MARKETING SERVICE AGREEMENT WITH CREDIT CARD 24.09.19

MARKETING/SERVICE AGREEMENT WITH CREDIT CARD 

Download PDF Document In English. (Rs.55/-)

This Marketing Agreement (the “Agreement”) is dated ______________________ (“Effective Date”).

PARTIES

1. ___________________ a corporation organized under _____________________ authorized to carry on banking business in India; and having its office at _______________________________________________ (hereinafter referred to as "Credit Card Company   " which expression shall mean and include its successors-in-interest  and permitted assigns)

                                                       AND  

2. __________________________________  having Registered office at ___________________________________________________ (hereinafter referred to as “The Partner” which expression shall mean and include its successors-in-interest and permitted assigns)

3. In this Agreement, Credit Card Company    and The Partner are together referred to as the “Parties” or, singularly, as “Party”.

BACKGROUND

1. The _______________________ is an existing merchant of Credit Card Company under the master merchant agreement dated between the Parties. 

2. The Parties would like the Partner to provide the offers and rewards set out in this Agreement to the Cardmembers.

AGREED TERMS

1. Definitions 

Cards means the cards and payment devices issued by Credit Card Company   , its affiliates and licensees 

Cardmembers means the individuals named on the Card.

Centurion Cards means the Credit Card Company   ® Centurion Card issued by Credit Card Company   , its affiliates or licensees

Platinum Charge Cards mean the Credit Card Company   ® Platinum Card & the Credit Card Company   ® Platinum Corporate Card issued by Credit Card Company   , its affiliates or licensees

Confidential Information has the meaning given in clause 7.

Intellectual Property Rights means trade marks, service marks, logos and trade names.

Marketing has the meaning given in clause 4.1.

Marketing Activities mean the activities outlined in the Marketing Activities Schedules to this Agreement.

Marketing Activities Schedule means Schedule 1 and any additional Marketing Activities Schedule(s) in a form substantially similar to Attachment 1.

Marketing Activities 

1. The Partner agrees to provide the Marketing Activities from the Effective Date for the Term, or such differentperiod as is agreed between the Parties in the Marketing Activities Schedule concerned. 

2. The Parties may enter into additional Marketing Activities Schedule(s) from time to time to cover ad-hoc or on-going Marketing Activities, based on the template in Attachment 1 (but the Parties do not make any representation that they will enter into any such additional Marketing Activities Schedule(s), beyond the attached Schedule 1). Marketing Activities Schedules must be numbered and dated for identification and must include a complete description of the following: the Marketing Activities; materials, products and information to be provided by Credit Card Company    to The Partner for use in relation to the Marketing Activities; timescale for the Marketing Activities; and applicable fees.   

3. If there is any inconsistency between any of the provisions of this Agreement and the provisions of a Marketing Activities Schedule, the provisions of the applicable Marketing Activities Schedule will prevail.

4. Marketing and Intellectual Property Rights

   1. All marketing, advertising, promotion and publicity (collectively "Marketing") that is to be conducted pursuant to this Agreement must be agreed by both Parties in writing (which may include by email).  

   2. The Parties agree to conduct themselves and all Marketing Activities with due care and skill. Each Party agrees not to do, or omit to do, anything or use the other Party’s name, logo, brand or other Intellectual Property Rights in any manner which is or might reasonably be expected to be prejudicial, harmful, defamatory or embarrassing to the name, image, reputation, goodwill or business of that Party. Each Party must not use the other Party’s name or other Intellectual Property Rights except with that Party’s prior written consent and in accordance with the provisions of this Agreement. 

   3. Each Party (the “Licensor”) grants the other Party (the “Licensee”) a limited, non-exclusive and non-transferable licence to use their Intellectual Property Rights during the Term solely for the purpose of the Marketing Activities, in accordance with this Agreement. The Licensee will obtain the Licensor’s prior written approval for any reference to or use of Licensor’s Intellectual Property Rights in marketing, advertising, promotion and other customer materials, and any such request for approval will be considered promptly by the Licensor. In relation to any permitted use of the Licensor’s Intellectual Property Rights, the Licensee must comply with the Licensor’s brand guidelines (as advised from time to time by the Licensor).

5. Term of the Agreement

   1. This Agreement commences on the Effective Date and will continue until completion of the Term, unless terminated earlier in accordance with clause 6 (Termination). On written notice to the other Party at least three months prior to the end of the Term (or Renewal Term), either Party may extend the term of this Agreement for a further one year period (the “Renewal Term”) on the same terms and conditions as set out in this Agreement, or as agreed in writing by the Parties. 

