local government, agency, or entity relating to your products and services sold through the Solution or your use of the Solution. Your failure to provide true, accurate and complete information to us may result in us denying your account registration or suspending or terminating the Agreement.
    17. Modifications.  From time to time in the course of our business we may modify the Agreement and/or the Solution (for example, to remain in compliance with changing laws, rules, regulations and market conditions around the world, or as required by the card associations or our third-party providers). We will provide at least thirty (30) days’ advance notice via electronic posting or e-mail of any material change to the Agreement or to the Solution, unless applicable laws or regulatory requirements require us to give earlier notice. We will provide at least forty-five (45) days’ advance notice via e-mail to the Legal Notice email address stated on the Order Form for any changes to Section 1, General Terms and Conditions. If the change materially impairs the Solution, you may terminate the Agreement and your use of the Solution in accordance with Section 1.13.2. Subject to your termination rights in Section 1.13.2, your continued use of the Solution after the effective date of any modification to the Solution or the Agreement constitutes your acceptance of such modification.
    18. Electronic Documents. We provide our documents electronically rather than in paper form. We will notify you that a document is available with a link to that document. At any time and without giving advance notice, we may elect not to send a document electronically, in which case a paper copy of the document will be sent to you at your corporate address on file.
    19. Miscellaneous.  These Terms, the applicable Standards, including the Guidelines and Best Practices, and the relevant mutually approved Order Form(s) constitute the entire agreement between the parties with respect to the subject matter hereof and in the applicable Order Form(s), and supersede any previous and contemporaneous agreements and understandings with respect to the subject matter hereof. No provisions in your purchase orders or your other business forms will alter the Agreement. Amendments may only be made by a written agreement in an Order Form executed by authorized officers of both parties and by us in accordance with Section 1.16. If there is any conflict between the provisions in the Agreement and any mutually approved Order Form between the parties, the mutually approved Order Form will control.
    20. Notices. Notices sent to either party must be given in writing and will be deemed effective on the date of delivery: to you, at the most recent postal or e-mail address you provided to us in your account registration, or to us, at our corporate office identified on our website, attention General Counsel, when delivered by commercial carrier and evidenced by the delivery receipt.
    21. Independent Contractors. The parties are independent contractors, and not partners or joint venturers. Neither party has the right, power, or authority to act or create any obligation on behalf of the other party. We may engage the services of subcontractors or agents to assist us in the performance of our obligations. Because a subcontractor (such as a payment provider) or agent may perform the same function for many or all clients, and we require flexibility to switch or alternate subcontractors and agents to ensure service level standards, pricing commitments or other obligations under this Agreement, we are unable to inform individual clients or seek approval from individual clients each time there is a change or reassignment of a subcontractor or agent; however we will be responsible for the acts and omissions of our subcontractors and agents in the performance of such obligations under the Agreement.
    22. Third Party Requirements. These Terms are designed for the Solution to coordinate with the requirements of our third-party providers and comply with applicable legal regulations around the world, so they are not modifiable on an individual client basis. You may be required to agree to additional appendices and/or agreements with us and/or our third party financial institutions, processors, or card associations that contain terms and obligations specific to certain solutions under our Global Seller Services. We do not warrant that a third-party financial institution, processor or payment services provider will enter into a relationship with you to provide any portion of the GSS. Any third-party financial institution, processor or payment services provider is an independent third party and we are not liable for any actions or inactions of third parties, included but not limited to, a third party’s unwillingness to work with you.
    23. Assignment. Neither party may assign the Agreement without the prior written consent of the other party except in connection with a merger or sale of all or substantially all of its assets or equity, but in such event the assigning party must provide prompt written notice to the non-assigning party of the change and the non-assigning party may terminate the Agreement if the assignment is to a direct competitor of the non-assigning party. The Agreement will be binding upon and inure to the benefit of the parties and their permitted successors and assigns.
    24. No Third-Party Beneficiaries. The Agreement is for the sole benefit of the parties hereto (including our corporate affiliates) and does not create any third-party beneficiaries, whether intended or incidental.
    25. Waiver. No waiver of any provision or breach of the Agreement will be effective unless made in writing, nor will it be construed to be a continuing waiver of such provision or breach.
    26. Choice of Law & Venue. If our U.S. entities are parties to the Agreement as defined in the Order Form, disputes related to the Agreement are governed by the laws of the State of New York, USA, without regard to any conflict of law provisions, and the parties expressly agree to submit to the personal and exclusive jurisdiction of the courts located in Hennepin County, Minnesota, USA for such disputes. If our European entities but not our U.S. entities are parties to the Agreement as defined in the Order Form, disputes related to the Agreement are governed by the laws of England and Wales, without regard to any conflict of law provisions, and the parties expressly agree to submit to the personal and exclusive jurisdiction of the courts located in London, England for such disputes. The parties specifically disclaim application (i) of the United Nations Convention on the International Sale of Goods, 1980, and (ii) of Article 2 of the Uniform Commercial Code as codified. The prevailing party in any action to interpret or enforce the Agreement will be entitled to its reasonable attorneys’ fees as well as all other remedies available to it.
    27. Injunctive Relief. A party may seek injunctive relief for any breach of the Agreement, without the necessity of posting a bond in connection therewith. The availability of injunctive relief will be a cumulative, and not an exclusive, remedy available to the parties.
    28. Enforceability. If any provision of the Agreement is found to be legally unenforceable, that provision will be enforced to the maximum extent possible and any such unenforceability will not prevent enforcement of any other provision of the Agreement.
    29. Time to Dispute. Any claim by us or you for breach of the Agreement must be brought within two (2) years of the date the party first learns of the breach or else the claim will be forever barred.
    30. Force Majeure. No party will be in breach of the Agreement if it is unable to perform its obligations (other than payment obligations) due to conditions beyond its reasonable control, but if the condition remains in effect for more than thirty (30) calendar days (or if the condition causes, or a party believes in good faith it is likely to cause, a violation of applicable law, rule or regulation or a significant economic or liability risk), either party may terminate the Agreement without cause upon written notice to the other party.
  2. Commerce Services Terms and Conditions
    1. Developer Portal. Implementation details regarding our Commerce Services can be found in our Documentation Portal.
    2. Your Shopping Experience. Your online shopping experience must comply with our Guidelines and Best Practices.
    3. Your Product(s). You are solely responsible for the product(s) you offer for sale to us. Upon our request you will provide to us written certification of your compliance with your obligations signed by an officer and such other information related to such compliance as we may reasonably request from time to time.
    4. Resale Transactions.An offer to purchase a product submitted by a shopper through your ecommerce website represents an offer to purchase the product from Digital River. If Digital River accepts the offer from the shopper, Digital River will contract directly with the shopper for the products and will identify itself, and be identified by you, as a reseller of the products (the “merchant” for purposes of the sales transaction). Digital River will purchase the product that the shopper has offered to purchase from you, and you will immediately sell and transfer title to that product to Digital River for our resale of the product to the shopper. As the authorized reseller and merchant, Digital River is entitled to retain the full amount of the purchase price, including any related taxes and fees, for the products sold to shoppers by Digital River, net of any amounts owed by Digital River to you for Digital River’s initial purchase of that Product for resale or as otherwise set forth in this Agreement.
    5. Subscription Management. If the products you offer for resale by us include subscriptions that a shopper renews on a recurring basis, such as every week, month, or year, our Commerce Services facilitate management of subscription products based on defined business rules as further discussed in the Documentation Portal. You must configure the business rules associated with the mechanics of managing and selling a subscription product.
    6. Product Information Management (PIM). Our PIM permits you to control your products, catalogs, merchandising, content and pricing with role-based permissions. Our PIM also offers bulk import/export capabilities to create new products and categories, fetch products and categories, as well as make changes to existing items in your catalog, including products, categories and pricing.
    7. Pricing. Our PIM offers tools to manage pricing. You can publish and modify price lists. Through a variety of price list types, you can customize your site based on your promotions and product types. You must interface with our PIM to enable and configure pricing as further discussed in the Developer Portal.
    8. Promotions. Our PIM supports dynamic content, rules-driven selling and pricing flexibility including cross-sell and upsell, product association logic and multiple presentation treatments. Offer types enable category-based inclusions/exclusions, quantity and purchase amount thresholds, and discount quantity.
    9. Shopper Management. The Solution supports retrieval and management of shopper information. This process also allows cancelling and/or activating a subscription purchased by a shopper.
  3. Global Seller Services Terms (GSS) and Conditions
    1. Transaction Information. GSS will receive from your connected online shopping experience the transaction information from you as defined in the Order Form. Details regarding the specific information and materials you must provide can be found in the Guidelines and Best Practices. We may rely and act on all details you give to us and/or that GSS collects regarding the shopper orders.
    2. Notice to Shoppers. You must provide notice to the shopper addressing our role as your reseller and our collection of personal information, as further described in our Guidelines and Best Practices. You must provide our terms of sale to the shopper, which will govern our resale of the product to the shopper.
    3. Trade Compliance Services. All offers for sale using GSS are subject to export control requirements and antitrust and fair-trade regulations and laws as set forth in our Guidelines and Best Practices. You must not submit to us any transaction or offer any product for resale by us that violates the export and/or other trade compliance provisions in the Guidelines and Best Practices. We may cancel or not process any transaction, or decline to resell a product, suspend the resale of a product, and/or remove any product from GSS, that we believe in good faith does not comply with the Guidelines and Best Practices. We will notify you of any suspension of the sale of a product and, where possible, will consult with you before acting with respect to the suspension of the sale of a product.
    4. Fraud Screening. We will use fraud screening tools to screen for, detect, prevent, and take such other actions as we deem reasonably necessary to detect and/or prevent fraudulent activity in connection with sales from a shopping or order capture experience connected to GSS. The existence of fraud, or the possibility of the existence of fraud, will be determined by us, based in part on fraud data points you are required to provide to us in accordance with the Agreement plus your input where we request it to assist our anti-fraud efforts.
