Merchant Scheme Rules

Effective Date: 16 September 2024

These Afterpay Group - Global Merchant Scheme Rules (“Scheme Rules”) set out obligations and provide a common payment experience for merchants using our Services and, together with each applicable Order Form and Supplementary Terms, are a separate and binding agreement between a Merchant (“you”, “your”) and the applicable Afterpay Group entity signing such Order Form (each, a “Party”) (herein referred to as the “Agreement”). Any reference to “we”, “us”, “our” or “Afterpay” is a reference to the Afterpay Group collectively or an Afterpay Group entity (as applicable).

1. Order Forms and Supplementary Terms. You will need to sign an Order Form for each applicable region to access the Services under these Scheme Rules. Variations and additions to these Scheme Rules may be set out in Supplementary Terms and/or one or more Order Forms. A reference to a “Party” or “Parties” in these Scheme Rules will be read to mean the Afterpay Group entity(ies) and the Merchant entity(ies) who have executed the relevant Order Form. In the event of any conflict between an Order Form, the Supplementary Terms, and these Scheme Rules, the earlier listed document controls. The Agreement represents the Parties’ entire agreement relating to the subject of an Order Form and supersedes all prior or contemporaneous agreements, whether written or oral, on that subject including any prior confidentiality and non-disclosure agreement between the Parties and/or their Affiliates. Notwithstanding anything to the contrary, You acknowledge and agree that no Afterpay Group entity will be jointly and/or severally liable, or otherwise liable in any manner with respect to any other Afterpay Group entity’s obligations under this or another Agreement with you.

2 . Changes to these Scheme Rules. Provision of the Services is entirely at the Afterpay Group’s discretion. The Afterpay Group may revise these Scheme Rules at any time to ensure the effective operation of the Services. The most up-to-date version of the Scheme Rules will be available at https://www.afterpay.com/en-NZ/merchant-scheme-rules. The Afterpay Group will provide you with not less than forty-five (45) days advance notice of any changes to these Scheme Rules that materially impact your rights and obligations under this Agreement or materially impact your use of the Services, unless a shorter notice period is required for compliance with Applicable Law, to address a material business risk, or for the purposes of ensuring the security or integrity of any data, IT system, or business process, in which case we will provide as much notice as is reasonably practicable. Any such notice will be posted to the Merchant Portal. You may terminate any Order Form impacted by the proposed change by giving us written notice at any time before the effective date of the proposed change. We will implement your termination as soon as reasonably practicable.

3. General Obligations

3.1 Verification. We have no obligation to supply our Services, and you may not permit Customers to make Purchases, until you have completed and we have approved: (i) any required Compliance Documentation, and (ii) the Debit Authorization. You will not provide us with any information in connection to this Agreement that is false, inaccurate, or misleading. You agree to provide all information, and do all other things reasonably required by us, in order to verify the Compliance Documentation.
3.2 Merchant Portal. You will not share access to the Merchant Portal other than with those individuals that you identify to us in writing who are granted access to the Merchant Portal. You will be responsible for the actions of any third party or individual you grant access to the Merchant Portal.
3.3 Compliance with Applicable Laws. You must comply with Applicable Law in your use of the Services. You must assist us to comply with our obligations under any Applicable Laws as reasonably directed by us.
3.4 Insurance. You must have the appropriate insurance policies in place to protect your Delivery of the Goods to Customers. We are not responsible for any damage caused to Goods during Delivery or any loss, or damage, caused in connection with the supply of Goods.
3.5 Restricted Goods. You must not allow the Products to be used via your Website(s) or Store to purchase Restricted. Goods without written approval from us.
3.6 Reserves. We reserve the right to: (i) temporarily suspend or delay payment of the Purchase Amounts to you, (ii) designate an amount of funds to be provided and maintained by you, and/or (iii) withhold a certain amount from the Purchase Amounts payable to you, for the purposes of setting aside as a reserve under this Agreement (“ Reserves ”), if we determine, in our sole but reasonable discretion, that there are concerns with the performance of your obligations under this Agreement or we are required to do so under Applicable Law. If we require a Reserve, we will notify you of the general reasons for and the terms of the Reserve, including the conditions upon which the funds in the Reserve will be released to you. We may change or condition the terms of the Reserve based on our continuous assessment of the risks associated with the performance of your obligations under this Agreement or as required by Applicable Law.
3.7 Periodic Review. We may require additional information from you to periodically assess the level of risk associated with you, your business model, your performance under this Agreement, and to the extent applicable, to perform anti-money laundering audits (“Periodic Reviews”). You agree to keep and maintain materials and records relating to your use of the Services and promptly cooperate with our reasonable requests for such information and information about your finances, customer transaction activity, creditworthiness and operations (including your most recent financial statements) and other documentation, records, policies, and procedures. You must provide such information within five (5) Business Days of receipt of written notice from us requesting such information. You acknowledge that, following Periodic Review, we are entitled to take reasonable actions that we consider necessary to address any concerns identified through a Periodic Review, including to secure the continued performance of your obligations under this Agreement (including creating a Reserve pursuant to Section 3.6).
3.8 Control of Websites. The Parties agree that they control, and will continue to control, their respective Websites and will not provide Customers with information about the Services that is false, misleading, or inaccurate. You will not take any action to damage, intercept, or interfere with our Services, software, or technology.
3.9 AML Requirements. Each Party must comply with all Applicable Laws on anti-money laundering, counter-terrorism financing, export control, and economic sanctions regulations (together “ AML”). In accordance with AML, anti-fraud, and other compliance and security policies and procedures, we may impose reasonable limitations and controls on your ability to utilize the Services, including rejecting payments or suspending/restricting any Services with respect to certain transactions or Customers and prospective Customers of yours. We may, for the purposes of complying with Applicable Laws, report suspicious transactions to the relevant authorities without informing you.

4. Fees, Settlement, and Taxes

4.1 Fees
(i) Purchase Confirmation. When a customer attempts to make a Purchase, our systems will promptly issue an Approval Confirmation or Decline Confirmation to you. We exercise sole discretion regarding the decision to issue an Approval Confirmation or Decline Confirmation. You must only Deliver Goods to a Customer after you have received Approval Confirmation. We have no liability to you for Goods for which you have not received an Approval Confirmation or for which you have received a Decline Confirmation.
(ii) Live Date. If the Live Date for a Service is ninety (90) days or more after the date the applicable Order Form is signed by both Parties, any financial terms, including the Fee, will immediately expire and the Parties will cooperate in good faith to agree upon new terms.
(iii) “Fees” are the fees for Services as set out in each Order Form. The Fees for each Purchase are due on the Payment Date and will be paid in accordance with Section 4.2. With respect to each Purchase, we will disburse, or cause to be disbursed to you, payment on behalf of the Customer for the Goods purchased from you in exchange for payment of Fees pursuant to the terms relating to the applicable Service. The Fee is not refundable unless paid incorrectly or otherwise required by Applicable Law.
(iv) Payment. You agree to pay all amounts owed to us when due under each Order Form, pursuant to this Agreement. Your failure to pay amounts owed to us under an Order Form is a breach, and you will be liable for any costs or expenses we incur during collection, in addition to the amount you owe us.
(v) Debit Authorization. You may change the account from which the Fees and any other amounts due under this Agreement are debited on ten (10) Business Days notice, including completion of a new Debit Authorization.
(vi) Invoices. Invoices will be issued through the Merchant Portal and, where applicable, such issuing constitutes notice of debiting of your account, in accordance with the Debit Authorization.
4.2 Settlement
(i) Direct API Integration. For Services provided via a Direct API Integration we will pay you the Purchase Amounts on the Payment Date for such Purchase, once daily, as a single transaction, netting the aggregate Purchase Amounts for all Purchases due to you on the Payment Date against all amounts then due to us under this Agreement including the Fee, any Refund Amounts, and Customer Payments (as applicable). We will remit such amounts by direct transfer to the bank account listed in the Debit Authorization or such other form as provided by us and completed by you. We do not guarantee against any delays of receipt of Purchase Amounts caused by the banking system or other external factors.
(ii) Virtual Card.
(a) General. The Afterpay Card Services (Stores), Afterpay Button Integration (e-commerce) and Cash App Button Integration (e-commerce) allow you to offer the Products (as applicable) to your Customers to pay for Goods using a virtual card (in each case the applicable “Virtual Card”), which will be processed via your PSP.
(b) Transmission of Purchase Amounts. We will pay you the Purchase Amounts for each Purchase made using the applicable Virtual Card by causing payment to be tendered to your PSP in an amount equal to the Purchase Amount. You acknowledge that (i) your PSP will pay you for each Purchase made through the applicable Virtual Card; (ii) your PSP may deduct Processing Fees from the Purchase Amount; and (iii) the manner in which you receive the Purchase Amounts, the total Processing Fees, and the timing of settlement, will depend on your arrangements with your PSP. We do not guarantee against any delays or failure in receipt of Purchase Amounts caused by external financial systems, credit card systems, your PSP, or other external factors.
(c) Authorization. By authorizing a Virtual Card at your terminal in Store or on your Website (as applicable), you communicate to us that a Customer is making a Purchase, and the Goods have been, or will be, Delivered to the Customer with a total Sale Price, plus any applicable Shipping Costs, equal to the amount of the authorization (the “Authorization Amount”). For Purchases made via Afterpay Button Integration or Cash App Button Integration, you must authorize the Virtual Card through your PSP once only, up to the Authorization Amount, within sixty (60) minutes of issuance. If you do not authorize the Virtual Card for such Purchases within sixty (60) minutes of issuance: (i) the Virtual Card and associated Approval Confirmation will be cancelled, (ii) we will have no obligation to you with respect to such Purchase Amount, and (iii) we will refund the Customer any amounts paid for the Purchase.
(d) Capture. You have the Authorization Validity Period to capture any portion of the Authorization Amount, based on the currency value of Goods Delivered, or for Delivery, to the Customer (the aggregate amount of such Authorization Amount so captured “Purchase Amount”). If you do not capture the full Authorization Amount within the Authorization Validity Period (i.e., if the Purchase Amount is less than the Authorization Amount at expiry of the Authorization Validity Period), we reserve the right to void and refund to the Customer the difference between the Authorization Amount and the Purchase Amount. We may hold you liable for any amounts captured: (i) after the Authorization Validity Period; (ii) that exceed the Authorization Amount; and (iii) that are not tied to the associated Authorization Amount (collectively, the “Unauthorized Capture Amounts”). We will recover any Unauthorized Capture Amounts and any associated fees in accordance with Section 4.2(ii)(e).
(e) Fees and Invoicing. We will invoice you for any Fees, Unauthorized Capture Amounts, Non-Card Refunds, Unauthorized Refunds, Refunds incorrectly processed to the applicable Virtual Card, and any applicable Virtual Card Interchange Fees set out in Section 4.2(f) (an “Invoice”) on the relevant Invoice Date below. We will then debit your account pursuant to any Debit Authorization for amounts due to us under an Invoice on the relevant Debit Date below. Where the relevant Debit Date is not a Business Day, we will debit your account on the next Business Day. If any amounts reflected on an Invoice remain unpaid for more than ten (10) Business Days following the Debit Date, we may immediately terminate the applicable Order Form by notice to you and issue you an invoice for any outstanding amounts which is payable immediately on receipt.

