WHEREAS:
A. The user (“User”) is interested in seeking the license from the HDFC Bank Limited (“Bank”) (which expression shall, unless repugnant to the context or meaning thereof, shall be deemed to include its successors and assigns) to the Bank’s APIs (as defined hereinafter) and for this purpose to undertake the Registration (as defined hereinafter) on the Platform (as defined hereinafter) and eventual On-boarding (subject to the sole discretion of the Bank), and for exploring the possibility of its future digital integration with the Bank.
B. The User hereby undertakes to and agrees with the Bank and accepts these terms of use as amended from time to time together with any other condition which may be implied by applicable law (collectively, “Terms”) which shall govern the subject-matter covered herein.
C. The term ‘User’ shall, unless repugnant to the context or meaning thereof, include: (i) in the event that the User is an individual, his/her legal heirs, administrators and executors (ii) in the event that it is a company within the meaning of the Companies Act, 2013 or a Limited Liability Partnership, incorporated under the Limited Liability Partnership Act, 2008, its successors; (iii) in the event that it is a partnership firm for the purposes of the Indian Partnership Act, 1932, the partners for the time being and from time to time and their respective legal heirs, executors and administrators, legal representatives and successors; (iv) in the event that it is a sole proprietorship, the sole proprietor and his/ her legal heirs, administrators, executors and legal representatives; (v) in the event that it is a Hindu Undivided Family (HUF), the Karta and any or each of the members of the HUF and their survivor(s) and his/her/their respective heirs, executors and administrators; (vi) in the event that it is a Trust, the Trustee or Trustees for the time being thereof and their respective legal heirs, executors, administrators and successors; (vii) in the event that it is a Society, the members of the Society, the members of the governing body of the Society, and any new members elected, appointed or co-opted thereon.
D. Any of the following actions on the part of the User constitute User’s irrevocable and unconditional acceptance of the Terms;
i) User’s use or access of the Platform, by itself constitutes User’s acceptance of the Terms.
ii) By checking the box indicating User’s acceptance, User accepts the Terms.
E. By accepting these Terms, the User and the User’s Affiliates, wherever applicable, agree to be bound by the Terms hereunder. These Terms shall be in addition to and subject to any other terms as stipulated by the Bank from time to time. In case any specific agreement/addendum (“API Agreement”) is signed by and/or between the User and the Bank at the time of or before On-boarding (as defined hereinafter) by the Bank of the User for allowing such User to consume the APIs, then from the date of such signing, the terms of such API Agreement to the extent inconsistent with any terms hereof, shall prevail.
1. DEFINITIONS
1.1. “Application” means a website and/or software application (regardless of how fully developed) owned by the User and visited or used (or developed with the intent to be visited or used eventually) by the User, common customers of the Bank and the User or any natural person or company (“End Users”) to access and/or use API Content/Services.
1.2. “Documentation” means any online user guides, software development kit(s), and/or help and training materials for the Platform, APIs, as updated from time to time by the Bank, and accessed through the Platform.
1.3. “Platform” means the portal or the webpage or any online resource or website, of or under control of the Bank, which hosts the Registration process, API, Documentation and Available Content and is currently located at [●], and and will include any change thereto or replacement thereof by the Bank.
1.4. “Access Credentials” shall mean the log in identification and the password (including any changed or regenerated password), one time passwords or authentications and/or such other authentication factors including as may be prescribed by the Bank from time to time, as are necessary for accessing the Account.
1.5. “Account” shall mean the online access protocol enabled by the Bank through the Platform, created specific to the User upon completion of the Registration process by the User, which can be accessed by using the Access Credentials.
1.6. “Affiliate(s)” means, with respect to either party, any partnership, joint venture, corporation, limited liability company, association or other legal entity, however organized (“Person”) that now or hereafter directly or indirectly through one or more intermediaries, controls, or is controlled by or is under common control with the party in question. For the purpose of this definition, “control” together with grammatical variations when used with respect to any Person, shall mean the power to direct the management and policies of such Person; directly or indirectly.
1.7. “API Content”" means data or information made available by or delivered through a particular API.
1.8. “API Guidelines” shall mean such guidelines or directions of the Bank as the Bank has developed or may develop or issue and may amend from time to time, inter alia prescribing the protocols, security standards, and covering other aspects of consumption of Bank’s APIs by persons/entities other than the Bank.
1.9. “API” shall mean the Bank’s application programming interface(s), any accompanying or related software development kits, tools, documents, or any content that may be specifically made available to the User upon On-boarding for the purposes of enabling the access by the Bank to the User of the appropriate API functionality, subject to terms and conditions of the API Agreement, including set of subroutine definitions, protocols, and tools for building application software.
1.10. “Authorized Person(s)” shall mean the persons duly, properly and fully authorized by the User, severally, including pursuant to all necessary and due corporate actions and corporate authorities and including in accordance with the applicable law and constitutional documents of the User, for and on behalf of the User, to possess the Access Credentials, the Registered Contacts, and to access and use the Platform and Registered Contacts including to communicate with the Bank (to and from), thereby binding the User fully legally and contractually, irrevocably and unconditionally vis-à-vis the Bank and the other persons involved.
