SAAS Terms Conditions

Schedule 2 – Acceptable Use Policy

Schedule 1 (Acceptable Use Policy)

1. Introduction

1.1 This acceptable use policy (the "Policy") sets out the rules governing:

(a) the use of the Service(s) made available by the Service Provider to you as a service via the internet including offline components, if any (the "Service"); and

(b) the transmission, storage and processing of content by you, or by any person on your behalf, using the Service including its email and text messaging communication tools, correspondence files, stored photos, logos etc ("Content").

1.2 References in this Policy to "you" are to any customer for the Service and any individual user of the Service and "your" should be construed accordingly; and references in this Policy to "us" are to RMS (Aust) Pty Ltd  (and "we" and "our" should be construed accordingly).

1.3 By using the Service, you agree to the rules set out in this Policy.

1.4 We will ask for your express agreement to the terms of this Policy before you submit any Content or otherwise use the Service.

2. General usage rules

2.1 You must not use the Service in any way that causes, or may cause, damage to the Service or impairment of the availability or accessibility of the Service.

2.2 You must not use the Service:

(a) in any way that is unlawful, illegal, fraudulent or harmful; or

(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

2.3 You must not:

(a) attempt to undermine the security or integrity of RMS 's computing systems or networks or, where the Software is hosted by a third party, that third party's computing systems and networks.

(b) use, or misuse, the Software in any way which may impair the functionality of the Software or Website, or impair the ability of any other user to use the Software or Website.

(c) attempt to gain unauthorized access to any materials other than those to which you have been given express permission to access or to the computer system on which the Software is hosted.

(e) attempt to gain unauthorized access to any materials other than those to which you have been given express permission to access or to the computer system on which the Software is hosted.

(f) modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer the Software or the Website except as is strictly necessary to use either of them for normal operation.

2.4 You must ensure that all Content complies with the provisions of this Policy.

3. Unlawful Content

3.1 Content must not be illegal or unlawful, must not infringe any person's legal rights, and must not be capable of giving rise to legal action against any person (in each case in any jurisdiction and under any applicable law).

3.2 Content, and the use of Content by us in any manner licensed or otherwise authorised by you, must not

(a) be libellous or maliciously false;

(b) be obscene or indecent;

c) infringe any copyright, moral right, database right, trade mark right, design right, right in passing off, or other intellectual property right;

(d) infringe any right of confidence, right of privacy or right under data protection legislation;

(e) constitute negligent advice or contain any negligent statement;

(f) constitute an incitement to commit a crime, instructions for the commission of a crime or the promotion of criminal activity;

(g) be in contempt of any court, or in breach of any court order;

(h) constitute a breach of racial or religious hatred or discrimination legislation;

(i) be blasphemous;

(j) constitute a breach of official secrets legislation; or

(k) constitute a breach of any contractual obligation owed to any person.

3.3 You must ensure that Content is not and has never been the subject of any threatened or actual legal proceedings or other similar complaint.

4. Graphic material

Content must be appropriate for all persons who have access to or are likely to access the Content in question

5. Factual accuracy

5.1 Content must not be untrue, false, inaccurate or misleading.

5.2 Statements of fact contained in Content and relating to persons (legal or natural) must be true; and statements of opinion contained in Content and relating to persons (legal or natural) must be reasonable, be honestly held and indicate the basis of the opinion.

6. Negligent advice

6.1 Content must not consist of or contain any legal, financial, investment, taxation, accountancy, medical or other professional advice, and you must not use the Service to provide any legal, financial, investment, taxation, accountancy, medical or other professional advisory services.

6.2 Content must not consist of or contain any advice, instructions or other information that may be acted upon and could, if acted upon, cause death, illness or personal injury, damage to property, or any other loss or damage.

7. Etiquette

7.1 Content must be appropriate, civil and tasteful, and accord with generally accepted standards of etiquette and behaviour on the internet.

7.2 Content must not be offensive, deceptive, threatening, abusive, harassing, menacing, hateful, discriminatory or inflammatory.

7.3 Content must not be liable to cause annoyance, inconvenience or needless anxiety.

7.4 You must not use the Service to send any hostile communication or any communication intended to insult, including such communications directed at a particular person or group of people.

7.5 You must not use the Service for the purpose of deliberately upsetting or offending others.

7.6 You must not unnecessarily flood the Service with material relating to a particular subject or subject area, whether alone or in conjunction with others.

8. Marketing and spam

8.1 You must not without our written permission use the Service for any purpose relating to the marketing, advertising, promotion, sale or supply of any product, service or commercial offering unrelated to the use of the Software and the Service.

8.2 Content must not constitute or contain spam, and you must not use the Service to store or transmit spam - which for these purposes shall include all unlawful marketing communications and unsolicited commercial communications.

8.3 You shall soley be responsible for the content of emails or SMSs sent to your distribution.  In no case can the Service Provider be held responsible in any capacity whatsoever in relation to third parties for any damage resulting from you sending emails or SMSs using the Services.

8.4 Any use of the Services which may damage, disable or overload the Service Provider’s infrastructure or interfere with the enjoyment of the Services by other users is prohibited. In the event of non-compliance, the Service Provider reserves the right to immediately block or limit access to the Services or any part of the Services without notice and without refund or any form of compensation.

9. Gambling

You must not use the Service for any purpose relating to gambling, gaming, betting, lotteries, sweepstakes, prize competitions or any gambling-related activity.

10. Monitoring

You acknowledge that we do not actively monitor the Content or the use of the Service.

11. Harmful software

11.1 The Content must not contain or consist of, and you must not promote or distribute by means of the Service, any viruses, worms, spyware, adware or other harmful or malicious software, programs, routines, applications or technologies.

11.2 The Content must not contain or consist of, and you must not promote or distribute by means of the Service, any software, programs, routines, applications or technologies that will or may have a material negative effect upon the performance of a computer or introduce material security risks to a computer.

12. Use of Data by Service Provider

12.1 To enable the Service Provider to pursue its legitimate interests, in particular relating to risk management and the evaluation of the quality of the Customer’s email mailing lists (and, for example, to avoid risks of spam, phishing or fraud), the Customer is informed and agrees that, the Service Provider may transmit data to third party providers, including providers domiciled outside the European Union, for the purpose of establishing a reliability score. Any transmission of this data will be carried out in compliance with applicable rules.

12.2 The Customer expressly accepts that the behavior of recipients of these emails may be analysed by the Service Provider (tracking opening rates, click rates and bounce rates at the individual level) to improve the effectiveness of its emailing platform for Customer campaigns.

Online Terms & Conditions

The following terms and conditions, as may be amended from time to time, shall apply to all RMS booking services provided directly or indirectly (through partners) that are made available online, through any mobile device, by email or telephone (“RMS Online”)

These terms and conditions apply to both:

1. The provider of accommodation (“Accommodation Provider”) (e.g. hotel, motel, apartment, workforce camp, facility operator and any other related product or service that can be reserved/booked using RMS Online), and

2. The consumer/guest (“Guest”) who uses RMS Online to place a reservation/booking or makes a purchase that may include processing a payment.

3. RMS Online distributes the Accommodation Provider rate, inventory and availability information supplied by each Accommodation Provider to online sales platforms chosen by the Accommodation provider.
RMS Online acts solely as an intermediary between the Accommodation Provider and the online sales platforms.
RMS Online receives reservation/booking information from those online distribution platforms.
RMS Online does not accept any liability for unavailability of rooms or other products/services caused by the Accommodation Provider over-selling their own available inventory.

4. When rendering our services, the information that RMS Online discloses to the online sales platforms is the sole responsibility of the Accommodation Provider.

Although RMS Online uses reasonable skill and care in performing its services it does not verify if, and cannot guarantee that, all information is accurate, complete or correct.

Each Accommodation provider remains responsible at all times for the accuracy, completeness and correctness of the (descriptive) information (including the rates and availability).

