PAYSAFE SPG

MASTER SERVICES AGREEMENT

 

This PaySafe SPG Master Services Agreement (“Agreement”) is effective (“Effective Date”) as of the date listed on the PaySafe SPG Merchant Order and Receipt Form (“MORF”) by and between EchoSat, Inc., a Delaware corporation, with its principal office located at 250 West Main Street, Suite 3100, Lexington, KY 40507 (“EchoSat”) and the company (“Customer”).  EchoSat and Customer are collectively from time to time referred to herein as the “Parties” with each being individually referred to as a “Party.”

 

The Parties contemplate that Customer may order the PaySafe SPG Services and PaySafe SPG Equipment (as described in Section 1) for its stores or sites receiving PaySafe SPG Service pursuant to this Agreement (“Locations”) as outlined below and as identified herein pursuant to a MORF as initially submitted and on file or as subsequently ordered by Customer and approved by EchoSat during the Term of the Agreement.

 

  1. PAYSAFE SPG is a managed network service which may include, but is not limited to, the PaySafe SPG security appliance, network support, cellular back-up, optional Wi-Fi access points, and optional managed switches. PaySafe SPG provides network devices, including, but not limited to, aggregation routers, switches and access points (“PaySafe SPG Equipment”) and managed services to support high-speed transport of data from Customer’s Location(s) to network destinations using a Customer-provided or other broadband internet connection (“PaySafe SPG Services”) as more fully set forth below.

1.1.     EchoSat Obligations.

1.1.1.      During the Term of the Agreement, EchoSat agrees to supply the PaySafe SPG Equipment listed on the MORF or as ordered during the Term and all other related network equipment required to establish a Customer network as determined by the Network Design.

1.1.2.      The “Network Design” is the set of rules, limitations and preferences governing network controls available at the time of install.

1.1.3.      The final Network Design reflects the proposed set-up specified by the EchoSat support team which will be reviewed with and approved by Customer as implemented at Customer Locations(s).

1.1.4.      Customer and EchoSat will review the PaySafe SPG network to ensure conformity with the Network Design and full operation.

1.1.5.      Cellular Back-up Service:

  1. a) The cellular modem device will be plugged directly into the PaySafe SPG security appliance;
  2. b) Is provided solely for connectivity back-up to process payment transactions and any other use of the cellular back-up service is strictly prohibited;
  3. c) Any excess usage or overage fees not related to payment transactions will be billed to Customer as incurred and Customer agrees that it is responsible for and shall pay any such overage fees;
  4. d) EchoSat may or may not provide immediate notice of misuse and, in any event, shall bill Customer for any charges resulting from cellular back-up use at any time.  Any use of cellular back-up except as intended may result in penalties including temporary suspension of cellular service and overage fees.

1.2.     Description of Installation Services.  When specified in the MORF, or as ordered by Customer, EchoSat will provide on-site installation services which may include:

1.2.1.      Project management;

1.2.2.      CAT5 or better cabling to each device on the network;

1.2.3.      Set up of PaySafe SPG Equipment and connection of other network devices in accordance with the Network Design;

1.2.4.      Documentation of network devices and design configuration;

1.2.5.      Set up of PaySafe SPG Equipment and connection of other network devices in accordance with the Network Design;

1.2.6.      Connection and testing of network devices, excluding Customer provided devices. Any reconfiguration, reprogramming or modification to Customer devices by EchoSat is excluded from the standard installation services provided and, if EchoSat agrees to provide such reconfiguration, reprogramming or modification services, Customer shall pay EchoSat the rates for professional services in effect at the time of such request.

1.3.     Warranty Period.  EchoSat warrants for the Term of the Agreement (“Warranty Period”) that the PaySafe SPG Equipment, except outdoor Wi-Fi Access Points which remain subject to the warranty noted in  Section 2.3.1, will be free from defects in design, material and workmanship, conform to and perform in accordance with the documentation related to such hardware, if any, and function properly during the Term of the Agreement.  Customer’s sole and exclusive remedy and EchoSat’s sole and exclusive liability for any breach of this warranty is replacement of the defective PaySafe SPG Equipment during the Term.

1.4.     Customer Obligations.  During the Term of the Agreement:

1.4.1.      Customer is responsible for approving final Network Design and project schedule.

1.4.2.      Customer will cooperate with EchoSat in establishing a mutually acceptable schedule of installations.

1.4.3.      Customer will be responsible for all additional installation expenses as identified in the installation process and ordered by Customer or specified in the MORF.

1.4.4.      Customer shall provide, upon reasonable notice from EchoSat, right of access to EchoSat or its designee to Customer Locations during Customer’s normal business hours for the performance of EchoSat’s obligations necessary to provide PaySafe SPG, including the installation, servicing and/or removal of PaySafe SPG Equipment.

1.4.5.      Customer is responsible for identifying Customer devices to be installed on the network and identifying Customer device security policies, configuring devices and connecting devices to the portion of the network designated for such devices as recommended by EchoSat.

1.4.6.      Customer is responsible for settings and device configuration to allow access to the PaySafe SPG network, except as directly related to device cutover. Customer bears responsibility for Customer-provided equipment.

1.4.7.      Customer agrees that additional PaySafe SPG Equipment and/or services, not included at the time of initial installation, may be added at the price in effect at the time of delivery in the current Price Guide.

1.4.8.      Customer will provide and is responsible for the broadband circuit to be used for connection to the PaySafe SPG Equipment unless Customer has specified, and EchoSat has agreed to, circuit provisioning in a separate Exhibit to this Agreement that includes circuit provisioning.

1.5.     Network Environment.

1.5.1.      Upon installation, by EchoSat or by Customer, the network activity and devices connected to the EchoSat network will be assessed by EchoSat via the cloud management feature. It will be determined by a EchoSat network engineer that the standard configuration and network controls have been applied and the secure Card Data Environment (“CDE”) is segmented from the non-CDE environment. EchoSat may recommend changes to Customer-provided devices to support the recommended segmentation. If Customer does not make recommended changes to its devices to achieve the segmentation as recommended by EchoSat’s network engineer, the network will be deemed unsecure and Customer will be advised during the “Smart 7” review, either by telephone call, email or letter that there is risk of non-compliance with PCI DSS. Customer acknowledges that it has responsibility for PCI DSS compliance and that a EchoSat determination that the network is secure does not act as a warranty or guarantee of security standard compliance nor is Customer relieved of its independent obligation to maintain PCI DSS compliance.

