GENERAL TERMS AND CONDITIONS
OF Nayax EUROPE UAB
Valid as of 1 August 2022
- These general terms and conditions (hereinafter referred to as the “GT&Cs”) constitute the business conditions for activities of Nayax Europe UAB (hereinafter referred to as the “Nayax”) which is licensed under the laws of the Republic of Lithuania as a electronic money institution authorized to provide money remittance service, payment processing and acquiring of payment service.
- The Parties agree that the GT&Cs shall be concluded and communication between the Client and Nayax shall be performed in English language, unless otherwise sagreed by the Parties in the course of business relationship.
- Please be aware that the GT&Cs may be changed from time to time and this particular version of the GT&Cs is only applicable as of the date indicated above next to “Effective as of”. Nayax will publish new versions of the GT&Cs. Please always make sure you read the valid version.
- These GT&Cs form an inseparable part of each Client Agreement made between Nayax and the Client, unless otherwise is directly stipulated in the corresponding Client Agreement. These GT&Cs and the corresponding Client Agreement shall be read and interpreted in concert following the relevant context in relation to each Client.
- In case the Client does not understand or does not wish to agree to particular clauses of these GT&Cs and / or Client Agreement, the Client shall express its misunderstanding and / or disagreement via email indicated in Clause 13 of these GT&Cs prior to concluding the Client Agreement. Conclusion of the Client Agreement serves as a proof that the Client confirms and undertakes with all clauses of the GT&Cs and the Client Agreement.
- If certain relations are not covered by these GT&Cs, they shall be regulated following requirements of applicable laws of the Republic of Lithuania.
- These GT&Cs are published on the Website and are available for each potential Client.
II. INFORMATION ABOUT Nayax
- Nayax Europe UAB (or Nayax) is a legal entity incorporated in the Republic of Lithuania under the legal entity’s code 304891914, having its registered office at Antakalnio str. 17, 10312 Vilnius, Republic of Lithuania.
- Nayax holds an electronic money institution license No 85 issued by the Bank of Lithuania on 29th April 2021 which authorizes Nayax to engage in service enabling cash withdrawals from a payment account as well as the operations required for operating a payment account, execution of payment transactions, including transfers of funds on a payment account with the payment service provider of the payment service user or with another payment service provider: execution of direct debits, including one-off direct debits, execution of payment transactions through a payment card or a similar device and/or execution of credit transfers, including standing order, issuing of payment instruments an / or acquiring of payments, payment processing, money remittance service and issuing of electronic money. The electronic money institution license issued to Nayax is published in the official website of the Bank of Lithuania and may be found following the below links:
In English: https://www.lb.lt/en/licences-1/view_license?id=2051https://www.lb.lt/en/sfi-financial-market-participants/nayax-europe-uabhttps://www.lb.lt/en/frd/view_license?id=462
In Lithuanian: https://www.lb.lt/lt/frd-licencijos/view_license?id=2051https://www.lb.lt/lt/finansu-rinku-dalyviai/nayax-europe-uabhttps://www.lb.lt/lt/frd-licencijos/view_license?id=462
- Nayax is included in the public list “Electronic money institutions holding a license issued in Lithuania for non-limited activity” managed by the Bank of Lithuania which is published in the Bank of Lithuania’s official website. The list may be found following the link: https://www.lb.lt/en/sfi-financial-market-participants?query=Nayax+Europe+UAB&ff=1&market=1https://www.lb.lt/en/sfi-financial-market-participants?market=1&subject=1&business_form=27https://www.lb.lt/en/sfi-financial-market-participants?query=Nayax+Europe+UAB&ff=1&market=1
- Nayax’s activities are supervised by the Bank of Lithuania which is located at Gedimino avenue 6, LT-01103, Vilnius, the Republic of Lithuania, telephone no. +370 800 50 500. Further details of the Bank of Lithuania are available at its official website: https://www.lb.lt/en/.
- Nayax may be contacted via email: firstname.lastname@example.org, email@example.com or firstname.lastname@example.org.
- For the purposes of these GT&Cs sand the Client Agreement, the following terms shall have the meanings given to them below:
Business Day – means a day when the commercial banks in Europe are open for business, excluding Saturday, Sunday and holidays when banks in Europe do not work.
Client – means you, legal entity or merchant (individual / sole trader), who has accepted these GT&Cs and entered into a contractual relationship with Nayax, the subject matter of which is provision of Payment Services. In case the Client is a legal entity, references to the “Client” in these GT&Cs shall be understood also as references to the duly authorized representative of the Client, unless stated otherwise.
Client Agreement – means an agreement concluded between Nayax and the Client on terms specific to a particular Client regarding provision of payment processing, money remittance and payment acquiring service by Nayax. These GT&Cs form an integral part of the Client Agreement, unless the Client Agreement stipulates otherwise. In case of inconsistencies between the GT&Cs and the Client Agreement, clauses of the Client Agreement shall prevail over these GT&Cs.
Confidential Information – means any information, facts and data that are used in the Client Agreement concluded between Nayax and the Client, as well as all other information, facts and data that were received by Nayax about the Client (and vice versa) during the course of business relationship between Nayax and the Client under the signed Client Agreement which has a certain value and capacity to cause benefit or harm to Nayax and / or the Client, or information that is classified by its provider as confidential or its confidential nature results from its essence or circumstances of which of the other Party is aware including but not limited to information on Payment Transfers, on contractual terms offered to the Client and any other information relating to the activities of any of the Parties.
Consent – means the consent of the Client to initiate and / or execute the Payment Order or provide any other Payment Service.
Consumer – means a natural person using the Device for payment for goods / services sold at the machine operated by the Client.
Device – a device provided to the Client by the Group member of Nayax which enables Consumer to purchase and pay for the goods / services sold at the machine operated by the Client. Such funds later are accumulated with Nayax and following Payment Order transferred to the Client.
Electronic Means of Communication (hereinafter referred to “EMC”) – mean any electronic means of communication enabling communication between the Client and Nayax in electronic form, included but not limited to regular emails (including the one specified under Clause 13 under these GT&Cs) and communication within the Client Portal.
Fees – means all fees, including service fees, and cost of Nayax hardware units, payable by the Client to Nayax or to Group Members of Nayax.
GT&Cs – means these GT&Cs for the Provision of Payment Services and all its annexes (if any) under which the Client and Nayax agree on terms regarding the provision of Payment Services.
Group Members of Nayax – means companies belonging to the group which is comprised of the parent company Nayax Ltd and its subsidiaries, including Nayax.
IBAN (International Bank Account Number) – means an international bank account number which is linked with each payment account clear identification of the payee and automated payment processing. IBAN allows identifying an account held by the Client with his payment service provider, where Client funds shall be remitted.
Local Partners of Nayax – means distributors of Devices with which the Client has entered into an agreement for the provisions of Devices and related services.
Nayax – means Nayax Europe UAB. More details about Nayax are provided in Section II of these GT&Cs.
Parties – means Nayax and the Client who concluded the Client Agreement.
Payment Order – means an unconditional and unequivocal instruction given by the Client to Nayax for the performance of the Payment Transfer of Client’s funds kept in the Segregated Account to the bank account with particular IBAN/ account number and sort code indicated by the Client under the Client Agreement. The Parties agree that for the performance of the Client Agreement, parameters with respect to the Payment Orders shall be pre-agreed under the Client Agreement, including the following: frequency or specific date of Payment Order execution, IBAN/ account number and sort code and other relevant details to execute the Payment Order.
Payment Service – means the following payment services provided by Nayax to the Client under these GT&Cs: i) execution of Payment Transfers; ii) acquiring of payment cards and other payment instruments, iii) acquiring of payments Payment services also includes ancillary services that may be provided by Nayax such as currency exchange services, safe-guarding of Client’s funds.
Payment Service Provider (also “PSP”) – means legal entity authorized to provide payment services as defined under the Law on Payments of the Republic of Lithuania which transposes EU Directive 2015/2366 (PSD2).
Payment Transfer – means a payment transaction executed by Nayax following the Payment Order received from the Client according to these GT&Cs and the Client Agreement.
Persons Connected with the Client – means persons who have direct and/or indirect holdings (equities, shares, etc.) in the Client, or whose holdings are directly or indirectly held by the Client, or are part of Client’s, Client’s subsidiaries or parent companies’ management body.
Segregated Account(-s) – means a bank account(-s) opened by Nayax with an EEA credit institution for the sole purpose to hold and safeguard Clients’ funds in line with the regulatory requirements, applicable to electronic money institutions.
Client Portal – means a secure environment provided to each Client which may be reached by the Client through the Website. Client Portal means a page / window assigned to each Client separately, i.e. each Client may log in using logins and passwords created for that particular Client. In the Client Portal each Client can check data on transactions and other additional business information.
