Merchant Agreement (Ver 7.0) - For eCommerce Solutions Webpage

Merchant Agreement (Ver 7.0) - Online

MERCHANT AGREEMENT

This Merchant Agreement (the “Agreement”) is made together with the date of this eCommerce Solutions MYR Gateway Application Form (the “Form”)

BETWEEN

NTT DATA ECOMMERCE SOLUTIONS SDN. BHD. (Company No.: 200001019210 (521817-M)) (formerly known as iPay88 (M) Sdn. Bhd.) a company incorporated in Malaysia and having its principal place of business at Suite 2A-18-2, 18th Floor, Block 2A, Plaza Sentral, Jalan Stesen Sentral 5, 50470 Kuala Lumpur (hereinafter referred to as “eCommerce Solutions”) of the one part;

AND

The company to which its details are more specifically stated within Section C of the Form, annexed hereto as Appendix A (hereinafter referred to as "the Company") of the other part;

WHEREAS: -

(A) eCommerce Solutions is involved in the business of provision of payment gateway solutions to facilitate online payment processing (collectively referred to as “Service”). The provision of the Services is governed by the terms and conditions in the agreements executed or to be executed between eCommerce Solutions and the relevant PSPs, including, but not limited to, the Standards (as hereinafter defined).

(B) The Company is engaged in the operation of websites and provision of products and/or services as may be available on the Company Platform (as hereinafter defined).

(C) The Company is desirous of appointing eCommerce Solutions for the provision of the Services, and/or other related products subject to the terms and conditions as set out in this Agreement.

(D) The acquirer as set out in Appendix A (“Acquirer”) is a member of VISA, MasterCard, Union Pay International (“UPI”), and any other card associations or schemes that the Banks may subscribe to and as may be specified by eCommerce Solutions from time to time (collectively, “Card Associations”) and eCommerce Solutions is a payment facilitator of the Acquirer (“Payment Facilitator”) pursuant to an agreement signed between the Acquirer and eCommerce Solutions.

(E) The Acquirer has relationships with the Card Associations, which enable it to appoint eCommerce Solutions to acquire and offer the Company a suite of credit cards payment and acceptance services subject to the terms and conditions of this Agreement.

(F) In respect of the provision of MyDebit and FPX as well as any other payment and acceptance services in relation to Paynet, eCommerce Solutions is licensed by PayNet to sign up the Company to participate in MyDebit and FPX and any other payment acceptance services and includes any other Paynet products which maybe from time to time offered by eCommerce Solutions. eCommerce Solutions has, at the request of the Company, approved the Company to participate in one or more of the said products subject to the terms and conditions of this Agreement as well as the Paynet Rules and Regulations which shall be communicated to the Company by eCommerce Solutions from time to time.

(G) In respect of the provision of e-wallets payment and other acceptance services, eCommerce Solutions has relationship with various e-wallet issuers (“e-wallet Issuers”), which enable eCommerce Solutions to offer a variety of e-wallets payment solutions to the Company subject to the terms and conditions of this Agreement and this may involve certain relevant rules and regulations from Bank Negara Malaysia that must be adhered to by the Company.

(H) In respect of the provision of Buy Now, Pay Later (“BNPL”) schemes provided by the relevant BNPL providers in which eCommerce Solutions partnered and will partner with from time to time (“BNPL Providers”), if the Company opts to subscribe to the BNPL services provided by eCommerce Solutions under this Agreement, the Company hereby agrees to be bound by the necessary additional terms and conditions imposed by the BNPL Providers from time to time and eCommerce Solutions shall communicate these additional terms and conditions to the Company from time to time.

(I) The Company and eCommerce Solutions has agreed to enter into this Agreement to define and regulate their mutually agreed roles, obligations, rights, duties and liabilities subject to the terms and upon the conditions set forth herein and the Company hereby irrevocably and unconditionally agreed to be bound by all the terms and conditions stated herein including but not limited to all the rules regulations policies audit requirements imposed by the Card Associations, MyDebit, PayNet, e-wallet issuers, BNPL Providers that may be from time to time required to be complied by the Company.

NOW THIS AGREEMENT WITNESSETH as follows: -

1. Definitions and Interpretation

1.1 In this Agreement, unless the context otherwise requires the following terms shall have the following meanings: -

“ADC” means Account Data Compromise in accordance with the Standards;

“ADC Event” means an ADC event that would or is likely to occur in accordance with the Standards;

"Agreement" means this Merchant Agreement and all schedules, appendices, and/or annexures attached hereto;

“AML” means Anti-Money Laundering;

“Authorities” means any government bodies, regulators, and/or any other relevant authorities who may exert control the Laws governing the obligations of the Parties;

"Bank" means any participating financial institutions where eCommerce Solutions maintains its transaction processing via the financial institution’s gateway;

"Banned and High Risk Industries" means any banned and high risk industries as determined by PSPs from time to time and includes the non-exhaustive list of banned and high risk industries in attached within Appendix B;

“BRAM” means the document containing the Business Risk Assessment and Mitigation compliance programme developed by MasterCard;

"Business Day" means any day (excluding Saturdays, Sundays, and any public holidays) on which the Banks in Kuala Lumpur are open for business;

"Commencement Date" means the date of this Agreement;

"Company Information" means any information that the Company provides to eCommerce Solutions in relation to the Services;

"Company Platform" means the Company’s website(s) and/or platform(s), as stated in Section E of the Form (attached within Appendix A) hereto, for the provision and/or sale of goods and/or services by the Company to the Customers (or such other websites as may be notified from the Company to eCommerce Solutions from time to time);

“Customer” means the natural person or legal entity which purchases products and/or services from the Company;

“DMS” means Direct Merchant Settlement which is a system which facilitate settlement process directly to the Company;

“Excessive Chargeback Program” means the program(s) provided by the PSPs for the purposes of monitoring the chargeback performance of the Company and to determine if the Company has, or is likely to, exceed monthly chargeback thresholds;

"Fees" means the fees payable by the Company to eCommerce Solutions for the Services, more particularly, detailed in the Form excluding banking charges imposed on eCommerce Solutions and includes any revised Fees which may be agreed by both Parties in writing from time to time;

“Law” means any laws, regulations, bylaws, rules, policies, and/or operating regulations and procedures, including but not limited to, the Standards, any manuals, guides or bulletins, as may be amended from time to time and issued by the Authorities and/or PSPs;

"Marks" means the names, logos, trade names, logotypes, trademarks, service marks, trade designations, and other designations, symbols and marks that any one of the PSPs, including, but not limited to, its affiliates and/or subsidiaries, own, manage, license, or otherwise control and make available for use by any other authorised entities;

"MasterCard" means MasterCard International Incorporated, a company organized under the State of Delaware having its office and principal place of business at 2000 Purchase Street, Purchase, NY10577-2509, United States of America of which the Bank is a member institution;

“MyDebit” means a domestic debit card scheme that allows Customers to make payments for goods/services in-store, online store or withdraw cash at participating merchants by debiting directly from Customer’s nominated savings/ current account;

“MyDebit Brand” means the brand, icon, logo and marks for MyDebit;

“OFAC” means the U.S. Treasury Department’s Office of Foreign Assets Control;

“Payment Card Industry-Data Security Standard (PCI-DSS)” means a set of comprehensive requirements for enhancing payment account data security which was developed by the founding payment brands of the Payment Card Industry Security Standards Council to protect account data;

“Payment Service Providers” or “PSPs” means the Banks, Card Associations, and/or any other relevant payment service providers or operators;

"Personal Data" has the meaning ascribed to it in the Personal Data Protection Act 2010 of Malaysia (“the Act”) as amended and/or revised from time to time;

“Stamp Act” means Stamp Act 1949 of Malaysia, as modified, re-enacted or consolidated from time to time, including any subsidiary legislation made from time to time thereunder;

"Standards" means any laws, bylaws, rules, policies, and/or operating regulations and procedures, including but not limited to, any manuals, notices, guides or bulletins, as may be amended from time to time, of the PSPs;

“Tax Authority” means the Collector or any officers under the Stamp Act, the Inland Revenue Board of Malaysia or any other competent authority that administers the Stamp Act;

"VISA" means Visa International Service Association; a company organized under the State of Delaware with its principal office at 3125 Clearview Way, San Mateo, CA94402, United States of America of which the Bank is a member institution;

1.2 Words bearing the singular in this Agreement shall include the plural and vice versa.

1.3 Titles and headings in this Agreement are used for convenience and ease of reference only, and in no way define, limit, extend or describe the scope and intent of this Agreement or of its provision.

1.4 All recitals, appendices, and/or annexures hereto in this Agreement shall be read and construed as an essential part of this Agreement.

1.5 “Parties” shall mean eCommerce Solutions and the Company and “Party” shall mean any of them

2. Appointment

The Company hereby appoints eCommerce Solutions for the provision of the Service for the duration of the Term and eCommerce Solutions hereby agrees to accept the appointment for the provision of the Service to the Company in accordance with the terms and conditions of this Agreement.

3. Relationship

3.1 In providing the Service, the Parties agree that: -

(a) eCommerce Solutions shall act only as a facilitator to assist the Company in accepting payments from the Customer;

(b) eCommerce Solutions will act in accordance with the written instructions of the Company’s authorised representatives provided that such instructions are within the scope of the Service; and

(c) eCommerce Solutions acts solely as an online payment switching service provider by creating, hosting, maintaining and providing its Service to the Company via the internet. eCommerce Solutions does not have any control over the products or services that are transacted by the Company, and, accordingly, eCommerce Solutions does not have any onus or liability whatsoever to ensure that the Customers complete any such transactions with the Company. eCommerce Solutions does not make any representation and/or warranty for or on behalf of the PSPs

(d) eCommerce Solutions and the Company are independent parties, and nothing herein shall be construed as creating a partnership or agency relationship between the Parties, and/or the PSPs.