1.11. “Authority” shall mean any Government of a country, nation, state, province, region, union territory, any division or political sub-division by whatever name, any entity, unit, department, local authorities (such as corporation, municipality, panchayat), ministry, commission, board, agency or instrumentality thereof, exercising executive, legislative, judicial, quasi-judicial, regulatory or administrative functions of or pertaining to Government including any executive authority, legislative authority, regulatory authority, instrumentality, court, tribunal or other judicial, quasi-judicial, or administrative authorities, or any self-regulatory authority, having jurisdiction over the matter or matters in question.
1.12. “Available Content” shall include the interface on the Platform including for singing up and/or for registration on the Platform, services framework and related documentation or such content as may be provided by the Bank at its sole discretion from time to time.
1.13. “Bank Information” shall mean the information and/or data as may be made available or shared by the Bank in terms of or pursuant to these Terms including any APIs, Platform details, rules, engines, tools, codes, any documents in relation thereto, including for any testing or sandbox environment, any personal data or sensitive information of any person, officers, etc.
1.14. “Defect” means a failure of the API(s) and/or the API Content/Services associated with any API(s) to perform in all material respects in accordance with its specifications.
1.15. “Harmful Code” means a self-propagating program such as a virus, worm, trojan horse, logic / time bomb, back / trap door and all similar forms of extraneous code or harmful components that damage other programs including any downloadable content which contains any harmful code.
1.16. “Intellectual Property Rights” shall include all rights, benefits, title or interest in or to any Intellectual Property, anywhere in the world (whether registered or not and including all applications for the same).
1.17. “Intellectual Property(ies)” includes all patents, trademarks, permits, service marks, brands, trade names, trade secrets, proprietary information and knowledge, technology, computer programs, databases, copyrights, licenses, franchises, formulae, designs, geographical indications, and all other intellectual properties in relation to API, API Content/Services and Available Content.
1.18. “On-boarding” shall mean the eventual on-boarding process which will be enabled by the Bank for the User, in order for the Bank to grant appropriate license in Bank’s discretion to the APIs, in favour of the User, for the User to be able to use the appropriate API functionalities enabled or as may be enabled by the Bank, which On-barding process may include the User signing, executing and delivering, furnishing such documents, information, forms and applications to the Bank, as shall be required by the Bank.
1.19. “Registered Contacts” shall mean the mobile number, phone number, email ids, demographic details, any other contact co-ordinates for the User as furnished to the Bank by the User during the Registration or any time thereafter as per the procedure prescribed by the Bank in this regard.
1.20. “Registration” shall mean the process of the User signing up or registering and creating an online access account for the User on the Platform including generating any authentication credentials therefor, to the extent allowed by the Bank.
1.21. “Services" means service(s) and/or function(s) accessible through or performed by a particular API.
1.22. “User Information” shall have the meaning ascribed to the term in Clause 2.1 hereof.
2. REGISTRATION
2.1. The User acknowledges that all the details and information including the Registered Contacts and also any personal information or personal data/sensitive data of any person, provided by the User for or upon Registration or at any time thereafter (collectively, “User Information”), are being furnished by the User voluntarily to the Bank for use and processing thereof by the Bank, and the User must ensure that all such User Information is correct, genuine, authentic and complete in all material respects, and not misleading in any manner given the context, and wherever any personal data or sensitive information is involved, the User represents and warrants that it has and shall always have the explicit consent as required under the applicable data protection laws or privacy laws for sharing and giving such information to the Bank and for the Bank to be able to use and process the same as may be required for the purposes pursuant hereto.
2.2. The User must inform the Bank immediately of any changes to the information that the User may provide when registering by updating details to ensure the Bank can communicate with the User effectively.
2.3. The Bank may suspend or cancel or terminate the Registration (and any account, access, etc. for the User created pursuant thereto) with immediate effect in the sole discretion of the Bank, without notice to or consent form the User and the Bank’s decision in this regard shall be final and binding on the User and the Bank shall not be required to give any reasons therefor.
2.4. The User may cancel the Registration at any time by informing the Bank in writing to the address at the end of these Terms. If the User does so, it must immediately stop using the Platform. Cancellation or suspension of Registration does not affect or limit any of the obligations of the User to the Bank or Bank’s rights as against the User or any person.
3. PRIVACY POLICY, USE OF INFORMATION AND OTHER COVENANTS
3.1. The User hereby agrees that the Bank may collect and use the User Information from the User as per the Bank’s Privacy Policy available on its website at [●] (“Bank’s Privacy Policy”) and additionally for various purposes covered by the subject-matter of these Terms including assessment, evaluation, verification by the Bank of the User for On-boarding, for communications with the User, for storage, etc.
3.2. The User also agrees that the Bank may use automated methods or processes to analyze the User Information or any part thereof including User’s website or online resources or service or any information furnished by the User including any personal information or personal data of any person.
3.3. The Bank may use, process, profile, as above, the User Information, automate the process therefor, at the Bank’s discretion either on its own and/or through one or more service provider(s) as may be deployed by the Bank for this purpose.
