Framework agreement for payment services MANGOPAY

General Terms of Use for Payment Services

Version on 1 July 2019

Closed between:

The customer, a legal entity or natural person registered in the commercial register (or in the national trade register or any comparable professional association) in a Member State of the European Union or a State of the European Economic Area or in a third country imposing equivalent obligations as regards the fight against money laundering and terrorist financing, who acts on his behalf exclusively for commercial (industrial, craft, free) purposes,

hereinafter referred to as the “Holder” or “Commercial Holder”,

The customer, a natural person resident in a Member State of the European Union or a State of the European Economic Area or in a third country imposing equivalent obligations as regards the fight against money laundering and terrorist financing, acting on his behalf exclusively for non-commercial purposes,

hereinafter referred to as the “Holder” or “Consumer Holder” on the one hand,

and

MANGOPAY SA, a public limited company incorporated under Luxembourg law, with a capital of 6,200,000 euros, having its registered office at 2, Avenue Amélie, L-1125 Luxembourg and registered in the Luxembourg Trade and Companies Register under number B173459, authorised to operate in the European Economic Area as an electronic money institution by the Luxembourg Financial Markets Authority, 283 route d’Arlon L-1150 Luxembourg, www .cssf.lu,

hereinafter referred to as the “Service Provider”, on the other hand,

hereinafter referred to individually as a “Party” or collectively as the “Parties”.

Note

The Holder is invited to read carefully the present Framework Agreement sent to him by the Platform before accepting it. He is invited to download it onto a durable medium. By default, communication with the Service Provider shall always be made via the Platform in accordance with the modalities provided for in the General Terms and Conditions of the Website, unless a separate mode of communication is provided for in the Contract.

1. Definitions

For the purpose of this Agreement, the terms are defined as follows:

“Authentication” means the procedures established by the Platform to verify the identity of the Holder or the validity of a Payment Order. These procedures include the use of personalised security features and identification data.

“Strong Authentication”: means the authentication procedures established by the Platform that comply with the requirements of EU Directive 2015/2366 of 25 November 2015. This strong authentication includes, inter alia, elements that allow the establishment of a dynamic link between the transaction, the amount and the payee.

“Banks” means credit institutions responsible for protecting the amount of money raised by the service provider on behalf of the holder. This amount of money is opened in a separate account opened for this purpose to limit attachment. The designated institutions are now ING Luxembourg and Crédit Mutuel Arkéa. The service provider reserves the right to select any other approved credit institution.

“Payee” means a legal or natural person, creditor of a Payment Transaction made by the Holder.

“Card”: means the bank, debit or credit card used to transfer funds to a Designated Holder on their payment account opened in the Service Provider’s books. This Card accesses one of the following networks: Visa, MasterCard, CB.

“Payment Account” or “Account”: means the Payment Account held by the Service Provider in the name of the Holder and used for the execution of Payment Transactions. The Account shall in no case be equated with a Deposit Account. The Account shall be denominated in the foreign currency specified on the Website at the time of its registration.

“Website Terms and Conditions”: Means the general terms and conditions of use of the Website agreed between the Users of the Website and the Platform governing, inter alia, access to the Website.

“Pricing Terms”: mean the financial terms agreed between the Holder and the Platform including the costs payable in respect of this Framework Agreement

“Framework Contract”: means these general terms and conditions of use for the Payment Services, including the Application Form and the Pricing Terms, which govern the use of the Payment Services and the management of the Payment Account by the Service Provider.

“Personalised Security Credentials” means personalised data provided by the Platform to the Holder for authentication purposes. They include identification data and possibly any other data related to the authentication procedure or strong authentication.

“Identification Data”: means the Holder’s Customer Identifier and Password that enable the Holder to access the Holder’s Personal Area.

“Personal Data”: means any information relating to the Holder as a natural person or to a legal person in relation to the Holder as a legal person (including an Operating Officer, an Authorised User, an Authorised Person) within the meaning of the EU Personal Data Protection Regulation 2016/679.

“Personal Area”: means the Holder’s associated environment accessible on the Platform Website enabling the Holder to access his/her Payment Account and use the Payment Services.

“Application Form”: means the form to be completed by any Interested Party wishing to order Payment Services accessible on the Website upon registration or provided by the Platform.

“Business Day”: means a calendar day excluding Saturdays, Sundays and public holidays in France and Luxembourg and any other day designated as such by the Service Provider.

“Means of Payment”: means means of payment other than the Card listed on the Website, the acceptance and settlement of which is offered by the Service Provider upon request. The Holder activates the Means of Payment of his/her choice from the Personal Area.

“Payment Transaction” means a regular or one-off transfer debited to the Payment Account and ordered by the Holder or any authorised agent in this regard.

“Payment Order” means the instruction given by the Holder to the Service Provider in accordance with the procedure set out in the Framework Contract for the execution of a Payment Transaction.

“Payment Page”: Indicates the e-banking service provider of the service provider.

“Data Subject”: means the Holder as a natural person or any natural person associated with the Holder (including an Operating Officer, an Authorised User, an Authorised Person) whose Personal Data is processed in the performance of this Master Agreement.

“Authorised Person” means any agent appointed by the Holder to access the Payment Account and to use the Payment Services for his Account.

“Platform”: means the entity that operates the Website, as determined in the General Terms and Conditions. It prepares, facilitates and advises the Interested Parties regarding the conclusion of the Framework Contract through the Website. It accompanies the holders during the course of their relationship with the service provider in the context of their executed payment transactions. It records the documents necessary for the opening of the account. The platform does not record the amount of money except for the agreed costs in the pricing conditions.

“Service Provider” means MANGOPAY SA, an electronic money issuer authorised in Luxembourg by the Financial Markets Authority under number 3812 and authorised to operate in all Member States of the European Union. The Service Provider appears on the list of electronic money institutions available on www.cssf.lu/surveillance/ep-eme/listes-officielles .