RMS Online is not responsible for (and disclaims any liability) for the use, validity, quality, suitability, fitness and due disclosure of the accommodation, product or service that is the subject of the reservation/booking and makes no representations, warranties or conditions of any kind in this respect, whether implied, statutory or otherwise, including any implied warranties of merchantability, title, non-infringement or fitness for a particular purpose. You acknowledge and agree that the relevant Accommodation Provider is solely responsible and assumes all responsibility and liability in respect of the reservation/booking (including any warranties and representations made by the Accommodation Provider). RMS Online is not a (re)seller of the accommodation, product or service that is the subject of the reservation/booking. Complaints or claims in respect of the reservation/booking (including related to the offered (special/promotion) price, policy or specific requests made by Customers) are to be dealt with by the accommodation Provider. RMS Online is not responsible for and disclaims any liability in respect of such complaints, claims and (product) liabilities.

5. Cancellation and no-show penalties and any other fees or policies relating to changes to reservations/bookings received are determined by and are the responsibility of the Accommodation Provider.

6. To the extent permitted by law, neither RMS Online or any of our officers, directors, employees, representatives, subsidiaries, affiliated partners, licensee, agents shall be liable for any:

(i) any punitive, special, indirect or consequential loss or damages, any loss of production, loss of profit, loss of revenue, loss of contract, loss of or damage to goodwill or reputation, loss of claim,

(ii) any inaccuracy relating to the (descriptive) information (including rates, availability and ratings) of the accommodation, products or services as provided by the Accommodation Provider,

(iii) the services rendered or the products offered by the Accommodation Provider or other business partners,

(iv) any (direct, indirect, consequential or punitive) damages, losses or costs suffered, incurred or paid by the Accommodation Provider or Guest, pursuant to, arising out of or in connection with the use, inability to use or delay of RMS Online,

(v) any (personal) injury, death, property damage, or other (direct, indirect, special, consequential or punitive) damages, losses or costs suffered, incurred or paid by the Accommodation Provider or Guest, whether due to (legal) acts, errors, breaches, (gross) negligence, willful misconduct, omissions, non-performance, misrepresentations, tort or strict liability by or (wholly or partly) attributable to the accommodation or any of our other business partners (including any of their employees, directors, officers, agents, representatives or affiliated companies) whose products or service are (directly or indirectly) made available, offered or promoted by RMS Online or the Accommodation Provider, including any service referrals, cancellation, overbooking, strike, force majeure or any other event beyond our control.

7. Bookings received through RMS Online from Guests are received on behalf of the Accommodation Provider.

The Accommodation Provider has sole responsibility for delivery of the services being booked by the guest and the Accommodation Provider fully indemnifies RMS Online for default by the Accommodation Provider.

8. Guests, by using RMS Online (e.g. by making a reservation/Booking), enter into a direct (legally binding) contractual relationship with the Accommodation Provider with which you make a reservation/booking or purchase a product or service (as applicable). From the point at which you make your reservation/booking, we act solely as an intermediary between you and the Accommodation Provider, transmitting the relevant details of your reservation/booking to the relevant Accommodation Provider(s).

9. Guests, in order to duly complete and secure your reservation/booking, you need to use your correct information that may include email address or phone number. We are not responsible or liable for (and have no obligation to verify) any wrong or misspelled email address or inaccurate or wrong (mobile) phone number or credit card number.

10. Guests, by using RMS Online you are consenting to us sending you communication in the form of an email or text message either for and on behalf of RMS Online (including any service partner) or the Accommodation Provider.The communication (i) may be sent prior to your arrival giving information on your destination, (ii) may be sent at any time providing you with certain information and offers (including references or links to Accommodation Provider offers and third party offers and services to the extent, where required, that you have actively opted for this information), (iii) may be sent after arrival to rate the (experience with your) Accommodation Provider or RMS Online, and (iv) may be sent to you promptly after your stay inviting you to complete a Guest review form.In all cases Guests may at any time withdraw their consent to receive communications.

11. RMS Online respects your privacy, please have a look at ourPrivacy Policyfor further information.

12. If applicable, certain Accommodation Providers may require reservations/bookings to be paid (wholly or partly as required under the payment policy of the Accommodation Provider) by means of secure online payment. RMS Online requires the use of an approved PCI DSS compliant payment gateway whenever Cardholder data is requested from a Guest using either the RMS Online booking site or when receiving Cardholder data from online sales platforms chosen by the Accommodation provider. Cardholder data refers specifically to the credit card number, along with cardholder name, expiration date and security code provided by the Guest to RMS Online directly or to the online sales platforms chosen by the Accommodation provider at the time the online reservation/booking is made and any payment is taken. The form in which the Guest enters Cardholder data on the RMS Online booking site is provided by the payment gateway. The Guest does not leave the RMS Online booking site, the details do not enter RMS Online and only the payment gateway sees them. The payment gateway then authorises that the card is valid and if successful processes the payment. Once the payment is processed the payment gateway drops a token into RMS Online against the Guest. RMS Online does not receive or store Cardholder data.

13. Any payment facilitated by RMS Online will constitute a payment of, or part of, the reservation/booking price and you cannot reclaim such paid monies from RMS Online.

Guest shall not hold RMS Online liable or responsible for any charge made for or on behalf of the Accommodation Provider.

14. Any Accommodation Provider who uses the RMS Online API to manage its own ecommerce booking platform (a “Custom Solution) is responsible for PCI DSS compliance and hereby agrees to indemnify and hold RMS Online harmless from any claims, fines, damages (including any direct, indirect, consequential or punitive damages), losses or costs suffered, incurred or paid by the Accommodation Provider or Guest, pursuant to, arising out of or in connection with the Custom Solution and use of the RMS Online API.

15. By uploading photos/images onto our system you certify, warrant and agree that you own the copyright to the photos/images and that you agree that RMS Online may use the uploaded photos/images on its platform. You are granting RMS Online a non-exclusive, worldwide, irrevocable, unconditional, perpetual right and license to use, reproduce, display, have reproduced, distribute, sublicense, communicate and make available the photos/images as RMS Online at its discretion sees fit. By uploading these photos/images the person uploading the picture(s) accepts full legal and moral responsibility of any and all legal claims that are made by any third parties (including, but not limited to, accommodation owners) due to RMS Online publishing and using these photos/images. RMS Online does not own or endorse the photos/images that are uploaded. The truthfulness, validity and right to use of all photos/images is assumed by the person who uploaded the photo, and is not the responsibility of RMS Online. RMS Online disclaims all responsibility and liability for the pictures posted. The person who uploaded the photo warrants that the photos/images shall not contain any viruses, Trojan horses or infected files and shall not contain any pornographic, illegal, obscene, insulting, objectionable or inappropriate material and does not infringe any third party (intellectual property right, copyright or privacy) rights. Any photo/image that does not meet the aforesaid criteria will not be posted and/or can be removed/deleted by RMS Online at any time and without prior notice.

16. These terms and conditions and the provision of our services shall be governed by and construed in accordance with Australian law. Notwithstanding the foregoing choice of law, a natural person using any of our services for a purpose which can be regarded as being outside their trade or profession (hereinafter also referred to as "consumer") can rely on the mandatory provisions of the law of the country where they have their domicile (i.e. provisions that, in accordance with the choice-of-law rules of the said country, must apply regardless of this choice-of-law clause; hereinafter: "Mandatory Provisions"). Any dispute arising out of these general terms and conditions and our services shall exclusively be submitted to the competent courts in the state of Victoria, Australia. Notwithstanding the foregoing jurisdiction clause, a consumer may also bring proceedings in respect of enforcement of relevant applicable Mandatory Provisions in the courts of the country in which they are domiciled, and proceedings against a consumer may be brought only in the courts of the country in which they are domiciled.

17. The RMS Online service is rendered by RMS (Aust) Pty Ltd, which is a private limited liability company, incorporated under the laws of Victoria, Australia and having its offices at 116 Harrick Road, Keilor Park, Victoria 3042, Australia.

The RMS Privacy Policy was updated on 1 November, 2024.

RMS is committed to protecting and safeguarding any personal data you give us. We act in the best interests of our clients and their customers’ interest and we are transparent about our processing of your personal data.

