Skip to main content
You are viewing content for . View content for other locations.
×

Updates for UK Customers

Confirmation of Transfer of Services from First Merchant Processing Ireland DAC, trading as AIB Merchant Services in Ireland (“AIBMS Ireland”) to First Merchant Processing (UK) Limited (“AIBMS UK”)

Further to previous Policy Update published in October 2023, it is confirmed that AIBMS Ireland has transferred all its services provided to users in the UK to its affiliated company, AIBMS UK on 19 November 2023. The AIBMS Bank Agreement has been updated accordingly.

Please visit the Legal Agreements page to view the updated AIBMS Bank Agreement with AIBMS UK.

Effective Date: 19 November 2023


Confirmation of Transfer of Services from PayPal (Europe) S.à r.l. et Cie, S.C.A. to PayPal UK Ltd

Further to our previous Policy Update published on 24 July 2023, it is confirmed that PayPal (Europe) S.à r.l. et Cie, S.C.A. is transferring all its services provided to users in the UK to its affiliated company, PayPal UK Ltd, on 1 November 2023.

PayPal UK Ltd is authorised and regulated by the Financial Conduct Authority (FCA) as an electronic money institution under the Electronic Money Regulations 2011 for the issuance of electronic money (firm reference number 994790), in relation to its regulated consumer credit activities under the Financial Services and Markets Act 2000 (firm reference number 996405) and for the provision of Cryptocurrency services under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 1000741). Some of PayPal UK Ltd’s products including PayPal Pay in 3 and PayPal Working Capital are not regulated by the FCA. PayPal UK Ltd’s company number is 14741686 and its registered address is Whittaker House, Whittaker Avenue, Richmond-Upon-Thames, Surrey, United Kingdom, TW9 1EH.

Please visit the Legal Agreements page from 1 November 2023 to view the updated terms with PayPal UK Ltd.

We have provided more information about the intended transfer of UK services to PayPal UK Ltd on our FAQ page for Businesses.

Effective Date: 1 November 2023

PayPal UK Ltd is now duly authorised to conduct its regulated activities in the United Kingdom by the Financial Conduct Authority, we have updated the Braintree Payment Services Agreement, the Braintree Privacy Statement and the Braintree PayPal Data Protection Addendum for Card Processing Products for UK merchants so that from 1 November 2023 the following changes now apply (as appropriate):

  • Identifying PayPal UK Ltd as the new provider of Braintree Services for all UK merchants;
  • The Regulatory Notice and Complaints section details the regulatory status of PayPal UK Ltd in the United Kingdom;
  • Describing PayPal UK Ltd’s obligations to safeguard customer funds in accordance with UK regulations;
  • Including information for UK merchants on how to make a complaint to the FCA;
  • References updated to reflect UK rules and regulations;
  • The governing law is English law, and jurisdiction of competence is the courts of England and Wales;
  • The Braintree Privacy Statement and Braintree PayPal Data Protection Addendum for Card Processing Products reflects UK data protection requirements, and updated contact information and complaints section to refer to the Information Commissioner’s Office.


Delayed Effective Date for Amendments to the Bank Agreement – Merchant Account for UK Merchants

Effective Date: 19 November 2023

The Policy Update of 30 August 2023, advised you that due to Brexit the Merchant Services provided to you by First Merchant Processing Ireland DAC, trading as AIB Merchant Services in Ireland (“AIBMS Ireland”) was transferring to First Merchant Processing (UK) Limited (“AIBMS UK”). This transfer was scheduled to take place on or around 1 October 2023. However, the transfer has been delayed for operational reasons and is now planned to take place on or around 19 November 2023 (or such other date as we may confirm in writing by posting a notice having immediate effect on this Policy Updates page) (the “AIB Transfer Date”). Until the AIB Transfer Date the current Bank Agreement – Merchant Account with AIBMS Ireland for UK Merchants (the “AIBMS Bank Agreement”) shall remain valid and in effect. Once transfer occurs the updated version of the AIBMS Bank Agreement with AIBMS UK as the service provider shall take effect.


Transfer of Services from PayPal (Europe) S.à r.l. et Cie, S.C.A. to PayPal UK Ltd (the “Transfer”)

Subject to PayPal UK Ltd becoming duly authorised to conduct its regulated activities in the United Kingdom by the Financial Conduct Authority (“FCA”), PayPal (Europe) S.à r.l. et Cie, S.C.A. intends to transfer all services provided to its users in the UK (including (if applicable) any users resident in Guernsey, Jersey, the Isle of Man and Gibraltar) to its affiliated company, PayPal UK Ltd, on 1 November 2023 or such other date as we may communicate to you (the “Transfer Date”) by posting a notice having immediate effect on the PayPal UK Policy Updates page.

With effect from the Transfer Date, PayPal UK Ltd will assume all the rights and obligations of PayPal (Europe) S.à r.l. et Cie, S.C.A. in relation to our UK merchants.

PayPal UK Ltd is in the process of applying to be authorised by the FCA as an electronic money institution under the Electronic Money Regulations 2011 for the issuance of electronic money. PayPal UK Ltd is also applying to be authorised and regulated by the FCA in relation to its regulated consumer credit activities under the Financial Services and Markets Act 2000. It should be noted that some of PayPal’s products in the United Kingdom are not regulated by the FCA. The FCA’s address is 12 Endeavour Square, London E20 1JN. The FCA maintains a register of the firms that it regulates at https://register.fca.org.uk/s/. PayPal UK Ltd’s firm reference numbers with the FCA will be published on the PayPal UK Policy Updates page once this process is complete.

Before the Transfer Date occurs, we will provide you with more information about the regulated status of PayPal UK Ltd by publishing a notice on the PayPal UK Policy Updates page. If the Transfer Date is later than 31 December 2023, we will provide further information on the PayPal UK Policy Updates page about how the proposed transfer of all services provided to users in the UK from PayPal (Europe) S.à r.l. et Cie, S.C.A. to PayPal UK Ltd will be implemented.

Amendments to the Braintree Payment Services Agreement;
Braintree Privacy Statement; and
Braintree PayPal Data Protection Addendum for Card Processing Products for UK merchants

Effective Date: 1 November 2023
Subject to PayPal UK Ltd becoming duly authorised to conduct its regulated activities in the United Kingdom by the Financial Conduct Authority, we are updating the Braintree Payment Services Agreement, the Braintree Privacy Statement and the Braintree PayPal Data Protection Addendum for Card Processing Products for UK merchants so that from 1 November 2023 or, if different, the Transfer Date (as defined above) the following changes will apply (as appropriate):

  • Identifying PayPal UK Ltd as the new provider of Braintree Services for all UK merchants in replacement of PayPal (Europe) S.à r.l. et Cie, S.C.A.;

  • Updating the Status Disclosure sections to explain the regulatory status of PayPal UK Ltd in the United Kingdom;

  • Describing PayPal UK Ltd’s obligations to safeguard customer funds in accordance with UK regulations;

  • Including information for UK merchants on how to make a complaint to the FCA;

  • Removing references to Luxembourg rules, regulations or EU laws and replacing them with the equivalent UK rules and regulations;

  • Changing the governing law from Luxembourg law to English law, and jurisdiction from Luxembourg courts to courts of England and Wales;

  • Revising the Braintree Privacy Statement and Braintree PayPal Data Protection Addendum for Card Processing Products to reflect UK data protection requirements, the removal of Luxembourg Bank Secrecy consent requirements and updated contact information and complaints section to refer to the Information Commissioner’s Office


Amendments to the Bank Agreement – Merchant Account

Agreement for UK Merchants

Effective Date: 1 October 2023

On or around 1 October 2023 (or such later date as we may confirm in writing by posting a notice having immediate effect on this Policy Updates page) (the “AIB Transfer Date”), First Merchant Processing Ireland DAC, trading as AIB Merchant Services in Ireland (“AIBMS Ireland”) will assign its rights and transfer its obligations to UK Merchants under the Bank Agreement – Merchant Account with UK Merchants (the “AIBMS Bank Agreement”) to First Merchant Processing (UK) Limited (“AIBMS UK”).

We are updating the AIBMS Bank Agreement so that from the AIB Transfer Date, the following changes will apply:

  • identifying AIBMS UK as the new provider of Merchant Services (as defined in the AIB Bank Agreement) for all UK Merchants in replacement of AIBMS Ireland;
  • updating the Status Disclosure sections to explain the regulatory status of AIBMS UK in the United Kingdom; and
  • Updating statutory references to refer to UK legislation.

Effective Date: 1 November 2023

Subject to PayPal UK Ltd becoming duly authorised to conduct its regulated activities in the United Kingdom by the Financial Conduct Authority, we are updating the relevant definitions in the Bank Agreement – Merchant Account Agreement for UK Merchants so that from 1 November 2023 or, if different, the Transfer Date (as defined below), PayPal UK Ltd will be identified as the new provider of Braintree Services for all UK Merchants in replacement of PayPal UK LTD

Updates to the Braintree Privacy Statement outside of the United States

Effective Date: 14 February 2024

PayPal Braintree, as a part of the PayPal family, has made changes to our privacy statement to ensure a look and feel that is consistent with the PayPal privacy statement. There are no substantive changes to the privacy statement or our use of your personal information. We encourage you to review the privacy statement in its entirety by accessing the Legal page of our website.


Updates to the Payment Services Agreement for Hong Kong

Effective Date: 20 October 2022 for existing Merchants or immediately for Merchants who sign up on or after 20 September 2022

We are updating the Braintree Payment Services Agreement for our services in Hong Kong to reflect that PayPal is a data controller for payment processing and fraud services.


Updates to the U.S. Braintree Payment Services Agreement and the Grant Services Terms Everywhere

Effective Date: July 27, 2022 for existing Merchants, and immediately for new Merchants:

  • We are adding a new provision in the U.S. Braintree Payment Services Agreement to enable dispute automation services for Braintree by our affiliate, Chargehound Inc.
  • We are modifying the way that we provide notice for changes to the online agreements for Braintree Services in the U.S.
  • We are modifying the Grant Services Terms in all countries where the Braintree Services are offered to comply with applicable data privacy laws and regulations where vaulted customer card information may be shared between affiliated companies in different countries.
  • We are adding terms and conditions for Chargeback Protection Services.


Updates to the Braintree Payment Services Agreement for US Merchants

Effective Date: March 31, 2022.

The rate for receiving payments from American Express will be adjusted from 3.50% per transaction to 2.59% + $0.49 USD per transaction.


Updates to the PayPal Data Protection Addendum for Card Processing Products

Effective Date: December 10, 2021.

We are updating our PayPal Data Protection Addendum to incorporate the new Standard Contractual Clauses that were adopted by the European Commission in June, 2021. The addendum also incorporates the UK standard contractual clauses.


Updates to the Braintree Payment Services Agreement for UK and EU/EEA Merchants

Effective Date: November 10, 2021.

We are updating the Braintree Payment Services Agreement for all UK and EU/EEA Merchants who sign up on or before November 10, 2021. The changes will not be effective for Irish Merchants. The changes will be effective on November 10, 2021. You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Pricing page for your applicable region on our website. By continuing to use our services after the changes take effect, you agree to be bound by them. In the event you decline these changes, you should close your account prior to the effective date and these changes will not apply to you.

The changes are as follows:

  • For UK customers, the additional fees that apply for transactions from cards will now apply to cards issued outside the UK. Our UK pricing page will therefore change with effect from November 10, 2021, to clarify that the additional 1% fee that applies to transactions from cards applies to cards issued outside the UK.
  • For EU / EEA customers (excluding Ireland), the additional fees for transactions from cards issued outside the EU / EEA will apply to transactions from cards issued in the UK from November 10, 2021.


Updates to the Braintree Payment Services Agreement for US Merchants

Effective Date: October 1, 2021 for existing US Merchants or immediately for US Merchants who sign up after August 31, 2021

The Braintree data protection provisions have been updated to reflect that PayPal is now a “Business” under the California Consumer Privacy Act for the provision of the Braintree Services. You can access the full text of these changes on the PayPal Data Protection Addendum.


Updates to the Braintree Payment Services Agreement for US Merchants

Effective Date: August 2, 2021.

  • The rate for receiving payments from cards (other than American Express) and digital wallets will be adjusted from 2.90% + $0.30 USD per transaction to 2.59% + $0.49 USD per transaction.
  • The rate for receiving payments from American Express cards will be adjusted to 3.50%.
  • For verified charitable 501(c)(3) organizations, the rate for receiving payments from cards and digital wallets will be adjusted from 2.2% + $.30 per transaction to 1.99% + $0.49.
  • The rate for receiving Venmo transactions will be increased from 2.90% + $0.30 USD per transaction to 3.49% + $.49 USD per transaction.


Updates to the Payment Services Agreement for EU and UK Merchants

Effective Date: July 6, 2021 for existing EU and UK Merchants or immediately for EU and UK Merchants who sign up on or after May 4, 2021 – The changes do not apply to Irish Merchants.

We are updating the Braintree Payment Services Agreement for all EU and UK Merchants who sign up on or after May 4, 2021, or July 6, 2021 for existing EU and UK Merchants. The changes will not be effective for Irish Merchants. The changes will automatically go into effect on July 6, 2021 if you signed up for Braintree before May 4, 2021. You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Payment Services Agreement for your applicable region on the Legal page of our website. In the event you decline the changes to these agreements, you should close your account prior to the applicable effective date(s) and these changes will not apply to you.

The changes are as follows:

Braintree Payment Services Agreement

  • For the Multi-Currency services that Braintree offers, we've added a new Multi-Currency fee for those Merchants that make use of this service, as further described in the Payment Services Agreement.


Updates to the Braintree Payment Services Agreement for the United States

Effective Date: March 30, 2021 for existing Merchants or immediately for Merchants who sign up on or after January 29, 2021.

We are updating the Braintree Payment Services Agreement in the United States to include EU Standard Contractual Clauses if and to the extent the Merchant transfers EU customer data to a PayPal Group Entity organized outside in a country outside of the EU which has not been issued an adequacy decision.


Updates to the Payment Services Agreement for EU Merchants

Effective Date: from 1 January 2021, for all EU Merchants

We are updating the Braintree Payment Services Agreement for all EU Merchants with effect from 1 January 2021. There is no action needed from you, as the changes will automatically go into effect on 1 January 2021. You should review this Policy Update which gives you a summary of the changes that are being made. EU Merchants can review the full text of the changes by accessing the Payment Services Agreement for your applicable region on the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • Due to regulatory changes following the UK leaving the EU on 31 January 2020, the following disclosure is added to the Regulatory Notice at Section 3.01 of Exhibit A Part 2:
    Beginning from 1 January 2021, PayPal (Europe) S.à.r.l. et Cie, S.C.A., (R.C.S. Luxembourg B 118 349
  • We have clarified our complaints handling process for UK-based Merchants at the Regulatory Notice at Section 3.01 of Exhibit A Part 2.
  • As a result of PayPal’s acquisition of Hyperwallet, we have updated the definition of Hyperwallet at the Definitions section of Exhibit A Part 3.


Updates to the Payment Services Agreement for Everywhere Except the United States

Effective Date: 1 December 2020 for existing Merchants or immediately for Merchants who sign up on or after 29 September 2020

We are updating the Braintree Payment Services Agreement for our services outside of the United States to reflect that PayPal is a data controller for payment processing and fraud services. Our privacy statement was updated, effective 31 July 2020 if you signed up before 23 March 2020 or effective immediately if you signed up on or after 23 March 2020, to reflect our change as a data controller for these activities. There is no action needed from you, as the changes will automatically go into effect on 1 December 2020. In the event you decline the changes to these agreements, you should close your account prior to the applicable effective date(s) and these changes will not apply to you.


