TERMS AND CONDITIONS FOR ALERT SERVICES | chargebackhit.com

TERMS AND CONDITIONS FOR ALERT SERVICES

Last updated:

Version 1.0, August 2025

RECITALS

(A) WHEREAS, the Client wishes to engage CBH for the provision of Software-as-a-Service (SaaS) Services as described herein.

(B) WHEREAS, CBH has agreed to supply the said services on the terms set out in these Terms and Conditions.

NOW, THEREFORE, the Parties hereto agree and covenant as follows:

1. CONDITIONS PRECEDENT

1.1. The following shall be the condition precedent for CBH to start rendering the Services:

1.1.1. The Client has completed the Self-Registration process via the Website and successfully created an Account;

1.1.2. The Client has accepted these Terms and Conditions by checking the box during Self-Registration process;

1.1.3. The Client has completed the Self-Onboarding process via the Dashboard.

1.2. If the Client becomes incompliant with any of the conditions precedent set out in clause 1.1, CBH shall have the right to suspend rendering Services until the Client is compliant again.

1.3. In consideration of the Fees and subject to the Client’s conformity with the Terms and Conditions, CBH shall render Services as set out in these Terms and Conditions.

2. SERVICES

2.1. CBH shall render the Services selected and activated via the Dashboard by the Client.

2.2. The change in Applicable Laws may affect CBH’s ability to provide and Client’s ability to receive the Services.

2.3. CBH is authorised to suspend rendering the Services as necessary to conduct maintenance, upgrade, repair and/or provide other necessary attention to CBH’s Technical Solution, servers or equipment. CBH will have reasonable discretion to determine when to suspend Services and shall give the 5 days notice on such suspension via e-mail or Dashboard.

2.4. Without derogating from any other right available to CBH under these Terms and Conditions, Applicable Laws or otherwise, based on risk management considerations or where required to comply with the Applicable Law CBH, in its sole discretion, has the right to suspend the Services in any jurisdiction at any time and for any period of time.

2.5. CBH reserves the right to use third-party service providers in rendering any of the Services to the Client. CBH shall exercise reasonable care while choosing the provider. CBH accepts no liability for the provision of the Services by any third party.

2.6. As a Software-as-a-Service (SaaS) provider, CBH does not verify or modify the information and provide services “as-is”. CBH provides a technical solution allowing the Client to transfer information between the Client and the Acquirer (and other third-party service providers, if applicable).

3. SELF-REGISTRATION AND SELF-ONBOARDING

3.1. The Client subscribes to the Services by completing the Self-Registration process available on the Website. Upon successful registration, an Account is created, and access to the Services is granted through the Client’s Dashboard.

3.2. The onboarding process is conducted through the Dashboard and requires the submission of certain personal data, as outlined in the Data Processing Agreement, as well as information regarding your website, products, payment service provider (PSP), and any other relevant details requested during onboarding. The provision of such information is necessary to enable the activation of the Services.

3.3. The Client shall ensure that all information provided during registration and onboarding is accurate, complete, and kept up to date. The CBH reserves the right to suspend or terminate the Client’s access to the Services in case of false, misleading, or incomplete information.

3.4. The Client shall provide valid billing details during onboarding and authorize the CBH to charge the applicable Fees. The Client acknowledges that certain features or Services may not be available until a valid payment method has been provided.

3.5. The Client is solely responsible for maintaining the confidentiality of its login credentials (“Access Information”) and for all activities that occur under its Account. The CBH shall not be liable for any loss or damage arising from unauthorized use of the Account.

3.6. The Client must ensure that the email address associated with its Account remains active and capable of receiving notifications. Failure to maintain an accurate email address does not release the Client from its obligations under these Terms and Conditions.

3.7. Where available, the Client may use supported third-party authentication methods (such as Google SSO) to access the Dashboard.

4. FEES AND PAYMENT TERMS

4.1. The Client shall pay the Fees defined and published on the CBH’s official pricing page at https://chargebackhit.com/pricing/, unless otherwise agreed by the Parties. The Fees shall be confirmed by an invoice (or an electronic invoice) issued by CBH on a weekly basis.

4.2. CBH shall have the right, for its sole discretion, to issue the invoice to Client if the Fees exceed USD 300 (or an equivalent). This does not restrict CBH to issue the invoice on the weekly basis as per clause 4.1.

4.3. Interest shall accrue on any unpaid invoice owed by the Client to CBH at the rate of 10% per week. CBH also will be entitled at any time to suspend providing Services.

4.4. The Client is solely responsible for providing the CBH with complete, accurate, and up-to-date billing and contact information.

4.5. By submitting credit card details or connecting a payment processing service, the Client authorizes the CBH to charge the applicable Fees to the designated payment method for the Services provided. The Client further represents and warrants that they are duly authorized to use the specified payment method and that all payment information submitted is accurate and complete.

4.6. All payments shall be processed in USD. The Client shall bear any currency conversion costs or additional fees imposed by their payment provider or card issuer.

4.7. In the event of any concern or dispute regarding a transaction, the Client shall promptly contact the CBH. The CBH will endeavor to investigate and resolve such issues in a timely and efficient manner.

4.8. All payments made by Client to CBH are non-refundable. Payment made by Client to CBH confirms the Client’s agreement with the Fees defined in the invoice.

4.9. CBH may, at its sole discretion, require the Client to provide a deposit in an amount equivalent to the anticipated monthly volume of Services (the “Deposit Amount”). The Deposit Amount may be adjusted from time to time based on the actual volume of Services consumed in the preceding month. For the avoidance of doubt, the Deposit Amount shall not constitute a payment for the Services but shall serve as a reserve fund to ensure Client’s ability to cover the applicable Fees.

4.10. In the event that CBH is unable to successfully process the Fees for the Services through the provided payment method, CBH shall be entitled to apply all or part of the Deposit Amount toward the outstanding Fees. Any such application shall not relieve the Client from payment obligations nor prejudice any of CBH’s rights under these Terms. Following any such application of the Deposit Amount, Client shall be obliged to replenish the Deposit Amount to its original level within seven (7) days. Failure to do so may result in suspension or termination of the Services, as applicable, in accordance with these Terms.

