Terms & Conditions for Use of Payment Services

Framework Agreement for IABAI Payment Services Module (‘IABPAY’)

This Agreement ("Agreement") is entered into between:

• The Account Holder ("Customer" or “You”), party of the first part, who subscribes to the IABAI payment module and confirms their understanding and comprehension of the herein-presented terms, and

• "IABAI" or “IABPAY”, a trademark of IABAI, simplified joint-stock company incorporated under French law, with its registered office at 37 D Rue Saint-Sébastien, 13006, Marseille, France ("IABAI" or “We”).

This Terms & Conditions for Use of Payment Services forms a legal agreement between you and IABAI, which governs your access to and use of IABPAY payment module, subject to any existing Agreement between you and IABAI. In the event of any inconsistency or conflict between this Terms & Conditions and the Agreement, the Agreement shall control with respect to IABAI Payments.

IABPAY is a trademark of IABAI. Please review this entire Terms of Use before you decide whether to accept it and continue with payment.

PLEASE NOTE THAT BY ACTIVATING THE MODULE AND SUBMITING INFORMATION ON IT, YOU AGREE TO BE BOUND BY THESE TERMS & CONDITIONS.

1. DEFINITIONS

- Account Holder: The term "Account Holder" refers to the party entering into this agreement with IABAI, who has subscribed to the IABAI payment module and confirmed their understanding and acceptance of the terms and conditions herein.

- Credentials: "Credentials" encompass all access information, including but not limited to usernames, passwords, and any other security information, used by the Account Holder to access and utilize the IABAI payment platform and services.

- ERP Platform: "ERP Platform" denotes the Enterprise Resource Planning platform integrated with IABAI's payment module (IABPAY), which may be utilized by the Account Holder for various purposes, including the management of financial transactions.

- Final Customer: Refers to the end-user or ultimate consumer of goods or services provided by the Account Holder. In the context of this agreement, the Final Customer represents the individuals or entities who make payments through the Account Holder's services.

- Payment Module: A specialized component of IABAI's ERP system dedicated to managing and facilitating various aspects of the payment process, ensuring efficient and secure financial transactions within the broader ERP framework, also referred here as ”IABPAY”.

- Payment Scheme: Refers to the specific payment method or system used within the IABAI platform to facilitate transactions, which may include but is not limited to direct debit services and other payment methods.

- Restricted Activities: List of activities that include any actions or operations that are prohibited or regulated by this agreement, including but not limited to activities that are illegal, fraudulent, violate any laws or regulations, or are in breach of the terms herein.

- Services: Encompass the online payment processing, direct debit management, and related services provided by IABAI to the Account Holder under the terms of this Agreement.

- User: A "User" is an individual or entity authorized by the Account Holder to access and use the IABPAY payment module and services under the Account Holder's account. Users may include employees, representatives, or agents of the Account Holder.

2. OBJECT

IABAI provides an optional online payment services module, which encompasses the capability for direct debit from a current bank account, whether automated or manual. This module is seamlessly integrated as an extension to the previously contracted ERP platform, and it caters to both unique and recurrent transactions. Additionally, this module facilitates the issuance of invoices and receipts

The provision of payment services occurs through a platform integrated with GoCardless. By accepting these terms, the customer automatically and unequivocally consents to the terms of use stipulated by GoCardless, which can be accessed here.

The customer acknowledges and understands that they are required to establish an account with GoCardless, necessitating the submission of their personal and banking information. The customer hereby acknowledges and consents to the sharing of such data between IABAI and GoCardless.

IABAI undertakes a solemn commitment to utilize this data exclusively for lawful purposes, with strict adherence to all requisite security measures. For comprehensive information regarding data processing, please refer to the dedicated section Data Privacy.

IABAI operates a platform that integrates the IABAI account with the payment system facilitated by Gocardless. IABAI may initiate transactions on behalf of the Gocardless account holder through this platform, in accordance with consents provided for specific purposes. The Final Customer retains the right to revoke this authorization at any time. Similarly, the Final Customer may manage their own account with the platform.

Furthermore, the customer guarantees unrestricted access to their GoCardless account, thereby authorizing IABAI to access, modify, and transmit data essential for the execution of payment operations. Additionally, the customer extends explicit authorization for IABAI to act on their behalf and in their best interest in all dealings with and from GoCardless.

