Baffin Bay by Mastercard logo

Terms of Use

Updated: 7/3/2025

End User License Agreement

You (the “Subscriber”) have either (i) purchased from an authorized Mastercard reseller (“Reseller”) subscriptions to certain Services developed and owned by Mastercard or its Affiliates (a “Reseller Subscription”); (ii) been granted access by Mastercard on a trial basis, free of charge (a “Free Trial”) to use certain Services owned and made available by Mastercard or its Affiliates; or (iii) entered into an Enrollment Form (an “Enrollment Form”) with Mastercard for the purchase of subscriptions to certain Services owned and made available by Mastercard or its Affiliates (a “Direct Enrollment Subscription”). For the avoidance of doubt, any subscription used by a Reseller to provide Indirect Bundled Services (as defined in the applicable Reseller Agreement) shall be deemed a Reseller Subscription where the Reseller is Subscriber hereunder.


BY CLICKING “I ACCEPT”, SIGNING THIS END USER LICENSE AGREEMENT (this “EULA”), OR BY OTHERWISE ACCESSING OR USING THE SERVICES, SUBSCRIBER AGREES THAT IT HAS READ AND UNDERSTOOD, AND, AS A CONDITION TO ITS USE OF THE SERVICE, AGREES TO BE BOUND BY THE FOLLOWING TERMS AND CONDITIONS. IF SUBSCRIBER IS NOT ELIGIBLE OR DOES NOT AGREE TO ANY TERM OR CONDITION OF THIS EULA, THEN SUBSCRIBER DOES NOT HAVE MASTERCARD’S PERMISSION TO USE THE SERVICE. SUBSCRIBER’S USE OF THE SERVICE, AND MASTERCARD’S PROVISION OF THE SERVICE TO SUBSCRIBER, CONSTITUTES AN AGREEMENT BY MASTERCARD AND BY YOU TO BE BOUND BY THIS EULA.


Mastercard may amend and modify this EULA and issue new versions from time to time as Mastercard reasonably decides in its discretion is necessary to preserve and enhance the integrity and security of data or the Service and to stay current with industry best practices.


This EULA sets forth the terms and conditions under which the Services will be made available and under which Subscriber will access and use the Services, all of which will be subject to the terms and conditions of this EULA.


1. DEFINITIONS

The following definitions shall be used for purposes of this EULA.

  1. "Affiliate” means, in relation to a Party, any other entity which directly or indirectly Controls, is Controlled by, or is under direct or indirect common Control with that Party from time to time.
  2. "Control" means, in relation to a corporate entity, the power, by operation of law or as a matter of fact, to exercise, whether directly or indirectly, a decisive influence on the orientation of such entity’s management or the appointment of the majority of its directors; “Controls” and “Controlled” will be interpreted accordingly.
  3. "Content” will have the meaning given to it in Section 5 of this EULA.
  4. Data Protection Rights” means all rights granted to Data Subjects under Privacy and Data Protection Law, which may include—depending on applicable Privacy and Data Protection Law—the right to know, the right of access, rectification, erasure, complaint, data portability, restriction of Processing, objection to the Processing, and rights relating to automated decision-making.
  5. Documentation” means the program guides, manuals, release notes, reference guides, specifications or other documents relating to the Services provided or made available by Mastercard or its Affiliates to Subscriber, from time to time.
  6. Effective Date” means (i) in the case of Reseller Subscription, the effective date set forth in the Purchase Order; (ii) in the case of a Direct Enrollment Subscription, the effective date set forth in theE Enrollment Form; and (iii) in the case of a Free Trial, the date that Mastercard first makes the Services available to Subscriber.
  7. Error” means a material failure of the Services to conform to its functional specifications, excluding failures resulting from Subscriber’s or its Users’ negligence or improper use of the Services.
  8. EU Data Protection Law” means the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC), their national implementations in the European Economic Area (“EEA”), including the European Union (“EU”), and all other privacy, cybersecurity, and data protection laws of the EEA, the United Kingdom (“UK”), Monaco, and Switzerland, each to the extent applicable to a Party’s Processing of Personal Data in connection with this EULA, and as may be amended or replaced from time to time.
  9. Government Subscriber” means a government, whether at supranational, federal, state, provincial or municipal, an agency, body, authority or instrumentality of a government and includes any entity, including a commercial entity, where any government or combination of governments hold the controlling equity interest or other means of control.
  10. Intellectual Property Rights” means any and all now or hereafter known tangible and intangible: (a) rights associated with works of authorship throughout the world, including copyrights or works of copyright, moral rights, and mask-works; (b) trademarks and service marks (whether registered or at common law), trade names, business names, logos, symbols, and Internet domain names, or any abbreviation or contraction thereof, and similar rights; (c) trade secret rights; (d) patents, designs, algorithms, and other industrial property rights; (e) all other intellectual and industrial property rights of every kind and nature throughout the world and however designated (including domain names, logos, “rental” rights, and rights to remuneration), whether arising by operation of law, contract, license, or otherwise; and (f) all registrations, initial applications, renewals, extensions, continuations, divisions, or reissues thereof currently or hereafter in force (including any derivative rights in any of the foregoing).
  11. Marks” means trademarks and service marks (whether registered or at common law), trade names, business names, logos, symbols, and Internet domain names, or any abbreviation or contraction thereof.
  12. Mastercard” means the Mastercard Contracting Party as defined in Section 13.1.
  13. Mastercard Group” means Mastercard and its Affiliates.
  14. "Party” or “Parties” means a party to this EULA (i.e., Mastercard or Subscriber, as applicable).
  15. Personal Data” means Content and any other data provided or made available to Mastercard Group by Subscriber or any End User and Processed by Mastercard Group to provide the Services to Subscriber: (i) relating to an identified or identifiable natural person or (ii) that is otherwise defined as “personal data,” “personal information,” or any analogous term under applicable law.
  16. Privacy and Data Protection Law” means, with respect to a Party, any law, statute, declaration, decree, legislation, enactment, order, ordinance, regulation, or rule (as amended and replaced from time to time) regarding privacy, cybersecurity, or the protection of Personal Data, in each case with the force of law, applicable to such Party’s Processing of Personal Data in connection with this EULA.
  17. Process” means (i) any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction or (ii) has the meaning ascribed to it under applicable Privacy and Data Protection Law.
  18. Purchase Order” means in the case of a Reseller Subscription, a purchase order, invoice, quote, agreement or other documentation between Subscriber and Reseller setting forth the Services and purchased by Subscriber from Reseller, the Territory within which Subscriber may use the Services and the fees to be paid by Subscriber for the Services.
  19. Service(s)” means software, data, and services and updates thereto owned by Mastercard or its Affiliates that are either (i) purchased by Subscriber from Reseller, as reflected in a Purchase Order, and made available by Mastercard or its Affiliates to Subscriber over a network; or (ii) made available by Mastercard or its Affiliates to Subscriber over a network in connection with a Free Trial or Direct Enrollment Subscription.
  20. Subscription” means a Reseller Subscription, Direct Enrollment Subscription and/or Free Trial, as applicable.
  21. Term” means (i) in the case of a Reseller Subscription, the term applicable to any Service as set forth in the applicable Purchase Order; (ii) in the case of a Direct Enrollment Subscription, the Initial Term together with any Renewal Term, as described in Section 2.1.3; and (iii) in the case of a Free Trial, the length of the Free Trial, as determined by Mastercard, in its sole discretion.
  22. Territory” means, unless otherwise specifically provided for in writing by Mastercard, the jurisdiction where the principal place of business of Subscriber is located.
  23. User” and “End User” means an individual who is authorized by Subscriber to use the Services, for whom subscriptions to the Services have been purchased, and who have been supplied user identifications and passwords by Subscriber (or by Mastercard or its Affiliates, at Subscriber's request). Users may include but are not limited to employees, consultants, contractors and agents of Subscriber.