4.11. All fees payable to CBH under these Terms and Conditions are exclusive of value added tax and any additional or other taxes, charges or duties which may be imposed in connection with any and all payments made or due hereunder and shall, if applicable, be borne by the Client. In case value added tax or any other sales tax is or becomes chargeable (retroactively or going forward) in accordance with applicable laws, CBH shall add such amount to the Fees accordingly.

4.12. Any fees or amounts paid by the Client, whether directly or by way of set-off, deduction or otherwise, to Acquirers or other third-party service providers, shall not affect nor derogate from Client’s obligation to pay all the Fees due to CBH hereunder.

4.13. Any repayment of funds to the End User for the execution of the Transaction (as a result of the Chargeback or otherwise) is subject to the following terms:

(a) the Client is solely responsible for repayment of funds, on the terms indicated in the agreement with the Acquirer (and/or other service providers (if any)); and

(b) the Fees charged by CBH in relation to execution of such Transaction is not to be returned to the Client.

4.14. The Client shall meet all costs associated with its compliance with the Applicable Law.

5. AMENDMENTS

5.1. CBH shall have the right to change any of the Services and any provision of the Terms and Conditions, including but not limited, with regards to Clause 4 of the Terms and Conditions.

5.2. The updated version of the Terms and Conditions shall be published on the Website.

5.3. The Client is solely responsible for regularly reviewing the Website, including the Terms and Conditions and the Pricing Page, to remain informed of any updates. Continued use of the Services after such changes are published shall constitute acceptance of the amended Terms and Conditions.

5.4. If the Client does not accept the amendments, it may terminate the Services by deactivating its Account before the changes become effective. If the Client continues using the Services after such date, the amendments shall be deemed accepted and binding.

6. PROHIBITED ACTIONS

6.1. It is prohibited to the Client to:

6.1.1. Use the Services in a way that infringes Applicable Laws, good practices, rights of third parties, or the policies of the Acquirers.

6.1.2. Use the Services to handle the Transactions on the websites and in IT environments that were not previously approved by CBH.

6.1.3. Use the Services to process notifications received not via the Technical Solution.

6.1.4. Fail to protect the data relating to its End Users, which is collected and stored by the Client against unauthorised access. The Client shall immediately notify CBH if the Client reasonably believes that there has been any security breach including but not limited to instances of unauthorised access or attempt to access Transaction data or sensitive End User data, where there is a suspected or confirmed damage, loss or theft of Transaction data or sensitive End User data.

6.1.5. Take actions or omissions that may expose CBH to credit risk, risk of fraud, breach of duties related to anti-money laundering and terrorist financing or other statutory obligations or a sudden increase of risk (assessed under the procedures adopted by CBH based on the Identifying Information and other information available).

6.1.6. Take any actions, as a result of which the Technical Solution or any part of CBH’s infrastructure will be negatively affected.

6.1.7. Engage in misleading or deceptive conduct nor to use Services itself or permit others to use the Services for any improper, immoral, or unlawful purposes.

7. DATA PROTECTION

7.1. Personal data processing in connection with these Terms and Conditions shall be governed by Schedule В, which forms an integral part of the Terms and Conditions.

7.2. The Client agrees to receive commercial and marketing information from CBH.

8. REPRESENTATIONS AND WARRANTIES

8.1. The Client warrants to CBH that:

8.1.1. At the date of these Terms and Conditions, it has full power and lawful authority to execute and deliver these Terms and Conditions and to perform its obligations under these Terms and Conditions.

8.1.2. It is duly organised and validly existing under the laws of its domicile and has the legal capacity and corporate authority to own its property and carry on its business as now conducted and is not in breach of its by-laws.

8.1.3. It is in all material respects in compliance with and has at all times been, and is not in material default or violation in any respect of any Applicable Law.

8.1.4. There is no action, suit or proceeding at law or in equity now pending or, to the best of its knowledge, threatened by or against or affecting the Client which would impair its right to carry on its business as now conducted or affect its financial conditions or operations or its ability to perform the obligations required under these Terms and Conditions.

8.1.5. Any and all information and documentation provided by the Client is true, accurate, complete and updated and no information, document or statement provided or made available are untrue, false, incorrect, incomplete or misleading.

8.2. Each party warrants, represents, covenants and agrees that it has knowledge of all applicable Anti–Corruption Laws and that neither it nor any of its officers, directors, employees, agents, contractors, designees, ultimate beneficial owners or shareholders, nor any other party acting on its behalf, will directly or indirectly take any action that would constitute a violation of the Anti–Corruption Laws with respect to any activities related to any business for CBH or the Client. Each party warrants, represents, covenants and agrees that neither it nor any of its direct or indirect Representatives has or will pay, offer, promise to pay or authorize the payment of, offer or promise to pay, directly or indirectly, any monies or anything else of value to any current or former official, political party or official of a political party, or any candidate for public office in connection with these Terms and Conditions. Each party acknowledges that, for purposes of these Terms and Conditions, an “official” is (i) any officer or employee of a government or any department, agency or instrumentality of a government, (ii) any officer or employee of a public international organization such as the United Nations or the World Bank, (iii) any individual acting in an official capacity for or on behalf of a government agency, department, instrumentality or of a public international organization, (iv) any officer or employee of a company owned or controlled by a government or (v) any member of a royal family who may lack formal authority but who may otherwise be influential, including by owning or managing state–owned or controlled companies. Each party represents and warrants that all representations, warranties and covenants set forth in this clause are truthful and accurate. Each party shall notify the other party in writing immediately upon the occurrence of any event which would render the representations, warranties or covenants contained herein incorrect. If, in good faith, CBH believes that any action under these Terms and Conditions will likely cause a violation of the Anti–Corruption Laws, nonperformance shall be excused and these Terms and Conditions may be terminated at CBH’s option.

