DEFINITIONS

All terms defined in this SLA shall have the meaning set out in the MSA, unless defined otherwise below.

“Bug” means an unwanted or unintended property of the Services that can be reproduced and causes the Services to malfunction but does not affect the availability of the Services;

“Business Day” means Monday to Friday excluding any national holidays in the USA or Netherlands;

“Business Hours” means 9.00am to 5.00pm Central European Time (CET) and 9:00am to 5:00pm Eastern Standard Time (EST);

“Emergency Maintenance” means maintenance, upgrades, Updates, repairs to hardware and software related to resolving immediate problems causing instability in the Services;

“Incident” means a malfunction of the Services which can be reproduced, is not a Bug and whose root cause is found in the hosting service, network, hardware or third-party software components;

“Planned Maintenance” means maintenance, upgrades, Updates, installation of new versions and repairs which are non-critical and not urgent, to hardware and software;

“Downtime” means all Services subscribed to by the customer are offline and not available;

“Release” means a modification in the functionality of the Services which results in a change in the version number set out in the SLA;

“Updates” means any new or updated applications services or tools (including any software programmes) made available by Provider as part of the Services during the Term.

1. HOSTING SERVICES

Hosting Services shall include hosting of the Services together with related components and Customer owned content as set out below.

1.1 Availability

Provider will use commercially reasonable measures in terms of redundancy, monitoring and platform management to make any Services available via the Internet 99% monthly and 99.5% annually, 24 hours a day 7 days a week during Business Hours. Availability shall be measured monthly and the items set out in clause 7 of this SLA and all Planned Maintenance shall be excluded from the calculation of availability of the Services. Availability is calculated as follows: Monthly uptime % = (available minutes) - (downtime minutes) / (available minutes).

1.2 Service Credits

If the Services are not available in accordance with the applicable availability level set out in clause 1.1 of this SLA, the following service credits shall apply:

Service credits are expressed as a percentage of the monthly fee paid for the service affected, (as applicable). Any claim for a service credit must be made in writing within 30 days of notification of the Customer’s entitlement. Service credits will be credited to the next invoice issued to the Customer following the period in which the availability of the Services was not met.

Service credits are the Customer’s sole and exclusive remedy for any performance or availability issues of the Services under the Agreement and this SLA.

2. SECURITY

The infrastructure and security provided by Provider and the data centres it uses to provide the Services is set out in more detail in the DPA.

3. SUPPORT SERVICES

Support services shall include maintenance of the Services and Customer platform including corrective maintenance and enhancements and a customer support service for the Services and Customer platform as set out below.

3.1 Scope of Support Services

Maintenance and support services shall not be provided for issues arising from (i) modifications, alteration or configuration of any of the Services by the Customer or a third party that has not been authorised in writing by the Provider and/or (ii) technology or IPR that has not been provided by the Provider pursuant to the Agreement.

3.2 Problem Notification

The Provider provides support services, in English, from support centres in the USA & Netherlands.

Problems may be reported by email, telephone or via the Internet, using our support centre.

• Netherlands +31 (0)20 2251 447
• USA +1 (925) 529 4999
• This email address is being protected from spambots. You need JavaScript enabled to view it.
• https://cardexchange.support

3.3 Problem Acknowledgement

Upon receipt of a problem notification the Provider shall respond to the Customer, within the time frame set out in clause 4.2 of this SLA as applicable, based on the severity and type of problem. Such response shall specify the severity level and type of problem.

3.4 Support Hours

The Provider offers support for the Services during Business Hours on Business Days in English.

4. PROBLEM RESOLUTION

Problems with the Services will be dealt with in accordance with their level of severity. The time frame in which problems will be resolved will depend upon whether they are classified as a bug or incident as set out below.

4.1 Problem Severity Classification

4.2 Response and Target Resolution Times

5. MAINTENANCE SERVICES

5.1 Releases

Releases will contain new or amended features. There may be some need for configuration and additional user training in order to obtain the maximum benefit of the new features. Releases do not significantly impact the existing technical setup of the Customer or training materials. Releases are numbered as follows: 3.1, 3.2, 3.3, etc.