1.5.2.      Only a Customer employee authorized to request changes to Customer’s Network Design may request modification to the network, including adding devices or opening ports for access.  Any change that impacts a secure segmentation requires written notice to EchoSat and Customer is fully responsible for any such requests and results therefrom.  If the requested change will result in an unsecure network segmentation of the CDE, Customer will be so informed and EchoSat reserves the right to deny any such request.   In any case, all liability for the security of Customer-approved network will rest with Customer.  EchoSat is responsible only for either (i) accommodating Customer’s request or (ii) providing an explanation for denying such request. EchoSat will maintain records of the request, any advisement of risk and any authorization to make the change, particularly if it is against the advice of a EchoSat network engineer.

1.5.3.      Customer is liable for securing the physical environment and securing physical access to all network components. Physical alteration of the network could create risk and EchoSat is not responsible for restricting access to the on premise physical environment.

 

1.6.     EchoSat Installation Responsibilities.  EchoSat will coordinate and dispatch a field technician/engineer to a designated Location for the purpose of installing hardware and network testing of the PaySafe SPG Equipment and, as necessary, Customer-provided devices as required by EchoSat.   EchoSat dispatch will include, but is not limited to the following:

1.6.1.      Coordination of the scheduling of technician/engineer;

1.6.2.      Verification that the technician/engineer shall have all tools and hardware necessary to install and test for final acceptance at Customer end point; clearing site of all debris resulting from the installation.

1.6.3.      EchoSat reserves the right to set the installation schedules for large rollouts (greater than thirty 30 sites per week) within reasonable constraints presented in advance by Customer (i.e. total number of sites to be completed by week, month, etc.).

1.7.     Customer Installation Responsibilities.

1.7.1.      Broadband circuit provisioning will be provided by Customer and Customer agrees that it has responsibility to ensure the circuit is connected prior to EchoSat’s installation of the PaySafe SPG Equipment, unless the MORF otherwise specifies that EchoSat will provision and manage the broadband circuit under terms specified in a separate attachment to this Agreement;

1.7.2.      EchoSat and its contractors will be provided access to Customer facilities inside and out to perform work during normal working hours of Monday through Friday from 8:00 a.m. to 5:00 p.m. local site time.

1.7.3.      Customer, but only to the extent of its actual knowledge thereof, shall inform EchoSat of all environmental factors affecting a site (i.e., asbestos and other hazardous materials, unexposed high voltage wiring, etc.) of which it is then currently aware, and shall attempt to cause Customer to ensure that such factors are readily revealed to a technician performing service.  In the event asbestos is found to exist on site, EchoSat will stop work and inform Customer of the asbestos hazard. Customer will be responsible for removing the asbestos to enable EchoSat or its designee to complete its scope of work.

1.7.4.      Demarcation extension locations (“Demarc”) to be provided by Customer to EchoSat in advance of cutover portion of project.  Demarc extension services will be provided as necessary (while on site for installation) as per the current PaySafe SPG Installation and Equipment Price Guide (“Price Guide”).

1.7.5.      If access is required to Customer device(s), Customer will be responsible for co-coordinating the device technician to be onsite with the EchoSat technician.

1.7.6.      Customer’s electrician is responsible for providing a ground from the main building ground to the hardware location.

1.7.7.      Power and data feeds are present and within six (6) feet of the designated install location when required to complete Customer-specified scope of work.

1.7.8.      Customer is responsible for obtaining any required permits, licenses and other like documentation to insure such installation is in compliance with applicable laws.

1.7.9.      Assumes a lift will not be required.

1.7.10.   Out of Scope Installation:  (i) drilling through masonry; (ii) installing conduit; (iii) installing wiring or equipment in a location or manner that in EchoSat’s reasonable opinion would create a safety hazard; or (iv) installing wiring or equipment more than twelve (12) feet above floor level unless Customer has informed EchoSat prior to the scheduled installation date that the Service location requires a non-standard ladder or scissor lift, and Customer has also agreed prior to such date to the additional cost of providing same.

1.8.     Installation Pricing.

1.8.1.      Professional installation and on-site support services will be charged at the rates set forth on the MORF or in the current Price Guide and at the rates in effect at the time such services are ordered by Customer.

1.8.2.      All pricing assumes work to be performed during normal working hours of Monday through Friday from 8:00 am to 5:00 pm local site time. EchoSat is responsible for any fees incurred for an installation and implementation that goes beyond the initial installation package hours only in the event such extended time period has been caused by EchoSat.   Extended time period caused by Customer not meeting requirements, as set forth in Section  1.7, or for other Customer-caused events will be billed to Customer at the rates set forth in the current Price Guide.

1.8.3.      These prices assume that a DSL/cable router is present at the Location, and that a Demarc extension is not required.  Demarc extension services will be provided as necessary (while on site for installation) at the pricing rates provided as set forth in the current Price Guide.

1.8.4.      All out of scope items will be billed as set forth in the current Price Guide.  Dispatches to resolve issues caused by Customer, Customer’s employees or Customer’s contractors that are found to be beyond EchoSat’s control will be billed back to Customer as set forth in the current Price Guide.  All pricing excludes union labor requirements.

1.8.5.      Pricing assumes that cabling pathways exist, and the structure of the building consists of drywall walls and no more than a ten-foot-high drop ceiling.  Additional fees may be imposed on Customer if the Location specifications vary from these assumptions.

1.8.6.      Requirement for special access equipment such as lifts (access above 20 feet) or safety harnesses/equipment (steel-walking) are considered out-of-scope and will be billed at the appropriate hourly rate.

