Home > Agreement

GENERAL TERMS AND CONDITIONS

USER AGREEMENT ON PRODUCTS AND SERVICES
THIS AGREEMENT IS A LEGALLY BINDING AGREEMENT BETWEEN USER OF SOFTWARE ("USER") AND PROVIDER OF SOFTWARE AND SERVICES PREMIUMEXCHANGER LTD. ("PROVIDER") COLLECTIVELY REFERRED TO AS "PARTIES"
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE SIGNING OR USING THE PRODUCTS AND SERVICES.BY ACCESSING THIS PAGE (add link) OR USING THE PRODUCTS, YOU:• REPRESENT AND WARRANT THAT YOU HAVE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THE USER;• CONFIRM THAT YOU HAVE READ AND AGREED TO THE TERMS OF THIS AGREEMENT;• ACCEPT ALL RIGHTS AND OBLIGATIONS PROVIDED FOR UNDER THIS AGREEMENT.IF YOU DO NOT AGREE TO THE TERMS:• DO NOT USE THE PRODUCTS AND SERVICESIMPORTANT: If a systems integrator, contractor, consultant, or any other party installs or uses the software on your behalf, such party is considered your agent acting on your behalf, and you are deemed to have accepted all provisions of this Agreement.
AGREEMENT STRUCTURE1. Terms and Definitions2. General Provisions of the Provider3. Payments, Terms, and Taxes4. Use of Software Products and Services5. Additional Services6. Rights and Obligations of the Parties7. Management and Supervision of Subcontractors8. Audit Rights and Supervisory Access9. Regulatory Cooperation and Compliance Support10. Service Level Management and Performance Monitoring11. Business Continuity and Operational Resilience Framework12. Change, Risk, and Relationship Management13. User Responsibility for Payment Instruments14. User Responsibility for Cryptocurrency Use15. Intellectual Property Rights16. AML and KYC/KYB Policy17. Confidentiality18. Disclaimer of Warranties19. Limitation of Liability20. Force Majeure21. Applicable Law and Jurisdiction22. Termination of Agreement23. Trade Control24. Final Provisions
1. TERMS AND DEFINITIONS1.1. List of Terms and Definitions:"Agreement" – this document together with any additional transaction documents and all other materials that directly or indirectly govern the relationship between the Provider and the User."Approved Subcontractor" – a subcontractor registered in the relevant jurisdiction to whom the Provider has authorized data processing in accordance with applicable data protection legislation."Audit Rights" – as defined in Section 8 (Audit Rights and Supervisory Access)."CASP" – crypto-asset service provider."Competent Authority" – the regulatory body exercising supervision over the User's activities in the relevant jurisdiction."Confidential Information" – as defined in Section 17 (Confidentiality)."Critical/Essential ICT Services" – functions and services on which the continuity of Service provision to the User essentially depends."Force Majeure" – as defined in Section 20 (Force Majeure)."GDPR" – Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data."Intellectual Property Rights" – all patents, copyrights, trademarks, trade secrets, and other intellectual property rights worldwide owned by the Provider."Party/Parties" – individually, the Provider or the User; jointly, both Parties."Products and Services" – software products and associated services provided by the Provider to the User."Service" or "Services" – the set of interactive services provided by the Provider to the User."Account" – a record in the system containing information necessary to identify the User when providing access to Services, authorization and accounting information. Such record includes the User's username and password (or other similar authentication means)."Step-In" – the User's right to temporarily take over service provision in case of breach of critical functions."User/Service User" – any natural person over 18 years of age or any corporation, company, or other legal entity using the Products and Services."Website" – a set of interconnected web pages accessible at a specified address.
2. GENERAL PROVISIONS OF THE PROVIDER2.1. The Provider provides services related to proprietary software products (hereinafter also "Services").Subcontractor Structure2.2. The Provider provides the User with a comprehensive software solution including the following integrated components and directly engaged subcontractors:a) Infrastructure Provider – a provider of critical infrastructure responsible for cloud hosting, operation, backup, physical storage, and protection of operational databases and data files in the relevant jurisdiction. The Provider performs no actions beyond those explicitly provided for by contract and strictly complies with all obligations in accordance with applicable legislation. The Provider bears full responsibility for all actions and omissions of the subcontractor, including incident management and identified deficiencies.b) AML Monitoring Service Provider – a specialized compliance service provider ensuring automated transaction screening and compliance verification through direct integration (API) into the Provider's platform, including financial flow risk monitoring, blockchain transaction screening, and automated compliance alerts.c) KYC Service Provider – a specialized compliance service provider ensuring automated customer identification and verification, including document verification, biometric authentication, and continuous compliance monitoring capabilities and verification documentation maintenance.d) Technology Platform – the technology system used to present the website and manage web interface content. Does not process transactional or customer data and does not participate in financial or compliance functions.The Provider is responsible for the selection, risk management, and periodic evaluation of all aforementioned subcontractors. The User must be notified immediately of any replacement, role change, jurisdiction change, or key responsibility changes of subcontractors, and such changes must be documented in this section of the Agreement.Detailed Service Components2.3. The Services provided under this Agreement consist of the following integrated components:2.3.1. Software ComponentsThe Provider provides the User with a comprehensive software solution consisting of:a) Premium Exchanger Script: specialized software application designed for cryptocurrency exchange operations, including, without limitation, customer registration systems, transaction processing workflows, exchange rate calculation mechanisms, and anti-money laundering (AML) and customer identification (KYC) compliance tools;b) WordPress Content Management Framework: basic content management system providing the architecture of the web application, user interface components, and basic website functionality on which the Provider's software is built and operates;c) Administrative Panel: comprehensive management panel allowing the User to configure exchange parameters, monitor transaction flows, manage customer relationships, control regulatory compliance procedures, and maintain operational control of all exchange operations.Infrastructure and Hosting Services2.3.2. All software components are hosted, operated, and maintained in cloud infrastructure provided by an Approved Subcontractor, which provides the following critical infrastructure services:a) Application Hosting Environment – high-availability server infrastructure hosting and running the software, ensuring continuous availability and performance optimization;b) Database Management Services – secure database hosting and administration services that store, organize, and protect all