The URL can be used to link to this page

Home My WebLink AboutProgram Terms and ConditionsMerchant Services Program Terms and Conditions (Program Guide) Thank you for selecting us for your payment processing needs. Accepting numerous payment options provides a convenience to your customers, increases your customers’ ability to make purchases at your establishment, and helps speed payment to your account. Your Merchant Processing Application will indicate the types of payments and Services you have elected to accept. These Program Terms and Conditions (“the Program presents terms governing the acceptance of Visa , , and Discover Network Credit Card and Non-PIN Debit Card payments, PayPal in-store CardGuide”)Mastercard payments, American Express Card transactions and applicable Non-Bank Services. This Program Guide, your Merchant Processing Application and the schedules thereto (collectively, the “Agreement”), including, without limitation, the Interchange Qualification Matrix and American Express Program Pricing and one of the Interchange Schedules, as applicable to your pricing method as set forth in the Merchant Processing Application, contains the terms and conditions under which Processor and/or Bank and/or other third parties, will provide services . We will not accept any alterations or strike-outs to the Agreement and, if made, any such alterations or strike-outs shall not apply. Please read this Program Guide completely. You acknowledge that certain Services referenced in the Agreement may not be available to you. IMPORTANT INFORMATION ABOUT BANK’S RESPONSIBILITIES: Discover Network Card Transactions, PayPal in-store Card Transactions, American Express Card Transactions and other Non-Bank Services are not provided to you by Bank, but are provided by Processor and/or third parties. The provisions of this Agreement regarding Discover Network Card Transactions, PayPal in-store Card Transactions, American Express Card Transactions and other Non-Bank Services constitute an agreement solely between you and Processor and/or third parties. Bank is not a party to this Agreement insofar as it relates to Discover Network Card Transactions, PayPal in- store Card Transactions, American Express Card Transactions and other Non-Bank Services, and Bank is not responsible, and shall have no liability, to you in any way with respect to Discover Network Card Transactions, PayPal in-store Card Trans- actions, American Express Card Transactions and Non-Bank Services. OTHER IMPORTANT INFORMATION: Cards present risks of loss and non-payment that are different than those with other payment systems. In deciding to accept Cards, you should be aware that you are also accepting these risks. Visa U.S.A., Inc. Mastercard Worldwide , DFS Services LLC , PayPal, Inc. and American Express Company, Inc. (“Visa”)(“Mastercard”)(“Discover Network”)(“PayPal”) are payment card networks that electronically exchange Sales Drafts and Chargebacks for Card sales and Credits. Sales Drafts are electronically(“American Express”) transferred from banks (in the case of Mastercard and Visa transactions) or network acquirers (in the case of Discover Network and PayPal in-store Card transactions) that acquire them from merchants such as yourself through the appropriate Card Organization, to the Issuers. These Issuers then bill their Cardholders for the transactions. The Card Organizations charge the Acquirers interchange fees, pricing and/or assessments for submitting transactions into their systems. A substantial portion of the Discount Rate or Transaction Fees that you pay will go toward these interchange fees, pricing and assessments. In order to speed up the payment process, the Issuer transfers the funds back through the Card Organization to the Acquirer at approximately the same time that the Issuer receives the electronic Sales Drafts. Even though the payments under this system are made simultaneously, all payments made through the Card Organizations are conditional and subject to reversals and adjustments. Each Card Organization has developed Card Organization Rules that govern their Acquirers and Issuers and the procedures, responsibilities and allocation of risk for this process. Merchants are also bound by Card Organization Rules and applicable laws and regulations. The Card Organization Rules and applicable laws and regulations give Cardholders and Issuers certain rights to dispute transactions, long after payment has been made to the merchant, including Chargeback rights. We do not decide what transactions are charged back and we do not control the ultimate resolution of the Chargeback. While we can attempt to reverse a Chargeback to the Issuer, we can only do so if the Issuer agrees to accept it or the Card Organization requires the Issuer to do so after a formal appeal process. Sometimes, your customer may be able to successfully charge back a Card transaction even though you have provided your goods or services and are otherwise legally entitled to payment from your customer. While you may still be able to pursue claims directly against that customer, neither we nor the Issuer will be responsible for such transactions. You will be responsible for all Chargebacks and adjustments associated with the transactions that you submit for processing. Please refer to the Glossary for certain capitalized terms used in the Agreement, including this Preface (if not defined above). Capitalized terms not otherwise defined in the Agreement may be found in the Card Organization Rules. PREFACE ®®®® ® Brian Benton Date 2024-03-04 Brian Benton City of Sebastian a. b. c. d. e. f. g. h. Important Merchant Responsibilities: Ensure compliance with Cardholder data security and storage requirements. Maintain fraud and Chargebacks below Card Organization thresholds. Review and understand the terms of the Merchant Agreement. Comply with Card Organization Rules and applicable law and regulations. Retain a signed copy of this Disclosure Page. You may download “Visa Regulations” from Visa’s website at: https://usa.visa. com/dam/VCOM/download/about-visa/visa-rules-public.pdf You may download “Mastercard Regulations” from Mastercard’s website at: www.mastercard.us/content/dam/mccom/global/documents/mastercard-rules. .pdf You may download “American Express Merchant Operating Guide” from American Express’ website at: .www.americanexpress.com/us/merchant a. b. c. d. e. f. Important Member Bank Responsibilities: The Bank is the only entity approved to extend acceptance of Visa and Mastercard products directly to a merchant. The Bank must be a principal (signer) to the Agreement. The Bank is responsible for educating merchants on pertinent Visa and Mastercard rules with which merchants must comply; but this information may be provided to you by Processor. The Bank is responsible for and must provide settlement funds to the merchant. The Bank is responsible for all funds held in reserve that are derived from settlement. The Bank is the ultimate authority should a merchant have any problems with Visa or Mastercard products (however, Processor also will assist you with any such problems). 9. We have assumed certain risks by agreeing to provide you with Card processing or check services. Accordingly, we may take certain actions to mitigate our risk, including termination of the Agreement, and/or hold monies otherwise payable to you (see Card Processing General Terms in Section 31, Term; Events of Default and Section 32, Reserve Account; Security Interest), (see TeleCheck Solutions Agreement in Section 7), under certain circumstances. By executing this Agreement with us you are authorizing us and our Affiliates to obtain financial and credit information regarding your business and the signers and guarantors of the Agreement until all your obligations to us and our Affiliates are satisfied. The Agreement contains a provision that in the event you terminate the Agreement prior to the expiration of your initial three (3) year term, you will be responsible for the payment of an early termination fee as set forth in Part IV, A. 3 under “Additional Fee Information” and Section 16.2 of the TeleCheck Solutions Agreement. 8. 7. 6.Your Discount Rates are assessed on transactions that qualify for certain reduced interchange rates imposed by Mastercard, Visa, Discover and PayPal. Any transactions that fail to qualify for these reduced rates will be charged an additional fee (see Section 26 of the Program Guide). We may debit your bank account (also referred to as your Settlement Account) from time to time for amounts owed to us under the Agreement. There are many reasons why a Chargeback may occur. When they occur we will debit your settlement funds or Settlement Account. For a more detailed discussion regarding Chargebacks see Section 15 of the Your Payments Acceptance Guide or see the applicable provisions of the TeleCheck Solutions Agreement. If you dispute any charge or funding, you must notify us within 60 days of the date of the statement where the charge or funding appears for Card Processing or within 30 days of the date of a TeleCheck transaction. The Agreement limits our liability to you. For a detailed description of the limitation of liability see Section 28, 38.3, and 40.10 of the Card General Terms; or Section 17 of the TeleCheck Solutions Agreement. 5. 4. 3. 2. 1. Customer Service #:1-877-828-0720URL:www.cardconnect.com 1000 Continental Drive, Suite 300, King of Prussia, PA 19406 CardConnect LLC PROCESSOR INFORMATION: Name: Address: Please read the Program Guide in its entirety. It describes the terms under which we will provide merchant processing Services to you. From time to time you may have questions regarding the contents of your Agreement with Bank and/or Processor or the contents of your Agreement with TeleCheck.The following information summarizes portions of your Agreement in order to assist you in answering some of the questions we are most commonly asked. Card Organization Disclosure Visa and Mastercard Member Bank Information: Wells Fargo Bank, N.A. The Bank’s mailing address is P.O. Box 6079, Concord, CA 94524, and its phone number is 1-844-284-6834. Print Client’s Business Legal Name: By its signature below, Client acknowledges that it has received the Merchant Processing Application, Program Terms and Conditions [version GenCP-WF- 2602_PG_02.28.23] consisting of 44 pages [including this Confirmation Page and the applicable Third Party Agreement(s)]. Client further acknowledges reading and agreeing to all terms in the Program Terms and Conditions. Upon receipt of a signed facsimile or original of this Confirmation Page by us, Client’s Application will be processed. NO ALTERATIONS OR STRIKE-OUTS TO THE PROGRAM TERMS AND CONDITIONS WILL BE ACCEPTED. Client's Business Principal Signature: Please Print Name of Signer CONFIRMATION PAGEGenCP-WF-2602_PG_02.28.23 Brian Benton Date 2024-03-04 Brian Benton City of Sebastian a. b. c. d. e. f. g. h. Important Merchant Responsibilities: Ensure compliance with Cardholder data security and storage requirements. Maintain fraud and Chargebacks below Card Organization thresholds. Review and understand the terms of the Merchant Agreement. Comply with Card Organization Rules and applicable law and regulations. Retain a signed copy of this Disclosure Page. You may download “Visa Regulations” from Visa’s website at: https://usa.visa. com/dam/VCOM/download/about-visa/visa-rules-public.pdf You may download “Mastercard Regulations” from Mastercard’s website at: www.mastercard.us/content/dam/mccom/global/documents/mastercard-rules. .pdf You may download “American Express Merchant Operating Guide” from American Express’ website at: .www.americanexpress.com/us/merchant a. b. c. d. e. f. Important Member Bank Responsibilities: The Bank is the only entity approved to extend acceptance of Visa and Mastercard products directly to a merchant. The Bank must be a principal (signer) to the Agreement. The Bank is responsible for educating merchants on pertinent Visa and Mastercard rules with which merchants must comply; but this information may be provided to you by Processor. The Bank is responsible for and must provide settlement funds to the merchant. The Bank is responsible for all funds held in reserve that are derived from settlement. The Bank is the ultimate authority should a merchant have any problems with Visa or Mastercard products (however, Processor also will assist you with any such problems). 9. We have assumed certain risks by agreeing to provide you with Card processing or check services. Accordingly, we may take certain actions to mitigate our risk, including termination of the Agreement, and/or hold monies otherwise payable to you (see Card Processing General Terms in Section 31, Term; Events of Default and Section 32, Reserve Account; Security Interest), (see TeleCheck Solutions Agreement in Section 7), under certain circumstances. By executing this Agreement with us you are authorizing us and our Affiliates to obtain financial and credit information regarding your business and the signers and guarantors of the Agreement until all your obligations to us and our Affiliates are satisfied. The Agreement contains a provision that in the event you terminate the Agreement prior to the expiration of your initial three (3) year term, you will be responsible for the payment of an early termination fee as set forth in Part IV, A. 3 under “Additional Fee Information” and Section 16.2 of the TeleCheck Solutions Agreement. 8. 7. 6.Your Discount Rates are assessed on transactions that qualify for certain reduced interchange rates imposed by Mastercard, Visa, Discover and PayPal. Any transactions that fail to qualify for these reduced rates will be charged an additional fee (see Section 26 of the Program Guide). We may debit your bank account (also referred to as your Settlement Account) from time to time for amounts owed to us under the Agreement. There are many reasons why a Chargeback may occur. When they occur we will debit your settlement funds or Settlement Account. For a more detailed discussion regarding Chargebacks see Section 15 of the Your Payments Acceptance Guide or see the applicable provisions of the TeleCheck Solutions Agreement. If you dispute any charge or funding, you must notify us within 60 days of the date of the statement where the charge or funding appears for Card Processing or within 30 days of the date of a TeleCheck transaction. The Agreement limits our liability to you. For a detailed description of the limitation of liability see Section 28, 38.3, and 40.10 of the Card General Terms; or Section 17 of the TeleCheck Solutions Agreement. 5. 4. 3. 2. 1. Customer Service #:1-877-828-0720URL:www.cardconnect.com 1000 Continental Drive, Suite 300, King of Prussia, PA 19406 CardConnect LLC PROCESSOR INFORMATION: Name: Address: Please read the Program Guide in its entirety. It describes the terms under which we will provide merchant processing Services to you. From time to time you may have questions regarding the contents of your Agreement with Bank and/or Processor or the contents of your Agreement with TeleCheck.The following information summarizes portions of your Agreement in order to assist you in answering some of the questions we are most commonly asked. Card Organization Disclosure Visa and Mastercard Member Bank Information: Wells Fargo Bank, N.A. The Bank’s mailing address is P.O. Box 6079, Concord, CA 94524, and its phone number is 1-844-284-6834. Print Client’s Business Legal Name: By its signature below, Client acknowledges that it has received the Merchant Processing Application, Program Terms and Conditions [version GenCP-WF- 2602_PG_02.28.23] consisting of 44 pages [including this Confirmation Page and the applicable Third Party Agreement(s)]. Client further acknowledges reading and agreeing to all terms in the Program Terms and Conditions. Upon receipt of a signed facsimile or original of this Confirmation Page by us, Client’s Application will be processed. NO ALTERATIONS OR STRIKE-OUTS TO THE PROGRAM TERMS AND CONDITIONS WILL BE ACCEPTED. Client's Business Principal Signature: Please Print Name of Signer DUPLICATE CONFIRMATION PAGEGenCP-WF-2602_PG_02.28.23 TABLE OF CONTENTS PART II: B. Card General Terms PART III: Third Party Agreements PART IV: Additional Important Information For Cards Confirmation Page Duplicate Confirmation Page PART I: Card Services A. Your Payments Acceptance Guide Part I - Gives you information about preparing to accept transactions Part II - Gives you information about transaction types (including chargebacks and retrievals) Part III - Gives you helpful information, and guidelines for specific industries TABLE OF CONTENTS 1.Use of Payments Organizations’ Brands 77 2.Point of Sale (POS) Reminders 77 3.Validating the Cards 77 4.Transaction Guidelines 88 5.Security 88 6.TransArmor Services 88 7.Debit Cards 88 8.Electronic Benefit Transfer (EBT) Transactions 99 9.Surcharging Requirements 99 10.Authorizations 1010 11.Special Types of Transactions 1010 12.Sales Drafts 1111 13.Refunds 1111 14.Exchanges 1212 15.Chargebacks, Retrievals and Other Debits 1212 16.Suspect/Fraudulent Transactions 1414 17.Lost/Recovered Cards 1414 18.Retention of Records 1414 19.Return of Equipment 1414 20.Timeframes 1414 21.Additional Provisions for Specific Industries 1515 Appendix 1 -Additional Provisions For Wex And Voyager 1515 Appendix 2 -Additional Provisions For American Express Transactions 1616 Appendix 3 -Special Provisions For Discover Network 1818 Appendix 4 -Special Provisions For PayPal 1919 Appendix 5 -Special Provisions For Alipay 1919 22.Services 2020 23.Your Payments Acceptance Guide; Card Organization Rules and Compliance 2020 24.Settlement of Card Transactions 2020 25.Exclusivity 2020 26.Fees; Adjustments; Collection of Amounts Due 2020 27.Chargebacks 2121 28.Representations; Warranties; Covenants; Limitations on Liability; Exclusion of Consequential Damages 2121 29.Confidentiality 2222 30.Use Of Data 2222 31.Assignments 2222 32.Term; Events of Default 2222 33.Reserve Account; Security Interest 2323 34.Financial and Other Information 2323 35.Indemnification 2323 36.Special Provisions Regarding Non-Bank Cards 2424 37.Special Provisions for Debit Card 2424 38.Special Provisions Regarding EBT Transactions 2525 39.Special Provisions Regarding Wireless Service 2626 40.Special Provisions Regarding Clover Security Plus 2727 41.Special Provisions Regarding Payeezy Gateway Services 29SM29 42.Special Provisions Regarding Main Street Insights Service Terms and Conditions 3131 43.Special Provisions Regarding Clover Service 3333 44.Special Provisions Regarding Clover Go Service (Mobile Payments) 3434 45.Special Provisions Regarding Clover Care 3434 46.Special Provisions Regarding Global ePricing Services 3535 47.PCI Concierge Terms and Conditions 3636 48.Commercial Card Interchange Service.3636 49.Choice of Law; Venue; Waiver of Jury Trial 3636 50.Other Terms 3636 51.Glossary 3737 Telecheck Solutions Agreement 4040 A.1.Electronic Funding Authorization 4444 A.2.Funding Acknowledgement 4444 A.3.Additional Fees and Early Termination 4444 A.4.6050W of the Internal Revenue Code 4444 A.5.Addresses For Notices 4444 your address, including country; the transaction security used on your website; any applicable export or legal restrictions; your identity at all points of interaction with the cardholder; and the date on which any free trial period ends. If you limit refund/exchange terms or impose other specific conditions for card sales, you must clearly print (in 1/4" letters) the words “No Exchange, No Refund,” etc. on the sales draft. During a liquidation or closure of any of your outlets, locations or businesses, you must post signs clearly visible to customers stating that “All Sales Are Final,” and stamp the sales draft with a notice that “All Sales Are Final.” 3. Validating the Cards Transactions where the cardholder is present - ‘Card Present’ transactions You must check the card if the cardholder is present at the point of sale; verify that the card is legitimate and valid; verify that the card is not visibly altered or mutilated; capture card data using the POS device by inserting the card (chip card), swiping the card (magnetic stripe), or tapping/waving the card (contactless). ensure that the cardholder enters their PIN using the keypad if prompted or provides their signature unless you are participating in the No Signature Required or PINless programs; verify the card’s valid from date (if applicable) and the expiration date; verify that the card number and expiration date on the card are the same as on the transaction receipt and the number displayed on the POS device; verify that the name on the transaction receipt is the same as the name on the front of the card (if applicable); and ensure that the cardholder appears to be the person shown in the photograph (for cards with a photograph of the cardholder). Transactions where the cardholder is not present - ‘Card Not Present’ transactions This section applies to any transaction where the cardholder is not present, such as mail, telephone, Internet and E-commerce. You may only conduct Internet transactions if you have notified us in advance and received approval. DO’S do obtain the card account number, name as it appears on the card, expiration date of the card, and the cardholder’s statement address. do use the Address Verification Service (AVS). If you do not have AVS, contact Customer Service immediately. do clearly print the following on the sales draft, and provide a copy to the cardholder at the time of delivery: the last four digits of the cardholder’s account number; the date of transaction; a description of the goods and services; the amount of the transaction (including shipping, handling, insurance, etc.); the cardholder’s name, billing address and shipping address; the authorization code; your name and address (city and state required). do obtain proof of delivery of the goods or services to the address designated by the cardholder or do notify the cardholder of delivery time frames and special handling or cancellation policies. do ship goods within 7 days from the date on which authorization was obtained. If delays are incurred (for example, out of stock) after the order has been taken, notify the cardholder and obtain fresh authorization of the transaction. do use any separate merchant identification numbers provided to you for Internet orders in all your requests for authorization and submission of charges. do provide at least 1 month’s prior written notice to your acquirer of any change in your Internet address. DON’TS don’t exceed the percentage of your total payment card volume for Card Not Present sales, as set out in your application. don’t submit a transaction for processing until after the goods have been shipped or the service has been provided to the cardholder - the only exception to this is where the goods have been manufactured to the cardholder’s specifications and the cardholder has been advised of the billing details. don’t accept card account numbers by electronic mail. don’t require a cardholder to complete a postcard or other document that displays the cardholder’s account number in clear view when mailed or send any mailing to a cardholder that displays personal information in clear view. It is also recommended that, if feasible, you obtain and keep a copy on file of the cardholder’s signature authorizing you to submit telephone and mail order transactions. Address Verification Service (AVS) (and other fraud mitigation tools such as Verified by Visa , Mastercard Secure Code, Card Validation Codes and Card Identification) does not guarantee against chargebacks; but, if used properly, they assist you in reducing the risk of fraud by confirming whether certain elements of the billing address provided by your customer match the billing address maintained by the card issuing bank. AVS also may help you avoid incurring additional interchange expenses. AVS is a separate process from obtaining an authorization and will provide a separate response. It is your responsibility to monitor the AVS responses and use the information provided to avoid accepting high-risk transactions. • • • • • • • • • – – – – – – – • • • • • • • • • • • • • • • •A. YOUR PAYMENTS ACCEPTANCE GUIDE Payment acceptance solutions are an essential part of your business, and we want to make accepting payments as simple as possible for you. This part of the Program Guide (through Appendix 5), is the Your Payments Acceptance Guide. It’s your quick reference to some guidelines for initiating transactions and accepting payments. You’ll also find recommendations and tips to help you prevent fraud, reduce chargebacks, and properly handle payments, refunds, exchanges, and most other situations you’ll encounter in your day-to day- business. To help you navigate more easily and find the information you need when you need it, we’ve organized this Section into three parts. At the end of the Section, you’ll also find information specific to processing WEX , USBank , Voyager , American Express , Discover , PayPal , and Alipay cards payments. Keep in mind, though, these guidelines highlight only some of the Card Organization Rules that apply to your acceptance of payments. Please carefully read the Card Organization Rules for each Card brand you accept. If you have questions about initiating transactions, accepting payments or any of your other business services, please contact Customer Service at the number listed on your merchant services statement. Your Customer Service team is here to make things easier so let us know what we can do to help. Part I The first step of a transaction actually begins before a customer even decides to make a purchase. This part of Your Payments Acceptance Guide reviews steps you’ll need to take to ensure customers are informed of their payment options and understand the terms of sale. You’ll also find tips and important reminders for validating cards in order to reduce the risk of fraud. Finally, specific procedures for accepting debit and EBT payments are outlined. If you have questions about anything discussed in this guide, please contact Customer Service at the number located on your merchant services statement. 1. Use of Payments Organizations’ Brands DO’S do prominently display relevant trademarks of the payments organizations at each of your locations, in catalogs, on websites and on other promotional material. do only use the official trademarks of ours and of the payments organizations in the official format. DON’TS don’t indicate that we or any payments organization endorses your goods or services. don’t use the trademarks of any payments organization after: your right to accept the cards of that payment organization has ended; or that payment organization has notified you to stop using their trademarks. don’t use the trademarks of ours or of the payments organizations in any way that injures or diminishes the goodwill associated with the trademarks. don’t use our trademarks or the trademarks of the payments organizations in any manner, including in any advertisements, displays, or press releases, without our prior written consent. For special rules applying to the treatment of the American Express brand, please refer to Appendix 2. 2. Point of Sale (POS) Reminders Do clearly and conspicuously: disclose all material terms of sale prior to obtaining an authorization; at all points of interaction inform cardholders which entity is making the sales offer, so that the cardholders can clearly distinguish you from any other party involved in the interaction; and disclose any discount/incentive/Surcharge for customers to pay with cash, check, credit card or debit card and so on. Any such discount/incentive must be offered to all customers with no special treatment for any card brand or card issuing bank. If you accept orders via the Internet, your website must include the following information in a prominent manner: Disclose the existence and amount of any Surcharge as a merchant fee and clearly alert consumers to the practice at the point of sale, both in store and online on every receipt. a complete description of the goods or services offered; details of your (i) delivery policy; (ii) consumer data privacy policy; (iii) cancellation policy; and (iv) returns policy; the transaction currency (US dollars, unless permission is otherwise received from Servicers); the customer service contact, including email address and telephone number;• • • • • • • • • • • • • • https://www.paypal.com/us/webapps /mpp/accept-payments-online PayPal™ https://usa.visa.com/dam/VCOM /download/about-visa/visa-rules-public. pdf Visa Inc. www.mastercard.us/content/dam /mccom/global/documents/mastercard- rules.pdf Mastercard Worldwide www.discovernetwork.com/merchantsDiscover Financial Services www.americanexpress.com/us /merchant American Express PART I: CARD SERVICES ®®®®®® ®® GenCP-WF-2602_PG_02.28.23 7 do ensure that all third parties and software that you use for payment processing•If a disputed charge arises for a transaction conducted over the Internet or do ensure that all third parties and software that you use for payment processing comply with the PCI DSS. do deploy the data protection solution (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout your systems including replacing existing card numbers on your systems with tokens. do use the token instead of card numbers for ALL activities after you receive the authorization response, including settlement processing, retrieval processing, chargeback and adjustment processing, and transaction reviews. do ensure that any POS device, gateway or VAR is certified by us for use with the data protection solution. If you are uncertain whether your equipment is compliant, contact a customer service representative at 866-359-0978. if you send or receive batch files containing completed card transaction information to/ from us, do use the service we provide to enable the files to contain only tokens or truncated information. do use truncated report viewing and data extract creation within reporting tools provided by us. do follow rules or procedures we give you periodically regarding your use of the data protection solution. do promptly notify us of a breach of any these terms. DON’TS don’t retain full card numbers, whether in electronic form or hard copy. don’t use altered version(s) of the data protection solution. don’t use, operate or combine the data protection solution or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this section. 7. Debit Cards When accepting debit cards, you’ll need to follow the specific requirements for each debit network, as well as, the general requirements set out in this section. DO’S do read the account number electronically from the magnetic stripe/chip for transactions authenticated with a PIN. If the magnetic stripe/chip is unreadable, you must request another form of payment from the cardholder. DON’TS don’t process a credit card transaction in order to provide a refund on a debit card transaction. don’t complete a debit card transaction without: entry of the PIN by the cardholder (and no one else); or signature by the cardholder (and no one else) Unless the transaction is a “no-signature” debit transaction or a “PINless” PIN debit transaction specifically supported by the debit network. don’t accept the PIN from the cardholder verbally or in written form. don’t manually enter the account number for PIN debit transactions. Signature debit transactions may be key entered if you are unable to swipe, dip, tap, or wave the card. The debit network used to process your debit transaction will depend upon, among other things, our own business considerations, the availability of the debit network at the time of the transaction, and whether a particular debit card is enabled for a particular debit network. The debit network used to route your transaction may or may not be the lowest cost network available. We may in our sole discretion: use any debit network available to us for a given transaction (including any of our affiliated PIN debit networks); and add or remove debit networks available to you based on a variety of factors including availability, features, functionality and our own business considerations. YOU ARE RESPONSIBLE FOR SECURING YOUR POS DEVICES AND FOR IMPLEMENTING APPROPRIATE CONTROLS TO PREVENT EMPLOYEES OR OTHERS FROM SUBMITTING CREDITS AND VOIDS THAT DO NOT REFLECT BONA FIDE RETURNS OR REIMBURSEMENTS OF PRIOR TRANSACTIONS. You may offer cash back to your customers when they make a PIN debit card purchase. You may set a minimum and maximum amount of cash back that you will allow. If you are not currently offering this service, your POS device may require additional programming to begin offering cash back as long as it is supported by the debit network. You must reconcile your accounts for each location daily and notify us within 24 hours of any issues. An adjustment is a transaction that is initiated to correct a debit card transaction that has been processed in error. For signature debit transactions (including “no- signature” debit transactions), both the cardholder and the card issuing bank have the right to question or dispute a transaction. If these questions or disputes are not resolved, a chargeback may occur. You are responsible for all adjustment and chargeback fees that may be charged by a debit network. An adjustment may be initiated for many reasons, including: the cardholder was charged an incorrect amount, whether too little or too much; the cardholder was charged more than once for the same transaction; a processing error may have occurred that caused the cardholder to be charged even though the transaction did not complete normally at the point of sale; or a cardholder is disputing the goods or services provided. All parties involved in processing adjustments and chargebacks are regulated by timeframes that are specified in the operating rules of the applicable debit network, the Electronic Funds Transfer Act, Regulation E, and other applicable law. • • • • • • • • – – • • • • • • • • • • • • • •If a disputed charge arises for a transaction conducted over the Internet or electronically, a chargeback may be exercised for the full amount. For Discover Network transactions, please refer to Appendix 3 for the Discover Network protocol for Internet transactions. Customer-activated terminals and self-service terminals Transactions processed at customer-activated terminals and self-service terminals have specific requirements for processing. You must contact Customer Service for approval and further instructions before conducting customer-activated terminal transactions or self-service terminal transactions. 4. Transaction Guidelines DO’S do only present for payment valid charges that arise from a transaction with a bona fide cardholder. DON’TS don’t set a minimum transaction amount of more than $10 for any credit cards or of any amount for debit cards or Alipay transactions. don’t set a maximum transaction amount for any credit cards. don’t establish any special conditions for accepting a card. don’t make any cash disbursements or cash advances to a cardholder as part of a transaction with the exception of the Discover Network Cash Over service. don’t accept any direct payments from cardholders for goods or services which have been included on a sales draft; don’t require a cardholder to supply any personal information for a transaction (for example, phone number, address, driver’s license number) unless (i) instructed by the Voice Authorization Center; (ii) presented an unsigned card; or (iii) processing a Card Not Present transaction don’t submit any transaction representing the refinance or transfer of an existing cardholder obligation which is deemed uncollectible, for example, a transaction that has been previously charged back, or to cover a dishonored check. don’t submit sales drafts or credit drafts transacted on the personal card of an owner, partner, officer or employee of your business establishment or of a guarantor who signed your application form, unless such transaction arises from a bona fide purchase of goods or services in the ordinary course of your business. don’t carry out factoring, that is, the submission of authorization requests or sales drafts for card transactions transacted by another business. 5. Security You are responsible for maintaining the security of your POS devices and for instituting appropriate controls to prevent employees or others from submitting credits that do not reflect bona fide returns or reimbursements of earlier transactions. Please comply with the data security requirements shown below: DO’S do install and maintain a secure firewall configuration to protect data. do protect stored data, and do encrypt transmissions of data sent across open /public networks, using methods indicated in the Payment Card Industry Data Security Standard (PCI DSS) which is available at: .www.pcisecuritystandards.org do use and regularly update anti-virus software and keep security patches up-to- date. do restrict access to data by business “need to know”. Assign a unique ID to each person with computer access to data and track access to data by unique ID. do regularly test security systems and processes. do maintain a policy that addresses information security for employees and contractors. do restrict physical access to cardholder information. do destroy or purge all media containing obsolete transaction data with cardholder information. do keep all systems and media containing card account, cardholder, or transaction information (whether physical or electronic) in a secure manner so as to prevent access by, or disclosure to any unauthorized party. do use only those services and devices that have been certified as PCI-DSS compliant by the payment organizations. DON’TS don’t use vendor-supplied defaults for system passwords and other security parameters. don't transmit cardholder account numbers to cardholders for Internet transactions. don’t store or retain card verification codes (a three digit code printed on the back of most cards and a four digit code printed on the front of an American Express card) after final transaction authorization. don’t store or retain magnetic stripe data, PIN data, chip data or AVS data - only cardholder account number, cardholder name and cardholder expiration date may be retained subsequent to transaction authorization. For Internet transactions, copies of the transaction records may be delivered to cardholders in either electronic or paper format. 6. TransArmor Services If you are receiving TransArmor services from us, the important DOs and DON’Ts listed below apply to you: DO’S do comply with the payments organization rules, including PCI DSS. do demonstrate and maintain your current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor (QSA) with corresponding Report on Compliance (ROC) or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC), as applicable, and if applicable to your business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with payments organization rules and PCI DSS • • • • • • • • • • • • • • • • • • • • • • • • • GenCP-WF-2602_PG_02.28.23 8 EBT service provider in accordance with this section or otherwise fail to process the EBT service provider in accordance with this section or otherwise fail to process the manual transaction in accordance with the Quest rules, except as specifically provided in the Quest rules. 9. Surcharging Requirements A “Surcharge” is an additional fee that you add to relevant transactions as permitted by Card Organization Rules and applicable laws (together, “Applicable Laws”). Merchants must receive prior approval from Processor before assessing a Surcharge. If you participate in Surcharging the following terms and conditions apply: DO Provide notice to the merchant’s acquirer/card brands before beginning to Surcharge, as applicable based on card brand rules Disclose the existence and amount of any Surcharges on a stand-alone basis in locations that the consumer is likely to see prior to committing to a transaction, including: signs or postings, webpages, advertising materials; catalogues or menus Provide disclosures that are prominent and easily visible to customers Place disclosures prominently on websites and the information should appear, at a minimum, before proceeding to checkout, in addition to other pages If a point-of-sale register is being used for the transaction ,the sign should be located near the register such that a customer would see it prior to initiating the checkout process A customer would see it prior to initiating the checkout process On a sign prominently near an entrance or other high-traffic part of the facility On a receipt, the disclosure must be broken out as its own line item, showing a dollar amount and how that dollar amount is added into the total cost Use the word “Surcharge” to describe the fee, accurately reflect the reason for the Surcharge, and describe it as a Surcharge you are assessing for accepting relevant transactions as permitted by Applicable Laws If the Surcharge is calculated as a percentage of the transaction amount, clearly disclose in writing the dollar and cents amount of the Surcharge prior to processing the charge. In the context of a card not present transaction, the dollar amount of the Surcharge must be disclosed prior to processing the transaction Provide full refunds for the exact dollar amount of the original transaction including tax, handling charges, Surcharges For partial refunds relating to Surcharge transactions, the Surcharge amount must be pro-rated DON’T Do not Surcharge for debit, prepaid card, or other transactions as prohibited by Applicable Laws Do not Surcharge on debit card transactions for which the cardholder using a debit card chooses “credit” on the point of sale terminal Do not characterize the Surcharge in a way that suggests it is not being imposed by the business itself (such as calling it “mandatory”) or that it is being imposed solely to cover credit card costs • • • • • • • – – – – – • • • 8. Electronic Benefit Transfer (EBT) Transactions We offer electronic interfaces to Electronic Benefit Transfer (EBT) networks for the processing, settlement and switching of EBT transactions initiated through the use of a state-issued EBT card at your point of sale terminal(s) so that EBT recipients may receive EBT benefits. EBT benefits may comprise: United States Department of Agriculture, Food and Nutrition Service (FNS), Supplemental Nutrition Assistance Program (SNAP), Women, Infants and Children Benefits (WIC Benefits), or Government delivered cash If you accept EBT transactions or provide EBT benefits: DO’S do provide EBT benefits to EBT recipients in accordance with applicable law and the procedures set out in the Quest rules, in the amount authorized through your terminal, upon presentation by an EBT recipient of an EBT card and such EBT recipient’s entry of a valid PIN. do use POS Terminals, PIN pad and printer or other equipment that meet required standards (including those set out in the Quest rules) during your normal business hours and in a manner consistent with your normal business practices. do comply with the procedures set out in the Quest rules for authorization of EBT benefits if your terminal fails to print EBT benefit issuance information as approved and validated as a legitimate transaction. do provide a receipt for each EBT transaction to the applicable EBT recipient. do provide EBT benefits for EBT recipients from all states. do notify us promptly if you plan to stop accepting EBT cards and providing EBT benefits or if you are unable to comply with this section or the Quest rules. do adequately display any applicable state’s service marks or other licensed marks, including the Quest marks, and other materials supplied by us in accordance with the standards set by the applicable state. do use any marks only to indicate that EBT benefits are issued at your location(s). do maintain adequate cash on hand to issue EBT service provider authorized cash benefits. do issue cash benefits to EBT recipients in the same manner and to the same extent cash is provided to your other customers. DON’TS don’t accept EBT cards or provide EBT benefits at any time other than in compliance with this section or the Quest rules. don’t designate and direct EBT recipients to special checkout lanes restricted to use by EBT recipients unless you also designate and direct other customers to special checkout lanes for debit cards, credit cards or other payment methods such as checks other than cash. don’t resubmit any EBT card transaction except as specifically permitted by the applicable Quest rules and procedures. don’t accept any EBT card for any purpose other than providing EBT benefits, including without limitation accepting an EBT card as security for repayment of any EBT recipient obligation to you. If you violate this requirement, you will be obligated to reimburse the state or us for any EBT benefits unlawfully received by either you or an EBT recipient to the extent permitted by law. don’t dispense cash for FNS, SNAP and WIC Benefits. don’t disclose individually identifiable information relating to an EBT recipient or applicant for EBT benefits without prior written approval of the applicable state. don’t use the marks of any EBT service provider without prior written approval from such EBT service provider. don’t indicate that we, any state, or its EBT service provider endorse your goods or services. don’t require, or in your advertising suggest, that any EBT recipient must purchase goods or services from you as a condition to receiving cash benefits, unless such condition applies to other customers as well. You must take sole responsibility for the provision of any EBT benefits other than in accordance with authorizations received from the EBT service provider. If an authorized terminal is not working or the EBT system is not available: DO’S do manually accept EBT cards and manually provide EBT benefits in the amount authorized through the applicable EBT service provider to the EBT recipients at no cost to the EBT recipients upon presentation by an EBT recipient of their EBT card. do obtain an authorization number for the amount of the purchase from the applicable EBT service provider while the respective EBT recipient is present and before you provide the EBT recipient with any FNS, SNAP and WIC benefits, or cash benefits, as applicable. do properly and legibly enter the specified EBT recipient, clerk and sales information, including the telephone authorization number, on the manual sales draft. do clear all manual vouchers authorizations on your point of sale terminal within 14 days after the date of applicable voice authorization. If a voucher expires before it has been cleared by your terminal for payment, no further action can be taken to obtain payment for the voucher. DON’TS don’t attempt to voice authorize a manual EBT transaction if the EBT recipient is not present to sign the voucher. The EBT recipient must sign the voucher. You must give a copy of the voucher to the EBT recipient at the time of authorization and retain one copy for your records. don’t re-submit a manual sales draft for payment for a transaction if you have not received an authorization number. don’t mail vouchers requesting payment. You must take sole responsibility for (and you will not be reimbursed in respect of) a manual transaction if you fail to obtain an authorization number from the applicable • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • GenCP-WF-2602_PG_02.28.23 9 Third party authorization systems Third party authorization systems If you have contracted to use one of our authorization services, you must not use another third party authorization system without notifying Customer Service. Otherwise, we will be unable to successfully research and defend any authorization related chargebacks on your behalf. This delay will significantly decrease your time to research and provide proof of authorization, thus reducing your opportunity to reverse a chargeback. If you use another authorization network: you will be responsible for the downgrade of any transactions to a higher cost interchange that result from any mismatch of information to our systems and those of third party authorization networks. liability resulting from discrepancies with that network must be resolved between you and that network. We will not research chargebacks resulting from authorization approval codes obtained from another authorization service organization. Such chargebacks will be passed through to you for resolution. If an authorization provided by a third party authorization system is challenged in a chargeback, you must obtain proof (for example, third party authorization logs) from the authorization source and submit it to us within the time frame specified on the chargeback documentation. Call the following for other card types, each of which is available 24 hours/day; 7 days/week: You must enter manually all approved sales that have been authorized in this manner as “post authorization” transactions into the terminal, once the terminal becomes operational. You must enter all credit transactions into the terminal for data capture. If you receive a referral and subsequently receive an approval, you may be subject to a chargeback. For specific procedures on electronic data capture, refer to the Terminal Operating Instructions/Users Guide. If the terminal malfunctions for more than 24 hours, contact Customer Service for further instructions on processing your transactions. Automated dispensing machines You must produce records for all transactions originating with automated dispensing machines or limited amount terminals. Such records must include the last four digits of the cardholder account number, merchant’s name, terminal location, transaction date, identification of transaction currency, transaction type (purchase), authorization code, and amount. For Discover Network transactions, please refer to Appendix 3 for instructions on how to cancel an authorization. For PayPal transactions, please refer to Appendix 4 instructions on how to cancel an authorization. Partial authorization and authorization reversal Partial authorization provides an alternative to a declined transaction by permitting a card issuing bank to return an authorization approval for a partial amount. This amount is less than the transaction amount requested because the available card balance is not sufficient to approve the transaction in full. The cardholder is able to use the funds remaining on the card to pay for a portion of the purchase and select another form of payment (in other words, another payment card, cash, check) for the remaining balance of the transaction. for Mastercard transactions, partial authorization is optional for batch authorized e- commerce transactions, mail order, telephone order transactions and recurring payment transactions. for Discover transactions, partial authorization support is optional for Card Not Present transactions. If you support partial authorizations, a partial authorization indicator must be included in each authorization request. You must submit an authorization reversal if the authorization is no longer needed, a partial amount of the total authorized is submitted for the settled transaction, or the cardholder elects not to complete the purchase. The transaction sent for settlement must be no more than the amount approved in the partial authorization response. If you wish to support partial authorization functionality, you must contact Customer Service for additional rules and requirements. 11. Special Types of Transactions Payment by installments If a cardholder makes a deposit toward the full amount of the sale price and pays the balance on delivery, please follow the procedures set out in this section. DO’S do execute two separate sales drafts and obtain an authorization for each sales draft on each transaction date; do indicate on each sales draft: whether it is for the deposit or the balance of payment; and the authorization date and approval code. do submit and seek authorization of each delayed delivery transaction under the same merchant identification number and treat deposits on the card no differently than you treat deposits on all other payment products. do complete Address Verification for each “balance” authorization. do obtain proof of delivery upon delivery of the services/merchandise purchased. DON’TS don’t submit sales data to us relating to the “balance” until the goods have been completely delivered or the services fully provided. • • • • – – • • • • 1-800-842-0071WEX 1-800-987-6589Voyager 1-800-366-5010TeleCheck 1-800-522-9345JCB, International (For YEN and CAD currency only) 1-800-528-2121American Express Direct • • Part II This part of Your Payments Acceptance Guide reviews essential elements of a transaction, including authorizations, issuing refunds and exchanges, and handling special transactions like recurring payments. You’ll also find information about chargebacks and processes to put in place to avoid chargebacks. Feel free to contact Customer Service with any questions that arise as you review this information. 