Integration	Invoice Date	Debit Date
Afterpay Card Services (Australia and New Zealand)	Daily	Second Day following the Invoice Date
Afterpay Card Services (United States and United Kingdom)	Daily	Business Day following the Invoice Date
Afterpay Button Integration	Monthly	Business Day following the Invoice Date
Cash App Button Integration	Monthly	Business Day following the Invoice Date

(f) Virtual Card Interchange Fees. Unless otherwise set out in an applicable Order Form, and where applicable, we will either credit you the Virtual Card Interchange Fees or invoice you for the difference between your Fee listed in the applicable Order Form and the Virtual Card Interchange Fees. For the avoidance of doubt, we will invoice you for the Virtual Card Interchange Fees associated with any Purchases subsequently Accepted for Refund and returned to you via your PSP.
4.3 Set Off, Debit, and Invoice. We may: (i) set off against any amounts we owe you under each Order Form all amounts you owe us under such Order Form (including the Fee, any Refund Amounts, Customer Payments, Unauthorized Capture Amounts, Virtual Card Interchange Fees, as applicable), (ii) debit your bank account for the amounts owed to us under each Order Form in accordance with any applicable Debit Authorization, (iii) collect or set off amounts owed to us under an applicable Order Form from funds that we hold in Reserve under such Order Form, or (iv) invoice you for any amounts you owe us under any Order Form (including the Fee, any Refund Amounts, Customer Payments, Unauthorized Capture Amounts, Virtual Card Interchange Fees, as applicable) and any amounts for which we are unsuccessful in debiting your account pursuant to any Debit Authorization.
4.4 Taxes
(i) Taxes on Merchant Sales. You have sole responsibility and liability for determining, collecting and remitting all Taxes that apply to your sales of products and services and any payments received or made in connection with your use of the Services, and we are not liable for any such obligations. In the event a Tax Authority assesses any such of your Taxes on us, you agree to indemnify us against such Taxes and any related expenses or costs.
(ii) Taxes on Afterpay Fees. Fees payable by you to us pursuant to this Agreement are exclusive of any Taxes. You agree to pay any Taxes (other than our income Taxes) imposed in connection with the Fees or your use of the Services, unless you provide us with documentation required under Applicable Law to establish such Taxes are not required to be charged. Any such Taxes will be calculated by us, and presented to you as required under Applicable Law, for payment to us.
(iii) Withholding Taxes. If we are required under Applicable Law to withhold any Taxes, we may deduct such Taxes from any amounts otherwise owed to you and must remit such Taxes to the appropriate Tax Authority. Any withheld amounts will be treated as having been paid for all purposes hereunder and we will not increase any payment to you.
(iv) Tax Reporting. We may be obligated under Applicable Law to report certain information to you and/or Tax Authorities (“Tax Reporting Information”) hereunder. You agree to provide us with the necessary Tax related information and forms to complete any applicable Tax Reporting Information or as otherwise reasonably necessary, and to recertify such information as required by Applicable Law. We will report to the applicable Tax Authority the Tax Reporting Information to the extent required by Applicable Law.

5. Obligations in Respect of Returns and Refunds

5.1 Returns and Refunds. Your policies and Customer agreements must comply with Applicable Law. You must (i) consider and process any Customer’s request for Return in good faith and in accordance with your policies, and (ii) not treat Purchases differently than any other purchases with respect to accepting Goods for a Refund, exchange, repair or store credit.
5.2 General Requirements. Subject to this Section 5, if you accept Goods for Refund (“Accepted for Refund”), then any Refund Amount due in relation to the Return is owed by you to us and not the Customer; and must be refunded via the payment method used for the associated Purchase.
(i) Direct API Integration. Within three (3) Business Days of your receipt of returned Goods, as you define receipt under your internal policies and in accordance with Applicable Law, you must inform us of the Return and the Refund Amount via the Merchant Hub or the associated API. We reserve the right to hold you liable for the Purchase Amount associated with the Goods Accepted for Refund if they are refunded via another tender type. When you agree to provide a Customer with a Refund, you will be liable to us for the Refund Amount on the applicable Payment Date, and we may recover those sums in accordance with Section 4 (or, where we have not yet paid the Purchase Amount to you, by deducting the Refund Amount from the Purchase Amount relating to those Goods). We will then cancel any applicable future payments due by the Customer to us and refund to the Customer any applicable amounts paid to us.
(ii) Virtual Card. Within three (3) Business Days of your receipt of returned Goods, as you define receipt under your internal policies and in accordance with Applicable Law, you must process a refund to the applicable Virtual Card of the associated Purchase(s). All Purchases made using a Virtual Card that are Accepted for Refund (in whole or in part) must be refunded via the same applicable Virtual Card. Unless we direct you to do so, we will not accept or process a Refund Amount processed via the Merchant Hub or Direct API Integration for Purchases made using a Virtual Card. We reserve the right to hold you liable for the Refund Amounts associated with the Goods Accepted for Refund if they are refunded via any payment method or processed via any method except for the applicable Virtual Card (“Non-Card Refunds”). When you agree to provide a Customer with a Refund, you will be liable to us for the Refund Amount. We will then cancel any future payments due by such Customer to us and/or refund to such Customer any amounts paid to us. If you process a refund amount to a Virtual Card that has no associated Purchase, we reserve the right to hold you liable for any disputed amounts raised by a Customer in relation to such Refund (each an “Unauthorized Refund”).
5.3 Processing of Refunds. We have no liability to you for Returns processed more than one hundred and twenty (120) days after the date on which Approval Confirmation was provided or for Returns processed more than sixty (60) days after the termination of the applicable Order Form. You must deal directly with the Customer with respect to such Returns and associated Refunds and process such Refunds via another tender type. Without limiting this Section, any assistance we may provide to you to effect payments to Customers for any Refunds for such Goods, including providing assistance outside of the time period as stated in this Section, is at our sole discretion. For the avoidance of doubt, our rights under Section 4.3 of the Scheme Rules continue in relation to Customer Payments, and all Refunds approved by you, after termination.

6. Confidentiality and Data Protection

6.1 Except as permitted or required to fulfill its obligations pursuant to this Agreement, neither Party may use or disclose any of the other Party’s Confidential Information.
6.2 Each Party may disclose the Confidential Information of the other Party: (i) when required to do so by Applicable Law or at the request of any regulatory authority of competent jurisdiction or court order or registered stock exchange offering either Party’s securities; (ii) to a director, officer, employee, agent, contractor, professional adviser, investor or financing source (or potential investor or financing source), or Affiliate of the first Party whose duties reasonably require such disclosure. With respect to Confidential Information of ours provided to you, you may use such information solely to facilitate a Purchase. With respect to Confidential Information of yours provided in connection with a specific Purchase, we may use such information regarding a specific Purchase to process the specific transaction, to service Customer accounts, or as otherwise provided under an applicable Afterpay Group Affiliate’s privacy policies in each applicable jurisdiction.
6.3 Each Party must (i) take all reasonable steps to ensure that no Confidential Information of the other Party is used, directly or indirectly, in any way that is detrimental or adverse to the other Party; (ii) ensure that each person to whom any Confidential Information of the other Party must be, or has been, disclosed does not use or disclose such Confidential Information except as consistent with these confidentiality commitments; and (iii) take steps no less rigorous than those which it takes with respect of its own Confidential Information to prevent unauthorized use, disclosure, loss of, access to, or damage to the Confidential Information of the other Party in its possession or under its control.
6.4 PCI-DSS Compliance. We will maintain compliance with the applicable version of the PCI-DSS standard as set out by the PCI-DSS Council.
6.5 Data Protection. You and we will, when performing under this Agreement, adhere to the obligations in the Data Protection Schedule. If there is any conflict between the terms in this Agreement and the Data Protection Schedule, the Data Protection Schedule takes precedence.

7. Intellectual Property

7.1 Except as expressly provided herein, nothing in this Agreement confers to either Party, or any of its Affiliates, any right of ownership in any Intellectual Property of the other Party.
7.2 Our Intellectual Property. We grant to you a non-exclusive, non-transferable, non-sublicensable, revocable, limited license, during the term and in all regions in which you have been authorized to offer the Services, to use the Afterpay Group Intellectual Property solely in connection with your use of the Services and/or to the extent authorized by the Afterpay Group in writing. You agree that you will not use any Afterpay Group Intellectual Property in marketing or promotional materials on your Website(s) or Store(s) or in any public announcement or press release without prior written approval from the Afterpay Group. You must not copy, duplicate, reverse engineer, modify, amend, alter, or supply to any third-party, or use for any other purpose any Afterpay Group Intellectual Property without our express prior written consent. All rights, title, and interest to any Afterpay Group Intellectual Property, including, amongst others, modifications, enhancements, improvements, updates, additions, derivative works, and related material, before, during, and after the termination of this Agreement and/or applicable Order Form, continue to vest in the Afterpay Group. If you acquire any rights, titles, or interests in the Afterpay Group Intellectual Property, by operation of law or otherwise, you hereby irrevocably assign such rights to the Afterpay Group. On expiration or termination of an Order Form or this Agreement or any amendment to remove your right to offer the Services online or in Store(s), you must, in accordance with such expiration, termination, or amendment, as applicable, and as soon as reasonably practicable: (a) permanently delete all copies of the Afterpay Group Software in your possession or control; and (b) discontinue the use or display of any Afterpay Group Intellectual Property.
7.3 Your Intellectual Property. You grant the Afterpay Group a royalty-free, non-exclusive, non-transferable, sublicensable, revocable, limited license, during the term of each Order Form, to use your legal name, trade name, and Intellectual Property for the Services in all regions in which you have been authorized to offer the Services. You retain all of your Intellectual Property rights in such items. On expiration or termination of this Agreement or an Order Form or amendment removing our right to display your Intellectual Property, as applicable: (a) all licensed rights conveyed by you to the Afterpay Group cease and all such rights revert to you; and (b) we will discontinue the use or display of your Intellectual Property in accordance with such expiration, termination or amendment as soon as reasonably practicable. You permit the Afterpay Group to use your Intellectual Property, images and details of your Website(s), including for the purpose of hyperlinking, promotion, and referrals, in any: (i) marketing materials; (ii) social media posts, advertising, and messages; (iii) websites, mobile and web applications; (iv) push marketing emails; (v) public announcements; (vi) press releases, (vii) directory listings, and (viii) any other marketing or promotional activities agreed in writing. You further agree that we may share, re-post, and otherwise use any images and other content you include on your social media accounts or pages on our websites, social media accounts, and pages without your consent, and without any payment to you provided we credit you as the source of such image or content or include any other statement of attribution that you reasonably require, and promptly remove, or alter, such image or content at your written request. You agree to obtain on our behalf any third-party consents or licenses required to enable us to use such images and details as contemplated by this Agreement, without attribution and charge to us. If requested by you, we will, as soon as reasonably practicable, remove your Intellectual Property, images, or details of your Website(s) from marketing material, or modify any images used in our directory listings.
7.4 Feedback. If you, your agents, or contractors provide any feedback, including identifying potential errors or improvements, to us with respect to any aspect of a Service (“Feedback”), you assign to us all right, title, and interest in and to the Feedback, and we are free to use, reproduce, disclose, and otherwise exploit the Feedback without attribution, payment, or restriction, including to improve the Service or create other products and services. We will treat any Feedback as non-confidential and non-proprietary.

8. Suspension

8.1 Unless prohibited by Applicable Law, we may suspend your access to any part of the Services (including your ability to process Refunds) and withhold Purchase Amounts that may be payable to you, by written notice if:
(i) you have breached, or we reasonably believe you have breached, any provision of this Agreement;
(ii) we are unable to verify your ownership or are prohibited from doing business with you under Applicable Law;
(iii) to protect our systems or the Services against harm, including fraud or malicious activity;
(iv) you are subject to an Insolvency Event (wherever suspension is permitted by Applicable Law);
(v) we are unsuccessful in debiting your account under any Debit Authorization provided by you;
(vi) we reasonably believe that continuing to process transactions is in breach of Applicable Law or our internal policies or procedures; or
(vii) we are required to do so by Applicable Law, court order, or regulatory authority.
8.2 Any suspension will remain effective until the reason for the suspension has been remedied to our reasonable satisfaction. Without limiting your other obligations under this Agreement, while any suspension is effective, you must comply with all reasonable directions that we give regarding your display of the applicable Gateway and use of the Afterpay Group Intellectual Property.