RMS provides a subscription cloud-based Property Management System to its clients for managing accommodation bookings, front desk operations, guest billing, housekeeping, maintenance management, sales and marketing, events management, point of sale, door locking and other in-room and property access and control systems. RMS provides its clients with an Online Booking Engine to enable their customers to make bookings at their property and a Channel Management system to allow our clients to receive bookings from a large range of online travel agents and other booking services. RMS also provides its clients with integrations to other third-party services such as client loyalty programs, rate management services and business intelligence tools.

When accessing this website or providing information, you agree to our privacy practices as set out in this Privacy Policy. RMS may change this policy from time to time. Please visit this page regularly to keep up to date with our practices. If we make changes to the Privacy Policy which will have an impact on you (for example, if we intend to process your personal data for other purposes than communicated in the past in this Privacy Policy), we will notify you of these changes before these new activities begin.

This document describes how we use and process your personal data on all of the services that we provide to our clients and which our clients use when providing their services to their customers. This one Privacy Policy applies to any kind of information we collect through this website, the services we provide, or other means connected to these services (such as contacting our customer service team via telephone, the website or by email).

What kind of personal data does RMS collect and why?

RMS Clients

When our clients subscribe to our services, your personal information is collected directly from you during the sales process. Collection of personal information can occur through other interactions including:

· Conversations with our team members;

· When you complete registrations, requests or application for our services;

· When you communicate with us directly (by telephone, email or any means); and

· When we interact with you during trade shows, masterclasses, webinars, training and special events.

RMS collects and processes personal information from its clients that is legally necessary for the performance of a contract. This includes for the purpose of being able to contact you, interact with you and verify you on any matters relating to your contract with RMS, including any need to use your information to handle and resolve legal disputes, for regulatory investigations and compliance, to enforce the RMS terms of use, the provision of customer support services, customer training, to create orders, transaction records, billing and payment and any other matters incidental to the performance of our services.

Personal information is any information that can be used to uniquely identify an individual. We may collect the following personal information from our clients:

· Name;

· Business address;

· Email address(es);

· Telephone number(s); and

· Payment information.

Other information which may be collected may include:

· Your marketing preferences, including the type of marketing materials you wish to receive and the method of delivery (email, SMS), and

· Information you provide to us via our customer service team, website, and application forms.

Where needed under applicable law, RMS will obtain your consent prior to processing your personal data for direct marketing purposes.

RMS will hold the personal information of our clients for a long as is necessary for the provision of the services that you subscribe for, to comply with all legal, taxation and other regularity requirements and for sales and marketing purposes both during and after the period of your subscription.

Customers of RMS Clients

RMS Clients will collect personal information of their customers using the RMS services.

RMS acts as the data processor regarding the services provided by our clients. Our clients therefore have the primary responsibility for the protection of your personal information. 

Our client’s website may use the RMS booking engine including any online booking pages provided by RMS to collect and process personal information to provide their services. Our clients may also use the RMS channel management service to receive and process personal information collected by online travel agents and other booking services.

Therefore, RMS will process on behalf of our clients, personal information of their customers including but not limited to:

· Your name;

· Preferred contact details, including email or social media address, home address, telephone number, and date of birth,;

· The names of anybody travelling with you;

· Your payment information; and

· Any other information which you decide for yourself to submit including special requests or preferences.

Our clients’ collect and processes personal information from its customers for the performance of a contract, specifically to administer their online bookings from customers. If the required personal information is not provided, our clients cannot finalize the booking and ensure your stay with them is as enjoyable as possible. Our client’s may also use your personal information to provide customer service by informing the customer of any changes to the booking, latest deals and special offers and other products or services which they believe may be of interest to you. An RMS client may also use your personal information for the purpose of sending you a survey or for future marketing and sales activities. If you would like to find out the specific purposes that our client has collected your personal information, please refer to the privacy policy of the client or contact the property direct.

RMS also may from time to time have a need to access your personal information that has been collected and processed by our client. This will only ever occur when we are providing customer support services to our client and not for any other purpose.

Our clients may hold your personal information for as long as is reasonably necessary for the performance of the booking and for such time thereafter as they have a legal basis. In regard to any booking you have made with a client of RMS, you should consult the privacy policy of our client for the specifics of their data retention policy.

Does RMS share your data with third parties?

RMS itself does not disclose personal information for any purpose other than our employees, contractors or service providers needing to contact our clients, and then only to the extent reasonably necessary to fulfill our obligations to our client, or to comply with government or other regulatory requirement.

In order to support the use of the RMS services, your details may be shared with members of the RMS corporate family which act as service providers for RMS, including in relation to customer support services.

RMS may disclose personal information to third parties to comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities.

RMS may use service providers to process your personal data on our behalf. This processing is for several purposes, including sending out marketing material to the email address you provided when subscribing to RMS. Third party service providers shall either be bound by:

· Our data privacy policy or have similar obligations in relation to the storage and processing of personal information, or

· Confidentiality clauses and are not allowed to use your personal data for other purposes than instructed by RMS.

Customer Lists:

RMS does not disclose the personal information of our clients’ customers to any third parties. 

RMS does not sell or rent personal information.

Screenshots:

Screen shots used in demonstrations and examples in manuals, advertising or on our website do not include the details of any real person.

Customer References:

RMS will respond to requests from potential clients by providing names of selected clients as examples of where its products are used.

If referees are requested, RMS will contact existing customers to obtain agreement before releasing contact details.

Third Party Integrations:

Different parties integrated into the RMS services in a number of ways and for various reasons. RMS acts as the data processor for our clients and any personal information disclosed by and through these integrations is done so at the direction of and is the responsibility of our client.

How does RMS treat personal data of children?

RMS is a service provider and data processer to our clients. RMS services are not designed or directed at children. Our client’s will set their own policy for who can make a booking on the client’s website using the RMS online booking engine. An RMS client may, as part of an online booking, collect and process the information of children only as provided by the parent or guardian or with their consent. If an RMS client becomes aware that they processed information of a child without the valid consent of a parent or guardian, they may reserve the right to delete it.

International transfers of personal data

RMS may transfer your personal information to our group companies or service providers based outside of the European Economic Area (“EEA”) for the purposes described in this policy.  Personal information transferred outside the EEA will be subject to appropriate safeguards set out in the law including the use of model contract terms approved by regulators.

RMS may process and store data in the cloud using services from IBM Cloud, Microsoft Azure, and Amazon Web Services. You acknowledge that these cloud service providers may process and store personal information in a jurisdiction that may have different privacy and data security protections from those of your own jurisdiction. 

RMS Marketing

RMS will from time to time market to its clients. You have the right to ask us to stop processing your personal information for marketing purposes. You can unsubscribe from emails by clicking the unsubscribe link on the footer of the email communication you have received.  You can also exercise the right at any time by contacting us on the details set out in the “Contact Us” section of our website to amend your marketing communication preferences.

Right to review personal information

RMS Clients

RMS clients have the right to review the personal information we hold about you. You can request an overview of your personal data by emailing us to the email address stated below.  

Before providing personal information to you or another person on your behalf, we may ask for proof of identity.

If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.

We rely on you to ensure that your personal data is complete, accurate and current. Please do inform us promptly of any changes to or inaccuracies of to your personal data. 

You have the right to object to us processing your personal information or to delete your personal information or have its processing restricted in certain circumstances.

Customers of RMS Clients

The rights of customers of RMS Client’s to review the personal information our client holds about you, to amend the personal information, to restrict the processing of the personal information and to delete your personal information is governed by regulations in place in your jurisdiction and the privacy policy of the RMS Client. 

Please contact the property direct and/or the relevant regulator if you have any queries in this regard.

RMS as the service provider and data processor has provided functionality to our clients to review customer personal information, restrict certain processing and to delete the personal information.  The use of that functionality is the responsibility of the RMS client who is the controller of that data.

RMS is also able to provide our clients with functionality where you may view the personal information held about you and make corrections to your personal information yourself.

Where your personal information is processed by an RMS client on the basis of your consent, you may be entitled to withdraw that consent at any time subject to applicable law. Moreover, where an RMS client processes your personal data based on legitimate interest or the public interest, you may, subject to applicable law have the right to object at any time to that use of your personal data when no opt-out mechanism is available to you. 

Please contact the property direct and/or the relevant regulator if you have any queries in this regard.