10. Authorizations General You must obtain an authorization approval code from us for all transactions. A positive authorization response remains valid for the timeframe set out in section 20. An authorization approval code only indicates the availability of funds on an account at the time the authorization is requested. It does not indicate that the person presenting the card is the rightful cardholder, nor is it a promise or guarantee that you will not be subject to a chargeback or adjustment. You must not attempt to obtain an authorization approval code from anyone other than us, unless we have authorized you to use a third party authorization system as set out in section 10. An authorization approval code from any other source may not be valid. If you use Address Verification Services (AVS), you must review the AVS response separately from the authorization response and make your own decision about whether to accept the transaction. A transaction may receive an authorization approval code from the card issuing bank even if AVS is unavailable or reflects that the address provided to you does not match the billing address on file at the card issuing bank. If you receive a referral response to an attempted authorization, for American Express transactions you must not: submit the transaction without calling for and receiving a voice authorization; and attempt another authorization on the same card through your POS device. You must not attempt to obtain multiple authorizations for a single transaction. If a sale is declined, do not take alternative measures with the same card to obtain an approval of the sale from other authorization sources. Instead, request another form of payment. If you fail to obtain an authorization approval code or if you submit a card transaction after receiving a decline (even if a subsequent authorization attempt results in an authorization approval code), your transaction may result in a chargeback and it may be assessed fines or fees by the payments organizations for which you will be responsible. Fees currently range from $25 to $150 per transaction. You will be charged for a request for an authorization approval code (where applicable), whether or not the transaction is approved. For card present transactions, it is highly recommended that you use your electronic authorization device to swipe (magnetic stripe), tap/wave (contactless) or insert (chip) cards. Card Not Present transactions It is highly recommended that you obtain the three digit card verification code on the back of the card (or the four digit verification code on the front of American Express cards) and that you include this code with each card not present authorization request unless the transaction is a recurring transaction. For recurring transactions, submit the card verification code only with the first authorization request and not with subsequent authorization requests. For American Express Card Not Present transactions, please also refer to Appendix 2. For Discover Network Card Not Present transactions, please also refer to Appendix 3. PayPal and Alipay do not allow Card Not Present transactions. Authorization via telephone (other than terminal/electronic device users) You must call your designated Voice Authorization Toll Free Number and enter the authorization information into the VRU using a touch tone phone or hold for an authorization representative. If the Voice Authorization Center asks you to obtain identification from the cardholder before issuing an approval code, you must clearly write the appropriate identification source and numbers in the space provided on the sales draft. If the Voice Authorization Center asks you to confiscate a card, do not take any action that will alarm or embarrass the card presenter, and send the card to Rewards Department, P.O. Box 5019, Hagerstown, MD 21740. You may be paid a reward for the return of the card If the sale return of the card. is declined, please remember that our operators are only relaying a message from the card issuing bank. The fact that a sale has been declined must not be interpreted as a reflection of the cardholder’s creditworthiness. You must instruct the cardholder to call the card issuing bank. Authorization via electronic devices If you use an electronic terminal to obtain authorization approval codes, you must obtain the authorization approval codes for all sales through this equipment. If your terminal malfunctions, please refer to your Quick Reference Guide or call the POS Help Desk. Please remember to check your terminal periodically because most terminal problems are temporary in nature and are quickly corrected. If a terminal is moved or if wires are disconnected, causing malfunction, call the POS Help Desk immediately and follow their instructions. You may be responsible for any service charges incurred for reactivation of the terminal. Until the terminal becomes operable, you must call your designated Voice Authorization Toll Free Number and enter authorization information into the VRU using a touchtone phone. • • • • • • • • • • • • – – • • • • • • GenCP-WF-2602_PG_02.28.23 10 If the recurring transaction is renewed, you must obtain from the cardholder a newIf delivery occurs after the timeframes set out in section 20, you must obtain a new If the recurring transaction is renewed, you must obtain from the cardholder a new written request for the continuation of such goods or services to be charged to the cardholder’s account. If you or we have terminated your right to accept cards, you must not submit authorization requests or sales data for recurring transactions that are due after the date of such termination. For American Express transactions please also see Appendix 2. Stored payment credential transactions If you store information (including, but not limited to, an account number or payment token) to process future purchases on behalf of the cardholder, follow the procedures set out in this section. DO’S do include the appropriate data values: when a payment credential is being stored for the first time, is used to initiate a stored credential transaction, or is used to identify an unscheduled credentials on file transaction. do submit a valid authorization if an amount is due at the time the payment credential is being stored. do submit an authorization verification if no payment is due at the time the payment credential is being stored. DON’TS don’t store a payment credential if either the first payment transaction or account verification is declined. Card checks If you accept card checks, you must treat checks from all the payment organizations that you accept equally (for example, if you accept Mastercard and American Express, your check acceptance policy must treat checks for both of these payment organizations equally). You should handle these card checks like any other personal check drawn upon a bank in the United States. 12. Sales Drafts DO’S do prepare a sales draft for each transaction and provide a copy of the sales draft or transaction receipt to the cardholder at the time the card transaction is completed. An exception is eligible transactions participating in any of the ‘No Signature Required’ programs. do only collect transaction data provided directly to you by the cardholder. do include all of the following information on a single page document constituting the sales draft: the cardholder’s account number; cardholder’s signature, unless you participate in any of the ‘No Signature Required’ programs. Note: For the No Signature Required Programs, Visa, Mastercard, Discover, and American Express do not require you to obtain signatures at the point-of-sale for credit and/or debit transactions unless required by local and/or state law; date of the transaction; the total amount of the transaction, including any taxes to be collected, in the approved currency of the sale; description of the goods or services involved in the transaction—if there are too many items, combine them into one description; (for example, “clothing”) to ensure that all information is contained on a single page; description of your merchandise return and credit/refund policy; a valid authorization code; Merchant’s Doing Business As (“D/B/A”) name and location (city and state required) and merchant identification number. The merchant identification number is optional but if provided for Discover, include only the last four digits; and DON’TS don’t include the card expiration date or any more than the last four digits of the card number in the copy of the sales draft which you provide to the cardholder. when imprinting sales drafts, you must not alter the cardholder account number, circle or underline any information on the sales draft or alter a sales draft in any way after the transaction has been completed and signed. Stray marks and other alterations on a sales draft may result in it becoming unreadable or illegible. If you are EMV enabled you may elect to participate in the No Signature Required programs. For the No Signature Required Programs, you are not required to: provide a transaction receipt, unless requested by the cardholder; or obtain the cardholder’s signature provided that you transmit the full track data/full chip card data in the authorization request regardless of the sale amount. 13. Refunds DO’S do provide clear instructions to your customers regarding returns, including the following: customer service telephone number; reference number for the return; expected processing time for the credit; return address, preferably on a pre-formatted shipping label (if applicable).– – – – • • • • • – – – – – – – – • • • • • • – – – • If delivery occurs after the timeframes set out in section 20, you must obtain a new authorization for the unprocessed portion of the transaction prior to delivery. If the transaction is declined, contact the cardholder and request another form of payment. For example: On January 1, a cardholder orders $2,200 worth of furniture and you receive an authorization for the full amount; however, only a $200 deposit is processed leaving a $2,000 balance remaining on the furniture. An authorization reversal must be processed for$2,000. When the goods are available to ship, the $2,000 transaction balance must be reauthorized. Advance payment charges If you permit or require cardholders to make advance payment charges for the following types of goods or services, please follow the procedures set out in this section: custom orders (for example, orders for goods to be manufactured to a customer’s specifications); ticketing for events or entertainment (for example, sporting events, or concerts); tuition, room, board, and other mandatory fees (for example, library or other students services fees at universities); tickets for airlines, rail lines, cruise lines, lodging, and other travel-related services (for example, tours or guided expeditions); and vehicle rentals; or in store merchandise not immediately available (for example, merchandise pre- purchased for an upcoming sale event or merchandise on layaway) For all advance payment transactions: do state your full cancellation and refund policies; do clearly disclose your intention to receive advance payment; before you request an authorization, do obtain written consent from the cardholder to bill the card for an advance payment charge; The cardholder’s consent must include (1) a detailed description of the goods or services to be provided, and (2) his or her agreement to all of the terms of the sale (including price, any cancellation or refund policies), and the expected delivery date of the goods or services; do obtain an authorization approval; do complete a sales draft: and if you cannot deliver the goods or services (for example, because custom-ordered merchandise cannot be fulfilled) and cannot make other arrangements, do immediately issue a credit for the full amount of the advance payment charge. For Card Not Present transactions involving an advance payment: do ensure that the sales draft contains the words “Advance Payment,”; and within 24 hours of the advance charge being authorized, do provide the cardholder with written confirmation (for example, by email or facsimile) that advance payment charge has been made, the written confirmation must include (1) a detailed description of the goods or services to be provided; (2) the amount of the charge; (3) the confirmation number (if applicable); (4) the details of any cancellation or refund policies; and (5) the expected delivery date of the goods or services. Recurring transactions If you process recurring transactions and charge a cardholder’s account periodically for recurring goods or services (for example, yearly subscriptions and annual membership fees, etc.), please follow the procedures set out in this section. DO’S do obtain cardholder approval for such goods or services to be charged on an ongoing basis to the cardholder’s account. Approval must at least specify: the cardholder’s name, address, account number and expiration date, the transaction amounts, the timing or frequency of recurring charges, the duration of time for which the cardholder’s approval is granted, and for Discover Network and PayPal transactions, the total amount of recurring charges to be billed to the cardholder’s account, (including taxes and tips) and your merchant identification number, do obtain an authorization for each transaction. do include the recurring payment indicator in each authorization request, and as applicable, each batch submission entry. do indicate on the sales draft “Recurring Transaction” (or “P.O.” for Mastercard transactions) for Discover Network and PayPal recurring transactions, do include a toll-free customer service number that the cardholder can call to cancel his/her approval for the recurring transaction or to obtain other assistance relating to the recurring transaction. don't store a payment credential if either the first payment transaction or account verification is declined. DON’TS don’t include partial payments for goods or services purchased in a single transaction. don’t impose a finance charge in connection with the recurring transaction or preauthorized order. don’t complete a recurring transaction after receiving a cancellation notice from the cardholder or card issuing bank or after a request for authorization has been denied. It is highly recommended that you obtain the three digit card verification code on the back of the card (or the four digit verification code on the front of American Express cards), include the number with the first authorization request. This is not required for subsequent authorization requests. A positive authorization response for one recurring transaction is not a guarantee that any future recurring transaction authorization request will be approved or paid. • • • • • • • • – – – – • • • • • • • • • • • • • • • GenCP-WF-2602_PG_02.28.23 11 within the time frame set out in the notification.do document your cancellation policy and terms and conditions on the contract the• within the time frame set out in the notification. Upon receipt of a transaction documentation request, you must immediately retrieve the requested sales draft(s) using the following guidelines: make a legible copy, centered on 8-1/2 x 11-inch paper (only 1 sales draft per page); write the ‘case number’ from the request for transaction documentation on each copy/page; if applicable, make copies of a hotel folio, car rental agreement, mail/phone /Internet order form, or other form of receipt; if a credit transaction has been processed, make a copy of the credit draft; letters are not acceptable substitutes for sales drafts; fax or mail legible copies of the sales draft(s) and credit drafts, if applicable, to the fax number or mail address provided on the request form; if you fax your response, please (i) set your fax machine to print your fax number and name on the documents that you send, and (ii) set the scan resolution on your fax machine to the highest setting. We can use this information to help determine where the documentation received originated from if additional research is required, and the higher resolution setting improves the clarity of characters and graphics on the documentation transmitted and helps reduce the number of illegible fulfillments and chargebacks. We strongly recommend that you also include a detailed rebuttal letter along with all pertinent documents when responding to a transaction request or a chargeback notification (for example, rental agreement, the portion signed by the cardholder; and the area where the authorization codes, with amounts and dates, are located). If the information you provide is both timely and, in our sole discretion, sufficient to warrant a re-presentment of the transaction or reversal of the chargeback, we will do so on your behalf. However, a re-presentment or reversal is ultimately contingent upon the card issuing bank and /or cardholder accepting the transaction under applicable payment organization guidelines. Re-presentment or reversal is not a guarantee that the chargeback has been resolved in your favor. If we do not receive a clear, legible and complete copy of the transaction documentation within the timeframe specified on the request, you may be subject to a chargeback for “non-receipt” for which there is no recourse. If you do not dispute the chargeback within the time limits set by the payments organization rules and regulations, you will forfeit your reversal rights. Our only alternative, which is available for Visa and Mastercard transactions only, is to attempt a “good faith collection” to the card issuing bank on your behalf for non- fraud chargeback reason codes. This process can take up to 6 months and must meet the card issuing bank’s criteria (for example, at or above a set dollar amount). Good faith collection attempts are not a guarantee that any funds will be collected on your behalf. Card issuing banks normally charge good faith collection fees, which are deducted from the transaction amount if accepted in addition to any processing fees that are charged by us. The card issuing bank may charge a handling fee which will be debited from your settlement account or settlement funds if a transaction documentation request results from a discrepancy between the sales draft and the transmitted record regarding any of the following: the name of your business; the city, state, or country listed for your business; the transaction date. Visa: If we reverse the chargeback and re-present the transaction to the card issuing bank, the card issuing bank, at its sole discretion, may elect to submit the matter for arbitration before Visa. Visa currently charges a $250 filing fee and a $250 review fee. Whether or not a decision is made in your favor, you will be responsible for all such fees and charges and any other applicable fees and charges imposed by Visa. Such fees and charges will be debited from your settlement account or settlement funds, in addition to the chargeback. STAR®: If we reverse the chargeback and re-present the transaction to the card issuing bank, the card issuing bank, at its sole discretion, may elect to submit the matter for arbitration before STAR. Whether or not a decision is made in your favor, you will be responsible for all fees and charges relating to that arbitration and any other applicable fees and charges imposed by STAR. Such fees and charges will be debited from your settlement account or settlement funds, in addition to the chargeback. Mastercard: If we reverse the chargeback and re-present the transaction to the card issuing bank, the card issuing bank, at its sole discretion, may elect to resubmit the chargeback. In such event, at our discretion, we will debit your settlement account or settlement funds for the chargeback. However, if you feel strongly that it is an invalid chargeback, we may, on your behalf and at your request, submit the matter for arbitration before Mastercard. Mastercard currently charges a $150 filing fee and a $250 review fee. Whether or not a decision is made in your favor, you will be responsible for all such fees and charges, and any other charges imposed by Mastercard. Such fees and charges will be debited from your settlement account or settlement funds, in addition to the chargeback. Discover Network: If Discover Network rejects our re-presentment request and you feel strongly that the chargeback is invalid, we may, at our discretion and on your behalf and at your request, submit the matter for dispute arbitration before Discover Network. Discover Network charges Acquirers fees for re-presentment requests and matters submitted to Discover Network for arbitration We, In turn, may charge you fees for these items. PayPal: If PayPal rejects our re-presentment request and you feel strongly that the chargeback is invalid, we may, at our discretion and on your behalf and at your request, submit the matter for dispute arbitration before PayPal. PayPal charges Acquirers fees for re-presentment requests and matters submitted to PayPal for arbitration. We, in turn may charge you fees for these items. • • • • • • • • • • do document your cancellation policy and terms and conditions on the contract the cardholder signs, or on your website, as applicable. do create a credit draft containing the following information for every refund: the account number; the cardholder’s name; your name, city, state and merchant identification number. Merchant identification number is optional but if provided for Discover only include the last 4 digits transaction type; a description of the goods or services; the transaction date of the credit; the total amount of the credit; and for Discover Network transactions, the approved currency used and the signature of your authorized representative or employee. for PayPal transactions, the approved currency used and the signature of your authorized representative or employee. do submit all credit drafts to us within the timeframes set out in section 20; do submit each credit under the establishment where the credit originated; do provide full refunds for the exact dollar amount of the original transaction including tax, handling charges, Surcharges and so on and in no circumstances provide a refund amount for more than the original card sale amount; For partial refunds relating to Surcharge transactions, the Surcharge amount must be pro-rated do write clearly all amounts and other handwritten information - stray marks on the credit draft will render it illegible. do ensure that the cardholder signs the credit draft, give the cardholder the appropriate copy, and deposit the credit draft immediately. do include the last 4 digits of the merchant identification number for Discover transactions. DON’TS don’t circle or underline any information on the credit draft. don’t credit an account that differs from the account used for the original transaction. don’t include the card expiration date or any more than the last four digits of the card number in the copy of the credit draft which you provide to the cardholder. don’t give cash, check credit refunds or other consideration for card sales, with the exception of the following type of Visa transactions only: Visa Easy Payment Service Transaction or if EMV enabled and participating in Visa's 'No Signature Required’ program); the recipient of the gift is not the cardholder; or Visa prepaid card transaction if the cardholder states that the Visa prepaid card has been discarded. don’t intentionally submit a sale and an offsetting credit at a later date solely for the purpose of debiting and crediting your own or a customer’s account; don’t process a credit transaction after a chargeback has been received. Your website must communicate your refund policy to your customers and require your customers to select a “click-to-accept” or other affirmative button to acknowledge the policy. The terms and conditions of the purchase must be displayed on the same screen view as the checkout screen that presents the total purchase amount, or within the sequence of website pages the cardholder accesses during the checkout process. For American Express transactions, please also refer to Appendix 2. 14. Exchanges For an even exchange, no additional paperwork is necessary and you may simply follow your standard company policy. For an uneven exchange, you must complete a credit draft, and follow the procedures outlined in section 12 for the total amount of the goods returned. The cardholder’s account will be credited for that amount. Then, complete a new sales draft for the total amount of any new goods purchased. 15. Chargebacks, Retrievals and Other Debits Chargebacks Both the cardholder and the card issuing bank have the right to question or dispute a transaction. If such questions or disputes are not resolved, a chargeback may occur. You are responsible for all chargebacks, our chargeback fees and related costs arising from your transactions. As a result, we will debit your settlement account or settlement funds for the amount of each chargeback. Due to the short time frames and the supporting documentation necessary to successfully (and permanently) reverse a chargeback in your favor, we strongly recommend that: you adhere to the guidelines and procedures outlined in this guide; if you do receive a chargeback, investigate, and if you dispute the chargeback, submit the appropriate documentation within the required time frame; whenever possible, contact the cardholder directly to resolve the dispute (except with respect to a Discover Network cardholder with whom direct contact regarding the dispute is prohibited by Discover Network Card Organization Rules); and if you have any questions, call Customer Service. You must not process a credit transaction once a chargeback is received, even with cardholder authorization, as the credits may not be recoverable and you may be financially responsible for the credit as well as the chargeback. Instead, the card issuing bank will credit the cardholder’s account. Chargeback process If the card issuing bank submits a chargeback, we will send you a chargeback notification, which may also include a request for transaction documentation. Due to the short time requirements imposed by the payments organizations, it is important that you respond to a chargeback notification and transaction documentation request • • • • • • – – – • • • • • • • • • • – – – – – – – – • • ® GenCP-WF-2602_PG_02.28.23 12 Recommendations to reduce the risk of chargeback Card Present American Express: You may request a chargeback reversal if the chargeback was Recommendations to reduce the risk of chargeback Card Present Transactions: obtain an authorization for all transactions. for recurring transactions ensure customers are fully aware of the conditions: cancel recurring transactions as soon as notification is received from the cardholder or as a chargeback, and issue the appropriate credit as needed to the cardholder in a timely manner; and notify the cardholder within 10 days (domestic) and 15 days (international) in advance of each billing, allowing the cardholder time to cancel the transaction. American Express customers have the option to receive written notification of the recurring transaction at least (10) days prior to submitting, or any time the charge amount exceeds a maximum amount that has been set by the cardholder. if you are utilizing an electronic device to capture card data, swipe, dip or wave all card transactions through your electronic authorization device to capture cardholder information. When applicable, ensure the displayed cardholder number matches the number on the card. You should avoid keying the card data into your electronic authorization device unless you are unable to capture the card data through one of the above methods. If you do key the card data into your electronic authorization device, it is highly recommended that you also key in the three or four digit verification code. If you are not participating in the No Signature program: Obtain the cardholder signature for all transactions; ensure the signature on the sales draft matches the signature on the back of the card. Process all transactions one time and do not batch out transactions multiple times. Educate staff on procedures to eliminate point of sale (POS) fraud. Card Not Present Transactions: Ensure delivery of the merchandise or services ordered to the cardholder. Participate in recommended fraud mitigation tools: Verified by Visa Program Mastercard SecureCode Address Verification Services (AVS) Use of card verification code NOTE: While transactions utilizing these tools may still be disputed, the service may assist you with your decision to accept certain cards for payment. ensure you ship to the AVS confirmed address (bill to and ship to must match). obtain authorization for all transactions. ensure merchant descriptor matches the name of the business and is displayed correctly on the cardholder statement. ensure descriptor includes correct business address and a valid customer service number. please refer to Appendix 2 for American Express fraud mitigation tools. Chargebacks due to cardholder disputes Description Goods or services not received by the cardholder, Merchandise defective or not as described. Likely scenario Services were not provided or merchandise was not received by the cardholder. Cardholder was charged prior to merchandise being shipped or merchandise was not received by agreed upon delivery date or location. Cardholder received merchandise that was defective, damaged, or unsuited for the purpose sold, or did not match the description on the transaction documentation/verbal description presented at the time of purchase. Cardholder paid with an alternate means and their card was also billed for the same transaction. Cardholder canceled service or merchandise and their card was billed. Cardholder billed for a transaction that was not part of the original transaction document. Cardholder claims to have been sold counterfeit goods. Cardholder claims the merchant misrepresented the terms of sale. Recommendations to reduce such risk of chargeback provide Services or Merchandise as agreed upon and described to the cardholder; clearly indicate the expected delivery date on the sales receipt or invoice. contact the cardholder in writing if the merchandise or service cannot be provided or is delayed, and offer the cardholder the option to cancel if your internal policies allow. if the cardholder received defective merchandise or the merchandise received was not as described; resolve the issue with the cardholder at first contact. if the merchandise is being picked up by the cardholder, have them sign for the merchandise after inspecting that it was received in good condition. do not charge the cardholder until the merchandise has been shipped, according to the agreed upon terms, and a signed Proof of Delivery from the cardholder is obtained. if unable to provide services or merchandise, issue a credit to the cardholder in a timely manner. accept only one form of payment per transaction. Ensure the cardholder is only billed once per transaction. do not bill cardholder for loss, theft or damages unless authorized by the cardholder. ensure that a description of the service or merchandise provided is clearly defined. Chargebacks due to processing errors Description Error was made when transaction was processed or it was billed incorrectly. Likely scenario the transaction was not deposited within the payments organization specified timeframe. • • • • • • • • • • • • • • • • • • • • • • • – – – – • • • • • • • – – – • • American Express: You may request a chargeback reversal if the chargeback was applied in error, provided that (i) you have responded to the original inquiry within the specified timeframe set out in your dispute notification, and (ii) you have provided all supporting documentation to substantiate the error. Alipay: Refer to appendix 5. Chargeback reasons The following section outlines the most common types of chargebacks. This list is not exhaustive. Within each group, we have included recommendations on how to reduce the risk of chargebacks. These are recommendations only, and do not guarantee that you will eliminate chargebacks. Chargebacks due to authorization Description Proper authorization procedures were not followed and valid authorization was not obtained. Likely scenario authorization not obtained. authorization was declined. transaction processed with an expired card and authorization was not obtained. transaction processed with an invalid account number and authorization was not obtained. Card Recovery Bulletin (CRB) or Exception File was not checked (transactions below floor limit). Recommendations to reduce risk of chargeback obtain valid authorization on the day of the transaction. if you receive the following responses: decline - request another form of payment from the cardholder; referral - follow the voice procedures to obtain a valid authorization; “Pick-up” - this means that the card issuing bank is asking for the card to be returned you must not accept the card for payment and, in addition, you may retain the card and send it to us so that we can arrange for its return to the card issuing bank. you must not exceed any predetermined thresholds for specific POS device types as specified by each payments organization. you must ship goods within the timeframe set out in section 20, after you have obtained authorization. Chargebacks due to cancellation and returns Description Credit was not processed properly or the cardholder has canceled or returned items. Likely scenario Cardholder received damaged or defective merchandise. Cardholder continued to be billed for canceled recurring transaction. Credit transaction was not processed. Recommendations to reduce risk of chargeback issue credit to the cardholder on the same account as the purchase in a timely manner. do not issue credit to the cardholder in the form of cash, check or in-store /merchandise credit as we may not be able to recoup your funds if the transaction is charged back. for recurring transactions ensure customers are fully aware of the conditions: cancel recurring transactions as soon as notification is received from the cardholder or as a chargeback, and issue the appropriate credit as needed to the cardholder in a timely manner; and notify the cardholder within 10 days (domestic) and 15 days (international) in advance of each billing, to allow the cardholder time to cancel the transaction. provide proper disclosure of your refund policy for returned/canceled merchandise, or services to the cardholder at the time of transaction. Card present, cardholder signed the sales draft containing disclosure. if applicable, the words “NO EXCHANGE, NO REFUND,” etc. must be clearly printed in 1/4-inch lettering on the sales draft: Ecommerce, provide disclosure on your website on the same page as check out. Require the cardholder to click to accept prior to completion. Card Not Present, provide the cancellation policy at the time of the transaction. for any Travel & Entertainment (T&E) transaction, provide cancellation numbers to cardholders when the services are canceled. ensure delivery of the merchandise or services ordered to the cardholder. participate in recommended fraud mitigation tools. Chargebacks due to fraud Description Transactions that the cardholder claims are unauthorized; the account number is no longer in use or is fictitious, or the merchant was identified as “high risk.” NOTE: For Visa transactions, to ensure that you preserve your chargeback rights, you must: complete a retrieval request and provide a sales slip that contains all required data elements; and respond to all retrieval requests with a clear legible copy of the transaction document that contains all required data elements within the specified timeframe. Likely scenario multiple transactions were completed with a single card without the cardholder’s permission. a counterfeit card was used and proper acceptance procedures were not followed. authorization was obtained; however, full track data was not transmitted. the cardholder states that they did not authorize or participate in the transaction.• • • • • • • • • – – • • – – • • • • • • • • – – – – • • • • • • • GenCP-WF-2602_PG_02.28.23 13 have “valid from” (effective) and “valid thru” (expiration) dates consistent with the•the cardholder was issued a credit draft. However, the transaction was processed• have “valid from” (effective) and “valid thru” (expiration) dates consistent with the sale date? We also recommend that you are vigilant for any cardholder who behaves as follows, specifically in relation to prepaid cards: frequently makes purchases and then returns the goods for cash; uses prepaid cards to purchase other prepaid cards; uses large numbers of prepaid cards to make purchases. Gift Cards, jewelry, video, stereo, computer and camera equipment, shoes and men’s clothing are typically fraud-prone because they can easily be resold. Also be suspicious of high dollar amounts and transactions with more than one fraud-prone item, (for example, two laptops, three gold chains, etc.). Part III In this part of the guide you’ll find helpful information about what to do if a card is left at your business, how long you must retain copies of records, how to return equipment and important transaction timeframes. This is also where you’ll find additional guidelines for specific industries including: Lodging Vending machines Travel & Entertainment Telecommunications Restaurants Petroleum If you’d like additional information about anything you’ve read in Your Payments Acceptance Guide, please contact Customer Service. 17. Lost/Recovered Cards If a card is left behind and remains unclaimed, you should call the appropriate payment organization’s Customer Service team via the number below and they will instruct you on how to handle it: 18. Retention of Records You must securely retain legible copies of all sales drafts and credit drafts or any other transaction records for the following periods: Mastercard,Visa, and STAR: 13 months from the transaction date. 5 years for healthcare sales drafts and credit drafts. Discover Network: the longer of (i) 365 days or (ii) the resolution of any pending or threatened disputes, claims, disagreements or litigation involving the card transaction. You must also keep images or other copies of sales drafts for no less than 3 years from the date of the Discover Network transaction. PayPal: the longer of (i) (A) 1 year from the transaction date, or (B) if the transaction date was subject to dispute, 2 years from the transaction date or (ii) the time period required by applicable law. American Express: 24 months from the date on which you submitted the sales draft or credit draft to us. You must provide all sales drafts and credit drafts or other transaction records requested by us within the shortest time limits established by payment organization rules. 19. Return of Equipment To return point of sale (POS) equipment that you do not own, you must call Customer Service for the address of the location to send the device. You must include the following information in the shipping box: your name, address and phone number; the name of the person to contact if there are any questions; your merchant identification number; and the serial number of the POS device (found on the underside of the POS device). You must return the POS device in a manner that can be tracked. 20. Timeframes Authorizations A positive (approved) authorization response remains valid for: seven (7) days for Mastercard electronic processed transactions; ten (10) days for Visa, Discover, and STAR electronic processed transactions subject to the following exception: thirty (30) days for Visa, Discover and PayPal, twenty (20) days for STAR for the following Industries: car rental; airline and passenger railway; lodging; other Travel & Entertainment (T&E) categories. seven (7) days for American Express electronic processed transaction subject to the following exception: thirty (30) days for the Travel & Entertainment (T&E) industries. Delayed deliveries If delivery is more than: 7 days (Mastercard, Visa, American Express, and STAR transactions); or 10 days (Discover Network and PayPal transactions);• • – • – – – – – • • • • • • 1-877-569-1113PayPal 1-800-992-3404AMEX 1-800-DISCOVER (1-800-347-2683) Discover 1-800-826-2181Mastercard 1-800-336-8472Visa • • • • • • • • • •the cardholder was issued a credit draft. However, the transaction was processed as a sale. the transaction was to be processed in a currency other than the currency used to settle the transaction. the account number or transaction amount used in the transaction was incorrectly entered. a single transaction was processed more than once to the cardholder’s account. the cardholder initially presented the card as payment for the transaction. However, the cardholder decided to use an alternate form of payment. a limited amount or self-service terminal transaction was processed for an amount over the pre-determined limit. Recommendations to reduce risk of chargeback process all transactions within the payments organization specified timeframes. ensure all transactions are processed accurately and only one time . if a transaction was processed more than once, immediately issue voids, transaction reversals or credits. ensure that credit transaction receipts are processed as credits and sale transaction receipts are processed as sales. ensure all transactions received a valid authorization approval code prior to processing the transaction. Also obtain a legible magnetic swipe, dipped, tapped or waved sales draft that is signed. do not alter transaction documentation or make any adjustments unless the cardholder has been contacted and agrees to modifications of the transaction amount. ensure limited amount, self-service and automated fuel dispenser terminals are set properly to conform to the predetermined limits. Chargebacks due to non-receipt of information Description Failure to respond to a retrieval request or the cardholder does not recognize the transaction. Likely scenario the transaction documentation was not provided to fulfill the retrieval request. the retrieval request was fulfilled with an illegible sales draft or was an invalid fulfillment (incorrect sales draft or the sales draft did not contain required information that may include signature if you are not participating in the No Signature Required program). the cardholder does not recognize or is unfamiliar with the transaction due to the merchant name or location not matching the name or location where the transaction took place. Recommendations to reduce such risk of chargeback provide a clear and legible copy of the sales draft that contains all required data elements within the required timeframe that is specified on the retrieval request. ensure that the most recognizable merchant name, location and customer service phone number is provided on all transactions. retain copies of all transaction documentation for the required timeframe that is specified by each payments organization. develop efficient methods to retrieve transaction documentation to maximize ability to fulfill requests. 16. Suspect/Fraudulent Transactions If the card being presented or the behavior of the person presenting the card appears to be suspicious or you otherwise suspect fraud, you must immediately call the Voice Authorization Center and ask to speak to a Code 10 operator. Answer all their questions and follow their instructions. While not proof that a transaction is fraudulent, the following are some suggestions to assist you in preventing fraudulent transactions that could result in a chargeback: Does the cardholder: appear nervous/agitated/hurried? appear to be making indiscriminate purchases (for example, does not care how much an item costs, the size, etc.)? make purchases substantially greater than your usual customer (for example, your average transaction is $60, but this transaction is for $360)? insist on taking the merchandise immediately (for example, no matter how difficult it is to handle, is not interested in free delivery, alterations, etc.)? appear to be purchasing an unusual amount of expensive items or the same items? take an unusual amount of time to sign the sales draft, or look at the back of the card as he signs? take the card from a pocket instead of a wallet? repeatedly come back, in a short amount of time or right before closing time, to make additional purchases? cause an unusual, sudden increase in the number and average sales transactions over a one-to three-day period? tell you he has been having some problems with his card issuing bank and request that you call a number (that he provides) for a “special” handling or authorization? have a previous history of disputed charges? place orders to be shipped to an address other than the billing address, or use anonymous/free email domains? place orders sent to zip codes or countries where you show a history of fraudulent claims? Does the card: have characters the same size, height, style and all within alignment? appear to be re-embossed (the original numbers or letters may be detected on the back of the card)? have a damaged hologram? have a Magnetic Stripe on the back on the card?• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • GenCP-WF-2602_PG_02.28.23 14 and service charges; and (iv) other miscellaneous charges as dictated byAfter the initial authorization request, you must reverse the authorization for the• and service charges; and (iv) other miscellaneous charges as dictated by experience. if an authorization request is declined, no charges occurring after that date will be accepted for that cardholder. you do not need to obtain a final authorization if the total sum of charges (the final amount) does not exceed 20% of the previously authorized charges. You must record the dates, authorized amounts, and their respective authorization approval codes on the sales draft(s). Merchants operating vending machines For Mastercard, if you are operating vending machines under MCC 5499 (Miscellaneous Food Stores-Convenience Stores, Markets, Specialty Stores), you need not provide a receipt at the time a transaction is conducted. However, if a vending machine cannot provide a printed receipt, you must disclose and post instructions advising cardholders how a receipt may be obtained. Telecommunication service providers You must contact Customer Service for approval and further instructions, rules and requirements before conducting telecommunication transactions. Telecommunication card sales occur when a telephone service provider is paid directly using a card for individual local or long-distance telephone calls, with the exception that prepaid telephone service cards are not and do not give rise to telecommunication card sales. The petroleum industry For Visa, Mastercard, STAR, American Express, Discover, PayPal, and Alipay transactions, merchants operating in the petroleum industry that conduct card sales at Automated Fuel Dispensers (AFDs), may submit an authorization request for $1 to verify the validity of the card presented. Under such circumstances, you must submit an authorization advice message for the actual amount of the card sale within 60 minutes of completion of fuel delivery regardless of whether you previously received a partial authorization response or a positive authorization response for any other amount. If you do not complete the card sale following receipt of an approved authorization response for any amount, a request to cancel the authorization request must be submitted within 60 minutes of the completion of fuel delivery. APPENDICES APPENDIX 1 ADDITIONAL PROVISIONS FOR WEX AND VOYAGER WEX cards If you participate in the WEX Full Service program, the following terms and conditions will apply: DO’S do provide, at your own expense, all equipment necessary to permit the electronic acceptance of the WEX cards, including the operation and maintenance of the equipment, telecommunication link, and provision of all networking services. do include in any request for authorization the following information: WEX cardholder account number, vehicle number, card expiration date, driver identification number, the amount of the transaction, the date and time of the transaction, the quantity of goods sold, unit price, and product code (the “authorization Request Data”), an authorization number or other approval code from WEX for all manual WEX card sales (in other words, sales facilitated by a card imprinter). do ensure that the product detail of each transaction is accurate including: the type of goods sold, quantity of goods sold, unit price/price per gallon (if applicable), taxes, and any coupons presented. do ensure that the product detail outlined equals the total amount of the sale when calculated (in other words, product quantity x unit price must equal the product amount. The sum of all product amounts including taxes minus any coupons must equal the total transaction amount). do complete a WEX card sale only upon the receipt of an authorization approval message. do provide a copy of the receipt for a WEX card sales, upon the request of the cardholder, to the extent permitted by applicable law. The receipt must not include the full account number or driver identification number. do require the cardholder to sign a receipt when a WEX card sale is not completed by an island card reader. do take all commercially reasonable efforts to protect manual WEX card sales data from fraud or misuse. do securely maintain a record of all WEX card sales (including the authorization request data) for a period of one year. You must produce such records upon the reasonable request of WEX. do notify us of any errors contained in a settlement report within 45 days of receipt of such report. We will not accept reprocessing requests for WEX transactions older than 90 days. do allow WEX to audit records, upon reasonable advance notice, related to the WEX Full Service. do retransmit WEX card sales data when reasonably requested to do so. DON’TS Don’t submit a WEX card sale for processing unless a WEX card is presented at the time of the sale. • • • • • • • • • • – – – – – • – – – – – – – – • • • • After the initial authorization request, you must reverse the authorization for the unprocessed portion and obtain a new authorization for the remaining amount before delivery. Refunds You must submit all credit transactions to us within 5 days of determining that a credit is due. 21. Additional Provisions for Specific Industries Merchants in the lodging industry There are additional rules and requirements that apply to merchants in the lodging industry for practices including guaranteed reservations and charges for no shows, advance deposits, overbookings, and priority checkout. If you are a lodging merchant and wish to participate in the payment organization lodging services programs, please contact your sales representative or relationship manager for details and the appropriate payments organization requirements. You must provide the cardholder with written confirmation of a guaranteed reservation. The confirmation must contain: cardholder’s name as it appears on the card, if present; card number, truncated where required by applicable law to you or us and card expiration date if present, unless prohibited by applicable law to you or us; reservation confirmation number; anticipated arrival date and length of stay; the cancellation policy in its entirety, inclusive of the date and time the cancellation privileges expire; and any other pertinent details related to the reserved accommodations. If a cardholder requests a cancellation in accordance with your cancellation policy and specified time frames, you must provide the cardholder with a cancellation number and instructions to retain a record of it. If a cardholder requests a written confirmation of the cancellation, you must provide this confirmation to the cardholder within 3 business days of such request. For the purposes of this section, a “business day” means Monday through Friday, excluding Bank holidays. The cancellation confirmation must contain: the cardholder’s reference that charges were placed on the card, if applicable, or a guarantee that a “no-show” charge will not be placed on the card; the cardholder’s name as it appears on the card, if present; the card number, truncated as required by applicable law to you or us; the card expiration date, if present, unless prohibited by applicable law to you or us; the reservation cancellation number; the date of cancellation; the name of your employee that processed the cancellation; and any other pertinent information related to the reserved accommodations. Pre-authorization for Travel & Entertainment (T&E) and restaurant merchants If you are a business engaged in providing travel and entertainment services (for example, car rentals, hotels, motels, etc.) or a restaurant business, and engage in the practice of “pre-authorization” you must comply with the following general procedures: a hotel, motel, or car rental merchant may obtain an estimated authorization at the time of check-in. restaurants must not add an estimated tip amount to the authorization request beyond the value of the goods provided, or services rendered, plus any applicable tax. you must notify the cardholder of the dollar amount you intend to “Pre-Authorize”. if the customer decides to use another form of payment (for example, cash, check, etc.) you must promptly call the Voice authorization Response Unit to delete the authorization hold. Provide the cardholder’s account number, original dollar amount and date of the transaction, and the authorization code. If a new transaction takes place, a new signed sales draft for the exact amount and a new authorization code for that amount must be obtained. VEHICLE RENTAL PROVIDERS MAY NOT INCLUDE POTENTIAL VEHICLE DAMAGE OR INSURANCE DEDUCTIBLES IN ANY PREAUTHORIZATIONS. if you receive a decline on a transaction, you must wait 24 hours before attempting to reauthorize. If you reauthorize prior to this time frame and receive an approval, you may be subject to a chargeback and a fine imposed by the payments organizations. hotels, motels, and car rental merchants are allowed up to a 15% variance above the amount authorized. If the final amount charged to the cardholder exceeds the original estimate by more than 15% above the preauthorization, you must authorize any additional amounts, and all incremental authorization codes must be written in the authorization area along with the date of authorization and the amount authorized. pre-authorization for certain establishments services, are allowed up to a 20% (instead of 15%) variance above the amount authorized. If the final amount exceeds the amount “preauthorized” by more than 20%, you must authorize the additional amount. Estimating the authorization amount to include a tip is prohibited. The authorization request must include only the amount associated with the bill presented to your customer. you must obtain an authorization for the initial estimated charges and then monitor the charges to ensure that the actual charges made do not exceed the estimated charges. If the actual charges exceed the amount of the initial estimated authorization (and any subsequent estimated authorizations), then you must secure a positive authorization for the additional amount. Subsequent authorizations must only be for the additional amount of total charges, and must not include any amounts already authorized. the estimated amount of any pre-authorization for lodging accommodations must be based on (i) the intended length of stay; (ii) the room rate; (iii) applicable taxes • • • • • • • • • • • • • • • • • • • • • • • • • GenCP-WF-2602_PG_02.28.23 15 For additional guidelines on the use of the American Express marks, please contactDon’t accept a WEX card if an expired card / decline message is received.