Updates to the Payment Services Agreement for EU Merchants

Effective Date: Immediately for all EU Merchants who sign up on or after 29 September 2020

We are updating the Braintree Payment Services Agreement for all EU Merchants who sign up on or after 29 September 2020. There is no action needed from you, as the changes will automatically go into effect on 29 September 2020. You should review this Policy Update which gives you a summary of the changes that are being made. EU Merchants can review the full text of the changes by accessing the Payment Services Agreement for your applicable region on the Legal page of our website. In the event you decline the changes to these agreements, you should close your account prior to the applicable effective date(s) and these changes will not apply to you.

The changes are as follows:

Braintree Payment Services Agreement

  • For the Multi-Currency services that Braintree offers, we've added a new Multi-Currency fee for those Merchants that make use of this service, as further described in the Payment Services Agreement.


Updates to the Payment Services Agreement and Venmo Services Terms for US Merchants

Effective Date: July 31, 2020 for existing US Merchants or immediately for all new US Merchants

We are updating the Payment Services Agreement and Venmo Services Terms applicable to all US Merchants to better align with recent US data protection laws. There is no action needed from you as the changes will automatically go into effect on July 31, 2020. In the event you decline the changes to these terms, you should close your account prior to the applicable effective date(s) and these changes will not apply to you. You can review the full text of the changes by accessing the Legal page of our website.

Updates to the AIB Merchant Services Standard Terms and Conditions for Merchants in Europe

Effective Date: 11 April 2020 for existing Merchants in Europe or immediately for all new Merchants in Europe.

First Merchant Processing (Ireland) - dac (trading as “AIB Merchant Services”) is making the changes described below that will be applicable to all Merchants. These changes will become effective on 11 April 2020 for existing Merchants in Europe (or immediately for all new Merchants in Europe). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you. You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows: AIB Merchant Services Standard Terms and Conditions * AIB Merchant Services has updated its settlement options to enable AIB Merchant Services to credit transaction proceeds to a Hyperwallet settlement account, if available and if requested by the Merchant, rather than to the Merchant’s bank account. * AIB Merchant Services has updated the Merchant’s and AIB Merchant Services’s obligations under the regulatory requirement of PSD2.


Updates to the Payment Services Agreement for US Merchants

Effective Date: December 23, 2019 for existing US Merchants or immediately for all new US Merchants

Braintree is making the changes described below that will be applicable to all US Merchants. These changes will become effective on December 23, 2019 for existing US Merchants (or immediately for all new US Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the description of “Fraud Maintenance Tools” to reflect that Braintree may proactively enable fraud tools on the Merchant’s behalf to help detect fraudulent transaction activity.

  • To ensure Merchants grant Braintree direct debit authorization for the deduction of fees and other amounts owed, we’ve added a penalty if the Merchant does not grant such authorization.

  • For the chargeback reduction services that Braintree offers, we’ve added a new chargeback maintenance fee for those merchants that have excessive chargebacks, as further described in the Payment Services Agreement.

  • Given Braintree’s potential risk of loss associated with Merchant losses, we’ve included a provision which requires the Merchant to deliver to Braintree a letter of credit in accordance with the terms as further described in the Payment Services Agreement.

  • To reflect the requirements of the California Consumer Privacy Act (“CCPA”), we’ve added a new Exhibit B which outlines Braintree’s responsibilities as Service Provider under CCPA.


Updates to the Payment Services Agreement and the Moneris Solutions Corporation Commercial Entity Agreement (Bank Agreement) for Canadian Merchants

Effective Date: 23 December 2019 for existing Canadian Merchants or immediately for all new Canadian Merchants

Braintree is making the changes described below that will be applicable to all Canadian Merchants. These changes will become effective on 23 December 2019 for existing Canadian Merchants (or immediately for all new Canadian Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the description of “Fraud Maintenance Tools” to reflect that Braintree may proactively enable fraud tools on the Merchant’s behalf to help detect fraudulent transaction activity.

Moneris Solutions Corporation Commercial Entity Agreement

  • Moneris has updated its settlement options to enable Moneris to credit transaction proceeds to a Hyperwallet settlement account, if available and if requested by the Merchant, rather than to the Merchant’s bank account.

  • Moneris has updated the Merchant’s responsibility for losses resulting from Moneris crediting transaction proceeds to a Hyperwallet settlement account.


Updates to the Payment Services Agreement for EU Merchants

Effective Date: 23 January 2019 for existing EU Merchants or immediately for all new EU Merchants

Braintree is making the changes described below that will be applicable to all EU Merchants. These changes will become effective on 23 January 2019 for existing EU Merchants (or immediately for all new EU Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the description of “Fraud Maintenance Tools” to reflect that Braintree may proactively enable fraud tools on the Merchant’s behalf to help detect fraudulent transaction activity.


Updates to the Payment Services Agreement for Australian Merchants

Effective Date: 23 December 2019 for existing Australian Merchants or immediately for all new Australian Merchants

Braintree is making the changes described below that will be applicable to all Australian Merchants. These changes will become effective on 23 December 2019 for existing Australian Merchants (or immediately for all new Australian Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the description of “Fraud Maintenance Tools” to reflect that Braintree may proactively enable fraud tools on the Merchant’s behalf to help detect fraudulent transaction activity.

  • We’ve clarified Merchants’ responsibility and obligation to indemnify Braintree for applicable taxes, including Goods and Services Tax (GST).


Updates to the Payment Services Agreement for Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants

Effective Date: 23 December 2019 for existing Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants or immediately for all new Australian Merchants

Braintree is making the changes described below that will be applicable to all Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants. These changes will become effective on 23 December 2019 for existing Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants (or immediately for all new Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the description of “Fraud Maintenance Tools” to reflect that Braintree may proactively enable fraud tools on the Merchant’s behalf to help detect fraudulent transaction activity.

  • We’ve clarified Merchants’ responsibility and obligation to indemnify Braintree for applicable taxes, including Goods and Services Tax (GST).


Updates to the Payment Services Agreement for Hong Kong Merchants

Effective Date: 23 December 2019 for existing Hong Kong Merchants or immediately for all new Hong Kong Merchants

Braintree is making the changes described below that will be applicable to all Hong Kong Merchants. These changes will become effective on 23 December 2019 for existing Hong Kong Merchants (or immediately for all new Hong Kong Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the description of “Fraud Maintenance Tools” to reflect that Braintree may proactively enable fraud tools on the Merchant’s behalf to help detect fraudulent transaction activity.

  • We’ve clarified Merchants’ responsibility and obligation to indemnify Braintree for applicable taxes, including Goods and Services Tax (GST).


Updates to the Payment Services Agreement and Wells Fargo Bank Commercial Entity Agreement for US Merchants

Effective Date: September 23, 2019 for existing US Merchants or immediately for all new US Merchants

Braintree is making the changes described below that will be applicable to all US Merchants. These changes will become effective on September 23, 2019 for existing US Merchants (or immediately for all new US Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the notice periods which apply to amendments to the Payment Services Agreement which reduce the Merchant’s rights or increase the Merchant’s responsibilities.

  • We’ve clarified the description of the “Braintree Payment Services”, including product functionality with respect to the bank-sponsored merchant account and fraud protection tools available through Braintree.

  • As a result of PayPal’s acquisition of Hyperwallet, Braintree can enable the payout of settlement funds to a Hyperwallet settlement account, where available, rather than to the Merchant’s bank account, if the Merchant chooses to do so. As a result, we have updated the language describing the payout of processing funds.

  • Given Braintree’s potential risk of loss associated with a Merchant bankruptcy, we have included and updated several provisions to more clearly reflect Braintree’s position as a creditor in the event a Merchant files for bankruptcy.

  • We’ve added a new provision which outlines Braintree’s role as a payment processor for the sale of goods or services (including charitable services) by Merchants.

  • We’ve added a new provision which imposes time limits on Merchants to review and raise discrepancies regarding Braintree account activity.

  • To ensure compliance with applicable law and the card network rules, we’ve clarified the Merchant’s obligations with respect to providing disclosures and obtaining consents for recurring billing transactions or storing customer cards with Braintree.

  • For Merchants who use other PayPal services besides Braintree, including PayPal, Venmo and Hyperwallet, we’ve added a right for Braintree to offset Payouts amounts from the Braintree services to cover any past due amounts owed by Merchants for such other services.

  • To address the risk and administrative burdens associated with maintaining inactive merchant accounts, we have included a new provision which outlines Braintree’s process for closing any bank-sponsored merchant accounts that have had no activity for a period of 12 months or longer.

Wells Fargo Bank Commercial Entity Agreement (US)

  • Wells Fargo has removed its indemnification obligation to Merchants.


Updates to the Payment Services Agreement for Canadian Merchants

Effective Date: 23 September 2019 for existing Canadian Merchants or immediately for all new Canadian Merchants

Braintree is making the changes described below that will be applicable to all Canadian Merchants. These changes will become effective on 23 September 2019 for existing Canadian Merchants (or immediately for all new Canadian Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the notice periods which apply to (a) new fees and fee increases related to debit and credit card transactions, and (b) amendments to the Payment Services Agreement which reduce the Merchant’s rights or increase the Merchant’s responsibilities.

  • We’ve clarified the description of the “Braintree Payment Services”, including product functionality with respect to the bank-sponsored merchant account and fraud protection tools available through Braintree.

  • As a result of PayPal’s acquisition of Hyperwallet, Braintree can enable the payout of settlement funds to a Hyperwallet settlement account, where available, rather than to the Merchant’s bank account, if the Merchant chooses to do so. As a result, we have updated the language describing the payout of processing funds.

  • We’ve added a new provision which imposes time limits on Merchants to review and raise discrepancies regarding Braintree account activity.

  • To ensure compliance with applicable law and the card network rules, we’ve clarified the Merchant’s obligations with respect to providing disclosures and obtaining consents for recurring billing transactions or storing customer cards with Braintree.

  • For Merchants who use other PayPal services besides Braintree, including PayPal, Xoom and Hyperwallet, we’ve added a right for Braintree to offset Payouts amounts from the Braintree services to cover any past due amounts owed by Merchants for such other services.

  • To address the risk and administrative burdens associated with maintaining inactive merchant accounts, we have included a new provision which outlines Braintree’s process for closing any bank-sponsored merchants accounts that have had no activity for a period of 12 months or longer.


Updates to the Payment Services Agreement for EU Merchants

Effective Date: 23 October 2019 for existing EU Merchants or immediately for all new EU Merchants

Braintree is making the changes described below that will be applicable to all EU Merchants. These changes will become effective on 23 October 2019 for existing EU Merchants (or immediately for all new EU Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve further clarified the description of the “Braintree Payment Services”, including product functionality with respect to the bank-sponsored merchant account and fraud protection tools available through Braintree.

  • As a result of PayPal’s acquisition of Hyperwallet, Braintree can enable the payout of settlement funds to a Hyperwallet settlement account, where available, rather than to the Merchant’s bank account, if the Merchant chooses to do so. As a result, we have updated the language describing the payout of processing funds.

  • We’ve added a new provision which imposes time limits on Merchants to review and raise discrepancies regarding Braintree account activity.

  • To ensure compliance with applicable law and the card network rules, we’ve clarified the Merchant’s obligations with respect to providing disclosures and obtaining consents for recurring billing transactions or storing customer cards with Braintree.

  • For Merchants who use other PayPal services besides Braintree, including PayPal and Hyperwallet, we’ve added a right for Braintree to offset Payouts amounts from the Braintree services to cover any past due amounts owed by Merchants for such other services.

  • To address the risk and administrative burdens associated with maintaining inactive merchant accounts, we have included a new provision which outlines Braintree’s process for closing any bank-sponsored merchants accounts that have had no activity for a period of 12 months or longer.

  • We’ve deleted the terms applicable to the iDEAL Payments Service due to the fact that iDEAL is now available to merchants through PayPal’s Local Payment Methods functionality.


Updates to the Payment Services Agreement for Australian Merchants

Effective Date: 23 September 2019 for existing Australian Merchants or immediately for all new Australian Merchants

Braintree is making the changes described below that will be applicable to all Australian Merchants. These changes will become effective on 23 September 2019 for existing Australian Merchants (or immediately for all new Australian Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the notice periods which apply to amendments to the Payment Services Agreement which reduce the Merchant’s rights or increase the Merchant’s responsibilities.

  • We’ve clarified the description of the “Braintree Payment Services”, including product functionality with respect to the bank-sponsored merchant account and fraud protection tools available through Braintree.

  • As a result of PayPal’s acquisition of Hyperwallet, Braintree can enable the payout of settlement funds to a Hyperwallet settlement account, where available, rather than to the Merchant’s bank account, if the Merchant chooses to do so. As a result, we have updated the language describing the payout of processing funds.

  • We’ve added a new provision which imposes time limits on Merchants to review and raise discrepancies regarding Braintree account activity.

  • To ensure compliance with applicable law and the card network rules, we’ve clarified the Merchant’s obligations with respect to providing disclosures and obtaining consents for recurring billing transactions or storing customer cards with Braintree.

  • For Merchants who use other PayPal services besides Braintree, including PayPal, Xoom and Hyperwallet, we’ve added a right for Braintree to offset Payouts amounts from the Braintree services to cover any past due amounts owed by Merchants for such other services.

  • To address the risk and administrative burdens associated with maintaining inactive merchant accounts, we have included a new provision which outlines Braintree’s process for closing any bank-sponsored merchants accounts that have had no activity for a period of 12 months or longer.


Updates to the Payment Services Agreement for Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants

Effective Date: 23 September 2019 for existing Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants or immediately for all new Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants

Braintree is making the changes described below that will be applicable to all Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants. These changes will become effective on 23 September 2019 for existing Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants (or immediately for all new Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the notice periods which apply to amendments to the Payment Services Agreement which reduce the Merchant’s rights or increase the Merchant’s responsibilities.

  • We’ve clarified the description of the “Braintree Payment Services”, including product functionality with respect to the bank-sponsored merchant account and fraud protection tools available through Braintree.

  • As a result of PayPal’s acquisition of Hyperwallet, Braintree can enable the payout of settlement funds to a Hyperwallet settlement account, where available, rather than to the Merchant’s bank account, if the Merchant chooses to do so. As a result, we have updated the language describing the payout of processing funds.

  • We’ve added a new provision which imposes time limits on Merchants to review and raise discrepancies regarding Braintree account activity.

  • To ensure compliance with applicable law and the card network rules, we’ve clarified the Merchant’s obligations with respect to providing disclosures and obtaining consents for recurring billing transactions or storing customer cards with Braintree.

  • For Merchants who use other PayPal services besides Braintree, including PayPal and Hyperwallet, we’ve added a right for Braintree to offset Payouts amounts from the Braintree services to cover any past due amounts owed by Merchants for such other services.

  • To address the risk and administrative burdens associated with maintaining inactive merchant accounts, we have included a new provision which outlines Braintree’s process for closing any bank-sponsored merchants accounts that have had no activity for a period of 12 months or longer.


Updates to the Payment Services Agreement for Hong Kong SAR, China Merchants

Effective Date: 23 September 2019 for existing Hong Kong SAR, China Merchants or immediately for all new Hong Kong SAR, China Merchants

Braintree is making the changes described below that will be applicable to all Hong Kong SAR, China Merchants. These changes will become effective on 23 September 2019 for existing Hong Kong SAR, China Merchants (or immediately for all new Hong Kong SAR, China Merchants). In the event you would prefer to decline the changes and close your account, you can do so prior to the effective date and the changes will not apply to you.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text of the changes by accessing the Legal page of our website.

The changes are as follows:

Braintree Payment Services Agreement

  • We’ve clarified the notice periods which apply to amendments to the Payment Services Agreement which reduce the Merchant’s rights or increase the Merchant’s responsibilities.

  • We’ve clarified the description of the “Braintree Payment Services”, including product functionality with respect to the bank-sponsored merchant account and fraud protection tools available through Braintree.

  • As a result of PayPal’s acquisition of Hyperwallet, Braintree can enable the payout of settlement funds to a Hyperwallet settlement account, where available, rather than to the Merchant’s bank account, if the Merchant chooses to do so. As a result, we have updated the language describing the payout of processing funds.

  • We’ve added a new provision which imposes time limits on Merchants to review and raise discrepancies regarding Braintree account activity.

