Schedule 1 (Acceptable Use Policy)

Last updated May 2025

1. Introduction

1.1     This acceptable use policy (the "Policy") sets out the rules governing:

(a)     the use of the Services(s) made available by RMS to you as a service via the internet including offline components, if any (the "Services"); and

(b)     the transmission, storage and processing of content by you, or by any person on your behalf, using the Services including its email and text messaging communication tools, correspondence files, stored photos, logos etc ("Content").

1.2     References in this Policy to "you" are to any customer for the Services and any individual user of the Services and "your" should be construed accordingly; and references in this Policy to "us" are to RMS (and "we" and "our" should be construed accordingly).

1.3     By using the Services, you agree to the rules set out in this Policy.

1.4     We will ask for your express agreement to the terms of this Policy before you submit any Content or otherwise use the Services.

2. General usage rules

2.1     You must not use the Services in any way that causes, or may cause, damage to the Services or impairment of the availability or accessibility of the Services.

2.2     You must not use the Services:

(a)     in any way that is unlawful, illegal, fraudulent or harmful; or

(b)     in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

2.3     You must not:

(a)     attempt to undermine the security or integrity of RMS 's computing systems or networks or, where the Software is hosted by a third party, that third party's computing systems and networks.

(b)     use, or misuse, the Software in any way which may impair the functionality of the Software or Website, or impair the ability of any other user to use the Software or Website.

(c)      attempt to gain unauthorized access to any materials other than those to which you have been given express permission to access or to the computer system on which the Software is hosted.

(f)      modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer the Software or the Website except as is strictly necessary to use either of them for normal operation.

2.4     You must ensure that all Content complies with the provisions of this Policy.

3. Unlawful Content

3.1     Content must not be illegal or unlawful, must not infringe any person's legal rights, and must not be capable of giving rise to legal action against any person (in each case in any jurisdiction and under any applicable law).

3.2     Content, and the use of Content by us in any manner licensed or otherwise authorised by you, must not:

(a)     be libellous or maliciously false;

(b)     be obscene or indecent;

(c)      infringe any copyright, moral right, database right, trade mark right, design right, right in passing off, or other intellectual property right;

(d)     infringe any right of confidence, right of privacy or right under data protection legislation;

(e)     constitute negligent advice or contain any negligent statement;

(f)      constitute an incitement to commit a crime, instructions for the commission of a crime or the promotion of criminal activity;

(g)     be in contempt of any court, or in breach of any court order;

(h)     constitute a breach of racial or religious hatred or discrimination legislation;

(i)      be blasphemous;

(j)      constitute a breach of official secrets legislation; or

(k)     constitute a breach of any contractual obligation owed to any person.

3.3     You must ensure that Content is not and has never been the subject of any threatened or actual legal proceedings or other similar complaint.

4. Graphic material

         Content must be appropriate for all persons who have access to or are likely to access the Content in question.

5. Factual accuracy

5.1     Content must not be untrue, false, inaccurate or misleading.

5.2     Statements of fact contained in Content and relating to persons (legal or natural) must be true; and statements of opinion contained in Content and relating to persons (legal or natural) must be reasonable, be honestly held and indicate the basis of the opinion.

6. Negligent advice

6.1     Content must not consist of or contain any legal, financial, investment, taxation, accountancy, medical or other professional advice, and you must not use the Services to provide any legal, financial, investment, taxation, accountancy, medical or other professional advisory services.

6.2     Content must not consist of or contain any advice, instructions or other information that may be acted upon and could, if acted upon, cause death, illness or personal injury, damage to property, or any other loss or damage.

7. Etiquette

7.1     Content must be appropriate, civil and tasteful, and accord with generally accepted standards of etiquette and behaviour on the internet.

7.2     Content must not be offensive, deceptive, threatening, abusive, harassing, menacing, hateful, discriminatory or inflammatory.

7.3     Content must not be liable to cause annoyance, inconvenience or needless anxiety.

7.4     You must not use the Services to send any hostile communication or any communication intended to insult, including such communications directed at a particular person or group of people.

7.5     You must not use the Services for the purpose of deliberately upsetting or offending others.

7.6     You must not unnecessarily flood the Services with material relating to a particular subject or subject area, whether alone or in conjunction with others.

8. Marketing and spam

8.1     You must not without our written permission use the Services for any purpose relating to the marketing, advertising, promotion, sale or supply of any product, service or commercial offering unrelated to the use of the Software and the Services.

8.2     Content must not constitute or contain spam, and you must not use the Services to store or transmit spam - which for these purposes shall include all unlawful marketing communications and unsolicited commercial communications.

8.3     You shall soley be responsible for the content of emails or SMSs sent to your distribution. In no case can the Service Provider be held responsible in any capacity whatsoever in relation to third parties for any damage resulting from you sending emails or SMSs using the Services.

8.4     Any use of the Services which may damage, disable or overload the Service Provider’s infrastructure or interfere with the enjoyment of the Services by other users is prohibited. In the event of non-compliance, the Service Provider reserves the right to immediately block or limit access to the Services or any part of the Services without notice and without refund or any form of compensation.

9. Gambling

You must not use the Services for any purpose relating to gambling, gaming, betting, lotteries, sweepstakes, prize competitions or any gambling-related activity.

10. Monitoring

You acknowledge that we do not actively monitor the Content or the use of the Services.

11. Harmful software

11.1   The Content must not contain or consist of, and you must not promote or distribute by means of the Services, any viruses, worms, spyware, adware or other harmful or malicious software, programs, routines, applications or technologies.

11.2   The Content must not contain or consist of, and you must not promote or distribute by means of the Services, any software, programs, routines, applications or technologies that will or may have a material negative effect upon the performance of a computer or introduce material security risks to a computer.

12. Use of Data by Service Provider

12.1    To enable the Services Provider to pursue its legitimate interests, in particular relating to risk management and the evaluation of the quality of the Customer’s email mailing lists (and, for example, to avoid risks of spam, phishing or fraud), the Customer is informed and agrees that, the Services Provider may transmit data to third party providers, including providers domiciled outside the European Union, for the purpose of establishing a reliability score. Any transmission of this data will be carried out in compliance with applicable rules.

12.2    The Customer expressly accepts that the behavior of recipients of these emails may be analysed by the Services Provider (tracking opening rates, click rates and bounce rates at the individual level) to improve the effectiveness of its emailing platform for Customer campaigns.

13. Unauthorised Automated Technologies

13.1 You must not use bots, emulators, screen scrapers, automated scripts, or similar technologies to access, interact with, or extract data from the Services—whether via the RMS Application Programming Interfaces (APIs) or by any other means—without prior written authorisation from RMS. Such technologies may compromise the security, performance, or integrity of the Services and are strictly prohibited unless expressly permitted.

13.2 If you wish to use such technologies, you must contact RMS to discuss your requirements and obtain prior written authorisation. Any authorised use may be conducted through the RMS APIs and is subject to RMS’s approval, as well as agreement on any additional requirements or modifications to the RMS APIs necessary to support such use. Unauthorised use—including accessing the Services’ user interface or other components without obtaining prior written authorisation—is prohibited.

13.3 Unauthorised use of bots, emulators, screen scrapers, automated scripts, or similar technologies constitutes a breach of this Policy and may result in immediate suspension or termination of your access to the Services, in addition to any other remedies available to RMS under your applicable agreement.

The following terms and conditions, as may be amended from time to time, shall apply to all RMS booking services provided directly or indirectly (through partners) that are made available online, through any mobile device, by email or telephone (“RMS Online”)

These terms and conditions apply to both:

1. The provider of accommodation (“Accommodation Provider”) (e.g. hotel, motel, apartment, workforce camp, facility operator and any other related product or service that can be reserved/booked using RMS Online), and

2. The consumer/guest (“Guest”) who uses RMS Online to place a reservation/booking or makes a purchase that may include processing a payment.

3. RMS Online distributes the Accommodation Provider rate, inventory and availability information supplied by each Accommodation Provider to online sales platforms chosen by the Accommodation provider.
RMS Online acts solely as an intermediary between the Accommodation Provider and the online sales platforms.
RMS Online receives reservation/booking information from those online distribution platforms.
RMS Online does not accept any liability for unavailability of rooms or other products/services caused by the Accommodation Provider over-selling their own available inventory.

4. When rendering our services, the information that RMS Online discloses to the online sales platforms is the sole responsibility of the Accommodation Provider.

Although RMS Online uses reasonable skill and care in performing its services it does not verify if, and cannot guarantee that, all information is accurate, complete or correct.

Each Accommodation provider remains responsible at all times for the accuracy, completeness and correctness of the (descriptive) information (including the rates and availability).

RMS Online is not responsible for (and disclaims any liability) for the use, validity, quality, suitability, fitness and due disclosure of the accommodation, product or service that is the subject of the reservation/booking and makes no representations, warranties or conditions of any kind in this respect, whether implied, statutory or otherwise, including any implied warranties of merchantability, title, non-infringement or fitness for a particular purpose. You acknowledge and agree that the relevant Accommodation Provider is solely responsible and assumes all responsibility and liability in respect of the reservation/booking (including any warranties and representations made by the Accommodation Provider). RMS Online is not a (re)seller of the accommodation, product or service that is the subject of the reservation/booking. Complaints or claims in respect of the reservation/booking (including related to the offered (special/promotion) price, policy or specific requests made by Customers) are to be dealt with by the accommodation Provider. RMS Online is not responsible for and disclaims any liability in respect of such complaints, claims and (product) liabilities.

5. Cancellation and no-show penalties and any other fees or policies relating to changes to reservations/bookings received are determined by and are the responsibility of the Accommodation Provider.

6. To the extent permitted by law, neither RMS Online or any of our officers, directors, employees, representatives, subsidiaries, affiliated partners, licensee, agents shall be liable for any:

(i) any punitive, special, indirect or consequential loss or damages, any loss of production, loss of profit, loss of revenue, loss of contract, loss of or damage to goodwill or reputation, loss of claim,

(ii) any inaccuracy relating to the (descriptive) information (including rates, availability and ratings) of the accommodation, products or services as provided by the Accommodation Provider,

(iii) the services rendered or the products offered by the Accommodation Provider or other business partners,

(iv) any (direct, indirect, consequential or punitive) damages, losses or costs suffered, incurred or paid by the Accommodation Provider or Guest, pursuant to, arising out of or in connection with the use, inability to use or delay of RMS Online,

(v) any (personal) injury, death, property damage, or other (direct, indirect, special, consequential or punitive) damages, losses or costs suffered, incurred or paid by the Accommodation Provider or Guest, whether due to (legal) acts, errors, breaches, (gross) negligence, willful misconduct, omissions, non-performance, misrepresentations, tort or strict liability by or (wholly or partly) attributable to the accommodation or any of our other business partners (including any of their employees, directors, officers, agents, representatives or affiliated companies) whose products or service are (directly or indirectly) made available, offered or promoted by RMS Online or the Accommodation Provider, including any service referrals, cancellation, overbooking, strike, force majeure or any other event beyond our control.

7. Bookings received through RMS Online from Guests are received on behalf of the Accommodation Provider.

The Accommodation Provider has sole responsibility for delivery of the services being booked by the guest and the Accommodation Provider fully indemnifies RMS Online for default by the Accommodation Provider.

8. Guests, by using RMS Online (e.g. by making a reservation/Booking), enter into a direct (legally binding) contractual relationship with the Accommodation Provider with which you make a reservation/booking or purchase a product or service (as applicable). From the point at which you make your reservation/booking, we act solely as an intermediary between you and the Accommodation Provider, transmitting the relevant details of your reservation/booking to the relevant Accommodation Provider(s).

9. Guests, in order to duly complete and secure your reservation/booking, you need to use your correct information that may include email address or phone number. We are not responsible or liable for (and have no obligation to verify) any wrong or misspelled email address or inaccurate or wrong (mobile) phone number or credit card number.

10. Guests, by using RMS Online you are consenting to us sending you communication in the form of an email or text message either for and on behalf of RMS Online (including any service partner) or the Accommodation Provider.The communication (i) may be sent prior to your arrival giving information on your destination, (ii) may be sent at any time providing you with certain information and offers (including references or links to Accommodation Provider offers and third party offers and services to the extent, where required, that you have actively opted for this information), (iii) may be sent after arrival to rate the (experience with your) Accommodation Provider or RMS Online, and (iv) may be sent to you promptly after your stay inviting you to complete a Guest review form.In all cases Guests may at any time withdraw their consent to receive communications.