3.4. The User hereby gives consent for all the aforesaid.
3.5. The User confirms that the User has and shall continue to have adequate privacy policies in place.
3.6. The User confirms that it has adequate, sufficient, lawful and legally fully valid consents from the persons to whom any such personal data or personal information belongs, for the same to be shared with the Bank for the Bank to use the same for the purposes of the Terms or in accordance with the Bank’s Privacy Policy. The User agrees and undertakes to hold harmless and indemnify the Bank against any and all third party claims or claims of any persons of whatsoever nature, costs, expenses, liability, damages, attorney fees for defending such claim that may arise out of use by the Bank of any information submitted by the User including any personal information or personal data of any person.
3.7. The User shall be additionally bound by the provisions of Schedule I hereto and undertakes to comply with the same in full.
4. ACCESS CREDENTIALS AND REGISTERED CONTACTS
4.1. In order to access and use the Platform through the Account, the User will need to use the Access Credentials. The Bank reserves the right to prescribe additional authentication factors for the User like user id and unique passwords and/or one-time passwords, as the Bank may deem fit from time to time and the User shall be bound to follow the same.
4.2. In case of alerts, notifications, reports as well as additional or change in authentication factors including upon User forgetting any of the Access Credentials (including the one-time passwords or one-time auth factors), the same may be sent by or on behalf of the Bank to the Registered Contacts, and the same shall constitute due and full notice and delivery to the User.
4.3. While it will be Bank’s endeavour to adopt appropriate security measures per the industry standards from time to time, however, the User acknowledges that the technology used including the internet, as well as the use of public/shared facilities is susceptible to a number of risks, such as misuse, phishing attacks, hacking, virus, malicious, destructive or corrupting code, programme or macro which make the medium vulnerable. Therefore, it is User’s special and extra duty of care to ensure that the Access Credentials and/or the Registered Contacts are not compromised in any manner and kept protected and in control of only and only of authorized personnel of the User.
4.4. Notwithstanding anything to the contrary contained in the Terms or any other connected or related document, the User irrevocably and unconditionally agrees as under:
4.4.1. The obligations and responsibility on the part of the User are of special and very high degree to maintain the security of the Access Credentials and of the Registered Contacts to prevent it being misused within or outside User’s organization.
4.4.2. Without prejudice to the generality of the above, the User shall ensure that the Access Credentials and the Registered Contacts are for and at all the times in possession exclusively of the Authorized Persons alone and are never shared with any other person or any unauthorized person (whether within or outside organization) and that the Registered Contact, and the devices on which the same or Account can be accessed, are made accessible and are accessed only and only by the Authorized Persons and not by any other person.
4.4.3. The User shall ensure that the Access Credentials are not shared by the Authorized Persons with any other person and they shall keep the same secure and shall not assign, transfer or disclose such information including the electronic key to any other person.
4.4.4. The User shall use the Access Credentials only for the purposes hereof and shall not use the same or any part thereof for any other purpose.
4.4.5. The User and the users authorized by the User shall keep all passwords, including the password used to encrypt the private key, confidential and well protected and should not reveal the same to any unauthorized person, including to any employees and representatives of Bank. The Bank shall in no way be held responsible, if the User incurs any loss as a result of the password being disclosed by the User or such users to any Bank representatives, employees or third parties.
4.4.6. The User confirms that the Bank shall not be required in any manner to verify or check whether the use and access to the Account is only by the Authorized Persons or not and whether any persons are actually Authorized Persons or not and whether the authority by User to the Authorized Persons is due and proper or not. The Bank shall be entitled to assume that any access to and use of the Account and/or the Platform and any communication from or to any Registered Contacts is by the Authorized Persons acting for and on behalf of the User to bind the User irrevocably and unconditionally legally, contractually and fully vis-à-vis the Bank and the other persons involved.
4.4.7. Any access and use of the Platform through use of the Access Credentials and/or any communication from or to the Registered Contacts, notwithstanding any security breach:
(1.1.a...i..a) shall be deemed to be by the Authorized Person only, duly authorized by the User and acting for and on behalf of the User, with the due authority and intention to bind the User irrevocably and absolutely, vis-a-vis the Bank and any other persons or entities involved;
(1.1.a...i..a) shall irrevocably and unconditionally bind the User vis-a-vis the Bank and any other persons or entities involved and shall always amount to authentic and authorized use and communication by, for/to and on behalf of the User;
(1.1.a...i..b) shall result in the User’s full and absolute liability for such access, communication and use;
(1.1.a...i..c) shall not obligate the Bank to verify whether the use or access or communication is authorized or not and the Bank shall be fully entitled to act upon the same treating the same as the duly authorized instructions of or receipt by or notice to the User;
(1.1.a...i..d) the User alone shall be liable and responsible for any security breach and consequences thereof and shall not hold the Bank responsible in any manner whatsoever.
5. ON-BOARDING ETC.
5.1. User agrees to furnish such documents, information, etc. as maybe required by the Bank for the Bank to access and evaluate the User, the compatibility, its systems, etc., and to determine whether to User will be On-boarded or not.
5.2. The User may be allowed by the Bank at its discretion limited access to APIs for testing in the sandbox environment, strictly on a need-to-know basis. Notwithstanding anything to the contrary herein or in any other connected documents, until the User is fully On-boarded and signs, delivers and executes necessary documentation as may be required by the Bank including the API Agreement to the satisfaction of the Bank, the User or any persons acting for User, do not in any manner get any license or rights to use, access, test or consume any of the APIs in the production environment.