  • To ensure compliance with applicable law and the card network rules, we’ve clarified the Merchant’s obligations with respect to providing disclosures and obtaining consents for recurring billing transactions or storing customer cards with Braintree.

  • For Merchants who use other PayPal services besides Braintree, including PayPal and Hyperwallet, we’ve added a right for Braintree to offset Payouts amounts from the Braintree services to cover any past due amounts owed by Merchants for such other services.

  • To address the risk and administrative burdens associated with maintaining inactive merchant accounts, we have included a new provision which outlines Braintree’s process for closing any bank-sponsored merchants accounts that have had no activity for a period of 12 months or longer.


Updates to the Commercial Entity Agreement for New Zealand Merchants

Effective Date: February 08, 2019 for existing New Zealand merchants and immediately for all new New Zealand merchants

Braintree is making some changes to its New Zealand Commercial Entity Agreement that will be applicable to all New Zealand merchants. The updated Commercial Entity Agreement will become effective on the Effective Date for existing New Zealand merchants and immediately for all new New Zealand merchants. If you are an existing New Zealand merchant and you do not agree to these changes, you must close your Braintree account before the Effective Date.

This Policy Update provides a summary of the changes that are being made. You can review the full text by visiting the updated New Zealand Bank Agreement.

The changes are as follows:

Section 1.E

This section is amended and will now read: “Surcharges. Merchant is permitted to impose a surcharge on card transactions, provided that (i) the surcharge is clearly disclosed to the customer before the transaction is completed; (ii) the customer is given the opportunity to cancel the transaction without incurring any cost; (iii) the amount of the surcharge does not exceed the Merchant's reasonable costs of card acceptance and is not greater than the Merchant’s Service Fee rate;(iv) the surcharge is applied on a flat rate or percentage basis; (v) the surcharge does not include the cost of accepting any non Visa or Mastercard transaction; (vi) the surcharge amount is clearly disclosed on the transaction receipt; (vii) the surcharge must be charged by the Merchant that supplies the goods or services; (viii) the surcharge will not differ between issuers; (ix) the surcharge is added to the transaction amount and not collected separately; (x) the Merchant does not describe the surcharge as, or inform the cardholder that the surcharge is, assessed by Visa, Mastercard or a Financial Institution, (xi) Merchant agrees that it will not impose surcharges on debit card transactions. (xii) the Merchant must register with Braintree prior to implementing surcharging functionality.”

Section 5

This section is added and reads as follows: “Fees. Merchant authorizes the Member to debit from the Merchant’s nominated account the following amounts:

  • (a) all fees, charges and costs due to Braintree or the Member in connection with card processing services;
  • (b) any outstanding amount arising from a refund transaction which the Member has paid to the Merchant, but which was not a valid or acceptable transaction;
  • (c) all over-credits paid by the Member on sales and cash transactions due to errors or omissions;
  • (d) all credits paid by the Member on sales and cash transactions which the Member has determined to chargeback under clause 6;
  • (e) all taxes, any stamp duties and other government charges levied on the services Braintree or the Member supply and this agreement;
  • (f) any amounts found to be due to the Member during an audit or check by the Member;
  • (g) all fines, fees or costs (however described) imposed on the Member (directly or indirectly, including through payments processing agents or contractors) by any card scheme or card scheme rules because of the Merchant’s conduct, including, without limitation:
    • (i) where the Merchant’s conduct results in transactions that are viewed by a card scheme as being illegal or brand damaging; or
    • (ii) where the Merchant’s conduct results in an unacceptable rate of chargebacks (an unacceptable rate of chargebacks includes one which is declared by any card scheme unacceptable under card scheme rules or relevant law); or
    • (iii) because the Merchant failed to comply with the data security standards as required by this agreement; and
  • (h) all fees, charges, costs (including legal costs on a solicitor and own client basis), and expenses of any description incurred by the Member, whether directly or indirectly, for recovery of outstanding debts owed by the Merchant to the Member, for processing of chargebacks by the Member, or otherwise in connection with this agreement; and
  • (i) all other amounts the Merchant owes to the Member under this agreement.”

Section 6

This section is added and reads as follows: “Chargebacks. Merchant shall use all reasonable methods to resolve disputes with Merchant's customers. Should a chargeback dispute occur, Merchant shall promptly comply with all requests for information from BNZ. Merchant shall not attempt to recharge a customer for an item that has been charged back, unless the customer has authorized such actions. Merchant is liable for all chargebacks that are resolved in favor of the customer, and agrees that we may debit any such chargebacks from Merchant’s settlement funds or any other account that Merchant holds with us.”

Section 7

This section is added and reads as follows: “7. Term and Termination. This CEA is effective upon the date Merchant accepts the terms and conditions set out herein and continues so long as Merchant uses the Braintree Service (“Services”) or until terminated by Merchant or Member, provided that those terms which by their nature are intended to survive termination (including without limitation, indemnification and chargeback obligations and limitations of liability) shall so survive termination. This CEA may be terminated by Member at any time based on a breach of any of Merchant’s obligations hereunder or for any other reason that Member or Processor deem exceptional. This CEA will terminate automatically upon any termination of Merchant’s PSA.”

Section 19

This section is added and reads as follows: “Your personal information and privacy. Member may collect personal information (as defined in the Privacy Act 1993) for the purpose of providing you with the services to be provided by Member under this agreement, managing and administering your service and for identifying you and protecting or investigating any fraud or crime or suspected fraud or crime. If you don't provide your personal information to us where we require it, Member may not be able to provide you with the service or to effectively manage or administer the service. Member may collect your personal information directly from you, or from Braintree or from other sources where legal to do so. Member may disclose your personal information to Braintree and to third parties service providers engaged by Member in connection with providing, managing or administering the service. Member's privacy policy, available at www.nab.com.au/privacy contains information about how you can access your personal information held by Member, how you can correct information held by Member and how you can make a complaint about a privacy issue.”

Section 21

This section is added and reads as follows: Association Disclosure; Member Bank information: Member, Bank of New Zealand Limited, may be contacted by mail at: Level 4, 80 Queen Street, Auckland.

Section 22

This section is added and reads as follows: “Important Member Bank Responsibilities:

  • A. Member, and not Braintree, is the entity approved to extend acceptance of Association products directly to you.
  • B. Member must be principle of this CEA.
  • C. Member is responsible for education you on pertinent Visa and MasterCard Rules with which you must comply. Braintree will provide you this information.
  • D. Subject to Section 4 of this CEA, Member is responsible for and must provide settlement funds to you.
  • E. Member is responsible for all the settlement funds prior to funding you (or Braintree as your agent).”

Section 23

This section is added and reads as follows: “Important Merchant Responsibilities:

  • A. Ensure compliance with cardholder data security and storage requirements.
  • B. Maintain fraud and chargebacks below Association thresholds.
  • C. Review and understand the terms of this CEA.
  • D. Comply with Visa and MasterCard rules.”


New Bank Agreement (Commercial Entity Agreement) for Canadian Merchants Processing with Moneris Solutions Corporation

Effective Date: 1 February 2019 for existing Canadian Merchants currently processing with Moneris Solutions Corporation or immediately for all new Canadian Merchants processing with Moneris Solutions Corporation on or after 1 February 2019.

Braintree has entered into an updated agreement with Moneris as part of our efforts to continually improve the Braintree Payment Services for our merchants. Under this new arrangement, there will be a change to the Moneris Merchant Agreement Terms and Conditions, effective 1 February 2019. The revised Moneris terms and conditions applicable to your use of the Braintree Payment Services will be called the Moneris Solutions Corporation Commercial Entity Agreement and are posted on the Legal section of the Braintree website. No changes will be made at this time to your processing or pricing.

If you do not agree to the revised Commercial Entity Agreement, you may close your account before 1 February 2019.

No action is needed on your part at this time. If you have any questions or concerns regarding these updates, please don’t hesitate to reach out to accounts@braintreepayments.com.


Updates to the Payment Services Agreement for US Merchants

Effective Date: December 15, 2018 for existing US Merchants or immediately for all new US Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all US Merchants. The Updated Braintree Payment Services Agreement will become effective on December 15, 2018 for existing US Merchants (or immediately for all new US Merchants). If you do not agree to these changes, you may close your Braintree account before December 15, 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes are as follows:

Section 6.2

This section is amended and will now read: “Braintree agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). Braintree acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that Braintree could impact the security of the cardholder data environment.”

Exhibit A – Attachment 1

Sub-heading entitled ‘Sub-processor List’ is amended by inserting a new paragraph immediately below the existing paragraph and will now read:

  1. Kount Inc: 917 South Lusk, 3rd Floor, Boise, ID 83706
  2. Amazon Web Services, Inc.: 410 Terry Avenue, North Seattle, WA 98109-5210
  3. CardinalCommerce Corporation: 8100 Tyler Blvd., Mentor, OH 44060


Updates to the Payment Services Agreement for EU Merchants

Effective Date: 14 January 2019 for EU Merchants or immediately for all new EU Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all EU Merchants. The Updated Braintree Payment Services Agreement will become effective on 14 January 2019 for EU Merchants (or immediately for all new EU Merchants). If you do not agree to these changes, you may close your Braintree account before 14 January 2019.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes are as follows:

Section 6.2

This section is amended and will now read: “Braintree agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). Braintree acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that Braintree could impact the security of the cardholder data environment.”

Exhibit A – Attachment 1

Sub-heading entitled ‘Sub-processor List’ is amended by inserting a new paragraph immediately below the existing paragraph and will now read:

  1. Kount Inc: 917 South Lusk, 3rd Floor, Boise, ID 83706
  2. Amazon Web Services, Inc.: 410 Terry Avenue, North Seattle, WA 98109-5210
  3. CardinalCommerce Corporation: 8100 Tyler Blvd., Mentor, OH 44060


Updates to the Payment Services Agreement for Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants

Effective Date: 15 December 2018 for existing Merchants or immediately for all new Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Merchants in Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland. The Updated Braintree Payment Services Agreement will become effective on 15 December 2018 for existing Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 15 December 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes are as follows:

Section 6.2

This section is amended and will now read: “Braintree agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). Braintree acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that Braintree could impact the security of the cardholder data environment.”

Exhibit A – Attachment 1

Sub-heading entitled ‘Sub-processor List’ is amended by inserting a new paragraph immediately below the existing paragraph and will now read:

  1. Kount Inc: 917 South Lusk, 3rd Floor, Boise, ID 83706
  2. Amazon Web Services, Inc.: 410 Terry Avenue, North Seattle, WA 98109-5210
  3. CardinalCommerce Corporation: 8100 Tyler Blvd., Mentor, OH 44060


Updates to the Payment Services Agreement for Australian Merchants

Effective Date: 15 December 2018 for existing Australian Merchants or immediately for all new Australian Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Australian Merchants. The Updated Braintree Payment Services Agreement will become effective on 15 December 2018 for existing Australian Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 15 December 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes are as follows:

Section 6.2

This section is amended and will now read: “Braintree agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). Braintree acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that Braintree could impact the security of the cardholder data environment.”

Exhibit A – Attachment 1

Sub-heading entitled ‘Sub-processor List’ is amended by inserting a new paragraph immediately below the existing paragraph and will now read:

  1. Kount Inc: 917 South Lusk, 3rd Floor, Boise, ID 83706
  2. Amazon Web Services, Inc.: 410 Terry Avenue, North Seattle, WA 98109-5210
  3. CardinalCommerce Corporation: 8100 Tyler Blvd., Mentor, OH 44060


Updates to the Payment Services Agreement for Canadian Merchants

Effective Date: 15 December 2018 for existing Canadian Merchants or immediately for all new Canadian Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Canadian Merchants. The Updated Braintree Payment Services Agreement will become effective on 15 December 2018 for existing Canadian Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 15 December 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes are as follows:

Section 6.2

This section is amended and will now read: “Braintree agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). Braintree acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that Braintree could impact the security of the cardholder data environment.”

Exhibit A – Attachment 1

Sub-heading entitled ‘Sub-processor List’ is amended by inserting a new paragraph immediately below the existing paragraph and will now read:

  1. Kount Inc: 917 South Lusk, 3rd Floor, Boise, ID 83706
  2. Amazon Web Services, Inc.: 410 Terry Avenue, North Seattle, WA 98109-5210
  3. CardinalCommerce Corporation: 8100 Tyler Blvd., Mentor, OH 44060


Updates to the Payment Services Agreement for Hong Kong SAR, China Merchants

Effective Date: 15 December 2018 for existing Hong Kong SAR, China Merchants or immediately for all new Hong Kong SAR, China Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Hong Kong SAR, China Merchants. The Updated Braintree Payment Services Agreement will become effective on 15 December 2018 for existing Hong Kong SAR, China Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 15 December 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes are as follows:

Section 6.2

This section is amended and will now read: “Braintree agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). Braintree acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that Braintree could impact the security of the cardholder data environment.”

Exhibit A – Attachment 1

Sub-heading entitled ‘Sub-processor List’ is amended by inserting two new paragraphs immediately below the existing paragraph and will now read:

  1. Kount Inc: 917 South Lusk, 3rd Floor, Boise, ID 83706
  2. Amazon Web Services, Inc.: 410 Terry Avenue, North Seattle, WA 98109-5210
  3. CardinalCommerce Corporation: 8100 Tyler Blvd., Mentor, OH 44060


Updates to the Payment Services Agreement for EU Merchants

Effective Date: 23 October 2018 for EU Merchants or immediately for all new EU Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all EU Merchants. The Updated Braintree Payment Services Agreement will become effective on 23 October 2018 for EU Merchants (or immediately for all new EU Merchants). If you do not agree to these changes, you may close your Braintree account before 22 October 2018.

You should review this Policy Update which gives you asummary of the changesthat are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The main changes to our Payment Services Agreement will enable us to collect data for the purposes of providing card transaction fraud screening services as part of our Braintree Services which we now refer to as Fraud Maintenance Tools.

In addition to the changes made to the wording under Exhibit B (listed below) we have(a) deleted ‘(i) prior to 25 May 2018, EU Directive 95/46/EC;’ from the definition for “Data Protection Laws” – the remaining two references are renumbered as roman numeral (i) and (ii) and (b) removed Century Link as a sub-processor.

Changes for the purposes of Fraud Maintenance Tools:

Section 1

  • Fraud Maintenance Tools included as a newly defined term.

  • New section 1.03 inserted which details the service description and definition for Fraud Maintenance Tools: ‘“1.03 Fraud Maintenance Tools”The optional tools made available as part of the Payment Processing Services that, if enabled by you, allow you to access fraudulent transaction management features to help detect fraudulent transactions, as described in more detail on our website (“Fraud Maintenance Tools”). If you decide to enable and use our Fraud Maintenance Tools, you are responsible for setting preferences for the Fraud Maintenance Tools. It is your responsibility to determine which Transactions you will accept or reject based on the information provided by the Fraud Maintenance Tools. It is your sole responsibility to provide any necessary notices or disclosures and obtain any required consents, on the use of Fraud Maintenance Tools to your customers on your website or mobile application. You shall use the Fraud Maintenance Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to use information obtained through the use of the Fraud Maintenance Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described in the documentation for the Fraud Maintenance Tools. You acknowledge and agree that Braintree does not represent or warrant that the Fraud Maintenance Tools are error free or that they will identify all fraudulent transaction activity. In addition, Braintree shall not be liable whether you decide to accept or reject a Transaction using the Fraud Maintenance Tools. You are responsible for all final actions or inactions you take on Transactions that may be fraudulent based on responses or data provided by the Fraud Maintenance Tools.’

Exhibit A – Part 3

Definition

  • New definition included: “Fraud Maintenance Tools”: has the definition ascribed to such term in Section 1.03”

Exhibit B

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means the personal data that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by the Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by the Merchant of the Braintree Payment Services.

  • Heading for paragraph 2 is amended and will now read: “Processingof Merchant Data in Connection with the Services”.

  • 2.1 will now read: “Braintree is the controller in respect of Merchant Data and may use it for the following purposes as provided for in the Braintree Privacy Policy:”There are no further changes to paragraph 2.1.