11. RMS Online respects your privacy, please have a look at ourPrivacy Policyfor further information.

12. If applicable, certain Accommodation Providers may require reservations/bookings to be paid (wholly or partly as required under the payment policy of the Accommodation Provider) by means of secure online payment. RMS Online requires the use of an approved PCI DSS compliant payment gateway whenever Cardholder data is requested from a Guest using either the RMS Online booking site or when receiving Cardholder data from online sales platforms chosen by the Accommodation provider. Cardholder data refers specifically to the credit card number, along with cardholder name, expiration date and security code provided by the Guest to RMS Online directly or to the online sales platforms chosen by the Accommodation provider at the time the online reservation/booking is made and any payment is taken. The form in which the Guest enters Cardholder data on the RMS Online booking site is provided by the payment gateway. The Guest does not leave the RMS Online booking site, the details do not enter RMS Online and only the payment gateway sees them. The payment gateway then authorises that the card is valid and if successful processes the payment. Once the payment is processed the payment gateway drops a token into RMS Online against the Guest. RMS Online does not receive or store Cardholder data.

13. Any payment facilitated by RMS Online will constitute a payment of, or part of, the reservation/booking price and you cannot reclaim such paid monies from RMS Online.

Guest shall not hold RMS Online liable or responsible for any charge made for or on behalf of the Accommodation Provider.

14. Any Accommodation Provider who uses the RMS Online API to manage its own ecommerce booking platform (a “Custom Solution) is responsible for PCI DSS compliance and hereby agrees to indemnify and hold RMS Online harmless from any claims, fines, damages (including any direct, indirect, consequential or punitive damages), losses or costs suffered, incurred or paid by the Accommodation Provider or Guest, pursuant to, arising out of or in connection with the Custom Solution and use of the RMS Online API.

15. By uploading photos/images onto our system you certify, warrant and agree that you own the copyright to the photos/images and that you agree that RMS Online may use the uploaded photos/images on its platform. You are granting RMS Online a non-exclusive, worldwide, irrevocable, unconditional, perpetual right and license to use, reproduce, display, have reproduced, distribute, sublicense, communicate and make available the photos/images as RMS Online at its discretion sees fit. By uploading these photos/images the person uploading the picture(s) accepts full legal and moral responsibility of any and all legal claims that are made by any third parties (including, but not limited to, accommodation owners) due to RMS Online publishing and using these photos/images. RMS Online does not own or endorse the photos/images that are uploaded. The truthfulness, validity and right to use of all photos/images is assumed by the person who uploaded the photo, and is not the responsibility of RMS Online. RMS Online disclaims all responsibility and liability for the pictures posted. The person who uploaded the photo warrants that the photos/images shall not contain any viruses, Trojan horses or infected files and shall not contain any pornographic, illegal, obscene, insulting, objectionable or inappropriate material and does not infringe any third party (intellectual property right, copyright or privacy) rights. Any photo/image that does not meet the aforesaid criteria will not be posted and/or can be removed/deleted by RMS Online at any time and without prior notice.

16. These terms and conditions and the provision of our services shall be governed by and construed in accordance with Australian law. Notwithstanding the foregoing choice of law, a natural person using any of our services for a purpose which can be regarded as being outside their trade or profession (hereinafter also referred to as "consumer") can rely on the mandatory provisions of the law of the country where they have their domicile (i.e. provisions that, in accordance with the choice-of-law rules of the said country, must apply regardless of this choice-of-law clause; hereinafter: "Mandatory Provisions"). Any dispute arising out of these general terms and conditions and our services shall exclusively be submitted to the competent courts in the state of Victoria, Australia. Notwithstanding the foregoing jurisdiction clause, a consumer may also bring proceedings in respect of enforcement of relevant applicable Mandatory Provisions in the courts of the country in which they are domiciled, and proceedings against a consumer may be brought only in the courts of the country in which they are domiciled.

17. The RMS Online service is rendered by RMS (Aust) Pty Ltd, which is a private limited liability company, incorporated under the laws of Victoria, Australia and having its offices at 116 Harrick Road, Keilor Park, Victoria 3042, Australia.

RMS Privacy Policy

Last updated: December 15, 2025 

RMS Cloud is committed to protecting and safeguarding personal information entrusted to it. RMS acts in the best interests of its customers and their guests and is transparent about how personal data is collected, used, and protected. 
 
This Privacy Policy explains how RMS handles personal information across its products and services, including the RMS Property Management System (PMS), Online Booking Engine, Guest and Owner Portals, Channel Management, and RMS Pay – an integrated payment-processing solution delivered in partnership with licensed financial-services providers. 

1. Scope 

This Privacy Policy applies to all interactions with RMS, including its websites, SaaS platforms, APIs, portals, RMS Pay, and related support channels. 

By using any RMS service, you consent to the practices described in this Policy. RMS may update this Policy periodically; material changes will be communicated in advance. 

2. What Personal Data RMS Collects and Why 

(a) Property Operators and Owners (RMS Customers) 

RMS acts as the data controller when collecting or using customer or owner data directly in connection with their RMS subscription. 

Retention: RMS retains customer and user-account data for the duration of the subscription and as required for legal, tax, or operational purposes. Marketing communications continue until the recipient opts out. 

(b) Guests (using RMS-powered services such as Booking Engine, Guest Portal, or RMS Pay) 

The property operator (e.g., hotel, park, resort, or serviced apartment) is the data controller for guest personal information. RMS processes guest data only on behalf of the property operator. 

Examples of guest data that may be processed through RMS systems include: 

• Identity & Contact: Name, email, phone, address, date of birth,passportor ID details (where required) 
• Booking & Stay Details: Check-in/out dates, room type, rate plan, booking source, loyalty ID
• Preferences: Bed configuration, accessibility needs, dietary requirements, communication preferences, special requests
• Payment Data:Tokenisedcard reference (via RMS Pay) or other payment information 

Purpose: To fulfil bookings, manage stays, support guest communications, and enable property-defined marketing or loyalty programs. 

RMS Pay Specific: RMS never stores or processes full PCI-scope card details. Payment data is transmitted directly to the Licensed Financial Services Provider (LFSP), which tokenises it and returns a secure reference token to RMS. Only this token is stored within RMS (a safe reference). 

Optional Vault Service: A property operator may enable the RMS Vault, a PCI DSS Level 1-certified environment managed by a vault sub-processor that acts as RMS’s data processor. The RMS Vault stores card details on behalf of RMS and its customers under RMS’s control and is included in RMS’s QSA-attested Report on Compliance (ROC). 

Retention: The property operator determines how long guest data and tokenised payment references are retained. The LFSP and vault sub-processor retain untokenised PCI-scope payment information only as long as reasonably required. RMS manages vault retention duration. 

(c) Cardholder Payment (PCI-scope) 

For RMS Pay transactions, the Licensed Financial Services Provider (LFSP) acts as the independent data controller for cardholder and transaction information processed under its regulated payment-services obligations. 

For RMS Vault transactions, RMS acts as the data controller, and the vault sub-processor acts as RMS’s data processor within the PCI-certified environment. 

RMS stores the payment token solely to enable the property operator to initiate and manage transactions (including payments and refunds). Retention of tokenised payment data is determined by the property operator. 

3. Lawful Bases for Processing (EU, UK, and Other Jurisdictions) 

Where RMS acts as a data controller, personal information is processed under one or more of the following lawful bases: 

• Contract performance: To provide the RMS platform and related services, including user account management, billing, support, and service delivery.
• Legitimate interests: To maintain and improve the RMS platform, ensure system security, prevent fraud, and communicate essential product updates while balancing individual privacy rights. 
• Legal obligation: To comply with tax, accounting, payment, or regulatory requirements, and to cooperate with lawful requests from authorities. 
• Consent: For optional activities such as marketing communications, feedback surveys, or product features that require opt-in consent.

When RMS acts as a data processor (for example, processing guest data on behalf of a property operator), it relies on the lawful basis determined by that operator. 

4. Data Sharing 

RMS does not sell or rent personal data. 

All screenshots or case studies used in RMS marketing are fully anonymised. 

5. Automated Decision-Making and Profiling 

RMS does not use people’s personal data in a way where a computer makes a decision about them without human involvement, and where that decision has a meaningful impact on their rights, opportunities, or obligations. 

RMS systems may include optional automation features such as dynamic rate updates, workflow triggers, or communication templates. These operate under user-defined business rules configured by the property operator. RMS does not create or apply independent behavioural profiles or make algorithmic determinations about individuals. 

Where a property operator enables features involving predictive analytics or AI-assisted decision support (for example, demand forecasting or automated pricing), those functions are controlled by the property operator, which determines the purpose, scope, and lawful basis of such processing. 

6. Data Retention and Deletion 

RMS retains personal information only for as long as necessary to deliver contracted services, comply with legal and regulatory obligations, resolve disputes, maintain security, and enforce agreements. 

Retention periods vary depending on the data type and are described in Section 2 (What Personal Data RMS Collects and Why). In summary: 

• Guest and booking data processed on behalf of property operators are retained according to each operator’s configuration and policies. 
• Tokenised payment references are retained only while required by the property operator for payment processing, refunds, or audit purposes. 
• System and security logs may be retained for a defined period for fraud prevention, diagnostics, and auditing. 

When data is no longer required, it is securely deleted or anonymised in accordance with RMS’s data-retention schedule. Backups containing personal information are encrypted, access-controlled, and subject to automatic lifecycle deletion under RMS’s retention and disaster-recovery policies. 

7. Children’s Data 

RMS services are not directed at children. Where child data appears in a booking, it is collected and controlled by the property operator with verified parental or guardian consent. 

8. International Data Transfers 

Personal data may be processed in Australia, the USA, or the EU using secure cloud infrastructure (e.g., AWS and Microsoft Azure). Transfers outside the EEA or UK use Standard Contractual Clauses (SCCs) and supplementary safeguards such as encryption and access controls. 

Cardholder Payment (PCI-scope): Cross-border transfers of payment data processed through payment gateways and licensed financial services providers are managed in accordance with PCI DSS and applicable privacy laws to ensure the protection and integrity of cardholder information. 

9. Marketing Communications 

• Property Operators / Owners: RMS may send service updates or marketing materials on an opt-out basis. Unsubscribe via the email footer or contact privacy@rmscloud.com.
• Guests: RMS does not send marketing communications directly to guests. Any guest marketing is managed solely by the property operator.

10. Privacy Rights and Contacts 

Your rights depend on applicable laws (e.g., GDPR, UK GDPR, Privacy Act 1988 (Australia), Privacy Act 2020 (NZ), PDPA (Singapore), CCPA/CPRA (California)) and may include access, correction, deletion, restriction, portability, and objection. You may also lodge a complaint with your local data-protection authority. 

11. Security & PCI DSS Compliance 

• Encryption: Data is encrypted in transit (TLS) and at rest (AES-256).
• Access Control: Access is restricted to authorized personnel on a need-to-know basis with comprehensive logging and auditing. 
• PCI DSS Certification: RMS maintains annual PCI DSS Level 1 certification validated by a Qualified Security Assessor (QSA) through a Report on Compliance (ROC). 

RMS Pay and RMS Vault: Payment data transmitted through RMS Pay is encrypted end-to-end and processed by the Licensed Financial Services Provider, which securely stores cardholder data within its own PCI DSS-certified environment. The RMS Vault provides a separate PCI DSS Level 1-certified environment for optional card storage on behalf of property operators. Both the Licensed Financial Services Provider and the RMS Vault sub-processor maintain current PCI DSS certifications and operate under strict access and audit controls. 

Although no internet transmission is ever 100% secure, RMS’s layered controls and PCI-compliant architecture reduce risk to an extremely low level. 

12. Cookies 

RMS uses essential and performance cookies on its websites, booking pages, and portals to enable core functionality (e.g., session persistence, login) and enhance user experience through analytics. RMS does not share cookie data with third parties for advertising purposes. Users may adjust cookie settings in their browser, though some features may be affected. 

13. Complaints & Contact 

If you have a question or concern about how RMS handles personal information, please contact: 

Privacy Officer 
RMS Cloud 
privacy@rmscloud.com 

RMS will acknowledge your enquiry and aim to respond within a reasonable time consistent with applicable privacy laws. If you are not satisfied, you may contact your local data-protection authority. 