Security

RMS has implemented reasonable measures designed to secure personal information from accidental loss from unauthorized access, use, alteration and disclosure. RMS encrypts data in transmission and at rest, and all access to computer hardware containing personal information is password protected. Staff access to personal information is given on a need to know basis only.

RMS Clients have access to their customers’ personal information. RMS Clients are the data controllers for their data. RMS is not responsible for the security standards of RMS Client’s. RMS services provide the client with functionality to restrict access to data.

If you have any questions relating to security at an RMS client please contact the property direct.

Internet Transmission

No data transmission over the Internet can be guaranteed to be secure. While RMS will endeavour to protect customer information, it cannot guarantee the security of any information any person may transmit when they access its website.

Even though RMS encrypts data transmitted over the Internet, it still cannot guarantee data transmitted cannot be unencrypted by persons with nefarious intentions. Nonetheless, the likelihood of this occurring is extremely low.

Remote Access

Remote access to customers’ databases is needed to provide an efficient and rapid response to requests for assistance.

RMS staff will only connect to a customer’s data with the full knowledge of the customer and will advise when connection is terminated.

Cookies

Cookies may be placed on your computer or internet-enabled device whenever you visit RMS online booking pages. This allows the site to remember your computer or device and serves a number of purposes. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu).

You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of the features. Cookies by themselves do not tell us your email address or otherwise identify you personally.

Cookies are only used by online booking pages provided by RMS to improve the online booking process. By remembering the preferences of visitors to the online booking pages RMS streamline the reservation process.

Cookies are used for no other process and the information pertaining to them are not shared with any other person or entity.

Complaints

If you have any questions regarding this policy, or if you think your privacy has been breached, please email us at privacyofficer@rmscloud.com.

Our team members will acknowledge receipt of your complaint within 72 hours, and will normally respond to your request within 10 business days. If your complaint is complicated or requires further investigation our response may take additional time to finalise.

We will respond to you by email or telephone.

RMS Member Companies

This Privacy Policy applies to the following:

· RMS Global Pty Ltd, a company registered in Australia.

· RMS (Aust) Pty Ltd, a company registered in Australia.

· RMS Europe Ltd, a company registered in the United Kingdom.

· RMS Cloud North America LLC, a company registered in Delaware, United States.

· RMS Hospitality Pte Ltd, a company registered in Singapore.

· RMSCloud Software Private Ltd, a company registered in India.

· RMS International FZE, a company registered in United Arab Emirates

Change of Ownership

In the event of a Change of Ownership which uses RMS Property Management Software, we require both the outgoing and incoming owners to complete and sign the Change of Ownership form.  

To download a copy of the form please Click Here

If you need any assistance, please contact RMS Accounts Department on (03) 8399 9462

Please return the completed form: 

• Email: accounts@rmscloud.com
  

• Fax: (03) 9331 7323

RMS Pay Services Terms and Conditions.

Release 01/06/2025

Background

1. RMS provides the RMS Pay Services
2. The Merchant wishes to acquire the RMS Pay Services from RMS
3. RMS shall provide the RMS Pay Services in collaboration with a Licensed Financial Services Provider to authorize transactions and affect financial settlement of transactions between End Users and Merchants.
4. The parties wish to enter into this Agreement governing the terms upon which RMS will provide the Merchant the RMS Pay Services.

Agreement

1. Defined terms & interpretation

1.1 Defined terms

In this agreement capitalised terms shall have the meaning set out below unless the context otherwise required :

Acquirer means a Licensed Financial Services Provider that acquires and processes payment transactions on behalf of RMS Pay Services and its Merchants, and settles funds received from the Issuer either under its own arrangements with the Merchant or as instructed by RMS Pay Services.

Agreement means a contract between RMS and the Merchant for the provision of the RMS Pay Services and incudes by reference any Sales Order Form executed by the Merchant, schedules and annexures and any document specifically referred as part of this Agreement including any referred policies.

Authorised User means any person nominated by the Merchant who is authorised to access and use the RMS Pay Services.

Card Schemes refer to the organizations that establish the rules, standards, and processes for payment card transactions. They facilitate the transfer of payment information between financial institutions, Merchants, and End Users. These organizations oversee the use of credit, debit, and prepaid cards issued by financial institutions for end user payments. Card Schemes ensure that payment card transactions are processed securely and efficiently, setting terms for fees, transaction methods, and compliance standards. They also provide services such as fraud prevention and dispute resolution

Confidential Information includes all information exchanged between the parties to this Agreement, whether in writing, electronically or orally, in relation to the RMS System and the RMS Pay Service that is marked confidential or should have been reasonably understood by the disclosing party to be confidential, but does not include information which is, or becomes, publicly available other than through unauthorized disclosure by the other party.

Consequential loss means any loss or damage which, although in the contemplation of the parties at the time they entered into this Agreement, is not a loss or damage which may fairly and reasonably be considered to arise naturally (that is, in the usual course of things) from the breach or other act or omissions (including loss of contract, business opportunity, profit or anticipated profit, or any other loss of a similar nature). 

Data Breach means any unauthorised access to, use or disclosure of Personal Information held by or on behalf of the Merchant.

End User means a Person that is a customer of the Merchant and conducts transactions with the Merchant.

End User Data refers to any sensitive payment-related information associated with an individual or entity initiating a transaction, including but not limited to cardholder data such as credit card or debit card numbers, cardholder name, expiration date, and security codes; bank account details, including account numbers, routing numbers, IBANs, or any other identifiers used for direct debit or electronic fund transfers; digital wallet credentials, such as tokenized payment data or authentication keys; and any personal or financial information used to authenticate, authorize, or complete an electronic payment transaction..

Fees means those fees and charges payable to RMS for the provision of the RMS Pay Services as set out in the Sales Order or corresponding to the RMS Pay Services selected subsequently by the Merchant and pursuant to clause 4 of this agreement.

Force Majeure Event means an event or series of related events that is outside the reasonable control of either party occurring without the fault or negligence of either party and could not have been prevented through the exercise of reasonable diligence. This includes, but is not limited to, failures of the internet or any public telecommunications network or third-party payment network disruptions, hacker attacks, denial of service attacks, power failures, industrial disputes involving third parties, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars.

Go Live Date means the date you request for the RMS Pay Service specified in the Sales Order Form to be available to you and the effective date for invoicing of the Fees.

Intellectual Property Right means any patent, trademark, service mark, copyright, moral right, right in a design, know-how and any other intellectual or industrial property rights, whether registered or unregistered in any jurisdiction worldwide.

Issuer means a financial institution or an authorised Payment Scheme participant that issues a payment method used by an End User to conduct transactions with a Merchant. The Issuer facilitates the transfer of monetary value to the Licensed Financial Services Provider on account for the settlement of transactions.

Licensed Financial Services Provider means an Acquirer licensed under relevant financial services laws to provide financial services and facilitate financial settlement between Merchants and End Users.

Merchant means a hospitality business that is a customer of RMS that subscribes to receive RMS Pay Services in addition to the other services offered by RMS.

Merchant Data means any data and materials inputted by the Merchant into the RMS System or stored by the RMS Pay Service or generated by the RMS Pay Service as a result of the Merchant’s use of the RMS Pay Service.

Moral Rights means any moral rights including the rights described in Article 6bis of the Berne Convention for Protection of Literary and Artistic Works 1886 (as amended and revised from time to time), being “droit moral” or other analogous rights arising under any statute that exists or that may come to exist, anywhere in the world.

Party or parties means a party or parties to this Agreement, its successors and assigns or any person acting on behalf of and with the authority of the parties to this Agreement.

Pass-Through Fees mean fees collected by RMS Cloud and remitted to third parties, such as card network interchange fees

Payment Scheme means a regulated framework of participating institutions including Acquirers and Issuers, that facilitates the transfer funds and settlement of transactions. Under this framework, Acquirers act on behalf of Merchants and Issuers on behalf of End Users.

Person means natural person, corporate entity, trust or any other legally recognised and or registered business structure.

PCI DSS means the series of specific Data Security Standards (DSS) that the PCI Security Standards Council (PCI SSC) defines and are applicable to all merchants, regardless of revenue and credit card transaction volumes.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. Depending on the context, it includes any financial information of that individual regardless of:

(a)whether the information or opinion is true or not; and

(b)whether the information or opinion is recorded in a material form or not.