• For additional guidelines on the use of the American Express marks, please contact Customer Service. Treatment of American Express cardholder Information Any and all cardholder information is confidential and the sole property of the card issuing bank, American Express or its affiliates. Except as otherwise specified, you must not disclose cardholder Information, nor use nor store it, other than to facilitate transactions at your establishments in accordance with the terms on which you are authorized to accept American Express cards. Authorization for Card Not Present transactions If you process a Card Not Present transaction you must obtain the following information: the card number; the card expiration date; the cardholder’s name as it appears on the card; the cardholder’s billing address; and the delivery address if different from the billing address. In addition, for Internet transactions you must: use any separate merchant identification numbers (Seller ID) established for your Internet orders in all of your requests for authorization and Submission of charges; provide us with at least one (1) month’s prior written notice of any change in your Internet address; and comply with any additional requirements that American Express provides from time to time. American Express has the right to chargeback for any Card Not Present transaction that the cardholder denies making or authorizing. However, American Express will not chargeback for any Card Not Present transaction based solely upon a claim by a cardholder that he or she did not receive the disputed goods if you have: verified the address to which the goods were shipped was the cardholder’s full billing address; and provided proof of delivery signed by the cardholder or an authorized signer of the card indicating the delivery of the goods or services to the cardholder’s full billing address. American Express will not be liable for actual or alleged fraudulent transactions over the Internet and will have the right to chargeback for those charges. If a disputed transaction arises involving a card not present transaction that is an Internet electronic delivery transaction, American Express may exercise a chargeback for the full amount of the transaction and place you in any of its chargeback programs. Charge records (also known as ‘sales drafts’) For each transaction submitted: electronically - you must create an electronically reproducible charge record; and on paper - you must create a charge record containing all of the following required data: full card number and expiration date, and if available, cardholder name; the date the transaction was incurred; the amount of the transaction, which must be the total price for the purchase of goods and services (plus applicable taxes and gratuities) purchased on the card; the authorization approval; a clear description of the goods and services purchased by the cardholder; the words “No Refunds” if you have a no refund policy, and your return and cancellation policies; and the cardholder’s signature (if a Card Present transaction and you are not participating in the No Signature Program), or the words “telephone order,” “mail order,” “Internet Order,” or “signature on file,” as applicable (if a Card Not Present transaction). In the charge record (and a copy of the customer’s receipt) you must: include your return and cancellation policies; and mask truncated card number digits with replacement characters such as “x,” “*” or “#,” and not blank spaces or numbers. If the cardholder wants to use more than one card for payment of a purchase, you may create a separate charge record for each card used. However, if the cardholder is using a single card for payment of a purchase, you must not divide the purchase into more than one transaction, and you must not create more than one charge record. Refunds To issue a refund you must: compare the last four digits on the charge record against the card presented (when applicable); issue the credit in the currency in which the original transaction was submitted to us; and issue the credit to the card used to make the original purchase. If the credit is for the return of a gift by someone other than the cardholder who made the original purchase, you must apply your usual refund policy. If the cardholder indicates that the card on which the purchase was originally made is no longer active or available: for all cards except prepaid cards - advise the cardholder that you must issue the credit to that card; and if the cardholder has questions, advise him or her to call the customer service number on the back of the card in question; and for prepaid cards, do apply your usual refund policy for returns. In the credit draft delivered to the cardholder you must mask truncated card number digits with replacement characters such as “x,” “*” or “#,” and not blank spaces or numbers. Your refund policy for card transactions must be at least as favorable as your refund policy for purchases made with other payment products or other payment methods. • • • • • • • – – – – – – – • • • • • • • • • • • • Don’t accept a WEX card if an expired card / decline message is received. Don’t submit a WEX card sale for processing until the goods have been delivered or services performed. Don’t accept a WEX card if it appears to be invalid or expired or there is reasonable belief that the WEX card is counterfeit or stolen. Don’t divide the price of goods and services purchased in a single WEX card sale among two or more sales receipts. Don’t permit a WEX card sale when only partial payment is made by use of the WEX card and the balance is paid with another bank card. Don’t remove fuel tax at the point of sale is not permitted. For all payment system product codes that are taxable, the transaction dollar amount and price per gallon (PPG) must contain the sum of the fuel cost and PPG inclusive of all applicable Federal, State, County, Local and other fuel taxes. You acknowledge and agree that your sole remedies with respect to the WEX Full Acquiring services will be against us and not WEX, except to the extent that WEX knows of any fraud related to the WEX cards and fails to provide notice of such fraud or WEX commits fraud in respect to the WEX Full Acquiring Services. Voyager cards You must check Fleet Cards for any printed restrictions at the point of sale. You must establish a fair policy for the exchange and return of merchandise. You must promptly submit credits to us for any returns that are to be credited to a Voyager cardholder’s account. You must not give any cash refunds to any Voyager card holder in connection with a sale, unless required by law. In addition to the information set out in Section 12 (Sales Drafts), you must include the following information on a single page document constituting the sales draft for Voyager transactions: all authorization request data for Voyager card sales must include the following: Voyager cardholder account number, card expiration date, driver identification number; and the amount of the transaction, date and time of the transaction, quantity of goods sold, unit price, and product code (the “Authorization Request Data”). all manual Voyager card sales (in other words, sales facilitated by a card imprinter) must include: the Authorization Request Data, an authorization number or other approval code from Voyager, the type of goods sold, quantity of goods sold, unit price/price per gallon (if applicable), taxes, and any coupons presented within the product. the product detail outlined must equal the total amount of the sale when calculated, in other words: product quantity x unit price must equal product amount. the sum of all product amounts including taxes minus any coupons must equal the total transaction amount. You must not remove fuel tax at the point of sale. For all payment system product codes that are taxable, transaction dollar amount and price per gallon (PPG) must contain the sum of the fuel cost and PPG inclusive of all applicable Federal, State, County, Local and other fuel taxes. If there is an increase of 15% or more compared to the previous month in the number of Voyager transaction authorization calls that are not due to our or Voyager system outages, we may, at our discretion, deduct telephone charges from the settlement of your Voyager transactions. Fees will not exceed $0.25 per call. Settlement of Voyager transactions will generally occur by the fourth banking day after we process the applicable card transactions. We will reimburse you for the dollar amount of sales you submit for a given day, reduced by the amount of chargebacks, tax exemptions, discounts, credits, and the fees set out in the Agreement You must notify us of any errors contained with the settlement reports within 30 calendar days of receipt of such report. Neither we nor Voyager will be required to reimburse you for sales submitted more than 60 calendar days from the date of purchase. For daily transmission of sales data, you must securely maintain true and complete records for a period of not less than 36 months from the date of the generation of the data. You may store records on electronic media, if secure. You are responsible for the expense of retaining sales data records and sales drafts. APPENDIX 2 ADDITIONAL PROVISIONS FOR AMERICAN EXPRESS TRANSACTIONS For merchants participating in the American Express OptBlue Program, you should review the operating guide made available to you at www.americanexpress.com ./merchantopguide Treatment of the American Express marks Whenever payment methods are communicated to customers, or when customers ask what payments are accepted, you must indicate your acceptance of the American Express card and display the American Express marks (including any card application forms provided to you) as prominently and in the same manner as any other payment products. You must not use the American Express marks in any way that injures or diminishes the goodwill associated with the mark, nor (without our prior written consent) indicate that American Express endorses your goods or services. You must only use the American Express marks as permitted. You must cease using the American Express marks upon termination of your acceptance of American Express cards. – – • – – – – • – – – – – • • • • • • • • • • • • ® GenCP-WF-2602_PG_02.28.23 16 then take the cheque and fold up the bottom right-hand corner so that you canIf you issue a credit, American Express will not refund the discount or any other fees then take the cheque and fold up the bottom right-hand corner so that you can compare the original signature with the new one. if the signatures are not the same, or you have any questions regarding the validity of the cheque, call Customer Service. if you suspect that the travelers cheque may be fraudulent, verify that the cheque is authentic by: performing the smudge test. Turn the cheque over (non-signature side). Wipe a moistened finger across the denomination. on the right side of the cheque, the ink should not smudge. on the left side of the cheque, the ink should smudge. obtaining online Authorization at .www.americanexpress.com/verifyamextc You are not required to obtain authorization before accepting a travelers cheque. High CV Merchants You acknowledge that you will be converted from the American Express US Enhanced Acquisition Program to a direct card acceptance relationship with American Express if and when you become a ‘High CV Merchant’ in accordance with the American Express Card Organization Rules. As part of this acknowledgment you agree that upon conversion: (i) you will be bound by American Express’ then-current agreement for card acceptance; and (ii) American Express will set pricing and other fees payable by you for card acceptance. A “High CV Merchant” is a Program Merchant with Estimated Annual Charge Volume (ECV) of greater than (i) United States currency (USD) $1,000,000 in the United States excluding Puerto Rico and the U.S. Virgin Islands or (ii) USD $1,000,000 in Puerto Rico and the U.S. Virgin Islands. Where a Program Merchant Prospect has more than one Establishment, then the ECV of (i) all Establishments operated under the same tax identification number (TIN) in a region shall be aggregated or (ii) all Establishments operated under different TINs but as a unified business enterprise in a region shall be aggregated. For clarification purposes, a 'unified business enterprise' shall include Establishments that are owned, operated, or affiliated to a single business entity. Marketing opt-outs You agree that when providing your contact information to us that you may receive messages from American Express, including important information about American Express products, services, and resources available to your business. These messages may be sent to the mailing address, phone numbers, email addresses or fax numbers that you provide. If you provide a wireless phone number, you agree that you may be contacted at that number and the communications sent may include autodialed short message service (SMS or “text”) messages or automated or pre-recorded calls. If you provide a fax number, you agree that you may be sent fax communications. American Express may otherwise use and share your information for business purposes and as permitted by applicable law. American Express uses reasonable administrative, technical and physical security measures to protect your information consistent with the sensitivity of the information. You may opt out of newsletters or messages about products, services and resources for different forms of communications by contacting us, via inbound telephone, email, facsimile, website and any other means identified by us, or by exercising the opt-out options that may be described or offered in emails, SMS messages, faxes or other communications. If you opt out, you may still receive messages from American Express regarding services and programs designed to enhance the value of the American Express Network. Protecting American Express Card Member Information These merchant data security requirements apply to all of your equipment, systems, and networks on which encryption keys, cardholder data and/or sensitive authentication data are stored, processed, or transmitted. Standards for protection of cardholder data and sensitive authentication data You must, and you must ensure that all of your employees, agents, representatives, subcontractors, processors, service providers, providers of point-of-sale equipment or systems or payment processing solutions, and any other party to whom you may provide card member information access, will: store American Express cardholder data only to facilitate transactions for your acceptance of American Express cards; comply with the current version of the PCI DSS, no later than the effective date for implementing that version; and use, when deploying new or replacement PIN entry devices or payment applications (or both), only those that are PCI-approved. You must protect all charge records and credit records retained in accordance with these data security provisions. You must use these records only for purposes of your acceptance of American Express cards and you must safeguard the records accordingly. Data incidents If you discover a data incident, you must: notify us immediately and in no case later than 24 hours after such discovery; conduct a thorough forensic investigation of each data incident; this must be conducted by a PCI forensic investigator (PFI) if the data incident involves 10,000 or more unique card numbers (or otherwise at our request); promptly provide to us all compromised card numbers and the forensic investigation report of the data incident; work with us to rectify any issues arising from the data incident, including consulting with us about your communications to card members affected by the data incident and providing (and obtaining any waivers necessary to provide) to us all relevant information to verify your ability to prevent future data incidents; and at our request, provide validation by a qualified security assessor (QSA) that the deficiencies have been remediated. • • • • • • • • – – – – • • If you issue a credit, American Express will not refund the discount or any other fees or assessments previously applied on the corresponding transaction. The discount on chargebacks will not be refunded. Fraud mitigation tools American Express offers fraud mitigation tools for both Card Present and Card Not Present transactions to help verify that a transaction is valid. These tools help you mitigate the risk of fraud at the point of sale, but are not a guarantee that a transaction is in fact valid or bona fide, or that you will not be subject to a chargeback. For optimal use of the tools, please visit American Express’ Fraud Prevention Information at: .www.americanexpress.com/fraudinfo Recurring transactions For recurring transactions you must offer the cardholder the option to receive written notification for the recurring transaction(s) at least (10) ten days prior to submitting, or any time the transaction amount exceeds a maximum amount that has been set by the cardholder. You must clearly and conspicuously disclose all material terms of the option, including, if applicable, the fact that recurring billing will continue until the option is canceled by the cardholder. If the material terms of the option change after submission of the first recurring transaction, you must promptly notify the cardholder in writing of such change and obtain the cardholder’s express written consent to the new terms prior to submitting another recurring transaction. For recurring transactions you must: periodically verify with cardholders that their information (for example, card number, expiration date, billing address) is still accurate. This will improve the likelihood of obtaining an approval to an authorization request; retain evidence of consent to receive updated card account information from the card issuing bank for 24 months from the date you submit the last recurring transaction. ensure that your process for cancellation of recurring transactions is simple and expeditious; and within 24 hours of incurring the first recurring billing transaction, provide the cardholder written confirmation (for example, email or facsimile) of such transaction, including all material terms of the option and details of your cancellation/refund policy. If your recurring transaction amounts vary, you must offer the cardholder the right to receive written notification of the amount and date of each recurring transaction: at least ten (10) days before submitting each transaction; or whenever the amount of the transaction exceeds a maximum recurring transaction amount specified by the cardholder. For more information about processing prepaid cards: call the customer service number on the back of the card in question; or see American Express Card Organization Rules regarding “additional authorization requirements.” No Signature Required program You may participate in the No Signature Required program under which you are not required to request a signature from cardholders on the transaction record provided that: your business is classified in an industry that accepts in-person charges, with the exception of the following categories: Merchants who do not conduct in-person charges (in other words, Internet, mail order or telephone order). prohibited merchants or prohibited transactions (or both) as defined in American Express Card Organization Rules regarding “risk evaluation.” high-risk Merchants (for example, Internet electronic services or nightclubs /lounges) as defined in American Express Card Organization Rules regarding “high risk merchants. Merchants placed in our Fraud Full Recourse program. See American Express Card Organization Rules regarding “chargeback programs”. in relation to the transaction: the transaction amount must meet the threshold established in American Express’ country specific policy. the transaction must include the appropriate indicator to reflect that the card and the Cardholder were present at the point of sale. the transaction must include a valid approval. Under the American Express No Signature Required program, chargebacks will not be exercised for such charges based solely on your failure to obtain the cardholder’s signature at the point of sale. If a disproportionate number of disputed charges under the No Signature Required Program occur, you must cooperate to reduce the number of disputed charges. If such efforts fail, you may be placed in American Express chargeback programs, or your participation in the No Signature Required Program may be modified or terminated. Travelers cheques Travelers cheques are available in various denominations and currencies. The denominations in US dollars range from $20 to $1000. You must exercise caution when presented with a travelers cheque in a denomination of $500 or greater. The higher denominated travelers cheques are rarely sold, and so more likely to be counterfeit. To accept a travelers cheque, watch your customer countersign in the lower left corner of the travelers cheque, and compare the countersignature to the signature in the upper left corner of the travelers cheque. if the signature and countersignature are a reasonable match (they look alike, but may not be identical), you may accept the cheque and there is no need to obtain any identification. if you suspect that the countersignature may be false, or you did not watch the customer countersign, ask your customer to turn the cheque over and sign again across the left-hand side (in the same manner one typically endorses a check); • • – – – • – – – • • • • • • • • • GenCP-WF-2602_PG_02.28.23 17 Step 3 - Send the validation documentation to ParticipantForensic investigation reports must: Step 3 - Send the validation documentation to Participant Compliance and validation are completed at your expense. By submitting validation documentation to us, you represent and warrant to us that you are authorized to disclose the information contained in it and are providing the validation documentation without violating any other party’s rights. Merchants not compliant with PCI DSS If you are not compliant with the PCI DSS, then you must: complete and submit an AOC including “Part 4. Action Plan for Non-Compliant Status” to us; designate a remediation date, not to exceed twelve (12) months following the date of the AOC, for achieving compliance; and provide us with periodic updates of your progress toward remediation under the “Action Plan for Non-Compliant Status.” Non-validation fees and termination of right to accept cards We have the right to impose non-validation fees on you and terminate your right to accept cards if you do not fulfill these requirements or fails to provide the mandatory validation documentation to us by the applicable deadline. We will notify you separately of the applicable deadline for each annual and quarterly reporting period. If we do not receive your mandatory validation documentation, then we have the right to terminate your right to accept cards and to impose non-validation fees on you. Periodic validation of level EMV merchants Your merchant level may be classified as EMV if you submit 50,000 (or more) American Express card transactions per year, of which at least 75% are made by the card member with the physical card present at a point of sale system compliant with EMV specifications and capable of processing contact and contactless transactions on a chip-enabled device. If you are classified as merchant level EMV, you may submit the annual EMV attestation (AEA) instead of other validation documentation, in which case you must submit the AEA annually to us. Even if you fall into merchant level 1 or 2, if you are classified as merchant level EMV, you only need to submit the AEA, and not the other merchant level 1 and 2 validation documentation. The AEA involves a process using PCI DSS requirements that allows self- examination of your equipment, systems, and networks (and their components) where cardholder data or sensitive authentication data (or both) are stored, processed or transmitted. The AEA must: be performed by you; be certified by your chief executive officer, chief financial officer, chief information security officer, or principal; and certify that you meet the requirements for merchant level EMV. APPENDIX 3 SPECIAL PROVISIONS FOR DISCOVER NETWORK DISCOVER NETWORK PROTOCOL FOR INTERNET TRANSACTIONS Each Internet Discover Network card transaction accepted by you and submitted to us shall comply with Discover Network standards, including Discover Network standards governing the formatting, transmission and encryption of data, referred to as the “designated protocol”. You shall accept only those Internet Discover Network card transactions that are encrypted in accordance with the designated protocol. As of the date of these procedures, the designated protocol for the encryption of data is Secure Socket Layer (SSL). We may, at our discretion, withhold Settlement until security standards can be verified. However, the designated protocol, including any specifications with respect to data encryption, may change at any time upon 30 days advance written notice. You shall not accept any Internet Discover Network card transaction unless the transaction is sent by means of a browser that supports the designated protocol. AUTHORIZATIONS Card Not Present Transactions For Discover Network Card Not Present transactions, you must also verify the name and billing address of the Discover Network cardholder using the Address Verification System (AVS). Discover Network procedure for request for cancellation of authorization If a Discover Network or PayPal card sale is canceled or the amount of the transaction changes following your receipt of authorization for the sale, you must process an authorization reversal via your POS Device or, for voice-approved authorizations, call your Authorization Center directly and request a cancellation of the authorization. An authorization may be canceled at any time within 10 days of your receipt of the authorization, but must be canceled before the sales data relating to the transaction is submitted to us, after which the authorization cannot be changed. For an authorization cancellation, you must provide us with the following information, in this order: the Discover Network Merchant Number used in the authorization; the card number; the original amount of the authorization being canceled; the new amount of the total transaction (if any); the original authorization code for the authorization being canceled; the expiration date of the card; and a brief reason for the authorization cancellation. Discover Network Cash Over Transactions Cash over transactions are only available for Discover Network. • • • • • • • • • • • • • Forensic investigation reports must: include forensic reviews, reports on compliance, and all other information related to the data incident; identify the cause of the data incident; confirm whether or not you were in compliance with the PCI DSS at the time of the data incident: and verify your ability to prevent future data incidents by providing a plan for remediating all PCI DSS deficiencies. American Express has the right to disclose information about any data incident to card members, issuers, other participants on the American Express network, and the general public as required by applicable law, by judicial, administrative, or regulatory order, decree, subpoena, request, or other process; in order to mitigate the risk of fraud or other harm; or otherwise to the extent appropriate to operate the American Express network. Periodic validation of your systems You must take steps to validate under PCI DSS annually and quarterly the status of your equipment, systems and networks (and their components) on which cardholder data and sensitive authentication data are stored, processed or transmitted. Step 1 - Enroll in a compliance program You must submit applicable periodic validation documentation to us. Please contact us for more information regarding data security compliance requirements. Step 2 - Determine merchant level and validation requirements Most merchant levels are based on the volume of transactions submitted by establishments. You will fall into one of the merchant levels specified in the following table: Merchant Level Definition Validation documentation Requirement 1 2.5 million transactions or more per year; or any merchant that American Express otherwise deems a level 1 merchant Annual on-site security assessment report and quarterly network scan Mandatory 2 50,000 to 2.5 million transactions per year Annual self-assessment questionnaire (SAQ) and quarterly network scan Mandatory 3 Less than 50,000 transactions per year Annual SAQ and quarterly network scan Strongly recommended 3-Less than 50,000 transactions per year and designated a level 3 merchant by American Express Annual SAQ and quarterly network scan Mandatory - As designated by American Express. American Express may require certain level 3 merchants to enroll in American Express’ compliance program. Such merchants must enroll no later than ninety (90) days following receipt of such notice from us. All other level 3 merchants need not submit validation documentation, but must comply with all other provisions of these data security provisions. The validation documentation which you must send to us is as follows: Annual onsite security Annual self-assessment Quarterly network scans This is a detailed onsite examination of your equipment, systems, and networks (and their components) where cardholder data or sensitive authentication data (or both) are stored, processed, or transmitted. YOU MUST: ensure that the annual onsite security assessment is performed by (i) a QSA, or (ii) you and certified by your chief executive officer, chief financial officer, chief information security officer or principal; submit the AOC section of the SAQ annually to us, and include copies of the full SAQ upon request; and ensure that the AOC certifies compliance with all requirements of the PCI DSS. This is a process using the PCI DSS self- assessment questionnaire (SAQ) that allows self-examination of your equipment, systems, and networks (and their components) where cardholder data or sensitive authentication data (or both) are stored, processed, or transmitted. YOU MUST: ensure that the SAQ is performed by you and certified by your chief executive officer, chief financial officer, chief information security officer or principal; submit the AOC section of the SAQ annually to us, and include copies of the full SAQ upon request; and ensure that the AOC of the SAQ certifies compliance with all requirements of the PCI DSS. The quarterly network scan is a process that remotely tests your internet-connected computer networks and web servers for potential weaknesses and vulnerabilities. YOU MUST: ensure that the quarterly network scan is performed by an approved scanning vendor (ASV); complete and submit the ASV scan report attestation of scan compliance (AOSC) or executive summary of findings of the scan (and copies of the full scan, on request) quarterly to us; ensure that the AOSC or executive summary certifies that (i) the results satisfy the PCI DSS scanning procedures, (ii) no high risk issues are identified, and (iii) the scan is passing or compliant. – – – – – – – – – • • • • GenCP-WF-2602_PG_02.28.23 18 You may issue cash over in connection with a Discover Network card sale, provided You may issue cash over in connection with a Discover Network card sale, provided that you comply with the terms on which you are authorized to accept cards, including the following requirements: you must deliver to us a single authorization request for the aggregate total of the goods/services purchase amount and the cash over amount of the card sale. You may not submit separate authorization requests for the purchase amount and the cash over amount; the sales draft must include both the purchase amount and the cash over amount, and you may not use separate sales drafts for the purchase amount and cash over amount; cash over may only be offered with a Card Present card sale that includes a purchase of goods or services by the cardholder. You must not issue cash over as a stand-alone transaction. If you offer cash over, you may require the total amount of a card sale with a credit product, including cash over, to meet a minimum transaction amount of up to $10. You must not assess or charge fees of any type or amount, including any surcharges, on cash over transactions. You must not include in cash over transactions any of the fees or charges applicable to cash advances; cash over may not be dispensed in connection with credits, cash advances, or any card sale for which you are unable to electronically capture Track Data using the POS device; and the maximum amount of cash that you may issue as cash over is $100. Cash over may not be available in certain markets. Contact us for further information. APPENDIX 4 SPECIAL PROVISIONS FOR PAYPAL PAYPAL DOES NOT PERMIT THE FOLLOWING TRANSACTION TYPES: PayPal does not permit internet (ecommerce), mail order, manually key-entered, cash type transactions (including, cash over, cash advance or quasi cash transactions), or international/non-U.S. currency transactions. Contact us for further information related to these transaction types. AUTHORIZATIONS PayPal procedure for request for cancellation of authorization If a PayPal card sale is canceled or the amount of the transaction changes following your receipt of authorization for the sale, you must process an authorization reversal via your POS Device. PayPal Sublicense to Use PayPal Marks. You are prohibited from using the PayPal Marks, as defined below, other than as expressly authorized in writing by us. “PayPal Marks” means the brands, emblems, trademarks, or logos that identify PayPal acceptance. You may use the PayPal Marks only to promote PayPal products, offers, services, processing and /acceptance. Your use of the PayPal Marks is restricted to the display of decals, signage, advertising, and marketing materials provided or approved by PayPal in writing pursuant to the process set forth in the PayPal Card Organization Rules. You are not permitted to use the PayPal Marks in such a way that PayPal Account Holders could believe that the products or services offered by you are sponsored or guaranteed by the owners of the PayPal Marks. You recognize that you have no ownership rights in the PayPal Marks. You are not permitted to assign to any third party any of the rights to use the PayPal Marks. You are prohibited from using the PayPal Marks, not permitted above, unless expressly authorized in writing by PayPal. APPENDIX 5 SPECIAL PROVISIONS FOR ALIPAY What is Alipay Alipay is a payment processing platform offering a variety of services to Chinese National consumers. Alipay offers consumers the ability to make payments using prepaid funds stored in a digital wallet account established between Alipay and the Alipay consumer. Alipay Services We will process payment transactions you submit under this Agreement that are initiated by consumers presenting their Alipay-branded electronic payment credentials as issued by the Alipay Payment Organization at your locations that accept Alipay. State Restrictions If you elect to accept Alipay services Processor may provide them to you in the States where legally permitted. Alipay Funding Schedule Alipay transactions are settled and funded in China Standard Time. Alipay recognizes certain days as Chinese National holidays which can cause funding delays. The holidays can be as long as 5 consecutive days. Authorizations are not impacted during these holidays. Refunds and Transaction Adjustments Alipay consumers have 90 days from the transaction date to request a refund. After 90 days, all refund requests will be declined. Merchants will receive notification and will have the authority to determine if they wish to process the refund or reject the request (in accordance with your stated policy(ies) and any applicable laws). • • • • • GenCP-WF-2602_PG_02.28.23 19 25. Exclusivity During the term of this Agreement, you shall use us as your exclusive provider of all Services. 26. Fees; Adjustments; Collection of Amounts Due In consideration of the Services provided by us, you shall be charged, and hereby agree to pay us any and all fees set forth in this Agreement (for the purposes of clarity, this includes the Application and any additional pricing supplements or subsequent communications), all of which shall be calculated and payable pursuant to the terms of this Agreement and any additional pricing supplements or subsequent communications. If a transaction fails to qualify for your anticipated interchange levels or you inadvertently or intentionally accept a transaction other than the type anticipated for your account (including a different Card type), then, as applicable to your pricing method, you will be charged a higher interchange, Discount Rate or Non-Qualified Interchange Fee, as well any applicable surcharge for that transaction, all as further described in Section A.3 of Part IV of this Agreement and in the Application. With respect to inadvertent or intentional acceptance of a transaction other than the type anticipated for your account (including a different Card type), you will also be subject to payment to us of our then-current transaction fee(s) with respect to such Card and /or transaction and be liable, obligated and responsible under this Agreement for any such transaction to the same extent as you would be if it was of a Card type elected and approved. For more information on Visa’s and Mastercard's interchange rates, please go to and .www.visa.com www.mastercard.com All authorization fees will be charged for each transaction that you attempt to authorize. All capture fees will be charged for each transaction that you transmit to us for settlement. If you are being billed a combined fee for both the authorization and capture of a transaction, the authorization and capture must be submitted as a single transaction, otherwise the authorization and the capture will each be charged separately. You are responsible for utilizing software or services that will correctly submit these transactions to achieve the combined billing. The fees for Services set forth in this Agreement are based upon assumptions associated with the anticipated annual volume and average transaction size for all Services as set forth in this Agreement and your method of doing business. If the actual volume or average transaction size are not as expected or if you significantly alter your method of doing business, we may adjust your discount fee and transaction fees without prior notice. The fees for Services set forth in this Agreement may (a) be adjusted to reflect increases, or new fees imposed by Payments Networks, including without limitation, interchange, assessments and other Payments Network fees, or to pass through increases or new fees charged to us by other Persons related to the Services, or (b) upon 30 days' notice to you and no more than once per calendar year during the Term, increase your fees by a percentage equal to the increase in the U.S. Department of Labor Consumer Price Index for All Urban Consumers over the most current published 12 month period (or equal to the increase in the nearest comparable data on changes in the cost of living over the same time period if such index is no longer published). All such adjustments shall be your responsibility to pay and shall become effective upon the date any such change or addition is implemented by the applicable Payments Network or other Person as specified in our notice to you. Subject to Section 31.3, we may also increase our fees or add new fees for Services for any reason at any time, by notifying you thirty (30) days’ prior to the effective date of any such change or addition. If you receive settlement funds by wire transfer, we may charge a wire transfer fee per wire. To the extent the Automated Clearing House (“ACH”) settlement process is used to effect debits or credits to your Settlement Account, you agree to be bound by the terms of the operating rules of the National Automated Clearing House Association, as in effect from time to time. You hereby authorize us to initiate credit and debit entries and adjustments to your account through the ACH network and /or through direct instructions to the financial institution where your Settlement Account is maintained for amounts due under this Agreement and under any agreements with us or our respective Affiliates for any products or services, as well as for any credit entries in error. You hereby authorize the financial institution where your Settlement Account is maintained to effect all such debits and credits to your account. This authority will remain in full force and effect until we have given written notice to the financial institution where your Settlement Account is maintained that all monies due under this Agreement and under any other agreements with us or our respective Affiliates for any products or services have been paid in full. You are solely responsible to inform us in writing if you want any fees or other adjustments to be debited from an account other than your Settlement Account. You agree to pay any fines imposed on us by any Card Organization resulting from Chargebacks and all fees, fines and other charges imposed on us by a Card Organization with respect to your acts or omissions. You are also responsible for all fees, fines, and other charges imposed on us as a result of acts or omissions by your agents or third parties. If your Chargeback percentage for any line of business exceeds the estimated industry Chargeback percentage, you shall, in addition to the Chargeback fees and any applicable Chargeback handling fees or fines, pay us an excessive Chargeback fee for all Chargebacks occurring in such month in such line(s) of business. Each estimated industry Chargeback percentage is subject to change from time to time by us in order to reflect changes in the industry Chargeback percentages reported by Visa, Mastercard, American Express, Discover Network, PayPal, or Alipay. 26.9. 26.8. 26.7. 26.6. 26.5. 26.4. 26.3. 26.2. 26.1. B. CARD GENERAL TERMS In addition to the preceding Your Payments Acceptance Guide, our Agreement with you includes the following General Terms. If you fail to follow any of the provisions of the Your Payments Acceptance Guide Procedures or General Terms, you may incur certain liabilities and we may terminate our Agreement. 22. Services Subject to Card Organization Rules, Services may be performed by us, our Affiliates, our agents, or other third parties we may designate from time to time in connection with this Agreement. 23. Your Payments Acceptance Guide; Card Organization Rules and Compliance You agree to follow all requirements of this Agreement in connection with each Card transaction and to comply with all applicable Card Organization Rules, including without limitation, the data security requirements described in Part I, Section 5. From time to time, we may amend the General Terms, by providing you with at least 20 days’ prior written notice, and those provisions will be deemed incorporated into this Agreement. However, for changes in the Card Organization Rules or for security reasons, certain changes in Card procedures may become effective on shorter notice. If there are any inconsistencies between the General Terms and Your Payments Acceptance Guide, the General Terms will govern. You are responsible for staying apprised of all applicable changes to the Card Organization Rules and maintaining compliance with the Card Organization Rules. Card Organization Rules may be available on web sites such as http://usa.visa.com/merchants/merchant- and support/international-operating-regulations.jsp http://www.mastercard.com/us ./merchant/support/rules.html These links may change from time to time. 24. Settlement of Card Transactions We will only be required to settle Card transactions for Card types specified in your Application. Promptly after presentment of Sales Drafts pursuant to Your Payments Acceptance Guide, we will initiate a transfer of the applicable settlement funds to you. Unless otherwise agreed to in writing to the contrary, all discount fees are deducted daily. All settlements for Visa, Mastercard, Discover Network, PayPal, Alipay, and American Express Card transactions will be net of Credits, Summary Adjustments, applicable discount fees when due, Chargebacks and any other amounts then due from you. We may also set off from any payments otherwise due, any amounts owed to any of our respective Affiliates, whether or not arising out of or related to this Agreement. All credits to your Settlement Account or other payments to you are provisional and are subject to, among other things, our right to deduct our fees, our final audit, Chargebacks (including our related losses), and fees, fines and any other charge imposed on us by the Card Organizations as a result of your acts or omissions. You agree that we may debit or credit your Settlement Account for any deficiencies, overages, fees, pending Chargebacks and any other amounts owed to us or any of our respective Affiliates, or we may deduct such amounts from settlement funds or other amounts due to you from us, or our respective Affiliates. You further agree we can offset any amounts owed to us or our Affiliates related to activity in other accounts maintained in the name of or guaranteed by you, any of your principals, guarantors or authorized signors. Alternatively, we may elect to invoice you for any such amounts, net due 30 days after the invoice date or on such earlier date as may be specified. We will not be liable for any delays in receipt of funds or errors in debit and credit entries caused by you or any Person. In addition to any other remedies available to us under this Agreement, you agree that should any Event of Default (see Section 31.4) occur, we may, with or without notice, change processing or payment terms and/or suspend credits or other payments of any and all funds, money and amounts now due or hereafter to become due to you pursuant to the terms of this Agreement, until we have had reasonable opportunity to investigate such event. You acknowledge and agree that transfers to and from the Settlement Account shall be based on the account number and routing number supplied by you. We are not responsible for detecting errors in any Settlement Account information you provide, including the account numbers and routing numbers, even if any of those numbers do not correspond to the actual account or financial institution identified by name. This Agreement is a contract whereby we are extending financial accommodations to you within the meaning of Section 365(c) of the U.S. bankruptcy code. Your right to receive any amounts due or to become due from us is expressly subject and subordinate to Chargeback, setoff, lien, security interest and our rights to withhold settlement funds under this Agreement, without regard to whether such Chargeback, setoff, lien, security interest and the withholding of settlement funds rights are being applied to claims that are liquidated, unliquidated, fixed, contingent, matured or unmatured. Agent Appointment. If applicable, by accepting Alipay, you non-exclusively appoint First Data Merchant Services, LLC (“FDMS”) as your agent solely for the limited purpose of receiving settlement funds from Alipay on your behalf for the transactions submitted from your participating locations. You acknowledge that payment of settlement funds to FDMS by Alipay constitutes full and final settlement of such amounts payable to you by Alipay. Alipay services are provided solely by Processor, and the Bank has no performance obligations or liabilities of any nature in connection with Alipay. 24.9. 24.8. 24.7. 24.6. 24.5. 24.4. 24.3. 24.2. 24.1. PART II: GenCP-WF-2602_PG_02.28.23 20 covenant with, us, and with the submission of each Sales Draft reaffirm, theYour Chargeback Percentage will be calculated as the larger of (a) the total Visa, covenant with, us, and with the submission of each Sales Draft reaffirm, the following representations, warranties and/or covenants: each Card transaction is genuine and arises from a bona fide transaction permissible under the Card Organization Rules by the Cardholder directly with you, represents a valid obligation for the amount shown on the Sales Draft, preauthorized order, or Credit Draft, and does not involve the use of a Card for any other purpose; each Card transaction represents an obligation of the related Cardholder for the amount of the Card transaction; the amount charged for each Card transaction is not subject to any dispute, setoff or counterclaim; each Card transaction amount is only for respective merchandise or services (including taxes, but without any surcharge) sold, leased or rented by you pursuant to your business as indicated on the application and, except for any delayed delivery or advance deposit Card transactions expressly authorized by this Agreement, that merchandise or service was actually delivered to or performed for the Cardholder entering into that Card transaction simultaneously upon your accepting and submitting that Card transaction for processing; with respect to each Card transaction, you have no knowledge or notice of any fact, circumstance or defense which would indicate that such Card transaction is fraudulent or not authorized by the related Cardholder or which would otherwise impair the validity or collectability of that Cardholder’s obligation arising from that Card transaction or relieve that Cardholder from liability with respect thereto; each Card transaction is made in accordance with these General Terms, Card Organization Rules and Your Payments Acceptance Guide; each Sales Draft is free of any alternation not authorized by the related Cardholder; you have completed one Card transaction per sale; or one Card transaction per shipment of goods for which the Cardholder has agreed to partial shipments; you are validly existing, in good standing and free to enter into this Agreement; each statement made on the Application or other information provided to us in support of this Agreement is true and correct; you are not doing business under a name or style not previously disclosed to us; you have not changed the nature of your business, Card acceptance practices, delivery methods, return policies, or types of products or services sold requiring a different MCC under Card Organization Rules, in a way not previously disclosed to us; you will use the Services only for your own proper business purposes and will not resell, directly or indirectly, any part of the Services to any Person; (NOTE: Factoring is prohibited.) you have not filed a bankruptcy petition not previously disclosed to us; you own and control the Settlement Account, and no third party security interest or lien of any type exists regarding the Settlement Account or any Card transaction. you will not at any time during the term of this Agreement, or until all amounts due under this Agreement have been paid in full, grant or pledge any security interest or lien in the Reserve Account, Settlement Account or transaction proceeds to any Person without our consent; THIS AGREEMENT IS A SERVICE AGREEMENT. WE DISCLAIM ALL REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, MADE TO YOU OR ANY OTHER PERSON, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES REGARDING QUALITY, SUITABILITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR OTHERWISE OF ANY SERVICES OR ANY GOODS PROVIDED INCIDENTAL TO THE SERVICES PROVIDED UNDER THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, ANY SERVICES OR ANY GOODS PROVIDED BY A THIRD PARTY. IN NO EVENT SHALL WE OR OUR AFFILIATES OR ANY OF OUR OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS OR SUBCONTRACTORS, BE LIABLE UNDER ANY THEORY OF TORT, CONTRACT, STRICT LIABILITY OR OTHER LEGAL THEORY FOR LOST PROFITS, LOST REVENUES, LOST BUSINESS OPPORTUNITIES, EXEMPLARY, PUNITIVE, SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES, EACH OF WHICH IS HEREBY EXCLUDED BY AGREEMENT OF THE PARTIES, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE OR WHETHER ANY PARTY OR ANY ENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CLIENT ACKNOWLEDGES AND AGREES THAT PAYMENT OF ANY EARLY TERMINATION FEE OR LIQUIDATED DAMAGES AS PROVIDED ELSEWHERE IN THIS AGREEMENT SHALL NOT BE PROHIBITED BY THIS PARAGRAPH. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY (INCLUDING BUT NOT LIMITED TO SECTIONS 29.5 or 34), OUR CUMULATIVE LIABILITY FOR ALL LOSSES, CLAIMS, SUITS, CONTROVERSIES, BREACHES OR DAMAGES FOR ANY CAUSE WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, THOSE ARISING OUT OF OR RELATED TO THIS AGREEMENT), REGARDLESS OF THE FORM OF ACTION OR LEGAL THEORY, SHALL NOT EXCEED, (I) $50,000; OR (II) THE AMOUNT OF FEES RECEIVED BY US PURSUANT TO THIS AGREEMENT FOR SERVICES PERFORMED IN THE IMMEDIATELY PRECEDING 12 MONTHS, WHICHEVER IS LESS. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, OUR LIABILITY FOR ANY DELAY IN FUNDING TRANSACTIONS TO YOU FOR ANY REASON, OTHER THAN FOR ANY REASON DESCRIBED IN SECTIONS 24.4 AND 24.6, WILL BE LIMITED TO INTEREST COMPUTED FROM THE DATE THAT YOU SUBMIT THE TRANSACTION TO THE DATE THAT WE FUND THE TRANSACTION AT THE RATE OF THE FEDERAL FUNDS AS SET BY THE FEDERAL RESERVE BANK OF NEW YORK, NEW YORK, FROM TIME TO TIME, LESS ONE PERCENT (1%). NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, BANK IS NOT RESPONSIBLE, AND SHALL HAVE NO LIABILITY, TO 28.6. 28.5. 28.4. 28.3. 28.2. 28.1.16. 28.1.15. 28.1.14. 28.1.13. 28.1.12. 28.1.11. 28.1.10. 28.1.9. 28.1.8. 28.1.7. 28.1.6. 28.1.5. 28.1.4. 28.1.3. 28.1.2. 28.1.1. Your Chargeback Percentage will be calculated as the larger of (a) the total Visa, Mastercard, American Express, Discover Network, PayPal, and Alipay Chargeback items in any line of business in any calendar month divided by the number of Visa, Mastercard, American Express, Discover Network, PayPal, and Alipay transactions in that line of business submitted that month, or (b) the total dollar amount of Visa, Mastercard, American Express, Discover Network, PayPal, and Alipay Chargebacks in any line of business received in any calendar month divided by the total dollar amount of your Visa, Mastercard, American Express, Discover Network, PayPal, and Alipay transactions in that line of business submitted in that month. In the event the State of Washington charges us business and occupation tax on the fees or amounts imposed by Card Organizations, interchange, and any other fees or assessments passed through to us associated with or charged to your transactions (“Pass-Through Fees”), you will pay us an additional monthly fee equal to the then-current rate of that tax multiplied by all Pass-Through Fees for all of your locations in Washington State for that month. You agree to promptly and carefully review your merchants statements or other documents provided or made available to you (physically, electronically or otherwise provided by Us or others) reflecting Card transaction activity, including, activity in your Settlement Account. If you believe any adjustments should be made with respect to your Settlement Account, you must notify us in writing within sixty (60) days after any debit or credit is or should have been effected or such shorter period as provided in the terms and conditions that govern such account. If you notify us after sixty (60) days, we shall have no obligation to investigate or effect any adjustments. Any voluntary efforts by us to assist you in investigating such matters shall not create any obligation to continue such investigation or any future investigation. If you do not pay us all fees and any other amounts due under this Agreement within thirty (30) days of the date of our merchant statement or other statement setting forth the amount due, then we may, in our sole discretion, charge you interest, for such time that the amount and all accrued interest remain outstanding at the lesser of (i) 12% APR, or (ii) the maximum rate permitted by applicable law. Other Debits. We may also debit your Settlement Account or your settlement funds in the event we are required to pay Card Organization fees, charges, fines, penalties or other assessments as a consequence of your sales activities. Such debits shall not be subject to any limitations of time specified elsewhere in the Agreement, including, without limitation the following, which we may add to or delete from this list as changes occur in the Card Organization Rules or our Your Payments Acceptance Guide pursuant to Section 23: Card Organization fees, charges, fines, penalties, registration fees, or other assessments including any fees levied against us or any amount for which you are obligated to indemnify us. Currency conversion was incorrectly calculated. NOTE: For Discover Network transactions, you are not permitted to convert from your local Discover Network approved currency into another currency, nor may you quote the price of a transaction in U.S. Dollars if completed in another approved currency. Discount Rate not previously charged. Reversal of deposit posted to your account in error. Debit for Summary Adjustment not previously posted. Reversal of Credit for deposit previously posted. Debit for Chargeback never posted to your account. Debit for EDC Batch error fee. Card Organization Merchant Chargeback/fraud monitoring fees – excessive Chargeback handling fees. Failure of transaction to meet Member Controller Authorization Service (“MCAS”) – Cardholder account number on exception file. Original transaction currency (foreign) not provided. Travel Voucher exceeds maximum value. Debit and/or fee for investigation and/or Chargeback costs related to this Agreement, or for costs related to our collection activities in an amount no less than $100.00. Costs arising from replacement or damage to equipment rented. Payment of current or past due amounts for any equipment purchase or rental. Incorrect merchant descriptor (name and/or city, state) submitted. Incorrect transaction date submitted. Shipping and handling fees. Costs or expenses associated with responding to any subpoena, garnishment, levy or other legal process associated with your account in an amount no less than $150.00. In the event the State of Washington charges us business and occupation tax on the fees or amounts imposed by Payment Networks, interchange, and any other fees or assessments passed through to us associated with or charged to your transactions (), you will pay us an additional monthly fee equalPass-Through Fees to the then-current rate of that tax multiplied by all Pass-Through Fees for all of your locations in Washington State for that month. 27. Chargebacks You shall be responsible for reimbursing us for all transactions you submit that are charged back. See Your Payments Acceptance Guide for additional information regarding Chargebacks and Chargeback procedures. You shall reimburse us for any Chargebacks, return items, or other losses resulting from your failure to produce a Card transaction record requested by us within the applicable time limits. 28. Representations; Warranties; Covenants; Limitations on Liability; Exclusion of Consequential Damages Without limiting any other warranties hereunder, you represent, warrant to and28.1. 27.2. 27.1. 26.14. • • • • • • • • • • • • • • • • • • • 26.13. 26.12. 26.11. 26.10. GenCP-WF-2602_PG_02.28.23 21 telecommunications provider utilized by Client, as necessary to investigate anyYOU IN ANY WAY WITH RESPECT TO NON-BANK SERVICES. telecommunications provider utilized by Client, as necessary to investigate any allegation of fraud, suspected fraud or other actual or alleged wrongful act by Client in connection with the Services. 30. Use Of Data You consent to us retaining, using, combining, disclosing or sharing Data: (1) to provide, develop, improve, modify or offer the Services or other similar services for you or other clients, (2) for analytics, or (3) for fraud prevention (collectively, Permitted Purposes). We may continue to use or share the Data for the Permitted Purposes following termination of this Agreement. We will also use a consumer's Data as agreed by consumers. Data means information about you, your customers, their transactions, or financial information covered by this Agreement. We will not identify you to another client except as instructed by you. In the course of providing Services, we may collect information relating to activities on your network, including network configuration, TCP/IP packet headers and contents, log files, malicious codes, and Trojan horses. We retain the right to use this information or aggregations of this information, in addition to the Transaction Data, for any reasonable purpose. You agree that we may obtain relevant information from any applicable telecommunications provider you utilize, as necessary to investigate any allegation of fraud, suspected fraud or other actual or alleged wrongful act by you in connection with the Services. 31. Assignments Any transfer or assignment of this Agreement by you, without our prior written consent, by operation of law or otherwise, is voidable by us. Any transfer of voting control of you or your parent shall be considered an assignment or transfer of this Agreement. Furthermore, you shall indemnify and hold us harmless from all liabilities, Chargebacks, expenses, costs, fees and fines arising from such transferee’s or assignee’s Submission of Card transactions to us for processing. For purposes of this Section 30, any transfer of voting control shall be considered an assignment or transfer of this Agreement. The payment Services provided by us require access to a single bank account in which we may initiate both credits and debits. You may not enter into any agreement that would require, in any circumstance or event, the transfer of any payments or proceeds from Card transactions covered by this Agreement to the custody or control of any Person. You may not assign any rights, including the right of payment under this Agreement, to any other person. In the event that you make an assignment (or provide a security interest) of receivables covered by this Agreement, then we may, at our option, elect to (a) refuse to acknowledge such assignment unless accompanied by an Authorization to both initiate debits or credits to the bank account of the assignee, (b) terminate this Agreement immediately, or (c) charge for any transfers that we are called upon to make manually to fulfill such an assignment at the rate of $100 per transfer. Another Visa and Mastercard member may be substituted for Bank under whose sponsorship this Agreement is performed with respect to Visa and Mastercard transactions. Upon substitution, such other Visa and Mastercard member shall be responsible for all obligations required of Bank for Visa and Mastercard transactions, including without limitation, full responsibility for its Card program and such other obligations as may be expressly required by applicable Card Organization Rules. Subject to Card Organization Rules, we may assign or transfer this Agreement and our rights, duties and obligations hereunder and/or may delegate or subcontract our rights, duties and obligations hereunder, in whole or in part, to any Person, whether in connection with a change in sponsorship, as set forth in the preceding paragraph, or otherwise, without notice to you or your consent. Except as set forth elsewhere in this Section and as provided in the following sentence, this Agreement shall be binding upon successors and assigns and shall inure to the benefit of the parties and their respective permitted successors and assigns. No assignee for the benefit of creditors, custodian, receiver, trustee in bankruptcy, debtor in possession, or other person charged with taking custody of a party’s assets or business, shall have any right to continue, assume or assign this Agreement. 32. Term; Events of Default This Agreement shall become effective upon the date this Agreement is approved by our Credit Department. You acknowledge that our Credit Department maintains a list of business types that are unqualified for our Services. We reserve the right to immediately terminate your account if it has been inadvertently boarded notwithstanding such Credit policies. The initial term of this Agreement shall commence and shall continue in force for three years after it becomes effective. Thereafter, it shall continue until we or you terminate this Agreement upon written notice to the other, or as otherwise authorized by this Agreement. Should you fail to notify us in writing of your request to terminate you acknowledge and agree you will continue to be charged fees pursuant to this Agreement notwithstanding non-use of your account. Notwithstanding the above or any other provisions of this Agreement, we may terminate this Agreement at any time and for any reason by providing 30 days’ advance notice to you. We may terminate this Agreement immediately or with shorter notice upon an Event of Default as provided under Section 31.4 of this Agreement. In the event we provide notice to you of any new fees or increases in existing fees for Services, pursuant to Section 26.5, you may terminate this Agreement without further cause or penalty by notifying us that you are terminating this Agreement prior to the effective date of such new fees or increases. However, maintaining your merchant account, or your continued use of the Services after the effective date of any such fee changes shall be deemed your acceptance of such fee changes for the Services, throughout the term of this Agreement. If any of the following events shall occur (each an “Event of Default”): a material adverse change in your business, financial condition, or business32.4.1. 32.4. 32.3. 32.2. 32.1. 31.4. 31.3. 31.2. 31.1. 30.3. 30.2. 30.1. YOU IN ANY WAY WITH RESPECT TO NON-BANK SERVICES. 29. Confidentiality Unless you obtain written consents from us and each applicable Card Organization, Issuer and Cardholder, you must not use, disclose, store, sell or disseminate any Cardholder information obtained in connection with a Card transaction (including the names, addresses and Card account numbers of Cardholders) except for purposes of authorizing, completing and settling Card transactions and resolving any Chargebacks, Retrieval Requests or similar issues involving Card transactions, other than pursuant to a court or governmental agency request, subpoena or order. You shall use proper controls for and limit access to, and render unreadable prior to discarding, all records containing Cardholder account numbers and Card imprints. You may not retain or store Magnetic Stripe data or Card Validation Codes after a transaction has been authorized. If you store any electronically captured signature of a Cardholder, you may not reproduce such signature except upon our specific request. You acknowledge that you will not obtain ownership rights in any information relating to and derived from Card transactions. Cardholder account numbers, personal information and other Card transaction information, including any databases containing such information, may not be sold or disclosed to a Person as an asset upon a bankruptcy, insolvency or failure of Client’s business. Upon a bankruptcy, insolvency or failure of Client’s business, all Card transaction information must be returned to Servicers or acceptable proof of the destruction of all Card transaction information must be provided to Servicers. You will treat this Agreement, the Card Organization Rules and any information supplied or otherwise made accessible by us or our agents as confidential, including without limitation, (i) information about the products, services, operations, procedures, customers, suppliers, sales, pricing, business plans and marketing strategies of Servicers, their respective Affiliates and the customers, clients and suppliers of any of them; (ii) any scientific or technical information, design, process, procedure, formula, or improvement that is commercially valuable and secret in the sense that its confidentiality affords Servicers a competitive advantage over its competitors; and (iii) all confidential or proprietary concepts, documentation, reports, data, specifications, computer software, source code, object code, flow charts, databases, inventions, know-how, show-how and trade secrets, whether or not patentable or copyrightable and will not disclose the same to any third parties, provided, however, that these restrictions do not apply to information: (a) rightfully obtained on a non-confidential basis from a Person and your agents and representatives, which Person was not subject to a duty of confidentiality, (b) rightfully and independently known by you on a non-confidential basis prior to its disclosure or (c) generally available to the public other than through any disclosure by or fault of you, your agents or representatives. Our confidential information shall be used by you only to exercise your rights and to perform your obligations hereunder. Client shall receive our confidential information in confidence and not disclose the confidential information to any third party, except as may be agreed upon in writing by us. Client shall safeguard all of our confidential information using a reasonable degree of care, but not less than that degree of care used by it in safeguarding its own similar information or material. Upon request by us or upon termination of this Agreement, Client shall return to us or destroy all of our confidential information in its possession or control. The obligations of confidentiality and restrictions on use in this Section shall not apply to any confidential information that: (i) was in the public domain prior to the date of the Agreement or subsequently came into the public domain through no fault of Client;(ii) was received from a third party free of any obligation of confidence of Client to the third party and which third party, to Client’s knowledge, was not under an obligation to keep the information confidential; (iii) was already in Client’s possession prior to receipt from us; (iv) is required to be disclosed by law, regulation or court order after giving us as much advance notice as practical of the possibility of disclosure; or (v) is subsequently and independently developed by Client’s employees, consultants or agents without use of or reference to our confidential information. Except as specifically provided for herein, this Section does not confer any right, license, interest or title in, to or under our confidential information to Client. Except as specifically provided for herein, no license is hereby granted to Client under any patent, trademark, copyright, trade secret or other proprietary rights of ours. Client acknowledges that breach of the restrictions on use or disclosure of any our confidential information would result in immediate and irreparable harm to us, and money damages would be inadequate to compensate for that harm. We shall be entitled to equitable relief, in addition to all other available remedies, to redress any breach. We may use data collected as part of performing payment processing or other transaction-related services for you (“Transaction Data”) for the purpose of providing additional products and services to you, other merchants, or third parties. This includes collecting, using, and de-identifying cardholder information, dates, amounts, and other Transaction Data to provide you with analytic products and services as well as collecting and using Transaction Data anonymized and aggregated with other merchants’ transaction data to provide you, other merchants, and third parties with analytic products and services. You shall not assign to any Person, the rights to use the Marks of Servicers, our agents or the Card Organizations. All rights, title, and interest in and to all intellectual property related to the Services (including without limitation, the content of any materials, web screens, layouts, processing techniques, procedures, algorithms, and methods), owned, developed or licensed by us prior to, during the term of, or after the Agreement, or employed by us in connection with the Services and any updates, changes, alterations, or modifications to or derivative works from such intellectual property, shall be and remain, as among the Parties, our exclusive property. Client agrees that we may obtain relevant information from any applicable29.7. 29.6. 29.5. 29.4. 29.3.4. 29.3.3. 29.3.2. 29.3.1. 29.3. 29.2. 29.1. GenCP-WF-2602_PG_02.28.23 22 any other accounts held by Bank or any of its Affiliates, at any financial institutionprospects; or any other accounts held by Bank or any of its Affiliates, at any financial institution maintained in the name of Client, any of its principals, or any of its guarantors, or if any of same are authorized signers on such account; (ii) any payments otherwise due to you, including any amount due from TeleCheck; (iii) your delivery to us of a letter of credit; or (iv) if we so agree, your pledge to us of a freely transferable and negotiable certificate of deposit. Any such letter of credit or certificate of deposit shall be issued or established by a financial institution acceptable to us and shall be in a form satisfactory to us. In the event of termination of this Agreement by any party, an immediate Reserve Account may be established without notice in the manner provided above. Any Reserve Account will be held by us for the greater of ten (10) months after termination of this Agreement or for such longer period of time as is consistent with our liability for your Card transactions and Chargebacks in accordance with Card Organization Rules. We will hold funds pursuant to this Section 32 in master account(s) with your funds allocated to separate sub accounts. Unless specifically required by law, you shall not be entitled to interest on any funds held by us in a Reserve Account. If your funds in the Reserve Account are not sufficient to cover the Chargebacks, adjustments, fees and other charges and amounts due from you, or if the funds in the Reserve Account have been released, you agree to promptly pay us such sums upon request. To secure your obligations to us and our respective Affiliates under this Agreement and any other agreement for the provision of equipment, products or services (including any obligations for which payments on account of such obligations are subsequently invalidated, declared to be fraudulent or preferential, set aside or required to be repaid to a trustee, receiver or any other party under any bankruptcy act, state or federal law, common law or equitable cause), you grant to us a first priority lien and security interest in and to (i) the Reserve Account and (ii) any of your funds pertaining to the Card transactions contemplated by this Agreement now or hereafter in our possession, whether now or hereafter due or to become due to you from us. Any such funds, money or amounts now or hereafter in our possession may be commingled with other funds of ours, or, in the case of any funds held pursuant to the foregoing paragraphs, with any other funds of other customers of ours. In addition to any rights now or hereafter granted under applicable law and not by way of limitation of any such rights, we are hereby authorized by you at any time and from time to time, without notice or demand to you or to any other Person (any such notice and demand being hereby expressly waived), to set off, recoup and to appropriate and to apply any and all such funds against and on account of your obligations to us and our respective Affiliates under this Agreement and any other agreement with us our respective Affiliates for any related equipment or related services (including any check services), whether such obligations are liquidated, unliquidated, fixed, contingent, matured or unmatured. You agree to duly execute and deliver to us such instruments and documents as we may reasonably request to perfect and confirm the lien, security interest, right of set off, recoupment and subordination set forth in this Agreement. For sake of clarification and notwithstanding anything in the Agreement to the contrary, in the event Servicers deduct, holdback, suspend, off set or set off any settlement monies or amounts otherwise due you pursuant to the terms of this Agreement (collectively “Set Off Funds”), you acknowledge that such Set Off Funds will be held in a commingled Reserve Account(s) of Servicers. If in replacement of or in addition to the first priority lien and security interest in the Reserve Account, you grant to Servicers a first priority lien and security interest in and to one or more certificates of deposit, the certificates of deposit shall be uncertificated and shall be subject to an Acknowledgement of Pledge of Certificate of Deposit and Control Agreement (the “Certificate of Deposit Control Agreement”) by, between and among Customers, Servicers and the financial institution that has established and issued the certificate of deposit. The form of the Certificate of Deposit Control Agreement and the financial institution that will establish and issue the certificate of deposit shall be satisfactory and acceptable to Servicers. 34.Financial and Other Information Upon request, you will provide us and our Affiliates, quarterly financial statements within 45 days after the end of each fiscal quarter and annual audited financial statements within 90 days after the end of each fiscal year. Such financial statements shall be prepared in accordance with generally accepted accounting principles. You will also provide such other financial statements and other information concerning your business and your compliance with the terms and provisions of this Agreement as we may reasonably request. You authorize us and our Affiliates to obtain from third parties financial and credit information relating to you in connection with our determination whether to accept this Agreement and our continuing evaluation of your financial and credit status. We may also access and use information which you have provided to Bank for any other reason. Upon request, you shall provide, and/or cause to be provided, to us and our Affiliates, or our representatives or regulators (as well as those of the Card Organizations) reasonable access to your or your providers’ facilities and records for the purpose of performing any inspection and/or copying of books and/or records deemed appropriate. In such event, you shall pay the costs incurred by us or our Affiliates for such inspection, including, but not limited to, costs incurred for airfare and hotel accommodations. You will provide us with written notice of any judgment, writ, warrant of attachment, execution or levy against any substantial part (25% or more in value) of your total assets not later than three (3) days after you become aware of same. 35. Indemnification You agree to indemnify and hold us and the Card Organizations harmless from and against all losses, liabilities, damages and expenses: (a) resulting from the inaccuracy or untruthfulness of any representation or warranty, breach of any covenant or agreement or any misrepresentation by you under this Agreement; (b) 35.1. 34.2. 34.1. 33.4.3. 33.4.2. 33.4.1. 33.3. prospects; or any assignment or transfer of voting control of you or your parent; or a sale of all or a substantial portion of your assets; or irregular Card sales by you, excessive Chargebacks, noncompliance with any applicable data security standards, as determined by Servicers, or any Card Organization, or any other Person, or an actual or suspected data security breach, or any other circumstances which, in our sole discretion, may increase our exposure for your Chargebacks or otherwise present a financial or security risk to us; or any of your representations, warranties or covenants in this Agreement are breached in any respect; or you default in any material respect in the performance or observance of any term, condition or agreement contained in this Agreement, including, without limitation, the establishment or maintenance of funds in a Reserve Account, as detailed in Section 32; or you default in any material respect in the performance or observance of any term, covenant or condition contained in any agreement with any of our respective Affiliates; or you default in the payment when due, of any material indebtedness for borrowed money; or you file a petition or have a petition filed by another party under the U.S. bankruptcy code or any other laws relating to bankruptcy, insolvency or similar arrangement for adjustment of debts; consent to or fail to contest in a timely and appropriate manner any petition filed against you in an involuntary case under such laws; apply for or consent to, or fail to contest in a timely and appropriate manner, the appointment of, or the taking of possession by, a receiver, custodian, trustee or liquidator of you or of a substantial part of your property; or make a general assignment for the benefit of creditors; or take any action for the purpose of authorizing any of the foregoing; or your independent certified accountants shall refuse to deliver an unqualified opinion with respect to your annual financial statements and your consolidated subsidiaries; or a violation by you of any applicable law or Card Organization Rule or our reasonable belief that termination of this Agreement or suspension of Services is necessary to comply with any law including without limitation the rules and regulations promulgated by the Office of Foreign Assets Control of the U.S. Department of the Treasury or your breach, as determined by Servicers, of Section 47.2 (“Compliance with Laws”), then, upon the occurrence of (1) an Event of Default specified in subsections 31.4.4, 31.4.9 or 31.4.11, we may consider this Agreement to be terminated immediately, without notice, and all amounts payable hereunder shall be immediately due and payable in full without demand or other notice of any kind, all of which are expressly waived by you, and (2) any other Event of Default, this Agreement may be terminated by us giving not less than 10 days’ notice to you, and upon such notice all amounts payable hereunder shall be due and payable on demand. Neither the expiration nor termination of this Agreement shall terminate the obligations and rights of the parties pursuant to provisions of this Agreement which by their terms are intended to survive or be perpetual or irrevocable. Such provisions shall survive the expiration or termination of this Agreement. All obligations by you to pay or reimburse us for any obligations associated with transactions you have submitted to us will survive termination of this Agreement until finally and irrevocably paid in full and settled. If any Event of Default occurs, regardless of whether such Event of Default has been cured, we may, in our sole discretion, exercise all of our rights and remedies under applicable law, and this Agreement including, without limitation, exercising our rights under Section 32. In the event you file for protection under the U.S. bankruptcy code or any other laws relating to bankruptcy, insolvency, assignment for the benefit of creditors or similar laws, and you continue to use our Services, it is your responsibility to open new accounts to distinguish pre and post filing obligations. You acknowledge that as long as you utilize the accounts you established prior to such filing, we will not be able to systematically segregate your post-filing transactions or prevent set-off of the pre-existing obligations. In that event, you will be responsible for submitting an accounting supporting any adjustments that you may claim. The Card Organizations often maintain merchant lists such as the Member Alert To Control High-risk Merchants (“MATCH”) who have had their merchant agreements or Card Acceptance rights terminated for cause. If this Agreement is terminated for cause, you acknowledge that we may be required to report your business name and the names and other information regarding its principals to the Card Organizations for inclusion on such list(s). You expressly agree and consent to such reporting if you are terminated as a result of the occurrence of an Event of Default or for any reason specified as cause by Visa, Mastercard, Discover Network, PayPal, Alipay, or American Express. Furthermore, you agree to waive and hold us harmless from and against any and all claims which you may have as a result of such reporting. After termination of this Agreement for any reason whatsoever, you shall continue to bear total responsibility for all Chargebacks, fees, Card Organization fines imposed on us as a result of your acts or omissions, Credits and adjustments resulting from Card transactions processed pursuant to this Agreement and all other amounts then due or which thereafter may become due under this Agreement. 33. Reserve Account; Security Interest You expressly authorize us to establish a Reserve Account pursuant to the terms and conditions set forth in this Section 32. The amount of such Reserve Account shall be set by us, in our sole discretion, based upon your processing history and the potential risk of loss to us as we may determine from time to time. The Reserve Account shall be fully funded upon three (3) days’ notice to you, or in instances of fraud or suspected fraud or an Event of Default, Reserve Account funding may be immediate. Such Reserve Account may be funded by all or any combination of the following: (i) one or more debits to your Settlement Account or 33.2. 33.1. 32.9. 32.8. 32.7. 32.6. 32.5. 32.4.11. 32.4.10. 32.4.9. 32.4.8. 32.4.7. 32.4.6. 32.4.5. 32.4.4. 32.4.3. 32.4.2. GenCP-WF-2602_PG_02.28.23 23 Under Section 28 (Representations; Warranties; Covenants; Limitations of•arising out of your or your employees’ or your agents’ negligence or willful Under Section 28 (Representations; Warranties; Covenants; Limitations of Liability; Exclusion of Consequential Damages) of the General Terms, in no event shall our cumulative liability to you for losses, claims, suits, controversies, breaches or damages for any cause whatsoever in connection with Voyager transactions exceed the lesser of $10,000.00 or the Voyager transaction fees paid by you to us for the two months prior to the action giving arise to the claim. Notwithstanding anything in this Agreement to the contrary, our obligation to provide services to you relating to any Fleet Card will terminate automatically without penalty to us or the related Card Organization upon the earlier of (i) the termination or expiration of our agreement with such Card Organization, (ii) at least twenty (20) days prior written notice by us to you; (iii) your failure to comply with material terms relating to such Fleet Card transactions, or (iv) written notice, if a Card Organization discontinues its Card 37. Special Provisions for Debit Card The special provisions outlined in this Section 36 apply only to those Debit Card transactions that are processed by a Cardholder entering a PIN unless the transaction is a network supported PINless transaction. A PINless transaction is a Debit card transaction that a merchant submits to us for settlement/funding transactions with neither a PIN nor Signature. The Services provided, transactions processed and other matters contemplated under this Section 36 are subject to the rest of this Agreement, as applicable, except to the extent the terms of this Section 36 directly conflict with another provision of this Agreement, in which case the terms of this Section 36 will control. Debit Card Acceptance. Most, but not all, ATM Cards (Debit Cards) can be accepted at the point of sale at participating locations. Examine the back of the Debit Card to determine if the Card participates in a PIN Debit network that you are authorized to accept. PIN Debit network Mark(s) are usually printed on the back of the Card. If the Debit Card is valid and issued by a financial institution Issuer participating in a PIN Debit network, you must comply with the following general requirements for all participating PIN Debit networks, in addition to the specific requirements of that PIN Debit network: You must honor all valid Debit Cards when presented that bear authorized PIN Debit network Marks. You must treat transactions by Cardholders from all Issuers in the same manner. You may not establish a minimum or maximum transaction amount for Debit Card acceptance. You may not require additional information, besides the PIN, for the completion of the transaction unless the circumstances appear suspicious. A signature is not required for Debit Card transactions. You shall not disclose transaction related information to any party other than your agent, a PIN Debit network, or Issuer and then only for the purpose of settlement or error resolution. Transaction Processing. The following general requirements apply to all Debit Card transactions: All Debit Card transactions must be authorized and processed electronically. There is no Voice Authorization or Imprinter procedure for Debit Card transactions. You may not complete a Debit Card transaction that has not been authorized. If you cannot obtain an Authorization at the time of sale, you should request another form of payment from the Cardholder or process the transaction as a Store and Forward or Resubmission, in which case you assume the risk that the transaction fails to authorize or otherwise declines. The Cardholder should be instructed to contact the Issuer to find out why a transaction has been declined. The Debit network used to process your debit transaction will depend upon, among other things, our own business considerations, the availability of the Debit network at the time of the transaction and whether a particular Debit Card is enabled for a particular Debit network. The Debit network used to route your transaction may or may not be the lowest cost network available. We may, in our sole discretion (i) use any Debit network available to us for a given transaction (including any of our affiliated PIN Debit networks) and (ii) add and/or remove Debit networks available to you based on a variety of factors including availability, features, functionality and our own business considerations. You must issue a receipt to the Cardholder upon successful completion of a transaction and effect PAN Truncation on it. You may not manually enter the account number for PIN Debit transactions. Signature Debit transaction may be key entered if you are unable to swipe the Card. The account number must be read electronically from the Magnetic Stripe /chip for transactions authenticated with a PIN. If the Magnetic Stripe/chip is unreadable, you must request another form of payment from the Cardholder. Do obtain a signature if PIN authentication is not supported or available. Any applicable tax must be included in the total transaction amount for which Authorization is requested. Tax may not be collected separately in cash. YOU ARE RESPONSIBLE FOR SECURING YOUR POS DEVICES AND FOR IMPLEMENTING APPROPRIATE CONTROLS TO PREVENT EMPLOYEES OR OTHERS FROM SUBMITTING CREDITS AND VOIDS THAT DO NOT REFLECT BONA FIDE RETURNS OR REIMBURSEMENTS OF PRIOR TRANSACTIONS. Cash Back From Purchase. You may offer cash back to your customers when they make a PIN Debit Card purchase. You may set a minimum and maximum amount of cash back that you will allow. If you are not currently offering this service, your POS device may require additional programming to begin offering cash back as long as it is supported by the Debit Network. Settlement. You must reconcile your accounts for each location daily and notify us within 24 hours of any issues. Adjustments. An adjustment is a transaction that is initiated to correct a Debit Card transaction that has been processed in error. For signature debit transactions (including “no signature” signature debit transactions), both the Cardholder and the card issuing bank have the right to question or dispute a transaction. If these 37.5. 37.4. 37.3. • • • 37.2. • • • • • 37.1. • •arising out of your or your employees’ or your agents’ negligence or willful misconduct, in connection with Card transactions or otherwise arising from your provision of goods and services to Cardholders;(c) arising out of your use of the Services; or (d) arising out of any third party indemnifications we are obligated to make as a result of your actions (including indemnification of any Card Organization or Issuer). Subject to the limitations set forth in Section 28.4, we agree to indemnify and hold you harmless from and against all losses, liabilities, damages and expenses resulting from any breach of any warranty, covenant or agreement or any misrepresentation by us under this Agreement or arising out of our or our employees’ gross negligence or willful misconduct in connection with this Agreement; provided that this indemnity obligation shall not apply to Bank with respect to Non-Bank Services. 36. Special Provisions Regarding Non-Bank Cards Non-Bank Card transactions are provided to you by Processor and not by Bank and include transactions made using Discover Network, PayPal, Alipay, American Express, Voyager and WEX Card types. The Services provided, transactions processed and other matters contemplated under this Section 35 are subject to the rest of this Agreement, as applicable, except to the extent the terms of this Section 35 directly conflict with another provision of this Agreement, in which case the terms of this Section 35 will control; provided, however, that (i) Bank is not a party to this Agreement insofar as it relates to Non-Bank Card services, and Bank is not liable to you in any way with respect to such Services and (ii) you agree to pay Processor any per item processing, authorization and other fees described in the Application for any non-acquired transaction services you receive from Processor. For the purposes of this section, the words “we,” “our” and “us” refer only to the Processor and not to the Bank. You authorize us to share information from your Application with American Express, Discover Network, PayPal, Alipay, and any other Non-Bank Card Organization. If you accept American Express, you understand that if, based upon your anticipated Card transaction volume you do not qualify for our full service program but have otherwise been approved for accepting American Express transactions, your authorizations will be obtained from and funded by American Express. American Express will provide you with its own agreement that governs those transactions. You understand and agree that we are not responsible and assume absolutely no liability with regard to any such transactions, including but not limited to the funding and settlement of American Express transactions, and that American Express will charge additional fees for the services they provide. If you accept Discover but do not qualify for our Discover full service program, Discover will provide you with its own agreement that governs those transactions. You understand and agree that we are not responsible and assume absolutely no liability with regard to any such transactions, including but not limited to the authorization, funding, and settlement of Discover transactions, and that Discover may charge additional fees for the services they provide. If you accept PayPal Cards you understand that the following requirements apply to PayPal Card transactions in addition to the information required in this Agreement: Only in-store, Card present transactions are eligible for processing under this Agreement. Card not present/online, cash over, cash advance, quasi cash transactions, international transactions or manually entered transactions are not eligible for processing. You must contact us or PayPal for information related to services that are not covered in this Agreement. You will provide us with information about the Card transactions you conduct; including, data related to your Authorization requests, Card transactions, and transaction dispute responses. You will provide us with aggregate and individual information about the Card transactions you accept; including, the number, type and kind of transactions you conduct, your disputes, your business operations, your merchant category code information, and any other information you are required to provide under this Agreement. You will not use, store, retain or otherwise disclose any of PayPal’s confidential information, Cardholder data, magnetic stripe track data, or PayPal Card transaction data (other than as necessary to complete a transaction). You will not use PayPal Cardholder’s personal information for marketing and/or other purposes without explicit consent from the Cardholder. If you accept JCB, Diners Club International, UnionPay, BCcard, and Dinacard, you agree to be bound by the Discover Network provisions of this Agreement. You also acknowledge and agree that JCB, Diners Club International, UnionPay, BCcard, and Dinacard transactions will be processed under and subject to Discover Network Card Organization Rules. If you accept Voyager and/or WEX Cards, you agree to be bound by the WEX and/or Voyager rules. You also agree to be bound by all other provisions of this Agreement which are applicable to WEX and/or Voyager. If you execute a separate WEX Merchant Agreement (WEX Non Full Service Program), you understand that we will provide such agreement to WEX, but that neither we nor WEX shall have any obligation whatsoever to you with respect to processing WEX Cards unless and until WEX executes your WEX Merchant Agreement. If WEX executes your WEX Merchant Agreement and you accept WEX Cards, you understand that WEX transactions are processed, authorized and funded by WEX. You understand that WEX is solely responsible for all agreements that govern WEX transactions and that we are not responsible and assume absolutely no liability with regard to any such agreements or WEX transactions, including but not limited to the funding and settlement of WEX transactions. You understand that WEX will charge additional fees for the services that it provides. In addition to the information stated in Part I, Appendix 1 of the Your Payments Acceptance Guide regarding Voyager Cards, the following terms apply 36.8. 36.7. 36.6. 36.5. • • • • • 36.4. 36.3. 36.2. 36.1. 35.2. GenCP-WF-2602_PG_02.28.23 24 EBT customer must sign the voucher. A copy of the voucher should be given to thequestions or disputes are not resolved, a chargeback may occur. You are EBT customer must sign the voucher. A copy of the voucher should be given to the EBT customer at the time of authorization and you should retain one copy for your records. Specified EBT customer, clerk and sales information, including the telephone authorization number, must be entered properly and legibly on the manual sales draft. All manual voucher authorizations must be cleared on your Authorized Terminal before payment of voucher will be made to you. Vouchers must be cleared within 10 Business Days after the date of applicable voice authorization. Vouchers cannot be cleared by any manner except by your Authorized Terminal therefore you should never mail vouchers requesting payment. If a voucher expires before it has been cleared by your Authorized Terminal for payment, no further action can be taken to obtain payment for the voucher. In the event that, due to EBT host failure, EBT benefit availability for an EBT customer cannot be determined at the time you request authorization, the maximum authorized manual transaction and benefit encumbrance will be $40.00 or such other state specific floor limit as set forth in the most current version of the applicable EBT Rules. Except as specifically provided in the applicable EBT Rules, you will not be reimbursed and will be solely responsible for a manual transaction when you fail to obtain an authorization number from the applicable EBT service provider as set forth in this Section 37 or otherwise fail to process the manual transaction in accordance with the EBT Rules. If you have not received an authorization number in accordance with paragraph 37.1 above, you may not “re-submit” a manual sales draft for payment for the same transaction. Acceptance of Cash Benefits. If you agree to accept EBT Cards and to provide Cash Benefits, you agree to maintain adequate cash on hand to issue EBT service provider authorized Cash Benefits and will issue such Cash Benefits to EBT customers in the same manner and to the same extent cash is provided to your other customers. You may not require, and may not in your advertising suggest, that any EBT customers must purchase goods or services from you as a condition to receiving Cash Benefits, unless such condition applies to other customers as well. You may not designate and direct EBT customers to special checkout lanes restricted to use by EBT customers unless you also designate and direct other customers to special checkout lanes for Debit Cards or Credit Cards and/or other payment methods such as checks other than cash. Interoperability. If you accept EBT Cards and provide EBT benefits (FNS, SNAP and WIC Benefits and/or Cash Benefits), you must do so for EBT customers from all states. Required Licenses. If you provide FNS, SNAP and WIC Benefits under this Agreement, you represent and warrant to us that you are a FNS authorized merchant and are not currently disqualified or withdrawn from redeeming food stamp coupons or otherwise disqualified or withdrawn by FNS. You agree to secure and maintain at your own expense all necessary licenses, permits, franchises, or other authorities required to lawfully effect the issuance and distribution of EBT benefits under this Agreement, including without limitation, any applicable franchise tax certificate and non-governmental contractor’s certificate, and covenant that you will not accept EBT Cards or provide EBT benefits at any time during which you are not in compliance with the requirements of any EBT Rules. Term and Termination. If you are disqualified or withdrawn from the Food Stamp Program, your authority to issue benefits will be terminated concurrently therewith. Such disqualification or withdrawal will be deemed a breach of this Agreement with respect to your authority to issue Cash Benefits and, in the event of such disqualification, we have the right to immediately terminate the provision of service under this Section 37 or the Agreement in its entirety. With respect to the issuance of Cash Benefits only, your authority to issue Cash Benefits may be suspended or terminated immediately at the sole discretion of us, the state or its EBT service provider, effective upon delivery of a notice of suspension or termination specifying the reasons for such suspension or termination if there will be (i) any suspension, injunction, cessation, or termination of the EBT service provider’ s authority to provide EBT services to the state; (ii) failure by you, upon not less than thirty (30) days’ prior written notice, to cure any breach by you of these terms and conditions, including without limitation, your failure to support the issuance of EBT benefits during your normal business hours consistent with your normal business practices, your failure to comply with EBT benefit issuance procedures, your impermissible acceptance of an EBT Card, or your disqualification or withdrawal from the Food Stamp Program; or (iii) based on a state’s or its EBT service provider’ s investigation of the relevant facts, evidence that you or any of your agents or employees are committing, participating in, or have knowledge of fraud or theft in connection with the dispensing of EBT benefits. If you fail to cure any breach as set forth above, you may appeal such suspension of termination to the applicable state for determination in its sole discretion. In the event that your authority to accept benefits is suspended or terminated by a state or its EBT service provider, and you successfully appeal such suspension or termination to the state or its EBT service provider, we shall be under no obligation to reinstate the services previously provided under this Section 37 or the Agreement, as applicable. The provision of services under this Section 37 shall terminate automatically if our agreement or our service provider’s agreement with any applicable state’s EBT service provider terminates for any reason. You will give prompt notice to us if you plan to stop accepting EBT Cards and providing EBT benefits or if you are unable to comply with the terms of this Section 37. Confidentiality of EBT System Information. All information related to EBT customers and/or the issuance of EBT benefits shall be considered confidential information. Individually identifiable information relating to an EBT customer or applicant for EBT benefits will be held confidential and will not be disclosed by you or your directors, 38.7. 38.6. 38.5. 38.4. 