Common use of Merchant’s use of a Technical Service Provider Clause in Contracts

Merchant’s use of a Technical Service Provider. a. The Merchant may utilise third parties to perform certain the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s use of such a person (each such a party known as a “Technical Service Provider”). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder data on the Merchant’s behalf, regardless of the manner or duration of such activities; ii. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv. at PayPal’s discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s failure to comply with the provisions set out in this paragraph 5, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card Agreement upon the Merchant breaching this paragraph 5.

Merchant’s use of a Technical Service Provider. a. The Merchant may utilise third parties to perform certain the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s use of such a person (each such a party known as a “Technical Service Provider”). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. 1. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder Cardholder data on the Merchant’s behalf, regardless of the manner or duration of such activities; ii2. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii3. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv4. at PayPal’s discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s failure to comply with the provisions set out in this paragraph 57, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card Agreement upon the Merchant breaching this paragraph 57. PayPal uses services from third parties to process card transactions. The relevant card agreements are located at xxxxx://xxx.xxxxxx.xxx/hk/webapps/mpp/ua/ceagreement- full?locale.x=en_HK (Commercial Entity Agreement for PayPal Payment Card Funded Processing Services). 1. How the Fraud Protection works a. The Fraud Protection is made available to you as a fraudulent transaction management tool to help you screen potentially fraudulent transactions based on the settings you adopt in the Fraud Protection. The tool allows you to set filter rules, i.e. to instruct us about which transactions the tool shall decline on your behalf based on abstract criteria. In order to use the Fraud Protection, you must follow our instructions to actively turn on the Fraud Protection. b. We may provide tips regarding what filters and settings in the Fraud Protection to use that may be appropriate for your business. These suggestions take into account your past transaction history. c. Notwithstanding the above, it is your responsibility to determine, and set the final filter rules.

Merchant’s use of a Technical Service Provider. a. The 1. Merchant may utilise utilize third parties to perform certain of the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s 's use of such a person (each such a party known as a “"Technical Service Provider”"). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. 2. If the Merchant is permitted to utilise utilize a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. 3. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. a. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder Cardholder data on the Merchant’s 's behalf, regardless of the manner or duration of such activities; ii. b. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii. c. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s 's services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv. d. at PayPal’s 's discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. 4. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s 's failure to comply with the provisions set out in this paragraph 5, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card the Agreement upon the Merchant breaching this paragraph 5. PayPal uses services from WorldPay and Global Payments/HSBC Bank as Acquiring Institutions in processing card transactions. One of the agreements set out in this schedule will apply in relation to a card transaction, depending on which Acquiring Institution processes the transaction. This Commercial Entity User Agreement for PayPal Payment Card Funded Processing Services (“Commercial Entity Agreement” or “CEA”) is provided to all PayPal Users that are Commercial Entities (as defined by Visa Europe, Visa Inc, Visa International, MasterCard Worldwide, UK Maestro, Solo and/or International Maestro (together the "Associations")) and open a Premier or Business Account (such use of such accounts collectively termed the “Premier/Business Service”). Each such PayPal User is hereby referred to as “Merchant” and may be referred to herein as “you” and/or “your”. This CEA constitutes your separate legally binding contract for credit and debit card processing for PayPal transactions between you and the WorldPay entity (as defined below) and its Affiliate(s) (collectively, the “Acquirer”). For the purpose of this CEA, “WorldPay Entity” shall mean (a) WorldPay (UK) Limited if Merchant is based in Europe; and/or (b) The Royal Bank of Scotland N.V. if Merchant is based in Singapore and/or Hong Kong; and/or (c) The Royal Bank of Scotland PLC if Merchant is based in the United States. For the purpose of this CEA, “Affiliate(s)” shall mean the financial institution(s) domiciled in the same Association region as you are domiciled in for Association purposes and which Acquirer has formed a relationship with in accordance with Association requirements to allow the processing of card transactions the identity of which you can obtain on contacting PayPal. In accordance with the provisions of this CEA, Acquirer may terminate its provision of credit and debit card processing services and enforce any of the provisions of Merchant’s PayPal Payment Processing Agreement (also known as the PayPal User Agreement) (“PPA”), agreed by and between Merchant and PayPal. In this CEA “we”, “us” and “our” refer to Acquirer. Merchant agrees to the terms and conditions of this CEA. Merchant further agrees that this CEA forms a legally binding contract between Merchant and Acquirer. This Commercial Entity Agreement may be amended at any time by us via PayPal posting a revised version of the CEA on the PayPal website(s). The revised version will be effective at the time PayPal posts it. If we propose to change this CEA in a substantial manner, we will provide you with at least 30 days' prior notice of such a change by posting notice on the "Policy Updates" page of PayPal's web site(s). After this 30 days' notice, you will be considered as having expressly consented to all amendments to the CEA. If you disagree with those proposed amendments, you may close your account before the expiry of such 30 day period in accordance with the terms of the PPA and this CEA will terminate on the closure of your account. For the purpose of the CEA a change to this CEA will be considered to be made in a “substantial manner” if the change involves a reduction to your rights or increases your responsibilities.