8.3. Each party warrants, represents, covenants and agrees that it will comply at all times with all applicable laws, rules, regulations, decrees and prohibitions of whatsoever nature relating (a) to the sale, export or transfer of items or (b) to transactions of any kind with restricted or embargoed countries or territories, restricted or blocked persons or restricted or blocked entities (together, “Embargoed Targets”), including, without limitation, those of the United States, Switzerland and the European Union or its member states ((a) and (b) together, the “Sanctions Laws”).  Each party warrants, represents and covenants that (c) it is not located, organized under, ordinarily resident in or acting on behalf of an Embargoed Target and (d) that it is not an Embargoed Target and is not owned or controlled by an Embargoed Target, as defined either expressly or substantively, by the Sanctions Laws.  Each party warrants, represents and covenants that it is not aware of any reason why it should be named on any list identifying Embargoed Targets maintained by implementing authorities of, without limitation, the United States, Switzerland or the European Union or member states thereof (together, “Lists”), as such Lists may be amended from time to time.  Each party agrees that it shall not (e) sell, directly or indirectly, resell or deliver any good, software or technology to an Embargoed Target, (f) transport any such item on any vessel or other carrier that is owned, operated, flagged or chartered by an Embargoed Target or (g) broker, finance or otherwise facilitate any sale or resale of any such item or transaction that would cause a violation of any Sanctions Law.  Each party agrees that it will provide immediately to the other party all information, including, without limitation, information concerning end customer, transit and final destination, shipping and intended end–use, to enable an assessment of compliance with the Sanctions Laws. If, in good faith, CBH believes that any action under these Terms and Conditions will likely cause a violation of the Sanctions Laws, nonperformance shall be excused and these Terms and Conditions may be terminated at CBH’s option. 

8.4. Each Party undertakes that it shall not for the term of the Terms and Conditions and for a period of 2 years thereafter on its own behalf, or on behalf of any person directly or indirectly, canvass, solicit or endeavour to entice away from the other Party any person who has at any time during the term of the Terms and Conditions been employed or engaged by that Party.

8.5. If any of those representations and warranties may be affected at any time from the date of these Terms and Conditions, immediately, but no later than in 5 (five) Business Days, the Client shall inform CBH on any changes, including regarding the Client Information, in particular changes regarding its legal form, address, bank data, significant changes in the privacy policy or terms and conditions of delivery of Goods.

8.6. Except as expressly stated in these Terms and Conditions, no representation, inducement or warranty was, prior to the execution of these Terms and Conditions, given or made by one of the Parties hereto with the intent of inducing the other Party to enter into these Terms and Conditions, and any representations, inducements or warranties that may have been so given are hereby denied and negated.

9. LIABILITY

9.1. Neither Party (or either of its affiliates, directors, officers, employees, contractors or representatives) shall be liable for special, incidental or consequential damages or lost profits (however arising, including negligence) arising out of or in any way relating to these Terms and Conditions, even if there was prior notice of the possibility of such damage arising.

9.2. In no event shall CBH or its affiliates, directors, officers, employees, contractors, or representatives be liable for an amount exceeding any amounts paid to CBH under these Terms and Conditions in the 6 (six) months preceding the occurrence of facts that first give rise to any liability hereunder. The existence of more than one claim or event from which liability arises will not enlarge this aggregate limitation. This aggregate limit is a single, global limit that applies to CBH.

9.3. Neither CBH, nor its affiliates, directors, officers, employees, contractors, or representatives shall bear contractual or non-contractual liability for any delay or failure to perform its obligations under these Terms and Conditions to the extent that the delay or failure is caused by any of the following:

9.3.1. failure, interruption, infiltration or corruption of any hardware, software or other telecommunications or data transmission system; or

9.3.2. CBH’s belief that the Transaction is unauthorised or fraudulent or poses a security risk.

9.4. The Client shall during the term of these Terms and Conditions and after its termination continue to bear responsibility for the Chargebacks and other penalties, fees, and adjustments resulting in any way from receiving Services and all other amounts then due or which thereafter may become due under these Terms and Conditions.

9.5. Any compensation claim for faults or damages must be presented in writing by the Client to CBH within 60 (sixty) days after the occurring of the alleged fault or damage. Otherwise the claim shall be considered invalid.

10. INDEMNIFICATION

10.1. Client agrees to defend, indemnify and hold CBH harmless from any claim or demand (including reasonable legal fees) made or incurred by any third party due to or arising out of:

(a) Client’s breach of these Terms and Conditions;

(b) Client’s improper use of the Services;

(c) Client’s negligence or willful misconduct, and/or

(d) Client’s violation of Applicable Laws or the rights of a third party.

11. REMEDIES

11.1. Each Party agrees that breach of these Terms and Conditions will give rise to irreparable injury for which:

(a) money damages may not be a sufficient remedy for any breach of these Terms and Conditions by such Party;

(b) the other Party may be entitled to specific performance and injunction and other equitable relief with respect to any such breach;

(c) such remedies will not be the exclusive remedies for any such breach, but will be in addition to all other remedies available at law or in equity; and

(d) in the event of litigation relating to these Terms and Conditions, if a court of competent jurisdiction determines in a final non-appealable order that one Party, or any of its representatives, has breached these Terms and Conditions, such Party will be liable for reasonable legal fees and expenses incurred by the other Party in connection with such litigation, including, but not limited to, any appeals.

12. INTELLECTUAL PROPERTY

12.1. CBH or its licensors own the Proprietary Information.

12.2. Except as expressly stated herein, these Terms and Conditions does not transfer any right, title or interest in the Services or the Proprietary Information to the Client.

12.3. The Client acknowledges that the unauthorised use or release of the Proprietary Information or any part thereof, except as provided herein, would result in damages to CBH, which could not be adequately compensated for in damages by monetary award.

12.4. CBH grants to the Client a limited, revocable, non-exclusive, non-transferable, worldwide right to use the Services and the Proprietary Information, solely for the Client’s own internal business purposes and subject to the terms of these Terms and Conditions.

12.5. The Client acknowledges that it is prohibited from any use, reproduction, decompilation, reverse engineering, modification or distribution of any Proprietary Information that is not expressly authorised in these Terms and Conditions. The Client may not sell, resell, assign or otherwise transfer rights to CBH Services or any Proprietary Information.

13. CONFIDENTIALITY

13.1. Each Party agrees to maintain all Confidential Information of the other Party in confidence to the same extent that it protects its similar confidential information and to use such Confidential Information only as permitted under the Terms and Conditions. Each Party agrees to take all reasonable precautions to prevent any unauthorised disclosure or use of the Confidential Information of the other Party including, without limitation, disclosing such Confidential Information only to its employees or contractors with a need to know and who are parties to appropriate agreements sufficient to comply with this section.