operational data;c) Transaction Processing Infrastructure – specialized computing resources and network connections providing real-time cryptocurrency exchange processing;d) Data Security and Backup Services – comprehensive data protection measures including encryption, access controls, intrusion prevention, regular data backup, and disaster recovery capabilities;e) System Monitoring and Maintenance – continuous monitoring of system performance, security status, and operational integrity.Compliance and Risk Management Services2.3.3. The Provider coordinates the provision of specialized compliance services through qualified third-party providers integrated into the software platform:a) Anti-Money Laundering Monitoring – transaction monitoring and suspicious activity detection services enabling automated transaction verification against sanctions lists and databases;b) Know Your Customer Verification – customer identity verification and comprehensive customer verification services including document verification, biometric authentication, and continuous customer risk assessment capabilities;c) Regulatory Reporting Tools – automated systems for generating regulatory reports and maintaining compliance documentation.2.4. The Provider guarantees the existence and maintenance of "back-to-back" agreements with Approved Subcontractors, ensuring full transfer of obligations within DORA/MiCA/EBA-ESMA (ICT outsourcing, audit rights and supervisory access, information security, incident management, BCP/DR, data protection, EU data localization, transition/exit procedures, data deletion/return).2.5.The Provider bears full responsibility for the actions and omissions of subcontractors as its own, ensuring compliance with all MiCA, DORA, EBA-ESMA requirements and maintaining direct contractual accountability to the Competent Authority for all outsourced functions.2.6. Subject to the limitations set forth in Section 19 (Limitation of Liability), the Provider undertakes to compensate the User for:a) Direct losses caused by subcontractor failures that resulted in regulatory sanctions imposed on the User;b) Reasonable expenses directly incurred by the User in connection with enforcement measures by the Competent Authority caused by subcontractor non-compliance;c) Direct operational losses resulting from critical ICT service failures as defined in DORA.2.7. The compensation obligations set forth in Section 2.6 are subject to monetary limits and exclusions established in Section 19, except where such limitations would prevent the User from maintaining a CASP license or would contradict MiCA and/or DORA regulatory requirements.2.8. The Provider provides software development, customization, and maintenance services. The User agrees to pay for such services in accordance with applicable procedures and terms. The Provider may also offer additional services at its discretion.2.9. The User may purchase additional software products and services. Depending on the selection, the User remains bound by the terms of this Agreement as well as any additional terms set forth in the relevant Software Appendix or accompanying documents.2.10. The Provider reserves the right to provide software solutions, customization services, and maintenance to multiple clients without restrictions.
3. PAYMENTS, TERMS, AND TAXES3.1. The total payment amount and the service provision period are specified in the order form on the checkout page. The User is obligated to pay all fees specified in the invoice for the selected products and services.3.2. Current pricing can be obtained from PREMIUMEXCHANGER LTD. manager via email: .enilno.regnahcxemuimerp%40ofni3.3. The Provider offers various pricing plans, the cost of which is agreed individually with each client.3.4. Invoices are generated electronically through the Service and associated payment systems. The User is obligated to pay the full amount within the period established by the payment system. Upon written request, the Provider may provide a paper invoice upon mutual agreement of the Parties.3.5. This Agreement is deemed accepted after 100% payment of the respective pricing plan is credited to the account of PREMIUMEXCHANGER LTD. or after the Parties sign a separate accession agreement.3.6. The service provision period may be terminated early if the functionality of the current software version is discontinued or after notification to the User of termination.3.7. The User bears exclusive responsibility for monitoring payment deadlines when selecting software products or services.3.8. Fees and payments under this Agreement are stated without taxes. The User is responsible for paying any sales tax, VAT, or other applicable taxes in their jurisdiction. Taxes are not payable on the income of PREMIUMEXCHANGER LTD. If local law requires the User to withhold tax from payments, the User is obligated to:a) Increase the payment amount such that PREMIUMEXCHANGER LTD. receives the full net amount; b) Provide documentation confirming such withholding to PREMIUMEXCHANGER LTD.
4. USE OF SOFTWARE PRODUCTS AND SERVICES4.1. Following successful payment for the selected product or service, the Provider undertakes to:a) Confirm receipt of payment; b) Send the User electronic payment confirmation; c) Provide remote access to the software installation through the User's account, including links to download software files, license key, and installation instructions.4.2. The provided software product includes software files and license keys. All exclusive rights, except for WordPress content management system files, remain with PREMIUMEXCHANGER LTD.4.3. Software License and Domain Binding:a) To activate the software, the User must specify a domain and/or subdomain in their account; b) The license key is bound to the specified domain/subdomain and cannot be transferred; c) The software product provision period begins when the User downloads the license key; d) The software becomes functional only after proper installation on the registered domain; e) The User cannot change the registered domain/subdomain without written Provider consent.4.4. The software operates correctly only if the User complies with installation instructions, does not make changes to software files or license keys, and complies with the terms of this Agreement and Provider recommendations.4.5. The User is responsible for installation on their IT infrastructure subject to the limitations specified in the installation instructions, except as provided in Section 6 of this Agreement regarding "Approved Subcontractors."4.6. During the service provision period, the User may receive updates and modifications through their account, as well as access to documentation and support resources. Updates (including bug fixes and patches) must be installed promptly; non-compliance may result in incorrect operation or discontinued functionality.4.7. Users receive technical support limited to answers regarding software usage, except for services specified in Section 4.9.4.8. Users have the right to online technical support limited to answers regarding software usage, except for services specified in Section 4.9.4.9. Technical support does not include:a) Development or customization of additional modules; b) Consultations on source code or modifications; c) Server or hosting configuration.4.10. The Provider may deny technical support if the User's installation includes third-party modules, plugins, source code changes, or third-party web designs.