“Third Party Payment Service Provider” means any institution other than the Service Provider authorised in a Member State of the European Union or a State of the European Economic Area or in a third country imposing equivalent obligations as regards the fight against money laundering and terrorist financing.

Platform Customer Service: means the department whose contact details are mentioned on the Website where the Holder can obtain information on the Framework Contract.

“Payment Services” means the payment services set out in points 3 and 5 of the Annex to the Luxembourg law of 10 November 2009 on payment services.

“Website”: means the internet site operated by the Platform, the purpose of which is the sale of goods or services to, or the raising of funds from, Users, or the connection of the Owners with Users.

“Durable medium” means any medium which enables the holder to store information addressed personally to him/her in a way accessible for future reference for a period of time adequate for the purposes of the information and which allows the unchanged reproduction of the stored information. It is usually displayed in the form of a PDF file.

“Holder”: means any legal or natural person acting for its own account and in whose name a Payment Account is opened for the use of the Payment Services.

“User”: means any natural or legal person who has transferred an amount of money to the Holder via the Website by means of a card or any other means of payment accepted by the Service Provider for the transfer of funds.

2. Subject

The purpose of the framework contract is to specify the conditions under which the service provider will provide payment services to the holder in return for remuneration specified in Article 11 of this contract.

These payment services include:

the opening of a payment account,
in favour of the payment account: Registration of the amount of money transferred by cards or any other means of payment accepted by the Service Provider; receipt of transfer.
debit to the payment account: Execution of one-off or recurring transfer operations, direct debit of charges in application of this contract, transfer of funds by cards (or by any other means of payment).

The account does not result in an overdraft, prepayment, cash discount or credit. The service provider does not offer an exchange service.

The Service Provider has engaged the Platform to facilitate the conclusion of this Agreement with each Holder and to guide them throughout their relationship with the Service Provider.

3. Use of the services

3.1 Registration modalities
The framework contract shall be concluded at a distance in accordance with the modalities provided by the platform in the general terms and conditions of the website. For the framework contract to be can be completed online, it is essential that the applicant has the following equipment (hardware and software) for which he/she is solely responsible.

By default, the acceptance of the framework contract is made at a distance via the website and is confirmed by an electronic signature. The applicant has the option to ask for the contract to be signed by hand. In this regard, he/she must print out this contract, sign it and return it electronically or by post to the platform’s customer service, whose contact details are indicated in the general terms and conditions of the website.

In the event of handwritten signature, the date of conclusion of the framework agreement shall be the date indicated on it and, in the absence of a date, the date of receipt of the framework agreement by the platform.

The electronic signature of the framework contract shall be done via the website. The completion date of the framework contract corresponds to the date on which the applicant completes the electronic signature process indicated to him on the website,

The framework agreement concluded between the parties by electronic means has the same probative value as a framework agreement in paper form.

3.2. Contract documents
The framework agreement consists of:

these General Terms and Conditions of Use for Payment Services,
the application form available on the website,
price conditions communicated by the platform.

These general terms and conditions of use of the payment services as well as the price conditions are made available to the holder on the website and can be downloaded onto a durable medium. At any time during the contractual relationship, the holder may receive these documents in paper form upon request.

The Service Provider shall maintain access to the Contract Documents for a period of five (5) years from the end of the contractual relationship. The service provider shall discontinue this service at the end of the above-mentioned five-year period.

The Service Provider may make the conclusion of this Agreement subject to the provision of certification and supplementary information by the Holder to validate its status in relation to these arrangements.

4. Opening an account

4.1 Requirements necessary for opening an account
Any natural person who is at least eighteen (18) years old and has legal capacity, and any legal person resident and/or registered in a Member State of the European Union or in a State of the European Economic Area or in a third country imposing equivalent obligations as regards the fight against money laundering and terrorist financing, may transfer an application to open an account, provided that the natural person is included on the Website as a consumer or as a professional. The legal person may only be included as a trader.

The Holder declares at the time of the transmission of its request for admission on the Platform and throughout the duration of the Framework Agreement:

that he is at least 18 (eighteen) years of age and legally competent or that he is duly constituted in the form of a company,
that he is acting on his own account;
that all information provided at the time of its registration is sincere, accurate and up to date.

4.2. Registration and account opening procedures

4.2.1 Information and evidence
Each interested party must transfer the information and documents listed below to the platform by means of an application form, if this information and documents are not already in the possession of the platform.

The interested party undertakes to transfer the information and documents in accordance with his capacity, i.e. as a trader or consumer.

For the holder, natural person and consumer:

whose surname, first name, e-mail address, date and place of birth, nationality and country of residence.
Copy of a valid official identity document of the holder (e.g. identity card, driving licence and for third-country nationals in the European Union a passport).

For the commercial owner:

for natural persons:

- their surname, first name, e-mail address, date of birth and nationality as well as country of residence.
- Original or copy of an extract from the Official Gazette, not older than three months, confirming registration as a trader or in the national trade register or any other professional association on which the holder depends.
- Copy of a valid official identity document of the holder (e.g. identity card, driving licence and for third-country nationals in the European Union a passport).

for legal entities:

- its corporate name, corporate form, capital, address of registered office, description of business activities, identity of shareholders and directors and list of beneficial owners as specified, for example, by the Ordinance,
- Extract from the commercial register or equivalent document, not older than three months, justifying registration in the commercial register of a Member State of the European Union or of a State of the European Economic Area or in a third country imposing equivalent obligations as regards the fight against money laundering and terrorist financing. This document must confirm the company name, the legal form, the address of the registered office and the identity of the partners and directors mentioned in 1° and 2° of Article R.123-54 of the Commercial Code or their equivalents in foreign law.
- certified copy of the articles of association and any resolutions appointing the legal representative;
- Copy of the identity card or passport of the legal representative and, if applicable, of the authorised user(s).
- The declaration of the beneficial owners of the legal entity holding more than 25%, if the interested party has not declared its beneficial owners in the national register or is not subject to this obligation.

