Master Service Agreement

Terms and Conditions

This Master Service Agreement ("Agreement") is entered into as of (DATE) (“Effective Date”) by and between International Risk Mitigation, LLC, dba Chargeback Gurus, a Delaware limited liability company, having its principal offices located at 5601 Democracy Dr. #195, Plano, TX 75024  ( “CBG”), and (INSERT MERCHANT NAME), a (insert company legal structure) , having its principal offices located at (insert full address) (referred to herein as “Merchant”). CBG and Merchant, shall each be referred to as a “Party”, or collectively as the “Parties”.

Recitals

WHEREAS CBG provides Chargeback related services that assist merchants in addressing disputes by a merchants’ customers related to such electronic Card Transactions processed by their Acquiring Bank; and

WHEREAS Merchant desires to obtain the Services offered by CBG as further set forth in this Agreement and any Statements of Work executed by Merchant.

NOW, THEREFORE, in consideration of the foregoing, specifically incorporated herein, and the mutual promises and agreements hereinbelow, and other good and valuable consideration, the receipt and legal sufficiency of which are hereby mutually acknowledged with the intent to be legally bound, the Parties agree as follows:

1.    Definitions

All capitalized terms in this Agreement or a Statement of Work not defined in this Section shall have the meanings set forth in the Sections or Schedules of this Agreement in which they are defined.

“Acquiring Bank” means any financial institution that settles Card Transactions on behalf of Merchant.

“Affiliates” means a person who, directly or indirectly, (i) owns or controls a Party to this Agreement or (ii) is under common ownership or control with a Party to this Agreement.

"Applicable Law" means, without limitation, (i) all laws, rules, regulation or  state and/or municipal ordinance in effect from time to time to which CBG or Merchant are subject, (ii) Card Network Rules, (iii) any court order, judgment, or binding decree on a Party, (iv) any directive, policy or order made or given by a regulator or other government agency of the United States, or federal, state, provincial or jurisdiction.

“Arbitration” means the final appeal process and resulting determination by a Card Network following a dispute from a Cardholder against a merchant that was unresolved following a Pre-Arbitration Case.

“Cardholder” means the holder of a credit or debit card used to pay Merchant that results in a Transaction.

“Card Network” means an entity formed to administer and promote various card and payment products including, without limitation, American Express, Discover Financial Services, MasterCard International Inc., Visa Inc., and Visa International Inc and any applicable EBT and/or PIN debit networks.

“Card Network Rules” means the rules regulations, by-laws, releases, interpretations. Technical specifications and other requirements imposed or adopted by any Card Network, including those of the PCI Security Standards Counsel and the National Automated Clearing House.

“Cardholder Information” means (a) any Transaction information pertaining to a Cardholder who purchased goods for services from Merchant.

“Case” means a dispute filed by a Cardholder through their Issuing Bank that results in a Chargeback, Retrieval Request, Pre-Arbitration or Arbitration action pursuant to Card Network Rules.

 

“Chargeback” means a Transaction reversal pursuant to a cardholder’s dispute of such Transaction meant to serve as a form of consumer protection from fraudulent activity.

“Data” means all data and information that Merchant transfers or provides access to CBG that enables CBG to provide the Services, including but not limited to, Personal Data, Cardholder Information, Merchant's ISP address, Merchant's product or service, Merchant's device ID, names, addresses, telephone numbers, email addresses, social security numbers and/or tax identification numbers and payment data.

“Data Storage Site” means any of Merchant’s locations that maintain Data or provide access to a Data location required by CBG to provide the Services including but not limited to its customer management software, Payment Processor, Acquiring Banks, payment gateways, and chargeback portals.

“Fees” means all amounts due to CBG by Merchant pursuant to this Agreement (and incorporated Statement(s) Of Work), including but not limited to amounts owed for Services, administrative charges, Return Payment Fees, and liquidated damages.

“Implementation Date” shall mean the date that the first chargeback case or alert is received by CBG pursuant to an applicable Statement of Work.

“Intellectual Property Rights” means patent rights (including patent applications and disclosures), copyrights (including rights in audiovisual works and moral rights), trademark rights, trade secret rights, and any other intellectual property rights recognized by the law of each applicable jurisdiction.

“Issuing Bank” means a financial institution that issues the Card Association branded payment cards directly to consumers.

“Merchant Rule Set” means the rules and protocols established by Merchant at the time they elect the Services and that instruct CBG on its decision to pursue an action for each Case.

“Dispute Pending Fee” means the fee charged by CBG on any Case that appears on CBG’s system as “decision pending” on behalf of a Merchant at the time that such Merchant terminates the Services.

“Payment Processor” means the entity that provides credit payment processing for Merchant.

"PCI-DSS” means Payment Card Industry Data Security Standard.

“Personal Data” means all information relating to an identified or identifiable individual, as well as all payment information (including bank account numbers, credit card and debit card numbers).

“Personnel” means a Party’s employees, agents, affiliates, consultants, contractors, and subcontractors.

“Pre-Arbitration” means a further dispute that a Cardholder files after a First Chargeback is determined to be in favor of the Merchant subject to the Merchant Rule Set.

“Retrieval Request” refers to a request made to Merchant by its payment processing company for specified information about a particular Transaction, which pursuant to the terms of the operative agreement with Merchant’s payment processing company triggers a defined period of time by which Merchant must respond, or the request is converted to a Chargeback.

“Return Payment Fee” is a fee charged to Merchant by CBG on each occurrence when CBG is unable to collect Fees on Merchant’s Account for any reason, including but not limited to insufficient funds, closed account, or any other negative response.

“Revenue Recovered” means the amount of money disputed by the Cardholder in Cases and decided in favor of the Merchant.

“Statement of Work” or “SOW” means a work order entered into by Parties that define each Service that Merchant has selected to utilize under the terms of this Agreement and any additional terms and conditions of the Service.

“Third-Party Service Provider” means an entity that assists CBG in providing the Services that is not an Affiliate.

“Transaction” means any billable occurrence completed or submitted under Merchant’s account including but not limited to sale, void, refund, credit offline force, capture, authorization, or settlement regardless of whether approved or declined.

>Back to top

2.   Services

• Services. All Services elected by Merchant and provided by CBG will be described in each Statement of Work. Merchant may elect each product or service that it would like CBG to provide which will be subject to the terms and conditions in the Statement of Work for each product. The terms of the Master Agreement will also apply to each Statement of Work. CBG may perform the Services directly, or through Affiliates and third parties provided that CBG remains responsible for the Services. CBG reserves the right, in its sole discretion, to amend, modify, or terminate its Services, and Merchant acknowledges and agrees that CBG will not be liable to Merchant in the event of any such changes. During the Term of the Agreement, Merchant agrees that CBG shall be the exclusive provider of the Services.
• Additional Third- Party Terms and Conditions. Certain Services provided to you are products owned by the Card Networks and are provided by CBG under agreements between CBG and the respective Card Network. If you elect one of these Services, the SOW will indicate that additional terms and conditions will apply to those Services, and you agree to these additional terms. These additional terms and conditions are attached and described in Schedule A to this Agreement and is incorporated by reference.

3.    General Duties

• CBG Responsibilities. Subject to the limitations in this Agreement, CBG will (a) use commercially reasonable efforts to provide the Services in a timely manner, including but not limited to, electronic monitoring, retrieval, transmission and presentation of Data in compliance with applicable industry standard Chargeback arbitration procedures using encryption protocols; (b) upload and use Data for the sole purpose of populating CBG’s systems and performing the Services; and (iii) upon the transmission of Data for the purposes contemplated by this Agreement, take reasonable steps calculated to maintain the strict confidentiality of all such Data during and after the Term of the Agreement.
• Merchant Responsibilities. Prior to implementation of the Services, Merchant will (i) provide CBG with appropriate access to Data on all its applicable Data Storage Sites or by transferring Data to CBG for storage and use in connection with the Services; (ii) maintain and update CBG’s access protocols to Data Storage Sites as required to ensure CBG’s timely provision of the Services; (iii) authorize CBG to interact directly with its Payment Processor. or any person necessary to assist in Chargeback and/or Retrieval Request resolution; and (iv) ensure ongoing permission from Merchant Cardholders to provide and process Data (including Personal Data) by CBG in connection with the Services. If you (a) do not provide access to all Data, or (b) additional Data is needed to respond to a Chargeback case that is not available in the Data Storage Sites, then, CBG will notify you by email to request the additional records/Data that is needed. You will be charged an additional service fee of five dollars ($5.00) per Chargeback. You must provide the requested records within one (1) business day from the date the request is made but no later than eight (8) days prior to the Card Network deadline to submit the Chargeback Case. If such Data is not provided timely as described in the preceding sentence, and CBG is unable to submit the Case, you will be billed the standard Service Fees applicable to the Chargeback as if it had been submitted.

In addition, Merchant agrees to notify CBG of any new Merchant accounts with Acquiring Banks and/or Payment Processors within one (1) week of an account activation. Such notification must be delivered by Merchant to CBG through the CGB portal. If Merchant fails to timely provide such access during the Term of the Agreement, CBG shall not be held accountable for any failure to provide Services due to CBG’s inability to access all Merchant’s necessary Data to provide the Services. CBG will notify Merchant about any login/access issues via email. Such access issues must be rectified by Merchant within two (2) business days of CBG’s e-mail notice. Merchant will not provide its login material, or any other material associated with CBG’s provision of the Services, to third-parties, including, but not limited to competitors, unaffiliated associates, or outside vendors

4.    Privacy and Data Security

• General. In connection with providing the Services under this Agreement, CBG will receive the transfer of or have access to Data that is required to perform the Services. Data that is transferred to CBG, will be stored on cloud servers in the United States but may be further accessed and processed by Affiliates and Third- Party Providers outside the United States. CBG maintains the appropriate agreements and controls in connection with its use of Affiliates and Third- Party Providers.
• Ownership and License. As between Merchant and CBG, all right, title and interest in and to Data shall be owned by Merchant and Merchant shall be solely responsible for ensuring the accuracy, quality, the means by which Merchant acquires Data and Merchant’s use of Data in connection with the Services, including compliance with all Applicable Law and obtaining any consents required for the collection, use, processing and disclosure of Personal Data. During the Term of this Agreement, Merchant hereby grants to CBG a royalty-free, non-exclusive, non-transferrable license to use, copy, process, analyze, store and display all Data for the purpose of enabling CBG to provide the Services and perform its obligations under this Agreement.
• Data Processing. Merchant acknowledges and agrees that any Data provided to CBG, including any Personal Data contained therein, is processed by CBG on behalf Merchant. CBG agrees: (a) to use commercially reasonable efforts to put in place measures to protect Data against unauthorized access and accidental disclosure that are adequate in light of the sensitivity of the information; (b) not to disclose any Data to any third party without Merchant’s prior written consent; and (c) not to use any Data for any purpose except to the extent necessary under this Agreement. In addition, as required by Applicable Law, the Parties agree to the terms of the Data Processing Addendum attached hereto as Addendum 1.
• De-Identified Data. Notwithstanding any other provision of this Agreement, Merchant acknowledges and agrees that CBG may use Data to generate depersonalized and de-identified usage data, statistics, and other aggregate and non-aggregate information, and that CBG may use, store and share such data for any lawful purpose without restriction during the Term of this Agreement and at any time thereafter. For greater certainty, the foregoing shall not be considered Data or Confidential Information of Merchant for the purposes of this agreement.
• Information Security Program. CBG shall (a) have a written information security program in place that is actively assessed and managed as part of ordinary course of business; and (b) monitor industry-standard information channels for newly identified vulnerabilities and fix or patch based upon risk. Without limiting the foregoing, CBG’s information security program must, at a minimum, be designed to: (a) ensure the security, integrity and confidentiality of Merchant’s Confidential Information; (b) protect against any anticipated threats or hazards to the security or integrity of Merchant’s Confidential Information; (c) protect against unauthorized access to or use of Merchant’s Confidential Information; and (d) ensure the proper disposal of Merchant’s Confidential Information in accordance with the requirements of this Agreement.