5. ADDITIONAL SERVICES5.1. The Provider may offer additional services at its discretion, which may change or be discontinued from time to time.5.2. The User may order additional software products or services either during the initial purchase process or through the "Services" section on the Website. Requests may also be submitted through the online feedback form. Orders are created electronically and confirmed by clicking the "Submit" button. The User is responsible for verifying the order and paying timely.5.3. Domain Registration: The User may select and register a domain name independently.5.4. The domain name must contain 2 to 63 characters, begin and end with a Latin or Cyrillic letter or digit, and may include hyphens (except when used simultaneously in the 3rd and 4th positions).5.5. A domain name is deemed registered when it receives REGISTERED status and is entered into the domain registry database.5.6. The Provider does not bear responsibility for domain registration, renewal, or maintenance if the User enters into contracts with third parties, such as domain registrars or hosting providers, outside the scope of this Agreement. The User bears full responsibility for maintaining such independent services.
6. RIGHTS AND OBLIGATIONS OF THE PARTIESSubcontractor Management and Data Localization6.1. The Provider may only engage "Approved Subcontractors," as defined in Section 2.1, which must be registered in EU/EEA countries; data processing and storage occurs exclusively within EU/EEA territory.6.2. The Provider undertakes to notify the User of any changes regarding "Approved Subcontractors" at least 30 calendar days in advance; the User has the right to reasonably object – in this case, the Provider must offer an alternative within reasonable timeframes.6.3. Unauthorized transfer of critical/essential functions to subcontractors constitutes material breach by the Provider, giving the User the right to immediately terminate Services and apply Step-In/Exit measures.6.4. The Provider undertakes to notify the User without unreasonable delay, within 1 hour of identifying significant ICT incidents (relevant under DORA), provide a written report within 24 hours, and final post-mortem within 10 business days. Monthly service availability must be ≥ 99.99% (excluding scheduled maintenance with ≥ 48-hour notice and limited to 4 hours per month).Rights of the Provider6.5. Update the software.6.6. Suspend or terminate the User's access to the software product with notice in cases of maintenance or suspected violation of this Agreement or applicable law.6.7. Make changes to this Agreement or modify service provision procedures.6.8. Provide the User with additional services related to software use.6.9. Deny technical support in cases of Agreement violation, misuse, or illegal activity.6.10. Discontinue provision of any software, service, or product in accordance with Provider policy.User Obligations:6.11. Provide accurate and complete information when ordering software products or services from the Provider.6.12. Immediately notify the Provider of any unauthorized use of its software products or services.6.13. Use certified equipment when accessing Provider services.6.14. Do not transfer, sublicense, lease, or otherwise provide PREMIUMEXCHANGER LTD. software products to third parties.6.15. Do not modify or attempt to modify the original software source code. Unauthorized modifications or use of third-party modules may result in denial of technical support.6.16. Comply with all intellectual property rights of PREMIUMEXCHANGER LTD. and third parties.6.17. Do not use any part of the software, website, or content in violation of applicable law or third-party rights.6.18. Do not upload or distribute illegal, offensive, obscene, defamatory, or other prohibited content through the website.6.19. Do not use the software for:a) Illegal purposes; b) Actions harmful to the Provider or third parties; c) Money laundering, terrorist financing, or other illegal activities.6.20. Do not use the software, products, or services for military facilities, security applications, or in violation of defense technology legislation.6.21. Do not advertise or promote services created using the Provider's software on:a) Anonymous or darknet platforms; b) Websites, forums, chats, or channels associated with illegal activity; c) Platforms facilitating drug trafficking, weapons sales, counterfeit documents, money laundering, or other illegal activities; d) Platforms blocked by regulators in jurisdictions where the Provider or User operates.6.22. In case of violation of Section 6.21 and provided evidence (e.g., screenshots, links, or other records), the Provider may:a) Require the User to remove such content within 48 hours; b) Limit or revoke access to accounts, updates, support, and other services without refund in case of non-compliance or repeated violations.