9. Termination

9.1 Any Party to an Order Form may terminate it immediately by giving the other Party written notice if:
(i) the other Party materially breaches any provision of this Agreement, and either such breach is incapable of remedy, or the other Party has failed to remedy such breach within fourteen (14) days of receiving written notice of breach;
(ii) the other Party engages in any fraudulent activity or conduct;
(iii) the other Party is unable to perform its obligations as a result of a Force Majeure event, and such event continues for a period of thirty (30) days; or
(iv) the other Party experiences an Insolvency Event (where termination is permitted by Applicable Law).
9.2 In addition, we may terminate an Order Form, in whole or in part, immediately upon written notice if:
(i) we reasonably believe that you have breached your representations and warranties as set out in your Supplementary Terms on a repeated basis;
(ii) you are offering for sale or selling Restricted Goods through your Website or in Stores without prior written approval from us;
(iii) the Monthly Default Rate is 4% or higher;
(iv) we are unable to verify your new ownership or we are prohibited from doing business with your new owner under Applicable Law;
(v) we are required to do so if required by Applicable Law, court order or regulatory authority;
(vi) we are unsuccessful in debiting your account pursuant to any Debit Authorization and any such default remains uncured for more than five (5) Business Days;
(vii) we cease providing any part of the Services in any geographic region; or
(viii) the cause for our suspension of your access to the Services pursuant to Section 8 is not cured for a period of fourteen (14) days
9.3 Termination of an Order Form does not affect the ongoing term of any other, then-current, Order Form unless specified otherwise in the applicable Order Form.
9.4 Consequences of Termination. Termination of an Order Form does not affect any right or obligation which arose under this Agreement before such termination and does not prejudice the Parties’ other rights and remedies. Upon termination of an Order Form, all rights and licenses granted to the Parties to such Order Form under this Agreement will terminate immediately, except as otherwise expressly provided in this Agreement. Without limiting the other provisions of this Agreement, Sections 4.1(iv), 4.3, 5.3, 6, and 11 of these Scheme Rules, Sections 3.2 of Service Schedule 1, any terms relating to warranties, liability and indemnities in your Supplementary Terms, and such other terms identified in this Agreement or which by their nature are required to survive termination of an Order Form, will survive termination of the applicable Order Form.

10. Mutual Representations and Warranties. Each Party makes the following representations and warranties to the other:

10.1 It is duly qualified and licensed to do business in all jurisdictions in which it operates, has full power and authority to enter into and perform its obligations under this Agreement, and, once an Order Form is duly executed by an authorized representative of that Party, this Agreement constitutes legal, valid, and binding obligations enforceable against such Party;
10.2 To the best of its knowledge, the consummation of the Services and the obligations and rights described in this Agreement do not result in the material breach of any contract to which it is currently a party;
10.3 It is not insolvent, in bankruptcy proceedings or in receivership; and
10.4 In relation to any threatened or current litigation or arbitration or other legal proceedings or investigations of any kind, including regulatory enforcement, you are not engaged in any such activities which would have an adverse effect on your ability to perform your obligations under this Agreement, and any material litigation and public regulatory proceedings against Block Inc. are disclosed in Block’s public filings.

11. Disputes. For the avoidance of doubt, no action, suit, arbitration, or other proceeding may be commenced unless and until the Parties have attempted to resolve a dispute pursuant to this Agreement utilizing commercially reasonable efforts within fourteen (14) days from the date of written notice of a dispute from the disputing Party to the other Party. The immediately preceding sentence does not limit the Parties’ ability to immediately seek injunctive relief. In the event disputes pursuant to this Agreement cannot be resolved pursuant to this Section, the disputes provisions set out in an Order Form apply to disputes relating to the region covered by such Order Form.

12. Notices. Unless otherwise specified in this Agreement, any notices to any other Party, including any notice of a change of address, must be in writing in English and will be effective, as follows: (i) if to us: once sent by electronic mail to [email protected] copying [email protected] (or an email address otherwise notified to you by us); and (ii) if to you, once posted in the Merchant Portal or sent by electronic mail to the address or email address you provide through the Merchant Portal, at our election.

13. Relationship of the Parties. Nothing in this Agreement is construed to create a relationship of partnership, agency, or joint venture between the Parties or any relationship other than independent parties contracting for services. Neither Party has any authority to enter into any contract or create any obligation or liability on behalf of the other Party. Nothing herein is interpreted to limit us from offering the same or similar services to other parties.

14. Miscellaneous

(i) No Waiver or Amendment. No failure or delay to exercise any right, power, or remedy or partial exercise thereof under this Agreement operates as a waiver or preclude any other or further exercise thereof. Except as set out in Section 2 of the Scheme Rules, this Agreement may not be amended or waived except by an instrument in writing signed by the party against whom any such amendment or waiver is sought.
(ii) Construction. The headings of the sections of this Agreement are inserted for convenience only and do not affect the meaning or interpretation of this Agreement. Any rule of construction to the effect that ambiguities are to be resolved against the drafting Party will not be used in the construction or interpretation of this Agreement. Except where the context otherwise requires, the word “or” is used in this Agreement to mean the inclusive meaning (i.e., “and/or”). Reference to “including” is not construed in any way to limit the scope of the term that it references but construed to mean “including, but not limited to”.
(iii) Severability. If any portion of this Agreement is determined to be invalid or unenforceable, the remaining portions of this Agreement are not affected and are binding upon the Parties and are enforceable, as though said invalid or unenforceable portions were not contained in this Agreement.
(iv) Transfers or Assignments. You may not transfer or assign any rights you may have under this Agreement without our prior written consent, not to be unreasonably withheld. We may transfer or assign this Agreement, and any right under the Agreement in whole or in part, to any Affiliate or any third party, and we will notify you in advance of such a transfer or assignment.
(v) Counterparts; Electronic Signatures. Any Order Form may be executed in one or more counterparts, each of which is deemed an original, but all of which together constitute one and the same Order Form. Electronic signatures of the Parties included in an Order Form and delivered by electronic mail in portable document format form or any other electronic means to preserve the original graphic and pictorial appearance of the document are deemed to constitute original signatures and have the same force and effect as physical delivery of the paper document bearing an original signature.
(vi) Third-Party Beneficiaries. Except as may be expressly provided, no provision of this Agreement is interpreted to create any third-party beneficiary rights or any other rights of any kind in any person or entity other than the Parties hereto.

15. United Kingdom Clauses. The following clauses also apply to a Merchant entity that has signed an Order Form for the United Kingdom.

(i) UK Bribery and Corruption. Each Party must comply with all Applicable Laws relating to anti-bribery and anti-corruption including the UK’s Bribery Act 2010 (“Relevant Requirements”) and have, maintain, monitor, and enforce throughout all Service Terms its own policies and procedures to prevent any of its associated persons from committing an offence under any Relevant Requirements (with the terms “adequate procedures” and “associated persons” having the meanings set out in the UK’s Bribery Act 2010).
(ii) UK Financial Promotions.
(A) To the extent any content, materials, documentation, or information you (or those acting on your behalf) produce in connection with the activities anticipated under this Agreement would constitute a financial promotion under section 21 of the UK’s Financial Services and Markets Act 2000 (“FSMA”) (“Regulated Materials”), you will (and will procure that any persons acting on your behalf will):
(i) comply with our marketing usage rules and use our approved assets without modification as available at https://www.clearpay.co.uk/en-GB/for-retailers/resources/marketing (as updated from time to time by Afterpay) (“Marketing Rules”). The Marketing Rules have been approved from a financial promotions’ perspective under FSMA by an authorised person (as defined in FSMA); or
(ii) where the Regulated Materials do not comply with the Marketing Rules then (a) prior to any use by or disclosure of any Regulated Materials, provide such Regulated Materials to us to procure any relevant approvals that may be required from a financial promotions perspective under FSMA from an authorised person; and (b) not use or disclose such Regulated Materials unless and until we have notified you in writing that the relevant Regulated Materials have been approved for publication as required from a financial promotions perspective under FSMA.
(B) You will fully cooperate with us and comply with all requests from us in relation to the Regulated Materials, which may include monitoring Regulated Materials to identify if there are any risks that the Regulated Materials are not compliant with FSMA requirements for the lifetime of the Regulated Materials and providing data on the status of the Regulated Materials. Further, you will (and will procure that any persons acting on your behalf will) comply with our instructions and directions promptly (and in any event before any deadlines set by any authorised person and/or the UK Financial Conduct Authority) in respect of any amendments that need to be made to any Regulated Materials or to withdraw the Regulated Materials so as to ensure that such Regulated Materials are compliant with FSMA and the UK Financial Conduct Authority’s rules in relation to the publication of financial promotions, for the lifetime of the Regulated Materials. The details of the relevant authorised person engaged by Afterpay are set out in the Marketing Rules, however the identity of the authorised person may change at Afterpay’s sole discretion in accordance with Applicable Laws.
(iii) Cooperation. You agree to fully and promptly cooperate and provide reasonable assistance to Afterpay in respect of all requests or enquiries from regulatory bodies or authorities (including the UK Financial Conduct Authority) including requests for information and the UK Financial Conduct Authority investigations arising out of or related to the Extended Repayment Feature and Afterpay Services.
(iv) Distance Selling. Where a Customer cancels the purchase of Goods in accordance with the UK’s Consumer Contracts (Information, Cancellation, and Additional Charges) Regulations 2013, the Goods are deemed to have been Accepted for Refund by you pursuant to Section 5.
(v) Clearpay. You acknowledge, and agree, that the use of the trademark “Afterpay” must not be used in the United Kingdom, and you must only make reference to the trademark “Clearpay”.

16. Australia Clause. This clause also applies to a Merchant entity(ies) that has signed an Order Form for Australia. Under the AU BNPL Code, we are required to ensure that our merchants meet certain minimum standards. Without limiting any other obligations in this Agreement, you must: (i) act lawfully, fairly, and ethically in your dealings with Customers; (ii) communicate clearly when dealing with Customers and in marketing and advertising material that relates to us or the Extended Repayment Feature; (iii) have appropriate process and controls in place to safeguard the confidentiality of Customer information; (iv) respond to Customer complaints in a timely manner; and (v) provide Customers with clear and up front information about the Extended Repayment Feature, fees, and charges in a format that is accessible to Customers. You must also ensure that your employees and agents are aware of and are trained to meet these minimum standards.

Service Schedule 1: Afterpay Services

1. Afterpay Services

1.1 We permit you to use the Afterpay Services as set out in your Order Form (subject to regional availability), which may include marketing and promotional services, as follows:
(i) Afterpay Ecommerce Services. The Afterpay Ecommerce Services allow Customers to pay for Goods using the Extended Repayment Feature on your Website. Your Order Form will set out whether your Afterpay Ecommerce Services integration is via Direct API Integration or Afterpay Button Integration (“Afterpay Ecommerce Services”). The Afterpay Button Integration facilitates payment from Customers using a Virtual Card which will be processed via your PSP.
(ii) Afterpay Card Services (In-Store). The Afterpay Card Services allow Customers to pay for Goods using the Extended Repayment Feature in your Stores. These Afterpay Purchases are made by Customers using a Virtual Card in a digital wallet which will be processed via your PSP.