2. TERM AND TERMINATION

  1. Term
    1. Reseller Subscriptions. In the case of a Reseller Subscription, the term of this EULA shall commence on the Effective Date and shall expire upon the expiration of the last term for Services set forth in the Purchase Orders, unless the parties mutually agree in writing to extend it. Notwithstanding the foregoing, in the event that Mastercard provides written notice to Subscriber that Reseller’s authorization to act a reseller of Mastercard has been terminated (a “Reseller Change Notice”), Subscriber’s Reseller Subscription shall be automatically converted into a Direct Enrollment Subscription hereunder upon the same pricing terms previously agreed to in the applicable Purchase Order for the remainder of the term indicated therein. Following receipt of a Reseller Change Notice, Section 3 hereof shall apply and Subscriber shall make all payments thereafter in respect to the Services directly to Mastercard. To the extent requested by Mastercard, Subscriber shall execute an Enrollment Form evidencing the new Direct Enrollment Subscription.
    2. Free Trial. In the case of a Free Trial, the term of this EULA shall commence on the Effective Date and shall expire on the earlier of (i) the date access to the Services is terminated by Mastercard, in its sole discretion, at any time and for any reason; and (ii) the start date of any paid subscription for Services purchased by Subscriber. Sections 2.2 through 2.5 shall not apply in the case of a Free Trial.
    3. Direct Enrollment Subscriptions. In the case of a Direct Enrollment Subscription, the term of this EULA shall commence on the Effective Date and continue in effect for a period equal to the “Initial Term” designated in the Enrollment Form. Unless otherwise agreed to in the Enrollment Form, at the end of the Initial Term, the term of this EULA will automatically renew for successive one (1) year periods (each a “Renewal Term”) unless either Party provides written notice of non-renewal of this EULA to the other Party at least sixty (60) days prior to the end of the then current Term.
  2. Either Party may terminate this EULA in the event the other Party materially breaches the terms of this EULA and fails to cure such breach within thirty (30) days after receiving written notice of such breach. Additionally, Mastercard may terminate this EULA immediately if Subscriber: (a) fails to pay the Subscription Fee or any other amount due under this EULA, the Enrollment Form and/or a Purchase Order, (b) any unauthorized use of the Services (or any part thereof); (c) terminates its business operations; (d) commences any proceedings for the winding up of its business or the dissolution or liquidation of its business operations; (e) becomes insolvent; (f) suffers the appointment of a receiver or makes an assignment for the benefit of creditors; (g) enters into voluntary or involuntary bankruptcy; (g) ceases to pay its debts as they become due. Subscriber agrees that its failure to pay any amounts due to Reseller or Mastercard, as applicable, in respect to the Services or its failure to otherwise comply with any other obligation under a Purchase Order, Enrollment Form or any other agreement with Reseller or Mastercard, as applicable, with respect to the Services shall constitute a material breach of this EULA.
  3. In the event a change in law or regulation prohibits or impairs the Mastercard Group’s ability to provide the Services, or any portion thereof (“Adverse Change”), Mastercard may suspend the provision of, and Subscriber’s right to access and use, the Services, or such affected portion thereof, for the duration of the Adverse Change, as may be necessary for the Mastercard Group to address the Adverse Change. If Mastercard, in its sole discretion, reasonably determines that it is unable to modify the Services to address the Adverse Change, Mastercard may terminate such Services or this EULA upon written notice to Subscriber with no further liability to Subscriber.
  4. At any time, the Mastercard Group may terminate any Service or this EULA: (a) upon ninety (90) days’ notice, if the Mastercard Group discontinues such Service in one or more of the jurisdictions in which such Service is provided under this EULA; (b) upon thirty (30) days’ notice or earlier, if required by applicable law or the relevant authority, if the Mastercard Group is required by such law or governing authority to cease providing such Service in one or more of the countries in which such Service is provided under this EULA; (c) immediately, if the Mastercard Group receives a claim or notice alleging that such Service infringes or violates a third party’s Intellectual Property Rights; or (d) immediately, if Subscriber breaches any of Sections 4.5 or 4.6 hereof.
  5. In the case of Reseller Subscription, each Purchase Order will terminate upon the termination of this EULA. Upon termination of (x) in the case of a Reseller Subscription, the Purchase Order, or (y) in the case of a Direct Enrollment Subscription, Subscriber’s right to access and use the Services made available pursuant to such Reseller Subscription, or Direct Enrollment Subscription, as applicable, shall terminate, and Subscriber shall be solely liable for rerouting any DNS traffic that has been routed via the Services (or parts thereof) and, except to the extent agreed to in writing by the parties: (a) Subscriber shall cease all use of the Services and, if applicable, delete all copies in its possession or control; (b) in the case of a Reseller Subscription, Subscriber shall promptly pay any amounts due or owed under the Purchase Order in accordance with its terms; (c) in the case of a Direct Enrollment Subscription, Subscriber shall promptly pay any amounts due or owed or that would be due or owed under this EULA under the existing Term, which, for the avoidance of doubt, shall be equal to any amounts due and owed as of the effective date of termination plus an early termination fee equal to any Subscription Fees that would have been due and payable over the Term assuming that this EULA had not been terminated prior to the expiration thereof (the “Early Termination Fee”); and (d) all of Subscriber’s rights to any deliverables pursuant to this EULA shall be revoked. Termination of the Services, this EULA, or in the case of a Reseller Subscription, a Purchase Order, shall not relieve either Party of any obligation accrued through the date of termination. In the case of a Direct Enrollment Subscription, if Mastercard terminates this EULA pursuant to Section 2.3 or Section 2.4, or Subscriber terminates this EULA pursuant to Section 2.2, (i) the Termination Fee noted above shall not apply; and (ii) Mastercard shall refund to Subscriber the pro-rata amount of Subscription Fees prepaid by Subscriber to Mastercard in respect each terminated Service for the remainder of each such Term.
  6. For the avoidance of doubt, Mastercard Group shall not in any way be liable for Subscriber's failure to reroute its DNS traffic upon expiration or termination of the Subscription or this EULA, including, but not limited to, any data loss occurring due to Subscriber's failure to reroute Subscriber's DNS traffic on the termination or expiration of any Subscription and/or this EULA.
  7. Sections 1, 2.4, 2.5, 3.2, 3.3, 3.5, 4.4, 6, 7, 8, 10 and 13 shall survive expiration or termination of this EULA according to their terms.

3. SUBSCRIPTION FEES AND INVOICING FOR DIRECT ENROLLMENT SUBSCRIPTIONS

The provisions of this Section 3 shall only apply in the case of Direct Enrollment Subscriptions.

  1. Subscriber shall pay Mastercard Group the fees (“Subscription Fees”) for access to the Services as set forth (in the case of a Direct Enrollment Subscription), in the Enrollment Form. Mastercard reserves the right to defer invoicing of the Subscription Fees for a period of up to 6 months following the date upon Services become chargeable (the “Invoicing Deferral Period”). Subscriber shall be invoiced for the Subscription Fees for each Service at the end of each Invoicing Deferral period, monthly in advance, and each invoice will be due and payable thirty (30) days from the date of such invoice. Except as expressly set forth in this EULA, upon payment, Subscription Fees are non-refundable.
  2. In the event of overdue Subscription Fees, Mastercard Group will issue an overdue payment notice, and Subscriber shall pay such overdue amounts, plus interest as described below, within five (5) business days. If Subscriber fails to timely remit such overdue amounts, Mastercard Group shall have the right to suspend Subscriber’s access to and use of the Mastercard Group Services until all overdue fees and late payments are received. Overdue Subscription Fees shall accrue interest in the amount of 1.5% per month or the maximum rate permitted by applicable law, whichever is less.
  3. To the extent applicable, where Subscriber is set up on the Mastercard Consolidated Billing System (“MCBS”), Subscriber’s MCBS account may be directly debited for all costs incurred by the Mastercard Group. Where MCBS is used, Subscriber shall be responsible for maintaining sufficient funds in its MCBS account, failing which penalties shall be assessed against Subscriber in accordance with Mastercard’s standard policy. Mastercard reserves the right to designate an Affiliate including, but not limited to, RiskRecon, Inc., as billing agent for purposes of invoicing and collecting Subscription Fees. Any requests by Subscriber for further information to substantiate the Subscription Fees contained in an invoice shall be made by Subscriber to Mastercard and any such information shall only be used internally by Subscriber and its professional advisers for purposes related to invoicing.
  4. In the case of a Direct Enrollment Subscription, for a multi-year Initial Term or any Renewal Term, the Subscription Fees set forth in the Enrollment Form shall be adjusted on an annual basis on or around the anniversary of the Effective Date, based on the Cost to Serve Adjustment, by multiplying the Subscription Fees by one (1) plus the Cost to Serve Adjustment. For purposes of this Section, “Cost to Serve Adjustment” shall mean the greater of (i) CPI change during the then-current recent year and (ii) three percent (3%), and “CPI” shall mean the CPI-U Index (Consumer Price Index for All Urban Consumers) published by the United States Bureau of Labor and Statistics from time to time, or, if Subscriber is not headquartered in North America, the closest equivalent for the country or region in which Subscriber’s headquarters is located, as determined by Mastercard.
  5. Prices indicated in the Enrollment Form, and all amounts billed under this EULA are exclusive of all taxes. Other than taxes based on Mastercard’s net income, Subscriber shall pay (and Mastercard shall have no liability for), any taxes, tariffs, duties and other charges or assessments imposed or levied by any government or governmental agency in connection with this EULA, including, without limitation, any federal, provincial, state and local sales, use, goods and services, value-added, withholding, personal property and applicable import and export duties or fees taxes on any payments due in connection with this EULA. All sums payable by Subscriber to Mastercard under this EULA shall be paid in full, free of any deductions and/or withholdings of any kind, except where any deduction or withholding is required by law. If any payment by Subscriber is subject to a deduction or withholding required by law, (i) Subscriber shall submit the amount required to be deducted or withheld to the applicable governmental agency and provide Mastercard with such evidence as Mastercard may reasonably request, to establish that such deduction or withholding has been paid as required by law; and (ii) Mastercard shall be entitled to receive from Subscriber (and Subscriber agrees to pay) such additional amount to ensure that the net sum received by Mastercard is the same as it would have received if that payment had not been subject to that deduction or withholding.
  6. Subscriber agrees that this EULA is the sole document required to present to Subscriber’s accounts payable department to authorize disbursement of funds. No separate purchase order or other documentation is required unless expressly identified herein. Subscriber acknowledges that Subscriber representative who accepts this EULA is duly authorized to bind Subscriber to all terms of this EULA, including authorizing payment.