14. RMS Group Entities Covered 

- RMS Global Pty Ltd (Australia) 

- RMS (Aust) Pty Ltd (Australia) 

- RMS Europe Ltd (United Kingdom) 

- RMS Cloud North America LLC (Delaware, USA) 

- RMS Hospitality Pte Ltd (Singapore) 

- RMSCloud Software Private Ltd (India) 

- RMS International FZE (UAE) 

- RMS Pay Pty Ltd (Australia) 

- RMS Pay North America Inc. (Delaware, USA) 

Each entity processes personal information in accordance with this Policy and applicable data-protection laws. 

Change of Ownership

In the event of a Change of Ownership which uses RMS Property Management Software, we require both the outgoing and incoming owners to complete and sign the Change of Ownership form.  

To download a copy of the form please Click Here

If you need any assistance, please contact RMS Accounts Department on (03) 8399 9462

Please return the completed form: 

• Email: accounts@rmscloud.com
  

• Fax: (03) 9331 7323

RMS Pay Services Terms and Conditions.

Last updated: December 15, 2025

Background  

1. RMS provides the RMS Pay Services 

2. The Merchant wishes to acquire the RMS Pay Services from RMS

3. RMS shall provide the RMS Pay Services in collaboration with a Licensed Financial Services Provider to authorize transactions and affect financial settlement of transactions between End Users and Merchants.

4. The parties wish to enter into this Agreement governing the terms upon which RMS will provide the Merchant the RMS Pay Services.    

Agreement 

1.1 Defined terms 

In this agreement capitalised terms shall have the meaning set out below unless the context otherwise required : 

Acquirer means a Licensed Financial Services Provider that acquires and processes payment transactions on behalf of RMS Pay Services and its Merchants, and settles funds received from the Issuer either under its own arrangements with the Merchant or as instructed by RMS Pay Services. 

 Agreement means a contract between RMS and the Merchant for the provision of the RMS Pay Services and incudes by reference any Sales Order Form executed by the Merchant, schedules and annexures and any document specifically referred as part of this Agreement including any referred policies. 

Authorised User means any person nominated by the Merchant who is authorised to access and use the RMS Pay Services. 

Card Schemes refer to the organizations that establish the rules, standards, and processes for payment card transactions. They facilitate the transfer of payment information between financial institutions, Merchants, and End Users. These organizations oversee the use of credit, debit, and prepaid cards issued by financial institutions for end user payments. Card Schemes ensure that payment card transactions are processed securely and efficiently, setting terms for fees, transaction methods, and compliance standards. They also provide services such as fraud prevention and dispute resolution 

Confidential Information includes all information exchanged between the parties to this Agreement, whether in writing, electronically or orally, in relation  to the RMS System and the RMS Pay Service that is marked confidential or should have been reasonably understood by the disclosing party to be confidential, but does not include information which is, or becomes, publicly available other than through unauthorized disclosure by the other party. 

Consequential loss means any loss or damage which, although in the contemplation of the parties at the time they entered into this Agreement, is not a loss or damage which may fairly and reasonably be considered to arise naturally (that is, in the usual course of things) from the breach or other act or omissions (including loss of contract, business opportunity, profit or anticipated profit, or any other loss of a similar nature).  

Data Breach means any unauthorised access to, use or disclosure of Personal Information held by or on behalf of the Merchant.  

End User  means a Person that is a customer of the Merchant and conducts transactions with the Merchant.  

End User Data refers to any sensitive payment-related information associated with an individual or entity initiating a transaction, including but not limited to cardholder data such as credit card or debit card numbers, cardholder name, expiration date, and security codes; bank account details, including account numbers, routing numbers, IBANs, or any other identifiers used for direct debit or electronic fund transfers; digital wallet credentials, such as tokenized payment data or authentication keys; and any personal or financial information used to authenticate, authorize, or complete an electronic payment transaction.. 

Fees means those fees and charges payable to RMS for the provision of the RMS Pay Services as set out in the Sales Order or corresponding to the RMS Pay Services selected subsequently by the Merchant, including all Terminal rental Fees and Minimum Rental Term shortfall amounts as further described and governed in clauses 3.6, 6.4(e) and 6.5(g), and including any replacement or refurbishment costs under clause 3.6(h) and any continuing rental obligations under clause 6.4(f) and 6.5(g) 

Force Majeure Event means an event or series of related events that is outside the reasonable control of either party occurring without the fault or negligence of either party and could not have been prevented through the exercise of reasonable diligence. This includes, but is not limited to, failures of the internet or any public telecommunications network or third-party payment network disruptions, hacker attacks, denial of service attacks, power failures, industrial disputes involving third parties, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars. 

Go Live Date means the date you request for the RMS Pay Service specified in the Sales Order Form to be available to you and the effective date for invoicing of the Fees. 

Intellectual Property Right means any patent, trademark, service mark, copyright, moral right, right in a design, know-how and any other intellectual or industrial property rights, whether registered or unregistered in any jurisdiction worldwide. 

Issuer means a financial institution or an authorised Payment Scheme participant that issues a payment method used by an End User to conduct transactions with a Merchant. The Issuer facilitates the transfer of monetary value to the Licensed Financial Services Provider on account for the settlement of transactions.   

Licensed Financial Services Provider  means an Acquirer licensed under relevant financial services laws to provide financial services and facilitate financial settlement between Merchants and End Users.  

Merchant means a hospitality business that is a customer of RMS  that subscribes to receive RMS Pay Services in addition to the other services offered by RMS. 

Merchant Data means any data and materials inputted by the Merchant into the RMS System or stored by the  RMS Pay Service or generated by the  RMS Pay Service as a result of the Merchant’s use of the RMS Pay Service. 

Minimum Rental Term means the mandatory thirty-six (36) month period during which the Merchant is obligated to pay the monthly rental Fees for the Terminal(s), as specified in the Sales Order, commencing from the month following delivery and installation, and during which early termination will trigger the rental shortfall obligations described in clause 6.5(g). 

Moral Rights means any moral rights including the rights described in Article 6bis of the Berne Convention for Protection of Literary and Artistic Works 1886 (as amended and revised from time to time), being “droit moral” or other analogous rights arising under any statute that exists or that may come to exist, anywhere in the world. 

Party or parties means a party or parties to this Agreement, its successors and assigns or any person acting on behalf of and with the authority of the parties to this Agreement.  

Pass-Through Fees mean fees collected by RMS Cloud and remitted to third parties, such as card network interchange fees 

Payment Scheme means a regulated framework of participating institutions including Acquirers and Issuers, that facilitates the transfer funds and settlement of transactions. Under this framework, Acquirers act on behalf of Merchants and Issuers on behalf of End Users.  

Person means natural person, corporate entity, trust or any other legally recognised and or registered business structure. 

PCI DSS means the series of specific Data Security Standards (DSS) that the PCI Security Standards Council (PCI SSC) defines and are applicable to all merchants, regardless of revenue and credit card transaction volumes. 

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. Depending on the context, it includes any financial information of that individual regardless of: 

(a) whether the information or opinion is true or not; and 

(b) whether the information or opinion is recorded in a material form or not. 

Privacy Law means any applicable privacy laws, industry codes, or enforceable policies governing the handling of Personal Information in the jurisdiction where the RMS Pay Services are provided. 

Rental Agreement means the agreement between RMS and the Merchant for the rental of Terminals under these Terms and Conditions, together with the Sales Order, including the Minimum Rental Term and any continued monthly rental thereafter until termination in accordance with this Agreement. 

RMS means the registered business entity of RMS referenced in the Sales Order or other document that forms part of this Agreement or any of its associate and or related companies, delegates and or subcontractors that RMS uses for the purpose of providing the RMS Pay Services. 

RMS Cloud means a a proprietary cloud-based property management system owned, offered and managed by RMS as a SaaS solution, to which the Merchant subscribes. 

RMS Pay Services means the payment acquiring, settlement and transaction data management,  services provided by RMS Cloud to the Merchant  as set out in the Sales Order and further detailed in Clause 3.. 

RMS System means a proprietary cloud-based electronic property and booking management system including software which the Merchant accesses to utilise the RMS Pay Service and other services provided by RMS Cloud.  

Sales Order means any document, including one completed online, that records the RMS Pay Services ordered or amended by the Merchant and the relevant Fees. It may also reference  applicable terms and conditions, including those available online, relating to the use of RMS Pay Services and the rental terms for Terminals, where applicable. 

Support Services means support in relation to the use of the RMS Pay Service, including the identification and resolution of issues or technical faults. It does  not include the provision of training services. 

Schedules means each of the schedules annexed to this agreement. 

Tax means any applicable tax relating to the provision of the RMS Pay Services by RMS Cloud including but not limited to any consumption tax, sales tax, goods and services tax, value added tax and any tax imposed under applicable legislation or regulation in the jurisdiction where the RMS Pay Services are provided. 

Token means an encrypted electronic file that; 

1. containsEnd User payment details such as card information and paymentdata; 
2. isissued by the Licensed Financial Services Provider to the Merchant in anon-readable format;  
3. isreadable and decryptable solely by the Licensed Financial Services Provider;and 
4. the Merchant may use the Token torequest that the Licensed Financial Services Provider use the Token within its secure environment to initiate payment processing and settlement, with all underlying payment data stored and accessed solely by the Licensed Financial Services Provider; 

1.2 Interpretation 

In this agreement, unless the contrary intention appears: 

(a)  headings are for ease of reference and do not affect the meaning of this agreement; 

(b)  the singular includes the plural and vice versa and a gender includes another gender; 

(c)  other grammatical forms of defined words have corresponding meanings; 

(d)  a reference to: 

(i) the Information table; or 

(ii)  a clause, paragraph, schedule, or annexure, is to: 

(iii)  the Information table, in; 

(iv)  a clause or paragraph of; or 

(v)  a schedule or annexure to, this agreement; 

(e) a reference to this agreement includes the Information table and any other schedule or annexure; 

(f) a reference to this agreement or any other document includes any modifications, amendments,  novations or replacements that may occur over time; 

(g)  a reference to a party includes a reference to that party's executors, administrators, successors and permitted assigns; 

(h)  a reference to a statute, ordinance, code or other law includes any related rules made under it, as well as any updates, changes, replacements, or new versions of that law over time.; 

(i)  an agreement, representation or warranty in favour of two or more persons is in favour of them jointly and severally; 

(j)  an agreement, representation or warranty made by two or more persons binds them jointly and severally;  

(k)  The use of ‘including’ or ‘such as’ in relation to a list of items is illustrative and does not limit the scope of the general term to those items or to items of a similar nature; and 

(l)  no provision of this agreement will be construed against a party because that party was responsible for the preparation of this Agreement or that provision. 

This agreement begins on the date agreed by the parties as set out in the Sales Order and will continue in operation until terminated in accordance with Clause 6.   

3.1 Terms of Engagement 

The Merchant appoints RMS Cloud as its provider of the RMS Pay Services, and RMS Cloud accepts the appointment and agrees to provide the RMS Pay Services to the Merchant, in accordance with the Sales Order and terms and conditions of this Agreement. 

3.2 Nature of the RMS Pay Services and the use of a Token 

(a) Without limiting the definition of RMS Pay Services and the provisions of the Sale Order, the RMS Pay Services entails a cloud-based service utilising the RMS System that includes (amongst other things); 

(i) enables the transfer of transactional information between the Licensed Financial Services Provider on behalf of its Merchants to Issuers acting on behalf of End Users; 

(ii) enables the transfer of transactional data and settlement reports from the Licensed Financial Services Provider to Merchants; 

(iii) synchronise the transactional and settlement data in a manner that each Merchant can access their relevant transactional and settlement data enabling them to reconcile their records accurately; and 

(iv) Enables the issuance and use of Tokens by a Licensed Financial Services Provider through the RMS System to allow Merchants to communicate with the Licensed Financial Services Provider to initiate the settlement process. 