3.2 Notwithstanding the provision of the Service by eCommerce Solutions and any of the terms of this Agreement to the contrary, the Company acknowledges that:-

(a) eCommerce Solutions is not a bank and the Service provided by eCommerce Solutions is an online payment switching service and not a banking service, and

(b) eCommerce Solutions does not act in the capacity of a trustee, fiduciary, and/or escrow agent with respect to the Company’s funds and acts solely as a custodian of such funds. The Company agrees that it shall not receive interest or any other earnings on the funds handled or processed by eCommerce Solutions on behalf of the Company and that eCommerce Solutions shall be entitled to any interest accrued on such funds.

3.3 The Company shall, at its own cost and expense, register with the PSPs to obtain a merchant account prior to the provision of the Service by eCommerce Solutions to the Company.

3.4 The Company hereby agrees that: -

(a) the PSPs may, at any time and without prior written notice, prohibit the Company from using any of the Marks for any reason whatsoever;

(b) the PSPs shall be entitled to enforce any provision of the Standards and to prohibit the Company from engaging in any conduct that the PSPs deem will damage or create a risk of damage to the PSPs, including, but not limited to, any damage to its reputation, or that could adversely affect the integrity of the PSPs’ systems; and

(c) the Company shall not take any action against eCommerce Solutions, and/or the PSPs to prevent and/or interfere with the rights mentioned in Clauses 3.4(a) and (b) above.

4. Requirements of Company Platform

The Company shall ensure that the Company Platform contains the following information or feature(s): -

(a) Marks in full colour to indicate that payment can be made by way such applicable payment methods;

(b) Complete description of the products and/or services offered by the Company;

(c) Indicate if there are any guarantees and/or warranties granted by the supplier and/or manufacturer for such products and/or services;

(d) Specify or indicate the return and/or refund policies, and terms and conditions of sale and purchase of the products and/or services, which must be acknowledged by the Customers;

(e) Provide the particulars of the customer service contact including the Company's address, email address, and contact number;

(f) Specify the cost of products and/or services, and the applicable delivery and/or shipping charges which shall be in the currency of the Malaysian Ringgit (MYR);

(g) Any export restrictions;

(h) Delivery policy;

(i) Personal Data privacy policy in accordance with the Act;

(j) Security capabilities and policy for transmission of payment transaction details;

(k) Any legal restriction;

(l) Indicate that the Company uses the Services as provided by eCommerce Solutions in which eCommerce Solutions‘s name and/or logo shall appear on the Company Platform.

5. Remittance of Payments by eCommerce Solutions

5.1 The Company hereby irrevocably authorizes eCommerce Solutions to cause all funds received on behalf of the Company by eCommerce Solutions, in connection with the Service, to be deposited on its behalf in eCommerce Solutions’s banking accounts. eCommerce Solutions shall thereafter remit all such funds received by eCommerce Solutions, free of interest less any Fees payable to eCommerce Solutions to the Company, via cheque, internet transfer, or telegraphic transfer to the Company’s bank account. Remittance shall be in accordance with the terms stipulated within the Form.

5.2 The frequency and date of payments may be varied in writing by the Parties.

5.3 The Company hereby agrees that eCommerce Solutions and/or the PSPs have absolute discretion not to remit any such funds received by eCommerce Solutions and/or the PSPs to the Company if eCommerce Solutions and/or the PSPs reasonably believe that any of the following events has or may have occurred:

(a) Product is returned by the Customer or service is not rendered by the Company for any reason whatsoever;

(b) Dispute, chargeback, fraud, forgery and/or suspicious transactions;

(c) The Company is unable to furnish any document or record related to the transaction upon request of eCommerce Solutions and/or the PSPs;

(d) There has been a breach of this Agreement by the Company or the Company is

suspected, expected, assumed, or believed to be in breach of any of its obligations under this Agreement or any security measures or guidelines issued by the PSPs;

(e) Non-compliance by the Company which may damage the goodwill of the PSPs or reflect negatively on the PSPs’ Marks;

(f) If this Agreement is terminated by eCommerce Solutions for any violations by the Company as listed within Clause 11 or in accordance to Clause 19 of this Agreement.

6. Identity Authentication

6.1 The Company hereby authorises eCommerce Solutions, either directly or through third parties, to carry out necessary verification and validation on the Company and to carry out credit checks and/or verifications on the information provided by the Company.

6.2 The Company agrees and acknowledges that eCommerce Solutions does not guarantee authenticity of any of the Customer's identity and the Company shall not hold eCommerce Solutions liable in any way whatsoever, including, but not limited to, third party claims, for any fraud in connection with any of the Customer’s identity.

7. Release

The Company agrees that eCommerce Solutions shall not be held liable in any manner whatsoever in the event there is a dispute between the Company and any of the Customers, unless it can be reasonably proven by the Company that such dispute arose, directly or indirectly, from the negligence, fraudulent act, default, breach and/or omission committed by eCommerce Solutions in the provision of the Service.

8. No Warranty

eCommerce Solutions shall use its best efforts to ensure that requests for electronic debits and credits involving bank accounts, credit cards, and check issuances (if any) are processed in a timely manner. Notwithstanding the foregoing, eCommerce Solutions makes no representations or warranties, express or implied, regarding the time required to complete any such transactions as the Service is largely dependent upon many factors beyond its control including, but not limited to, delays in the banking system, and/or the local or international mail service.

9. Disclaimer and Limitation of Liability

9.1 The Company shall not hold eCommerce Solutions, its holding company, affiliates, related corporation, subsidiaries, employees and its suppliers liable in any way for any losses or liabilities and shall indemnify eCommerce Solutions against any claims, including, but not limited to, for any non-compliance claims brought by any PSPs, Authorities, and/or any third parties caused, whether directly or indirectly, by the Company, or any third parties related to the Company, through the use of or access to the Service. The Company shall forthwith reimburse eCommerce Solutions for any fines imposed, all costs (legal or otherwise), and/or damages incurred by eCommerce Solutions.

9.2 eCommerce Solutions and the Company shall under no circumstances be liable to each other, its holding company, subsidiaries, employees and its suppliers for:

(a) any online services offered by third parties and accessible from the eCommerce Solutions website or the Company Platform;

(b) any exposure of users of the Service to third party online services providing prohibited material or other undesired experiences through the use of the eCommerce Solutions website or the Company Platform; or

(c) in the case of eCommerce Solutions’s liability to the Company, any act or omission on the part of any third parties not within the control of eCommerce Solutions.

9.3 The Company shall perform checks on all the Company’s transactions and settlements carried out through the Services. Any disputes in relation to such shall be raised by the Company within seven (7) days from the date of any such transaction, failing which, all transactions and settlements carried out through the Services shall be final and binding.

9.4 Notwithstanding anything within this Agreement, eCommerce Solutions’s liability towards the Company for any breach shall be limited to the amount of Fees received by eCommerce Solutions from the Company in the preceding six (6) months from the occurrence of any such breach.

9.5 Additional Non-Responsibility of eCommerce Solutions Provisions that are Applicable to the MyDebit (where relevant)

The PSP and eCommerce Solutions shall not be liable for any claims, actions, demands, costs, expenses, losses, and damages (actual and consequential) including legal costs that are incurred or suffered by the Company arising out of or caused by eCommerce Solutions in connection with the operations and services provided by eCommerce Solutions in the MyDebit service. The Company agrees that it will communicate and resolve any dispute in relation to the aforesaid matters with eCommerce Solutions.

10. Indemnity

10.1 Subject to Clauses 7 (Release) and 9 (Disclaimer and Limitation of Liability) herein, the defaulting Party hereto agrees to indemnify and hold the non-defaulting Party, its holding company, subsidiaries, affiliates, related corporation, officers, directors and employees harmless from any claim or demand made or incurred, whether by any third party or otherwise, due to or arising out of the defaulting Party’s breach of any of the terms of this Agreement or the violation of any Law in connection with the transactions contemplated under this Agreement.

10.2 In any such cases as contemplated within Clause 10.1 above, the non-defaulting Party shall, as soon as practicable, notify the defaulting Party of any such claims or demands made against the non-defaulting Party. If the Company is the non-defaulting party, the Company shall not accept any form of settlement and/or arrangement for any such claims or demands without the prior written consent of eCommerce Solutions. The non-defaulting Party may, at the expense of the defaulting Party, opt to join the defaulting Party in defending any such claims or demands at its sole discretion.

10.3 Additional Indemnity applicable to MyDebit Service

(a) Subject to eCommerce Solutions and the Company’s (hereinafter referred to as “party” or “party’s”) compliance with Clause 10.3(c) below, each party (“Indemnifying Party”) agrees to indemnify and hold the other party and its employees and agents harmless against any and all losses, expenses, claims, suits, demands, actions, and proceedings including all reasonable legal and other related fees or charges (“Liability”) which the other party may suffer or incur or for which the other party may become liable as a result of:

a. Any negligence, misrepresentation or fraud on the part of the indemnifying party, its employees, and agents with respect to the performance of its obligations or the exercise of any of its rights under this Agreement;

b. Any claim by a Customer, eCommerce Solutions, Issuer, MyDebit Operator or any other person for any breach by the Indemnifying Party of any applicable laws;

c. The failure of the Indemnifying Party to observe any of its obligations under this Agreement; or

d. Any use of the MyDebit Brand by the Indemnifying Party other than as permitted by the Standards in relation to MyDebit Brand.

except to the extent that such liability arises or is incurred by the other party by reason of any act or omission on its part mentioned in Clause 10.3(a)a. to d.

(b) Notwithstanding Clause 10.3(a) above, in the event eCommerce Solutions becomes insolvent, the Company hereby agrees to indemnify the MyDebit Operator from all claims, losses, damages, penalties, suits, costs, and expenses (including reasonable legal fees) at all times.

(This Clause 10.3(b) shall only be applicable for MyDebit Operator’s appointed third party acquirer).