    5. Other Risk Mitigation. We may take other measures in our reasonable discretion to avert, minimize or mitigate any potential loss, corruption, theft of data or other security risk, including, but not limited to, the limitation or temporary suspension of the provision of GSS, without any liability to you.
    6. Taxes.
      1. Transaction Taxes and Regulatory Fees. We will collect and remit the appropriate taxes and regulatory compliance fee(s) for sellers, if any are applicable.
      2. Tax Identification Management. For certain jurisdictions where it is relevant, we will provide services to collect tax identifiers from shoppers to determine the tax treatment for the order.
      3. Tax Exemption Management. For certain jurisdictions, we will provide services to collect and administer tax exemption certificates from shoppers where you provide us with the information necessary for GSS to collect and administer the tax exemption certificates.
      4. Taxes and Fees on Sales by Us to Shoppers. We will use our entity structure, local tax registrations, and third-party tax software to calculate the appropriate taxes a shopper is responsible for paying on an order and we (as the reseller to the shopper) will be responsible for tax compliance related to that transaction. If a jurisdiction audits the tax related to sales to a shopper, we will be the subject of the audit as the reseller to the shopper but may request reasonable information from you in addition to the data we already possess which may be necessary for us to respond to these inquiries.
      5. Statutory Invoicing. We will use commercially reasonable efforts to enable providing shoppers with the proper country specific tax invoice required for the order.
      6. Taxes on Sales by You to Us. You are solely responsible for the collection and remittance of any applicable GST, value-added tax, or other consumption-based taxes on sales of product(s) by you to us (e.g., for sales of product(s) by you to us outside of United States jurisdictions) and, unless otherwise agreed, you will provide us with a valid tax invoice for any taxes payable by us to you. You will hold us harmless from and against your failure to promptly and properly collect taxes from us on the sale of a product from you to us (including without limitation interest and penalties resulting therefrom).
      7. No Declared Value Sales. For any product(s) you provide to us at no charge for our distribution with no sales price to the shopper through transactions processed through GSS, you will be responsible for, and will hold us harmless from and against, any regulatory, sales or use taxes associated with such product(s).
      8. Income Tax. In no event are we responsible for any tax based on your net income or similar basis (including without limitation amounts for non-resident withholding taxes retained from amounts due to you and remitted to a taxing authority by us if we are required to do so), or the preparation of any tax return related thereto.
    7. Payment Transaction Processing. You will only submit payment data that is derived from a shopper order that is valid and authorized by the shopper from your online shopping or order capture experience connected to GSS. We will use Digital River-owned merchant accounts and GSS will process the payment transaction as set forth herein and in accordance with the specific payment methods and costs for accepting the payment methods, as well any local currencies, and if necessary, currency conversions, defined in the Order Form. If we request, you will provide shopper order validation and authorization information to us. You will immediately inform us if there is any reason to believe that any information and/or instructions you provided to us have been incorrectly processed or sent to us (including, but not limited to, incorrect instructions about refunded payments).
    8. PCI Compliance. We hold and will continue to hold through the term of your use of GSS, a PCI Data Security Standard (PCI-DSS) certification appropriate for the card volume we process annually. In addition, we will tokenize all card transactions in a PCI compliant manner. At your request, we will provide a copy of our then-current annual Attestation of Compliance. See www.digitalriver.com/compliance/.Unless you use our secure payment form, you will be and will remain PCI DSS compliant. In addition, you must periodically provide proof of PCI DSS compliance according to the regulations or guidelines imposed by banks, card associations or legal or regulatory payment authorities, which will include at least the PCI DSS self-assessment questionnaire.
    9. Payment Instrument Validation. We use a payment service to determine if the payment instrument can be validated or authorized and if the order’s payment type cannot be settled until further action is taken by the shopper, we will hold the order pending that action.
    10. Billing Optimization. We will leverage our proprietary billing optimization tools and our network of global and local payment partners to reduce the number of transactions declined by payment processors.
    11. Process Authorizations, Refunds and Chargebacks. We will process authorization(s), capture, refund and chargeback transactions for both single purchase transactions and recurring billing transactions through one of our payment processing relationships.
      1. Refunds. We may use a payment service to initiate a refund if you have generated a refund through GSS.
      2. Unreferenced Refunds Prohibited. GSS does not support unreferenced refunds. It will only support a refund associated with a sale transaction processed by GSS.
      3. Not a Bank. We are not a bank and we do not provide loans or extend credit. To the extent pre-authorized by us and offered in your online shopping or order capture experience, we may accept payment for product(s) or services not immediately deliverable to the shopper, and may, in our sole discretion, initiate reversals or hold reserves for all or a portion of the charges processed by us.
      4. Payment Method Availability. We may, upon notice to you, disable and/or remove a payment method that (i) experiences excessive levels of fraud or chargeback rates, (ii) is no longer supported by our payment processing relationships, or (iii) we no longer accept as an authorized payment method across our client base.
    12. Order Orchestration.
      1. Fulfillment Responsibility. We are responsible for fulfillment of products we resell to shoppers. We may appoint you or a third-party distributor to act as our fulfillment agent.
      2. Fulfillment Information Required. You may select in the Order Form to use our optional Fulfillment Service or alternative services for fulfillment of products we resell. If you select alternative fulfillment services, you are responsible for an integration between GSS and those services to enable GSS to receive and respond to fulfillment requests or notices. If you are using our optional Fulfillment Service, the optional Fulfillment Terms will apply.
      3. Fulfillment Status. You are solely responsible for sending a fulfillment request or notice in a timely manner in accordance with our Guidelines and Best Practices.
      4. Notifications. GSS is configured to enable transactional notifications related to shopper and order events, including order confirmation, cancellation, and refunds. You are responsible for an integration between the notification functionality of any third-party commerce platform you have chosen to enable notifications in GSS.
    13. Shopper Support Services.
      1. Sole Responsibility. As the reseller we are subject to strict oversight on controlling who has access to shopper data (including payment card details) so you agree that you will not subcontract your shopper service for the sale and fulfillment of product(s) offered on GSS to a third party without our express prior written approval to do so, such approval not to be unreasonably withheld, delayed or conditioned.
      2. Online Order Support. We will provide you with access to our administration interface and/or APIs or reports for you to provide support to shoppers in connection with the sale and fulfillment of product(s) at a rate as set forth in an Order Form. Please note that the information accessible through the administration interface and/or APIs and through the reports may differ due to the timing of the use of the administration interface and/or APIs and the processing of the reports.
      3. Additional Order Support. If you would like us to aid you with resolution of an escalated shopper service inquiry in connection with the sale or fulfillment of a product, we will provided escalated shopper service support at rates set forth in an Order Form.
    14. Warranty and Recalls. You are solely responsible for all warranty and recall obligations relating to product(s) in accordance with your warranty policy, but in no event inconsistent with the laws and regulations of the jurisdictions in which the product(s) are sold. You will notify us of any public or private recall or claim of infringement, or of any other liability or claims involving or relating to a product we offer for resale through GSS. We will provide reasonable assistance in such cases, so long as you will pay all our related expenses.
    15. Financial Dashboard. We will provide you access to a financial dashboard which lists all payments made to you. You will have access through the financial dashboard to a periodic sales summary which represents aggregate payment information for a defined period of time as well as access to individual sales transactions. If you believe the financial dashboard has errors, you must notify us of the error(s) within sixty (60) days of when the data was made available to you in order to be able to dispute the error(s).
    16. Payments to You. Once we have received notification of fulfillment for processed transactions, GSS will, directly or through a payment service provider, collect and reconcile the funds paid by the shopper for the purchase of your product, and payments to you through GSS for such settled transactions will be aggregated into a payment to you in accordance with the applicable Order Form.
      1. Payment Calculations. Payments to you are computed by taking the amounts collected, net of Transaction Costs (defined below), and then offsetting any refunds, chargebacks and penalties, and our charges due to us under the Agreement in accordance with the applicable Order Form. If the collected amounts are not enough to cover the offsets, we will invoice you for the difference in accordance with the payment terms in the applicable Order Form. “Transaction Costs” are defined as amounts assessed or charged by third parties, including governments or other regulatory bodies, in connection with a transaction, such as any shipping charges and tax or regulatory charges we are obligated to pay, including any tax or other fee assessed against the value of individual transactions or assessed on a per item or per order basis (including but not limited to digital service tax), but specifically not including third party costs that are otherwise addressed in the Agreement, such as costs for payment methods or currency conversions.
      2. Treatment of Refunds & Cancellations. We are entitled to retain the Transaction Costs to the extent not capable of being recaptured by us and charges earned on product(s) sold by us, even if the transactions cannot be successfully settled, or if such product(s) or associated transactions become subject to refund or cancellation. We are responsible for the remittance of Transaction Costs to third parties as applicable, and the third-party Transaction Costs shall not be remitted to you as this is part of our value proposition.
      3. Authorization or Receipt of Payment Does Not Equal Payment. The issuance of an authorization for a transaction or the payment for a transaction is not an assurance of that transaction’s validity. Any transaction may be subject to a reversed payment if permissible under the regulations or guidelines imposed by banks, card associations or legal or regulatory payment authorities. GSS does not guarantee any shopper payment. We will have complete discretion regarding the settlement of any kind of reversed payments and/or disputes with partner banks, including but not limited to, the settlement of disputes regarding reversed payments. You agree to take reasonable steps to assist us in handling any such dispute and you will be responsible for any chargeback fines imposed by the banks arising from errors or omissions created or contributed to by your online shopping or order capture experience.
      4. Payment Reversals. We may charge you for each payment transaction reversal as set forth in an Order Form. We will treat any non-fraudulent payment reversal and any transaction identified as fraudulent or potentially fraudulent after settlement of payment but prior to receipt of a payment reversal for such transaction, as a refund validly provided by us, if we remain entitled to the charge for handling the payment reversal. Further, any sale where the fulfillment of that product was initiated pursuant to a valid payment authorization but is subsequently rejected or cancelled prior to settlement by us, the merchant bank or payment processor, will not be treated as a completed sale to a shopper by us for the purposes of calculating payments due to you.
  4. Additional Services – Physical Product(s).
    The following sections apply if the product(s) we resell include physical product(s) The type of product(s) (digital, physical, or services) we offer for sale to shoppers under the Agreement will be specified in an Order Form.