2.1 Express Authorization to Perform Activity

For the purposes delineated in this agreement, "Authorized Activity" encompasses all actions and operations associated with the processing of online payments. This includes, but is not restricted to, the initiation and management of payments and direct debit transactions derived from the current bank accounts of the Final Customers of the Customer. These actions can be conducted either through automated processes or manual procedures.

The Customer hereby expressly grants their consent and authorization to IABAI for the execution of Authorized Activities on their behalf. These activities are exclusively within the realm of facilitating online payment processing, as elaborated herein. This authorization remains in effect throughout the term of this agreement, unless explicitly revoked in writing by the Customer. These activities are performed solely based on the Customer's expressed intentions conveyed through IABAI, with the objective of serving their interests

3. ELIGIBILITY AND REGISTRATION

To complete the verification process, the Customer is required to provide reasonable assistance and information, which may include, but is not limited to:

a. Company registration number and address, along with other company information such as details about directors or proof of incorporation;

b. Personal details, including date of birth, name, and residential address, of any directors or other members of the Customer’s company;

c. Officially issued documentation such as a driver's license, government ID card, passport, or similar, as well as proof of address such as a utility bill;

d. Documentation such as bank statements, financial accounts and statements, and other information related to the viability, business model, and operating history of the Customer’s business; and

e. Transferring funds to or receiving funds from IABAI (the amount of which will be nominal) to verify the Customer’s control of the Account.

IABAI's determination regarding whether to provide the Customer with the Service and an IABAI Account is final. IABAI is not obliged to provide the Customer with the Service or an Account.

4. RESPONSIBILITIES OF THE PARTIES

4.1 Responsibilities of IABAI:

IABAI shall be responsible for the following:

- Security and Confidentiality: IABAI is committed to ensuring the security and confidentiality of transactions and data processed through its platform. It shall implement robust security measures to safeguard sensitive information.

- Full Customer Support: IABAI shall provide comprehensive support to the Customer. This support shall extend to assisting the Customer but not its Users or Final Customers.

- Timely Issue Reporting: shall promptly notify the Customer of any issues or concerns related to the Customer's account, ensuring transparency and effective communication.

- Periodic Compliance Checks: shall conduct regular internal compliance checks and reviews of platform functionalities to ensure adherence to established standards and regulations.

- System Maintenance: IABAI shall diligently maintain and update its system to address and prevent bugs and technical issues that may arise during operations.

- Data Security: IABAI shall maintain the security of all data and promptly report any data breaches or unauthorized access incidents to the Customer.

- Issue Resolution: In case of any problems or disputes, IABAI commits to acknowledging and addressing them within a maximum timeframe of 72 hours, making its best efforts to resolve them as quickly as possible.

4.2 Responsibilities of the Customer:

The Customer, on the other hand, shall assume the following responsibilities:

- Data Maintenance: The Customer is responsible for ensuring the accuracy and currency of all data provided to IABAI. The Customer acknowledges that any payment errors resulting from incomplete or inaccurate information shall be the sole responsibility of the Customer.

- End-User Support: The Customer shall offer support to its own end-users or customers who utilize the services facilitated by IABAI.

- Agreements with Users: If the Customer collects payments under a Payment Scheme that necessitates an agreement with its end-users, the Customer must enter into such agreements and fulfill its obligations as stipulated therein.

- Compliance with Restriction: The Customer shall refrain from engaging in any activities prohibited by this agreement.

- Timely Payments: The Customer shall make payments to IABAI in a timely manner, ensuring that all financial obligations are met promptly.

- Information Provision: The Customer shall provide information to IABAI upon request, as may be necessary for the proper provision of services and security.

Furthermore, if the Customer collects payments from its Final Customers under a Payment Scheme that requires the execution of an agreement for direct debit services, the Customer shall commit to entering into such agreements with its customers and fulfilling its obligations therein. In cases where assistance is required, IABAI will provide the Customer with these agreements, pre-populated with the Customer's specific details, and shall furnish a copy of said agreement upon written request by the Customer.

5. PAYMENT

The IABAI payment module within the IABAI ERP platform is provided free of charge. IABAI does not levy fees on transfers.

5.1 Partner Fees Disclosure:

However, fees imposed by partners that facilitate specific transactions may be applicable. In such instances, the amount will be communicated at the checkout stage and will be subject to the Merchant's approval in order to finalize the transaction.