(c) In the event a claim is made against a party in respect of which it is entitled to be indemnified pursuant to Clause 10.3(a) or 10.3(b), that party must:

a. Give notice of any such claim to the other party;

b. Consult with the other party in relation to any such claim;

c. Not to settle any claim without obtaining the prior written consent of the other, such consent not to be unreasonably withheld.

(d) eCommerce Solutions is not liable to the Company for any loss or damage suffered by the Company as result of the delay or disruption caused by any system failure beyond eCommerce Solutions’s reasonable control.

(e) For the purpose of this clause, loss or damage includes any consequential or economic loss or damage.

11. Violations by the Company

11.1 If the Company engages in any of the following, eCommerce Solutions shall be entitled, at its sole discretion, to limit the Service provided to the Company or immediately terminate the Service and this Agreement by notice in writing to the Company:

(a) Using the Service to receive payments for any sexually oriented or obscene materials or services in violation of eCommerce Solutions’s policy;

(b) Using the Service to receive payments for any narcotics, other controlled or illegal substances, steroids or prescription drugs in violation of any Laws;

(d) Using the Service to receive payments for any unlicensed or counterfeit products;

(e) Using the Service to receive payments for any firearms, ammunition, high capacity magazines, tasers, air guns, and similar objects;

(f) Using the Service to receive payments for any fireworks or pyrotechnic devices or supplies;

(g) Attempting to tamper, hack, modify, or otherwise corrupt the security or functionality of the Service;

(h) Using the Service for money laundering activities;

(i) Using the Service for pyramid scheme programs;

(j) Using the Service for any illegal or immoral activities including, but not limited to, violating the Laws;

(k) Damage the goodwill or reflect negatively on the PSPs’ brand, including but not limited to violating the BRAM compliance program;

(l) Deal in the currency of Israel;

(m) Deal with the residents, Authorities, agencies, instrumentalities, and/or any entities owned or controlled, directly or indirectly, by Israel (“Specified Persons”);

(n) Deal with any person or group of persons as announced by relevant Authorities, such as but not limited to, the United Nations Security Council, as being a person or group of persons involved in terrorism or terrorism-related activities;

(o) Deal with any persons or group of persons contained within the Specially Designated Nationals and Blocked Persons List (the “SDN List”) issued by the OFAC;

(p) Conduct any business or activities in a country subject to OFAC sanctions programs that impact payment services, or with the government of such a country;

(q) Using the Service for any of the Banned and High Risk Industries, not including business or industry which has been disclosed by Company to eCommerce Solutions and is cleared by eCommerce Solutions;

(r) Failing to comply with relevant guidelines provided by the PSPs for use of the Marks; or

(s) Subcontracting and/or assigning its rights under this Agreement to a third party without the written consent of eCommerce Solutions.

11.2 The Company agrees that the damages sustained by eCommerce Solutions as a result of the items listed within Clause 11.1 above by the Company will be substantial and may include, without limitation, fines and expenses from its payment processors and/or service providers, and damage to its reputation. Such damages may be extremely difficult and impracticable to ascertain and that monetary relief will not be an adequate remedy for such breaches by the Company. The Company further acknowledges that eCommerce Solutions shall be entitled to seek any and all forms of equitable relief, including, but not limited to, injunctions and specific performance in the event of any such breach or threatened breach by the Company.

12. Fees

12.1 The Company shall pay eCommerce Solutions the Fees as set forth in Appendix A of the eCommerce Solutions Form.

12.2 All Fees will be assessed in the currency of the payment. The Company’s account and all transactions are made and displayed in MYR unless otherwise specified and may be subject to exchange rates.

13. Receiving Payments

13.1 Reversed and/or Refunded Payments

The Company agrees that if a reversal and/or refund transaction occurs on a payment made to its account, eCommerce Solutions shall be entitled to reverse the payment and debit the same on the Company’s account balance that is maintained with eCommerce Solutions to pay for any such reversals and/or refunds. The Company agrees not to take any legal action against eCommerce Solutions arising from any non-payment due any such reversal process. In the event of insufficient funds in the Company’s account balance, the Company agrees to reimburse eCommerce Solutions through other means within fourteen (14) days from the receipt of notification in writing notifying the Company of such.

13.2 Refused Payments

Any payments carried out through the Service that are denied or unclaimed by a recipient will be returned to the Company:-

(a) on the date any such payments are denied; or

(b) within thirty (30) days from the date of any such unclaimed payments.

14. Warranties in respect of Company Information

14.1 The Company is solely responsible for the Company Information and the Company acknowledges that eCommerce Solutions acts solely as a passive conduit for the online distribution and publication of the Company Information. Notwithstanding the foregoing, eCommerce Solutions shall not use any of the Company Information for any other purpose which is not related to the provision of the Service pursuant to the terms of this Agreement without the consent of the Company.

14.2 The Company shall ensure that the Company Information and the Company's activities, including the payments and receipt of payments, that are transacted through the eCommerce Solutions Service shall not:

(a) be false, inaccurate or misleading;

(b) be fraudulent or involve the sale of counterfeit or stolen items;

(d) violate this Agreement as defined under Clause 11 herein;

(e) infringe any rights of third parties including, but not limited to, intellectual property and/or privacy rights;

(f) violate any Laws;

(g) be defamatory, trade libellous, or unlawfully threatening and/or harassing;

(h) be obscene or contain child pornography;

(i) contain any viruses, trojan horses, worms, time bombs cancelbots, easter eggs, cryptolocker or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept, or expropriate any system, data or other Personal Data; or

(j) damage the reputation of and/or cause liability to eCommerce Solutions, and/or cause eCommerce Solutions to lose (in whole or in part) any services provided to eCommerce Solutions by its service providers and/or suppliers.

15. Representations, Undertakings and Covenants of the Company

15.1 The Company hereby undertakes and covenants as follow:

(a) To obtain, at its own cost and expense, necessary licenses or permits and resources to conduct its business;

(b) Shall have legal or legitimate rights to sell and market such products and/or perform such services as offered by the Company;

(d) Shall not impose any form of minimum transaction value for the use of the Service, and/or impose any surcharge, commission, transaction cost, or any other contemporaneous finance charge in connection with transactions through the Service whether through any increase in price or otherwise, or, any additional terms and/or conditions for the use of any payment methods through the Service aside from that imposed by the PSPs;

(e) The Bank reserves the rights to participate from time to time, in promotions with any vendors or suppliers featured on the Company Platform;

(f) To be responsible and financially liable for all transactions, acts, omissions, Customer’s disputes, chargebacks, fraud, suspicious transactions, and/or any other customer service-related issues caused by the Company;

(g) Not to transfer and/or attempt to transfer any of the Company’s financial liability by way of asking or requiring Customers to waive their dispute rights;

(h) To provide the PSPs and/or eCommerce Solutions with the necessary information, documents and records in relation to the Service, transaction and Customer and to consent to the use of the same by the PSPs and eCommerce Solutions;

(i) To comply with the Laws including, but not limited to, all applicable laws and regulations with regards to AML activities, and any changes or risk management controls implemented by relevant Authorities and/or PSPs;

(j) To participate and give full co-operation in an audit with regards to the Laws upon request by the PSPs and/or eCommerce Solutions;

(k) Shall not deal directly with the PSPs in relation to the Service;

(l) In the event that the products and/or services are categorized as "high risk business" such as Digital item (IDD card, mobile reload card, digital music, video, information, software, instant downloadable item and eBook), Event (one-time seminar, conference, expo and online ticket) and Fast Moving Consumer Goods (pharmaceuticals, consumer electronics, packaged food products and drinks), the Company shall perform transaction verifications with the Customer and to submit the relevant verification documents to eCommerce Solutions within three (3) Business Days after such transactions, failing which, the Company shall reverse such transactions and perform secret key verifications in the Company's online shopping cart for all instant downloadable items or activation of services;

(m) Shall forthwith resolve any claims or complaints made by the Customer with respect to any purchase of the products and/or services from the Company directly with the Customer;

(n) Shall not export or re-export any of the products and/or services stated in the Company Platform without the appropriate approval from the relevant Authorities and licenses;

(o) Shall comply with all applicable Laws of whatever jurisdictions, including without limitation, restrictions on the export of encryption software and the export or import of products and/or services to and from any countries; and/or

(p) Notify in writing immediately of any changes to the information provided by the Company including but not limited to the Company’s names, addresses, URLs of the Company and a complete description of goods sold and services provided by the Company.

16. Confidentiality and Intellectual Property Rights

16.1 “Confidential Information“ shall mean all information, reports and relevant data such as diagrams, plans, drawings and supporting records or materials compiled or prepared and provided by one Party (“the Disclosing Party”) to the other Party (“the Receiving Party”) (whether in writing, orally or by any means) and shall include but not be limited to any technical information ascertainable by way of inspection or any information relating to its business, operations, processes, plans, intentions, product information, know-how, design rights, trade secrets, market opportunities, customers and business affairs.

16.2 The Parties undertake in relation to the Confidential Information:-

(a) To maintain the same in confidence and to use it only for the purposes contemplated within the Agreement and for no other purpose and in particular, but without prejudice to the generality of the foregoing;-

(i) not to make use of Confidential Information for any other commercial uses aside from that prescribed within this Agreement; and

(ii) not to use the same for the benefit of itself or of any third party other than pursuant to a further agreement with the other Party.

(b) Not to copy, reproduce or reduce to writing any part thereof except as may be reasonably necessary for the purposes contemplated within the Agreement and that any copies, reproductions or reductions to writing so made shall remain the property of the Disclosing Party;

(c) Not to disclose the same whether to its employees or to third parties except in confidence to such of its employees, directors, officers, advisors, and agents, including its respective affiliates and related corporation (“Representatives”), who need to know the same for the purpose contemplated in the Agreement provided always that the obligations found within this Agreement are made known to such Representatives and that such Representatives are bound by the same obligations found herein;

(d) To be responsible for the performance of sub-clauses (a), (b) and (c) above on the part of its Representatives to whom the same is disclosed pursuant to sub- clause (c) above; and

(e) To apply thereto no lesser security measures and degree of care than those which applies to its own confidential or proprietary information and which warrants as providing adequate protection of such information from unauthorized, copying or use.

16.3 The Receiving Party shall not be bound by the obligations within this Agreement for any Confidential Information which:-

(a) is or becomes available in the public domain in any way without breach of the confidentiality obligations within this Agreement by the Receiving Party;

(b) the Receiving Party can show was in its possession or known to it by being in its use or being recorded in its files or computers or other recording media prior to receipt from the Disclosing Party;

(c) can be proven to have been developed by the Receiving Party at any time independently of the Confidential Information disclosed to it by the Disclosing Party;

(d) is disclosed or made available to the Receiving Party from a source other than the Disclosing Party provided always that such source is not bound under any confidentiality obligations;

(e) is disclosed by the Receiving Party with the prior written consent of the Disclosing Party; or

(f) is disclosed in accordance to the requirement by any court, tribunal, government or authority with competent jurisdiction or applicable Laws provided always, where possible, that the Receiving Party shall notify the Disclosing Party of any such sought disclosure to allow the Disclosing Party an opportunity to seek necessary remedy, including but not limited to, a protective order and that any such disclosure be limited to the part of the Confidential Information sought to be disclosed pursuant to such applicable Laws.

16.4 For the avoidance of doubt, in the event of termination or expiry of this Agreement, the Receiving Party shall be permitted to retain a copy of any such Confidential Information solely for the purposes of complying with, and to the maximum extent permitted by, applicable Laws. Any such Confidential Information retained by the Receiving Party shall be subject to the obligations found herein this Agreement.

16.5 The confidentiality obligations within this Clause 16 constitutes the entire agreement and understanding between the Parties with respect to the Parties’ obligations towards Confidential Information and supersedes all previous agreements, understandings and undertakings in such respect and all obligations implied by law to the extent that they conflict with the express provisions of this Agreement.

16.6 Each Party acknowledges that the copyright, designs, trademarks and other intellectual property rights comprised in the information, text, graphics, scripts, software, technology, music, sound, photograph or any other materials or works used on, comprised or contained in the systems, software, trademarks and logos (collectively "the Materials") are the sole and exclusive property of the respective Party and/or its licensors.

16.7 Each Party further agrees and undertakes that, save as expressly permitted in this Agreement, it shall not without the other Party's prior written consent:

(a) reproduce, copy, reverse compile, adapt, modify, distribute, commercially exploit, display, broadcast, hyperlink or transmit in any manner or by any means or store in an information retrieval system any part of the other Party’s website or Materials;

(b) create or use derivative works from the Materials;

(d) use any part of the Materials contained at the other Party’s website or any other server for any other purpose other than that provided for within this Agreement.

17. Access and Interference

17.1 The eCommerce Solutions website contains robot exclusion headers and the Company agrees that it will not use any robot, spider, other automatic device, or manual process to monitor or copy eCommerce Solutions web pages or the content contained herein without eCommerce Solutions prior express written permission. The Company agrees that it will not use any device, software or routine to bypass eCommerce Solutions’s robot exclusion headers, or to interfere or attempt to interfere with the proper working of the eCommerce Solutions site or any activities conducted on its site. The Company agrees that it will not take any action that imposes an unreasonable or disproportionately large load on eCommerce Solutions 's infrastructure.

17.2 The Company acknowledges that much of the information on the eCommerce Solutions website is proprietary or licensed to eCommerce Solutions by its users or third parties. The Company agrees that it will not copy, reproduce, alter, modify, create derivative works, publicly display or frame any content (except for the Company Information) from the eCommerce Solutions website without the express written consent from eCommerce Solutions or the appropriate third party. If the Company uses, or attempts to use the Service for purposes other than sending and receiving payments and managing its account, including but not limited to tampering, hacking, modifying or otherwise corrupting the security or functionality of Service, the Company’s account will be terminated and the Company shall be liable to eCommerce Solutions for any damages and other penalties, including, but not limited to, criminal prosecution.

18. Privacy and Security

eCommerce Solutions shall not use Company Information for marketing purposes without the Company’s written consent and eCommerce Solutions shall only use the Company Information in the manner as described in the Privacy Policy (https://my.nttdatapay.com/privacy-notice). eCommerce Solutions shall store and process Company Information on computers located in Malaysia that are adequately protected through the deployment of security devices. For the avoidance of doubt, all eCommerce Solutions websites begin with https://my.nttdatapay.com/

19. Term and Termination

19.1 The term of this Agreement shall commence on the Commencement Date and, unless earlier terminated or extended as provided below, shall end twenty-four (24) months later (“Term”) provided that, this Agreement shall be automatically renewed on a yearly basis, upon expiry thereof, unless either Party provides written notice of termination to the other Party at least thirty (30) days prior to the end of the then current Term.

19.2 This Agreement may be terminated as follows:

(a) If a Party (hereinafter referred to as “the Defaulting Party”):

(i) shall hereto commit or permit any material breach of any of the obligations herein contained and on its part to be performed or observed, and shall not have remedied such breach (if capable of remedy) within fourteen (14) days after written notice shall have been given to it by the Party not in default (the “Non-Defaulting Party”);

(ii) shall go into voluntary liquidation otherwise than for the purpose of reconstruction or amalgamation, an order of court is made for its compulsory liquidation, shall become bankrupt, or have a receiving order made against any of his assets;

(iii) shall enter into any composition or arrangement with its creditors;

(iv) shall have a receiver appointed over the whole or any part of its undertaking or assets;

(v) shall suffer any encumbrances taking possession of or a receiver or trustee being appointed over the whole or any part of its undertaking, property or assets; or

(vi) shall have an order made against it or have a resolution passed for its winding-up, otherwise than for the purpose of a reconstruction or amalgamation previously approved by the other Party.

then and in any such event (hereinafter referred to as an “Event of Default”) the Non-Defaulting Party shall be entitled to, with or without notice in writing to the Defaulting Party, terminate this Agreement within fourteen (14) days from the date of which the Non-Defaulting Party becomes aware of the occurrence of the Event of Default.

19.3 This Agreement shall be terminated automatically and immediately without any prior notice if any of the following events shall occur:

(a) When the Company or any of its directors and/or business owners of the Company has been blacklisted by the PSPs;

(b) The PSPs de-registers eCommerce Solutions and/or the applicable Bank ceases to be a member of the PSPs for any reason whatsoever;

(d) The Company enters into another agreement under a new name with the intention to circumvent the provisions of the Laws;

(e) The Company carries out activities that causes the PSPs and/or eCommerce Solutions to violate the Laws;

(f) The Company performs any other activities that may result in undue economic hardship or damage to the goodwill of the system of the PSPs;

(g) Irregular transactions by the Company, occurrence of excessive chargebacks as defined under the Excessive Chargeback Program, non-compliance with any applicable data security standards as determined by eCommerce Solutions and/or the PSPs, and/or any other circumstances which, in the discretion of eCommerce Solutions and/or the PSPs, may increase the risk exposure of, or otherwise present a direct or indirect financial or security risk to, such parties;

(h) A violation by the Company of any Laws; or

(i) The Company processes more than the threshold set by the PSPs annually (based upon the date its account is approved) and fails to comply with any Laws or requirements set by the PSPs.

19.4 Notwithstanding the above, eCommerce Solutions may terminate this Agreement, without the need to assign any reason thereto, by giving thirty (30) days’ written notice to the Company.

19.5 Upon the termination of this Agreement, the following provisions shall apply:

(a) The Company shall cease all promotions, advertising, and use of the Service, any pending transactions to be performed under the Service will be cancelled. The Company’s eCommerce Solutions account shall be terminated and the Company shall notify its Customers of such.

(b) The Company shall not use the closure of its account as a means of evading investigations. eCommerce Solutions reserves the right to hold the Company’s funds:

i. for up to one hundred and eighty (180) days as appropriate for the purposes of possible disputes, reversals, refunds, and/or compliance assessments;

ii. in the event of any disputes, chargebacks, fraud investigations, regulatory inquiries or card‑network rules related matters remain unresolved, eCommerce Solutions may continue to hold the funds for up to an additional three hundred and sixty (360) days, provided that such withholding is limited to amounts related to such events;

iii. if the Company is later determined to be entitled to some or all of the withheld funds, eCommerce Solutions will release those funds to the Company within thirty (30) days of such determination; and

iv. notwithstanding the foregoing, eCommerce Solutions reserves the right to continue withholding the funds until the settlement or conclusion of any related legal proceedings including any appeal thereof.

(c) Relevant information of the Company, as requested by the PSPs, shall be provided to the relevant PSPs for the sole purposes of complying with relevant requirements pursuant to relevant Laws set by the PSPs.

(d) Notwithstanding termination of this Agreement, the Company shall remain liable for any obligations accrued prior to the termination of this Agreement, including, but not limited to, any chargebacks and/or reversed transactions.

19.6 Additional Terminating Event Applicable to the MyDebit Service

(a) eCommerce Solutions, as the case may be, reserves the right to terminate the services provided under this Agreement or the MyDebit service under the following circumstances, which includes, but not limited to:

a. This Agreement between the Company and eCommerce Solutions is terminated or expired;

b. eCommerce Solutions has determined that the Company has breached this Agreement, or the terms and conditions stipulated in the MyDebit Merchant Registration Form, or any applicable rules, guidelines, regulations, circulars or laws;

c. The Company fails to remedy or take adequate steps to remedy its default under this Agreement to the satisfaction of eCommerce Solutions within a time period as specified in the notice of the default given by eCommerce Solutions;

d. eCommerce Solutions has determined that the Company has inadequate operational controls or insufficient risk management processes resulting in potential threats to the stability, integrity, safety and efficiency of the MyDebit service;

e. Court order affecting the legal status of the Company;

f. An application is made to the court either voluntarily or involuntarily for an order that the Company be wound up;

g. The Company is deemed unable to pay its debt and should be wound up under statutory laws; or

h. eCommerce Solutions’s membership in the MyDebit service or RENTAS is terminated or suspended and the Company has not appointed a replacement acquirer;

(b) Upon termination of this Agreement, the Company must cease all promotional and advertising that is related or can be perceived to be related to the MyDebit service.

(c) Termination of the Company in the MyDebit service shall not extinguish any outstanding right or liability arising under this Agreement or the terms in the Standards related to MyDebit which is applicable to the Company as reflected in this Agreement.

20. Inactive Accounts

20.1 eCommerce Solutions may terminate the Company’s eCommerce Solutions account without notice if the Company does not have any transaction in its eCommerce Solutions account for a period of three (3) months consecutively. Upon termination, eCommerce Solutions shall refer to the accounts and/or address information provided by the Company to remit to the Company any funds that eCommerce Solutions is holding in custody for the Company. If eCommerce Solutions is unable to complete the payment to the Company, its funds will be subject to the applicable unclaimed property Laws.

21. Remedies

21.1 If any of the following events occur:

(a) the Company commits a breach of any of the terms of this Agreement as provided herein;

(b) eCommerce Solutions is unable to verify or authenticate any information provided by the Company to eCommerce Solutions and the Company refuses to co-operate or assist eCommerce Solutions to verify and authenticate such information;

(c) eCommerce Solutions believes or suspects, with reasonable cause, that the Company’s account or activities pose a significant credit or fraud risk to eCommerce Solutions;

(d) eCommerce Solutions believes or suspects, with reasonable cause, that the Company’s actions may cause financial loss or legal liability for eCommerce Solutions or its users including but not limited to any fines or penalty imposed by any Authorities and/or PSPs and/or the Tax Authority; or

(e) The Company’s use of the Company’s eCommerce Solutions account is deemed by eCommerce Solutions, and/or the PSPs to constitute abuse of the PSPs’ systems or a violation of Laws.

without limitations to any other forms of remedies, eCommerce Solutions shall be entitled, at its discretion, to take any of the following actions and/or remedies: (i) to hold on the funds in the Company’s eCommerce Solutions account; (ii) to limit the funding sources and payments; (iii) to limit access to the Company’s eCommerce Solutions account and any or all of the account's functions; (iv) to limit withdrawals by the Company, (v) to suspend or close the Company’s eCommerce Solutions account; and/or (vi) to refuse to provide the Service to the Company.

21.2 In addition thereto, eCommerce Solutions reserves the right to hold the funds for one hundred and eighty (180) days, and for an additional period of up to three hundred and sixty (360) days under circumstances including but not limited to the events described in Clause 21.1(a) until 21.1(e), for transactions that eCommerce Solutions reasonably deems suspicious or for accounts conducting high transaction volumes to ensure integrity of the funds.

21.3 If the Company’s eCommerce Solutions account is closed pursuant to this Clause 21, eCommerce Solutions will notify the Company by way of a written notice, and remit all unrestricted funds held in the Company’s eCommerce Solutions account to the Company. In addition thereto, eCommerce Solutions shall have a lien over the Company’s eCommerce Solutions account and eCommerce Solutions shall be entitled to set-off the funds held in the Company’s eCommerce Solutions account against all sums due and owing to eCommerce Solutions pursuant to the terms of this Agreement.

22. Assignability

This Agreement binds and is for the benefit of the successors and permitted assigns of each Party. For the avoidance of doubt, eCommerce Solutions shall have the right to assign, transfer, novate, or sub contract all or any part of its obligations or interests in this Agreement to its affiliate or related corporation without prior written consent of the Company, provided that the affiliate or related corporation is able to fulfil all obligations assumed by eCommerce Solutions under this Agreement.

23. Credit Report

The Company agrees that eCommerce Solutions may order and review the Company’s credit report with the sole purpose of assessing its fitness to hold an eCommerce Solutions account and/or its ability to use the Service or features thereof.

24. Representations of the Parties

Each Party represents to the other that:

(a) it has all requisite power and authority to enter into this Agreement and to carry out the transactions contemplated herein;

(b) it has the rights, licenses, permits and power to perform all obligations incurred by it under this Agreement;

(d) this Agreement has been duly executed and delivered by it and is a valid and binding obligation of it; and

(e) the execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby do not conflict with or violate its constituent documents, any other contract or agreement to which it is a party, any applicable Laws or any order or judgment of any court or governmental authority.

25. Information, Data Security and Protection

25.1 Where either Party receives any Personal Data from the Customer, it shall ensure that it fully complies with the provisions of the Act and only deals with the data to fulfil its obligations under this Agreement.

25.2 Each Party shall indemnify the other for any breach of the Act which renders the latter liable for any costs, fines, claims or expenses howsoever rising.

25.3 Each Party shall take all reasonable steps to ensure that all its partners, contractors, employees or agents comply with this clause and the provisions of the Act where they are processing, including but not limited to, any transaction and/or Personal Data of the Customer.

25.4 The Company shall not appoint any contractors for the processing of any transaction and/or Personal Data of Customers without the written consent of eCommerce Solutions.

25.5 The Company shall not request for any account-related information from the Customer for any purposes other than to carry out the provision of goods and/or services by the Company.

25.6 The Company must ensure the security and confidentiality of the Customer’s information at all time and protect from any unauthorized access or the use of such confidential information that could result in substantial harm to the Customer and violation of the Laws, including without limitation, the PCI-DSS. The Company shall also ensure that it complies with PCI-DSS and, if the following is applicable, the Payment Application Data Security Standard (PA-DSS).

25.7 In the event the system or environment of the Company is compromised or vulnerable to compromise (at the time the ADC Event or Potential ADC Event occurs), the Company shall be fully responsible to resolve all outstanding issues and liabilities to the satisfaction of the PSPs notwithstanding any subsequent change in eCommerce Solutions’s and/or the PSP’s relationship with the Company after an occurrence of an ADC Event or Potential ADC Event.

25.8 The Company shall forthwith notify eCommerce Solutions when the Company becomes aware of an ADC Event or Potential ADC Event in or affecting any system or environment of the PSP, eCommerce Solutions or the Company. The Company is deemed to be aware of an ADC Event or Potential ADC Event under circumstances that include, but are not limited to, any of the following:

(a) the Company is informed, through any source, of the installation or existence of any malware in any of its systems or environments, no matter where such malware is located or how it was introduced;

(b) the Company receives notification from the PSPs or any other source that the Company has experienced an ADC Event or Potential ADC Event; or

(c) the Company discovers or, in the exercise of reasonable diligence, should have discovered a security breach or unauthorized penetration of its own system or environment.

25.9 In the event the Company becomes aware of any ADC Event or Potential ADC Event, the Company shall forthwith take all necessary actions to resolve the said event and to assist with any directions by the PSPs.

25.10 The Company shall be liable for all costs in relation to any, and all, forensic investigations resulting from an ADC Event or Potential ADC Event.

25.11 The Company shall inform eCommerce Solutions of any third-party relationships it has which may involve any transaction data and further agrees that any such information shared with eCommerce Solutions may be shared with the relevant PSPs.

26. PCI Compliance

26.1 In providing Services to accept transactions through credit cards and debit cards, eCommerce Solutions shall take reasonable measures to provide a secure payment system and shall comply with the PCI-DSS and the PA-DSS (collectively, the “PCI Standards”). eCommerce Solutions hereby acknowledges that it is responsible for the security of cardholder data that it possesses or otherwise stores, processes, or transmits on behalf of the Company, or to the extent that it could impact the security of the Company’s cardholder data environment, in accordance with the PCI Standards.

26.2 Upon Company’s written request, eCommerce Solutions shall provide detailed information regarding its PCI-DSS compliance status, including a breakdown of responsibilities between the Parties, within fourteen (14) days.

26.3 If Company elects to store, hold and maintain “Account Data”, as defined by the PCI Standards (including Customer card account number or expiration date), Company further agrees that Company will either maintain a PCI-compliant system or use a compliant service provider to store or transmit such Account Data. Company also agrees to never store any “Sensitive Authentication Data”, as defined by the PCI Standards (including CVC or CVV2), data at any time.

26.4 The Company is responsible for maintaining secure systems and shall, upon eCommerce Solutions’s request, cooperate fully and provide all support to implement any remedial actions required to address issues relating to PCI-DSS compliance. Such remedial actions shall be completed within the timeline stipulated by eCommerce Solutions.

27. Taxes

27.1 All taxes and other charges imposed or to be imposed by Authorities in respect of the provision of Service or in connection with this Agreement shall be borne by the Company and the Company shall reimburse and indemnify eCommerce Solutions for the payment of the same in respect of the provision of Service or in connection with this Agreement.

27.2 If new Laws are introduced or the existing Laws are amended as a result of which the applicable tax rates are changed, the Parties hereto shall comply with the new Laws and pay taxes at such rates as may be determined by the relevant Authorities.

28. Notices

28.1 All notices, statements, demands, requirements or other communications and documents required or permitted to be given, served or delivered to any Party under this Agreement (hereinafter referred to as a “Communication”) shall be in writing in the English language and shall be either delivered by hand, pre-paid certified or registered mail, by facsimile, or through electronic mail to that Party in accordance to the information provided below. A Communication once given, served or delivered shall be irrevocable without the consent of the recipient, which may be given or withheld, in its absolute discretion.

If to eCommerce Solutions	Address	:	Suite 2B-20-1, Block 2B 20^th Floor, Plaza Sentral Jalan Stesen Sentral 5 50470 Kuala Lumpur, Malaysia
	Tel. No.	:	03 – 2261 4668
	Fax No.	:	03 – 2261 4663
	E-mail Address	:
	For the Attention of	:
If to Company	Address	:
	Tel. No.	:	As per the details found within
	Fax No.	:	Section C and D of the Form
	E-mail Address	:
	For the Attention of	:

28.2 A Communication shall be deemed to have been given, served or delivered:-

(a) if delivered by hand, upon delivery;

(b) if sent by mail, after three (3) Business Days of postage;

(c) if sent by facsimile machine, one hour after its transmission if such time is during business hours in the place of its receipt or, if it is not, on the opening of business on the next succeeding day in the place of its receipt, subject to its having in fact been received in legible form and with a copy thereof being sent by post;

(d) if sent by electronic mail, twenty-four (24) hours after e-mail is sent.

29. Force Majeure

29.1 Neither Party shall be liable for any cost or otherwise, for any delay and/or failure in the execution of their respective obligations hereunder if such cost, delay or failure is due to Force Majeure, which for the purposes of this Agreement shall mean any unforeseeable event or cause not within the control of the Party affected which that Party is unable to prevent, avoid or remove.

29.2 The events falling within Force Majeure include but are not limited to:-

(a) war (whether declared or not), hostilities, invasion), armed conflicts, riots, and insurrections, revolution or usurped power;

(b) acts of terrorism, sabotage or criminal damage;

(d) strikes, acts of God, acts of nature, fire, storm, power shortages or power failure, power disruption by war, sabotage or inability to obtain sufficient labour, fuel or utilities;

(e) nuclear explosion, radioactive or chemical contamination or ionizing radiation;

(f) pressure waves caused by aircraft or other aerial devices travelling at sonic or supersonic speeds; or

(g) epidemic, pandemic, quarantine, or movement control order issued by the government,

provided always that an event of Force Majeure shall not include economic downturn, unavailability or insufficiency of funds, or lack of financing on the part of the affected Party to carry out its obligations under this Agreement.

29.3 If either Party is prevented or delayed in the performance of any obligation under this Agreement by events of Force Majeure, the affected Party shall give written notice thereof to the other Party within seven (7) days of the happening of such event, specifying the details constituting Force Majeure and the anticipated period during which such prevention, interruption or delay may continue.

29.4 Where possible the Parties shall diligently mitigate or remove the effects of Force Majeure. Either Party upon receipt of the notice of Force Majeure shall confer promptly with the other and agree upon a course of action to remove or alleviate such effect and shall seek reasonable methods of resuming full performance of its obligations and achieving the objectives under this Agreement.

30. Waiver

30.1 No waiver of any rights under this Agreement shall be valid unless made in writing and signed by a duly authorized representative of the Party granting such waiver.

30.2 A waiver by either Party of any breach of the terms and conditions of this Agreement shall not be construed as a waiver of any other breach of the same terms or conditions or a breach of any other terms or conditions of this Agreement.

31. Governing Law and Jurisdiction

This Agreement is governed under, and shall be construed in accordance with, the Laws of Malaysia, and the Parties hereby agree to submit to the non-exclusive jurisdiction of the courts of Malaysia.

32. Time

Time is of the essence of this Agreement.

33. Costs and Stamp Duty

33.1 Each Party shall bear their own solicitors’ costs in respect of this Agreement.

33.2 The Parties agree that:

(a) The Company shall promptly provide (no later than 3 Business Days from the date eCommerce Solutions has requested in writing) eCommerce Solutions with all assistance, documents and information as may be required by eCommerce Solutions in connection with the stamping of this Agreement, including in the event that eCommerce Solutions is audited by the Tax Authority in respect of this Agreement; and

(b) notwithstanding Section 33 and Third Schedule of the Stamp Act, the Company shall be liable for all stamp duty (including any penalty, fines or interest thereon) that is chargeable on this Agreement.

33.3 Subject to the Company’s compliance with its obligations under Clause 33.2 and Clause 33.4 and without prejudice to Clause 33.2 (b) above, if eCommerce Solutions agrees to pay the stamp duty chargeable on this Agreement for and on behalf of the Company first after the notice of assessment of stamp duty in respect of this Agreement has been issued, and the Company agrees to reimburse and pay to eCommerce Solutions all the stamp duty paid by eCommerce Solutions to the Tax Authority for this Agreement and any service tax as may be applicable, within 5 Business Days from the date eCommerce Solutions has notified and provided the Company with the stamp certificate issued by the Tax Authority for this Agreement.

33.4 Subject to Clause 33.3, the Company agrees that eCommerce Solutions shall not in any event be liable for any liabilities, losses and/or damages (including but not limited to any penalties, fines, interest and/or additional duties imposed by the Tax Authority) arising from the filing and/or stamping of this Agreement.

34. Entirety

This Agreement sets forth and shall constitute the entire agreement between the Parties with respect to the subject matter hereof and shall supersede any and all promises, representations, warranties or other statements whether written or oral made by or on behalf of one Party to the other of any nature whatsoever or contained in any leaflet, brochure or other document given by one Party to the other concerning such subject matter.

35. Severance

If any provisions of this Agreement or any part thereof is rendered void, illegal or unenforceable in any respect under any Law, the Parties shall, in goodwill and to its best efforts, negotiate and agree to a replacement of any such unenforceable provision to allow for the Agreement to be carried out in accordance to the Parties’ original intentions. Notwithstanding this, the validity, legality, and enforceability of the remaining provisions shall not, in any way, be affected or impaired thereby.

36. Variation

This Agreement may be added to, deleted or varied by eCommerce Solutions by way of posting on eCommerce Solutions’ website or in any such other manner as eCommerce Solutions may in its absolute discretion determine which includes notification to the Company via e-mail to the e-mail address provided by the Company to eCommerce Solutions. By continuing to use the Services on and after the effective date of the addition to, deletion or variation of this Agreement, the Company shall be deemed to have accepted the addition to, deletion or variation by eCommerce Solutions.

37. Inconsistency

Unless expressly provided otherwise, in the event of any inconsistency between any provisions in this Agreement and the Standards, the Standards shall prevail unless such other agreement provides explicitly to the contrary.

38. Anti – Bribery and Corruption

38.1 The Company shall comply with, and shall ensure that its officers, directors, employees, personnel and any third parties engaged or instructed to act for or on behalf of them (“Relevant Persons”) are aware of and comply with all anti-bribery and corruption laws applicable to this Agreement, including but not limited to the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (“AMLA”) and the Anti-Corruption Commission Act 2009 (“MACCA”) (“ABC Laws”).

38.2 The Relevant Persons shall not take any actions or make any omissions that would cause eCommerce Solutions to be in violation of any applicable ABC Laws.

38.3 The Relevant Persons shall not, directly or indirectly, offer, pay, promise to pay or authorise any bribe, other undue financial or other advantage or make any facilitation payment to, or receive any bribe or other undue financial or other advantage from, a public official or a private party in connection with this Agreement.

38.4 The Company must also strictly comply with eCommerce Solutions’ Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Policy, Anti-Bribery and Corruption Policy, Whistleblowing Policy and Code of Business Ethics (collectively, the “Policies”) which are available at https://my.nttdatapay.com/corporate-governance. The Declaration of Integrity attached as Appendix C is incorporated into and forms an essential part of this Agreement. By executing this Agreement, the Company affirms the truthfulness of the declarations set out in Appendix C and agrees to be bound by the Policies.

39. Survival

The following clauses and any other clauses which by their context and/or nature are intended to survive the expiry or termination of this Agreement, shall not be affected by the termination or expiry of the Agreement and shall continue to bind the Parties. of this Agreement: 9 (Disclaimer and Limitation of Liability), 10 (Indemnity), 13 (Receiving Payments), 16 (Confidentiality and Intellectual Property Right), 21 (Remedies), 25 (Information, Data Security and Protection), 31 (Governing Law and Jurisdiction).

40. Provisions in relation to the MyDebit service

40.1A For provisions involving MyDebit service in this Agreement, the following definitions shall also apply:-

“Issuer” means a financial institution authorized by Bank Negara Malaysia to issue MyDebit cards

“MyDebit Operator” means the payment system operator for MyDebit service ie. Payment Network Malaysia Sdn Bhd (“PayNet”)

“Participant” means a participant as defined in the Participation Rules for Retail Payment Services that governs the operation of PayNet’s Retail Payment Services

“PIN Pad” means an electronic device used in any physical card-based transaction to accept and encrypt Customer’s personal identification number (PIN).

“Terminal” means an information processing device through which MyDebit transaction messages are initiated and transmitted to eCommerce Solutions and through which reply messages are received and transactions are completed.

40.1 MyDebit Service

(a) eCommerce Solutions is a Participant of the MyDebit service and the Company is a registered merchant under the MyDebit service.

(b) In consideration of the fees paid to eCommerce Solutions, eCommerce Solutions agrees to facilitate the participation of the Company in the MyDebit service in accordance with this Agreement.

(c) The Company hereby agrees to observe all the minimum requirements in this Agreement as specified by the MyDebit Operator including any future revisions which will be communicated by eCommerce Solutions to the Company.

40.2 Payment Type

(a) The Company shall support MyDebit transaction that enables cardholders to use their ATM cards to pay directly from their bank account via POS terminal and a dual-interface which supports both contact and contactless transactions.

40.3 Obligations of Company

(a) The Company shall, at all times, comply with the Consumer Protection Act 1999 as the Company is prohibited to engage in misleading and deceptive conduct, false misrepresentation, and unfair claims in selling their products or services.

(b) The Company shall not be involved or engaged in business activities that contravene the laws of Malaysia.

(c) The Company is prohibited from re-selling or acquiring any other sub-merchant(s) into the MyDebit service or act as merchant aggregators for other merchant(s), without the prior written consent of the MyDebit Operator and eCommerce Solutions.

(d) The Company is not allowed to set a purchase limit.

(e) The Company shall ensure that it does not impose any surcharge on a transaction made using MyDebit.

(f) To open a merchant account for the purpose of the transfer of funds to the Company.

(g) The Company is prohibited from retaining any MyDebit cards belonging to Customers.

(h) The Company shall not capture any of the MyDebit cards at their Terminals or kiosks at any point in time. In the event that the MyDebit cards are captured due to technical reasons or any other reasons, the Company shall undertake to return the cards to eCommerce Solutions for onward submission to the Issuer bank within 24 hours.

(i) The Company shall take all reasonable actions necessary to ensure that all Terminals and PIN Pads operated at their premises are available for use by Customers during MyDebit switch operating hours and that the Terminals and PIN Pads are utilized and have complied with the requirements set in the Standards for MyDebit.

(j) The Company shall comply with the Standards in relation to MyDebit Brand at all times.

(k) The Company shall prominently display MyDebit’s logo and MyDebit service marks and to inform the public that MyDebit service is available at the Company’s premises and/or on all documentation issued and/or used in connection with the provision of the services in order to identify and promote MyDebit service.

(l) To assist the Issuer and/or eCommerce Solutions with any inquiry undertaken in respect of misuse of the MyDebit service.

(m) To accept and honour all MyDebit cards when presented to Customers at any Terminal displaying the logo and provide the goods and services on the same terms and conditions as those under which it supplies goods and services to persons purchasing goods or services by means other than by the MyDebit cards.

(n) To ensure the confidentiality and security of Personal Identification Number (“PIN”) entered at the Terminal.

(o) To ensure that each sales and purchase transaction is confirmed by the Customer in a manner applicable to the Terminal.

(p) To operate the Terminal in accordance with eCommerce Solutions’s direction and/or instruction.

(q) Not to misuse or tamper with the Terminal in any way.

(r) To notify eCommerce Solutions of the Terminal failure within two (2) Business Days after becoming aware of the failure of the Terminal.

(s) The Company must not make any warranties nor representations in respect of goods or services supplied which may bind eCommerce Solutions, MyDebit Operator, Issuer or any other Participants in the MyDebit service.

(t) For the purpose of Clause 40.3 (q), the Company will be liable for any claims, damages, and expenses arising out of or caused to arise from misuse or unauthorised usage of the MyDebit Brand. In the event of such breach this Agreement shall be terminated accordingly. Upon termination, Clause 19.6 (b) shall apply accordingly.

(u) The Company shall consent and allow eCommerce Solutions to disclose its information to MyDebit Operator, as may be reasonably required for the purpose of and in connection with providing the MyDebit service.

(v) The Company shall ensure that Customers are aware that card payments can be made via MyDebit.

(w) Clause 40.3(s) herein shall survive termination of this Agreement. Termination does not affect either party’s rights accrued and obligations incurred before termination.

(x) If applicable, in the interest of safeguarding the integrity of the MyDebit service, the Company shall grant PSP and/or eCommerce Solutions the absolute authority to direct the Company to take any measure that PSP and/or eCommerce Solutions deemed as necessary to detect, mitigate, resolve and prevent fraudulent acts, actual and suspected. The Company receiving such a directive shall promptly comply with the directive.

40.4 Obligations of eCommerce Solutions

(a) eCommerce Solutions shall implement reasonable measures to detect, mitigate, resolve and prevent fraudulent acts, actual and suspected.

(b) eCommerce Solutions shall ensure that Company’s business, activities, products and services do not contravene Malaysian laws.

(c) eCommerce Solutions shall ensure that the Company complies with all applicable requirements stipulated in the Standards related to MyDebit in this Agreement.

(d) eCommerce Solutions shall ensure that the Company will take all reasonable actions necessary to ensure that all Terminals and PIN Pads operating at their premises are available for use by Customers during MyDebit switch operating hours and that the Terminals and PIN Pads are utilized and complies with the requirements set in the Standards related to MyDebit.

(e) eCommerce Solutions shall provide the necessary training to the Company on an on-going basis.

(f) eCommerce Solutions shall transparently disclose to the Company the interchange rates of the debit card schemes and the true effective cost of the two priority network routing choices (either MyDebit Priority Routing or AID Priority Routing) and accurately provide all information necessary for the Company to make an informed decision on network routing.

(g) eCommerce Solutions shall route the Company’s debit transactions to the network with the lowest interchange cost and MDR in the event the Company does not decide on the preferred debit network routing and obtains the appropriate consent from their Company to disclose the information provided by the Company in Appendix IV and Appendix V of the Standards related to MyDebit.

(h) eCommerce Solutions shall complete and submit the ‘Acquirers Fair Pricing Declaration’ in Appendix V of the Standards related MyDebit on a quarterly basis, furnishing all necessary information completely and accurately. eCommerce Solutions shall submit the ‘Acquirers Fair Pricing Declaration’ to PayNet by 15 January, 15 April, 15 July and 15 October of every year, attesting that fair prices have been quoted to the Company in the preceding quarter.

(i) If there will be disruptions due to scheduled maintenance, eCommerce Solutions shall provide seven (7) Business Days advanced notice to the Company and MyDebit Operator, clearly specifying the duration and period of disruption. eCommerce Solutions shall be subsequently required to provide the Company with sufficient targeted reminders closer to the scheduled maintenance to ensure that the Company is aware of the disruption.

(j) eCommerce Solutions shall inform the Company when the system or equipment is not available for use or when there is a malfunction.

(k) eCommerce Solutions shall ensure that the Company is paid in a timely manner in accordance to this Agreement upon receiving the funds via the interbank settlement at MyDebit Operator.

(l) eCommerce Solutions shall take appropriate actions to ensure that the Company does not impose any surcharge and/or minimum transaction amount for MyDebit transactions. eCommerce Solutions shall disclose to Customers any exemption given by an operator of a payment card network or eCommerce Solutions to impose a surcharge or minimum transaction amount when using MyDebit. eCommerce Solutions shall ensure the Company provides sufficiently clear and explicit information at the points-of-sale on the available channels for Customers to lodge complaints on surcharging and minimum transaction amount practices.

a. For the purpose of Clause 40.4(l), eCommerce Solutions shall ensure that the Company who is exempted from the no surcharge or minimum transaction amount restriction to explicitly notify Customers at the points-of-sale on;

i. their surcharge and/or minimum transaction amount practices; and

ii. the available channel for the Customers to lodge a complaint;

b. eCommerce Solutions shall take immediate and appropriate actions on the Company that does not disclose the information under Clause 40.4(l)a. or provide inaccurate, false or misleading information; and

c. eCommerce Solutions shall also address complaints received from Customers in a timely manner, including by providing justifications to the Customers on cases where exemptions are given to the Company to impose a surcharge or set a minimum transaction amount.

40.5 Suspension

(a) Without prejudice to eCommerce Solutions’s rights set out under Clause 9 and 10 herein, eCommerce Solutions reserves the right to suspend the participation of the Company in the MyDebit service by giving notice in writing specifying the suspension date and any conditions applicable to the suspension, under the following circumstances:

a. The Company breached this Agreement, or any applicable rules, guidelines, regulations, circular or laws;

b. The Company fails to remedy the breach described in Clause 40.5(a)a. to eCommerce Solutions’s satisfaction;

c. eCommerce Solutions has determined that the Company has inadequate operational controls or insufficient risk management processes, resulting in potential threats or risks to the stability, integrity, safety, security and efficiency of the MyDebit service;

d. Court order affecting the legal status of the Company;

e. An application is made to the court either voluntarily or involuntarily for an order that the Company be wound up;

f. The Company is deemed unable to pay its debt and should be wound up under statutory laws; or

g. The Company is suspected on reasonable grounds that it is facilitating, involved in, has committed or will commit fraudulent act(s) in connection with the MyDebit service;

h. eCommerce Solutions has received complaints from other merchant(s), other acquirer(s), Issuer or Customer that the Company is engaging in fraudulent activity in connection with the MyDebit service; or

i. The Company has been suspended from the MyDebit service by other acquirer(s) due to breach of provisions of this Agreement or the terms and conditions stipulated in the, or any applicable rules, guidelines, regulations, circular or law;

(b) Upon suspension of the Company in the MyDebit service:

a. The services provided under MyDebit service will be suspended immediately;

b. The Company will no longer be able to offer MyDebit service;

c. The Company will stop accepting payments from acquirer Bank(s)/ MyDebit Operator (through DMS);

d. The Company must cease all promotional and advertising that is related or can be perceived to be related to MyDebit service;

e. The Company must remove all MyDebit Brand from the Company’s marketing collaterals, channels and website; and

f. The Company must take all reasonable steps to comply with any directions of eCommerce Solutions to minimise the impact on Customers of the suspension.

40.6 Advertisement and Use of Logo

(a) The MyDebit Operator owns all rights, titles and interest in the MyDebit Brand and the MyDebit Operator and/or eCommerce Solutions may specify and may at any time amend the requirements relating to the use and/or display of the MyDebit Brand.

(b) The Company shall comply with the requirements, process and/or guidelines prescribed by the MyDebit Operator based on the Standards in relation to MyDebit Brand.

(c) The Company must use the appropriate denotation or legend of trademark registration or ownership in connection with MyDebit Brand, as required or consented to by the MyDebit Operator and/or eCommerce Solutions.

(d) The Company shall only use the MyDebit Brand for the sole purpose of publicising, indicating and advertising that the Company accepts payment requests through the MyDebit service.

(e) The MyDebit Operator and/or eCommerce Solutions have the right to direct the Company to make changes to their use of the MyDebit Brand to rectify any non-compliance or potential non- compliance.

(f) The MyDebit Operator through eCommerce Solutions, may at any time, in its absolute discretion, direct a Company to cease using the MyDebit Brand where such use is in breach of this Agreement or the terms in the Standards related to MyDebit which is applicable to the Company as stipulated in this Agreement.

(g) The Company must not use the MyDebit Brand in such a way to create an impression that the goods or services offered by the Company are sponsored, produced, offered or sold by the owner of the MyDebit Brand. The Company must not adopt “MyDebit” or any other MyDebit Brand as any part of the name of its business or apply it to any goods or services offered for sale.

(h) The Company must immediately on becoming aware of any infringement or potential infringement of the MyDebit Brand, notify eCommerce Solutions.

40.7 Dispute / Claims for MyDebit (if applicable)

(a) If any dispute between the Customers and Company arises, the process used to resolve the disagreements among Customers and the Company shall be based on the relevant Standards by Bank Negara Malaysia.

(b) The Company shall furnish information and assist eCommerce Solutions to facilitate investigations related to Customer’s disputed transactions, fraudulent transactions and requests for refunds in accordance with the following process and timelines.

(c) If a valid request to recover funds was received by the Company within sixty (60) days of the Customer’s MyDebit payment, the Company shall address the Customer’s disputes/ claims to the Customer’s satisfaction.

a. The Customer may submit requests for refund to the Company after MyDebit payment has been made, for the following reasons:

a. Goods or services purchased were not provided or rendered due to the Company’s performance or insolvency;

b. Customer’s bank account was erroneously debited multiple times for a single purchase or charged with an incorrect amount by the Company.

b. Upon receiving a request for refund, the Company shall respond to all requests for refunds within seven (7) Business Days of receipt. The Company shall ensure that the refund claims are addressed within the seven (7) Business Days timeframe.

(d) The Company may provide concrete evidence to contest the claim. Evidence may include proof of delivery, certification from suppliers on the authenticity of goods, or other documentation to demonstrate the Company’s performance of its obligations. If the Company is unable to furnish evidence within the timeframe specified in Clause 40.7(c)b. or the evidence does not conclusively refute the Customer’s refund claim, the Company is required to refund the purchase proceeds to the Customer within three (3) Business Days.

(e) If the Company is not able to adequately refute a refund claim in accordance with Clause 40.7(d), eCommerce Solutions shall have the right to debit any of the Company’s account(s) maintained with eCommerce Solutions for the recovery of the disputed sum, either entirely or partially.

-the rest of this page is intentionally left blank-

Appendix A

eCommerce Solutions MYR Gateway Application Form

Appendix B

Non-Exhaustive List of Banned and High Risk Industries

Prohibited Industry

Nature of Business

Adult Content

i. Pornographic and vulgar audio-visual products, pictures, channels, and publications, fetish products, sado masochism (SM) product

ii. Pornographic and vulgar erotic services (including sex chatting and prostitution)

iii. Escort Services

iv. Adult Companion Services or On-Line Dating (both Virtual and In-Person)

Gambling

i. Transactions related to gambling, gaming, or any activities that involve an entry fee and a prize, including casino games, sports betting, horse and dog racing, lottery tickets, and other ventures that facilitate gambling, as well as games of skill (regardless of whether they are legally classified as lotteries), sweepstakes, and non-sports intrastate internet activities.

ii. Sports betting platforms

iii. Lottery services and Poker

Tobacco

i. Products containing Nicotine

ii. Counterfeit tobacco products (e.g. cigarettes, cigars)

Narcotics

i. Narcotics, narcotics-related paraphernalia or tools specifically intended for the production of narcotics

Weapons

i. Weapons of all types (including daggers, firearms and accessories, replica weapons, ammunitions, explosives)

ii. Fireworks and hazardous materials

Human Trafficking and Exploitation

i. Sales or services associated with the management of human remains and anatomical parts.

ii. Any business related to human trafficking

iii. Sales or services related to the harvesting or trafficking of human organs.

Endangered Species and Wildlife Products

i. Trading protected species, including endangered wildlife and products derived from such animals.

ii. Animals, plants, or products that carry contagious or hazardous diseases, or that originate from regions designated as having an epidemic outbreak of contagious diseases.

iii. Sale of live animals, with exceptions for certain regulated species.

iv. Trading in items associated with endangered species or illegal wildlife trafficking.

Financial Behaviour

i. Direct Marketing - Travel-Related Arrangement Services

ii. Direct Marketing - Outbound Telemarketing Merchants

iii. Outbound telemarketers

iv. Direct Marketing - Continuity / Subscription Merchants

v. Direct Marketing - Other Direct Marketers - not elsewhere classified

vi. Unlicensed Multi-level marketing

vii. Rebate-based business and up-selling merchants

viii. Pyramid/ Ponzi schemes or Illegal multi-level marketing, unlicensed loans/money lending, and any kind of 'get rich quick schemes'

ix. Investment scheme

x. Payment aggregator

xi. Credit Counselling / Credit repair services

xii. Credit repair or debt settlement services, credit transactions or insurance activities

xiii. Credit protection / Identity thief protection

xiv. Related to the purchase of annuities or lottery contracts, layaway systems, offshore banking, or transactions aimed at financing or refinancing debts funded by a credit card.

xv. Related to the sale of traveller’s checks or money orders.

xvi. Check/Cheque cashing businesses

xvii. Currency and forex

xviii. Wire Transfer/Virtual Currency

xix. Currency and currency-related products (including virtual currencies, crypto-currencies, and counterfeit currencies)

xx. Non-fungible tokens (“NFTs”) & Cryptocurrencies

xxi. Initial coin offerings (ICOs)

xxii. Unregulated digital wallets

Illegal Activities

i. Pyramid/ Ponzi schemes or Illegal multi-level marketing, unlicensed loans/money lending, and any kind of 'get rich quick schemes'

ii. Illegal downloads of movies, music, computer and video games or software

iii. Items or downloads that infringe upon or violate copyright, trademark, rights of publicity or privacy, or any other proprietary rights under the laws of any jurisdiction.

iv. Counterfeit goods, luxury and designer good, goods infringing on third-party intellectual property rights

v. Stolen goods including digital and virtual goods

vi. Drugs, drug paraphernalia and drug test circumvention aids

vii. Products or items that promote illegal activity.

viii. Involve the sale of products or services identified by government agencies as having a high likelihood of being fraudulent.

ix. Any products or services using child labour

x. Illegal nationally protected artefacts & Smuggled articles

Health and Drugs

i. Drugs, Drug Proprietors, and Druggists Sundries

ii. Unregulated health supplements, and miracle cures

iii. Internet pharmacies / Internet pharmacy referral site

iv. Medical Marijuana

v. Products or Services with Unreasonable Claims or Guarantees (Nutraceuticals, herbal remedies, miracle products, hair growth, enhancement, vitality, feel better)

vi. Counterfeit pharmaceutical products

Miscellaneous

i. Time sharing sales

ii. Buyers’ Club / Membership club

iii. Key-entry telecom merchant offering local and long-distance phone calls through a central access number in a non-face-to-face environment utilizing key entry.

iv. File sharing services

v. Horoscope & Fortune Tellers

vi. Parked Websites (Pay Per Click)

vii. Clicks, follows, deletes, and other network target services (e.g. click farms)

viii. Decryption and descrambler products and services, devices designed to block, jam or interfere with cellular and personal communications

ix. Hacking-related or malware-related products and services relates to cybercrime.

x. Information endangering national security, including promoting terrorist and extremist organizations, subversion of state power, and disseminating state secrets.

xi. Discriminatory or degrading information related to race, gender, religion, region, etc.

xii. Radioactive materials

xiii. Surrogacy services

xiv. E-books and digital content that infringe on copyright.

High Risk Industry

Nature of Business

Financial and Investment Risks

i. Multi-level marketing businesses (MLM)

ii. Prepayment business

iii. Auction business including Penny Auction and/or bidding

iv. Remittance

v. Debit Collector

Retail and Consumer Goods

i. Gold Bar/Gold related business

ii. Precious Stones and Metals, Jewel, Gem

iii. Used and Preloved Products

iv. Marketplace

v. Online Mall

Health and Pharmaceuticals

i. Prescribed Drug, Drug Stores, Pharmacies

ii. Online prescription services/platform for medical consultations

Tobacco and Alcohol

i. Tobacco / Cigar / Electronic Cigarette

ii. Alcohol/ Bar Lounge

Telecommunications

i. Telecommunication services, including but not limited to prepaid and recurring phone services

Real Estate and Travel

ii. Real Estate Agency / Brokers

iii. Travel Agencies / Airline

iv. Accommodation (Hotel/ Lodges/ Airbnb/ Homestays)

Entertainment and Nightlife

i. Night Club/Entertainment/Bar

ii. Online Gaming

iii. Event Management/ Concert / Ticketing

-the rest of this page is intentionally left blank-

Appendix C

Declaration of Integrity

Pursuant to the Agreement, we hereby acknowledge and agree to be bound by NTT DATA Payment Services Sdn. Bhd. and its Group of Companies’ (the “Company”) corporate governance policies, including but not limited to the Group Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Policy, the Group Anti-Bribery and Corruption Policy, the Group Whistle Blowing Policy and the Group Code of Business Ethics (hereinafter referred to as the “Policies”) and declare as follows:

1. That we have read, understand and will comply with all the information contained within the Policies.

2. That we understand and will comply with all applicable laws and regulations relating to the code of conduct, anti-fraud, integrity, anti-corruption and whistle-blowing.

3. That we will commit to the anti-corruption principles which includes promoting values of integrity, transparency, accountability and good corporate governance, prevention of corruption, fighting any form of corrupt practices, as well as supporting anti-corruption initiatives led by the Company, the government and the local authorities.

4. That we have not been convicted nor have we been subject to any investigation, inquiry or enforcement proceedings by the relevant authorities for any actual or suspected breach and will report any actual or suspected breach of any laws relating to anti-bribery, anti-corruption, anti-money laundering, fraud, deceit and/or dishonesty, as soon as reasonably practicable and to the extent permitted by the law, to the Company.

5. That we will undertake to promptly inform the Company of any breach and/or alleged/suspected breach of the Policies and to cooperate with the Company in any investigation of such breach involving any of the Company or the Company’s directors, officers, employees, representatives, agents, contractors and suppliers;

6. That we acknowledge that the provisions set out in this declaration form shall form part of the terms and conditions of our appointment and/or contract of service;

7. That we agree that the Company has the right to suspend or terminate our contract/agreement/services/job and/or disqualify us from rendering for future contracts/jobs if we were found to have breached the Policies; and

8. That we will continue to monitor our performance and business practices to ensure ongoing compliance with the Policies.

Updated as of 16 March 2026

Introducing ADAPTIS e-Commerce

FIND US ON

COMPANY

BUSINESSES

QUICKLINKS