CBG will periodically assess its information security program, including: (1) identification of any threats that could result in a security breach; (2) assessment of the likelihood and potential damage of such threats, and (3) assessment of the sufficiency of CBG’s policies, procedures, and information systems to control and protect against risks to Merchant’s Confidential Information.

• Incident Reporting. CBG shall promptly and without delay, report to Merchant any unauthorized, accidental or unlawful access, disclosure, loss, use, destruction, acquisition of, or damage to Merchant’s Confidential Information that has occurred or is reasonably believed to have occurred (a “Security Incident”).
• Encryption. CBG will encrypt Merchants Confidential Information using industry standard encryption methods and tools where: (a) such encryption is required by Applicable Law, (b) such Confidential Information is transmitted or sent by or on behalf of CBG across public networks, (c) such Confidential Information is stored on portable storage media or handheld devices, or (d) such Confidential Information is stored on any device that is transported outside of the physical or logical controls of CBG. CBG will safeguard the security and confidentiality of all encryption keys.

5.    Ownership/Intellectual Property

• CBG Ownership. CBG is and will remain, the sole owner of, and retains all right, title, and interest, including Intellectual Property Rights, in and to all technology, software, documentation, information, processes, methodologies, methods of analysis, ideas, concepts, and know-how owned by CBG prior to the Effective Date, including the Services, and any and all improvements, modifications, or derivative works of or to any of the foregoing made at any time, whether undertaken by CBG or another party (collectively, “CBG Property”). CBG reserves all rights to CBG Property, and Merchant gains no rights or licenses to CBG Property other than as expressly granted in this Agreement. Merchant shall not, nor shall any related person, reverse engineer, disassemble, decompile, or otherwise attempt to discover the source code or trade secrets that comprise the Services or related technology.

Unless otherwise set forth in this Agreement or SOW, all right, title and interest, including Intellectual Property Rights, in and to any technology, software, inventions, or other works created as a result of this Agreement (“Work Product”) will be owned exclusively by CBG and is deemed CBG Property for purposes of this Agreement. To the extent any ownership interest in Work Product vests in Merchant, by operation of law or otherwise, Merchant hereby irrevocably assigns to CBG all right, title, and interest, including Intellectual Property Rights, in and to Work Product.

• Marks. During the Term, CBG will have the right to use the trademarks, trade names, service marks, and logos provided by Merchant in connection with the Services with prior approval. (the “Merchant Marks”). Nothing contained in this Agreement will grant or will be deemed to grant to CBG any right, title, or interest in or to the Merchant Marks. Upon termination of the Agreement, CBG will cease to use all of the Merchant Marks.

6.    Fees

• Fees. Merchant agrees to pay CBG for the Services as outlined herein and in each SOW. CBG shall invoice Merchant for Fees, two times per month (each an "Invoice"), and Merchant shall pay each Invoice to CBG promptly, and in no event later than the due Date indicated on the Invoice (the “Due Date”). CBG reserves the right to suspend or cancel Merchant’s use of the Services in the event any Fees due and owing to CBG by Merchant remain unpaid for longer than three (3) days after the Due Date.
• Fee Changes. CBG reserves the right, in its sole discretion, to increase, change, modify and add new Fees charged to Merchant. CBG will provide Merchant with thirty (30) days’ prior written notice of any such change in Fees, unless such fee change is a result of a Card Network Fee change in which case CBG will provide notice as soon as practical. Following any Fee increase, Merchant shall have the right to terminate the corresponding Statement(s) Of Work impacted by the increase by providing thirty (30) days’ advanced written notice to CBG.
• Other Fees and Charges. In the event Merchant fails to pay its Invoice by the Due Date, Merchant will pay CBG interest on the amount due as Fees in the amount of ten percent (10%) on each Invoice until paid. In addition, if an Invoice continues to be unpaid for thirty (30) days after the Due Date, Merchant shall incur interest charges, as Fees, equal to eighteen percent (18%) per annum or the highest rate allowable by law, whichever is less, and compounded daily from the Due Date until the date Merchant satisfies such delinquency. On each occurrence when CBG is unable to collect Fees from Merchant for any reason, including but not limited to reasons such as insufficient funds in account, closed account, or any other negative response, CBG may charge, as Fees, a Return Payment Fee in the amount currently in effect under the Agreement. Merchant agrees to pay all costs and expenses, of whatever nature, including reasonable attorneys' fees, incurred by CBG or on CBG’s behalf in connection with the collection of any unpaid Fees. Payment of these other fees and charges will not excuse or cure any breach or default for late payment. CBG may accept any form and amount of payment from Merchant without prejudice to CBG’s rights to recover the balance due or to pursue any other right or remedy in law or equity. No endorsement or statement on any check or other form of payment or any correspondence accompanying any check or other form of payment or elsewhere will be construed as an accord or satisfaction.
• Taxes. In connection with all Fees, each Party shall be solely responsible for and shall pay all taxes, duties, levies and similar amounts that are its statutory obligation (excluding tax on the other Party’s net income). CBG may charge and Merchant will pay any taxes they are required to charge Merchant.
• Payment Methods. Merchant will pay CBG the Fees provided on each Invoice by ACH debit initiated by CBG pursuant to the Automated Bank Debit Authorization, attached hereto as Schedule 2.
• Disputes. If Merchant has any valid reason for disputing any portion of an invoice, Merchant will so notify CBG in writing within fifteen (15) business days of receipt of the disputed invoice and if no such notification is delivered, the invoice will be deemed valid. The portion of the invoice which is not in dispute shall be paid in accordance with this Agreement. All payments are non-refundable. If any payment request, whether by credit card or ACH, is rejected, CBG will notice Merchant, and Merchant must cure the rejection within five (5) business days.

7.    Term; Termination

• Term. The term of this Agreement and any Statement of Work attached hereto or executed after this Agreement, shall begin on the Implementation Date, and remain in effect for three (3) years. (the “Initial Term”), at which time the Agreement or any executed Statements of Work, shall each automatically renew for consecutive one-year terms (each, a “Renewal Term”) unless either Party gives the other written notice of termination at least one-hundred eighty (180) days prior to the end of the then-current Initial Term or Renewal Term, as applicable. The Initial Term and any Renewal Term(s) are referred to herein as the “Term”. For clarification, if an SOW is added during the Initial Term or Renewal Term, that SOW will be co-terminus with the Agreement and be renewed as described in this paragraph.
• Merchant Default. In the event a Merchant relationship with its Acquiring Bank or Payment Processor expires or is terminated prior to the end of the Term of this Agreement, or a Merchant rescinds authorization or fails to provide access to Data to CBG, then this Agreement shall immediately terminate. In either case, CBG shall be entitled to the early termination remedies described in Paragraph 7.6 below.
• Termination for Cause. In the event a Party materially breaches its obligations under this Agreement or an SOW, the non-breaching Party may terminate this Agreement upon written notice to the other Party provided that this the material breach is not cured within thirty (30) days of such written notice.
• Merchant Bankruptcy. This Agreement will terminate, effective immediately if (i) Merchant files for petition under the U.S. bankruptcy code, receivership or other proceeding for the settlement of debt of the Merchant, (ii) upon the making of an assignment for the benefit of creditors by Merchant, or (iii) upon dissolution of Merchant.
• Remedies for Early Termination. In the event of Merchant’s default or early termination of this Agreement or a SOW pursuant to 7.2 above, Merchant agrees that CBG is entitled to compensation for the loss of the remaining value of the Services to be provided under this Agreement. In this event, Merchant agrees to pay CBG an early termination fee calculated by taking the average of the Fees paid to CBG in the twelve (12) months preceding the termination date times the number of months remaining on this Agreement or applicable SOW. Merchant agrees that CBG may auto debit such amount owed to them pursuant to Section 6.5.
• Effect of Termination. Upon termination of this Agreement for any reason whatsoever, all rights and interests thereunder shall be extinguished and shall be given no further force nor effect. Notwithstanding anything to the contrary, payment obligations and all other accrued liabilities under the Agreement will survive termination or expiration of the Agreement. An Open Case Fee will be added to the final billing amount as described in the Pricing and Fees provision of the SOW.
• Provisions Surviving Termination. The provisions of this Agreement relating to Fees, confidentiality, warranties, limitation of liability, indemnification, governing law, severability, headings and effects of termination shall survive termination or expiration of this Agreement.

