By accepting or executing the agreement with PayFirmly (‘PayFirmly’) and/or by using the Services, as defined hereunder, you as ‘the Merchant’ agree to abide and be bound by these General Terms and Conditions of PayFirmly (‘T&Cs’). If you are entering into this agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to these T&Cs and, in such event, the Merchant as used herein shall refer to such entity.

These T&Cs are also applicable to (the use of) PayFirmly’ APIs, to which the Merchant will have access or which the Merchant has used before concluding an agreement with PayFirmly.

PayFirmly may update these T&Cs from time to time. For any material changes, we will provide at least 30 days' advance notice before implementation through multiple channels (dashboard notification, email, and in-app alerts), except for changes required by law which may take effect immediately. Each notification will include a summary of key changes, the effective date, a comparison showing all modifications, and access to previous versions. For significant changes affecting your rights, we will provide a feedback channel during the notice period. If you do not agree with material changes, you may notify us at legal@payfirmly.com before the effective date and either continue using the Services under previous terms for up to 90 days or terminate the Agreement. Your continued use of the Services after the effective date constitutes acceptance of the changes. The most current and all previous versions of these T&Cs are always available in the Legal section of our website and merchant dashboard.

1.1. Definitions - In this Agreement, the following definitions shall have the following meanings:

‘Merchant Data’ means: any data submitted via the Services by the Merchant and any data produced via the Services by PayFirmly, including and without limitation, any information/data of the Merchant and/or of other third parties, including any identifying or non-identifying information related to the Merchant, its clients or users.

‘Normal Business Hours’ mean: 9 am to 5 pm, CET (Central European Time), on each Business Day.

‘Services’ means: (i) the PayFirmly Payment Platform as made available as a service for payment processing pursuant to the terms of this Agreement; and (ii) any and all maintenance services performed from time to time by PayFirmly in connection therewith; and (iii) any and all support services as may be provided by PayFirmly to Merchant pursuant to this Agreement; (iv) PayFirmly application programming interfaces (‘APIs’), iframe and/or Hosted Payment Page (‘HPP’) and (iv) other related services in connection therewith, as now offered and/or may be offered in the future.

‘Fees’ means, the subscription fees and the charges payable by the Merchant to PayFirmly for the Services, as set out in the Agreement.

1.2. Headings - The headings used in this Agreement are for convenience of reference only and shall not affect the interpretation or meaning of the terms and provisions of this Agreement.

1.3. Person / company - A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person's legal and personal representatives, successors or permitted assigns. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.

1.4. Male / female – Where in these T&Cs the male version of a word is used, it is interchangeable with the female version of it, and vice versa.

2. GRANT OF RIGHTS; PROHIBITED USE

2.1. Grant of rights - Subject to the terms of this Agreement, PayFirmly hereby grants to the Merchant, during the Term (as defined below), solely for the Merchant's internal business operations and for non-commercial purpose, and strictly in accordance with these T&Cs and with any applicable law, a limited, non-commercial, non-perpetual, non-exclusive, worldwide, reversible, non-transferable, non-assignable, non-sublicensable right to access and use the Services.

2.2. Technical requirements – The Merchant may only use the Services if he fulfils the technical requirements specified for the applicable API. The Merchant makes reasonable efforts to avoid any technical problems, unauthorized access and security incidents, including the use of updated virus scanners.