13.2. The obligation of confidentiality shall extend for a period of three years after the termination of these Terms and Conditions, but shall not apply with respect to information that lawfully becomes a part of the public domain, or of which the Parties gained knowledge or possession free of any confidentiality obligation.

14. GOVERNING LAW AND DISPUTE RESOLUTION

14.1. These Terms and Conditions shall be governed by the Applicable Law. Each Party to these Terms and Conditions irrevocably agrees that the courts of England shall have exclusive jurisdiction to hear, settle and/or determine any dispute, controversy or claim (including any non-contractual dispute, controversy or claim) arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, formation or termination. For these purposes, each Party irrevocably submits to the jurisdiction of the English courts.

15. ENTIRE AGREEMENT

15.1. These Terms and Conditions represents the entire understanding of the Parties concerning the subject matter hereof and supersedes any other prior or contemporaneous agreements or understandings, whether written or oral.

15.2. If any provision of the Terms and Conditions is found by a proper authority to be unenforceable or invalid, such unenforceability or invalidity shall not affect the other provisions of these Terms and Conditions, and these Terms and Conditions shall be construed as if such unenforceable or invalid provision had never been contained herein.

16. ASSIGNMENT

16.1. These Terms and Conditions will bind and inure to the benefit of each Party’s permitted successors and assigns.

16.2. Partner may not assign the rights and obligations under these Terms and Conditions without the written consent of CBH.

16.3. CBH may assign the rights and obligations under these Terms and Conditions.

17. NOTICES

17.1. All communication, notices or reports permitted or required under these Terms and Conditions shall be delivered via:

(a) the Dashboard; or

(b) the email address provided by the Client during the Self-Registration process.

17.2. The Client is solely responsible for maintaining an accurate and functioning email address and for regularly reviewing the Dashboard for updates. 

17.3. Any notice shall be deemed received

(a) upon publication in the Dashboard; or

(b) as of the date the email is sent, unless the sender receives a bounce-back or error message indicating failed delivery.

18. EXECUTION

18.1. By completing Self-Registration or using the Services, you confirm that you’ve read, understood, and agreed to these Terms and Conditions. If you do not accept and agree with these Terms and Conditions, you are not authorized to use any of the Services. The Client cannot contest the validity or enforceability of these Terms and Conditions, including under any applicable statute of frauds, because it was accepted in electronic form.

18.2. For the avoidance of doubt the performance of the Services, including activation of any product via the Dashboard, shall constitute the Client’s acceptance of these Terms and Conditions. Further may inter alia confirm the Client’s acceptance to these Terms and Conditions:

(a) completing integration with CBH through the Technical Solution;

(b) starting receiving Services through the Technical Solution;

(c) payment of the Fees by the Client to CBH for the Services; and

(d) other activities, conducted by the Client and/or CBH, reflecting the performance of these Terms and Conditions.

19. TERM AND TERMINATION

19.1. The term of these Terms and Conditions shall commence on the Effective Date and shall continue until terminated by either Party.

19.2. Without derogating from the aforesaid, CBH may terminate these Terms and Conditions immediately:

(a) if the Client fails to perform any obligation required under these Terms and Conditions and does not remedy such breach within 5 (five) days from a written request to such effect made by CBH;

(b) if CBH reasonably suspects or believes that the Client is using the Services in connection with any unauthorised, dishonest or criminal activities or upon notice from the Card Schemes that the Client is suspended or violated any of their rules;

(c) if CBH is required to do so by any Card Schemes or regulatory authority.

(d) If the Client becomes insolvent, fails to pay its debts due to CBH, makes a general assignment for the benefit of creditors, commences procedures for voluntary winding up, suffers or permits the appointment of a receiver for its business assets, or is wound up or liquidated, voluntary or otherwise.

19.3. In case the Terms and Conditions is terminated by any Party, all Fees due to CBH under the Terms and Conditions shall become payable the day before such termination of the Terms and Conditions.

19.4. The Client may terminate its use of the Services at any time by disenrolling of MID in its account via the Dashboard. Termination shall take effect immediately upon such deactivation.

19.5. Any termination of these Terms and Conditions shall not relieve the Client from any liability arising prior to the termination of these Terms and Conditions.

20. NO AGENCY

20.1. It is agreed and understood that either Party is not the agent or representative of the other Party and has no authority or power to bind or contract in the name of or to create any liability against the other Party in any way or for any purpose. Nothing contained herein shall be construed to create a partnership or joint venture between the Parties.

21. EXPENSES

21.1. Notwithstanding any other provision in these Terms and Conditions to the contrary, in no event will CBH be obligated to pay any expenses, fees, costs or other amounts to any subcontractor, person, or entity under these Terms and Conditions.

22. NO WAIVER

22.1. No failure or delay by either Party in enforcing any provision of these Terms and Conditions will be deemed a waiver of such Party’s ability to enforce the same provision of these Terms and Conditions at a future date. 

23. FORCE MAJEURE

23.1. The Parties shall not be responsible for any failure to perform its obligations under these Terms and Conditions if such failure is caused by acts of God, war, terrorism, civil insurrection, acts of militia or military, strikes, revolutions, lack or failure of transportation or communications facilities, changes to the Applicable Law, or other causes that are beyond Parties’ reasonable control. In the event of such a failure, Parties’ obligations shall be suspended until such time as the cessation of all causes of such failure.

24. SURVIVAL

24.1. The following sections shall survive termination of these Terms and Conditions: Intellectual Property, Confidentiality, Term and Termination, and Definitions, as well as any other terms which by their nature should survive termination of these Terms and Conditions.

SCHEDULE A TO THE ALERT SERVICES TERMS AND CONDITIONS
INTERPRETATIONS AND DEFINITIONS

1. INTERPRETATIONS

1.1. In these Terms and Conditions, unless the context otherwise requires:

(a) headings are for convenience only and do not affect the interpretation of these Terms and Conditions;

(b) words denoting the singular include the plural and vice versa;

(c) a reference to a person includes a reference to any individual or legal entity and any governmental authority;

(d) if the numeric and literal versions of a number differ – the literal version shall have precedence;

(e) a reference to a specific Clause, Subsection, Annex, Schedule or Preamble is a reference to the applicable Clause, Subsection, Annex, Schedule or Preamble hereof;

(f) references to any law or normative act shall include any changes, amendments, supplements or substitutions of such law or normative act (in whole or in part);

(g) a reference to any agreement or document is a reference to that agreement or document as may be amended, novated, supplemented, extended or restated, however, to the exclusion of any amendments and supplements made in breach of these Terms and Conditions; and

(h) a reference to a party to any document (including to these Terms and Conditions) includes that party’s successors and permitted assigns.