8.    Confidentiality Obligations

• General. As part of the Agreement, a Party may have access to certain information and materials belonging to the other party of a non- public, confidential, or proprietary nature, and information, whether oral or written or via computer disk or electronic media, which is made available to the other Party that is expressly identified as “confidential” by the Disclosing Party. “Confidential Information” means information that one Party (or an affiliate) discloses to the other Party under this Agreement that is marked as confidential or reasonably considered to be confidential or proprietary to such disclosing Party under the circumstances. Confidential Information further means all proprietary, secret or confidential information or data relating to either party, their respective affiliates, partners, operations, employees, products or services, clients, customers or potential customers. Neither Party shall (i) disclose any Confidential Information received from the other Party, nor (ii) use any such Confidential Information for any purpose other than in connection with this Agreement, in each case during the Term of the Agreement and for a period of five (5) years following termination of this Agreement. For the purposes hereof, a Party receiving Confidential Information shall be referred to herein as the “Receiving Party” and a party providing Confidential Information shall be referred to herein as the “Disclosing Party.”
• Protection and Use of Confidential Information. A Receiving Party shall hold and maintain Confidential Information in the strictest confidence and for the sole and exclusive benefit of the Disclosing Party. Each Party may disclose such Confidential Information to its Personnel who require such knowledge to perform services under this Agreement and are bound by confidentiality obligations at least as restrictive as under this Agreement. Confidential Information shall not, without the prior written consent of the Disclosing Party, be disclosed or used by the Receiving Party other than solely in connection with performance of this Agreement, the extent of which will be agreed upon by both Parties. The Receiving Party has no authority to transfer or make Confidential Information, including customer information, available for its own use or for any other use unless specifically allowed by the Disclosing Party in writing.
• Exceptions. With the exception of customer data, which shall be protected in all circumstances, information shall not be considered Confidential Information to the extent, but only to the extent, that it is: (i) already known to the Receiving Party without violation of its confidentiality obligations under this Agreement at the time it was obtained; (ii) learned from an independent third-party free of any restriction and without breach of this agreement; (iii) publicly available through no wrongful act of, or breach of this Agreement by, the Receiving pparty; or (iv) independently developed by the receiving party without reference to any Confidential Information of the Disclosing Party.
• Compelled Disclosure. Receiving Party agrees that no Confidential Information regarding the Disclosing Party or its Personnel will be used by the Receiving Party in any manner which might be construed by the Disclosing Party to be competitive with or detrimental to Disclosing Party’s existing or projected business operations. In the event the Receiving Party becomes legally compelled to disclose any Confidential Information belonging to the Disclosing Party, the Receiving Party will provide notice thereof so that the Disclosing Party may seek a protective order or other appropriate remedy and/or waive compliance with the provisions of this Agreement. If such protective order or other remedy is not obtained, or the Disclosing Party waives compliance with the provisions of this Agreement, the Receiving Party shall furnish only that portion of the Confidential Information which is legally required.
• Unauthorized Disclosure of Confidential Information. The Parties agree that the unauthorized disclosure of Confidential Information is a material breach of this Agreement that may result in irreparable harm to the Party whose Confidential Information has been improperly disclosed. In those cases, payment of money damages is inadequate and difficult to ascertain. The Parties agree, therefore, that the injured Party may, at its sole option, seek immediate injunctive relief in any court of competent jurisdiction enjoining any further such breach, and the Parties consent to the entry of judgment for injunctive relief.
• Personal Information. Both Parties acknowledge and agree that, in connection with this Agreement, CBG may receive from, or have access to, certain Personal Information in the possession or control of Merchant or its Representatives. Such Personal Information is deemed to constitute Confidential Information of Merchant and may only be used by CBG to perform its obligations under this Agreement. If required by Merchant or its Affiliates from time to time, CBG shall promptly execute (and, if requested, cause its Affiliates and Personnel to promptly execute) any data transfer, data processing or similar agreements as necessary for the lawful processing or transfer of Personal Information in accordance with the requirements of Applicable Law.
• Individual Rights. CBG will promptly notify Merchant, and in any case within two (2) days of receipt, unless specifically prohibited by Applicable Law, if CBG or its Affiliates or Third Party Service Providers receive any requests or complaints from an individual with respect to any Personal Information processed by CBG or its Affiliates or Third Party Service Providers in connection with this Agreement, including any opt-out requests, requests for access and/or rectification, erasure, restriction, requests for data portability and all similar requests. CBG will not directly respond to any such request unless expressly authorized to do so by Merchant or required by Applicable Law, will cooperate with Merchant with respect to any action taken relating to such request, and shall implement appropriate processes (including technical and organizational measures) to assist Merchant.
• Obligations Upon Termination. Upon expiration or termination of this Agreement, a Receiving Party shall return or verify it has destroyed all items, physical or electronic, containing a Disclosing Party's Confidential Information furnished to or obtained by the Receiving Party under the Agreement. Recipient may retain an archival copy of the Confidential Information as may be required by law, regulation or policy; provided, any Confidential Information not returned or destroyed shall be protected in accordance with the terms of this Agreement.

9.    Warranties, and Disclaimer

• Mutual Representations. Each Party represents, warrants and covenants that (a) this Agreement constitutes a legal, valid and binding obligation, enforceable against it in accordance with its terms; (b) the Party's obligations under this Agreement do not violate or breach any other agreement to which such party is bound; (c) it has all necessary right, power and ability to execute this Agreement and to perform its obligations hereunder; (d) no authorization or approval from any third-party is required in connection with such Party’s execution, delivery, or performance of this Agreement; (e ) it is in compliance with and shall in comply with all Applicable Laws in connection with its obligations under this Agreement and; (f) that during the Term or at any time thereafter, shall either Party disparage one another, or act in any way to damage the reputation of the other Party or its businesses, services, Personnel, agents or representatives.
• DISCLAIMER OF WARRANTIES. CBG MAKES NO REPRESENATIONS OR WARRANTIES OF ANY KIND WHETHER, EXPRESS OR IMPLIED, CONCERNING THE SUBJECT MATTER OF THIS AGREEMENT, AND EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. FURTHER, CBG DOES NOT WARRANT ANY RESULTS FROM THE USE OF THE SERVICES THAT USE THEREOF WILL BE UNINTERRUPTED OR ERROR FREE, OR INSURE OR GUARANTEE THE OUTCOME OF ANY OF THE SERVICES. THE SERVICES ARE PROVIDED ON AN “AS IS,” “AS AVAILABLE” BASIS WITHOUT ANY REPRESENTATIONS OR WARRANTIES.

10.         Insurance

Throughout the term of this Agreement, CBG will provide and maintain the insurance coverages listed in the table below. If requested, CBG will provide certificates of insurance to Merchant for the policies listed below.

Form of insurance coverage	Limits
Commercial General Liability (including products liability when products are involved)	$1,000,000 per occurrence $2,000,000 in aggregate
Workers’ Compensation	Statutory
Employers Liability	Each Accident Limit:      $1,000,000 Disease Policy Limit:      $1,000,000 Disease Each Employee: $1,000,000
Technology Errors and Emissions Coverage	$7,500,000 per occurrence $7,500,000 in aggregate
Crime	$1,000,000 per occurrence $1,000,000 in aggregate

11. Indemnification

• Indemnification by CBG. CBG shall defend, indemnify and hold Merchant, its Affiliates, officers, directors, agents and employees (together, “Indemnities”) harmless from and against any and all third-party claims, actions, proceedings, and suits and all related liabilities, damages, settlements, penalties, fines, costs or expenses (including reasonable attorneys' fees and other litigation expenses) (“Losses”) incurred by any such Indemnities , relating to (a) any actual or alleged breach of this Agreement by CBG; (b) allegations that any products or Services violate Applicable Law; (c) any breach or alleged breach by CBG of representations, warranties or obligations set forth in this Agreement; or (d) any damage or loss caused by negligence, fraud, dishonesty or willful misconduct by CBG or any of its Personnel.

In addition, CBG will indemnify the Indemnities for Losses resulting from a claim (a) alleging any infringement of a U.S. patent of any other entity or person by CBG, unless such claim alleges that the Services or portions or components thereof (i) are modified by persons or entities other than CBG and the alleged infringement relates to such modification; (ii) are combined with other products, processes or materials not supplied or recommended by CBG where the alleged infringement relates to such combination, or (iii) continue to be used after CBG has made a non-infringing version available to Merchant. If the Services or any component thereof becomes, or in CBG’s opinion is likely to become, the subject of a claim of infringement, then Merchant shall permit CBG, at CBG’s sole option and expense, either to (a) procure for Merchant the right to continue using Services as permitted in this Agreement, or (b) replace or modify the affected Services or infringing component so that it becomes non- infringing. If, after using commercially reasonable efforts, CBG is unable to cure the infringement, either Party may terminate this Agreement upon notice to the other, as provided in Section 7. Notwithstanding the above, CBG’s total liability shall not exceed the amount as stated in Section 11.6 below.

• Indemnification by Merchant. Merchant shall defend, indemnify and hold harmless CBG its Affiliates, Third-Party Service Providers, parents, and/or subsidiaries, and any of their officers, directors, members, agents and employees, from and against any and all Losses incurred by CBG from third-party claims, arising out of or relating to (a) any actual or alleged breach of this Agreement by Merchant; (b) any breach or alleged breach by Merchant of any of Merchant’s representations, warranties or obligations set forth in this Agreement; (b) any damage or Loss caused by negligence, fraud, dishonesty or willful misconduct by Merchant or any of Merchant’s employees, agents or customers; (c) the reliability, accuracy or legitimacy of Data submitted by Merchant to CBG; (d) any alleged infringement of a patent, copyright, trademark or other intellectual property right resulting from Merchant’s acts or omissions; (e) claims by Merchant’s customers, including, without limitation, claims relating to the wrongful disclosure of Data; or (f) any alleged or actual violation by Merchant of any Applicable Laws. In the event that CBG incurs any fines and/or penalties by the Card Networks, regulators or any other entity as a result of an action or inaction by Merchant, Merchant agrees to immediately reimburse CBG for such fines and penalties regardless of the limitations set forth in Section 12.1 of this Agreement.
• Settlement of Claims. The Parties shall not settle or otherwise dispose of any indemnified claim or action in a manner adversely affecting the other party, or impose liability or obligation, without the other Parties prior written consent.
• Process. CBG shall have the right to conduct the defense of any such claim or action, and conduct all negotiations for its settlement; provided, however, Merchant may participate in such defense or negotiations to protect its interests, at Merchant’s expense, and CBG shall cooperate and provide reasonable assistance to Merchant and its counsel.

12. Limits on Liability

• Exclusion of Consequential and Related Damages. EXCEPT FOR BREACHES OF SECTIONS 11.1 (c) AND 2 (d), NEITHER PARTY WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR LOSS OF GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE PRODUCTS OR SERVICES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT WHETHER BASED ON BREACH OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT THE PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.
• Total Liability. Except for reimbursements to CBG for fees and penalties incurred by Card Networks or regulatory bodies set forth in 11.2 above, under no circumstances will either Party’s total liability of all kinds arising out of or relating to this Agreement or any applicable Statements of Work, regardless of the forum and regardless of whether the action is based on contract, tort, or otherwise, exceed the total amount paid to CBG under this Agreement during the 12 months immediately preceding the action or claim (determined as of the date the indemnified Party is notified of the action or claim).