5.2 Transaction Fees: The current fee or percentage applicable to transactions will be available on each partner's respective page and will be applied based on the method chosen by the customer.
https://gocardless.com/pricing/
https://stripe.com/en-pt/pricing

5.3 Timing:

The current timing information for transactions will be available on each partner's respective page and will vary depending on the method chosen by the customer.
https://gocardless.com/legal/payment-timings/
https://stripe.com/docs/payouts

5.4 Cancellations, Chargebacks, and Indemnification:

The Customer acknowledges that IABAI lacks the capability to cancel, rectify or dispute Chargebacks linked to a correctly submitted Payment Order from an administrative perspective. This implies that if a Chargeback is initiated by a Customer, resulting in a breach of their agreement with its Final Customer, IABAI cannot challenge the Chargeback or recover the associated funds.

The Customer commits to indemnifying IABAI against any losses, expenses, claims, damages, or costs arising from the Customer's failure to secure requisite consents and authorizations from its Final Customers or provide them with necessary information for the lawful processing of Payment Orders. This encompasses obligations pertaining to Payment Pages and Payment Notifications outlined in the Terms related to any feature or product used by the Customer.

IABAI's Customer acknowledges that once a payment order is initiated through IABPAY, it cannot be canceled or refunded directly within the IABPAY system. However, in the event of an error or the need for a refund, the Customer may follow the established procedure by providing a credit note through IABAI’s ERP platform or proceed with the refund externally, adhering to their own internal processes and policies.

IABAI shall not be responsible for or involved in any external refund processes, and it is the sole responsibility of the Customer to ensure compliance with relevant legal and regulatory requirements.

5.5 Direct Debit Mandate

A Direct Debit Mandate is an authorization granted by Final Customers to the Customer, enabling them to facilitate payment collection via IABPAY's payment module in cooperation with the payment institution. This authorization permits the direct deduction of payments from the Final Customer's bank account. For additional information, please consult the "Direct Debit Mandates" page on GoCardless website.

5.6 Payment Scheme

A Payment Scheme refers to a specific set of rules, procedures, and arrangements governing the collection and processing of payments, including the establishment of payment schedules and mandates. For more detailed information about Payment Schemes, please visit the GoCardless website's "Payment Schemes" page.

5.7 Management of Recurring Payments

The Account Holder has the ability to manage the recurrence of payments through the IABAI’s ERP platform by selecting the relevant option specified in the contract. By exercising this option, the Account Holder can customize and control the frequency and timing of recurring payments as agreed upon in the contract. It is the responsibility of the Account Holder to make any necessary adjustments or changes in accordance with the terms and conditions outlined in the contract. IABAI shall not be held responsible for the Account Holder's selections or modifications made through the ERP platform.

6. DATA PRIVACY

6.1 Security and Data Protection:

Upon receiving Customer information, IABAI operates as both a data controller and processor. We employ data encryption using secure protocols and enforce access controls through certified credentials.

We implement stringent access controls to ensure that only authorized individuals have access to sensitive data, including multifactor authentication, strong passwords, and role-based access restrictions. We establish continuous monitoring systems to identify suspicious activities, recording all data-related actions and maintaining audit logs.

To protect personal data, we adopt technical and organizational measures, including pseudonymization and anonymization when appropriate. We consistently update our system and related software with the latest security patches to mitigate known vulnerabilities.

Our team is educated on information security best practices and the importance of data protection. Employees are trained to recognize threats and act securely. We establish clear data retention policies to ensure data is stored only for the necessary duration and is securely deleted when no longer needed.

Regular risk assessments are conducted to identify potential vulnerabilities and threats to data security, enabling proactive measures. We evaluate the security compliance of third-party vendors, including payment processing companies, to ensure GDPR compliance.

In the event of a data breach, we maintain an incident response plan that includes timely notification to data protection authorities and affected individuals. We incorporate privacy considerations into the system's development process (known as "privacy by design") to make data protection an integral part of the project.

Data Protection Impact Assessments (DPIAs) are conducted as necessary to assess privacy risks and implement mitigation measures. We ensure that all data processing operations adhere to GDPR principles, such as purpose limitation, data minimization, accuracy, and others.

6.2. Data Subject Rights:

The data subject, as defined by applicable data protection regulations, including but not limited to the General Data Protection Regulation (GDPR), holds specific rights concerning their personal data processed by IABAI and its affiliates.