Sufficient Funds – mean a minimum amount of funds owned by the Client and kept in the Segregated Account, equaling to the amount of outstanding (unfulfilled) Payment Orders given by the Client, including all applicable fees.
Website – means the following website: https://www.nayax.com
IV. CONCLUSION, TERM, MODIFICATION AND TERMINATION OF THE CLIENT AGREEMENT
a). Conclusion of the Client Agreement
- The Client Agreement shall be concluded if the Client is willing to use Payment Services provided by Nayax.
- The Client Agreement shall be deemed concluded when the Client and Nayax agree on the terms and conditions of the Client Agreement. It shall be deemed that the Client and Nayax agreed on the terms and conditions of the Client Agreement once all the following actions are performed:
- Nayax submits to the Client through the Client Portal and/or via email indicated in the Client Agreement the GT&Cs, know-your-customer documentation and a draft Client Agreement which is prepared for the signing and is tailored to particular Client;
- the Client signs the Client Agreement in electronic form and fills in know-your-customer documentation (in writing or with a digital signature). The Client agrees to and accepts signing of the Client Agreement by electronic means on the Client Portal;
- Or, as an alternative to 21.2, the Client sends the signed Client Agreement, filled know-your-customer documentation and other documentation, as requested by Nayax, via email indicated in Clause 13.
- The provision of the Client Agreement and GT&Cs to the Client through the Client Portal evidences Nayax intent to enter into the Client Agreement. The Client expresses its intent to enter into the Client Agreement by filling and providing know-your-customer information and confirming the terms of the Client Agreement on the Client Portal. Once all relevant AML processes are complete, as specified in the below Clause 18, the Client Agreement comes to power without Nayax expressly signing it in electronic form.
- Once Nayax receives the signed Client Agreement, filled know-your-customer documentation and other documentation, as requested by Nayax, it performs relevant Client’s on-boarding processes, including verification of know-your-customer documentation and risk assessment processes which are required inter alia under the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, and enters into business relationships with the Client only if the results of such assessments show an acceptable AML and business risk level to Nayax for a given Client. For this purpose, the Client may be requested to provide additional relevant information, data and / or documents. Client’s refusal to provide such (additional) information and / or provision of insufficient (additional) information shall be deemed to be a ground for Nayax to refuse to conclude the Client Agreement and disclose the fact to relevant authorities.
- Nayax at its absolute discretion may refuse to enter into contractual relationship with an applicant without specifying any reason, excluding the cases when applicable legal acts establish otherwise.
b). Term of the Client Agreement and GT&Cs
- Without prejudice to the provisions of the GT&Cs regarding the termination of contractual relations between the Parties as defined in Clause d) in this Section, the term of the contractual relations formed under the Client Agreement shall be a period of 12 (twelve) months from the date of signature of this Client Agreement by the Client and Client completing know-your-customer procedure and AML processes as specified in the Clause 18 (the “Initial Term”), and shall be considered automatically extended under the same terms for successive 12 (twelve) months period(s) (each a “Renewal Term”; Initial Term and Renewal Term(s) together – the “Term”), unless either Party provides notice of not less than 30 (thirty) days prior to the end of Initial Term or any subsequent Renewal Term in writing or through EMC to the other Party. The number of extensions of these GT&Cs shall not be limited and an automatic extension of the GT&Cs, as specified above, shall be applied to each Renewal Term.
c). Modification of Client Agreement and the GT&Cs
- Nayax shall have a right to amend the GT&Cs and / or the Client Agreement unilaterally by giving the Client a written notice prior no less than 30 (thirty) calendar days. The written notice shall include inter alia the following information: i) the summary of the amendments made, ii) the date when such amendments shall come into force and iii) the right of the Client not to agree with the amendments and terminate the GT&Cs and / or Client Agreement as specified in Clause 22. In the event that the notice does not state otherwise, the amendments will come into force 30 days after publication of the notice. The written notice shall be submitted to the Client together with the amended version of the GT&Cs through the Client Portal and/or via email indicated in the Client Agreement. The requirement to submit the Client with a prior written notice shall not apply when the immediate effect of the GT&Cs is required under the applicable laws or supervisory authorities and/or when the amendments are in favour of the Client or minor.
- If the Client expressly objects in writing to the amendments proposed following procedure established under and within the term specified in Clause 21 of these GT&Cs, the Client Agreement shall be considered to be terminated in its entirety from the date such written objection is received by Nayax. Such termination shall not be subject to any fee applied by Nayax. .
- The Client shall be deemed to have accepted the proposed amendments, unless the Client notifies Nayax and terminates the Client Agreement (including these GT&Cs) as specified under Clause 22 of these GT&Cs.
- If the Client does not notify Nayax about termination of the Client Agreement (including these GT&Cs) as specified under Clause 22 of these GT&Cs, proposed amendments to the GT&Cs and / or the Client Agreement shall come into effect from the date specified by Nayax in its notice referred to under Clause 21 of these GT&Cs. Amendments that came into effect shall not have retrospective effect and shall not affect any rights and / or obligations that have arisen between the Client and Nayax before amendments came into effect.
d). Termination of the Contractual Relationship
- Nayax shall have a right, in all instances, to discontinue the provision of Payment Services and terminate the contractual relations with the Client, when so required by legal acts or supervisory authorities.
- Nayax shall have a right to terminate the Client Agreement (including these GT&Cs), and/or temporarily withhold payments to the Client, immediately, without any notification in advance, and unilaterally without applying to court where the following reasons exist:
- The Client when performing the Client Agreement (including these GT&Cs) and/or using the Payment Services provides Nayax with incorrect and/or incomplete information or does not provide, avoids or refuses providing any required information to Nayax which is seen as mandatory and necessary for Nayax to perform its legal obligations or execute its rights under the Client Agreement, including, but not limited to, obligations deriving from the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania;
- The Client unplugged, disabled or transferred ownership of all its Devices for more than 30 (thirty) days;
- The Client fails to notify Nayax of circumstances which have or are likely to have a negative impact on the proper fulfillment of the Client’s obligations to Nayax;
- the Client fails, avoids or refuses to provide documents data or information necessary for the completion of the Client’s know-your-customer documentation and risk assessment processes, including documents necessary for the identification of Client, his representative or beneficiary, and/or of the management (shareholding) structure of a Client, for longer than 30 days or conceals the beneficial owners identities or makes use of legal persons who actually do not carry out any activities;
- Nayax has reasonable grounds to believe that the Client and/or Persons Connected with the Client are involved in or related to money laundering and/or terrorist financing both past or present;
- By conducting unlawful acts the Client and/or Persons Connected with the Client have inflicted losses on Nayax or have caused a real threat of such losses occurring or damaged the reputation of Nayax;
- In the reasonable opinion of Nayax, the Client and/or Persons Connected with the Client engaged in the field of activity with a heightened level of risk of money laundering and terrorist financing;
- Exposure to AML, business or reputational risk attributable to the Client and/or Persons Connected with the Client is not acceptable to Nayax;
- According to the information available to Nayax, the Client and/or Persons Connected with the Client are related or were related in the past with criminal organizations;
- The Client and/or Persons Connected with the Client are subjected to or are otherwise related to entities subjected to international financial sanctions of European Union, United Nations, United States or United Kingdom;
- The Client engages in activities without holding the required licenses or other authorizations issued by competent public authorities (e.g., organisation of games of chance, provision of payment services, trade in precious stones and/or precious metals, etc., without holding the required licenses (authorizations);
- There are other facts not mentioned above that may also be considered by Nayax as important, if they reasonably cause Nayax to believe that the continuation of contractual relationship with the Client would infringe the legitimate interests of Nayax, its Client or the public, as well as requirements of the legal acts or internal procedures of Nayax.
- Nayax shall immediately notify the Client via email indicated in the Client Agreement about the termination of the Client Agreement (including these GT&Cs) under clause 26.
- Nayax may also terminate the Client Agreement (including these GT&Cs) without specifying any reasons and unilaterally without applying to court by notifying the Client about the termination via email indicated in the Client Agreement no later than 30 (thirty) calendar days in advance of its termination, excluding the cases when laws of the Republic of Lithuania establish otherwise.
- The Client shall have the right to terminate the Client Agreement (including these GT&Cs) unilaterally, without applying to court, by notifying Nayax of the termination no later than 30 (thirty) calendar days in advance of its termination to email indicated in Clause 13 of these GT&Cs.
- A contractual relationship between Nayax and the Client may also be terminated in the following ways:
- By mutual agreement between the Parties;
- If Nayax or the Client is dissolved without a legal successor;
- Upon withdrawal of electronic money institution license issued to Nayax.
- Relying on other grounds established under these GT&Cs.