13. General Provisions

• Notices. Unless otherwise stated herein, CBG shall deliver notices to Merchant based on the contact information that Merchant has provided to CBG and such notice may be delivered by personal delivery, email, mail, or telephonically. Any termination notice by Merchant to CBG shall be made electronically by sending an email to support@chargebackgurus.com. All other notices to CBG shall be given electronically to win@chargebackgurus.com with a written copy addressed to Chargeback Gurus, Legal Department, 5601 Democracy Dr. #195, Plano, TX 75024. Such written notice will be deemed made upon personal delivery, or five (5) business days after the date of mailing if sent by certified or registered mail, postage prepaid.
• Assignment. Merchant will not have the right or the power to assign any of its rights or delegate the performance of any of its obligations under this Agreement without CBG’s prior written consent. CBG will have the right to assign this Agreement to its successors and/or assigns (including but not limited to successors and/or assigns in connection with a merger, consolidation, sale of assets, or other change of control event), subsidiaries, and affiliates, Affiliate Partners and/or Third-Party Service Providers without Merchant’s prior written consent or notice. CBG will use commercially reasonable efforts to provide subsequent notice to Merchant in the event of such assignment.
• Waiver. The failure of any Party to insist on or enforce strict performance of any provision of this Agreement or to exercise any right or remedy under this Agreement or Applicable Laws will not be construed as a waiver or relinquishment to any extent of the right to assert or rely upon any such provision, right or remedy in that or any other instance; rather, the same will be and remain in full force and effect. Waiver by either Party of any right or duty hereunder, or a breach thereof, must be mutually agreed to in writing, and no such waiver will be construed as a waiver of any other and/or succeeding breach of such provision or a waiver of the provision itself.
• Severability. If any provision of this Agreement is held to be invalid or unenforceable for any reason, the remaining provisions will continue in full force without being impaired or invalidated in any way. The Parties agree to replace any invalid provision with a valid provision, which most closely approximates the intent and economic effect of the invalid provision. Headings are used for convenience only and in no way define, limit, construe or describe the scope or extent of any section, or in any way affect this Agreement.
• Governing Law. This Agreement and performance under it will be interpreted, construed, and enforced in all respects in accordance with the laws of the State of Delaware, without reference or giving effect to its conflicts of law principles.
• Force Majeure. A Party shall not be liable for any failure of or delay in the performance of this Agreement for the period that such failure or delay is due to causes beyond its reasonable control, including but not limited to acts of God, war, strikes or labor disputes, embargoes, government orders, or any other force majeure event. However, a force majeure event shall not be justification for the untimely payment or non-payment of Fees.
• Entire Agreement. This Agreement, including all schedules, Statements of Work, exhibits and attachments thereto, sets forth the entire agreement and understanding of the Parties hereto in respect of the subject matter contained herein and supersedes all prior promises, covenants, arrangements, communications, representations or warranties, whether oral or written, by a Party or its Personnel. Except as otherwise provided in this Agreement, no provision of this Agreement may be amended, modified or waived except by a written agreement signed by both Parties.
• Relationship of the Parties. CBG and Merchant agree that in performing their respective obligations hereunder they are in the position of independent contractors. This Agreement is not intended to create, nor does it create, and shall not be construed to create a relationship of partnership or joint venture or agency or any association for profit between CBG and Merchant. All expenses and disbursements, including those for travel and maintenance, entertainment, training, office, employees, source deductions, taxes, employee taxes or remittances, clerical and general selling expenses that may be incurred by Merchant in connection with this Agreement shall be borne wholly and completely by Merchant, and CBG shall not be in any way responsible or liable therefore.
• Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed to be an original, and such counterparts shall together constitute one and the same instrument. The signatures to this Agreement may be evidenced by facsimile copies reflecting the party’s signature hereto, and any such facsimile copy shall be sufficient to evidence the signature of such party as if it were an original signature.

 

IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be effective as of the day, month and year first written above.

Merchant	International Risk Mitigation LLC dba Chargeback Gurus
By:	By:
Name:	Name:
Title:	Title:
Date:	Date:

 

 

PREVENTION ALERTS

Statement of Work & Terms & Conditions

Terms and Conditions

This Statement of Work (“SOW”) is issued pursuant to the Master Service Agreement (“Agreement”) dated [Document.EffectiveDate] ("Effective Date") between [Company.Name] (“Merchant”) and International Risk Mitigation, LLC d/b/a Chargeback Gurus (“CBG”). This SOW is subject to the terms and conditions contained in the Agreement between the parties and is made a part thereof. Any term not otherwise defined herein shall have the meaning specified in the Agreement. In the event of any conflict or inconsistency between the terms of this SOW and the terms of the Agreement, the terms of this SOW shall govern and prevail, unless otherwise stated.

Recitals

WHEREAS Merchant and CBG desire to further describe for one another the scope of certain work under the Agreement and payment terms applicable thereto.

Definitions

"Accept" shall mean and refer to the result of accepting liability for an RDR Case, and upon notification an acquirer initiates the funds reversal process.

"Acquirer BIN" shall mean and refer to the unique Bank Identification Number which identifies the institution under contract with the Merchant to enable the Merchant to process card transactions.

"Alerts" means information on Confirmed Disputed Transactions or Non-Fraud Transactions that is subsequently distributed to CBG from a respective Card Network.

"Card Acceptor ID" shall mean and refer to the unique identifier assigned by the Acquirer to identify the merchant account.

"Case(s)" shall mean and refer to an action by a Consumer disputing a transaction that qualifies under CDRN and RDR. As applicable, this includes Accepted, Resolved, Declined, and cancelled Cases.

"Confirmed Disputed Transaction" means a transaction for which it is known that the transaction will be disputed by the Cardholder.

"Decline" shall mean and refer to (i) the result of not accepting liability for a RDR Case; (ii) the action of declining to resolve a CDRN Case, no credit or refund is issued.

"Dispute" shall mean and refer to a Transaction that has been challenged by the Consumer with a Participating Issuer.

"Merchant Account" shall mean and refer to a type of bank account that allows businesses to accept and settle payments in multiple ways, typically debit or credit cards.

"Merchant Category Code (MCC)" shall mean and refer to the four-digit number used by credit card companies to classify businesses into market segments upon opening a Merchant Account. A business MCC indicates the types of services or goods being sold to customers.

"Non-Fraud Dispute Transaction" means a transaction that the Participating Issuing Bank, by virtue of its operating processes, has identified that will be disputed by the Cardholder for non-fraud reasons.

"Outcome Information" means the result of the Alert provided to Merchant, including but not limited to: (i) the results, as modified from time to time, of: account suspended, shipment stopped, transaction refunded, order previously cancelled, too late, or other: (ii) the date and time of the response; (iii) additional optional relevant information about a transaction; and/or (iv) any other commentary as it specifically relates to the outcome of the transaction in the optional free-form field for the provision of such commentary.

"Participating Issuer" shall mean and refer to a financial institution that issues a debit and credit card to a Consumer and that is also under contract with the Card Networks to participate in RDR or CDRN.

"Process" shall mean the actioning of Resolve, Decline, Accept or Cancel a Case.

"Resolve" shall mean and refer to an action by a Seller in the CDRN Portal of refunding or crediting a Case, blocking all future charges for the Consumer for the same product, and inputting the calendar date and amount of the refund in order to confirm complete resolution and avoid any Disputes.

"Transaction" shall mean and refer to a purchase transaction that took place between a Seller and a Consumer

Term of the SOW

The Services performed pursuant to this SOW shall commence on [Document.EffectiveDate] and shall continue through the Term of the Agreement unless terminated prior in accordance with the terms of 8.1 in the Agreement.

Scope of Work

Services to be provided by CBG pursuant to this SOW include:

Prevention Alert Services are comprised of services that are provided by the card networks and are being resold to you by CBG pursuant to its relationships and agreements with the Card Networks.

 

Preventions alerts provide the Merchant a notification each time a consumer initiates a dispute. Upon receipt, the Merchant has the opportunity to resolve the dispute before it becomes a chargeback.

 

Prevention Alerts Services include:

• Verifi Rapid Dispute Resolution (RDR) – Allows merchant to set up rules to accept or decline Cases automatically to process non-fraud and confirmed fraud disputes with an acquirer-initiated funds reversal to avoid a Dispute.
• Verifi Cardholder Dispute Resolution Network (CDRN) – provides access to the CDRN portal that enables Merchants to resolve customer billing disputes directly before a dispute is escalated to a chargeback. Allows merchants to process non-fraud and confirmed fraud disputes with a refund or cancellation to avoid a Dispute.
• Prevention Alerts powered by Ethoca – provides access to the Ethoca portal that enables Merchants to resolve customer billing disputes directly before a dispute is escalated to a chargeback. Allows merchants to process non-fraud and confirmed fraud disputes with a refund or cancellation to avoid a Dispute.

 

CBG will refund all transactions that receive prevention alert notifications through Verifi and Ethoca networks. The refunds will be initiated within the timeframe stipulated by the alert networks.

 

Each of the Card Networks, will provide CBG with prevention alerts that provides notice of that respective networks cardholder transactions for which it is known that a transaction will be disputed by a Cardholder or whereby a participating Issuing Bank has identified a dispute by a Cardholder for non-fraud reasons (“Prevention Alert Services”).

Chargeback Gurus Responsibilities

During the Term of the Agreement and this SOW, CBG agrees to provide the following to Merchant:

CBG shall provide and maintain the FPR portal and interfaces to import the Alerts from the respective Card Networks.

 

CBG shall initiate refunds solely at the direction of the Merchant. CBG shall not have any financial responsibility in connection with a refund by Merchant.

 

CBG shall provide timely and accurate Outcome Information back to the Card Network as directed by the Merchant. CBG shall not be responsible for any inaccurate Outcome Information obtained from Merchant or any delays due to Merchant response times.

 

CBG will (a) enroll the Merchant's Acquirer Bank Identification Number (BIN) and Card Acceptor ID Number (CAID) in Visa's RDR system and configure the ruleset. Data captured through the RDR program will populate CBG’s systems for the sole purpose of performing the Service reporting. CBG will provide reconciliation data of refunded transactions in CBG's platform.

 

CBG will update the RDR account and rule set as instructed by the Merchant.

Visa Responsibilities

Services to be provided by Visa pursuant to this SOW include:

Visa will Accept or Decline a Case on behalf of the Merchant using pre-defined rules. The Merchant accepts financial liability for the dispute and funds are reversed back to the cardholder via the Merchant's Acquirer. During the Term of the Agreement and this SOW, to the extent that the automated rules are accurately setup and RDR cases are resolved in a timely fashion, if a RDR case subsequently becomes a chargeback, and provided that Merchant provides CBG proof of said chargeback to submit to Visa within 30 days of receipt of the dispute by CBG, Merchant will be credited the RDR Case Fee associated with the chargeback.