38.3. vi. v. iv. iii. ii. questions or disputes are not resolved, a chargeback may occur. You are responsible for all adjustment and Chargeback fees that may be charged by a Debit network. There are several reasons for adjustments being initiated: The Cardholder was charged an incorrect amount, whether too little or too much. The Cardholder was charged more than once for the same transaction. A processing error may have occurred that caused the Cardholder to be charged even though the transaction did not complete normally at the point of sale. A Cardholder is disputing the goods or services provided. All parties involved in processing adjustments and Chargebacks are regulated by time frames that are specified in the operating rules of the applicable Debit network, The Electronic Funds Transfer Act, Regulation E, and other applicable law. 38. Special Provisions Regarding EBT Transactions If you elect to accept EBT Cards and engage in EBT transactions, the terms and conditions of this Section 37 shall apply. EBT transactions are provided to you by Processor and not by Bank. The Services provided, transactions processed and other matters contemplated under this Section 31 are subject to the rest of this Agreement, as applicable, except to the extent the terms of this Section 31 directly conflict with another section of this Agreement, in which case the terms of this Section 31 will control; provided, however, that Bank is not a party to this Agreement insofar as it relates to EBT transactions, and Bank is not liable to you in any way with respect to such Services. For the purposes of this section, the words “we,” “our” and “us” refer only to the Processor and not to the Bank. We offer electronic interfaces to EBT networks for the processing, settlement and switching of EBT transactions initiated through the use of a state-issued EBT card (“EBT Card”) at your POS Terminal(s) for the provision of United States Department of Agriculture, Food and Nutrition Service (“FNS”), Supplemental Nutrition Assistance Program (“SNAP”) and Women, Infants and Children Benefits (“WIC Benefits”) and/or government delivered Cash Benefits (Cash Benefits, together with FNS, SNAP and WIC Benefits, collectively are referred to as the “EBT benefits”) to EBT benefit recipients (“EBT customers”), subject to the terms below. Acceptance of EBT Benefits. You agree to accept EBT Cards and provide EBT benefits to EBT customers through the use of a POS Terminals, PIN pad and printer or other equipment that meet standards as set forth in the EBT Rules (“Authorized Terminal”) applicable to such EBT benefits during your normal business hours, in a manner consistent with your normal business practices and in accordance with the EBT Rules. You will provide EBT benefits to EBT customers, in accordance with the procedures set forth in the EBT Rules, in the amount authorized through your Authorized Terminal upon presentation by an EBT customer of an EBT Card and such EBT customer’s entry of a valid PIN. The “EBT Rules” means (i) all procedures that we establish and provide to you from time-to-time regarding your acceptance of EBT Cards and provision of EBT benefits to EBT customers; (ii) the Quest Rules, as amended from time-to-time, issued by the National Automated Clearing House Association and as approved by the Financial Management Service of the U.S. Treasury Department, as necessary (and any rules that succeed or replace the Quest Rules); and (iii) other such laws, rules, regulations and procedures that are applicable to the acceptance of EBT Cards and the provision of EBT benefits by you under this Section 37, including without limitation, laws pertaining to delivery of services to EBT customers and EBT customer confidentiality, the federal Civil Rights Act of 1964, Rehabilitation Act of 1973, Americans with Disabilities Act of 1990, Clean Air Act, Clean Water Act, Energy Policy and Conservation Act, Immigration Reform and Control Act of 1986, regulations issued by the Department of Agriculture pertaining to Food Stamp Program, and, any additional procedures specified by the state regarding lost EBT Cards, forgotten PINs, discrepancies in benefits authorized and similar matters by providing EBT customers with information such as telephone numbers and addresses of the state or other appropriate agencies. The “Food Stamp Program” is the government benefits program operated under the authority of the Food Stamp Act of 1964. If the Authorized Terminal fails to print EBT benefit issuance information as approved and validated as a legitimate transaction, you will comply with the procedures set forth in the EBT Rules for authorization of EBT benefits in such instance. You are solely responsible for your provision of EBT benefits other than in accordance with authorizations timely received from EBT service provider. You will not resubmit any EBT Card transaction except as specifically permitted by the EBT Rules and procedures applicable to such EBT Card transaction. You must provide a receipt for each EBT transaction to the applicable EBT customer. You will not accept any EBT Card for any purpose other than providing EBT Benefits, including without limitation accepting an EBT Card as security for repayment of any EBT customer obligation to you. In the event of any violation of this provision, you will be obligated to reimburse the state or us for any EBT benefits unlawfully received by either you or an EBT customer to the extent permitted by law. Cash should never be dispensed for FNS, SNAP and WIC Benefits. Manual EBT Vouchers. In accordance with the procedures set forth in this Section 37 and the EBT Rules, you will manually accept EBT Cards during periods of time when your Authorized Terminal is not working or the EBT system in not available; you will manually provide EBT benefits in the amount authorized through the applicable EBT service provider to the EBT customers at no cost to the EBT customers upon presentation by an EBT customer of his/ her EBT Card. All manual voucher authorizations must be cleared on your POS terminal for payment of voucher to be made to you. In addition to any procedures set forth in the EBT Rules, the following limitations will apply to manual issuance of FS Benefits by merchant: An authorization number for the amount of the purchase must be received by you from the applicable EBT service provider while the respective EBT customer is present and before you provide such EBT customer with any FNS, SNAP and WIC Benefits, or Cash Benefits, as applicable. You must not attempt to voice authorize a manual EBT transaction if the EBT customer is not present to sign the voucher. The i. 38.2. 38.1. • • • • GenCP-WF-2602_PG_02.28.23 25 certain cellular telephone and data networks throughout the country (the “Wirelessofficers, employees or agents, without prior written approval of the applicable state. certain cellular telephone and data networks throughout the country (the “Wireless Networks”) in order to allow you to capture and transmit to Processor and Bank certain wireless Card Authorization transactions or to transmit other communications to our system (“Wireless Services”). If you elect to purchase voice and/or data services directly from a third party provider for use with the Wireless Equipment as permitted by Processor, you acknowledge and agree that this Agreement does not address or govern those voice and/or data services or your relationship with that third party provider, and Servicers are in no way responsible for providing, maintaining, servicing or supporting such third party voice and/or data services. Purchase of Wireless Services. The prices that you will pay for the Wireless Services are set forth on the Application. In connection with your purchase of Wireless Services, you will receive access to a certain Wireless Network(s). Licenses. You agree to obtain any and all licenses, permits or other authorizations required by the Federal Communications Commission (“FCC”) or any other regulatory authority, if any, for the lawful operation of Wireless Equipment used by you in connection with your receipt of Wireless Services. You will promptly provide us with all such information as we may reasonably request with respect to matters relating to the rules and regulations of the FCC. Wireless Equipment. You agree that in order to access the Wireless Services, you must use wireless POS Terminals and accessories approved for use with the Wireless Services by Processor from time to time in its sole discretion (the “Wireless Equipment”). If Wireless Equipment is purchased by you from us as indicated on the Application, then the terms of this Agreement apply to your use of such Wireless Equipment. Improvements/General Administration. We and the Wireless Vendor(s) reserve the right to make changes, from time to time, in the configuration of the Wireless Services, Wireless Networks, Wireless Equipment, Wireless Software, rules of operation, accessibility periods, identification procedures, type and location of equipment, allocation and quantity of resources utilized, programming languages, administrative and operational algorithms and designation of the control center serving you at the particular address. In addition, we reserve the right to schedule, from time to time, interruptions of service for maintenance activities. Suspension of Wireless Services. We or a Wireless Network may suspend the Wireless Services to: (a) prevent damages to, or degradation of, our or a Wireless Network’s network integrity that may be caused by a third party; (b) comply with any law, regulation, court order or other governmental request which requires immediate action; or (c) otherwise protect us or a Wireless Network from potential legal liability. To the extent commercially reasonable, we shall give notice to you before suspending the Wireless Services to you. If not commercially reasonable to give prior notice, we will give notice to you as soon as commercially practicable thereafter. Availability of the Wireless Services may vary due to events beyond the control of us or our Wireless Vendors. In the event of a suspension of the Wireless Services, we or the applicable Wireless Vendor will promptly restore the Wireless Services after the event giving rise to the suspension has been resolved. Software Licenses. Processor hereby grants to you a non-exclusive, non- transferable, revocable limited sublicense to use any wireless software (including any documentation relating to or describing the wireless software) downloaded by you or your designee from Processor’s systems onto the Wireless Equipment in connection with your purchase and use of the Wireless Services in accordance with the terms of this Agreement, including this Section 38. Anything in this Agreement to the contrary notwithstanding, we or certain third parties retain all ownership and copyright interest in and to all Wireless Software, related documentation, technology, know-how and processes embodied in or provided in connection with the Wireless Software, and you shall have only a nonexclusive, non-transferable license to use the Wireless Software in your operation of the Wireless Equipment for the purposes set forth in this Agreement. Nothing in this Agreement confers any title or ownership of any such Wireless Software to you or shall be construed as a sale of any rights in any such Wireless Software to you. You agree to accept, agree to and be bound by all applicable terms and conditions of use and other license terms applicable to such Wireless Software. You shall not reverse engineer, disassemble or decompile the Wireless Software. You shall not give any Person access to the Wireless Software without our prior written consent. Your obligations under this Section 38.2 shall survive the termination of this Agreement. You acknowledge that the only right you obtain to the Wireless Software is the right to use the Wireless Software in accordance with the terms in this Section. Limitation on Liability. We shall have no liability for any warranties by any party with respect to uninterrupted Wireless Services, as set forth in Section 38.10, or for any Person’s unauthorized access to Client’s data transmitted through either the Wireless Equipment or Wireless Services (including the Wireless Software), or Wireless Networks, regardless of the form of action (whether in contract, tort (including negligence), strict liability or otherwise). The foregoing notwithstanding, for any other liability arising out of or in any way connected with these Wireless Services terms, including liability resulting solely from loss or damage caused by partial or total failure, delay or nonperformance of the Wireless Services or relating to or arising from your use of or inability to use the Wireless Services, Processor’s, Bank’s, and Wireless Vendor(s)’ liability shall be limited to your direct damages, if any, and, in any event, shall not exceed the lesser of the amount paid by you for the particular Wireless Services during any period of failure, delay, or nonperformance of the Wireless Services or $50,000.00. In no event shall Servicers, Wireless Vendor (s) or our respective Affiliates be liable for any indirect incidental, special, consequential or punitive damages. The remedies available to you under these Wireless Services Terms will be your sole and exclusive remedies with respect to the Wireless Services. Indemnification. In addition to any other indemnifications as set forth in this Agreement, you will indemnify and hold Servicers, Wireless Vendor(s) and our respective officers, directors, employees, and Affiliates harmless from and against 39.4. 39.3. 39.2. • • • • 39.1. officers, employees or agents, without prior written approval of the applicable state. You will: (a) implement appropriate measures designed to: (1) ensure the security and confidentiality of all non-public personal information or materials regarding customers (“NPPI”); (2) protect against any anticipated threats or hazards to the security or integrity of NPPI; (3) protect against unauthorized access to or use of NPPI that could result in substantial harm or inconvenience to any customer and (4) ensure the proper disposal of NPPI; and (b) take appropriate actions to address incidents of unauthorized access to NPPI, including notification to us as soon as possible. The use of information obtained by you in the performance of your duties under this Section 37 will be limited to purposes directly connected with such duties. EBT Service Marks. You will adequately display any applicable state’s service Marks or other licensed marks, including the Quest Marks, and other materials supplied by us (collectively the “Protected Marks”) in accordance with the standards set by the applicable state. You will use the Protected Marks only to indicate that EBT benefits are issued at your location(s) and will not indicate that we, any state or its EBT service provider endorse your goods or services. Your right to use such Protected Marks pursuant to this Agreement will continue only so long as this Section 37 remains in effect or until you are notified by us, any state or its EBT service provider to cease their use or display. You will not use the Marks of any EBT service provider without prior written approval from such EBT service provider. Miscellaneous. Errors. You will fully cooperate with us and any other participants in the EBT system in the resolution of errors and disputes regarding EBT transactions processed pursuant to this Section 37. You will promptly notify us of any such errors or disputes. Issuance Records. You agree to make available such informational materials as may be required by the state, its EBT service provider or any applicable regulations pertaining to the issuance of Benefits. You will retain all EBT-related records (including but not limited to manual sales drafts or vouchers) in the manner required by the EBT Rules or otherwise reasonably requested by us for three (3) years following the date of the applicable EBT transaction, or for such additional period as may be required by the EBT Rules. Records involving matters in litigation will be kept by you for a period of not less than three (3) years following the termination of the applicable litigation. Copies of any documents in media other than paper (e.g., microfilm, etc.) related to this Section 37 may be substituted for the originals to the extent permitted under applicable EBT Rules and provided that legible paper copies can be reproduced within a reasonable time after such records are requested. You will make all EBT-related records available for audit upon request to representatives of the state or its EBT service provider, or other authorized state or federal government agency during normal business hours. To assure compliance with this Agreement, including without limitation this Section 37, the state, its EBT service provider, or other authorized state or federal government agency, will at all times, upon advance notice except in the case of suspected fraud or other similar activity, have the right to enter, during normal business hours, your premises to inspect or evaluate any work performed under this Agreement, or to obtain any other information required to be provided by you or otherwise related to this Agreement. Training. You will train and permit your employees to receive training regarding the issuance of EBT benefits. Amendments. Notwithstanding anything to the contrary in this Agreement, if any of these terms and conditions are found to conflict with the EBT Rules or federal or state policy, these terms and conditions are subject to reasonable amendment by us, a state or its EBT service provider to address such conflict upon written notice to you and such amendment shall become effective upon such notice. State Action. Nothing contained herein shall preclude a state from commencing appropriate administrative or legal action against you or for making any referral for such action to any appropriate federal, state, or local agency. Reference to State. Any references to state herein will mean the state in which you accept EBT benefits pursuant to this Section 37. If you accept EBT benefit in more than one state pursuant this Section 37, then the reference will mean each such state severally, not jointly. Third Party Beneficiaries. These terms and conditions, do not create, and will not be construed as creating, any rights enforceable by any person not having any rights directly under this Agreement, except that the state and its Issuer, as defined in the Quest Rules, will be deemed third party beneficiaries of the representations, warranties, covenants and agreements made by you under the Agreement, including without limitation this Section 37. 39. Special Provisions Regarding Wireless Service If you elect to purchase the Wireless Services from us as indicated on the Application, then the following terms and conditions of this Section 38, referred to as the shall apply. THE WIRELESS SERVICES ARE“Wireless Services Terms,” BEING SOLD TO YOU FOR USE IN BUSINESS AND ARE NOT BEING SOLD TO YOU FOR HOUSEHOLD OR PERSONAL USE. Sale of Wireless Services is made by Processor and not the Bank. The Services provided, transactions processed and other matters contemplated under this Section 38 are subject to the rest of this Agreement, as applicable, except to the extent the terms of this Section 38 directly conflict with another section of this Agreement, in which case the terms of this Section 38 will control; provided, however, that Bank is not a party to this Agreement insofar as it relates to Wireless Services, and Bank is not liable to you in any way with respect to such services. For the purposes of this section, the words “we,” “our” and “us” refer only to the Processor and not to the Bank. Through one or more third party vendors (“Wireless Vendor(s)”) selected by us in our sole discretion, we have acquired the right to resell certain wireless data communication services that use radio base stations and switching offered by 38.9.7. 38.9.6. 38.9.5. 38.9.4. 38.9.3. iv. iii. ii. i. 38.9.2. 38.9.1. 38.9. 38.8. GenCP-WF-2602_PG_02.28.23 26 Data Protection; Responsibilities of Client. Data Protection applies only to40.4.any and all losses, claims, liabilities, damages, costs or expenses arising from or Data Protection; Responsibilities of Client. Data Protection applies only to card transactions sent from you to us for authorization and settlement pursuant to the Agreement, and specifically excludes electronic check transactions. You are responsible to comply with the following regarding your use of Data Protection: Data Protection can only be used with an eligible POS device, gateway, interactive voice response system, or similar system or equipment sale device, gateway, that is certified by us for use with Data Protection. If you are uncertain whether your equipment is eligible or certified, please contact us. It is your responsibility to ensure that you have eligible equipment in order to use Data Protection. You must demonstrate and maintain your current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor (QSA) with corresponding Report on Compliance (ROC) or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC), as applicable, and if applicable to your business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with card organization rules and PCI DSS. Use of the Data Protection will not, on its own, cause you to be compliant or eliminate your obligations to comply with PCI DSS or any other Card Organization Rule. You must also ensure that all third parties and software that you use for payment processing comply with the PCI DSS. You must deploy Data Protection (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout your systems including replacing existing Card numbers on your systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. You must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response including, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. If you send or receive batch files containing completed Card transaction information to/from us, you must use the service provided by us to enable such files to contain only Tokens or truncated information. You must use truncated report viewing and data extract creation within reporting tools provided by us. You are required to follow rules or procedures we may provide to you from time to time regarding your use of Data Protection. We will provide you with advance written notice of any such rules or procedures or changes to such rules or procedures. You will use only unaltered version(s) of Data Protection and will not use, operate or combine Data Protection or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this section. You will promptly notify us of a breach of any these terms. Tokenization Limited Warranty. Subject to the terms of this Agreement, we (i) warrant that each token returned to you through Data Protection cannot be used to initiate a financial sale transaction by an unauthorized entity/person outside your point of sale systems and facilities where you process and /or store transaction data (the “Limited Warranty”); and (ii) agree to indemnify and hold you harmless from direct damages, including third party claims, resulting from our breach of the Limited Warranty. This express remedy for our breach of the Limited Warranty constitutes our entire liability and your sole and exclusive remedy for our breach of the Limited Warranty. The Limited Warranty is void if (a) you use Data Protection in a manner not contemplated by, or you are otherwise in violation of, this Agreement or any other agreement relating to Cards eligible for Data Protection; (b) you are grossly negligent or engage in intentional misconduct; or (c) you no longer have a processing relationship with us. Disclaimer; Clover Security Plus Does Not Guarantee Compliance or Security. USE OF CLOVER SECURITY PLUS, SOFTWARE OR ANY EQUIPMENT (INCLUDING ANY SERVICES, SOFTWARE OR EQUIPMENT PROVIDED BY OR THROUGH A THIRD PARTY) IS AT YOUR OWN RISK AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW THE CLOVER SECURITY PLUS, EQUIPMENT AND ANY SOFTWARE IS PROVIDED “AS IS” AND WE DISCLAIM ALL REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, MADE TO YOU OR ANY OTHER PERSON, INCLUDING ANY WARRANTIES REGARDING QUALITY, SUITABILITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR THAT THE CLOVER SECURITY PLUS, EQUIPMENT OR ANY SOFTWARE WILL OPERATE UNINTERRUPTED OR ERROR FREE OR THAT THE CLOVER SECURITY PLUS, EQUIPMENT OR SOFTWARE ARE SECURE, FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR DO NOT INFRINGE THE RIGHTS OF ANY PERSON. YOU MUST COMPLY WITH ALL RULES OR PROCEDURES RELATING TO CLOVER SECURITY PLUS (OR ANY COMPONENT OF CLOVER SECURITY PLUS) THAT WE GIVE YOU FROM TIME TO TIME. YOU MUST ALSO IMPLEMENT ALL UPDATES TO CLOVER SECURITY PLUS WITHIN A REASONABLE PERIOD OF TIME AFTER YOU RECEIVE THEM. YOU ARE SOLELY RESPONSIBLE FOR BACKING UP AND/OR OTHERWISE PROTECTING YOUR DATA, SYSTEMS, AND SERVICE. Use of Clover Security Plus does not (a) guarantee compliance with any laws, Rules, or applicable standards (including the PCI DSS), (b) affect your obligation to comply with laws, Rules, and applicable standards (including the PCI DSS), or (c) guarantee protection against a Data Incident. Your use of Clover Security Plus involves inherent risks, including system performance, availability, and data corruption. We make no promise, and disclaim all warranties of any kind, that the use of Clover Security Plus will detect all vulnerabilities on your system, or that our vulnerability assessments, suggested solutions, information, or advice is error- free or complete. Intellectual Property Rights.40.7. 40.6.3. 40.6.2. 40.6.1. 40.6. 40.5. i) h) g) f) e) d) c) b) a) 40.4.any and all losses, claims, liabilities, damages, costs or expenses arising from or related to: (a) the purchase, delivery, acceptance, rejection, ownership, possession, use condition, liens against, or return of the Wireless Equipment or the Wireless Equipment (including the Wireless Software), as applicable; (b) your negligent acts or omissions; (c) any breach by you of any of your obligations under this Section 38; or (d) any Person’s unauthorized access to Client’s data and/or unauthorized financial activity occurring on your Merchant Identification Number hereunder, except to the extent any losses, liabilities, damages or expenses result from our gross negligence or willful misconduct. Confidentiality. All information or materials which could reasonably be considered confidential or competitively sensitive that you access from or relate to either Wireless Vendor(s) or Servicers related to the subject matter of these Wireless Services Terms will be considered confidential information. You will safeguard our confidential information with at least the same degree of care and security that you use for your confidential information, but not less than reasonable care. Termination. In addition to any other provision in this Agreement, the Wireless Services being provided under this Section 38 may terminate: Immediately upon termination of the agreement between us (or our Affiliates) and Wireless Vendor(s), provided that we will notify you promptly upon our notice or knowledge of termination of such agreement, provided further that if Wireless Vendor(s) loses its authority to operate less than all of the Wireless Services or if the suspension of any authority or non-renewal of any license relates to less than all of the Wireless Services, then these Wireless Services Terms will terminate only as to the portion of the Wireless Services affected by such loss of authority, suspension or non-renewal; or Immediately if either we or our Affiliates or Wireless Vendor(s) are prevented from providing the Wireless Services by any law, regulation, requirement, ruling or notice issued in any form whatsoever by judicial or governmental authority (including without limitation the FCC). Effect of Termination. Upon termination of these Wireless Services Terms for any reason, you will immediately pay to us all fees due and owing to us hereunder. If these Wireless Services terms terminate due to a termination of the agreement between us or our Affiliates and Wireless Vendor(s), then we may, in our sole discretion, continue to provide the Wireless Services through Wireless Vendor(s) to you for a period of time to be determined as long as you continue to make timely payment of fees due under these Wireless Services Terms. Third Party Beneficiaries. Wireless Vendor(s) are third party beneficiaries of these Wireless Services Terms and may enforce its provisions as if a party hereto. Other Applicable Provisions. You also agree to be bound by all other terms and conditions of this Agreement. Disclaimer. Wireless Services use radio transmissions, so Wireless Services can’t be provided unless your Wireless Equipment is in the range of one of the available Wireless Networks’ transmission sites and there is sufficient network capacity available at that moment. There are places, particularly in remote areas, with no service at all. Weather, topography, buildings, your Wireless Equipment, and other conditions we don’t control may also cause failed transmissions or other problems. PROCESSOR, BANK, AND WIRELESS VENDOR(S) DISCLAIM ALL REPRESENTATIONS AND WARRANTIES RELATING TO WIRELESS SERVICES. WE CANNOT PROMISE UNINTERRUPTED OR ERROR-FREE WIRELESS SERVICE AND DO NOT AUTHORIZE ANYONE TO MAKE ANY WARRANTIES ON OUR BEHALF. 40. Special Provisions Regarding Clover Security Plus Clover Security Plus consists of a POS security monitor, the TransArmor Data Protection service, and tools that you can use to help you meet your PCI DSS compliance obligations. Each of these services is described in more detail below. Clover Security Plus is provided to you by Processor and not by Bank. Clover Security Plus is available only for Level 3 and Level 4 merchants, as defined by the Payments Organizations. Clover Security Plus is not available for Level 1 or Level 2 merchants. The POS security monitor offers you monitoring, scanning, and anti-virus software services for your point of sale computer systems. The TransArmor Data Protection service is described in Sections 39.14 and 39.15. Scanning Authority; Scanning Obligations. You represent and warrant that you have full right, power, and authority to consent for Clover Security Plus to scan for vulnerabilities in the IP address and/or URL and/or domain names identified to us by you for scanning, whether electronically or by any other means, whether during initial enrollment or thereafter. If applicable, you shall obtain all consents and authorizations from any third parties necessary for us or our vendors to perform the Clover Security Plus services, including, without limitation, third party data centers, co-locations and hosts. We will not be required to execute agreements with any such third parties. You agree to defend, indemnify and hold us and our vendors harmless from any third party claim that such access was not authorized. You may use Clover Security Plus and portals only to scan IP addresses, URLs and domain names owned by and registered to you. You understand that your failure to provide a complete list of and complete access to your IP addresses will significantly impair the scanning services and may result in incomplete or inaccurate results. You agree that the Clover Security Plus services hereunder, including without limitation their functionality and contents, constitute confidential information, and your use and/or access to the Clover Security Plus is subject to the terms of confidentiality set forth in this Agreement. Data Collection. In the course of providing the Clover Security Plus, we may collect information relating to activities on your network (the “Data”) including, but not limited to: network configuration, TCP/IP packet headers and contents, log files, malicious codes, and Trojan horses. We retain the right to use the Data or aggregations thereof for any reasonable purpose. 40.3. 40.2. 40.1. 39.10. 39.9. 39.8. 39.7. b) a) 39.6. 39.5. GenCP-WF-2602_PG_02.28.23 27 actions that would interfere with the proper working of any part of the CloverAll right, title, and interest in and to all confidential information and40.7.1. actions that would interfere with the proper working of any part of the Clover Security Plus, prevent access to or use of any of the Clover Security Plus by other users, or in our reasonable judgment, impose a large load on our infrastructure, network capability or bandwidth; or (e) use the Clover Security Plus (or any part) except as permitted in this Agreement. We have the right to rely on user names, password and other sign on credentials/access controls for the Clover Security Plus or any Software (including Federated Single Sign-on credentials) provided or approved by us to authenticate access to, and use of, the Services and any Software. Indemnification. In addition to other indemnifications provided in this Agreement, you agree to indemnify and hold us, our Affiliates and third party service providers harmless from and against all losses, liabilities, damages and expenses arising from (a) your use of the Clover Security Plus, including any Software or Equipment provided under this Agreement; or (b) any other person’s authorized or unauthorized access and/or use of the Clover Security Plus (or any part), Software or Equipment, whether or not using your unique username, password, or other security features. Liability Waiver. Subject to your subscribing to the entire Clover Security Plus bundle and to the terms of this Agreement, we agree to waive liability that you have to us under this Agreement for Security Event Expenses resulting from a Data Incident first discovered by you or us while you are receiving and utilizing the Clover Security Plus (the “Liability Waiver”). The maximum amount of Liability Waiver for all Data Incident Expenses arising out of or relating to your Data Security Events first discovered during any Program Year regardless of the number of such Data Security Events is as follows: $100,000.00 maximum per each MID you have; and $500,000 aggregate maximum for all of your MID’s. In addition to Section 39.12.2., the maximum amount of Liability Waiver during any TransArmor Program Year for EMV Upgrade Costs is further limited as follows: $10,000 maximum per each MID you have; and $25,000.00 aggregate maximum for all of your MID’s. These limitations apply during each twelve-month period from June 1 through May 31 regardless of the number of Data Incidents you may experience. All Data Incident Expenses resulting from the same, continuous, related or repeated event or facts will be deemed to arise out of one Data Incident for purposes of these limits. The Liability Waiver is available only while you are using and paying for Clover Security Plus. The Liability Waiver will not apply to any of the following: (a) any Data Incident that began before you started using Clover Security Plus or that is reported to us after you stopped using Clover Security Plus; (b) any fines or assessments against you that are not the direct result of a Data Incident; (c) any repeated Data Incidents, unless between the repeated events a qualified security assessor certified you as PCI-compliant; (d) any routine or recurring expenses for security assessments, regulatory examinations, or compliance activities; (e) any Data Incident that occurs during any period of time that (1) a Payments Organization has categorized you as a Level 1 or Level 2 merchant, or (2) you have processed more than 6 million transactions during the 12-month period before the Data Incident; (f) any expenses (other than Data Incident Expenses) incurred to bring you into compliance with the PCI DSS or a similar security standard; or (g) any Data Incident Expenses that arise out of an uncontrollable event or any intentional, reckless, or grossly negligent misconduct on your part. Export Compliance You agree not to export or re-export any Software or Equipment or any underlying information except in full compliance with all applicable laws and regulations. None of the Software or Equipment or any underlying information may be downloaded or otherwise exported or re-exported (a) to any country to which the United States has embargoed goods (or any national or resident thereof); (b) to anyone on the United States Treasury Department’s list of Specially Designated Nationals or the United States Commerce Department’s Table of Deny Orders; or (c) in any manner not in full compliance with the requirements of the United States Bureau of Industry and Security and all applicable Export Administration Regulations. If you have rightfully obtained Software or Equipment or any underlying information outside of the United States, you agree not to re-export the same except as permitted by the laws and regulations of the United States and the laws and regulations of the jurisdiction in which you obtained it. You warrant that you are not located in, under the control of, or a national or resident of any such country or on any such list. Definitions: Card Organization Assessment means a monetary assessment, fee, fine or penalty levied against you or us by a Card Organization as the result of (i) a Data Security Event or (ii) a security assessment conducted as the result of a Data Security Event; provided, that The Card Organization Assessment shall not exceed the maximum monetary assessment, fee, fine or penalty permitted upon the occurrence of a Data Security Event by the applicable rules or agreement in effect as of the inception date of this Agreement for such Card Organization; Cardholder Information means the data contained on a Card, or otherwise provided to Client, that is required by the Card Organization or us in order to process, approve and/or settle a Card transaction; Card Replacement Expenses means the costs that the we or you are required to pay by the Card Organization to replace compromised Cards as the result of (i) a Data Security Event or (ii) a security assessment conducted as the result of a Data Security Event; Data Protection is a Clover Security Plus service that provides encryption ofd) c) b) a) 40.14. 40.13.3. 40.13.2. 40.13.1. 40.13. 40.12.5. 40.12.4. b) a) 40.12.3. b) a) 40.12.2. 40.12.1. 40.12. 40.11. 40.10.3. All right, title, and interest in and to all confidential information and intellectual property related to the Clover Security Plus (including the Marks, all Software , the content of any materials, web screens, layouts, processing techniques, procedures, algorithms, and methods and any updates, changes, alterations, or modifications to or derivative works from such intellectual property), owned, developed or licensed by us prior to, during the term of, or after this Agreement, or employed by us in connection with the Clover Security Plus, shall be and remain, as among the Parties or our Affiliates’, our vendors’ or our licensors’ (as applicable) sole and exclusive property, and all right, title and interest associated with the Clover Security Plus, Equipment and Software not expressly granted by us in this Agreement are deemed withheld. You may not use our Marks in any manner, including in any advertisements, displays, or press releases, without our prior written consent. You may not, nor may you permit any third party to do any of the following: (a) decompile, disassemble, reverse engineer, or otherwise attempt to reconstruct or discover by any means any source code, underlying ideas or algorithms of the Clover Security Plus, Software or Equipment (or any part), except to the extent that such restriction is expressly prohibited by law; (b) modify, translate, or alter in any manner, the Clover Security Plus, Software or Equipment (or any part) or the Marks; (c) create derivative works of or based on the Clover Security Plus (or any part), Software or the Marks; (d) except for backup and archival purposes, directly or indirectly copy the Clover Security Plus or any Software (or any part); (e) republish, upload, post, transmit, disclose, or distribute (in any format) the Clover Security Plus or Software (or any part) except as permitted in this Agreement; or (f) remove, relocate, or otherwise alter any proprietary rights notices from the Clover Security Plus, Software or Documentation (or any part) or the Marks. If we provide you with copies of or access to any Software or Documentation, unless otherwise expressly stated in writing, that Software and Documentation is provided on a personal, non-exclusive, non-transferable, non- assignable, revocable limited license for the period of your subscription to the applicable Clover Security Plus service and solely for you to access and use the Software and Documentation to receive the relevant Clover Security Plus service for its intended purpose on systems owned or licensed by you. Software can only be used with certain computer operating systems and it is your responsibility to ensure that you have the appropriate hardware and software to use the Software. You shall not take any action inconsistent with the stated title and ownership in this Section 39. You will not file any action, in any forum that challenges the ownership of any part of the Clover Security Plus or any software, materials or Documentation. Failure to comply with this provision will constitute a material breach of this Agreement. We have the right to immediately terminate your access to and use of the Clover Security Plus in the event of a challenge by you. If you are acquiring any of the Clover Security Plus services on behalf of any part of the United States Government (Government): any use, duplication, or disclosure by the Government is subject to the restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19 when applicable, or in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013, and in similar clauses in the NASA FAR Supplement; (b) we are the contractor /manufacturer, with the address set forth in this Agreement; and (c) any use, modification, reproduction, release, performance, display or disclosure of Clover Security Plus and /or the accompanying documentation by the Government or any of its agencies shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement. Software Updates, Maintenance and Changes. We may perform maintenance on Software or Clover Security Plus which may result in service interruptions, delays, or errors. We will not be liable for any such interruptions, delays, errors, or bugs. You agree that we may contact you in order to assist you with the Software or Services and obtain information needed to identify and fix any errors. We may, at our discretion, release enhancements, improvements or other updates to any Software, or otherwise make any changes to the Clover Security Plus (or any part). You acknowledge and understand that certain Software can automatically install, download, and /or deploy updated and /or new components, which may include a new version of the Software itself. You shall not, in any event or in any manner, impede the update process. You agree to assume full responsibility and indemnify us for all damages and losses, of any nature, for all adverse results or third party claims arising from your impeding the update process. Accessing Services via the Internet or third parties. You agree that we shall not be liable to you for any claims, damages, losses, obligations, costs or expenses or other liability arising directly or indirectly from or otherwise concerning (a) any termination, suspension, delay or disruption of service (including billing for a service) by the internet, any common carrier or any third party service provider; (b) any failure, disruption or malfunction of the Clover Security Plus, the Internet, or any communications network, facility or equipment beyond our or a third party’s reasonable control, whether or not attributable to one or more common carriers; or (d) any failure to transmit, obtain or collect data or for human, machine or software errors or faulty or erroneous input by you. Access and Use of Services. Unless we otherwise agree in writing, the Clover Security Plus shall be for your internal business use in the United States and US territories or possessions only. You shall not and shall not permit any third party to: (a) access or attempt to access any of the Clover Security Plus service that is not intended to be available to you; (b) access or use (in any format) the Clover Security Plus (or any part) through any time-sharing service, service bureau, network, consortium, or other means; (c) without our advanced written consent, use, ship or access TransArmor (or any part) outside or from outside of the United States; (d) perform or attempt to perform any 40.10.2. 40.10.1. 40.10. 40.9. 40.8.2. 40.8.1. 40.8. 40.7.5. 40.7.4. 40.7.3. 40.7.2. 40.7.1. GenCP-WF-2602_PG_02.28.23 28 even though it may be conditional, contingent, indirect, potential, secondary,cardholder data at your payment environment and replaces the data with a token or even though it may be conditional, contingent, indirect, potential, secondary, unaccrued, unasserted, unknown, unliquidated, or unmatured. Confidential Information means the Payeezy Gateway Services, Documentation, operational procedures, the terms and conditions of this Section 40 (including any schedule, exhibit or addendum), pricing or other proprietary business information, and any other information provided to you by us, whether or not such information is marked as confidential; provided, however, that Confidential Information will not include information that: (a) is or becomes generally known to the public through no fault of yours; (b) was lawfully obtained by you from a third party free of any obligation of confidentiality; (c) was already in your lawful possession prior to receipt thereof, directly or indirectly, from the disclosing party; (d) is independently developed by you without the use of the Confidential Information; (e) is disclosed with our express written permission; or (f) is disclosed pursuant to a lawful court or governmental order, provided you provide us with prompt prior written notice of any proceeding that may involve such an order, and an opportunity to contest any disclosure at such proceeding. Customer means your customer who would like to provide payment for your goods or services. Documentation means any and all manuals and other written materials in any form provided for use with the Software, as amended by us from time to time, the terms of which are incorporated in this Section 40 as if fully set forth herein. Intellectual Property Rights means any and all patents, copyrights, trademarks, trade secrets, service marks, and any other intellectual property rights, and any applications for any of the foregoing, in all countries in the world. Merchant Account shall mean an account set up for a merchant that requires a card processor, bank, merchant ID, terminal ID, merchant identification number, or otherwise named unique merchant number. Multiple physical or virtual storefronts that process transactions under the same unique merchant number shall be deemed as one (1) Merchant Account. Payeezy Gateway Services or Services means the products or services offered through the Platform including, but, not limited to payment processing services such as authorization of transactions to the appropriate payment processing network or third party service provider, transaction responses (approved, declined), and the detailed reporting of those transactions, and all related and applicable Software. Platform means our operated, or approved, electronic payment platform(s) and /or gateway(s) (also referred to as the “Payeezy Gateway”) through which the payment Services contemplated under this Section 40 are provided. Software means all applications, protocols, software components and other interfaces and software provided by us to you pursuant to this Section 40, and any and all Updates. Updates means an embodiment of the Software that provides enhancements and /or improvements. Your Systems means any web site(s) or interfaces to the Services that are operated or maintained by you or on your behalf through which transactions are submitted for processing, and all your other associated systems. Fees. Client shall pay Processor the fees for the Payeezy Gateway Services as set forth on the Application. A separate account with us for Payeezy Gateway Services shall be required for each separate Merchant Account held by you. Term; Termination. The Payeezy Gateway Services shall commence as of the effective date of this Agreement and shall remain in effect until terminated by either party as provided herein. Either party may terminate these Services upon giving the other party at least thirty (30) days prior written notice. We may suspend or terminate your access to the Services without prior notice, with or without cause. Regardless of the reason for termination, you shall be responsible for the payment of all fees due up to and including the effective date of termination. License Grant. License. Subject to the terms and conditions of this Agreement (including additional rights and licenses granted in the Documentation), we hereby grant you and you hereby accept a non-sublicensable, royalty free, non-exclusive, nontransferable, revocable limited license to use the Services, during the term of this Agreement, for the sole and limited purpose of submitting payment transactions to us for processing, and otherwise using our Services as set forth herein. For clarity, all references to Services in this Agreement shall include the applicable Software. Documentation License. Subject to the terms and conditions of this Agreement, we hereby grant, and you hereby accept, a non-sublicensable, royalty free, non-exclusive, non-transferable, revocable limited license to use the Documentation during the term of this Agreement for the sole and limited purpose of supporting your use of the Services. You shall strictly follow all Documentation provided to you, as it may be amended from time to time by us, in our discretion. To the extent that there is any conflict between the Documentation and the terms of Agreement, the terms of this Section 40 shall govern and control. Use Restrictions. You acknowledge that the Services and Documentation constitute our intellectual property, therefore, you shall not, and shall not cause or permit any third party to: (i) use the Services in any way, other than in accordance with this Agreement or the Documentation or as otherwise instructed by us in writing; (ii) use the Services or Documentation, either directly or indirectly, for benchmarking purposes or to develop any product or service that competes with the products and services provided under this Section 40; (iii) disassemble, decompile, decrypt, extract, reverse engineer or modify the Services, or otherwise apply any procedure or process to the Services in order to ascertain, derive, and/or appropriate for any reason or purpose, the source code or source listings for the Services or any algorithm, process, procedure or other information contained in the Services, except as otherwise specifically authorized in accordance with this Section 40; (iv) provide the Services or Documentation to any third party, other than to your authorized employees and contractors who are subject to a written confidentiality agreement, the terms of which are no less restrictive than the confidentiality provisions of the Agreement; (v) use, modify, adapt, reformat, copy or reproduce the Services or Documentation or any portion thereof, except as is incidental to the 41.4.3. 41.4.2. 41.4.1. 41.4. 41.3. 41.2. cardholder data at your payment environment and replaces the data with a token or randomly generated number; Clover Security Plus is the suite of security services provided by us and known as TransArmor. Data Security Event means the actual or suspected unauthorized access to or use of Cardholder Information, arising out of your possession of or access to such Cardholder Information, which has been reported (i) to a Card Organization by you or us or (ii) to you or us by a Card Organization. All Security Event Expenses and Post Event Services Expenses resulting from the same, continuous, related or repeated event or which arise from the same, related or common nexus of facts, will be deemed to arise out of one Data Security Event; Documentation means any documents, instructions, web screen, layouts or any other materials provided by us relating to the Software or the Clover Security Plus; Equipment means equipment rented to or purchased by you under this Agreement and any documents setting out additional terms on which Equipment is rented to or purchased by you; EMV Upgrade Costs means cost to upgrade payment acceptance and processing hardware and software to enable you to accept and process EMV- enabled Card in a manner compliant with PCI Data Security Standards; Forensic Audit Expenses means the costs of a security assessment conducted by a qualified security assessor approved by a Card Organization or PCI Security Standards Council to determine the cause and extent of a Data Security Event; Liability Waiver has the meaning as set forth in Section 39.12.1 above; Marks means the names, logos, emblems, brands, service marks, trademarks, trade names, tag lines or other proprietary designations; Post Event Services Expenses means reasonable fees and expenses incurred by us or you with our prior written consent, for any service specifically approved by us in writing, including, without limitation, identity theft education and assistance and credit file monitoring. Such services must be provided by or on behalf of us or you within one (1) year following discovery of a Data Security Event to a Cardholder whose Cardholder Information is the subject of that Data Security Event for the primary purpose of mitigating the effects of such Data Security Event; Program Year means the period from November 1st through October 31st of each year; Security Event Expenses means Card Organization Assessments, Forensic Audit Expenses and Card Replacement Expenses. Security Event Expenses also includes EMV Upgrade Costs you agree to incur in lieu of a Card Organization Assessment; Software means all software, computer programs, related documentation, technology, know-how and processes embodied in the Equipment (i.e. firmware) or otherwise provided to you under this Agreement. For the avoidance of doubt, the term Software shall not include any third party software available as part of a service provided from someone other than us or our vendors or which may be obtained by you separately from the Clover Security Plus (e.g. any applications downloaded by you through an application marketplace); TransArmor PCI is a Clover Security Plus service that provides access to online PCI DSS Self-Assessment Questionnaires (SAQ) to validate PCI data standards: and TransArmor Data Protection Service The TransArmor Data Protection service encrypts cardholder data at the point of transaction and replaces it with a unique identifier (a token) that is returned with the authorization response. You must use the token you receive with the authorization response instead of the card number for all other activities associated with the transaction, including settlement, retrieval, chargeback, or adjustment processing as well as transaction reviews. If you fully deploy and use the TransArmor Data Protection service, the token returned to you with the authorization response cannot be used to initiate a financial sale transaction by an unauthorized person outside your point of sale systems or the systems where you store your transaction data. The TransArmor Data Protection service can only be used with a point of sale device, gateway, or service that we have certified as being eligible for the TransArmor Data Protection service. The TransArmor Data Protection Service is provided to you by Processor and not by Bank. Use of the TransArmor Data Protection Service does not (a) guarantee compliance with any laws, Rules, or applicable standards (including the PCI DSS), (b) affect your obligation to comply with laws, Rules, and applicable standards (including the PCI DSS), or (c) guarantee protection against a Data Incident. 