- Upon termination of the contractual relations, the Parties are bound to settle any debts and transfer any amounts due before such termination becomes effective.
- The termination of the Client Agreement, including GT&Cs, shall not affect any agreement nor any rights or obligations that have already arisen at the date of the termination.
V. CHANGES IN INFORMATION
- The Client shall be obliged to notify Nayax without delay of any change of information that was provided by the Client with respect to conclusion and / or execution of the Client Agreement, including but not limited to its title, name and surname, registration number, personal code, address, e-mail address, telephone number, change of ultimate beneficial owners / general manager or representative and other KYC documentation. Nayax may change above mentioned Client information on its own if it finds out about the change by itself.
- The Client shall be obliged to notify Nayax without delay of any event that would incapacitate, limit or otherwise hinder performance of its duties under these GT&Cs and / or the Client Agreement, such as initiation of bankruptcy, liquidation or entry into money laundering or terrorist financing related investigation or criminal cases, etc.
- Nayax shall not be liable for any damage incurred by the Client as a result of a failure to report in time changes as specified under Clauses 36 and 37 of these GT&Cs.
VI. IDENTITY ESTABLISHMENT
- To comply with the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania and other related laws, it may be necessary for Nayax to obtain from the Client and retain documents, information and data confirming identity of the Client, its management and shareholders structure, etc. Nayax shall also have a right to invoke a third party support to fulfil duties related with the prevention of money laundering and terrorist financing.
- Nayax shall perform Client identification and risk assessment process prior to concluding the Client Agreement as described under Clause 18 of these GT&Cs and internal procedures of Nayax.
- For the purpose of identification and risk assessment, the Client must submit to Nayax the required information and documents. Nayax shall have the right to take other legitimate measures for the purpose of identification and risk assessment of the Client and/or representative thereof. Failure to submit required information and documents to Nayax or provision of incorrect or incomplete information and documents may lead to refusal to enter into contractual relationships or termination of the Client Agreement (including these GT&Cs).
- Parties express their mutual understanding that Nayax has a general duty to report any suspicious activity identified during the business relationship with the Client to relevant authorities as well as other reporting duties deriving from the laws related to prevention of money laundering and terrorist financing. Nayax shall not be liable for execution of such duties with respect to the Client.
VII. PAYMENT SERVICES PROVIDED
- Nayax provides payment processing, money remittance and payment acquiring services to its Clients. The Payment services are provided in the following context i.e. Consumer uses Device and pays for the goods / services sold by the Client. Consequently, funds paid by the Consumer are transferred to and accumulated in the Segregated Account opened by Nayax. According to the Payment Order issued by the Client under the Client Agreement, Nayax remits Client’s funds net of any Fees from the Segregated Account to the Client’s IBAN/account number at the pre-agreed time, amount and currency, as indicated in the Client Agreement.
VIII. PAYMENT ORDERS
a). General Provisions
- By signing (confirming) the Client Agreement, the Client thereby issues a recurring Payment Order to be executed by Nayax, as per terms specified in the Client Agreement.
- Nayax executes Payment Orders in non-cash form exclusively.
- Nayax shall be responsible for debiting of funds from the Segregated Account by issuing respective payment orders to its payment service provider as per parameters of the Payment Order, issued by the Client to Nayax under the Client Agreement.
- Payment Order shall be executed following parameters (IBAN number/sort code/account number, transfer execution date, currency, etc.) established under the Client Agreement. Parameters of Payment Order may only be changed by the Client by sending a written request (in case of change of IBAN number/sort code/account number, a written request has to be attached with the bank confirmation that the particular bank account belongs to the Client) to email indicated in Clause 13 at least 30 (thirty) calendar days in advance. The Client shall have no right to issue separate one-off Payment Order – all Payment Orders are of recurrent payment type.
- Nayax undertakes to execute Payment Orders with due professional care in compliance with the applicable legal requirements and international standards relating to the performance of non-cash payment transactions through payment systems and in accordance with these GT&Cs and the Client Agreement.
- Nayax shall process Payment Orders as per parameters established under the Client Agreement (or as amended by the Client) without undue delay, providing existence of Sufficient Funds, from which the payment is to be debited. In case of no Sufficient Funds (which is possible, for instance, due to delay from the Consumer’s or Nayax’s PSP side), Nayax shall have a right not to execute the Payment Order or to postpone execution for the reasonable time.
- Parties agree that Nayax prior executing the Payment Order may debit any Fees belonging to Nayax or Group Members of Nayax from the Client’s funds in the Segregated
- The Client while signing the Client Agreement with Nayax shall specify all the parameters necessary for a Payment Order (the IBAN/sort code/account number, the timing (frequency) of the Payment Transaction and any other data required to execute the Payment Order). Receipt of signed Client Agreement by Nayax will be deemed as “Consent” for the execution of a Payment Order as set out in Article 29(1) of the Law on Payments of the Republic of Lithuania.
- The details of the Payment Order established under the Client Agreement may only be changed by the Client by sending a written request (in case of change of IBAN number/sort code/account number, a written request has to be attached with the bank confirmation that the particular bank account belongs to the Client) to email email@example.com. The receipt of a corresponding written request and, where applicable, the bank confirmation that the particular bank account belongs to the Client, through an email indicated in Clause 13 by Nayax will be deemed as “Consent” for the execution of a Payment Order as set out in Article 29(1) of the Law on Payments of the Republic of Lithuania.
b). Cancellation of Payment Orders
- The Client shall be entitled to cancel a Payment Order issued under the Client Agreement (or as amended). The cancelation shall be initiated and received by Nayax prior to the end of the Business Day preceding the specified day for the performance of the Payment Order. Such cancelation of the Payment Order shall be deemed to be withdrawal of the Consent for the Payment Order in accordance with the Law on Payments of the Republic of Lithuania. Nayax shall have a right to charge the Client a fee for any cancelation of a Payment Order in case of Nayax incurred any expenses due to such cancellation.
- Nayax shall be entitled to reject the Payment Order and in such a case Nayax shall notify (unless it is technically impossible or unlawful) the Client in writing about the reasons for the refusal, the procedure for rectifying any errors that lead to the refusal. Such notification shall be given to the Client as soon as possible. Nayax may charge the Client a fee for such refused Payment Order where the refusal is reasonably justified.
c). Errors in Payment Orders
- If the Payment Order contains information or instructions, based on which the Payment Transfer cannot be carried out or, for other reasons, the Payment Transfer cannot be processed, Nayax shall reject such Payment Order or contact the Client to issue new instructions or to clarify them.
- If the Client has noticed of incorrect data in its Payment Order, the Client shall contact Nayax via email firstname.lastname@example.org without undue delay and notify about it.
- If the Payment Order contains incorrect data (for instance, IBAN/account number/sort code or other) as a result of which the payee’s PSP returns the funds transferred, Nayax shall credit these funds back to Segregated Account after deducting the applicable payment related Fees.
- If, owing to fault on its part, the Client provides an incorrect IBAN/account number or sort code for the Payment Order and the funds are transferred to a wrong account and / or payee, the Client shall have no entitlement neither to corrective settlement nor to damages or other compensation from Nayax. However, Nayax shall make reasonable efforts to trace any defectively executed Payment Order and seek to recover the funds of defective Payment Order.
d). Liability with respect to fulfillment of Payment Order
- In the following cases Nayax shall refund to the Client the full amount debited erroneously immediately and the amount debited without authorization as soon as practicable and in any event no later than at the end of the Business Day following the day on which Nayax became aware of or was informed about the unauthorized Payment Order, unless Nayax has reasonable grounds to suspect fraud, in which case it shall notify the supervisory authority in writing:
- The Payment Order was not authorized by the Client or was incorrectly initiated or executed by Nayax; and / or
- The Client has notified Nayax in writing about becoming aware of the unauthorized or incorrectly executed Payment Order and in any event no later than one month after the date the funds were debited,
- The Client shall prove that the Payment Order was not authenticated by the Client. Failure to do so will mean that the Client is not entitled to a refund in accordance with the Clause 56.
- Nayax shall be liable to the Client under clause 56 for the correct execution of a Payment Order unless:
- Clause 55 applies; or
- Nayax can prove to the Client (and where relevant to the Client’s PSP) that the Client’s PSP received the amount of the Payment
- The Client shall be liable for all losses incurred in respect of unauthorized Payment Orders made by Nayax if the Client has acted fraudulently, or not complied with its obligations under Clauses 67 and 68;
- Nayax assumes neither liability nor responsibility for the processing of Payment Orders containing incorrect data provided by the Client and is entitled to charge Fees for costs incurred.
- Nayax shall not be liable for non-performance or any delays caused by the PSPs processing Client funds, including but not limited to card acquiring PSPs and payment executing PSPs or their intermediaries.