1.8.7.      Cancellations, Expedites, Reschedules:  (i) EchoSat will charge a $25.00 fee to cancel or expedite a prescheduled task, activity or visit if less than two (2) business days’ notice is provided by Customer until expedited arrival time on site; (ii) EchoSat will charge a $50.00 cancellation fee for less than one (1) business day’s notice, plus the charges for time spent by field personnel when cancellation occurs after field personnel have departed their origination point for the cancelled destination. Cancellation of an activity may impact unit pricing for remaining activities; (iii) EchoSat will charge a fifty percent (50%) labor expedite fee for less than two (2) business days’  notice and a one hundred percent (100%) labor expedite fee for less than one (1) business day’s notice; and  (iv) EchoSat will charge a twenty-five dollar ($25.00) fee to schedule a task or  reschedule a prescheduled task, activity or visit if less than five (5) business days’ notice is provided by Customer until original arrival time on site and for all subsequent reschedule requests made after the first request regardless of notice time.

1.8.8.      While Onsite Delays:  Customer shall provide EchoSat access to designated work areas immediately upon arrival. Wait or on hold time with Customer or site representatives or Customer designated third party that exceeds fifteen (15) minutes per visit, unless otherwise specified, is considered out of scope and will be billed at the appropriate hourly rate. Usernames, passwords, software images, device configurations, IP addresses or other information needed to gain access to or properly complete specified work on Customer devices, subject to the scope of work, must be available immediately upon arrival. Customer shall provide applicable special instruction and contact information critical to completion of the scope of work prior to scheduled arrival.

 

  1. PAYSAFE SPG SERVICES OBLIGATIONS.

2.1.     EchoSat Obligations & Grant of Access:

2.1.1.      Each Location will be connected to the applicable PaySafe SPG Equipment to support the identified Customer devices operating on the PaySafe SPG network. The MORF will detail the PaySafe SPG Equipment and PaySafe SPG Services to be received.

2.1.2.      Any relocation or reinstallation of the PaySafe SPG Equipment deployed as indicated in the Agreement or MORF, as applicable, will be invoiced at the installation rates published in the current Price Guide and in effect at the time of such relocation or reinstallation.

2.1.3.      Subject to Customer’s compliance with the terms of this Agreement, Customer is granted a personal, non-transferable, revocable, and non-exclusive limited right of access only in the United States and only for its lawful and internal purposes as permitted hereunder and for no other purposes whatsoever.  Customer acknowledges and agrees that the PaySafe SPG Equipment and installation information is Confidential Information under this Agreement and subject to the nondisclosure terms contained herein.  No authorization is granted to Customer to use the PaySafe SPG Equipment or PaySafe SPG Services outside the United States or to otherwise transfer, assign or provide a third party access to the PaySafe SPG Services or use of such PaySafe SPG Equipment furnished by EchoSat.

2.1.4.      Customer receives no rights to the PaySafe SPG Services other than those specifically granted herein. Without limiting the generality of the foregoing, Customer will not (i) use the PaySafe SPG Services or PaySafe SPG Equipment for  service bureau or time-sharing purposes or in any other way to allow third parties, including Customer’s related Locations, to exploit the PaySafe SPG Services; (ii) reverse engineer, decompile, disassemble or otherwise attempt to interfere with the PaySafe SPG Services or PaySafe SPG Equipment; or (iii) modify, sub-license, sell, transfer or otherwise distribute the PaySafe SPG Services or PaySafe SPG Equipment.  Further, the PaySafe SPG Equipment and any related documentation furnished to Customer under this Agreement shall be used by Customer only in connection with Customer’s receipt of the PaySafe SPG Services.

2.1.5.      All technology and documentation provided by EchoSat to Customer under this Agreement or made available to Customer through Customer’s receipt and use of the PaySafe SPG Services, including, but not limited to, all deliverables, systems, data and information, know-how, methodologies, equipment, facilities or processes used by EchoSat in connection with providing the PaySafe SPG Services to Customer hereunder, and all modifications or enhancements to any of the foregoing including, without limitation, all copyrights, trademarks, patents, trade secrets and other proprietary rights contained in, or appurtenant to, any of the foregoing shall remain the sole and exclusive property of EchoSat and/or its suppliers.  Any rights granted to Customer pursuant to this Agreement with respect to any of the licensed materials are licensed and are not sold.

 

2.2.     Customer Obligations.  During the Term, Customer acknowledges and agrees:

2.2.1.      Customer either (i) owns and operates each Location or (ii) has authority to offer EchoSat PaySafe SPG Services and each Location.  Customer is responsible for ensuring compliance with this Agreement for itself and each Location and is liable for such Locations’ non-compliance, except to the extent a Location enters into an agreement directly with EchoSat for the PaySafe SPG Services.

2.2.2.      Customer shall use the PaySafe SPG Services only for lawful purposes.  Customer is solely responsible for the content of communications transmitted by Customer using the PaySafe SPG Services.

2.2.3.      Customer, on behalf of itself and its Customer Locations, shall ensure (i) proper operating environments (ii) proper operation of the PaySafe SPG Services; (iii) compliance with all Payment Card Industry Data Security Standards (“PCI DSS”) and/or any other applicable industry standard, as may be amended from time to time; and (iv) compliance with all applicable federal and state laws. In addition, Customer shall be solely responsible for obtaining and maintaining all hardware, software and services necessary for Customer-owned equipment.

2.2.4.      Customer shall ensure that all Customer-owned equipment that connects to the PaySafe SPG Services will perform according to published technical specifications for such equipment and EchoSat’s interface specifications.  Customer shall be responsible for the use and compatibility of equipment or software not provided by EchoSat.  This Agreement does not include the provision, maintenance, or repair by EchoSat of Customer-owned equipment or software, including, but not limited to, terminals, computer and other Customer third party equipment.

2.2.5.      Customer shall implement security procedures necessary to limit physical or other access to the PaySafe SPG Services to Customer’s authorized users and shall maintain a procedure external to the PaySafe SPG Services for reconstruction of Customer’s lost or altered files, data or programs.

2.2.6.      Customer grants EchoSat the right to electronically access the PaySafe SPG Equipment to provide, maintain and monitor the PaySafe SPG Services.