41. Special Provisions Regarding Payeezy Gateway Services If you elect to utilize the Payeezy Gateway Services, the following additional terms and conditions of this Section 40 shall apply. The Payeezy Gateway Services are provided to you by Processor and not Bank. Bank is not a party to this Agreement insofar as it applies to the Payeezy Gateway Services, and Bank is not liable to you in any way with respect to such services. For the purposes of this Section 40, the words “we,” “our” and “us” refer only to the Processor and not the Bank. The Payeezy Gateway Services provided and other matters contemplated under this Section 40 are subject to the rest of this Agreement, as applicable, except to the extent the terms of this Section 40 directly conflict with another provision of this Agreement, in which case the terms of this Section 40 will control. Definitions. Capitalized terms used in this Section 40 shall have the meaning given as defined in this Section or as defined in the Glossary or elsewhere in this Agreement. Claim means any arbitration award, assessment, charge, citation, claim, damage, demand, directive, expense, fine, interest, joint or several liability, lawsuit or other litigation, notice, infringement or misappropriation of any Intellectual Property Right or violation of any law, and any consequential, indirect, special, incidental or punitive damages and any attorney’s fees and expenses incurred in connection therewith. For purposes of the foregoing Claim definition, a Claim shall be considered to exist 41.1. 40.16. 40.15. q) p) o) n) m) l) k) j) i) h) g) f) e) SM GenCP-WF-2602_PG_02.28.23 29 for any unauthorized access to your data or Your Systems by any means or device.purposes of this Section 40, or for archival purposes (any copies made hereunder for any unauthorized access to your data or Your Systems by any means or device. Suspension of Access to the Platform and Services. We may suspend your access to the Platform and Services, without prior notice, with cause. For purposes of this Section 40 the term “cause”, in addition to cause as defined under the Agreement, shall mean that significant activity by you has been detected (which excludes a high volume of transactions) or the security or integrity of the Platform is materially compromised. We will make commercially reasonable efforts to provide prior notification to you of any such proposed suspension and provide you with a reasonable opportunity to cure, provided just you (and no other user) are affected, and provided such cure is allowed by the applicable law or the Card Organization Rules. If prior notification to you is not possible because such significant activity or security issue would materially and adversely affect other users of the Platform and Services, then we will provide notice of such suspension as promptly as possible thereafter with detailed information regarding the suspected fraudulent activity or security issue, as well as any other information that can assist you with identifying the root cause of the problem responsible for such suspension. Upon a determination by us that you are not responsible for the fraudulent activity or security issue resulting in the suspension or any security threat as abated, the Services and your license to the Software shall be promptly re-activated and the Services under this Section 40 shall recommence. Regardless of the reason for such suspension, you shall be responsible for the payment of all fees due up to and including the effective date of the suspension. Security of Information. We will use commercially reasonable efforts to maintain the security of the Services and the Platform. You will use commercially reasonable efforts to maintain the security of Your Systems. Such steps by you will be taken at your sole cost and expense, and shall include, without limitation: (i) creating firewalls to protect against unauthorized access to Your Systems by your employees, contractors, Customers, or by any other person; and (ii) implementing reasonable protective techniques suggested by us. You further agree that you will be bound by and comply with all of our and all Card Organization security rules and regulations as they now exist or as each may be amended or supplemented from time to time. Notwithstanding the foregoing, the parties recognize that there is no guarantee or absolute security of information that is communicated over the internet. Privacy. We have adopted online Privacy Statement(s) to inform individuals as to our online collection and use of personal information. You agree that, during the term of this Agreement, you will adequately communicate and comply with an appropriate privacy policy explaining your online collection and use of the personal information of your Customers. Unless required by law, Card Organization Rules, or done pursuant to this Agreement, you shall not, under any circumstances, sell, purchase, provide, or otherwise disclose any customer’s account information, transaction information, or other personal information to any third party. You shall store all data securely. We may advise potential users of the services that we have a relationship with you. Audit Rights. Upon notice to you, we may audit your usage, records and security of the Services, your Customer’s payment processing information, and the services provided hereunder to ensure (i) that you are using the Services in full compliance with the provisions of this Section 40; (ii) that all applicable fees have been paid; (iii) that you are adhering to your privacy policy; and; (iv) that you are in full compliance with all applicable laws, regulations and rules (including but not limited to Card Organization Rules). Any such audit shall be conducted during regular business hours at your offices and shall not interfere unreasonably with your business. Indemnification. You shall indemnify, defend, and hold us, our subsidiaries and affiliates and our and their officers, directors, employees, shareholders, agents and attorneys from any Claim(s) arising from the conduct of your business, any Transactions submitted through the Platform hereunder for payment processing, any false or inaccurate representation made by you or the negligence, fraud, dishonesty or willful behavior of any of your employees or agents, or from your failure to strictly comply, in whole or in part, with any: (i) terms and conditions pursuant to this Agreement and any addenda hereto or Documentation; or (ii) applicable law, regulations or rules. Upon written notice from us to you, you shall immediately undertake the defense of such Claim by representatives of your own choosing, subject to our reasonable approval. Limitation of Liability. Processor is not liable for the merit and legitimacy of the orders forwarded by you. All liability for validity of orders remains with you. We are not responsible for any data entry errors, Customer misrepresentations, or reporting errors resulting from your actions. We shall not be liable to you or your Customer for the accuracy of the information provided by the Platform or our Services. In no event shall we be liable to you, or to any other person or entity, under this Section 40, or otherwise, for any punitive, exemplary, special, incidental or consequential damages, including, without limitation, any loss or injury to earnings, profits or goodwill. Notwithstanding any provision in this Agreement to the contrary, in no event shall our liability under this Section 40 for all Claims arising under, or related to, this Section 40 exceed, in the aggregate (inclusive of any and all Claims made by you against us, whether related or unrelated), the lesser of: (i) the total amount of fees paid by you for the our Services during the 12-month period immediately preceding the date the event giving rise to such Claim(s) occurred; or (ii) $50,000.00. Notwithstanding provisions set forth herein, we will not be liable for any Claims under this Agreement arising directly or indirectly from or otherwise concerning: (a) any termination, suspension, delay or disruption of service (including billing for a service) by the Internet, any common carrier or any third party service provider; (b) any failure, disruption or malfunction of the Services provided hereunder or the Internet, or any communications network, facility or equipment beyond our reasonable control, whether or not attributable to one or more common carriers or third party service providers; (c) any failed attempts by you or your Customers to access any Systems or to complete processing transactions; or (d) 41.10.4. 41.10.3. 41.10.2. 41.10.1. 41.10. 41.9. 41.8. 41.7. 41.6. 41.5.5. purposes of this Section 40, or for archival purposes (any copies made hereunder shall contain all appropriate proprietary notices); (vi) rent, lease, upload, assign, sublicense, transfer, distribute, allow access to, or time share the Services or Documentation; (vii) circumvent or attempt to circumvent any applicable security measures of the Services; (viii) attempt to access or actually access portions of the Platform or Services not authorized for your use; and/or (ix) use the Services in any unlawful manner or for any unlawful purpose. Updates. From time to time we may, at our discretion, release Updates or modify the Software. In the event we notify you of any such Update, you shall integrate and install such Update into Your Systems within thirty (30) days of your receipt of such notice. You acknowledge that failure to install Updates in a timely fashion may impair the functionality of the Platform or any of our Services provided hereunder. We will have no liability for your failure to properly install the most current version of the Software or any Update, and we will have no obligation to provide support or Services for any outdated versions. Licensors. The licenses granted hereunder may be subject to other licenses currently held by us or our subcontractors. Should any license held by us to certain technology or software be terminated or suspended, the corresponding license(s) granted to you hereunder may also be terminated or suspended in our sole and absolute discretion. You acknowledge and agree to such potential termination or suspension and hereby waive any and all damages, whether actual, incidental or consequential resulting therefrom. Export Compliance. You agree not to export or re-export the Software or any underlying information or technology except in full compliance with all applicable laws and regulations. In particular, but without limitation, none of the Software or underlying information or technology may be downloaded or otherwise exported or re-exported (i) to any country to which the United States has embargoed goods (or any national or resident thereof); (ii) to anyone on the United States Treasury Department's list of Specially Designated Nationals or the United States Commerce Department's Table of Deny Orders; or (iii) in any manner not in full compliance with the requirements of the United States Bureau of Industry and Security and all applicable Export Administration Regulations. If you have rightfully obtained the Software outside of the United States, you agree not to re-export the Software except as permitted by the laws and regulations of the United States and the laws and regulations of the jurisdiction in which you obtained the Software. You warrant that you are not located in, under the control of, or a national or resident of any such country or on any such list. Federal Acquisition Regulations. If you are acquiring the Software on behalf of any part of the United States Government (the “Government”), the following provisions apply: Any use, duplication, or disclosure by the Government is subject to the restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19 when applicable, or in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013, and in similar clauses in the NASA FAR Supplement. We are the contractor/manufacturer, with the address set forth below. Any use, modification, reproduction, release, performance, display or disclosure of the Software and/or the accompanying documentation by the Government or any of its agencies shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Section 40. Return/Destruction. Upon termination or expiration of this Agreement, all licenses granted hereunder shall immediately terminate, and within five (5) days thereof, you shall either return to us or destroy the Software and the Documentation, and shall so certify to us in writing. No other Licenses. Except as expressly provided above, no license for any patents, copyrights, trademarks, trade secrets or any other Intellectual Property Rights, express or implied, are granted hereunder. Use of Transaction Data. As permitted by applicable law and regulations, we reserve the right to copy and distribute to third parties, any information associated with your use of the Services or your activities on the Platform. Platform Matters Integration with Your Systems. While we provide Software to you, you acknowledge that the Software itself is insufficient to allow Your Systems to function with the Platform. Programming, development and maintenance of Your Systems and their functionality are your sole responsibility. You have the sole responsibility to select and employ any competent programming agent(s) to accomplish the programming required to make Your Systems function correctly with the Platform and the payment services contemplated hereunder (“Integration”). You shall be responsible for all technical support for Your Systems and Integration related issues. You agree that you will use commercially reasonable efforts to complete the Integration as soon as possible. You will be responsible for all of your own development and implementation costs associated with such Integration. Notwithstanding any other provision of this Section 40, you acknowledge that unless and until you complete the Integration, no Services need be provided by us to you pursuant to this Agreement, except as otherwise specifically provided in Section 40.5.2 below. In addition, you acknowledge and agree that, even if you have completed Integration, if you have not entered into a valid merchant processing agreement with an authorized bank card processor, you cannot receive the Services through the Platform. Set-Up Assistance Services. Subject to Section 40.5.1 above, upon your request to us, and upon payment of any applicable Fees, we will provide you with set-up services to assist with the Integration. Shut Downs. We reserve the right, from time to time, without prior notice, to shut down and restart the Platform for maintenance and /or software upgrades for reasonable time periods of one minute or more. Orders by Customers. You are solely responsible for accepting, processing, and filling any orders for purchases by your Customers, and for handling any inquiries arising therefrom. You shall use the highest standards in the industry in responding to complaints by Customers. We are not responsible or liable 41.5.4. 41.5.3. 41.5.2. 41.5.1. 41.5. 41.4.10. 41.4.9. 41.4.8. 41.4.7. 41.4.6. 41.4.5. 41.4.4. GenCP-WF-2602_PG_02.28.23 30 related to Main Street Insights and sub-licensed to you by Processor.any failure to transmit, obtain or collect data from Customers or for human, machine SM related to Main Street Insights and sub-licensed to you by Processor. “First Data Main Street Insights Solution” or Main Street Insights Solution” means the website or the application associated with Main Street Insights , the object code version of the Main Street Insights software applications and communications you receive from the applications. Among other things, Main Street Insights allows merchants to track and visualize information regarding their own revenue, ticket size, and Customers contained in the Data and other third party data sources. Main Street Insights may also permit a merchant to compare its performance to groups of similar businesses within their industry and /or certain geographic areas using the Data and other third party data sources, subject to certain limitations. The features and functionality of Main Street Insights may be modified from time to time by First Data or its third party provider(s). For the avoidance of doubt, the term “software” in this definition does not include any software that may be obtained by you separately from Main Street Insights (e.g., any applications downloaded by you). The First Data Main Street Insights Solution is deemed part of the “Services,” as defined in and provided under the Agreement. Main Street Insights Solution Fees” means the fees charged for your use of the First Data Main Street Insights Solution, which includes additional fees for multiple locations. “Third Party Services” are the services, products, promotions or applications provided to you by or through someone other than Processor. “User Documentation” means that documentation regarding the operation, guidelines and features and functionality of Main Street Insights that is made available to you from time to time at the website, by internet link or otherwise. User Documentation may be modified from time to time by First Data or its third party provider(s). License Grant. Subject to the Main Street Insights Terms and Conditions in this Section 41, Processor grants you a personal, limited, non-exclusive, revocable, non-transferable sub-license, without the right to further sub-license or assign in any way, to electronically access and use, solely in the United States, Main Street Insights to manage your establishment(s) and analyze associated point of sale activities within the United States. For purposes of this Section 41, “United States” does not include U.S. Territories or possessions. Main Street Insights is for your internal business use only. This Section 41 does not grant you any rights to First Data Main Street Insights Marks. Except for the license expressly granted herein, all intellectual property and proprietary rights in or related to Main Street Insights and First Data Main Street Insights Marks are and will remain the sole and exclusive property of First Data or its affiliates, vendors, or third party provider(s) (as applicable), and any and all right, title and interest associated with Main Street Insights not expressly granted in this Section 41 is deemed withheld. Restrictions. You may not, nor may you permit any third party, other than employees and agents with a business need, to do any of the following: (a) access or attempt to access Main Street Insights (or any part) that is not expressly made available for public use; (b) decompile, disassemble, reverse engineer, or otherwise attempt to reconstruct or discover by any means any source code or any underlying data, ideas or algorithms of Main Street Insights (or any part), except to the extent that such restriction is expressly prohibited by law; (c) modify, translate, or alter in any manner, Main Street Insights (or any part), or First Data Main Street Insights Marks; (d) create derivative works of or based on Main Street Insights (or any part) or Main Street Insights Marks; (e) except for backup and archival purposes, directly or indirectly copy Main Street Insights (or any part), except screen shots may be copied and retained solely for internal business purposes; (f) republish, upload, post, transmit, disclose, or distribute (in any format) Main Street Insights (or any part) except as expressly permitted herein; (g) access or use (in any format) Main Street Insights (or any part) through any time-sharing service, service bureau, network, consortium, or other means; (h) rent, lease, sell, sublicense, assign, or otherwise transfer your license rights to any third party, whether by operation of law or otherwise; (i) use or ship Main Street Insights (or any part) outside of the United States, or access Main Street Insights (or any part) from outside the United States, without in any case obtaining our advance written consent; (j) remove, relocate, or otherwise alter any proprietary rights notices from Main Street Insights (or any part), or First Data Main Street Insights Marks; (k) perform or attempt to perform any actions that would interfere with the proper working of Main Street Insights, prevent access to or use of Main Street Insights by other users, or in our reasonable judgment impose an unreasonable or disproportionately large load on Main Street Insights’ infrastructure, network capability or bandwidth; or (l) use Main Street Insights (or any part) except as permitted in Section 41.2. You shall not take any action inconsistent with the stated title and ownership in Section 41.2. You will not file any action in any forum that challenges the ownership of any part of Main Street Insights, any related software, materials or User Documentation. Failure to comply with this provision will constitute a material breach of this Agreement and may restrict Processor’s ability to sublicense Main Street Insights to you. Processor has the right to immediately terminate Services under this Section 41, and First Data has the right to immediately terminate your access to and use of Main Street Insights in the event of a challenge by you. Main Street Insights Limitations and Requirements. You may access Main Street Insights through your Device using a wired (ethernet) or wireless (wifi or cellular) connection to the Internet. You are solely responsible for the payment of any fees that may be imposed by your Internet/data provider. Your use of Main Street Insights may be subject to: (a) the terms of your agreements with your Internet / data provider; and (b) the availability or uptime of the services provided by your Internet/data provider. You may use Main Street Insights to conduct analysis of the Data and third party data made available through Main Street Insights application and/or other tools made available at the website or in the application. First Data may alter which Devices and browsers are approved as compatible with Main Street Insights in its discretion from time-to-time. First Data may perform maintenance on Main Street Insights from time to42.4.4. 42.4.3. 42.4.2. 42.4.1. 42.4. 42.3.2. 42.3.1. 42.3. 42.2. any failure to transmit, obtain or collect data from Customers or for human, machine or software errors or faulty or your or your Customer’s erroneous input. Except as expressly agreed to by us in writing with respect to any Separate Product, we are not liable for any Excluded Products. DISCLAIMER OF WARRANTIES. YOU ACKNOWLEDGE AND AGREE THAT THE USE OF THE PAYEEZY GATEWAY SERVICES AND DOCUMENTATION ARE AT YOUR SOLE RISK WE MAKE NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, AND NO IMPLIED AT LAW WARRANTY SHALL ARISE FROM THIS SECTION, PAYEEZY GATEWAY SERVICES, DOCUMENTATION, OUR PROCEDURES, OTHER SERVICES PROVIDED OR PERFORMED BY US HEREUNDER, INCLUDING, WITHOUT LIMITATION: (A) ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, (B) ANY WARRANTIES OF NONINTERFERENCE OR NON-INFRINGEMENT; OR (C) ANY WARRANTIES THAT ANY PRODUCT OR SERVICE PROVIDED HEREUNDER (INCLUDING BUT NOT LIMITED TO THE SOFTWARE) WILL (1) MEET YOUR REQUIREMENTS; (2) OPERATE ACCORDING TO YOUR EXPECTATIONS; (3) PROVIDE ACCURATE DATA; OR (4) OPERATE UNINTERRUPTED OR ERROR FREE. ANY AND ALL SUCH WARRANTIES ARE EXPRESSLY DISCLAIMED BY US AND WAIVED BY YOU. WE DO NOT WARRANT THAT ANY ERRORS WILL BE CORRECTED. EXCEPT AS OTHERWISE SPECIFICALLY SET FORTH HEREIN, THE PAYEEZY GATEWAY SERVICES, (INCLUDING WITHOUT LIMITATION THE PAYEEZY GATEWAY AND SOFTWARE), DOCUMENTATION AND OTHER SERVICES PROVIDED HEREUNDER ARE PROVIDED ON AN “AS-IS, WITH ALL FAULTS” BASIS. THIS DISCLAIMER OF WARRANTIES CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. All decisions to reject any processing transaction or payment for your products or services are solely your responsibility. Notices. You agree to notify us of any change in your name, type of business, or any other information required on your Merchant Processing Application at least thirty (30) business days prior to the effective date of change. Any notice or other communication required or permitted to be given hereunder shall be in writing, addressed or transmitted to the party to be notified at such party’s address or number at such party’s last known address or number, and shall be: (i) if sent by us, hand delivered or delivered by facsimile transmission, overnight courier or certified, registered, regular mail or e-mail; or (ii) if sent by you, certified or registered mail, postage prepaid return receipt requested to 3975 N.W. 120th Avenue, Coral Springs, FL 33065. Any notice delivered hereunder shall be deemed effective, as applicable, upon delivery, if hand delivered or sent by overnight courier; upon receipt as evidenced by the date of transmission indicated on the transmitted material, if by facsimile transmission or e-mail; on the date of delivery indicated on the return receipt, if mailed by certified or registered mail; or ten (10) days after mailing, if by regular mail (or as otherwise required by applicable law). The parties’ addresses may be changed by written notice to the other party as provided herein. Subcontractors. Processor may subcontract all or part of the Services using a variety of providers globally, but, notwithstanding any such subcontract, Processor shall remain fully responsible for performance of the Services, including ensuring the compliance of subcontractors with the terms of this Agreement applicable to such subcontractors. Survival. Upon termination or expiration of this Section 40 or the Agreement, a party’s obligations shall cease except for those remaining or required to be performed following such termination. For the avoidance of doubt, the parties agree that those provisions of this Section that logically should survive its termination or expiration in order to accomplish its fundamental purposes will do so. All representations, warranties, indemnities and covenants made herein shall survive the termination of this Section and shall remain enforceable after such termination. 42. Special Provisions Regarding Main Street Insights Service Terms and Conditions If you elect to utilize the First Data Main Street Insights Solution (Main Street ) the terms and condition in this Section 41 shall apply (Insights”“Main Street ); and if you were granted a First Data MainInsights Terms and Conditions” Street Insights Temporary Demonstration License, an election for Services under this Section 41 shall serve to supersede it. Main Street Insights is provided to you by Processor and not Bank. Bank is not liable to you in any way with respect to Main Street Insights. Main Street Insights, transactions processed, and other matters contemplated under Section 40 are subject to the terms and conditions of the Agreement, as applicable, except to the extent the terms directly conflict with the Main Street Insights Terms and Conditions, in which case the Main Street Insights Terms and Conditions will control. Definitions. Capitalized terms used herein shall have the meanings given to such terms as set forth in Section 41.1 or as defined elsewhere in this Section 41, or the Agreement. “Customer” means a Person who makes a purchase of goods or services from you, the transaction detail of which is utilized in Main Street Insights. “Customer Information” means information about your Customers (e.g., name, mailing address, card account number, e-mail address, telephone number) obtained in connection with your use of the Services and may be utilized in Main Street Insights. “Data” means transaction data that may include processing data from First Data Merchant Services LLC’s credit and debit information warehouse and other available sources that First Data Merchant Services LLC owns or has a contractual or other right to use in Min Street Insights. “Device” means a tablet, computer, smartphone or other mobile device, or other device that you use to access the Main Street Insights website to receive or to which you receive communications from Main Street Insights. “First Data” means First Data Corporation, which is the parent company of First Data Merchant Services LLC. “First Data Main Street Insights Marks” means the trademarks or service marks 42.1. 41.14. 41.13. 41.12. 41.11. SM SM SM GenCP-WF-2602_PG_02.28.23 31 PROVIDER(S), WILL BE RESPONSIBLE FOR ANY ACTIONS OR ANY FAILUREStime which may result in service interruptions, delays, or errors. Neither First Data PROVIDER(S), WILL BE RESPONSIBLE FOR ANY ACTIONS OR ANY FAILURES TO ACT OF ANY THIRD PARTY, AND SUCH LIABILITY RELATED TO ALL THIRD PARTY SERVICES IS EXPRESSLY DISCLAIMED. Account Registration. First Data may require you to register at Main Street Insights website or through the application. If and when prompted by the registration process, you agree to (a) provide true, accurate, current and complete information about yourself and/ or your business, and (b) maintain and update this information to keep it true, accurate, current and complete. If any information provided by you is untrue, inaccurate, not current or incomplete, First Data has the right to terminate your First Data Main Street Insights account () and refuse any and all“Account” current or future use of Main Street Insights. Privacy and Data Use. All data collected from you in connection with the Services or in connection with your use of Main Street Insights, including Customer Information and information about your business and employees used with or stored in or by Main Street Insights (collectively, ), is collected by First“Account Data” Data, its affiliates, vendors, and/or third party provider(s) ; therefore, the use and sharing of such Account Data is controlled by the applicable Privacy Policy displayed and available at or through a link on the Main Street Insights website. You acknowledge and agree that First Data, its affiliates, vendors, and/or third party provider(s) may access your Account Data, and our use of your Account Data is governed by the Main Street Insights Terms and Conditions and the Agreement. You also agree that First Data, its affiliates, vendors, and/or third party provider(s) may access and use Account Data to provide or enhance Main Street Insights or the Services. Protecting Your Information. You are solely responsible for ensuring that your account numbers, passwords, security questions and answers, login details and any other security or access information used by you to use or access Main Street Insights are kept safe and confidential. You must prevent unauthorized access to and use of any Account Data. You are responsible for all electronic communications sent to First Data, its affiliates, vendors, or third party provider(s) containing Account Data. When First Data receives communications containing Account Data, it will assume you sent it to First Data. You must immediately notify First Data if you become aware of any loss, theft or unauthorized use of any Account Data (see Main Street Insights support center contact information below). First Data reserves the right to deny you access to Main Street Insights, in whole or in part, if First Data believes that any loss, theft or unauthorized use of any Account Data or access information has occurred. Accuracy of Information. You are solely responsible for ensuring the accuracy of all information and data regarding your business that you provide to First Data, its affiliates, vendors, and/or third party provider(s) in connection with Main Street Insights (e.g., Customer Information). First Data, its affiliates, vendors, and/or third party provider(s) disclaim any and all liability arising out of any inaccuracies as a result of use of such information or data. First Data Main Street Insights Solution Disclaimer. AS IS. USE OF MAIN STREET INSIGHTS IS AT YOUR OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MAIN STREET INSIGHTS IS PROVIDED “AS IS” AND NEITHER FIRST DATA NOR ITS AFFILIATES, VENDORS, OR THIRD PARTY PROVIDER(S) MAKES ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND (EXPRESS OR IMPLIED) WITH REGARD TO MAIN STREET INSIGHTS, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, OR THAT MAIN STREET INSIGHTS WILL FUNCTION UNINTERRUPTED OR ERROR-FREE, OR THAT MAIN STREET INSIGHTS IS SECURE, FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED. Financial Advice. First Data Main Street Insights Solution does not provide any business, investment or financial advice and is not advocating any business decision or the sale or purchase of any real property, stocks, bonds, or securities. First Data expressly states, and you hereby acknowledge, that Main Street Insights is provided solely for informational purposes and are not to be used as a substitute for independent financial investment advice nor are they intended to be relied upon by any person or entity, including you or your Customers for the purposes of investment or other financial decisions. Main Street Insights is not to be construed as providing business or investment advice and should not be used or construed, in whole or in part, as a basis or recommendation for an investment or business decision. Accuracy. While First Data takes commercially reasonable measures to ensure the accuracy of the information and content contained in Main Street Insights, it makes no representation or warranty of any kind with respect to Main Street Insights. You acknowledge and agree that all use of Main Street Insights by you and all other persons shall be: (i) based upon your own determination and evaluation and (ii) at your sole risk. At times the Data may include third party data that is appended to the Data and First Data has not investigated and does not make any representation or warranty with respect to the accuracy of the third party data. Indemnity. Without limiting your indemnification obligations in the Agreement, you agree to indemnify and hold First Data, its affiliates, vendors, and third party provider(s) harmless from and against all losses, liabilities, damages, and expenses (including reasonable attorneys’ fees) arising out of or relating to: Your failure to comply with all terms and conditions in this Section 41, including but not limited to User Documentation; Your use (alone or in combination with any other information) of any Customer Information, reports, information or analytics obtained in connection with your use of Main Street Insights; The content or delivery of any marketing messages that you send or cause to be sent to any Customer phone number or email address collected through the use of Main Street Insights; or Any other party’s access and/or use of Main Street Insights with your unique username, password, or other appropriate security code. 42.13.4. 42.13.3. 42.13.2. 42.13.1. 42.13. 42.12.3. 42.12.2. 42.12.1. 42.12. 42.11. 42.10. 42.9. 42.8. time which may result in service interruptions, delays, or errors. Neither First Data nor its affiliates, vendors, or third party provider(s), will be liable for any such interruptions, delays, errors, or bugs. You agree that First Data or its affiliates, vendors, or third party provider(s) may contact you in order to assist you with Main Street Insights and obtain information needed to identify and fix any errors. You shall at all times comply with the User Documentation. You shall comply with the following requirements in connection with your use of Main Street Insights: In the event you are able to discern any information about a particular entity or individual from the information available from Main Street Insights, either alone or with other information in your possession, you understand and acknowledge that the information may be subject to certain privacy, marketing, insider trading, or other applicable laws and you will limit your use thereof in accordance with all applicable laws. With respect to each Customer who desires to receive marketing material or other communications from you via text message or email, such Customer must check the appropriate consent or the consent must be provided in writing; you are NOT permitted to add or modify a Customer’s consent indication on his behalf. You (or your agents acting on your behalf) may only send marketing materials or other communications to the Customer’s provided phone number, street address, and/or email address if the Customer has specifically consented in writing executed by the Customer. NOTWITHSTANDING THE CAPABILITY OF MAIN STREET INSIGHTS TO COLLECT AND STORE CUSTOMER INFORMATION, SOME STATES MAY LIMIT YOUR USE OF SUCH INFORMATION ONCE COLLECTED, EVEN IF THE CUSTOMER HAS PROVIDED ITS CONSENT, AND/OR YOUR DISCLOSURE OF SUCH INFORMATION TO THIRD PARTIES. YOU ACKNOWLEDGE AND AGREE THAT (I) YOUR USE OF CUSTOMER INFORMATION OBTAINED IN CONNECTION WITH MAIN STREET INSIGHTS MAY BE SUBJECT TO LOCAL, STATE, AND/OR FEDERAL LAWS, RULES, AND REGULATIONS, (II) YOU ARE SOLELY RESPONSIBLE FOR KNOWING SUCH LAWS, RULES, AND REGULATIONS, AND (III) YOU WILL AT ALL TIME STRICTLY COMPLY WITH ALL SUCH LAWS, RULES, AND REGULATIONS. You shall comply fully with the requirements of all applicable federal, state and local laws and regulations related to your use of Main Street Insights and provision and use of Customer Information and point of sale data in connection with Main Street Insights. Furthermore, you are solely responsible for monitoring legal developments applicable to Main Street Insights and the operation of your business, interpreting applicable laws and regulations, determining the requirements for compliance with all applicable laws and regulations, and maintaining an on-going compliance program. In connection with Main Street Insights, you shall receive a username and password to access Main Street Insights. You are responsible for securely storing and keeping the username and password in accordance with this Section 41.10 below. You will not permit anyone unauthorized by you to use the username and password and you may only authorize your employees and agents with a business need to use the username and password. At such time as multiple usernames and passwords are available, you shall restrict the use of usernames and passwords to single individuals and you shall monitor use of Main Street Insights to ensure compliance with this Section 41 by those to whom you have provided usernames and passwords and you shall keep records regarding who has access to which usernames and passwords at all times. Equipment. You must obtain all equipment necessary for you to access and use the Main Streets Insights website. No communication channel or device to access the website is included within the provision of the First Data Main Street Insights Solution, and you shall be responsible for all such equipment and communication channels, including but not limited to all device or channel compatibility. Term and Termination. Main Street Insights Terms and Conditions in this Section 41 shall become effective upon execution hereof and shall end when terminated as set forth herein. For the avoidance of doubt, except as set forth below, termination of Services under Section 37 will not terminate the underlying Agreement. You may terminate your First Data Main Street Insights Solution services at any time upon thirty (30) days’ notice by calling the Customer Service number on your statement. Notwithstanding the foregoing sentence, upon as much advance notice as is commercially practicable, First Data may terminate your access to, and use of Main Street Insights if (i) it is determined that you are using Main Street Insights for any fraudulent, illegal, or unauthorized purpose, (ii) you violate the Main Street Insights Terms and Conditions or an Event of Default occurs under the Agreement, (iii) First Data terminates its agreement with any third parties that are involved in providing Main Street Insights, or (iv) First Data otherwise decides to discontinue providing Main Street Insights. You acknowledge and agree that an occurrence of (i) or (ii) above may be deemed an Event of Default under the Agreement, thereby affording Processor and Bank all rights and remedies as set forth in the Agreement triggered by such an Event of Default, which may include immediate termination of the Services under Section 41 without notice. Third Party Services. Main Street Insights may be used in connection with Third Party Services that you obtain separately for your purposes (e.g., an accounting application on your Device). If you decide to use Third Party Services, you will be responsible for reviewing and understanding the terms and conditions associated with Third Party Services (including obtaining and maintaining any required third party hardware and /or software that is required for the Third Party Services to work with Main Street Insights). Your access of any Third Party Services is at your own risk. Third Party Services are not governed by the terms and conditions of this Section 41 or the Agreement. ANY CONTENT DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THIRD PARTY SERVICES (E.G., ACCOUNTING APPLICATION) IS DOWNLOADED AT YOUR OWN RISK. NEITHER FIRST DATA NOR ITS AFFILIATES, VENDORS, OR THIRD PARTY 42.7. 42.6. 42.5. 42.4.8. 42.4.7. 42.4.6.4. 42.4.6.3. 42.4.6.2. 42.4.6.1. 42.4.6. 42.4.5. GenCP-WF-2602_PG_02.28.23 32 service, service bureau, network, consortium, or other means; (h) rent, lease, sell,Notices. First Data, its affiliates, vendors, and /or third party provider(s) may42.14. service, service bureau, network, consortium, or other means; (h) rent, lease, sell, sublicense, assign, or otherwise transfer your license rights to any third party, whether by operation of law or otherwise; (i) use or ship the Clover Service (or any part) outside of the United States, or access the Clover Service (or any part) from outside the United States, without in any case obtaining our advance written consent; (j) remove, relocate, or otherwise alter any proprietary rights notices from the Clover Service (or any part) or the Clover Marks; (k) perform or attempt to perform any actions that would interfere with the proper working of the Clover Service, prevent access to or use of the Clover Service by other users, or in our reasonable judgment impose an unreasonable or disproportionately large load on our infrastructure, network capability or bandwidth; or (l) use the Clover Service (or any part) except as permitted in subsection 42.2 above. You shall not take any action inconsistent with the stated title and ownership in subsection 42.2 above. You will not file any action, in any forum that challenges the ownership of any part of the Clover Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of this Agreement. We have the right to immediately terminate your access to and use of the Clover Service in the event of a challenge by you. Clover Service Limitations and Requirements. You may access the Clover Service through your Device using a wired (ethernet) or wireless (wifi or cellular) connection to the Internet. You are solely responsible for the payment of any fees that may be imposed by your Internet/data provider. Your use of the Clover Service may be subject to: (a) the terms of your agreements with your Internet/data provider; and (b) the availability or uptime of the services provided by your Internet/data provider. You may use the Clover Service to conduct point of sale activities offline; transactions initiated offline will be queued and submitted for authorization when Internet connectivity to the Clover System is restored. However, you assume all risk, responsibility and liability associated with any transaction that you choose to conduct while the Clover Service is used offline. The Clover Service does not function with every mobile device. Processor may alter which Devices are approved as compatible with the Clover Service in our discretion from time-to-time. We may perform maintenance on the Clover Service from time to time which may result in service interruptions, delays, or errors. We will not be liable for any such interruptions, delays, errors, or bugs. You agree that we may contact you in order to assist you with the Clover Service and obtain information needed to identify and fix any errors. You shall at all times comply with any operating procedures, requirements, or guidelines regarding your use of the Clover Service that are posted on the Clover website or otherwise provided or made available to you (collectively, “Clover Ops Guide”). You shall comply with the following requirements in connection with your use of the Clover Service: With respect to each Customer who requests the delivery of transaction receipts via text message or email, such Customer must enter his phone number or email address in the appropriate space displayed on the Device himself; you are NOT permitted to add or modify any Customer Information (including but not limited to phone number and email address) on behalf of a Customer. With respect to each Customer who desires to receive marketing material or other communications from you via text message or email, such Customer must check the appropriate consent check box displayed on the Device himself; you are NOT permitted to add or modify a Customer’s consent indication on his behalf. You (or your agents acting on your behalf) may only send marketing materials or other communications to the Customer’s provided phone number, street address, and /or email address if the Customer has specifically consented by checking (himself) the applicable box displayed on the Device. NOTWITHSTANDING THE CAPABILITY OF THE CLOVER SERVICE TO COLLECT AND STORE CUSTOMER INFORMATION AND TO ALLOW YOUR CUSTOMERS TO ELECT TO RECEIVE MARKETING MATERIALS FROM YOU, SOME STATES MAY LIMIT YOUR USE OF SUCH INFORMATION ONCE COLLECTED, EVEN IF THE CUSTOMER HAS PROVIDED HIS CONSENT, AND /OR YOUR DISCLOSURE OF SUCH INFORMATION TO THIRD PARTIES. YOU ACKNOWLEDGE AND AGREE THAT (I) YOUR USE OF CUSTOMER INFORMATION OBTAINED IN CONNECTION WITH THE CLOVER SERVICE MAY BE SUBJECT TO LOCAL, STATE, AND/OR FEDERAL LAWS, RULES, AND REGULATIONS, (II) YOU ARE SOLELY RESPONSIBLE FOR KNOWING SUCH LAWS, RULES, AND REGULATIONS, AND (III) YOU WILL AT ALL TIME STRICTLY COMPLY WITH ALL SUCH LAWS, RULES, AND REGULATIONS. If TransArmor software is resident on your Device at the time we provide you with the Device and therefore part of the Clover Service, it will be used to perform such encryption and tokenization (“TransArmor Service”) and the additional terms set forth in Section 39 apply. However you will only receive the applicable TransArmor service subscribed by you as set forth in the Application. You are responsible to provide and obtain any disclosures and consents related to the E-SIGN Act that may be required in connection with your communications and agreements with your Customers. Fees. You shall pay Processor the fees for Clover Service as set forth on the Application. Term and Termination. The Clover Service may be terminated at any time by either party upon thirty (30) days’ written notice to the other party. Notwithstanding the foregoing sentence, upon as much advance notice as is commercially practicable, we may suspend or terminate the Clover Service if (a) we determine that you are using Clover Service for any fraudulent, illegal, or unauthorized purpose, (b) you violate the terms of this Section 42 or an Event of Default occurs under the Agreement, (c) we terminate our agreement with any third parties that are involved in providing the Clover Service, or (d) Processor otherwise decides to discontinue providing the Clover Service. You acknowledge and agree that an occurrence of (a) or (b) above may be deemed an Event of Default under the 43.6. 43.5. f) e) d) c) b) a) 43.4.6. 43.4.5. 43.4.4. 43.4.3. 43.4.2. 43.4.1. 43.4. Notices. First Data, its affiliates, vendors, and /or third party provider(s) may provide notices and other information regarding Main Street Insights to you via the method(s) described in the Agreement. Amendment. First Data has the right to: (i) require changes or addition to the Main Street Insights Terms and Conditions in Section 41 at any time, and (ii) change, delete, discontinue, or impose conditions on any feature or aspect of Main Street Insights Ideas. You may choose to, or First Data, its affiliates, vendors, or third party provider(s) may invite you to, submit comments or ideas about Main Street Insights, including, without limitation, about how to improve Main Street Insights (). By“Ideas” submitting any Idea, you agree that: (a) First Data expressly disclaims any confidentiality obligations or use restrictions, express or implied, with respect to any Idea, (b) your submission will be non-confidential, and (c) First Data is free to use and disclose any Idea on an unrestricted basis without notifying or compensating you and without you claiming any rights therein. You release First Data, its affiliates, vendors, or third party provider(s) from all liability and obligations that may arise from the receipt, review, use or disclosure of any portion of any Idea. Third Party Beneficiaries. First Data, its affiliates, vendors, or third party provider(s) used in providing Main Street Insights are intended third party beneficiaries of this Section 41 as applicable, and each of them may enforce its provisions as if it was a party hereto. Except as expressly provided in this Section 41, nothing in this Section 41 is intended to confer upon any Persons any rights or remedies, and the parties do not intend for any Persons to be third-party beneficiaries of this Section 41. Limitation of Liability. The cumulative liability to you from First Data, its affiliates, vendors, and third party provider(s) for any and all claims arising out of or resulting from this Section 41 shall not exceed the total for the Main Street Insights Solution Fees you paid to the Processor in the twelve months immediately preceding any claim. 43. Special Provisions Regarding Clover Service If you elect to use the Clover Service, the following additional terms and conditions of this Section 42 shall apply. The Clover Service is provided to you by Processor and not Bank. The Clover Service, transactions processed, and other matters contemplated under this Section 42 are subject to the terms and conditions of the Agreement, as applicable, except to the extent the terms of this Section 42 directly conflict with another provision of the Agreement, in which case the terms of this Section 42 will control; provided however, Bank is not a party to this Agreement insofar as it applies to the Clover Service, and you acknowledge that Bank is not liable to you in any way with respect to the Clover Service. For the purposes of this Section, 42, the words “we,” “our” and “us” refer only to the Processor and not the Bank. Definitions. Capitalized terms used herein shall have the meanings given to such terms as set forth in this Section 42 or as defined in the Glossary or elsewhere in this Agreement. “Clover Marks” means the trademarks or service marks of Clover, an affiliate of Processor. Clover Services, the Clover Services are owned and provided by Clover Network, LLC (Clover) and include the website associated with Clover, the Clover software applications (whether owned or licensed by Clover and not including third party applications you contract for directly with the application developer), and the Clover App Market. Any Clover Services you receive are provided to you by Clover pursuant to the then-current terms of use found at .www.clover.com/terms “Customer” means a Person who makes a purchase of goods or services from you, the transaction for which utilizes the Clover Service. “Customer Information” means information about your Customers (e.g., name, mailing address, e-mail address, telephone number) obtained in connection with your use of the Clover Service. “Device” means a tablet, smartphone, or other mobile or fixed form factor identified by Processor from time to time as compatible with and capable of supporting the Clover Service. “Third Party Services” are the services, products, promotions or applications provided by someone other than Processor. License Grant. During the term of the Agreement, Processor grants you a personal, limited, non-exclusive, revocable, non-transferable license, without the right to sublicense or assign in any way, to electronically access and use the Clover Service solely in the United States to manage your establishment and conduct associated point of sale activities within the United States in accordance with the terms of this Section 42. For purposes of this Section 42, “United States” does not include U.S. Territories or possessions. The Clover Service is for your internal business use only. This Section 42 does not grant you any rights to the Clover Marks. All intellectual property and proprietary rights in or related to the Clover Service and the Clover Marks are and will remain our, our affiliates’, our vendors’, or our licensors’ (as applicable) sole and exclusive property, and any and all right, title and interest associated with the Clover Service not expressly granted by Processor in this Section 42 are deemed withheld. Restrictions. You may not, nor may you permit any third party to do any of the following: (a) access or attempt to access the Clover Service (or any part) that is not intended or made available for public use; (b) decompile, disassemble, reverse engineer, or otherwise attempt to reconstruct or discover by any means any source code, underlying ideas or algorithms of the Clover service or any part, except to the extent that such restriction is expressly prohibited by law; (c) modify, translate, or alter in any manner, the Clover Service (or any part) or the Clover Marks; (d) create derivative works of or based on the Clover Service (or any part) or the Clover Marks; (e) except for backup and archival purposes, directly or indirectly copy the Clover Service (or any part); (f) republish, upload, post, transmit, disclose, or distribute (in any format) the Clover Service (or any part) except as permitted herein; (g) access or use (in any format) the Clover Service (or any part) through any time-sharing 43.3. 43.2. 43.1. 42.18. 42.17. 42.16. 42.15. 