2. DEFINITIONS

Acquirermeans a bank or other third-party financial institution, which has a contractual relationship with the Client, in connection with which it enables the Parties to accept payments by End Users and receive value in relation to such payments.
Terms and Conditionsmeans the respective Terms and Conditions entered into on the date stated on the first page of the respective Schedule by and between CBH and the Client.
Anti–Corruption Lawsmeans the U.S. Foreign Corrupt Practices Act (“FCPA”) and any other applicable anti–bribery and anti–corruption laws and regulations, including, without limitation, any laws intended to implement the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, signed in Paris on December 17, 1997 (the “OECD Convention”).
Applicable Lawmeans the Law of England and Wales. Where context requires, the Applicable Law shall include Card Scheme Rules, Anti-Corruption Laws, Data Protection Laws, any transnational, domestic or foreign federal, state or local law (statutory, common or otherwise), constitution, treaty, convention, ordinance, code, rule, regulation, order, injunction, judgment, decree, ruling or other similar requirement enacted, adopted, promulgated or applied by a respective governmental authority that is binding upon or applicable to Parties, as amended unless expressly specified otherwise.
Business Daymeans each day on which the banks are open for business in Cyprus.
BINmmeans the Bank Identification Number (BIN) that is used to clear and settle the transaction within Card Schemes and the country in which it is licensed for use.
CAIDmeans the Card Acceptor ID which is a numeric string that identifies a store location or transaction point and is provided by the Client’s Acquirer.
Cardmeans a credit, debit, pre-paid, charge or purchase or other card issued by a Card Scheme and any other cards in relation to which CBH is able and has agreed to provide the Services (as notified by CBH to the Client from time to time).
Cardholdermeans a person or an entity:
(a) to whom the Card is issued and whose name is embossed or imprinted on the face of the Card, and/or
(b) other authorised user of the Card.
Card Scheme Rulesmeans the rules of Card Schemes (in particular MasterCard and/or Visa), which regulate the use of their trademarks, processing of the Transactions, the refunds and Chargebacks requirements for the Cards’ acceptance on the Internet, etc. Information on the rules of Card Schemes is available on their public websites.
Card Schemesmeans Visa, MasterCard, American Express, JCB, Diners, Discover and/or such other organisation governing the issuance and use of Cards including, but not limited to their respective members, as may be approved and notified by CBH to the Client in writing from time to time.
Chargebackmeans any End User charge, which is identified as being invalid or non-collectable after initial acceptance, on account of fraud, lost, cancelled, unissued, or invalid account identification, an unresolved End User complaint, or other cause.
Identifying Informationmeans all information reasonably requested by CBH and provided by the Client necessary for the KYC processes with Acquirers and proper provision of the Services.
Confidential Informationmeans the information, including the Proprietary Information, about existence of these Terms and Conditions, its pecularities, and relations between the Parties and any information or material:
(a) cconcerning these Terms and Conditions, either Party’s internal business, employees, policies and/or actual or potential customers; or
(b) which derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by other persons who can obtain economic value from its disclosure or use.
Provided, however, that the Confidential Information excludes any information or material:
(a) which is or subsequently becomes to the general public other than through a breach by the receiving Party;
(b) which is already known to the receiving Party before disclosure by the disclosing Party;
(c) which is independently developed by the receiving Party without use or reference to the Confidential Information of the other; or or
(d) which the receiving Party rightfully receives from third parties without restriction as to use or disclosure.
Dashboardmeans the secure online interface provided via the Website, through which the Client may manage its Account, configure settings, provide required onboarding information, and access the Services.
Data Controllermeans Client
Data Processormeans CBH
Data Protection Lawsmeans all applicable laws, statues, regulations, ordinances, codes, rules, guidance, orders or any other legal entitlement issued by any governmental body governing the collection, use, transfer, and disclosure of Personal Data, including, if applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Effective Datemeans the date when the Terms and Conditions are accepted during the Self Registration process.
End Usermeans:
(a) the Cardholder, and/or
(b) another person who makes a payment for Goods to Client.
Feesmeans the consideration payments under these Terms and Conditions that are paid by Client to CBH and that are defined in Website Pricing Page.
Goodsmeans Client’s products and/or services that are sold or agreed to be sold in connection with a Transaction and which have been approved by CBH (Goods shall also include, but is not limited to, the payment flow, terms of use, business model, nature of business, projected monthly turnover, average and maximum Transaction’s amount, geo and other terms and conditions of the sale of Goods).
H2H payment flowmeans the payment flow, where the collection of Transaction’s data is done and controlled by Client via its technical solution, which is compliant with PCI DSS.
Issuermeans the bank or other financial institution that has a contractual relationship with the Cardholder and that issues the Cards to the Cardholders.
Limitsmeans certain Chargeback, fraud or other limits (ratios), as updated from time to time, that Card Schemes may impose.
MIDmeans merchant identification number, a unique code assigned to a respective merchant account provided to Client by its payment service provider.
Partiesmeans CBH and the Client.
PCI DSSmeans Payment Card Industry Data Security Standards as released from time to time by the Security Standards Council.
Proprietary Informationmeans all right, title and interest, including without limitation any patent, copyright, design, trade name, trademark, service mark or other intellectual property right (whether registered or not) including without limitation ideas, concepts, know-how, techniques, designs, specifications, drawings, blueprints, tracings, diagrams, models and other information relating to any such intellectual property and other intellectual property rights, in and in relation to the Services and all components used in the provision thereof, including without limitation, the Technical Solution, any software delivered to the Client, any technology embodied or implemented in the Services, any computer code provided by CBH for the Client’s websites and computer networks, business methods, business processes, website designs, graphics, text, content, trade names, trade secrets and know-how, and all documentation in relation to the foregoing, used in the provision of the Services.
Representativesmeans the beneficial owners, principals, officers, authorized representatives, and employees.
Self-Onboardingmeans the process by which the Client independently submits the required onboarding information through the Dashboard, and activates the selected Services, without the need for manual review, approval, or intervention by the CBH.
Self-Registrationmeans a self-registration process by which the Client creates an Account in the CBH’s Website, including acceptance of these Terms and Conditions and the Fees as published on the Website pricing page entered into between the Client and the CBH.
Servicesmeans a complex of technical and organizational chargeback prevention services that enable a Client to resolve Cardholder’s billing disputes directly, before they are escalated to Chargebacks, through Technical Solution.
Sub-Processormeans the third party that may process personal data on behalf of Data Processor’s obligations under the Terms and Conditions. Data Processor shall ensure that Sub-Processors comply with substantially same obligations as Data Processor under these Terms and Conditions. Data Processor remains responsible at all times for compliance with the terms of these Terms and Conditions.
Technical Solutionmeans a technical solution offered by CBH to the Client for the purpose of facilitating Transactions by the transfer of information between the Client and the Acquirer (and other third-party service providers, if applicable). Technical Solution includes technical platform (including its designs), manner of integration between the Client and CBH, collection of Card and/or other Transaction data, processing them to obtain appropriate authorization, and sending the authorized Transaction data, same as the data on requested Chargebacks, for the settlement.
Transactionmmeans any payment by a Card or refund for payment of Goods sold to End Users by the Client, regardless whether the Transaction is approved or declined.
Threatening Conditionmmeans the Client’s conduct including, without limitation, transmitting harmful, inaccurate or incomplete data to CBH and/or its partners or contractors, poses a threat to the systems, services, equipment, processes or intellectual property of CBH and/or its partners or contractors.
Websitemeans website(s), domain(s), sub-domain(s) and IT environments owned and operated by the Client where the Client accepts or states that it will accept, Transactions through the Technical Solution in relation to Goods which are purchased by End Users; the initial Website(s) being those which have been presented to and approved by CBH, together with any future Website(s) presented to and approved by CBH.
Website Pricing Pagemeans the web page located at https://chargebackhit.com/pricing/, where the standard Fees applicable to the Services are published and periodically updated by the CBH.