    1. Shipping Methods and Rates. GSS receives available shipping method(s) and relevant respective shipping rates from the fulfillment service (which may be our Fulfillment Service).
    2. Delayed Payment Type Management. Orders using payment types that cannot be settled until further action is taken by the shopper will be held by us pending that action.
    3. Order Cancellation. Upon your instruction to GSS, we will communicate to the fulfillment service (which may be our Fulfillment Service) to withhold fulfillment of a physical product order if you cancel the order prior to it being sent for fulfillment (and upon confirmation, GSS will instruct the payment service to release any holds on the associated payment instrument(s)).
    4. Warehousing and Delivery. The party responsible for warehousing and delivery to the shopper of products we offer for sale under the Agreement will be specified in an Order Form. In the event of a conflict between the Agreement and any Incoterms, the Agreement will control.
    5. Export. For cross-border sales from us to online shoppers, we, or our forwarding agent (which may include you if you are the forwarding agent), are responsible for (i) the legal and lawful export from the country in which the warehouse is located, and (ii) completion of all applicable export documentation and reporting required by export control laws, including without limitation EEI filings.
    6. Physical Products Delivered by You as Our Fulfillment Agent.
      1. Inventory Controlled by You for Resale by Us. We will only accept for resale (i) inventory you own (which you will continue to own while in your warehouse) that is customs cleared (duty/tax paid) in free circulation available for resale, and (ii) inventory of the latest version of each product, appropriately labeled for use in the approved countries set forth in an Order Form, including all certifications, approvals and authorizations needed for use in those countries.
      2. Inventory Fulfilled by You. Where you are responsible for warehousing and delivering products to shoppers for us, you will do so as our fulfillment agent, and you accept the limited appointment as our fulfillment agent for this express purpose. You will deliver products or cancel delayed orders within timeframes required by law. You are responsible for all costs associated with the provision of warehousing and delivery services. You may use a third-party fulfillment agent approved by us (not to be unreasonably withheld or delayed) to perform your fulfillment obligation. Any third-party fulfillment agent must be defined in an Order Form, and any changes to the third-party fulfillment agent must be approved by us and defined in a new Order Form. You are responsible for the acts and omissions (and will be responsible for the acts and omissions of your third-party fulfillment agent) related to your obligations to fulfill orders for products purchased from us. You will provide us with timely proof of shipment for a given shipment upon our request. For all shipments of physical products to your warehouse, you will be importer of record (where applicable), will be responsible for all expenses associated with shipment, and will bear the risk of loss.
      3. Shipping Costs; Discounts. You will use your own or your agent’s shipping account for the shipment of physical products and are responsible for all risk of loss for your products while in your, or your agent’s, possession or control, and during shipment to the shopper. You will provide us with your warehousing and shipping rate schedule for the performance of your warehousing and delivery obligations as our fulfillment agent, which may be changed by you upon thirty (30) calendar days written notice to us. We will pay you the fees charged by us to the shopper for shipping and handling for each product fulfilled by you on our behalf. You agree that the fulfillment fee due to you will be reduced or waived for any discounted shipping promotion or free shipping promotion you offer to the shopper.
      4. Delivery Delays Caused by You. We will have no liability for any delays to shoppers created by the delivery of products by you, or the delivery of any non-conforming product to the description you provided to us.
      5. Exporter of Record (for Cross-Border Shipments). We will be the exporter of record with you or your third-party fulfillment agent acting as our agent for export control purposes. If required by law, we will execute a “designation of forwarding agent” in the form provided by us in connection with your role as our fulfillment agent for export control purposes.
      6. Importer of Record. The shopper will be the importer of record for any cross-border transactions. However, if we are deemed by law to be the importer of record for shipments of your products into a jurisdiction, you agree to reimburse us for all unrecoverable duties, taxes and clearance fees.
      7. Additional Shipping Requirement. You agree that for products sold and fulfilled as our agent using the Solution, you will prohibit any change to the delivery address unless initiated by us.
    7. Warehousing and Delivery by Distributors.
      1. Inventory Controlled by Your Distributor for Resale by Us. We will only accept for resale (i) inventory your distributor owns (which you or your distributor will continue to own while in the warehouse) that is customs cleared (duty/tax paid) in free circulation available for resale, and (ii) inventory of the latest version of each product, appropriately labeled for use in the approved countries set forth in an Order Form, including all certifications, approvals and authorizations needed for use in those countries.
      2. Your Distributor’s Obligations. If you have a contractual relationship with a distributor to sell your products to us for our resale, the distributor is responsible for warehousing and delivery of any products we purchase from the distributor for our resale through GSS. We will be the exporter of record with the distributor acting as our agent. The distributor will be responsible for fulfillment and returns of the products in accordance with the distribution and fulfillment agreement between us and the distributor. The distributor is solely responsible for product procurement, warehousing, inventory management, order processing, and pick/pack/ship, and you are solely responsible for ensuring that the distributor has adequate inventory of any of your products we purchase from the distributor for resale through GSS. You will be responsible for the accurate information for your products in the distributor’s warehouse, such as but not limited to, export classifications, proper packaging, labeling, certifications, approvals and authorizations that will be used to complete export documentation for customs filings/requirements. If you offer a shipping discount to the shopper, we will have the right to offset the amount of the discount taken by the shopper from amounts due to you under the Agreement.
      3. Payment. Payments to you under the Agreement for our sale of a product we purchased from a distributor are computed by taking the net of the sales price of the product for those products for which we received payment less the sum of (a) the purchase price of the product by us from a distributor, inclusive of all applicable taxes and fees, (b) our charges as set forth in the Order Form attributable to the transaction, (c) amounts refunded to purchasers for products subject to return or cancellation (net of any credits we received from distributors for returned products), and (d) any amounts subject to chargeback.
    8. Returns of Physical Product(s).
      1. Returns. GSS will process information related to returns of physical product(s).
      2. Valid Return Reasons. GSS is able to capture select return reasons to allow you to compile data on returns of physical goods.
      3. Returns History. GSS captures authentications/approvals, reporting and recordation of returns of physical product(s).
  5. Optional Services – Fulfillment Services.
    1. Inventory Visibility. With appropriate configuration, our Fulfillment Service provides SKU level inventory availability data for physical goods from all inventory locations across your enterprise.
    2. Backorders. If permitted and applicable, you must configure rules for handling backorders in our Fulfillment Service.
    3. Fulfillment Routing. Our Fulfillment Service’s sourcing rules allow you to configure which inventory location will fulfill a given order.
    4. Order Splitting Rules. The Fulfillment Service can be configured with order splitting rules allowing you to determine if orders with multiple items can be shipped separately so they arrive faster, or shipped together, saving costs.
    5. Shipment Notification. Our Fulfillment Service will receive notifications that all or part of an order has been shipped. You must provide the GSS with updates to the status of all or part of an order that has been shipped.
    6. Tracking Information. Once an order leaves the warehouse, shipment-level tracking information is available through our Fulfillment Service for use by you (major carriers only).
    7. RMA Rules. The Fulfillment Service will use your configuration to determine and provide the appropriate return address and send a Return Merchandise Authorization (RMA) to a designated warehouse to alert them of the return of a physical product. The warehouse must provide to GSS notification of receipt of a return and its condition. GSS will determine if a refund should be generated upon receipt of notification of the return and its condition according to our Guidelines and Best Practices.
    8. Shipping / Order History. Your shopper’s historical order data will be stored in GSS, and made available only to you and us, in a manner consistent with all required regulations and rules.
  6. Digital River Managed Warehouse Service – Legacy Service
    The following sections apply if you are using our legacy Managed Warehouse Service for physical products as indicated in an Order Form.