Privacy Law means any applicable privacy laws, industry codes, or enforceable policies governing the handling of Personal Information in the jurisdiction where the RMS Pay Services are provided.

RMS means the registered business entity of RMS referenced in the Sales Order or other document that forms part of this Agreement or any of its associate and or related companies, delegates and or subcontractors that RMS uses for the purpose of providing the RMS Pay Services.

RMS Cloud means a a proprietary cloud-based property management system owned, offered and managed by RMS as a SaaS solution, to which the Merchant subscribes.

RMS Pay Services means the payment acquiring, settlement and transaction data management, services provided by RMS Cloud to the Merchant as set out in the Sales Order and further detailed in Clause 3..

RMS System means a proprietary cloud-based electronic property and booking management system including software which the Merchant accesses to utilise the RMS Pay Service and other services provided by RMS Cloud.

Sales Order means any document, including one completed online, that records the RMS Pay Services ordered or amended by the Merchant and the relevant Fees. It may also reference applicable terms and conditions, including those available online, relating to the use of RMS Pay Services and the purchase terms for Terminals, where applicable.

Support Services means support in relation to the use of the RMS Pay Service, including the identification and resolution of issues or technical faults. It does not include the provision of training services.

Schedules means each of the schedules annexed to this agreement.

Tax means any applicable tax relating to the provision of the RMS Pay Services by RMS Cloud including but not limited to any consumption tax, sales tax, goods and services tax, value added tax and any tax imposed under applicable legislation or regulation in the jurisdiction where the RMS Pay Services are provided.

Token means an encrypted electronic file that;

1. contains End User payment details such as card information and payment data;
2. is issued by the Licensed Financial Services Provider to the Merchant in a non-readable format;
3. is readable and decryptable solely by the Licensed Financial Services Provider; and
4. the Merchant can utilise by instructing the Licensed Financial Services Provider to initiate payment processing and settlement for transactions conducted by an End User; and is decrypted and used by the Licensed Financial Services Provider to settle transactions owed to the Merchant.

1.2 Interpretation

In this agreement, unless the contrary intention appears:

(a) headings are for ease of reference and do not affect the meaning of this agreement;

(b) the singular includes the plural and vice versa and a gender includes another gender;

(c)other grammatical forms of defined words have corresponding meanings;

(d) a reference to:

(i) the Information table; or

(ii) a clause, paragraph, schedule, or annexure, is to:

(iii) the Information table, in;

(iv) a clause or paragraph of; or

(v) a schedule or annexure to,this agreement;

(e) a reference to this agreement includes the Information table and any other schedule or annexure;

(f) a reference to this agreement or any other document includes any modifications, amendments, novations or replacements that may occur over time;

(g) a reference to a party includes a reference to that party's executors, administrators, successors and permitted assigns;

(h) a reference to a statute, ordinance, code or other law includes any related rules made under it, as well as any updates, changes, replacements, or new versions of that law over time.;

(i) an agreement, representation or warranty in favour of two or more persons is in favour of them jointly and severally;

(j) an agreement, representation or warranty made by two or more persons binds them jointly and severally;

(k) The use of ‘including’ or ‘such as’ in relation to a list of items is illustrative and does not limit the scope of the general term to those items or to items of a similar nature; and

(l) no provision of this agreement will be construed against a party because that party was responsible for the preparation of this Agreement or that provision.

2. Commencement

This agreement begins on the date agreed by the parties as set out in the Sales Order and will continue in operation until terminated in accordance with Clause 6.

3. The RMS Pay Services

3.1 Terms of Engagement

The Merchant appoints RMS Cloud as its provider of the RMS Pay Services, and RMS Cloud accepts the appointment and agrees to provide the RMS Pay Services to the Merchant, in accordance with the Sales Order and terms and conditions of this Agreement.

3.2 Nature of the RMS Pay Services and the use of a Token

(a) Without limiting the definition of RMS Pay Services and the provisions of the Sale Order, the RMS Pay Services entails a cloud-based service utilising the RMS System that includes (amongst other things);

(i) enables the transfer of transactional information between the Licensed Financial Services Provider on behalf of its Merchants to Issuers acting on behalf of End Users;

(ii) enables the transfer of transactional data and settlement reports from the Licensed Financial Services Provider to Merchants;

(iii) synchronise the transactional and settlement data in a manner that each Merchant can access their relevant transactional and settlement data enabling them to reconcile their records accurately; and

(iv) Enables the issuance and use of Tokens by a Licensed Financial Services Provider through the RMS System to allow Merchants to communicate with the Licensed Financial Services Provider to initiate the settlement process.

(b) Issuing and using of Token:

For the purposes of this Agreement;

(i) A Token will be issued by a Licensed Financial Services Provider and used by that provider to process transactions on behalf of Merchants;

(ii) the Token contains encrypted payment data that End Users used to initiate a payment transaction with a Merchant;

(iii) Only a Licensed Financial Services Provider will have the ability to decrypt an encrypted Token; RMS Cloud, the RMS System, and RMS Pay Services will not have the capability to do so;

(iv) Merchants can use the RMS System to send a payment request to a Licensed Financial Services Provider, either at their discretion or based on the rules and settings they have created in the RMS System;

(v) on request from a Merchant, a Licensed Financial Services Provider will decrypt the payment information in the Token and initiate settlement of monetary value for the Merchant for transactions conducted by End Users;

(vi) a Licensed Financial Services Provider will communicate with Issuers to receive monetary value for Merchants.

3.3 Other third parties involved: Licensed Financial Services Providers

(a) RMS entered into arrangements with Licensed Financial Services Providers who hold the necessary licenses and permits in the relevant jurisdictions to provide financial services, process and affect settlement of transactions with Issuers for the benefit of Merchants.

(b) The Licensed Financial Services Providers have entered into commercial arrangements with participants of the relevant Payment Scheme, including Issuers, and hold the necessary systems and regulatory authority to process and settle payment transactions initiated by End Users.

(c) RMS Cloud facilitates and enables the receipt of services by the Merchant from the Licensed Financial Services Providers and supports any onboarding requirements the Licensed Financial Services Provider may require of the Merchant from time to time. If requested by the Licensed Financial Services Provider, the Merchant may be required to review and agree to the Licensed Financial Services Provider’s terms and conditions of service.

3.4 RMS Pay Services Enrolment and Integration

(a) The Merchant must execute a Sales Order or other document outlining the RMS Pay Services to be provided, the associated Fees, payment terms and the Merchant’s acceptance of the terms and conditions set forth herein.

3.5Merchant Relationship to Licensed Financial Services Provider

• To provide the RMS Pay Services to Merchants, a Licensed Financial Services Provider will act as the Acquirer of record for the Payment Schemes and may, in certain jurisdictions, leverage the acquiring license of its local acquiring partner. The Payment Scheme rules may require a direct contractual relationship between the Merchant and the formal Acquirer. For that reason, Merchants may be required to accept specific acquirer terms and conditions to formally acknowledge the Acquirer for transactions processed through the RMS Pay Services. RMS Pay Services will, in the case of a Licensed Financial Services Provider or where they have leveraged the acquiring license of its local acquiring partner to provide the RMS Pay Services, remain fully end-to-end responsible for the provision of services to the Merchant and will serve as the principle point of contact for all RMS Pay Services. No separate fees will be due by Merchant to such acquiring partner.

• In certain jurisdictions where a direct relationship is formed between the Merchant and the Acquirer as described in clause 3.5(a) , the Merchant may also receive, as applicable to that jurisdiction, disclosure documents such as a financial guide and product disclosure statement to assist the Merchant to understand the terms of service.
• Certain jurisdictions may require the Licensed Financial Services Provider to hold Merchant funds separately from their own funds. This typically applies to funds received as settlement for processed payment transactions that have not been settled to the Merchant or any other party by the end of the same business day. The separation of funds may involve holding Merchant funds in trust for the Merchant in a separate account at a licensed bank in the relevant jurisdiction, distinct from the bank account of the Licensed Financial Services Provider, or in a separate legal entity. Depending on the jurisdiction’s requirements these funds may be comingled with similar funds belonging to other merchants and held on an omnibus basis. These safeguarding measures are designed to protect Merchants funds from the creditors of the Licensed Financial Services Provider. However, these requirements do not apply in all jurisdictions, and the Merchant may inquire with RMS Pay Services to confirm which, if any, measures are applicable to their jurisdiction.