5.3. Notwithstanding anything to the contrary contained herein or in any other connected documents:
5.3.1. The Bank does not make any commitment to the User and shall not be bound to, On-board the User and/or to grant license to access or use the APIs.
5.3.2. The Bank shall have the sole and absolute discretion to determine whether to On-board the User and/or to grant license to access or use the APIs.
5.3.3. The Bank shall not be required to provide any reasons or justifications for not On-boarding the User or for not granting the license to access or use the APIs, nor shall the Bank be liable for any damages or compensation to the User by reason of the Bank's such refusal.
5.4. The Bank does not make representation or warranty to the User that the API or functionalities thereof are or not, apt or beneficial or suitable, for User’s needs and whether or not it is in User’s interests to undertake the On-boarding process or feasibility thereof, and it the User who shall be alone responsible to make the decisions in this regard independent of the Bank.
6. LINK TO OTHER WEBSITES
6.1. The Platform may contain links to other sites. Unless expressly stated, these sites are not under the control of the Bank or that of Bank’s Affiliates.
6.2. The Bank assumes no responsibility for the content of such websites and disclaims liability for any and all forms of loss or damage arising out of the use of them.
6.3. The inclusion of a link to another site on the Platform does not imply any endorsement of the sites themselves or of those in control of them.
7. RESTRICTIONS
7.1. The User agrees that any access of the Platform, use, if granted by the Bank, of an API and API Content/Services, shall be subject to information security policies and procedures of the Bank and as per applicable law, including but not limited to authentication procedures, which may not be fully disclosed and may vary from time to time.
7.2. The User agrees and undertakes that when accessing or using the Platform, the User, and/or the User’s applications shall not:
7.2.1. modify, obscure, circumvent, or disable any element of the Platform, API and/or API Content Services, or their access control features;
7.2.2. disrupt, interfere with, or adversely impact the access or use of Platform, API and/or API Content/services by the Bank or any other party whatsoever;
7.2.3. infringe, misuse, or claim ownership of the Bank’s Intellectual Property;
7.2.4. transmit into Bank’s Paltform or systems, any Harmful Code or malware including through User’s application or access;
7.2.5. allow any unauthorized access to the Platform;
7.2.6. access, use the Platform, APIs, if any, or any facility being provided by Bank hereunder, in connection with an application that offers, permits or promotes gambling within the application, or for or in connection with any illegal, unlawful, immoral, anti-social activity;
7.2.7. use the Platform or communications with the Bank, including in connection with an application, for anything that is offensive, abusive, libelous, harassing, threatening, discriminatory, vulgar, pornographic, unethical, unlawful (or that promotes unlawful behavior), or that is otherwise inappropriate as determined by the Bank in its sole discretion;
7.2.8. except as expressly authorized by the Bank, use any robot, spider, retrieval application, or other automated functionality to retrieve or index any portion of the Platform, Bank’s data, products, or services for any unauthorized or authorized purpose;
7.2.9. access or use the Platform in a manner not permitted by the Terms herein; or
7.2.10. access or use the Platform in violation of, or in a manner that would cause the Bank and/or the Affiliates to be in violation of, any law, regulation or statutory or regulatory requirements applicable to the Bank or the User.
7.3. The Bank reserves the right to in its sole discretion, grant, deny, limit, or modify the User’s access to and/or use of Platform or any functionality or facility made available by the Bank pursuant hereto.
8. INTELLECTUAL PROPERTY
8.1. It is hereby clarified that the Bank retains all Intellectual Property Rights in the Platform, all APIs, all API Content/Services, all Documentation and Available Content, the developer environments, and all other procedures, functionalities, software, documentation, trademarks or distinctive signs, images, photographs, patents, utility and industrial models, drawings, graphics, text files, audio and video files and all other content accessible on the Platform or in any of the APIs, and/or any API Content/Services.
8.2. The User hereby understands and acknowledges that:
8.2.1. The Bank is the sole and absolute owner of the Bank’s Intellectual Property (“Bank IP”);
8.2.2. The User shall not, nor shall it be deemed to, acquire at any time, any right, title or interest whatsoever, in, to or over Bank IP or any combination thereof, in any language and/or trade name;
8.2.3. The User shall not claim or assert any right, title or interest in, to or over Bank IP or take any action which shall or may impair the Bank’s right, title or interest over Bank IP;
8.2.4. The User shall not oppose or object to any right, title or interest that Bank has or may have in Bank IP;
8.2.5. The User shall not use the Intellectual Property in a manner that may be detrimental to the Bank;
8.2.6. The User shall not make any alterations or changes to Bank IP, without the prior written approval of the Bank;
8.2.7. The User shall not permit any person (other than persons authorized by the Bank) to use Bank IP or any other Intellectual Property belonging to the Bank, including by the way of sub-licensing or otherwise, without the prior written consent of Bank;
8.2.8. The User is prohibited from using Bank IP for any business venture, marketing activity, promotional activity, or any other purpose, except as permitted herein above, without the prior written consent of the Bank;
8.2.9. The User shall share with the Bank, the samples/drafts of any materials/formats where Bank IP is used and shall print/use/display such materials/formats only after obtaining prior written consent of Bank; and
8.2.10. The Bank reserves the right to require the User, without assigning any reason, to discontinue temporarily or permanently the use of Bank IP and the User shall promptly upon receipt of such notice, discontinue such use.