    1. Physical Products You Provide to Us. You will provide us with, and we will only accept (i) inventory you own (which you will continue to own while in our or our agent’s warehouse) that is customs cleared (duty/tax paid) in free circulation available for resale, (ii) inventory of the latest version of each product prepackaged and ready for shipment, appropriately labeled for use in the approved countries as set forth in an Order Form including all certifications, approvals and authorizations needed for use in those countries, and (iii) additional inventory we need from time to time to maintain adequate inventory to fill anticipated order volumes based on projected purchase patterns. For physical products you ship to us, you will be importer of record and will be responsible for all expenses associated with, and will bear the risk of loss for, the shipments.
      1. Loss of Product. We will use reasonable efforts to preserve at least ninety-nine and one-half percent (99.5%) of the products that you place in our custody or control in our or our agent’s warehouse, each calendar quarter. At the end of each calendar quarter, in the event of any loss of more than one-half percent (0.5%) of the warehoused inventory, we will pay you the replacement value of the physical materials constituting the lost products upon reasonable proof of the products’ replacement value (which must include, at a minimum, documentation of invoices for materials costs). If product is lost during shipment from our or our agent’s warehouse to the shopper, our liability is limited to the standards imposed by the common carrier.
      2. Shipping and Warehousing Costs; Discounts. We will use our or our agent’s warehousing for products before shipments to shoppers and shipping account for shipments to shoppers. We will provide you with our shipping and warehousing costs for each product we fulfill. The shipping and warehousing costs will be paid by the shopper, and if you offer a shipping discount to the shopper, then you will pay us an amount equal to the discount taken by the shopper so we receive our full shipping, handling and warehousing costs. If you have warehouse special project requests and we perform the request for you, you will pay us our warehouse account management fees, storage costs and costs relating to the warehouse special project request. We may offset any payments to you or invoice you for these warehouse costs.
      3. Delivery Delays Caused by You. We will have no liability for any delays to shoppers created by the delivery of products by you to us, or the delivery of any non-conforming product to the description you provided to us.
      4. Exporter of Record (for Cross-Border Shipments). You will be responsible for the accurate information for your products in our or our agent’s warehouse, such as but not limited to, export classifications, proper packaging, labeling, certifications, approvals and authorizations that will be used by us as exporter of record or our agent on our behalf to complete export documentation for customs filings/requirements. Our third party fulfillment agent will act as our agent for export control purposes and will be responsible for proper and accurate completion of all documents and customs filings/requirements on our behalf based on information you supplied for your products.
      5. Importer of Record. The shopper will be the importer of record for any cross-border transactions. However, if we are deemed by law to be the importer of record for shipments of your products into a jurisdiction, you agree to reimburse us for all unrecoverable duties, taxes and clearance fees.
      6. Excess Product. We will provide you notice if we are maintaining excess inventory of your products. You will have thirty (30) days from receipt of notice to collect any excess product at your cost. If you fail to collect the excess product within the 30-day period, at our option we may either (a) dispose of your products in any manner we choose and charge you reasonable fees to do so, and/or (b) charge you storage and/or handling costs or fees to hold the products for you.
      7. Inventory Transfers. You are responsible for all shipping arrangements and documents, including export documents, for all movements (in and out) of your inventory at our warehouse. We will arrange inventory transfers with our or our agent’s warehouse per your request. We will pass to you any required shipment information, including pick up confirmation number(s), for you to arrange pick up and shipment. We will pass shipment/export documents created by you or your agent to our or our agent’s warehouse to be included with the inventory for pick up/shipment. You will be responsible for, and we will charge you for, any fees or costs associated with inventory transfers.
      8. Local Warehouse Requirements. You are responsible for ensuring you have the requisite commercial requirements (such as licenses) to successfully complete a sale to us where our or our agent’s warehouse is located.

Solution Service Level Standards

Effective as of July 15, 2020

These Standards apply to the Solutions and are in addition to the terms in the Agreement. Capitalized terms used in these Standards have the same meaning as they do in the Agreement. These Standards are dependent upon your compliance with the best practices for your integration and platform usage, as defined in the Guidelines and Best Practices for the Solution you select, and upon your compliance with your responsibilities as defined in these Standards.

Service Levels

  1. Uptime. The Solution under the Agreement is available at least 99.9% of the time measured over each calendar Quarter (January 1, April 1, July 1, October 1). Availability is calculated separately by platform in accordance with the following formula: Availability formula
    Availability = total minutes per quarter - total minutes unavailable per quarter
    (Total minutes per Quarter)
  2. Limitation: This availability commitment only applies if your usage is less than:
    1. 1,000,000 milliseconds of compute time per five (5)-minute interval; and
    2. 6,000,000,000 milliseconds of compute time per month.
  3. Unavailability. A “service interruption” is any time exceeding five (5) consecutive minutes where our Order Takers (a) do not respond to any valid shopper request, or (b) provide only HTTP response codes 500, 502, 503, or 504 responses to all valid shopper requests, or (c) some combination of (a) and (b).“Order Taker” is defined as those systems within our checkout flow which respond to web requests.A period of “unavailability” (i) commences as of the earlier of the time we detect an incidence of a service interruption or the time that you notify us of the service interruption, and (ii) ends when our Order Takers commence providing routine responses to your shopper requests again. Unavailability shall be monitored by us.Unavailability shall not include any interruption arising from:
    1. scheduled maintenance and/or upgrades, including any redundant environments,
    2. your failure to follow the Guidelines and Best Practices,
    3. our suspension or termination of your right to use the Solution in accordance with the Agreement, or
    4. any event beyond our control, which includes without limitation any external interruption of power or telecommunications; denial of service, virus/worm or other attack; the failure or substantial failure of the Internet; the internet service provider or internal telecommunications equipment experienced by you or any of your customers; the browser configurations, hardware and/or software of you or any shopper; and/or any other force majeure event (including without limitation acts of God, terrorism, natural disaster, war, riots, and labor strife).

    We use all reasonable efforts to avoid having to take any redundant environments offline for executing schedule maintenance. Should under exceptional circumstances such maintenance nevertheless prove necessary, we will provide as much notice as practically possible and plan such maintenance in a manner and on a date and time to minimize the potential number of affected potential transactions.