7. SUBCONTRACTOR MANAGEMENT AND SUPERVISIONSubcontractor Categories and Classification7.1. The Provider recognizes that Service provision is accomplished through a structured network of subcontractors, each performing specific functions critical to the User's operations as a regulated cryptocurrency exchange operator.For purposes of risk management and regulatory compliance in accordance with DORA, subcontractors are classified as follows:a) Critical Infrastructure Providers – subcontractors whose services are vital for continuous User business operations, and whose failure would cause serious disruptions to regulated service provision to customers.This category includes the subcontractor serving as the primary cloud infrastructure provider;b) Specialized Compliance Service Providers – subcontractors providing specialized compliance services, risk management, or customer identification services necessary for the User to meet MiCA and other applicable requirements.This category includes subcontractors performing transaction monitoring and KYC functions;c) Technology Platform Providers – subcontractors providing basic technology solutions or platforms supporting overall service architecture but not directly participating in customer data or financial transaction processing.This category includes WordPress Foundation as the content management system provider.Subcontractor Selection and Due Diligence Standards7.2. PREMIUMEXCHANGER LTD. represents and warrants that all subcontractors participating in Service provision were selected based on proper due diligence procedures, including:a) Verification of technical capabilities, security standards, and operational resilience appropriate to their service provision role; b) Assessment of financial stability and business continuity plans ensuring reliable long-term service provision; c) Confirmation of compliance with applicable EU regulations on data protection, financial services, and cybersecurity; d) Analysis of information security policies, incident response procedures, and disaster recovery plans; e) Assessment of geographic location and jurisdiction to ensure compliance with User requirements under DORA and MiCA.Subcontractor Responsibility and Performance Management7.3. The Provider bears primary responsibility and accountability for all aspects of service provision, regardless of subcontractor involvement.This responsibility includes:a) Continuous monitoring of subcontractor performance through service level agreements (SLAs), key performance indicators (KPIs), and regular operational reviews; b) Ensuring that all subcontractors comply with the same information security, data protection, and operational resilience standards applied to the Provider; c) Coordinating incident response among all subcontractors for rapid failure resolution and comprehensive impact assessment; d) Managing change processes to ensure any service or infrastructure modifications by subcontractors are properly evaluated, tested, and implemented without disrupting User operations; e) Maintaining current documentation of subcontractor roles, responsibilities, data processing procedures, and integration points within the overall service architecture.Subcontractor Transparency and Reporting7.4. The Provider undertakes to:a) Maintain a register of Approved Subcontractors containing information on their identity, key functions performed, and data processing locations (in accordance with Article 30.2 of DORA); b) Provide semi-annual reports including information on material changes in subcontractor operations, significant security incidents, and compliance status; c) Upon reasonable request and with sufficient notice, provide the User with information necessary to fulfill DORA obligations.Subcontractor Change Management and Approval Procedures7.5. Material changes to subcontractor operations require prior written notification and, in applicable cases, written User consent:a) Replacement of critical infrastructure providers or specialized compliance service providers requires 60-day advance notification and written User consent (which shall not be unreasonably withheld); b) Addition of new subcontractors that will process User customer data or participate in financial transaction processing requires 30-day advance notification and provides the User the right to object on reasonable grounds related to security, compliance, or operational risks; c) Changes regarding geographic location, data processing activities, or security measures of a subcontractor require 15-day notification with detailed impact assessment and risk mitigation measures; d) The User retains the right to require subcontractor replacement if reasonably believing such subcontractor creates unacceptable compliance or operational risks, provided reasonable alternatives exist and transition time is provided.
8. AUDIT RIGHTS AND SUPERVISORY ACCESSInternal Audit Procedures8.1. The Provider acknowledges and agrees that the User, acting as a regulated crypto-asset service provider in accordance with Regulation (EU) 2023/1114 (MiCA) and subject to Regulation (EU) 2022/2554 (DORA), must have full audit capabilities to fulfill regulatory obligations regarding third-party risk management.Accordingly, the Provider grants the User, its authorized representatives, and designated external auditors complete and unrestricted access, inspection, and audit rights regarding all aspects of provided services (hereinafter "audit rights").8.2. Audit rights include, without limitation, the right to inspect all systems, processes, controls, documentation, records, and items related to performance of contracted functions, both directly at the Provider and at Approved Subcontractors.8.3. Audit rights extend to the ability to copy, photograph, or electronically reproduce any relevant documentation, system configurations, or other materials necessary for compliance assessment.The Provider undertakes to ensure availability of all personnel involved in service provision for interviews and questioning during audits and to provide reasonable assistance in ensuring complete and effective audit activities.Competent Authority Access Rights8.4. In addition to the User's internal audit rights, the Provider expressly acknowledges that the Competent Authority regulating the User's activities under MiCA and DORA, as well as the European Banking Authority (EBA), European Securities and Markets Authority (ESMA), and any other applicable EU supervisory authorities, possess direct and independent access rights to PREMIUMEXCHANGER LTD. operations.These authorities may exercise their rights at their own initiative or upon User request, without requiring prior consent or User participation to conduct inspections, examinations, or investigations.8.5. The Provider undertakes to provide complete cooperation with said authorities, including immediate access to premises, systems, personnel, and documentation, except where prior notification is required for operational or legal reasons.The Provider waives any claims that such direct supervisory authority access violates confidentiality obligations to other clients or third parties, acknowledging that regulatory compliance takes priority over commercial confidentiality.Audit Implementation and Coordination8.6. All audit activities conducted under this section are implemented to minimize impact on ongoing service provision processes while ensuring comprehensive system and procedure review.The Provider designates qualified personnel to coordinate audits and undertakes to maintain current documentation of all service provision aspects to ensure efficient inspection conduct.8.7. If audit results reveal deficiencies, vulnerabilities, or improvement areas, the Provider undertakes to prepare and implement a remediation plan within timeframes agreed with the User or prescribed by Competent Authorities, provided such timeframes are commercially reasonable.Critical findings requiring immediate response must be addressed on an expedited basis – temporary measures within 72 hours and permanent corrective actions completed within 90 days, unless otherwise agreed by the Parties.