  • 2.3 through to 2.8 is deleted from paragraph 2 and now covered under paragraph 3.

  • Heading for paragraph 3 is amended and will now read “Processing of customer data in connection with the services”.

  • The deleted paragraphs 2.3 through to 2.8 are now inserted under paragraph 3.1.

  • New sub-paragraph 3.2 is inserted and entitled “Data processor terms”.

  • The existing sub-paragraph 3.1 is now renumbered as 3.2.

  • Attachment 3 – collection of Device ID and Browser Data shall be as detailed under the Fraud Maintenance Tools documentation made available by Braintree from time to time.


Updates to the Payment Services Agreement for Canadian Merchants

Effective Date: 22 September 2018 for existing Canadian Merchants or immediately for all new Canadian Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Canadian Merchants. The Updated Braintree Payment Services Agreement will become effective on 22 September 2018 for existing Canadian Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 22 September 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes to our Payment Services Agreement will enable us to collect data for the purposes of providing card transaction fraud screening services as part of our Braintree Services which we now refer to as Fraud Maintenance Tools.

The changes are as follows:

Section 1

  • New section 1.01(a) is amended and will now read: ‘“Payment Processing Services” means the payment processing services offered by Braintree which provide merchants with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application. These services include Gateway Services, a bank-sponsored merchant account, Fraud Maintenance Tools (as defined below), recurring billing functionality, payment card storage, foreign currency acceptance, white glove customer support, and other software, APIs and services and technology as described on the Braintree website. The Payment Processing Services also may include services provided by Acquirer pursuant to your applicable Bank Agreement. Braintree and Acquirer reserve the right to allocate among themselves their respective rights and obligations under this Agreement and the Bank Agreement as they deem appropriate in their sole discretion and subject to compliance with applicable law and regulations and the requirements of the Associations.’

  • Fraud Maintenance Tools included as a newly defined term.

  • New section 1.01(c)inserted which details the service description and definition for Fraud Maintenance Tools: ‘“Fraud Maintenance Tools” means the optional tools made available as part of the Payment Processing Services that, if enabled by you, allow you to access fraudulent transaction management features to help detect fraudulent transactions, as described in more detail on our website (“Fraud Maintenance Tools”). If you decide to enable and use our Fraud Maintenance Tools, you are responsible to determine which Transactions you will accept or reject based on the information provided by the Fraud Maintenance Tools. It is your sole responsibility to provide any necessary notices and disclosures, and obtain any required consents, on the use of the Fraud Maintenance Tools to your Customers on your website or mobile application. You shall use the Fraud Maintenance Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to useinformation obtained through the use of the Fraud Maintenance Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described in the applicable documentation for the Fraud Maintenance Tools. You acknowledge andagree that Braintree does not represent or warrant that the Fraud Maintenance Tools are error free or that they will identify all fraudulent transaction activity. In addition, Braintree shall not be liable whether you decide to accept or reject a Transaction using the Fraud Maintenance Tools. You are responsible for all final actions or inactions you take on Transactions that may be fraudulent based on responses or data provided by the Fraud Maintenance Tools.’

Section 6.03

  • This section is amended and will now read: “All Customer Data shall be owned by Merchant and Merchant hereby grants Braintree a perpetual, irrevocable, sub-licensable, assignable, worldwide, royalty-free license to use, reproduce, electronically distribute, and display Customer Data for thefollowing purposes: (i) providing and improving the Braintree Payment Services, including the collection, processing and use of Customer Data for the purposes of Braintree providing and improving the Fraud Maintenance Tools made available as part of the Braintree Payment Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data; (iii) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and (iv) any other purpose for which consent has been provided by the Customer. Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Customer Data set out above.”

Exhibit A – Data Protection Addendum

  • Definition for “Customer Data” is updated and will now read: “Customer Data”means the personal data that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by the Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by the Merchant of the Braintree Payment Services.

  • 2.1 will now read: “Braintree is the controller in respect of Merchant Data and may use it for the following purposes as provided for in the Braintree Privacy Policy:”There are no further changes to paragraph 2.1.

  • New 2.8 is inserted immediately after 2.7 and reads as follows: “Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.”

Exhibit A – Attachment 3

  • Sub-heading entitled ‘Subject-matter of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“The payment processing services offered by Braintree which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a websiteor mobile application from Customers.

The payment processing services include the optional use of Fraud Maintenance Tools by Merchant to detect fraudulent transactions.”

  • Sub-heading entitled ‘Nature and purpose of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“Braintree processes Customer Data that is sent by the Merchant to Braintree for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.

Braintree processes Customer Data that is collected by Braintree or sent from Merchant to Braintree for the purposes of Braintree making the Fraud Maintenance Tools available to Merchant. Braintree collects, processes and uses Customer Data on behalf of Merchant in order to analyze the Customer Data and use it to identify fraudulent transactions on Merchants’ websites or mobile applications as further described in the Payment Services Agreement.”

  • Sub-heading entitled ‘Type of personal data’. Collection of Device Dataand Browser Data shall be as detailed under the Fraud Maintenance Tools documentation made available by Braintree from time to time.

  • Sub-heading entitled ‘Special categories of data (if relevant). The wording under this sub-heading is amended to include ‘processing’ and will now read “The transfer and processing of special categories of data is not anticipated’.

Exhibit B – Definitions

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means all information, including personal data, that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by Merchant of the Braintree Payment Services.”


Updates to the Payment Services Agreement for US Merchants

Effective Date: September 22, 2018 for existing US Merchants or immediately for all new US Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all US Merchants. The Updated Braintree Payment Services Agreement will become effective on September 22, 2018 for existing US Merchants (or immediately for all new US Merchants). If you do not agree to these changes, you may close your Braintree account before September 22, 2018.

You should review this Policy Update which gives you a summary of the changesthat are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes to our Payment Services Agreement will enable us to collect data for the purposes of providing card transaction fraud screening services as part of our Braintree Services which we now refer to as Fraud Maintenance Tools.

The changes are as follows:

Section 1

  • Fraud Maintenance Tools included as a newly defined term.

  • New section 1.01(c)inserted which details the service description and definition for Fraud Maintenance Tools: ‘“Fraud Maintenance Tools” means the optional tools made available as part of the Payment Processing Services that, if enabled by you, allow you to access fraudulent transaction management features to help detect fraudulent transactions, as described in more detail on our website (“Fraud Maintenance Tools”). If you decide to enable and use our Fraud Maintenance Tools, you are responsible to determine which Transactions you will accept or reject based on the information provided by the Fraud Maintenance Tools. It is your sole responsibility to provide any necessary notices and disclosures, and obtain any required consents, on the use of the Fraud Maintenance Tools to your Customers on your website or mobile application. You shall use the Fraud Maintenance Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to use information obtained through the use of the Fraud Maintenance Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described inthe applicable documentation for the Fraud Maintenance Tools. You acknowledge and agree that Braintree does not represent or warrant that the Fraud Maintenance Tools are error free or that they will identify all fraudulent transaction activity. In addition, Braintree shall not be liable whether you decide to accept or reject a Transaction using the Fraud Maintenance Tools. You are responsible for all final actions or inactions you take on Transactions that may be fraudulent based on responses or data providedby the Fraud Maintenance Tools.’

Section 6.03

  • This section is amended and will now read: “All Customer Data shall be owned by Merchant and Merchant hereby grants Braintree a perpetual, irrevocable, sub-licensable, assignable, worldwide, royalty-free license to use, reproduce, electronically distribute, and display Customer Data for the following purposes: (i) providing and improving the Braintree Payment Services, including the collection, processing and use of Customer Data for the purposes of Braintree providing and improving the Fraud Maintenance Tools made available as part of the Braintree Payment Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data; (iii) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and (iv) any other purpose for which consent has been provided by the Customer. Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Customer Data set out above.”

Exhibit A – Data Protection Addendum

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means the personal data that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by the Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by the Merchant of the Braintree Payment Services.

  • 2.1 will now read: “Braintree is the controller in respect of Merchant Data and may use it for the following purposes as provided for in the Braintree Privacy Policy: ”There are no further changes to paragraph 2.1.

  • New 2.8 is inserted immediately after 2.7 and reads as follows: “Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.”

Exhibit A – Attachment 3

  • Sub-heading entitled ‘Subject-matter of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“The payment processing services offered by Braintree which provides Merchant with theability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.

The payment processing services include the optional use of Fraud Maintenance Tools by Merchant to detect fraudulent transactions.”

  • Sub-heading entitled ‘Nature and purpose of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“Braintree processes Customer Data that is sent by the Merchant to Braintree for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.

Braintree processes Customer Data that is collected by Braintree or sent from Merchant to Braintree for the purposes of Braintree making the Fraud Maintenance Tools available to Merchant. Braintree collects, processes and uses Customer Data on behalf of Merchant in order to analyze the Customer Data and use it to identify fraudulent transactions on Merchants’ websites or mobileapplications as further described in the Payment Services Agreement.”

  • Sub-heading entitled ‘Type of personal data’. Collection of Device Dataand Browser Data shall be as detailed under the Fraud Maintenance Tools documentation made available by Braintree from time to time.

  • Sub-heading entitled ‘Special categories of data (if relevant). The wording under this sub-heading is amended to include ‘processing’ and will now read “The transfer and processing of special categories of data is not anticipated’.

Exhibit B – Definitions

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means all information, including personal data, that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by Merchant of the Braintree Payment Services.”


Updates to Commercial Entity Agreement for Australian Merchants

Effective date: 22 September 2018

National Australia Bank has made changes to the Commercial Entity Agreement. You can access the amended National Australia Bank Commercial Entity Agreement here.


Updates to the Payment Services Agreement for Australian Merchants

Effective Date: 22 September 2018 for existing Australian Merchants or immediately for all new Australian Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Australian Merchants. The Updated Braintree Payment Services Agreement will become effective on 22 September 2018 for existing Australian Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 22 September 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes to our Payment Services Agreement will enable us to collect data for the purposes of providing card transaction fraud screening services as part of our Braintree Services which we now refer to as Fraud Maintenance Tools.

The changes are as follows:

Section 1

  • Fraud Maintenance Tools included as a newly defined term.

  • New section 1.01(c) inserted which details the service description and definition for Fraud Maintenance Tools: ‘“Fraud Maintenance Tools” means the optional tools made available as part of the Payment Processing Services that, if enabled by you, allow you to access fraudulent transaction management features to help detect fraudulent transactions, as described in more detail on our website (“Fraud Maintenance Tools”). If you decide to enable and use our Fraud Maintenance Tools, you are responsible to determine which Transactions you will accept or reject based on the information provided by the Fraud Maintenance Tools. It is your sole responsibility to provide any necessary notices and disclosures, and obtain any required consents, on the use of the Fraud Maintenance Tools to your Customers on your website or mobile application. You shall use the Fraud Maintenance Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to use information obtained through the use of the Fraud Maintenance Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described in the applicable documentation for the Fraud Maintenance Tools. You acknowledge and agree that Braintree does not represent or warrant that the Fraud Maintenance Tools are error free or that they will identify all fraudulent transaction activity. In addition, Braintree shall not be liable whether you decide to accept or reject a Transaction using the Fraud Maintenance Tools. You are responsible for all final actions or inactions you take on Transactions that may be fraudulent based on responses or data provided by the Fraud Maintenance Tools.’

Section 6.03

  • This section is amended and will now read: “All Customer Data shall be owned by Merchant and Merchant hereby grants Braintree a perpetual, irrevocable, sub-licensable, assignable, worldwide, royalty-free license to use, reproduce, electronically distribute, and display Customer Data for the following purposes: (i) providing and improving the Braintree Payment Services, including the collection, processing and use of Customer Data for the purposes of Braintree providing and improving the Fraud Maintenance Tools made available as part of the Braintree Payment Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data; (iii) complying with applicable legal requirementsand assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and (iv) any other purpose for which consent has been provided by the Customer. Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Customer Data set out above.”

Definitions

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means all information, including personal data, that (i) the Customer provides toMerchant and Merchant passes on to Braintree through the use by Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by Merchant of the Braintree Payment Services.”

Exhibit A – Data Protection Addendum

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means the personal data that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by the Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by the Merchant of the Braintree Payment Services.

  • 2.1 will now read: “Braintree is the controller in respect of Merchant Data and may use it for the following purposesas provided for in the Braintree Privacy Policy:”There are no further changes to paragraph 2.1.

  • New 2.8 is inserted immediately after 2.7 and reads as follows: “Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.”

Exhibit A – Attachment 3

Sub-heading entitled ‘Subject-matter of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“The payment processing services offered by Braintree which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.

The payment processing services include the optional use ofFraud Maintenance Tools by Merchant to detect fraudulent transactions.”

  • Sub-heading entitled ‘Nature and purpose of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“Braintree processes Customer Data that is sent by the Merchant to Braintree for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.

Braintree processes Customer Data that is collectedby Braintree or sent from Merchant to Braintree for the purposes of Braintree making the Fraud Maintenance Tools available to Merchant. Braintree collects, processes and uses Customer Data on behalf of Merchant in order to analyze the Customer Data and useit to identify fraudulent transactions on Merchants’ websites or mobile applications as further described in the Payment Services Agreement.”

  • Sub-heading entitled ‘Type of personal data’. Collection of Device Dataand Browser Data shall be as detailed under the Fraud Maintenance Tools documentation made available by Braintree from time to time.

  • Sub-heading entitled ‘Special categories of data (if relevant). The wording under this sub-heading is amended to include ‘processing’ and will now read “The transfer and processing of special categories of data is not anticipated’.


Updates to the Payment Services Agreement for Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants

Effective Date: 22 September 2018 for existing Merchants or immediately for all new Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Merchants in Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland. The Updated Braintree Payment Services Agreement will become effective on 22 September 2018 for existing Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 22 September 2018.

You should review this Policy Update which gives you a summary of the changesthat are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes to our Payment Services Agreement will enable us to collect data for the purposes of providing card transaction fraud screening services as part of our Braintree Services which we now refer to as Fraud Maintenance Tools.

The changes are as follows:

Section 1

  • Fraud Maintenance Tools included as a newly defined term.
  • New section 1.01(c) inserted which details the service description and definition for Fraud Maintenance Tools: ‘“Fraud Maintenance Tools” means the optional tools made available as part of the Payment Processing Services that, if enabled by you, allow you to access fraudulent transaction management features to help detect fraudulent transactions, as described in more detail on our website (“Fraud Maintenance Tools”). If you decide to enable and use our Fraud Maintenance Tools, you are responsible to determine which Transactions you will accept or reject based on the information provided by the Fraud Maintenance Tools. It is your sole responsibility to provide any necessary notices and disclosures, and obtain any required consents, on the use of the Fraud Maintenance Tools to your Customers on your website or mobile application. You shall use the Fraud Maintenance Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to use information obtained through the use of the Fraud Maintenance Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described in the applicable documentation for the Fraud Maintenance Tools. You acknowledge and agree that Braintree does not represent or warrant that the Fraud Maintenance Tools are error free or that they will identify all fraudulent transaction activity. In addition, Braintree shall not be liable whether you decide to accept or reject a Transaction using the Fraud Maintenance Tools. You are responsible for all final actions or inactions you take on Transactions that may be fraudulent based on responses or data provided by the Fraud Maintenance Tools.’

Section 6.03

  • This section is amended and will now read: “All Customer Data shall be owned by Merchant and Merchant hereby grants Braintree a perpetual, irrevocable, sub-licensable, assignable, worldwide, royalty-free license to use, reproduce, electronically distribute, and display Customer Data for the following purposes: (i) providing and improving the Braintree Payment Services, including the collection, processing and use of Customer Data for the purposes of Braintree providing and improving the Fraud Maintenance Tools made available as part of the Braintree Payment Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data; (iii) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and (iv) any other purpose for which consent has been provided by the Customer. Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Customer Data set out above.”

Exhibit A – Data Protection Addendum

  • Definition for “Customer Data” is updated and will now read: “Customer Data”means the personal data that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by the Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by the Merchant of the Braintree Payment Services.