2.2.7.      Notwithstanding the foregoing, PaySafe SPG Services which Customer may have access to will be protected by password.  In such a case, Customer shall (i) ensure that only its full-time personnel shall have access to any passwords provided by EchoSat for use by Customer in connection with the PaySafe SPG Services; (ii) not disclose such passwords to any third party except as permitted herein; (iii) be solely responsible for assigning roles and authority levels to its personnel with respect to its access and use of the PaySafe SPG Services; and (iv) be solely responsible and liable for ensuring that all third parties to whom Customer has granted access to the PaySafe SPG Services comply with all the terms and conditions of this Agreement.  Customer acknowledges and agrees that it is solely responsible for strictly maintaining the confidentiality and integrity of all passwords provided by EchoSat or its suppliers.  Customer shall notify EchoSat immediately in writing (or via email) if the security or integrity of any password or authority level has been compromised or if Customer becomes aware of any conduct by any of its authorized third parties that is in violation of the terms and conditions of this Agreement.

2.2.8.      Prices included in the MORF and in the current Price Guide exclude applicable sales, use or any taxes which are Customer’s responsibility.

2.2.9.      Customer is responsible for all shipping costs associated with hardware shipment; such costs to be invoiced at standard available rates.

2.3.     Hardware Maintenance and Return Policy.

2.3.1.      Unless otherwise specified in Section 1, EchoSat warrants that the provided hardware will be free from defects in design, material and workmanship, conform to and perform in accordance with the documentation related to such hardware, if any, and function properly for one (1) year from the date of installation.  Customer’s sole and exclusive remedy and EchoSat’s sole and exclusive liability for any breach of this warranty is replacement of the defective PaySafe SPG Equipment for one (1) year from the date of installation. Unless otherwise specified, EchoSat will replace and/or repair the damaged PaySafe SPG Equipment.  Any fees incurred for installation of the replacement PaySafe SPG Equipment will be at Customer’s expense.

2.3.2.      For identified PaySafe SPG Equipment failures that cannot be resolved via the EchoSat PaySafe SPG Help Desk, EchoSat will attempt to resolve by overnight shipment of replacement PaySafe SPG Equipment to the service Location and Customer will replace PaySafe SPG Equipment via self-installation with help desk support.  As determined by EchoSat and at EchoSat’s option, if replacement via self-installation by Customer is not an option, a field support technician will be dispatched at Customer’s expense.

2.3.3.      EchoSat may provide optional PaySafe SPG Equipment to be held in Customer’s inventory as a replacement part, in case of immediate need, upon receipt of a one-time deposit equal to the then published price in the current Price Guide; such deposit shall be returned to Customer upon termination of the Agreement, return of unused PaySafe SPG Equipment and receipt of all amounts due from Customer.

  1. TERM AND TERMINATION. 

3.1.     Term. Unless otherwise set forth on a MORF, the Term of this Agreement shall be for a period of thirty-six (36) months  (“Initial Term”) from the Effective Date, and shall renew automatically for successive renewal periods of twelve (12) months (each a “Renewal Term”, and with the Initial Term, the “Term”) at the end of the Initial Term unless (i) terminated sooner in accordance with the termination provisions below; or (ii) either Party terminates this Agreement by giving written notice of termination to the other at least one hundred (180) days prior to the end of the Term.

3.2.     Additional MORFs.  For as long as the Agreement is in effect, Customer may request the provision of additional service(s) or new location(s) for PaySafe SPG Services by providing to EchoSat, and EchoSat accepting, additional MORFs.  All MORFs and additional Locations shall be in governed by the terms and conditions of this Agreement and all similar rights and obligations apply; except that each additional Location shall have an term commencing on the first day of the month after the date of installation for that Location and continuing thereafter for thirty-six (36) months or otherwise shall be subject to the Early Termination Fee as outlined in Section 4.3 below.  After the expiration of the thirty-six (36) month term, such Location shall automatically renew for additional twelve (12) month terms unless otherwise terminated as set forth herein.

3.3.     Termination by Customer.  If Customer cancels or terminates the PaySafe SPG Services under this Agreement provided hereunder before the completion of the Term for any reason whatsoever other than pursuant to Section 3.6 or if Customer does not board (or later removes) all of Customer Locations on EchoSat’s system for the relevant PaySafe SPG Services during the Term of the Agreement, Customer agrees to pay EchoSat the following sums: (i) amounts owned for PaySafe SPG Services performed through the date of termination, (ii) any disconnection, early cancellation, termination or other charges paid by EchoSat to third parties for carrier services and/or equipment which arise as a result of such cancellation or termination, (iii) an amount equal to 75% of the Total Monthly Fees for the remaining Term of this Agreement, and (iv) a deinstallation fee equal to the amount paid by customer for installation of the PaySafe SPG Products (collectively, the “Early Termination Fee” or “ETF”).  The ETF shall apply to each Location and for all PaySafe SPG Services provided hereunder. However, upon notification to and approval by EchoSat, Customer shall not owe the ETF if Customer successfully relocates the PaySafe SPG Equipment to another Location, and utilizes the PaySafe SPG Services at that Location.  Such relocation must be effective within 90 days in order for EchoSat to waive the ETF.

3.4.     Termination by EchoSat.  Notwithstanding any other provision hereof, EchoSat shall have the right to terminate this Agreement or the PaySafe SPG Services provided hereunder at any time and for any reason, in whole or in part by providing Customer fifteen (15) days written notice of termination.  In such event, Customer will pay EchoSat for the PaySafe SPG Services performed through the date of such termination.

3.5.     Termination by the Parties.  The Parties may, upon mutual agreement and in accordance with this Agreement, terminate this Agreement with respect to any Customer Location as provided for in this Agreement, without affecting the rights and obligations of Customer and/or other Locations.

3.6.     Result of Customer Breach. Except as otherwise provided herein, if Customer (i) fails to pay any outstanding charges within ten (10) days after receipt of written notice from EchoSat of delinquency, (ii) breaches of Sections 8-11 of this Agreement, or  (iii) fails to perform or observe any other material term or condition of this Agreement within thirty (30) days after receipt of written notice from EchoSat of such failure, EchoSat may terminate this Agreement.  Customer shall then be liable for all charges incurred as of the date of termination and any termination charges set forth in this Agreement, including ETFs.