Merchant’s use of a Technical Service Provider. a. The Merchant may utilise third parties to perform certain the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s use of such a person (each such a party known as a “Technical Service Provider”). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. 1. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder Cardholder data on the Merchant’s behalf, regardless of the manner or duration of such activities; ii2. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii3. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv4. at PayPal’s discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s failure to comply with the provisions set out in this paragraph 57, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card Agreement upon the Merchant breaching this paragraph 57. PayPal uses services from third parties to process card transactions. The relevant card agreements are located at xxxxx://xxx.xxxxxx.xxx/hk/webapps/mpp/ua/ceagreement- full?locale.x=en_HK (Commercial Entity Agreement for PayPal Payment Card Funded Processing Services). 1. How the Fraud Protection works a. The Fraud Protection is made available to you as a fraudulent transaction management tool to help you screen potentially fraudulent transactions based on the settings you adopt in the Fraud Protection. The tool allows you to set filter rules, i.e. to instruct us about which transactions the tool shall decline on your behalf based on abstract criteria. In order to use the Fraud Protection, you must follow our instructions to actively turn on the Fraud Protection. b. We may provide tips regarding what filters and settings in the Fraud Protection to use that may be appropriate for your business. These suggestions take into account your past transaction history. c. Notwithstanding the above, if you use Fraud Protection, it is your responsibility to determine, and set the final filter rules.