4. TERMS OF USE, ACCESS, AND USER ACCOUNTS

  1. Subscriber agrees that it will use the Services solely as contemplated by and in accordance with the terms of this EULA and the Documentation.
  2. In the case of a Reseller Subscription, or Direct Enrollment Subscription, during the Term, Mastercard grants to Subscriber a limited, non-exclusive, non-transferable, non-sub-licensable, revocable right to access and use the Services made available pursuant to such subscription in the Territory for Subscriber’s legitimate internal business purpose (“Legitimate Internal Business Purpose”), and subject to the terms of this EULA.
  3. In the case of a Free Trial, Subscriber shall access the Services solely for purposes of evaluating a potential purchase of the Services. Subscriber acknowledges and agrees that any data, and/or customizations made to the Services during a Free Trial may be permanently lost or deleted at the end of the Free Trial unless Subscriber purchases a subscription to such Services before the end of the Term of the Free Trial.
  4. Except to the extent such restriction is expressly prohibited by applicable law, and other than as expressly set forth in this EULA, Subscriber and its Users shall not, and will not assist or permit any third party to: (a) disassemble, reverse engineer, decompile or otherwise attempt to derive source code of the Services or any component thereof, (b) copy, reproduce, modify, alter or otherwise create any derivative works of, the Services, (c) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Services available to any third party, other than to Users or as otherwise contemplated by this EULA, (d) use the Services to violate, misappropriate, or infringe the rights of any third party, (e) interfere with, disrupt or circumvent the integrity or performance of, or any feature of the Services or the data contained therein, including any security or access control mechanism, (f) attempt to gain unauthorized access to the Services or its related systems or networks, (g) bypass, circumvent and/or interfere with any technical measures used by Mastercard Group to provide the Services (or parts thereof), (h) interfere or disrupt the Services (or parts thereof) or servers or networks connected to the Services, or (i) attempt to do any of the foregoing.
  5. Subscriber and its Users shall access and/or use the Services solely for Subscriber’s Legitimate Internal Business Purpose as contemplated by this EULA and shall not use the Services in any way not expressly permitted in this EULA. Subscriber is responsible for all activities that occur in User accounts and for Users’ compliance with this EULA and the Documentation. Subscriber shall also be responsible for maintaining an accurate list of active Users with Mastercard. Subscriber shall access, use and accept provision of the Services solely in the Territory. Subscriber shall also use commercially reasonable efforts to prevent unauthorized access to, or use of, the Services, and shall notify Mastercard promptly of any such unauthorized access or use. Subscriber and any End User hereby represent and warrant that they will: (a) only use the Services (and any part thereof) in compliance with all applicable laws and regulations, including, but not limited to, laws and regulations relating to privacy, cybersecurity, and data protection in all relevant jurisdictions, such as those in which the Services or content is uploaded, hosted, stored, accessed, or used, and (b) implement necessary restrictions or other measures to prohibit use of the Services: (i) by any individual or entity or (ii) in any jurisdiction, in each case with respect to (i) and (ii), as required to comply with such laws. Subscriber further represents and warrants that it will provide all notices and obtain all rights, authorizations and consents necessary for Mastercard Group to provide the Services and Process any data in connection therewith, as contemplated by this EULA. To the extent that Subscriber or any End User becomes aware that the provision by Mastercard or Mastercard’s Affiliate(s) of the Services, or Subscriber’s use of the Services, does not comply with applicable law, Subscriber shall immediately communicate the same to Mastercard.
  6. To be able to access and use the Services, Subscriber or the End User (as applicable) must register an Account and provide the registration information requested by Mastercard Group. By registering for, accessing and/or using an Account or providing registration information to Mastercard Group, Subscriber and any End User (as applicable) agree and warrant to provide and maintain valid, true, correct and complete information to Mastercard Group.
  7. In order to provide access to the Services, Mastercard Group relies on the relevant log-in credentials to authorize Subscriber (including any of the End User(s)) access to the Services. Subscriber (including any of the End User(s)) is obliged to keep account information, username and password secret and confidential and Subscriber is solely responsible for any and all use or access through Subscriber's (including the End User(s)) log-in credentials.
  8. Subscriber agrees that Mastercard’s Affiliates, including but not limited to Threat Protection and RiskRecon Inc., may perform any Services under this EULA and any services in support of the Services.
  9. Mastercard or its Affiliates shall make the applicable Services available to Subscriber and its Users pursuant to this EULA during the Term. Subscriber agrees that its purchase of subscriptions for Services is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written public comments made by the Mastercard Group with respect to future functionality or features. Subscriber will be solely responsible for providing any hardware, software and connectivity to access and use the Services, including any Subscriber-specific configurations required to use and access the Services, and for rerouting DNS traffic via the Services (to the extent applicable).
  10. Mastercard Group reserves the right to update, amend, change and/or modify the content of the Services, without prior notification and will not be liable to any Party in any way for possible consequences of such changes. Mastercard Group may suspend, discontinue or restrict access to any portion of the Service at any time and without notice.
  11. Mastercard or its Affiliates shall use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except for: (a) planned downtime (of which Mastercard or its Affiliates shall use commercially reasonable efforts to provide Subscriber at least 72 hours’ notice via the Services); or (b) any unavailability caused by circumstances beyond the Mastercard Group’s reasonable control including, without limitation, acts of nature, pandemics, acts of government, floor, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Mastercard employees), computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within the Mastercard Group’s possession or reasonable control, and denial of service attacks.

5. SUBSCRIBER CONTENT

  1. Certain use of the Services may require that either Subscriber or End Users post, upload, transmit or otherwise submit data or information or direct DNS traffic to the Services (the "Content").
  2. Subscriber and any applicable End Users hereby represent, warrant and covenant that they have the right to post, upload, submit, transmit and provide Content to the Mastercard Group and that such Content (or any part thereof), including its transmission to and use or other Processing by Mastercard Group as contemplated by this EULA, does not violate any agreement, applicable law or regulation or third party right, including intellectual property rights, rights of privacy, and/or applicable privacy, data protection and cybersecurity laws and regulations. Moreover, Subscriber hereby represents, warrants and covenants that it has provided all notices and obtained all authorizations, rights, and consents necessary to lawfully access, interfere with, and allow Mastercard Group or the applicable Reseller to lawfully access or interfere with, any user or third-party’s, information technology system, network, service, or account.
  3. By posting, uploading or otherwise submitting Content to Mastercard Group, Subscriber and any applicable End Users grant to Mastercard Group a worldwide, irrevocable, non-exclusive, non-transferrable, non-sub-licensable, fully paid license to use and to otherwise Process the Content (and any part thereof) and any other data provided or made available to Mastercard Group by Subscriber and any such End Users in accordance with this EULA and as otherwise necessary for Mastercard Group's compliance with applicable law, performance of any contractual right or obligation in connection with Subscriber and the End Users, including, but not limited to, displaying, minimizing, transferring, compressing or otherwise Processing such Content.
  4. Subscriber and each End User acknowledges and agrees that Mastercard Group does not provide a backup service and does not keep copies of the Content. Subscriber and End Users are solely liable for ensuring that any Content is properly stored and acknowledge and agree that Mastercard Group may delete or deny access to any Content upon the expiration or termination of any Subscription and/or this EULA.
  5. Subscriber acknowledges and agrees that it is solely responsible and liable for any losses, damages, liabilities and/or third-party claims and proceedings arising from or relating to Subscriber's (including any End User’s) use of the Content and the Services. Mastercard Group shall not in any way or form be responsible or liable for use of the Content.