  • 2.1 will now read: “Braintree is the controller in respect of Merchant Data and may use it for the following purposes as provided for in the Braintree Privacy Policy: ”There are no further changes to paragraph 2.1.

  • New 2.8 is inserted immediately after 2.7 and reads as follows: “Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.”

Exhibit A – Attachment 3

  • Sub-heading entitled ‘Subject-matter of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“The payment processing services offered by Braintree which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.

The payment processing services include the optional use of Fraud Maintenance Tools by Merchant to detect fraudulent transactions.”

  • Sub-heading entitled ‘Nature and purpose of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“Braintree processes Customer Data that is sent by the Merchant to Braintree for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.

Braintree processes Customer Data that is collected by Braintree or sent from Merchant to Braintree for the purposes of Braintree making the Fraud Maintenance Tools available to Merchant. Braintree collects, processes and uses Customer Data on behalf of Merchant in order to analyze the Customer Data and use it to identify fraudulent transactions on Merchants’ websites or mobile applications as further described in the Payment Services Agreement.”

  • Sub-heading entitled ‘Type of personal data’. Collection of Device Dataand Browser Data shall be as detailed under the Fraud Maintenance Tools documentation made available by Braintree from time to time.

  • Sub-heading entitled ‘Special categories of data (if relevant). The wording under this sub-heading is amended to include ‘processing’ and will now read “The transfer and processing of special categories of data is not anticipated’.

Exhibit B – Definitions

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means all information, including personal data, that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by Merchant of the Braintree Payment Services.”


Updates to the Payment Services Agreement for Hong Kong SAR, China Merchants

Effective Date: 22 September 2018 for existing Hong Kong SAR, China Merchants or immediately for all new Hong Kong SAR, China Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Hong Kong SAR, China Merchants. The Updated Braintree Payment Services Agreement will become effective on 22 September 2018 for existing Hong Kong SAR, China Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before 22 September 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The changes to our Payment Services Agreement will enable us to collect data for the purposes of providing card transaction fraud screening services as part of our Braintree Services which we now refer to as Fraud Maintenance Tools.

The changes are as follows:

Section 1

  • Fraud Maintenance Tools included as a newly defined term.
  • New section 1.1(c)inserted which details the service description and definition for Fraud Maintenance Tools: ‘“Fraud Maintenance Tools” means the optional tools made available as part of the Payment Processing Services that, if enabled by you, allow you to access fraudulent transaction management features to help detect fraudulent transactions, as described in more detail on our website (“Fraud Maintenance Tools”). If you decide to enable and use our Fraud Maintenance Tools, you are responsible to determine which Transactions you will accept or reject based on the information provided by the Fraud Maintenance Tools. It is your sole responsibility to provide any necessary notices and disclosures, and obtain any required consents, on the use of the Fraud Maintenance Tools to your Customers on your website or mobile application. You shall use the Fraud Maintenance Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to use information obtained through the use of the Fraud Maintenance Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described in the applicable documentation for the Fraud Maintenance Tools.You acknowledge and agree that Braintree does not represent or warrant that the Fraud Maintenance Tools are error free or that they will identify all fraudulent transaction activity. In addition, Braintree shall not be liable whether you decide to accept or reject a Transaction using the Fraud Maintenance Tools. You are responsible for all final actions or inactions you take on Transactions that may be fraudulent based on responses or data provided by the Fraud Maintenance Tools.’

Section 6.3

  • This section is amended and will now read: “All Customer Data shall be owned by Merchant and Merchant hereby grants Braintree a perpetual, irrevocable, sub-licensable, assignable, worldwide, royalty-free license to use, reproduce, electronically distribute, and display Customer Data for the following purposes: (i) providing and improving the Braintree Payment Services, including the collection, processing and use of Customer Data for the purposes of Braintree providing and improving the Fraud Maintenance Tools made available as part of the Braintree Payment Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data; (iii) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and (iv) any other purpose for which consent has been provided by the Customer. Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Customer Data set out above.”

Exhibit A – Definitions

  • Definition for “Customer Data” is updated and will now read: “Customer Data” means all information, including personal data, that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by Merchant of the Braintree Payment Services.”

Exhibit B – Data Protection Addendum

  • Definition for “Customer Data” is updated and will now read: “Customer Data”means the personal data that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the use by the Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by the Merchant of the Braintree Payment Services.

  • 2.1 will now read: “Braintree is the controller in respect of Merchant Data and may use it for the following purposes as provided for in the Braintree Privacy Policy:”There are no further changes to paragraph 2.1.

  • New 2.8 is inserted immediately after 2.7 and reads as follows: “Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.”

Exhibit B – Attachment 3

Sub-heading entitled ‘Subject-matter of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“The payment processing services offered by Braintree which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.

The payment processing services includethe optional use of Fraud Maintenance Tools by Merchant to detect fraudulent transactions.”

  • Sub-heading entitled ‘Nature and purpose of the processing’ is amended by inserting a new paragraph immediately below the exiting paragraph and will now read:

“Braintree processes Customer Data that is sent by the Merchant to Braintree for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.

Braintree processes Customer Data that is collected by Braintree or sent from Merchant to Braintree for the purposes of Braintree making the Fraud Maintenance Tools available to Merchant. Braintree collects, processes and uses Customer Data on behalf of Merchant in order to analyze the Customer Data and use it to identify fraudulent transactions on Merchants’ websites or mobile applications as further described in the Payment Services Agreement.”

  • Sub-heading entitled ‘Type of personal data’. Collection of Device Dataand Browser Data shall be as detailed under the Fraud Maintenance Tools documentation made available by Braintree from time to time.

  • Sub-heading entitled ‘Special categories of data (if relevant). The wording under this sub-heading is amended to include ‘processing’ and will now read “The transfer and processing of special categories of data is not anticipated’.


Privacy Policy

Effective Date: 25 May 2018 for all merchants

We have also issued a new Braintree Services Privacy Policy. This new Privacy Policy is specific to our Braintree Services and will replace our current Privacy Policy for PayPal Services. We updated the new Privacy Policy to reword some content to make our practices easier to understand. This new Privacy Policy explains the personal data we collect and how we use it across our service and it also brings PayPal privacy practices in line with the EU General Data Protection Regulation. We encourage you to familiarise yourself with the new Privacy Policy, which can be found under the Legal section of our website entitled ‘Privacy Policy’.


Updates to the Payment Services Agreement for Canadian Merchants

Effective Date: May 25, 2018 for existing Canadian merchants and immediately for all new Canadian merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Canadian merchants. The updated Payment Services Agreement will become effective on the Effective Date for existing Canadian merchants and immediately for all new Canadian merchants. If you are an existing Canadian merchant and you do not agree to these changes, you must close your Braintree account before the Effective Date.

This Policy Update provides a summary of the changes that are being made. You can review the full text by visiting the updated Braintree Payment Services Agreement and Privacy Policy.

We are revising the Payment Services Agreement to ensure that it is compliant with the Code of Conduct for the Credit and Debit Card Industry in Canada, including by providing a cover page which provides information on key elements of the contract, such as the effective date, how to terminate the agreement and how to file a complaint.

We are also revising the Payment Services Agreement to ensure that we are compliant with new European regulations on data protection on how the personal data of EU persons is collected, processed, transferred and deleted.


Updates to the Payment Services Agreement for US Merchants

Effective Date: May 25, 2018 for existing US Merchants or immediately for all new US Merchants

Payment Services Agreement

Braintree is making some changes to its Payment Services Agreement that will be applicable to all US Merchants. The Updated Braintree Payment Services Agreement will become effective on May 25, 2018 for existing US Merchants (or immediately for all new US Merchants). If you do not agree to these changes, you may close your Braintree account before May 25, 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing the Updated Braintree Payment Services Agreement.

The main changes to our Payment Services Agreement are because of changes required by the General Data Protection Regulation (“GDPR”), a new regulation in the EU that defines standards on how the personal data of EU persons is collected, processed, transferred and deleted. We have also made changes to the wording under Data Security Compliance. A summary of these changes is set out below.

6.02 Data Security Compliance

We have deleted ‘on behalf of Braintree’ which appeared at the end of the first sentence.

8.02 Data Portability

We have moved this section to Section 3.14 of Exhibit A.

6.04 Data Protection and Exhibit A – Data Protection Addendum

We have included a new Exhibit A to outline Merchant’s and Braintree’s obligations under GDPR as data controller and data processor, respectively. To highlight, Exhibit A provides as follows:

  • Section 2.1 states that we are the controller in respect of your Merchant Data.
  • Section 2.2 states that we will comply with the requirements under Data Protection Laws applicable to controllers where we act as controller.
  • Section 2.3 states that for the purposes of Merchant’s Customer Data, we act as processor and we will only process Customer Data on behalf of Merchant.
  • Section 2.4 states that we will only process Customer Data in accordance with your written instructions. Anything outside of scope will require prior written agreement including details of any additional fees payable by you for such services. Your instructions to us will comply with applicable laws. You instruct us to process Customer Data for the following additional purposes:
    • We will co-operate with you to the extent reasonably necessary to enable you to discharge your responsibilities as a controller. We will also provide you with reasonable assistance to assist you with preparation of data protection impact assessment to the extent required of you under Data Protection Laws.
    • We will process Customer Data in accordance with the specific duration, purpose, type and categories as set out in Attachment 3.
  • Section 2.6 states that the objective of processing Customer Data by us is the performance of the Braintree Payment Services.
  • Section 3 sets forth the terms under which we act as a processor or sub-processor to you.
  • Sections 3.1 and 3.2 state that under certain circumstances we will provide assistance for any requests by you to correct, amend, block or delete Customer Data.
  • Section 3.4 states that we will provide training to Braintree personnel with respect of our obligations under Exhibit A.
  • Section 3.6 states that our Data Protection Officer can be contacted at the address provided.
  • Section 3.7 states that if we engage with a Sub-processor we shall ensure that our contract with the Sub-processor contains terms for the protection of Customer Data which are no less protective than the terms set out under Exhibit A.
  • Section 3.8 sets forth our obligations and your rights with respect to auditing our compliance with the obligations in Exhibit A.
  • Section 3.9 states that we will implement and maintain appropriate technical and organizational measures as described in Attachment 2 to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage.
  • Section 3.10 states that if we become aware of a Security Incident we will promptly notify you and take reasonable steps to minimize harm and secure Customer Data.
  • Section 3.11 states that if we notify you of a Security Incident we will describe (to the extent possible) details of the Security Incident including steps we have taken to mitigate the potential risk.
  • Section 3.13 states that if you decide to terminate your agreement with us we shall delete or return to you all Customer Data that we have processed on your behalf. We shall delete copies of Customer Data unless we have to retain copies for compliance with applicable law.
  • Section 3.14 is the updated section of ‘Data Portability’ that was previously Section 8.02 of the Payment Services Agreement. We’ve updated Merchant’s responsibility to indemnify Braintree for any losses, claims or expenses incurred as a result of Merchant’s acts or omissions or arising out of or in connection with the transfer of any data to a Data Recipient.
  • Attachment 1 lists the Sub-processors currently used by us to provide the Braintree Payment Services.
  • Attachment 2 lists the specific technical and organizational measures maintained by us as referred to in Section 3.9 to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the Braintree Payment Services.
  • Attachment 3 includes details on the subject matter, nature and purpose of the processing, the type of personal data that we will process on your behalf, any special categories of data and the duration of processing.


Updates to the Payment Services Agreement - Australia

Effective Date: 25 May 2018 for existing Australian Merchants or immediately for all new Australian Merchants

Payment Services Agreement

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Australian Merchants. The Updated Braintree Payment Services Agreement will become effective on 25 May 2018 for existing Australian Merchants (or immediately for all new Australian Merchants). If you do not agree to these changes, you may close your Braintree account before 25 May 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing the Updated Braintree Payment Services Agreement.

Our Payment Services Agreement is changing because of the General Data Protection Regulation (“GDPR”), which defines standards on how the personal data of EU persons is collected, processed, transferred and deleted. The GDPR is relevant to you and Braintree because you may accept one or more payments from an EU person through our services. Under the GDPR, we must enter into an agreement to protect the personal data of EU persons. This is contained in a new Exhibit A.

Exhibit A outlines yours and Braintree’s rights and obligations under GDPR as data controller and data processor, respectively. To highlight, Exhibit A provides as follows:

  • Section 2.1 states that we are the controller in respect of your Merchant Data.
  • Section 2.2 states that we will comply with the requirements under Data Protection Laws applicable to controllers where we act as controller.
  • Section 2.3 states that for the purposes of Merchant’s Customer Data, we act as processor and we will only process Customer Data on behalf of Merchant.
  • Section 2.4 states that we will only process Customer Data in accordance with your written instructions. Anything outside of scope will require prior written agreement including details of any additional fees payable by you for such services. Your instructions to us will comply with applicable laws. You instruct us to process Customer Data for the following additional purposes:
    • We will co-operate with you to the extent reasonably necessary to enable you to discharge your responsibilities as a controller. We will also provide you with reasonable assistance to assist you with preparation of data protection impact assessment to the extent required of you under Data Protection Laws.
    • We will process Customer Data in accordance with the specific duration, purpose, type and categories as set out in Attachment 3.
  • Section 2.6 states that the objective of processing Customer Data by us is the performance of the Braintree Payment Services.
  • Section 3 sets forth the terms under which we act as a processor or sub-processor to you.
  • Sections 3.1 and 3.2 state that under certain circumstances we will provide assistance for any requests by you to correct, amend, block or delete Customer Data.
  • Section 3.4 states that we will provide training to Braintree personnel with respect of our obligations under Exhibit A.
  • Section 3.6 states that our Data Protection Officer can be contacted at the address provided.
  • Section 3.7 states that if we engage with a Sub-processor we shall ensure that our contract with the Sub-processor contains terms for the protection of Customer Data which are no less protective than the terms set out under Exhibit A.
  • Section 3.8 sets forth our obligations and your rights with respect to auditing our compliance with the obligations in Exhibit A.
  • Section 3.9 states that we will implement and maintain appropriate technical and organisational measures as described in Attachment 2 to keep Customer Data secure and protect it against unauthorised or unlawful processing and accidental loss, destruction or damage.
  • Section 3.10 states that if we become aware of a Security Incident we will promptly notify you and take reasonable steps to minimise harm and secure Customer Data.
  • Section 3.11 states that if we notify you of a Security Incident we will describe (to the extent possible) details of the Security Incident including steps we have taken to mitigate the potential risk.
  • Section 3.13 states that if you decide to terminate your agreement with us we shall delete or return to you all Customer Data that we have processed on your behalf. We shall delete copies of Customer Data unless we have to retain copies for compliance with applicable law.
  • Section 8.02 of the main body of the Payment Services Agreement, dealing with data portability, has been moved to a new Section 3.14 of the new Exhibit A. We have also added an obligation for you to execute any instruments or documents we reasonably require to give effect to that Section.
  • Attachment 1 lists the Sub-processors currently used by us to provide the Braintree Payment Services.
  • Attachment 2 lists the specific technical and organizational measures maintained by us as referred to in Section 3.9 to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the Braintree Payment Services.
  • Attachment 3 includes details on the subject matter, nature and purpose of the processing, the type of personal data that we will process on your behalf, any special categories of data and the duration of processing.


Updates to the Payment Services Agreement for Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland Merchants

Effective Date: May 25, 2018 for existing Merchants or immediately for all new Merchants

Payment Services Agreement

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Merchants in Singapore, Malaysia, New Zealand, Andorra, Croatia, Iceland, Monaco and Switzerland. The Updated Braintree Payment Services Agreement will become effective on May 25, 2018 for existing Merchants (or immediately for all new Merchants). If you do not agree to these changes, you may close your Braintree account before May 25, 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing the Updated Braintree Payment Services Agreement.

The most substantial changes to our Payment Services Agreement are because of changes required by the General Data Protection Regulation (“GDPR”), a new regulation in the EU that defines standards on how the personal data of EU persons is collected, processed, transferred and deleted. A summary of these and all other changes is set out below.