2. General Requirements

2.1 Technical Integration of Afterpay Gateway. You agree to follow our reasonable directions regarding the technical integration of the Afterpay Gateway on your Website(s) or in Store(s), as applicable. You must obtain written approval from our authorized representative if your implementation of the Afterpay Gateway deviates from any guidelines provided by us.
2.2 Availability. You will make the Extended Repayment Feature available for use by Customers on your Website(s) or in Store(s), as applicable, as soon as reasonably practicable after an Order Form for such Afterpay Services has been executed. You must continuously allow Customers to make Afterpay Purchases for the duration of the applicable Order Form except: (i) during any period of suspension imposed by us in accordance with this Agreement; or (ii) as otherwise reasonably agreed by us.
2.3 Merchant Attestation. You attest that your use of the Afterpay Services is for: (i) business purposes and not for personal, family, or household purposes, and (ii) business-to-consumer sales and not to facilitate Afterpay Purchases with another business, unless we explicitly permit you to do so. You acknowledge that the arrangement for the sale by you to Customers of any Goods is a separate consumer contract between you and each Customer and the Customer’s rights and remedies as a consumer in respect of that sale by you (including any Return of those Goods) are as between you and the Customer, to the exclusion of us.
2.4 Parity of Placement. You agree that anywhere the Afterpay logo is displayed by you on your Website(s) and in your Stores, it will be displayed in comparable size to, or larger than, the logo of any Competing Payment Service.
2.5 Demonstration of Results. Subject to your written approval, not to be unreasonably withheld, you agree, no more frequently than annually, to serve as a case study to demonstrate the performance of the Afterpay Services on your Website(s) or in Stores, as applicable. You agree to serve as a merchant reference upon our reasonable request, no more frequently than five (5) times a year, for other merchants considering whether to use the Afterpay Services.
2.6 Display and Use of Afterpay Group Intellectual Property and Materials. We will make available marketing assets and other promotional material for use on your Website(s) and in Store(s) to market the Extended Repayment Feature. As a condition of being offered the Afterpay Services, you agree to take any of the following actions: (i) represent the Extended Repayment Feature and applicable Afterpay Group Intellectual Property on the product page of all products, including where the Extended Repayment Feature is offered, solely in accordance with our Brand Management Materials, guidelines, and directions as provided by us in writing; (ii) include on your Website(s) and/or in your Store(s), as applicable, a description of the Extended Repayment Feature in such terms as may be provided or approved by us in writing; (iii) where applicable, implement and display in your Stores any marketing collateral and other promotional materials marketing the availability of the Afterpay Card Services we provide to you (at our cost) in accordance with this Agreement or as otherwise instructed by us, acting reasonably; (iv) promptly, but in all cases within fourteen (14) days, comply with reasonable directions we provide regarding any description or display of the Extended Repayment Feature or applicable Afterpay Group Intellectual Property on your Website(s) and Store(s), as applicable, including modifying, replacing, or removing any description or display of the Extended Repayment Feature or Afterpay Group Intellectual Property. For the avoidance of doubt, other than pre-approved materials provided by us specific to each region (including the Brand Management Materials), you agree that you will not use the Afterpay Group Intellectual Property in marketing or promotional materials on your Website(s) or Store(s) without prior written approval from us.

3. Purchase Requirements

3.1 Delivery of Goods. Where a Customer makes an online Afterpay Purchase using the Extended Repayment Feature, you are responsible for ensuring that all Goods are Delivered to the Customer in accordance with Applicable Law and within the expected Delivery period as represented to the Customer at the point of sale, up to a maximum of fourteen (14) days, or in the case of Goods that are services, up to a maximum of ninety (90) days. Where a Customer makes an Afterpay Purchase using the Extended Repayment Feature in Stores, the Goods must be Delivered (or provided) to the Customer immediately after Approval Confirmation, unless you expressly agree to an alternative Delivery time with the Customer, where the expected Delivery period is up to a maximum of fourteen (14) days.
3.2 Non-Delivery of Goods. If we suspect that Goods have or will not be Delivered pursuant to Section 3.1 above, we may ask you for proof of Delivery. If requested, you agree to notify us of the shipping carrier name, tracking number, and provide confirmation that the Goods have been Delivered or will promptly be Delivered to the address specified by the Customer (or for permitted services, provide proof of supply of the services). If you do not provide this information within two (2) Business Days of our request, or such other greater timeframe communicated to you, then you agree to refund to us any Purchase Amount we have paid you and reimburse us any Chargeback fees we incur.
3.3 Customer Disputes. The Parties agree to cooperate in good faith to promptly resolve all disputes raised by Customers with respect to Afterpay Purchases. To the extent such Customer disputes result in a refund of the Afterpay Purchase amount to the Customer, we reserve the right to set off such Purchase Amount from you in accordance with this Agreement.
3.4 Surcharges. You must not increase the Sale Price or Shipping Costs, or otherwise charge a Customer any other fees, increase the overall cost to the Customer, reject a request for a return of refund, or discriminate against any Customer in any way because the Customer elected to use the Extended Repayment Feature.
3.5 Customer Payments. You must not accept payments for any Goods on our behalf. If you receive any part of a payment relating to an Afterpay Purchase directly from a Customer (“Customer Payment”), you will promptly notify us of the details of the Customer Payment and hold the full amount of the Customer Payment for our benefit. You will then promptly make a payment of that amount to us.
3.6 Reimbursement. You must reimburse us any Chargeback amounts (including associated Chargeback fees or other costs incurred) and/or any part of the Sale Price and associated Shipping Costs that we cannot, or do not, recover from a Customer, or are required to refund to a Customer, in connection with that Afterpay Purchase to the extent that we reasonably determine, based on evidence, the Chargeback, Customer non-payment or Customer refund is because of the Goods which are the subject of the relevant Afterpay Purchase (including, without limitation, any product liability or warranty claim relating to those Goods) or a breach of your representations and warranties set out in these Scheme Rules or your Supplementary Terms. We may elect to be paid such amounts in accordance with Section 4 of the Scheme Rules, and we may Refund to the Customer any amounts paid by the Customer to us in connection with the Afterpay Purchase.
3.7 Provision of Transaction Data. Where requested by us, you must provide us with accurate business and transaction data for the purpose of facilitating Afterpay Purchases and Refunds made using any applicable Virtual Card, including merchant category code, scheme merchant name, acquiring ID, merchant ID, terminal ID, and such other information required by us.

4. Additional Features

4.1 Express Checkout. If the Afterpay express checkout functionality is made available for technical integration (“Express Checkout”), you agree to integrate Express Checkout on your Website(s) where relevant and technically possible.
4.2 Cross Border Trade. We may authorize you in an Order Form to use the Afterpay Services for transactions relating to certain Customers located outside the applicable Order Form region which allows those Customers to use their Afterpay Group Affiliate account to purchase Goods offered on your Websites for delivery outside of the applicable Order Form region (“Cross Border Trade”). Where we authorize you to use the Afterpay Services for Cross Border Trade, you agree to be bound by the terms set out at Cross Border Trade.
4.3 Recurring Payments. We may authorize you in an Order Form to permit Customers to use the Extended Repayment Feature to make Afterpay Purchases for Goods on a Recurring Payments basis. Where we authorize you to engage in Recurring Paymwnts, you agree to be bound by the terms set out at Recurring Payments. We may withdraw our authorization at any time in our sole discretion.

5. Afterpay Card Services (In-Store) - Additional Terms

5.1 Training Requirements
(i) As a condition of offering the Afterpay Card Services, you agree to provide appropriate training regarding the Afterpay Card Services to your Store Personnel which consists of written materials provided by us to you (the “Afterpay Card Training”). In the United Kingdom, the Afterpay Card Training must include the rules on how Regulated Materials may be marketed in your Store and/or by your Store Personnel in compliance with section 21 of FSMA. For the avoidance of doubt, such written materials are for internal training purposes only and are not to be used as external marketing materials to Customers which are provided separately.
(ii) At least fourteen (14) days before the launch of Afterpay Card Services, and upon request, no more frequently than annually, you will provide a certification to us that the training of all relevant Store Personnel has been completed.
(iii) You remain responsible and liable for the appropriate training of your Store Personnel at all levels. If we reasonably believe that your Afterpay Card Training is not sufficient, including if we receive Customer complaints about the Afterpay Card Services, the Parties will cooperate to deploy a mutually agreeable solution to enhance your Afterpay Card Training.

Service Schedule 1: Afterpay Services - Attachment 1 (Restricted Goods)

All regions

Categories of Goods sold:

Auctions;
Coupons, Vouchers, Daily Deals;
Department Stores;
Donations;
Dangerous goods, being goods that cause damage, harm or injury, including (without limitation), recreational drugs (chemical or herbal) or derivatives from drugs (chemical or herbal), cannabis or CBD products (prescription or otherwise), psychoactive substances, drug paraphernalia, equipment to facilitate drug use, weapons, weaponised knives, self-defence products, ammunition, explosive materials and fireworks, instructions for making explosives, or other harmful products, tobacco products, e-cigarettes or vaping products, weaponised hunting equipment, militarised products, or armoured goods;
High risk digital goods and services including software, movies, music, games, and video game credits;
Products that enable dishonest behavior, including (without limitation) hacking software or instructions, fake documents, and academic cheating products, essay mills;
Goods or services that infringe third-party Intellectual Property, including (without limitation) counterfeit goods and pirated content;
Services in the following categories: non-cosmetic tattoo art, pay-to-remove services; no-value-added services; “experiences”; financial services; ticketing services; software services; health services; and other personal services, travel services (including airlines, accommodation, car rental, tours, cruises, railway, and timeshare);
Business to business sales;
Pre-orders or recurring payments/subscriptions;
Adult goods (including pornographic or explicit materials, experiences, and content), online streaming services, and other content formats deemed offensive or of a sexual nature;
Food delivery platforms ;
Gang or hate group affiliated products;
Multi-level marketing, pyramid structure businesses, “get rich quick’ schemes;
Gift cards, gift card marketplaces, open loop cards or reloadable debit cards, payment cards that can be used at any location that accepts cards authorized by the payment card’s network, cash, or cash equivalents;
Jamming and/or interference devices;
Gambling or gambling-related content (including lotteries, games of chance, and raffles);
Precious metals (e.g. raw, materials, bullions);
Pre-paid financial cards (including calling cards and debit cards);
Pseudomedicals, Pseudopharmaceuticals, and Nutraceuticals;
Selective Androgen Receptor Modulators or Peptides;
Prescription drugs, regulated products, illegal drugs, and testosterone boosters or sexual enhancement products;
Beauty or cosmetic treatments that are physically invasive with a high risk of infection not approved by the applicable local regulatory authority;
Utilities;
Non-fungible tokens/ NFTs, cryptocurrency; and
Without limiting the above, any goods or services which are required by law to be sold to Customers over the legal age of majority (or equivalent) in the applicable Order Form region.

High risk attributes:

Sale of Goods through a marketplace or aggregator;
Dropshipping;
Hype or high demand / low supply products, or a ‘flash sale’ business model;
Delivery of products > 14 days;
Delivery of a majority of services > 90 days;
Imposes a surcharge for Afterpay payments;
Non-renewable memberships;
Merchant contracting entity is located in a different country / region to where the Services will be provided;
Sale of goods through a pawn shop; and
Any goods, services, or practices (including through marketing and communications) that harass, and/or vilify individuals on grounds including gender, race, ethnicity, religion, age, cultural background, disability, sexual orientation, gender identity, pregnancy, family responsibilities, marital, or relationship status.

Any other goods or services which we consider, in our reasonable discretion, to be dangerous, inappropriate, or high risk.

United States and Canada

In addition to the “all regions” list above:

Alcohol retailers (e.g. liquor stores);
Education services and courses;
Health and medical services (including dentists, general practitioners, vets etc); and
Pharmaceuticals, medical and pharmaceutical devices/equipment.