9. REGULATORY COOPERATION AND COMPLIANCE SUPPORTRegulatory Cooperation Framework9.1. The Provider recognizes that the User operates as a regulated crypto-asset service provider (CASP) in accordance with Regulation (EU) 2023/1114 (MiCA) and is subject to Competent Authority oversight. The Provider hereby undertakes to provide complete cooperation with the Competent Authority within its supervisory powers, including prompt response to regulator requests, provision of requested information and documentation, and participation in supervisory examinations related to User activities.Coordination with European Supervisory Authorities9.2. Given the pan-European nature of MiCA regulation, the Provider agrees to cooperate with applicable European supervisory authorities, including the European Banking Authority (EBA) and European Securities and Markets Authority (ESMA), where such cooperation is required in connection with the User's cross-border activities or European supervisory coordination under EU legislation.Proportionate Regulatory Support9.3. All regulatory cooperation activities under this section must be conducted proportionately to the User's status as a microenterprise under DORA and limited scope of crypto-asset services. The Provider undertakes to maintain internal procedures for prompt and proper response to regulatory requests, coordinating responses with the User as necessary to ensure consistency of information provided to supervisory authorities.
10. SERVICE LEVEL MANAGEMENT AND PERFORMANCE MONITORINGComprehensive SLA Management System10.1. The Provider recognizes that User compliance with DORA and MiCA requirements necessitates implementation of robust operational resilience measures, including comprehensive service level management across all critical third-party relationships.Accordingly, the Parties establish an expanded service level management system extending beyond basic availability metrics and covering comprehensive performance monitoring, quality assurance, and continuous improvement mechanisms.10.2. The primary service level obligation (SLA) is established as monthly service availability of ninety-nine point ninety-eight percent (99.98%), calculated on a calendar month basis and excluding scheduled maintenance conducted with at least 48-hour advance notice and limited to four (4) hours per month.This key metric is supplemented by additional performance metrics ensuring comprehensive service quality and operational efficiency representation.Extended Performance Metrics and Monitoring10.3. In addition to the primary availability metric, the Provider undertakes to maintain the following performance standards:a) System response time to API requests must not exceed two (2) seconds for ninety percent (90%) of all requests during any 24-hour period; b) Cryptocurrency exchange transaction processing completion time under standard operations must not exceed four (4) hours under normal operating conditions; c) Incident notification confirmation affecting service availability or functionality must occur no later than two (2) hours from critical incident detection.10.4. The Provider implements comprehensive monitoring systems tracking said performance metrics in real-time and provides the User access to interactive monitoring dashboards displaying current and historical data.Monthly performance reports are provided to the User within five (5) business days following each calendar month end and contain:• Detailed compliance analysis with established metrics;• Identification of performance decline issues or trends;• Description of implemented and planned corrective measures.Performance Recovery and Continuous Improvement10.5. If performance metrics fall below established thresholds, the Provider undertakes to immediately notify the User and initiate recovery procedures aimed at returning to acceptable service levels.With sustained performance decline – defined as non-compliance with established metrics for more than forty-eight (48) consecutive hours or recurring deviations over thirty (30) days – the Provider conducts comprehensive root cause analysis and implements permanent corrective measures.10.6. The Parties conduct quarterly service quality review meetings assessing overall performance trends, identifying optimization opportunities, and where necessary, revising SLA targets in light of operational requirement changes or technological capabilities.The Provider undertakes to actively participate in such reviews and implement agreed improvements within reasonable timeframes while maintaining regulatory requirement compliance and User business objectives.
11. BUSINESS CONTINUITY AND OPERATIONAL RESILIENCE FRAMEWORKBusiness Continuity Planning and Documentation11.1. The Provider maintains comprehensive Business Continuity Plans (BCP) ensuring guaranteed service provision continuation upon adverse scenario occurrence, including but not limited to system failures, cyber-incidents, natural disasters, and other operational disruptions.These plans are regularly updated reflecting changes in service provision methods, infrastructure, and threat landscape. Formal reviews and revisions are conducted no less frequently than annually and following any material operational activity changes.11.2. The business continuity framework structure includes detailed procedures for:• Incident detection and classification;• Notification and stakeholder interaction;• Service preservation and recovery;• Post-incident analysis and process improvement.The Provider undertakes to provide the User with summary information on business continuity capabilities and notify of any material changes potentially affecting this Agreement's performance.Backup and Recovery Procedures11.3. Data backup procedures are implemented ensuring complete protection of all information associated with User services. Backup copies are stored in geographically dispersed data centers located within the European Union and European Economic Area.Data backup integrity is regularly verified confirming reliability and completeness, and recovery procedures are tested ensuring prompt and efficient service recovery within established timeframes.11.4. The following target metrics are established for timely recovery:• RTO (Recovery Time Objective) – critical system recovery time must not exceed sixty (60) minutes from failure occurrence;• RPO (Recovery Point Objective) – data loss minimization through regular backup with short intervals.PREMIUMEXCHANGER LTD. maintains detailed backup and recovery procedure documentation and undertakes to regularly provide the User confirmation that these systems function effectively and meet established metrics.Crisis Communication and Coordination11.5. Upon business continuity plan activation, PREMIUMEXCHANGER LTD. undertakes to maintain constant User contact, informing of current service status, recovery progress, and expected full restoration timeframes.Emergency communication procedures ensure 24/7 availability of key PREMIUMEXCHANGER LTD. personnel in crisis situations. Communication protocols are established guaranteeing timely and accurate information provision to the User and, where necessary, applicable regulatory authorities.11.6. Following crisis event completion, PREMIUMEXCHANGER LTD. conducts detailed root cause analysis and response measure assessment, identifies improvement opportunities, and implements additional measures preventing similar future situations.PREMIUMEXCHANGER LTD. undertakes to share relevant analysis results with the User supporting User operational resilience planning and fulfillment of regulatory reporting obligations.