SCHEDULE B TO THE ALERT SERVICES TERMS AND CONDITIONS
DATA PROCESSING AGREEMENT

This Data Processing Agreement (the “DPA”), presented below is the part of the Terms and Conditions between the Client (the “Data Controller”) and the Provider (the “Data Processor”) that has the reference to this DPA and form an integral part of the Terms and Conditions.

1. DEFINITIONS

The following definitions shall apply in this DPA in addition to other defined in the Terms and Conditions; and, for the avoidance of doubt, in the event of any inconsistency or conflict, the applicable special definitions below shall supersede and/or amend the definitions in the Terms and Conditions.

Data Controllermeans the party that has authority over the processing of Personal Data, determining the purpose for its use and the manner that it is processed.
Data Processormeans the party that processes Personal Data on behalf of, and under the instruction of, the Data Controller.
Data Protection Authoritymeans the official body that ensures compliance with the Data Protection Laws within its applicable jurisdiction.
Data Subjectmeans the directly or indirectly identified or identifiable person to whom the Personal Data relates.
Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
Data Protection Lawsmeans all applicable laws, statues, regulations, ordinances, codes, rules, guidance, orders or any other legal entitlement issued by any governmental body governing the collection, use, transfer, and disclosure of Personal Data, including, if applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Employeesmeans employees, officers, consultants, suppliers, freelancers and individual subcontractors.
Personal Datameans any information regulated by Data Protection Laws, including information concerning an identified or identifiable individual, such as, name, address, age, gender, email address, etc., that is processed by the Data Processor on behalf of the Data Controller as a result of, or in connection with, the provision of the Services under the Terms and Conditions .
Processingmean either any activity that involves the use of Personal Data or as the Data Protection Laws may otherwise define processing, processes or process. It includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. Processing also includes transferring Personal Data to third parties.
Standard Contractual
Clauses (“SCC”)		means contractual clauses established by the European Commission concerning the international transfer of Personal Data, as set out in the Annex to Commission Implementing Decision (EU) 2021/914 of 04 June 2021.
Sub-Processormeans the third party that may process personal data on behalf of Data Processor’s obligations under the Terms and Conditions. Data Processor shall ensure that Sub-Processors comply with substantially same obligations as Data Processor under these Terms and Conditions. Data Processor remains responsible at all times for compliance with the terms of these Terms and Conditions.


2. GENERAL PROVISIONS

2.1. The Client attests that it is the Data Controller of Personal Data within the meaning of the Data Protection Laws and the Provider determines that it will be acting as a Data Processor in respect of the Personal Data that is the subject of the Terms and Conditions.

2.2. Personal data processing shall be entrusted to the Data Processor for the purposes and period of the performance of the Terms and Conditions and/or until no further processing is required by the Terms and Conditions or Applicable Law.

2.3. The subject matter, duration, nature and purpose(s) of the processing of Personal Data, as well as type of Personal Data and categories of Data Subjects are specified in Annex A.

2.4. The Data Processor shall refrain from processing Personal Data that is beyond the scope set forth in Annex A.

2.5. In case the Data Processor receives additional information that is not needed to fulfil the Terms and Conditions, it must inform the Data Controller immediately and stop the processing of the additional Personal Data.

3. INSTRUCTIONS

3.1. The Data Processor shall process the Personal Data only on instructions from the Data Controller and for no other purpose than the purpose(s) defined in Annex A.

3.2. The Data Processor shall inform the Data Controller if, in its opinion, an instruction infringes the Data Protection Laws. The processing of the Personal Data required in said instruction shall be delayed.

3.3. If the Data Processor is required to transfer Personal Data to a law enforcement agency, it shall inform the Data Controller of that legal requirement before processing the Personal Data, unless that law prohibits such information on important grounds of public interest.

4. TECHNICAL AND ORGANISATIONAL MEASURES

4.1. The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk before starting to process Personal Data.

4.2. In assessing the appropriate level of security, the Data Processor shall take into account the risks that are presented by Processing Person Data, in particular risks arising from a Data Breach.