United Kingdom

In addition to the “all regions” list above:

Health and medical services (including dentists, general practitioners, vets etc); and
Pharmaceuticals and medical devices (prescription)

Service Schedule 1: Afterpay Services - Attachment 2 (Cross Border Trade)

1. The following additional terms apply to any Cross Border Transactions processed by you under the Agreement.

1.1 All references in this Agreement to “Afterpay Purchase” also include Cross Border Transactions and apply as it would in relation to any Afterpay Purchase;
1.2 We will authorize locations outside the applicable Order Form region where you may allow Cross Border Transactions. The limitations on the purchase of Goods from, and the Delivery of Goods to, territories outside the Order Form region do not apply for Cross Border Transactions;
1.3 In accordance with Section 3.1 (Delivery of Goods) of Service Schedule 1, you must ensure that all Goods are Delivered to the Customer promptly, and within the expected Delivery period as represented to the Customer at the point of sale, and up to a maximum of twenty-one (21) days (where shipping must occur within ten (10) days) if it is a Cross Border Transaction;
1.4 You are responsible for arranging Delivery of all Cross Border Transactions and for any, and all, additional costs and charges (including without limitation any applicable taxes, duties, levies, import and export fees, excise taxes, delivery charges, and other applicable amounts) associated with any Cross Border Transaction;
1.5 You must ensure that any, and all, additional costs and charges associated with a Cross Border Transaction (including without limitation any applicable taxes, duties, levies, import and export fees, excise taxes, delivery charges, and other applicable amounts) charged by you to the Customer with respect to a Cross Border Transaction are included in the Sale Price and Shipping Costs (as applicable) or are otherwise clearly represented to the Customer prior to the point of purchase;
1.6 To allow for foreign exchange settlement on a Cross Border Transaction, the Payment Date for Purchase Amounts and Fees and for Refund Amounts for a Cross Border Transaction may be extended in each case by three (3) additional Business Days (to the Business Day timeframes set out in the Scheme Rules);
1.7 The Afterpay Group entity(ies) that has entered into an applicable Order Form will make all payments to you in respect of a Cross Border Transaction under such Order Form. These payments will be made in the currency as stated in each applicable Order Form;
1.8 In addition to any Fee payable by you for each Afterpay Purchase for each Cross Border Transaction, a “Cross Border Transaction Fee” will be due as set forth in the applicable Order Form. The Cross Border Transaction Fee is payable by you in addition to the applicable Fees for each Afterpay Service, as applicable and pursuant to the Order Form;
1.9 To the extent that your Website supports multi-currency presentment so that a Customer is able make a Cross Border Transaction in a currency other than the applicable Order Form currency (the “Foreign Currency”), we will convert the Foreign Currency to the applicable Order Form currency on the date of the Cross Border Transaction using the same conversion rate that Afterpay must pay, plus a Foreign Currency Conversion Fee, to calculate the payments referenced in Section 1.8 above and the Cross Border Transaction Fee;
1.10 Section 4 of the Scheme Rules applies to the Cross Border Transaction Fee in the same way as it applies to the Fee (including that the Cross Border Transaction Fee is not refundable unless paid incorrectly or otherwise required by Applicable Law). For the avoidance of doubt, the Cross Border Transaction Fee will not be refunded or repaid to you in respect of Goods that are returned to you by Customers;
1.11 You and we will, when performing obligations in relation to Cross Border Transactions for Customers located outside of the applicable Order Form region, each comply with the relevant data privacy laws and regulations applicable in the jurisdiction where the Customer resides;
1.12 In addition to the other rights of termination under this Agreement, we may terminate the provision of Cross Border Trade for any reason immediately by written notice to you (including where we cease to offer Cross Border Trade capability in connection with its Services). If we terminate Cross Border Trade, these Cross Border Trade Terms do not apply, the remaining provisions of this Agreement are not affected, and the Agreement remains in full force and effect and continues to be legally binding on the Parties. For the avoidance of doubt, if either Party terminates this Agreement pursuant to its terms or terminates any Order Form under which you engage in Cross Border Trade, this also terminates your provision of the Extended Repayment Feature via Cross Border Trade;
1.13 For the avoidance of doubt, the Afterpay Group entity that has entered into an applicable Order Form is not performing any cross-border business and is not acting as agent for any Afterpay Group Affiliate in relation to the Cross Border Transactions;
1.14 Cooperation. You agree to fully and promptly cooperate and provide reasonable assistance to Afterpay in respect of all requests or enquiries from regulatory bodies or authorities, including requests for information and regulatory investigations arising out of or related to the Extended Repayment Feature and Afterpay Services.

2. Additional definitions pursuant to this Exhibit:

2.1 Cross Border Transaction means an Afterpay Purchase via Cross Border Trade; and
2.2 Customer means a Customer of an Afterpay Group Affiliate who uses that Afterpay Group Affiliate’s services where it is offered outside of the applicable Order Form region

Service Schedule 1: Afterpay Services - Attachment 3 (Recurring Payments)

1. General

1.1 If we authorize you in an Order Form, or as otherwise notified to you, to permit Customers to use the Extended Repayment Feature for one or more types of Recurring Payments, the following terms also apply. Recurring Payments are not available in all regions and are subject to any applicable Regional Terms below.
1.2. For each Customer that elects to use Recurring Payments, we will send you a token to be saved against that Customer’s account with you that will allow you to send a request to Afterpay for each subsequent Recurring Payment. The token can be used until: (A) the Customer opts-out of the Recurring Payments pursuant to your terms of use as represented by you to the Customer, and such opt-out is communicated by you to us; or (B) we terminate Recurring Payments. You must display an opt-out option for Customers within your checkout flow (or elsewhere on your Website(s)) and you must not use a token for any Customer who has opted-out.
1.3. We may terminate the provision of any or all types of Recurring Payments for any reason immediately by written notice (including where we cease to offer Recurring Payments in connection with the Services). If we terminate Recurring Payments, these Recurring Payment terms do not apply, the remaining provisions of this Agreement are not affected, and the Agreement remains in full force and effect and continues to be legally binding on the Parties. For the avoidance of doubt, if either Party terminates this Agreement pursuant to its terms or terminates any Order Form under which you engage in Recurring Payments, this also terminates your provision of the Extended Repayment Feature via Recurring Payments.
1.4. In this Agreement, “Recurring Payment” means an arrangement between you and the Customer via your Website(s), whereby the Customer agrees to save their Afterpay details with you to pay you for Goods via your Website(s) using the Extended Repayment Feature based one or more of the following options:
(i) payment for ad hoc future Afterpay Purchases without the Customer needing to subsequently log in to their Afterpay account to complete the Afterpay Purchase, where the Customer must be present on your Website(s) to approve each Recurring Payment (“Future Orders”);
(ii) automatic payment over a fixed or variable cadence basis (as applicable) where the amount may vary across billing periods according to the Customer’s usage or needs (this may include flexible subscription arrangements and bill payment arrangements), and where the Customer does not need to be present on your Website(s) to approve each Recurring Payment after initial setup (“Flexible Recurring Payment”); or
(iii) automatic payment of a fixed amount on a monthly, quarterly, annual or other fixed cadence basis (as applicable) for the purposes of an ongoing subscription, and where the Customer does not need to be present on your Website(s) to approve each Recurring Payment after initial setup (“Fixed Recurring Payment”).
For the avoidance of doubt, each Recurring Payment is deemed an Afterpay Purchase.
1.5. We will not have any liability for, and you agree to indemnify us, for any claims made by a Customer where that Customer has elected to save their Afterpay details with you, and your Website(s) or the Customer’s account with you suffers any data breach or any other system failure which also causes the Customer’s Afterpay account details or information to be compromised.

2. Preferred Payment Method. You agree that following a Customer’s agreement to Fixed Recurring Payments or Flexible Recurring Payments, the Extended Payment Feature will be saved as the Customer’s preferred payment method for any subsequent, related Recurring Payment unless, and until, the Customer opts-out of making such Recurring Payments pursuant to your terms of use as represented by you to the Customer, and such opt-out is communicated by you to us.

3. Rights and obligations in relation to Recurring Payments

3.1 You agree to provide sufficient information to us as to each Afterpay Purchase in order for us to determine whether, and to what extent, such Afterpay Purchase is being made as a Recurring Payment (including records showing the Customer has consented to Recurring Payments when the Customer is not present at your Website(s)).
3.2 In addition to any other representation and warranties to you provide, you represent and warrant to us:
(i) in respect of any Fixed Recurring Payment, that each Recurring Payment will be in an equal amount, unless and until (A) you provide the Customer with reasonable prior written notice of any proposed price variation before the effective date of such price variation, and (B) the Customer agrees to that price variation and the Extended Repayment Feature being used for subsequent Recurring Payments; and
(ii) that any price variations for Recurring Payments are made in accordance with Applicable Laws and as agreed between you and such Customer, are communicated to us, and won’t exceed any reasonable threshold as determined and notified by us. We may cancel any Recurring Payment if any price variation exceeds any notified threshold, effective from the date of the price variation.
3.3 For each Customer making Recurring Payments, we may cancel any Recurring Payment scheduled to occur twelve (12) months after the first Recurring Payment is made by such Customer unless and until Customer re-consents to our then-current terms and conditions relating to Customer’s use of the Extended Repayment Feature. You must ensure Customers are able to promptly re-consent to our then current terms and conditions relating to their use of the Extended Repayment Feature within your checkout flow (or elsewhere on your Website(s)), as applicable.

4. Applicable Regions and Regional Terms

Region	Recurring Payment Options	Regional Terms
AU	Future Orders Fixed Recurring Payments Flexible Recurring Payments	No additional Regional Terms
NZ	Future Orders Fixed Recurring Payments Flexible Recurring Payments	No additional Regional Terms
US	Fixed Recurring Payments	If any price variation referred to in Section 3.2 exceeds the greater of Five U.S. Dollars (USD$5.00) or ten percent (10%) of the original Purchase Amount, we may cancel any Recurring Payment as of the effective date of the price variation.
CA	Not available	N/A
UK	Not available	N/A

Service Schedule 2: Cash App Pay Services

1. Cash App Pay Services. Cash App Pay Services under this Service Schedule means our provision of Cash App Pay to you through the Cash App Gateway, including access to the Cash App Developer Portal. We permit you to use the Cash App Pay Services as set out in your Order Form, which may include marketing and promotional services, for Cash App Ecommerce Services.

2. Cash App Ecommerce Services. The Cash App Ecommerce Services allows Customers to pay for Goods on your Website using the Cash App application-based financial platform through which Customers can send peer-to-peer payments, store funds, order physical and virtual debit cards, purchase and store bitcoin, and obtain financial rewards using products or features within the application (“Cash App”). Your Order Form will set out whether your integration to use the Cash App Ecommerce Services is via Direct API Integration or Cash App Button Integration. Not all Cash App Ecommerce Services are available in all regions. The Cash App Button Integration facilitates payment from Customers using a Virtual Card which will be processed via your PSP.

3. Technical Integration of Cash App Gateway. You agree to follow reasonable directions from us regarding the technical integration of the Cash App Gateway on your Website(s) or in-Store as applicable.

4.Parity of Placement. You agree that anywhere the Cash App Pay logo is displayed by you on your Website(s) and in your Stores, you will display the Cash App Pay logo in comparable size to, or larger than, the logo of any Competing Payment Service.

5. Cash App Pay Program Rules. You understand, and agree, that you must, at all times, comply with the Cash App Pay Program Rules.