Merchant’s use of a Technical Service Provider. a. The 1. Merchant may utilise mayutilize third parties to perform certain of the Merchant obligations set out in this Schedule with our express written consent which may contain maycontain conditions as to the Merchant’s 's use of such a person (each such a party known partyknown as a “"Technical Service Provider”"). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. 2. If the Merchant is permitted to utilise utilize a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with complywith the provisions relating to data and information security as securityas set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to theyapplyto storing, processing or transmitting cardholder data to PayPal. c. 3. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. a. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder Cardholder data on the Merchant’s 's behalf, regardless of the manner or duration of such activities; ii. b. provide satisfactory evidence satisfactoryevidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii. comply with any requirements c. complywith anyrequirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s 's services, hardware or software and obtaining any required anyrequired end user consents for transmission of data through the Technical Service Provider; and iv. d. at PayPal’s 's discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. 4. The Merchant agrees that it is solely responsible solelyresponsible for the relationship with the Technical Service Provider and any data anydata transmitted or made available to the Technical Service Provider. The Merchant’s 's failure to comply with complywith the provisions set out in this paragraph 5, or the failure of the Technical Service Provider or gateway processor gatewayprocessor to register and/or comply with complywith the applicable data security requirements may result securityrequirements mayresult in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card immediatelyterminate the Agreement upon the Merchant breaching this paragraph 5. PayPal uses services from WorldPayand Global Payments/HSBC Bank as Acquiring Institutions in processing card transactions. One of the agreements set out in this schedule will applyin relation to a card transaction, depending on which Acquiring Institution processes the transaction. This Commercial Entity User Agreement for PayPal Payment Card Funded Processing Services (“Commercial Entity Agreement” or “CEA”) is provided to all PayPal Users that are Commercial Entities (as defined by Visa Europe, Visa Inc, Visa International, MasterCard Worldwide, UK Maestro, Solo and/or International Maestro (together the "Associations")) and open a Premier or Business Account (such use of such accounts collectively termed the “Premier/Business Service”). Each such PayPal User is herebyreferred to as “Merchant” and maybe referred to herein as “you” and/or “your”. This CEAconstitutes your separate legallybinding contract for credit and debit card processing for PayPal transactions between you and the WorldPayentity(as defined below) and its Affiliate(s) (collectively, the "Acquirer"). For the purpose of this CEA, “WorldPay Entity” shall mean (a) WorldPay(UK) Limited if Merchant is based in Europe; and/or (b) The Royal Bank of Scotland N.V. if Merchant is based in Singapore and/or Hong Kong; and/or (c) The Royal Bank of Scotland PLC if Merchant is based in the United States. For the purpose of this CEA, “Affiliate(s)” shall mean the financial institution(s) domiciled in the same Association region as you are domiciled in for Association purposes and which Acquirer has formed a relationship with in accordance with Association requirements to allow the processing of card transactions the identityof which you can obtain on contacting PayPal. In accordance with the provisions of this CEA, Acquirer mayterminate its provision of credit and debit card processing services and enforce anyof the provisions of Merchant’s PayPal Payment Processing Agreement (also known as the PayPal User Agreement) (“PPA”), agreed byand between Merchant and PayPal. In this CEA“we”, “us” and “our” refer to Acquirer. Merchant agrees to the terms and conditions of this CEA. Merchant further agrees that this CEAforms a legallybinding contract between Merchant and Acquirer. This Commercial Entity Agreement maybe amended at anytime xxxx via PayPal posting a revised version of the CEAon the PayPal website(s). The revised version will be effective at the time PayPal posts it. If we propose to change this CEAin a substantial manner, we will provide you with at least 30 days' prior notice of such a change byposting notice on the "Policy Updates" page of PayPal's web site(s). After this 30 days' notice, you will be considered as having expresslyconsented to all amendments to the CEA. If you disagree with those proposed amendments, you mayclose your account before the expiryof such 30 dayperiod in accordance with the terms of the PPAand this CEAwill terminate on the closure of your account. For the purpose of the CEAa change to this CEAwill be considered to be made in a “substantial manner” if the change involves a reduction to your rights or increases your responsibilities.