3.7.     Result of EchoSat Breach.  Except as otherwise provided herein, if EchoSat fails to perform or observe any material term or condition of this Agreement within thirty (30) days after receipt of written notice from Customer of such failure, Customer may terminate this Agreement.

3.8.     Return of Equipment.  Customer agrees that the obligation to return the PaySafe SPG Equipment and to pay any applicable ETF survives any termination of expiration of this Agreement.

  1. PRICING.

4.1.     Pricing.  Customer acknowledges that the pricing received is based, in part, on volume commitments and the length of the Initial Term of the PaySafe SPG Services.  In consideration for the PaySafe SPG Services provided to Customer by EchoSat, Customer agrees to pay EchoSat the fees and charges relating to such PaySafe SPG Services as set forth in each MORF(s), or as ordered by Customer and detailed in the current Price Guide.  All fees and charges are in U.S. Dollars and are exclusive of any applicable Taxes which will be separately stated and included on each monthly invoice.  The prices also do not include, and EchoSat may impose (or pass through) additional fees and charges on Customer to recover, fees and charges imposed on the provision of the PaySafe SPG Services.

4.2.     Pricing Changes.  EchoSat reserves the right to change the prices for the PaySafe SPG Services, including the prices set forth in the Price Guide, during the Term of this Agreement as necessary to account for any increase in equipment provisioning or facility costs resulting from a change in Customer’s PaySafe SPG Services’ requirements when requested in writing by Customer.  Customer acknowledges that tariffed local access charges (including, but not limited to, call set-up charges) which are imposed by third party carriers and which may be passed through to Customer, as set forth herein, are beyond the control of EchoSat and may be changed by such third party carriers at any time during any Term of this Agreement.  To the extent that any such change results in a price increase that EchoSat elects to pass through to Customer during the Term, EchoSat will furnish to Customer, at Customer’s request, such materials as are reasonably necessary to document such increase.

4.3.     Taxes.  For purposes of this Agreement, “Taxes” means any and all applicable foreign, federal, state and local taxes, including without limitation all use, sales, value-added, surcharges, excise, franchise, property, commercial, gross receipts, license privilege or other similar taxes, levies, surcharges, duties, fees or other tax-related charges, whether charged against Customer or EchoSat, with respect to the PaySafe SPG Services and any facilities provided by EchoSat, but excluding taxes imposed on EchoSat’s revenues or net income.

  1. INVOICING AND PAYMENT.

5.1.     Total Monthly Fee.  EchoSat shall invoice Customer at the end of each full month during which PaySafe SPG Services were received.  Such invoice and any supporting documentation sent to Customer shall set forth the total amount of fees and charges due to EchoSat, including for the PaySafe SPG Services and PaySafe SPG Equipment provided to all Locations (the “Total Monthly Fee”).

5.2.     Payment.  Customer shall pay the Total Monthly Fee to EchoSat within 30 days following the date of invoice from EchoSat, without deduction or setoff.  Interest at a rate of 1.5% per month or the maximum rate permitted by law, whichever is less, shall accrue on the amount of any payment not made when due hereunder from the date thereof until payment is made, and Customer shall pay such interest to EchoSat, on demand.  Payment to EchoSat from the Customer shall in no way be contingent on Customer’s receipt of payment from the Locations.

  1. WARRANTIES AND LIMITATION OF LIABILITY.

6.1.     Representations and Warranties.  Each Party represents and warrants that:  (i) it is a legal entity duly organized, validly existing and in good standing in its state of incorporation and principal place of business; (ii) it has all requisite corporate power and authority to execute, deliver and perform its obligations hereunder; (iii) it is duly licensed, authorized or qualified to do business in every jurisdiction in which a license, authorization or qualification is required for the ownership or leasing of its assets or the transaction of business of the character transacted by it, except when the failure to be so licensed, authorized or qualified would not have a material adverse effect on its ability to fulfill its obligations hereunder; (iv) it is not a party to any agreement with a third party, the performance of which is reasonably likely to affect adversely its ability or the ability of the other party to perform fully its respective obligations hereunder; and (v) its performance of its obligations under this Agreement will not violate any other agreement between such Party and any third party.

6.2.     NO IMPLIED WARRANTIES.  ECHOSAT MAKES NO OTHER WARRANTY OR GUARANTEE, EXPRESS OR IMPLIED, UNDER THIS AGREEMENT, AND ECHOSAT EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ECHOSAT DOES NOT WARRANT THAT THE PAYSAFE SPG SERVICES WILL PERFORM UNINTERRUPTED OR ERROR FREE, OR THAT THE FUNCTIONS OF THE PAYSAFE SPG INTERNET TECHNOLOGY WILL MEET CUSTOMER’S REQUIREMENTS OR THE REQUIREMENTS OF THE VENDORS, MERCHANTS OR RESELLERS.

6.3.     INTERNET. TO THE EXTENT THAT CUSTOMER OFFERS PUBLIC INTERNET ACCESS AND INTERNET SERVICE (“PUBLIC INTERNET ACCESS”), CUSTOMER ACKNOWLEDGES AND AGREES THAT SUCH PUBLIC INTERNET ACCESS IS ON AN “AS IS” BASIS AND CUSTOMER’S PROVISION THEREOF IS AT CUSTOMER’S OWN RISK.  ECHOSAT DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS AND IMPLIED WARRANTIES OR CONDITIONS RELATED TO CUSTOMER’S PUBLIC INTERNET ACCESS, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OR CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT.  ECHOSAT DOES NOT WARRANT THAT PUBLIC INTERNET ACCESS WILL PERFORM AT A PARTICULAR SPEED OR WILL BE UNINTERRUPTED, ERROR-FREE OR SECURE.

6.4.     LOSSES. NEITHER ECHOSAT NOR ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS OR REPRESENTATIVES SHALL BE RESPONSIBLE FOR ANY DAMAGES, LOSSES, CLAIMS, EXPENSES, OR COSTS THAT CUSTOMER OR ITS CUSTOMERS INCURS AS A RESULT OF, OR IN ANY WAY RELATED TO, CUSTOMER’S PROVISION OF PUBLIC INTERNET ACCESS.