(b) Issuing and using of Token: 

For the purposes of this Agreement; 

(i) A Token will be issued  by a Licensed Financial Services Provider and used by that provider to process transactions on behalf of Merchants; 

(ii)  the Token serves as a unique, non-sensitive reference to the End User’s payment method used to initiate the transaction, and does not itself contain any readable payment data;)  Only a Licensed Financial Services Provider will have the ability to retrieve payment information from a token; RMS Cloud, the RMS System, and RMS Pay Services will not have the capability to do so; 

(iv) Merchants can use the RMS System to send a payment request to a Licensed Financial Services Provider, either at their discretion or based on the rules and settings they have created in the RMS System; 

(v) on request from a Merchant, a Licensed Financial Services Provider will decrypt the payment information in the Token and initiate settlement of monetary value for the Merchant for transactions conducted by End Users; 

(vi) a Licensed Financial Services Provider will communicate with Issuers to receive monetary value for Merchants.   

3.3 Other third parties involved: Licensed Financial Services Providers  

(a) RMS entered into arrangements with Licensed Financial Services Providers who hold the necessary licenses and permits in the relevant jurisdictions to provide financial services, process and affect settlement of transactions with Issuers  for the benefit of Merchants. 

(b) The Licensed Financial Services Providers have entered into commercial arrangements with participants of the relevant Payment Scheme, including Issuers, and hold the necessary systems and regulatory authority to process and settle payment transactions initiated by End Users.  

 (c) RMS Cloud facilitates and enables the receipt of services by the Merchant from the Licensed Financial Services Providers and supports any onboarding requirements the Licensed Financial Services Provider may require of the Merchant from time to time. If requested by the Licensed Financial Services Provider, the Merchant may be required to review and agree to the Licensed Financial Services Provider’s terms and conditions of service. 

3.4 RMS Pay Services Enrolment and Integration 

(a) The Merchant must execute a Sales Order or other document outlining the RMS Pay Services to be provided, the associated Fees, payment terms and the Merchant’s acceptance of the terms and conditions set forth herein.  

3.5 Merchant Relationship to Licensed Financial Services Provider 

• To provide the RMS Pay Services to Merchants, a Licensed Financial Services Provider will act as the Acquirer of record for the Payment Schemes and may, in certain jurisdictions, leverage the acquiring license of its local acquiring partner.  The Payment Scheme rules may require a direct contractual relationship between the Merchant and the formal Acquirer. For that reason, Merchants may be required to accept specific acquirer terms and conditions to formally acknowledge the Acquirer for transactions processed through the RMS Pay Services. RMS Pay Services will, in the case of a Licensed Financial Services Provider or where they have leveraged the acquiring license of its local acquiring partner to provide the RMS Pay Services, remain fully end-to-end responsible for the provision of services to the Merchant and will serve as the principle point of contact for all RMS Pay Services. No separate fees will be due by Merchant to such acquiring partner.  
  
  
• In certain jurisdictions where a direct relationship is formed between the Merchant and the Acquirer as described in clause 3.5(a) , the Merchant may also receive, as applicable to that jurisdiction, disclosure documents such as a financial guide and product disclosure statement to assist the Merchant to understand the terms of service.
  
  
• Certain jurisdictions may require the Licensed Financial Services Provider to hold Merchant funds separately from their own funds. This typically applies to funds received as settlement for processed payment transactions that have not been settled to the Merchant or any other party by the end of the same business day. The separation of funds may involve holding Merchant funds in trust for the Merchant in a separate account at a licensed bank in the relevant jurisdiction, distinct from the bank account of the Licensed Financial Services Provider, or in a separate legal entity. Depending on the jurisdiction’s requirements these funds may be comingled with similar funds belonging to other merchants and held on an omnibus basis. These safeguarding measures are designed to protect Merchants funds from the creditors of the Licensed Financial Services Provider. However, these requirements do not apply in all jurisdictions, and the Merchant may inquire with RMS Pay Services to confirm which, if any, measures are applicable to their jurisdiction. 

3.6 Rental of Terminals and licencing   

(a) As part of the RMS Pay Services, the Merchant may rent Terminals from RMS to enable electronic transactions to be conducted by End Users (Terminals), subject to the terms of the Rental Agreement as set out in the Sales Order and this Agreement.    

(b) The Merchant acknowledges and agrees that the Terminals remain the property of RMS at all times, and the Merchant acquires no ownership rights in the Terminals under the Rental Agreement. 

(c) RMS hereby grants the Merchant a non-transferable, non-exclusive license to use the Terminals and any software installed on the Terminals solely for the purpose of receiving the RMS Pay Services during the term of the Rental Agreement. 

(d) The Merchant agrees to pay the monthly rental fees for the Terminals as specified in the Sales Order, which are non-refundable. The rental fees commence in the month following delivery of the Terminal(s) and continue for the Minimum Rental Term, and thereafter on a month-to-month basis at the applicable rental Fees specified in the Sales Order (or as otherwise notified by RMS pursuant to Clause 4.4 until the Rental Agreement is terminated in accordance with Clause 6). 

(e) The Merchant is responsible for the care, maintenance, and safekeeping of the Terminals, subject to reasonable wear and tear. The Merchant must not modify, tamper with, or attempt to repair the Terminals without RMS’s prior written consent. 

(f) The Merchant bears the risk of loss, theft, or damage to the Terminals from the date of delivery. The Merchant must notify RMS immediately of any loss, theft, or damage and may be liable for repair or replacement costs as specified in the Sales Order..  

(g) Upon termination of the Rental Agreement, the Merchant must return the Terminals to RMS in Terminal Return Condition, being (i) good working condition; (ii) undamaged except for reasonable wear and tear; (iii) with all cabling, power units and accessories originally supplied and; (iv) in a condition, enabling redeployment without material refurbishment. 

(h) If the Merchant fails to return the Terminals in Terminal Return Condition within 30 calendar days of the termination date, RMS may charge the Merchant the replacement or refurbishment costs specified in the Sales Order  or, if not specified in the Sales Order, the then-current RMS standard replacement value or refurbishment charge for that Terminal model as notified by RMS Cloud to the Merchant.  Rental Fees will continue to accrue in accordance with clause 3.6(f) until the earlier of (i) the return of the Terminal in Terminal Return Condition or (ii) payment of the applicable replacement or refurbishment cost. 

(i) For clarity, if the Rental Agreement is terminated before the expiry of the Minimum Rental Term, Merchant remains liable for all early-termination rental shortfall amounts as set out in clauses 6.4(e) and 6.5(g). 

3.7 Cooperation by the Merchant  

The Merchant must provide RMS with such information, resources, cooperation and authorities that RMS reasonably requires to perform the RMS Pay Services 

3.8 Non-Transferability of RMS Pay Service 

• The RMS Pay Services are provided exclusively to the Merchant named in this Agreement and are specific to the Merchant’s business identified therein. The Merchant account associated with the RMS Pay Services is not transferable to any other party.
  
  
• If the Merchant sells, transfers ownership, or delegates management of the business to a third party, the new owner or manager must execute a new agreement with RMS Cloud to establish their own Merchant account for the RMS Pay Services. The existing Merchant account shall not extend to such new owner or manager.
  
  
• The Merchant shall promptly notify RMS Cloud in writing of any sale, transfer of ownership, or change in management of the business, including the effective date of such change. Should the Merchant fail to provide such notice at the time of transfer, the Merchant shall remain solely liable for all transactions processed through the RMS Pay Services by the new owner or manager that are settled into the Merchant’s bank account. 

3.9 Default Risk Management Compliance 

This section is applicable solely when RMS bears the Merchant’s default risk and does not apply if the Licensed Financial Services Provider assumes such risk. 

• The Merchant shall comply with RMS’ default risk management policies, as updated from time to time, to ensure the secure and reliable operation of the RMS Pay Services, including transaction processing via the Licensed Financial Services Provider and the use of the RMS System for guest booking and payment management. 
  
  
• The Merchant, as owner of the guest booking and payment information within the RMS System, consents to RMS monitoring such information solely for the purpose of assessing and managing default risk under this Agreement.
  
  
• RMS Cloud may implement transaction restrictions within the RMS System as part of its default risk management policies, including but not limited to controls on transaction amounts, timing, or other transaction parameters to manage default risk and exposure, and such restrictions, if any, shall be advised to the Merchant
  
  
• The Merchant shall promptly provide RMS with financial information, transaction data, or other documentation reasonably requested to assess and manage default risk under these policies and software restrictions, beyond the information already available through the RMS System.]
  
  
• If RMS Cloud determines, in its reasonable discretion, that the Merchant’s default risk profile exceeds the thresholds set in the default risk management policies, RMS Cloud may take one or more of the following actions: 

(i) Require the Merchant to provide additional security (e.g., a deposit, rolling reserve or bank guarantee) to mitigate transaction processing risks. 

(ii) Instruct the Licensed Financial Services Provider to adjust settlement terms, including delaying or withholding funds pending risk resolution; or 

(iii) Suspend or restrict the Merchant’s access to the RMS Pay Services or specific features of the RMS System until compliance is restored 

• The Merchant acknowledges that failure to comply with RMS Cloud’s default risk management policies, including transaction restrictions imposed through the RMS System, may result in RMS directing the Licensed Financial Services Provider to withhold funds pending settlement until such compliance is achieved.

3.10 RMS Cloud Warranties 

RMS Cloud warrants to the Merchant that, in connection with the provision of the RMS Pay Services: 

(a) It is legally able to enter into this Agreement; 

(b) it is authorised by the Licensed Financial Services Provider to integrate its payment services with the RMS System; 

(c) It will comply all laws as they are applicable to the RMS Pay Services; 

(d) It will use reasonable skill and diligence; 

(e) The use of the RMS System and any documentation in accordance with this Agreement will not result in a breach of any law or mandatory code of conduct;  

(f) the provision of the RMS Pay Services to the Merchant and the use of any documentation by the Merchant , will not: 

(i) infringe any person’s rights (including Intellectual Property Rights and Moral Rights); or 

(ii) constitute a misuse of any person’s Confidential Information. 

(g) It will safeguard Merchant data by maintaining industry-standard policies and procedures including a robust  data backup system, to prevent data loss in connection with the RMS Pay services. 

  3.11 Merchant Warranties 

The Merchant warrants to RMS Cloud that, in connection with the provision of the RMS Pay Services: 

• It is responsible for obtaining and maintaining all equipment, computer hardware and software and all telecommunications services necessary to access and use the RMS Pay Services excluding the Terminals provided by RMS under the Rental Agreement
• It will use the RMS Pay Services solely for the hospitality-related purposes authorized by RMS Cloud or the Licensed Financial Services Provider during the onboarding process and for no other purpose
• It will take all reasonable precautions to ensure the security of access to the RMS Pay Services and must not, under any circumstances, allow any third party or any person other than an Authorised User to access or use the RMS Pay Services for any purpose without the prior written consent of RMS Cloud. 
• It will immediately notify RMS Cloud in writing if it becomes aware of any unauthorised use of the RMS Pay Services by any person. 
• It will not use the RMS Pay Services in any way that will contravene any legal or regulatory provision.  

4.1  Basis of Fees 

(a) In return for the provision of the RMS Pay Services by RMS Cloud, the Merchant agrees to pay the Fees as set out in the Sales Order or other documents forming part of this Agreement in the manner and timing set out therein.   

(b) Fees charged by RMS Cloud, such as bundled or inclusive fees, include all applicable third-party charges, including those imposed by the Licensed Financial Services Provider and any Pass-Through Fees. Where fees are structured on an interchange-based pricing model, the Merchant will be charged the Pass-Through Fees in addition to a separate RMS Pay Services Fee. For clarity, Terminal rental Fees and Minimum Rental Term shortfall amounts are not bundled fees and remain payable in accordance with Clause 3.6. 

4.2 Invoicing and Payment 

(a) The Fees shall be invoiced to the Merchant in arrears for each billing period for the amount and frequency as set out in the Sales Order.  Unless agreed or advised otherwise by RMS, any settlement of Fees to RMS Cloud is done on a net pay basis which means that all Fees are paid to RMS Cloud as part of the settlement of transactions.  For clarity, Terminal rental Fees are invoiced monthly in advance notwithstanding any other provision of this clause. 

(b) Without limiting the provisions of clause 4.2(a) the Merchant acknowledges that not all fees are capable of being settled on a net transaction basis and that RMS Cloud may invoice separately and in arrears any additional fees owed to RMS Cloud as listed on the Sales Order or any other documents that form this Agreement. Such additional fees, (excluding Terminal rental Fees and Minimum Rental Term shortfall amounts) may be net settled against Merchant funds due for settlement by the Licensed Financial Services Partner. Terminal rental Fees and Minimum Rental Term shortfall amounts may not be net-settled and will be invoiced separately and must be paid in accordance with clause 3.6. 