1.01 Braintree Payment Services

We’ve updated the description of “Gateway Services” to include additional products and services available through Braintree. These include products provided by Braintree such as the Forwarding Services and Grant Services as well as third party payment technology services such as Apple Pay, Visa Checkout and Masterpass. Each set of terms applicable to these products and services is separate from the Payment Services Agreement, and can be found on our website here.

3.01 Restricted activities

We’ve updated the terms regarding Merchant compliance with the card association rules prohibiting Merchant from (i) Showing preference for or discriminating one card brand or type over another and (ii) billing or collecting from any cardholder any payment on a card without having a right to under the card association rules.

6.02 Data Security Compliance

We have deleted ‘on behalf of Braintree’ which appeared at the end of the first sentence. In addition, we’ve added data security terms outlining (i) Merchant responsibility for reporting data breaches and ensuring accurate processing of customer data and (ii) Braintree’s responsibility for PCI DSS compliance and the security of cardholder data.

6.06 Trademark License

We’ve added a requirement that upon expiration or termination of the Payment Services Agreement, Merchant must immediately cease the display, advertising and use of all trademarks of the card associations.

8.02 Data Portability

We have moved this section to Section 3.14 of Exhibit A.

6.04 Data Protection and Exhibit A – Data Protection Addendum

We have included a new Exhibit A to outline Merchant’s and Braintree’s obligations under GDPR as data controller and data processor, respectively. To highlight, Exhibit A provides as follows:

  • Section 2.1 states that we are the controller in respect of your Merchant Data.
  • Section 2.2 states that we will comply with the requirements under Data Protection Laws applicable to controllers where we act as controller.
  • Section 2.3 states that for the purposes of Merchant’s Customer Data, we act as processor and we will only process Customer Data on behalf of Merchant.
  • Section 2.4 states that we will only process Customer Data in accordance with your written instructions. Anything outside of scope will require prior written agreement including details of any additional fees payable by you for such services. Your instructions to us will comply with applicable laws. You instruct us to process Customer Data for the following additional purposes:
    • We will co-operate with you to the extent reasonably necessary to enable you to discharge your responsibilities as a controller. We will also provide you with reasonable assistance to assist you with preparation of data protection impact assessment to the extent required of you under Data Protection Laws.
    • We will process Customer Data in accordance with the specific duration, purpose, type and categories as set out in Attachment 3.
  • Section 2.6 states that the objective of processing Customer Data by us is the performance of the Braintree Payment Services.
  • Section 3 sets forth the terms under which we act as a processor or sub-processor to you.
  • Sections 3.1 and 3.2 state that under certain circumstances we will provide assistance for any requests by you to correct, amend, block or delete Customer Data.
  • Section 3.4 states that we will provide training to Braintree personnel with respect of our obligations under Exhibit A.
  • Section 3.6 states that our Data Protection Officer can be contacted at the address provided.
  • Section 3.7 states that if we engage with a Sub-processor we shall ensure that our contract with the Sub-processor contains terms for the protection of Customer Data which are no less protective than the terms set out under Exhibit A.
  • Section 3.8 sets forth our obligations and your rights with respect to auditing our compliance with the obligations in Exhibit A.
  • Section 3.9 states that we will implement and maintain appropriate technical and organizational measures as described in Attachment 2 to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage.
  • Section 3.10 states that if we become aware of a Security Incident we will promptly notify you and take reasonable steps to minimize harm and secure Customer Data.
  • Section 3.11 states that if we notify you of a Security Incident we will describe (to the extent possible) details of the Security Incident including steps we have taken to mitigate the potential risk.
  • Section 3.13 states that if you decide to terminate your agreement with us we shall delete or return to you all Customer Data that we have processed on your behalf. We shall delete copies of Customer Data unless we have to retain copies for compliance with applicable law.
  • Section 3.14 is the updated section of ‘Data Portability’ that was previously Section 8.02 of the Payment Services Agreement. We’ve updated Merchant’s responsibility to indemnify Braintree for any losses, claims or expenses incurred as a result of Merchant’s acts or omissions or arising out of or in connection with the transfer of any data to a Data Recipient.
  • Attachment 1 lists the Sub-processors currently used by us to provide the Braintree Payment Services.
  • Attachment 2 lists the specific technical and organizational measures maintained by us as referred to in Section 3.9 to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the Braintree Payment Services.
  • Attachment 3 includes details on the subject matter, nature and purpose of the processing, the type of personal data that we will process on your behalf, any special categories of data and the duration of processing.


Updates to the Payment Services Agreement – Hong Kong SAR, China

Effective Date: 25 May 2018 for existing Hong Kong SAR, China Merchants or immediately for all new Hong Kong SAR, China Merchants

Payment Services Agreement

Braintree is making some changes to its Payment Services Agreement that will be applicable to all Hong Kong SAR, China Merchants. The Updated Braintree Payment Services Agreement will become effective on 25 May 2018 for existing Hong Kong SAR, China Merchants (or immediately for all new Hong Kong SAR, China Merchants). If you do not agree to these changes, you may close your Braintree account before 25 May 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing the Updated Braintree Payment Services Agreement.

Our Payment Services Agreement is changing because of the General Data Protection Regulation (“GDPR”), which defines standards on how the personal data of EU persons is collected, processed, transferred and deleted. The GDPR is relevant to you and Braintree because you may accept one or more payments from an EU person through our services. Under the GDPR, we must enter into an agreement to protect the personal data of EU persons. This is contained in a new Exhibit B.

Exhibit B outlines yours and Braintree’s rights and obligations under GDPR as data controller and data processor, respectively. To highlight, Exhibit B provides as follows:

  • Section 2.1 states that we are the controller in respect of your Merchant Data.
  • Section 2.2 states that we will comply with the requirements under Data Protection Laws applicable to controllers where we act as controller.
  • Section 2.3 states that for the purposes of Merchant’s Customer Data, we act as processor and we will only process Customer Data on behalf of Merchant.
  • Section 2.4 states that we will only process Customer Data in accordance with your written instructions. Anything outside of scope will require prior written agreement including details of any additional fees payable by you for such services. Your instructions to us will comply with applicable laws. You instruct us to process Customer Data for the following additional purposes:
    • We will co-operate with you to the extent reasonably necessary to enable you to discharge your responsibilities as a controller. We will also provide you with reasonable assistance to assist you with preparation of data protection impact assessment to the extent required of you under Data Protection Laws.
    • We will process Customer Data in accordance with the specific duration, purpose, type and categories as set out in Attachment 3.
  • Section 2.6 states that the objective of processing Customer Data by us is the performance of the Braintree Payment Services.
  • Section 3 sets forth the terms under which we act as a processor or sub-processor to you.
  • Sections 3.1 and 3.2 state that under certain circumstances we will provide assistance for any requests by you to correct, amend, block or delete Customer Data.
  • Section 3.4 states that we will provide training to Braintree personnel with respect of our obligations under Exhibit B.
  • Section 3.6 states that our Data Protection Officer can be contacted at the address provided.
  • Section 3.7 states that if we engage with a Sub-processor we shall ensure that our contract with the Sub-processor contains terms for the protection of Customer Data which are no less protective than the terms set out under Exhibit B.
  • Section 3.8 sets forth our obligations and your rights with respect to auditing our compliance with the obligations in Exhibit B.
  • Section 3.9 states that we will implement and maintain appropriate technical and organisational measures as described in Attachment 2 to keep Customer Data secure and protect it against unauthorised or unlawful processing and accidental loss, destruction or damage.
  • Section 3.10 states that if we become aware of a Security Incident we will promptly notify you and take reasonable steps to minimise harm and secure Customer Data.
  • Section 3.11 states that if we notify you of a Security Incident we will describe (to the extent possible) details of the Security Incident including steps we have taken to mitigate the potential risk.
  • Section 3.13 states that if you decide to terminate your agreement with us we shall delete or return to you all Customer Data that we have processed on your behalf. We shall delete copies of Customer Data unless we have to retain copies for compliance with applicable law.
  • Section 8.02 of the main body of the Payment Services Agreement, dealing with data portability, has been moved to a new Section 3.14 of the new Exhibit B. We have also added an obligation for you to execute any instruments or documents we reasonably require to give effect to that Section.
  • Attachment 1 lists the Sub-processors currently used by us to provide the Braintree Payment Services.
  • Attachment 2 lists the specific technical and organizational measures maintained by us as referred to in Section 3.9 to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the Braintree Payment Services.
  • Attachment 3 includes details on the subject matter, nature and purpose of the processing, the type of personal data that we will process on your behalf, any special categories of data and the duration of processing.


Updates to the Payment Services Agreement for EU Merchants

Effective Date: 25 May 2018 for EU Merchants or immediately for all new EU Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all EU Merchants. The Updated Braintree Payment Services Agreement will become effective on 25 May 2018 for EU Merchants (or immediately for all new EU Merchants). If you do not agree to these changes, you may close your Braintree account before 25 May 2018.

You should review this Policy Update which gives you a summary of the changes that are being made. You can review the full text by accessing Updated Braintree Payment Services Agreement.

The main changes to our Payment Services Agreement are because of changes required by the General Data Protection Regulation (GDPR).

We have also made changes to the wording under Fees and Data Security Compliance.

2.01 Fees:

This Section now reads as follows:

In exchange for us providing you with the Braintree Payment Services, you agree to pay us the fees and other amounts shown in your merchant statement. If you are a prospective merchant interested in learning more about fees, please visit our website where you will find all applicable fees for your use of the Braintree Services. We may revise fees at any time upon prior notice to you. You must refer to your statement for your current fees, which prevail over those detailed on our website. Your statement may be accessed through the Braintree Dashboard. All applicable fees are due and payable immediately upon settlement of the applicable Payout Amount. 6.01 Data Security Compliance:

We have deleted ‘on behalf of Braintree’ which appeared immediately after (“Cardholder Information”); we have also deleted ‘entrusted to Merchant’ which appeared at the end of the first paragraph.

8.02 Data Portability.

We have moved this section to Exhibit B.

Exhibit B

  • Automatic execution option. We have corrected some of the referencing made to page numbers under this paragraph.
  • Physical execution option. Where your jurisdiction requires you to obtain prior approval of transfers from your local data protection agency and you wish to send us a physical execution copy of the Addendum, we have provided details of our Data Protection Officer to whom you should send the fully executed Addendum. We have also corrected some referencing made to page numbers.
  • Definitions have been updated to align with GDPR
  • New paragraph. 2.2 we will comply with the requirements under Data Protection Laws applicable to controllers where we acts as controller.
  • New paragraph. 2.3 For the purposes of Merchant’s Customer Data, will only process Customer Data on behalf of Merchant.
  • New paragraph 2.4. We will only process Customer Data in accordance with your written instructions. Anything outside of scope will require prior written agreement including details of any additional fees payable by you for such services. your instructions to us will comply with applicable laws. You instruct us to process Customer Data for the following additional purposes:
  • We will co-operate with you to the extent reasonably necessary to enable you to discharge your responsibilities as a controller. We will also provide you with reasonable assistance to assist you with preparation of data protection impact assessment to the extent required of you under Data Protection Laws
  • We will process Customer Data in accordance with the specific duration, purpose, type and categories as set out in Attachment 3.
  • New paragraph 3.4 (entitled ‘Training’, previously entitled ‘Reliability’). We will provide training to Braintree personnel with respect of our obligations under the Addendum.
  • 3.6. Our Data Protection Officer can be contacted at the address provided.
  • 3.7. If we engage with a Sub-processor we shall ensure that our contract with the Sub-processor contains terms for the protection of Customer Data which are no less protective than the terms set out under the Addendum.
  • New paragraph 3.10. Subject to paragraph 4 we may store and process Customer data in the United States of America and any other country/region in which we or any of our Sub-processors maintain facilities.
  • New paragraph 3.11. If we become aware of a Security Incident we will promptly notify you and take reasonable steps to minimize harm and secure Customer Data.
  • New paragraph 3.12. If we notify you of a Security Incident we will describe (to the extent possible) details of the Security Incident including steps we have taken to mitigate the potential risk.
  • New paragraph 3.13. Braintree may notify your appointed administrator(s) of a Security Incident via email or any other method of notification as Braintree determines. You must ensure your contact information is up-to-date.
  • New paragraph 3.14. If you decide to terminate your contract with us we shall delete or return to you all Customer Data that we have processed on your behalf. We shall delete copies of Customer Data unless we have to retain copies for compliance purposes.
  • 3.14. The provision of ‘Data Portability’ is now detailed under this paragraph and deleted from Section 8.02.
  • We have deleted the existing paragraph 3.10.
  • Attachment 2. We have listed a new sub-processor.
  • New Attachment 3. This includes details on subject matter, nature and purpose of the processing, the type of personal data that we will process on your behalf, any special categories of data and the duration.


Updates to Payment Services Agreement for Australian Entities

Effective Date: 1 December 2017

We have made changes to Clause 2.01 (Fees) of the Australian Payment Services Agreement, which allows Braintree to revise fees at any time with at least 30 days' prior notice. You can access the amended Australian Payment Services Agreement here.


Updates to the Payment Services Agreement for EU Merchants

Effective Date: 13 January 2018 for EU Merchants or immediately for all new EU Merchants

Braintree is making some changes to its Payment Services Agreement that will be applicable to all EU Merchants. The Updated Braintree Payment Services Agreement will become effective on 13 January 2018 for EU Merchants (or immediately for all new EU Merchants). If you do not agree to these changes, you may close your Braintree account before 13 January 2018. You should review this Policy Update to better understand the changes that are being made.

The main changes to our Payment Services Agreement are as a result of changes required by the Payment Services Directive 2 but we’ve also made some general changes.

We’ve updated the description of “Gateway Services” to include additional products and services available through Braintree. These include products provided by Braintree such as the Forwarding Services and Grant Services as well as third party payment technology services such as Apple Pay, Visa Checkout and Masterpass. Each set of terms applicable to these products and services is separate from the Payment Services Agreement, and can be found on our website here.

We’ve updated the terms regarding Merchant compliance with the card association rules prohibiting Merchant from:

  • Utilizing recurring billing functionality without properly obtaining your customers’ consent to be billed in such a manner;
  • Submitting any Transaction for processing through the Braintree Payment Services which does not represent a bona fide, permissible Transaction as outlined in this Agreement and in the Association Rules, or which inaccurately describes the product or services being sold or the charitable donations being made;
  • Processing Transactions or receive payments on behalf of any other party, or (unless required by law) re-direct payments to any other party;
  • Displaying with unequal size or prominence, show preference for, or discriminate again one card brand or type over another, including your refund policies for purchases; and
  • Billing or collecting from any cardholder for any purchase or payment on the card unless you have the right to do so under the Association Rules

We’ve added information on our currency conversion process and that we reserve our right to revise our fees and charge for additional information provided to you in a different way. We have also updated our wording around tax and your responsibilities. The revised terms now state as follows:

  • All of the fees applicable to your use of the Braintree Payment Services, including applicable transaction, multi-currency and Chargeback fees are listed and accessible on our pricing page, available on our website. All applicable fees are due and payable immediately upon settlement of the applicable Payout Amount. Subject to notice, we reserve the right to revise our fees at any time.
  • If your transaction involves a currency conversion it will be converted at an exchange rate we set for the relevant currency exchange. The exchange rate is sourced from a sponsoring financial institution which is based on the rates available in the wholesale currency markets or, if required by law or regulation, at the relevant governmental reference rate(s) on the conversion date or the prior Business Day. Where a currency conversion is offered at the point of sale by Merchant, not by Braintree, and Merchant offers the exchange rate and charges, Braintree has no liability for that currency conversion.
  • Braintree reserves the right to charge a fee for providing additional information or for providing the transaction history and other information about our fees in a different way.
  • Taxes. Unless otherwise stated, all fees are quoted exclusive of any applicable value added tax (VAT). For the sake of clarity, the Braintree Services are in scope of the exemption from VAT of Art. 135 (1)(d) of the EU VAT Directive 2006/112/EC.