Client Responsibilities

Merchant will provide CBG with its BIN and CAID numbers at the time of onboarding and when new BIN and CAID numbers are obtained by the Merchant. The Merchant will provide CBG upon the enrollment with any custom rule-sets as discussed during the onboarding process. The Merchant understands all alerts captured through Visa's RDR automation will result in an alert charge as defined by this agreement, regardless of "accepted" refunds based upon Merchant rule-set. Enrollment of Merchant BIN/CAID can take up to 4 weeks. The Merchant accepts the responsibility of reconciling refunded transactions in the Merchant's transaction portals or CRM.

Self-Managed Alerts. If Merchant opts to self-manage Prevention Alerts, Merchant shall process all such Alerts within twenty-four (24) hours of the time that they appear in the Merchant’s portal provided by CBG. Merchant will assure that best efforts are used to process said Alerts within that time-period. For avoidance of doubt, Merchant will be invoiced for all Alerts, whether an Alert is processed or not processed.

Permissions. Merchant represents and warrants to CBG and the Card Networks that it has the right and authority or has obtained permissions necessary to disclose any Outcome Information to CBG for use in connection with providing the Prevention Alerts Service. In addition, Merchant acknowledges and agrees that all information collected by CBG in connection with the Prevention Alert maybe provided back to the respective Card Network and Participating Issuing Banks in connection with the Prevention Alert Services who may use such information for any purposes in connection with the service, subject to Applicable Law.

Merchant grants CBG full legal rights and permission to request Alerts on its behalf.

Merchant shall not contract with any other third-party providers of Prevention Alerts service while enrolled in the program through CBG.

Fee Schedule

Merchant agrees to pay all fees called for by the Agreement as well as:

Prevention Alerts	Pricing
Account Setup Fee Ethoca Prevention Alerts Verifi CDRN Prevention Alerts Verifi Rapid Dispute Resolution Tier 1 Tier 2 Tier 3   Tiers are determined by MCC code and assigned by Verifi.	$200.00 $40.00/Alert $40.00/Alert   $5.00/Alert $24.00/Alert $35.00/Alert

 

IN WITNESS WHEREOF, the parties hereto have caused this SOW to be effective as of the day, month and year first written above.

 

		International Risk Mitigation, LLC (dba Chargeback Gurus)
By:		​
Name:		Debbi Tank
Title:		Chief of Staff
Date:		​

 

 

SMART CHARGEBACK REPRESENTMENT™

Statement of Work & Terms and Conditions

Terms and Conditions

This Statement of Work (“SOW”) is issued pursuant to the Master Service Agreement (“Agreement”) dated [Document.EffectiveDate] between [Company.Name] (“Merchant”) and International Risk Mitigation, LLC d/b/a Chargeback Gurus (“CBG”). This SOW is subject to the terms and conditions contained in the Agreement between the parties and is made a part thereof. Any term not otherwise defined herein shall have the meaning specified in the Agreement. In the event of any conflict or inconsistency between the terms of this SOW and the terms of the Agreement, the terms of this SOW shall govern and prevail, unless otherwise stated.

Recitals

WHEREAS Merchant and CBG desire to further describe for one another the scope of certain work under the Agreement and payment terms applicable thereto.

Term of the SOW

The Services performed pursuant to this SOW shall commence on the Implementation Date and shall continue through the Term of the Agreement unless terminated prior in accordance with the terms of 8.1 in the Agreement.

Scope of Work

Services to be provided by CBG pursuant to this SOW include:

Smart Chargeback Representment:

• Chargeback management & representment – Receive chargebacks from processor and dispute illegitimate chargebacks and categorize legitimate chargebacks appropriately.
• Chargeback acceptance & acknowledgements – Send acknowledgement confirmation to processor when receiving chargebacks and sending dispute packages.
• Custom dispute packages and dispute flows – Customize dispute packets adhering to Card Network rules and Issuer guidelines by several factors including reason code, available evidence, issuing bank, acquiring bank, transaction type, and transaction circumstances. Monitor case win rates and optimize dispute packets to improve win rates.
• Chargeback revenue recovery – Track chargeback case statuses from processor portal and provide revenue recovery data to Merchant.

 

Dispute Intelligence/FPR360 Analytics consists of any of the following services:

• FPR360 – CBG Chargeback management portal with secure access provided to Merchant for unlimited authorized users.
• Track & record chargeback metrics & activity in FPR360.
• Reporting includes (but is not limited to)
• Root Cause Analysis – Identify root causes of chargebacks.
• Performance Analysis – Monitor revenue recovered for Merchant.
• History Reporting – Track historical chargeback risk and revenue recovery from Implementation Date.

 

Client Success and Support consists of any of the following services:

• Designated Implementation Manager – Single point of contact through implementation completion.
• Designated Client Relationship Manager – Single point of contact for SLA adherence.
• Responses to inquiries within 1 business day of receipt.
• Quarterly Business Reviews – Quarterly meetings with Client Relationship Manager to review performance and risk.

 

VEDA Veda provides detailed analytics and data visualization of dispute and fraud trends and inferences on suggested outcomes. Our Machine Learning algorithm analyzes business models, transaction nature, issuing bank, acquirer, reason code and determines and suggests trends and interpretations.

Chargeback Gurus Responsibilities

During the Term of the Agreement and this SOW, CBG agrees to provide the following to Merchant:

CBG will (a) use commercially reasonable efforts to provide the Services in a timely manner, including but not limited to, electronic monitoring, retrieval, transmission and presentation of Data in compliance with applicable industry standard chargeback arbitration procedures using encryption protocols; (b) upload and use Data for the sole purpose of populating CBG’s systems and performing the Services; and (iii) upon the transmission of Data for the purposes contemplated by this Agreement, take reasonable steps calculated to segregate and maintain the strict confidentiality of all such Data during and after the Term of the Agreement. CBG accepts Merchant’s Data "as-is" and on an "as available" basis.

If SFTP evidence upload is required, CBG will provide SFTP access to review chargeback compelling evidence requests.

Client Responsibilities

Merchant represents and warrants to CBG that:

Prior to implementation of the Services, Merchant will (i) provide CBG with unrestricted access to Data on all its Data Storage Sites or by transferring Data to CBG for storage and use in connection with the Services; (ii) maintain and update CBG’s access protocols to Data Storage Sites as required to ensure CBG’s timely provision of the Services; (iii) authorize CBG to interact directly with its Payment Processor or any person necessary to assist in Chargeback and/or Retrieval Request resolution; and (iv) insure ongoing permission from Merchant Cardholders to provide and process Data (including Personal Data) by CBG in connection with the Services. In addition, Merchant agrees to notify CBG of any new Merchant accounts to be enrolled in Services with Acquiring Banks and/or Payment Processors within one (1) week of account activation. Such notification must be delivered by Merchant to CBG through the CGB portal. If Merchant fails to timely provide such access during the Term of the Agreement, CBG shall not be held accountable for any failure to provide Services due to CBG’s inability to access all Merchant’s necessary Data to provide the Services. CBG will notify Merchant about any login/access issues with Merchant’s Data Storage Sites via email. Such access issues must be rectified by Merchant within two (2) business days of CBG’s e-mail notice. Merchant will not provide its login material, or any other material associated with CBG’s provision of the Services, to third parties, including, but not limited to competitors, unaffiliated associates, or outside vendors.

Provide timely responses to implementation requests within three (3) business days.

Provide CBG access to Merchant payment gateway(s) for identifying transaction in dispute (minimum 5 user logins).

Provide CBG access to Merchant processor portal(s) for monitoring case statues (minimum 5 user logins).

If SFTP evidence upload is required, case evidence must be provided via within 3 (three) business days from the chargeback receive date.

Case clarification requests must be responded to within 2 (two) business days.

Case evidence includes, but may not be limited to:

• Order invoice of transaction in dispute
• Order invoice of parent order (first transaction of customer, if applicable)
• Product usage and download information (if applicable)
• Customer communication notes (if any)
• Terms and Conditions
• Cancellation & refund policy

 

Implementation Steps	Estimated Time Frame*	Estimated Hours
Kickoff & Governance Meeting	1 Business Day	2 hours
Finalize Project Planning & System Requirements	2 Business Days	10 hours
Login & API Credential Request	1 Business Day	N/A
System Integration	5 Business Days	40 hours
Verifying Credentials & Integration	2 Business Days	5 hours
Train the Trainer	1 Business Day	3 hours
Process & Documentation Preparation	5 Business Days	N/A
System & Process Training	2 Business Days	3 hours
Go-Live	1 Business Day	N/A
Total	20 Business Day*
*Timelines depend on Merchant responsiveness and CBG capacity.

SLAS

​FPR-360 uptime 99.5%

FPR-360 down time beyond 2 business days Merchant will be notified within 2 business days after down time start.

Merchant will be notified within 2 business days if there is an issue with receiving compelling evidence via SFTP.

Client Support responses to inquiries within 1 business day.

Fee Schedule

Merchant agrees to pay all fees called for by the Agreement as well as:

 

Smart Chargeback Representment™	Pricing
Account Setup Fee Smart Chargeback Representment™ 1001 Winning Compensation Dispute Pending Fee	$500 $15.00/Chargeback ___% of Revenue Recovered on all Cases $20.00/Case in Dispute Pending status at the time of termination *only applicable with Winning Compensation

                                   

VEDA	Pricing
Advanced Dispute Analytics Monthly Fee - 10 users Additional Users   *VEDA fees do not count towards Monthly Minimum	​ $1,500.00/Month $50.00/Month per User

 

Merchant agrees to provide access to compelling evidence via SFTP or API. If Merchant is unable to send the compelling evidence via SFTP or API there will be a $5.00 per chargeback fee for downloading the evidence manually from Merchant systems.

 

IN WITNESS WHEREOF, the parties hereto have caused this SOW to be effective as of the day, month and year first written above.

 

		International Risk Mitigation, LLC (dba Chargeback Gurus)
By:		​
Name:		Debbi Tank
Title:		Chief of Staff
Date:		​

 

 

ORDER INTELLIGENCE

Statement of Work & Terms and Conditions

Terms and Conditions

This Statement of Work (“SOW”) is issued pursuant to the Master Service Agreement (“Agreement”) dated [Document.EffectiveDate] between [Company.Name] (“Merchant”) and International Risk Mitigation, LLC d/b/a Chargeback Gurus (“CBG”). This SOW is subject to the terms and conditions contained in the Agreement between the parties and is made a part thereof. Any term not otherwise defined herein shall have the meaning specified in the Agreement. In the event of any conflict or inconsistency between the terms of this SOW and the terms of the Agreement, the terms of this SOW shall govern and prevail, unless otherwise stated.