- Nayax shall charge the Fees related to the provision of Payment Services according to the Client Agreement.
- Nayax shall charge individual Fees to the Client for other than Payment Services, if any, and the Client shall be informed thereon before using such services.
- If the Client funds are received to or held in the Segregated Account in a different currency than Nayax collects its Fees, Nayax shall convert the necessary Fee amount to the currency it collects its Fees at the rate made available on that moment by the payment service provider, providing such service to Nayax.
X. CLIENT PORTAL
- The Client has access to data on transactions and other additional business information on the Client Portal in electronic form.
- Nayax reserves the right to modify the Client Portal at any time as deemed necessary to comply with applicable laws and regulations or business needs. Nayax reserves the right to amend the functionality of the Client Portal without notice. Nayax shall not be liable if for any reason the Client Portal is unavailable at any time or for any period. From time to time, Nayax may restrict access to the Client Portal.
- The Client shall notify Nayax in writing or through email on becoming aware of the misappropriation of the Client Portal or email – the misappropriation of the Client Portal or email includes:
- the loss by the Client of his password to the Client Portal or email; and/or
- someone other than the Client knowing his password or otherwise being able to gain access to the Client Portal or email.
- The Client must take all reasonable steps to keep the Client Portal and email safe. This includes:
- not telling anyone, including Nayax or someone purporting to be Nayax, his/her Client Portal and email password – Nayax will never ask for passwords via telephone or email or using any other method;
- the Client notifying Nayax as soon as he suspects or knows that someone other than himself knows his passwords or can otherwise gain access to the Client Portal or email;
- having recognized anti-virus software put on the device the Client uses to gain access to the Client Portal and the email account or the Client uses to communicate with Nayax;
- The Client must inform Nayax as soon as it becomes aware that the Client Portal and(or) email it uses to communicate with Nayax has become compromised. The Client is fully responsible for the security of the Client Portal and email.
- Nayax is entitled to block disposing (“freeze”) of the Client funds in the Segregated Account for a necessary period of time in the following cases:
- Nayax has a suspicion that the funds received in the Client’s name are intended for the commitment of a crime, resulted from a crime or participation therein;
- if there is a suspicion that an unauthorized change to the parameters of Payment Order was issued;
- the Client is in delay to serving its obligations under the Client Agreement, these GT&Cs or other agreements concluded with Group Members of Nayax;
- in an event of Client’s bankruptcy, initiation of restructuring proceedings and other forms of Client liquidation, or the risk of insolvency on the Client’s side excessively increases within a short period;
- for the purposes of corrective accounting and settlement;
- the Client is using Payment Services provided by Nayax and fraudulent acts have been proved on the Client’s side or criminal proceedings are initiated against the Client or its employees in the matter of fraudulent acts;
- if the Client fails to comply with the rules of Nayax banking partners and such conduct may cause a damage to Nayax.
- Unless doing so would compromise reasonable security measures or be unlawful, before blocking of any disposition (“freezing”) of the Client funds in the Segregated Account or immediately after doing so, Nayax will securely contact the Client via email indicated in the Client Agreement and give reasons for “freezing” Client funds. As soon as practicable after the reason for “freezing” of the Client funds has ceased to exist, Nayax will allow the resumption of Client funds use.
- Contact details of Nayax are presented in Clauses 9 and 13 as well as the Client Agreement. Contact details of the Client are presented in the Client Agreement.
- Any communication between Nayax and the Client shall take place primarily through email. Such disclosure of any information by Nayax means that the relevant information is duly delivered to and received by the Client on the same Business Day it was issued.
- The Parties may also communicate over other means of communications. Telephone communications will primarily be used in regard to Client verification and consultation of the Clients.
- Nayax shall not be responsible for any mistake, inaccuracy, technical defect or damage caused by incorrect, outdated Client contact details and their subsequent use by Nayax if such data was provided by the Client and not updated later.
- The Client shall agree that Nayax may record any ongoing communication between Nayax and the Client using any available technical means, and may archive all the records, as well as the copies of any information and documents that Nayax will receive from the Client and third parties in accordance with applicable laws on personal data protection. The Client shall also agree and acknowledge that Nayax may use such recordings, information and documents as evidence in any dispute or anticipated dispute.
XII. DATA PROTECTION
XIII. GENERAL LIABILITY FOR DAMAGES AND FORCE MAJEURE
- One Party shall be liable to another Party for losses caused due to non-fulfilment or improper fulfilment of its obligations under these GT&Cs and the Client Agreement. The guilty Party shall undertake to compensate the direct losses of aggrieved Party.
- Nayax liability under these GT&Cs and the Client Agreement shall be limited as follows:
- Nayax shall be liable only for the direct losses caused to the Client due to direct and substantial breach of these GT&Cs and/or the Client Agreement by Nayax, and only for such losses which might reasonably be foreseen by Nayax at the time of breach;
- Nayax’s compensation for losses caused due to breaches of these GT&Cs and/or the Client Agreement shall be limited to the amount of all Fees and charges paid to Nayax by the Client over the last 12 (twelve) months. However, limits on Nayax liability shall not be applied where such limits are forbidden by applicable laws.
- Nayax shall not be liable:
- if for any reason the Client Portal or Device is unavailable or broken at any time or for any period;
- in any case Nayax shall not be liable for the loss of Client’s profit and income, loss of Client’s good repute, collapse or loss of business, indirect losses;
- for mistakes made by credit institutions, settlement systems or other third parties, untimely execution of Payment Orders, freezing of funds;
- for consequences arising out of improper discharge of Nayax’es obligations regarding reasons caused by third parties which are beyond Nayax’es control;
- for consequences arising out of lawful termination of the Client Agreement (including these GT&Cs), cancellation or restriction of Client’s access to the Client Portal as well as reasonable restriction or termination of provision of Payment Services;
- for goods and services sold using the Device;
- for failure to meet contractual obligations and losses, if obligations were not discharged or damage were made while Nayax had been following the duties arising out of applicable laws;
- if card processor or Nayax acting as acquirer refuses to accept Consumer’s card. As a consequence Nayax shall not continue with the clearing of the transaction.
- with respect to any transactions initiated through the Device by the Consumer which has been cleared but subsequently declined by the card processor for any reasons. Fees related to such transaction and losses arising out of vended product shall be assumed in its entirety by the Client;
- for card chargebacks and any related fees, when the Customer revokes transaction after the purchase of goods and(or) services through the Device.
- Nayax shall not be liable for any damage sustained to the Client as a consequence of untrue, incomplete, incorrect or misleading information, instructions or documents provided by the Client (or a person acting on behalf of it) to Nayax in exercising its rights under these GT&Cs or the Client Agreement or failure to provide the required information, instructions or documents in time. The Client shall be fully responsible for the correctness, completeness and timeliness of any information, instructions or documents provided to Nayax by the Client/ persons acting on behalf of him.
- The Party shall be exempted from the liability for non-performance of obligations under these GT&Cs and/or the Client Agreement if it can prove that nonperformance of obligations under these GT&Cs and/or the Client Agreement is caused by force majeure circumstances which are proven according to the applicable laws. Each Party shall notify each other about force majeure circumstances in writing or through EMC within reasonable time after the occurrence of such circumstances.
- The imposition of liability under the provisions of these GT&Cs or the Client Agreement shall not affect the right of the aggrieved Party to claim full compensation for damage in case of the gross negligence or willful misconduct.
- Each Party undertakes that it shall not at any time, disclose to any person any Confidential Information concerning the business, affairs, customers or suppliers of the other Party or of any member of the group of companies to which the other Party belongs, except as permitted by Clauses 85 and 86.
- Each Party may disclose the other Party’s Confidential Information:
- to its employees, officers, representatives, advisers or in case of Nayax – to Group Members of Nayax and related entities, who need to know such information for the purposes of exercising the Party’s rights or carrying out its obligations under or in connection with these GT&Cs or the Client Agreement, as well as for the purpose of resolving any disputes, enforcing legal rights, maintaining, protecting, managing, customizing, improving and developing the Services, detecting fraud, detecting security or technical issues and resolving them, or in the event of a corporate transaction . Each Party shall ensure that its employees, officers, representatives, advisers or in case of Nayax –Group Members of Nayax, to whom it discloses the other Party’s confidential information comply with this section XIV; and
- as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
- No Party shall use any other Party’s Confidential Information for any purpose other than to exercise its rights and perform its obligations under or in connection with these GT&Cs or the Client Agreement. This does not limit the right of Nayax to disclose such information to its legal consultants, supervisory authorities, third party service providers, other Nayax Group entities and related entities and subject to other legal grounds.
