Public offer

END-USER LICENSE AGREEMENT TO USE “MARTA TERMINAL” APPLICATION FOR MOBILE DEVICES

Date of approval: 09.09.2023 y.

TABLE OF CONTENTS

  1. DEFINITIONS
  2. GENERAL TERMS
  3. APPLICATION TERMS OF USE
  4. SECURITY TERMS
  5. CONFIDENTIALITY TERMS
  6. PAYMENT TERMS
  7. TERMS OF LIABILITY
  8. SUSPENSION TERMS
  9. OTHER TERMS
  10. GOVERNING LAW. COMPLAINTS. DISPUTES

1. DEFINITIONS

Account — a record in the systems of the Rightholder that contains the User Data and information about the User actions, which is used by the User to access the Services.

Acquirer — a bank-acquirer or financial institution officially licensed by the Rightholder to offer the Application to the User for providing acquiring services based on the Acquiring Agreement.

Acquiring Agreement – a separate agreement, concluded between the Acquirer and the User that contains the scope, cost, fees, liability, and other terms and conditions of the Services.

Agreement — this license agreement/document to use the Application.

Application — a client-server solution, consisting of a mobile application (client) - MARTA Terminal, and a web application (server) - MARTA pre-host, designed for providing the Services on the User Device.

Card – credit, debit, gift/stored-value, or other payment cards that bear the logo of a card association brand (e.g. Visa, Mastercard, or local card brand), and their virtual alternatives bound to the NFC-enabled device.

Cardholder - a person considered as the User’s customer, owning the Card.

Partner — an entity that works in partnership with the Rightholder to complement the Services of the Application.

Rightholder - an owner of the exclusive rights to the Application, represented by MayaSoft LLC, with registration number 596203 and headquarters at 100125, M.Ulugbek str., 56A, Tashkent, Uzbekistan.

Services - the Transaction processing operations and additional functions (e.g. Card balance inquiry, Transaction history, USSD mode, reporting, etc.) available in the Application.

Transaction - Card payment for goods or services (or any other charges), made by using the Application in person of the Cardholder with the presence of the Card.

User – a person acting as a sole proprietor or on behalf of another business entity that has downloaded and installed the Application on the User Device.

User Data – all the information provided by the User when applying for and using the Application, the scope of which is given in term 5.5 of the Agreement.

User Device — a device owned by the User, where the User has installed the Application.

2. GENERAL TERMS

  1. By accepting the terms of the Agreement, the User enters into a legal agreement with the Rightholder.
  2. Under the terms of the Agreement, the Rightholder grants the User a personal, limited, non-exclusive, revocable, non-transferable, temporal end-user license, without the right to sublicense for using the Application.
  3. Using the Application is permitted only under the terms of the Agreement. Unless the User accepts the Agreement terms in full, he/she shall not use the Application for any purposes.
  4. Using the Application in violation of the terms of the Agreement is prohibited.
  5. Use of the Application on terms and in ways not provided by the Agreement will be allowed only on the basis of a separate agreement with the Rightholder.
  6. Words and terms used in the Agreement that start with capital letters shall be interpreted according to the Definitions section of the Agreement.
  7. The terms of the Agreement (including any parts of it) may be changed unilaterally by the Rightholder with further notice via the interface of the Application or published to marta.uz. The revised document shall become effective upon publication, unless stipulated otherwise by a new version of the Agreement.