   2. Notwithstanding the termination of this Agreement pursuant to clause 6 (Termination), the Parties will honour all their obligations under this Agreement in connection with any offers, services or benefits relating to the Marketing Activities which have been booked on or before the date of termination of this Agreement, even where such offer, service or benefit is used by the Cardmember after the termination of this Agreement. 

6. Termination

   1. Notwithstanding any other provision under this Agreement, Credit Card Company    and The Partner may terminate, in whole or in part, this Agreement and/or any Marketing Activities Schedule for convenience and without cause upon thirty (30) days' prior written notice.  Notice of termination of any Marketing Activities Schedule will not be considered notice of termination of this Agreement unless specifically stated in the notice.  Notice of termination of the Agreement will be considered termination of the Agreement and all Marketing Activities Schedules under this Agreement, unless otherwise specifically stated in the notice of termination.  

   2. Either Party may terminate this Agreement by written notice to the other if the other commits any material breach of the terms of this Agreement and fails to cure such breach within thirty (30) days of receipt of written notice from the non-breaching Party identifying the breach and requiring its remedy.

   3. Subject to clause 5.2, on termination or expiry of this Agreement:

7. each Party must immediately cease conducting the Marketing; 

8. each Party must immediately cease use of and return any Confidential Information, Intellectual Property Rights and/or other property of the other Party; and

9. Confidentiality

   1. For the purpose of this Agreement, "Confidential Information" means the existence of and provisions of this Agreement and, in relation to each Party, all information which that Party ("Disclosing Party", which includes its affiliates) provides or has, prior to the date of this Agreement, provided or made available to the other Party ("Recipient", which includes its affiliates) relating to the past, present and future plans, businesses, activities, products, services, customers and suppliers of the Disclosing Party.  Both Parties agree that information is not Confidential Information to the extent, but only to the extent, that such information: (i) is already known to the Recipient free of any confidentiality obligation at the time it is obtained; (ii) is or becomes publicly known through no breach of agreement or other wrongful act of the Recipient; (iii) is rightfully received by the Recipient from a third party without restriction and without breach of this Agreement; or (iv) is independently developed by the Recipient without reference to the Confidential Information of the Disclosing Party, which can be demonstrated by written record.

   2. The Parties agree to use the Confidential Information only for the purpose of carrying out the rights and obligations under this Agreement. 

   3. The Parties agree to regard and preserve as confidential all Confidential Information of the other Party which may be obtained from any source as a result of this Agreement.  In maintaining confidentiality under this Agreement, each Party agrees it must not, without first obtaining the written consent of the other Party, disclose or make available to any person, firm or enterprise, reproduce or transmit, or use (directly or indirectly) for its own benefit or the benefit of others, any Confidential Information of the other Party.  Each Party agrees that its own use (including any associated disclosure, reproduction, transmission and/or distribution) of the other’s Confidential Information under clause 7.2 will be limited to the following persons on a “need to know” basis: its employees, directors and officers, including the employees, directors and officers of its respective parent, subsidiary and affiliated companies, and to consultants or other persons retained for purposes relating to this Agreement (together, “Representatives”).  Each Party must ensure compliance at all times with the confidentiality obligations of this Agreement by its Representatives who are permitted access to or use of (under this Agreement) the Confidential Information of the other Party. Each Party will be liable for any failure by its Representatives to comply with the confidentiality obligations of this Agreement.

   4. If the Recipient becomes compelled by law, by any governmental or other regulatory authority (including, without limitation, any relevant securities exchange), or by a court or other authority of competent jurisdiction to disclose any Confidential Information, the Recipient must provide the Disclosing Party with prompt written notice so that the Disclosing Party may seek an appropriate protective order or other remedy.

   5. Each Party agrees that, if there is a breach or threatened breach of this Agreement, the Disclosing Party may have no adequate remedy in damages and will be entitled to seek injunctive relief and any other equitable remedies for any such breach without proof of actual injury.  Each Party agrees it will not oppose the granting of such relief.  Such remedies are not the exclusive remedies for any breaches of this Agreement by a Party or its Representatives, and are in addition to all other remedies available at law or in equity.

   6. At any time after the disclosure or receipt of any Confidential Information, and at the request and option of the Disclosing Party, the Recipient agrees to promptly: (i) return the Confidential Information of the Disclosing Party to the Disclosing Party; or (ii) destroy or erase/delete all Confidential Information of the Disclosing Party that is in the Recipient’s possession, custody or control (in whatever media stored, including any archival copies) and to certify such destruction or deletion to the Disclosing Party. 