6. OWNERSHIP

  1. The Mastercard Group is, and shall remain the sole owner of, and shall retain all right, title and interest in and to the Services and any related documentation, and any modifications, or improvements thereto or derivative works thereof, whether or not made by the Mastercard Group. The Mastercard Group reserves all rights in and to the foregoing, and Subscriber gains no rights or licenses hereunder, except as expressly granted in this EULA.
  2. Mastercard Group retains ownership of all copies of the software included in the Services, even if the software or a portion thereof would be installed on Subscriber's (including the End Users') computer or other hardware device. Mastercard Group has the unlimited right to assign and/or transfer this license or any part thereof to any third party. Subscriber (including the End Users) may not assign, transfer or sub license this license, its rights under this EULA or any part thereof to any third party.
  3. Any third-party software (if any) included in the Services is licensed to Subscriber in accordance with the respective third-party license terms for such software. If any such third-party license terms are applicable to Subscriber's (including the End Users) use of the Services, Mastercard Group will notify Subscriber of the application of such third-party license terms.
  4. If Subscriber submits feature requests to Mastercard Group's platform, Mastercard Group may choose to implement such features to the platform. Should Mastercard Group implement any feature requests (or parts thereof), Mastercard Group will have all rights to such features, without any compensation to Subscriber, and Subscriber agrees that it will have no rights whatsoever to the features.

7. CONFIDENTIALITY

  1. Each Party will regard any information (in writing, orally, or in any other form) provided to it by the other Party and designated in writing, or if orally provided, indicated verbally by the disclosing Party, as proprietary or confidential, to be confidential (“Confidential Information”). Confidential Information shall also include (i) information which, to a reasonable person familiar with the disclosing Party’s business and the industry in which it operates, is of a confidential or proprietary nature, regardless of whether designated as such in writing (including, without limitation, trade secrets, and, for Mastercard, Mastercard’s Intellectual Property Rights or any data and information contained therein); and (ii) any documents prepared by the receiving Party that contain, otherwise reflect, or, in whole or in part, are generated from disclosed Confidential Information. The parties expressly agree that the Services and the terms and pricing in this EULA are the Confidential Information of the Mastercard Group. Subscriber will not remove or destroy any proprietary markings or restrictive legends placed upon or contained in the Services. Information will not be deemed Confidential Information hereunder if such information: (i) is known by the receiving Party prior to receipt from the disclosing Party, without any obligation of confidentiality, as evidenced by receiving Party’s tangible records; (ii) becomes known to the receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing Party; (iii) becomes publicly known or otherwise publicly available, except through the acts or failure to act by the receiving Party in breach of this EULA; or (iv) is independently developed by the receiving Party without reference to the Confidential Information as evidenced by receiving Party’s tangible records.
  2. Each Party shall protect the other Party’s Confidential Information in the same manner as it protects its own valuable confidential information, but in no event shall less than reasonable care be used. A Party will not disclose the other Party’s Confidential Information to any third party, except (i) as permitted in writing by the disclosing Party prior to any such disclosure, (ii) to employees, consultants, agents and subcontractors that have a need to know such information, provided that the receiving Party shall advise each such third party of their obligations to keep such information confidential, and (iii) to the extent receiving Party is legally compelled to disclose such Confidential Information pursuant to subpoena or the order of any governmental authority, provided that where possible and permitted by applicable law, the receiving Party shall give advance notice of such compelled disclosure to the disclosing Party, and shall cooperate with the disclosing Party in connection with efforts to prevent or limit the scope of such disclosure and/or use of the Confidential Information. Each Party accepts responsibility for the actions of its agents, subcontractors, consultants or employees.
  3. Neither Party shall make use of any of the other Party’s Confidential Information except in its performance under this EULA. Except as otherwise provided in this EULA, at the end of the Term, or such earlier time as the disclosing Party requests, the receiving Party shall return to the disclosing Party, or, at the disclosing Party’s request, securely destroy all Confidential Information of the disclosing Party in the possession of the receiving Party. Notwithstanding the foregoing, the receiving Party is not obligated to destroy Confidential Information (i) commingled with other information of the receiving Party if it would be a substantial administrative burden to excise such Confidential Information; (ii) contained in an archived computer system backup made in accordance with the receiving Party's security or disaster recovery procedures; or (iii) required to be retained pursuant to applicable law, regulatory requirements, or post-termination obligations as stated in this EULA, provided in each case that such Confidential Information remains subject to the obligations of confidentiality in this Section 7 until the eventual destruction.
  4. The confidentiality obligations in this Section 7 shall apply during the Term and for a period of three (3) years thereafter.

8. INDEMNIFICATION

  1. Subscriber will, at its own expense, defend, indemnify and hold harmless the Mastercard Group and each of their employees, officers, directors, agents, representatives and contractors (“Mastercard Indemnitees”) from and against:
    1. Any third-party claim against the Mastercard Indemnitees arising out of or related to: (1) Subscriber’s or its Users’ access to or use of the Services (2) Mastercard Indemnitees use and/or Processing of the Content or Subscriber Data, or (3) Subscriber’s or its Users’ (i) breach of this EULA, and/or (ii) gross negligence or willful misconduct in the performance of its obligations under this EULA, provided that Mastercard: (x) promptly notifies Subscriber of such claim (provided that failure to do so shall not waive Subscriber’s obligations hereunder unless such failure materially hinders Subscriber’s defense of such claim), (y) reasonably cooperates with Subscriber in defense of the claim as reasonably requested by Subscriber and at Subscriber’s cost, and (z) gives full control and sole authority over the defense and settlement of such proceeding, provided that Subscriber may not settle any such claim or action without Mastercard’s prior written consent. Mastercard may participate in the defense and settlement of such claim or action with legal counsel of its own choosing and at its own cost; and
    2. all liability, costs, expenses, losses (including but not limited to reasonable attorneys’ fees and all other professional costs and expenses) suffered or incurred by the Mastercard Indemnitees arising out of or in connection with a breach of Section 4.4 or 4.5 by Subscriber or Subscriber’s Users.
  2. In the case of a Reseller Subscription, or Direct Enrollment Subscription, Mastercard, at its own expense, will defend, indemnify or, at its sole option, settle any claim or action brought by a third party against Subscriber or its officers, directors, employees or agents (“Subscriber Indemnitees”) to the extent alleging that the Services, when used within the scope of this EULA, infringe any patent, trademark or copyright of a third party (“Claim”).
    1. Mastercard’s obligations to indemnification are subject to Subscriber: (a) notifying Mastercard of any such Claim promptly after it obtains knowledge of such Claim (provided that failure to do so shall not waive Mastercard’s obligations hereunder unless such failure materially hinders Mastercard’s defense of such Claim), (b) providing Mastercard with reasonable assistance, information and cooperation in defending the lawsuit or proceeding, and (c) giving Mastercard full control and sole authority over the defense and settlement of such claim, provided that such settlement fully releases Subscriber and is solely for monetary damages and does not admit any liability on behalf of Subscriber.
    2. Mastercard shall have no obligation to indemnify, defend or hold harmless hereunder to the extent that a Claim arises from or is based on any use of the Services: (a) not in accordance with this EULA or the Documentation or for purposes not intended by Mastercard and not specifically authorized under this EULA; or (b) in combination with any other product or service that is not supplied or expressly approved by the Mastercard Group for use with the Services.
    3. Following notice of a Claim or upon any facts which in Mastercard’s sole opinion are likely to give rise to such Claim, Mastercard shall in its sole discretion and at its sole option, elect to: (a) procure for Subscriber the right to continue to use the Services, at no additional cost to Subscriber; (b) replace or modify the Services so that it becomes non-infringing, but remains functionally equivalent; (c) terminate the affected Service and provide a refund to Subscriber for the pro-rata amount of prepaid Subscription Fees paid by Subscriber to Mastercard for the remainder of the Term for such affected Service.
    4. This Section 8.2 sets forth the sole and exclusive liability of the Mastercard Group, and Subscriber’s sole and exclusive remedy, for the actual or alleged infringement or misappropriation of any third-party Intellectual Property Rights by the Services or use thereof.

9. DATA PROTECTION, INFORMATION SECURITY AND BUSINESS CONTINUITY

  1. Subscriber and Mastercard shall comply and shall have any subcontractor comply with all Privacy and Data Protection Law to the extent applicable to the Services.
  2. To the extent that Services under this EULA involve the Processing of Personal Data, the following provisions will apply.
    1. Subscriber shall be solely responsible for ensuring that it provides notice and relies on a valid legal ground to enable the Mastercard Group to provide the Services, including for data transfers, as required under Privacy and Data Protection Law. Subscriber shall be solely responsible for handling individuals’ requests to exercise their Data Protection Rights, in connection with the Services.
  3. Mastercard will complete an annual SSAE 18 (or its then current equivalent) review and will provide to Subscriber a copy of any reports that Mastercard receives related to compliance with the SSAE 18, upon written request from Subscriber, once per year. The SSAE 18 report shall be a "Type 11" report (as specified in the SSAE 18). Any information provided by Mastercard in connection with the SSAE 18 shall be deemed to be Mastercard’s Confidential Information under this EULA.
  4. Mastercard will maintain a formal business continuity program ("Business Continuity Program" or "BCP") that will include plans for emergency response and management, business recovery, and disaster recovery. These plans will be made available for review to Subscriber upon request at a mutually agreeable time and location. BCP documentation will not be available for distribution, as it contains Mastercard’s Confidential Information. Mastercard agrees to annually test its BCP and provide confirmation of exercises, upon written request. Mastercard will also provide information to Subscriber required for Subscriber's development of BCP plans that work in concert with the Mastercard BCP, if requested.
  5. To the extent the Services involve the Processing of Personal Data by the Mastercard Group to provide the Services to Subscriber, Mastercard, and Subscriber hereby enter into a data processing agreement (“DPA”), attached hereto as Appendix A.
  6. For the purpose of the DPA:
    1. Mastercard will act as a Processor (as defined in the DPA) on behalf of Subscriber, and Subscriber will act as a Controller (as defined in the DPA) in the context of the Services.
  7. Mastercard Group’s use or other Processing of Subscriber’s and the End User’s Personal Data for Mastercard Group’s own purposes, including for customer management and marketing/advertising purposes, is described in Threat Protection’s online privacy notice, available at: https://www.baffinbaynetworks.com/legal/privacy-policy.