3. APPLICATION TERMS OF USE

  1. The User must acknowledge that the Services shall be provided based on the terms of the Acquiring Agreement.
  2. The User shall install any and all Application updates made available to the User.
  3. The User may accept the Transaction via the Application solely with the contactless Card containing all the elements required by Visa, Mastercard regulations, or regulations enforced by local payment schemes.
  4. The User may not use the Application if a copy of it is received and installed not from the Google Play Market.
  5. The User may not distribute the Application in any form, without the written consent of the Rightholder.
  6. Upon using the Application, the User shall not:
    1. accept the Transaction involving or being connected to any illegal content, or content that is subject to protection according to the applicable law, as well as Transaction that is prohibited under any laws, or regulations applicable to the Transaction in particular laws against money laundering or terrorist financing;
    2. submit into the Application any contents which are unlawful, false, or could give rise to criminal or civil liability or could result in violation of legal rights of any person or entity, or which contains harmful, disruptive, or corrupted data;
    3. violate third-party rights, including underage people, and/or cause them harm in any other way;
    4. impersonate any other person or representative of an organization and/or community without being authorized to do so, including employees of the Rightholder, Acquirer and/or the Partner, and apply any other forms and methods of unlawful representation of other persons online as well as mislead the Cardholder and the Rightholder regarding features and characteristics of any subjects or objects;
    5. use the User Data that does not belong to the User;
    6. use electronic mean of payment (including Card) without the physical presence of the Сardholder;
    7. collect and store personal data of other persons without proper authorization;
    8. disrupt the normal operation of the Application, including:
      1. installing on the User Device any software/firmware intended for gaining access to functions not intended for the User;
      2. upload to the User Device pirated software or illegal content;
      3. install malicious applications on the User Device;
      4. carry out photo and video recording of events on-screen of the User Device during the operation of the Application;
      5. install other applications from unreliable sources on the User Device;
      6. assist any actions to violate any restrictions and prohibitions imposed by the Agreement;
      7. otherwise violate legal standards, including international law.
  7. Certain functions of the Application may only be available when connected to the Internet. It is the User’s sole responsibility to obtain and pay for such Internet connection under the terms and according to rates of his/her cellular communications provider or Internet service provider.
  8. The User shall cover all fees charged by the Internet or User Device provider.
  9. The User understands that he/she has independently selected the User Device. Consequently, the User is hereby notified and agrees that the Rightholder is not responsible for the quality of the used mobile device, its hardware components, which may result in errors, interruptions in work, slow and low-quality operation of the Application or its individual components and/or features.
  10. The Application is provided on «as is» terms. The Rightholder makes no warranties with regard to error-free and smooth operation of the Application, or its individual components and/or features, the Application’s match to specific goals and expectations of the User, safety of files and/or data of the User and offers no other warranties not expressly set forth in the Agreement.
  11. The Agreement applies to all future updates / new versions of the Application. By agreeing to install an update, or a new version of the Application, the User accepts the terms of the Agreement to such updates / new versions of the Application, unless such an update or install of a new version of the Application is accompanied by another agreement.

4. SECURITY TERMS

  1. The User shall comply with applicable provisions of the Payment Card Industry Data Security Standard (PCI DSS) in regard to the storage, processing, and transmission of Card data.
  2. The User is explicitly prohibited from storing sensitive Cardholder data listed in term 4.3. on any retail systems, including own or 3rd party servers, handsets, or devices, both local and those hosted off-site, workstations, and other locally maintained systems, including databases, file servers, spreadsheets, email, imaging systems, and paper files.
  3. Sensitive Cardholder data includes:
    1. Full credit or debit Card/Personal Account Numbers (PAN);
    2. Security Codes (CVC2, CVV2, CID);
    3. PIN/PIN block;
    4. Full Magnetic Stripe Data (most egregious violation of PCI DSS).
  4. Before installation of the Application into the User Device, the User should ensure that the User Device is safe to install the Application, i.e. not rooted, debug mode is off, no any other malicious applications are installed. Otherwise, an attempt to use the Application will lead to blocking.
  5. The User must be aware that any malicious actions, such as debugging, rooting, hooking, tampering, etc., are firing security events with further logging of manipulation and blocking of the Application. Such actions may lead to deprivation of the right to use the Application and investigate the User’s activity by the authorized bodies.
  6. It should be noted that the Rightholder will not reimburse or share the cost of any expenses arising from the unintended exposure of cardholder data by the User; expenses will be the responsibility of the breached User.
  7. The User shall comply with the universal compliance requirements listed below:
    1. never store sensitive Cardholder data electronically on any computer, server, or device, including in spreadsheets or local databases (PCI 3.2);
    2. never ask for PIN from the Cardholder for Card verification;
    3. provide the ability to enter the PIN code for the Cardholder without viewing the input actions themselves. For this purpose, hold the User Device with the back towards yourself and the front towards the Cardholder;
    4. Cardholder receipts, User receipts, and other printed materials should never display the full card number (Personal Account Number (PAN)). Only the last four digits of the account number should be visible (after the transaction has been successfully processed) (PCI 3.3);
    5. never e-mail or transmit sensitive Cardholder data via unsecured messaging or transfer protocols/technologies (PCI 4.2);
    6. restrict access to cardholder data to individuals with a business need-to-know (PCI 7.1);
    7. all payment card documentation must be treated as a cash equivalent and should be kept physically secured, such as in a locked safe or filing cabinet (PCI 9.6);
    8. all Card documentation no longer needed for business or legal reasons must be destroyed in such a manner that the sensitive Cardholder data cannot be reconstructed. Acceptable destruction methods include cross-cut shredding, incineration, or placement in a locked “to-be-shredded” container, like those serviced by outside third-party document destruction companies (PCI 9.8);
    9. all employees with access to sensitive cardholder data must review this security policy prior to processing or accessing any Card data (PCI 12.1);
  8. The User shall Immediately report suspected or confirmed security breaches to support@marta.uz or call +998 71 203 31 21