   7. The rights and obligations of the Parties contained in this clause 7 (Confidentiality): (i) with respect to Confidential Information that constitutes a “trade secret” (as defined by applicable law) will survive the termination or expiry of this Agreement for so long as such Confidential Information remains a trade secret under applicable law; and (ii) with respect to all other Confidential Information, will survive the termination or expiry of this Agreement for a period of two years from such termination or expiry. The obligations of clause 7.6 will remain in effect until satisfied.

10. Information Protection Contract Requirements

    1. To the extent the performance of its obligations requires any access to, or use of, Covered Data (as defined in Schedule 2), [Name] will comply with the Information Protection Contract Requirements in Schedule 2.

11. Indemnification and Limitation of Liability 

    1. Each Party agrees to defend, indemnify and hold harmless the other from and against any and all liabilities, claims, suits, damages, judgments, cost and expenses, including reasonable attorney's fees, arising out of any third party complaints in connection with:

12. its negligent performance or its failure to perform as contemplated in this Agreement; 

13. its negligence, acts or omissions in connection with this Agreement;

14. any material breach of this Agreement; or 

15. breach of its representations and warranties. 

16. Subject to clause 9.3 below but otherwise notwithstanding any other provision in this Agreement, in no event will either Party, its direct or indirect subsidiaries, controlled affiliates, agents, employees or representatives be liable for any indirect, incidental, special, punitive, exemplary or consequential damages of any kind, nor for any loss of profits or revenues, in connection with or arising out of this Agreement.  

17. Nothing in this Agreement will limit or exclude any liability of any Party: i) for death or personal injury caused by the negligence of a Party or its agents or subcontractors; ii) for any fraud or fraudulent misrepresentation; and iii) to the extent such limitation or exclusion is not permitted by applicable law.

18. Warranties

    1. Each Party warrants to the other that (a) it has full authority to enter into this Agreement; and (b) in performing its obligations under this Agreement, it will comply with all applicable laws and regulations.

19. Notices

    1. All notices pursuant to this Agreement must be sent by registered post (with copy by email) to : 

10. General Provisions  

    1. Announcements: No announcement or notification will be made in relation to this Agreement or the Marketing Activities unless: (a) it is in a form agreed in writing between the Parties; or (b) it is required to be made by law or by any securities exchange or regulatory or governmental body to which a Party is subject, in which case that Party will use reasonable endeavours to consult with the other Party as to the form, content and timing of the announcement. 

    2. Survival. Any provision of this Agreement which contemplates performance or observance after the termination or expiry of this Agreement (including, without limitation, confidentiality and limitation of liability provisions) will survive such termination or expiry and continue in full force and effect.

    3. Assignment. Neither Party may assign or otherwise transfer this Agreement or any of its rights and obligations under this Agreement to any third party without the written consent of the other Party, except that either Party may assign this Agreement to its parent, affiliate or subsidiary without the other Party’s prior written consent.

    4. Counterparts. This Agreement may be executed in any number of counterparts and is not effective until each Party has signed at least one counterpart.  All of the counterparts together constitute one Agreement.

    5. Entire Agreement. This Agreement constitutes the entire agreement between the Parties in relation to the subject matter of this Agreement. 

    6. Variation. This Agreement may only be varied by a written document executed by both Parties.

    7. Waiver. Failure or delay of a Party to insist upon or enforce strict performance of any provision of this Agreement or to exercise any right, power or remedy under this Agreement will not be a waiver of its exercise of that provision, right, power or remedy or preclude its exercise later.

    8. Third party rights: This Agreement is made for the sole benefit and protection of the Parties, and no other person will benefit from or have any right of action under this Agreement.

    9. No Exclusivity: Both Parties understand and agree that this Agreement in no way restricts either Party from entering into other marketing arrangements or agreements with any third party. The partner agrees to not run a better offer with any other bank partner / financial services provider. 

    10. Governing Law and Arbitration. This Agreement shall be governed by the laws of India.  The Courts in Mumbai shall have exclusive jurisdiction over the subject matter of this Agreement.

11. In the event of any dispute or differences arising out of or in connection with this agreement, the parties hereto, agree to resolve their dispute by a sole arbitrator chosen by the parties in fast track procedure under the provision of Sec29B of Arbitration and Conciliation act of 1996. The award under this section shall be made within a period of 6 months from the date of commencement of the arbitral tribunal proceedings.