  4. Shared Responsibility to Mitigate Risk. Security and compliance are a shared responsibility between us and you.We are responsible for taking reasonable precautions to mitigate the risk of unavailability, including but not limited to (a) use of anti-virus and anti-trojan software; (b) installation of available hardware and software patches; (c) implementation of industry standard security measures, such as firewall-based network segmentation, intrusion detection, and anti-dedicated denial of service (“anti-DDOS”) measures; (d) implementation of business continuity and disaster recovery measures, such as application redundancy and scheduled backups; and (e) maintaining redundant infrastructure providers.You are responsible for taking reasonable precautions to mitigate the risk of unavailability of the Solution to you, including but not limited to: (i) implementing proper input filtering, (ii) applying intrusion detection and web application firewall (WAF) practices, (iii) applying anti-DDOS measures, (iv) jointly investigating and resolving security and compliance issues as they impact both you and us from time to time, and (v) properly interpreting HTTP response code 429 from the Solution and waiting the directed amount of time before retrying the intended request.
  5. Business Continuity and Disaster Recovery. We maintain a business continuity and disaster recovery plan designed to minimize the impact to our operations of a man-made or natural disaster or other similar events which could impact our business operations and/or technology infrastructure. We annually test our ability to comply with our business continuity and disaster recovery plan and will make our results available upon request.
  6. Issue Resolution. We target resolution of issues, based on their severity. In the event an issue could be classified within more than one Severity Level, we shall initially classify the issue; in addition, we may, upon notice to you, reclassify the priority level of an issue as fixes are rendered and/or developed or the severity of the issue decreases. In the event you disagree with our classification or reclassification, as appropriate, you may contact us to discuss when a further reclassification of the issue is appropriate.
    Severity Level Description
    Level 1
    • Impact: Critical
    • Our Classification: Solution is down
    • Acknowledgment: As soon as possible (dependent on circumstances)
    • Issue Resolution: As soon as possible (dependent on circumstances)
    Level 2
    • Impact: High
    • Our Classification: Disruptive problem to the Solution impacting performance or availability
    • Acknowledgment: Within twenty-four (24) hours
    • Issue Resolution: As soon as possible (dependent on circumstances)
    Level 3
    • Impact: Medium
    • Our Classification: Some impact to the Solution; however, not vital to immediate performance or availability
    • Acknowledgment: Within two (2) business days
    • Issue Resolution: Within 5-10 business days of Acknowledgment, unless notified otherwise
    Level 4
    • Impact: Low
    • Our Classification: Minimal impact to the Solution
    • Acknowledgment: Within two (2) business days
    • Issue Resolution: We will evaluate and incorporate into maintenance release as we deem appropriate

    For the purposes of this table, the “Acknowledgment” is the time from when we first learn of a problem to when we initially contact to you by email or telephone acknowledging such reported issue; and “Issue Resolution” is when we substantially resolve the issue or begin a plan to resolve the issue, whichever occurs first.

  7. Remedies. If we fail to meet our availability commitment in any calendar quarter during which we were compensated for your use of the Solution, your sole and exclusive remedy is a service level credit as follows, subject to your rights in case of a continuous failure as described in section 8 below. The service level credit is calculated by applying the service credit percentage to the charges we earned and received less the cost of payment processing for transactions we processed during that calendar quarter for your use of the Solution. We will apply any service credits only against future Solution charges otherwise due from you. Service credits will not entitle you to any refund or other payment from us. Subject to section 8 below, the foregoing is your sole and exclusive remedy for our breach.
    Quarterly Uptime Percentage Service Credit Percentage
    Less than 99.9% but greater than or equal to 99.0% 10%
    Less than 99.0% but greater than or equal to 95.0% 25%
    Less than 95.0% 50%

     

    1. Remedy Procedure. To receive a service credit, you must submit a claim by opening a case with our Customer Success Team. To be eligible, we must receive your credit request within 30 days’ after the end of the calendar quarter in which the service level commitment was not met and must include:
      1. the words “SLA Credit Request – Solution” in the subject line;
      2. the dates and times of each period of unavailability that you are claiming;
      3. the calendar quarter with respect to which you are claiming service credits;
      4. Your request logs that document the errors and corroborate your claimed outage (any confidential or sensitive information in the logs should be removed or replaced with asterisks).

      If we confirm the Quarterly Uptime Percentage is less than our service commitment, then we will issue you a service credit within one billing cycle following the quarter in which we confirm your request. If you don’t provide your request and other information needed above, you will be disqualified from receiving a service credit.

  8. Alternative Remedy in Case of Continuous Failure. Should we fail to meet our availability commitment in any two (2) consecutive calendar quarters during which we were compensated for your use of the Solution, you shall, as an alternative remedy, be entitled to terminate the Agreement upon thirty (30) days’ prior written notice to us. For the avoidance of doubts, in case you decide to terminate the Agreement based on this provision you shall not be entitled to receive additional service credits for the calendar quarter giving rise to such termination right.In the event you fail to provide us with notice of such termination within forty-five (45) calendar days of the end of the calendar quarter giving rise to such termination right, you shall be deemed to have waived its right to terminate the Agreement for such failure (but shall have the right to so terminate if the condition is met in any subsequent two (2) calendar quarters).

Data Handling Standards

Data Handling Standards

Effective as September 24, 2021

These Standards are in addition to the terms in the Agreement. Words used in these Standards with an initial capital letter have the same meaning (i) as defined in these standards in Section 13 “Definitions;” (ii) as found in the EU General Data Protection Regulation (GDPR); (iii) as found in the California Consumer Privacy Act (CCPA); or (iv) as found in the Agreement. Where a term in these Standards conflicts with a corresponding term in the Agreement, the term in these Standards will control with respect to the parties’ obligations under these Standards.

  1. Background and Purpose. Each party is responsible for privacy, data security, and compliance with any global Data Protection Legislation that may apply to your commerce solution. These Standards were created to allow us to have an open data sharing arrangement with you. The purpose is to ensure that any transfers of data between the parties are completed using appropriate safeguards, and that each party understands its obligations under Data Protection Legislation. Here, we have laid out the obligations of each party, including our respective responsibilities under Data Protection Legislation.

 

  1. Obligations of the Parties. You and we will each maintain the responsibility of being an (Independent) Data Controller for Personal Data. As such, each party is responsible for ensuring that Personal Data is Processed according to Data Protection Legislation and that there is a lawful basis for its Processing activities.

 

  1. Description of Personal Data and Purpose of Processing. Each party will process Personal Data of those purchasers that purchase a title, license right, and/or usage right to a product using our Service (the “Shopper”). Those categories of Personal Data may include names, addresses, email addresses, phone numbers, IP addresses, and other related transaction information.

 

The Personal Data will be processed independently by each party for the following purposes:

  • To provide the Shoppers with the services they have requested, in accordance with the relevant party’s privacy policy,
  • To ensure the performance of the parties’ obligations under the Agreement,
  • To provide other similar services to Shoppers where the Shoppers have, if applicable, consented to such services, and as decided by each party as its own (Independent) Data Controller,
  • To share the data with third parties, Service Providers, and use Processors to process the data so long as the parties comply with Data Protection Legislation; and
  • Digital River agrees that it will only independently process the Shopper Personal Data for the following purposes: performing its obligations under the Agreement, fulfilling Shopper transactions, collecting Shopper payments, conducting fraud screening, providing support to Shoppers,  preventing, detecting, or investigating fraud, employing independent fraud modeling, detection, and risk analytics, payment optimization, and generally complying with its contractual or other obligations to the Shopper and complying with its legal obligations. For clarity, DR will not process Shopper Personal Data to market to end users.

 

For the avoidance of doubt, the parties agree that neither party receives valuable consideration for, and no Sale has occurred as a result of the transfer of data from one party to another. Any transfer of data between the parties is done for the purpose of fulfilling and processing shopper-initiated transactions and for providing related support.

 

  1. Information Provided to Shoppers. The parties agree to include the applicable link to each party’s privacy policy, prior to the collection by such party, of the Shopper’s Personal Data, so that it is clear to the Shopper which privacy policy applies to the processing of their data. For the avoidance of doubt, your privacy policy will govern how you will process Personal Data and ours will govern how we will process Personal Data. We are each responsible for fulfilling our promises as outlined in our respective privacy policies.

Where applicable, you will gather and document the applicable consents from Shoppers for the processing of their data, such as for marketing activities. And, where there is another lawful basis for the processing (such as “Legitimate Interests”) you will also document the applicable lawful basis and your reasoning behind such decision(s).

 

  1. Data Handling Requests; Notifying the Other party. Data Protection Legislation, such as GDPR and CCPA, grants Shoppers certain rights regarding their personal data that a Data Controller holds and obligates Data Controllers to facilitate the exercise of those rights. As such, each party is responsible for facilitating the exercise of Shoppers’ rights under applicable law and must send any applicable data handling requests to the other party without undue delay.

Such rights may include the right to consent, and to withdraw the consent, the right of access, rectification, restriction of Processing, erasure, data portability, and the right to object to Processing. It is up to each party to ensure the Shoppers’ rights are honored as appropriate, considering applicable legal requirements. It is also each party’s responsibility to ensure that the Shopper has been appropriately authenticated under Data Protection Legislation prior to acting on any access request.

Specifically, as it relates to data erasure requests from a Shopper, we request that you log into our administration interface software (or successor user interface) and click on the “Request Removal of Personal Information” button, which will automatically trigger a notification to us. You may also send any communications related to such data handling requests to the Digital River contact point(s) noted in the Order Form under “Privacy.”

 

  1. Security of Personal Data. Each party agrees to take reasonable steps to provide a level of security appropriate to the sensitivity of the Personal Data in each party’s control.
    • Each party represents, warrants and covenants to the other party that (i) it has implemented technical and organizational security measures, which meet industry standards and comply with all applicable Data Protection Legislation, to prevent any unauthorized access, use or disclosure of Personal Data, and (ii) its processing of Personal Data will at all times be performed in accordance with such technical and organizational security measures; and
    • Each Party represents and warrants that it has in place and in writing a business continuity and disaster recovery plan; and
    • To the extent required by applicable law, the parties will not transfer the Personal Data to a processor, vendor, service provider, subcontractor or sub-processor (a “Processor”), unless (i) it has first concluded a written agreement with the Processor that imposes obligations and restrictions on the third-party at least as restrictive as those that apply to the other party under these Standards (“Processing Agreements”), and (ii) such transfer complies with applicable Data Protection Legislation; and
    • The party who has transferred Personal Data to the Processor shall be liable for the acts or omissions of that Processor with respect to Personal Data.
  2. Security Breach. With respect to any Security Breach, the parties will take all steps reasonably necessary to (i) investigate and remediate the effects of such occurrence, (ii) mitigate any harm to those Shoppers that are affected or could be affected by such occurrence, (iii) prevent the re-occurrence, and (iv) comply with applicable Data Protection Legislation.

Each party shall notify the other party in writing or by phone (for Digital River, the phone number is 952-253-1234, attention: Legal) after becoming aware of any compromise of the Personal Data that may affect the other party. The responsible party shall also notify the Supervisory Authority and Shoppers, where required and within the applicable time period under Data Protection Legislation. As such, the parties will coordinate with, consult with and keep the other party regularly informed related to its response to any Security Breach.

 

  1. Transfers of Personal Data Outside of the EEA or United Kingdom. A party shall not transfer Personal Data (nor permit any Personal Data to be transferred) to a territory outside of the EEA or the United Kingdom unless it has taken such measures as are necessary to ensure the transfer complies with applicable law. The parties acknowledge that adequate protection for the Personal Data must exist for any transfer and will, if needed, enter into an appropriate written agreement governing such transfer of Personal Data, including, but not limited to Standard Contractual Clauses, taking into account the level of protection of the third country and taking additional steps to guarantee protection if necessary, unless another appropriate safeguard for the transfer exists.