6.5.     LIMITATIONS. ECHOSAT’S LIABILITY TO CUSTOMER ON ACCOUNT OF ANY ACTS OR OMISSIONS RELATING TO THIS AGREEMENT SHALL BE LIMITED TO PROVEN DIRECT DAMAGES IN AN AGGREGATE AMOUNT NOT TO EXCEED AN AMOUNT EQUAL TO THE AMOUNT PAID BY CUSTOMER TO ECHOSAT DURING THE MONTH PRECEDING THE MONTH IN WHICH THE CAUSE OF ACTION AROSE.  CUSTOMER IS RESPONSIBLE FOR ALL FINES AND FEES ASSESSED BY ANY CARD SCHEME WITHOUT LIMITATION IN CONNECTION WITH VIOLATION OF PCI DSS COMPLIANCE.  NEITHER ECHOSAT NOR CUSTOMER SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, RELIANCE, PUNITIVE OR SPECIAL DAMAGES, INCLUDING LIMITATION DAMAGES FOR HARM TO BUSINESS, LOST PROFITS, LOST SAVINGS OR LOST REVENUES, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; PROVIDED HOWEVER THAT NOTHING CONTAINED IN THIS CLAUSE (I) SHALL LIMIT CUSTOMER’S LIABILITY TO PAY ANY CHARGES, FEES AND/OR AMOUNTS DUE HEREUNDER FOR (A) SERVICES ACTUALLY PROVIDED BY ECHOSAT TO CUSTOMER PURSUANT TO THE TERMS HEREOF AND (B) CUSTOMER’S NONCOMPLIANCE WITH THE CARD SCHEMES’ RULES, AND (II) SHALL LIMIT EITHER PARTY’S LIABILITY FOR PERSONAL PROPERTY DAMAGE OR PERSONAL INJURY OR DEATH DUE TO ITS GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.

6.6.     APPLICABILITY.  THESE LIMITATIONS OF LIABILITY SHALL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, WARRANTY, STRICT LIABILITY OR TORT, INCLUDING WITHOUT LIMITATION NEGLIGENCE OF ANY KIND, WHETHER ACTIVE OR PASSIVE, AND SHALL SURVIVE FAILURE OF AN EXCLUSIVE REMEDY.

6.7.     BEYOND ECHOSAT CONTROL.  ECHOSAT SHALL NOT BE LIABLE FOR (A) SERVICE IMPAIRMENTS CAUSED BY ACTS WITHIN THE CONTROL OF CUSTOMER, ITS EMPLOYEES, AGENTS, SUBCONTRACTORS, SUPPLIERS OR LICFENSEES OR (B) INTEROPERABILITY OF SPECIFIC CUSTOMER APPLICATIONS.

  1. INDEMNITY.

7.1.     Claims of Infringement.    If Customer’s use of the PaySafe SPG Services and/or the PaySafe SPG software is prohibited due to a claim of infringement of a United States patent or copyright, EchoSat may, at its option, either (i) procure the right for Customer to continue using the PaySafe SPG Services and/or the PaySafe SPG software, or (ii) direct Customer to return any PaySafe SPG software in its possession relating to the infringing PaySafe SPG Services and/or PaySafe SPG software at the expense of EchoSat.  In the case of (ii), Customer will have the right to terminate this Agreement and EchoSat will repay to Customer any charges paid to EchoSat in advance, prorated to the date of termination.  This Section 7.1 states EchoSat’s sole liability and Customer’s sole remedy with respect to an infringement claim.

7.2.     Customer Indemnity.  Customer shall defend, indemnify, and hold EchoSat harmless, at the expense of Customer, against any claims, actions or suits brought against EchoSat, including reasonable attorney’s fees and costs, arising out of (i) any breach by Customer of the terms of this Agreement; (ii) if Customer permits third parties to access the PaySafe SPG Services, arising from any and all claims by any such third party in connection with the PaySafe SPG Services, regardless of the form of action; (iii) Customer’s provision of Public Internet Access; and (iv) any and all claims by any person based upon the content of any communications provided by Customer over the PaySafe SPG Services.

7.3.     Conditions to Indemnity Obligations.  The indemnified Party will give prompt written notice to the indemnifying Party of the claim against which it seeks to be indemnified.  (The failure to give such notice will not relieve the indemnifying Party of its obligations under this Section 8.3, except to the extent that such failure results in the failure of actual notice and the indemnifying Party is damaged as a result of the failure to give notice.)  The indemnified Party will not be liable for any settlement of an action effected without its written consent (which consent will not be unreasonably withheld or delayed), nor will the indemnifying Party settle any such action without the indemnified Party’s written consent (which consent will not be unreasonably withheld or delayed).  Further, the indemnifying Party will have sole control of the defense.

7.4.     Data Security.  In no event shall the EchoSat be responsible or liable for or as a result of Customer’s or any Location’s non-compliance with all then-current legal obligations and security measures, as applicable, the requirements of the PCI-DSS, or any Security Breaches by Customer or a Location.  For the avoidance of doubt, EchoSat shall assume no liability for Customer’s or any Location’s compliance with the PCI-DSS requirements.

7.5.     Limitation.  Customer agrees that the EchoSat, or its assigns, shall not be responsible for any loss or damage to Customer, its Locations, or anyone else, caused by any failure of the EchoSat in the provision of the PaySafe SPG Services. In case of interruption of Services resulting in the complete unavailability of the EchoSat’s payment gateway system, and determined by EchoSat to be the result of errors directly by the EchoSat as documented by a Service Outage Report (SOR), the EchoSat will provide a pro-rated refund of the Subscription Fees owed for any outage longer than 60 minutes in duration.