(c) RMS Cloud may, at its sole discretion, agree to settle certain fees with the Merchant following the settlement of End User transactions. 

(d) RMS Cloud invoices will be generated electronically and transmitted by email or other electronic means.   

4.3. Tax

(a) Unless otherwise expressly stated in this Agreement, prices or other sums payable or consideration to be provided under or in accordance with this Agreement are exclusive of Taxes. 

(b) If a party makes a taxable supply under or in connection with this Agreement, the other party must pay to the supplier at the same time, and in addition to the tax exclusive consideration, an amount equal to any applicable Tax payable on that supply. 

(c) RMS Cloud must, as a condition to the payment of Tax under clause 4.3(b), give the Merchant an invoice  detailing any Fees paid and any taxes paid and such information as prescribed in the relevant tax law from time to time. 

(d) If an adjustment event arises in connection with a supply made under this Agreement, the supplier must give the other party an adjustment note in accordance with the applicable tax law. 

(e) If this Agreement requires one party to pay for, reimburse or contribute to any expense, loss or outgoing suffered or incurred by the other party, the amount required to be paid, reimbursed or contributed by the first party will be reduced by the amount of any value-added tax, sales tax or similar tax credits (if any) to which the other party is entitled in respect of the reimbursable expense. 

4.4  Variation of Fees
(a) RMS Cloud may, at its sole discretion, adjust the fees for the RMS Pay Services by providing the Merchant with at least 30 days’ prior notice, which may be sent by email to the email address provided by the Merchant under this Agreement. Adjusted fees shall take effect upon expiration of the notice period. 

 
(c) If a fee adjustment constitutes a material change pursuant to Clause 6.3(b) (excluding third-party cost adjustments), the Merchant may terminate the RMS Pay Services without penalty, subject to the provisions of Clause 6.3(b) (Notice) and Clauses 3.6, 6.4(e) and 6.5(g). 

4.5  Merchant Liabilities 

(a) The Merchant shall be solely responsible for all chargebacks, refunds, reversals, or any other liabilities arising from the use of RMS Pay Services, including but not limited to fraud, unauthorized transactions, or disputes initiated by End Users or Payment Schemes. These liabilities shall be to the Merchant’s account and deducted from the Merchant’s settlement funds. 

(b) The Merchant agrees that RMS Cloud and the Licensed Financial Services Provider shall have the right to withhold, offset, or deduct amounts from any settlement funds due to the Merchant to cover any chargebacks, refunds, or other related liabilities. 

(c) If the Merchant’s settlement funds are insufficient to cover outstanding chargebacks, refunds, or liabilities, the Merchant agrees to pay RMS Cloud the outstanding amount upon demand. 

(d) The Merchant acknowledges that Payment Schemes (including Visa, Mastercard, or other applicable networks) may impose additional fees, penalties, or fines for excessive chargebacks, fraud, or non-compliance with chargeback thresholds. These fees are levied at the discretion of the Payment Schemes and may not be specified in the Sales Order or other documents that form this Agreement. The Merchant agrees to pay such fees in full, and RMS Cloud shall have the right to deduct these fees from the Merchant’s settlement funds or invoice the Merchant separately. 

(e) RMS Cloud reserves the right to impose additional risk-mitigation measures, including but not limited to reserves, rolling reserves, delayed settlements, or transaction monitoring requirements, in the event the Merchant exceeds acceptable chargeback levels or is deemed high-risk by a Payment Scheme or the Licensed Financial Services Provider. 

(c) RMS Cloud will use its best efforts to ensure the RMS Pay Service System remains operational, subject to any issues affecting RMS Cloud’s own systems. 

(d) Without limiting the provisions of clause 10 dealing with Force Majeure, RMS Cloud shall not be liable for any loss, damage, or disruption arising from downtime or unavailability of the RMS Pay Services or the Licensed Financial Services Provider’s systems, if the unavailability or downtime is beyond the direct or indirect control of RMS Cloud and the Merchant hereby releases RMS Cloud from all liability related to such events. 

6.1  How a party breaches this agreement 

A party breaches this agreement if: 

(a) the party fails to comply with any term of this Agreement (including its Schedules) and failed to remedy the breach within 5 calendar days if the breach involves a payment obligation or for other breaches 20 calendar days following receipt of notice from the other party specifying the breach and requiring its remedy;  

(b) the party, being an individual, becomes bankrupt or commits an act of bankruptcy or brings his or her estate within the operation of any law relating to bankruptcy; 

(c) the party is a corporation and: 

i. the corporation is wound up; or 

ii. an administrator, a receiver, liquidator, a manager or an inspector is appointed in respect of the party; 

iii. a similar process is entered by the corporation that amounts to an arrangement with creditors or government agencies concerning its liabilities; or 

(d) the interest of the party under this agreement is attached to or taken in any legal process. 

6.2  Termination for cause 

(a) If a party breaches this agreement under clause 6.1 and, within the time frame specified in clause 6.1 having received  a written notice from the other party specifying the breach: 

i. the breach is not remedied if it is capable of being remedied; or 

ii. the breaching party does not compensate the other party in accordance with this agreement or to the other party's reasonable satisfaction if the breach is not capable of being remedied, 

The non-breaching party may terminate this Agreement by written notice to the breaching party at any time up to the breach being remedied or compensation reasonably acceptable to the other party being paid. 

6.3  The Merchant ’s right to terminate for convenience 

If RMS Cloud makes a Material Change to this Agreement, including but not limited to: 

the Merchant may terminate this Agreement by providing written notice to RMS Cloud within 30 Calendar Days of receiving notice of the Material Change. Termination under this clause shall take effect no earlier than 30 Calendar Days after the Merchant’s notice, unless otherwise agreed. 

(a) RMS Cloud will cease providing the RMS Pay Services to the Merchant on the Termination for Convenience Date (or if otherwise agreed between the parties switch to a monthly use of services); 

(b) RMS Cloud will finalise processing and transferring of information and data as required up to the Termination for Convenience Date;  

(c) The Merchant will pay to RMS Cloud any outstanding Fees (and Taxes) for RMS Pay Services provided up to the Termination for Convenience Date; 

(d) The Merchant will pay the remaining Fees (excluding Terminal rental Fees and Minimum Rental Term shortfall obligations, which are governed by clauses 3.6, 6.4(e), and 6.5(g)) (in accordance with the Sales Order or any other document forming part of this Agreement) pro-rata until the Termination for Convenience Date.  

(e)  If the Merchant wishes to terminate this Agreement for convenience during the Minimum Rental Term, the Merchant remains liable for the full rental Fees for the Terminals for the Minimum Rental Term as specified in the Sales Order. 

(a) If the Merchant  has not paid a correctly rendered invoice in respect of a Fee within five (5) calendar days after the due date for payment, and has not by that time notified RMS Cloud that it disputes that invoice by setting out in writing the reasons why the Merchant  considers that the invoice is not correctly rendered and identifying any amounts which are in dispute, RMS Cloud may issue a notice to the Merchant  advising that: 

ii. RMS Cloud may terminate the RMS Pay Services if payment or a valid dispute is not received within seven (7) calendar days of the Merchant receiving that notice 

(b) If having received a notice under Clause 6.5(a) the Merchant fails to pay or dispute the invoice within seven (7) calendar days after receipt of that notice. RMS Cloud may terminate the RMS Pay Services. 

(c) RMS Cloud may terminate or suspend the operation of this Agreement by issuing a written notice to the Merchant specifying a proposed termination date  if RMS Cloud reasonably suspects Serious Misconduct by the Merchant.  For the purposes of this clause, “Serious Misconduct” includes, but is not limited to: 

i. Fraudulent or illegal activity; 
ii. Intentional misrepresentation; 
iii. Misuse of RMS System or RMS Pay Services; 
iv. Interference with RMS Cloud’s operations; 
v. Non-compliance with Licensed financial Services Partner terms and conditions; 
vii. violations of applicable laws or regulations (including but not limited to data protection, PCI DSS, or anti-money laundering obligations); or
viii. conduct that, in RMS Cloud’s reasonable opinion, exposes RMS or its Licensed Financial Services Provider to material financial, legal, operational, or reputational risk. 

RMS Cloud shall provide the Merchant with reasonable details of the suspected Serious Misconduct and the Merchant shall have five (5) calendar Days to respond and, if applicable, remedy the conduct to RMS Cloud’s reasonable satisfaction.    If the Merchant fails to adequately remedy the misconduct within that timeframe, RMS may terminate this Agreement forthwith. 

(d) The notice provisions of Clause 6.5(c) shall not apply if the basis for termination or suspension relates to a credit risk or any notice issued by a government or semi government agency relating to operational or credit risk of the Merchant as set out in clause 6.5(e).   

(e) RMS Cloud may terminate or suspend the operation of this Agreement by issuing a written notice to the Merchant specifying a termination date if RMS Cloud determines, in its reasonable opinion, that the Merchant’s risk profile has become unacceptable. This may include, but is not limited to, increased fraud, excessive chargebacks, or activities posing significant financial, legal, or reputational risk to RMS or its Licensed Financial Services Provider or the issuing of a negative or adverse notice by a government authority to the Merchant. 

(f) On termination, the Merchant must pay the remaining Fees (excluding Terminal rental Fees and Minimum Rental Term shortfall obligations, which are governed by clauses 3.6, 6.4(e), and 6.5(g)) (in accordance with the Sales Order) pro-rata until termination date. 

(g) Upon termination, the Merchant must return the Terminals to RMS in Terminal Return Condition within 30 calendar days of the termination date. The Merchant is responsible for the cost of returning the Terminals. Failure to return the Terminals in Terminal Return Condition may result in additional charges as specified in the Sales Order. If termination occurs during the Minimum Rental Term, the Merchant remains liable for the full rental Fees for the Terminals for the Minimum Rental Term as specified in the Sales Order. For clarity, rental Fees continue to accrue until the earlier of (i) return of the Terminals, or (ii) payment of the replacement cost. 

(h) RMS Cloud may suspend the provision of all or part of the RMS Pay Services by written notice to the Merchant if a third-party claim, regulatory investigation, or legal proceeding is commenced against the Merchant in connection with its use of the RMS Pay Services, and RMS Cloud reasonably determines that continuing to provide the services may expose RMS Cloud or its Licensed Financial Services Provider to material legal, financial, or reputational risk. 

Such suspension may continue until the relevant claim, investigation, or proceeding is resolved or sufficiently mitigated to RMS Cloud’s reasonable satisfaction. 

for the avoidance of doubt, termination of this Agreement for any reason; 

(a) does not affect or limit the Merchant ’s liability for Terminal rental Fees, Minimum Rental Term shortfall, and any replacement/refurbishment charges as specified in the Sales Order; and

(b) does not limit or reduce in any way the Merchant’s liability or ongoing obligation to indemnify RMS Cloud for any chargebacks, refunds or other liabilities  whether before or after the termination date. 

(c) RMS Cloud may, at its sole discretion, deduct and set off any amounts due and payable by the Merchant to RMS Cloud under this Agreement, including but not limited to outstanding Fees, Early Termination Fees as set out in the Sales Order, chargebacks, refunds (including anticipated chargebacks and refunds), or any other liabilities, from amounts due to be settled by the Licensed Financial Services Partner to the Merchant’s bank account on or before the Termination Date. 

Any amounts withheld by RMS Cloud to cover anticipated chargebacks, refunds, or other liabilities shall be released to the Merchant via an instruction from RMS Cloud to the Licensed Financial Services Provider, to the extent that they exceed actual claims made by End Users within the 60-day period following the Termination Date. 

6.7  Preservation of rights 

Termination of this Agreement for any reason does not extinguish or otherwise affect any rights or remedies of either party accrued prior to termination, or any provisions of this Agreement that by their nature survive termination. 

(a) Dispute resolution process 

i. If a dispute arises under this Agreement (Dispute), either party may at any time give written notice to the other, requesting that a meeting take place to seek to resolve the Dispute. 

ii. Nominated representatives of the parties must meet within ten (10) business days of the notice and endeavour to resolve the dispute in good faith. If such meeting does not take place after ten (10) business days following notice of the dispute, or if the dispute is not resolved by representatives of the parties within same time, then either party may refer the dispute to mediation in accordance with clause 7(b) (Mediation) below. 

iii. The parties must take the steps set out in this clause 7 (Dispute Resolution) to resolve any Dispute, before either party may commence court proceedings with respect to that Dispute, other than an interlocutory application. 

(b) Mediation 

i. If the dispute is referred to mediation, then the mediation will be administered by an agreed upon mediator. If the parties cannot agree on a mediator within ten (10) business days (following referral to mediation), then RMS Cloud may (acting reasonably and in good faith) appoint a mediator from a recognised mediation service. The mediation shall take place at an agreed location, or if no agreement can be reached, at a location determined by the mediator.  

ii. Each party must bear its own costs in connection with the mediation and must share the fees and expenses of the mediator and mediation process equally, including any fees and expenses associated with the appointment of the mediator. The mediation process shall be confidential, and any information disclosed during mediation shall not be admissible in any subsequent proceedings, except as required by law. 

iii. If mediation fails, then either party may commence legal proceedings against the other. 

(c) Continued performance 

i. Unless prevented by the nature of the dispute, the parties must continue to perform their obligations under this Agreement while trying to resolve the dispute. 

ii. Each party must use its best endeavours to ensure that where a dispute is reasonably foreseeable, it is dealt with at a sufficiently early stage to ensure that there is a minimum effect on the ability of either party to perform its obligations under this Agreement. 

iii. This clause 7 does not restrict or limit the right of either party to terminate this Agreement where this Agreement provides such right. 

8. Indemnities 

(a) RMS Cloud will indemnify the Merchant  against any amount Merchant  is finally ordered to pay to a third-party by a Court of competent jurisdiction (or settlement agreed by RMS Cloud) which arises from a claim alleging that the Merchant  (or its Authorised Users’) use of the RMS System or the RMS Pay Services in accordance with this Agreement infringes the Intellectual Property Rights of that third party (an Infringement Claim).    

(b) The Merchant shall indemnify RMS Cloud against any amounts RMS Cloud is required to pay to a third-party, whether pursuant to a final court order from a court of competent jurisdiction, a settlement agreed to by the Merchant, or any liability arising from: 

i. a claim asserting that the Merchant’s system (excluding the RMS System) through its use of the RMS Pay Services, the RMS System, or both, to acquire transactions as permitted under this Agreement, causes the RMS Pay Services or the RMS System, through the Merchant’s integration, to infringe the Intellectual Property Rights or other legal rights of that third party; or

ii. a chargeback, refund, or disputed transaction resulting from an End User-initiated transaction at the Merchant that was processed and acquired through the RMS Pay Services or 

iv. any loss, damage, destruction, or failure to return any Terminal in breach of the Terminal Return Condition, including the cost of repair, refurbishment or replacement of the Terminal, in accordance with the applicable fees or replacement values specified in the Sales Order for failure to meet the Terminal Return Condition. 

(c) If a party (the indemnified party) wishes to enforce an indemnity under this clause 8 (Indemnities) in relation to any third-party claim, it will:  

i. give notice to the other party (the indemnifying party) as soon as practicable, and provide all reasonable information and assistance requested by the indemnifying party, at the indemnifying party’s reasonable expense;  

ii. make no admissions in respect of the claim; 

iii. permit the indemnifying party, at the indemnifying party’s expense, to have sole control of the defence and all settlement negotiations and litigation, provided that the indemnifying party: 

1. keeps the indemnified party informed of, and consults the indemnified party in connection with, the progress of the claim; and
2. will not consent to any admission of any liability of the indemnified party without the prior written approval of the indemnified party. 

(d) In the event an Infringement Claim is brought, or in RMS Cloud’s reasonable opinion is likely to be brought: 

i. against the RMS Pay Services or RMS System, RMS Cloud may, at its option: (i) procure the right for the Merchant’s continued use of the RMS Pay Services or RMS System; (ii) replace or modify the RMS Pay Services or RMS System within a reasonable period of time with a non-infringing alternative having substantially equivalent performance; or (iii) if neither is reasonably practicable, require the Merchant to cease use of the infringing component of the RMS Pay Services or RMS System, in which case the Merchant and RMS Cloud will negotiate a reasonable reduction in Fees to reflect its removal, if feasible; or

ii. against the Merchant’s system (excluding the RMS System) through its use of the RMS Pay Services or RMS System, the Merchant must, at its own expense, promptly: (i) procure the right to continue using its system in a non-infringing manner; (ii) modify or replace its system with a non-infringing alternative that maintains compatibility with the RMS Pay Services and RMS System; or (iii) if neither is reasonably practicable, cease use of the infringing component of its system, with any resulting indemnification obligations governed by Clause 8(b)(i).  

(e). The indemnification obligations set forth in this clause 8 (Indemnities) are the Merchant ’s exclusive remedy and RMS Cloud sole liability with respect to RMS Cloud’s infringement or misappropriation of any third-party Intellectual Property Rights of any kind. 

9. Liability 

(a) Notwithstanding any other provision of this Agreement, or any other Agreement governing the use of the RMS System  and except in the case of any breach of Intellectual Property Rights of a third-party party or Merchant ’s obligation to pay the Fees, and to the maximum extent permitted by law, the following limitations apply to the this Agreement (for the RMS Pay Services) for the duration of this Agreement and thereafter for any claim (whether in contract (including under an indemnity), tort (including negligence), under statute or otherwise): 

i. neither party (including any group member of RMS Cloud or their subcontractors) will be liable under this Agreement for any indirect, special, consequential, incidental, or punitive damages of any nature, including loss of profit or revenue, loss of reputation, loss of opportunity or business, loss of anticipated savings and or any loss of data, regardless of whether a party knew or should have known of the potential for such damages; and 

ii. each party’s (including any group member of RMS Cloud and any of its associated or related corporations or their subcontractors) maximum liability for any single event or series of related events giving rise to a claim under this Agreement will be limited to the greater of (i) the total amount of fees paid to RMS Cloud  (excluding that portion of the fees that represent all pass-through fees levied by third-party payment schemes) during the  three (3) months immediately preceding the date of the event or series of related events giving rise to the liability; or One thousand U.S. dollars (US$1,000) per Merchant entity affected by the event or series of events. 

iii. For clarity, the limitations in this Clause 9 do not apply to Terminal rental Fees, Minimum Rental Term shortfall, or any replacement/refurbishment charges payable under Clauses 3.6(h), 6.4(e), and 6.5(g). 

(b) Each party’s liability for loss or damage sustained by the other will be reduced proportionately to the extent that such loss or damage has been:  

i. caused by the other party's failure to comply with this Agreement; and/or  

ii. contributed to by the other party (including any failure by the party seeking damages, or claiming under any indemnity, to take all reasonable steps to mitigate any relevant loss or damage), regardless of whether the claim is for breach of contract or otherwise. 

Except for payment obligations, including but not limited to the Merchant’s obligations to pay Fees, chargebacks, refunds, reversals, or any other liabilities arising from the use of RMS Pay Services neither party will be liable to the other for delay or failure to perform its obligations under this Agreement if such delay or failure is caused by a Force Majeure Event.   

11. Notices 

All notices given by a party will be delivered to the other party either personally, via certified mail, email or overnight courier. Notices will be deemed effective, if delivered personally, when delivered; if delivered by email, when emailed to the address of the recipient as set out in Information Table (or to such address as subsequently amended by written notice to that recipient); and if delivered via certified mail or overnight courier, on confirmation of delivery 

12.1 Intellectual Property 

(a) RMS Cloud warrants that it owns or is authorised to use all applicable rights, title and interest in and to all Intellectual Property Rights embodied in or associated with the RMS Pay Services (“Materials”). 

(b) for the duration of this Agreement, RMS Cloud grants the Merchant a personal, revocable, non-transferable, royalty-free licence to use the Materials for the purposes of the Merchant receiving the RMS Pay Services.  

(d) The Merchant agrees and acknowledges that nothing in this Agreement shall operate to assign or transfer any Intellectual Property Rights from RMS Cloud to the Merchant relating to the RMS Pay Services or the Terminals. 

(e) RMS Cloud agrees and acknowledges that the Merchant owns the Merchant Data and all Intellectual Property Rights in the Merchant Data. 

12.2 Acknowledgments 

The Merchant acknowledges that: 

(e). complex software is never wholly free from defects, errors and bugs and RMS Cloud gives no warranty or representation that the RMS Pay Service will be wholly free from defects, errors and bugs.  

(f). RMS Cloud may (at its discretion) modify and update the RMS Pay Service and the RMS System (including the functionality, data formats and other matters relating to the RMS Pay Service, and the support service parameters) from time to time, so long as any such modifications do not substantially reduce the functionality or performance of the RMS Pay Service or the Merchant ’s ability to continue to use the RMS Pay Service in the manner contemplated by this Agreement;  

(g). RMS Cloud may develop new functionality of or extensions to the RMS Pay Service, to which RMS Cloud may elect to make available to its customer base (including the Merchant) subject to payment of additional fees to acquire that new functionality /extension.   

12.3  Confidentiality 

The parties to this agreement must keep the terms of this agreement confidential and must ensure that their officers and employees keep the terms of this agreement confidential, save for any necessary disclosure to their respective legal and financial advisers and any disclosure required for a purpose related to this agreement or the performance of the rights or obligations of any party to it, or by law. 

12.4 Privacy 

If RMS Cloud accesses Personal Information through RMS Pay Services under this Agreement, RMS Cloud must: 

(a). comply with applicable Privacy Laws related to payment processing; 
(b). follow reasonable directions from the Merchant or a data protection authority regarding Personal Information processed via RMS Pay Services; 
(c). notify the Merchant promptly of any breach of this Clause 12.4, Privacy Laws, a Data Breach, or a related complaint involving payment processing data, and assist the Merchant or authority in addressing it. 

13.5  General Compliance  

PCI DSS Compliance 

(a) RMS Cloud maintains PCI DSS certification for its systems and software underlying the RMS Pay Services including the RMS System, through annual assessment by a Qualified Security Assessor (QSA) or self-assessment , as appropriate to its scope of services.  This certification does not extend to the Merchant’s systems, infrastructure or processes. A current copy of RMS Cloud’s PCI DSS certification is available to the Merchant via the RMS website at www.rmscloud.com/terms-and-conditions or upon request to compliance@rmscloud.com. 

(b) The RMS System and the RMS Pay Services are designed and implemented to operate with encrypted tokens to initiate End User transactions with Payment Schemes and do not receive, view, store, or have access to any unencrypted End User Data (e.g., cardholder data) that would enable unauthorized transactions.  

(c) The Merchant acknowledges that while the RMS System and RMS Pay Services are PCI DSS certified, this does not render the Merchant PCI DSS compliant. The Merchant is solely responsible for ensuring that its own systems, processes, and handling of cardholder data - including any third-party integrations or use of the RMS API - comply with all applicable PCI DSS requirements and other applicable Payment Scheme Rules. This includes maintaining secure infrastructure, conducting required assessments (e.g., Self-Assessment Questionnaires or QSA audits) and implementing appropriate security controls. 

(d) The Merchant agrees to indemnify and hold RMS Cloud harmless from any claims, fines, damages (subject to the limitations in Clause 9(a)(i)), losses or costs arising from the Merchant’s failure to comply with PCI DSS obligations.  In accordance with Clause8, RMS Cloud agrees to indemnify the Merchant from any claims, fines, damages (subject to Clause 9(a)(i)), losses, or costs arising directly from RMS Cloud’s failure to maintain PCI DSS certification as required under Clause 13.5(a), provided the Merchant is otherwise compliant with this Agreement. 

AML  

The Merchant acknowledges that as part of the onboarding process with the Licensed Financial Services Provider, the Merchant must comply with the Licensed Financial Services Provider’s Anti Money Laundering processes and procedures.  The Licensed Financial Services Provider will ensure compliance with any relevant anti money laundering laws. 

RMS API 

 Any Merchant using an Application Programming Interface made available by RMS Cloud (“RMS API”) to manage its own ecommerce site and acquire End User transactions for settlement through RMS Pay Services is solely responsible for ensuring its site remains fully compliant with PCI DSS and all other payment security regulations. The Merchant agrees to indemnify and hold RMS Cloud harmless from any claims, fines, damages (subject to Clause 9(a)(i)), losses or costs suffered, incurred or paid by RMS Cloud arising out of or in connection with: 

This indemnity survives the termination of this Agreement and applies to all liabilities incurred by RMS Cloud, whether arising during the period of this Agreement’s effectiveness or following its termination. 

13.6  Relationship of parties 

The parties agree that the relationship between the parties is one of independent contractor.  Nothing in this Agreement will be interpreted as creating the relationship of employer and employee, master and servant or principal and agent or a partnership between the parties. 

13.7 Entire Agreement 

This agreement together with any Licensed Financial RMS Pay Services Provider terms and conditions constitute the entire agreement between the parties in respect of its subject matter and supersedes all prior agreements representations negotiations and correspondence. 

13.8 Legal Costs 

Each party will bear their own legal costs and expenses in connection with the preparation, negotiation, execution and completion of this agreement. 

13.9 Severability 

If any provision of this agreement is held to be invalid or unenforceable in any way, the remaining provisions will not be affected, and this agreement will be interpreted so as to most nearly give effect to the intentions of the parties as it was originally signed. 

13.10 No waiver 

It is not a waiver of a breach of this agreement or of a party's rights under this agreement if that party: 

(a) does not exercise or partly exercises or delays exercising a right; 

(b) gives a concession to the other party or accepts a late payment; or 

(c) attempts to mitigate its loss. 

13.11 Modification 

Except as otherwise provide in this Agreement for unilateral changes by RMS Cloud, the provisions of this agreement may only be changed by written agreement between the parties. 

13.12  Governing law 

This Agreement will be governed by the laws of the jurisdiction in which the registered business office of RMS is located.  The parties agree to submit to the exclusive jurisdiction of the courts in that jurisdiction and any courts having jurisdiction to hear appeals from those courts and waives any right to object to any proceedings being brought in those courts. 

13.13 Counterparts 

This agreement may be entered into by the exchange of executed counterparts, which together comprise a fully executed agreement. 

Schedule 1 

Data Processing Agreement (DPA) 

This Data Processing Agreement ("DPA") is entered into between: 

Merchant (hereinafter "Controller"); and 

RMS (hereinafter "Processor")  

collectively referred to as the "Parties," with an effective date of the acceptance of the Sales Order or other document that form part of this Agreement.  

This DPA forms an integral part of the RMS Pay Services Agreement, which is the Agreement defined in Clause 1.1 of the RMS Pay Services Terms and Conditions. In case of inconsistency between this DPA and the RMS Pay Services Terms and Conditions, the provisions of this DPA shall prevail. 

1. Recitals

In order to comply with various data protection laws worldwide, the Processor must enter into this DPA with the Controller to govern the Processing of Personal Data on behalf of the Controller. 

The Parties wish to define their data processing relationship accordingly.  

1.1 Definitions and Interpretations 

Unless otherwise defined in this DPA, the following terms shall have the meanings assigned to them under applicable data protection laws, including but not limited to the EU General Data Protection Regulation (EU GDPR), UK GDPR, Australian Privacy Act 1988 (Cth), Singapore Personal Data Protection Act (PDPA), and relevant U.S. laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):  

• “Applicable Data Protection Laws” means all laws and regulations applicable to the Processing of Personal Data under this DPA, as listed in the opening paragraph of this Clause 1.1, including any other applicable data protection laws. 

• "Controller" (or "Organisation", "APP Entity") means the entity that determines the purposes and means of the processing of Personal Data. 

• "Processor" (or "Data Intermediary") means the entity that processes Personal Data on behalf of the Controller. 

• "Data Subject" (or "individual") means the natural person to whom the Personal Data relates. 

• "Personal Data" (or "Personal Information") means any information relating to an identified or identifiable natural person. 

• "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, storage, alteration, retrieval, use, disclosure, or erasure. 

• "Supervisory Authority" (or "Commission", "Commissioner", "Privacy Commissioner") refers to the relevant data protection authority under applicable law. 

• "Services" means the RMS Pay Services provided by RMS entailing the processing of Personal Data in accordance with the Controller’s instructions. 

• "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data. 

• "Sub-Processor" means any third party engaged by the Processor to process Personal Data on its behalf. 

• "Restricted Transfer" means any transfer of Personal Data to a country or territory outside the jurisdiction of the Controller that is not recognized as providing an adequate level of protection without appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions. 

• “Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of Personal Data to third countries approved by the European Commission or other competent authority, as updated or replaced from time to time, or equivalent mechanisms under other applicable data protection laws. 

2. Roles and Applicable Terms

Merchant as Data Controller: Determines the purposes and means of processing Personal Data, including data related to its customers or clients processed via RMS Pay Services. 

RMS as Data Processor: Processes Personal Data on behalf of Controller, following Controller’s documented instructions, as outlined in this DPA and Annex 1. 

Annexes Forming an Integral Part of this DPA 
The following annexes are incorporated into and form an integral part of this Data Processing Agreement (DPA), as if fully set forth herein: 

• Annex 1: Controller to Processor Terms 

• Annex 2: Specific Local Requirements 

• Annex 3: Description of Processing 

Annex 1: Controller to Processor Terms 

1. Scope of Processing and General Obligations

• Obligations: Controller decides which Personal Data categories are shared with Processor and ensures such sharing complies with Data Protection Laws. 

• Processor shall Process Personal Data only per Controller’s documented instructions and to provide the Services, unless required otherwise by applicable law (Annex 3 describes processing activities). 

• Both Parties shall comply with applicable Data Protection Laws. 

Instructions: The RMS Pay services Terms and Conditions herein and this DPA constitute Controller’s instructions. Controller ensures these instructions are lawful; Processor must notify Controller if it believes an instruction violates Data Protection Laws, though Controller remains liable for its instructions. 

Controller indemnifies Processor against claims arising from unlawful instructions. 

Third Parties: Processor is not responsible for Personal Data processing by third parties (e.g., Payment Schemes and networks, payment gateway providers, payment processors including banks and other financial institutions) when directed by Controller. 

2. Data Subject Requests

Processor has no direct relationship with Data Subjects or individuals and will direct them to Controller. If Processor receives requests, complaints, or legal demands regarding Personal Data, it will notify Controller promptly (unless prohibited by law) and only respond if authorized by Controller or required by law. 

3. Data Location

Processor may store Personal Data in an applicable jurisdiction, provided that appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions, or other mechanisms required by Applicable Data Protection Laws. Data may be accessed by Processor’s employees or Sub-Processors globally, subject to these safeguards. 

4. Security Obligations

Processor shall implement technical and organizational measures to ensure Personal Data security, aligning with Data Protection Laws and industry standards. These include: 

• Preventing unauthorized access to systems. 

• Ensuring authorized access is limited to need-to-know. 

• Protecting data during transmission and storage. 

• Logging access and changes. 

Processor will conduct annual audits (e.g., SOC 2 Type II equivalent) and provide updated certificates to Controller upon request. 

5. Personal Data Breach

Processor will notify Controller within 72 hours of any Personal Data Breach, detailing: 

• Nature and scope of the breach. 

• Contact point for further information. 

• Likely consequences and mitigation measures. 

Processor will assist Controller in addressing the breach to meet legal obligations. 

6. Sub-Processors

Controller authorizes Processor to engage Sub-Processors (list available at https://www.rmscloud.com/terms-and-conditions#subprocessors. Processor will: 

• Ensure Sub-Processors comply with data protection obligations materially equivalent to those in this agreement. 

• Update the list at https://www.rmscloud.com/terms-and-conditions#subprocessors promptly upon appointing or replacing Sub-Processors of comparable capability or standing, and review any reasonable objections raised by Controller in good faith. 

• Remain fully responsible for the performance and compliance of its Sub-Processors. 

7. Assistance

Processor will assist Controller with: 

• Compliance with Data Protection Laws. 

• Data Subject requests (e.g., access, deletion). 

• Data protection impact assessments, where feasible given the nature of processing. 

8. Indemnification

Processor will indemnify Controller against losses arising from breaches of this Data Processing Agreement (DPA) not attributable to Controller. This indemnity is subject to the limitations of liability set out in Clause 9 of the RMS Pay Services Terms and Conditions. Processor’s liability under this clause covers third-party claims and damages in connection with the Processing of Personal Data in accordance with this DPA. 

9. Term and Termination

This Data Processing Agreement (DPA) shall take effect from the Effective Date of this Agreement and continues until the cessation of the Processor services, at which point this DPA will automatically terminate concurrently. Clauses intended by their nature to survive termination will remain in full force and effect. 

Upon termination or expiration of this DPA, Processor shall, at Controller’s request, return or delete any Personal Data and provide written confirmation of such return or deletion. However, Processor is not obligated to delete Personal Data that has been provided to or is otherwise retained by the Licensed Financial Services Partner, where retention is required by applicable law or by Scheme Owners for payment transactions using their Payment Methods. In such cases, Processor will assist the Controller in identifying and communicating with the Licensed Financial Services Partner and will ensure that such Personal Data is only used and retained by the Licensed Financial Services Partner for lawful compliance purposes. Where deletion by the Processor is technically infeasible or unreasonably burdensome, pseudonymization is not permitted or supported by the Licensed Financial Services Partner, the Processor will inform the Controller and work with the Licensed Financial Services Partner to determine alternative legally compliant measures to protect the Personal Data from further processing, except for compliance purposes. 

Annex 2: Specific Local Requirements 

If applicable privacy laws  apply including but not limited to: 

• the California Consumer Privacy Act (CCPA), 

• the California Privacy Rights Act (CPRA), 

• the European Union General Data Protection Regulation (EU GDPR), 

• the United Kingdom General Data Protection Regulation (UK GDPR), 

• the Singapore Personal Data Protection Act 2020 (PDPA), and 

• the Australian Privacy Act 1988 (Cth): 

then the following terms shall apply: 

• Processor will process Personal Data solely to provide the Services specified by Controller and will not 'sell' or 'share' such data as defined under applicable privacy laws worldwide. 

• Processor will assist Controller with Data Subject requests (e.g., deletion requests) and, upon Controller’s request, return or delete Personal Data, to the extent it remains within the Processor’s systems. Where Personal Data has been provided to or is retained by the Licensed Financial Services Partner, Processor will assist the Controller in liaising with the Licensed Financial Services Partner to address such requests, subject to the Partner’s legal obligations and data retention requirements.. 

Annex 3: Description of Processing 

The Processor acts on behalf of the Controller in accordance with the RMS Pay services Terms and Conditions, to process Personal Data, following Controller’s instructions, for the following purposes: 
  

• Delivering the services under the RMS Pay Services Terms and Conditions, including: 

• Processing payment transactions and related support services; 

• Conducting fraud detection; 

• Defending charge-backs; 

• Providing access and reporting on payment transactions. 

To initiate a payment, Processor may transmit payment details with the Licensed Financial Services Partner (LSP) who will have access to information containing Personal Data, depending on the payment methods selected by Controller and the services procured. Once transmitted, the LSP assumes responsibility for the processing and retention of such Personal Data under its own legal and regulatory obligations. 

The Processor does not have full control over Personal Data processed or retained by the LSP and relies on the LSP’s policies, legal obligations, and system capabilities when responding to Data Subject requests or Controller instructions concerning such data. The Processor will assist the Controller in liaising with the LSP, but cannot guarantee the LSP’s actions or compliance where the LSP operates independently. 

These details may include but are not limited to: 
• Categories of Data: Name, billing address, email address, IP address, and payment-specific information. 

• Payment Requests: Payment requests could include the following:

• Credit/Debit Cards: Cardholder name, card number, CVC, expiry month, expiry year, issue number (if applicable). 

• Bank Transfers: Bank account number, BSB, BIC, bank name, bank location ID, country code. 

• Fraud Detection: Shopper name, device fingerprint, persistent cookie, shopper email, IP address, shopper reference, telephone, billing/delivery address, and additional data provided by Controller (e.g., basket information, browser language, delivery method, shopper country). 

Personal Data may be retained by the LSP in accordance with their legal obligations (e.g., anti-money laundering or financial regulations). Processor will assist Controller in liaising with the LSP regarding any requests to delete, restrict, or access Personal Data, but cannot guarantee enforcement where the LSP has its own legal retention obligations. 

In response to the growing threat of improper use of credit cards the payment card industry formed the PCI Security Standards Council. The council has developed a set of standards (PCI DSS) for anyone who stores, processes or transmits credit card data. The primary goal of the council and the purpose of the DSS is to protect card holder’s data.