9. REPRESENTATIONS AND WARRANTIES
The User hereby represents and warrants:
9.1. The User is not concealing or disguising its identity;
9.2. The User has a legitimate, lawful purpose for accessing and using the Platform, the API and API Content/Services;
9.3. The User will perform no act that harms the Bank or the Bank’s rights and interests in the Platform, API and API Content/Services;
9.4. The User will promptly block, and notify the Bank of, any known or suspected unauthorized or prohibited use of any API or API Content/Services or by a third party;
9.5. The User has obtained any and all necessary consent and approval to generally disclose to third parties and/or generally use any and all data that the User and its application utilize under these Terms, including (but not limited to) data provided in the context of accessing and/or using API Content/Services; and
9.6. The User has all the necessary resolutions, certificates, writings, consents, authorizations, approvals, no-objections, whether under law or under contract, from statutory, regulatory, local and other authorities/body or any other person (wherever applicable) as well as the internal and corporate authorizations including as per the User’s constitutional documents and as per applicable law, for entry into, signing, execution, delivery and performance of Terms and any other documents (by, for and behalf of the User), have been duly obtained and are and shall continue to be in full force and effect. The person(s) accepting these Terms and all other necessary and incidental/ ancillary documents on behalf of the User has/have been duly authorized in that regard and are entitled to accept and deliver the same for and on behalf of the User and to do, perform, accept, execute, sign, deliver all such acts/ deeds, writings, things as may be required by the Bank pursuant hereto.
10. INDEMNITY
10.1. The User undertakes to indemnify, protect, defend, save and hold harmless the Bank and its Affiliates, officers, directors, employees, agents, third parties, attorneys, successors, and assigns (“Indemnified Parties”) from and against:
10.1.1. any government, or other third party claim of loss, liability, penalty, assessment, civil or criminal fine, or damage to or asserted, whether through communication or formal filing, against the Bank or its Affiliates (including reasonable attorney's fees and expenses) related to, deriving from or associated with User’s application;
10.1.2. any misuse of APIs;
10.1.3. or any third party's use of the User’s application (whether in whole or in part) to access or use of the Platform, API(s) or API Content/Services (even if such activity is fraudulent), or any third party's use of any Platform, API or API Content/Services (even if such activity is fraudulent);
10.1.4. or the User’s violation of any representations, warranties, covenants and undertakings under these Terms;
10.1.5. any infringement of Bank IP by the User, Authorized Persons or any persons acting for User, or any third party associated with the User and/or such persons; and/or
10.1.6. any claims under any privacy or personal or other data protection laws from any persons.
10.2. These indemnification provisions and the rights granted by or through it are in addition to any other rights that the Bank may have under these Terms and applicable law and shall not be construed to provide an exclusive remedy.
10.3. Notwithstanding any other provision of the Terms herein, the indemnification provisions shall survive any termination or expiration of the Terms.
11. LIMITATION OF BANK’S LIABILITY
11.1. The Bank shall not be liable in any manner and in any way for any damages, or any loss occasioned to any User, Authorized Person, or third party or person, whether such claim is based on warranty, contract, tort (including gross negligence) or otherwise.
12. CONFIDENTIALITY AND NONDISCLOSURE
12.1. The User acknowledges and agrees that the username and password, information about the Platform, the Available Content, Documentation, API(s), API Content/ API Services disclosed to the User or collected by User, the Bank Information, shall be considered as the Bank’s confidential and proprietary information (collectively, “Confidential Information”) which shall not be disclosed by the User or any person acting for or on behalf of the User, to any person or third party (including, but not limited to, User’s Affiliates) without the Bank’s prior written consent.
12.2. The User agrees to use commercially reasonable means to maintain the confidentiality of Confidential Information in the User’s possession or contained in the Application, but in no circumstances less stringent than those required by law or that the User uses to safeguard the User’s own confidential or proprietary information.
12.3. Upon termination of these Terms, the User agrees to destroy all copies of Confidential Information in the Users and/or the User’s contractors’ or third party agents’ possession, or control and, upon request, certify such destruction to the Bank.
12.4. The User agrees that the Bank shall have no obligation whatsoever to keep confidential any or all data or information the User provides to the Bank under these Terms, including (but not limited to) data provided for use with Platform, Registration, On-boarding, API security services.
12.5. If the User applies for basic access, the Bank will keep confidential the information that the User provides to the Bank in connection with the User’s application to obtain basic access. However, the User acknowledges and agrees that the Bank may be required to disclose the User’s confidential information if required by a judicial, quasi-judicial, administrative, governmental, regulatory, tax, or any other authority.
13. DATA PROTECTION
13.1. When accessing or using the Platform, the User agrees that the User, the End Users and/or the User’s Application shall use commercially reasonable efforts to ensure that cyber security measures are in place to protect the Bank’s data and information which are accessed, processed, stored or transmitted irrespective of whether such place is housed at the Bank’s premises or in the premises of a third party and comply with all applicable law in this respect.