12. CHANGE, RISK, AND RELATIONSHIP MANAGEMENTMaterial Change Notification and Assessment12.1. PREMIUMEXCHANGER LTD. recognizes that effective change management is critical for service quality maintenance and User regulatory requirement compliance assurance under DORA and MiCA provisions. Accordingly, PREMIUMEXCHANGER LTD. undertakes to pre-notify the User of any material changes potentially affecting service provision, performance, security, or compliance with applicable regulatory requirements.12.2. Material changes requiring pre-notification include, without limitation:• Modifications to core systems or service provision infrastructure;• Changes in subcontractor interaction schemes or key personnel composition participating in service provision;• Changes in security protocols, access control mechanisms, or data protection measures;• Critical system or data processing operations transfers;• Changes in PREMIUMEXCHANGER LTD. corporate structure, ownership, financial position, or regulatory status potentially affecting service provision capability.12.3. Such notifications are provided, where possible, at least thirty (30) days prior to planned change implementation or within the maximum possible timeframe if advance notification is impossible due to extraordinary circumstances or regulatory requirements. Notifications must contain detailed proposed change description, potential service provision impact assessment, risk mitigation measures, and change implementation and completion schedule.Change Impact Assessment and Risk Management12.4. In case of significant changes potentially substantially affecting service provision or creating new User operational risks, the Provider undertakes to conduct comprehensive change impact assessment including potential consequence analysis for service level, security, regulatory compliance, and operational resilience.Such assessment results are provided to the User for independent risk assessment and appropriate risk minimization measure implementation.12.5. The Provider undertakes to implement proper testing and validation procedures for significant change implementation, including rollback capability (where technically feasible) to minimize disruption or service quality reduction risks.Where changes affect systems or processes integrated with the User's operational environment, the Provider coordinates implementation schedule with the User to minimize business process impact and ensure smooth transition to updated service provision conditions.Continuous Engagement and Relationship Management12.6. Beyond formal change notification requirements, the Provider undertakes to maintain regular engagement with the User regarding service performance issues, emerging risks and opportunities, industry trends potentially affecting service provision, and other aspects important for sustainable business relationship development.12.7. Quarterly Business Reviews are conducted assessing overall engagement status, discussing emerging issues, planned improvements or enhancements in service provision, and ensuring Provider capabilities align with User's changing business and regulatory requirements.Such reviews provide collaborative problem-solving opportunities and engagement optimization, promoting long-term success of both Parties and regulatory obligation compliance.
13. USER RESPONSIBILITY FOR PAYMENT INSTRUMENTS13.1. The User warrants that all payment instruments used (including but not limited to credit and debit cards) are valid and legally belong to the User.13.2. The User bears full responsibility for any legal or financial consequences arising from use of payment instruments not belonging to them.13.3. The Provider does not bear responsibility for losses arising from User use of invalid or unauthorized payment instruments.13.4. The User confirms that any payments made using credit card or other means are lawful and authorized by the legitimate payment instrument holder.13.5. If claims or demands are presented to the Provider by third parties related to User's unauthorized payment instrument use, the User undertakes to settle such claims independently and at their own expense.13.6. The User undertakes to compensate the Provider for any losses, penalties, fines, or other expenses arising from improper payment instrument use.13.7. In case of payment instrument lawfulness disputes, the User is obligated to provide sufficient evidence confirming legitimate use.13.8. Non-compliance with stated obligations may result in service suspension until complete dispute resolution and associated expense compensation.
14. USER RESPONSIBILITY FOR CRYPTOCURRENCY USE14.1. The User acknowledges and accepts all risks associated with prohibition, restriction, or inability to conduct cryptocurrency transactions in their jurisdiction.14.2. The User bears exclusive responsibility for compliance with all applicable laws, regulations, and legislative changes governing cryptocurrency circulation in their territory.14.3. All legal and financial consequences arising from Provider software use for cryptocurrency transaction conduct are entirely the User's responsibility.14.4. In case of sanctions application, enforcement measures, or other regulatory actions by government authorities, all resulting obligations and expenses are borne by the User.14.5. The User acknowledges that cryptocurrency regulation remains developing and in many cases uncertain.14.6. The User undertakes to independently track cryptocurrency legal status in their jurisdiction and promptly comply with any new or modified legislative requirements.14.7. The Provider does not bear responsibility for restrictions, prohibitions, or User losses caused by government authority actions or regulatory changes.14.8. The User undertakes to release the Provider from any claims or obligations arising from legal restrictions or regulatory changes affecting cryptocurrency use.
15. INTELLECTUAL PROPERTY RIGHTS15.1. All intellectual property rights developed exclusively by PREMIUMEXCHANGER LTD. or jointly with others belong to PREMIUMEXCHANGER LTD. or its licensors. Such rights include but are not limited to: software, databases, patents, trademarks, service marks, product names, designs (registered or unregistered), trade secrets, know-how, domain names, logos, branding elements, website content, and all updates, improvements, modifications, and derivative products. All rights not expressly granted to the User under this Agreement are retained by the Provider or its licensors.15.2. The User waives any claims against the Provider, its affiliates, or licensors regarding product ownership rights, documentation, or support services, except for rights expressly granted under this Agreement.15.3. The Provider retains royalty-free and unrestricted right to use and incorporate into its products or services any feedback, suggestions, or recommendations provided by the User.15.4. Software and documentation are protected by copyright legislation and international treaties. Unauthorized copying, distribution, or use is strictly prohibited. The User receives only those rights expressly stated in this Agreement and undertakes to comply with all technical restrictions.The User is prohibited from:a) Decompiling, disassembling, translating, or creating derivative works based on software or documentation, except where expressly permitted by law or with Provider written consent;b) Integrating the software into other products, except as provided by official public APIs provided by the Provider;c) Removing or modifying logos, trademarks, copyright notices, watermarks, or other protective designations;d) Bypassing or disabling software technical restrictions;e) Transferring, sublicensing, leasing, selling, renting, or otherwise providing access to software except as expressly provided in this Agreement;f) Using software for storing or transmitting illegal, rights-infringing, defamatory, or misleading materials;g) Using software to bypass payment or exceed established usage limits.