Data Protection Schedule

This Data Protection Schedule (“Schedule”) applies and forms part of the Afterpay Group - Global Merchant Scheme Rules (“Scheme Rules”), a current version of which can be found at https://www.afterpay.com/en-NZ/merchant-scheme-rules, for any Services provided by the Afterpay Group under any Order Forms signed by you or your Affiliates. Any reference to “we”, “us”, “our” or “Afterpay”, is a reference to the Afterpay Group collectively or an Afterpay Group Affiliate (as applicable). In the event of a conflict or inconsistency between this Schedule and the Scheme Rules, this Schedule controls with respect to any data protection conflicts or inconsistencies. Each capitalized term used but not defined in this Schedule has the meaning set forth in the Scheme Rules.

1. Definitions. For the purposes of this Schedule, the following terms have the meanings given below:

“Applicable Data Protection Laws” means all applicable national, federal, state, and local laws, statutes, ordinances, rules, and regulations of any applicable jurisdiction and any applicable court order or settlement agreement governing the processing of Personal Data, including the California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.100 et seq.), Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”), UK Data Protection Law, any implementing, derivative or related legislation, rule, or regulation of the European Union, a European Union member state or the United Kingdom with respect to Personal Data, Canada’s Personal Data Protection and Electronic Documents Act (S.C. 2000, c. 5), Australia’s Privacy Act 1988 (Cth), and New Zealand’s Privacy Act 2020.

“Controller” has the meaning given to this term in Applicable Data Protection Laws.

“Data Security Breach” means any (a) actual or attempted Processing of Shared Personal Data, not expressly permitted by the Agreement or this Schedule, including any loss, misuse, or unauthorized access, disclosure, alteration, destruction, or acquisition of Shared Personal Data (b) reasonably suspected breach or compromise of Shared Personal Data, or of a Party’s computer systems or networks that directly or indirectly support Shared Personal Data; or (c) any reasonably suspected violation of Applicable Data Protection Laws by a Party in relation to the Shared Personal Data.

“Data Subject” means an identified or identifiable natural person to whom Personal Data relates.

“Permitted Purpose” means the provision of the Services by the Afterpay Group to a Merchant pursuant to this Agreement and such other instructions as may be provided by the Afterpay Group from time to time;

“Personal Data” means any information (i) that identifies, or can be used to identify, contact, or precisely locate the individual person to whom such information pertains; (ii) from which identification of, or contact information for, an individual person can be derived; or (iii) any other information the Processing of which is otherwise subject to or governed by Applicable Data Protection Laws. Additionally, to the extent any other information is associated or combined with Personal Data, such information also will be considered Personal Data for purposes of this Agreement.

“Processing” or “Process” means any operation or set of operations that is performed upon Personal Data whether or not by automatic means, including collection, recording, organization, storage, access, receipt, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, transmitting, transporting, alignment, combination, blocking, deleting, erasure, destruction, or otherwise handling.

“Processor” has the meaning given to this term in Applicable Data Protection Laws.

“Shared Personal Data” means the Personal Data to be shared between the parties under the Agreement as set out in this Schedule;

“Standard Contractual Clauses” means the 2021 Controller to Controller standard contractual clauses as amended by the UK Addendum and incorporated into this Schedule (and the Agreement) by reference and subject to the additional information and clarifications set out in Appendix 1 to this Schedule.

“UK Addendum” means the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers as approved by the UK Parliament and published by the UK Information Commissioner’s Office (the full text of which is available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf).

“UK Data Protection Law” means the UK Data Protection Act 2018 and the UK GDPR.

“UK GDPR” has the meaning given to this term in section 3 of the UK Data Protection Act 2018.

2. General

2.1 Roles of the Parties. The Parties acknowledge that the Agreement dictates the classification of each Party pursuant to Applicable Data Protection Laws. To the extent applicable, the Parties acknowledge and agree that in relation to the Shared Personal Data, each Party acts as a Controller in its own right.
2.2 Details of Processing. Each Party acknowledges that one party ("Data Discloser") will regularly disclose to the other Party ("Data Receiver") the Shared Personal Data for the Permitted Purposes. For the avoidance of doubt, the Parties have entered into the Agreement solely for the provision of the Services, and the Data Discloser is not making available any Personal Data to the Data Receiver for any consideration, and any such provision of Personal Data to Data Receiver does not constitute a “sale” under any Applicable Data Protection Laws.
2.3 Point of Contact. The appropriate point of contact for Afterpay is [email protected].The appropriate point of contact for the Merchant is set forth in the Afterpay Merchant Hub.

3. Obligations of the Parties

3.1 Compliance with Applicable Data Protection Laws. Each Party must comply with its obligations under the Applicable Data Protection Laws at all times during the term of the Agreement. In particular, each Party must:
(a) ensure that the Shared Personal Data is not irrelevant or excessive with regard to the Permitted Purposes;
(b) ensure that it processes the Shared Personal Data fairly and lawfully during the term of the Agreement;
(c) not sell Shared Personal Data or any dataset derived from Shared Personal Data to any third party;
(d) To the extent necessary under Applicable Data Protection Laws, inform the Data Subjects, on or before the date when that Party commences the processing of their Personal Data, of the purposes for which it will process their Personal Data and to provide all the information that it is obliged to provide under Applicable Data Protection Laws to ensure that the Data Subjects understand how their Personal Data will be processed by that Party, including if Shared Personal Data will be transferred to a third party or other jurisdictions, that fact and sufficient information about such transfer and the purpose of such transfer to enable the Data Subject to understand the purpose and risks of such transfer; and
(e) be responsible for dealing with its own requests from Data Subjects under Applicable Data Protection Laws in relation to the Shared Personal Data and provide such assistance as is reasonably required to enable the other Party to comply with such requests.
3.2 Data Retention. The Data Receiver must not retain or process Shared Personal Data for longer than is necessary to carry out the Permitted Purposes and is responsible for implementing appropriate measures to ensure the Shared Personal Data is destroyed or deleted at the end of such periods; provided, that each Party may continue to retain Shared Personal Data in accordance with any applicable statutory or professional retention periods. Following the deletion of Shared Personal Data, upon request from the Data Discloser, the Data Receiver must notify the Data Discloser that the Shared Personal Data in question has been deleted.
3.3 Offshore Processing. If the Data Receiver discloses Shared Personal Data outside the country of origin for such data, it agrees to comply with all applicable legal and regulatory requirements, including taking all reasonable steps to ensure that the Data Receiver and any overseas recipients do not breach any Applicable Data Protection Laws and regulatory requirements applicable to such Shared Personal Data.
3.3.1 Where a Afterpay Group Affiliate transfers Shared Personal Data subject to UK Data Protection Law to Merchant at a location outside the United Kingdom or the European Economic Area in circumstances where such transfer is not subject to any of the permitted derogations or conditions contained in UK Data Protection Law such that in the absence of the protection for the transferred Shared Personal Data provided pursuant to these Schedule, the relevant transfer would be prohibited by UK Data Protection Law, the applicable Afterpay Group Affiliate (as “data exporter”) and Merchant (as “data importer”) enter into, and agree to be bound by, the Standard Contractual Clauses.
3.3.2 In the event that the Standard Contractual Clauses are amended, replaced and/or superseded from time to time, Merchant and the Afterpay Group must enter into such amended, replaced and/or superseded standard contractual clauses approved by a competent authority as communicated in writing by the Afterpay Group to Merchant.

4. Data Security

4.1 The Data Discloser must only provide the Shared Personal Data to the Data Receiver by using secure methods as agreed between the Parties. Each Party must implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk (taking into account the nature, scope, context, and Permitted Purposes of processing the Shared Personal Data), including from unauthorized or unlawful processing of such Shared Personal Data, or accidental loss or destruction of, or damage to, such Shared Personal Data.
4.2 The Parties must take reasonable steps to ensure the reliability of any employee, agent, or contractor who may have access to Shared Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know and/or access the Shared Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with any applicable laws in the context of that individual’s duties to the Parties, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4.3 Each Party is obliged to ensure that persons authorized to process Shared Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality relating to Shared Personal Data and processing activities covered by the Agreement and this Schedule.

5. Data Security Breach. The Parties must each comply with its obligation under Applicable Data Protection Laws to report a Data Security Breach relating to the Shared Personal Data to the applicable supervisory authority and (where applicable) Data Subjects under Articles 33 and 34 of UK GDPR and must each inform the other Party of any Data Security Breach relating to the Shared Personal Data without undue delay irrespective of whether there is a requirement to notify any supervisory authority or Data Subjects. Without limiting the foregoing, the Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security Breach relating to the Shared Personal Data in an expeditious and compliant manner.

6. Processors. Where the Data Receiver appoints a Processor to process the Shared Personal Data, it must comply with Applicable Data Protection Laws including Article 28 of the UK GDPR and remain liable to the Data Discloser for the acts and/or omissions of the Processor.

7. Disputes with Data Subjects or Supervisory Authority

7.1 In the event of a dispute or claim brought by a Data Subject or a supervisory authority concerning the processing of Shared Personal Data against either or both of the Parties, the parties must inform each other about any such disputes or claims and will cooperate with a view to settling them amicably in a timely fashion.
7.2 Each Party abides by a decision of a competent court of the Data Discloser’s country of establishment or of the supervisory authority.

8. Survival. Any provision of the Schedule that expressly or by implication should come into or continue in force on or after termination of the Agreement to protect the Personal Data will remain in full force and effect.

Appendix 1

UK Addendum to the Standard Contractual Clauses

The tables in Part 1 of the UK Addendum are populated as follows:

Table 1: Parties

The Parties		Exporter (who sends the Restricted Transfer): Afterpay	Importer (who receives the Restricted Transfer): Merchant
Start date		The date of the applicable Order Form under the Agreement
Parties’ details		Please see the applicable Order Form for the details of the Parties.
Key Contact		The appropriate point of contact for Afterpay is [email protected]. The appropriate point of contact for the Merchant is set forth in the Merchant Hub.

Table 2: Selected SCCs, Modules and Selected Clauses

Addendum EU SCCs	This Addendum is appended to the Standard Contractual Clauses as applicable and as incorporated by reference into this Appendix (and the Agreement) with additional details required by the Standard Contractual Clauses as set out below (as the Standard Contractual Clauses may be amended or replaced from time to time by a competent authority under Applicable Data Protection Laws).

Table 3: Appendix Information

“Appendix Information” means the information referenced at (d) and (e) of Exhibit 1 to Appendix 1.

Annex 1A: List of Parties: The Parties are the Afterpay Group Affiliate and Merchant, as set out in each applicable Order Form.

Annex 1B: Description of Transfer: Please see the information referenced below under “Additional Terms and Information Applying to the Standard Contractual Clauses”

Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: Please see the information referenced at (e) in Exhibit 1 to Appendix 1.

Annex III:List of Sub processors (Modules 2 and 3 only): Not required

Table 4: Ending this Addendum when Approved Addendum Changes

Ending this Addendum when the Approved Addendum changes

Which Parties may end this Addendum as set out in Section ‎19 of the UK Addendum:

☐ Importer

☒ Exporter

☐ neither Party

Exhibit 1 to Appendix 1

Additional Terms and Information Applying to the Standard Contractual Clauses

For the purpose of the Standard Contractual Clauses, the applicable Afterpay Group Affiliate (as “data exporter”) and Merchant (as “data importer”) agree that:

(a) Clause 7 (Docking clause) does not apply.
(b) The optional wording in Clause 11 (Redress) relating to an independent dispute resolution body does not apply.
(c) Annex IA must be populated with details of the Parties set out in this Schedule and the Agreement.
(d) Annex IB must be populated by the description of processing of personal data set out in Appendix 2.
(e) Annex II must be populated with the technical and organisational security measures detailed in Appendix 3.