  1. CONFIDENTIALITY.  The Parties agree to maintain the confidentiality of Confidential Information as follows:

8.1.     “Confidential Information” means the terms of this Agreement and all non-public business information pertaining to the disclosing party (the “Disclosing Party”), including, but not limited to, the pricing and terms and conditions of this Agreement and information relating to (i) the Disclosing Party’s planned or existing computer systems and systems architecture, including computer hardware, computer software, source code, object code, documentation, methods of processing and operational methods; (ii) the Disclosing Party’s customer lists sales, profits, organizational structure, new business initiatives and finances; (iii) the Disclosing Party’s services and products, product designs, and how such products are administered and managed; (iv) the Disclosing Party’s product strategies, tax interpretations, tax positions and treatment of any item; (v) confidential information of third parties with which the Disclosing Party conducts business; and (vi) in the case of EchoSat as the Disclosing Party, EchoSat customer data.  Notwithstanding the foregoing, Confidential Information will not include information that (a) is or becomes generally known to the public not as a result of a disclosure by the receiving party (the “Receiving Party”), (b) is rightfully in the possession of the Receiving Party prior to disclosure by the Disclosing Party,  (c) is received by the Receiving Party in good faith and without restriction from a third party, not under a confidentiality obligation to the Disclosing Party and having the right to make such disclosure or (d) is Cardholder Information as defined by the PCI DSS.

8.2.     Restrictions on Disclosure.  It is anticipated that Disclosing Party may be required to exchange certain Confidential Information with the Receiving Party.  The Receiving Party will: (i) hold all Confidential Information of the Disclosing Party in confidence using at least the same degree of care as it employs to protect its own confidential information and trade secrets of a similar nature, but not less than a commercially reasonable standard of care; (ii) use such Confidential Information only for the purposes of performing its obligations and exercising its rights under this Agreement; and (iii) not disclose such Confidential Information other than to its own officers, directors, employees, agents and representatives having a need to know such Confidential Information to support performance of this Agreement, as well as to any of such Receiving Party’s auditors or attorneys, provided that each such person given access to any such Confidential Information is obligated to maintain the confidentiality of such information.  The Receiving Party will be responsible for any breach of this Section 9.2 by any of its employees, agents or representatives.  Confidential Information may be written, oral, recorded, or on tape, disks or other electronic media. The obligations of confidentiality and limitation on use set forth herein will survive the termination or expiration of this Agreement for any reason for a period of three (3) years.

8.3.     Exceptions.  The Receiving Party may disclose Confidential Information to the extent required by a court of competent jurisdiction or other governmental authority or otherwise as required by law, provided that the Receiving Party uses reasonable efforts to notify the Disclosing Party in advance of such disclosure so as to permit the Disclosing Party sufficient time to request confidential treatment or a protective order prior to such disclosure and redacts the Confidential Information to only disclose Confidential Information to the extent required by law or such judicial or government process.

8.4.     Title.  Title to all tangible forms of Confidential Information and all copies thereof, will be and remain with Disclosing Party.  No right or license is granted by the Disclosing Party to the Receiving Party with respect to Confidential Information, except as expressly set forth in this Agreement. The Receiving Party will not copy or otherwise reproduce, in whole or in part, any Confidential Information without the prior written authorization of Disclosing Party, except as may be reasonably necessary to fulfill the its obligations under this Agreement.  The Receiving Party will promptly return or destroy all tangible forms of Confidential Information, and copies thereof, upon Disclosing Party’s request or termination of this Agreement, and if such Confidential Information is destroyed, will promptly provide evidence reasonably satisfactory to the Disclosing Party of such destruction.  The Receiving Party will destroy all copies of any analyses, compilations, studies or other documents prepared by the Receiving Party or its representatives containing or reflecting Confidential Information and, upon the Disclosing Party’s request or upon termination or expiration of this Agreement, certify that it has taken such action.

8.5.     Remedies for Breach.  The Receiving Party acknowledges that the Confidential Information of the Disclosing Party is unique property of extreme value to the Disclosing Party and that the Disclosing Party may suffer substantial damages not readily ascertainable or fully compensable in terms of money in the event of the breach by the Receiving Party or any of its representatives of any of its obligations under this Agreement.  The Receiving Party agrees and consents that the Disclosing Party will be entitled (without limitation of any other rights or remedies otherwise available to the Disclosing Party) to seek an injunction without posting any bond from any court of competent jurisdiction.

  1. SECURITY.

9.1.     PCI. EchoSat may, at any point, request that the Customer provide proof of compliance with the requirements of the PCI-DSS or any other then-current legal obligations and security measures, as applicable.  Proof regarding compliance with PCI-DSS may include, but may not be limited to, a valid Attestation of Compliance from a third-party PCI-DSS Qualified Security Assessor (QSA), or Self-Assessment Questionnaire (SAQ), whichever is then applicable to the Location, if the Location is required to assess under PCI-DSS.  EchoSat may elect to immediately terminate this Agreement pursuant to Section 4.6 or discontinue service to any Location, if it is deemed by EchoSat, in its sole discretion, that the Customer or any Location may be in violation of PCI-DSS or any other then-current legal obligations and security measures, as applicable, or may not be adhering to such requirements or standards.  EchoSat shall maintain compliance with the PCI-DSS as a Level 1 Service Provider, and the Customer will maintain PCI-DSS compliance as a Location, as defined by the PCI-DSS, and will mutually provide one another with an annual AOC upon request.  Under the PCI-DSS, sections 12.8 and 12.9, EchoSat shall transfer responsibility of a certain limited number of PCI-DSS requirements from the Customer to EchoSat, such certain requirements being listed in EchoSat’s annual AOC, as attested by EchoSat’s QSA, and further defined in this Agreement as Schedule C.  This transfer of responsibility is for the Customer’s own PCI-DSS assessment and/or SAQ, whichever might be applicable to the Customer under the rules of the PCI-DSS.  In no way does this transfer of responsibility constitute a transfer of liability of any breach of cardholder data, or any other breach of personally-identifiable information (PII) by the Customer.  This transfer of responsibility is solely for the purpose of reducing the Customer’s scope of assessment under the rules of the PCI-DSS, as set forth under PCI-DSS sections 12.8 and 12.9.  Full compliance within the PCI-DSS remains the sole responsibility of the Customer.