These rights include but are not limited to the right to access, rectify, erase, or restrict the processing of personal data, as well as the right to data portability, where applicable.

6.3 Right to Object:

In particular, the data subject retains the right to object to the processing of their personal data in situations where such processing is carried out based on legitimate interests or for direct marketing purposes.

To exercise the right to object, the data subject may contact IABAI through the designated channels, as specified in the Data Privacy Policy.

6.4 Access and Transactions:

as an integral component of our payment processing services, IABAI collaborates with various payment service providers. These providers may grant access to bank account information and facilitate bank transactions, provided that such access is expressly authorized by the Customer and its Final Customers.
For direct debit processing, data may be shared with GoCardless.

6.5 Data Ownership and GoCardless Privacy Notice:

The Customer retains all rights over their data processed through GoCardless. For detailed information regarding the handling of personal data by GoCardless, including data ownership and data subject rights, the Customer is encouraged to refer to their Privacy Notice.

7. INTELLECTUAL PROPERTY AND TRADEMARK RIGHTS

Ownership: The technology provided by IABAI is exclusively its intellectual property. The registered trademark "IABAI" also solely belongs to IABAI. Unauthorized reproduction or use of this technology or trademark is strictly prohibited and subject to the penalties prescribed by the law.
Prohibited Acts: Without prior written consent from IABAI, you are expressly prohibited from reproducing, duplicating, copying, or using in any manner the technology or trademark "IABAI." Any such actions will be considered a breach of this agreement and will result in legal consequences.
Legal Consequences: In case of any violation of these intellectual property and trademark rights, IABAI reserves the right to seek legal remedies available under French law. These remedies may include, but are not limited to, injunctive relief, damages, and legal costs incurred in enforcing its rights.
Indemnification: You agree to indemnify and hold IABAI harmless from any claims, losses, damages, liabilities, or expenses arising out of or related to your unauthorized use or reproduction of IABAI's technology or trademark.
Termination: IABAI may terminate this agreement immediately if you are found to be in breach of the intellectual property and trademark rights outlined herein. In such a case, you will be held responsible for any resulting legal consequences.

8. SECURITY

The Customer shall take reasonable measures to maintain the security of its IABAI Account Details and to prevent any fraudulent utilization of the IABAI Account. Furthermore, the Customer shall ensure that all Users of the Account adhere to the same standards of security.

The reasonable measures, as referred above, encompass, but are not limited to, the following actions:

a. Safeguarding the account details, credentials and any associated documentation relating to the IABAI Account to prevent unauthorized access or disclosure;

b. Refraining from printing, storing, or recording the Account Details in a single location;

c. Periodically updating passwords for the IABAI Account, ensuring this is done at least once every six months;

d. Ensuring that the passwords for the IABAI Account exhibit adequate strength, utilizing a combination of characters, numbers, symbols, and both uppercase and lowercase letters, provided that the password differs from the username;

e. Exercising reasonable diligence to prevent third parties from observing or overhearing the use of the Account Details;

f. Immediately terminating the use of the Account Details by any third party who no longer holds the status of an Authorized User; and

g. Promptly notifying IABAI upon becoming aware of the loss, theft, misappropriation, or unauthorized use of the Account Details. In such an event, the Customer must promptly modify all passwords associated with the Account Details.

IABAI will implement necessary measures consistent with Good Industry Practice and in compliance with applicable laws and regulations to maintain the security of the Service and the Module, ensuring the protection of data against loss or unauthorized disclosure."

9. FINAL CUSTOMER VERIFICATION RESPONSIBILITY:

9.1 It is the Customer's duty to perform prior verification of the Final Customers who will be registered on the ERP platform provided by IABAI.

9.2 Consequences of Non-Verification: Failure to conduct these verifications may result in the suspension of the Final Customers's account. In such an event, the Customer shall be duly notified. Continued creation of unverified accounts may lead to the expulsion of the Customer from the platform, entailing the termination of any existing contracts.

9.3 Legal Compliance Obligation: The Customer is obligated to ensure that their Final Customers are in legal compliance and are not engaged in any of the restricted activities explicitly outlined herein.