42.14. GenCP-WF-2602_PG_02.28.23 33 Amendment. We have the right to change or add to the terms of this Section43.15.Agreement, thereby affording Processor and Bank all rights and remedies as set Amendment. We have the right to change or add to the terms of this Section 42 at any time, and to change, delete, discontinue, or impose conditions on any feature or aspect of the Clover Service with notice provided to you as set forth in subsection 42.14 above. Any use of the Clover Service after our publication of any such changes shall constitute your acceptance of this Agreement as modified. Ideas. You may choose or we may invite you to submit comments or ideas about the Clover Service, including, without limitation, about how to improve the Clover Service (“Ideas”). By submitting any Idea, you agree that: (a) we expressly disclaim any confidentiality obligations or use restrictions, express or implied, with respect to any Idea, (b) your submission will be non-confidential, and (c) we are free to use and disclose any Idea on an unrestricted basis without notifying or compensating you. You release us from all liability and obligations that may arise from our receipt, review, use or disclosure of any portion of any Idea. Third Party Beneficiaries. Processor’s Affiliates and any Persons Processor uses in providing the Clover Service are intended third party beneficiaries of this Section 42, and each of them may enforce its provisions as if it was a party hereto. Except as expressly provided in this subsection 42.17, nothing in this Section 42 is intended to confer upon any Persons any rights or remedies, and the parties do not intend for any Persons to be third-party beneficiaries of this Section 42. 44. Special Provisions Regarding Clover Go Service (Mobile Payments) If you elect to use the Clover Go Service, the following additional terms and conditions of this Section 43 shall apply. The Clover Go service is provided to you by Processor and not Bank. The Clover Go service, transactions processed, and other matters contemplated under this Section 43 are subject to the terms and conditions of the Agreement, as applicable, except to the extent the terms of this Section 43 directly conflict with another provision of the Agreement, in which case the terms of this Section 43 will control; provided however, Bank is not a party to this Agreement insofar as it applies to the mobile payments service, and you acknowledge that Bank is not liable to you in any way with respect to the mobile payments service. For the purposes of this Section 43, the words “we,” “our” and “us” refer only to the Processor and not the Bank. Your mobile payments service (“Clover Go Service”) enables you to accept card-based payments using (a) a smart phone or other supported mobile device that you provide,(b) an approved card reader you obtain from us (“Clover Go Reader”), and (c) an application (“Clover Go App”) that you download from the Apple App Store or Google Play. The Clover Go Service does not support offline point of sale activities and requires Internet connectivity for proper functioning. We may update the Clover Go Service from time to time. Only Apple iOS and Google Android operating systems are compatible with the Clover Go Service, and only certain types of mobile devices using Apple iOS and Google Android are supported for the Clover Go App and Clover Go Service. Please contact us for information on whether a particular mobile device is supported for the Clover Go App and Clover Go Service. Additional terms of use (“Clover Go Terms”) apply to the Clover Go Service. From time to time, Clover Go Terms will be presented to you electronically on an “in- application” basis, and you will be required to “click to agree” before being permitted to use the Clover Go App. If we update the Clover Go Terms you will be required to “click to agree” to the updated Clover Go Terms in order to use the Clover Go App again. TO USE THE CLOVER GO SERVICE, YOU MUST ALSO BE USING, AT A MINIMUM, THE TRANSARMOR DATA PROTECTION SERVICE, which is sometimes referred to as “TransArmor Tokenization and Encryption”. You may also choose to use the Clover Security Plus Solution Services, which includes the TransArmor Data Protection Service. If you are already using the single-token version of either the TransArmor Data Protection Service or Clover Security Plus Services, then no additional TransArmor products are needed for the Clover Go Service. If you are using the Payeezy Gateway or if you accept card-not-present payments (for example, Internet payments), you may need a different TransArmor product. Please contact us for information. If you are not already using a TransArmor product, then you must first sign an agreement for an eligible TransArmor product. USE OF CLOVER GO READERS IS AT YOUR OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CLOVER GO READERS ARE PROVIDED “AS IS,” AND WE MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND (EXPRESS OR IMPLIED) WITH RESPECT TO CLOVER GO READERS, INCLUDING BUT NOT LIMITED TO: (a) WARRANTIES OF QUALITY, ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT, (b) ANY WARRANTY THAT THE CLOVER GO READERS WILL FUNCTION UNINTERRUPTED OR ERROR-FREE, (c) ANY WARRANTY THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED, OR (d) ANY WARRANTY THAT THE CLOVER GO READERS ARE SECURE, FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. 45. Special Provisions Regarding Clover Care If you purchase Clover Care, “Included Equipment” means equipment listed in the Equipment Details section of this Agreement. Clover Care replaces, at no additional charge to you, Included Equipment that has failed during the Clover Care Term due to manufacturer defects in materials or workmanship, normal wear and tear from use in your business, and accidental damage from handling. Merchants with Included Equipment located in New York: see below for material limitations on Clover Care protection. Clover Care protection begins when we ship you the Included Equipment and continues for three years from that date, (the Clover Care Term). Clover Care protection extends to replacement devices for the remainder of the original unit’s Clover Care Term. 45.2. 45.1. 44.8. 44.7. 44.6. 44.5. 44.4. 44.3. 44.2. 44.1. 43.17. 43.16. 43.15.Agreement, thereby affording Processor and Bank all rights and remedies as set forth in the Agreement triggered by such an Event of Default, which may include immediate termination of the Agreement without notice. Third Party Services. The Clover Service may contain links to Third Party Services (e.g., an application marketplace). If you decide to use Third Party Services, you will be responsible for reviewing and understanding the terms and conditions associated with Third Party Services (including obtaining and maintaining any required third party hardware and /or software that is required for the Third Party Services to work with the Clover Service). Your access of any Third Party Services is at your own risk. Third Party Services are not governed by the terms and conditions of this Section 38 or the Agreement. ANY CONTENT DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THIRD PARTY SERVICES (E.G., APPLICATION MARKETPLACE AND ANY APPS AVAILABLE AT SUCH APPLICATION MARKETPLACE) IS DOWNLOADED AT YOUR OWN RISK. PROCESSOR WILL NOT BE RESPONSIBLE FOR ANY ACTIONS OR ANY FAILURES TO ACT OF ANY THIRD PARTY, AND PROCESSOR EXPRESSLY DISCLAIMS ANY LIABILITY RELATED TO ALL THIRD PARTY SERVICES. PROCESSOR DOES NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY THIRD PARTY SERVICE OR PRODUCT ADVERTISED OR OFFERED THROUGH THE CLOVER SERVICE OR ANY HYPERLINKED WEBSITE OR SERVICE, OR FEATURED IN ANY BANNER OR OTHER ADVERTISING, AND PROCESSOR WILL NOT BE A PARTY TO OR IN ANY WAY MONITOR ANY TRANSACTION BETWEEN YOU AND PROVIDERS OF THIRD PARTY SERVICES OR PRODUCTS. Account Registration. We may require you to register and create a “Member” or “Merchant” account to use the Clover Service. If and when prompted by our registration process, you agree to (a) provide true, accurate, current and complete information about yourself and/or your business, and (b) maintain and update this information to keep it true, accurate, current and complete. If any information provided by you is untrue, inaccurate, not current or incomplete, we have the right to terminate your Clover Service account (“Account”) and refuse any and all current or future use of the Clover Service. Privacy and Data Use. All data collected from you at or inwww.clover.com connection with your use of the Clover Service, including Customer Information and information about your business and employees used with or stored in or by the Clover Services (collectively, “Account Data”), is collected by Clover and not Processor or Bank; therefore, the use and sharing of such Account Data is controlled by the Clover Privacy Policy (available at https://www.clover.com /privacy_policy). You acknowledge and agree that we may access your Account Data upon our request to Clover, and our use of your Account Data is governed by the terms set forth in the Agreement. Protecting Your Information. You are solely responsible for ensuring that your account numbers, passwords, security questions and answers, login details and any other security or access information used by you to use or access the Clover Service are kept safe and confidential. You must prevent unauthorized access to and use of any Account Data. You are responsible for all electronic communications sent to us or to any third party (including Clover) containing Account Data. When we receive communications containing Account Data, we assume you sent it to us. You must immediately notify us if you become aware of any loss, theft or unauthorized use of any Account Data. We reserve the right to deny you access to the Clover Service, in whole or in part, if we believe that any loss, theft or unauthorized use of any Account Data or access information has occurred. Accuracy of Information. You are solely responsible for ensuring the accuracy of all information and data regarding your business that you provide to us or our service providers in connection with the Clover Service (e.g., menus loaded onto the Device). In addition, you are solely responsible for verifying that all information and data loaded onto a Device by us or our service providers at your request are accurate prior to your business use of such Device. We and our service providers disclaim any and all liability arising out of any inaccuracies with respect to such information or data. Clover Service Disclaimer. USE OF THE CLOVER SERVICE OR ANY EQUIPMENT PROVIDED WITH THE CLOVER SERVICE IS AT YOUR OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE CLOVER SERVICE IS PROVIDED “AS IS” AND PROCESSOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND (EXPRESS OR IMPLIED) WITH REGARD TO THE CLOVER SERVICE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, OR THAT THE CLOVER SERVICE WILL FUNCTION UNINTER RUPTED OR ERROR-FREE, OR THAT THE CLOVER SERVICE IS SECURE, FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED. Indemnity. Without limiting your indemnification obligations in the Agreement, you agree to indemnify and hold us harmless from and against all losses, liabilities, damages, and expenses (including reasonable attorneys’ fees) arising out of or relating to: Your failure to comply with all terms and conditions in this Section 42, including but not limited to the Clover Ops Guide; Your use of any Customer Information obtained in connection with your use of the Clover Service; The content or delivery of any marketing messages that you send or cause to be sent to any Customer phone number or email address collected through the use of the Clover Service; or Any other party’s access and/or use of the Clover Service with your unique username, password, or other appropriate security code. Notices. We may provide notices and other information regarding the Clover Service to you via the method(s) described in the Agreement or in the E-Sign Consent Agreement set forth below. 43.14. d) c) b) a) 43.13. 43.12. 43.11. 43.10. 43.9. 43.8. 43.7. GenCP-WF-2602_PG_02.28.23 34 GeP Services.46.2.During the Clover Care Term, Clover Care protection is limited to 3 replacements GeP Services. We will provide GeP Services to you with respect to GeP transactions on the terms and conditions set forth in this Section. The list of foreign currencies supported under the GeP Services will be provided to you upon request and may be modified from time to time by us. Card types that we have approved for GeP Sales Transactions are VISA and Mastercard; we may modify the card types approved for GeP transactions from time to time on notice to you. Client acknowledges that Client is solely responsible for all aspects of a GeP transaction (other than the performance of GeP Services hereunder), including without limitation, obtaining the Cardholder’s consent to execute a GeP transaction, and complying with all Card Organization Rules applicable to merchants with respect to GeP transactions. The Foreign Currencies that Merchant has elected to support will be initially identified. Merchant shall notify us in writing of any additional Foreign Currencies that it wishes to support; if we support such currencies, we will work with the Merchant to implement such currencies for merchant within a commercially reasonable time frame. Authorization and Settlement between Servicers and Client of GeP Sales Transactions shall be made in the Foreign Currency on the basis of the Transaction Price of the GeP Sales Transaction. The US Dollar amount funded for each such transaction will be based on the applicable Local currency exchange rate provided by the applicable card organization for use on the day such transaction is submitted by Merchant for entitlement. Merchant shall be subject to any and all Foreign Currency exchange rate exposure and bear all such exchange rate exposure risk in connection with each GeP Sale Transaction. Refunds, Credits, returns and Chargebacks shall be treated as independent GeP transactions and the Transaction Rate used for refund, Credit, return and Chargeback transactions shall be determined by the applicable Card Organization. Merchant shall be subject to any and all Foreign Currency exchange rate exposure and bear all such exchange rate exposure in connection with refunds, credits, returns or Chargebacks. For the avoidance of doubt, except as expressly provided in this Guide, the terms and conditions of this Guide with respect to a card transaction (including the rights and obligations of Servicers and Merchant with respect to such a transaction) shall apply to GeP transactions. Upon written request from Merchant, and subject to written approval from American Express, we will support American Express multi-currency transactions on our platforms that have been certified by American Express for such purposes. Our support of American Express multi-currency transactions may be subject to additional fees. Merchant acknowledges and agrees that all fees in the Agreement that apply to and are payable by Merchant with respect to a Card transaction also apply to and are payable by Merchant with respect to a GeP transaction or American Express multi-currency transaction; in addition, GeP fees apply and are payable by the Merchant. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LOW, THE GEP SERVICES AND, IF APPLICABLE, SUPPORT OF AMERICAN EXPRESS MULTI-CURRENCY TRANSACTIONS ARE PROVIDED TO MERCHANT “AS IS”, WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY EXPRESS OR IMPLIED WARRANTIES, WARRANTIES OF NON-INFRINGEMENTS, MERCHANT ABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES THAT ANY SUCH SERVICES WILL BE COMPLETELY ACCURATE, ERROR-FREE OR AVAILABLE WITHOUT INTERRUPTION. Term; Suspension; Termination This GeP Service is coterminous with the Agreement and may be terminated in conjunction with or separate from the Agreement in accordance with the terms of this Section. If this GeP Service terminates prior to the termination of the Agreement, such termination shall not terminate the obligations or rights of the parties pursuant to provisions of this Section which are to survive or be perpetual or irrevocable. Such provisions (including payment or reimbursement obligations) shall survive termination of this Section. Client may terminate its participation in the GeP Services, and Servicers may cease to offer the GeP Services to Client with respect to the Card Organizations: (i) without cause upon not less than thirty (30) days’ written notice to the other party; or (ii) immediately upon written notice to the other party if Client or Servicers determine that continuing to utilize the GeP Services as provided herein will violate any applicable law or any provision of the Card Organization Rules. Termination of Client’s participation in the GeP Services by Client or Servicers shall terminate this Section. If Servicers reasonably suspect that Client is not in compliance with Card Organization Rules or the terms of this Section (including Section 46.2.4 above), Servicers, in their sole discretion, may: (a) immediately cease processing Client’s GeP Sales Transactions until such time as the Client verifies compliance to Servicer’ s satisfaction, and/or (b) terminate this agreement immediately. Servicers may terminate this Service: Immediately upon a breach by Client of its confidentiality obligations under this Section; For any of the reasons set forth in the Agreement that permit Servicers to terminate the Agreement if applicable to the GeP Services; or As otherwise set forth in this Section. Client may terminate this GeP Service for any of the reasons set forth in the Agreement that permit Client to terminate the Agreement if applicable to the GeP Services, or as otherwise set forth in this Section. Termination of the Agreement shall effect a termination of this GeP Service. Third Party Beneficiaries. Servicers are direct and intended third party beneficiaries to the Global ePricing Service, and may enforce their rights under this Section directly against Client. 46.4. 46.3.6. 46.3.5. c) b) a) 46.3.4. 46.3.3. 46.3.2. 46.3.1. 46.3. 46.2.8. 46.2.7. 46.2.6. 46.2.5. 46.2.4. 46.2.3. 46.2.2. 46.2.1. 46.2.a. b. c. a. b. c. a. b. During the Clover Care Term, Clover Care protection is limited to 3 replacements per device listed in this Agreement. We reserve the right to replace Included Equipment with refurbished units. You acknowledge that Clover Care protection extends only to the functionality of devices, and not to cosmetic appearance or other non-functional matters. If the model of unit to be replaced is no longer in inventory, we reserve the right to replace that unit with a model of the same or better functionality. Under no circumstances will we pay or credit you with cash in lieu of a replaced unit. For assistance with a failed unit, contact Customer Service. If we confirm that the unit is eligible for replacement, we will ship you a replacement unit at no additional cost. We reserve the right to replace each failed unit of your Included Equipment with refurbished equipment. You may elect to purchase a new unit at our then-current rates if you do not want a refurbished unit, but we will not apply any credit to the purchase price of a new unit. You must return each failed unit and its related accessories to us within 45 days after receiving the replacement unit. The package containing the replacement unit will include a prepaid shipping label for returning the failed unit. You must ship the failed unit (including any related unit accessories) in the same container we used to ship you the replacement unit. If you do not return a failed unit (or any related accessories) to us within 45 days, we will charge you our then-current rate for that unit or accessory. Exclusions. Clover Care does not: Replace or otherwise protect Included Equipment in cases of loss, theft, intentional damage, or damage to units incurred incidentally to fire or flood damage to your business premises. Clover Care is void if you breach this Agreement or your merchant processing agreement. Clover Care is not insurance nor a substitute for insurance; or Apply to defects or damage resulting from software, interfaces, or supplies we do not provide; loss or damage in transit between your locations; your or your vendors’ or users’ improper site preparation; or failure to follow written instructions on proper use of the Included Equipment. Merchants with Included Equipment located in New York: see Section 26.7 for material additional exclusions. We may charge you our then-current rate for any returned unit that: (1) the Agreement excludes from Clover Care, (2) has an expired Clover Care Term, (3) does not match the serial number of a unit for which you purchased Clover Care, or (4) results in a no-problem found claim (an “NPF Claim”). An NPF Claim will result if a factory technician could not reproduce your reported defect in the returned unit or the returned unit performs to specifications within the factory’s automated quality assurance testing program. New York Merchants. For Included Equipment located in New York, Clover Care protection does not include damage arising from normal wear and tear (except as arising from product defect) or accidental damage from handling. Subject to the conditions and exclusions set forth in this Agreement, Clover Care replaces, at no additional charge to you, Included Equipment that has failed due to manufacturer defects in materials or workmanship. In addition to the exclusions above, Clover Care does not replace or otherwise protect Included Equipment arising from causes other than manufacturer defects in material or workmanship, including without limitation: damage resulting from smashed or cracked units or screens; extraneous materials in the interior of the unit; contact with liquids; missing unit covers; melted or burnt units; cosmetic damage; your or your vendors’ or users’ improper or inadequate maintenance; or other visible damage. Clover Care is void if you breach this Agreement. Clover Care is not insurance nor a substitute for insurance. You acknowledge that the Fees charged by us are not reduced for Included Equipment located in New York, even though there are lesser protections provided and broader exclusions. 46. Special Provisions Regarding Global ePricing Services If you elect to receive the Global ePricing Service, the terms and conditions of this Section 46 shall apply. The Global ePricing Service (“GeP Service”) is provided to you by Processor and Bank. Capitalized terms used in this Section 46 and not otherwise defined herein shall have the same meaning set forth in the Agreement. Definitions. Foreign Currency means the currency other than the Local Currency. GeP Sales Transaction means a card not present transaction between Client and a Cardholder in which the Client presents the Transaction Price in a card not present environment and the Cardholder authorizes (i) the Transaction Price to be submitted to a Card Organization for settlement, and (ii) that the Cardholder’s account will be charged for the Transaction Price. GeP Service Provider has the meaning set forth in Section 46.2.2. GeP Services means the merchant pricing of goods and services in a Foreign Currency and the activity undertaken by Servicers and/or a GeP Service Provider to authorize, process, and settle GeP transactions initiated by Cardholders using a card type approved by Servicers for use with GeP Sales Transactions in a card not present environment established and maintained by a Client domiciled in the United States or United States territories, or other countries permitted by Servicers. Merchant acknowledges that Dynamic Currency Conversion as defined by Card Organization rules is not permitted or provided under GeP service. GeP Sponsor Bank has the meaning set forth in Section 46.2.2. Local Currency means US Dollars (i.e., the currency associated with the domicile of the Merchant utilizing the GeP Service). Transaction Price means the price for a product or service sold by the Client in a card not present environment as quoted by the Client to a Cardholder in a Foreign Currency. Transaction Rate means the then-current Foreign Currency exchange rate used by the Card Organizations or their designee from time to time to convert the net funding amount into the Local Currency. 46.1. 45.7. 45.6. 45.5. 45.4. 45.3. GenCP-WF-2602_PG_02.28.23 35 exclusive venue for any actions or claims arising under or related to this AgreementIndemnification.46.5. exclusive venue for any actions or claims arising under or related to this Agreement shall be in the appropriate state or federal court located in Suffolk County, New York. Waiver of Jury Trial. ALL PARTIES IRREVOCABLY WAIVE ANY AND ALL RIGHTS THEY MAY HAVE TO A TRIAL BY JURY IN ANY JUDICIAL PROCEEDING INVOLVING ANY CLAIM RELATING TO OR ARISING UNDER THIS AGREEMENT. 50. Other Terms Force Majeure. No party shall be liable for any default or delay in the performance of its obligations under this Agreement if and to the extent such default or delay is caused, directly or indirectly, by (i) fire, flood, earthquake, elements of nature or other acts of God;(ii) any terrorist attacks or outbreak or escalation of hostilities, war, riots or civil disorders in any country; (iii) any act or omission of the other party or any government authority;(iv) any labor disputes (whether or not employees’ demands are reasonable or within the party’s power to satisfy); or (v) the nonperformance by a Person for any similar cause beyond the reasonable control of such party, including without limitation, failures or fluctuations in telecommunications or other equipment. In any such event, the non-performing party shall be excused from any further performance and observance of the obligations so affected only for as long as such circumstances prevail and such party continues to use commercially reasonable efforts to recommence performance or observance as soon as practicable. Notwithstanding anything to the contrary in this paragraph, your failure to receive payment or funds from a Person shall not excuse the performance of your obligations to us under this Agreement. Compliance with Laws. In performing its obligations under this Agreement, each party agrees to comply with all laws and regulations applicable to it. You further agree to cooperate and provide information requested by Servicers, as Servicers determine necessary, to facilitate Servicers compliance with any applicable law including without limitation the rules and regulations promulgated by the Office of Foreign Assets Control of the US Department of the Treasury. You further acknowledge and agree that you will not use your merchant account and/or the Services for illegal transactions, for example, those prohibited by the Unlawful Internet Gambling Enforcement Act, 31 U.S.C. Section 5361 et seq, as may be amended from time to time, or those involving any Person listed on the U.S. Department of Treasury, Office of Foreign Assets Control, Specially Designated Nationals and Blocked Persons List (available at ) or the U.S.www.treas.gov/ofac Department of State’s Terrorist Exclusion List (available at www.state.gov), or for the processing and acceptance of transactions in certain jurisdictions pursuant to 31 CFR Part 500 et seq. a enforced by the Office of Foreign Assetsnd other laws Control (“OFAC”) or in connection with illegal activity of any kind. Notices. Except as otherwise specifically provided, all notices and other communications required or permitted hereunder (other than those involving normal operational matters relating to the processing of Card transactions) shall be in writing, if to you at your address appearing in the Application or by any electronic means, including but not limited to the e-mail address you have provided on the Application. If to us at our address appearing in Section A.5 of Part IV of this Agreement, with a copy to Attention: General Counsel’s Office, 3975 N.W. 120th Avenue, Coral Springs, FL 33065, and Notices shall be deemed to have been given (i) if sent by mail or courier, upon the earlier of five (5) days after mailing or when actually received or, in the case of courier, when delivered, and (ii) if sent by facsimile machine, when the courier confirmation copy is actually received. Notice given in any other manner shall be effective when actually received. Notices sent to the your last known address (including e-mail address), as indicated in our records, shall constitute effective notice to the Merchant under this Agreement. If you change your address (including your e-mail address), you must notify us at least 30 days prior of the effective date of any such change. Failure to provide us with a valid address (including e-mail address) may result in the termination of the Agreement. Notwithstanding the above, all bankruptcy or collection related notices must be sent to the following address Telecheck Services Inc., PO Box 6806, Hagerstown, MD 21741-6806, Attn: Bankruptcy and Collection Notifications. All such notices must include the related merchant name and merchant number. Failure to provide Notice to this address or include this pertinent merchant information will be deemed ineffective. All notices must include your merchant name(s) and merchant number (s). Failure to provide notice in the manner described in this Section will be deemed ineffective. Headings. The headings contained in this Agreement are for convenience of reference only and shall not in any way affect the meaning or construction of any provision of this Agreement. Severability. The parties intend every provision of this Agreement to be severable. If any part of this Agreement is not enforceable, the remaining provisions shall remain valid and enforceable. Entire Agreement; Waiver. This Agreement constitutes the entire Agreement between the parties with respect to the subject matter thereof, and supersedes any previous agreements and understandings. A party’s waiver of a breach of any term or condition of this Agreement shall not be deemed a waiver of any subsequent breach of the same or another term or condition. Amendment. We may modify any provision of this Agreement by providing written notice to you. You may choose not to accept the requirements of any such change by terminating the Agreement within twenty (20) days of receiving notice. If you choose to do so, notify us that you are terminating for this reason so that we may waive any early termination fee that might otherwise apply. For purposes of this section, an electronic or “click-wrap” notice intended to modify or amend this Agreement and which you check “I Accept” or “I Agree” or otherwise accept through an electronic process, shall constitute in writing as required herein. This Section 50.7 does not apply to fee changes, which are governed by Sections 26.4 and 26.5. Third Party Beneficiaries. Our respective Affiliates and any Persons we use in providing the Services are third party beneficiaries of this Agreement and each of them may enforce its provisions as it was a party hereto. Except as expressly provided in this Agreement, nothing in this Agreement is intended to confer upon 50.8. 50.7. 50.6. 50.5. 50.4. 50.3. 50.2. 50.1. 49.3. Indemnification. All limitations of liability and liability disclaimers set forth in the Agreement shall apply to any liability of Servicers and the liability of Servicers shall be limited to the same amount and to the same extent as Servicers’ limitations set forth in the Agreement. In addition to the indemnification obligations in the Agreement, Client agrees to indemnify and hold harmless Servicers from and against all losses, liabilities, damages, and expenses (including reasonable attorneys’ fees and collection costs) resulting from third party claims related to any acts or omissions of Client in connection with any GeP Sales Transaction or other GeP transaction, including any alleged misrepresentation or deceptive or unlawful trade practice, a violation of applicable law or the Card Organization Rules, or a breach of any of Client’s obligations under this Section. Any limitations on Client’s liability which may be specified in the Agreement shall not be applicable to Client’s indemnification obligation set forth in the preceding sentence. 47. PCI Concierge Terms and Conditions If you elect to use the PCI Concierge service, the terms in this section will apply (“”).PCI Concierge Terms and Conditions PCI Concierge is provided to you only by Processor and its third-party provider (such third party provider is ), and not Bank. Bank will have no obligationsProvider or liability for the PCI Concierge service. PCI Concierge is a service provided by Provider that assists you over the internet and phone with the components needed for PCI DSS compliance validation. The PCI Concierge service includes assisting you to complete a Security Assessment Questionnaire () and, in some circumstances, scanning of yourSAQ external (public) facing IP address(es) that has access to the internet. The cost of the scan for the external (public) facing IP address(es) is included in the PCI Concierge Service. After you enroll in the PCI Concierge service, you will create an online account with Provider by reading and agreeing to Provider’s Terms and Conditions, and you agree to comply with Provider’s Terms and Conditions. To fulfill part of the requirements for the SAQ, you will answer a series of questions about how your business operates, and Processor and Provider will record your answers. You are required to answer completely, accurately, and honestly, so that the information recorded is correct and you acknowledge that Processor and Provider will rely on your responses. Provider will then assist you with an attestation of compliance that Processor and Provider store in to serve as a record of your compliance validation. If online scanning is needed as part of your validation, Provider will arrange and schedule that scanning. Provider will review your scan results with your designated point of contact and explain any actions that you may need to take to comply with applicable PCI DSS requirements. Fees You agree to pay a Monthly Fee for your enrollment in the PCI Concierge service (the ). The PCI Concierge Fee shall onlyPCI Concierge Fee apply to your current year’s attestation of compliance. If you elect to utilize the PCI Concierge service for future years’ attestations, you will be charged the then-current rate for the applicable attestation year(s) in which you utilize the PCI Concierge service. Any additional services that may be required for you to comply with the PCI DSS are separate and apart from the PCI Concierge Services and may incur an additional fee, as applicable. Either party may terminate the PCI Concierge service by providing the other party at least 30 days’ prior written notice. Processor or Provider may terminate this Addendum without notice if you breach the Agreement. If you terminate the PCI Concierge service before your Agreement expires or is terminated, you will be charged the Annual Compliance Service Fees and Non- Receipt of PCI Validation Fees (as applicable) at then current rates for the duration of your Agreement. Disclaimer of warranties To the fullest extent permitted by applicable law, the PCI Concierge service is provided to you “as is,” without any representations or warranties of any kind. This disclaimer includes express and implied warranties such as warranties of merchantability or fitness for a particular purpose. There are no warranties that the PCI Concierge service will be completely error free or be available without interruption. 48. Commercial Card Interchange Service. You agree that your merchant account may utilize the Commercial Card Interchange Service ().CCIS Visa and Mastercard apply different interchange rates to commercial card transactions based on the level of transaction detail you provide in your settlement files. Including the sales tax amount for your commercial card transactions can help you qualify for lower interchange rates (although other qualification factors also apply). If you are not collecting the sales tax amount yourself and transmitting it in your settlement file, CCIS will calculate and transmit the sales tax amount for those commercial card transactions that will qualify for lower interchange rates. This service does not affect (1) the total amount of any submitted transaction, or (2) your sales tax collection or reporting obligations under any tax laws or regulations that apply to you or your business. Our fee for CCIS is the percentage listed on your Merchant Processing Application of the resulting interchange savings for Visa and Mastercard transactions, as applicable. If a transaction is fully or partially exempt, you should enter the tax amount (even if that amount is $0.00) as CCIS applies your local tax rate to the full amount of transactions when the prompt is bypassed. 49. Choice of Law; Venue; Waiver of Jury Trial Choice of Law. Choice of Law. Our Agreement shall be governed by and construed in accordance with the laws of the State of New York (without regard to its choice of law provisions). Venue. We have substantial facilities in the State of New York and many of the services provided under this Agreement are provided from these facilities. The 49.2. 49.1. 48.4. 48.3. 48.2. 48.1. 47.3. 47.2. 47.1. 46.5.2. 46.5.1. 46.5. GenCP-WF-2602_PG_02.28.23 36 account numbers of Cardholders.any Person any rights or remedies, and the parties do not intend for any Persons to account numbers of Cardholders. Card Not Present Sale/Transaction: A transaction that occurs when the Card is not present at the point-of-sale, including Internet, mail-order and telephone-order Card sales. Card Verification Codes: A three-digit value printed in the signature panel of most Cards and a four-digit value printed on the front of an American Express Card. Visa’ s Card Verification Code is known as CVV2; Mastercard's Card Verification Code is known as CVC2; the Card Verification Codes for Discover Network, PayPal, Alipay, and American Express are known as a Card Identification Numbers (CID). Card Verification Codes are used to deter fraudulent use of an account number in a non- face-to-face environment, (e.g., mail orders, telephone orders and Internet orders). Card Verification Value (CVV)/Card Validation Code (CVC)/Card Identification Data (CID): A unique value encoded on the Magnetic Stripe of a Card used to validate Card information during the Authorization process. Cardholder Verification Method (CVM): A method used to confirm the identity of a Cardholder and to signify Cardholder acceptance of a transaction, such as signature, Offline PIN, and Online PIN. Cash Benefits: An EBT account maintained by an Issuer that represents pre- funded or day-of-draw benefits, or both, administered by one or more government entities, and for which the Issuer has agreed to provide access under the EBT program. Multiple benefits may be combined in a single cash benefit account. Cash Over Transaction: Dispensing of cash by a merchant in connection with a Card sale, other than a PIN Debit Card transaction, for the purchase of goods or services. Charge or Charges: The total price, including all applicable taxes and gratuities, for the purchase of goods or services at a merchant for which a Cardholder has signed a Sales Draft or otherwise indicated intent to pay with a Card. Chargeback: A Card transaction (or disputed portion) that is returned to us by the Issuer. Client is responsible for payment to us for all Chargebacks. Chip: An integrated microchip embedded on a Card containing cardholder and account information. Chip Card: A Card with an embedded EMV-compliant chip containing memory and interactive capabilities used to identify and store additional data about a Cardholder, an Account, or both. Claim: Means any claim (including initial claims, counterclaims, cross-claims, and third party claims), dispute, or controversy between you and us arising from or relating to the Agreement or prior Card acceptance agreements, or the relationship resulting therefrom, whether based in contract, tort (including negligence, strict liability, fraud, or otherwise), statutes, regulations, or any other theory, including any question relating to the existence, validity, performance, construction, interpretation, enforcement, or termination of the Agreement or prior Card acceptance agreements or the relationship resulting therefrom. Contactless Payment: Payment performed in a Card-Present Environment with a Contactless card or Payment Device (e.g., Mobile phone) at the Point-of- Transaction. Client: The party identified as “Client” on the Application. The words “Subscriber,” “you” and “your” refer to Client. Also, sometimes referred to as “Merchant.” Credit: A refund or price adjustment given for a previous purchase transaction. Credit Card: a payment account that is (a) presented to you in various forms (including cards, fobs, tags, mobile devices, or virtual forms), (b) bears the Mark of a Payments Organization, and (c) enables the Cardholder to buy goods or services on credit. Credit Draft: A document evidencing the return of merchandise by a Cardholder to a Client, or other refund or price adjustment made by the Client to the Cardholder, whether electronic, paper or some other form, all of which must conform to Card Organization Rules and applicable law. Credit Limit: The credit line set by the Issuer for the Cardholder’s Credit Card account. Customer Activated Terminal (CAT): A magnetic stripe terminal or chip-reading device (such as an automatic dispensing machine, Limited Amount Terminal, or Self- Service Terminal) that is not an ATM. Data Incident: any actual or potential unauthorized or fraudulent access to (or use, disclosure, or alteration of) transaction data, whether consisting of a single event, a continuous course of events, or a series of related events. Data Incident Expenses: means: (a) any obligations that you have to us arising from a Data Incident including EMV Upgrade Costs; (b) the costs of a security assessment conducted by a qualified security assessor approved by a Payments Organization or PCI to determine the cause and extent of a Data Incident; and (c) any reasonable fees and expenses incurred by us, or by you with our prior written consent, for any Mitigation Services specifically approved by us in writing but only if the Mitigation Services are provided within one (1) year following discovery of the relevant Data Incident. Data Usage Charge: Charged to you for our processing of Sales Data sent to us. Debit Card: a payment account that is (a) presented to you in various forms (including cards, fobs, tags, mobile devices, or virtual forms), (b) bears the Mark of a Payments Organization, and (c) enables the Cardholder to buy goods or services by debiting the Cardholder’s bank account or stored value/prepaid account. Dial-Up Terminal: An Authorization device which, like a telephone, dials an Authorization Center for validation of transactions. Discount Rate: A percentage rate and/or amount charged to a merchant for processing its qualifying daily Credit Card and Non-PIN Debit Card transactions, as set forth in the Application. Transactions that fail to meet applicable interchange requirements will be charged additional amounts as set forth in Section 26.1. any Person any rights or remedies, and the parties do not intend for any Persons to be third-party beneficiaries of this Agreement. Card Organization Rules. The parties acknowledge that the Visa, Mastercard, Discover Network, PayPal, and Alipay Card Organization Rules give Visa, Mastercard, Discover Network and PayPal certain rights to require termination or modification of this Agreement with respect to transactions involving Visa, Mastercard, Discover Network and PayPal Cards and the Visa, Mastercard, Discover Network, PayPal, and Alipay Card systems and to investigate you. The parties also acknowledge that issuers of other Cards, for which we perform services on your behalf, may have similar rights under their applicable Card Organization Rules with respect to this Agreement’s applicability to transactions involving such other Cards. Publicity. Client may not use the logo, name, trademark, or service mark of Processor and/or Bank in any manner, including without limitation, in any advertisements, displays, or press releases, without the prior written consent of Processor and Bank. E-SIGN CONSENT AGREEMENT Consent By signing the Confirmation Page, you consent and agree that: Processor can provide disclosures required by law and other information about your legal rights and duties to you electronically. Where required or requested, your electronic signature (via “click-through” or other method) on agreements and documents relating to the Clover Service has the same effect as if you signed them in ink. Processor can send all communications, billing statements, amendments to the Clover Service, notices, and other disclosures or information regarding the Clover Service or your use of the Clover Service or the Services as defined in the Agreement (collectively defined as “Disclosures”) to you electronically (1) via e-mail, (2) by access to a web site that we designate in an e-mail notice we send to you at the time the information is available, or (3) to the extent permissible by law, by access to a website that we will generally designate in advance for such purpose. If you want a paper copy, you can print a copy of the Disclosure or download the information for your records. This consent applies to all future Disclosures sent to you in connection with the Clover Service, the Agreement, or your use of the Clover Service or the Services as defined in the Agreement. Legal Effect By consenting, you agree that electronic Disclosures have the same meaning and effect as if Processor provided paper Disclosures to you. When Processor sends you an email or other electronic notification alerting you that the Disclosure is available electronically and makes it available online, that shall have the same meaning and effect as if Processor provided a paper Disclosure to you, whether or not you choose to view or print or download the Disclosure. 51. Glossary As used in this Agreement, the following terms mean as follows: Address Verification Service (“AVS”): A service provided through which the merchant verifies the Cardholder’s address, in whole or in part. Primarily used by Mail/Telephone/ Internet order merchants, Address verification is intended to deter fraudulent transactions, however, an AVS Match does not guarantee that a transaction is valid. An AVS request should generally be submitted with an authorization request. The AVS response, if available, however will not impact whether any associated authorization request is approved or denied. You may be charged an AVS fee for any AVS request you submit even if we are not able to provide a response to the request. Affiliate: Person that, directly or indirectly, (i) owns or controls a party to this Agreement or (ii) is under common ownership or control with a party to this Agreement. Application: the Application for Services executed by you. Authorization: approval by, or on behalf of, the Issuer to validate a transaction. An Authorization indicates only that the Issuer has confirmed there is sufficient availability of funds on the Cardholder’s account at the time the Authorization is requested. Authorization Approval Code: A number issued to a participating merchant by the Authorization Center which confirms the Authorization for a sale or service. Authorization and Capture: Refers to the communication of instructions from your POS device or other systems to our computer systems, whether the communications are for authorization requests or any other capture of information. Authorization Center: A department that electronically communicates a merchant’s request for Authorization on Credit Card transactions to the Cardholder’s bank and transmits such Authorization to the merchant via electronic equipment or by voice Authorization. Bank: The bank identified on the Application signed by you. Bankruptcy Code: Title 11 of the United States Code, as amended from time to time. Batch: A single Submission to us of a group of transactions (sales and Credits) for settlement. A Batch usually represents a day’s worth of transactions. Business Day: Monday through Friday, excluding Bank holidays. Card: See either Credit Card or Debit Card. Cardholder: Means the Person whose name is embossed on a Card and any authorized user of such Card, also referred to as Card Member by American Express. Cardholder Information: the data contained on a Card, or otherwise provided to you, that is required by the Payments Organization or us in order to process, approve and/or settle a Card transaction, including the names, addresses and Card 50.11.2. e) d) c) b) a) 50.11.1. 50.11. 50.10. 