2.3. Prohibitions - The Merchant shall not: (a) attempt to copy, modify, duplicate, imitate, reproduce, create derivative works from, frame, mirror, or download, all or any portion of the Services in any form or media or by any means; and/or (b) attempt to decompile, disassemble, reverse engineer or otherwise attempt to discover any source code from, all or any part of the Services; and/or (c) sell, rent, lease, transfer, assign, distribute, transmit, display, publish, disclose, or otherwise dispose, commercially exploit, or otherwise make the Services available to any third party; and/or (d) access or use all or any part of the Services in order to build or create a product or service which is similar to, or which competes with, the Services; and/or (e) use the Service (or any part thereof) for commercial purposes or in connection with any commercial activity; and/or (f) attempt to obtain, or assist third parties in obtaining, unauthorized access to the Services; and/or (g) abuse the Services in any way and/or use the Services for advertising or solicitation to buy or sell any products and/or for creating, sharing and sending unsolicited commercial messages, bulk email, "junk mail", "spam" or chain letters; and/or (h) create or send any viruses, worms or trojan horses, flood or mail bombs, or engaging in denial of service attacks while using the Services; and/or (i) use or launch any automated system, including without limitation, any "robots", "spiders", or "offline readers", that accesses the Service in a manner that sends to the servers, cloud or other platform on which the Services operates, more request messages in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser; and/or (j) use or launch any data mining or any similar data gathering and extraction tools, in connection with the Services (including by using software, scripts or automated agents and bots); and/or (k) use the Services in any manner that damages, disables, overburdens, or impairs the Services, or PayFirmly' systems or servers, or the cloud or other platform on which the Services operates, and/or otherwise interferes with any other party's use and enjoyment of the Services, and/or (l) access the Services by any means other than through the interface that is provided by PayFirmly for accessing and use of the Services; and/or (m) create, edit, store, post, upload, distribute or transmit, while using the Services, or otherwise make available through the Services, any Merchant Data not in compliance with Section 5.2 below; (m) use the Services in any manner that is unlawful or prohibited or in violation of this Agreement and/or any applicable law or regulation; (n) permit any third party to do any of the foregoing. PayFirmly reserves the right, at its sole discretion without any liability to the Merchant, to disable, suspend or terminate Merchant’s access to the Services, in the event of any breach by Merchant or anyone on its behalf, of the provisions of this Section 2.3.

2.4. API, iframe, HPP – The APIs/iframe/HPP are strictly for use by you and not for any use, commercially or otherwise, directly or indirectly, by a third party. The Merchant will likewise not use the APIs/iframe/HPP and via these created derivative works or functionality to store or conserve data, as result of which usage of via the APIs/iframe/HPP or the PayFirmly systems would be circumvented or

eluded. The Merchant will keep the API keys secret and use them with due care. The subscription to the Services contains a limit for API, unless otherwise specifically agreed upon. Additionally, PayFirmly may still limit your amount of API calls because of technical and/or security reasons.

2.5. Test environment – After concluding the Agreement and making the APIs available a part of the Services will be available in a test environment and, as such, are expected to contain defects that may be material and/or not expected to operate at the level of performance or compatibility of a final, generally available product offering. The Services may not operate correctly and may be substantially modified prior to public availability or withdrawn.

2.6. Unauthorised access - The Merchant shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, it shall promptly notify PayFirmly.

2.7. Merchant only - The rights provided under this section 2 are granted to the Merchant only, and shall not be considered granted to any subsidiary, affiliate or holding of the Merchant.

2.8. Permitted use – The Merchant is responsible for all activities that occur when he uses the Services. The Merchant will have to comply with and act in accordance with all instructions, documentation and system, software and other requirements as stated on and/or made available by PayFirmly in connection with the Services. The Merchant must comply with all legal requirements and refrain from creating content that is unlawful or otherwise objectionable, or that may harm PayFirmly’ reputation or the integrity of the PayFirmly systems.

2.9. Open source - Certain aspects of the Services may contain open source materials which are governed by applicable open source license conditions. The Merchant agrees to comply with such open source license conditions if necessary.

2.10. Modification – PayFirmly is entitled to modify, amend or expand the Services at any time. For minor changes and enhancements, we will publish updates in release notes. For material changes substantially altering core functionality or integration requirements, we will provide at least 30 days' advance notice with detailed documentation, testing environment access, and migration assistance. Emergency changes required for security, compliance, or system stability may be implemented as needed with notification as soon as practicable. We will maintain backward compatibility for deprecated features for a minimum of 90 days after notification of material changes and clearly document deprecation timelines. Merchants are responsible for monitoring notifications, testing implementations, and planning timely migrations from deprecated features. PayFirmly will not be liable for any loss or damage resulting from a Merchant's failure to implement necessary adjustments following proper notification of changes.

2.11. Monitoring - Subject to section about personal data, PayFirmly may monitor the Merchant’s use of the Services for the following purposes: (i) to avoid congestion problems; (ii) to perform, evaluate and improve the Services; (iii) to check whether the Merchant’s Application satisfies the requirements as imposed by the Agreement; (iv) if we have reasonable suspicion of fraud, misuse or any other violation of the law regarding the use of the Services.