XV. WARRANTIES AND REPRESENTATIONS
- The Client by accepting these GT&Cs hereby represents and warrants that:
- The Client received, read and is acquainted with the GT&Cs and agrees and accepts them;
- The provisions of the GT&Cs are clear and understandable to the Client and correspond to the Client’s needs and intentions;
- The Client confirms that information he/she provided during the onboarding procedure is true, correct and reliable.
- The Client undertakes to act in compliance with the applicable legal acts and international standards relating to the use of services provided by Nayax.
- The Client is not prevented by any legal disability or subject to any law or regulation from performing their obligations under the GT&Cs and any related transactions contemplated by them.
XVI. DISPUTE RESOLUTION AND APPLICABLE LAW
- Disputes between Nayax and the Client shall be settled by way of negotiations.
- The Client is entitled to submit complaints to Nayax. Complaint may be submitted to Nayax mailto:email@example.com via client support website at https://www.nayax.com/contact-support/.
- Nayax shall respond to the Client’s complaint in writing or using another durable medium within 30 (thirty) days after the receipt of a complaint.
- In exceptional cases, due to reasons which are beyond Nayax control, Nayax is allowed to send to the Client a preliminary response by indicating reasons for delay and the term by which the Client will receive Nayax final response. In any case the term for provision of final response shall not exceed 60 (sixty) days after the receipt of a complaint.
- Handling of complaints is free of charge. Parties shall agree that complaints shall be submitted, handled and responded in English.
- Nayax shall have internal procedures for handling complaints fairly and promptly in accordance with the applicable laws. The Client Complaint Procedure is available on https://s3.amazonaws.com/static.nayax.com/policy/Client-complaints-policy.html. In case of conflicting clauses provided in this Client Agreement and in the Client Complaint Procedure, the latter shall be considered as prevailing.
- Should the Client be generally not contended with Nayax or its Services, where there is no claim or disagreement between Nayax and the Client, may approach the Bank of Lithuania by submitting a complaint to the Bank of Lithuania at Totorių g. 4, LT-01121 Vilnius, email: firstname.lastname@example.org, or to the Supervision Service of the Bank of Lithuania, Žalgirio g. 90, LT-09303 Vilnius, email: email@example.com
- Should the Client not be satisfied with Nayax or Bank of Lithuania’s final response, then only recourse for the Client will be through the courts unless otherwise agreed between the Parties.
- These GT&Cs, the Client Agreement and any disputes or claims arising out of or in connection with these GT&Cs or the Client Agreement or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the Republic of Lithuania, unless a separate agreement of the Parties establishes otherwise.
- The Client shall irrevocably agree that the courts of the Republic of Lithuania have exclusive jurisdiction to settle any dispute or claim or other matter that arises out of or in connection with these GT&Cs or the Client Agreement or their subject matter or formation (including non-contractual disputes or claims).
XVII. FINAL PROVISIONS
- Nayax shall have a right to transfer its rights and obligations under these GT&Cs and/or the Client Agreement to another person without Client’s consent and following legal requirements. Nayax shall always notify the Client in writing or through EMC if this happens.
- The Client may only transfer its rights or its obligations under the Client Agreement, including these GT&Cs, to another person if Nayax agrees to this in writing or through email.
- If any of the provisions of these GT&Cs or the Client Agreement are or may become invalid, ineffective, and/or unenforceable, this shall not affect the validity, effectiveness, and/or enforceability of other provisions of these GT&Cs or the Client Agreement. In such a case, Nayax undertakes, upon contract with the Client, to replace such provision by a new provision, which will be as similar as possible in terms, content and purpose.
- The Parties shall mutually agree to rely on the exemption of Article 3(7) of the Law on Payments of the Republic of Lithuania and consequently shall apply provisions of Section III, Articles 4(1), 4(2), 4(3), 11(1), 11(2), 11(5), 29(3), 36, 37, 39, 41, 44, 51, 52 of the Law on Payments of the Republic of Lithuania to the extent provided in these GT&Cs and the Client Agreement.
- Any fees or other financial obligations incurred by Parties fulfilling their obligations under the Client Agreement and these GT&Cs shall be paid by each Party separately as they incur to them, unless the Parties agree otherwise.
ANNEX No 1 to the General Terms & Conditions of Nayax Europe UAB
ADDITIONAL PROVISIONS RELATED TO NAYAX EUROPE UAB’s STATUS AS PAYMENT FACILITATOR
- General provisions
1.1. These Additional Provisions (“Additional Provisions”) are inseparable part of the GT&Cs which constitute business conditions for activities of Nayax Europe UAB (“Nayax” or “we”) and provision of Payment Services to you, our client.
1.2. To be able to provide Payment Service to you, Nayax uses services of third-party service providers, such as Finaro Malta Banking Operations Center (formerly “Credorax), registered at Palazzo Homedes, 80 Strait St., Valletta VLT 1436, Malta; Nuvei Limited (formerly “SafeCharge Limited”), registered at Καυκάσου, 9, TREPPIDES TOWER, Floor 3, Flat/Office 301 Αγλαντζιά 2112, Λευκωσία, Κύπρος, Cyprus and SaltPay IIB hf. (formerly “Borgun”), Katrínartúni 4 – 105 Reykjavík, Iceland (the “Member” or “Members”) that are members of various Card Schemes and provide authorization, processing, settlement and clearing services of Card relatedtransactions and other necessary ancillary services.
1.3. The Members serve as an acquiring member for Card clearing meanwhile Nayax, with respect to the Members, serve as payment facilitator and, due to such status, Nayax must assume certain obligations that are necessary for the Members to be able to provide services to Nayax and for Nayax to provide Payment Service to you. These Additional Provisions cover obligations and rules resulting from Nayax status as a payment facilitator against the Members and they are obligatory to us and, once accepted, to you.
2.1. Words used in capital letters in these Additional Provisions shall have the same meaning as assigned to them under the GT&Cs unless otherwise established by these Additional Provisions.
2.2. The following additional definitions are relevant for these Additional Provisions:
Card – shall mean any and all payment cards supported by any Card Scheme which is used by the Cardholder to purchase relevant Client’s item or service being sold via the Device.
Cardholder – shall mean the person or entity authorized to use the Card and using the Card in order to purchase relevant Client’s item or service being sold via the Device.
Card Schemes – shall mean Visa, MasterCard or any other similar payment scheme.
Card Scheme Rules – shall mean rules, regulations, interpretations and other requirements (whether contractual or otherwise) imposed or adopted by the Card Scheme from time to time.
Chip and PIN Card – shall mean the Card embedded with a chip that communicates information to the Device and is protected by a personal identification numeric code that is used to identify the Cardholder in an authorization request.
Mark – shall mean shall mean brands, names, logos, trademarks, trade names or service marks which are the property of the Member (or affiliates), its licensors and/or of Card Schemes or any other relevant payment provider or other third party.
PCI Standards – shall mean the Payments Cards Industry Data Security Standards as issued and modified by the Card Schemes from time to time.
- Disclosure of Client’s information to Members
3.1. Please be informed that for the Members to be able to provide services to Nayax that facilitate provision of Payment Service to you, Nayax is required to disclose certain information about you (the Client) to the Members.
3.2. Under request of the Member, the Member shall be provided by Nayax with the following information, data and / or documents about the Client (the list is not exhaustive):
- all “doing business as” names used by the Client;
- current address of each of the Client’s offices;
- a general description of goods sold and/or services provided by the Client via the
Device to Cardholders;
- a brief description of the business activities of the Client;
- URLs (where applicable);
- names of Clients’ principals and their country of domicile;
- all due diligence documentation collected by Nayax in respect of the Client
(including identity and verification checks on the Client, its owner, partners,
shareholders, beneficial owners, authorized signatories, etc.);
- records of valid transactions submitted by the Client;
- other information, data, documents about the Client required by the Member.
3.3. Nayax shall provide all the required information about the Client to the Member, including their updates and subsequent changes.
3.4. For Nayax to be able to fulfill obligation established under clause 3.2 of these Additional Provisions, Nayax will require this information, data and/or documents from the Client prior to entering into contractual relations with you (e.g. as part of identification process) or afterwards, in case some of the required information is missing. By accepting these Additional Provisions, you agree to be cooperative and provide all information, data and documents that may be required by Nayax and/or the Member, and/or Card Scheme, and/or any other authorized person. Failure to do so, may result in termination of the Client Agreement as specified in section 4 of these Additional Provisions.