3.6 Ownership of equipment and licencing

(a) As part of the RMS Pay Services, the Merchant may order and purchase from RMS devices that enable electronic transactions to be conducted by End Users (Terminals).

(b) The Merchant acknowledges and agrees that the purchasing transaction of the Terminals is a separate and distinct transaction to the receipt of the RMS Pay Services.

(c) The Merchant will either purchase the terminals outright or acquire them through instalment payments as specified in this Agreement, with such payments commencing in the month following delivery and installation of the Terminals and with such payment terms surviving the termination or expiration of this Agreement.

(d)_ Until the Terminals are paid in full, the terminals installed at the Merchant ’s premises are owned by RMS. RMS hereby grants the Merchant a non-transferable, non-exclusive License to use the Terminals and any software installed onto the Terminals for the sole purpose of receiving the RMS Pay Services.

(e) RMS is entitled to recover any outstanding instalment payments for the Terminals from funds held pending settlement to the Merchant by the Licensed Financial Services Provider, prior to such funds being released to the Merchant.

(e) When the agreement for the purchase of the Terminals is complete and the Terminals are paid in full, ownership to the Terminals shall pass onto the Merchant without the need for any conveyance or formal documentation.

3.7 Cooperation by the Merchant

The Merchant must provide RMS with such information, resources, cooperation and authorities that RMS reasonably requires to perform the RMS Pay Services

3.8Non-Transferability of RMS Pay Service

• The RMS Pay Services are provided exclusively to the Merchant named in this Agreement and are specific to the Merchant’s business identified therein. The Merchant account associated with the RMS Pay Services is not transferable to any other party.
• If the Merchant sells, transfers ownership, or delegates management of the business to a third party, the new owner or manager must execute a new agreement with RMS Cloud to establish their own Merchant account for the RMS Pay Services. The existing Merchant account shall not extend to such new owner or manager.
• The Merchant shall promptly notify RMS Cloud in writing of any sale, transfer of ownership, or change in management of the business, including the effective date of such change. Should the Merchant fail to provide such notice at the time of transfer, the Merchant shall remain solely liable for all transactions processed through the RMS Pay Services by the new owner or manager that are settled into the Merchant’s bank account.

3.9Default Risk Management Compliance

This section is applicable solely when RMS bears the Merchant’s default risk and does not apply if the Licensed Financial Services Provider assumes such risk.

• The Merchant shall comply with RMS’ default risk management policies, as updated from time to time, to ensure the secure and reliable operation of the RMS Pay Services, including transaction processing via the Licensed Financial Services Provider and the use of the RMS System for guest booking and payment management.
• The Merchant, as owner of the guest booking and payment information within the RMS System, consents to RMS monitoring such information solely for the purpose of assessing and managing default risk under this Agreement.
• RMS Cloud may implement transaction restrictions within the RMS System as part of its default risk management policies, including but not limited to controls on transaction amounts, timing, or other transaction parameters to manage default risk and exposure, and such restrictions, if any, shall be advised to the Merchant.
• The Merchant shall promptly provide RMS with financial information, transaction data, or other documentation reasonably requested to assess and manage default risk under these policies and software restrictions, beyond the information already available through the RMS System.
• If RMS Cloud determines, in its reasonable discretion, that the Merchant’s default risk profile exceeds the thresholds set in the default risk management policies, RMS Cloud may take one or more of the following actions:

(i) Require the Merchant to provide additional security (e.g., a deposit, rolling reserve or bank guarantee) to mitigate transaction processing risks.

(ii) Instruct the Licensed Financial Services Provider to adjust settlement terms, including delaying or withholding funds pending risk resolution; or

(iii) Suspend or restrict the Merchant’s access to the RMS Pay Services or specific features of the RMS System until compliance is restored

• The Merchant acknowledges that failure to comply with RMS Cloud’s default risk management policies, including transaction restrictions imposed through the RMS System, may result in RMS directing the Licensed Financial Services Provider to withhold funds pending settlement until such compliance is achieved.

3.10 RMS Cloud Warranties

RMS Cloud warrants to the Merchant that, in connection with the provision of the RMS Pay Services:

(a) It is legally able to enter into this Agreement;

(b) it is authorised by the Licensed Financial Services Provider to integrate its payment services with the RMS System;

(c) It will comply all laws as they are applicable to the RMS Pay Services;

(d) It will use reasonable skill and diligence;

(e) The use of the RMS System and any documentation in accordance with this Agreement will not result in a breach of any law or mandatory code of conduct;

(f) the provision of the RMS Pay Services to the Merchant and the use of any documentation by the Merchant , will not:

(i) infringe any person’s rights (including Intellectual Property Rights and Moral Rights); or

(ii) constitute a misuse of any person’s Confidential Information.

(g) It will safeguard Merchant data by maintaining industry-standard policies and procedures including a robust data backup system, to prevent data loss in connection with the RMS Pay services.

3.11 Merchant Warranties

The Merchant warrants to RMS Cloud that, in connection with the provision of the RMS Pay Services:

• It is responsible for obtaining and maintaining all equipment, computer hardware and software and all telecommunications services necessary to access and use the RMS Pay Services;
• It will use the RMS Pay Services solely for the hospitality-related purposes authorized by RMS Cloud or the Licensed Financial Services Provider during the onboarding process and for no other purpose
• It will take all reasonable precautions to ensure the security of access to the RMS Pay Services and must not, under any circumstances, allow any third party or any person other than an Authorised User to access or use the RMS Pay Services for any purpose without the prior written consent of RMS Cloud.
• It will immediately notify RMS Cloud in writing if it becomes aware of any unauthorised use of the RMS Pay Services by any person.
• It will not use the RMS Pay Services in any way that will contravene any legal or regulatory provision.

4. Fees

4.1 Basis of Fees

• In return for the provision of the RMS Pay Services by RMS Cloud, the Merchant agrees to pay the Fees as set out in the Sales Order or other documents forming part of this Agreement in the manner and timing set out therein.
• Fees charged by RMS Cloud, such as bundled or inclusive fees, include all applicable third-party charges, including those imposed by the Licensed Financial Services Provider and any Pass-Through Fees. Where fees are structured on an interchange-based pricing model, the Merchant will be charged the Pass-Through Fees in addition to a separate RMS Pay Services Fee.

4.2 Invoicing and Payment

(a) The Fees shall be invoiced to the Merchant in arrears for each billing period for the amount and frequency as set out in the Sales Order. Unless agreed or advised otherwise by RMS, any settlement of Fees to RMS Cloud is done on a net pay basis which means that all Fees are paid to RMS Cloud as part of the settlement of transactions.

(b) Without limiting the provisions of clause 4.2(a) the Merchant acknowledges that not all fees are capable of being settled on a net transaction basis and that RMS Cloud may invoice separately and in arrears any additional fees owed to RMS Cloud as listed on the Sales Order or any other documents that form this Agreement and may be net settled against Merchant funds due for settlement by the Licensed Financial Services Partner.

(c) RMS Cloud may, at its sole discretion, agree to settle certain fees with the Merchant following the settlement of End User transactions.

(d) RMS Cloud invoices will be generated electronically and transmitted by email or other electronic means.

4.3. TAX

(a) Unless otherwise expressly stated in this Agreement, prices or other sums payable or consideration to be provided under or in accordance with this Agreement are exclusive of Taxes.

(b) If a party makes a taxable supply under or in connection with this Agreement, the other party must pay to the supplier at the same time, and in addition to the tax exclusive consideration, an amount equal to any applicable Tax payable on that supply.

(c) RMS Cloud must, as a condition to the payment of Tax under clause 4.3(b), give the Merchant an invoice detailing any Fees paid and any taxes paid and such information as prescribed in the relevant tax law from time to time.

(d) If an adjustment event arises in connection with a supply made under this Agreement, the supplier must give the other party an adjustment note in accordance with the applicable tax law.