To the extent that that the Agreement involves the transfer of Personal Data outside of the EEA or United Kingdom, the parties agree that Standard Contractual Clauses shall be incorporated into the Agreement.  To that end, for agreements entered into on or after September 27, 2021 the Standard Contractual Clauses applicable to the transfer of Personal Data outside of the EEA (“EU SCCs”), available at https://www.digitalriver.com/legal-other/eu-standard-contractual-clauses-commerce-connector-solutions/, plus the Privacy details in the Order Form shall constitute the completed EU Standard Contractual Clauses. For agreements entered into prior to September 27, 2021, the contractual requirements for the transfer of Personal Data to Controllers established in third countries found in the European Commission’s Decision 2004/915/EC of 27 December 2004 plus the Privacy details in the Order form shall constitute completed Standard Contractual Clauses and shall remain in full force and effect until the Parties enter into an amendment adopting new Standard Contractual Clauses.  Where and to the extent Standard Contractual Clauses apply pursuant to this Clause, if there is any conflict between these Standards and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

 

  1. Liabilities and Indemnification. Each party agrees to be held solely liable for the performance of its obligations under Data Protection Legislation and these Standards, and any costs associated with a party’s failure to comply with Data Protection Legislation and these Standards, including any fines imposed by a Supervisory Authority (or its equivalent), shall be paid by the party that failed to comply.

While nothing in the Agreement or these Standards shall be construed as making the parties, acting as (Independent) Data Controllers, involved in the same processing, should, pursuant to Article 82(4) of the GDPR, a party be found to be liable for the entire damage arising from a breach or breaches of the GDPR relating to activities under these Standards, in order to ensure effective compensation of one or more individuals, then that party shall indemnify the other party for that portion of the compensation attributable to any breaches of the GDPR for which it is responsible.

 

  1. Requests from Supervisory Authorities. The parties agree to cooperate with each other when they receive a request from a Supervisory Authority or court of law that impacts the other party. Where one party receives the request (the “Receiving Party”), the Receiving Party shall communicate the request to the other party promptly, and where possible, prior to responding to the Supervisory Authority or court of law. However, if this is not possible due to the immediacy of the request, the Receiving Party shall communicate the request to the other party as soon as reasonably possible after submission of the response.
  2. Survival of these Standards. Regardless of whether the Agreement is terminated or expires, if either party has access to, processes or otherwise retains Personal Data, the parties agree to comply with all applicable requirements under Data Protection Legislation. Therefore, the applicable sections of these Standards that relate to the parties’ obligations under Data Protection Legislation, survives any termination or expiration of the Agreement. To the extent there are no further obligations of the parties under Data Protection Legislation, these Standards will terminate. Also, and for the avoidance of doubt, each party is responsible for destroying the Personal Data in accordance with applicable laws and neither party is required to return to the other party the Personal Data that is in their possession.
  3. Applicable Law and Dispute Resolution. These Standards (including the Agreement) constitute the entire agreement between the parties with respect to the subject matter hereof, and these Standards supersede all prior agreements or representations, oral or written, regarding such subject matter. These Standards are governed by the law governing the Agreement, except for where the applicable Standard Contractual Clauses are executed between the parties, which contain specific provisions on the applicable law in Clause IV, “Law applicable to the clauses.”
  4. Definitions. The following definitions apply to these Standards:
    • California Consumer Protection Act (CCPA) is the California state statute that created new consumer rights relating to the access to, deletion of, and sharing of personal information of California residents which became effective on January 1, 2020, and any subsequent modifications or amendments.
    • Data Protection Legislation means any applicable data protection, security, consumer protection and related regulatory and legal obligations globally, including, but not limited to, the CCPA and the GDPR, and any subsequent modifications or amendments.
    • General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 is that regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data, which was enforceable as of 25 May 2018 and any subsequent modifications or amendments.
    • Legitimate Interest means that processing is permitted if it is necessary for the purposes of a legitimate interest pursued by the controller (or by a third party), except where the controller’s interests are overridden by the interests, fundamental rights, or freedoms of the affected Shoppers which require protection.
      • Sale means any activity that qualifies as “sell,” “selling,” “sale,” or “sold,” under the CCPA.
    • Standard Contractual Clauses are the contractual requirements approved by a relevant authority to ensure the appropriate data protection safeguards are in place in the event of the international transfer of Personal Data.

 

Terms of Sale

LAST UPDATED: January 20, 2014

  1. SCOPE AND APPLICATION
    1. THESE TERMS OF SALE (“TERMS”) CONSTITUTE A BINDING LEGAL CONTRACT BETWEEN (A) US, DR GLOBALTECH, INC., WITH OFFICES AT 10380 BREN ROAD WEST, MINNETONKA, MN 55343, THE SELLER (WITH REFERENCES TO “US”, “WE”, OR “OUR” BEING CONSTRUED ACCORDINGLY), AND (B) YOU, THE PURCHASER (WITH REFERENCES TO “YOU” OR “YOUR” BEING CONSTRUED ACCORDINGLY).THESE TERMS APPLY TO ALL OFFERS, SALES AND PURCHASES OF THIRD PARTY PRODUCTS (INCLUDING, WITHOUT LIMITATION, HARDWARE, SOFTWARE, LICENSE RIGHTS, AND SERVICE USE RIGHTS RESOLD BY US) (“PRODUCTS”) OR ACCESS RIGHTS TO SERVICES WE DIRECTLY PROVIDE (INCLUDING, WITHOUT LIMITATION, EXTENDED DOWNLOAD SERVICE OR REGISTRATION BACKUP SERVICE) (“DR SERVICES”), WHICH OCCUR EITHER (A) THROUGH THE ONLINE STORE ON WHICH WE POST THESE TERMS, OR (B) THROUGH ANY OTHER MEANS THROUGH WHICH WE ENGAGE IN THE SALE OF PRODUCTS AND DR SERVICES, SUCH AS BUT NOT LIMITED TO ORDERS BY PHONE (THE WEBSITE AND SUCH OTHER MEANS, A “DR COMMERCE SOLUTION”). BY ORDERING ANY PRODUCT OR DR SERVICE THROUGH A DR COMMERCE SOLUTION OR BY VISITING THIS ONLINE STORE, YOU SIGNIFY YOUR ACCEPTANCE OF THIS AGREEMENT.
    2. We value our relationship with you and consider our approach to privacy of the information you provide in your use of the DR Commerce Solution to be an important aspect of that relationship. Our Privacy Statement governs the collection and use of information through the DR Commerce Solution. By submitting your personally identifiable information to us in relation to your order, you consent to such information being processed to fulfill your order and in accordance with our Privacy Statement. The Privacy Statement is incorporated by reference into and is made a part of this Agreement. To view the Privacy Statement applicable to our collection and use of information through the DR Commerce Solution, please click here.
    3. ALL ORDERS ARE SUBJECT TO YOUR CONSENT TO ANY APPLICABLE LICENSE AGREEMENT OR USAGE TERMS IS DELIVERED WITH, INCLUDED IN, OR PRESENTED IN CONNECTION WITH YOUR PRODUCT OR DR SERVICE. If you do not agree to the license or usage terms once you see them, do not accept them and contact customer service.
    4. When a customer enters a brick-and-mortar store, the customer is bound by the store rules in effect on the date of his or her visit. Similarly, you are bound by the version of these Terms in effect on the date of each order you place through this DR Commerce Solution. These Terms may change from time to time, so please review them upon submission of each order, even if you have reviewed them before.
    5. ALL ACCEPTED ORDERS ARE FINAL, NON-CANCELABLE AND NON-REFUNDABLE, EXCEPT AS SPECIFIED IN THE RETURNS POLICY APPLICABLE TO YOUR PURCHASE.
  2. ORDER PLACEMENT AND ACCEPTANCE; ONLINE CONTRACTING
    1. Commerce Solution as accurately as possible. However, we do not warrant that the prices, quotations, anticipated delivery dates, and descriptions made or referred to on the DR Commerce Solution or any related websites are accurate, complete, reliable, current, or error-free. The prices, quotations and descriptions made on the DR Commerce Solution are subject to availability, do not constitute an offer and may be withdrawn or revised at any time prior to our express Acceptance of your order (as described below).
    2. All Product specifications, illustrations, drawings, particulars, dimensions, performance data and other information on the DR Commerce Solution or related pages, or otherwise made available by us or a Product manufacturer or publisher, are intended to represent no more than a general illustration of the Products and do not constitute a warranty or representation by us that the Products will conform with the same. You must refer to the manufacturer’s specifications or warranty documentation to determine your rights and remedies in this regard.
    3. While we make every effort to ensure that items appearing on the DR Commerce Solution are available, we cannot guarantee that all items are in stock or immediately available when you submit your order. We may reject your order (without liability) if we are unable to process or fulfill it. If this is the case, we will refund any prior payment that you have made for that item.
    4. An order submitted by you only constitutes an offer by you to us to purchase Products or DR Services subject to these Terms at the price and on the terms stated in the order, and is subject to our subsequent Acceptance (as defined below), irrespective of whether the button or link you press or activate to submit your order to us includes words such as “complete order” or otherwise indicates that it is the final step in completion of your order. Any order confirmation email received by you prior to our Acceptance shall constitute an acknowledgment of our receipt of your offer only, and not an acceptance of your offer.
    5. You acknowledge and agree that if you are placing an order through a website, by clicking or activating the button or hyperlink to submit your order, you are placing a legally binding offer. You consent to: (i) the use of electronic communications in order to enter into contracts and place orders
      with us; and (ii) the electronic delivery of notices, policies and records of transactions initiated or completed by you online. You have the right to withdraw your consent to electronic contracting and to electronic delivery, but if you do, we may cancel your order and/or your access to DR Services and Third Party Services. If you do not consent to receive any notices electronically, you must stop using the DR Commerce Solution.
    6. Our acceptance of your order only occurs at such time that we have both (a) dispatched your Product order and/or provided you with access to DR Services, and (b) received payment of the purchase price of your order through settlement of funds via your provided credit card or other payment method (“Acceptance”). We may cancel your order at any time and for any lawful reason prior to Acceptance.
      Prior to Acceptance, an automatic e-mail acknowledgment of your order may be generated. Please note that any such automatic acknowledgment does not constitute a formal acceptance of your order.
    7. We may keep records of orders received, accouterments, acceptances and other contract records after Acceptance for a period not to exceed the maximum period permitted by law. We may be able to provide you with copies on written request; however you must make sure you print a copy of all such documents and these Terms for your own records.
    8. If we have cause to believe that you are unable to pay your debts as they fall due, you fail to pay any amount by the due date or breach any of these Terms, we believe you have engaged in fraud or criminal activity in connection with your use of the DR Commerce Solution, or we are unable to process payment to the payment method you provided with your offer, then, without prejudice to any of our other rights, we may do any or all of the following: (a) stop any Products in transit to you; (b) suspend further deliveries of Product if on an ongoing basis; (c) stop or suspend provision of DR Services; (d) cancel or revoke issues Service Use Rights for Third Party Services; (e) cancel any automatic renewal plan in which you have elected to participate; and/or (f) cancel any and all other contracts between us and you.
  3. PRICING AND PAYMENT TERMS
    1. Prices do not include shipping and handling, expedited service, or sales taxes, if applicable, which will be added to your total price. You are responsible for any shipping and handling charges and state and local sales or use taxes that may apply to your order. If the price of a Product is obviously incorrect, regardless of whether it is an error in a price posted on the DR Commerce Solution or otherwise communicated to you, then we reserve the right, at our sole discretion, to cancel your order and refund to you the amount that you paid, regardless of how the error occurred.
    2. Prices payable for Products or DR Services are those in effect at the time of Acceptance, unless otherwise expressly agreed. Prices may be indicated on the DR Commerce Solution or an order acknowledgment but the authoritative price in the event of any discrepancy, is the price that is notified to you on our Acceptance through the charge placed through your selected payment method. Payment shall be made by the payment method selected during your order completion process through the DR Commerce Solution. We will charge credit or debit cards on dispatch of the Product or commencement of DR Services. We reserve the right to verify and/or authorize credit or debit card payments prior to Acceptance.
    3. Except as expressly provided elsewhere in these Terms or the DR Commerce Solution, payment may be taken in full notwithstanding any claim for short delivery or defects.
    4. Where the payment is invoiced, each invoice shall be due and payable in full by the due date specified on the invoice, and if no date is specified on the invoice, within thirty (30) days of the date of invoice. If you fail to pay invoiced amount when due, we may (a) by notice declare all invoiced amounts unpaid at that date to be immediately due and payable, and (b) take all actions determined necessary and appropriate by us to collect such unpaid amount.
    5. No counterclaim or set-off may be deducted from any payment due without our written consent. We may also take action against you for the price of Products at any time after payment has become due even though title or rights to those Products may not yet have passed to you.
    6. If you elect to use the services of a third party payment or billing provider in connection with your purchase from us, your use of such services will be subject to the third party provider’s own terms and conditions. You may be required to create an account with such third party provider and/or provide that third party provider with your bank account or credit/debit card details. We are not responsible for, and you agree to hold us harmless from and against any liability resulting from, the acts or omissions of any third party payment or billing provider.
    7. Any extension of credit allowed to you may be changed or withdrawn at any time. Interest shall be chargeable on overdue amounts accruing on a daily basis at the maximum amount permitted under applicable law from the due date for payment until our receipt of the full amount (whether before or after judgment). You shall indemnify us on demand against any out of pocket expenses incurred in relation to recovery of any overdue amounts.
  4. DELIVERY
    1. We will use all commercially reasonable efforts to deliver Products in a timely manner. For Products delivered electronically, we will deliver such Products by electronic transmission or via download. Delivery timescales/dates specified on the DR Commerce Solution, in any order acknowledgment or elsewhere are estimates only.
    2. The places that we deliver to are listed on the Site (“Territory”). Delivery shall be to a valid address within the Territory submitted by you and subject to Acceptance (“Delivery Address”). You must check the Delivery Address on any order acknowledgment or Acceptance we provide, and notify us of errors or omissions as soon as possible. We reserve the right to charge you for any extra costs arising from changes you make to the Delivery Address after you submit an order.
    3. Where we deliver Products by installments, each installment constitutes a separate contract and any defect in any one or more installments shall not entitle you to repudiate the contract as a whole nor to cancel any subsequent installment.
    4. Save as otherwise provided in these Terms, risk of loss of or damage to the Products passes to you (a) for Products delivered digitally, upon the provision to you of a download link for Software, or of a license key or Service Use Rights, via email or other electronic delivery method; and (b) for Products delivered physically, upon delivery of a product to the delivery location (if no signature is required for delivery, you accept all risk of loss for theft or loss of the delivered product following delivery to the delivery location).
  5. REJECTION, DAMAGE OR LOSS IN TRANSIT; PRODUCT WARRANTY Except as set out above or under any applicable returns policy presented on the DR Commerce Solution and applicable to your purchase of a Product or DR Service (“Returns Policy”) and subject to any rights you have under applicable law that cannot be excluded or limited by these Terms:
    1. We shall not be liable and you shall not be entitled to reject Products or DR Services, except for:
      1. Damage to or loss of Products or any part thereof in transit (where the Products are carried by our own transport or by a carrier on our behalf) for which you notify us in writing of such damage or loss within 5 working days of your receipt of the Products (if damaged) or 5 working days of the anticipated delivery date of the Products (if lost);
      2. Defects in Products (not being defects caused by any act, neglect or default on your part) for which you notify us of such defect within 30 days of your receipt of the Products.
      3. Defective performance of DR Services (not being defects caused by any act, neglect or default on your art) for which you notify us of such defective performance within 5 days of such defect becoming apparent.
    2. We shall not be liable for any damage or losses arising from defective installation of the Products; from the use of the Products in connection with other defective, unsuitable or defectively installed equipment; your negligence; improper use; or use in any manner inconsistent with the manufacturer’s specifications or instructions.
    3. If you refuse or fail to take delivery of Products, any risk of loss or damage to the Products shall nonetheless pass to you, and without prejudice to any other rights or remedies we have:
      1. We shall remain entitled to payment in full for the Products or DR Services delivered;
      2. We may effect delivery by whatever means we consider appropriate or store Products at your risk, and you shall be liable for, and shall pay on our demand, all costs of Product storage and any additional costs incurred as a result of such refusal or failure to take delivery; and
      3. We shall be entitled 30 days after the agreed date for delivery to dispose of Products in such manner as we determine and may set off any proceeds of sale against any sums due from you.
    4. Except to the extent required as a result of any mandatory rights you have as a consumer under applicable law, you shall not be entitled to reject the Products in whole or in part by reason of short delivery and shall pay in full notwithstanding short delivery or non-delivery unless you notify us in writing of any claim within 7 days of the latest of the date of receipt of the relevant invoice or delivery whereupon you shall pay for the quantity actually delivered.
    5. Where there is a shortage or failure to deliver, or any defect in or damage to a Product or Service, we may at our option:
      1. (in the case of Product shortage or non-delivery) make good any such shortage or non-delivery and/or
      2. in the case of failure to perform or defective performance of a Service, make good such failure or defective performance; and/or
      3. in the case of damage or any defect(s) in the Product and in accordance with any applicable Returns Policy:
        1. Replace or repair the Product upon you returning the Product; or;
        2. Refund the price paid in respect of any Products found to be damaged or defective.