- Additional Client Agreement’s termination grounds
4.1. Nayax shall have the right to terminate the Client Agreement (including the General Terms & Conditions) unilaterally and without applying to court where the following reasons exist:
- the Member, after reviewing the portfolio of the Client introduced by Nayax, informs Nayax that the Client shall no longer form part of the portfolio serviced by the Member;
- the Client engages in activities that are indicated by the Member to Nayax as prohibited activities which the Client shall not carry out;
- the Card Schemes de-registers Nayax or if the Member ceases to be a member of the Card Scheme(s) for any reason, or if the Member fails to have a valid license with the Card Scheme(s) to use any Mark accepted by the Client;
- it is identified that the Client engages in activity or performed actions that are deemed to be fraudulent or otherwise harmful to the business of Nayax, the Member, or the Card Scheme(s);
- the Client is deemed by Nayax, Member or the Card Scheme(s) to have conducted its activity in violation of the Card Schemes Rules and/or the PCI standards;
- the Client is about to become insolvent, be declared bankrupt, cease trading, be sold, leased or transferred or in the event of circumstances indicating the possibility of the Client becoming insolvent, be declared bankrupt, ceasing trading, being sold, leased or transferred or that in a manner the Client will not be able to comply with its obligations under the Client Agreement with Nayax;
- the Client engages in activities that are considered as prohibited and/or restricted activities by the Member and/or Card Scheme, and/or Nayax;
- due to any other circumstance that, at the discretion of the Member and/or the Card Scheme, and/or Nayax, and/or any other authority, is considered as implicating fraudulent, wrongful activity of the Client or breach of the Client Agreement;
- the Client is in any way or is found to be offering poor quality goods or services;
- if the chargeback levels of the Client exceeds the Member’s internal thresholds;
- full information, data and/or documents about the Client required by the Member and/or the Card Scheme and/or Nayax is not provided;
- other circumstances that are considered by the Member and/or the Card Scheme and/or Nayax as forbidding provision of Payment Services to the Client.
4.2. All the above termination grounds as well as termination request received from the Member and/or Card Scheme, and/or other authorized person shall be considered as mandatory to Nayax and authorizing Nayax to unilaterally terminate the Client Agreement immediately without giving any prior termination notice to the Client, unless the Member and/or the Card Scheme informs Nayax otherwise.
- Provisions related to the Card Schemes
5.1. The Client acknowledges and agrees to the following:
- to comply with all applicable policies of the Member as amended from time to time as will be submitted by Nayax;
- to comply with the Card Scheme Rules and all applicable requirements of the laws;
- that the Card Schemes are the sole and exclusive owner of the Marks;
- not to contest the ownership of the Marks for any reason;
- the Card Schemes may at any time, immediately and without advance notice, prohibit the Client from using any of the Marks for any reason;
- the Card Schemes have the right to enforce the Card Scheme Rules and to prohibit the Client and/or Nayax from engaging in any conduct the Card Schemes deems could potentially injure the Card Schemes, including damage to reputation, or that could adversely affect the integrity of the Interchange System, the Card Schemes’ confidential information (as defined in the Card Scheme rules) or both; and
- the Client shall not take any action that could interfere with or prevent the exercise of this right by the Card Schemes.
5.2. Unless otherwise agreed, the Client agrees to accept as payment for all goods and services sold via Devices and supplied within the normal range of its activity and without discrimination all and any Cards.
5.3. The Client shall agree to assume responsibility for ensuring that:
- the presenter of the Card is the person whose name is embossed on the face of the Card;
- the embossed account number on the face of the Card matches the printed number on the back of the Card and the account number of the transaction receipt;
- the Card, and in particular the signature panel, is not altered or mutilated;
- the Card has not expired;
- the transaction is genuine and not fraudulent;
- when the Card is a Chip and PIN Card and where applicable, the Client is to process the Card as prompted by the Device and the Cardholder shall be required to input any applicable PIN number, when and if prompted by the Device.
5.4. Where applicable, the Client is to ensure that the entry of any Cardholder’s PIN into a Device is not recorded on camera.
5.5. Nayax shall be responsible for the Card acceptance policies and procedures of the Client and may require changes that it deems necessary or appropriate to ensure that the Client remains in compliance with the standards governing the use of the Marks of the Card
Annex 2 – Nayax DATA PROTECTION ADDENDUM
This Data Protection Addendum (“DPA”), as well as the provisions of the agreement between Nayax and Customer (“Agreement”), govern the transfer and Processing of Personal Data between Nayax and the Customer. Any capitalized terms that are used herein and not defined herein shall have the meaning ascribed to such terms in the Agreement.
- The terms “Personal Data,” “Processor,” “Controller,” and “Processing,” “Special Categories of Personal Data,” shall have the meaning ascribed to such terms in the GDPR. The terms “Business,” “Business Purpose,” “Consumer,” “California Consumer,” “Service Provider” and “Sell” or “Sale” shall have the meaning ascribed to them in the CCPA. The term “Personal Data” as used herein shall also mean and refer to “Personal Information” as such term is defined in the CCPA.
- “Authorized User” means an individual who is authorized by Customer to use the Payment Services, to whom Customer has provided a sub-account, and/or to whom Customer has provided user credentials – identification and password enabling access to the Customer Account. Authorized Users may include, for example, employees, consultants, contractors and agents of Customer.
- “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq.
- “Customer Account” shall have the meaning ascribed to such term in Section 3.
- “Customer’s End-Users” means Customer’s end-users and consumers.
- “Data Protection Law” means any and all applicable privacy and data protection laws and regulations (including, where applicable, the GDPR, UK GDPR and the CCPA) as may be amended or superseded from time to time.
- “Data Subject” means a natural person regarding whom Personal Data or Personal Information is Processed and shall also mean and refer to a “Consumer” under the CCPA.
- “End-User Data” means any and all Personal Data that is provided to the Customer by the Customer’s End-Users.
- “GDPR” means EU General Data Protection Regulation (Regulation 2016/679).
- “Payment Services” means the provision of Nayax Unit and/or services associated with vending machines’ operation, and/or cashless payment services, including services provided by Nayax via its designated system.
- “Platform” shall have the meaning ascribed to such term in Section 3.
- “Standard Contractual Clauses” mean the standard contractual clauses for the transfer of Personal Data to third countries pursuant to the GDPR and were adopted by the European Commission Decision 2021/914 on June 4, 2021, which are attached herein by linked reference: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN.
- UK GDPR” means the Data Protection Act 2018 and the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).
- “UK SCC” means where the UK GDPR applies, the standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR for transferring Personal Data outside of the EEA or UK.
- DATA PROCESSING
- Nayax will Process Personal Data on behalf of Customer as specified in Appendix A attached hereto.
- CUSTOMER ACCOUNT MANAGEMENT
- In order to use the Services, including the DCS (“Platform”), a designated Customer account will be created by Nayax for the use of the Customer and its Authorized Users ( “Customer Account”). Customer will be required to select a username and password and use a 2 factor authentication application in order to use the Platform. Customer may create sub-accounts and grant access authorizations to the Customer Account solely to its Authorized Users. Each of the Authorized Users will be required to select a username and password in order to access and use their sub-account in the Customer Account. Customer is solely responsible for setting-up applicable permissions and sub-accounts on the Platform for each of its Authorized Users.
- Customer acknowledges that under applicable laws access authorizations to systems containing Personal Data, including the Platform, should only be granted on a need-to-know basis, may require ongoing monitoring of access authorizations and should be used by Authorized Users only. Customer may need to remove Authorized Users who no longer have a “need to know” with respect to the Platform as a part of such monitoring, such as any of Customer’s former employees. Customer hereby undertakes to comply with applicable laws in this context.
- In order to create and use the User Account, Customer and any Authorized Users on its behalf, must be at least 18 years old, and will be required to provide certain Personal Data, such as their name and contact information. All such information provided must be truthful, and accurate and up-to-date. Customer undertakes that it and its Authorized Users will not, and will not enable others, to use any access authorizations in deviation of the specific authorization granted or by anyone who is not the Authorized User, and not to share their authorizations with any other person or third party. If Customer’s or its Authorized Users’ information provided during the Platform registration process changes at any time, Customer undertakes to update such information on the Customer Account or as otherwise instructed to do so by Nayax.
- Customer hereby represents and warrants that it: (i) is solely responsible for Authorized Users’ compliance with this DPA, any applicable agreement with Nayax, the Terms and Conditions, and any applicable laws and regulations; (ii) is solely responsible for the accuracy, quality and legality of any information provided by it or its Authorized Users; (iii) is solely responsible for its use and the Authorized Users’ use of the Payment Services and the Platform; (iv) will use appropriate efforts to prevent and detect unauthorized access to or use of the Payment Services and the Platform and notify Nayax of any such unauthorized access or use immediately upon discovery; and (v) will use the Payment Services and the Platform only in accordance with this DPA, the Terms and Conditions and applicable laws.
- For the avoidance of doubt, Nayax does not and cannot control or monitor the management of the Customer Account and use of the Platform by Customer and its Authorized Users, and Customer is solely and fully responsible for such management and use.
- In the event Customer or its Authorized Users violate any of the terms of this DPA, Nayax may suspend or terminate the Customer Account or suspend or terminate Customer or its Authorized Users’ access to the Platform.