(e) If this Agreement requires one party to pay for, reimburse or contribute to any expense, loss or outgoing suffered or incurred by the other party, the amount required to be paid, reimbursed or contributed by the first party will be reduced by the amount of any value-added tax, sales tax or similar tax credits (if any) to which the other party is entitled in respect of the reimbursable expense.

4.4 Variation of Fees

• RMS Cloud may, at its sole discretion, adjust the fees for the RMS Pay Services by providing the Merchant with at least 30 days’ prior notice, which may be sent by email to the email address provided by the Merchant under this Agreement. Adjusted fees shall take effect upon expiration of the notice period.
• If a fee adjustment arises exclusively from increases in third-party costs, such as interchange or other fees imposed by Visa, Mastercard, or applicable Payment Schemes, the Merchant may terminate the RMS Pay Services without penalty if the cumulative increase exceeds five percent (5%) of the total Fees previously payable by the Merchant in any rolling twelve (12) month period immediately preceding the date of the proposed Fee increase, by providing notice in accordance with clause 6.3(b). For increases below this threshold, the Merchant shall have no right to terminate the RMS Pay Services based solely on that adjustment.
• If a fee adjustment constitutes a material change pursuant to Clause 6.3(b) (excluding third-party cost adjustments), the Merchant may terminate the RMS Pay Services without penalty, subject to the provisions of Clause 6.3(b) (Notice) and Clause 6.4(c) (d) and (e) (Payment for Terminal Equipment).

4.5 Merchant Liabilities

1. The Merchant shall be solely responsible for all chargebacks, refunds, reversals, or any other liabilities arising from the use of RMS Pay Services, including but not limited to fraud, unauthorized transactions, or disputes initiated by End Users or Payment Schemes. These liabilities shall be to the Merchant’s account and deducted from the Merchant’s settlement funds.
2. The Merchant agrees that RMS Cloud and the Licensed Financial Services Provider shall have the right to withhold, offset, or deduct amounts from any settlement funds due to the Merchant to cover any chargebacks, refunds, or other related liabilities.
3. If the Merchant’s settlement funds are insufficient to cover outstanding chargebacks, refunds, or liabilities, the Merchant agrees to pay RMS Cloud the outstanding amount upon demand.
4. The Merchant acknowledges that Payment Schemes (including Visa, Mastercard, or other applicable networks) may impose additional fees, penalties, or fines for excessive chargebacks, fraud, or non-compliance with chargeback thresholds. These fees are levied at the discretion of the Payment Schemes and may not be specified in the Sales Order or other documents that form this Agreement. The Merchant agrees to pay such fees in full, and RMS Cloud shall have the right to deduct these fees from the Merchant’s settlement funds or invoice the Merchant separately.
5. RMS Cloud reserves the right to impose additional risk-mitigation measures, including but not limited to reserves, rolling reserves, delayed settlements, or transaction monitoring requirements, in the event the Merchant exceeds acceptable chargeback levels or is deemed high-risk by a Payment Scheme or the Licensed Financial Services Provider.

5. Availability of the RMS Pay Services

1. The Merchant acknowledges that the RMS Pay Services rely on the systems and connectivity of the Licensed Financial Services Provider for their uptime and functionality. In the event of downtime in the Licensed Financial Services Provider’s systems, the RMS Pay Services may lose connectivity, preventing transaction processing and access to settlement data until such systems are restored.
2. The Merchant shall promptly notify RMS Cloud of any difficulties encountered with the RMS Pay Services as soon as reasonably practicable after detection.
3. RMS Cloud will use its best efforts to ensure the RMS Pay Service System remains operational, subject to any issues affecting RMS Cloud’s own systems.
4. Without limiting the provisions of clause 10 dealing with Force Majeure, RMS Cloud shall not be liable for any loss, damage, or disruption arising from downtime or unavailability of the RMS Pay Services or the Licensed Financial Services Provider’s systems, if the unavailability or downtime is beyond the direct or indirect control of RMS Cloud and the Merchant hereby releases RMS Cloud from all liability related to such events.

6. Breach>andtermination of this agreement

6.1 How a party breaches this agreement

A party breaches this agreement if:

(a) the party fails to comply with any term of this Agreement (including its Schedules) and failed to remedy the breach within 5 calendar days if the breach involves a payment obligation or for other breaches 20 calendar days following receipt of notice from the other party specifying the breach and requiring its remedy;

(b) the party, being an individual, becomes bankrupt or commits an act of bankruptcy or brings his or her estate within the operation of any law relating to bankruptcy;

(c) the party is a corporation and:

(i) the corporation is wound up; or

(ii) an administrator, a receiver, liquidator, a manager or an inspector is appointed in respect of the party;

(iii) a similar process is entered by the corporation that amounts to an arrangement with creditors or government agencies concerning its liabilities; or

(d) the interest of the party under this agreement is attached to or taken in any legal process.

6.2 Termination for cause

(a) If a party breaches this agreement under clause 6.1 and, within the time frame specified in clause 6.1 having received a written notice from the other party specifying the breach:

(i) the breach is not remedied if it is capable of being remedied; or

(ii) the breaching party does not compensate the other party in accordance with this agreement or to the other party's reasonable satisfaction if the breach is not capable of being remedied,

The non-breaching party may terminate this Agreement by written notice to the breaching party at any time up to the breach being remedied or compensation reasonably acceptable to the other party being paid.

6.3 The Merchant ’s right to terminate for convenience

• General Termination Right
• If the Merchant wishes to terminate this agreement for convenience during the Term, it must serve written notice on RMS Cloud stipulating the termination date (Termination for Convenience Date), which must be no earlier than thirty (30) Calendar Days after the notice was served.Termination Due to Material Change

If RMS Cloud makes a Material Change to this Agreement, including but not limited to:

• A fee increase (subject to Clause 4.4(b) (Third-party costs);
• A material modification to the RMS Pay Services that negatively impacts the Merchant’s ability to process payments; or
• Any other substantial amendment that materially increases the Merchant’s obligations or reduces its rights under this Agreement,

the Merchant may terminate this Agreement by providing written notice to RMS Cloud within 30 Calendar Days of receiving notice of the Material Change. Termination under this clause shall take effect no earlier than 30 Calendar Days after the Merchant’s notice, unless otherwise agreed.

• On the Merchant Termination for Convenience Date:

(a) RMS Cloud will cease providing the RMS Pay Services to the Merchant on the Termination for Convenience Date (or if otherwise agreed between the parties switch to a monthly use of services);

(b) RMS Cloud will finalise processing and transferring of information and data as required up to the Termination for Convenience Date;

(c) The Merchant will pay to RMS Cloud any outstanding Fees (and Taxes) for RMS Pay Services provided up to the Termination for Convenience Date;

(d) The Merchant will pay the remaining Fees (in accordance with the Sales Order or any other document forming part of this Agreement) pro-rata until the Termination for Convenience Date;

(e) The Merchant must pay any outstanding payment owing to RMS Cloud with respect to the Terminals it purchased on or before the Termination for Convenience Date. Terminal ownership will only be transferred to the Merchant when the Terminals are paid in full,

• If the Merchant terminates this Agreement for convenience pursuant to Clause 6.3(a) (General Termination Right), and a minimum Term is specified in the Sales Order or any other document forming part of this Agreement has not been fulfilled, the Merchant shall be liable to pay any applicable Early Termination Penalty as set out therein. The Early Termination Penalty, if any, shall be payable within 15 Calendar Days of the Termination for Convenience Date.

• RMS Cloud’s right to terminate for convenience

• If the Merchant has not paid a correctly rendered invoice in respect of a Fee within five (5) calendar days after the due date for payment, and has not by that time notified RMS Cloud that it disputes that invoice by setting out in writing the reasons why the Merchant considers that the invoice is not correctly rendered and identifying any amounts which are in dispute, RMS Cloud may issue a notice to the Merchant advising that:
  • Payment is overdue; and

• RMS Cloud may terminate the RMS Pay Services if payment or a valid dispute is not received within seven (7) calendar days of the Merchant receiving that notice

(b) If having received a notice under Clause 6.5(a) the Merchant fails to pay or dispute the invoice within seven (7) calendar days after receipt of that notice. RMS Cloud may terminate the RMS Pay Services.