Recitals

WHEREAS Merchant and CBG desire to further describe for one another the scope of certain work under the Agreement and payment terms applicable thereto.

WHEREAS CBG has a direct business relationship with Visa wherein CBG has access to utilize Visa, Inc.’s ("Visa") Order Intelligence (referred to herein as “Program” as further defined below).

WHEREAS, the Parties desire to enter this Agreement to allow Merchant the ability to utilize the Program through CBG’s relationship with Visa.

WHEREAS, the Program allows Merchant to streamline the transaction dispute resolution process for Merchant's acceptance of Visa Transactions from its customers by connecting to Visa through CBG for Order Intelligence Alerts as defined below and providing purchase information to Visa in real time when responding to a Disputed Transaction.

Definitions

The following definitions are hereby incorporated into Paragraph 1 of the Agreement. In this instance of a conflict, the definitions listed here shall control as to this Statement of Work.

"Order Intelligence Alerts" shall collectively mean and refer to an Order Intelligence Inquiry and as Order Intelligence Notification as defined herein.

"Order Intelligence Inquiry" shall mean and refer to the instance when an Issuing Bank's request to Merchant for specific transaction information through the Program.

"Order Intelligence Notification" shall mean and refer to an Issuing Bank's notice to Merchant of the responsive action required by Visa under the Program.

“Program” means Visa's solution, sometimes known as “Order Intelligence” that streamlines the transaction dispute resolution process by allowing Merchant to connect to Visa through CBG to receive and respond to Order Intelligence Alerts by providing Merchant Data to Visa in real time.

“Program Data” means a unique identifier to identify a Disputed Transaction and other data that is associated with an Order Intelligence Alert such as fraud type that may be subject to applicable data privacy laws and regulations.

Term of the SOW

The Services performed pursuant to this SOW shall commence on [Document.EffectiveDate]and shall continue through the Term of the Agreement unless terminated prior in accordance with the terms of the Agreement or this SOW.

In the event of Merchant's early termination of this Order Intelligence SOW without cause as provided hereunder, Merchant shall immediately pay (i) all outstanding amounts due to CBG, (ii) any monthly minimums multiplied by the remaining months in the current Term and (iii) an early termination fee equal to three (3x) times the average of the monthly invoices issued to Merchant over the lifetime of the Agreement. For months during which CBG was unable to provide service due to integration delays, system downtime or gaps in service due to Merchant's non-payment will not be included in such calculation. While this Agreement is in effect, Merchant agrees it will use CBG as its sole provider for Order Intelligence Alerts and all other services provided under the Program. The required timeframe for Merchant to respond to an API real-time inquiry is one (1) second. As it pertains to Prevent, if CBG finds the Merchant to consistently exceed the one (1) second required response time, CBG will notify Merchant and Merchant will have five (5) business days to correct the issue. If not resolved, then CBG may discontinue the Services.

Scope of Work

Services to be provided by CBG pursuant to this SOW include:

CBG will make reasonable attempts to send transaction data requested by the card networks. The transaction information sent will be based on the data provided by the merchant and the guideline stipulated by the card networks. CBG has no control over the outcome or the success rate of order insight program whatsoever.

Chargeback Gurus Responsibilities

During the Term of the Agreement and this SOW, CBG agrees to provide the following to Merchant:

CBG will (a) use commercially reasonable efforts to provide the Services in a timely manner, including but not limited to, electronic monitoring, retrieval, transmission and presentation of Data in compliance with applicable industry standard chargeback arbitration procedures using encryption protocols; (b) upload and use Merchant’s Data for the sole purpose of populating CBG’s systems and performing the Services; and (iii) upon the transmission of Data for the purposes contemplated by this Agreement, take reasonable steps calculated to segregate and maintain the strict confidentiality of all such Data during and after the Term of the Agreement. CBG accepts Merchant’s Data "as-is" and on an "as available" basis.

Client Responsibilities

Merchant acknowledges and agrees to cooperate in any investigation, review or inquiry relating to the security, integrity, operation and/or use of or access to the Program or CBG’s obligations to Visa in connection with the Program. Merchant will cooperate with Order Intelligence Alerts and take any and all actions or corrective actions requested by Visa and/or CBG stated in an Order Intelligence Notice to correct any errors in its use of the Program.

Merchant acknowledges and agrees that Visa and its Personnel, including CBG, have the right to conduct and procedural audits and inspections at the premises and of the systems utilized by Merchant to participate in the Program. Additionally, Visa has the right to deny Merchant access to the Program if Visa deems that Merchant is acting in an unsound or unsafe manner or in a manner which threatens to damage the goodwill of Visa.

Merchant agrees to comply with the Program's response time, availability and data requirements contained in Visa’s documentation, including but not limited to the Order Intelligence API Manual, Order Intelligence Reference Manual and the Operational Guidelines. Merchant agrees to successfully complete API integration. Merchant agrees to provide the required list of data elements found in the API Manual. Prior to being provided access to the Services, Merchant will make commercially reasonable efforts to furnish CBG with its available historical data for the previous (i) one hundred and eighty (180) days or (ii) at a minimum of sixty (60) days. In order to continue to receive the Services, Merchant shall make integration enhancements as instructed by CBG from time to time. A failure by Merchant to upgrade or enhance the integration within thirty (30) days following such notice, may result in the immediate termination of the Services.

Merchant represents and warrants to Visa and CBG that:

1. a) While this Agreement is in effect it will not connect or attempt to connect to the Program to resolve a Order Insight Alert outside of CBG;
2. b) Merchant has the right and authority or has obtained permissions necessary to disclose any Data to CBG and Visa and for Visa and/or CBG to use such information for purposes of providing the Program; and
3. c) Merchant shall not contract with any other third-party providers of Order Intelligence while enrolled in the Program through CBG.
4. d) Merchant shall not leverage the Services to issue refunds or credits.

Merchant is responsible for the accuracy of all Data submitted to CBG, Visa and/or vis-à-vis the Program Visa’s systems whether through the API or other channels in support of the Program.

Fee Schedule

Merchant agrees to pay all fees called for by the Agreement as well as:

Order Intelligence Services	Pricing
Account Setup Fee Order Intelligence Alerts Card Acceptor ID Order Intelligence Deflections	$1,000.00 $1.00/Alert $15.00/MID/Month ​ $25.00/Deflection

 

Notwithstanding the preceding, the fees set forth in Fee Schedule may be adjusted to reflect increases, or new fees imposed by Visa for participation and use of the Program. All such adjustments shall be Merchant's responsibility to pay and shall become effective upon the date any such change or addition is implemented by Visa or its Personnel as specified in CBG’s notice to Merchant.

 

IN WITNESS WHEREOF, the parties hereto have caused this SOW to be effective as of the day, month and year first written above.

 

		International Risk Mitigation, LLC (dba Chargeback Gurus)
By:		​
Name:		Debbi Tank
Title:		President
Date:		​

 

 

 

Schedule A

Additional Card Network Terms and Conditions

 

1. Merchant agrees that each Card Network and CBG and their personnel, have the right to conduct audits, inspections or inquiries relating to the security, integrity operation, access to or use of at the premises and of the systems utilized by Merchant and its Customers to participate in the Order Intelligence Services. The Card Networks have the right to deny Merchant and its Customers access to the Order Intelligence Services if they deem that Merchant or its’ Customer are acting in an unsound or unsafe manner or in a manner which threatens to damage the goodwill of the Card Network. Merchant will cooperate in any such inspections, audits or inquiries and take any and all actions requested by CBG or the Card Networks to correct any errors in its use of the Order Intelligence Services.
2. Other IP Rights. By entering this Agreement, Merchant grants each Card Network a limited right to use its trademarks, trade names or service marks to be used in website or marketing collateral.
3. Card Network Warranties. ADDITIONAL DISCLAIMER OF WARRANTIES. THE CARD NETWORKS MAKE NO WARRANTIES, EXPRESS OR IMPLIED, CONCERNING THE SUBJECT MATTER OF THIS AGREEMENT, AND FULLY DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. THE ORDER INTELLIGENCE SERVICES AND APIs PROVIDED UNDER THIS AGREEMENT BY THE CARD NETWORKS, ARE “AS IS” AND “AS AVAILABLE.” FURTHER, THE CARD NETWORKS DO NOT WARRANT ANY RESULTS FROM THE USE OF THE ORDER INTELLIGENCE SERVICES OR THAT USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE.
4. Card Network Indemnity and Defense. Merchant agrees to indemnify, defend, and hold harmless each Card Network, from and against any loss, liability, damage, penalty or expense (including reasonable attorney’s fees and other costs of defense) they may suffer or incur as a result of (i) any failure by Merchant to comply with the terms of this Agreement; (ii) any warranty or representation made by Merchant made to the a Card Network being false or misleading;(iii) any representation, warranty or undertaking made Merchant to any third person other than as specifically authorized by this Agreement; (iv) the manner or method in which Merchant performs its services and discharges its obligations pursuant to this Agreement, (v) gross negligence of Merchant, or (vi) any alleged or actual violations by Merchant of any Applicable Laws.
5. Procedures for Claims Involving a Card Network. The following procedure will be used in connection with any claim, suit or action for which a Card Network Indemnified Party seeks defense or indemnity from Merchant under the “Card Network Indemnity and Defense” Section; (i) prompt written notice of such claim, suit or action; (ii) sole control over the defense and settlement of such claim, suit or action, subject to the provisions of this Section 5; and (iii) reasonable cooperation and assistance in connection with the defense and settlement of such claim, suit or action. CBG’s failure to comply with its obligations under the preceding sentence will not relieve Merchant of its defense and indemnity obligations under this Agreement except to the extent that Merchant is prejudiced by such failure. CBG may approve or reject any counsel proposed or selected by Merchant in connection with the defense or settlement of any such claim, suit or action. Merchant will not settle any such claim, suit or action without CBG’s prior express written consent, which will not be unreasonably withheld. CBG may participate in the defense or settlement of any such claim, suit or action, at CBG’s expense, with counsel of its choice.
6. Card Networks Relationship. Merchant understands and agrees that the Card Networks are providing the Services through CBG as independent contractors, and that no employer/employee relationship is created with the Card Network as a result of the Order Intelligence Services. The Card Networks shall not be responsible or liable to Merchant in any way for any type of expenses that may be incurred by Merchant in connection with this Agreement.
7. IP RIGHTS ASSOCIATED WITH THE PROGRAM. The intellectual property rights in all Application Programing Interfaces (APIs), software, processes, information, technology or data supplied or made available by CBG or Visa to Merchant vis-à-vis the Program will remain the property of the supplying party. Except as expressly set forth herein, neither CBG nor Visa grants Merchant any license, sub-license or other right in or to such intellectual property rights.
8. VISA RULES. Notwithstanding anything to the contrary in this Agreement, Merchant acknowledges and agrees that nothing in this Agreement will impact Visa’s or CBG’s rights or obligations under the Visa Core Rules and Visa Product and Service Rules with regards to transaction data required by the Program.
9. ADDITIONAL DISCLAIMER OF WARRANTIES. VISA AND CBG MAKE NO WARRANTIES, EXPRESS OR IMPLIED, CONCERNING THE SUBJECT MATTER OF THIS AGREEMENT, AND FULLY DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. THE PROGRAM AND APIs PROVIDED UNDER THIS AGREEMENT BY VISA OR ITS PERSONNEL, INCLUDING CBG, ARE “AS IS” AND “AS AVAILABLE.” FURTHER, VISA AND CBG DO NOT WARRANT ANY RESULTS FROM THE USE OF THE PROGRAM OR THAT USE OF THE PROGRAM WILL BE UNINTERRUPTED OR ERROR FREE.
10. INDEMNITY AND DEFENSE. Merchant agrees to indemnify, defend, and hold harmless CBG and its Personnel, including Visa, from and against any loss, liability, damage, penalty or expense (including reasonable attorney’s fees and other costs of defense) they may suffer or incur as a result of (i) any failure by Merchant or its Personnel to comply with the terms of this Agreement; (ii) any warranty or representation made by Merchant or its Personnel CBG or Visa being false or misleading;(iii) any representation, warranty or undertaking made by Merchant or its Personnel to any third person other than as specifically authorized by this Agreement; (iv) the manner or method in which Merchant performs its services and discharges its obligations pursuant to this Agreement, (v) gross negligence of Merchant or its Personnel, or (vi) any alleged or actual violations by Merchant of any Applicable Laws.
11. Relationship of Parties. CBG and Merchant agree that in performing their respective obligations hereunder they are in the position of independent contractors. This Agreement is not intended to create, nor does it create, and shall not be construed to create a relationship of partnership or joint venture or agency or any association for profit between CBG and Merchant. All expenses and disbursements, including those for travel and maintenance, entertainment, training, office, employees, source deductions, taxes, employee taxes or remittances, clerical and general selling expenses that may be incurred by Merchant in connection with this Agreement shall be borne wholly and completely by Merchant, and CBG and/or Visa shall not be in any way responsible or liable therefore.