Merchant’s use of a Technical Service Provider. a. The 1. Merchant may utilise mayutilise third parties to perform certain of the Merchant obligations set out in this Schedule with our express written consent which may contain maycontain conditions as to the Merchant’s 's use of such a person (each such a party known partyknown as a “"Technical Service Provider”"). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. 2. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with complywith the provisions relating to data and information security as securityas set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to theyapplyto storing, processing or transmitting cardholder data to PayPal. c. 3. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. a. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder Cardholder data on the Merchant’s 's behalf, regardless of the manner or duration of such activities; ii. b. provide satisfactory evidence satisfactoryevidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii. comply with any requirements c. complywith anyrequirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s 's services, hardware or software and obtaining any required anyrequired end user consents for transmission of data through the Technical Service Provider; and iv. d. at PayPal’s 's discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. 4. The Merchant agrees that it is solely responsible solelyresponsible for the relationship with the Technical Service Provider and any data anydata transmitted or made available to the Technical Service Provider. The Merchant’s 's failure to comply with complywith the provisions set out in this paragraph 5, or the failure of the Technical Service Provider or gateway processor gatewayprocessor to register and/or comply with complywith the applicable data security requirements may result securityrequirements mayresult in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card immediatelyterminate the Agreement upon the Merchant breaching this paragraph 5. PayPal uses services from WorldPayand Global Payments/HSBC Bank as Acquiring Institutions in processing card transactions. One of the agreements set out in this schedule will applyin relation to a card transaction, depending on which Acquiring Institution processes the transaction. This Commercial Entity User Agreement for PayPal Payment Card Funded Processing Services (“Commercial Entity Agreement” or “CEA”) is provided to all PayPal Users that are Commercial Entities (as defined by Visa Europe, Visa Inc, Visa International, MasterCard Worldwide, UK Maestro, Solo and/or International Maestro (together the "Associations")) and open a Premier or Business Account (such use of such accounts collectively termed the “Premier/Business Service”). Each such PayPal User is herebyreferred to as “Merchant” and maybe referred to herein as “you” and/or “your”. This CEAconstitutes your separate legallybinding contract for credit and debit card processing for PayPal transactions between you and the WorldPayentity(as defined below) and its Affiliate(s) (collectively, “the Acquirer”). For the purpose of this CEA, “WorldPay Entity” shall mean (a) WorldPay(UK) Limited if Merchant is based in Europe; and/or (b) The Royal Bank of Scotland N.V. if Merchant is based in Singapore and/or Hong Kong; and/or (c) The Royal Bank of Scotland PLC if Merchant is based in the United States. For the purpose of this CEA, “Affiliate(s)” shall mean the financial institution(s) domiciled in the same Association region as you are domiciled in for Association purposes and which Acquirer has formed a relationship with in accordance with Association requirements to allow the processing of card transactions the identityof which you can obtain on contacting PayPal. In accordance with the provisions of this CEA, Acquirer mayterminate its provision of credit and debit card processing services and enforce anyof the provisions of Merchant’s PayPal Payment Processing Agreement (also known as the PayPal User Agreement) (“PPA”), agreed byand between Merchant and PayPal. In this CEA“we”, “us” and “our” refer to Acquirer. Merchant agrees to the terms and conditions of this CEA. Merchant further agrees that this CEAforms a legallybinding contract between Merchant and Acquirer. This Commercial Entity Agreement maybe amended at anytime xxxx via PayPal posting a revised version of the CEAon the PayPal website(s). The revised version will be effective at the time PayPal posts it. If we propose to change this CEAin a substantial manner, we will provide you with at least 30 days' prior notice of such a change byposting notice on the "Policy Updates" page of PayPal's web site(s). After this 30 days' notice, you will be considered as having expresslyconsented to all amendments to the CEA. If you disagree with those proposed amendments, you mayclose your account before the expiryof such 30 dayperiod in accordance with the terms of the PPAand this CEAwill terminate on the closure of your account. For the purpose of the CEAa change to this CEAwill be considered to be made in a “substantial manner” if the change involves a reduction to your rights or increases your responsibilities.

Merchant’s use of a Technical Service Provider. a. The Merchant may utilise third parties to perform certain the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s use of such a person (each such a party known as a “Technical Service Provider”). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. Prior to, or from the appointment of a Technical Service Provider, the Merchant Xxxxxxxx agrees to: i. 1. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder Cardholder data on the Merchant’s behalf, regardless of the manner or duration of such activities; ii2. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii3. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv4. at PayPal’s discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s failure to comply with the provisions set out in this paragraph 57, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card Agreement upon the Merchant breaching this paragraph 57.

Merchant’s use of a Technical Service Provider. a. The Merchant may utilise third parties to perform certain the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s use of such a person (each such a party known as a “Technical Service Provider”). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. 1. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder data on the Merchant’s behalf, regardless of the manner or duration of such activities; ii2. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii3. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv4. at PayPal’s discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s failure to comply with the provisions set out in this paragraph 5, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card Agreement upon the Merchant breaching this paragraph 5.