4.3. The Data Processor undertakes to ensure the security of Personal Data entrusted for personal data processing in accordance with the Data Protection Laws and industry practices, in particular, to formulate and apply appropriate documentation and procedures for personal data processing, as well as technical, informational and legal security measures, as required by the Data Protection Laws, including inter alia:

4.3.1. the pseudonymisation and encryption of personal data;

4.3.2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

4.3.3. the ability to restore the availability and access to personal data in a timely manner in the event of technical problems or any other incident;

4.3.4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of personal data processing.

4.4. The Data Processor or its representative shall maintain a record (in writing or electronic form) of all categories of processing activities carried out on behalf of the Data Controller, containing:

4.4.1. the name and contact details of the Data Processor or its Sub-Processors and of the Data Controller, and, where applicable, of the Data Controller’s or the Data Processor’s representative, and the data protection officer;

4.4.2. the categories of Personal Data processing carried out on behalf of the Data Controller;

4.4.3. where applicable, transfers of Personal Data to a third country or an international organisation, including the identification of that third country or international organisation and including, where applicable, the documentation of suitable safeguards;

4.4.4. where possible, a general description of the technical and organisational security measures.


4. TECHNICAL AND ORGANISATIONAL MEASURES

5.1. The Data Processor shall ensure that all Employees with access to the Personal Data, are legally bound by confidentiality obligations during and after the termination of the DPA, including after the termination of their employment and/or other contractual arrangements with the Data Processor.

5.2. The Data Processor shall provide access to Personal Data to its Employees on a need-to-know basis only and shall make sure that the Employees are aware and compliant with the DPA, Data Controller’s written instructions and the Data Protection Laws.

5.3. The Data Processor shall keep records of persons authorised for Personal Data processing.

5.4. The Data Processor shall train its Employees involved in the processing of the Personal Data to comply with the Data Protection Laws and with the requirements established in this DPA.

6. SUB-PROCESSORS

6.1. Data Controller authorizes Data Processor to appoint (and permit each Sub-Processor appointed in accordance with this clause 6 to appoint) Sub-Processors in accordance with this clause 6 and any restrictions in the Terms and Conditions.

6.2. The Data Controller hereby grants general written authorization to the Data Processor to engage an additional or replace existing Sub-Processors for the processing of the Personal Data under the Terms and Conditions. Upon request of the Data Controller, the Data Processor will provide a list of such Sub-Processors. The Data Controller has the right to object to any Sub-Processor. The objection shall be made by written communication within 10 business days after receipt of requested list of Sub-Processors. The Data Processor shall use reasonable efforts to replace the Sub-Processor.

6.3. Where the Data Processor engages Sub-Processors, the Data Processor shall ensure that Sub-Processors comply with data protection obligations compatible with those of the Data Processor under this clause 6 as applicable to their processing of Personal Data. The Sub-Processor in particular shall provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the Data Protection Laws. Where a Sub-Processor fails to fulfil its data protection obligations, the Data Processor shall remain fully liable to the Data Controller for the performance of that Sub-Processor’s obligations.

7. DATA BREACHES

7.1. The Data Processor shall notify the Data Controller on Data Breach without undue delay. The notification shall include:

7.1.1. Description of the Data Breach, including, if possible, the categories of data and records concerned, the category and number of Data Subjects affected;

7.1.2. Likely consequences of the Data Breach;

7.1.3. Measures taken or proposed to address and/or mitigate the effects of the Data Breach.

7.2. The Data Processor shall, without undue delay, take all urgent measures as are agreed by the Parties or necessary under the Data Protection Laws, to investigate, mitigate and remedy the Data Breach and to protect the Personal Data.

7.3. Each Party needs the prior approval of the other Party to include and identify it in the breach notifications. The other Party should not delay or withhold the approval without a reasonable cause.

8. COOPERATION

8.1. Upon request, the Data Processor shall assist the Data Controller to comply with its obligations under the Data Protection Laws when related to the processing of the Personal Data, including but not limited to:

8.1.1. Data Breaches;

8.1.2. data protection impact assessments (DPIA);

8.1.3. consultations with the Data Protection Authority; and

8.1.4. enquiries, complaints, audits, or claims from any court, government official, or Data Protection Authority.

8.2. Taking into account the nature of the processing, the Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the Data Subject’s rights laid down in the Data Proctection Laws.

8.3. The Data Processor shall make available to the Data Controller all information necessary to comply with its obligations under the DPA and the Data Protection Laws.

8.4. The Data Processor shall notify the Data Controller of any requirements from an official authority as soon as possible.

8.5. The Data Processor shall assist the Data Controller in fulfilling its obligations concerning the requests to exercise Data Subject rights under the Data Protection Laws.

8.6. The Data Processor shall promptly transfer to the Data Controller any request received from the Data Subjects and shall inform the Data Subjects that they can direct their requests directly to the Data Controller. The Data Processor will only handle the requests of the Data Subjects according to the Data Controller’s instructions.

9. AUDIT

9.1. Upon prior notice and no more than once a year, the Data Controller has the right to conduct an audit to verify the Data Processor’s compliance with the DPA.

9.2. The Data Processor shall make available to the Data Controller documentation necessary to demonstrate compliance with this DPA and Data Protection Laws, in particular, to provide information about appropriate technical and organizational measures that have been implemented.

9.3. The Data Controller shall schedule the audit with the Data Processor at least 2 weeks in advance. The Parties shall agree upon the scope, the timing, and the duration of the audit.

9.4. The audit might be carried out by the Data Controller directly or by a third-party auditor appointed by the Data Controller. The Data Processor has the right to object the use of a particular third-party auditor, if it could be considered a competitor of the Data Processor.

10. CROSS-BORDER TRANSFER OF PERSONAL DATA

10.1. The Data Processor may transfer or otherwise process Personal Data outside the European Economic Area (“EEA”) without obtaining the Data Controller’s prior written consent.

10.2. The Data Processor may only process, or permit the processing, of Personal Data outside the EEA under the following conditions:

10.2.1. the Data Processor is processing Personal Data in a territory in relation to which the European Commission has made an adequacy decision; or

10.2.2. the Parties have executed Standard Contractual Clauses.