The Provider reserves the right to vary the frequency of Releases but will always give Customers at prior notice of a planned date for the new release. All releases are penetration tested by an external third-party provider.

5.2 Patches

Patches provide bug fixes, performance and SLA improvement. Such features and functionality do not impact the current configuration of the Customer, nor require additional training.

There are 2 categories of patches:

• Normal Patches which include fixes on medium or low severity bugs, as well as a combination of change requests and small features. These patches are deployed weekly during the maintenance window.
• Emergency Patches include fixes on issues that are qualified as urgent by the Provider, or relate to high severity bugs, security threats, performance, or availability. Emergency patches are deployed as and when necessary.

Patches are deployed as required for all Customers of a given release. Deployment usually takes place during low system traffic time. The deployment is usually 100% automatic. All existing setup and data will remain unchanged. No user or administrator intervention is required. No manual intervention of the Customer administrator is required.

5.3 Planned Maintenance

The Provider usually carries out planned maintenance in the maintenance windows set out below. If planned maintenance is to be performed outside of these windows the Provider shall give the Customer at least 48 hours prior notice.

5.4 Emergency Maintenance

The Provider shall where possible, provide the Customer with prior notice of Emergency Maintenance. However, work may commence at any time and shall continue until completed. The Provider shall attempt, but cannot guarantee scheduling Emergency Maintenance during non-Business Hours.

6. CUSTOMER’S OBLIGATIONS

The Customer has the following obligations under this SLA:

• to provide access to a computer system capable of running the TCP/IP network protocol and an Internet web browser and uses a web browser that supports JavaScript;
• to provide all suitable hardware and software and telecommunications equipment required for accessing the Services;
• responsibility for the network connection between the Provider’s hosting centres and the Customer’s premises (backend) connection to a telecommunications network;
• to inform the Provider without delay of any problems with the Services;
• to purchase upgrades for its own software, if necessary, for the error free operation of its own software with the Services;
• to check its systems for the most commonly known worms and viruses; • to have a current virus scanner installed for each Customer system accessing the Services.

7. LIMITATION OF LIABILITY

The Provider shall not be liable for, and shall have no obligation to fix, any errors, Incidents, problems or bugs or any lack of availability of the Services caused by the following:

• any breach of the Customer’s obligations set out in clause 6 above;
• use of services, hardware, or software not provided by the Provider, including, but not limited to, issues resulting from inadequate bandwidth, unavailability of telecommunications, faults or omission of ISPs, lack of connectivity or other issues related to third-party software or services;
• use of the Services on a system not supported by the Provider or specifically agreed in writing in this Agreement;
• interconnection of the Services with other software products not supplied by the Provider except as expressly agreed in writing in the Agreement;
• any DNS issues not within the direct control of the Provider i.e. a fault on the Customer’s network or own equipment configuration;
• problems or errors that occur while the Provider is waiting for the Customer to provide information to enable it to rectify a fault or restore the Services;
• use of the Services after the Provider advises the Customer to modify its use of the Services, if the Customer did not modify its use as advised;
• the Customer’s unauthorized action or lack of action when required, or from its employees, agents, contractors, or vendors, or anyone gaining access to the Provider’s network by means of the Customer’s passwords or equipment, or otherwise resulting from the Provider’s failure to follow appropriate security practices;
• the Customer’s failure to adhere to any required configurations, use supported platforms, follow any policies for acceptable use, or its use of the Services in a manner inconsistent with the features and functionality of the Services (for example, attempts to perform operations that are not supported) or inconsistent with the Provider published guidance;
• faults caused by the Customer’s management or connection to the Services;
• faulty input, instructions, or arguments (for example, requests to access files that do not exist);
• use of features of the Services that are outside of the Provider support windows;
• the Customer failing to take part in training offered by the Provider, necessary for use of the Services;
• attempts to perform operations that exceed prescribed quotas or that result from the Provider’s throttling of suspected abusive behaviour;
• any Services not paid for at the time of any Incident;