13.2. The User shall immediately report to the Bank any unauthorized access that has compromised the information or data of the Bank. In such report the User shall identify (i) the nature of the unauthorized use or disclosure; (ii) the information used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what the User has done or shall do to mitigate the effects of the unauthorized use or disclosure; and (v) what corrective action has the User taken or shall take to prevent future similar unauthorized use or disclosure.
13.3. The User agrees and undertakes to hold the Bank harmless and fully reimburse the Bank without any demur, in respect of all costs, expenses, damages and liabilities arising out of or in any manner connected with such unauthorized access.
14. RIGHT TO TERMINATE
14.1. The Bank reserves the right to terminate these Terms at its sole discretion and without any notice and without assigning any reason whatsoever to the User. These terms may also be terminated by the Bank on any information or belief that there has been an unauthorized access by a third party using the username and password of the User, any breach of the User’s confidentiality obligations, any breach of applicable rules and regulations, and any other breach of these Terms by the User. The Bank may also elect to temporarily suspend the User’s access till such breach is cured if it is remediable in nature.
14.2. In the event of a termination by either party, the User agrees to cease using any information, Confidential Information accessed pursuant to this arrangement, promptly [but under any circumstances in no more than two (2) business days] remove the same from User’s application, and delete any such information or data that are possessed or controlled by the User.
15. FORCE MAJEURE
15.1. Any delay in or failure of performance by the Bank under these Terms will not be considered a breach of these Terms and the Bank will not be held liable for any such delay or failure in performance to the extent that such delay or failure is caused by any occurrence beyond its reasonable control, including, but not limited to, acts of God, pandemic, power outages, failures of the Internet, war, terrorism, civil or political disturbance, lock-outs, floods, fire, or any other unforeseeable event.
16. TRANSFER AND ASSIGNMENT
16.1. The Bank shall at any time, without any consent of or notice to the User(s) be entitled to sell, assign, discount or transfer all or any part of the Bank’s rights, title, interest and/or obligations under these Terms, to any person(s) and in such manner and on such terms as the Bank may decide. Any such sale, assignment or transfer shall conclusively bind the User and all other concerned persons. The User shall not be entitled to directly or indirectly assign or in any manner transfer, novate, whether in whole or part, any rights, benefits or obligations under or in relation to or pursuant to these Terms or any functionality thereunder.
17. NOTICES
17.1. All notices, approvals, instructions, demand and other communication given or made under these Terms shall be in writing and may, subject to Clause 17.2 hereof, be given by facsimile, electronic mail, personal delivery or by sending the same by pre-paid registered mail addressed to the relevant party at its address or email set out below [or such other address or email as the addressee has by 5 (Five) calendar days’ prior written notice specified to the other party]:
For the User:
Any of the Registered Contacts
For Bank:
Address: Bank House, Shiv Sagar Estate, Dr Annie Besant Road Worli Mumbai, Maharashtra - 400018 India
Attn.: Product Head, API Banking
17.2. Any notice, approval, instruction, demand or other communication so addressed to the relevant party shall be deemed to have been delivered (i) if given or made by registered mail, 5 (Five) calendar days after posting; (ii) if given by personal delivery at the time of delivery; and (iii) if given or made by email, upon receipt of an email delivery report confirming receipt by the other party. Provided that in case of email sent to the Bank, the same shall be immediately on the same day followed by a physical copy of the notice sent by the User by a reputable overnight courier or registered A.D postage prepaid.
17.3. The Notices by email/other electronic instructions/mode (collectively, “Electronic Notice”) shall be subject to the following:
3.1.a) Though the Bank shall not be obligated to accept or act upon the Electronic Notices from User(s) unless the physical instructions as above are received from the User(s), the Bank may however in its absolute discretion be entitled to accept any such Electronic Notices from User(s) without the physical instructions as above. Any Electronic Notice sent by User(s) which the Bank relies upon shall be deemed to have been given by the User(s) and/ or its authorised signatory and such instructions shall be binding upon the User(s) whether actually given by the authorised signatory or not, under authority or not.
3.1.b) If there is a dispute as to the electronic records, or if there is any difference between the electronic records in the systems of Bank and the User(s), the records of Bank shall be final.
3.1.c) The User(s) understand/s that the internet/any other digital or electronic mode (“Electronic Modes”) through which the Electronic Notices transmit, are not necessarily encrypted and Electronic Modes are not always secure means of transmission, especially when Notices not electronically or digitally signed, and are susceptible to misuse, alternation, fraud, etc. for which the User(s) agrees that the Bank shall not be held liable or responsible. The User(s) further indemnifies the Indemnified Parties and agrees to keep them indemnified, saved and harmless, from time to time and at all times from and against any and all claims, losses, damages, costs, liabilities, charges, actions, suits, demands, penalties and expenses or other consequences incurred, suffered by any of them, pursuant to, in connection with or arising out of or in relation to:
(1.1.c...i) the Bank acting or refraining to act pursuant to, in accordance with or relying upon, any Electronic Notices from User(s); and/or,
(1.1.c...ii) the Bank acting pursuant to, in accordance with or relying upon any Electronic Notices from User(s); and/or,
(1.1.c...iii) any unauthorised or fraudulent Electronic Notice and/ or non-receipt of any Electronic Notice claimed to have been sent by the User(s); and/ or
(1.1.a...i) any errors, delays or problems in transmission or unauthorized/ illegal interception, any misuse, alteration, manipulation of electronic data or otherwise in the Electronic Notices caused by using Electronic Modes as a means of transmission.