2. The arbitration proceedings shall be conducted in English. The place of Arbitration shall be Mumbai. The award passed in the arbitration proceedings shall be final and binding on both the parties.

3. The cost of arbitration proceedings shall be equally borne by both the parties.

4. Each party shall individually bear the fees of their respective Advocate/Counsel for the proceedings.

The Parties have entered into this Agreement on the date stated at the beginning of it.

SCHEDULE 1 

MARKETING ACTIVITIES SCHEDULE NO. 1

 Schedule 2 - Information Protection Contract Requirements (“IPCR”)

DEFINITIONS. 

“Applicable Processing Law” means all applicable laws, regulations, rules and guidance pertaining to privacy, data Processing, data protection, data security, encryption, and confidentiality.

“Covered Data” means, in any form, format or media, as provided by or on behalf of Credit Card Company    or any of its affiliates, any: (a) confidential information under the Agreement, and (b) Personal Data that [Name] Processes in connection with the Agreement. 

“Personal Data” means any: (i) individually identifiable information from or about an identified or identifiable individual, or any information that is combined with such individually identifiable information, including information that can be used to authenticate that individual or access an account, or (ii) information protected as personal data under Applicable Processing Law. 

“Process” means to obtain, have access to, organize, copy, alter, use, disclose, erase, destroy or any other form of processing.  

1. DATA SECURITY OBLIGATIONS. 

   1. Data Security Program. [Name] shall: 

      1. Requirements. Maintain, monitor and enforce a comprehensive written data security program and only Process Covered Data in compliance with this IPCR and Applicable Processing Law, including: (a) security principles of “segregation of duties” and “least privilege” with respect to Covered Data, including a process by which employee and contractor user accounts may only be created with proper leadership approval and are timely deleted, an auditable history of changes, and an annual review and remediation for excess access authorization; (b) retention policies applicable to Covered Data for all reports, logs, audit trails and other documentation that provides evidence of data security, systems, and audit processes and procedures; (c) policies applicable to Covered Data documenting the consequences for violations of data security policies; (d) deploying security patches to all systems that Process Covered Data as necessary to comply with this IPCR and Applicable Processing Law; and (e) securely returning or disposing of all Covered Data once [Name] no longer needs Covered Data, including upon Agreement termination, except if retention is required for [Name] to comply with Applicable Processing Law, in which case this IPCR survives the Agreement and continues to apply. 

      2. Data Loss Prevention Program. Maintain, monitor and enforce a data loss prevention automated program designed to detect and block data transfers of Covered Data consisting of U.S. social security numbers, United Kingdom national insurance numbers, Credit Card Company    card holder account numbers, or other Credit Card Company    customer financial account information, if such transfers do not comply with this Agreement.

      3. Standards. If [Name] Processes Covered Data containing card holder or other financial account data under this Agreement, then [Name] shall certify that [Name]’s data security program complies with Payment Card Industry Data Security Standard (“PCI DSS”), ISO 22307 and ISO 27000. If [Name] has executed a card acceptance agreement with Credit Card Company    to accept Credit Card Company    cards, and that agreement conflicts with the IPCR, then that agreement controls. 

   2. Safeguards and Security Incidents. 

      1. Safeguards. [Name] shall use its data security program to maintain, monitor and enforce reasonable organizational, administrative, technical and physical safeguards to protect the security, integrity, confidentiality and availability of Covered Data, including to protect against: (a) any anticipated threats or hazards, and (b) any accidental, unauthorized or unlawful Processing, loss, or other compromise of Covered Data (each, a “Security Incident”). [Name] shall promptly remediate all Security Incidents. 

      2. Security Incident Notice to Credit Card Company   . In order to facilitate Credit Card Company   ’ compliance with incident response program requirements under Credit Card Company   ’ policies, procedures and practices, as well as under Applicable Processing Law, [Name] shall provide Credit Card Company    notice within 24 hours of any Security Incident by phone (1-888-732-3750 or 1-602-537-3021) and in writing at EIRP@aexp.com. Credit Card Company    acknowledges that [Name] may have separate notification duties under Applicable Processing Law. Subject to such duties: (a) [Name] shall not make any public or other announcements or admissions of liability regarding the Security Incident, to the extent affecting Credit Card Company    or its card holders, customers, employees or individual contractors (“Credit Card Company    Individuals”), without the prior written consent of Credit Card Company   , and (b) the provision of Security Incident notifications to Credit Card Company    Individuals, and to applicable governmental authorities regarding such affected Credit Card Company    Individuals, including the content, shall be at the reasonable discretion and reasonable direction of Credit Card Company   . If [Name] determines that it must provide any such Credit Card Company    Individual or government notifications under Applicable Processing Law, [Name] shall provide Credit Card Company    with reasonable prior notice of such notifications (via methods above). Despite any Agreement confidentiality duty, Credit Card Company    may disclose Security Incidents per Applicable Processing Law and to mitigate risks of fraud or other harm.