 

 

Schedule B

Automatic Bank Debit Authorization Form

 

You authorize regularly scheduled debits from your bank account. You will be invoiced twice monthly and payments will be charged three (3) days after invoicing. You agree that no prior-notification will be provided unless the date or amount changes, in which case you will receive notice from us prior to the payment being collected.

I authorize CHARGEBACK GURUS to charge my bank account indicated below as per the payment terms stipulated in this service agreement for the services I opted for.

I understand that this authorization will remain in effect until I cancel it in writing, and I agree to notify CHARGEBACK GURUS in writing of any changes in my account information or termination of this authorization at least 15 (fifteen) days prior to the next billing date. If the above noted periodic payment dates fall on a weekend or holiday, I understand that the payment may be executed on the next business day. I understand that because this is an electronic transaction, these funds may be withdrawn from my account as soon as the above noted periodic transaction dates.

In the case of an ACH Transaction being rejected for Non-Sufficient Funds (NSF), I understand that CHARGEBACK GURUS may at its discretion attempt to process the charge again within 30 (thirty) days and agree to an additional $40.00 charge (forty dollar) for each attempt returned NSF which will be initiated as a separate transaction from the authorized recurring payment. I acknowledge that the origination of ACH transactions to my account must comply with the provisions of U.S. law. I agree not to dispute this recurring billing with my bank so long as the transactions correspond to the terms indicated in this service agreement.

 

Note: The signature below must be that of an authorized signor on the Bank Account listed below:
Name on Bank Account:
Bank Name:
Bank Routing Number:
Bank Account Number:
Signature:
Date:
Company Name:

 

 

Addendum 1

Data Processing Addendum

 

This Data Processing Addendum, and all Exhibits attached hereto and documents incorporated by reference herein (this “DPA”), effective as of ________________ __, 20__ (the “Effective Date”), is by and between International Risk Mitigation, LLC d/b/a Chargeback Gurus (“CBG”), and INSERT COMPANY’S LEGAL NAME (“Merchant”). This DPA will supplement, amend and/or modify, as applicable, the Master Services Agreement and any applicable Statements of Work INSERT OTHER RELEVANT AGREEMENT FOR CBGS/REFERRALS, effective as of INSERT EFFECTIVE DATE OF AGREEMENT, by and between the Parties (the “Agreement”). In consideration of the mutual promises herein contained and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties hereby agree as follows:

Definitions. All capitalized terms used but not otherwise defined herein will have the meaning set forth in this Section 1 (Definitions):

“Data Protection Law” means, as applicable: (i) any U.S. privacy laws that apply to the Services; (ii) Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “EU GDPR”); (iii) the EU GDPR as incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable legislation under such Act (the “UK GDPR”); and/or (iv) the Federal Act on Data Protection of 19 June 1992 (Switzerland) (the “Swiss FADP”).

“EEA” means the European Economic Area.

“EU” means the European Union.

“Party” means each of Merchant and CBG, and “Parties” means, collectively, Merchant and CBG.

“Standard Contractual Clauses” or “SCCs” means the clauses annexed to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, which are available online at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

“Transfer” means to disclose, provide or otherwise make personal data available to a third party including, but not limited to, disclosure by physical movement of the personal data to such third party or by enabling access to the personal data by other means.

“UK” means the United Kingdom.

The terms “controller”, “data subject”, “personal data”, “personal information”, “personal data breach”, “process” or “processing”, and “processor” each have the meaning set forth in the applicable Data Protection Law.

Roles of the Parties. The Parties agree that, for purposes of any applicable Data Protection Laws, Merchant is a controller (or, as applicable, a processor) of personal data, and CBG is a processor of personal data. Each Party shall comply with the obligations of Data Protection Laws applicable to it in connection with this DPA and the processing of personal data.

Processing of Personal Data. CBG will process personal data solely: (a) as needed to perform its obligations under the Agreement, (b) in accordance with the Agreement, this DPA, or other documented instructions received from Merchant as further set forth in Section 4 (Instructions), and (c) as needed to comply with applicable law. The details of the processing of personal data (including the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects) are set forth in Exhibit A attached hereto.

Instructions. CBG will process personal data in accordance with Merchant’s documented, lawful instructions as specified in the Agreement and this DPA, including instructions regarding Transfers. Merchant may provide additional instructions in writing to CBG with regard to the processing of personal data in accordance with Data Protection Laws. CBG will comply with reasonable, lawful and documented additional instructions from Merchant. Unless prohibited by applicable law, CBG will inform Merchant if, in CBG’s reasonable opinion, an instruction from Merchant violates applicable Data Protection Laws.

Data Subject Requests. If CBG receives a request from a data subject that relates to Merchant’s personal data and identifies Merchant, CBG will promptly instruct the data subject to submit such request to Merchant. CBG will reasonably assist Merchant, by appropriate technical and organizational measures and taking into account the nature of the processing, in meeting Merchant’s obligations to respond to data subjects’ requests to exercise their rights, including their rights to access, correction, objection, erasure and data portability.

Additional Assistance. Taking into account the nature of the processing and the information available to CBG, CBG also will reasonably assist Merchant in meeting its compliance obligations regarding: (a) ensuring the security of the personal data; (b) responding to personal data breaches, as further set forth below in Section 11 (Personal Data Breach); and (c) carrying out privacy and data protection impact assessments and related consultations of data protection authorities.

Use of Sub-processors. Merchant hereby provides CBG with a general written authorization to appoint affiliates and third-party subcontractors (each a “Sub-processor”) to process Merchant’s personal data in connection with the provision of services pursuant to the Agreement. CBG may continue to use those Sub-processors already engaged as of the Effective Date, a list of which appears in Exhibit A. At least fifteen (15) business days prior to appointing any new Sub-processor to process Merchant’s personal data in connection with the provision of services pursuant to the Agreement, CBG will provide Merchant with a notice of its intent to appoint the new Sub-processor. If Merchant does not object within five (5) business days after receiving such notice, the new Sub-processor shall be deemed approved. If Merchant objects within such five (5) business day period, the Parties will use good faith efforts to resolve such objection within a reasonable time. If the Parties are unable to resolve such objection within a reasonable time, Merchant may terminate the Agreement and this DPA, upon notice to CBG, without cost or penalty beyond the payment of any amounts already invoiced or to be invoiced for work already performed by CBG pursuant to the Agreement. Before permitting any Sub-processor to process Merchant’s personal data, CBG will enter into a written agreement with such Sub-processor that is no less restrictive than this DPA with respect to the processing of personal data. CBG will remain responsible and liable for any act or omission by such Sub-processor with respect to the personal data as if such act or omission were performed by CBG.

Transfers.

To the extent the processing of personal data by CBG involves any Transfers by Merchant of personal data originating within the EEA, UK, or Switzerland to CBG in a country located outside the EEA, UK, or Switzerland that has not been the subject of a binding adequacy decision by the European Commission or by a similar competent data protection authority, such Transfers will be made pursuant to the SCCs, which are hereby incorporated by reference, subject to the following:

• where Merchant is a controller and CBG is a processor, such Transfers will be made pursuant to Module Two of the Standard Contractual Clauses;
• where both Merchant and CBG are processors, such Transfers will be made pursuant to Module Three of the Standard Contractual Clauses;
• where the Transfer relates to personal data originating within the UK, the Standard Contractual Clauses shall be modified as set forth within the “UK Transfer Addendum”, developed by the UK Information Commissioner’s Office (“UKICO”) and effective as of March 21, 2022, which is available online at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, and incorporated herein by this reference;
• the Parties’ choices, with respect those elements of the Standard Contractual Clauses that provide for optionality, are set forth on a jurisdiction-by-jurisdiction basis in Exhibit B; and
• the information required by Annex I of the Standard Contractual Clauses appears in Exhibit A, and the information required by Annex II of the Standard Contractual Clauses appears in Exhibit C. The list required by Annex III appears in Exhibit A.