      However, your rights of repair or replacement of any Products or any part or parts thereof which are found to be defective will (except where agreed otherwise) be negated or rendered void where Products have been repaired or altered by persons other than the manufacturer, us or any authorized dealer; defective Product or Products have not been returned together with full details in writing of the alleged defects within 30 days from the date on which such Products were delivered; and/or defects are due (wholly or partially) to mistreatment, improper use or storage or maintenance or installation, or failure to observe any manufacturers’ instructions or other directions issued or made available by us in connection with the delivered Products.

    6. You will have the benefit of any manufacturer’s, licensor’s or supplier’s warranty provided by the manufacturer, licensor or supplier to you in connection with your purchased Products and should refer to the relevant documentation supplied with the Product in this regard. (If applicable, the Returns Policy may also set out procedures applicable to repairs or replacement of defective Products delivered.)
  6. SOFTWARE AND SERVICE USE RIGHTS
    1. Where any Product supplied is or includes software (“Software”), this Software (a) is licensed to you (and not sold to you) by the licensor/owner subject to their license agreement or terms included with such Software or presented during your checkout process or software installation process (“License Terms”). In addition:
      1. Such Software may not be copied, adapted, translated, made available, distributed, varied, modified, disassembled, decompiled, reverse engineered or combined with any other software, save to the extent that (i) this is permitted in the License Terms, or (ii) applicable law expressly mandates such a right which cannot legally be excluded by contract.
      2. Save to the extent provided for in any applicable License Terms, your rights of return and/or to a refund under these Terms and any applicable Returns Policy do not apply in the event that you open the Software shrink-wrap and/or break the license seal and/or use the Software.
      3. Except to the extent expressly provided by us in writing or under relevant License Terms, Software is provided ‘as is’ without any warranties, terms or conditions as to quality, fitness for purpose, performance or correspondence with description and we do not offer any warranties or guarantees in relation to Software installation, configuration or error/defect correction. You are advised to refer to any License Terms with regards to determining your rights against a manufacturer, licensor or supplier of the Software.
    2. With respect to your purchase of an service use right associated with a software-as-a-service, platform-as-a-service, or infrastructure-as-a-service offering operated and provided by a third party (“Third Party Service”), we are selling you an intangible right to access, use, and/or participate in such Third Party Service for a specified usage duration (a “Service Use Right”) and we are not the provider or operator of such Third Party Service. Your use of a Third Party Service is subject to the relevant terms of use or other license terms between you and the Third Party Service operator (and not us) related to such Third Party Service (“Service Terms“). You agree and acknowledge that these Terms only apply to our sale of Service Use Rights to you, and do not apply to your use of a Third Party Service. The company or entity which operates the Third Party Service is solely responsible for fulfilling, operating and providing the Third Party Service for which we resell you a Service Use Right. You agree to hold us harmless from and against any liability resulting from your use of, or inability to use, a Third Party Service, except that we (either directly or through our subcontractor) will provide reasonable customer support to you in connection with the fulfillment to you of access credentials as part of your purchased Service Use Right. We disclaim any warranties, terms or conditions as to quality, fitness for purpose, performance or correspondence with description and we do not offer any warranties or guarantees in relation to the availability, use or results from using any Third Party Service for which we sell Service Use Rights. You are advised to refer to any Service Terms with regards to determining your rights against the operator of a Third Party Service.
  7. WAIVER AND LIMITATION OF LIABILITY; RISK ALLOCATION
    1. YOU UNDERSTAND AND AGREE THAT WE ARE NOT THE MANUFACTURER OF THE PRODUCTS WE OFFER FOR SALE THROUGH THE PROPERTY, AND ARE NOT THE OPERATOR OF THIRD PARTY SERVICES FOR WHICH WE OFFER SERVICE USE RIGHTS FOR SALE THROUGH THE PROPERTY. TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, THE PRODUCTS AND DR SERVICES THAT YOU PURCHASE FROM US ARE PROVIDED TO YOU “AS IS,” AND YOUR USE IS AT YOUR OWN RISK. WE DO NOT MAKE, AND HEREBY DISCLAIM, ANY AND ALL EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OF THIRD PARTY RIGHTS, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF OR LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS AND LIMITATIONS MAY NOT APPLY TO YOU. UNLESS AGREED OTHERWISE OR REQUIRED BY APPLICABLE LAW, ANY WARRANTIES PROVIDED IN RELATION TO PRODUCTS OR DR SERVICES ONLY EXTEND TO YOU ON THE UNDERSTANDING THAT YOU ARE A USER AND NOT A RESELLER OF THOSE PRODUCTS OR DR SERVICES.
    2. WE HAVE PRICED PRODUCTS AND DR SERVICES AVAILABLE FOR PURCHASE FROM US UPON THE UNDERSTANDING, AND YOU HEREBY ACKNOWLEDGE THE UNDERSTANDING, THAT TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND WHETHER OR NOT THE LIMITED REMEDIES PROVIDED HEREIN FAIL OF THEIR ESSENTIAL PURPOSE: (a) OUR AGGREGATE LIABILITY WHETHER FOR BREACH OF CONTRACT, TORT OR ANY OTHER LEGAL THEORY) SHALL IN NO CIRCUMSTANCES EXCEED THE AMOUNT ACTUALLY PAID BY YOU FOR THE APPLICABLE PRODUCTS AND/OR DR SERVICES WHICH GIVE RISE TO SUCH LIABILITY; AND (b) NEITHER WE NOR OUR SUPPLIERS OR LICENSORS SHALL BE RESPONSIBLE OR LIABLE TO YOU FOR ANY LOST PROFITS, COST OF SUBSTITUTE GOODS OR SERVICES, OR ANY SPECIAL, INCIDENTAL, INDIRECT, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY DESCRIPTION (INCLUDING WITHOUT LIMITATION LOSS OR INTERRUPTION OF BUSINESS) IN CONNECTION WITH YOUR USE OF THIS SITE OR YOUR PURCHASE OR USE OF ANY PRODUCT OR DR SERVICE, HOWEVER CAUSED AND WHETHER BASED ON CONTRACT, NEGLIGENCE, TORT, WARRANTY, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE WERE AWARE OR ADVISED OF THE POSSIBILITY OF DAMAGES, AND IRRESPECTIVE OF THE NUMBER OR NATURE OF CLAIMS.
    3. NOTWITHSTANDING THE FOREGOING, NOTHING CONTAINED IN THESE TERMS LIMIT OUR LIABILITY TO YOU FOR ANY LIABILITY TO THE EXTENT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED AS A MATTER OF APPLICABLE LAW.
    4. You agree to defend, indemnify and hold harmless us, our subsidiaries and affiliates, and their respective directors, officers, employees and agents from and against all claims and expenses, including attorneys’ fees, arising out of or related to (a) any Products purchased by you in connection with your use of the DR Commerce Solution (including without limitation your use of any Third Party Service for which you purchase Service Use Rights from us), or (b) the violation of Section 8 of these Terms by you, your employees, consultants, agents, distributors, or customers.
    5. To the fullest extent permitted by law and save where expressly set out in any License Terms or elsewhere, we shall have no liability to you in the event of the Products or DR Services infringing or being alleged to infringe the proprietary rights of any third party. In the event that the Products are or may be the subject of patent, copyright, database right, registered design, trade mark or other rights of any third party, you should refer to the relevant terms of the Product manufacturer and/or licensor/owner. We shall be obliged to transfer to you only such right or title as we have.
  8. EXPORT & CUSTOMS DUTIES
    1. Each Product and DR Service and any related items (including software, technology and technical information) sold, exported, transferred, supplied or licensed by us may be subject to and governed by the laws of the United States and other countries, including but not limited to the US Export Administration Regulations (EAR) and US Foreign Assets Control Regulations (FACR). You are required to comply with all applicable laws relating to the export, re-export, transfer, use, or import of any Product or related items. Diversion contrary to applicable law is prohibited. Notwithstanding any other request or agreement to the contrary, neither you nor DR shall take or be required to take any action prohibited or penalized under US or applicable foreign law.
    2. The tangible shipment of Products from one country for delivery in another country may be subject to customs duties, fees, taxes and/or other charges in the country of ultimate destination. Unless otherwise expressly stated by DR during the order process, (a) your payment for the order in question does not include any customs duties, fees, taxes and/or other charges that may be due and payable in the Product’s country of ultimate destination, and (b) the receiving party in the Product’s country of ultimate destination is responsible for making entry and properly declaring the merchandise to the appropriate customs authorities, paying any applicable customs duties/fees/taxes/charges, and/or satisfying any additional import-related requirements. You should contact the local customs authorities in the relevant jurisdiction for further information on the applicable customs requirements and procedures, duties, fees, taxes, and/or other charges that may be assessed against the Product.
    3. When you are making a Purchase, you may be given an option to prepay or not prepay import tariffs and customs duties that may be levied by the destination country, and any disbursement fees, advancement fees or similar fees that may be imposed by the shipper, broker, the customs authority of the destination country or other party (collectively, “Import Costs”). We will make commercially reasonable efforts to estimate the amount of Import Costs (said estimate, the “Estimate”). However, the Estimate may be more or less than the final actual amount of Import Costs due and payable. We have no control over the Import Costs and cannot always predict with 100% accuracy what the final actual amounts may be. For greater certainty, you should contact your local customs office for further information on the import tariffs and customs duties that may be applicable to your Purchase.
      1. If you choose to prepay the Import Costs, you agree and acknowledge that (a) the actual Import Costs may be more or less than the Estimate and (b) you will NOT be asked to pay more money OR receive any refund in the case that the actual Import Costs differ from the Estimate.
      2. If you choose to prepay the Import Costs contained in the Estimate, you agree and acknowledge that the receiving party in the Product’s country of ultimate destination remains ultimately responsible for making entry and properly declaring the merchandise to the appropriate customs authorities, paying any applicable customs duties/fees/taxes/charges, and/or satisfying any additional import-related requirements. You should contact the local customs authorities in the relevant jurisdiction for further information on the applicable customs requirements and procedures, duties, fees, taxes, and/or other charges that may be assessed against the Product.
      3. If you choose to not prepay the Import Costs, you agree and acknowledge that (i) the actual Import Costs may be more or less than the Estimate; (ii) you (and not digital river, the broker, the shipper, the supplier or any other party) must bear the responsibility of paying all actual Import Costs; (iii) in the case that any entity other than you must pay some or all of the actual Import Costs on your behalf to effect customs clearance, you will reimburse (upon request) that entity in full for the actual Import Costs paid on your behalf; and (iv) failure by you to pay Import Costs in a timely manner may not only cause delays beyond our original delivery estimates, but also may put you at risk of potential liability for tariffs and other fees.
  9. NOTICES
    1. Any notice or other communications in relation to these Terms may be given by sending the same by hand delivery, pre-paid post, fax or e-mail (a) with respect to notices and communications to you, to the address and contact information you provided in connection with your purchase of Products and/or DR Services; and (b) with respect to notices and communications to us, to the address listed at the beginning of these Terms or as otherwise specified in your order confirmation email or notification of Acceptance. These will also be the addresses for service of legal proceedings in the manner prescribed by law. Except as set out above in relation to cancellation of consumer orders, such notices or communications (where properly addressed) shall be considered received:
      1. In relation to hand delivery, on the date of delivery at the relevant address (or, if this is not a working date, the first working date thereafter);
      2. If posted, 5 working days after the date of posting;
      3. If by fax, on the date of the transmission as evidenced by a successful transmission contact report (or, if this is not a working date, the first working date thereafter).
      4. If sent by email, on the earliest of (i) the email being acknowledged by the recipient as received; (ii) receipt by the sender of an automated message indicating successful delivery or the email having been opened; or (iii) the expiry of 48 hours after transmission, provided that the sender has not received notification of unsuccessful transmission.
  10. AGREEMENT TO ARBITRATE
    1. We will make every reasonable effort to resolve any disagreements that you have with us. In the event that we cannot resolve a disagreement to your satisfaction (or if we cannot informally resolve a concern we may have with you after attempting to do so informally), then you and we agree that except as expressly provided in Section 10.2 below, any claim, dispute, or controversy you may have against us arising out of, relating to, or connected in any way with these Terms, the DR Commerce Solution, or the purchase or attempt to purchase of any Products or DR Services through the DR Commerce Solution shall be resolved exclusively by final and binding arbitration administered by the American Arbitration Association (“AAA”) and conducted before a single arbitrator pursuant to the applicable Rules and Procedures established by the AAA, including the AAA’s Supplementary Procedures for Consumer-Related Disputes (as applicable), as modified by this agreement to arbitrate in this Section 10 (“Rules and Procedures”). The AAA’s rules, and a form for initiating arbitration proceedings, are available on the AAA’s site at http://www.adr.org. The language of any dispute resolution procedure or any proceedings will be English.
    2. This Section 10 applies to all consumers to the fullest extent allowable by law. The disputes governed by these procedures in this Section 10 include without limitation (a) claims arising out of or relating to any aspect of the relationship between you and us; (b) claims that arose out of your use of the DR Commerce Solution; and (c) claims currently the subject of a purported class action litigation in which you are not a member of a certified class. However, the dispute resolution procedure specifically does not apply to (i) a claim relating to the enforcement or validity of your or our intellectual property rights; (ii) a claim relating to an allegation of theft, piracy, or unauthorized use; or (iii) claims for which class action litigation can be brought.
    3. YOU AND WE BOTH AGREE THAT (A) EACH OF US CAN ONLY BRING CLAIMS AGAINST THE OTHER ON AN INDIVIDUAL BASIS AND THERE SHALL BE NO AUTHORITY FOR ANY CLAIMS TO BE ARBITRATED ON A CLASS OR REPRESENTATIVE BASIS; (B) ARBITRATION CAN DECIDE ONLY YOUR AND/OR OUR INDIVIDUAL CLAIMS, AND THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S); AND (C) THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN THE CLAIMS OF OTHER PERSONS OR PARTIES WHO MAY BE SIMILARLY SITUATED AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING.
    4. If the value of the relief sought is $10,000 or less, either you or we may elect to have the arbitration conducted by telephone or based solely on written submissions, which election shall be binding on you and us (subject to the arbitrator’s discretion to require an in-person hearing based on the circumstances). Attendance at an in-person hearing may be made by telephone by you and/or us, unless the arbitrator requires otherwise. Any in-person arbitration shall be held at a location determined by the AAA pursuant to the Rules and Procedures (provided that such location is reasonably convenient for you), or at such other location as may be mutually agreed upon by you and us.
    5. You agree further that: (a) the arbitrator shall apply Minnesota law consistent with the Federal Arbitration Act and applicable statutes of limitations, including principles of equity, and shall honor claims of privilege recognized at law; (b) the arbitrator shall not be bound by rulings in prior arbitrations involving us, but is bound by rulings in prior arbitrations involving both you and us to the extent required by applicable law; (c) in the event that you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, we will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive.
    6. With the exception of Section 10.3 above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the Rules and Procedures established by the AAA, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, Section 10.3 above is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor we shall be entitled to arbitrate their dispute.
  11. GOVERNING LAW AND VENUE Any dispute arising out of or related to these Terms shall be governed by the internal laws of the State of Minnesota, without regard to or application of its choice of law rules or conflicts-of-laws principles, except that the Arbitration provision of these Terms shall be governed by the Federal Arbitration Act. In the event that the Agreement to Arbitrate above is found not to apply to you or to a particular claim or dispute, you agree that any claim or dispute that has arisen or may arise between you and us must be resolved exclusively by a state or federal court located in Hennepin County, Minnesota, and both you and us agree to submit to the personal jurisdiction of the courts located within Hennepin County, Minnesota for the purpose of litigating all such claims or disputes.
  12. GENERALThese Terms sets forth the entire understanding between you and us with respect to your use of the DR Commerce Solution and your purchase of Products and DR Services from us, and supersedes any and all prior or contemporaneous communications, agreements, and representations, whether written or oral, related thereto. No amendment to these Terms will be valid unless made in writing and signed by you and us. These Terms prevail over any other terms or conditions contained in or referred to elsewhere or implied by trade, custom or course of dealing. Any purported terms or conditions to the contrary are hereby excluded to the fullest extent legally permitted. DR may engage the services of subcontractors or agents to assist DR in the performance of its obligations related to these Terms. You may not assign or transfer your rights under these Terms, and any purported assignment or transfer shall be void. No relaxation, forbearance, delay or indulgence by either you or us in enforcing any of these Terms or the granting of time by either party to the other shall prejudice or restrict such rights and powers. No waiver of any term or condition of these Terms shall be effective unless made in writing and signed by us. The waiver of any breach of any Term shall not be construed as a waiver of any subsequent breach or condition. If for any reason we determine or a court of competent jurisdiction finds that any provision or portion of these Terms to be illegal, unenforceable, or invalid under applicable law in a particular jurisdiction: (a) these Terms will not be affected in other jurisdictions to the extent that such determination or finding has no application; and (b) in the relevant jurisdiction, the remainder of these Terms (to the fullest extent permitted by law) will continue in full force and effect. Neither you nor us shall be in breach of these Terms in the event that party is unable to perform its obligations as a result of any reason or condition beyond its reasonable control.