The holder may also be required to provide proof of a bank account opened in his name with a person mentioned in 1° to 6°a of Article L.561-2 of the French Monetary and Financial Code, established in a Member State of the European Union or a State of the European Economic Area or in a third country imposing equivalent obligations as regards the fight against money laundering and terrorist financing.

It is expressly provided that the Service Provider reserves the right to request supplementary documentation regarding the Holder, the Authorised User or a specific payment transaction prior to any registration and at any time during the term of the Framework Agreement.

4.2.2 Restriction of the payment account
Depending on the assessment of the service provider, the use of a payment account may be restricted without the service provider justifying its decision with the holder concerned. The functioning of the account is mainly limited because the holder has not provided all the information and documentation required by the service provider as listed below. These limits are indicated to the Holder by the Platform.

4.2.3 Completion of the registration
Once the Framework Agreement has been concluded, the Holder must provide all information and evidence required from him by the Platform. By agreeing to the terms of the Framework Agreement, the Holder accepts that the Platform will transmit to the Service Provider its application for admission as Holder and all evidence received from it.

The service provider is the only one authorised to accept the inclusion of an interested party as a payment account holder on its behalf. This acceptance shall be communicated to the holder by the platform by any means in accordance with the modalities provided for on the website.

The Service Provider may refuse, without justification or right to compensation in favour of the Holder, a request to open an Account. This refusal shall be communicated to the Holder by the Platform by any means in accordance with the modalities provided for on the Website.

5. Functioning of the payment account

The amounts credited to the Payment Account result from the amount of money transferred by the Card (or any other means of payment accepted by the Service Provider) or from the receipt of the transfer. The amounts debited to the Payment Account result from the execution of the payment transaction for an account opened in the books of a third party payment service provider, the debiting by the service provider of the costs owed by the Holder for the Framework Agreement or the reversal of a transaction by Card (or by any other means of payment).

5.1. Acceptance and settlement of payment orders by cards to the payment account
The payment account may be funded once or several times by card (or any other means accepted by the service provider). If the User wishes to carry out this operation, he/she shall identify him/herself on the Website by indicating his/her user name (valid e-mail address) and his/her password or by logging in via their Facebook account. The money transfer order is recorded on a designated payment page. For each payment, the user may be asked to enter a unique code that will be communicated on their mobile phone for the issuing card institution. Where applicable, it is up to the service provider to reject each payment depending on its assessment and without this decision giving rise to any compensation. The transfer of funds shall be carried out by the issuing card institution. Any objection to such a transfer must be reported to said institution. The Service Provider is not entitled to cancel such a transfer.

The Holder is informed that the acceptance of a Payment Order by Card by the Service Provider does not guarantee the receipt of the funds on the Holder’s account. The registration of the money on the payment account of the holder depends on the actual receipt by the service provider of the amount of money raised less the costs agreed in the price conditions.

If the funds are not received for technical reasons, the Service Provider shall use its best endeavours to settle the matter. If the money is not received for any other reason, the service provider shall immediately inform the holder that it is unable to credit the expected amount to the holder’s account so that it can contact the user.

Assuming that the transfer of funds shown on the Cardholder’s Account is cancelled by the Card Issuer as a result of an objection by the User, the Cardholder accepts that the Service Provider will reverse any transfer of funds by Card by debiting the payment account of the corresponding amount. The Cardholder acknowledges that special attention may be given by the Card Issuer to any such objection until the expiry of a maximum period of thirteen (13) months from the date of the debited account to which said Card is linked. The Service Provider may, in the absence of sufficient funds in the Account, suspend or cancel any payment transaction initiated by the Cardholder or an authorised representative in order to carry out this chargeback or, where applicable, subrogate itself to the rights of the Cardholder and proceed to the collection of the amounts owed by the User by any means whatsoever.

5.2. Receipt of the transfer on the payment account
The holder instructs the service provider to enable it to receive SEPA credit transfers in euro on its payment account from a bank account or a payment account opened on the books of a third-party payment service provider.

The funds shall be credited to his payment account immediately by the Service Provider upon actual receipt by the Service Provider.

After registration of the funds on the payment account of the holder, the service provider shall provide him/her with a summary of the transfer transaction received with the following information: Purpose of the payment transaction, reference to identify the payer, amount of the transaction, value date of the credit.

5.3. Execution of a payment transaction debiting the payment account
The holder may transfer SEPA or international transfer orders for the account of a payee held by a third party payment service provider.

When the holder wishes to carry out a transfer operation, he identifies himself in his personal area by providing his identification data and, if necessary, by following the steps of strong authentication indicated to him. He indicates on the payment page: Amount of the payment transaction, currency, payment account to be debited, execution date of the order and any other required information. In the absence of a date, the transfer order is immediately valid. The holder must also follow the authentication procedure specified by the service provider (or strong authentication, as the case may be).

The holder may at any time transmit a request for execution of a transfer order for a payee appointed by the holder who has a bank or payment account with a third party payment service provider. The holder must transmit the associated reason for each transfer and comply with the authentication procedure (or strong authentication as the case may be) specified by the service provider.

The holder gives his/her irrevocable consent to the payment order by clicking on the “Validation” tab (“Date of Receipt”). The receipt of the payment order is confirmed in the holder’s personal area. No order may be withdrawn by the holder after the date after which it is deemed irrevocable, i.e. from the date of receipt.

Before transferring a transfer order, the holder (or the platform acting on his behalf) must ensure that he has sufficient funds in his account to cover the amount of the payment transaction and the related costs as agreed in the Pricing Terms. If necessary, he must bring his account into credit before the order can be validly transferred to the service provider for execution.

It is expressly agreed that payment orders shall be executed at the latest at the end of the Business Day following the date of receipt of the order by the Service Provider (and at the agreed execution date in the case of time transfers or standing orders). Any payment order received by the Service Provider after 4pm shall be deemed to have been received on the following Business Day. If the date of receipt is not a Business Day, the payment order shall be deemed to have been received on the following Business Day.

For each transfer transaction, the holder may request the service provider to provide information on the execution time of that special transaction on durable medium, on the charges he has to pay and, where applicable, on the details of those charges.

The service provider may be prompted to refuse to execute an incomplete or incorrect transfer order. The holder must resend the order to bring it into compliance. The Service Provider may also block a transfer order in case of substantial doubt of fraudulent use of the Account, unauthorised use of the Account, compromise of the security of the Account, freezing of funds by an administrative authority or for any other reason.

In the event of a refusal to execute a transfer order or the blocking of a transfer order, the service provider shall inform the holder thereof by any means. If possible, the service provider shall provide the holder with the reasons for the refusal or blocking, at least a prohibition under a relevant provision of national or European Union law.

5.4. Refund
The holder may at any time send an instruction to cancel a financial transfer in order to compensate a user. The holder identifies himself on the website by providing his identifier and password. He/she shall indicate in his/her personal space the amount to be reimbursed, the currency, the User to be reimbursed and any other information required.

The refund process will be carried out by the service provider by crediting the card used by the user or by transfer according to the original payment modalities within the available balance of the account and the rules for each network and SEPA rules within five (5) business days of receipt by the service provider of the refund request.

5.5. Special provisions on payment initiation and information services through the accounts provided by a third party payment service provider
Where consent for a transfer order is given through a third party payment service provider providing a payment initiation service, the form of such consent shall be agreed between the Holder and the said third party payment service provider under mutually agreed terms. The Service Provider shall not be a party to such terms and shall not in any event be liable in the event of a dispute in connection with the provision of such Trigger Service by the Third Party Payment Service Provider under such terms.

The holder may revoke the payment order only after consent has been given for the third party payment service provider providing the payment initiation service to initiate the payment transaction.

If the unauthorised, non-executed or badly executed payment transaction is initiated through a third party payment service provider providing a payment initiation service, the service provider shall immediately, and in any case no later than by the end of the next business day, refund to the holder the amount of the unauthorised, non-executed or badly executed transaction, restore the debited account to its previous state as if the non-execution or wrong execution of the payment transaction had not occurred. The value date on which the holder’s payment account is credited shall be no later than the date on which it was debited.

6. Reporting

The holder has a payment transaction status for the payment account in his personal area. He/she is invited to take careful note of the list of these transactions. The records of the transactions may also be made available to the business proprietor at other intervals upon express request.

It is noted that for each payment transaction executed by the service provider, the holder has the following information: Purpose of the payment transaction, identification of the beneficial owner, amount of the transaction, date of receipt of the order and, where applicable, the cost of executing that transaction.

7. Access to the payment account and confidentiality of the personalised security features

The payment account is accessible online in the personal area by means of identification data and according to the required authentication procedure (or strong authentication, as the case may be).

The holder shall provide identification data per authorised person. Each authorised person accepts not to use the name or identification data of another person. The holder shall be solely responsible for any use of its identifier.

Each Authorised Person is fully responsible for maintaining the confidentiality of their identification data and any other personalised security feature that may be assigned by the Service Provider or the Platform. The holder shall take all reasonable steps to maintain the confidentiality and security of the information of its personalised security features. He also undertakes to raise the awareness of the authorised persons regarding the confidentiality and security of their own personalised security features.

The Holder (and any Authorised Person) agrees not to disclose its Personalised Security Credentials to any third party. By way of derogation, the Holder may transfer them to authorised third party payment service providers in a Member State of the European Union or in a state of the European Economic Area for account information services and payment transaction initiation services (as defined in Article 4 of the European Directive 2015/2366, the so-called “PSD2”). The Holder must ensure that this third party payment service provider is authorised for the aforementioned services and captures its personalised security features in a secure environment.

8. Contradiction with the personalised security features

The holder must inform the platform of the loss or theft of his/her personalised security features, misappropriation or any unauthorised use of his/her personal space or data related thereto as soon as he/she becomes aware of it so that he/she can request blocking. This declaration must be made as follows:

by telephone to the Platform’s Customer Service at the number indicated in the Website’s General Terms and Conditions; or
directly by electronic message via the contact form accessible on the website.

The service provider immediately executes the request for objection via the platform. The event is recorded and time-stamped. An objection number with a time stamp shall be sent to the holder. A written confirmation of this objection shall be sent via the platform to the holder concerned by electronic message. The service provider takes over the files at administrative level and keeps all traces for 18 (eighteen) months. Upon written request of the holder and before the expiry of this period, the service provider shall send a copy of this objection.

Any request for opposition must be confirmed without delay by the holder concerned by means of a letter signed by him, delivered or sent by registered mail or e-mail to the address mentioned in the letterhead of this contract or to the address possibly indicated in the general terms and conditions of the website.

The service provider cannot be held liable for the consequences of an objection sent by fax or e-mail that does not originate from the holder.

An appeal request shall be deemed to have been made on the date and time of the actual receipt of the request by the Platform. In the event of theft of the personalised security features or fraudulent use of the personal area, the service provider is entitled to request a receipt or a copy of the submitted claim from the holder via the platform, who undertakes to respond to it without delay.

9. Blocking of the payment account and refusal of payment account access

The Service Provider reserves the right to block the Payment Account if there are objective reasons to suspect that the security of a Payment Instrument has been compromised or that unauthorised or fraudulent use has been made with it, or for a significantly increased risk that the Holder is unable to fulfil its obligation to pay the charges owed in respect of this Framework Agreement.

The Holder is informed that the Service Provider may deny access to the Payment Account to a third party payment service provider providing payment initiation services or information on the Accounts for objective or documented reasons related to unauthorised or fraudulent access to the Payment Account by the Service Provider, including the unauthorised or fraudulent initiation of a Payment Transaction.

In such cases, the holder shall be informed in his personal area of the blocking or refusal of access to the payment account and of the reasons for such blocking or refusal. This information shall be provided, if possible, before the payment account is blocked or access is denied and at the latest immediately after the blocking or denial, unless the fact of providing this information is not communicable for objective security reasons or prohibited by another provision of European Union law or relevant national law.

The Service Provider shall unblock the Account or restore access as the reasons justifying the blocking or denial of access no longer exist. The Holder may request the unblocking of the Account at any time by contacting the Platform’s Customer Service, whose contact details are indicated in the Website’s General Terms and Conditions. The holder may be asked to provide new identification data.

10. Controversial transaction

10.1 Provisions common to all holders
In the event of any complaint regarding payment transactions carried out by the Service Provider under this Contract, the Holder is invited to contact the Platform’s Customer Service or the address indicated in this regard in the Website’s General Terms and Conditions.

If an order is executed by the service provider with errors due to the fault of the latter, the complaint is immediately transmitted to the service provider, the order is cancelled and the account is restored to the way it was before the payment order was received. Subsequently, the order is mapped correctly.

Charges specified in the Pricing Terms and Conditions may be levied in the event of an unjustified complaint about a Transaction.

10.2. Applicable provisions for the professional holder
The trader Holder who wishes to contest a transfer transaction not authorised by him or incorrectly executed by him must contact the Platform’s customer service by telephone without delay after becoming aware of the irregularity and at the latest within eight (8) weeks after booking the transaction, it is her responsibility to transmit the contestation to the Service Provider without delay. Unless there are reasonable grounds to suspect fraud on the part of the Holder, the Service Provider shall refund the amount of the Transaction to the Holder immediately upon receipt of the challenge request and in any event no later than by the end of the next Business Day. The service provider shall restore the account to its previous state as if the unauthorised payment transaction had not taken place.

In the event of loss or theft of the personalised security features, the unauthorised transactions that took place prior to notification of the objection shall be for the account of the holder. The transactions carried out after the Contradiction executed transactions are borne by the service provider except in case of fraud by the holder.

10.3. Applicable provisions for the consumer holder
The Consumer Holder wishing to contest a transfer transaction not authorised by him or executed incorrectly must contact the Platform’s customer service by telephone without delay after becoming aware of the irregularity and at the latest within thirteen (13) months of the debit, it is her responsibility to transmit the contestation to the Service Provider without delay. Unless there are reasonable grounds to suspect fraud on the part of the Holder, the Service Provider shall refund the amount of the Transaction to the Holder immediately upon receipt of the challenge request and in any event no later than the end of the next Business Day. The service provider shall restore the account to its previous state as if the unauthorised payment transaction had not taken place.

In the event of a dispute, the burden of proof that the payment transaction was authenticated, properly recorded and entered in the accounts and was not affected by a technical defect or the like shall lie with the service provider.

In the event of an unauthorised payment transaction resulting from the loss or theft of personalised security features, the holder shall bear the losses associated with the use of personalised security features within a limit of fifty (50) euros prior to notification of the objection. Transactions carried out after the objection are borne by the service provider, except in the case of fraud by the holder. However, the holder shall not be liable in the event of:

Unauthorised payment transaction made without the use of personalised security features;
Loss or theft of personalised security features that were not recognisable by the holder prior to payment;
Loss resulting from the acts or negligence of an employee, agent or branch of a payment service provider or an entity to which the business has been outsourced.

The owner is also not liable:

if the unauthorised payment transaction was made by misappropriating the personalised security features without the holder’s knowledge;
in the case of counterfeiting of the personalised security features, if at the time of the unauthorised payment transaction the holder was in possession of these features.

The holder shall bear all losses caused by unauthorised transactions if such losses result from fraudulent intent on his part or if he has not intentionally fulfilled, through gross negligence, the obligations to maintain the security of his personalised security features and to notify the objection in the event of loss, theft or misappropriation of such features.

Except for fraudulent intent on his part, the holder bears no financial consequences if the unauthorised transaction took place without the service provider requiring strong authentication of the holder in cases where the regulation provides that the latter is mandatory.

11. Financial conditions

The services offered under this Agreement will be invoiced by the Platform on behalf of the Service Provider in accordance with the Pricing Terms.

All commissions owed by the Holder will be automatically debited from the Payment Account by the Service Provider. The Holder authorises the Service Provider to settle, at any time, including after the closure of the Account, any uncontested, quantifiable and due debt owed for any reason whatsoever. It may settle the payment account with any amount outstanding, due and unpaid by the Holder on behalf of the Service Provider.

In the event of late payment of outstanding and due charges by the holder for the service provider, the holder shall owe interest on arrears for the period from the due date until payment in full. The applicable interest rate shall be calculated on the basis of twice the statutory annual interest rate published every six months for the Companies. The amount for default interest is equal to the product of the amount of the unpaid sum by the aforementioned annual statutory rate and the number of days in default to 365.

12. Term and termination

The framework agreement is concluded for an indefinite period. It shall enter into force as of its acceptance by the holder.

The service provider may terminate the framework agreement at any time by giving thirty (30) calendar days’ notice. The Service Provider may at any time terminate the framework contract provided on a durable medium by giving two (2) months’ notice. In this case, the holder shall owe the periodically debited costs for the payment services on a pro rata basis until the termination of the contract.

Beyond six (6) months, the framework agreement can be cancelled free of charge. In other cases, a cancellation fee may apply in accordance with the price conditions.

In order to do so, each party must send its notice of termination to the other party by registered letter with acknowledgement of receipt to the address and e-mail address specified in the general terms and conditions of the website.

Accordingly, the entire Master Agreement shall be terminated and the Payment Account closed. The balance of the Account shall be transferred to the Holder’s bank account within thirteen (13) months after deduction of any charges due and payable to the Service Provider. If the balance of the Payment Account exceeds the limit specified in the Pricing Terms and Conditions, the amount in excess of such limit shall be transferred to the Holder’s bank account within thirty (30) days from the effective date of termination after deduction of the charges due and payable to the Service Provider. The Service Provider shall be released from any obligation as it has confirmed to the Holder the transfer to the specified bank account.

In the event of serious infringements, fraud or non-payment on the part of the holder, the service provider reserves the right to suspend or terminate this contract by sending an e-mail together with a registered letter with acknowledgement of receipt without giving any reason or prior notice.

It is foreseen that the framework agreement will be automatically terminated in the event of new circumstances affecting a party’s ability to commit to this agreement.

13. Contract amendment

The Service Provider reserves the right to amend the Framework Agreement at any time. Any draft amendment to the Framework Agreement shall be provided to the Holder by the Platform.

Any Holder may reject the proposed changes and must notify its rejection to the Platform’s Customer Service by registered letter with acknowledgement of receipt two (2) months before the entry into force of the proposed changes (as evidenced by the postmark).

In the absence of notice of rejection before the specified effective date, the proposed amendments shall be deemed to have been accepted by the holder. Relations between the Parties after the Effective Date shall then be governed by the new version of the Master Agreement.

In the event of rejection by the Holder, such rejection shall result in the termination of the Framework Agreement without costs as well as the transfer of the balance of the Payment Account within thirteen (13) months after the effective date of the termination with respect to the coverage of all future challenges.

Any legal or administrative provisions that require all or part of the Master Agreement to be amended shall apply from the Effective Date without notice. However, the Holder shall be informed thereof.

14. Security

The service provider undertakes to guarantee its services in compliance with the applicable laws and regulations and the state of the art. In particular, the service provider shall take all steps to ensure the security and confidentiality of the data of the holders in accordance with the applicable regulations.

The Service Provider reserves the right to temporarily suspend access to the Online Account for technical, security or maintenance reasons, without these operations entitling it to any compensation. It undertakes to limit such interruptions to what is strictly necessary.

In any event, the service provider cannot be held liable in respect of the holder for any errors, omissions, interruptions or delays in the transactions carried out via the website that arise as a result of unauthorised access for the latter. The service provider cannot be held liable for theft, destruction or unauthorised data transmissions resulting from unauthorised access to the website. Furthermore, the service provider remains a stranger to the legal relationship that exists between the owner and the user or between the owner and the website. The service provider cannot be held liable for errors, defects or negligence of a user and the owner among themselves or of the website and the owner among themselves.

If the unique identifier or any other identifier required for the execution of a payment transaction provided by the Holder is inaccurate, the Service Provider shall not be responsible for the incorrect execution of said service.

The Platform is solely responsible for the security and confidentiality of the data exchanged in the context of the use of the Website, in accordance with the Website’s general terms and conditions, and the Service Provider is responsible for the security and confidentiality of the data it exchanges with the Holder under this Agreement for the creation and management of its Account, as well as payment transactions associated with the Account.

15. Limitation of liability of the service provider

The Service Provider shall not interfere in any way with the legal and business relations and any legal disputes between the Holder and the User or between the Holder and the Platform or the Holder and the Payee. The service provider shall not exercise any control over the conformity, security, legality, characteristics and suitability of the products and services that are the subject of a payment transaction.

Each transaction carried out by the holder gives rise to a contract directly between the holder and a user for whom the service provider is a third party. Consequently, the latter cannot be held liable for the non-performance or defective performance of the obligations arising therefrom, nor for any damage caused to the holder.

Notwithstanding anything to the contrary in this Agreement, the Service Provider’s liability to a Holder shall be limited to direct damage as provided by the Regulation.

16. Obligations of the holder

The owner guarantees that no element of his personal space will infringe the rights of third parties nor violate the law, public order or morality.

He undertakes to refrain from the following:
(i) Unlawfully perform the Master Agreement or perform it under conditions that could damage, disable, overburden, or alter the Site;

(ii) impersonate another person or organisation, falsify or disguise his or her identity, age or create a false identity;

(iii) Disseminate personal data or information for a third party such as addresses, telephone numbers, electronic addresses, bank card numbers, etc. In the event of breaches of duty, the Service Provider may take any appropriate measure to stop the machinations in question. He shall also be entitled to suspend, delete and/or block the holder’s access to his account.

(iv) Without prejudice to legal action by third parties, the service provider shall be entitled to take personal legal action to recover the damages he has personally suffered as a result of the owner’s failure to comply with his obligations under this agreement.

If the holder discovers a breach of the above obligations, he is requested to inform the service provider of these machinations by contacting him at the address legal@mangopay.com.

17. Right of withdrawal

17.1 Provisions common to all holders
The holder, who has been recruited within the meaning of Articles L.341-1 et seq. of the French Monetary and Financial Code, has a period of 14 (fourteen) calendar days to exercise his right of opposition, subject, where applicable, to comply with the conditions laid down in Article D341-1 of the same Code, without giving reasons and payment of penalties. This withdrawal period starts from the date of registration as a holder.

17.2. Applicable provisions for the consumer holder
Pursuant to Article L222-7 of the French Consumer Code, the consumer holder has a right of withdrawal that can be exercised within 14 days (fourteen) without giving reasons and payment of contractual penalties. This withdrawal period starts either from the date of conclusion of the framework contract or from the date of receipt of the contractual terms and information if this date is after the date of conclusion of the contract. The framework contract may only start to be performed before the end of the withdrawal period with the consent of the consumer holder. The consumer holder acknowledges that the use of the payment services after the conclusion of the framework contract constitutes an express request on his part to start the performance of the framework contract before the expiry of the period referred to above. The exercise of the right of withdrawal entails the dissolution of the framework contract, which, at the start of execution, is tantamount to termination and calls into question the services previously executed. In this case, the consumer holder is only obliged to pay proportionally for the services actually provided.

17.3. Exercise of the right of withdrawal
The holder must notify the platform’s customer service of his notice of withdrawal by telephone or by e-mail within the deadline and send a letter of confirmation to the address of the platform’s customer service. For this purpose, he may use the withdrawal form provided by the Platform.

18. Rules to combat money laundering and terrorist financing

The service provider is subject to Luxembourg legislation on combating money laundering and terrorist financing.

In application of the provisions of Luxembourg law on the cooperation of financial institutions in the fight against money laundering and terrorist financing, the service provider is required to obtain information from each holder for each transaction or business relationship on the origin, object and purpose of the transaction or account opening. It must also take all necessary steps to identify the holder and, where applicable, the actual authorised user of the account and/or payment transactions associated with it.

The Holder acknowledges that the Service Provider may terminate or postpone the use of the Personalised Security Features, access to an Account or the execution of a Transaction at any time in the absence of a sufficient element to its object or nature. He is informed that a Transaction under this Agreement is subject to the exercise of the communication right of the FIU.

The holder may, in accordance with the legislation, access all information so transmitted, provided that this right of access does not jeopardise the purpose of combating money laundering and terrorist financing where such data relates to the applicant.

Neither criminal prosecution nor civil liability action can be brought, nor sanctions by their profession against the service provider, its directors or its employees who in good faith made the SARs to the national authority.

19. Data protection

The service provider collects and processes all personal data in accordance with the applicable data protection regulations.

The personal data required at the time of registration in the context of the services provided under this contract In the absence of provision of the required personal data, the applicant may face a refusal to access the services.

The data subject is informed that the personal data will be collected in particular for the following purposes: Providing the services as described in this contract; combating money laundering and terrorist financing; processing requests for information and complaints; compiling statistics. These processing operations are necessary, in particular, for the performance of the framework contract and for compliance with legal obligations to which the data controllers are subject. The service provider and the platform act as joint controllers for these treatments.

Personal data may not be transferred to third parties without the express consent of the data subjects. In any case, each data subject shall be informed that the personal data will be communicated to subcontractors for the purposes indicated above. Said subcontractors shall act only on the instructions of the service provider and exclusively for the latter’s account.

The data subject may access the list of subcontractors by transferring the request to the platform’s customer service. The data subject is informed that the service provider will ensure that its subcontractors take all necessary measures to maintain the security and confidentiality of the personal data. In the event of a data breach (loss, interference, destruction, etc.) involving increased risks for the data subject, the data subject will be informed thereof.

The Service Provider reserves the right to disclose Personal Data at the request of a lawful authority in order to comply with all applicable laws and regulations, to protect or defend the rights of the Account Holder or any data subject where compelling circumstances so warrant, or to protect the security of the Account Holder, the Services or the public.

The personal data processed by the service provider in the context of the services provided pursuant to this contract shall be retained for the term strictly necessary to achieve the aforementioned objectives. Unless otherwise provided by law, the data will not be kept beyond the effective date of termination of the contract. It is made clear, inter alia, that personal identification data will be retained for five years from the end of the contractual relationship by virtue of applicable anti-money laundering and anti-terrorist financing provisions.

The data subjects have the following rights to their data under the conditions provided for by the regulations: Right of access, right of rectification, right to object, right to erasure, right to limited processing and right to portability. A data subject may exercise his/her rights at any time by contacting the platform’s customer service. Their request must indicate the surname, first name and identifier and be accompanied by a photocopy of an identity document with signature.

A reply shall be sent to the data subject within one (1) month of receipt of the request. This deadline may be extended by two (2) months in view of the complexity of the number of requests. In this case, the data subject will be informed of the extension and the reasons for the postponement within one (1) month of receipt of the request.

The data subject is informed that he/she has the right to lodge a complaint with the competent authority for any request relating to his/her personal data.

If the data subject submits his or her request electronically, he or she will receive the response electronically unless he or she specifically requests another method.

If the personal data relates to a data subject who is not part of the framework contract and has been transmitted by the holder, the holder shall make it its business to provide the data subject with the information in this Article.

Additional information on the processing of personal data under this contract, the retention periods and the rights of the data subjects are available in the privacy policy of the service provider (accessible on the website www.mangopay.com).

20. Trade secret

The service provider is bound by the duty of confidentiality. However, this confidentiality may be lifted in accordance with applicable legislation, by virtue of a legal and regulatory obligation, in particular at the request of the guardianship authorities, the tax and customs administration and the criminal court, or in the event of judicial seizure of which the service provider is notified. Notwithstanding the foregoing, the User may release the Service Provider from the obligation of confidentiality and expressly indicate to the Service Provider the third parties authorised to receive the confidential information concerning him/her.

It is noted that the duty of confidentiality may be waived by the provision in favour of the companies providing the service provider with important operational tasks under this contract.

21. Intellectual property

The Service Provider retains full ownership of the securities and proprietary rights, regardless of how they are related to the services provided to the Holder. None of these rights are transferred to the Holder for the purposes of this Agreement.

22. Death of the holder and inactive accounts

22.1. Death of the holder
The death of the holder terminates the framework agreement as soon as the service provider becomes aware of it. Transactions taking place from the date of death onwards shall be deemed not to have been authorised, subject to the consent of the rightholders in charge of the succession.

The payment account remains open as long as it is necessary for the settlement of the succession and the service provider ensures the final payment with the consent of the right holders or notary in charge of the succession.

22.2. Inactive accounts
Any inactive account may be subject to an inactivity notice by email from the Service Provider followed by a reminder one month later. The Holder’s payment account will be considered inactive if, after a period of twelve (12) months, no transaction (other than the debiting of the account maintenance fees) has taken place at the instigation of the Holder (or any authorised representative) and he has not reported to the Service Provider in any form whatsoever.

In the absence of a response or use of the balance appearing on the credit side of the account during this period, the service provider may close the account and maintain it for the sole purpose of transferring the amounts due on the account specified by the holder. In the event of death, the

Remaining amount to be refunded to the holder’s rights holders only.

No more payment transactions can be made on the account.

23. Force majeure

The parties shall not be liable for any failure in the present contract in the event of default or non-performance if the cause thereof is related to force majeure as defined in article 1218 of the Civil Code.

24. Independent contractual provisions

If any provision of this Agreement is held to be void or of no effect, it shall be deleted and shall not invalidate the remaining provisions of this Agreement.

If one or more provisions of this contract become invalid or are declared so pursuant to a law, a regulation or as a result of a final decision by a court of competent jurisdiction, the other provisions shall retain their prescribed validity and scope. The provisions declared null and void shall then be replaced by provisions which, mutatis mutandis and in their scope, approximate as closely as possible the provisions originally agreed.

25. Protection of funds

The Holder’s funds shall be deposited at the end of the Business Day following the day during which they are received by the Service Provider in an account for limitation of attachment opened in the books of a bank under such conditions as may be prescribed.

Pursuant to Article 24-10 (5) of the Law of 20 May 2011 published in the Mémorial A No. 104 of 24 May 2011 of the Grand Duchy of Luxembourg and Article 14 of the Law of 10 November 2009 published in the Mémorial A No. 215 of 11 November 2009 of the Grand Duchy of Luxembourg implementing Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions. September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions, the funds raised are protected and do not become part of the assets of the electronic money institution in the event of liquidation, insolvency or any other bankruptcy situation of the institution.

26. Non-assignability

The framework agreement may not lead to any assignment, in whole or in part, whether for payment or free of charge, by the holder. This prohibits the assignment to a third party of any rights or obligations held by it under this agreement. In the event of a breach of this prohibition, in addition to the immediate termination of this agreement, the holder may be held liable by the service provider.

27. Legally binding proof

All data taken over unalterably, reliably and securely from the D-Database of the Service Provider, in particular for payment orders and sent notices, shall be binding between the Parties until proven otherwise.

28. Territorial scope

The provisions of Articles L133-1 et seq. and L314-1 et seq. of the French Monetary and Financial Code apply if the payee’s payment service provider and the payment service provider or payee of a payment transaction executed on the direct debit or on the credit balance of the account are both located in the territory of France, Guadeloupe, Guyana, Martinique, La Réunion, Mayotte, Saint-Martin or Saint-Barthélemy or in another Member State of the European Union, or in another State party to the Agreement on the European Economic Area, and that the transaction is executed in euro or in the currency of a Member State of the European Union which is not a member of the SEPA zone or another State party to the Agreement on the European Economic Area.

The provisions of Articles L133-1 et seq. and L314-1 et seq. of the French Code on monetary and financial matters shall apply (with the exception of the provisions in Articles L. 133-11 to L. 133-13 ; L133-14, II and with the exception of the time limits referred to in Article L314-13, VI) where one of the payee’s payment service provider and the payment service provider or payee of a payment transaction executed on the debit or credit balance of the account is located in the territory of France, Guadeloupe, Guyana, Martinique, La Réunion, Mayotte, Saint-Martin, the other is located in the territory of France, Guadeloupe, Guyana, Martinique, La Réunion, Mayotte, Saint-Martin or in another Member State of the European Union, or in another State party to the Agreement on the European Economic Area, and that the transaction is denominated in the currency of a State party to the Agreement on the European Economic Area, as regards the parties to the payment transaction which takes place in the European Union..

The provisions of Articles L133-1 et seq. and L314-1 et seq. of the French Code on monetary and financial matters shall apply (with the exception of the provisions of Articles L. 133-11, L133-13,I ; L133- 22 ; L133-25 to L133-25-2 ; L133-27, and with the exception of the time limits referred to in Article L314-13, VI) where only the payment service provider of the payee or only the payment service provider or payee is located in the territory of France, Guadeloupe, Guyane, Martinique, La Réunion, Mayotte, Saint-Martin, irrespective of the currency in which the payment transaction is carried out, as regards the parties to the payment transaction taking place in the European Union..

29. Complaint and mediation

The holder is invited to contact the platform’s customer service for any complaints, which may be indicated on the website.

All complaints other than those referred to in Article 10 concerning the conclusion, performance or termination of the Framework Agreement must be communicated by e-mail to the following address: legal@mangopay.com .

The Holder accepts that the Service Provider will respond to its complaints in durable medium. The reply shall be sent promptly and at the latest within fifteen (15) business days of receipt of the complaint by the service provider. However, for reasons beyond its control, the Service Provider may be prevented from responding within fifteen (15) days.

In this case, it shall send the holder a reply specifying the reasons for this additional delay and the date on which it will send the final reply. In any event, the holder shall receive a final reply at the latest within thirty-five (35) Business Days of receipt of the complaint.

The Holder is informed that the CSSF (Commission de Surveillance du Secteur financier – Financial Market Supervisory Authority) is competent for the out-of-court settlement of disputes concerning the performance of this Framework Agreement. For further information on the CSSF and the conditions of such legal assistance, you may contact the customer service of the Platform or visit the website of the CSFF (http://www.cssf.lu). Requests for mediation must be addressed to the mediator of the Commission de Surveillance du Secteur Financier (CSSF), 283 route d’Arlon, L-1150 Luxembourg, (direction@cssf.lu), notwithstanding any other legal action. However, the conciliator may not be instructed if the request is manifestly unfounded or abusive, if the dispute has been previously investigated or is under investigation by another conciliator or a court, if the conciliator’s request was submitted to the professional after more than one year from the written complaint, if the dispute does not fall within the conciliator’s jurisdiction.

30. Language – Applicable law and place of jurisdiction

Except in the case of application of a law of public policy (which applies only within the strict limits of its purpose), it is expressly stipulated that English is the language chosen and used by the parties in their pre-contractual and contractual relations and that the Framework Agreement is governed by French law. Any dispute between the Parties in relation to this Agreement shall be subject to the jurisdiction of the competent French courts.