      3. Response Protocol. For the avoidance of doubt, [Name] shall be responsible for reasonable costs to the extent caused by a Security Incident, including those incurred by Credit Card Company    related to investigation, remediation, monitoring and notification.

   3. Processing. [Name] shall Process Covered Data per Credit Card Company    instructions.

   4. Material Modifications. [Name] shall provide Credit Card Company    with 90 days prior notice of a material modification to the process, method or means by which Covered Data is Processed (including any geographic change). If Credit Card Company    reasonably determines and notifies [Name] that such modification could materially degrade Covered Data security, then [Name] shall not make such modification.

   5. Data Transfers. [Name] shall encrypt Covered Data in compliance with Applicable Processing Law and in the following circumstances: (a) the Processing of Covered Data on any mobile device or mobile storage or removable media, including laptop computers, smart phones, USB devices (“thumb drives”) and tapes/DVDs, and (b) electronic transfers of Covered Data by [Name] outside of its network. 

   6. VTA. If [Name] hosts an Internet-facing and/or mobile application capable of Processing Covered Data, then [Name] shall annually have a vulnerability threat assessment (“VTA”) performed by a reputable vendor (from the then-current Payment Card Industry Council Approved Scanning Vendor list) and provide Credit Card Company    with a summary attestation of the VTA including: (a) a definition of how the vulnerabilities are rated (e.g., high / medium / low, serious / moderate / minimal), (b) evidence that the application has no open vulnerabilities at the high rating, and (c) the number of vulnerabilities at any below high ratings and evidence that such vulnerabilities have been promptly remediated.

   7. Validation: Policies and Procedures, Third Party Assessments.  [Name] shall document and promptly provide to Credit Card Company   : (a) copies of any privacy, data Processing, data protection, data security, encryption and confidentiality-related (i) [Name] policies, procedures, and standards (including escalation procedures for non-compliance) and (ii) third party assessments, test results, audits or reviews (e.g., SSAE 16, SOC I, II and III, SysTrust, WebTrust, or perimeter certifications), or other equivalent evaluations in its possession or control; and (b) any other information requested by Credit Card Company    to comply with Applicable Processing Law or Credit Card Company    auditing requirements. [Name]’s perimeter test results may be limited to a summary of findings’ testing scope, number and severity and remediation estimated dates. In addition, upon [Name]'s written notice, Credit Card Company    shall provide its summary findings to [Name] of any material vulnerabilities uncovered in the scans that Credit Card Company    may perform from time-to-time of [Name]'s Internet-facing applications.

   8. Credit Card Company    Inspections. In order to facilitate Credit Card Company   ’ compliance with its internal policies, procedures and practices, as well as Applicable Processing Law, [Name] shall reasonably cooperate with Credit Card Company   , its designees and government authorities, in connection with inspections of [Name] and its affiliates or subcontractors storing Covered Data, on-site or by phone, and with self-assessment security compliance reviews (including inspections and reviews for privacy, data Processing, data protection, data security, encryption or confidentiality-related compliance). On-site inspections will be performed upon reasonable advance notice during [Name]’s regular business hours. 

   9. Training. [Name] shall provide privacy, data Processing, data protection, data security, encryption, and confidentiality awareness training annually to all individuals authorized by [Name] to Process Covered Data. Training shall occur before such individuals Process Covered Data, and such individuals shall repeat such training annually. Credit Card Company    may review [Name]’s training materials (or a reasonable summary) upon reasonable advance notice to [Name].

   10. Affiliates and Subcontractors. If [Name] subcontractors or affiliates (“Contractors”) Process Covered Data on behalf of [Name] per Credit Card Company   ’ express approval elsewhere in the Agreement, [Name] shall: (a) either (i) ensure that each Contractor acts as a user under [Name]’s written data security program, or (ii) ensure that each Contractor’s written data security program complies with this IPCR via sufficient diligence and oversight; and (b) be responsible for the acts and omissions of Contractors and all [Name] employees as if their acts and omissions were made by [Name].