Merchant’s use of a Technical Service Provider. a. The Merchant may utilise third parties to perform certain the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s use of such a person (each such a party known as a “Technical Service Provider”). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. 1. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder Cardholder data on the Merchant’s behalf, regardless of the manner or duration of such activities; ii2. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii3. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv4. at PayPal’s discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s failure to comply with the provisions set out in this paragraph 57, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card Agreement upon the Merchant breaching this paragraph 57. Schedule 2 – Bank Agreement‌ PayPal uses services from third parties to process card transactions. The relevant card agreements are located at /legalhub/ceagreement-full (Commercial Entity Agreement for PayPal Payment Card Funded Processing Services). Schedule 3 – Fraud Protection Terms‌ 1. How the Fraud Protection works a. The Fraud Protection is made available to you as a fraudulent transaction management tool to help you screen potentially fraudulent transactions based on the settings you adopt in the Fraud Protection. The tool allows you to set filter rules, i.e. to instruct us about which transactions the tool shall decline on your behalf based on abstract criteria. In order to use the Fraud Protection, you must follow our instructions to actively turn on the Fraud Protection. b. We may provide tips regarding what filters and settings in the Fraud Protection to use that may be appropriate for your business. These suggestions take into account your past transaction history. c. Notwithstanding the above, if you use Fraud Protection, it is your responsibility to determine, and set the final filter rules.

Merchant’s use of a Technical Service Provider. a. The Merchant may utilise third parties to perform certain the Merchant obligations set out in this Schedule with our express written consent which may contain conditions as to the Merchant’s use of such a person (each such a party known as a “Technical Service Provider”). To be eligible for consent, each Technical Service Provider must (among other things) be registered with the applicable Card Association. b. If the Merchant is permitted to utilise a Technical Service Provider, the Merchant agrees and will procure that the Technical Service Provider will comply with the provisions relating to data and information security as set out in this Schedule (including, without limitation, PCI DSS requirements) as they apply to storing, processing or transmitting cardholder data to PayPal. c. Prior to, or from the appointment of a Technical Service Provider, the Merchant agrees to: i. 1. notify PayPal in writing of the details of the Technical Service Provider that engages in, or proposes to engage in, the processing, storing or transmitting of cardholder data on the Merchant’s behalf, regardless of the manner or duration of such activities; ii2. provide satisfactory evidence to PayPal that the Technical Service Provider is registered with the applicable Card Association; iii3. comply with any requirements of the Technical Service Provider including, without limitation, complying with any requirements relating with respect to the Technical Service Provider’s services, hardware or software and obtaining any required end user consents for transmission of data through the Technical Service Provider; and iv4. at PayPal’s discretion, provide PayPal with permission to register the Merchant with the relevant Technical Service Provider (as required). d. The Merchant agrees that it is solely responsible for the relationship with the Technical Service Provider and any data transmitted or made available to the Technical Service Provider. The Merchant’s failure to comply with the provisions set out in this paragraph 5, or the failure of the Technical Service Provider or gateway processor to register and/or comply with the applicable data security requirements may result in fines or penalties which the Merchant is liable for. PayPal may immediately terminate this Card Agreement upon the Merchant breaching this paragraph 5. PayPal uses services from third parties to process card transactions. The relevant agreement is located at xxxxx://xxx.xxxxxx.xxx/al/webapps/mpp/ua/ceagreement-full?locale.x=en_AL (Commercial Entity Agreement for PayPal Payment Card Funded Processing Services). 1. How the Fraud Protection works 1. The Fraud Protection is made available to you as a fraudulent transaction management tool to help you screen potentially fraudulent transactions based on the settings you adopt in the Fraud Protection. The tool allows you to set filter rules, i.e. to instruct us about which transactions the tool shall decline on your behalf based on abstract criteria. In order to use the Fraud Protection, you must follow our instructions to actively turn on the Fraud Protection. 2. We may provide tips regarding what filters and settings in the Fraud Protection to use that may be appropriate for your business. These suggestions take into account your past transaction history. 3. Notwithstanding the above, if you use Fraud Protection, it is your responsibility to determine, and set the final filter rules.