Any onward Transfers by CBG of personal data originating within the EEA, UK, or Switzerland to a recipient in a country located outside the EEA, UK, or Switzerland that has not been the subject of a binding adequacy decision by the European Commission or by a similar competent data protection authority shall be subject to binding and appropriate Transfer mechanisms that provide an adequate level of protection in compliance with Data Protection Laws, such as the standard contractual clauses or approved binding corporate rules.

Confidentiality. CBG will ensure that all persons authorized to process personal data are subject to written obligations of confidentiality or are under an appropriate statutory obligation of confidentiality that are no less restrictive that those set forth herein or in the Agreement.

Security. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, CBG will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk presented by the processing of personal data.

Personal Data Breach. If CBG becomes aware that there has been a personal data breach, CBG will notify Merchant in writing of such personal data breach without undue delay. Taking into account the nature of processing and the information available to CBG, CBG will reasonably assist Merchant in complying with its obligations regarding personal data breaches.

Return or Disposal. CBG will destroy or return all personal data to Merchant upon completion of the provision of services or upon termination of the Agreement and destroy existing copies of personal data unless applicable law or CBG’s reasonable data retention policy requires storage of the personal data. Any personal data retained by CBG pursuant to this Section 12 (Return or Disposal) shall be retained in accordance with the terms of this DPA.

Audits; Inquiries. CBG will make available to Merchant information necessary to demonstrate compliance with Data Protection Laws and this DPA, and allow for and contribute to audits, including inspections, conducted by the internal and external auditors and personnel of Merchant and applicable data protection authorities.  

Disclosure Requests. If CBG receives any subpoena, judicial, administrative or arbitral order of an executive or administrative agency, regulatory agency, or other governmental authority which relates to its processing of Merchant’s personal data (“Disclosure Request”), it will promptly pass on such Disclosure Request to Merchant without responding to it, unless otherwise required by applicable law. CBG will provide Merchant with relevant information in its possession that may be responsive to the Disclosure Request and any reasonable assistance required for Merchant to promptly respond to such Disclosure Request.

Record of Processing. CBG will keep appropriate documentation of its processing activities as required by applicable Data Protection Laws and will share such records related to Merchant’s personal data upon request.

Survival. CBG’s obligations under this DPA will continue for so long as CBG has access to, is in possession of or acquires personal data, even if the Agreement between CBG and Merchant has expired or been terminated.

Interpretation. Except as specifically provided herein, the Agreement shall remain in full force and effect. The rights granted to any Party hereunder are in addition to and not a replacement for other rights such Party may have under the Agreement. In the event of any conflict or inconsistency between the terms of this DPA and the terms of the Agreement with respect to the processing of personal data, the terms of this DPA shall control. In the event of any conflict or inconsistency between the terms of any applicable module of the SCCs and the terms of this DPA, the terms of the SCCs shall control.

IN WITNESS WHEREOF, the Parties hereto have caused this DPA to be executed by their duly authorized representatives as of the Effective Date.

 

Merchant	International Risk Mitigation LLC dba Chargeback Gurus
By:	By:
Name:	Name:
Title:	Title:
Date:	Date:

 

 

Exhibit A

Details of Processing

1.    List of Parties

Data Exporter (Merchant):

Name:	Merchant Name
Address:
Contact Person:	[TBD] [TBD] phone: [TBD] e-mail: [TBD]
Activities Relevant to Transferred Data:	[TBD]
Role:	Controller

Data Importer (CBG):

Name:	International Risk Mitigation, LLC d/b/a Chargeback Gurus
Address:	5601 Democracy Dr Ste 195 Plano, TX 75024
Contact Person:	Suresh Kamaraj phone: 91-984-123-6866 e-mail: suresh.kamaraj@chargebackgurus.com
Activities Relevant to Transferred Data:	Data analytics and consumer dispute resolution
Role:	Processor

2.    Description of Transfer

Subject Matter of the Processing:	Individual credit card transaction information in connection with consumer payment disputes
Nature and Purpose of Processing:	Data analytics in connection with consumer credit card transaction disputes
Duration of Processing:	For the term of the Agreement
Categories of Data Subjects:	Consumer credit cardholders
Categories of Personal Data:	Contact information
Special Categories of Personal Data:	None
Frequency of the Transfer:	As needed to perform services
Retention Criteria:	For the term of the Agreement
Subject Matter, Nature, and Duration of Sub-processor Processing:	Same as Processor

 

 

3.    CBG’s Existing Subprocessors

Sub-Processor	Location	Description of Processing
Chargeback Gurus Fintech Services Pvt Ltd	India	Data analytics in connection with preparation of Chargeback responses and related services
Amazon Web Services	US	Cloud data storage provider
Rapid Canvas	US	Provides data science software and services

 

Exhibit B

Standard Contractual Clauses – Implementation Choices

	EEA Data	UK Data	Swiss Data
Clause 7	The Parties choose to include the optional docking clause.
Clause 9	The Parties choose Option 2, “General Written Authorization,” and a notification period of fifteen (15) business days.
Clause 11	The Parties choose not to include the optional language providing data subjects with the right to lodge complaints with an independent dispute resolution body.
Clause 13	The Irish Data Protection Commission will be the competent supervisory authority.	The UKICO will be the competent supervisory authority.	The Swiss Federal Data Protection and Information Commissioner (“FDPIC”) will be the competent supervisory authority.
Clause 17	The SCCs shall be governed by the laws of the Republic of Ireland.	The SCCs, including the incorporated UK Transfer Addendum, shall be governed by the laws of England and Wales.	The SCCs shall be governed by the laws of the Republic of Ireland.
Clause 18	The Parties agree that any dispute arising from the SCCs shall be resolved by the courts of the Republic of Ireland.	The Parties agree that any dispute arising from the SCCs or the incorporated UK Transfer Addendum shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the Data Exporter and/or Data Importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.	The parties agree that any dispute between the Parties arising from the SCCs shall be resolved by the courts of the Republic of Ireland, but the Parties’ selection of forum may not be construed as forbidding data subjects in Switzerland from suing for their rights in Switzerland.

 

 

Exhibit C

Technical and Organizational Security Measures

Chargeback Gurus has implemented and will maintain the physical, organizational and IT security measure reasonably required for safeguarding data against corruption, loss, or access from any unauthorized third party. Details of Physical, Organizational and IT Security measures currently maintained by Chargeback Gurus are listed below.

CBG reserves the right to make changes and updates to these Physical, Organizational and IT security measures to accommodate developments in industry from time to time.  

System and Network Security – Chargeback Gurus networks are protected with next generation firewalls. Firewalls are also enabled with IPS (Intrusion Prevention System) and IDS (Intrusion Detection system) with rules updated on a regular basis. CBG implemented technical and organizational measures to support the security of the network as well as confirming the availability of systems and access to sensitive data. Any unauthorized, or malicious network activities are captured through security logging and monitoring.

Physical security – CBG Implemented physical security for all its data processing facilities as well as took precautions against environmental threats and power disruptions. Access to the facilities and controlled area within the facilities are limited for employees and subject to authorized approval. CCTV deployed across processing facilities and entry to the facility is controlled over bio-metric access and all the access logs are captured.

Endpoint Protection - CBG implemented protections on end-user devices and monitor those devices to be in compliance with the security standard requiring login passwords, screen saver, antivirus software, firewall software, unauthenticated file sharing, hard disk encryption and appropriate patch levels. Controls are implemented to detect and remediate workstation compliance deviations. CGB will securely sanitize physical media intended for reuse prior to such reuse and will destroy physical media not intended for reuse.

Encryption – All the sensitive data that CBG process, transmit or stores are encrypted using industry recommended encryption algorithm.

Appropriate disposal – Disposal of paperwork and devices that contain data in a way that data cannot be retrieved by an unauthorized person, whether intentionally or unintentionally. Digital databases and hardware devices are disposed of in a secure manner. 

Passwords – CBG strictly follows password policy and ensures all the passwords created are strong as suggested by industry standard. Apart from having a policy in place for setting strong passwords, CBG ensures that documents containing sensitive data are password protected.

User Access rights – CBG maintains proper controls for requesting, granting, modifying, granting, revalidating, and revoking user access to systems and applications containing data. Only employees with clear business needs will have access to data located on servers, applications, and databases. All access requests are approved on role-based and the same will be reviewed on a regular basis.

Security Incidents – CBG maintains an incident response plan and follows documented incident response policies including data breach notification to data controller without undue delay where a breach is found or suspected to affect the sensitive data.

Security policies – CBG maintain and follow IT security policies and procedures that are integral to CBG’s business and its employees. IT security policies are reviewed periodically and amend changes accordingly.

Business continuity plan – CBG ensures availability of data through business continuity and disaster recovery planning. All the managed services will have defined and documented business continuity and disaster recovery plans with industry standard practices. Business continuity and disaster recovery plans are reviewed on an annual basis.

Risk assessments – CBG assesses risks related to processing of data and maintaining a risk register. All the organizational risks are captured on the risk register and appropriate controls are applied to mitigate those risks. Risk registers are reviewed periodically, and additional controls implemented to mitigate those risks.

Controls and Validation – CBG will maintain policies and procedures designed to manage risks associated with the application of changes to the systems. Prior to implementation, changes to systems, networks, and underlying components, will be documented in a registered change request that includes a description and reason for the change, implementation details and schedule, a risk statement addressing impact to the Client, expected outcome, rollback plan, and documented approval by authorized personnel.

Threat and Vulnerability Management – CBG maintain measures to identify, manage, mitigate and /or remediate vulnerabilities within CBG’s computing environments. Security measures include:

• Patch management
• Anti-virus / anti-malware
• Threat notification advisories
• Vulnerability scanning and periodic penetration testing within remediation of identified vulnerabilities.

Awareness & training – Regular and on-going computer-based security and privacy awareness sessions conducted for all CBG employees (Full time / Part time / Contract). Developing a culture of security and data protection awareness ensures that all the CBG employees know the legal requirements and what is expected of them. Security and data protection is not a one-man-show, every employee has a role to play.

Reviews & audits – Having policies and procedures in place is not enough. CBG ensures that they are effective and therefore, it is important to establish controls and audits to evaluate effectiveness, correct what is not working and improve whatever could have been done better.

Privacy by Design – CBG incorporates privacy by design for systems and enhancements at the earliest stage of development as well as educating all employees on security and privacy on a regular basis.

Compliance & Certifications – CBG holds the following compliance and certifications.

• SOC-2, Type II
• PCI-DSS
• GDPR