Appendix 2

A. LIST OF PARTIES

Data exporter(s): the Afterpay Group

Data importer(s): Merchant

B. DESCRIPTION OF TRANSFER

The Personal Data that may be transferred between the Parties, including the categories thereof and the purposes intended, are as described in Tables 1(a) and (b) below.

Table 1 (a)

Shared Personal Data provided by you to the Afterpay Group (including Data Subject)	Permitted Purpose
● First name, surname, and mobile number of potential Customers and Customers ● Email address and IP address of potential Customers and Customers	For the purpose of enabling the Afterpay Group to: ● undertake fraud prevention; and, ● on-board the Customer
● First name, surname, and mobile number, email address, billing and shipping address of potential Customers and Customers ● Transaction details, such as product, order ID, token, timestamp, merchant ID, merchant name ● Merchant reference ● Shipping details, such as shipping, courier tracking number, estimated date or time of shipment ● IP address of potential Customers and Customers	For the purpose of enabling the Afterpay Group to: ● Approve or decline an order; and ● Undertake fraud prevention; as is necessary for the purposes of our legitimate interests in establishing any risks in providing our services to our Customer and to prevent, detect and prosecute fraud and other crimes. All of this Personal Data is used as part of our internal fraud risk engine to prevent fraudulent transactions.
● Customer first name, surname, and email address, billing and shipping address ● Purchase and shipping details, such as product order, status, merchant ID, merchant name, shipping address, courier tracking number, and estimated date or time of shipment	For the purpose of enabling the Afterpay Group to: ● Deal with Customer complaints relating to any Purchases made from you or the service we provide to Customers
First name, surname, email address, and contact number of your employees	For the purpose of the Afterpay Group performing its obligations under this Agreement

Table 1 (b)

Shared Personal Data provided by the Afterpay Group to you (including Data Subject)	Permitted Purpose
● Customer billing and shipping address, Shipping option information ● Customer first name, surname, and email address	For the purpose of enabling Merchant to: ● deliver Goods to Customers where Merchant utilises the Clearpay Express Checkout function on their Website; and ● deal with Refunds and/or Purchases and queries from Customers in relation to Refunds and/or Purchases (via the Merchant Portal or otherwise)
First name, surname, email address and contact number of Afterpay Group employees	For the purpose of Merchant performing its obligations under the Agreement

Shared Personal Data provided by the Afterpay Group to you (including Data Subject)

Permitted Purpose

● Customer billing and shipping address, Shipping option information
● Customer first name, surname, and email address

For the purpose of enabling Merchant to:

● deliver Goods to Customers where Merchant utilises the Clearpay Express Checkout function on their Website; and
● deal with Refunds and/or Purchases and queries from Customers in relation to Refunds and/or Purchases (via the Merchant Portal or otherwise)

First name, surname, email address and contact number of Afterpay Group employees

For the purpose of Merchant performing its obligations under the Agreement

Sensitive data transferred

It is not intended for any sensitive data to be transferred between the Parties.

The frequency of the transfer

Shared Personal Data is transferred on a continuous basis as necessary to support the provision and receipt of the Services as between the Afterpay Group and Merchant.

Nature of the processing

The Shared Personal Data transferred will be subject to Processing which has the meaning given to the term in the UK GDPR as updated, amended and replaced from time to time and any associated or national implementing legislation regarding data protection.

Purpose(s) of the data transfer and further processing

Provision of the Services by the Afterpay Group to Merchant pursuant to the Agreement and such other instructions as may be provided by the Afterpay Group from time to time.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

The period set out in the relevant Data Retention policies of the data exporter or as otherwise required by applicable legal obligations.

For transfers to (sub-)processors, also specify subject matter, nature and duration of the processing

The subject matter and the nature of such processing will be as specified above under the headings “Categories of personal data transferred” and “Nature of the processing” respectively. The duration of such processing will be no longer than is reasonably necessary for the purposes of such processing.

Contact points for data protection enquiries:

Data Exporter: [email protected]

Data Importer: As provided by the Data Importer in the Afterpay Merchant Hub

C. COMPETENT SUPERVISORY AUTHORITY

The competent supervisory authority is the U.K. Information Commissioner’s Office.

Appendix 3

TECHNICAL AND ORGANISATIONAL MEASURES

1. FRAMEWORK: The data importer has put in place a variety of technical and organisational security measures to protect Personal Data in line with industry best practices and standards.

2. POLICIES: The data importer is subject to data security requirements set forth in its policies, procedures, standards, and guidelines that define various aspects of required protection for Personal Data, including Information Security Policy, Computer and Network Security Policy, Data Classification Policy, Document Management Policy, Physical Security Policy, Incident Management Policy, Acceptable Use Policy, and IT Infrastructure Physical Security Policy.

3. STAFF EDUCATION, TRAINING AND RESPONSIBILITIES: The data importer provides continuous data privacy and information security education for all relevant employees upon hire and annually thereafter.

4. INCIDENT MANAGEMENT: The data importer maintains documented Business Continuity, Disaster Recovery and Incident Response policies, and procedures to respond to, and document responses to, relevant disruptions and events. The data importer performs testing of these procedures and provides education to relevant staff at least annually.

5. USER ACCESS TO INFORMATION SYSTEMS: The data importer maintains password-based, badge-based, and/or multi-factor authentication mechanisms. The data importer will technically enforce the use of strong, complex passwords for all user accounts with access to the services. The data importer employs role-based access controls and grants the least privilege necessary for job function.

6. PHYSICAL ACCESS CONTROL: The data importer maintains badge-based and role-based physical access controls for all offices and data center locations that house sensitive information. The data importer maintains role-based access controls and full-disk encryption on portable IT assets such as laptops.

7. IT SYSTEM SECURITY: It is the data importer’s policy that business units implement various controls, processes, and standards for safeguarding IT systems, which may include: controls for the prevention, detection, and removal of malicious code, including malware, using approved automated and manual monitoring solutions and countermeasures; processes for identification of technical vulnerabilities and resolution where identified; minimum security requirements in network services agreements; standards for audit trails / logs that record system administrator activity, significant exceptions, and information security events; processes for monitoring key systems for potentially unusual or suspicious activity and investigating exceptions; processes for the timely reporting of information security events or suspected security weaknesses and the development and execution of corrective action plans; system access controls that include user authentication, use of unique identifiers (user ID) and, for remote access, two-factor authentication; and procedures to control the installation of software on operational systems.

8. DATA LEAKAGE/MEDIA HANDLING/CRYPTOGRAPHIC CONTROLS: The data importer maintains a Data Classification Policy which defines acceptable use and required protection mechanisms for various types of sensitive data. The data importer employs data encryption, role-based access controls, network segmentation via firewalls, log/event monitoring, and automated 24/7 incident alerting to minimize the risk of data leakage.

9. THIRD-PARTY SERVICE PROVIDERS: The data importer vets all third-party service providers to ensure that the processing of data by such providers meets the data importer’s vendor security guidelines. Third-party service providers are subject to agreements governing the handling and processing of Personal Data on behalf of the data importer.

10. STORAGE AND TRANSMISSION OF PERSONAL DATA: Personal Data is to be kept only for as long as is necessary in accordance with the data importer’s Data Policy and relevant local laws and regulations. The data importer must utilise strong encryption protocols to protect data during transmission and storage.

11. DISPOSAL OF PERSONAL DATA: When Personal Data is no longer required for business, legal, or regulatory obligations, the data importer securely destroys the data. Hard-copy materials are destroyed by: cross-cut shredding, pulping, incineration, or other methods with reasonable assurance that the material cannot be reconstructed. Sensitive data on electronic media must be rendered unrecoverable (e.g., via a secure wipe program in accordance with industry-accepted standards for secure deletion, or by physically destroying the media).

Definitions

Capitalized terms in this Agreement not otherwise defined above have the following meanings:

Accepted for Refund has the meaning set out in Section 5.2 of these Scheme Rules.

Affiliate means a person or entity that directly, or indirectly through one or more intermediaries, controls or is controlled by, or is under common control with the respective Party. For the purposes of this agreement, control means ownership (directly or indirectly) of at least 50% either (i) of the voting shares or similar voting instruments or the combined voting power in an entity or association or the power to direct or cause the direction of the general management or policies of an entity or (ii) the total value of all stock, capital interest, or profits interest in such entity or association.

Afterpay means the Afterpay Group entity or entities, as applicable, that are a party to an Order Form.

Afterpay Button Integration means an alternative ecommerce integration to the Direct API integration that generates a unique single load, single use virtual Visa card for every transaction and provides the PAN card details to the merchant through their existing checkout process.

Afterpay Card Services means the Afterpay Services which allow Customers to pay for Goods via Virtual Card using the Extended Repayment Feature in Store.

Afterpay Gateway means the Afterpay electronic payment gateway system, which allows participating merchants to offer Customers the Extended Repayment Feature.

Afterpay Group means, collectively, each Afterpay entity that is party to an Order Form.

Afterpay Group Intellectual Property means Intellectual Property owned by or licensed to the Afterpay Group, including, the domain name www.afterpay.com or other domains owned or controlled by the Afterpay Group, the Cash App Licensed Property and Technology, and other similar intellectual property or proprietary rights and materials identified by the Afterpay Group for use in its Services or on the Website but excluding any Intellectual Property owned by you and licensed by you to the Afterpay Group pursuant to this Agreement and any applicable Order Form.

Afterpay Group Software means the software owned by, or licensed to, the Afterpay Group for use in connection with the Services and provided to you pursuant to this Agreement.

Afterpay Interchange Fee means the Interchange Fees we may receive on Afterpay Purchases processed using a Virtual Card.

Afterpay Merchant Hub means the online interface provided to you by us in relation to the Afterpay Services which is accessible via our Website.

Afterpay Purchase means a purchase by a Customer of any Goods via your Website or Store using the Extended Repayment Feature for the amount specified in the Approval Confirmation.

Afterpay Services means our provision of the Extended Repayment Feature to you for the use of your Customers as set out in an Order Form, including access to the Afterpay Gateway and the Afterpay Merchant Hub.

Agreement has the meaning set out in Section 1 of these Scheme Rules.

Applicable Law means (i) all applicable national, federal, state , local, and administrative laws, rules, regulations, codes and codes of conduct, interpretations, any regulatory requirements set by any regulator or statutory authority including consumer protection laws, tax laws, data protection, or privacy laws, Gramm Leach-Bliley Act, anti-spam or unsolicited electronic communication laws, rules, and regulations; (ii) the by-laws, rules, regulations, operating letters and policies, operating manuals, and cardholder data security standards of the payment card networks; (iii) all data security standards and programs established by the Payment Card Industry Data Security Standards Council relating to, among other things, transactions, cards or in any other way applicable to this Agreement; and (iv) any applicable rule or requirement of the National Automated Clearinghouse Association, as any or all of the foregoing may be amended, revised or replaced from time-to-time in each jurisdiction that this Agreement or the Services are relevant to.

Approval Confirmation means electronic notice from us to you that a Purchase has been approved by us.

“AU BNPL Code” means the Code of Practice for Buy Now Pay Later Providers that is available at https://www.afia.asn.au/bnpl-code

Authorization Amount has the meaning set out in Section 4.2(ii)(c) of these Scheme Rules.

Authorization Validity Period means, in relation to a Purchase using a Virtual Card, the period between the date of Purchase and the maximum capture period applied by the Card Schemes to such Purchase, unless a longer period has been agreed with our PSP.

Brand Management Materials means the brand assets (owned or licensed), electronic banners, lightboxes, website integration, point of sale materials, marketing guidance and any other marketing, advertising and promotional materials that the Afterpay Group provides to Merchants from time to time.

Business Day means a day other than a Saturday, Sunday, or bank holiday in the applicable Order Form region.