16. AML AND KYC/KYB POLICY16.1. The Provider reserves the right to verify Users prior to software or service access provision. Verification may include identity establishment in accordance with AML (Anti-Money Laundering) and KYC/KYB (Know Your Customer/Business) requirements. Government authorities, financial institutions, and payment providers may also conduct verification for international sanctions compliance.16.2. The Provider may request additional information from the User upon identity, activities, or behavior doubts, as well as upon Competent Authority or counterparty request. Sanctions list verification may be conducted at any time.16.3. Upon elevated money laundering or terrorist financing risk, the Provider may apply enhanced verification measures, including but not limited to:a) Requesting additional documents or information; b) Verification of data from external sources; c) Information collection regarding User activities' nature and purposes; d) Funds source origin establishment used in transactions; e) User behavior monitoring for suspicious activity detection.16.4. Payment providers may independently conduct comprehensive counterparty verification as necessary.16.5. Verification scope may vary depending on risk level and available User activity data.16.6. Upon reasonable money laundering or terrorist financing suspicion, the Provider is obligated to immediately report to applicable authorities, financial institutions, payment providers, or data processors. Such reporting is not deemed confidentiality violation and does not entail disclosure responsibility.16.7. If User activity is not subject to mandatory reporting but raises reasonable doubts, the Provider may establish enhanced monitoring.
17. CONFIDENTIALITY17.1. Definition"Confidential Information" means any information disclosed by one Party to another in connection with this Agreement which (a) is designated as confidential or (b) by its nature should be so considered. Confidential Information includes, in particular, software, documentation, methods, specifications, design, processes, and related data.Confidential Information does NOT include information the Receiving Party can demonstrably confirm as:a) Public without this Agreement violation; b) Legally known prior to disclosure; c) Received from third parties without confidentiality obligation violation; d) Independently developed without Disclosing Party information use.17.2. Ownership and UseEach Party retains ownership of its confidential information. The Receiving Party undertakes to (a) protect such information with the same care level as its own confidential information, but not less than reasonable level, and (b) use it exclusively for this Agreement's performance.17.3. Non-DisclosureConfidential Information is not subject to third-party transfer without prior Disclosing Party written consent. The Receiving Party is responsible for employee, contractor, and agent actions resulting in unauthorized disclosure.17.4. DurationConfidentiality obligation effectiveness continues for three (3) years after Agreement termination, except for trade secret information – such is protected indefinitely.17.5. Legal DisclosureThe Receiving Party may disclose information if required by law, court decision, or government authority request, provided Disclosing Party notification (if law permits).17.6. Public StatementsNeither Party may make public statements or press releases containing the other Party mention without prior written consent.
18. DISCLAIMER OF WARRANTIES18.1. Nothing in this section limits the Provider's MiCA, DORA, EBA-ESMA, and GDPR compliance obligations, including incident notification, business continuity plan (BCP/DR) assurance, supervisory authority access provision, and subcontractor obligation fulfillment.18.2. Except for expressly stated Agreement warranties, the Provider disclaims all others – explicit, implied, or statutory, including implied merchantability, fitness for particular purpose, or non-infringement warranties, to the maximum extent permitted by law.18.3. The Provider does not warrant that:a) Products will fully satisfy User requirements; b) They will operate in all combinations not stated in official documentation; c) Functioning will be continuous or error-free; d) Internet-related delays or failures will not occur.Products and services are provided "as is" and "as available."18.4. WordPress LimitationThe User acknowledges that software is partially based on WordPress CMS (in the frontend portion). The Provider retains full responsibility for:a) WordPress security update monitoring and patch installation; b) Ensuring WordPress integration does not reduce system availability; c) Maintaining availability level no lower than 99.99%, regardless of WordPress issues; d) Providing alternative access methods upon WordPress-related failures.18.5. The User assumes all risks associated with possible WordPress-related malfunctions or errors.
19. LIMITATION OF LIABILITY19.1. Limitations and exclusions established in this section do not apply to:a) Confidentiality or data protection violations (including GDPR); b) DORA/MiCA/EBA-ESMA obligation violations; c) Direct loss, sanctions, or reasonable Client expense compensation obligations caused by subcontractor transferred obligation non-compliance; d) Intentional actions or gross negligence.19.2. The Provider under no circumstances bears responsibility for:a) Indirect, consequential, punitive, exemplary, or similar losses; b) Business loss, profit, revenue, funds, digital or virtual currency loss, and any other electronic money loss; c) Electronic wallet access loss or inability, data damage or destruction, downtime or service disruption – regardless of legal basis or causes.19.3. The Provider's cumulative liability for any claim arising under this Agreement does not exceed the amount actually paid by the User for the respective product (excluding additional services) during one (1) month preceding the incident.This limitation does not apply to:a) DORA operational resilience requirement violations; b) Critical ICT service failures defined in DORA; c) Regulatory penalties resulting from Provider obligation non-compliance.19.4. The User acknowledges that electronic communication information transmission involves risks (errors, viruses, hacking, phishing, etc.). Despite Provider reasonable protection measures, complete security cannot be guaranteed.19.5. The Provider does not bear responsibility for User actions related to military purpose software, product, or service use, defense needs, or military technology legislation violations, including military operations financing.19.6. If the Provider establishes that the User uses or intends to use software, products, or services for military purposes, defense activities, or military technology legislation violations, the Company may immediately close the User's account and block system access.19.7. The Provider may suspend or terminate User access at its discretion on ethical grounds if their activities, even without legal violation, contradict Company internal ethical standards. Such cases include, in particular:a) Software use on platforms associated with illegal or anonymous services; b) Client recruitment from forums or resources known for illegal or questionable content; c) Activities potentially causing Provider reputational damage.19.8. Decisions made in accordance with Section 19.7 are final, made solely by the Provider, and are not subject to appeal. In such cases, refunds are not made.