10. LIMITED WARRANTY; DISCLAIMER OF LIABILITY

  1. During any applicable Term, Mastercard warrants that the applicable Services will function in material accordance with the specifications for such Services, as solely determined by Mastercard and as may be updated by the Mastercard Group from time to time. The Mastercard Group provides no warranty regarding any use of the Services not in accordance with this EULA and not specifically licensed pursuant to this EULA.
  2. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 10.1, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE MASTERCARD GROUP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, TERMS AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, REGARDING THE SERVICES, RELATED DOCUMENTATION OR INFORMATION, AND OTHER MATERIALS AND SERVICES, AND SPECIFICALLY DISCLAIM THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, MERCHANTABLE QUALITY, NON-INFRINGEMENT AND THOSE ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. THE SERVICES ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS AND THE MASTERCARD GROUP DOES NOT WARRANT THAT THE FUNCTIONS OR INFORMATION CONTAINED IN THE SERVICES OR IN ANY UPDATE WILL MEET THE REQUIREMENTS OF SUBSCRIBER OR THAT THE OPERATION OF THE SERVICES WILL BE UNINTERRUPTED OR FREE FROM ERRORS OR OTHER PROGRAM LIMITATIONS. THE INFORMATION PROVIDED BY THE SERVICES MAY CONTAIN TECHNICAL OR TYPOGRAPHICAL ERRORS. THE MASTERCARD GROUP DOES NOT GUARANTEE ITS ACCURACY OR COMPLETENESS. ALL INFORMATION PROVIDED BY THE MASTERCARD GROUP IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY, AND SUBSCRIBER ACKNOWLEDGES THAT SUBSCRIBER USES ANY SUCH INFORMATION AT ITS OWN RISK.
  3. To the maximum extent permitted by applicable law, Mastercard’s Group sole and exclusive obligation and Subscriber’s sole and exclusive remedy for any failure of the Services, including the Services’ failure to meet the warranty in Section 10.1, is limited to the correction, adjustment or replacement of the failed Service which examination indicates, to Mastercard’s Group satisfaction, to be defective or, at Mastercard’s Group sole option, termination of subscription and access rights to the failed Service and a refund of the pro-rata amount of any pre-paid Subscription Fees paid by Subscriber to Mastercard Group for the failed Service for the remainder of the Term of the affected Service.
  4. THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER SUBSCRIBER OR THE MASTERCARD GROUP BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, OR ANY PENALTIES, CLAIMS FOR LOST DATA, REVENUE, PROFITS, COSTS OF PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATED TO THE SUBJECT MATTER OF THIS EULA, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY, WHETHER IN CONTRACT OR IN TORT INCLUDING NEGLIGENCE, EVEN IF A PARTY HAS BEEN ADVISED OF SUCH DAMAGES.
  5. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND EXCLUDING LIABILITY FOR NON-PAYMENT BY SUBSCRIBER OF AMOUNTS DUE UNDER THE EULA, IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY AND ITS AFFILIATES HEREUNDER ARISING OUT OF OR RELATED TO THE SUBJECT MATTER OF THIS EULA, REGARDLESS OF THE FORUM, AND REGARDLESS WHETHER ANY CAUSE OF ACTION OR CLAIM IS BASED ON CONTRACT, TORT, OR OTHERWISE, EXCEED THE SUBSCRIPTION FEES PAID OR PAYABLE BY SUBSCRIBER TO RESELLER OR MASTERCARD, AS APPLICABLE, FOR THE SERVICES DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT(S) GIVING RISE TO LIABILITY; PROVIDED, HOWEVER, THAT (I) MASTERCARD’S AGGREGATE LIABILITY HEREUNDER ARISING OUT OF OR RELATED TO A THIRD PARTY INFRINGEMENT CLAIM DESCRIBED IN SECTION 8.2, AND (II) SUBSCRIBER’S AGGREGATE LIABILITY HEREUNDER ARISING OUT OF OR RELATED TO ITS BREACH OF SECTION 4.4 OR 4.5 SHALL BE SUBJECT TO A SEPARATE DAMAGES CAP NOT TO EXCEED THE GREATER OF (A) TWO HUNDRED FIFTY THOUSAND DOLLARS ($250,000) AND (B) THE SUBSCRIPTION FEES PAID OR PAYABLE BY SUBSCRIBER TO RESELLER OR MASTERCARD, AS APPLICABLE, FOR THE SERVICES DURING THE TWENTY-FOUR (24) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT(S) GIVING RISE TO LIABILITY. FOR CLARITY, THESE LIMITS ALSO APPLY TO MASTERCARD’S AFFILIATES. IT IS THE MAXIMUM FOR WHICH MASTERCARD AND ITS AFFILIATES ARE COLLECTIVELY RESPONSIBLE.
  6. NOTWITHSTANDING ANYTHING CONTAINED HEREIN, (I) DURING THE TERM OF THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY; AND (II) THE MASTERCARD GROUP WILL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OR IN CONNECTION WITH A FREE TRIAL.