5. CONFIDENTIALITY TERMS

  1. This section (Section 5) of the Agreement describes how the Rightholder collects, uses, discloses, transfers, stores, retains, or otherwise processes the User Data when the User applies for and uses the Services.
  2. The terms of Section 5 apply to the User Data collected in connection with the User’s request for access to and use of the Services in the Application.
  3. By continuing to interact with the Application and the Services, the User is consenting to the practices described in Section 5.
  4. The Rightholder collects the User Data, when the User:
    1. makes a request to receive information about the Application or other products of the Rightholder;
    2. applies for the Account;
    3. goes through the Rightholder’s identity or the Account verification process to authenticate into the Application;
    4. communicates with the Rightholder, answers the Rightholder’s surveys, uploads content, or otherwise interacts with the Application.
  5. The Rightholder collects (and/or has collected during at least the 12-month period preceding the effective date of the Agreement) the following categories of information, collectively named as User Data:
    1. Identification Information, such as:
      1. name, email address, legal addresses, and phone number;
      2. taxpayer Identification number, or other government-issued identification number, and the Acquirer-issued identification number;
      3. Cardholder’s email address, or telephone number, to send digital receipts.
    2. Transaction Information, such as:
      1. information about when and where the Transaction occurs;
      2. Card-related information for processing the Transaction (e.g., PAN number, PIN-code (in encrypted mode), expiry date, etc.);
      3. the Transaction-related details (e.g., execution time, status, executing entity information, amount, etc.).
    3. Internet or other electronic network activity information, such as:
      1. web browser and User Device characteristics, including hardware model, operating system and version, device name, unique device identifier, device fingerprint and mobile network information;
      2. information about how the User uses and interacts with the Services, including the access time, “log-in” and “log-out” information;
      3. browser type and language;
      4. the domain name of the User’s internet service provider;
      5. other attributes about the User’s browser;
      6. any specific page the User visits within the Application;
      7. geolocation data, which includes the location of the User Device;
      8. content the User views;
      9. features used by the User;
      10. the date and time of use of the Services;
      11. unique personal identifiers (including User Device identifier; cookies and similar technology; customer number; unique alias, and other identifiers);
      12. Internet Protocol (“IP”) address.
    4. Professional or employment-related information, such as:
      1. information the User provides about the business and employees.
    5. Other Information, such as:
      1. information that the User voluntarily provides to the Rightholder, including survey responses; participation in contests, promotions, marketing forms, suggestions for improvements; referrals; or any other actions that the User perform on the Services.
  6. The Rightholder may (and/or have collected during at least the 12-month period preceding the effective date of the Agreement) collect the User Data from the sources listed below:
    1. the User directly, when the User submits information to the Righholder or allow the Rightholder to access information about the User;
    2. the User Device, when the User interacts with the Rightholder’s website or uses the Services;
    3. other sources, including:
      1. Acquirer;
      2. Partner.
  7. The Rightholder may collect, use and share (or have collected, used or shared during at least the 12-month period preceding the effective date of the Agreement), the User Data for the following reasons:
    1. delivering the information and support the User requests, including technical notices, security alerts, and support and administrative messages, such as to provide assistance for problems with the Services;
    2. determining whether the Services are available in the User’s country, or Acquirer;
    3. developing new products and services;
    4. displaying the Transactions history or appointment information;
    5. processing and recording the Transactions;
    6. providing, maintaining, and improving the Services;
    7. doing internal research, measuring, tracking, and analyzing trends of usage;