20. FORCE MAJEURE20.1. Neither Party bears responsibility for delays or obligation non-fulfillment caused by circumstances beyond reasonable control ("Force Majeure"), provided written notification to the other Party within seven (7) calendar days of such circumstances occurrence.In such cases, the affected Party may extend obligation fulfillment timeframes by a period equal to the force majeure event duration, unless otherwise agreed in writing.20.2. A certificate or document issued by competent government authority constitutes sufficient force majeure circumstances existence and duration proof.20.3. If force majeure event continues exceeding three (3) months, either Party may unilaterally terminate this Agreement. In such case, previously paid amounts are not subject to refund.
21. APPLICABLE LAW AND JURISDICTION21.1. This Agreement and any obligations not directly arising from contract are governed by EU legislation. The Parties submit to exclusive jurisdiction of competent courts at the Provider's registration location.21.2. The Parties undertake to initially seek peaceful dispute and disagreement resolution through negotiations.21.3. To the maximum extent permitted by law, each Party irrevocably waives jury trial right for any matters related to this Agreement or its performance.21.4. To the maximum extent permitted by law, each Party also waives collective action or representative proceeding participation right. Claims may be brought only individually, not as group participant, plaintiff, or representative in any collective or joint proceeding.
22. AGREEMENT TERMINATION22.1. The User has the right to terminate the Agreement (in whole or part) in cases of:a) Material Provider or subcontractor obligation DORA/MiCA/EBA-ESMA/GDPR violation; b) Repeated SLA availability level violations over two or more consecutive months; c) Subcontractor failure or inability to comply with transferred obligations.22.2. Each Party may terminate the Agreement if the other Party committed material condition violation.22.3. Each Party may immediately terminate the Agreement if the other Party became insolvent, filed bankruptcy petition, ceased business activities, or transferred assets to creditors.22.4. The User may unilaterally terminate the Agreement by sending written notice at least seven (7) calendar days in advance. The User acknowledges that all previously paid amounts are not subject to refund upon such termination.22.5. The Provider may terminate the Agreement without prior notice upon reliable evidence of User Section 6.17 violation (prohibited use).22.6. If the Provider receives third-party complaints or claims regarding User Agreement violation, the Provider may request written explanations. Failure to provide satisfactory response within five (5) business days constitutes unilateral termination basis.
23. TRADE CONTROL23.1. The User must not directly or indirectly export, re-export, transfer, provide access to, or use software products and services in a manner violating applicable trade control, export control, or sanctions laws. The User undertakes to refrain from any actions potentially causing Provider legal or regulatory consequences under such laws.23.2. The Provider may suspend obligation fulfillment or immediately terminate the Agreement if:a) The User violates or is reasonably suspected of violating Section 23.1; or b) The User or software products are subject to trade control laws, and the Provider reasonably believes continuation may result in such law violation or negative consequences.24. FINAL PROVISIONS24.1. The Provider may modify, replace, or revoke any part of this Agreement or Website at any time. The updated version becomes effective upon publication on the official website or User notification, unless otherwise stated.24.2. All Agreement-related notifications and messages must be directed in electronic form through online services selected by the Provider at its discretion.24.3. If the Agreement was concluded by signing an accession contract, the User may refuse unilateral changes made by the Provider by sending written refusal within seven (7) days after publication. Without such notice, changes are deemed accepted and binding.24.4. This Agreement is binding on the Parties and their successors. The User cannot transfer rights and obligations without Provider written consent. The Provider may transfer or assign the Agreement wholly or partly without User consent in connection with merger, reorganization, business sale, or asset transfer.24.5. If any Agreement provision is found invalid or unenforceable, remaining provisions retain full force. The Parties undertake to replace the invalid provision with a similar one reflecting the original economic and legal meaning.24.6. This Agreement constitutes the entire agreement between the Parties.24.7. The Provider may implement internal User activity monitoring procedures for Agreement compliance, including open source information verification.24.8. The Provider may at its discretion limit software use to specific person categories or activity types. Such restrictions become effective upon official website publication or other notification.FOOTNOTES AND ABBREVIATIONSAML – Anti-Money LaunderingCASP – Crypto-Asset Service ProviderDORA – Regulation (EU) 2022/2554 (Digital Operational Resilience Act)EBA – European Banking AuthorityEEA – European Economic AreaESMA – European Securities and Markets AuthorityEU – European UnionGDPR – Regulation (EU) 2016/679 (General Data Protection Regulation)ICT – Information and Communication TechnologyKYB – Know Your BusinessKYC – Know Your CustomerMiCA – Regulation (EU) 2023/1114 (Markets in Crypto-Assets)RTO – Recovery Time ObjectiveRPO – Recovery Point ObjectiveSLA – Service Level AgreementKPI – Key Performance IndicatorBCP – Business Continuity PlanDR – Disaster RecoveryAPI – Application Programming InterfaceVAT – Value Added Tax