50.9. GenCP-WF-2602_PG_02.28.23 37 Non-PIN Debit Card: A device with a Visa, Mastercard or Discover Network MarkElectronic Benefit Transfer (EBT): An Electronic Benefits Transfer system used to Non-PIN Debit Card: A device with a Visa, Mastercard or Discover Network Mark that is tied to a Cardholder’s bank account or a prepaid account and which is processed without the use of a PIN. Non-Qualified Interchange Fee: The difference between the interchange fee associated with the Anticipated Interchange Level and the interchange fee associated with the more costly interchange level at which the transaction actually processed. Non-Qualified Surcharge: A surcharge applied to any transaction that fails to qualify for the Anticipated Interchange Level and is therefore downgraded to a more costly interchange level. The Non-Qualified Surcharge (the amount of which is set forth on the Service Fee Schedule) is in addition to the Non-Qualified Interchange Fee, which is also your responsibility (see above, Section 26.1) PAN Truncation: A procedure by which a Cardholder’s copy of a Sales Draft or Credit Draft, or as required by applicable law, the Sales Draft or Credit Draft you retain, will only reflect the last four digits of the Card account number. Payments Organization: any payments association or payments network we support whose cards or other payment forms you accept under your merchant processing agreement. Person: A third party individual or Entity, other than the Client, Processor or Bank. PIN: the personal identification number associated with a Debit Card. PIN Debit: a type of transaction using a Debit Card that requires a Cardholder to enter a PIN for authentication. PINless Debit: a type of PIN Debit transaction that, under applicable Rules and for qualifying transactions, does not require the Cardholder to enter a PIN for authentication. Point of Sale (POS) Terminal: A device placed in a merchant location which is connected to the Processor’s system via telephone lines and is designed to authorize, record and transmit settlement data by electronic means for all sales transactions with Processor. Processor: The entity identified on the Application (other than the Bank) which provides certain services under the Agreement. Program Guide (also known as the Merchant Services Program Terms and Conditions): The booklet which contains Your Payments Acceptance Guide, the General Terms, Third Party Agreements and the Confirmation Page, which together with the Application and the Schedules thereto and documents incorporated therein, constitute your Agreement with Processor and Bank. Recurring Payment Indicator: A value used to identify transactions for which a Cardholder provides permission to a merchant to bill the Cardholder’s Card account at either a predetermined interval or as agreed by the Cardholder for recurring goods or services. Referral: A message received from an Issuer when an attempt for Authorization requires a call to the Voice Authorization Center or Voice Response Unit (VRU). Reserve: money we owe to you (net of any obligations you owe to us) that we hold back in order to secure or fund your obligations with us. Reserve Account: An account established and funded at our request or on your behalf, pursuant to Section 32 of the Agreement. Retrieval Request/Transaction Documentation Request: A request for documentation related to a Card transaction such as a copy of a Sales Draft or other transaction source documents. Rules: the rules, regulations, standards, releases, interpretations and other requirements (whether contractual or otherwise) imposed or adopted by any Card Organization and related authorities, including those of the PCI Security Standards Council, LLC, the National Automated Clearing House Association and (with respect to EBT transactions) the Quest Operating Rules. Sales/Credit Summary: The identifying form used by a paper Submission merchant to indicate a Batch of Sales Drafts and Credit Drafts (usually one day’s work). Not a Batch header, which is used by electronic merchants. Sales Draft: Evidence of a purchase, rental or lease of goods or services by a Cardholder from, and other payments to, Client using a Card, including preauthorized orders and recurring transactions (unless the context requires otherwise); regardless of whether the form of such evidence is in paper or electronic form or otherwise, all of which must conform to Card Organization Rules and applicable law. Schedules: The attachments, addenda and other documents, including revisions thereto, which may be incorporated into and made part of this Agreement concurrently with or after the date of this Agreement. Self-Service Terminal: A Customer Activated Terminal that accepts payment of goods or services such as prepaid cards or video rental, has electronic capability, and does not accept PINs. Servicers: Bank and Processor collectively. The words “we,” “us” and “our” refer to Servicers, unless otherwise indicated. Services: the activities undertaken by us to authorize, process and settle Card transactions undertaken by Cardholders at your location(s), and all other services provided by us under this Agreement. Settlement Account: An account or account(s) at a financial institution designated by you as the account to be debited and credited by us for Card transactions, fees, Chargebacks and other amounts due under the Agreement or in connection with the Signature Debit: a type of transaction using a Debit Card that requires the Cardholder to provide a signature for authentification rather than a PIN. Electronic Benefit Transfer (EBT): An Electronic Benefits Transfer system used to deliver certain government delivered benefits, including without limitation Cash Benefits and FNS, SNAP and WIC Benefits, to EBT customers. Electronic Draft Capture (EDC): A process which allows a merchant’s Dial-Up Terminal to receive Authorization and capture transactions, and electronically transmit them to the Processor. This eliminates the need to submit paper for processing. EMV Upgrade Costs: the costs you agree to incur to upgrade payment acceptance and processing hardware and software to enable you to accept and process EMV- enabled Cards in a manner compliant with the PCI DSS. Entity: Means a corporation, partnership, sole proprietorship, trust, association, or any other legally recognized entity or organization. Factoring: The submission of authorization requests and/or Sales Drafts by a merchant for Card sales or cash advances transacted by another business. Factoring is prohibited. Fixed Acquirer Network Fee (FANF): Fee that applies to the acceptance of all Visa branded products and is based on both the size and the number of merchant locations. The fee will be assessed per merchant Taxpayer ID, based on the number of merchant locations, Merchant Category Code (MCC), and monthly Total Gross merchant Sales Volume associated with each Taxpayer ID. Fraud Full Recourse: One of American Express’s Chargeback programs General Terms: Section of the Program Guide, including any amendments or modifications. Gross: When referred to in connection with transaction amounts or fees, refers to the total amount of Card sales, without set-off for any refunds or Credits. Imprinter: A manual or electric machine used to physically imprint the merchant’s name and ID number as well as the Cardholder’s name and Card number on Sales Drafts. Issuer: The financial institution or Card Organization (or other Entity authorized by a Card Organization) which has issued a Card to a Person. Limited Amount Terminal: A Customer Activated Terminal that has data capture only capability, and accepts payment for items such as parking garage fees, road tolls, motion picture theater entrance, or magnetic-stripe telephones. Magnetic Stripe: A stripe of magnetic information affixed to the back of a plastic Credit or Debit Card. The Magnetic Stripe contains essential Cardholder and account information. Marks: Names, logos, emblems, brands, service marks, trademarks, trade names, tag lines or other proprietary designations. Mastercard Account Status Inquiry Service Fee: Zero dollar Account Status Inquiry Service requests (including AVS, CVC2 or both). Mastercard CVC2 Fee: A fee assessed for transactions acquired in the U.S. Region with the CVC2 (Three digit code on the back of the Mastercard issued card) included in the transaction for authorization and where the CVC2 response value equals ‘M’ (Match) or ‘N’ (Invalid /did not match). The fee will not be applied to Account Status Inquiry (ASI) requests. Mastercard Digital Enablement Fee: A fee assessed by Mastercard on select Card Not Present transactions. Mastercard Processing Integrity Fee: The Mastercard Processing Integrity Fee is assessed in the event Mastercard cannot match an approved authorization to a settled transaction (within 120 days from the date the authorization was granted) or a reversal request (within a specific time frame). The Processing Integrity Fee can be avoided by settling transactions only with an approved authorization. If an authorization approval is no longer needed, it must be electronically reversed within 24 hours for a card-present transaction or within 72 hours for card not present transaction. Media: The documentation of monetary transactions (i.e., Sales Drafts, Credit Drafts, computer printouts, etc.) Merchant Identification Card: A plastic embossed card supplied to each merchant to be used for imprinting information to be submitted with each Batch of paper Sales Drafts. Embossed data includes Merchant Identification Number, name and sometimes merchant ID code and terminal number. Merchant Identification Number: A number that numerically identifies each merchant location, outlet, or line of business to the Processor for accounting and billing purposes. Merchant Processing Application: The Merchant Processing Application and Agreement executed by Client, which is one of the documents comprising the Agreement. Merchant Provider: Any Person engaged by you to provide services to you involving or relating to (i) access to Cardholder data, transaction data or information related to either Cardholder data or transaction data or (ii) PIN encryption, including without limitation, Encryption Service Organizations (ESOs). Mitigation Service: a service provided to a cardholder whose information is the subject of a Data Incident, where the primary purpose of the service is to mitigate the effects of the Data Incident, including identity theft education and assistance and credit monitoring. Non-Bank Services: Products and/or Services for which Bank is not responsible or a party to including American Express, PIN Debit Card, and Electronic Benefits Transfer Transactions, TeleCheck Check Services, and Transactions Involving Cards from other Non-Bank Card Organizations, such as Voyager Fleet Systems, Inc., Wright Express Corporation and Wright Express Financial Services Corporation, Discover, PayPal, Alipay, TransArmor, Wireless, Payeezy Gateway Services, Global ePricing Services and other items as may be indicated in this Program Guide. GenCP-WF-2602_PG_02.28.23 38 Store and Forward: A transaction that has been authorized by a merchant when Store and Forward: A transaction that has been authorized by a merchant when the merchant cannot obtain an Authorization while the customer is present, typically due to a communications failure. The merchant will store the transaction electronically in their host system and retransmit the transaction when communications have been restored. Summary Adjustment: An adjustment to your Submission and/or Settlement Accounts in order to correct errors. Telecommunication Card Sale: Individual local or long-distance telephone calls, for which the telephone service provider is paid directly by use of a Card. These do not include, however, calls paid for with pre-paid telephone service cards. Telecommunication Card Sales are considered Card Not Present Sales. Transaction Fees: Service costs charged to a merchant on a per transaction basis. Transaction Integrity Fee: Fee assessed on Visa Debit Card and prepaid Card purchase transactions that either fail or do not request CPS qualification. Us, We and Our: See Servicers. Wireless Networks: certain cellular telephone and data networks to which we have access though Wireless Vendors. Wireless Services: wireless data communication services that use radio base stations and switching offered by Wireless Networks in order to allow you to capture and transmit to us certain wireless Card Authorization transactions or to transmit other communications to our system. Wireless Software: wireless software (including any documentation relating to or describing the wireless software) downloaded by you or your designee from our systems onto the Wireless Equipment. Wireless Vendors: one or more third party vendors selected by us in our sole discretion through whom we have acquired the right to resell Wireless Services. You, Your: See Client. Your Payments Acceptance Guide: a quick reference to the guidelines for processing transactions. You’ll also find recommendations and tips to help you prevent fraud, reduce chargebacks, and properly handle payments, refunds, exchanges, and most other situations you’ll encounter in your day-to day-business. GenCP-WF-2602_PG_02.28.23 39 the Item represents the consumer’s payment obligation to Company for its goods or services, and has not been used in another transaction; the amount of the Item (a) is for the price of Company’s goods or services, (b) matches the amount submitted to TeleCheck for processing, and (c) does not exceed the Warranty Maximum; the Item was not submitted as a split sale or in other ways to avoid these warranty requirements or the Warranty Maximum; the Item is not for credit, cash, or payment on an account, debt, or Item already due to Company; the Item does not pre-date or post-date the date of the transaction and corresponding inquiry to TeleCheck by more than 1 calendar day; the transaction and corresponding Item are not subject to any stop payment, dispute or setoff right; Company is not aware of anything that invalidates the Item, prevents its collection, or relieves the consumer from liability for it; and Company provided the notices required by applicable Law (defined in Section below), authorizing TeleCheck to process the Item as an electronic funds21.1 transfer or remotely created check and imposing (and authorizing such processing of) a fee for Return Items. Requirements For In Person Payments: If a consumer presents a paper check in- person at Company’s point of purchase location, in addition to those in Section above the following requirements apply and must be followed in accordance1.4 A. with TeleCheck’s operating guidelines and specifications: (a) the consumer signed an authorization to debit consumer’s account and consumer’s signature on the authorization reasonably matches the name imprinted on the Item; (b) the authorization must be clearly and conspicuously posted and a copy of the authorization must be provided to the consumer and (c) the Item must be voided and returned to the consumer after submission to TeleCheck for processing. If such in-person payment is approved as a paper check that cannot be settled as an electronic funds transfer, the additional requirements in below apply.Section 1.4 F Requirements For Online Payments: If a consumer makes an online payment, the following requirements apply in addition to those in above: (a) theSection 1.4 A consumer electronically authorized the transaction in accordance with TeleCheck operating guidelines and specifications and (b) the payment website site authenticates the consumer’s identity and uses appropriate site security and internet session security standards in accordance with the NACHA Rules. Requirements For Phone Payments: If the consumer makes payment over the phone, the following requirements apply in addition to those in Section 1.4 A. above: (a) the consumer provided a telephonic authorization in accordance with TeleCheck operating guidelines and specifications; (b) the payment is not the result of Company initiating an unsolicited telephone call to consumer with which Company had no prior relationship; and (c) Company directly tape recorded the verbal telephonic authorization from consumer or, alternatively, Company sent the required written confirmation notice of the oral authorization to the consumer. Requirements for Mail/Drop Box Checks: If the consumer provides a paper check which was mailed in or submitted in a drop box to Company, the requirements in above apply except (a) the check must be forSection 1.4A payment that is not more than 60 days past due; (b) the check must not be post- dated or dated earlier than 20 days from the date of inquiry to TeleCheck; and (d) Company must securely store the check for at least 60 days following the corresponding payment transaction at which time it must be destroyed. Additionally, the consumer must not have notified Company that the check was not to be converted into an electronic funds transfer. If such mail/drop box check is approved as a paper check that cannot be settled as an electronic funds transfer, the additional requirements in below apply.Section 1.4 F Requirements for Mobile Checks or any Checks Approved as Paper Only. If TeleCheck approves an Item as a paper check that could not be settled as an electronic funds transfer (i.e. check is to be deposited by Company) or the check is submitted to TeleCheck as an image through a mobile device (either, a Paper ), the following requirements apply in addition to those in Settlement Item Section above: (a) the check must include the consumer’s name (imprinted by the1.4 A manufacturer), physical address (imprinted by the manufacturer or written on the check according to TeleCheck’s operating guidelines – P.O. Boxes will not be accepted), phone number (with area code), identification type and number (imprinted or written on check), Company’s TeleCheck Subscriber Number and TeleCheck’s approval code; (b) the consumer’s signature must reasonably match the name imprinted on the check and (c) Company must send Paper Settlement Items that were presented in-person at Company’s point of purchase and that become Return Items directly from its financial institution to TeleCheck within 30 days of the date on the check. If the Paper Settlement Item was mailed in or submitted in a drop box by the consumer to Company, or if the Item was presented by the consumer to Company and submitted through a mobile device by Company to TeleCheck, and subsequent to the transaction TeleCheck instructs Company to deposit the check (due to image quality issues (a ),Redeposit Check Item Company must deposit the Redeposit Check Item within 2 days of TeleCheck’s instruction to do so and TeleCheck must receive it for purchase within 45 days of the date on the check. Paper Settlement Items and Redeposit Check Items may only be presented once for payment (TeleCheck will not accept Paper Settlement F. E. D. C. B. (13) (12) (11) (10) (9) (8) (7) (6)1. Services TeleCheck will provide Company with the services indicated in the TeleCheck Services Application and Agreement () which may include:TeleCheck Application (i) coded information that it may use when deciding whether to accept a check or electronic funds transfer item (each an , and together, ) when provided byItemItems its consumers as payment, (ii) settlement processing services and (iii) warranty or verification services; all as described in this Agreement (together, ).Services TeleCheck will be Company’s exclusive provider of the Services during the Term (defined below) of this Agreement. Company agrees to the terms of this Agreement by signing the TeleCheck Application; clicking “Accept” or “Install” when presented via an App (as applicable and described below); or using any of the Services. Company acknowledges that the Specialty Items (Settlement Only) service does include receiving coded information, warranty or verification services. Delivery by Application. If the TeleCheck Services are provided through TeleCheck’s check acceptance application () that resides on a Clover point ofApp sale device (a ), Company agrees that this Agreement will govern Company’Device s access to and use of TeleCheck’s Services on such App. Company’s use of its Device is subject to its agreement with the supplier of the Device (and not TeleCheck), and this Agreement does not alter Company’s agreement with its Device supplier. Company will comply with the terms of its agreement with the Device supplier; and warrants that it is authorized to install and use TeleCheck’s App on the Device. Submitting Items. Company will designate the types of Items it accepts and that it will submit to TeleCheck for processing under this Agreement as indicated on the TeleCheck Application. Company must submit the Item to TeleCheck through the appropriate service. For example, checks presented in person by consumers at Company’s point of sale can only be submitted through the In-Person Warranty (or Verification) service, checks sent through the mail to Company can only be submitted through the By Mail/Drop Box service. Company will submit all of its designated Items to TeleCheck for processing under this Agreement. Except for Items processes through the By Mail/Drop Box service, TeleCheck will analyze each Item that Company submits for processing and, in its discretion, provide Company with an approval or decline code with respect to each Item. TeleCheck will give Company operating guidelines and specifications, as applicable, to assist Company with properly accepting and submitting its Items for processing (operating guidelines and specifications may be provided to Company electronically or made available via the Internet). Information Warranty. If Company has selected a warranty service in the TeleCheck Application, TeleCheck warrants the accuracy of the information given in its approval code (the ) when an Item meets the warrantyInformation Warranty requirements described below. Items that satisfy TeleCheck’s Information Warranty and meet the corresponding warranty requirements are . TeleCheckEligible Items will purchase Eligible Items that are subsequently dishonored, returned, reversed, or otherwise not paid by a consumer’s financial institution (these Items are Return ). Company’s sole remedy for a breach of TeleCheck’s Information WarrantyItems is the right to require TeleCheck to purchase an Eligible Item that became a Return Item. TeleCheck’s liability to Company for breach of its Information Warranty will not exceed the lesser of: (a) the amount of the Eligible Item, or (b) the Warranty Maximum set forth in the TeleCheck Service Application and Agreement. Company may accept Items that do not receive an approval code or that do not meet the warranty requirements (these Items are ); however, Ineligible ItemsIneligible Items are not covered under TeleCheck’s Information Warranty and TeleCheck will not purchase them. Warranty Requirements. Company represents and warrants that each Item it submits to TeleCheck for processing and coverage under the Information Warranty meets the following requirements: General Requirements. The following apply to all Items unless otherwise specified: the Item was submitted to TeleCheck for processing according to TeleCheck’s operating guidelines and specifications, and Company obtained a single approval code for it; the Item is drawn on the consumer’s deposit account at a United States or Canadian financial institution (for example, and without limitation, money orders, cashier’s checks, travelers checks, insurance checks, credit card checks, or non- first party Items are Ineligible Items); the Item, or a clear image of the Item (if submitted using a mobile or other optical imaging device), shows the consumer’s name, address, check number, and routing and account numbers in the MICR line (not applicable if the payment is online or over the phone); the Item is a properly completed first party Item that is dated, payable to Company, made out for the amount due to Company for its goods or services, and signed by the consumer (not applicable if the payment is online or over the phone); the consumer authorized debiting its account by electronic funds transfer or remotely created check for the amount of the Item (an ) inAuthorization accordance with TeleCheck’s operating guidelines and specifications and the rules of the National Automated Clearinghouse Association (), asNACHA Rules applicable, for the services utilized; (5) (4) (3) (2) (1) A. 1.4. 1.3. 1.2. 1.1. The following Agreements are Third Party Agreements entered into between Client and the Third Parties identified in the Third Party Agreements. If Client desires to receive the products and/or services offered under a Third Party Agreement, Client must check the appropriate box or otherwise indicate such desire in the Merchant Processing Application, in which case the terms and conditions of the Third Party Agreement shall be binding upon Client. The Signature page in the Merchant Processing Application or any Schedule thereto shall also serve as a signature page to the Third Party Agreements. Client acknowledges that the Third Parties are relying upon the information contained on the Merchant Processing Application and the Schedules thereto, all of which are incorporated by reference into the Third Party Agreements. TELECHECK SOLUTIONS AGREEMENT PART III: THIRD PARTY AGREEMENTS ® GenCP-WF-2602_PG_02.28.23 40 reason or timing. TeleCheck will deduct or offset all Return Items against anyItems or Redeposit Check Items that Company or its financial institution presented reason or timing. TeleCheck will deduct or offset all Return Items against any amounts to be paid to Company for Items to settled under this Agreement or, alternatively, TeleCheck may initiate debits to Company’s Settlement Account (defined in Section 3.1 below) for all such Return Items. Representations and Warranties. Company represents and warrants that each Item submitted under any of the Non-Warranty Services complies with the following, (a) the Item was submitted to TeleCheck in accordance with the TeleCheck’s operating guidelines and specifications, (b) the consumer authorized debiting its account by electronic funds transfer or remotely created check for the amount of the Item in accordance with in accordance with the TeleCheck’s operating guidelines and specifications and NACHA Rules including, without limitation, providing any necessary notices to consumer (not applicable to the Specialty Items (Settlement Only) services) and (c) the requirements in Sections and (as applicable to the type of Item presented) have been complied1.4. B., C. D with. 3. Settlement Company will identify one or more bank accounts held in its name (each, a ) that TeleCheck will use in connection with the Services.Settlement Account Company authorizes TeleCheck to (a) initiate credits to the Settlement Account for proceeds that correspond to Company’s transactions; (b) initiate debits to the Settlement Account for any amounts that may be owed or are required to be paid under this Agreement; (c) initiate the transaction to a consumer’s deposit account on Company’s behalf for Items that are owed to it; and (d) initiate adjustments related to the foregoing (including, without limitation, adjustments for chargebacks or partial adjustments). TeleCheck may initiate any transfer by Automated Clearing House ( ) entry.ACH TeleCheck reserves the right to decline processing any Item. TeleCheck will initiate a funds transfer for Company’s transactions that were processed under this Agreement; less any amounts due from Company for fees, refunds, adjustments or its other obligations. TeleCheck will typically credit Company’s settlement funds to its Settlement Account within 2 banking days once the transactions are finally submitted to TeleCheck for settlement processing. TeleCheck may recover amounts associated with any adjustments for an Item that are made to the Settlement Account at Company’s request or due to its error. TeleCheck may also recover amounts associated with any fees that a consumer paid to its financial institution because of these adjustments. Company must promptly notify TeleCheck if it fails to receive any settlement funds or if there are any changes to the Settlement Account. Transfer of settlement funds may be delayed or misdirected if Company provides inaccurate information about, or fails to notify TeleCheck of changes to, the Settlement Account. TeleCheck is not responsible for settlement errors that arise if Company provides inaccurate information about, or fails to notify TeleCheck of changes to, the Settlement Account. 4. Financial Information Company will promptly provide any financial or other information reasonably requested by TeleCheck to perform credit risk, security, qualification, and other reviews related to providing the Services, transactions submitted, fulfillment of obligations to TeleCheck, or the financial condition of Company. Company authorizes TeleCheck to obtain information from third parties when performing credit risk, security, qualification, and other reviews. 5. Notice of Material Changes Company will provide TeleCheck with reasonable advance notice of any material change in the nature of Company’s business (including, without limitation, any change to Company’s operations that would materially affect its products sold, services provided, or the procedures it follows for payments acceptance). The failure to provide TeleCheck with this notice constitutes a material breach of this Agreement. 6. Company’s Payment Obligations Fees. Company will pay TeleCheck for: (a) all fees and charges for the Services that are set forth in the TeleCheck Service Application and Agreement; (b) all Items that are charged back; (c) all adjustments required in connection with Company’s transactions; and (d) all costs, liabilities, or other obligations imposed on TeleCheck by third parties as a result of transactions submitted by Company, its actions, or inactions. Other Fees. Company will also pay TeleCheck for the following fees and charges for the Services (as applicable): (a) Customer Requested Operator Call (also called or ), which is an additional $2.50Fee CROC Voice Authorization Fee fee per operator or Interactive Voice Response (IVR)-assisted call that Company initiates, but TeleCheck does not request; (b) , which isDecember Risk Surcharge an additional percentage charge added to the Inquiry Rate for each authorization inquiry in the month of December; (c) , which is a $10.00Funding Report Fee monthly fee to receive daily funding or weekly funding reports (the Funding Report Fee does not apply if TeleCheck provides the funding report monthly); (d) Inquiry , which is the percentage rate that applies to the face amount of each Item (upRate to the Warranty Maximum) that Company submits to TeleCheck for authorization (whether or not TeleCheck issues an approval code for the Item); (e) Monthly , which is the minimum aggregate amount of the Inquiry Rate feesMinimum Fee that Company must pay on a monthly basis (if the total Inquiry Rate fees for Company’s Items submitted during any month is less than the Monthly Minimum Fee, then the Monthly Minimum Fee will apply); (f) is aMonthly Processing Fee monthly fee for handling Company’s account; (g) , which is aSpecial Handling Fee $5.00 fee applied when the following occur: (1) a chargeback of an Eligible Item, (2) an Item processed for payment must be corrected due to Subscriber’s error or at Subscriber’s request, or (3) TeleCheck elects (in its discretion) to process an Item 6.1. 3.4. 3.3. 3.2. 3.1. 2.2. Items or Redeposit Check Items that Company or its financial institution presented for payment more than once). In addition, Company must securely store the physical check for at least 60 days following the corresponding payment transaction. Electronic Images. If the Item is submitted to TeleCheck by Company as an image using a mobile device or other image reader, the ability to settle imaged Eligible Items to the banking system depends on (a) the quality of the image and (b) the banking system’s ability to accept the image for settlement processing. Company will use a third party provider to capture images of Items using a mobile device (this third party, an ) and submit those images to TeleCheck.Image Vendor Company acknowledges that its Image Vendor will require some of Company’s account information (including, without limitation, merchant account number, contact name, email address and device identifier) to submit Item images to TeleCheck; and authorizes TeleCheck to provide the Image Vendor with the information necessary to allow it to submit Item images to TeleCheck on behalf of Company. TeleCheck is not responsible for the image quality of Items submitted through Company’s Image Vendor, or submission of the images by Company’s Image Vendor to TeleCheck. Company will destroy the physical checks that were submitted as electronic images after storing them securely for at least 60 days. Authorization. Company will maintain a copy of each consumer’s Authorization for the longer of: (a) 2 years, or (b) the period of time required by the NACHA Rules. Company will provide TeleCheck with legible copies of Authorizations within 7 days of TeleCheck’s request for them. Assignment of Items. Company assigns all if its right, title, and interest in each Eligible Item that it submits to TeleCheck for warranty coverage when the Item becomes a Return Item. Company will reasonably aid TeleCheck in its enforcement of the rights associated with an assigned Eligible Item. Processing Notices; Return Item Fees. Company will post, and provide consumers with, notices at the point of sale that are required to process Items using the Services and to collect fees on Return Items. Company will assess the highest fee amount allowed by applicable Laws on all Return Items, which TeleCheck may collect and retain from consumers. “Goodwill” of an Ineligible Item. TeleCheck may elect to provide warranty coverage for an Ineligible Item that Company submits for processing. Providing warranty coverage for an Ineligible Item will not constitute a course of dealing, waiver of rights, or prevent TeleCheck from rejecting warranty coverage for any other Ineligible Items. Updating Information. Company will promptly notify TeleCheck if (a) a consumer makes any payment to Company or returns any goods in connection with a Return Item that is subject to warranty coverage, or (b) Company cancels any services paid for by an Item that is subject to warranty coverage; both representing a full or partial satisfaction of the Return Item. Company’s notice of payment or cancellation of services will identify the consumer. Chargeback. TeleCheck may chargeback any Eligible Item that it purchased from Company for coverage under the Information Warranty if: the consumer returned the goods or services (in whole or in part) that were paid for with the Item; Company has not delivered the goods or services that were paid for using the Item; the Item is subject to any stop payment, dispute, or setoff; the consumer makes full or partial payment to Company for the Item, or provides any form of security to ensure its payment; the goods or services were initially delivered on credit or under a lease; the purchase transaction, the payment represented by the Item, or transferring the Item to TeleCheck (by assignment or otherwise) is void or invalid for any reason other than the consumer’s bankruptcy; Company breaches the applicable warranty requirements for Eligible Items; Company submits multiple Items or duplicate Items related to the same transaction for processing (e.g., deposits a paper Item previously submitted for processing as an electronic Item without TeleCheck’s direction to do so); Company does not submit its Items to TeleCheck for processing within 1 calendar day of the transaction date (for batch processing, Items must be submitted to TeleCheck for processing within 7 calendar days of the transaction date); the consumer disputes authorizing the Item, its validity, or the amount debited for it (except in the case of third party fraud committed with a consumer’s check); the consumer’s Authorization is incomplete or invalid; Company fails to provide TeleCheck with a legible copy of an Authorization within 7 days of a request for it; or Company breaches this Agreement, alters an Item or approval code, or submits an Item with Knowledge it is likely to become a Return Item. Knowledge means facts or circumstances which, if known, would cause a merchant, using commercially reasonable judgment, to independently refuse to accept an Item (including, without limitation, splitting single transactions into smaller components or resubmitting Items that were previously denied). Company will immediately notify TeleCheck if it has Knowledge that any of the above circumstances occur. Company will continue to be responsible for its chargebacks after termination of this Agreement. TeleCheck may chargeback any amounts that exceed the Warranty Maximum for an Eligible Item. 2. Non-Warranty Services If any of the verification services or the Specialty Items (Settlement Only) services are selected by Company in the TeleCheck Application (Non-Warranty ), TeleCheck will have no liability for any Item that is processed using theServices Non-Warranty Services that is subsequently returned, dishonored, reversed or otherwise unpaid, and does not warranty the checks processed using the Non- Warranty Services. There will be no payment to Company for any loss from transactions processed through the Non-Warranty Services. Company assumes all risks that Items accepted by Company may result in Return Items. Company will be fully responsible and liable to TeleCheck for all Return Items, regardless of the 2.1. (13) (12) (11) (10) (9) (8) (7) (6) (5) (4) (3) (2) (1) 1.11. 1.10. 1.9. 1.8. 1.7. 1.6. 1.5. GenCP-WF-2602_PG_02.28.23 41 that fails to meet the applicable warranty requirements, or that is a Return Item, as a 12. Confidential Information Confidentiality. Neither party will disclose non-public information about the other party’s business (including, without limitation, the terms of this Agreement, technical specifications, customer lists, or information relating to a party’s operational, strategic, or financial matters) (together, ).Confidential Information Confidential Information does not include information that: (1) is or subsequently becomes publicly available (through no fault of the recipient); (2) the recipient lawfully possesses before its disclosure; (3) is independently developed without reliance on the discloser’s Confidential Information; or (4) is received from a third party that is not obligated to keep it confidential. Each party will implement and maintain reasonable safeguards to protect the other party’s Confidential Information. Disclosure. The recipient may disclose the other party’s Confidential Information:(1) to its directors, officers, personnel, and representatives (including those of its subsidiaries, affiliates, subcontractors or vendors) that need to know it in connection with the recipient’s performance under this Agreement, and are bound by confidentiality obligations materially similar to those required under this Agreement; and (2) in response to a subpoena, court order, or as required under applicable Laws or NACHA Rules. 13. Data Use; Security. Data Use. TeleCheck owns all right, title and interest in the data it obtains from providing the Services to Company. Data Security. Company will implement commercially reasonable practices, including administrative, physical and technical safeguards, that are designed to: (a) maintain the security and confidentiality of Consumer Information, (b) protect against reasonably anticipated threats to the security or integrity of Consumer Information, and (c) protect against unauthorized access to or use of Consumer Information that could result in substantial harm or inconvenience to the consumer. is customer information Company receives in connectionConsumer Information with any transaction contemplated by this Agreement. 14. License to Marks TeleCheck grants Company a limited, non-exclusive, non-transferrable, non- sublicensable, royalty-free license to use the trademarks, service marks and logos (together, ) that TeleCheck provides to Company during the Term of thisMarks Agreement. Company (a) may use the Marks only in the United States; (b) may use the Marks only in connection with its use of the Services; (c) will follow the branding guidelines that TeleCheck provides or makes available from time-to-time; and (d) will not use materials containing the Marks without TeleCheck’s prior written permission. Company will not otherwise distribute, lease, sublicense, sell, modify, copy or create derivative works from the Marks. TeleCheck reserves to itself all right, title, interest or license (express or implied) to the Marks that are not specifically granted to Company under this Agreement; and may suspend or terminate this license upon written notice to Company. 15. Indemnification Company will indemnify, defend, and hold TeleCheck harmless for all losses, damages, costs, or expenses (including reasonable attorney’s fees) claimed against it by third parties, which arise from Company’s gross negligence, willful misconduct, or breach under this Agreement. 16. Exclusion of Damages Neither party will be liable to the other for lost profits, revenues or business opportunities, nor any exemplary, punitive, special, indirect, incidental, or consequential damages (whether any are direct or indirect); regardless of whether these damages were foreseeable or either party was advised they were possible. 17. Limitation of Liability TeleCheck’ aggregate liability to Company for losses arising from any cause (regardless of the form of action or legal theory) in connection with this Agreement will be limited to $75,000.00 18. Notices Written notices (other than normal operations) required under this Agreement will be sent by certified mail or national courier (with tracking and delivery confirmation). TeleCheck may also provide written notices required under this Agreement by regular mail. Notices will be effective upon receipt. Notices to Company will be sent to the address it provides on the TeleCheck Service Application and Agreement. Notices to TeleCheck will be sent to: TeleCheck Services, Inc., Attn: TeleCheck Merchant Services, Mail Stop A-12, 7301 Pacific Street, Omaha, NE 68114; with copies to TeleCheck Services, Inc., Attn: General Counsel’s Office, 3975 N.W. 120th Avenue, Coral Springs, FL 33065 and legalpapers@firstdata.com 19. Third Party Beneficiaries There are no third party beneficiaries to this Agreement other than TeleCheck’ subsidiaries and affiliates involved in providing the Services to Company. Each party is responsible for the performance of any third parties it uses in connection with the Services, and their compliance with the terms of this Agreement. TeleCheck is not responsible or liable to Company for any errors or breaches of this Agreement that occur because of Company’s third party providers (e.g., without limitation, issues that arise from ACH network participants, or if Company uses third party providers or applications to capture electronic images of Items to submit to TeleCheck). TeleCheck may audit Company’s compliance with this Agreement upon reasonable notice, during normal business hours, and at TeleCheck’s expense; and as required by the NACHA Rules. TeleCheck’s Originating Depository Financial Institution may also audit Company’s compliance with this Agreement and the NACHA Rules. 13.2. 13.1. 12.2. 12.1. that fails to meet the applicable warranty requirements, or that is a Return Item, as a “Goodwill” Item; (h) , which is the additional per transaction chargeTransaction Fee for each Item that Company submits to TeleCheck for authorization or processing (whether or not TeleCheck issues an approval code for the Item); and (i) is a fee applicable to any Item that is dishonored,Unauthorized Return Fee returned, reversed, or otherwise not paid by the Consumer’s financial institution for the reason that such Item is unauthorized by the Consumer. Early Termination Fee. TeleCheck will suffer substantial injury, for which it would be difficult to determine damages, if Company breaches this Agreement or terminates it early in violation of the Agreement’s terms. TeleCheck may recover damages equal to 90%of the aggregate Monthly Minimum Fees and Monthly Processing Fees that are payable for the unexpired portion of the then-current Term as an accurate reflection of these damages and realistic pre-estimate of TeleCheck’ s losses caused by an early termination of this Agreement. 7. Reserve TeleCheck may require Company to fund a cash reserve () in anReserve amount that reflects TeleCheck’ assessment of risk, as it may determine in its discretion from time-to- time. The Reserve is a payment obligation of TeleCheck, established by holding back transaction proceeds or debiting the Settlement Account in order to potentially offset any obligations that Company may have to TeleCheck. The Reserve is not a segregated fund that Company may claim to own. TeleCheck is obligated to pay to Company any amounts remaining from the Reserve after all other then-current and contingent liabilities or obligations related to Company’s payment transactions have expired. The obligations due to Company from the Reserve will not accrue interest unless required by applicable Laws. TeleCheck will notify Company if a Reserve is established (including its amount) or if the amount of the Reserve is modified. TeleCheck may set off any obligations that Company owes to TeleCheck from the Reserve. Although Company acknowledges that the Reserve is a general obligation of TeleCheck, and not a specifically identifiable fund, if any person claims that the Reserve is an asset of Company that is held by TeleCheck, Company grants and acknowledges that TeleCheck have a security interest in the Reserve and, at TeleCheck request, will provide documentation to reflect this security interest. 8. Setoff and Priority All funds that TeleCheck owes to Company under this Agreement are subject to Company’s payment obligations under this Agreement. TeleCheck may setoff or recoup amounts Company owes to TeleCheck against any funds that TeleCheck owes to Company. 9. Statements, Reporting TeleCheck will provide Company with statements or electronic reporting (together, ) reflecting the fees, settlement amounts, and other information relatedStatements to the Services. Company must review the Statements and inform TeleCheck of any errors within 60 days following the date that the error was, or should have been, reported; provided, Company must report settlement or funding errors to TeleCheck within 30 days (reporting errors will enable TeleCheck to recover amounts or prevent them from continuing). TeleCheck will have no obligation to provide refunds for errors that Company reports more than 60 days or 30 days (as applicable) after the errors were, or should have been, reported. Company and TeleCheck will work together to resolve issues or disputes that arise in connection with the Statements, or the funds credited or debited to the Settlement Account. 10. Term This Agreement begins on the earlier of the dates when Company signs its TeleCheck Services Application and Agreement, submits its first Item for processing under this Agreement, or when Company downloads the App (this date, the ). The length of this Agreement’s initial term is designated in theEffective Date TeleCheck Services Application and Agreement (). This Agreement willInitial Term automatically renew for successive one-year periods (each, a ),Renewal Term unless TeleCheck or Company provides the other with at least 30 days’ written notice of non-renewal at the end of the Initial Term. The Initial Term together with any Renewal Term(s) is the Term of this Agreement. 11. Termination; Modification; Suspension General Termination. Either Company or TeleCheck may terminate this Agreement by giving 30 days’ advance notice if the other materially breaches this Agreement and fails to remedy the breach within 30 days of receiving notice of it. TeleCheck may terminate this Agreement upon written notice to Company for any reason (with or without cause) during its Term. If the Services are delivered through TeleCheck’s App, Company may terminate this Agreement for any reason (with or without cause) during its Term by uninstalling the App. Modification. TeleCheck may modify this Agreement’s terms (including, without limitation, its fees) upon 30 days’ notice to Company, during which notice period Company may terminate this Agreement by providing written notice of termination to TeleCheck. Company’s continued use of the Services after the 30 day period contained in a notice of modification from TeleCheck will constitute Company’ s acceptance of the new terms. Suspension. TeleCheck may suspend its Services or settlement of any funds under this Agreement if it determines that questionable activity occurs with respect to Company’s payment transactions (including, without limitation, if there are excessive Return Items associated with Company’s Items, Company breaches the NACHA Rules, or if required by applicable laws. TeleCheck may also suspend or terminate its Services if requested by its Originating Financial Depositary Institution. 11.3. 11.2. 11.1. 7.5. 7.4. 7.3. 7.2. 7.1. 6.2. GenCP-WF-2602_PG_02.28.23 42 20. Waivers A party’s delay or failure to exercise any of its rights under this Agreement will not be a waiver of those rights. 21. Compliance with Law, Choice of Law, Waiver of Jury Trial Compliance with Law. The parties will comply with all laws, regulations, and rules (including ACH’s network rules, requirements, and standards; the NACHA )(together ) that are applicable to their respective performanceRulesLaws obligations under this Agreement. Company acknowledges that it is the Originator under the NACHA Rules with respect to its transactions and agrees to comply with its obligations as an Originator. Company certifies that it has a legitimate business need for the information that TeleCheck provides through its Services, will use the information in connection with submitting payment transactions to TeleCheck for processing and for no other purpose, and will use the information only for permissible purposes under the Fair Credit Reporting Act (Company will not use TeleCheck’s information for employment related purposes). Choice of Law; Waiver of Jury Trial. This Agreement will be governed by New York law (without regard to its choice of law provisions). The courts of New York, New York will be the proper venue for legal proceedings brought in connection with this Agreement. TeleCheck and Company each waive their right to a jury trial for claims arising in connection with this Agreement. 22. Entire Agreement, Amendment, Counterparts The defined term Agreement includes its schedules, addenda, and any amendments (capitalized terms used in the schedules, addenda, or amendments without definition will have the meanings given to them in this Agreement). This Agreement is the entire agreement between the parties and replaces any prior agreements or understandings (written or oral) with respect to its subject matter. Except as set forth in Section 11.2, modifications to this Agreement must be in writing, executed by the parties. This Agreement and any amendments may be executed electronically and in counterparts, each of which constitutes one agreement when taken together. Electronic and other copies of the executed Agreement are valid. 23. Assignment Company may not assign this Agreement without TeleCheck’s written consent. TeleCheck may assign this Agreement upon notice to Company. This Agreement will be enforceable against a party’s permitted successors or assigns. This Agreement may not be continued, assumed, or assigned in the event of a bankruptcy or other insolvency event without consent from the non-bankrupt or insolvent parties. 21.2. 21.1. GenCP-WF-2602_PG_02.28.23 43 Client’s obligation with respect to the Monthly Minimum Processing Fee will end simultaneously with CardConnect LLCs’ receipt of Termination Fee. A.4. 6050W of the Internal Revenue Code Pursuant to Section 6050W of the Internal Revenue Code, merchant acquiring entities and third party settlement organizations are required to file an information return for each calendar year reporting all payment card transactions and third party network transactions with payees occurring in that calendar year. Accordingly, you will receive a Form 1099-K reporting your gross transaction amounts for each calendar year. Your gross transaction amount refers to the gross dollar amount of the card transactions processed through your merchant account with us. In addition, amounts reportable under Section 6050W are subject to backup withholding requirements. Payors will be required to perform backup withholding by deducting and withholding income tax from reportable transactions if (a) the payee fails to provide the payee’s taxpayer identification number (TIN) to the payor, or (b) if the IRS notifies the payor that the TIN (when matched with the name) provided by the payee is incorrect. Accordingly, to avoid backup withholding, it is very important that you provide us with the correct name and TIN that you use when filing your tax return that includes the transactions for your business. A.5. Addresses For Notices Important Phone Numbers: (see also Sections 10 and 17) Customer Service 1-877-828-0720 PROCESSOR: CardConnect LLC: 1000 Continental Drive Suite 300 King of Prussia, PA 19406 BANK: Wells Fargo Bank, N.A.: P.O. Box 6079 Concord, CA 94524 1-844-284-6834 a. b. c. A.1. Electronic Funding Authorization All payments to Client shall be through the Automated Clearing House (“ACH”) and shall normally be electronically transmitted directly to the Settlement Account you have designated or any successor account designated to receive provisional funding of Client’s Card sales pursuant to the Agreement. Client agrees that any Settlement Account designated pursuant to the preceding sentence will be an account primarily used for business purposes. Neither Wells Fargo Bank, N.A., nor CardConnect LLC can guarantee the time frame in which payment may be credited by Client’s financial institution where the Settlement Account is maintained. Client hereby authorizes Wells Fargo Bank, N.A., and its authorized representative, including CardConnect LLC, to access information from the Settlement Account and to initiate credit and/or debit entries by bankwire or ACH transfer and to authorize your financial institution to block or to initiate, if necessary, reversing entries and adjustments for any original entries made to the Settlement Account and to authorize your financial institution to provide such access and to credit and /or debit or to block the same to such account. This authorization is without respect to the source of any funds in the Settlement Account, is irrevocable and coupled with an interest. This authority extends to any equipment rental or purchase agreements which may exist with Client as well as to any fees, fines and assessments and Chargeback amounts of whatever kind or nature due to CardConnect LLC or Wells Fargo Bank, N.A. under terms of this Agreement whether arising during or after termination of the Agreement. This authority is to remain in full force and effect at all times unless and until CardConnect LLC and Wells Fargo Bank, N.A. have consented to its termination at such time and in such a manner as to afford them a reasonable opportunity to act on it. In addition, Client shall be charged twenty-five dollars ($25.00) for each ACH which cannot be processed, and all subsequent funding may be suspended until Client either (i) notifies CardConnect LLC that ACH’ s can be processed or (ii) a new electronic funding agreement is signed by Client. Client’s Settlement Account must be able to process or accept electronic transfers via ACH. A.2. Funding Acknowledgement Automated Clearing House (ACH). Your funds for Mastercard, Visa, Discover Network, PayPal, Alipay, and American Express transactions will ordinarily be processed and transferred to your financial institution within two (2) Business Days from the time a batch is received by Processor if your financial institution is the Bank. If your financial institution is not the Bank, your Mastercard, Visa, Discover Network, PayPal, Alipay, and American Express transactions will ordinarily be processed via the Federal Reserve within two (2) Business Days from the time a batch is received by Processor. The Federal Reserve will transfer such amounts to your financial institution. A.3. Additional Fees and Early Termination If Client’s Mastercard, Visa, Discover Network, PayPal, Alipay, and American Express transaction(s) fail to qualify for the discount level contemplated in the rates set forth in the Application, Client will be billed the fee indicated in the Mid-Qualified Discount field or Non-Qualified Discount field. If you are utilizing the Enhanced Billback Discount option, the Client will be charged the Enhanced Billback Rate on the volume of said transaction that failed to qualify, in addition to the difference between the Mastercard/Visa/Discover Network/PayPal/Alipay and American Express Qualified Rate agreed to on the Service Fee Schedule and the actual interchange rate assessed to the downgraded transaction. Any increases or decreases in the interchange and/or assessment portion of the fees; The appropriate interchange level as is consistent with the qualifying criteria of each transaction submitted by Client; Increases in any applicable sales or telecommunications charges or taxes levied by any state, federal or local authority related to the delivery of the services provided by CardConnect LLC when such costs are included in the Service or other fixed fees. The discount fees shown on the Service Fee Schedule shall be calculated based on the gross sales volume of all Visa, Mastercard/Discover/PayPal and American Express volume. A Monthly Minimum Processing Fee will be assessed immediately after the date Client’s Application is approved. (Refer to Service Fee Schedule, if applicable.) In addition to the PIN Debit Card transaction fees set forth on the Application, Client shall be responsible for the amount of any fees imposed upon a transaction by the applicable debit network. The parties further agree and acknowledge that, in addition to any remedies contained herein or otherwise available under applicable law and, if (a) Client breaches this Agreement by improperly terminating it prior to the expiration of the initial term of the Agreement, or (b) this Agreement is terminated prior to the expiration of the initial term of the Agreement due to an Event of Default, then Servicers will suffer a substantial injury that is difficult or impossible to accurately estimate. Accordingly, the parties have agreed that the amount described below is a reasonable pre-estimate of Servicers’ probable loss. In the event that Client terminates this Agreement within three (3) years from the date of approval by CardConnect LLC and Wells Fargo Bank, N.A. or this Agreement is terminated by Servicers within 3 years from the date of approval due to an Event of Default, Client will be charged a fee for such early termination, if so indicated on the Application on the Service Fee Schedule and as allowable under applicable laws. PART IV: ADDITIONAL IMPORTANT INFORMATION FOR CARDS GenCP-WF-2602_PG_02.28.23 44