10.3. If the transfer requires execution of the SCC, the unchanged version of the SCC shall be deemed incorporated by reference hereto and completed as follows:

10.3.1. Module Two will apply;

10.3.2. in Clause 7, the optional docking clause will apply;

10.3.3. in Clause 9, Option 2 will apply, and the time period for prior notice of Sub-processor changes shall be at least 5 (five) business days;

10.3.4. in Clause 11, the optional language will not apply;

10.3.5. in Clause 17, Option 1 will apply, and the SCC will be governed by the law of Ireland;

10.3.6. in Clause 18(b), disputes shall be resolved before the courts of Ireland;

10.3.7. Annex I of the SCC shall be deemed completed with the information set out in Annex A to this DPA and in the Terms and Conditions, Data Controller is the data exporter, Data Processor is the data importer;

10.3.8. Annex II of the SCC shall be deemed completed with the information set out in Annex B to this DPA and in the Terms and Conditions.

11. CALIFORNIA CONSUMERS PRIVACY RIGHTS

11.1. This Clause 11 is applicable to processing of Personal Information of Consumers. The terms “Personal Information” and “Consumer” shall have the meanings stipulated in the California Consumer Privacy Act of 2018, as amended from time to time (“CCPA”).

11.2. The Data Processor shall not retain, use, or disclose Personal Information for any purpose other than for the specific purpose of performing the services specified in the Terms and Conditions.

11.3. The Data Processor shall not retain, use, or disclose Personal Information for a commercial purpose other than providing the services specified in the Terms and Conditions.

11.4. The Data Processor shall not retain, use, or disclose Personal Information outside of the direct business relationship between the Data Processor and the Data Controller.

11.5. The Data Processor shall refrain from selling Personal Information, as the term “sell” is defined in the CCPA.

11.6. The Data Processor certifies that it understands the restrictions in Clauses 11.2 – 11.5 hereof and will comply with them.

12. TERMINATION

12.1. Termination of this DPA shall not affect Parties’ accrued rights and obligations before or at the date of termination.

12.2. Upon the termination of the Terms and Conditions, whereby no further processing is required by the Terms and Conditions or Applicable Law, the Data Processor shall promptly return or irrevocably delete or remove the Personal Data.

12.3. The Data Processor may retain Personal Data to the extent required by Applicable Law and only to the extent and for such period as required by Data Protection Laws and always provided that Data Processor shall ensure the confidentiality of such Personal Data and shall ensure that such Personal Data is only processed as necessary for the purpose(s) specified in the Data Protection Laws requiring its storage and for no other purpose.

13. MISCELLANEOUS

13.1. In the case of conflict or ambiguity between:

13.1.1. any provision of the DPA and any other provision of the Terms and Conditions, the provisions of the DPA shall prevail;

13.1.2. any provision of this DPA and the SCC, the provisions of the SCC shall prevail.

Annex A to Schedule B
Details of Personal Data Processing

Subject matter of the processing of Personal Data: The subject-matter of the data processing assignment is to enable the Client to resolve Cardholder’s billing disputes directly, before they are escalated to Chargebacks, through Technical Solution.
The nature the processing of Personal Data:The scope of personal data processing shall include the following operations performed on the personal data: collecting, recording, storing, transferring, preparing, amending, making the data available, profiling with the use of personal data, deleting personal data both in paper form, as well as in the IT systems required for the provision of Services and for other purposes as may be required under the Terms and Conditions.
The nature and purposes of the processing of Personal Data: The Personal Data shall be processed to the extent necessary for provision of the Services by the Data Processor under the Terms and Conditions, namely, enabling the Client to resolve Cardholder’s billing disputes directly, before they are escalated to Chargebacks, through Technical Solution and other services offered by the Data Processor to the Data Controller.
The frequency and duration of the processing of Personal Data:TThe Personal Data shall be processed on a continuous basis until no further processing is required by the Terms and Conditions or Applicable Law.
The categories of Data Subjects and Personal Data: The types of personal data which will be processed by Data Processor under this Terms and Conditions may include the following categories of personal data of End Users:
name;
date of birth;
phone number;
IP address;
email address;
length of customer relationship;
device;
postal address; and
data concerning transactions and payments, including, but not limited to, order details.
The obligations and rights of Data Controller:The obligations and rights of Data Controller are set out in the Terms and Conditions and this DPA.
List of Parties:The data exporter is the Data Controller and the address, contact details and activities relevant to the data transferred under the SCC are as provided in the Terms and Conditions.
The data importer is the Data Processor and the address, contact details and activities relevant to the data transferred under the SCC are as provided in the Terms and Conditions.
Data Protection Authority:Office of the Commissioner for Personal Data Protection.

Annex B to Schedule B
Technical and Organizational Security Measures

Pseudonymisation and encryption of Personal Data:Data Processor stores all Personal Data in encrypted form. Encryption and use are done by the HSM mechanism.
Ongoing confidentiality, integrity, availability and resilience of processing systems and services: Data Processor ensures:
– regular vulnerability scanning,
– administrative access is allowed only through bastion sites,
– access to systems is differentiated by the roles,
– encryption keys are changed, and key and data access are reviewed on a regular basis. It is also possible to re-encrypt data in case of incidents.
The ability to restore the availability and access to data in the event of a physical or technical incident:Data Processor maintains a recovery plan and ensures its periodic review and verification.
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures: Data Processor maintains a plan of periodic events: Daily, Weekly, Quarterly, Biannually, Annually, After Changes. All operations are audited annually.
User identification and authorisation:Roles, personalized accounts and 2MFAs are used to access system management and administration. A policy on password complexity and frequency of password replacement is also applied. The duration of an inactive session is limited.
Personal Data protection during transmission:Personal Data are transferred between systems using HTTPS TLS1.2 protocol.
Personal Data protection during storage:Database storage and backups are encrypted with AES-256-GCM HSM keys.
Physical security of locations at which Personal Data are processed:The Personal Data are stored on the AWS servers. The physical security of storage locations provided by AWS are compliant with standards: HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171.
Events logging:Operational events are recorded in persistence storage and monitored 24/7. Infrastructure events are captured by AWS.
Internal IT and IT security governance and management:Internal security policies are maintained and regularly updated.
Limited data retention:Storage systems and procedures are maintained to ensure timely deletion of Personal Data.
Download PDF