- REPRESENTATIONS AND UNDERTAKINGS OF THE PARTIES
- The Parties shall each implement appropriate technical and organizational measures to ensure a level of security appropriate for the risks to Personal Data.
- The security measures implemented by Nayax are further detailed in ANNEX II. Customer confirms that it has reviewed and approves such measures.
- Nayax represents and warrants that Nayax’s employees, authorized by Nayax to Process Personal Data on behalf of Customer, are committed to customary confidentiality undertakings and privacy and data protection obligations, or are otherwise under appropriate statutory obligations of confidentiality.
- Nayax shall only Process Personal Data on behalf of Customer, pursuant to the instructions as set forth herein and in accordance with the Agreement.
- Customer undertakes that Customer shall Process Personal Data only as lawful and compliant with applicable law and that it will comply with applicable Data Protection Law, specifically with regards to the lawful basis principal for Processing Personal Data under the GDPR, UK GDPR and the CCPA (if applicable).
- Customer further represents that Customer has all required authorizations to disclose Personal Data to Nayax, including, procuring an affirmative act of consent from End-Users in the event Customer is required to do so in accordance with applicable Data Protection Law. Furthermore the Customer shall maintain all necessary notices and uphold any and all privacy requirements under applicable Data Protection Law that it will need in order to Process Personal Data in accordance with the terms of this DPA.
- Customer shall not disclose to Nayax any Data that is considered Special Categories of Personal Data.
- Nayax will delete or return to the Customer, any of Customer’s Personal Data and the End-User Data after the termination or expiration of the Agreement, unless permitted or required to retain it under applicable law.
- Customer hereby instructs Nayax to Process, on behalf of Customer, Personal Data, in connection with the Payment Services to Customer, and as set forth under Article 28(3) of the GDPR and UK GDPR (as applicable) solely for the purposes and in accordance with the terms specified herein and in the Agreement and for the pursuit of a Business Purpose as set forth under the CCPA. Notwithstanding the above, in the event Nayax is required under applicable laws to Process End-User Data, other than as instructed by the Customer, Nayax shall make reasonable efforts to inform the Customer of such requirement prior to Processing such End-User Data, unless prohibited under applicable law from doing so.
- Notwithstanding the above, Nayax will not be obligated to perform any instruction which in Nayax’s determination, is in violation of applicable law.
Upon Customer’s reasonable request, Nayax will provide Customer with relevant documentation or records (which may be redacted to remove confidential commercial information) which will enable it to verify Nayax’s compliance with its data protection and security obligations under the terms of this DPA. Nayax shall supply such documentation to Customer within thirty (30) days from its receipt of such request in writing.
- DATA SUBJECTS’ RIGHTS AND AUTHORITY REQUESTS
- Customer shall have the sole liability to comply with its obligations in connection with the rights and freedoms of Data Subjects pursuant to applicable laws. It is therefore hereby agreed, that in the event Nayax receives a request from a Data Subject or an applicable authority in respect of the Personal Data Processed by Nayax on behalf of the Customer, where relevant and unless otherwise required under applicable law, Nayax will direct the Data Subject or the applicable authority to the Customer in order to enable the Customer to respond directly to the Data Subject’s or the applicable authority’s request, unless otherwise required under applicable laws.
- Nayax shall make reasonable commercial efforts to assist the Customer, in the fulfilment of the Customer’s obligations to respond to Data Subjects’ request to exercise their rights, to the extent permitted under Data Protection Law.
- NO SALE OF PERSONAL DATA
It is hereby agreed that any sharing of Personal Data between the parties is done solely in order to fulfil a Business Purpose and Nayax does not receive or process any Personal Data in consideration for the Payment Services. As such, the Processing of such Personal Data shall not be considered a Sale under the CCPA.
- CUSTOMER’S PERSONNEL DATA RIGHTS
- SUBPROCESSING AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES
- Customer hereby grants Nayax express authorization to engage with third party data Processor’s (“Sub-Processors”) for the provision of the Payment Services, as determined by Nayax in Nayax’s reasonable determination. A list of Nayax’s Sub-Processors can be found here, as may be updated from time to time by Nayax (“Authorised Sub-processors”).
- Customer represents that it has reviewed and approves the transfer of its Personal Data to the third parties listed in the list of Authorised Sub-processors. Customer confirms that Nayax will update the list of Authorised Sub-processors from time to time, and Customer agrees to review the list periodically to review any updates and modifications. In the event that Customer has an objection to the transfer of its Personal Data to any third party listed in the list of Authorised Sub-processors, Customer will provide written notification to Nayax, specifying the relevant third party and the grounds for the objection. Following the receipt of such notification, Nayax may either: (i) replace the relevant third party in relation to sub-processing of Customer’s Personal Data; or, if such replacement is not practical (ii) terminate the Agreement by written notification to Customer.
- Customer acknowledges that certain third parties with which Nayax shares Personal Data in the framework of providing the Customer with the Payment Services, may be considered as a Controller under the GDPR, UK GDPR or under the applicable credit card scheme, or a Business under the CCPA. In relation to such third parties, Customer confirms that they have separate and independent responsibility to Process Personal Data in compliance with applicable Data Protection Laws, and that Nayax will not be liable for such entities’ Processing activities and their compliance with applicable Data Protection Laws.
- Nayax may also share Personal Data with its affiliated companies in the Nayax group, as reasonably required to conduct its business and provide Customer with the Payment Services.
- INTERNATIONAL TRANSFERS OF DATA
- Customer acknowledges and agrees that in order to be provided with the Payment Services the parties shall transfer and Nayax may access and Process Personal Data form territories different than those where the data was collected. In the event the Processing includes transferring of Personal Data which is subject to GDPR to a country outside the EEA, that has not received an adequacy decision from the European Commission, and where no exemptions under Article 49 of the GDPR apply (“Restricted Transfer”), the following shall apply:
- In order to maintain the integrity, security and confidentiality of Personal Data, a Restricted Transfer shall be subject, in addition to the terms of this DPA, to the terms and obligations of the Module II of the Standard Contractual Clauses in which event Nayax shall be deemed as the Data Importer and the Customer shall be deemed as the Data Exporter.
- The purpose and description of the transfer are detailed in ANNEX I.
- The Customer further agrees that where Nayax engages a Sub-Processor, in accordance with Section 10 above for carrying out specific processing activities (on behalf of the Customer) and those processing activities involve a transfer of Personal Data within the meaning of Chapter V of the GDPR, Nayax and the Sub-Processor can ensure compliance with Chapter V of GDPR by using Standard Contractual Clauses in which event Nayax shall be deemed as the Data Exporter and the respective Sub-Processor shall be deemed as the Data Importer. For the purposes of such engagement, Nayax and the Sub-Processor will enter into Module III of the Standard Contractual Clauses.
- For the sake of clarity and without derogating from Section 2.1 above, to the extent that Nayax acts as a Controller of Personal Data, any Restricted Transfer shall be governed by the terms and obligations of Module II of the Standard Contractual Clauses in which event Nayax shall be deemed as the Data Exporter and its respective Processors shall be deemed as the Data Importers.
- To the extent that Personal Data transferred from the UK to other countries which have not been recognized as having the adequacy decision, outside the EEA or UK, then the UK SCC shall apply, and shall incorporate ANNEX I and II and the list of the Authorized Sub-Processors, mutatis mutandis.
- Customer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Standard Contractual Clauses, all Subject to Clause 13 of the Standard Contractual Clauses.
- The parties agree that subject to Clause 17 and 18 of the Standard Contractual Clauses, the Standard Contractual Clauses shall be governed by the laws of the Lithuania dispute arising from Standard Contractual Clauses shall be resolved by the courts of Lithuania, without giving rise to any conflict of laws principles included therein. Notwithstanding the above, subject to Clause 18 the Standard Contractual Clauses, a Data Subject may also bring legal proceedings against the parties before the courts of the Member State in which he/she has his/her habitual residence.. Notwithstanding the above, subject to Clause 18 the Standard Contractual Clauses, a Data Subject may also bring legal proceedings against the parties before the courts of the Member State in which he/she has his/her habitual residence. Notwithstanding the above, the UK SCC shall be governed by the laws of England and Wales..
- Specifically for EU-US Transfers: Additional measures and assurances regarding US government surveillance (“Additional Safeguards”) shall apply, as further detailed in ANNEX II.
- Customer shall bear the sole responsibility of obtaining and documenting all necessary consents from Data Subjects for the transferring of such Personal Data, if required to do so under applicable law.