18. GOVERNING LAW, JURISDICTION AND ARBITRATION
18.1. These Terms shall be governed by and construed in accordance with the laws of India. The parties agree that subject to Clause 18.2 below, if the process of the courts is required to be invoked for enforcement of Clause 18.2 below, including for seeking of any interim relief prior, during or after invocation of this Clause (Governing Law, Jurisdiction and Arbitration) below, the competent courts and tribunals at Mumbai, India shall have exclusive jurisdiction and both the parties hereto submit to the same.
18.2. All disputes, differences and/or claims arising out of these presents or as to the construction, meaning or effect hereof or as to the rights and liabilities of the parties shall be settled by arbitration to be held in Mumbai, India or any other place at the discretion of the Bank in accordance with the provisions of the Arbitration and Conciliation Act, 1996 (or any statutory amendments thereof or any statute enacted for replacement thereof) and shall be referred to the sole arbitration of a person to be nominated by the Bank. The language of arbitration shall be English. In the event of death, refusal, neglect, inability or incapability of the person so appointed to act as an arbitrator, the Bank may appoint a new arbitrator. The award including interim award/s of the arbitrator shall be final and binding on all parties concerned. The arbitrator may lay down from time to time the procedure to be followed by him in conducting arbitration proceedings and shall conduct arbitration proceedings in such manner as the arbitrator considers appropriate.
19. The User shall have no power or authority to conclude any agreement or contract or make any representation, promise, statement or guarantee on behalf of the Bank or to bind the Bank or create any obligation or responsibility for the Bank in any other way, to any person.
20. RELATIONSHIP BETWEEN THE PARTIES:
These Terms of Use are on a “principal to principal” basis and the Parties are independent of each other, and nothing contained herein is intended to or shall be deemed to create any partnership, joint venture, employment or relationship of principal and agent between Bank and the User and if applicable User’s representatives and employees or to provide the User with any right, power or authority, whether express or implied to create any such duty or obligation on behalf of the Bank. The User agrees that it will not represent that it is an agent of the Bank nor hold itself out as such. The User shall enter into any agreement or arrangement with any third person which will bind, nor shall attempt to bind, the Bank legally or otherwise and nothing contained in these Terms be deemed to provide the User with the power or authority to create such duty or obligation. The User understands and agrees that the Bank grants the User no power or authority to make or give any agreement, statement, representation, warranty, or other commitment on behalf of the Bank to any person, or to enter into any contract or otherwise incur any liability or obligation, express or implied, on behalf of the Bank, or to transfer, release, or waive any right, title, or interest of the Bank.
21. DISCLAIMER
21.1. The Bank provides the Platform, API(s) and API Content/Services on an “as is” and “as available” basis. The Bank hereby disclaims any and all warranties, express, implied or statutory regarding any Platform, API(s) or API Content/Services, including warranties of accuracy, merchantability, fitness for a particular purpose, or non-infringement.
21.2. The User is solely and entirely responsible for the Application, including but not limited to the Application's development, operation, maintenance, and compliance with all applicable local, state, central and international laws and regulations, and all materials that appear on or within the Application. The Bank hereby disclaims all liability with respect to the same.
The User has read, understood and accepted these Terms online.
SCHEDULE I
DATA SECURITY
1. DATA SECURITY
1.1. User shall (and shall ensure that its employees, agents and subcontractors shall) be required to maintain such administrative, organizational, technical and physical safeguards, and such processes, procedures and checks including, to secure the User Information, the Bank Information and any data provided or shared by the Bank as may be required under applicable law and/or industry standards or regulations issued by any Authority, which safeguards must be at least equal to or better than: (a) the safeguards it currently has in place to protect its own data; and (b) generally accepted security standards in the financial services industry.
1.2. The administrative, technical and physical safeguards, processes, procedures and checks as above shall be designed by User to:
(a) protect the security and confidentiality of the Confidential Information, the Bank Information and any data provided or shared by the Bank;
(b) ensure protection against any anticipated threats or hazards to the security and confidentiality of the any such data or information;
(c) protect against unauthorised or unlawful or accidental access to, processing of or use or disclosure, erasure, transfer, modification, of any such data or information, any loss or destruction of, or damage to, any of the aforesaid data or information; and
(d) ensure the proper and secure disposal of such data and information in its possession, custody or control, in accordance with the instructions of the Bank.
1.3. Without limiting the generality of the foregoing, User shall initiate all measures which a prudent organization, in a similar situation, would take to secure and defend its systems that contain any of the aforesaid data or information against “hackers” and others who may seek, without authorization, to modify or access its systems or such data or information. User will periodically test its systems for potential areas where security could be breached.
1.4. User covenants that it shall (and shall ensure that its employees, agents and sub-contractors shall) be bound by adequate confidentiality obligations. User shall ensure that the personnel of User (or of any of User’s sub-contractors) who access any of the aforesaid data provide a written undertaking not to access, process, use, disclose or retain such data except in performing their duties of employment and any failure to comply with this undertaking may result in a criminal offence and may lead User (or User’s sub-contractor, as the case may be) to initiate disciplinary action against such personnel.
1.5. User shall (and shall ensure that its employees, agents and subcontractors shall) in respect of any such data or information as above:
(a) comply with any request made or direction given by any authorised personnel of the Bank in connection with the requirements of any data protection laws or privacy laws;
(b) not do or permit anything to be done which might jeopardise or contravene the terms of any registration, notification or authorization under any data protection laws or privacy laws;
(c) not to process any data or information (including personal or private information of personnel, clients or customers of the Bank), save and except in accordance with data protection laws or privacy laws and subject to necessary consent to be obtained by the User,
(d) such data shall be treated as Confidential Information, for the purpose of this Agreement;
(e) use any such data or information only for the purposes of fulfilling its obligations under this Agreement and to comply with instructions given by the Bank from time to time in connection with use of such data and records, and not retain the data and records for any longer than is necessary for these purposes;
(f) promptly return to the Bank any part or all of such data or information on a request being made in this regard by the Bank, except for such data which is allowed by these Terms to be stored by User.
1.6. Where the introduction, imposition or variation of any law, order or regulation or official directive or any change in the interpretation or application thereof by any competent authority makes it apparent that it is unlawful or impractical without breaching such law, order or regulation or official directive for User to give effect to its obligations under these Terms, then notwithstanding anything herein to the contrary, User shall immediately consult the Bank to agree on any revision of the terms and conditions of these Terms reasonably required in view of such circumstances.
1.7. Save and except for such data which is allowed by these Terms to be stored by User, User agrees and undertakes that User shall, upon receiving instructions in writing to this effect by the Bank, immediately destroy/ erase/ delete/ purge all Bank’s Confidential Information in its possession and/or control in relation to this Agreement, by shredding or incineration of all documents and other material, which is in a physical form or irretrievably delete such Confidential Information recorded or stored by electronic means or otherwise, including all copies thereof and shall produce a certificate to the Bank stating that it has duly erased/ deleted/ destroyed the Confidential Information in accordance with the instructions by the Bank, except to the extent any copy thereof is required to be retained under the provisions of applicable law.
1.8. User agrees that the Bank and the regulatory Authorities shall have an unconditional right to inspect and audit the systems, documents, data, facilities and infrastructure of User and User hereby agrees to provide complete access rights to the Bank for such inspection only in respect of these Terms.
1.9. User confirms that it has read and understood the “acceptable usage policy” posted on the information portal under the heading “information security group” of the Bank, and agrees to protect the systems of the Bank and comply with the said policy.
1.10. User agrees to be vigilant and to report any breach of this Schedule, all breaches in the information security and/ or data privacy practices, control processes and checks, including but not limited to incidents which, directly or indirectly, have or would have affected the safety and security of the Confidential Information, any equipment downtime or failure, suspicious behaviour incidents or unusual cyber-security incidents (whether they were successful or were attempts which did not fructify), bribery incidents, fraud incidents, suspicious transactions including fraudulent / suspicious currency transactions immediately upon occurrence to the Bank and shall also immediately intimate all the concerned representatives and employees of the Bank which interact with User on a regular basis of such violation. In case of any security breach observed by the Bank, the same should be intimated to User immediately so that the same can be rectified.
1.11. If User is directed by a court or by any Authority to disclose information, data or documents relating to the Bank including Confidential Information, it shall notify the Bank in writing (prior to making any disclosure pursuant to such direction/order/notice), along with a copy of such direction/ order / notice, in sufficient detail immediately upon receipt of such direction/ order / notice in order to permit the Bank to make an application for an appropriate protective order and provide such information / documents as may be advised by the Bank in writing and keep the Bank apprised of any developments in this regard, from time to time.
1.12. User further confirms and agrees that it shall at all times during the tenure of this Agreement:
(a) comply with the provisions of the data protection laws and privacy laws, Information Technology Act, 2000 and the applicable rules thereunder, including without limitation the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 including in relation to its systems and Platform; and
(b) comply with all notifications, guidelines, circulars, issued by RBI.
1.13. User shall ensure complete security of all data provided by or collected from or for the Bank and shall be responsible thereof at all times when any of the aforesaid data is stored, used, processed, profiled, shared, disclosed, by or for User whether by User, User’s agents, sub-contractors or representatives.
1.14. User shall be solely liable for any breach of security, compromise, theft, modification and/or corruption, use, processing, profiling or sharing, any of which is not in accordance with any of the data protection laws or privacy laws of any of the aforesaid data or information mentioned in this Schedule at the times specified above (“Data Compromise Events”), where the Data Compromise Event is the direct or indirect result of any act or omission of User, User’s agents, sub-contractors or representatives. User agrees to indemnify and shall indemnify and keep indemnified the Bank, its directors, officers, agents, employees or representatives against all costs, liabilities, losses, claims, charges and expenses, including legal costs and fees, that may be suffered/incurred by the Bank from any Person, as a result of any Data Compromise Events, or in connection with any breach of any of the provisions of this Schedule and/or in connection with any claims under privacy/data protection laws.
1.15. Subject to and without prejudice to the other use, disclosure and processing restrictions under these Terms, none of the data or information provided by or collected from shall be stored or transmitted by User, User’s agents, sub-contractors or representatives outside India, or made accessible to/by any person outside India.