EU Standard Contractual Clauses for Commerce and Connector Solutions

STANDARD CONTRACTUAL CLAUSES

controller to controller

 

Section I

 

Clause 1

Purpose and scope

(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.

 

(b) The Parties:

(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”), and

(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)

have agreed to these standard contractual clauses (hereinafter: “Clauses”).

 

(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

 

(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

 

 

Clause 2

 

Effect and invariability of the Clauses

 

(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

 

(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

 

 

Clause 3

 

Third-party beneficiaries

 

(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:

(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii) Clause 8.5 (e) and Clause 8.9(b);

(iii) Clause 12(a) and (d);

(iv) Clause 13;

(v) Clause 15.1(c), (d) and (e);

(vi) Clause 16(e);

(vii) Clause 18(a) and (b).

 

(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

 

Clause 4

Interpretation

(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.

 

(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

 

(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

 

 

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

 

 

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

 

 

Clause 7

Docking clause

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.

 

(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.

 

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

 

Section II – Obligations of the Parties

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

8.1        Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I. B. It may only process the personal data for another purpose:

(i) where it has obtained the data subject’s prior consent;

(ii) where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or

(iii) where necessary in order to protect the vital interests of the data subject or of another natural person.

 

8.2        Transparency

(a) In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:

(i) of its identity and contact details;

(ii) of the categories of personal data processed;

(iii) of the right to obtain a copy of these Clauses;

(iv) where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.

 

(b) Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.

 

(c) On request, the Parties shall make a copy of these Clauses, including the Appendix as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Appendix prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.

 

(d) Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

 

8.3        Accuracy and data minimisation

(a) Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.

 

(b) If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.

 

(c) The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.

 

8.4        Storage limitation

The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation[1] of the data and all back-ups at the end of the retention period.

 

8.5        Security of processing

(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.

 

(b) The Parties have agreed on the technical and organisational measures set out in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.

 

(c) The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality

 

(d) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.

 

(e) In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.

 

(f) In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.

 

(g) The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.

 

8.6        Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter ‘sensitive data’), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.

 

8.7        Onward transfers

The data importer shall not disclose the personal data to a third party located outside the European Union(3)(in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:

(i) it is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;

(iii) the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;

(iv) it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;

(v) it is necessary in order to protect the vital interests of the data subject or of another natural person; or

(vi) where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

 

8.8        Processing under the authority of the data importer

The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.

 

8.9        Documentation and compliance

(a) Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.

 

(b) The data importer shall make such documentation available to the competent supervisory authority on request.

 

 

Clause 9

Use of sub-processors

N/A

 

Clause 10

Data subject rights

(a) The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request.[2] The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language.

 

(b) In particular, upon request by the data subject the data importer shall, free of charge:

(i) provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i);

(ii) rectify inaccurate or incomplete data concerning the data subject;

(iii) erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.

 

(c) Where the data importer processes the personal data for direct marketing purposes, it shall cease processing for such purposes if the data subject objects to it.

 

(d) The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter ‘automated decision’), which would produce legal effects concerning the data subject or similarly significantly affect him/her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:

(i) inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and

(ii) implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.

 

(e) Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.

 

(f) The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.

 

(g) If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.

 

 

Clause 11

 

Redress

 

(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

 

(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.

 

(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:

(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;

(ii) refer the dispute to the competent courts within the meaning of Clause 18.

 

(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.

 

(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.

 

(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

 

 

Clause 12

 

Liability

 

(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.

 

(b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.

 

(c) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.

 

(d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.

 

(e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

 

Clause 13

Supervision

 

(a) See Order Form.

 

(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

 

 

Section III – Local laws and obligations in case of access by public authorities

 

Clause 14

Local laws and practices affecting compliance with the Clauses

(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.

 

(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:

(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;

(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards[3];

(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.

 

(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.

 

(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.

 

(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).

 

(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

 

Clause 15

Obligations of the data importer in case of access by public authorities

15.1      Notification

(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:

(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or

(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.

 

(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.

 

(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).

 

(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.

 

(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

 

15.2      Review of legality and data minimization

(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).

 

(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.

 

(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

 

Section IV – Final provisions

Clause 16

Non-compliance with the Clauses and termination

(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.

 

(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).

 

(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:

(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;

(ii) the data importer is in substantial or persistent breach of these Clauses; or

(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.

 

(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

 

 

Clause 17

Governing law

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third- party beneficiary rights. The Parties agree that this shall be the law of Ireland.

 

 

Clause 18

Choice of form and jurisdiction

(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.

 

(b) The Parties agree that those shall be the courts of Ireland.

 

(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.

 

(d) The Parties agree to submit themselves to the jurisdiction of such courts.

 

 

 

Appendix

 

Annex I

 

A. List of Parties

Data exporter(s) [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]

 

1. Name: See Order Form

Address: See Order Form.

Contact person’s name, position and contact details: See Order Form.

Activities relevant to the data transferred under these Clauses: See Order Form.

Signature and date: See Order Form.

Role (controller/processor): See Order Form.

 

Data importer(s) [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]

 

1. Name: See Order Form

Address: See Order Form

Contact person’s name, position and contact details: See Order Form.

Activities relevant to the data transferred under these Clauses: See Order Form.

Signature and date: See Order Form.

Role (controller/processor): See Order Form.

 

B. Description of transfers

 

Categories of data subjects whose personal data is transferred

  • Shoppers and other persons (e.g., third parties) who do, or might do, business with the parties so as to conduct its business.
  • The parties’ employees and/or contractors who assist with the business relationship.

 

Categories of personal data transferred

  • Personal data from Shoppers such as information that can be used to identify an individual, either alone or in combination with other information available to the parties, such as a name, shipping or billing address, e-mail address, and phone number.
  • Contact and title information of employees and contractors who assist with the business relationship.

 

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

  • For clarity, the parties understand and agree that any payment information (e.g., purchaser payment account information, including but not limited to credit/debit card number, account and routing number, card expiration date, and card verification code or value) will be exclusively received and handled by Digital River and not be made available to you. As such, sensitive data will not be transferred between Digital River and you.

 

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

  • Continuous, for the duration of the contract.

 

Nature of the processing

  • Importer will process data for the as necessary to perform its obligations under the primary agreement with exporter, for fulfilling Shopper transactions, collecting payments, conducting fraud screening, providing support to shoppers, preventing, detecting, or investigating fraud, employing independent fraud modeling, detection, and risk analytics, payment optimization, and generally complying with its contractual or other obligations to the shopper and complying with its legal obligations.

 

Purpose(s) of the data transfer and further processing

  • To permit importer to comply with its obligations under the primary agreement with exporter and to complete sales transaction with shoppers seeking to purchase exporter’s goods and services.

 

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

  • Digital River will retain the data for as long as necessary to comply with its legal obligations as merchant and seller of record.

 

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

  • Not applicable.

 

C. Competent supervisory authority

 

Identify the competent supervisory authority/ies in accordance with Clause 13

  • See Order Form.

 

Annex II

Technical and organizational measures including technical and organizational measures to ensure the security of the data

 

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

 

Measures for ensuring physical security of locations at which personal data are processed:

  • Admission control system, document reader (magnet / chip card)
  • Door locks (electric door opener, number lock, etc.)
  • Protected doors / windows
  • Key administration / documentation of distribution of keys
  • Alarm system
  • Video surveillance
  • Special protective measures for the server room
  • Special protective measures for archiving back-ups and / or other data carriers
  • Employee and authorisation documents
  • Restricted areas
  • Visitor rules (e.g . pick-up at reception, documentation of visiting hours, visitor pass, accompanying visitors to exit after visit)

 

Measures for user identification and authorisation

  • Personal and individual user log-in for registration in the systems or company network
  • Authorization process for access authorizations
  • Limitation of authorized users
  • Single sign-on
  • Two factor authentication
  • BIOS passwords
  • Password procedures (indication of password parameters with regard to complexity and length)
  • Automated blocking of access for a certain time period in case of repeated incorrect entry of access data
  • Electronic documentation of passwords and protection of this documentation against unauthorized access
  • Additional system log-in for certain applications
  • Automatic blocking of clients after a certain period of user inactivity (also password-protected screensaver or automatic stand-by)
  • Firewall
  • System-specific protection against attacks / intrusion detection / intrusion prevention

 

Measures for internal IT and IT security governance and management

  • Administration and documentation of differentiated permissions
  • Authorization process for permissions
  • Profiles / roles
  • Regular checks on the authorization of permissions in accordance with the “need to know” principle
  • Encryption of CD / DVD-ROM, external hard disks and / or laptops (e.g. per operating system)
  • Measures to prevent unauthorized overwriting of data on externally used data carriers (e.g, copy protection, blocking of USB ports, “Data Loss Prevention (DLP) system”)
  • Segregation of duties
  • Irreversible deletion of data carriers

 

Measures for ensuring events logging

  • Logging of access
  • Logging the copying, editing or removal of data
  • System-side logging
  • Security / logging software
  • Logging / documentation of deletions
  • Evaluations / logging of data processing operations

 

Measures for ensuring accountability

  • Procedures for regular controls / audits
  • Risk Assessment
  • Processes for ensuring segaration of duties

 

Measures of pseudonymisation and encryption of personal data and Measures for the protection of data during storage

  • Encryption of laptops
  • Encryption of files
  • Encryption of systems / assets
  • Encrypted storage of passwords
  • Secured WLAN
  • Use of employee numbers instead of names
  • Authorization processes or approval routines for permission to process additional information for identification purposes

 

Measures for the protection of data during transmission

  • Encryption of emails and email attachments
  • Secured data sharing (e.g., SSL, FTPS, TLS)

 

Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services

  • Access rights
  • Functional responsibilities, organizationally specified responsibilities
  • Tunnelled remote data connections (VPN = virtual private network)
  • “Data Loss Prevention System” (DLP)
  • Redundant power supply
  • Sufficient capacity of IT systems and assets
  • Redundant systems / assets
  • Resilience and error management

 

Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

  • Data security concept for software and IT applications
  • Back-up processes
  • Ensuring data storage in secured network
  • Need-based installation of security updates
  • Installation of an uninterruptible power supply
  • Fire and / or extinguishing water protection of the server room
  • Fire and / or extinguishing water protection of the archiving premises
  • Air conditioned server room
  • Virus protection
  • Firewall
  • Emergency plan
  • Successful emergency exercises

 

Measures for ensuring limited data retention

  • Policies for data retention / erasure

 

Measures for ensuring data quality and Measures for certification/assurance of processes and products

  • Procedures for regular controls / audits
  • Concept for regular review, assessment and evaluation
  • Penetration tests
  • Emergency tests
  • Certification: SOC 1, SOC 2 and PCI-DSS

 

Presence of recognized certificates related to the abovementioned requirements (e. g. ISO 27000 series):

  • SOC 1
  • SOC 2
  • PCI-DSS
  • PrivacyMark

 

 

[1]  This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU) 2016/679, and that this process is irreversible.

[2]  That period may be extended by a maximum of two more months, to the extent necessary taking into account the complexity and number of requests. The data importer shall duly and promptly inform the data subject of any such extension.

[3]  As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies.