Falcon Invoice Discounting: The best investment platform in india for investors
Master Service Agreement.pdf
1. 1
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
MASTER SERVICE AGREEMENT
GCASH BUSINESS SOLUTIONS
This Master Service Agreement for GCash Business Solutions (the “Agreement”) is entered into as of
uploading date of the signed Agreement to the GCashPro Portal by the Partner (the “Effective Date”),
by and between the Parties named below who agree on the following terms and conditions:
A. COMPANY
G-XCHANGE, INC., a corporation organized and existing under Philippine laws, with business
address at 8th Floor W Global Center, 9th
Avenue corner 30th
Street, Bonifacio Global City,
Taguig City, hereinafter referred to as “Company”.
B. PARTNER
___________________________, a ___________________________organized and existing
under the laws of ___________________________, with office address at
_________________________________________, hereinafter referred to as the “Partner”.
Company and Partner may individually be referred to as a “Party,” and collectively referred to
as “Parties”.
C. SERVICE AND FEES
Partner may avail of GCash Business Solutions through the GCashPro Portal, subject to the
specific Terms and Conditions applicable thereto.
Partner agrees to pay the full amount of corresponding fees and charges as stated in the
relevant Terms and Conditions for the GCash Business Solutions availed of.
Any withholding tax deducted by the Partner from the payments due shall be evidenced by a
Certificate of Tax Withheld (BIR Form No. 2307) submitted by the Partner to Company within
ten (10) business days from payment thereof. Failure of the Partner to submit the required
document shall entitle Company to deduct the full amount of fees and charges from the
Partner’s account and/or amount due to the Partner, and to refuse any request of the Partner
for the reimbursement of the withholding tax.
D. TERM
This Agreement shall remain valid from execution until terminated by the Parties in accordance
with this Agreement.
Unless otherwise specified in the relevant Statement of Work (“SOW”), each SOW shall be co-
terminus with this Agreement.
E. FRAMEWORK PRINCIPLE
This Agreement is intended to serve as a framework for the provision of services under one or
more Statements of Work (“SOW”). Each GCash Business Solutions service shall have a
specific corresponding SOW, which shall be deemed executed upon Partner’s availment and
acceptance of the applicable Terms and Conditions within the GCashPro Portal. The Terms
and Conditions for each SOW shall describe the responsibilities and obligations of the Parties
specific to the GCash Business Solution availed of, and shall include the scope of work and
fees.
2. 2
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
F. CONTACT PERSONS
All communications, notices, submissions, and other correspondence in relation to this
Agreement and any relevant SOW shall be made through the following Contact Persons:
To Company: To Partner:
G-XCHANGE, INC. Name of Representative:
____________________________________
Address: 8F, W Global Center, 9th
Avenue
corner 30th
Street, Bonifacio Global City,
Taguig City
Address:
____________________________________
E-mail Address/es:
enterprise.acquiring@gcash.com
E-mail Address/es:
____________________________________
Contact Number/s:
____________________________________
G. CONTRACT AND ANNEXES
The Mutual Confidentiality and Non-Disclosure Agreement executed between the Parties, this
Agreement, the SOW(s), and the following Annexes constitute the entire agreement of the
Parties and shall govern their relationship:
Annex 1 GCash Business Solutions - General Terms and Conditions
Annex 2 GCashPro Portal – Terms and Conditions of Use
Annex 3 Data Sharing Addendum
Annex 4 Third Party Security Requirements
[signature page follows]
3. 3
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
IN WITNESS WHEREOF, the Parties, through their duly authorized representatives, have caused this
Agreement to be executed on the date indicated below in Taguig City.
G-XCHANGE, INC.
By:
PARTNER
By:
JOSE LUIS REYES:
Head, Enterprise & Public Sector
Name: _________________________________
Designation: ______________________________
Date: _________________________________
Witnesses:
Name: Pamela Chua
Position: Team Lead for Partner Acquisition and
Management
Name: _________________________________
Designation: ______________________________
Date: _________________________________
Name: Reynante Prado
Position: Enterprise Team Lead
4. 4
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
ANNEX 1
GCASH BUSINESS SOLUTIONS
GENERAL TERMS AND CONDITIONS
1. DEFINITIONS FORMING A PART OF THIS AGREEMENT
“Applicable Laws” means the laws of the Republic of the Philippines, including but not restricted
to, all laws, rules and regulations related to electronic money issuance, money remittance, mobile
payments, and all applicable anti-money laundering, anti-fraud, anti-corruption and anti-bribery
laws.
“Claim(s)” means all claims, demands, suits, actions, losses, liabilities, assessments, judgments,
damages, costs, expenses, payments, fines, charges, and penalties.
“Data Subject” refers to a payee or customer of Partner or an individual whose personal, sensitive
personal, or privileged information is processed.
“Disbursement Service” means a service offered by Company that allows the Partner to disburse
funds from its Virtual GCash Merchant Wallet to the GCash Wallet of its payees, in accordance
with the relevant Statement of Work.
“GCash Account” or “GCash Wallet” is an e-money instrument that stores Philippine Peso (Php)
value which resides in the GCash system. It is an account that is linked to the GCash customer’s
Subscriber Identity Module (SIM) card and which may or may not be evidenced by a physical
GCash Card. The GCash Account functionalities include, but are not limited to, transfer of funds,
payments of goods and services, and balance inquiry.
“GCash Business Solutions” or “Solution(s)” or “Service(s)” refers to the products and
services offered by Company to enterprises and institutions to help efficiently manage their
operations and grow their business such as, but not limited to, payment collections and fund
disbursements; account information and liquidity management; and business growth and financial
protection.
“GCashPro Portal” refers to the GXI-owned web-based platform for enterprises that offers access
to all of GCash Business Solutions in one facility. GCash Business Solutions comes with use of
the GCashPro Portal which can be accessed via web, mobile browser or via GCash Mobile App.
“Fraud” means an intentional deception made and/or conducted by Partner, its employees,
agents, assigns, branches, and network, whether acting individually, or together, or in collusion
with a third party, for his or their personal gain, profit or some unfair or dishonest advantage, or to
damage Company, its subsidiaries or affiliates, relating to the processing, submission of
illegitimate or fictitious transactions or abuse, not consistent with the purpose for which the
Agreement, the relevant SOW, and/or transactions were intended for. Fraud also includes
fraudulent activities of Customers consistent with this definition. For purposes of this definition,
Partner, its employees, agents, assigns, branches and network are assumed to be Partner’s
employees, agents, assigns, sub-branches or sub-merchants.
“Fraudulent Transactions” means activities or transactions processed and/or approved
fraudulently.
“Virtual GCash Merchant Wallet” is an e-money instrument that stores Philippine Peso (Php)
value which resides in the GCash system. It is an account that is created for Partner for purposes
of availing of GCash Business Solutions.
5. 5
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
2. COMMITMENTS AND REQUIREMENTS FOR THE SERVICES
2.1. Pre-onboarding Requirements
2.1.1. Notwithstanding any proposal, term sheet, or application signed by the Partner,
Company reserves the right to cancel, delay, defer, or suspend delivery of the
Service/s if the necessary pre-onboarding requirements are not submitted within five
(5) business days from Effective Date. Pre-onboarding requirements include basic
national and local government registrations, basic corporate or legal documentation,
and other relevant documents as may be required by Company.
2.1.2. Even if Pre-Onboarding Requirements have been provided to Company and/or a
proposal, term sheet, or an application has been signed by the Partner, Company
reserves the right not to proceed with delivering the GCash Business Solutions (or,
if already rendered, terminate or suspend the same), if, among others:
(a) The Partner has made a material misrepresentation or has concealed any
material information in its Pre-Onboarding Requirements or in the proposal,
term sheet, or application form; or
(b) The Partner is later found to be ineligible for the GCash Business Solution under
Company’s policies (such as but not limited to when the Partner is blacklisted
due to poor credit standing or has a history of fraudulent acts or practices).
2.2. If the GCash Business Solution availed of by the Partner requires the creation of a Virtual
GCash Merchant Wallet, the Partner shall submit the supporting documents required by
Company prior to creation of said wallet, as applicable.
2.3. If the Partner avails of a Disbursement Service, the Partner shall maintain a disbursement
volume as prescribed in the relevant SOW.
2.4. After-sales Support
2.4.1 The Partner shall ensure that it has the required resources to provide first level
customer support and assistance at the frontline. The Partner shall address issues
specific to the Partner and its business independently.
2.4.2 Company shall assist Partner in the technical resolution or reconciliation of
transaction information as described in the corresponding SOW of the GCash
Business Solution availed of.
2.4.3 In no case shall Company address any issues arising from the independent
arrangement of the Partner and its customers.
2.4.4 Company shall address issues specific to Company independently with the Partner
assisting in any reconciliation of transaction information.
3. FEES AND CHARGES
3.1 The applicable fees and charges are provided in the Terms and Conditions for each GCash
Business Solution, available on the GCashPro Portal.
3.2 Unless otherwise mutually agreed by the Parties, Company shall automatically deduct the
full amount of applicable fees and charges from the Partner’s account/Virtual GCash
Merchant Wallet, as applicable.
3.3 Company reserves the right to modify the applicable transaction fees, charges, or billing
methods at any time without need of prior notice. The updated schedule of applicable
transaction fees, charges, or billing methods shall be posted on the GCashPro Portal
website/app. Partner hereby agrees that the continued use of the GCash Business
Solution(s) and GCashPro Portal website/app after the effectiveness of any changes in fees,
charges, or billing methods shall be deemed acceptance by Partner of such changes. Non-
payment of the fees or charges for the use of the GCash Business Solutions and GCashPro
Portal website/app is a ground for Company to terminate, suspend, restrict, or deny the
Partner’s use or access to the same.
4. TERMINATION
4.1. This Agreement and/or any SOW may be terminated by a Party for convenience (for
6. 6
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
whatever reason) by sending the other Party a written notice of termination at least sixty
(60) days prior to the intended effective termination date.
4.2. Termination of a particular SOW shall not result in the termination of any other SOW unless
specified by the Party calling for termination; however, if a Party terminates this
Agreement, then all SOW then in force shall also terminate on the effective termination
date.
4.3. Termination on the ground of material breach. For the avoidance of doubt, it is considered
a material breach if the non-performance, acts, or omission of the defaulting Party
adversely affects the nature of the obligation that the defaulting Party promised to deliver,
the benefits that the non-defaulting Party expects to receive after full compliance, and the
extent that the non-performance defeated the purposes of the Agreement. If a Party is in
breach of any of its obligations under this Agreement, the non-defaulting Party shall give
the defaulting Party a notice of breach and, if the breach is capable of being remedied, a
reasonable time to remedy the breach, as may be agreed between the Parties. In the
absence of agreement, the period to cure the breach shall be thirty (30) calendar days
from notice of breach. If the defaulting Party fails to comply with or remedy the breach
within the applicable period, the non-defaulting Party shall be entitled to terminate this
Agreement immediately upon written notice.
4.4. Termination for cause. A Party may terminate this Agreement immediately for any of the
following grounds by giving written notice to the other Party:
4.4.1. continued performance of this Agreement or any portion thereof becomes illegal
for either or both Party under Applicable Law;
4.4.2. A Party becomes insolvent. Insolvent means a Party: (i) becomes bankrupt, goes
into liquidation, or makes any composition or arrangement with its creditors or,
being a company, has a proposal for a voluntary arrangement for a composition of
debts or scheme of arrangement; (ii) undergoes court-supervised rehabilitation
proceedings or submits a pre-negotiated rehabilitation plan; (iii) agrees with
creditors on an out-of-court or informal restructuring agreement or rehabilitation
plan; (iv) against which an application for the appointment of an administrator has
been filed with the court; (v) has a winding-up order made or (except for the
purposes of reconstruction) a resolution for voluntary winding-up passed, or a
receiver appointed, or possession taken by or on behalf of any creditor of any
property the subject of a charge or a receiver appointed under a debenture; and/or
(vi) becomes unable to pay its debts as they fall due; or
4.4.3. A Party ceases or threatens to cease to carry on business for reasons not
attributable to its fault or negligence.
4.4.4. This Agreement may likewise be terminated if either Party suffers a prolonged
Force Majeure event as described herein.
4.5. Neither Party shall make any negative or adverse public announcements even if the other
Party terminates this Agreement.
4.6. Provisions of this Agreement that by their nature continue beyond the expiration or
termination of this Agreement including, without limitation, those relating to (i) Liabilities;
(ii) Limitation of Liability, (iii) Confidentiality, (iv) Governing Law, (v) Settlement of Disputes
and Venue, and (vi) any accrued but unpaid financial obligations, and those provisions
that are expressly stated to survive termination, shall survive the termination or expiration
of this Agreement or SOW, as the case may be.
4.7. In case this Agreement or pertinent SOW is terminated:
4.7.1. Company shall have the right to pull out and/or to disable, block, or suspend the
GCash Business Solutions and/or other related services (if any);
4.7.2. Both Parties shall cease to use the Intellectual Property Rights of the other party;
7. 7
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
4.7.3. Both Parties shall return to the other or destroy (or certify to the destruction of) any
Confidential Information that they have exchanged, transmitted, gathered, or
retained throughout the duration of the Agreement;
4.7.4. the rights and obligations of each Party, except those which are expressed to, or
by their nature, survive expiration or termination of this Agreement, shall cease to
have any effect;
4.7.5. each Party shall cease from accessing and/or using any software, application
program interfaces, and Confidential Information provided by the other Party,
without need for any demand; and
4.7.6. all licenses granted by the Parties to each other are deemed revoked.
5. SYSTEM AND SECURITY MEASURES
5.1 System Provisioning
5.1.1 Unless otherwise stipulated in this Agreement, each Party shall provide, at its own
cost, its share of the software, platforms, applications, equipment, managed
network resources, IT computing environment, and operating systems (collectively
“System”) necessary for the implementation of this Agreement and any SOW.
Maintenance of the System shall be the responsibility of the Party who owns it.
5.1.2 Company will provide Partner with Company’s application program interfaces to
enable the Partner’s authorized users to facilitate the GCash Business Solutions
or the Partner’s equipment and system to interact with Company’s System, if
applicable.
5.1.3 Partner will advise Company in writing of any changes to the application program
interfaces at least thirty (30) days in advance. Company shall work with Partner to
facilitate the successful interface of Partner’s System with Company’s System.
5.1.4 Either Party’s adoption of new technology affecting the GCash Business Solutions
will require the approval of Partner and Company, or both Parties may agree to
collaborate on developing future services that can be incorporated in the GCash
Business Solutions. Partner and Company will pursue this joint development on an
agreed schedule. Service or transaction costs and the corresponding development
costs shall be negotiated between Company and Partner.
5.2 Security Measures
5.2.1 Partner shall, at its own cost, be responsible for developing and implementing the
necessary security measures, including technical, organizational, and physical
controls, that are intended to prevent, detect, deter, and mitigate threats, cyber
security risks, unauthorized System access, and other network or System risks
(“Security Measures”). The Security Measures shall conform with industry and
globally accepted security standards for the security and protection of its System
that connects to Company’s System and GCash Business Solutions. All Claims
arising from a Party’s failure to implement the necessary Security Measures shall
be borne by such Party.
5.2.2 By availing of the GCash Business Solutions, Partner shall:
a) Ensure the accuracy and completeness of data that Partner will transmit and
input to Company’s System;
b) Be responsible for the protection of the data in its possession that will be
transmitted to Company’s System. This shall include data downloaded by
Partner from the Systems;
c) Be responsible for protecting and securing its System that directly interface
with the GCash Business Solutions (e.g., API connection, web portal) from
8. 8
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
cyberattacks and security compromises. Protection includes patching
Partner’s Systems against malware and network-based attacks;
d) Be responsible for implementing vulnerability assessment and/or penetration
testing program that covers the Partner’s endpoints with connection to the
GCash Business Solutions;
e) Restrict access to the GCash Business Solutions to select few authorized
persons only. Access to the GCash Business Solutions should be given only
when necessary to perform a work or task relevant to serving the Partner’s
disbursement requirements. It is presumed that Partner
employees/representatives who have access to GCash Business Solutions
are duly authorized for the purpose, and Partner shall be bound by their
actions;
f) Review user access and their privileges periodically to determine relevance
to current work requirements and Partner must notify Company in writing for
necessary assistance on access updating/removal;
g) Protect the access credentials (e.g., API key and passwords) provided by
Company from unauthorized use. Partner shall be fully accountable for all
activities that may transpire using the access credentials given to the
Partner;
h) Be responsible for monitoring and reviewing System activities performed
using the Partner’s access to the GCash Business Solutions. Partner must
immediately notify Company in writing for suspicious activity it has detected;
and
i) Ensure that access to the GCash Services shall not be used for illegal and/or
unlawful activities, and/or to gain unauthorized access to Company’s System
via a system flaw or other malicious means that could damage, disrupt,
impede, or compromise security of Company’s System or the GCash
Business Solutions.
6. REPRESENTATIONS AND WARRANTIES
6.1. Each Party represents and warrants to the other Party that:
6.1.1. It is a corporation duly organized and validly existing under the laws of the state of
its incorporation, with all necessary licenses and permits for its business, and that
it does not, by entering into this Agreement and relevant SOW(s), violate the
intellectual property rights of any third-party.
6.1.2. It has all the required approvals, and full power and authority to execute and deliver
this Agreement and relevant SOW(s), to perform its obligations hereunder, and to
consummate the transactions contemplated herein;
6.1.3. This Agreement and relevant SOW(s) have been duly authorized, executed, and
delivered by the Parties and are legal, valid, and binding obligation of the Parties,
enforceable in accordance with its terms. The execution and delivery of this
Agreement and relevant SOW(s) and consummation of the transactions
contemplated hereby have been duly authorized by its boards of directors, and no
other corporate action or corporate proceeding is necessary to authorize this
Agreement and relevant SOW(s) or the transactions contemplated hereby;
6.1.4. The execution, delivery, and performance of this Agreement and relevant SOW(s),
shall not:
a) violate the provisions of any Applicable Laws;
b) violate the provisions of its constitutional documents or charter or
9. 9
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
memorandum and articles of incorporation, by-laws or equivalent charter
documents (if applicable), each as may be amended from time to time, or any
resolution of its directors or shareholders, as applicable;
c) violate any judgment, decree, order, or award of any court, governmental
agency or arbitrator to which it is a Party; and
d) conflict with or result in the breach or termination of any material term or
provision of, or constitute a default or acceleration under any agreement,
indenture, mortgage, contract, deed of trust, or any other instruments to which
they are a Party or which are applicable to them, or by which any of its
properties, assets, or business is, or may be, bound;
6.2. It is not under any disability, or prohibition, contractual or otherwise, which might prevent
it from complying with any term of this Agreement and relevant SOW(s); and
6.3. There are no litigations or any legal proceedings pending or contemplated or threatened
by or against any Party hereto, that would materially or adversely affect and/or deter
performance under this Agreement.
7. OBLIGATIONS OF THE PARTNER
7.1. Partner and Company shall strictly comply with all Applicable Laws, rules and regulations
relating to its business at its respective place or site of business. Any material breach of a
Party’s obligations under this clause shall trigger the non-breaching Party’s rights
accordingly.
7.2. Partner shall monitor all transactions taking place pursuant to this Agreement and shall
additionally ensure effective monitoring of such transactions. Partner shall report in writing
any and all suspicious transactions to Company within two (2) business days of the date
of identification. Where Partner is unsure of the legitimacy of a transaction, it shall inform
Company within two (2) business days.
7.3. Partner’s employees, agents or assigns, partners or sub merchants identified to have
participated or aided in or have been involved with, or who Company reasonably believes
has been involved with Fraudulent Activities or Fraudulent Transactions shall be prohibited
by the Partner from using, managing, supervising or otherwise being involved in any way
with the GCash Business Solutions, within twenty-four (24) hours from receipt of
Company’s notice. Partner agrees that failure to do so shall give Company the right to
unilaterally deactivate/suspend any or all GCash Business Solutions to Partner.
7.4. Partner commits to support any investigation of Fraud, abuse and/or potential abuse and
provide Company with any information Company deems necessary to progress such
investigation, including providing Company with details of its employees, agents, or
customers that Partner suspects of having committed Fraud or Fraudulent Transactions
or acts.
7.5. Any violation of this clause will be considered a material breach of the Agreement and
shall give the non-breaching Party the right to terminate the Agreement forthwith. The
non-breaching Party’s right to terminate this Agreement shall be in addition to all other
rights, remedies and recourse available to it under Applicable Law.
7.6. Partner shall preserve records of its transactions in relation to, or connected with, this
Agreement and relevant SOW(s), for the period prescribed by Applicable Laws, unless the
transaction is subject of a regulatory or internal investigation, in which case Partner shall
preserve the records until it receives a written notice from Company and/or governmental
authority having jurisdiction over the subject of the investigation that case has been
resolved and that the records can already be closed. Partner shall give Company access
to its records in whatever form they may be presented and kept (paper, electronic, or
otherwise) in the event Company is required by the Banko Sentral ng Pilinas (BSP) or
other governmental authority to provide such records in the custody of Partner, Partner
shall promptly grant the representatives of BSP or governmental authority such requested
access.
7.7. Partner is committed to developing an anti-fraud culture and eliminating the opportunities
10. 10
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
for terrorism, fraud, bribery, corruption and money laundering. Partner, its agents, and
employees shall not tolerate terrorism, fraud, bribery, corruption and/or money laundering
of any kind. Partner shall seek to take disciplinary action against those found to have
attempted to perpetuate and/or have perpetrated fraud and abuse.
7.8. Partner is committed to conducting business fairly, openly, and honestly and in
accordance with the highest ethical and legal standards.
8. MUTUAL COOPERATION
8.1 The Parties shall cooperate with each other in good faith, in order to achieve the objectives
set forth in this Agreement, and may, from time to time, agree on marketing and
merchandising support for the GCash Business Solutions.
8.2 The Parties shall also, from time to time, review the pricing and implementation of the
Service. In view of rapidly changing technology and economic models, Partner and
Company agree to review the applicability, pricing, and responsiveness of the GCash
Business Solutions being offered to the customer every six (6) months, or at an interval
period agreed by both Parties.
9. LIABILITIES; LIMITATIONS OF LIABILITY
9.1 Except for Claims caused by the sole fault or gross negligence of Company, Company shall
not be liable to Partner for any Claims arising out of, or relating, to:
9.1.1 Service interruptions, interoperability, interaction, or interconnection of the mobile
service providers’ systems or Company’s Systems with the Partner’s System,
whatsoever the cause of the interruption, interoperability, interaction, or
interconnection; and
9.1.2 Communications or transactions that fail to reach their designated beneficiary, or
any failure to deliver communication or transaction intended for end users.
9.2 Each Party (the “Indemnifying Party”) shall defend, indemnify, and hold harmless the other
Party (the “Indemnified Party”) from and against all Claims which the Indemnified Party may
hereafter incur, become responsible for, or pay out as a result of (a) any death or personal
injury (including bodily injury) to any person; (b) destruction, loss, or damage to any real or
personal property; or (c) violation of Applicable Laws to the extent caused by (i) the
Indemnifying Party’s performance or breach of this Agreement, or (ii) any acts, errors, or
omissions by the Indemnifying Party.
9.3 Except for liability arising from (i) personal injury or death, or (ii) breach of intellectual
property rights, or (iii) violations of the data privacy act of 2012 including its implementing
rules and regulations, or (iv) breach of confidentiality obligations, (v) fraud, or (vi) violations
of the Anti-Money Laundering Act or commission of Terrorist Financing activities, neither
Party shall be liable to the other for any loss of revenue, loss of use, loss of production, loss
of contracts, loss of saving, or for any other special, indirect, or consequential loss or
damage or financial or economic loss that may be suffered by the other, whether caused by
breach of contract, tort, negligence or otherwise.
9.4 Company may impose sanctions as stipulated in this Agreement in the event that Partner
violates any applicable Terms and Conditions. In the event that Company chooses to impose
sanctions, Partner can appeal Company’s decision by providing relevant documents with a
reasonable explanation regarding the violation. Company has the right to hold the balances
in Partner’s account up until the investigation is final. The result of Company’s investigation
will be final and irrevocable.
10. CONFIDENTIALITY
10.1 For purposes of this section:
10.1.1 “Confidential Information” means any information which relates to the
operations, processes, or dealings of, or any other information concerning the
organization, business, finances, transactions, or affairs of the Party, including,
11. 11
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
without limitation, any invention, formula, vendor information, customer
information, apparatus, equipment, research, report, know-how, trade secrets,
data, calculations, computer programs and other software, software
documentation, hardware design, technology, marketing or business plan,
forecast, unpublished financial statement, budget, license, price, cost, employee
list, drawings, materials, and models, which is or has been disclosed to and/or
otherwise obtained by the Party in the course of the negotiation or performance of
this Agreement, in each and every case regardless of whether such information is
marked “confidential” or “proprietary” and in whatever form supplied or received
(whether in written, magnetic, electronic, digital, or any other form), but excluding
information which is in the public domain (other than due to a breach of
confidentiality) or which was lawfully obtained by the Party from a different source
in circumstances which do not impose a duty of confidence. For the avoidance of
doubt, (i) the contents of this Agreement and any discussions relating thereto, (ii)
the Party supplied information, and (iii) any document, study, report, or analysis
containing Confidential Information, regardless of whether the Party prepared the
same, shall be considered Confidential Information.
10.1.2 “Disclosing Party” shall mean a party that discloses or makes available
Confidential Information under this Agreement.
10.1.3 “Receiving Party” shall mean a party to whom Confidential Information is
disclosed or made available under this Agreement.
10.2 The Receiving Party agrees that the Disclosing Party is and shall remain the exclusive owner
of all its Confidential Information. The Receiving Party shall not use or attempt to use
Confidential Information in any manner, which may injure or cause Claims, either directly or
indirectly, to the Disclosing Party. All Confidential Information shall for all time and for all
purposes be regarded by the Receiving Party as strictly confidential, and shall not be
disclosed by the Receiving Party to any third party whatsoever unless specifically authorized
by the Disclosing Party in writing.
10.3 If the Receiving Party is required by law, court order, or other governmental action or any
rule or regulation to disclose all or any part of the Confidential Information; or reasonably
anticipates or has reasonable cause to anticipate that the Receiving Party may be so
required to disclose such Confidential Information, the Receiving Party must immediately
notify the Disclosing Party of such actual or anticipated requirement and must use its best
endeavors, as may be consistent with the Receiving Party’s legal obligations, to delay and
withhold such disclosure until the Disclosing Party has had an opportunity to oppose such
disclosure by lawful means. The Receiving Party shall not oppose action by the Disclosing
Party to obtain an appropriate protective order or other reliable assurance that confidential
treatment will be accorded the Confidential Information.
10.4 The Receiving Party acknowledges and agrees that:
10.4.1 the Disclosing Party may suffer and incur Claims if the Confidential Information is
disclosed to, or used or exploited by, any person except as permitted hereunder;
10.4.2 damages may not be an adequate remedy if the Receiving Party breaches any
term or condition hereof; and
10.4.3 in addition to all other remedies to which the Disclosing Party Group may be
entitled under any Applicable Laws, equitable relief in an action against the
Receiving Party for breach or threatened breach of this Agreement may be
obtained, including, but not limited to, temporary restraining orders, temporary
injunctions, and permanent injunctions or any other similar remedy or relief as may
be available under any Applicable Laws.
10.5 All documents and files in whatever form, including any digital support, procedural manuals,
guides, specifications, plans, drawings, designs, and similar materials, lists of present, past,
or prospective customers, customer proposals, technical data or interpretations, or resource
economic models, invitations to submit proposals, price lists, and data relating to the pricing
of the Disclosing Party's services, prospects, or concessions and technical services,
12. 12
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
records, and all other materials containing Confidential Information (including all copies and
reproductions thereof), that come into the Receiving Party’s possession or control by reason
of, or in relation to, the Disclosing Party’s business, whether prepared by the Receiving Party
or others: (i) are the property of the Disclosing Party, (ii) shall not be used by the Receiving
Party in any way other than in connection with the performance of its duties under this
Agreement, (iii) shall not be provided or shown to any third party by the Receiving Party,
except as otherwise allowed under this Agreement, (iv) shall not be removed from the
Disclosing Party's or the Receiving Party’s premises (except as the Receiving Party’s duties
under this Agreement require), and (v) at the termination (for whatever reason) of this
Agreement, shall be left with, or forthwith returned by the Receiving Party to the Disclosing
Party.
10.6 The Receiving Party shall forthwith return to the Disclosing Party, within ten (10) Business
Days from receipt of a written request therefor, any Confidential Information (which is in a
form capable of so being returned) provided to it by or on behalf of the Disclosing Party
together with all copies thereof. That portion of any Confidential Information that may be
found in any analyses, compilations, studies, or other documents prepared by the Receiving
Party and any other Confidential Information not so requested to be returned, or not
returned, will be held by the Receiving Party and kept subject to this Agreement, or
destroyed to the satisfaction of the Disclosing Party within ten (10) Business Days from
termination of this Agreement.
10.7 The Receiving Party shall not publish, permit to be published, or disclose any particulars of
the performance of the Services in any trade or technical paper, website, or elsewhere
without the prior written consent of the Disclosing Party. The Receiving Party must not
discuss this Agreement or the supply of the Services with any media entity and must refer
any enquiries concerning this Agreement or the supply of the Services from any media entity
to the Disclosing Party as soon as reasonably practicable.
10.8 The Receiving Party shall indemnify the Disclosing Party in respect of any Claims which the
Disclosing Party pays, suffers, incurs, or is made liable for in respect of any breach by the
Receiving Party of the terms of this Section and any failure by the Receiving Party to ensure
compliance in accordance with these terms by a person to whom the Receiving Party
discloses the Confidential Information.
11. FRAUD PREVENTION AND ANTI-MONEY LAUNDERING
11.1 Fraud Prevention
11.1.1 Parties shall use all necessary efforts to prevent the occurrence of Fraud in the
performance of its obligations under this Agreement. In the event that a Party
becomes aware of the occurrence of Fraud, any kind of abuse, or conduct of
activities not expressly authorized by this Agreement (collectively, “Unauthorized
Services”), non-defaulting Party shall consider any payment made pursuant to the
Unauthorized Services as excess payment (“Excess Payment”). Non-defaulting
Party shall inform Partner of the occurrence of Unauthorized Services and the
equivalent amount of the Excess Payment.
11.1.2 Non-defaulting Party shall be entitled to deduct the Excess Payment from amounts
due and payable to the defaulting Party. In the event that the defaulting Party
disputes the Excess Payment, such dispute shall be settled by the Parties
amicably or by an independent auditor appointed by the Parties.
11.1.3 The foregoing shall be without prejudice to the right of non-defaulting Party to
terminate this Agreement in accordance with this Agreement.
11.1.4 Parties shall comply with all applicable provisions of: (i) Republic Act No. 9160 or
the Anti-Money Laundering Act and the Bangko Sentral ng Pilipinas (BSP) Circular
No. 706, Series of 2011 or the Updated Anti-Money Laundering Rules and
13. 13
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
Regulations (“AMLA Laws); (ii) Republic Act No. 10168 or The Terrorism Financing
Prevention and Suppression Act of 2012; (iii) Republic Act No. 11479 or the Anti-
Terrorism Act of 2020; (v) Republic Act No. 9372 or the Human Security Act; (vi)
Batas Pambansa Blg. 881 or the Omnibus Election Code of the Philippines; (vii)
Act No. 3815 or The Revised Penal Code of the Philippines; and (viii) their
respective amendments and implementing guidelines, rules, and regulations.
Company reserves its rights and remedies under this Agreement and Applicable
Laws for any violation of these laws as determined during audit conducted by
Company or its authorized third-party representative, the BSP, and/or authorized
government agencies.
11.2 Implications of Fraud and Money Laundering
11.2.1 In addition to the consequences stipulated in this Agreement and Applicable Laws,
transactions processed through Fraud, suspicious transactions, or in the conduct
of money laundering, terrorist financing, and proliferation financing (as defined
under Applicable Laws) shall be revoked. Transactions processed not in
accordance with the standard procedures agreed by the Parties as set out herein
tantamount to having been committed with Fraud.
11.2.2 If Fraud is committed and/or participated in by a Party, the non-defaulting Party
shall, at its election be entitled to the following remedies:
a) Full recovery of actual and documented costs and expenses incurred by it on
account of Fraud;
b) If Company is the non-defaulting Party, blacklisting and deactivation of all
GCash access and services of the individuals involved in the commission of
Fraud;
c) Termination of this Agreement due to defaulting Party’s material breach;
and/or
d) Available remedies under Applicable Law.
11.3 Parties shall strictly implement anti-fraud measures in accordance with Applicable Laws to
ensure that the GCash Business Solutions will not be used for, or will be in aid of,
Unauthorized Services.
12. INTELLECTUAL PROPERTY
12.1. For purposes of this section:
12.1.1. “Intellectual Property Rights” or “IPR” means any and all intellectual and property
rights, including any patents, trademarks, service marks, rights in designs, trade
names, copyright, utility models, eligible layout rights, inventions, innovations,
discoveries and/or improvements, trade secrets, know how, formulae, processes,
technology, applications for, or right to apply for registration for any of them, rights
under licenses and consents in relation to any of them, and other forms of
protection of an equivalent nature or having equivalent effect to any of them, in the
Philippines and the world, whether registered or unregistered, for the duration of
the rights and interests.
12.1.2. “Background IPR” means Intellectual Property Rights of a Party existing as of the
Effective Date and developed or acquired by such Party independently of this
Agreement.
12.1.3. “Foreground IPR” or "Materials” means Intellectual Property Rights developed,
conceived, or created by the Parties pursuant to this Agreement, including
developed materials and all output or product generated, produced by, or that
resulted from the Parties’ performance of this Agreement.
12.2. Each Party represents and warrants that:
12.2.1. in performing its obligations in this Agreement, it will not infringe the Intellectual
Property Rights of third Parties; and
14. 14
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
12.2.2. it has sufficient Intellectual Property Rights to perform its obligations in accordance
with this Agreement.
12.3. Each Party shall defend, indemnify, and hold harmless the other Party from and against
any and all Claims incurred, threatened, or arising, directly or indirectly, from any claims
of actual infringement of any Intellectual Property Rights arising out of, or in connection
with this Agreement, and the effects thereof, and such Claims shall be a debt due and
payable by such Party to the other, without prejudice to any other mode of recovery the
non-defaulting Party may seek payment thereof in accordance with this Agreement.
Unless agreed in writing or as stipulated in this Agreement, a Party shall not use the
Intellectual Property Rights of the other Party without the latter’s express written consent.
12.4 Notwithstanding anything contrary in this Agreement, Partner shall exclusively own all,
rights, title, and interests in, and to any of, Partner’s Background IPR. Company shall
exclusively own all rights, title, and interests in, and to any of, Company’s Background
IPRs and all Foreground IPRs.
13. MISCELLANEOUS PROVISIONS
13.1 Relationship of the Parties
13.1.1 Nothing in this Agreement shall be construed as constituting any of the Parties as
a partner, agent, employer or representative of the other, it being understood that
the relationship of the Parties to each other is as independent contractors to the
other.
13.1.2 No Party shall have any fiduciary obligations to the other arising out of the
provision of the Services or this Agreement.
13.1.3 Nothing in this Agreement shall be construed as giving any Party any right or
authority to act for, or represent or otherwise assume any obligation on behalf of
or in the name of the other Party, and each Party agrees to indemnify the other
and hold it harmless from and against any Claims whatsoever arising in respect of
liabilities incurred as a result of its unauthorized act or representation or
assumption on behalf of or in the name of the other Party.
13.2 Assignment
Company may assign or transfer this Agreement, or any of rights, interests, or obligations
under this Agreement to its affiliate or subsidiary. Except for the foregoing, neither Party
may assign any of its rights and interest under this Agreement to any third-party without
the prior written consent of the other Party.
13.3 Remedies, Waivers
13.3.1 Neither Party’s failure to exercise nor any delay in exercising any right or remedy
under this Agreement on either Party’s part shall operate as a waiver thereof, nor
shall any single or partial exercise of any right or remedy prevent any further or
other exercise thereof of any other rights or remedies. The rights and remedies
herein provided are cumulative and not exclusive of any provided by law or those
which any of the Parties would otherwise have.
13.3.2 Any waiver of any Party’s rights, powers, privileges or remedies must be in writing
and signed by that Party, and any such waiver given by a Party shall only relate to
the particular event for which it is given.
13.4 Notices
13.4.1 All demands, notices, reports, and other communications to be made under, or in
connection, with this Agreement, shall be made in writing, and shall be delivered
by the following means: (1) hand-delivery; (2) courier; (3) registered mail; or (4) e-
mail.
13.4.2 Either Party may change the names or addresses where notice is to be given by
providing notice to the other Party of such change in accordance with this
15. 15
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
Agreement. Any substitute address of the Party shall be effective only after the
lapse of five (5) business days from receipt of written notice of the change in
address.
13.4.3 All notices shall be deemed duly given on the date of receipt of the Party.
13.5 Construction/Interpretation
13.5.1 This Agreement will be construed and administered without regard to authorship
and without any presumption or rule of construction in favor of either Party. This
Agreement is between parties who have reviewed this Agreement and are fully
knowledgeable about its terms and conditions.
13.5.2 In this Agreement, section headings are used for convenience reference only and
shall be disregarded in the interpretation of this Agreement.
13.5.3 Unless the context otherwise indicates, references to a section shall be construed
as references to a section of this Agreement; references to any statute, ordinance
or other law shall include all regulations and other instruments thereunder and all
consolidations, amendments, re-enactments or replacements thereof; and words
importing the singular shall include the plural and vice versa, words importing the
masculine gender shall include the feminine gender and vice versa, and
references to a person shall be construed as references to an individual, body
corporate, association (whether incorporated or not), government or private entity.
13.5.4 In the event of ambiguity, conflict or inconsistency among the documents
comprising this Agreement, the order of precedence is as follows: (i) the pertinent
SOW; (ii) this Agreement; and (iii) all other applicable documents.
13.6 Secrecy and Other Laws
13.6.1 The Parties agree to modify the service or procedures relating thereto as
necessary to comply with the Anti-Money Laundering Act of the Philippines (R.A.
9794).
13.6.2 The Partner shall not be required to disclose any information to Company, or any
Customer Information to any Party, that in the process will violate any of the
provisions of R.A. 10173 (The Data Privacy Act of 2012), R.A. 1405, as amended
(the Bank Deposit Secrecy Law) or of Section 55 of R.A. 8791, as amended (the
General Banking Law of 2000) or the Anti-Money Laundering Law (RA 9194) and
its Implementing Guidelines and relevant memoranda issued by the Anti-Money
Laundering Council or the Securities and Exchange Commission.
13.6.3 Company shall not be required to disclose any information to Partner that in the
process will violate the R.A. 10173 (The Data Privacy Act of 2012), Secrecy of
Communications law, the Public Telecommunications Policy Act (RA 7925), the
Anti-Wire Tapping Law, or the International Treaty on the Secrecy of
Communications or circulars and issuances of the National Telecommunications
Commission or the International Telecommunications Union relative to the secrecy
of communications.
13.6.4 Company and Partner will, however, provide the appropriate disclosure where so
required by the Anti-Money Laundering Law (RA 9194) and its Implementing
Guidelines and relevant memoranda issued by the Anti-Money Laundering Council
or the Securities and Exchange Commission and R.A. 10173 (The Data Privacy
Act of 2012). In addition, Partner shall:
13.6.4.1 retain all records of payees doing GCash transactions for a period of three
(3) years at its offices, and an additional two (2) years thereafter at its
warehouse or an off-site facility.
13.6.4.2 grant Company access at any time, with adequate prior notice, to any
records of its payees using the service.
13.7 Force Majeure
13.7.1 In this section, “Force Majeure” means an exceptional event or circumstance:
a) which is beyond a Party’s control,
16. 16
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
b) which such Party could not reasonably have provided against before entering
into this Agreement,
c) which, having arisen, such Party could not reasonably have avoided or
overcome,
d) which is not substantially attributable to such Party, and
e) falls under any of the events enumerated below:
1) war and other hostilities (whether war be declared or not), invasion, act
of foreign enemies,
2) embargo;
3) ionizing radiation or contamination by radioactivity from any nuclear fuel,
or from any nuclear waste from the combustion of nuclear fuel,
radioactive toxic explosives or other hazardous properties of any
explosive nuclear assembly or nuclear components thereof;
4) rebellion, terrorist act, revolution, insurrection, military, or usurped power
or civil war;
5) riot involving persons other than a Party;
6) natural disasters of overwhelming proportions, including acts of God,
typhoon, hurricane, flood, landslide, and earthquakes;
7) labor disputes or strikes (including any general strike) except those: (i)
specifically directed at a Party;
8) fire or explosion other than: (i) at the premises of a Party; or (ii) where
caused by the act or omission of a Party; and/or
9) other circumstances analogous in substance and scale to the foregoing.
13.7.2 If a Party is or will be prevented from performing any of its obligations under this
Agreement by Force Majeure, then it shall give written notice to the other Party of
the event or circumstances constituting the Force Majeure, and shall specify the
obligations, the performance of which is or will be prevented. The notice shall be
given as soon as practicable after the Party became aware, or should have
become aware, of the relevant event or circumstance constituting Force Majeure.
13.7.2.1 A Party shall give written notice to the other Party when the Force
Majeure effect on it ceases.
13.7.2.2 Company and Partner shall not be liable or deemed to be in default
hereunder for any delay or failure in the performance of any of its
obligations under this Agreement resulting from any cause of Force
Majeure, except where such events are the direct results of Company or
Partners gross negligence or willful misconduct.
13.7.2.3 Notwithstanding anything to the contrary in this Agreement, if Force
Majeure continues for a total of more than the aggregate number of
ninety (90) days, then either Party may give the other Party a notice of
termination of this Agreement.
13.7.2.4 Each Party shall take commercially reasonable steps to mitigate any
Claims resulting from any breach of this Agreement or any Force
Majeure.
13.8 Governing Law
This Agreement shall be governed by and construed in accordance with the laws of the
Republic of the Philippines without giving effect to any principles of conflicts of law thereof
that would permit or require the application of laws of another jurisdiction.
13.9 Settlement of Disputes; Venue
If a dispute arises between the Parties in connection with this Agreement, the Parties shall
negotiate, for a period of thirty (30) days from receipt by a Party of a written notice from
the other Party stating the existence of a Dispute (the “Dispute Notice”), to settle such
17. 17
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
Dispute by mutual discussions between the duly authorized representatives of the Parties
and the senior executives of the Parties (if necessary). If the dispute is still not resolved
after such discussions, either Party may refer the matter to the proper courts of the City of
Taguig, to the exclusion of all other courts and venues.
13.10 Amendment
This Agreement may not be changed or modified or in any way amended except in writing
and signed by the proper officers of both Parties.
13.11 Entire Agreement
The Mutual Confidentiality and Non-Disclosure Agreement executed between the Parties,
this Agreement, the SOW(s), and the Annexes attached hereto constitute the entire
agreement of the Parties.
13.12 Severability
If any provision of this Agreement, or the application thereof to any Party hereto, is held
illegal, null, void, unenforceable or otherwise invalid by any law, decree, ordinance or
judicial or administrative decision, such holding shall not affect the other provisions of this
Agreement which can be given effect without the invalid provision, and to this end the
Parties agree that the provisions of this Agreement are and shall be severable, provided
that if such invalidated provision is deemed essential by any Party or if such invalidation
affects any other provision deemed essential by any Party to the satisfactory performance
of this Agreement, then, upon written notice being given by such Party to the other Party,
the Parties shall promptly negotiate in good faith to the end that this Agreement may be
amended in such manner as may be necessary to make it fair and equitable to both
Parties.
13.13 Counterparts
This Agreement may be executed in any number of counterparts, and by the Parties on
separate counterparts, each of which will constitute an original, but all the counterparts
shall together institute one and the same instrument.
13.14 Electronic Signatures
This Agreement may be executed electronically or by way of electronic signature and such
electronic signatures shall be deemed original signatures, have the same force and effect
as manual signatures and binding upon the Parties. If this Agreement shall be executed
electronically, the best evidence of this Agreement shall be a copy of this Agreement
bearing an electronic signature, in portable document format (.pdf) form, or in any other
electronic format intended to preserve the original graphic and pictorial appearance of a
document.
18. 18
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
ANNEX 2
GCASHPRO PORTAL
TERMS AND CONDITIONS OF USE
This Annex states the terms and conditions under which the Partner may avail of and use Company’s
GCashPro Portal.
1. GCashPro Portal
GCash Business Solutions comes with the “GCashPro Portal”, a GXI-owned web-based platform
for enterprises that offers access to all of GCash Business Solutions in one facility. The one-stop
shop aims to provide a seamless and complete experience to Partners, from onboarding, availing
and/or activation of GCash Business Solutions, to account management. The facility will allow
businesses to activate GCash services such as, but not limited to, payment acceptance, fund
transfers and disbursements, external payments or remittances to banks, marketing and growth
services and business management tools. The platform is available via web, mobile browser or
via GCash Mobile App.
The terms “Platform”, “Portal”, “Website”, “Application”, “Facility”, “Solution” shall be
interchangeably used with GCashPro in this Annex and shall refer to GCashPro as a platform or
website.
2. Consent to Doing Business Electronically
2.1 Partner may access its profile by signing in to the Platform using a web browser or a mobile
device.
2.2 Partner agrees that Company shall impose fees for the use of availed services. The
applicable fees will be posted on the Platform/website/ specific Terms and Conditions to
SOW and may be updated, from time to time.
2.3 Registration to the Platform shall be done via website or the GCashPro Mobile app. During
sign up, Partner must provide the necessary information needed such as, but not limited to,
Partner’s complete name, email address, mobile number, legal business name, Partner
position, Partner industry, business type, business contact information, personal or business
documents, financial statements, identification cards, other details about Partner or
business, etc. Partner represents and warrants that all information provided is correct, true
and accurate. The information Partner has provided shall be the basis for allowing Partner
to avail of certain products or services offered in the Platform. Whenever any information
submitted is found to be false, or inaccurate, Company will allow two (2) business days from
notice to Partner to provide the correct information or documentation. If, after two (2)
business days, the necessary information still has not been submitted to the Company team,
the account of the Partner (i.e., its users) will be deactivated thereby limiting access to
transactions/services until the proper documentation is provided. If no update has been
provided by the Partner after one (1) month, Company will terminate the Partner’s account.
2.4 Once registered, the Platform will allow Partner to avail of Services and/or facilities based
on Partner’s preferences. All transactions and corresponding Fees are stated in the Terms
and Conditions of Use of the respective Services availed which the Partner shall be
required to accept/acknowledge prior to service activation. Once the Service-specific Terms
and Conditions of an applicable Service are accepted by Partner, the Platform will allow
Partner to receive and accept necessary communications sent by the Platform.
2.5 Partner assumes full responsibility and liability for all transactions made by or under
Partner’s profile or account through the use of the Platform. It is understood that Partner’s
authorized users’ password is known only to said users, as such, any transaction effected
using Partner’s authorized users’ password and/or one-time PIN (OTP) shall be conclusively
presumed to have been done, executed or authorized by Partner. Company will not be liable
for any claim arising from Partner’s transactions made through the Platform.
19. 19
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
2.6 Partner agrees that Company, at its sole discretion, is entitled to act on the instructions it
has received from Partner after the correct entry of Partner’s users’ password and/or one-
time PIN. Partner further agrees that Company shall not be liable and Partner agrees to
indemnify Company for any loss, damages or costs that Company incurs for acting in
accordance with or based on instructions it has received from Partner.
2.7 Electronic Communications
2.7.1 Partner agrees that all communications from Company relating to the use of the
Platform or related services may be provided or made available to Partner
electronically by electronic mail, SMS, at the Platform, or website.
2.7.2 Scope of Consent. Partner’s consent to receive electronic communications and do
business electronically applies to all Partner’s interactions or transactions to which
such electronic communications relate, whether between Partner and Company or
other participants in the Platform involved in the transaction.
2.7.3 Hardware and Software Requirements. To access and retain the communications
electronically, Partner will need to use a device with an internet connection and an
up-to-date browser capable of attaching files in the form of portable document
format (PDF), images (JPG/PNG), and other file types prescribed in the platform.
2.7.4 Mobile Technology. Mobile devices such as tablets, smartphones or similar
devices should be able to access and retain electronic communications when
accessing the website or Platform. If Partner’s authorized users are accessing the
website electronically through a mobile device, such as a tablet, smartphone or
similar device, Partner must also be able to access and retain the communications
electronically.
2.7.5 Changes in Partner Contact Information. Partner agrees to keep Company
informed of any changes in the contact number, email address, and other contact
information provided to enable continuous receipt of electronic communications
from the website.
3. Authorized Users
3.1 Partner is responsible for identifying and assigning its Authorized Users, and shall state the
role of its Authorized Users who will access the services in the platform. It is presumed that
users assigned to access the services are duly authorized representatives of the Partner. The
website or Company is not responsible for any loss, damage or cost incurred that results from
the compromise or loss or unauthorized use of the Partner’s profile or account, or any
transactions resulting therefrom.
3.2 Partner shall regularly review its Authorized Users of the platform. Company reserves the right
to automatically suspend the account of the Partner’s users that have been inactive for at least
ninety (90) days.
4. Password Security
It is the duty of the Partner and its users to keep their password and other profile information
confidential and secure at all times. The website provides tips on confidentiality and security. If a
Partner’s user believes that his/her password, confidential information, access points (i.e., mobile
phones, tablets, laptop, computers, etc.) have been compromised, lost or stolen or used without
permission, Partner should contact Company immediately to deactivate the compromised user
account or password. Company is not responsible for any loss, damage or cost incurred that results
from the compromise or loss or unauthorized use of user passwords, confidential information or
access points or any transactions resulting therefrom.
20. 20
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
Unauthorized disclosure internally or externally is prohibited
5. Data Storing and Monitoring
The Platform will collect personal or business information from Partner in order to provide products
or services. By providing these information, Partner and its users consent to the storing,
processing, and monitoring of these information that are provided in the website, mobile app and
other communication channels agreed between Company and Partner such as Email, Viber,
Telegram, Whatsapp, SMS or other similar platforms for purposes which may include: Know-Your-
Customer, risk monitoring, due diligence and regulatory compliance or anti-fraud checks or
investigations, protection and security, data quality, credit scoring, business insights, customer
engagement or marketing/cross-selling of financial products from Company or Globe Fintech
Innovation (GFI)’s companies. Furthermore, Partner consents to Company providing Partner
information to the participating payment processors, if applicable, as Partner selects when
generating payment-related transactions and/or crediting funds to Partner’s bank account and
availing of third-party services available in the platform, if any.
6. New Features or Services
The platform may, from time to time, introduce new features or services. Any new feature or service
will be announced or posted in the website or sent via email or SMS blast or other quick
communication means. Partner’s continuous use of the website or maintenance of the Partner
account in the website is understood to be Partner’s continuous and continued acceptance of these
new features or services regardless of Partner’s actual use of these new features or services.
7. Fees and Charges
The use of GCashPro Portal is subject to the prompt payment by the Partner of the fees and
charges outlined in the applicable Terms and Conditions to SOW availed of. Company may, at any
time and at its sole discretion modify the fees and charges for the availment of GCashPro Portal
by posting such updated fees in the GCashPro Portal. The Partner’s continued use and availment
of GCashPro Portal shall be construed as its acceptance of such new fees and charges.
21. 21
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
ANNEX 3
DATA SHARING ADDENDUM
This Data Sharing Addendum, including all annexures, (the “Addendum”) dated as of the Effective
Date of the Main Agreement executed between the Parties (“Effective Date”) is entered into by and
between G-Xchange, Inc. (“GCASH”) and PARTNER (each a “Party” and collectively “Parties”), who
agree as follows.
ANNEX 3-A
TERMS AND CONDITIONS
ARTICLE 1. DEFINITIONS.
The following terms shall be defined as follows:
1.1. Addendum refers to this Data Sharing Addendum, including all annexures to it.
1.2. Applicable Data Protection Law refers to all laws and regulations applicable to and binding
on the processing of Personal Data by a party, including, as applicable, Philippine Data
Protection Laws.
1.3. Commission refers to the National Privacy Commission of the Philippines or the NPC;
1.4. Consent refers to the same term defined and interpreted under the Applicable Data Protection
Law;
1.5. Data Protection Officer refers to the same term defined and interpreted under the Applicable
Data Protection Law;
1.6. Data Sharing refers to the same term defined and interpreted under the Applicable Data
Protection Law;
1.7. Data Subject refers to the same term defined and interpreted under the Applicable Data
Protection Law;
1.8. Main Agreement refers to the underlying agreement between the Parties to which this Data
Sharing Addendum is being annexed.
1.9. Personal Data refers to the same term defined and interpreted under the Applicable Data
Protection Law;
1.10. Personal Data Breach refers to the same term defined and interpreted under the Applicable
Data Protection Law;
1.11. Personal Information refers to the same term defined and interpreted under the Applicable
Data Protection Law;
1.12. Personal Information Controller or PIC refers to the same term defined and interpreted under
the Applicable Data Protection Law;
1.13. Personal Information Processor or PIP refers to the same term defined and interpreted under
the Applicable Data Protection Law;
1.14. Personnel shall refer to the directors, employees, agents, consultants, successors, and
assigns, or otherwise acting under the authority of the Receiving Party and the Personal
Information Controller;
1.15. Philippine Data Protection Laws collectively refers to the Data Privacy Act of 2012 (Republic
Act No. 10173), the Implementing Rules and Regulations of the Data Privacy Act of 2012,
National Privacy Commission issuances, and all applicable laws, regulations, and Philippine
Supreme Court decisions relating to privacy and data protection.
1.16. Processing refers to the same term defined and interpreted under the Applicable Data
Protection Law;
22. 22
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
1.17. Receiving Party refers to either of the Parties to whom a disclosure or transfer of Personal
Data is made by the other party;
1.18. Security Incident refers to the same term defined and interpreted under the Applicable Data
Protection Law;
1.19. Sensitive Personal Information refers to the same term defined and interpreted under the
Applicable Data Protection Law;
1.20. Shared Personal Data refers to the Personal Data that will be shared pursuant to this
Agreement; and
1.21. Sharing Party refers to either of the Parties who transfers or discloses Personal Data to the
other party.
ARTICLE 2. PURPOSE AND CATEGORIES OF PERSONAL DATA
2.1. This Addendum is executed to enable the Parties to share and process Personal Data of Data
Subjects, subject to this Addendum. Further, this Addendum must remain consistent and limited
to the purpose and categories of Personal Data as may be agreed upon by the Parties by
executing a Schedule of Shared Personal Data (“Schedule”) compliant with the template
attached as Annex 3-B of this Addendum (the “Shared Personal Data”). A copy of the
Schedule is downloadable from this [link].
2.2. In case sharing of Personal Data between the Parties would be needed for further projects or
services such that the purposes and data use are no longer the same as those in the previously
executed Schedule of Shared Personal Data, the Parties may either amend such Schedule to
update the details therein or execute a new Schedule. Any duly executed Schedule of Shared
Personal Data, either new or amended, shall be annexed hereto and become an integral part
of this Addendum.
2.3. No Personal Data shall be shared and processed unless it is covered by a suitable Schedule
of Shared Personal Data.
ARTICLE 3. TERRITORY
3.1. The Parties agree that Personal Data collection, use, and storage will be restricted to Philippine
territory and/or a location as provided in the relevant Schedule of Shared Personal Data in the
template attached as Annex 3-B of this Addendum (or amended Schedule, where applicable).
ARTICLE 4. RESPONSIBILITIES OF THE PARTIES
4.1. The Parties agree, represent, and warrant the following:
4.1.1. This Addendum shall be available for review by the Commission on its own initiative or
upon a complaint of a Data Subject in accordance with the Applicable Data Protection
Law. A copy of this Addendum shall also be provided by the Personal Information
Controller to a Data Subject upon the latter’s written request and in accordance with
the Applicable Data Protection Law.
4.1.2. Each Party shall be responsible for addressing (a) any information request made to it
as Personal Information Controller; (b) any complaint filed by a Data Subject; or (c) any
investigation conducted by the Commission, provided that, the Commission shall make
a final determination as to which Personal Information Controller is liable for any breach
or violation of the Applicable Data Protection Law.
4.1.3. The Data Protection Officer of each Party shall be the first port of call for questions
about this Addendum, any complaint filed by the Data Subject, and/or investigation by
the Commission. If there is a problem such as a potential Security Incident, the relevant
Data Protection Officer must be contacted.
4.1.4. The Parties shall employ data minimization so that the data to be shared are limited to
those that are necessary and compatible with the purposes set out in this Addendum.
4.1.5. The Parties shall ensure that the Shared Personal Data shared and processed pursuant
to this Addendum abides and complies with the principles of transparency, legitimate
purpose, and proportionality.
23. 23
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
4.1.6. The Parties’ relevant departments handling the Shared Personal Data shall coordinate
in creating the guidelines and procedures on the sharing of the personal data. The duly
authorized representatives of the relevant departments shall also fill in the necessary
details in the template provided in Annex 3-B. Where applicable, the Parties shall
further identify and agree upon the program, middleware, and encryption method that
will be used where the disclosure of the Disclosed Personal Data is facilitated by an
online platform.
4.1.7. The Parties shall undertake best efforts to assist each other in demonstrating to the
Commission, other regulators, and Data Subjects that they comply with the Applicable
Data Protection Law.
4.2. The responsibilities of the Sharing Party as a Personal Information Controller are as follows:
4.2.1. As a Personal Information Controller of the relevant Personal Data in their original
possession, such Personal Information Controller shall warrant and be responsible for
the following:
4.2.1.1. ensuring it collects the Personal Data lawfully and in accordance with the
requirements of the Applicable Data Protection Law;
4.2.1.2. obtaining the necessary consent of the Data Subject over the processing of
their Personal Data, except where such consent is not required by the
Applicable Data Protection Law;
4.2.1.3. duly informing the Data Subjects of the fact and details of the sharing of their
Personal Data through an adequate privacy notice;
4.2.1.4. apprising the Data Subjects of the nature, purpose, and extent of the
processing of their Personal Data, including the identity of the relevant
Personal Information Controller; and
4.2.1.5. apprising the Data Subjects of their rights as a Data Subject, and how these
rights can be exercised.
4.2.2. Each Party shall be responsible for the quality of the Personal Data being shared. The
Data Protection Officer of the Sharing Party shall take into account existing controls in
the processing of Personal Data that will be shared in order to give reasonable
assurance that it is accurate and up to date. Adequate care must be undertaken
specifically for Sensitive Personal Information.
4.3. The responsibilities of the Receiving Party are as follows:
4.3.1. It shall segregate the Shared Personal Data from the Sharing Party’s own and its other
clients’ data, unless otherwise allowed by the Applicable Data Protection Law.
4.3.2. It shall not further process the Shared Personal Data in any way or for any purpose other
than those set out in this Addendum, unless otherwise allowed by the Applicable Data
Protection Law.
4.3.3. It undertakes that it will not exploit or modify any Personal Data at any time, whether
during the course of or after the Term of this Addendum, unless otherwise allowed by the
Applicable Data Protection Law.
ARTICLE 5. ORGANIZATIONAL, TECHNICAL, AND PHYSICAL SECURITY MEASURES
5.1. Both Parties shall have in place appropriate organizational, technical, and physical security
measures that protect Personal Data from Security Incidents and Personal Data Breaches. The
Parties shall implement security measures which include the following at minimum:
5.1.1. Specific controls such as but are not limited to, access controls, host security, business
continuity plan, perimeter security, and other measures reasonably necessary to
ensure confidentiality, integrity, and availability of Personal Data;
5.1.2. Measures to securely dispose of the Personal Data, taking into account available
technology so that such information cannot be practicably read or reconstructed;
5.1.3. Plans and procedures to recover Personal Data following an unplanned event resulting
in an interruption of or inaccessibility of Personal Data;
5.1.4. Logging and auditing techniques for access to Personal Data processes;
5.1.5. Anonymization or pseudonymization, and encryption of Personal Data as appropriate,
taking into account the risks that are presented by the processing; and
5.1.6. Regular testing of the effectiveness of the security measures implemented.
Such security measures should not be less rigorous than accepted industry practices and
24. 24
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
applicable standards for information security, privacy, and data protection.
5.2. The PARTNER shall implement the security requirements as provided under the document
entitled “Third Party Security Requirements,” which serves as an annexure to the Main
Agreement.
5.3. The Receiving Party shall ensure that Personal Data is backed up on a regular basis, and that
any backup is subject to security measures as are necessary to protect the confidentiality,
integrity, and availability of Personal Data.
5.4. Both parties shall use appropriate encryption technology for the Client Personal Data whether
at rest or in transit, following industry standards and Applicable Data Protection Law.
ARTICLE 6. PERSONNEL
6.1. Each Party shall take steps to ensure that any person acting under its authority and who has
access to the Shared Personal Data does not process them except for purposes of this
Addendum or as required by law.
6.2. Each Party shall ensure that access to the Shared Personal Data is limited only to its Personnel
who need access only for purposes of this Addendum.
6.3. Each Party shall ensure that its Personnel engaged in the Processing of the Shared Personal
Data are informed of and understand the confidential nature of the Shared Personal Data and
are subject to obligations of confidentiality. Such obligations of confidentiality shall survive the
termination of that Personnel’s engagement or relationship with each Party.
6.4. Each Party shall take reasonable steps to ensure the reliability of any of its Personnel who has
access to the Shared Personal Data, such as ensuring that they have received appropriate
training in data protection prior to their access or Processing of the Shared Personal Data, and
that they have signed a written undertaking that they understand and will act in accordance with
their responsibilities for confidentiality under this Addendum.
ARTICLE 7. DATA SUBJECT ACCESS RIGHTS
7.1. The Parties recognize that Data Subjects have express rights under Philippine Data Protection
Laws as well as under other Applicable Data Protection Law (where applicable), which provide
for the protection and confidentiality of their Personal Data. Data Subjects have a right to see
what Personal Data is held about them, and to know why and how it is processed. Any inquiry
or request by a Data Subject can be made by submitting a written request to the relevant Data
Protection Officers.
7.2. The Parties have an obligation to respond to and resolve any request or complaint they receive
from Data Subjects concerning the Shared Personal Data. The Parties, where necessary, shall
assist each other in handling and fulfilling Data Subject Requests.
ARTICLE 8. INCIDENT MANAGEMENT AND BREACH NOTIFICATION
8.1. Each Party shall implement policies and procedures for guidance of its Personnel in the event
of a Security Incident or Personal Data Breach, including but not limited to the following:
8.1.1. A procedure for the timely discovery of a Security Incident or Personal Data Breach,
including the identification of person or persons responsible for regular monitoring and
evaluation of Security Incidents or Personal Data Breaches;
8.1.2. A policy for documentation, regular review, evaluation and updating of the privacy and
security policy and practices;
8.1.3. Clear reporting lines in the event of a Security Incident or Personal Data Breach,
including the identification of a person responsible for setting in motion the Security
Incident or Personal Data Breach incident response procedure, and who shall be
immediately contacted in the event of a possible or confirmed Security Incident or
Personal Data Breach;
8.1.4. A process to conduct a preliminary assessment for purposes of:
8.1.4.1. Assessing the nature and scope of the Security Incident or Personal Data
Breach and the immediate damage;
8.1.4.2. Determining the need for notification of law enforcement or external expertise;
and
25. 25
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
8.1.4.3. Implementing immediate measures necessary to secure any evidence,
contain the Security Incident or Personal Data Breach, and restore integrity
to the Personal Data;
8.1.5. A process for evaluating the Security Incident or Personal Data Breach as to its nature,
extent and cause, the adequacy of safeguards in place, immediate and long-term
damage, impact of the breach, and its potential harm and negative consequences to
Personal Data and affected Data Subjects;
8.1.6. A procedure for contacting law enforcement in case the Security Incident or Personal
Data Breach involves possible commission of criminal acts;
8.1.7. A process for conducting investigations that will evaluate fully the Security Incident or
Personal Data Breach;
8.1.8. A procedure for immediately notifying the other Party when the Security Incident or
Personal Data Breach is subject to the notification requirement under the Applicable
Data Protection Law; and
8.1.9. A list of measures and procedures for mitigating the possible harm and negative
consequences to the PIC and to the affected Data Subjects in the event of a Security
Incident or Personal Data Breach. Each Party must be ready to provide assistance to
the Data Subjects whose Personal Data may have been affected.
8.2. The Parties shall have the manpower, system, facilities and equipment in place to properly
monitor access to the Shared Personal Data, and to monitor and identify a Security Incident or
Personal Data Breach.
8.3. If a Party becomes aware of any Personal Data Breach involving the Shared Personal Data
processed for the purpose provided in Annex 3-B, it shall:
8.3.1. Notify the other Party of the Personal Data Breach by written notification to its Data
Protection Officer (“Breach Advice”) via e-mail within twenty-four (24) hours from
knowledge or discovery thereof.
8.3.2. The Breach Advice shall at least specify (a) the time, date, location, and description of
the breach, including a description of affected and/or potentially affected Personal Data;
(b) the categories and approximate number of Data Subjects and records concerned;
(c) assessment of the likely consequences of the breach; and (d) measures taken
and/or to be taken to mitigate the consequences of the breach.
8.3.3. Investigate the Personal Data Breach and provide the other Party with information
about the Personal Data Breach, and apprise the other Party of any additional
information related to the Personal Data Breach that may become available after initial
notification.
8.3.4. Provide further details and actions taken on the Personal Data Breach as may be
requested by the other Party.
8.3.5. Take reasonable steps to mitigate the effects and to minimize any damage resulting
from the Personal Data Breach, and undertake immediate action to prevent a repeated
occurrence of the breach.
8.4. The Parties shall cooperate with each other on incident investigation requirements for any
Security Incident or Personal Data Breach of Personal Data.
8.5. Upon receipt of information on, or confirmation or knowledge of, the Personal Data Breach, the
notifying Party in Article 8.3 shall assess the breach to determine if it is one that requires
notification to the Commission, other regulatory bodies, and/or affected Data Subjects under
the Applicable Data Protection Law (“Notifiable Personal Data Breach”). If the event is so
determined as a Notifiable Personal Data Breach, the Party affected shall make the necessary
notifications as may be required by the Applicable Data Protection Law.
8.6. A Party’s exposure to a Personal Data Breach and/or investigation by the Commission allows
the other Party to suspend this Addendum. Such suspension shall continue until the security
incident that caused the Personal Data Breach has been remedied; until the investigation
conducted by the Commission has cleared the relevant Party of any liability; and/or as may be
further agreed upon by the Parties.
ARTICLE 9. AUDIT
9.1. Each Party shall be entitled to audit the other Party to check for compliance with this Addendum
and/or the Applicable Data Protection Law. Such audit may be conducted prior to and/or during
26. 26
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
the sharing of Personal Data and at annual intervals thereafter. The Parties shall document the
result of the audit and provide each other a copy of an audit report.
9.2. In the course of the audit, the auditing Party may:
9.2.1. obtain any and all relevant information and documentation from the other Party
necessary for the conduct of an audit and to demonstrate its compliance with this
Addendum within thirty (30) days from receiving a written request;
9.2.2. require the submission of the following documentation within thirty (30) days from
receiving a written request:
9.2.2.1. policies, plans, and procedures pertaining to privacy and data protection
9.2.2.2. policies, plans, and procedures pertaining to information security; and
9.2.2.3. policies, plans, and procedures pertaining to incident management;
9.2.3. request the other Party to submit an existing attestation or certificate by an independent
professional expert on their compliance with the Applicable Data Protection Law and
the security requirements therein; and
9.2.4. conduct an on-site inspection of the business operations of the other Party or have the
same conducted by a qualified third-party auditor or assessor, which shall not be an
existing independent consultant of the other Party. The on-site inspection shall be
conducted during regular business hours and with reasonable and timely advance
notice to the other Party.
9.3. A Party may, in writing, require the other Party to implement necessary remediation measures
in order to address any deficiencies that would prevent either Parties from complying with this
Addendum and/or the Applicable Data Protection Law (“Remediation Notice”).
9.3.1.If the other Party raises no reasonable objections to the implementation of the necessary
remediation measures within thirty (30) days from receipt of the Remediation Notice, then
such failure to object shall be taken as an agreement to perform necessary remediation
measures.
9.3.2.Either Party may propose specific remediation measures necessary to address the
deficiencies. Failure to raise any reasonable objection to the proposed remediation
measures within thirty days from receipt of the proposal shall be taken as an agreement
to the sufficiency thereof.
9.3.3.The Parties shall exert good faith efforts to first resolve any dispute as to the necessity of
implementing remediation measures by escalating it to their respective higher levels of
management. This section is subject to Article 14.2 on Dispute Resolution.
9.4. Any and all relevant information and documentation obtained in the course of the audit shall be
treated as confidential.
ARTICLE 10. RETENTION PERIOD OF PERSONAL DATA
10.1. Personal Data should only be processed for as long as is necessary for the fulfillment of the
purposes for which they have been collected and processed. Sharing of Personal Data should
be limited accordingly and for no longer than the Term of this Addendum. Specific justification
for processing of Personal Data beyond this period is required.
10.2. If a correction has been made to the accuracy of the Shared Personal Data, a copy of the
revised Shared Personal Data shall be communicated to the other Party. The other Party must
then replace the outdated data with the revised data.
10.3. The Retention Period for specific Personal Data shall be as provided in the relevant Schedule
of Shared Personal Data in the template attached as Annex 3-B of this Addendum (or amended
Schedule, when applicable). At the end of the applicable Retention Period, the Personal Data
shall be deleted in accordance with Article 11 herein, unless otherwise allowed by law.
ARTICLE 11. RETURN OR DESTRUCTION OF PERSONAL DATA
11.1. Upon request by the Sharing Party or after the lapse of the Retention Period of the Personal
Data as indicated in the relevant Schedule of Shared Personal Data in the template attached
as Annex 3-B of this Addendum (or amended Schedule, when applicable), the Receiving Party
shall without undue delay, and in no case beyond thirty (30) days from such request or lapse of
Retention Period:
11.1.1. Return all Shared Personal Data in any recorded form including any other property,
information, and documents provided by the Sharing Party, as applicable;
27. 27
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
11.1.2. Destroy, permanently delete, wipe, overwrite or otherwise make irretrievable all
copies made of the Shared Personal Data and any other property, information, and
documents following industry standards and the Applicable Data Protection Law;
11.1.3. Ensure and warrant the destruction, permanent deletion, wiping, overwriting, or
irretrievability of all Shared Personal Data from the systems of its Personnel and
approved Personal Information Processors, if any; and
11.1.4. Deliver to the Sharing Party a certificate confirming the Receiving Party’s compliance
with the return or destruction obligation under this section, if requested by the Sharing
Party.
ARTICLE 12. DISCLOSURE TO THIRD PARTIES
12.1. The Parties hereby approve the engagement of Personal Information Processors by each other.
The Parties confirm that their Personal Information Processors have provided all the necessary
assurances and guarantees that they have adequate organizational, technical, and physical
security measures to protect the Shared Personal Data. The Parties further confirm that they
have imposed appropriate contractual obligations on their respective Personal Information
Processors that are no less protective than the obligations in this Addendum
12.2. A Party may remove, retain, or engage new Personal Information Processors at any time. If
required by the Applicable Data Protection Law, that Party will obtain the other Party’s approval
to retain or engage new Personal Information Processors in accordance with the following
process:
12.2.1. The Party shall notify the other Party with at least thirty (30) days’ prior notice before
retaining or engaging any new Personal Information Processor that will have access to
the Shared Personal Data.
12.2.2. If the other Party raises no reasonable objections that include an explanation of the
grounds for non-approval in writing within this thirty (30) day period, then this shall be
taken as an approval of the retention or engagement of the new Personal Information
Processor.
12.2.3. If the other Party raises reasonable objections, the Party retaining or adding a new
Personal Information Processor shall prevent the processing of the Shared Personal
Data by the objected-to Personal Information Processor. The Party retaining or adding
a new Personal Information Processor may propose changes or measures that address
the concerns raised in the objection of the other Party.
12.2.4. If the other Party raises no reasonable objections to the proposed changes or measures
that address the concerns raised in the objection, which shall include an explanation of
the grounds for continued objection in writing within a thirty (30) day period, then this
shall be taken as an approval of the proposed changes or measures as well as the
retention or engagement of the new Personal Information Processor.
12.3. The Parties remain responsible for any acts or omissions of their respective Personal
Information Processors in the same manner as if they were the own acts and omissions of such
Party.
12.4. It shall not further disclose the Shared Personal Data from the Sharing Party with any other
third parties without the prior knowledge and written agreement of the Sharing Party, unless
otherwise allowed by law. In case Shared Personal Data will be shared with third parties, the
disclosing Party shall ensure that the third party has provided all the necessary assurances and
guarantees that it has adequate administrative, physical, technical, organizational and
procedural security measures to protect the Shared Personal Data.
12.5. If necessary to comply with the Applicable Data Protection Law, the Parties shall provide the
requesting Party a list of all of its Personal Information Processors and/or all other third parties
to which the Shared Personal Data was disclosed together with the necessary information such
as but not limited to the following: (a) Shared Personal Data being processed; (b) the purpose
of processing; (c) the security mechanisms employed to protect the Shared Personal Data; and
(d) other necessary information. Such information shall be provided to the requesting Party
within a reasonable period of time to comply with the Applicable Data Protection Law.
12.6. In the event a Party receives an order or request from any third party, including from any
government agency, for disclosure of the Shared Personal Data, such Party shall (a) use every
reasonable effort to redirect the third party to request data directly from the Sharing Party; (b)
promptly notify the Sharing Party, unless prohibited under applicable law and, if so prohibited
28. 28
CONFIDENTIAL – PROPRIETARY
Note: Any alteration or erasure will invalidate this Agreement
unless countersigned by Company Legal
from notifying the Sharing Party, use all lawful efforts to obtain the right to waive the prohibition
in order to communicate as much information to the Sharing Party as soon as possible; and,
(c) use all reasonable lawful efforts to challenge the order for disclosure on the basis of any
legal deficiencies under the Applicable Data Protection Law.
ARTICLE 13. LIABILITIES
13.1. Each Party shall be responsible and liable for its own and its own Personal Information
Processor’s acts. There shall be no joint and several liability between the Parties, unless liability
arose at the point of exchange of the Shared Personal Data.
13.2. Notwithstanding the preceding section, a Party shall indemnify and keep the other Party
indemnified against:
13.2.1. all losses, claims, damages, liabilities, fines, sanctions, interest, penalties, costs,
charges, expenses, compensation paid to Data Subjects (including compensation to
protect goodwill and ex gratia payments), demands and legal and other professional
costs (calculated on a full indemnity basis and in each case whether or not arising
from any investigation by, or imposed by, the Commission or other relevant regulatory
body) arising out of or in connection with any breach by the relevant Party of its
obligations under this Addendum and the Applicable Data Protection Laws;
13.2.2. all amounts paid or payable by a Party to a third party which would not have been
paid or payable if the relevant Party’s breach of this Addendum and the Applicable
Data Protection Law had not occurred; and
13.2.3. all amounts paid or payable by a Party to a third party arising out of the relevant
Party’s willful misconduct or gross negligence.
13.3. A Party shall be responsible for and remain liable to the relevant Party for the actions and
omissions of all unauthorized persons engaged in the unauthorized processing of the Shared
Personal Data, including but not limited to third parties or Personal Information Processors
engaged by the relevant Party.
ARTICLE 14. DISPUTE RESOLUTION
14.1. The Parties shall exert good faith efforts to first resolve any dispute by escalating it to their
respective higher levels of management (“Escalation Notice”). Such dispute shall include any
controversy, or claim arising out of, relating to, or having any connection with this Addendum
or otherwise related to the Parties' obligations, including any question regarding the validity,
interpretation, scope, performance, or enforceability of this Addendum.
14.2. If the dispute continues unresolved for a period of fifteen (15) days from the Escalation Notice,
any dispute, controversy, difference or claim arising out of or relating to this Addendum,
including the existence, validity, interpretation, performance, breach or termination thereof or
any dispute regarding non-contractual obligations arising out of or relating to it (for the purpose
of this Clause, a “Data Privacy Dispute”) shall be exclusively referred to and finally resolved
by arbitration administered by the Philippine Dispute Resolution Center, Inc. (“PDRCI”) under
the then-current PDRCI Administered Arbitration Rules in force when the notice of arbitration is
submitted (for the purpose of this Clause, the “Rules”).
The seat of arbitration shall be the Philippines. The number of arbitrators shall be one and the
arbitration proceedings shall be conducted in English. The arbitrators shall apply the
substantive Laws of the Republic of the Philippines in deciding the merits of the Data Privacy
Dispute.
14.3. The Rules are incorporated by reference into this Clause and capitalized terms used in this
Clause which are not otherwise defined in this Addendum have the meaning given to them in
the Rules.
14.4. The arbitral tribunal shall maintain the confidentiality of the arbitration and conduct the
arbitration in an impartial, practical and expeditious manner, giving each Party sufficient
opportunity to present its case.
14.5. Unless the Parties expressly agree in writing to the contrary, the Parties undertake to keep
confidential all awards and orders in their arbitration as well as all materials in the arbitral
proceedings created for the purpose of the arbitration and all other documents produced by
another Party in the arbitral proceedings not otherwise in the public domain, save to the extent