In the event that IABAI or IABAI suspect or discover illicit activities being carried out on the IABAI payment platform, the following actions shall be taken:

→ Access Revocation and Request for Clarification:
a. Access to the platform shall be promptly revoked pending an investigation.
b. The Customer shall be requested to provide clarifications regarding the suspected activities within a period of 48 hours.
c. Failure to provide satisfactory clarifications within the stipulated timeframe may result in the suspension or deletion of the Customer's account.

→ Evidence of Wrongdoing:
a. In the presence of substantial evidence indicating unlawful activities, access revocation shall be immediately followed by the permanent deletion of the Customer's account.
b. IABAI shall promptly notify the relevant authorities regarding the detected illicit activities.

10. LIMITATION OF LIABILITY

Neither party, nor any of its affiliates, employees, officers, directors, agents, service providers, or subcontractors, shall be held accountable to the other party or any third party, whether based on contract, tort (including negligence or breach of statutory duty), willful misconduct, or any other legal basis, for any losses or damages arising from or related to this Agreement. Such losses or damages may include, but are not limited to:

- Loss of profits, income, revenue, business opportunities, data, or information.

- Failure to achieve expected revenues or savings.

- Loss or harm to goodwill.

- Pure economic loss.

- Any other economic or monetary loss, regardless of whether such losses or damages are direct, indirect, special, or consequential.

- Any indirect, special, or consequential losses or damages.

- Any punitive, exemplary, or incidental damages.

10.1 IABAI's Liability Limitation:

IABAI's total aggregate liability to the Customer, whether directly or as a third-party defendant in any action or proceeding, for any losses incurred by the Customer under or in connection with this Agreement, shall not exceed, in the aggregate, the amount of fees owed for IABPAY’s module in the three (3) calendar months preceding the date on which the first such event or events occurred.

10.2 Customer's Acknowledgment and Indemnification:

The Customer hereby acknowledges and agrees that, to the fullest extent permitted by applicable law, IABAI and its affiliates, officers, directors, employees, agents, and representatives (collectively referred to as "IABAI Parties") shall not be held liable for any direct, indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from:

a. The Customer's failure to conduct proper User or Final Customer verifications or ensure legal compliance among them, as stipulated in the clauses herein.

b. Any actions or activities undertaken by Users or Final Customers on the IABAI platform, including but not limited to any illicit, fraudulent, or otherwise unlawful activities.

c. The suspension, expulsion, or termination of the Customer's access or accounts, as described in the previous clauses.

d. Any actions taken by IABAI or IABAI to address suspected or confirmed illicit activities on the IABAI platform, including but not limited to the revocation of access and communication with relevant authorities.

Furthermore, while IABAI ensures the security of the system, the Customer is responsible for maintaining local-level security, particularly concerning unauthorized access. In the event that unauthorized access occurs due to the compromise of credentials, IABAI shall not be held liable.

The Customer further agrees to indemnify, defend, and hold harmless the IABAI Parties from any claims, liabilities, losses, costs, or expenses, including reasonable attorneys' fees, arising out of or related to the Customer's use of the IABAI platform, including any breaches of the obligations outlined in this agreement.

If any partner fails to provide the agreed-upon services to IABAI, IABAI shall not be held responsible for any interruption in the payment module service. The availability of payment methods is contingent upon the performance of business partners.

The Customer acknowledges that the aforementioned waivers and limitations of liability are essential elements of this agreement and that IABAI would not enter into this agreement without such waivers and limitations. The Customer expressly consents to these terms, recognizing that they represent a fair allocation of risk between the parties.

11. AMENDMENTS AND UPDATES

Any modifications to these terms or those of business partners will be communicated to the primary email address provided by the Customer, which the Customer is responsible for keeping updated at all times. The notification of modifications will result in the new terms taking immediate effect.

If, due to the changes, actions are required from the Customer, the Customer shall have a period of up to 10 days after the modification to implement these actions, with the risk of account suspension until compliance is achieved.

If the Customer disagrees with the new terms or modifications, they may terminate the contract within 5 days without any consequences by emailing info@iab.ai. After the amendment or modification, the user has up to 10 days to explicitly accept the changes; failure to do so may result in account suspension.

12. RESTRICTED ACTIVITIES

You are prohibited from utilizing our services for any unlawful or harmful activities or causing others to engage in such actions. This encompasses actions that:

© 2023-Today. All rights reserved. IABAI and IABPAY are a trademark of IABAI SaS.