- Nayax shall notify Customer in writing in the event that it becomes aware of a data breach that affected Customer’s Personal Data or End-User Data, and/or as otherwise required under applicable law. Nayax’s notification regarding or response to a data breach shall not be construed as an acknowledgment by Nayax of any fault or liability with respect to such data breach. Nayax will take any necessary steps to contain, remediate and minimize the effects of the data breach and co-operate with the Customer with respect to the handling of such data breach (as applicable and necessary).
- Nayax may disclose Data to law enforcement, regulatory or other government agencies, or third parties, if Nayax reasonably believes that such disclosure is necessary to comply with a judicial proceeding, court order, or a legal process.
- LIABILITY AND INDEMNIFICATION
Customer will indemnify, and hold harmless Nayax, and its officers, directors, employees, successors, and agents, from all damages and liabilities (including, without limitation, reasonable attorneys’ fees and legal expenses), resulting from any claim by a third party (including supervisory authorities) that arises out of a violation of the Customer’s representations and/or obligations under this DPA or applicable laws.
The term of this DPA shall continue until the termination or expiration of the engagement between Nayax and Customer.
- GENERAL TERMS.
- Some of the above Sections shall be in force only in the event the GDPR, UK GDPR or the CCPA (as applicable) applies to the Processing of Personal Data pursuant to this DPA.
- In the event of inconsistencies between the provisions of this DPA and the Agreement, the provisions of this DPA shall prevail. For the avoidance of doubt, in the event Standard Contractual Clauses apply, the terms of the Standard Contractual Clauses shall prevail over those of this DPA. Except as set forth herein, all of the terms and conditions of the Agreement shall remain in full force and effect.
- Nayax may amend this DPA from time to time, and make the amended DPA available to Customer.
- In the event this DPA is translated into a different language other than English and in the event there are any discrepancies between the English version of this Agreement and the translated versions, the English version of this DPA shall prevail.
ANNEX I: DETAILS OF PROCESSING AND TRANSFERRING OF PERSONAL DATA
This ANNEX I includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR or by UK GDPR (as applicable) and the transferring Personal Data subject to the Standard Contractual Clauses or the UK SCC (as applicable).
A. LIST OF PARTIES:
- Data Exporter details (i.e., Customer):
The identity and contact details of the Customer shall be the same as indicated in the Agreement.
Activities relevant to the data transferred under these Clauses: Data Processing for the performance of the Agreement.
Signature and date: Signature of the Agreement and the DPA incorporated therein, shall be deemed to constitute signature and acceptance of the Standard Contractual Clauses incorporated herein, including their Appendices.
Role (Controller/processor): Controller.
- Data Exporter details (i.e., Nayax):
Nayax’s contact details shall be the same as indicated in the Agreement.
Activities relevant to the data transferred under these Clauses: Personal Data Processing for the performance of the Agreement.
Signature and date: Signature of the Agreement and the DPA incorporated therein, shall be deemed to constitute signature and acceptance of the Standard Contractual Clauses incorporated herein, including their Appendices.
Role (Controller/processor): Processor.
B. DESCRIPTION OF TRANSFER
- Subject matter and duration of the Processing of Personal Data
The subject matter and duration of the Processing of the Personal Data are set out in Section 2 of this DPA.
- The nature and purpose of the Processing of Personal Data
Nayax will be providing Customer with Payment Services which involve the processing of Personal Data. The scope of the Payment Services is set out in the Agreement, and the Personal Data will be processed by Nayax in order to provide the Payment Services to Customer and to comply with the terms of the Agreement and this DPA.
- The types of Personal Data to be processed and transferred Customer’s contact person’s full name and contact details;
- The following information will be collected regarding Customers in connection with KYC and AML checks: if the Customer is an individual or if Customer is a legal entity then regarding its shareholders: personal identification number, date of birth, country of residence, citizenship, confirmation of whether the Customer or a shareholder is a politically engaged person, email address, phone and mobile number, snapshot of the Customer’s or the relevant signatory’s face, 5 second video of his/her face, copy of identification document;
- Customer’s and/or Customers’ Authorized Users IP addresses, device identifiers.
- Customer’s Authorized Users’ contact information, such as name, email, phone number, etc.
- Customer’s End-Users’ personal data related to the processing of payments and the provision of the Payment Services to Customer, including name and contact details, billing information, purchase history, approximate and precise location.
- The categories of Data Subjects to whom the Personal Data relates
- Customer (to the extent the Customer is an individual)
- Customers’ shareholders;
- Customers’ Authorized Users;
- Customers’ End-Users
- Sensitive data processed or transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measure:
- The obligations and rights of Customer
The obligations and rights of Customer are set out in the Agreement and this DPA.
- The processing operations carried out in relation to the Personal Data
Collection, recording, hosting, organizing, adapting, analyzing, retrieving, sharing with Sub-Processors, structuring, storing, deleting, in each case for the purposes of providing the Services to Customer, the scope of which are set out in the Agreement and this DPA.
- The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis).
- For transfers to sub- processors, also specify subject matter, nature and duration of the processing
- See list of Authorized Sub-Processors
- Competent Authority in accordance with Clause 13 of the Standard Contractual Clauses
- The Competent Authority of the shall be in accordance with Clause 13 alternatives.
TECHNICAL AND ORGANISATIONAL MEASURES
Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons:
- Measures of pseudonymisation and encryption of personal data
Data in transit is transferred by a secured protocol (HTTPS encryption),
Data in transit from device to server and vice versa is encrypted AES 128.
Data at reset is encrypted AES 256.
- Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
Nayax is implementing strong authentication, multiple replicated sites for full redundancy, all security tools that are implemented are reviewed\updated regularly and the Information security is continuously improving\updating the security settings\policy.
- Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Nayax has 3 on-premise data centers over the world that are fully replicated, in addition Nayax has an off line DR data center.
- Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
Nayax’s production environment is undergoing an external penetration testing once a year and all vulnerabilities that are found are fixed urgently, in addition Nayax is performing regular quarter internal vulnerability scans and all vulnerabilities that are found fixed according to the severity of the findings.
- Measures for user identification and authorization
Access to DB is limited to small group of employees, that are identified by strong authentication (Complex password, certificate on the laptop and 2FA).
Every access to the DB is logged and alert is sent to the DBA manager.
Access to DB in non-working hours is verified by phone call to the employee.
Access to DCS is authenticated by MFA and strong complex password.
- Measures for the protection of data during transmission
Data is transferred by encrypted range (HTTPS encryption)
- Measures for the protection of data during storage
Data in storage is encrypted (AES 256) and the encryption keys are kept separately.
Access to the DB is limited to small group of employees.
Every entry and action on the DB is logged and monitored.
- Measures for ensuring physical security of locations at which personal data are processed
All Nayax data centers are located in secured facilities that are PCI DSS certified.
The office is located in a secure building (watchman 24/7), access to the building is limited only for employees from the building, access to the office is only by personal RFID of the employee (every access is logged) there are CCTV 24/7 and an alarm system.
- Measures for ensuring events logging
All security logs are monitored by SIEM/SOC service 24/7.
Security logs are stored for 2 years.
- Measures for ensuring system configuration, including default configuration
Nayax is performing a review of all system’s configuration every quarter and updating the settings if needed.
- Measures for internal IT and IT security governance and management
There is a formal information security policy that is updated and approved by the board annually.
The policy is implemented and all security stuff are reporting to the company CISO.
- Measures for certification/assurance of processes and products
Nayax has 2 certifications:
- ISO 27001
- PCI-DSS Level 1
- Measures for ensuring limited data retention
All data and information is stored and kept according to the regional law.
- Measures for allowing data portability and ensuring erasure
The organization is aligned with the privacy laws (GDPR and Israeli privacy Law) every request of data erasure is reviewed DPO and taken care according to the relevant privacy law.
The Additional Measures that have been implemented due to the EU Court of Justice Case C-311/18, Data Protection Commissioner Vs. Facebook Ireland Limited and Maximillian Schrems decision (“Schrems II”), include the following:
- As of the date of this DPA, Nayax has not received any national security orders of the type described in Paragraphs 150-202 of the Schrems II decision.
- No court has found Nayax to be the type of entity eligible to receive process issued under FISA Section 702: (i) an “electronic communication service provider” within the meaning of 50 U.S.C § 1881(b)(4) or (ii) a member of any of the categories of entities described within that definition.
- Nayax shall not comply with any request under FISA for bulk surveillance, i.e., a surveillance demand whereby a targeted account identifier is not identified via a specific “targeted selector” (an identifier that is unique to the targeted endpoint of communications subject to the surveillance).
- Nayax shall use available legal mechanisms to challenge any demands for data access through national security process that Nayax receives, as well as any non-disclosure provisions attached thereto.
- Nayax will notify Customer if Nayax can no longer comply with the Standard Contractual Clauses or these Additional Safeguards, without being required to identify the specific provision with which it can no longer comply (to the extent it is not prohibited under applicable law).