CAP Interchange Fee means the Interchange Fees we may receive on Cash App Purchases using a Virtual Card.

Card Scheme means the VISA and Mastercard card schemes accepted by us and their published rules for your merchant category code.

Cash App means the application-based financial platform provided by us through which Customers can send peer-to-peer payments, store funds, order physical and virtual debit cards, purchase and store bitcoin, and obtain financial rewards using products or features within the application.

Cash App Button Integration means an integration to use the CAP Services via a Cash App Button Integration as described in Service Schedule 2 (Cash App Pay Services) of these Scheme Rules.

Cash App Developer Portal is defined in the Cash App Pay Program Rules.

Cash App Gateway means the Cash App electronic payment gateway system, which allows participating merchants to offer Customers Cash App Pay.

Cash App Licensed Property and Technology means Intellectual Property licensed to the Afterpay Group, including the trademarks, copyrights, trade secrets, patents, proprietary technology, or other intellectual property related to Cash App, Cash App Pay, and any Services as defined herein. For the avoidance of doubt, “proprietary technology” includes amongst others Cash App Pay, platforms, and APIs used to implement the Services, as well as all current and future Intellectual Property rights that are developed by the Afterpay Group which may be capable of protection including materials, documentation, software, systems, code, patents, copyright, trademarks, designs, trade names, business names, domain names, and logos that are owned or acquired by the Afterpay Group.

Cash App Pay Program Rules means the Program Rules found at https://developers.cash.app/docs/api/resources/program-rules

Cash App Pay Service or CAP Services means our provision of Cash App Pay to you through the Cash App Gateway, including access to the Cash App Developer Portal.

Cash App Purchase means a purchase by a Customer of any Goods via your Website or Store using Cash App for the amount specified in the Approval Confirmation.

Chargeback means the reversal of a Purchase Amount to a Customer, by the Customer's issuing bank, in relation to a Purchase disputed by a Customer because: (i) the Purchase Amount was unauthorised, fraudulent, or illegal; (ii) you failed to Deliver the Goods in accordance with the agreement between the Customer and you, the Card Schemes and/or any Applicable Laws; or (iii) it did not comply with the Card Schemes.

Competing Payment Service means: (a) for Afterpay Services, any "buy now, pay later" or "pay by installments" electronic payment system, any service that allows customers to borrow money to fund purchases, or any other consumer finance service; and (b) for Cash App Pay Services, any consumer finance service that supports instant payments to third parties, including digital wallets and pay-by-bank checkout services, but excluding mobile wallet services, and in both cases, excluding any such services offered by Visa, Mastercard or American Express in the applicable Order Form region.

Compliance Documentation means the documentation we require from you to verify you in accordance with our internal risk and compliance procedures and/or applicable AML Laws, which will be provided to you or made available on our Website. “AML Laws” means for the United Kingdom, the Money Laundering and Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and for New Zealand, the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

Confidential Information means the terms of the Agreement, trade secrets, or proprietary business information, and any information (of whatever form and nature) disclosed by a Party to the other Party, but Confidential Information does not include information which: (i) at the time of the first disclosure to a Party, was already in the lawful possession of the receiving Party; (ii) is in or comes into the public domain other than by disclosure in breach of the Agreement (iii) becomes available to a Party legitimately from any other third-party source that is legally entitled to that information; or (iv) was independently developed by employees or agents of the receiving Party who had no access to any Confidential Information.

Cross Border Trade has the meaning set out in Section 4.2 of Service Schedule 1 (Afterpay Services).

Customer means a person who buys Goods from you via your Website or Store using a Product.

Customer Payment has the meaning set out in Section 3.5 of Service Schedule 1 (Afterpay Services) to these Scheme Rules.

Data Protection Schedule means the Data Protection Schedule that form part of these Scheme Rules.

Decline Confirmation means electronic notice from us to you that a Purchase has been declined by us.

Debit Authorization means the direct debit instruction and authorization you provide us during your onboarding process for each region which authorizes us to arrange for funds to be debited from your bank account held at your financial institution.

Delivered means, in the case of Goods that are goods, delivered or provided at purchase; in the case of Goods that are standalone services, supplied; and in the case of Goods that are services requiring ongoing access, the provision of continuous access to such services; Delivery and Deliver have corresponding meanings.

Direct API Integration means integration with the Services through our payments API endpoint.

Extended Repayment Feature means the payment financing options provided by Afterpay to your Customers, to facilitate the sale of Goods by you on your Website or in your Stores.

Feedback has the meaning set out in Section 7.4 of these Scheme Rules.

Fees are defined in Section 4.1(iii) of these Scheme Rules.

Force Majeure means, to the extent it is beyond the reasonable control of that party, any act of God, lightning, storm, flood, collapse of building, fire, earthquake, explosion, cyclone, tidal wave, landslide, or adverse weather conditions; act of public enemy, war (declared or undeclared), terrorism, sabotage, revolution, riot, strike, insurrection, or epidemic or pandemic; and embargo, power, or water shortage.

FSMA has the meaning set out in Section 15(ii)(A) of these Scheme Rules.

Gateway means the Afterpay Gateway or Cash App Gateway, as applicable, which allows participating merchants to offer Customers the Product(s).

Goods means the item(s) or service(s) supplied by you to a Customer who elects to use a Product to purchase those items or services.

Insolvency Event means an event where one Party (i) voluntarily or involuntary (and such involuntary petition or proceeding is not dismissed within sixty (60) days) commences (or is the subject of, as the case may be) any proceeding or files any petition seeking relief under domestic or foreign bankruptcy, insolvency, liquidation, or similar law or proceedings, (ii) applies for or consents to the appointment of a receiver, trustee, custodian, sequestrator, or similar official for such other Party or for a substantial part of its property or assets, (iii) makes a general assignment for the benefit of creditors, (iv) commences the winding up or liquidation of its business or affairs (including ceasing a substantial portion of its business that alters its operations), (v) takes corporate action for the purpose of effecting any of the foregoing, or (vi) suffers a material adverse change in business where the other Party reasonably believes that the first Party will not be able to perform its obligations under the Agreement.

Intellectual Property means all (i) trademarks, service marks, trade names, logos, and other commercial and product designations including other indications of origin, and all goodwill associated therewith and all applications, registrations, and renewals associated with the foregoing; (ii) inventions, discoveries and ideas (whether patentable or unpatentable and whether or not reduced to practice), and all patents, patent rights, applications for patents (including divisions, continuations, continuations-in-part and renewal applications), and any renewals, extensions, or reissues thereof; (iii) trade secrets, know-how, Confidential Information, and other proprietary rights and information; (iv) copyrights and works of authorship, whether copyrightable or not, and all applications, registrations, renewals, and extensions in connection therewith (whether presently available or subsequently available as a result of intervening legislation); (v) domain names; (vi) databases; and (vii) other similar intellectual property or proprietary rights and materials.

Interchange Fees means the fees and other expenses charged by the issuing bank of the applicable Virtual Card, as reported to us by the issuing bank.

Live Date means the date on which a customer first makes a Purchase using a Service (as applicable) under an Order Form.

Merchant Portal means the Afterpay Merchant Hub and/or the Cash App Developer Portal (as applicable).

Monthly Default Rate means, at any point in time, the total value of losses we incur for Customer non-payment of Purchases occurring on your Website(s) or in your Store(s) as applicable in a single calendar month for which the Customer’s payments to us are overdue divided by the total value of Purchases occurring on your Website(s) or in your Store(s) as applicable during that calendar month.

Order Form means an order form signed by a Merchant entity and Afterpay Group entity to access the Services under these Scheme Rules.

Payment Date means: (i) for Purchase Amounts and Fees, up to five (5) Business Days following the date of the Purchase or following your capture of such funds in accordance with your technical integration, as applicable; and (ii) for Refund Amounts, including Shipping Costs, the Business Day following the day on which the Goods are Accepted for Refund and you enter the refund of the Goods to the Afterpay payment type.

Preferred Placement means that our logo is displayed in comparable size to, or larger than, above (when featured top-to-bottom), or to the left of (when featured left-to-right) that of any Competing Payment Service.

Processing Fees means any amount payable by you to your PSP in connection with the relevant Purchase in respect of fees, including card network fees, Interchange Fees, acquiring fees, and other relevant scheme fees related to your receipt of the Purchase Amount via your PSP.

Product means the Extended Repayment Feature or Cash App, as applicable.

PSP means payment service provider.

Purchase means an Afterpay Purchase and/or a Cash App Purchase, as applicable.

Purchase Amount means, in respect of each Purchase, the relevant

Sale Price plus any Shipping Costs.

Refund means a partial or whole refund of the Sale Price for any Goods Accepted for Refund or of any related Shipping Costs.

Refund Amount means the amount that you agree to Refund to a Customer for Goods Accepted for Refund according to your policies or other amount that you agree to refund to a Customer.

Regulated Materials has the meaning set out in Section 15(ii)(A) of these Scheme Rules.

Relevant Requirements has the meaning set out in Section 15(i) of these Scheme Rules.

Reserve has the meaning set out in Section 3.6 of these Scheme Rules.

Restricted Goods means: (i) for Afterpay Services, as set out in Service Schedule 1 (Afterpay Services) - Attachment 1 to these Scheme Rules; and (ii) for Cash App Pay, as set out in the Merchant Use Policy within the Cash App Pay Program Rules.

Return means the return of any Goods to you by a Customer in connection with a Purchase (and other than a return of Goods by the Customer for the purposes of an exchange, the grant of store credit or for repair) initiated by the Customer.

Sale Price means the purchase price including all applicable Taxes of the Goods supplied by you.

Services means the Afterpay Services and/or the CAP Services, as applicable under each Order Form.

Service Term is defined in each Order Form.

Shipping Costs means any fees, costs, or expenses charged by you to a Customer for the Delivery of Goods purchased using a Product to a location in the applicable jurisdiction.

Store(s) means the physical locations from which you supply the Goods, or conduct transactions for the supply of the Goods, in each applicable Order Form region.

Store Personnel means your employees that are employed in your Stores and are likely to communicate with Customers regarding the Services as set forth in any Order Form.

Supplementary Terms means any additional or varied terms agreed between the Parties to in relation to these Scheme Rules.

Tax or Taxes means any taxes, including sales, use, value-added, goods and services, consumption, or other similar taxes, withholding taxes (including backup withholding), income, gross receipts, ad valorem, property, unclaimed property, escheat, franchise, transfer, stamp, or any other duties, levies, fees, excises, or tariffs imposed by any federal, state, foreign, provincial, or local governmental taxing authority, whether disputed or not, and including any penalties, interest, fine, surcharge, or additions to tax.

Tax Authority means any taxing, revenue, or other authority (in any jurisdiction) competent or responsible for imposing, administering, regulating, or collecting any Tax.

Unauthorized Capture Amounts has the meaning set out in Section 4.2(ii)(d) of these Scheme Rules.

Virtual Card has the meaning set out in Section 4.2(ii)(a) of these Scheme Rules.

Virtual Card Interchange Fee means the Afterpay Interchange Fee or CAP Interchange Fee, as applicable.

Website(s) means: (i) for you or your Affiliates, any electronic retail sales facility, including any website, mobile, or tablet sites or applications, owned and operated by you, including the websites listed on each respective Order Form; and (ii) for us and our Affiliates, any website, mobile, or tablet sites or applications, owned and operated by us.

Scheme Rules

Afterpay Services

Restricted Goods

Cross Border Trade

Recurring Payments

Cash App Pay Services

Data Protection

Definitions

Categories

Service Schedule 1: Afterpay Services - Attachment 1 (Restricted Goods)

All regions

Support

Information

Apps

Social Media

Resources

Location