It is your responsibility to determine what, if any, taxes apply to the payments you make or receive, and it is your responsibility to collect, report and remit the correct tax to the appropriate tax authority. PayPal is not responsible for determining whether taxes apply to your transaction, or for collecting, reporting or remitting any taxes arising from any transaction.

We’ve included new terms applicable to American Express acceptance through Braintree, which applies to all Merchants except those with a direct card acceptance agreement with American Express. These terms state as follows:

  • American Express may use the information in a Merchant’s Braintree application to screen and/or monitor the Merchant in connection with card marketing and administrative purposes.
  • Merchant may be converted to a direct card acceptance agreement with American Express if the merchant exceeds certain sales volume thresholds.
  • Merchant agrees to receive commercial marketing communications from American Express.
  • American Express is a third party beneficiary of the Payment Services Agreement and may enforce it against Merchant for purposes of American Express acceptance.
  • American Express may conduct an audit of Merchant at any time to determine compliance with the American Express rules.
  • Merchant authorizes Braintree to submit transactions to and receive settlement from American Express and to disclose transaction and merchant information to American Express for lawful business purposes.

We’ve included new terms applicable to China UnionPay acceptance through Braintree. These terms state as follows:

  • Merchant agrees for Braintree to disclose information obtained in your application at the time of setup to UnionPay International Co., Ltd (“UPI”) so that it can manage payment services for Merchants accepting payments utilizing the payment network of UnionPay.
  • Merchant, or a third party acting on its behalf, shall not use transaction receipts, UnionPay logos or marks for purposes outside of the scope of the Agreement.
  • Merchant will not consign or transfer the business of UnionPay card acceptance to a third party without Braintree’s written consent.
  • Merchant will not submit third party receipts to Braintree for settlement.
  • The following actions are not permitted by Merchant and Merchant shall assume full responsibility and liability for
  • including but not limited to,
  • alteration of the amount on transaction receipts,
  • split transactions,
  • cash out,
  • acceptance of credit cards listed in the card recovery bulletin,
  • excessive usage above the authorized limit,
  • insufficient signature and expiry date checking,
  • refund in case,
  • late presentment,
  • submitting false transactions to Braintree.
  • Merchant agrees to keep transaction receipts and original records related to transactions for at least one year. Merchant shall bear financial losses incurred due to inappropriate retention or loss of transaction receipts.
  • In the event that Merchant breaches the requirements listed under this Section 5.05 and/or the Acceptable Use Policy Braintree has the right to terminate Merchant’s use of UnionPay card acceptance.
  • Merchant shall allow UPI to use its risk information for normal business practices.
  • Braintree and UPI shall have the right of inquiry and recourse regarding transactions including after the termination of the use of UnionPay card acceptance or termination of the Agreement.

We’ve included new terms applicable to the iDEAL Payment Product provided by Braintree. These terms state as follows:

1. Interpretation and definitions

The provision of the iDEAL Payment Product shall be governed by Exhibit C as well as the Braintree Payment Services Agreement EU and the Braintree Acceptable Use Policy as supplemented or modified by Exhibit C.

iDEAL payments have a different functionality than credit or debit card payments. Therefore, unless otherwise specified therein, the terms of the Braintree Payment Services Agreement EU and the Braintree Acceptable Use Policy shall apply mutatis mutandis to the iDEAL Payment Product.

In case of inconsistencies between the Braintree Payment Services Agreement EU and the Braintree Acceptable Use Policy, and for purposes of the iDEAL Payment Product only, Exhibit C shall prevail.

In addition to the definitions from the Braintree Payment Services Agreement EU that are applicable mutatis mutandis, the following modifications and new terms shall apply to the iDEAL Payment Product:

  • “Certificate Agreement” means the certificate agreement between Braintree and the iDEAL scheme owner Currence iDEAL B.V. which allows Braintree to provide the iDEAL Payment Product to You.
  • “Currence Third Parties” means third parties which participate in iDEAL Payment Solution and list of which can be found at https://www.currence.nl/en/licences-ideal/ as updated from time to time.
  • “Fees” means the fees as set out under Section 4 of this Exhibit C.
  • “High Risk Profile Sales” means the sale of anonymous financial products that are not traceable or difficult to trace, such as telephone credits (pay-as-you-go), gambling credits or prepaid credit cards.
  • “iDEAL Payment Product” or “Product” means the iDEAL payment services that are provided by Braintree under this Exhibit C.
  • “iDEAL Payment Solution” shall have the meaning as defined in Section 2 of this Exhibit C.
  • “Initial Information” shall have the meaning as defined in Section 3(c) of this Exhibit C
  • “Invalidated Payment”, when used in the context of the iDEAL Payment Product, shall also include Reversals as defined in this Exhibit C.
  • “Issuer Bank” means a bank that has entered into a certification agreement with Currence iDEAL B.V. which authorizes the bank to allow their customers to make iDEAL payments from a bank account held with the bank.
  • “Payor” means Your customer / the buyer of the goods and/or services for which payment is made using the Product, and/or as the context requires, the holder of the bank account whose account is charged using the Product.
  • “Payout Amount”, when used in the context of the iDEAL Payment Product, means the amounts of all Transactions recorded by the iDEAL Payment Solution that have already been received by Braintree from the Payors but have not yet been disbursed to Merchant by Braintree, less the sum of all amounts due to Braintree.
  • “Reversal”, when used in the context of the iDEAL Payment Product, means a payment that Braintree may and/or is obliged to refund to the Payor because the payment (a) violates the Acceptable Use Policy; (b) is reasonably suspected by Braintree of violating the Acceptable Use Policy; or (c) has been categorized by Braintree as involving a transaction risk and is required to be reversed to mitigate the risk associated with the payment or (d) where the Merchant has failed to confirm payment within the requirement timeframe as notified to the Merchant
  • “Reversal Fee” means the Reversal Fee set out in Section 4 (referred to as Invalidated Payment) which Merchant shall pay to Braintree for every case of Reversal.
  • “Transaction”, when used in the context of the iDEAL Payment Product, means the iDEAL payment process initiated by Payor upon the conclusion of an agreement with Merchant on the purchase of goods and/or services by which Braintree (i) forwards Payor to the online banking interface offered by an Issuer Bank selected by Payor, (ii) allows Payor to login to his bank account with the Issuer Bank and make from his bank account a SEPA credit transfer for the respective Transaction Amount, (iii) provides Merchant with a payment confirmation or, as the case may be, a notification that payment was not successful, (iv) accepts the Transaction Amount and (v) disburses the Payout Amount to Merchant. Transactions will be deemed complete when Braintree receives the Transaction Amount and accepted such funds.
  • “Transaction Amount” means the amount owed by a Payor to Merchant under an agreement for the purchase of goods or services.
  • “Transaction Expiry Period” means the amount of time given to the Payor to complete a Transaction.
  • “Transaction Information” means any information collected by Braintree in relation to Transaction for the purposes of enabling the iDEAL Payment Product as agreed in the Braintree Payment Services Agreement EU.

2. Features of the iDEAL Payment Product

a. The iDEAL Payment Product includes the following features:

Payment processing. Upon initiation of a Transaction by Payor, Braintree shall (i) forward Payor to the online banking offered by the Issuer Bank selected by Payor, (ii) allow Payor to login to his bank account with the Issuer Bank and make from his bank account a SEPA credit transfer for the respective Transaction Amount, (iii) provide Merchant with a payment confirmation or, as the case may be, a notification that payment was not successful (as applicable), (iv) accept the Transaction Amount and (v) disburse the Payout Amount to Merchant.

iDEAL Payment Solution. Braintree shall provide the Merchant with an application programming interface (API) solution that allows the Merchant to enable its Payors to initiate Transactions (the “iDEAL Payment Solution”). In addition, Braintree shall provide Merchant with access to all payments processed via the Braintree Dashboard.

The iDEAL Payment Product is only available if the Payor’s bank account with an Issuer Bank from which the Transaction Amount shall be charged was established in one of the countries/regions listed in Schedule 1.

b. Transaction

By allowing Payor to initiate a Transaction, Merchant authorizes Braintree to receive the Transaction Amount in Braintree’s own name.

The Transaction Expiry Period shall be set to 30 minutes unless the Merchant requests a period which is less than 30 minutes in which case the Transaction Expiry Period shall be as requested by the Merchant. Best practice on Transaction Expiry Period is detailed under the Braintree Merchant Developer Documentation.

c. Settlement; Reversals

Braintree shall, on a weekly basis or as otherwise agreed between Braintree and the Merchant, pay to the Merchant’s bank account the aggregate of all Payout Amounts (net of Reversals, Refunds, and any other amounts due to Braintree). The time of settlement for the Payout Amount is based on the date Braintree has received the cleared funds in Braintree’s bank account from the Payor’s Issuer Bank.

Merchant acknowledges that, even after the respective settlement, any Payout Amounts may become subject to a Reversal or may be invalidated for any other reason. The terms of the Braintree Payment Services Agreement EU regarding Reversals shall apply mutatis mutandis.

For each case of Reversal or Refund, Merchant shall pay the Reversal or Refund Fee set out in Section 4. In addition, Merchant shall reimburse Braintree for any cost incurred by Braintree with regard to the Reversal.

d. Invoicing and Fees.

You agree to pay to Braintree the Fees (Section 4) as consideration for the use of the iDEAL Payment Product. Braintree will invoice any Fees to Merchant. Such invoices become due seven days after receipt by Merchant. Merchant agrees to pay the invoices as they become due without set-offs or deduction.

e. Development of the iDEAL Payment Product.

Braintree may, at any time, modify, update, improve or otherwise change the current iDEAL Payment Product including the iDEAL Payment Solution at its own discretion.

If such change requires an amendment of this Exhibit C, such amendment shall be agreed upon between Braintree and Merchant pursuant to the respective provisions in the Braintree Payment Services Agreement EU. In order to constantly improve the iDEAL Payment Product, Braintree welcomes feedback from Merchants. However, Braintree is not bound to act in accordance with any such feedback. In providing Braintree with feedback on the iDEAL Payment Product, Merchant agrees to waive any intellectual property rights in such feedback as well as any claims for remuneration (if any).

3. Specific Merchant obligations in relation to the iDEAL Payment Product

a. Merchant Website/App.

Merchant shall

  • integrate in the payment pages of its website or app a drop-down menu which displays, in an equally conspicuous way, all Issuer Banks that allow their customers to make iDEAL payments. Braintree will provide Merchant with an updated list of all relevant Issuer Banks that must be included in the drop-down menu; that list can be found at www.developers.braintreepayments.com;
  • display an order confirmation on its website or in its app to which the Payor is redirected after having successfully made an iDEAL payment;

b. Transaction.

Merchant shall

  • implement the iDEAL Payment Product in accordance with the technical specifications set forth in the Braintree Merchant Developer Documentation which can be accessed at https://developers.braintreepayments.com/ and which may be updated from time to time by Braintree providing Merchant with an updated version of the Braintree Merchant Developer Documentation;
  • only allow Payor to initiate Transactions
  • for which the respective Transaction Amount is due, payable and undisputedverify the status of a Transaction with Braintree before supplying the goods or services purchased; if Merchant fails to do so, it may not receive any payment should the Transaction not have the status “successful”;
  • deliver the goods or services for which a Transaction has been successfully made within seven (7) days after having received a payment confirmation for that Transaction or make its customer aware of an alternative delivery date at the time of placing the order
  • in case of a Reversal, promptly comply with all requests from Braintree;
  • notify Braintree in writing and obtain Braintree’s prior written approval, if it wishes to sell goods or services other than the goods and services mentioned to Braintree during the application process for becoming a Braintree customer and/or the application process for using the iDEAL Payment Product. Merchant guarantees that the sale of the goods or services and the usage of the iDEAL Payment Product for obtaining the relevant Transaction Amount does not violate any applicable statutes, laws, rules or other regulations.

Merchant may not interfere with the authentication process initiated and operated by the Issuer Bank to authenticate the Payor.

c. Initial Information

Prior to using the iDEAL Payment Product Merchant shall provide Braintree with the following information:

  • Legal name and trading name(s) of the Merchant
  • Full address including postcode of the Merchant’s place of domicile/registered office
  • Full postal address including postcode of the Merchant (if different)
  • General e-mail address of the Merchant (and/or the signer’s email)
  • Company registration number with the Chamber of Commerce or equivalent official body in another country/region if the Merchant is not based in the Netherlands
  • Domain names of the Merchant
  • Forenames and surnames of the legal representatives of the Merchant
  • Full addresses including postcode of the legal representatives
  • Telephone numbers and e-mail addresses of the legal representatives
  • Identity details of the legal representative(s): nationality, identification document number (driving license or passport) and date and place of issue of identification document.
  • Name of bank
  • Business account number
  • Business account name

d. Data sharing

Merchant herby consents and agrees that Braintree may share Initial Information as well as Transaction Information, including information in this Exhibit C, with Currence iDEAL B.V. or any other Currence Third Party.

e. Email Link Service.

If Merchant wishes to use an email link service for the sale of goods or services in connection with the iDEAL Payment Product, it must request Braintree’s prior written approval to do so and comply with the following requirements:

  • The email which is sent, containing the link, must be a solicited email which is agreed in advance between Merchant and Payor and must be sent within the agreed period of time, or must be sent with a certain frequency, or must be expected, as part of the reminder process, because an invoice has not been paid on time.
  • The email which is sent must be clearly recognizable for the Payor as emanating from the Merchant.
  • The email which is sent must direct the Payor, using a reference or a link, to what is known as the landing page of Merchant, or of a third party acting on behalf of Merchant for this purpose and made known as such to Payor.
  • The landing page must provide Payor with a summary of the goods or services ordered and, in the next page after the landing page, the Payor must be able to select a payment method.
  • The option of making the payment (by following the link in the email sent by Merchant for the order) on Merchant’s landing page must expire at the end of the expiry period of the order stated by Merchant, or as soon as a successful transaction is completed by the Payor.
  • The link (URL) in an email for initiating an iDEAL payment must not contain any personal or transaction related details
  • The email containing a link for initiating an iDEAL payment must result in a landing page being displayed which is secured with SSL or comparable certification, enabling the Payor to verify the identity of the Merchant or service provider.
  • Depending on the status of the Transaction, the landing page must indicate either that the offer of payment via the email link is still valid, or that this option has expired, or that the Transaction has been successful.

f. Fraud Protection.

Merchant acknowledges and agrees that it is fully responsible for the security of data on its website, app, or otherwise within its possession or control. For the avoidance of doubt, the "Association PCI- DSS Requirements" (as defined in the Payment Services Agreement EU) shall only apply to card payments, not to iDEAL payments.

If and to the extent that Merchant offers High Risk Profile Sales via its website or app, Merchant shall prior to a Transaction determine the identity of each Payor and ensure that Payor is identical with the purchaser of the goods or services for which payment is made. In addition, Merchant shall carefully monitor the Transaction and notify Braintree immediately if there is any indication of money-laundering, terrorist financing, fraudulent, criminal or other illegal behaviour.

g. Compliance and Audit.

Merchant shall

  • comply with all Merchant obligations set forth in the Braintree Merchant Developer Documentation;
  • comply with all relevant laws and regulations for its activities;
  • be fully responsible for complying with all of its obligations relating to the iDEAL Payment Product, irrespective of any third party involvement;
  • use all reasonable methods to resolve disputes with the Payor and provide an effective complaints procedure, in which Merchant can be easily contacted by e-mail and one other means of direct contact (such as a telephone number, chat box or other medium), and make the information about the complaints procedure easily available to Payors and easy for Payors to find;

Braintree may request Merchant to provide appropriate evidence that Merchant complies with the obligations in this Section 3 and reserves the right to at all times monitor and audit Merchant’s websites and systems in that respect.