11. GOVERNMENTAL SUBSCRIBER – ADDITIONAL TERMS

  1. Federal Government End Use Terms. If Subscriber is a U.S. federal government department or agency or otherwise becomes subject to the Federal Acquisition Regulations (“FAR”) (the “Government”), the terms of this Section 11 (these “Federal Government End Use Terms”) shall apply.
  2. End user. This EULA will bind the Government ordering activity as the end user but will not operate to bind an individual Government employee or person acting on behalf of the Government in his or her personal capacity.
  3. Law and disputes. This EULA is governed by Federal law, and any language in this EULA on the following subjects that is different from that prescribed by applicable Federal law is hereby deleted:
    1. Any language purporting to subject the Government to the laws of a U.S. state, U.S. territory, district, or municipality, or a foreign nation, except where Federal law expressly provides for the application of such laws.
    2. Any language requiring dispute resolution in a specific forum or venue.
    3. Any language prescribing a different time-period for bringing an action in relation to a dispute.
  4. Continued performance. Subject to FAR 52.212-4(f) (Excusable delays), Mastercard Group will not unilaterally revoke, terminate, or suspend any rights granted to the Government except as allowed by this EULA. If Mastercard Group believes the ordering activity to be in breach of this EULA, it will pursue its rights under the Contract Disputes Act or other applicable Federal statute while continuing performance as set forth in FAR 52.212-4(d) (Disputes).
  5. Arbitration: equitable or injunctive relief. In the event of a claim or dispute arising under or relating to this EULA, binding arbitration will not be used unless specifically authorized by agency guidance; and equitable or injunctive relief, including the award of attorney fees, costs, or interest, may be awarded against the Government only when explicitly provided by statute.
  6. Updating terms. After award, Mastercard Group may unilaterally revise the EULA terms if such revisions are not material. A material revision is defined as terms that (For revisions that will materially change the terms of this EULA, the revised EULA must be incorporated into the contract using a bilateral modification. Any EULA terms revised unilaterally subsequent to award that are inconsistent with any material term or provision will not be enforceable against the Government, and the Government will not be deemed to have consented to them):
    1. change the Government’s rights or obligations;
    2. increase Government prices;
    3. decrease overall level of service; or
    4. limit other Government rights addressed elsewhere in this EULA.
  7. No automatic renewals. If any license or service tied to periodic payment is provided in this EULA (e.g., annual software maintenance or annual lease term), such license or service will not renew automatically upon expiration of its current term without prior express consent by an authorized Government representative.
  8. Indemnification by Mastercard Group. Any clause of this EULA requiring Mastercard Group to defend or indemnify the End User is hereby amended to provide that the U.S. Department of Justice has the sole right to represent the United States in any such action, in accordance with 28 U.S.C. § 516. Notwithstanding the above, the Government (a) agrees that any litigation or settlement negotiation will not bind Mastercard Group in any way to the final outcome of any such litigation or settlement; (b) will not impair Mastercard’s Group own rights, defenses, or claims against claimant; (c) will not have the right to settle any claim, make any admissions, or waive any defenses on behalf of Mastercard Group; (d) will in good faith reasonably cooperate and consult with Mastercard Group during the course of litigation and settlement negotiations and will, in good faith, reasonably provide Mastercard Group with access to all communications and documents associated with such claim.
  9. Audits. Any clause of this EULA permitting Mastercard Group to audit a Government End User’s compliance with this EULA is hereby amended as follows:
    1. Discrepancies found in an audit may result in a charge to the ordering activity. Any resulting invoice must comply with the proper invoicing requirements specified in the underlying Government contract or order.
    2. This charge, if disputed by the ordering activity, will be resolved in accordance with FAR 52.212-4(d) (Disputes); no payment obligation will arise on the part of the ordering activity until the conclusion of the disputes process.
    3. Any audit requested by Mastercard Group will be performed at Mastercard’s Group expense, without reimbursement by the Government.
  10. Taxes or surcharges. Any taxes or surcharges that Mastercard Group seeks to pass along to the Government as an End User will be governed by the terms of the underlying Government contract or order and, in any event, must be submitted to the Contracting Officer for a determination of applicability prior to invoicing unless specifically agreed to otherwise in the Government contract.
  11. Non-assignment. This EULA may not be assigned, nor may any rights or obligations thereunder be delegated, without the Government’s prior approval, except as expressly permitted by FAR 52.212-4(b) (Assignment).
  12. Confidential information. Notwithstanding anything in this EULA to the contrary, the Government may retain any confidential information as required by law, regulation, or its internal document retention procedures for legal, regulatory, or compliance purposes; provided, however, that all such retained confidential information will continue to be subject to the confidentiality obligations of this EULA.
  13. Unilateral Termination. Termination of this EULA will be governed by the FAR and the Contracts Disputes Act, 41 U.S.C. §§ 7101-7109. Mastercard Group will not unilaterally revoke, terminate, or suspend any rights granted to the Government except as allowed by this EULA. Any provisions of this EULA relating to termination that are inconsistent with these Federal Government End Use Terms are hereby deleted.Mastercard may cancel or terminate this EULA if such remedy is granted to it after conclusion of the Contract Disputes Act resolution process or if such remedy is otherwise available to Mastercard Group under Federal law.
  14. Subscriber Indemnities. Any clause in this EULA that includes language requiring the Government to indemnify Mastercard Group or any person or entity for damages, costs, fees, or any other loss or liability that would create an Anti-Deficiency Act violation (31 U.S.C. § 1341) is unenforceable against the Government and is hereby deleted. This clause does not apply to indemnification or any other payment by the Government that is expressly authorized by statute and specifically authorized under applicable agency regulations and procedures.
  15. Intellectual Property. The technical data and software rights related to the Services include only those rights customarily provided to the public as defined in this EULA. The Services are provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data - Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). Use, duplication, or disclosure by the United States Government is subject to the restrictions set forth in this EULA and (where applicable) Mastercard's Group end-user license agreement(s) furnished with the Services. Subscriber or End User or Reseller may not agree to grant any rights in Mastercard’s Group technical data inconsistent with this paragraph, the EULA or the Enrollment Form. If Subscriber or End User needs rights not granted under the EULA, it must negotiate with Mastercard Group to determine if there are acceptable terms for granting those rights, and a mutually acceptable written addendum specifically granting those rights must be included in any resulting agreement. This provision applies in lieu of and supersedes and Federal Acquisition Regulation, Defense Federal Acquisition Regulation Supplement, or other clause or provision pertaining to the End User’s rights in technical data, computer software, and computer software documentation.
  16. Future Fees or Penalties. Any language in this EULA requiring the Government to pay any future fees, penalties, interests, or legal costs that would create an Anti-Deficiency Act violation (31 U.S.C. § 1341) is unenforceable against the Government and is hereby deleted.
  17. Limitation of Liability. In addition to the Limitation of Liability included in this EULA, neither Mastercard Group nor an ordering activity will be liable for punitive damages except to the extent this limitation is prohibited by applicable law. This clause will not impair the Government’s right to recover for fraud or crimes arising out of or related to this EULA under any federal fraud statute, including the False Claims Act, 31 U.S.C. §§ 3729-3733.
  18. Advertisements and Endorsements. Any provision allowing Mastercard Group to use the name or logo of an ordering activity to advertise or to imply an endorsement of Mastercard’s Group products or services is hereby deleted. Unless specifically authorized by an ordering activity in writing, the use of the name or logo of any Government entity in advertisements and endorsements will not be used.
  19. Inconsistent Terms. If any language, provision, or clause of this EULA conflicts or is inconsistent with these Federal Government End Use Terms, the language, provisions, or clause of these Federal Government End Use Terms will prevail to the extent of such inconsistency.

12. SANCTIONS; COMPLIANCE

  1. Each Party shall fulfill its obligations as stated in this Agreement in accordance with all applicable laws and regulations, including, without limitation, the Foreign Corrupt Practices Act, the U.K. Bribery Act, and all other applicable anti-corruption and anti-bribery laws. In connection with Subscriber’s use of the Hosted Services and cross-border transfer of all reports, data, materials, documents, or other deliverables provided by the Mastercard Group to Subscriber in connection with the Hosted Services (“Deliverables”), the Customer shall comply with all applicable export, re-export, and import control laws and regulations of all applicable jurisdictions, and Subscriber shall not export or re-export the Hosted Services or Deliverables. Subscriber shall not engage in any activities related to these this Agreement with a Person who is identified on the lists of specially designated nationals or blocked parties maintained by the U.S. Treasury Department’s Office of Foreign Assets Control, or other relevant jurisdiction. Such list is currently accessible at: http://www.treasury.gov/ofac.
  2. Each Party hereby guarantees that it is neither on any sanctions list of the European Union, the United States, or the United Nations, nor are they subject to a corresponding embargo, and that the execution of this Agreement does not otherwise violate export control regulations during the term of this Agreement. The Parties shall not engage in dealings, directly or indirectly, with any entity or person or in any jurisdiction subject to European Union, the United States, or the United Nations sanctions regulations.
  3. The Parties represent, warrant and covenant that each of it and its Staff, subcontractors, agents and other third parties acting on its behalf: (a) is not named on any U.S. Department of Treasury Office of Foreign Asset Control Sanctions lists or any applicable foreign sanctions lists; (b) shall not, directly or indirectly, access, use, sell, export, reexport, transfer, divert, or otherwise dispose of all or any part of the Services or Documentation to any country (or national thereof) that is subject to antiterrorism controls or U.S. embargo, or to any other person or entity or destination prohibited by the laws of the U.S. or the laws of the Territory or any other applicable jurisdiction, without obtaining, at its own expense, prior authorization from the competent government authorities as required by those laws.
  4. The Parties shall not engage in dealings, directly or indirectly, with any entity or person or in any jurisdiction subject to U.S. OFAC sanctions regulations. Each Party represents and warrants that it is currently not on any OFAC List, nor on any similar restricted party listings, including those maintained by other governments pursuant to applicable United Nations, regional or national trade or financial sanctions.
  5. The Parties shall comply with all trade and economic sanctions programs relevant to where they do business, including trade and economic sanctions maintained by the Office of Foreign Assets Control (“OFAC”) and similar laws of the countries where the Parties are located. The Parties shall not engage in any conduct that would cause the other Party to violate applicable sanctions programs. The Parties shall notify the other party immediately if it becomes aware that it, its subcontractors, or related parties engage in activity prohibited by applicable sanctions. To the extent applicable, the Parties shall comply and shall ensure that each of its subcontractors and personnel complies, with all applicable laws (e.g., anti-bribery, corruption, export controls, sanctions) in connection with this Agreement. Each Party agrees to comply with all applicable laws and regulations in connection with this Agreement.
  6. Subscriber acknowledges that the Hosted Services, or a portion thereof, are subject to the Export Administration Regulations, 15 C.F.R. Parts 730-774, of the United States and may be subject to other applicable country export control and trade sanctions laws (“Export Control and Sanctions Laws”). Subscriber shall not, and shall not permit any of its end users, to access, use, export, re-export, divert, transfer, or disclose any part of the Hosted Services or any related technical information or materials, directly or indirectly, in violation of any applicable export control or trade sanctions law or regulation. Subscriber represents and warrants that: (i) Subscriber and Subscriber’s end users (a) are not citizens of, or located within, a country or territory that is subject to U.S. trade sanctions or other significant trade restrictions (including without limitation Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk and Luhansk regions of Ukraine) and that Subscriber and Subscriber’s end users will not access or use the Hosted Services, or export, re- export, divert, or transfer the Hosted Services, in or to such countries or territories; (b) are not persons, or owned 50% or more, individually or in the aggregate by persons, identified on the U.S. Department of the Treasury’s Specially Designated Nationals and Blocked Persons List or Foreign Sanctions Evaders Lists; and (c) are not persons on the U.S. Department of Commerce’s Denied Persons List, Entity List, or Unverified List, or U.S. Department of State proliferation-related lists; and (ii) Subscriber and Subscriber’s end users located in China, Russia, or Venezuela are not Military end users and will not put the Hosted Services to a Military end user, as defined in 15 C.F.R. 744.21. Subscriber is solely responsible for complying with the Export Control and Sanctions Laws and monitoring them for any modifications.
  7. At all times during the Term of the Agreement, the Parties shall comply with all applicable laws relating to anti-money laundering (including, in the U.S., the Bank Secrecy Act, Title III of the USA PATRIOT Act, and the implementing regulations promulgated by the Financial Crimes Enforcement Network) and any related or similar applicable laws, issued, administered, or enforced by any government authority.