9.2.     Notice of Breach.  In the event that the Customer’s or one of the Locations’ systems, is breached or an unauthorized third party has access to or has accessed any information that is transmitted pursuant to the terms of this Agreement (a “Security Breach”), the Customer will be required to immediately notify EchoSat of such breach and will be required to take such precautions as may be necessary to prevent such breaches from occurring in the future. To the extent that any Security Breach occurs, or EchoSat has reason to believe that a Security Breach has occurred, and EchoSat reasonably determines that such potential breach may result in financial harm to the EchoSat, EchoSat may immediately declare that an event of default has occurred and immediately terminate this Agreement pursuant to Section 4.6.  In the event of a forensic investigation of a breach, both Parties agree to share logging or any other necessary data to assist any law enforcement authorities or qualified forensics investigators in identifying details of such a breach.  This Section 10.2 shall only apply to those Locations where EchoSat’s services are installed and activated.

  1. NON-SOLICITATION.  Customer agrees not to directly or indirectly hire or solicit, or otherwise engage the services of the other EchoSat’s employees during the term of this Agreement, and for a period of twelve (12) months after termination of this Agreement or twelve months after employee ceases to be employed by EchoSat, whichever is earlier without the prior written consent of EchoSat.  Notwithstanding the foregoing, this Section 11 shall not apply to any general advertisement.
  2. GENERAL TERMS.

11.1.     Right to Amend.  Unless prohibited by the MORF, EchoSat has the right to change or add to the terms of this Agreement at any time, and to change, delete, discontinue, or impose conditions on use of the PaySafe SPG Service by posting such changes on EchoSat’s website. EchoSat may provide Customer with notice of any changes through via email or through other means. Customer’s use of the PaySafe SPG Service after EchoSat’s publication any such changes, constitutes Customer’s acceptance of the terms of the modified Agreement.

11.2.     Remedies.  Except as set forth in Section 7, all rights and remedies of a Party hereunder are in addition to any other rights and remedies to which such Party may be entitled, are cumulative and are not in the alternative.

11.3.     Notices.  Customer agrees that EchoSat can provide notices regarding the PaySafe SPG Service or this Agreement to Customer through EchoSat’s website, or by mailing Notices to the email or physical addresses identified in on a MORF. Notices may include notifications about the PaySafe SPG Services or other information EchoSat is required to provide. Customer also agrees that electronic delivery of a notice has the same legal effect as if EchoSat provided Customer with a physical copy. EchoSat will consider a notice to have been received by Customer within 24 hours of the time a notice is either posted to our website or emailed to you.  All notices and other communications by Customer to EchoSat shall be in writing and shall be deemed received if and when either hand delivered and a signed receipt is given thereof; mailed by registered or certified U.S. mail, return receipt requested, postage prepaid; or telefaxed, return acknowledgment requested, and sent to EchoSat at the address identified above with a copy to EchoSat, Attention: CEO at same address above or at such other address as either Party hereto shall notify the other of in writing.

11.4.     Publicity.  Customer may use promotional materials and EchoSat marks subject to EchoSat’s approval.

11.5.     Governing Law, Venue and Jurisdiction. This Agreement shall be construed and governed by the laws of the State of Kentucky without regard to legal principles related to conflict of laws. Any suit, action or proceeding (collectively “action”) arising out of or relating to this Agreement shall be brought only in the courts of Lexington Kentucky, or the United States District Court for the Eastern District of Kentucky. Customer hereby agrees and consents to the personal and exclusive jurisdiction of said courts over it as to all such actions, and Customer further waives any claim that such action is brought in an improper or inconvenient forum. In any such action, the Parties waive trial by jury. In any judicial proceeding arising out of or relating to this Agreement, the prevailing Party shall recover, in addition to all damages awarded, all court costs, fees and expenses of experts and reasonable attorney’s fees.

11.6.     Relationship of the Parties.  Nothing contained herein shall be deemed to create a partnership, joint venture or any agency relationship between EchoSat and Customer.  Customer acknowledges and agrees that EchoSat may employ the use of subcontractors or third party products for the installation, delivery or performance of the PaySafe SPG Services.  This acknowledgement does not relieve EchoSat of EchoSat’s responsibilities for performance under this Agreement and EchoSat shall remain liable for compliance by any such subcontractor with all provisions of this Agreement.

11.7.     Survival and No Waiver.  Any waiver or alleged waiver of any breach or term of this Agreement shall not constitute a waiver of any other breach or term hereof.  The obligations of the Parties under this Agreement, which by their nature would continue beyond the termination, cancellation or expiration of this Agreement, shall survive termination, cancellation or expiration of this Agreement.

11.8.     No Assignment.  Customer may not assign any of the rights, interests, or obligations hereunder without the prior written consent of EchoSat.  This Agreement binds and benefits the Parties and their respective permitted or authorized successors and assigns.

11.9.     No Third Party Beneficiaries.  Except as may otherwise be provided herein, this Agreement is intended for the sole and exclusive benefit of the signatories, is not intended to benefit any third party, and only the Parties may enforce this Agreement.

11.10. Export Restrictions.  The PaySafe SPG software or PaySafe SPG Equipment used to provide the PaySafe SPG Services may be subject to United States Export Laws and Regulations.  Customer agrees to comply with all applicable export laws and regulations, which may include restrictions on use, users and destinations.

11.11. Severability.  If any term or provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal or otherwise unenforceable, the same shall not affect the other terms or provisions hereof or the whole of this Agreement, but such terms or provisions shall be deemed modified to the extent necessary in the court’s opinion to render such term or provision enforceable, and the rights and obligations of the Parties shall be construed and enforced accordingly, preserving to the fullest permissible extent the intent and agreements of the Parties herein set forth.

11.12. Entire Agreement.  All MORFs and Statements of Work entered into in connection with this Agreement are integral parts of this Agreement and are deemed to be part of this Agreement.  In the event of a conflict exists between a MORF, a Statement of Work, and this Agreement, the terms of this Agreement shall control.  This Agreement constitutes the entire understanding between the Parties with respect to the subject matter hereof, supersedes all previous written or verbal agreements between the Parties, including, but not limited to, all representations, warranties, statements, correspondence, purchase orders, and understandings previously made by Customer or EchoSat with respect to the subject matter hereof.