If Braintree discovers an indication that Merchant is in violation of its obligations under the Braintree Payment Services Agreement EU, including Exhibit C, or unlawfully or by a misleading representation of affairs extracting money from a Payor or a contracting party to a certificate or license agreement with Currence iDEAL B.V., Braintree may immediately terminate Exhibit C or suspend its services and cease offering the iDEAL Payment Product to Merchant. In case of a suspension, Braintree will explain the reasons for the suspension of its service and set out measures to be taken by Merchant to remedy the breach. Braintree’s suspension of the Merchant’s access or use of the Product will remain in effect until such time as Braintree is satisfied that the Merchant has remedied the relevant breach(es).

If Braintree discovers a security breach or any other circumstance threatening to compromise the security of the iDEAL Payment Product and such circumstance falls within Your responsibilities under the agreements with Braintree, Braintree may require You to have an independent third party auditor, approved by Braintree, conduct a security audit of Your systems and facilities and issue a report at Your expense. Upon completion of the audit, You must provide a copy of the auditor’s report to Braintree and Braintree may provide copies of it to Currence iDEAL B.V. You hereby authorize Braintree to conduct or obtain such an audit at Your expense in case You do not initiate a security audit within 10 business days of Braintree’s request.

4. Fees

The Merchant shall pay the following fees for the use of the iDEAL Payment Product as provided for by Braintree:

EUR 0.35 per Transaction EUR 0.35 per Reversal and Refund Transaction

5. Term and Termination

The iDEAL terms become effective on the Effective Date and shall continue until terminated in accordance with Section 8 of the Braintree Payment Services Agreement EU.

In addition to the termination rights mentioned in Section 8 of the Braintree Payment Services Agreement and Section 3 of Exhibit C, Braintree may also terminate Exhibit C at any time (i) if the Certificate Agreement is terminated, (ii) if Braintree believes the Merchant has or may violate the relevant laws and regulations for its activities, or (iii) for any other important reason which makes it impossible, infeasible or considerably aggravate for Braintree to continue providing Merchant with the iDEAL Payment Product.

For the avoidance of doubt, both You and Braintree may terminate (subject to Section 8 of the Braintree Payment Services Agreement EU) Exhibit C independently and separately from the Braintree Payment Services Agreement EU or any other Exhibit thereunder.

A termination of Exhibit C does not affect the validity of any other agreements between Braintree and Merchant, in particular the Braintree Payment Services Agreement EU with regard to the processing of credit and debit card payments.

We’ve added terms applicable to data security outlining:

  • Braintree’s responsibility for PCI DSS compliance and the security of cardholder data.

We’ve included the following new section on Confidentiality provision:

The parties acknowledge that in their performance of their duties hereunder either party may communicate to the other (or its designees) certain confidential and proprietary information, including without limitation information concerning the Payment Processing Services and the know how, technology, techniques, or business or marketing plans related thereto (collectively, the “Confidential Information”) all of which are confidential and proprietary to, and trade secrets of, the disclosing party. Confidential Information does not include information that: (i) is public knowledge at the time of disclosure by the disclosing party; (ii) becomes public knowledge or known to the receiving party after disclosure by the disclosing party other than by breach of the receiving party’s obligations under this section or by breach of a third party’s confidentiality obligations; (iii) was known by the receiving party prior to disclosure by the disclosing party other than by breach of a third party’s confidentiality obligations; or (iv) is independently developed by the receiving party. As a condition to the receipt of the Confidential Information from the disclosing party, the receiving party shall: (i) not disclose in any manner, directly or indirectly, to any third party any portion of the disclosing party’s Confidential Information; (ii) not use the disclosing party’s Confidential Information in any fashion except to perform its duties hereunder or with the disclosing party’s express prior written consent; (iii) disclose the disclosing party’s Confidential Information, in whole or in part, only to employees and agents who need to have access thereto for the receiving party’s internal business purposes; (iv) take all necessary steps to ensure that its employees and agents are informed of and comply with the confidentiality restrictions contained in this Agreement; and (v) take all necessary precautions to protect the confidentiality of the Confidential Information received hereunder and exercise at least the same degree of care in safeguarding the Confidential Information as it would with its own confidential information, and in no event shall apply less than a reasonable standard of care to prevent disclosure. The receiving party shall promptly notify the disclosing party of any unauthorised disclosure or use of the Confidential Information. The receiving party shall cooperate and assist the disclosing party in preventing or remedying any such unauthorised use or disclosure.

We’ve updated the Entire Agreement clause to allow for PayPal to enter into further agreements with you to provide additional services.

We’ve updated our Notice provision to clarify when notices are considered to be received by you by including the following wording:

  • Notices posted on Braintree’s website or emailed shall be considered to be received by you within 24 hours of the time it is posted to our website or emailed to you, unless we receive notice that the email was not delivered. Furthermore, you understand and agree that if Braintree sends you an email but you do not receive it because your primary email address on file is incorrect, out of date, blocked by your service provider, or you are otherwise unable to receive electronic communications, Braintree will be deemed to have provided the communication to you.

We’ve included new wording on our responsibilities on errors as follows:

If we are responsible for a processing error, we will rectify the error. If the error resulted in you receiving less money than you were entitled to, Braintree will credit your Bank Account for the difference. If the error results in you receiving more money than you were entitled to, Braintree may debit the extra funds from your Payout Amount or send you an invoice.

Notwithstanding any other term of this Agreement, Braintree will not be held liable for the non-rectification of a payment transaction if you have failed to notify Braintree of such an incorrectly executed payment transaction without undue delay on becoming aware of such incorrectly executed payment transaction, or in any event no later than within 13 months after the debit date.

We’ve included further detail on how you can store and reproduce information from the Dashboard and the duration of time it will be available for. The new wording is as follows:

The way in which we provide the transaction information will allow you to store and reproduce the information unchanged from the Braintree Dashboard, for example by printing a copy. Braintree will ensure that the details of each transaction will be made available to you to view online for at least 13 months from when it is first made available. You agree to review your transactions though the Braintree Dashboard instead of receiving periodic statements by mail or email.

We’ve included the following wording on Surcharging:

Braintree does not encourage surcharging because it is a commercial practice that can penalize the consumer and create unnecessary confusion, friction and abandonment at checkout. You agree that you will only surcharge for the use of Braintree Services in compliance with any law applicable to you and not in excess of the surcharges that you apply for the use of other payment methods. You further agree you are fully responsible for liabilities that arise out of your chose to surcharge and Braintree has no liability to you or any third party. You acknowledge that you could be committing a criminal offence if you fail to disclose any form of surcharge to a consumer.

Updates to the Acceptable Use Policy:

We have updated the business categories for which you may not use the Payment Services in connection with any product, service, transaction or activity that involves:

    1. entertainment venues including but not limited to nightclubs and bars
    1. pre-payment services
    1. prescription drugs and illegal drugs


Updates to the Payment Services Agreement for AU Merchants

Effective Date: 27 October 2017

Braintree is making some changes to its Payment Services Agreement that will be effective to all AU Merchants on 27 October 2017. We encourage all AU Merchants to review this Policy Update and to better understand the changes that are being made. If you do not agree to these changes, you may close your account before 27 October 2017.

We’ve updated the description of “Gateway Services” to include additional products and services available through Braintree. These include products provided by Braintree such as the Forwarding Services and Grant Services as well as third party payment technology services such as Apple Pay, Visa Checkout and Masterpass. Each set of terms applicable to these products and services is separate from the Payment Services Agreement, and can be found on our website here.

We’ve updated the terms regarding Merchant compliance with the card association rules prohibiting Merchant from:

  • Showing preference for or discriminating one card brand or type over another.
  • Billing or collecting from any cardholder any payment on a card without having a right to under the card association rules.

We’ve added terms applicable to data security outlining:

  • Merchant’s responsibility for reporting data breaches and ensuring accurate processing of customer data.
  • Braintree’s responsibility for PCI DSS compliance and the security of cardholder data.

We’ve included a requirement that upon expiration or termination of the Payment Services Agreement, Merchant immediately ceases the display, advertising and use of all trademarks of the card associations.

We’ve updated Merchant’s responsibility to indemnify Braintree for any losses, claims or expenses incurred as a result of Merchant’s acts or omissions.


Updates to the Payment Services Agreement for HK Merchants

Effective Date: 11 October 2017

Braintree is making some changes to its Payment Services Agreement that will be effective to all HK Merchants on 11 October 2017. We encourage all HK Merchants to review this Policy Update and to better understand the changes that are being made. If you do not agree to these changes, you may close your account before 11 October 2017.

We’ve updated the description of “Gateway Services” to include additional products and services available through Braintree. These include products provided by Braintree such as the Forwarding Services and Grant Services as well as third party payment technology services such as Apple Pay, Visa Checkout and Masterpass. Each set of terms applicable to these products and services is separate from the Payment Services Agreement, and can be found on our website here.

We’ve updated the terms regarding Merchant compliance with the card association rules prohibiting Merchant from:

  • Showing preference for or discriminating one card brand or type over another.
  • Billing or collecting from any cardholder any payment on a card without having a right to under the card association rules.

We’ve added terms applicable to data security outlining:

  • Merchant’s responsibility for reporting data breaches and ensuring accurate processing of customer data.
  • Braintree’s responsibility for PCI DSS compliance and the security of cardholder data.

We’ve included a requirement that upon expiration or termination of the Payment Services Agreement, Merchant must immediately cease the display, advertising and use of all trademarks of the card associations.

We’ve updated Merchant’s responsibility to indemnify Braintree for any losses, claims or expenses: (i) incurred as a result of Merchant’s acts or omissions; or (ii) in connection with the transfer of any data to a Data Recipient.


Updates to the Payment Services Agreement for US Merchants

Effective Date: July 31, 2017 for US Merchants with a Braintree account or August 15, 2017 for US Merchants with a PayPal powered by Braintree account

Braintree is making some changes to its Payment Services Agreement that will be applicable to all US Merchants. For US Merchants with a Braintree account, the new US Payment Services Agreement will become effective on July 31, 2017 for US Merchants that apply for a Braintree account on or before June 27, 2017 (or immediately for all US Merchants that apply for a Braintree account after June 27, 2017). If you do not agree to these changes, you may close your Braintree account before July 31, 2017. For US Merchants with a PayPal powered by Braintree account, the new US Payment Services Agreement will become effective on August 15, 2017 for US Merchants that apply for a PayPal powered by Braintree account on or before July 13, 2017 (or immediately for all US Merchants that apply for a PayPal powered by Braintree account after July 13, 2017). If you do not agree to these changes, you may close your PayPal powered by Braintree account before August 15, 2017. We encourage all US Merchants to review this Policy Update and to better understand the changes that are being made.

We’ve updated the description of “Gateway Services” to include additional products and services available through Braintree. These include products provided by Braintree such as the Forwarding Services and Grant Services as well as third party payment technology services such as Apple Pay, Visa Checkout and Masterpass. Each set of terms applicable to these products and services is separate from the Payment Services Agreement, and can be found on our website here.

We’ve updated the terms regarding Merchant compliance with the card association rules prohibiting Merchant from:

  • Showing preference for or discriminating one card brand or type over another.
  • Billing or collecting from any cardholder any payment on a card without having a right to under the card association rules.

We’ve included new terms applicable to American Express acceptance through Braintree, which applies to all Merchants except those with a direct card acceptance agreement with American Express. These terms state as follows:

  • American Express may use the information in a Merchant’s Braintree application to screen and/or monitor the Merchant in connection with card marketing and administrative purposes.
  • Merchant may be converted to a direct card acceptance agreement with American Express if the merchant exceeds certain sales volume thresholds.
  • Merchant agrees to receive commercial marketing communications from American Express.
  • American Express is a third party beneficiary of the Payment Services Agreement and may enforce it against Merchant for purposes of American Express acceptance.
  • American Express may conduct an audit of Merchant at any time to determine compliance with the American Express rules.
  • Merchant authorizes Braintree to submit transactions to and receive settlement from American Express and to disclose transaction and merchant information to American Express for lawful business purposes.

We’ve added terms applicable to data security outlining:

  • Merchant’s responsibility for reporting data breaches and ensuring accurate processing of customer data.
  • Braintree’s responsibility for PCI DSS compliance and the security of cardholder data.

We’ve included a requirement that upon expiration or termination of the Payment Services Agreement, Merchant must immediately cease the display, advertising and use of all trademarks of the card associations.

We’ve updated Merchant’s responsibility to indemnify Braintree for any losses, claims or expenses incurred as a result of Merchant’s acts or omissions.


Updates to Bank Agreement for Australian Entities

Effective date: July 1, 2017

We have made changes to Clause 1.e. (Surcharges) of the National Australia Bank Commercial Entity Agreement (Australia). You can access the amended National Australia Bank Commercial Entity Agreement (Australia) here.


Updates to Merchant Declaration and Agreement for Singapore Entities

Effective date: January 1, 2017

We have made changes to Clause 10 (General Provision) of the First Data Merchant Solutions Merchant Processing Agreement that is annexed to the Merchant Declaration and Agreement. You can access the amended Merchant Declaration and Agreement here.


Updates to Merchant Declaration and Agreement for Malaysian Entities

Effective date: January 1, 2017

With effect from January 1, 2017, the Malaysian Merchant Declaration and Agreement, presently with First Data Merchant Solutions Private Limited, a Singapore company, will be assigned to First Data Merchant Solutions (Malaysia) SDN. BHD, a Malaysian company. We have amended the Merchant Declaration and Agreement to reflect the change in the contracting entity. We would also highlight changes to Clause 10 (General Provision) of the First Data Merchant Solutions Merchant Processing Agreement that is annexed to the Merchant Declaration and Agreement. You can access the amended Merchant Declaration and Agreement here.


Updates to Merchant Declaration and Agreement for Hong Kong SAR, China Entities

Effective date: January 1, 2017

With effect from January 1, 2017, the Hong Kong SAR, China Merchant Declaration and Agreement, presently with PayPal Pte Ltd and First Data Merchant Solutions Private Limited, both Singapore companies, will be assigned to PayPal Hong Kong SAR, China Limited and First Data Merchant Solutions (Hong Kong SAR, China) Private Limited, both Hong Kong SAR, China companies.

We have amended the Merchant Declaration and Agreement to reflect the change in the contracting entities. We would also highlight changes to Clause 10 (General Provision) of the First Data Merchant Solutions Merchant Processing Agreement that is annexed to the Merchant Declaration and Agreement. You can access the amended Merchant Declaration and Agreement here.


Updates to Payment Services Agreement for Hong Kong SAR, China Entities

Effective date: November 1, 2016

With effect from November 1, 2016, the Hong Kong SAR, China Payment Services Agreement, presently with PayPal Pte Ltd, a Singapore company, will be assigned to PayPal Hong Kong SAR, China Limited, a Hong Kong SAR, China company.

We have amended the Payment Services Agreement to reflect the change in the contracting entity, and we would also highlight changes to Clause 5.1 (Credit Report Authorisation and Verification) and Clause 7 (Indemnification, Limitation of Liability, Disclaimer of Warranties). You can access the amended Payment Services Agreement here.


Updates to the PayPal Privacy Policy

Effective Date: July 1, 2015

We have updated the Privacy Policy to reflect how PayPay will share information with eBay after the two companies separate. We have also made changes unrelated to the separation. The new Privacy Policy can be accessed at https://www.braintreepayments.com/legal.


New Payment Services Agreement

Effective Dates: May 18, 2016 and May 29, 2016

The Braintree Payment Services Agreement will be amended. The changes are available here. The new agreement can be found under the heading "Updated Braintree Payment Services Agreement" and the old version of the agreement can be found under the heading "Current Braintree Payment Services Agreement". We encourage you to carefully review the new agreement to familiarize yourself with the changes in terms. The new agreement will not apply retroactively and will become effective on 18 May 2016 (or immediately for all new Merchants) in relation to changes in Section 2 of Exhibit A “Data Protection (Customer Data)” and on 29 May 2016 in relation to changes in section 2 “Fees and Taxes”.

If you use the Braintree services after the dates these changes become effective, we will take that usage as your consent to the changed terms.