13. GENERAL PROVISIONS

affiliate-table.png
  1. This EULA shall be governed solely by the governing law listed in the chart above for the Mastercard Affiliate that is a Party to (i) in the case of a Direct Enrollment Agreement, Subscriber’s Enrollment Form, (ii) in the case of a Reseller Subscription, the Reseller Agreement with the applicable Reseller, or (iii) in the case of a Free Trial, the Free Trial documentation or the non-disclosure agreement executed in connection therewith, (the “Mastercard Contracting Party”), without regard to such jurisdiction’s principles of conflicts of law. The application of the United Nations Convention of Contracts for the International Sale of Goods or other international laws is expressly excluded.
  2. Each Party consents to the personal and exclusive jurisdiction of the courts located in the jurisdiction listed in the chart below for the Mastercard Contracting Party, in connection with all proceedings related to the Services or this EULA.
  3. Subscriber represents and warrants that (i) it has the right to enter into this EULA and fully perform its obligations under this EULA, including those required as per the laws and/or policies applicable to procurements done by Subscriber; and (ii) it shall comply with all applicable European Union, federal, state and local laws and regulations affecting the subject matter of this EULA. Subscriber acknowledges that the Services and all related technical information, documents and materials, including the Documentation, may, either now or through subsequent developments, be subject to export controls under the U.S. Export Administration Regulations and/or economic sanctions restrictions under the U.S. Treasury’s Office of Foreign Assets Control regulations that could require a license for delivery to certain entities. Subscriber will (a) comply strictly with all legal requirements established under these controls, (b) cooperate fully with Mastercard Group in any official or unofficial audit or inspection that relates to these controls and (c) not export, re-export, divert or transfer, directly or indirectly, any such item or direct products thereof to any country or national thereof that is embargoed by Executive Order or other applicable law, rule or regulation, unless Subscriber has obtained the prior written authorization of Mastercard Group and the applicable governmental agency. It is the intent of the Parties that no payments or transfers of value or other advantage shall be made or undertaken or attempted which have the purpose or effect of public or commercial bribery, acceptance of or acquiescence in extortion, kickbacks or other unlawful or improper means of obtaining business for any person. Therefore, each Party agrees that it shall comply, and shall ensure that each of its employees, directors, temporary workers, and personnel (collectively “Staff”), agents, subcontractors and third parties acting on its behalf, complies with all applicable anti-bribery and anti-corruption laws in connection with business dealings and activities between the Parties. Each Party represents, warrants, represents and covenants to the other that it and each of its Staff, agents, subcontractors and third parties acting on its behalf has not and will not, in connection with the activities contemplated by this EULA or in connection with any other business activities involving Mastercard, make, promise or offer to make any payment or transfer of anything of value or any other advantage directly or indirectly through a representative, intermediary agent or otherwise: (i) to any Government official; (ii) to any political party; or (iii) to any other person for the purpose of improperly influencing any act, omission to act or decision of such official, political party or individual or securing an improper advantage to assist it in obtaining or retaining business. Each Party represents, warrants, and covenants to the other that it and each of its Staff, agents, subcontractors and third parties acting on its behalf has not and will not, in connection with any business activities involving the other, accept anything of value from any third party seeking to improperly influence any act or decision or in order to secure an improper advantage to that third party. “Government official” is defined as: (i) any employee or officer of a government of a country, state or region, including any federal, regional or local government or department or agency, or enterprise owned, in whole or in part, or controlled by such a government, (ii) any official of a political party, (iii) any official or employee of a public international organization, (iv) any person acting in an official capacity for, or on behalf of, such entities or (v) any candidate for political office. Failure by any Party to comply with the terms of this clause will constitute a material breach of this EULA. The Parties shall comply with all trade and economic sanctions programs relevant to where the Parties are located and where they do business, including trade and economic sanctions maintained by the Office of Foreign Assets Control (“OFAC”). Subscriber shall not engage in any conduct that would cause Mastercard to violate applicable sanctions programs. Subscriber shall notify Mastercard immediately if Subscriber becomes aware that it, its subcontractors, or related parties engage in activity prohibited by applicable sanctions and Mastercard shall have the right to terminate this EULA without any delay upon receipt of the said notification from Subscriber.
  4. This EULA shall bind and inure to the benefit of each Party’s permitted successors and assigns. Neither Party may assign or transfer its rights or obligations granted under this EULA, by operation of law, contract, or otherwise, without the other Party’s prior written consent, such consent not to be unreasonably withheld; provided, however, that Mastercard may, without the consent of Subscriber, delegate or assign any obligations under this EULA, in whole or in part, to an Affiliate capable of performing Mastercard’s obligations hereunder. Notwithstanding the foregoing, Mastercard and its Affiliates may assign any of its or their rights or obligations under this EULA without the prior written consent of Subscriber to any successor entity, including by way of a merger, acquisition, consolidation, asset or stock sale, or similar transaction. Mastercard may assign its rights to payments under this EULA without obtaining Subscriber’s consent. Any attempted assignment of this EULA in violation of this Section will be null and void. In the event of an assignment by Subscriber, Subscriber shall pay Mastercard any additional agreed professional services fees, one-time deployment fees, or other reasonable costs incurred by the Mastercard Group in connection with the migration of the Services to the assignee. The parties will negotiate in good faith the scope and the payment terms of any such additional fees.
  5. Except for Subscriber’s payment obligations, neither Party shall be liable for loss or damage, or for any delay, or failure to perform its obligations under this EULA, to the extent such loss, damage, delay, or failure is caused by any act of God, natural disaster, fire, strike, embargo, war, threat of terrorism, insurrection, riot, denial of service attack, or other cause or circumstance beyond the reasonable control of the Party; provided, however, that the foregoing shall not excuse any failure by such Party to take reasonable action to minimize the scope, extent, duration, and adverse effect of any such event.
  6. The Mastercard Group shall have the right to mention that Subscriber is a user of the Services in the Mastercard Group’s press releases, descriptions and communications, and all related promotional and marketing materials at any time, in each case relating to the Services. Subscriber hereby grants to the Mastercard Group a nonexclusive, worldwide, fully paid-up, nontransferable license, without right of sublicense, to copy, distribute, display, and use any trademarks, service marks, trade names, business names, and/or logos owned or used by Subscriber for the purposes described in this section. All proprietary rights and goodwill associated with the Mastercard Group’s use of Subscriber’s Marks will inure to the benefit of Subscriber.
  7. Nothing in this EULA is intended to confer any rights or remedies to any persons other than the parties, their permitted successors and assigns, the Mastercard Indemnitees and Subscriber Indemnitees.
  8. In the event that any provision of this EULA conflicts with the law under which this EULA is to be construed, or is held invalid by a court with jurisdiction over the parties to this EULA, (a) such provision will be deemed restated to reflect as nearly as possible the original intentions of the parties in accordance with applicable law; and (b) the remaining provisions of this EULA will remain in full force and effect.
  9. The failure of either Party to insist upon or enforce strict performance by the other Party any provision of this EULA, or to exercise any right under this EULA, shall not be construed as a waiver or relinquishment to any extent of such Party’s right to assert or rely upon any such provision or right in that or any other instance; rather, the same will be and remain in full force and effect. Neither Party will be deemed to have waived any of its rights under this EULA by lapse of time or by any statement or representation other than by an explicit written waiver. No waiver of a breach of this EULA will constitute a waiver of any prior or subsequent breach of this EULA.
  10. This EULA will not be construed in favor of or against either Party by reason of authorship. This EULA, including all attachments, exhibits, constitutes the entire agreement between the parties, and supersedes and replaces all prior or contemporaneous understandings or agreements, written or oral, regarding such subject matter.
  11. All notices delivered under this EULA shall be in writing and deemed to be given (a) when actually received if delivered personally; (b) two (2) days after the date deposited with the U.S. Postal Service if sent by certified or registered mail; and (c) one (1) day after the date delivered to a reputable next-day courier service for overnight delivery. Notices shall be addressed to a Party at (1) in the case of Mastercard, c/o Mastercard International Incorporated, 2000 Purchase Street, Purchase New York, 10577 USA, Attention: General Counsel, with a copy to (which shall not constitute notice) c/o Mastercard International Incorporated, 801 Brickell Avenue, Suite 1100, Miami, FL 33131-4945, Attention: Patricio Hernandez and (2) in the case of Subscriber, (i) for a Direct Enrollment Subscription, the address set forth in the Enrollment Form, and (ii) in all other cases, the most recent address that Mastercard has for such Subscriber in its books and records related to the Services. Either Party may change such address by giving notice in accordance with this Section.
  12. Each Party shall maintain adequate insurance or shall self-insure at an appropriate level with respect to the business activities carried out by such Party in the ordinary course. Each Party shall furnish certificates of insurance to the other Party upon reasonable request.
  13. References in this EULA to Purchase Orders are made for reference purposes only in the case of a Reseller Subscription and no terms or conditions contained in any Purchase Order shall be binding upon the Mastercard Group or otherwise apply to the relationship between Subscriber and Mastercard or the transactions contemplated by this EULA. The Mastercard Group shall not be bound by any terms and conditions agreed between Subscriber and any Reseller.
  14. Except where otherwise specified, the rights and remedies granted to a Party subject to this EULA are cumulative and in addition to, and not in lieu of, any other rights or remedies which a Party may possess at law or in equity.
  15. In the event of an inconsistency or conflict between a term in this EULA and a term contained in an Enrollment Form, as applicable in the case of a Direct Enrollment Subscription, the term in the Enrollment Form shall govern.