    8. providing the User with the Rightholder’s products and features that the User chose to use;
    9. sending surveys and getting feedback about the Services;
    10. providing information about and promoting the Services;
    11. sending information that the Rightholder believes the User may find useful, or which the User has requested from the Rightholder about other products and services;
    12. conducting investigations, complying with and enforcing applicable laws, regulations, legal requirements, and industry standards, and responding to lawful requests for information from the government or to valid legal process;
    13. contacting to help the User with the Services;
    14. debugging to identify and fix errors that impair how the Services function;
    15. investigating, detecting, preventing, recovering from, or reporting fraud, misrepresentations, security breaches or incidents, other potentially prohibited, malicious, or illegal activities, or to otherwise help protect the Account, including to dispute chargebacks on the User’s behalf;
    16. protecting the User’s, the Rightholder’s, or Cardholder’s rights or property, or the security or integrity of the Services;
    17. verifying the identity (e.g., through government-issued identification numbers);
    18. marketing the Services to the User;
    19. communicating with the User about opportunities, products, services offered by the Rightholder, the Acquirer, or the Partner.
  8. The Rightholder may share the User Data with the following categories of service providers and third parties:
    1. with other users of the Services with whom the User interacts through the use of the Services. For example, the Rightholder may share information with the Cardholder when the User makes a Transaction using the Services;
    2. with the Partner who help the Rightholder to provide, maintain, and improve the Services, as well as the Acquirer, payment networks, payment card associations, credit bureaus, partners, and other entities that help the Rightholder provide the Services;
    3. also, If the Rightholder believes that disclosure is reasonably necessary:
      1. to comply with any applicable law, regulation, legal process or governmental request (e.g., from creditors, tax authorities, law enforcement agencies, in response to a garnishment, levy, or lien notice, etc.);
      2. to establish, exercise or defend the Rightholder’s legal rights;
      3. to enforce or comply with the Agreement or other applicable agreements or policies;
      4. to protect the Righholder’s or the User’s rights or property, or the security or integrity of the Services;
      5. for an investigation of suspected or actual illegal activity;
      6. to protect the Rightholder, the User of the Services, or the public from harm, fraud, or potentially prohibited or illegal activities.
    4. With the User’s consent. For example:
      1. at the User’s direction;
      2. when the User authorizes a third-party application or website to access the User Data information.
  9. The Righholder keeps the User Data as long as the User keeps using the Application and the Services. After that, the Rightholder keeps it for as long as the Rightholder needs it in order to fight fraud, collect the fees the User might owe, follow the law, enforce agreements and defend rights in court.
  10. The Rightholder generally keeps the User Data as long as reasonably necessary to provide the User the Services or to comply with applicable law. However, even after the User deactivates the Account, the Rightholder can retain copies of the User Data, in the collection of which the User may have participated, for a period of time that is consistent with applicable law, the applicable statute of limitations, or as the Rightholder believes is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with the Services, to assist with investigations, to enforce the Agreement or other applicable agreements or policies, or to take any other actions consistent with applicable law.
  11. The User may access, change or fix some of the User Data, and ask the Rightholder or the Acquirer to deactivate the Account.
  12. The Rightholder takes reasonable measures, including administrative, technical, and physical safeguards, to protect the User Data from loss, theft, and misuse, and unauthorized access, disclosure, alteration, and destruction. Nevertheless, the Rightholder cannot guarantee absolute security of the transmission or storage of the User Data.
  13. The Righholder holds the User Data both at its own premises and with the assistance of third-party service providers.