There are two elements of PCI that may relate to RMS customers where they accept credit cards as a form of payment.

The Payment Card Industry Data Security Standard (PCI DSS)

This standard stipulates the conditions under which credit card data can be processed, stored and transmitted in a way that complies with the agreement between the card issuers, the bank, and the merchant.

The PCI DSS details all aspects of business practice including, policies, security, devices such as credit card processing terminals and the environment in which they operate. Quite apart from any business information software, such as RMS, the merchant is obliged to comply with the standard. An example of not complying with the standard might include the practice of recording credit card details in a book that is left in an opened draw.

The Payment Application Data Security Standard (PA DSS)

This is a standard for a software or hardware payment application that stores, processes or transmits credit card data. A property management system such as RMS is deemed to be a payment application if it stores processes or transmits credit card data.

Instances of RMS that store credit card details are not PA DSS compliant. However, RMS can be configured and supplied in such a way that it is impossible to store credit cards in any part of the system. Neither can it process or transmit card data. Furthermore, such examples of RMS cannot be re configured by the user to allow for the storage of credit cards post installation.

By definition of the PA DSS, any application that does not store, process or transmit credit card data is out of the scope of PA DSS and is not required to comply. Customers who are seeking to establish a business environment that complies with the PCI DSS should consider using a version of RMS which has had the ability to store, process and transmit credit cards disabled. Using the nonpayment application version of RMS forms a significant part of operating a PCI DSS compliant business environment.

PCI Compliance otherwise referred to as Payment Card Industry Data Security Standard (PCI DSS) is a propriety information security standard for organisations working with major branded credit cards such as Visa, MasterCard, American Express and JCB.

The PCI Compliance Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

The PCI Compliance Standard was created to increase controls around cardholder data and reduce credit card fraud. Validation of compliance is performed annually by either external Qualified Security Assessors (QSA) or by an internal department focused on Internal Security Assessment (ISA) that creates a Report on Compliance (ROC) for organisations handling large volumes of transactions.

Alternatively, a Self-Assessment Questionnaire (SAQ) can be completed by companies handling smaller volumes.

View our PCI DSS Compliance Certificates at the RMS Trust Centre.

Payment Gateways

Payment Gateways are an e-commerce application provided by merchant services to authorize and process credit card payments in a PCI compliant manner.

Setting up RMS to connect with a Payment Gateway merchant account provides the ability to securely process payments or refunds directly from any account in RMS.

Obtaining a Gateway Account

Prior to being able to process payments via a Payment Gateway in RMS, you will require an account with your chosen provider.

To begin this process, first, contact your bank to enhance your merchant facility to be e-commerce enabled.

Once your merchant facility has been enhanced for e-commerce, contact your chosen provider to sign up for an account.

Payment Gateways are an e-commerce application provided by merchant services to authorize and process credit card payments taken online in a PCI DSS compliant manner.

Setting up RMS to connect with a Payment Gateway merchant account provides the ability to securely process online payments or refunds directly from any account in RMS.

The following Payment Gateways are currently available for interface in RMS:

• BrainTree
• BridgePay
• CommWeb
• GK Solutions
• Elavon  
• NGenius  
• Opayo
• OpenEdge
• Red Dot
• Stripe
• Till Payments
• Wallee (in development)
• Windcave

The availability of a specific Payment Gateway Provider is determined by your country of operation.

• RMS Payment Gateway – default option

Click Here to access our Knowledge Base article on PCI Compliance, Payment Gateways, and our FAQs

Obtaining a Gateway Account

Prior to being able to process online payments via a Payment Gateway in RMS, you will require an account with your chosen provider from the list above.

To begin this process, please contact one of the listed Payment Gateway Providers direct.

Once your merchant facility with one of the listed Payment Gateway Providers is active these details need to be entered into RMS.

Alternatively, you may select the default option available within RMS and after providing any additional information requested, you will automatically have a payment gateway account opened for you and registered within RMS.  You may then take online payments immediately which shall deposit to your nominated bank account.

It is usual business practise that under the appropriate conditions customers provide credit card data with the understanding that those details may be reused to:

• Secure a service for a later date
• Process a subsequent payment or refund
• Some other agreed reason

Through collaborations with a number of online payment gateway providers around the world RMS can provide access to a guests card data while remaining out of scope of PCI compliance requirements. This process is called tokenisation.

How it works

Credit card details are collected in three main ways:

• When a guest enters the details into the payment section of the online booking system
• When an operator collects them during a telephone call, or,
• When the guest presents a credit card at the reception desk

Tokens

A token is simply a string of data that acts like a receipt of the credit card data. It is completely innocuous and can only be used by you via the gateway. With the token you can process subsequent payments and receipts directly in the RMS account receipt screens.

Online Booking Deposits

If you opt to collect a deposit at the time the booking is made the guest will be prompted to enter their credit card details. The form in which they enter the details is hosted by the payment gateway. The guest doesn’t leave the booking site, the details do not enter RMS and only the gateway sees them. The gateway then authorises that the card is valid and if successful processes the payment.

Once the payment is processed the gateway drops a token into RMS against the guest.

Mail Order, Telephone Order Payments (MOTO)

Credit card details can be collected over the phone for the purpose of collecting a deposit or simply to secure a reservation by first creating a token. A token can be created against a guest in a reservation by using the “Create Token” feature. When this feature is activated a form which is hosted by the payment gateway appears into which the details can be entered. The details are not entered into RMS. The gateway authorises the validity of the card and if successful creates a token against the guest.

Card Present Transactions (In Store)

A token can be created against a guest similar to the process for MOTO with the added benefit of using a magnetic card reader to simplify and expedite the process. Only card reading devices that do not compromise your PCI compliant status should be used for this purpose.

For more information Click Here to access our Knowledge Base articles.

When establishing PCI compliant process and practices from a technology perspective, commercial accommodation providers need to consider both, the systems they use and the environment in which they operate.

As a system provider, RMS has the choice or providing software that complies with the Payment Application Data Security Standard (PA DSS) or staying out of the scope of PCI requirements altogether. RMS has determined that as a long term solution, the latter option provides a safer, less expensive and more robust solution. The tokenization method employed by RMS means that credit card details are never stored, transmitted or processed in RMS rendering the property owner completely out of scope of PCI.

Whilst it is relatively simple to achieve the requirements of the DSS as they apply to payment applications, it would completely ignore the environment in which it operates. Property owners who self-host RMS would find the task of maintaining a network that fully complied with the DSS almost impossible. The responsibility of data security ultimately falls on the merchant. Vulnerabilities exist even in the most secure environments where staff members have access to the network, or the server is not under constant vigilance. A breach of your security may provide open access to cardholder data despite having a PCI compliant payment application installed.

Over time the low cost per transaction incurred by using a payment gateway is far less than the ongoing cost of securing a local environment. This is not to mention the peace of mind that comes from removing the onus of card security.

RMS cloud hosted customers enjoy extremely robust data security. Nonetheless, the decision was made that responsibility for cardholder security is best managed by the industry-specific services supplied by payment gateway providers.

It is undeniable that the safest and most efficient method of providing cardholder security and complying with your merchant obligations is by use of the tokenization method.

Can I still charge against the guest credit card for unpaid incidentals or unreported damage to the room?

Yes. When you enter credit card details in RMS the details are passed to and stored with the internet payment gateway provider. RMS will retain a "token" which relates to that credit card. Each time you wish to make a payment against that credit card account all you do is process the payment in RMS as usual. RMS will send the token to the payment gateway along with the details of the sale to facilitate the payment.

Do the transaction fees apply for all credit card payments?

You need only pay the transaction fees for transactions processed via RMS. If you don't need to store the credit card details you can simply process the transaction as normal via your credit card terminal.

Can I use my existing merchant facility?

You will require an “e-commerce” merchant facility to use the tokenization process and the services of the payment gateway provider. Conditions can vary in different geographical regions. The merchant services department of your bank can assist with this matter.

Can I perform a refund or a pre-authorisation using the PCI compliant solution?

You can refund money to a credit card stored by the payment gateway provider directly from RMS.

General Terms of Use

The Guest Portal that you are accessing allows you to manage your relationship with the property you have made or wish to make accommodation bookings.

The range of services that are available to you at an individual property Guest Portal are set by the property themselves, not by RMS. These services can include:

• Track and manage your bookings,
• Check in and check out services,
• Make secure payments,
• Communicate directly with the property through Guest Portal Messaging,
• Make new bookings at the property,
• Update and manage your profile and preferences.

Use of the RMS Guest Portal is subject to the Terms of Service set out below and the terms posted by the property available to you on the property portal. Users are required to familiarize themselves with these Terms of Service before using the Guest Portal.

Access

Access to the portal is via the booking reference provided to you by the property or via the email address you have registered with your guest profile relating to that booking at the property.

Depending on the services enabled by the property, a password may also be required, or you may be required to login in using authentication by a secure third-party website.

Rules

By using the Guest Portal you acknowledge the following:

1. You take responsibility for all transactions (new bookings, changes to existing bookings, payments etc) made under your username.
2. You take responsibility for all communication messages under your username.
3. You shall not post or transmit any data, text, or message, that is defamatory, abusive, vulgar, obscene or harassing, insulting, threatening, bigoted, hateful or racially offensive, or that could be deemed to be stalking, and that RMS shall be entitled to remove and communication messages of this nature.
4. That RMS or the property may suspend or terminate your access to all or any part of the Guest Portal if in either RMS or the property’s sole discretion you have been deemed to be in breach of the applicable terms of service.

General Terms of Use

The Owner Portal that you are accessing allows you to manage your relationship with the property you have made or wish to make accommodation bookings.

The range of services that are available to you at an individual property Owner Portal are set by the property themselves, not by RMS. These services can include:

• Track and manage your bookings,
• Check in and check out services,
• Make secure payments,
• Communicate directly with the property through Owner Portal Messaging,
• Make new bookings at the property,
• Update and manage your profile and preferences.

Use of the RMS Owner Portal is subject to the Terms of Service set out below and the terms posted by the property available to you on the property portal. Users are required to familiarize themselves with these Terms of Service before using the Owner Portal.

Access

Access to the portal is via the booking reference provided to you by the property or via the email address you have registered with your Owner profile relating to that booking at the property.

Depending on the services enabled by the property, a password may also be required, or you may be required to login in using authentication by a secure third-party website.

Rules

By using the Owner Portal you acknowledge the following:

1. You take responsibility for all transactions (new bookings, changes to existing bookings, payments etc) made under your username.

2. You take responsibility for all communication messages under your username.

3. You shall not post or transmit any data, text, or message, that is defamatory, abusive, vulgar, obscene or harassing, insulting, threatening, bigoted, hateful or racially offensive, or that could be deemed to be stalking, and that RMS shall be entitled to remove and communication messages of this nature.

4. That RMS or the property may suspend or terminate your access to all or any part of the Owner Portal if in either RMS or the property’s sole discretion you have been deemed to be in breach of the applicable terms of service.

Read the Modern Slavery Statement for Financial Year 2026.

RMS User Licence holders enjoy the following privileges:

The following is a list of Subprocessors used by RMS as defined by the Standard Contractual Clauses pursuant to European data privacy regulations.

RMS updates this list at least annually:

The General Data Protection Regulation (GDPR) is a regulation in European Union (“EU”) law on data protection and privacy for all individuals within the EU. The GDPR, will replace the Data Protection Act 1998, and aims to simplify the regulatory environment by unifying the regulation within the EU. It imposes new regulations for organisations who engage with individuals’ in the EU, expands individuals’ rights with respect to the processing of their personal data and mandates data security measure appropriate to the risk of personal data. 

GDPR applies to any organisation that does business with citizens of the EU and European Economic Area (“EA”), and provides for two key areas with which organisations need to comply:

Consent: Provides greater rights and controls for individuals in the EU as to how their personal data is used

Accountability: Provides for greater accountability and the need for transparency across all organizations (effectively being able to demonstrate compliance with GDPR).

The primary obligation for compliance and the ability to demonstrate compliance with the six key principles that govern GDPR lies with the “Data Controller” (the organization dealing with the data subject, and in the case of RMS, the properties that use our software) 

Visit gdpr.eu for more information.

Read the RMS Data Processing Agreement

Read the RMS Data Processing Agreement

R.M.S. (AUST) PTY LTD

ABN: 63 003 134 243