Appendix A - Data Processing Agreement

This Data Processing Agreement (the “DPA”) regulates the Processing of Personal Data subject to Privacy and Data Protection Law in the context of the EULA (as defined below).


WHEREAS:


(A) The Parties have entered into the EULA which may involve the Processing of Personal Data.


(B) The Parties have agreed to enter into this DPA to govern such Processing of Personal Data, where applicable.


NOW THEREFORE:


I. This DPA regulates the Processing of Personal Data (as defined below) by the Mastercard Group to provide the Services to Subscriber.


II. This DPA is incorporated into and forms part of the EULA. Except as modified below, the terms of the EULA remain in full force and effect. Exhibits 1 and 2 form an integral part of this DPA.


III. For the purposes of this DPA only and except where indicated otherwise, the term “Party” shall include each Party's respective Affiliates (as defined in this DPA) insofar as they are a Party to the EULA and/or any collateral thereto.


IV. In the event of a conflict between the terms of the EULA (or a collateral contract to the EULA) and this DPA, the terms of this DPA shall control to the extent of the conflict.


1. DEFINITIONS. Capitalized terms used but not defined in this DPA will have the meanings given to them by the EULA.


1.1. The terms “Business,” “Sell,” and “Share,” and “Service Provider” as used in this DPA will have the meanings ascribed to them in the CCPA.


1.2. “Controller” means Business, “controller,” or an analogous term as defined by applicable Privacy and Data Protection Law.


1.3. “Mastercard BCRs” means the Mastercard Binding Corporate Rules as approved by the data protection authorities and available at https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.


1.4. “Processor” means “service provider,” “contractor,” “processor,” or an analogous term as defined by applicable Privacy and Data Protection Law.


1.5. “Standard Contractual Clauses” means the clauses annexed to the EU Commission Implementing Decision 2021/914 of June 4, 2021, on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (OJ L 199, 7.6.2021, p. 31-61), as amended or replaced from time to time.


1.6. “Sub-Processor” means a Processor engaged by a Processor to carry out Processing on behalf of a Controller.


1.7. “UK Addendum” means the addendum to the Standard Contractual Clauses issued by the UK Information Commissioner under Section 119A of the UK Data Protection Act 2018 (version B1.0, in force March 21, 2022).


1.8 “U.S. Privacy Laws” means state and federal Privacy and Data Protection Laws of the United States (“U.S.”) applicable to Mastercard Group’s Processing of Personal Data to provide the Services to Subscriber, which may include, to the extent applicable: (i) theCalifornia Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act, and their implementing regulations (“CCPA”); (ii) Colorado Privacy Act, Colorado Rev. Stat. §§ 6-1-1301 to 6-1-1313 (“ColoPA”); (iii) Connecticut Personal Data Privacy and Online Monitoring Act, Public Act No. 22-15) (“CPOMA”); (iv) Utah Consumer Privacy Act (Utah Code Ann. §§ 13-61-101 to 13-61-404) (“UCPA”); and (v) Virginia Consumer Data Protection Act, Virginia Code Ann. §§ 59.1-575 to 59.1-585 (“VCDPA”).


2. ROLES AND OBLIGATIONS.


2.1. The roles of the Parties to this DPA are defined in section 9.6.1 of the EULA.


2.2. This DPA applies only to Mastercard’s Processing of Personal Data for the nature, purposes, and duration set forth in Exhibit 1.


2.3. The Parties represent and warrant that they will comply with applicable Privacy and Data Protection Law when Processing Personal Data in the context of the Services. The Parties shall notify each other if they can no longer meet their obligation under applicable Privacy and Data Protection Law. Upon receiving notice, each Party may direct the other to take steps as reasonable and appropriate to remediate unauthorized use of Personal Data or terminate this DPA upon thirty (30) days’ notice.


2.4. For the avoidance of doubt, the obligations imposed on Controllers or Processors under this DPA apply irrespective of whether applicable Privacy and Data Protection Law uses the terms Controller and Processor, or uses similar terms, and irrespective of whether it provides or not for a distinction between Controllers and Processors.


2.5. Solely with respect to U.S. Privacy Laws:


2.5.1. Processor represents and warrants that Processor, its employees, agents, subcontractors, and sub-processors (a) will comply with applicable U.S. Privacy Laws, (b) will provide Controller with reasonable assistance requested by controller to the extent necessary to enable Controller to fulfill Controller’s obligations under the U.S. Privacy Laws, and (c) understand and will comply with Processor’s obligations under this DPA. Upon the written request of Controller, Processor will make available to Controller information in Processor’s possession and control as necessary to demonstrate Processor’s compliance with this Subsection 2.5.1.


2.5.2. No more than once per calendar year unless otherwise required by applicable U.S. Privacy Laws, Controller may request from Processor information and documentation reasonably available to Processor that demonstrates Processor’s compliance with this DPA. Such information and documentation will constitute Processor’s Confidential Information.


2.5.3. Processor will Process Personal Data solely in accordance with the EULA and this DPA. Except as expressly permitted by applicable U.S. Privacy Laws, Processor is prohibited from (i) Selling or Sharing Personal Data, (ii) retaining, using, or disclosing Personal Data for any purpose other than for the specific purpose of performing the Services specified in Exhibit I, (iii) retaining, using, or disclosing Personal Data outside of the direct business relationship between the Parties, and (iv) combining Personal Data with Personal Data obtained from, or on behalf of, sources other than Controller.


2.5.4. In the event that Controller discloses or makes available de-identified data (as such term is defined in applicable U.S. Privacy Laws) to Processor, Processor shall not knowingly attempt to re-identify such de-identified information.


2.5.5. The Parties acknowledge and agree that the exchange of Personal Data between the parties does not form part of any monetary or other valuable consideration exchanged between the Parties with respect to the EULA or this DPA.


3. OBLIGATIONS OF THE PROCESSOR. Processor will take steps to:


3.1. Only Process Personal Data in accordance with Controller’s lawful written instructions or as otherwise agreed by the Parties in writing, unless otherwise required by law. Controller hereby authorizes Processor to Process, as a Controller, Personal Data relating to the operation, support, or use of the Services to (i) conduct internal analyses of Personal Data, (ii) develop and improve existing and future products and services offered to third parties, (iii) monitor and prevent fraud, and (iv) prepare and furnish reports of aggregated or anonymized information provided that such reports do not identify Controller and do not identify any Data Subjects whose Personal Data were involved in the preparation of the report.


3.2. Promptly inform Controller if, in its opinion, Controller’s instructions infringe Privacy and Data Protection Law, or if Processor is unable to comply with Controller’s instructions.


3.3. Notify Controller when local laws prevent Processor from (i) fulfilling its obligations under this DPA or the Mastercard BCRs, if applicable, and have a substantial adverse effect on the guarantees provided by this DPA or the Mastercard BCRs, if applicable, or (ii) complying with the instructions received from Controller via this DPA, except if such disclosure is prohibited by applicable law, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation.


3.4. Ensure that persons authorized to Process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.


3.5. Ensure a level of security appropriate to the risk for the Personal Data , notify Controller in case of a Personal Data Breach affecting Personal Data Processed by the Processor without undue delay, and implement at the minimum the security measures listed in Exhibit 2.


3.6. Assist Controller, in so far as possible, in fulfilling its own data protection compliance obligations under Privacy and Data Protection Law, and provide to Controller all information available to Processor as necessary to demonstrate compliance with Controller’s own obligations under Privacy and Data Protection Law, including Controller’s obligation to respond to Data Subjects’ requests to exercise their Data Protection Rights, and to conduct data protection impact assessments or prior consultation with Supervisory Authorities.