6. PAYMENT TERMS

  1. The User shall not pay any fees or reimburse any costs to the Rightholder due to the Application use.
  2. All fees pertaining to the Application use and the Services are subject to the Acquiring Agreement.

7. TERMS OF LIABILITY

  1. As a software provider, the Rightholder shall be held liable solely for damages occurred as a result of Application malfunction or failure due to the Rightholder’s willful misconduct. The Rightholder shall not be liable for any disruption or impairment of the Application or the Services under the terms of the agreement due to force majeure or due to reasons not attributable to the Rightholder.
  2. The Rightholder shall not be held liable for any damages incurred due to third-party hardware.
  3. The User excludes the Rightholder liability for damages in the form of lost profits including indirect or consequential losses and loss of reputation.
  4. To the maximum extent permitted by the law, the Rightholder shall not be held liable for direct or indirect losses and damages or non-performance under the terms of the Agreement which result from Rightholder’s compliance with legal and regulatory requirements or breach of the terms of the Agreement by the User.
  5. The Acquirer's liability has been set forth in the Acquiring Agreement.
  6. The User shall keep PINs, password, and other online login credentials (if applicable) confidential at all times and secure against unauthorized use by third parties. The Rightholder shall not be held liable for any Transactions performed as a result of unauthorized access to the Application by third parties.
  7. The User shall be solely responsible for fulfillment of all the User’s obligations if required by law or the Acquiring Agreement pertaining to Transaction processing, such as making available to the Cardholder a paper-based receipt of the Transaction.
  8. The Rightholder is not party to the legal relationship between the User and the Cardholder and shall not be held liable for commercial or any other grounds of Transactions.
  9. The User shall indemnify the Rightholder from and against any claims, damages, and costs resulting from the User’s violation of any applicable law, regulation, or any provisions of the terms of the Agreement or the Acquiring Agreement resulting in the Rightholder’s liability against any authorities or third parties.
  10. The Rightholder is not responsible for the content and/or relevance of the configuration parameters necessary for processing the Transaction or the Services via the Application that are provided by the Acquirer.
  11. The Rightholder is not liable for any direct or indirect consequences of any use, or inability to use the Application, and/or damage sustained by the User and/or third parties as a result of any use, failure to use, or inability to use the Application or its individual components and/or features, including situations due to possible errors or failures in the Application.
  12. The Rightholder is not responsible for financial and any other operations performed by the User and the Acquirer, as well as for any consequences of the conclusion of the Acquiring Agreement by the User from the relevant Acquirer.

8. SUSPENSION TERMS

  1. The Account can be terminated anytime by the request of the User to the Acquirer;
  2. Should there be no activity in the Account for 12 consecutive weeks, the Rightholder shall have the right to send a notification to the User’s registered email address. If the User as of 7 days after receipt of the notification does not declare the intent to continue using, the Account can be automatically closed.
  3. The Rightholder is entitled to suspend or terminate and close the Account if:
    1. the User is in breach of any obligation under the terms of the Agreement or under the Acquiring Agreement or any other rules or laws applicable to the Services;
    2. there are reasonable grounds to suspect that the User might be involved in any fraudulent activity, money laundering, terrorism financing or other criminal activity, activity resulting in credit or fraud risk;
    3. for justified security reasons.
  4. The Rightholder shall not be obliged to reimburse any costs incurred by the User due to the Account suspension or termination.
  5. After termination of the Account, the User shall continue to be bound by the terms of the Agreement.

9. OTHER TERMS

  1. The Rightholder is entitled to appoint a third party in order to fulfill some or all of the Rightholder’s obligations under the terms of the Agreement.
  2. The User shall treat as confidential all information obtained during the execution of the terms of the Agreement. Any operating or trade secrets of the Rightholder constitute confidential information.
  3. The User shall observe all applicable data protection regulations and take adequate measures against unauthorized use of the Application.
  4. The Rightholder collects, uses, and protects personal data in accordance with the terms of Section 5 of the Agreement.
  5. Written communication and notices shall be made via email to the email address, or via the phone number specified by the User at the registration procedure or within the Application.
  6. The User shall not assign any of the rights and obligations under the terms of the Agreement to third parties without the Rightholder prior written consent.
  7. The terms of the Agreement enter into force upon acceptance by clicking on the “ACCEPT” button available in the Application.
  8. The User confirms that the User has read, understood, and accepted the terms of the Agreement.
  9. All copyrights to the Application remain vested in the Rightholder. No works can be used or copied without the Rightholder’s prior written consent.
  10. All rights to content generated and submitted to the Application by the User shall remain vested in the User.

10. GOVERNING LAW. COMPLAINTS. DISPUTES

  1. The terms of the Agreement shall be governed by and construed under and in accordance with the applicable laws (“Governing Law”) of the country, where the User has completed the Acquiring Agreement.
  2. Any complaints about the Application and the Services shall be addressed to the Rightholder under the email address info@marta.uz or to the Acquirer contacts.
  3. Any dispute arising out of or in connection with the terms of the Agreement shall be finally resolved by the Governing Law. Before referring the dispute to the court, the parties will endeavor to resolve the dispute by amicable negotiations.