(c) RMS Cloud may terminate or suspend the operation of this Agreement by issuing a written notice to the Merchant specifying a proposed termination date if RMS Cloud reasonably suspects Serious Misconduct by the Merchant. For the purposes of this clause, “Serious Misconduct” includes, but is not limited to:

• Fraudulent or illegal activity;
• Intentional misrepresentation;
• Misuse of RMS System or RMS Pay Services;
• Interference with RMS Cloud’s operations;
• Non-compliance with Licensed financial Services Partner terms and conditions;
• violations of applicable laws or regulations (including but not limited to data protection, PCI DSS, or anti-money laundering obligations); or
• conduct that, in RMS Cloud’s reasonable opinion, exposes RMS or its Licensed Financial Services Provider to material financial, legal, operational, or reputational risk.

RMS Cloud shall provide the Merchant with reasonable details of the suspected Serious Misconduct and the Merchant shall have five (5) calendar Days to respond and, if applicable, remedy the conduct to RMS Cloud’s reasonable satisfaction. If the Merchant fails to adequately remedy the misconduct within that timeframe, RMS may terminate this Agreement forthwith.

(d)_ The notice provisions of Clause 6.5(c) shall not apply if the basis for termination or suspension relates to a credit risk or any notice issued by a government or semi government agency relating to operational or credit risk of the Merchant as set out in clause 6.5(e).

(e) RMS Cloud may terminate or suspend the operation of this Agreement by issuing a written notice to the Merchant specifying a termination date if RMS Cloud determines, in its reasonable opinion, that the Merchant’s risk profile has become unacceptable. This may include, but is not limited to, increased fraud, excessive chargebacks, or activities posing significant financial, legal, or reputational risk to RMS or its Licensed Financial Services Provider or the issuing of a negative or adverse notice by a government authority to the Merchant.

(f) On termination, the Merchant must pay the remaining Fees (in accordance with the Sales Order) pro-rata until termination date.

(g) The Merchant must pay any outstanding payment owing to RMS Cloud with respect to the Terminals it purchased on or before termination date. Terminal ownership will only be transferred to the Merchant when the Terminals are paid in full.

(h) RMS Cloud may suspend the provision of all or part of the RMS Pay Services by written notice to the Merchant if a third-party claim, regulatory investigation, or legal proceeding is commenced against the Merchant in connection with its use of the RMS Pay Services, and RMS Cloud reasonably determines that continuing to provide the services may expose RMS Cloud or its Licensed Financial Services Provider to material legal, financial, or reputational risk.

Such suspension may continue until the relevant claim, investigation, or proceeding is resolved or sufficiently mitigated to RMS Cloud’s reasonable satisfaction.

• Post-Termination Obligations and Set-Off rights

for the avoidance of doubt, termination of this Agreement for any reason;

• does not affect or limit the Merchant ’s liability for payments for the Terminals as agreed with RMS Cloud; and
• does not limit or reduce in any way the Merchant’s liability or ongoing obligation to indemnify RMS Cloud for any chargebacks, refunds or other liabilities whether before or after the termination date.
• RMS Cloud may, at its sole discretion, deduct and set off any amounts due and payable by the Merchant to RMS Cloud under this Agreement, including but not limited to outstanding Fees, Early Termination Fees as set out in the Sales Order, chargebacks, refunds (including anticipated chargebacks and refunds), or any other liabilities, from amounts due to be settled by the Licensed Financial Services Partner to the Merchant’s bank account on or before the Termination Date.
• For the avoidance of doubt, if the amounts due to the Merchant from the Licensed Financial Services Partner are insufficient to cover the Merchant’s outstanding obligations to RMS Cloud, the Merchant shall remain liable for any remaining balance, which shall be payable within 15 calendar days of the Termination Date.

Any amounts withheld by RMS Cloud to cover anticipated chargebacks, refunds, or other liabilities shall be released to the Merchant via an instruction from RMS Cloud to the Licensed Financial Services Provider, to the extent that they exceed actual claims made by End Users within the 60-day period following the Termination Date.

6.7 Preservation of rights

Termination of this Agreement for any reason does not extinguish or otherwise affect any rights or remedies of either party accrued prior to termination, or any provisions of this Agreement that by their nature survive termination.

7. Dispute resolution

(a) Dispute resolution process

(i) If a dispute arises under this Agreement (Dispute), either party may at any time give written notice to the other, requesting that a meeting take place to seek to resolve the Dispute.

(ii) Nominated representatives of the parties must meet within ten (10) business days of the notice and endeavour to resolve the dispute in good faith. If such meeting does not take place after ten (10) business days following notice of the dispute, or if the dispute is not resolved by representatives of the parties within same time, then either party may refer the dispute to mediation in accordance with clause 7(b) (Mediation) below.

(iii) The parties must take the steps set out in this clause 7 (Dispute Resolution) to resolve any Dispute, before either party may commence court proceedings with respect to that Dispute, other than an interlocutory application.

(b) Mediation

(i) If the dispute is referred to mediation, then the mediation will be administered by an agreed upon mediator. If the parties cannot agree on a mediator within ten (10) business days (following referral to mediation), then RMS Cloud may (acting reasonably and in good faith) appoint a mediator from a recognised mediation service. The mediation shall take place at an agreed location, or if no agreement can be reached, at a location determined by the mediator.

(ii) Each party must bear its own costs in connection with the mediation and must share the fees and expenses of the mediator and mediation process equally, including any fees and expenses associated with the appointment of the mediator. The mediation process shall be confidential, and any information disclosed during mediation shall not be admissible in any subsequent proceedings, except as required by law.

(ii) If mediation fails, then either party may commence legal proceedings against the other.

(c) Continued performance

(i) Unless prevented by the nature of the dispute, the parties must continue to perform their obligations under this Agreement while trying to resolve the dispute.

(ii) Each party must use its best endeavours to ensure that where a dispute is reasonably foreseeable, it is dealt with at a sufficiently early stage to ensure that there is a minimum effect on the ability of either party to perform its obligations under this Agreement.

(iii) This clause 7 does not restrict or limit the right of either party to terminate this Agreement where this Agreement provides such right.

8. Indemnities
   • RMS Cloud will indemnify the Merchant against any amount Merchant is finally ordered to pay to a third-party by a Court of competent jurisdiction (or settlement agreed by RMS Cloud) which arises from a claim alleging that the Merchant (or its Authorised Users’) use of the RMS System or the RMS Pay Services in accordance with this Agreement infringes the Intellectual Property Rights of that third party (an Infringement Claim).
   • The Merchant shall indemnify RMS Cloud against any amounts RMS Cloud is required to pay to a third-party, whether pursuant to a final court order from a court of competent jurisdiction, a settlement agreed to by the Merchant, or any liability arising from:
     • a claim asserting that the Merchant’s system (excluding the RMS System) through its use of the RMS Pay Services, the RMS System, or both, to acquire transactions as permitted under this Agreement, causes the RMS Pay Services or the RMS System, through the Merchant’s integration, to infringe the Intellectual Property Rights or other legal rights of that third party; or
     • a chargeback, refund, or disputed transaction resulting from an End User-initiated transaction at the Merchant that was processed and acquired through the RMS Pay Services or
     • a liability incurred by RMS Cloud in providing the RMS Pay Services to the Merchant in compliance with this Agreement.

(c) If a party (the indemnified party) wishes to enforce an indemnity under this clause 8 (Indemnities) in relation to any third-party claim, it will:

(i) give notice to the other party (the indemnifying party) as soon as practicable, and provide all reasonable information and assistance requested by the indemnifying party, at the indemnifying party’s reasonable expense;

(ii) make no admissions in respect of the claim;

(iii) permit the indemnifying party, at the indemnifying party’s expense, to have sole control of the defence and all settlement negotiations and litigation, provided that the indemnifying party:

1. keeps the indemnified party informed of, and consults the indemnified party in connection with, the progress of the claim; and
2. will not consent to any admission of any liability of the indemnified party without the prior written approval of the indemnified party.

(d) In the event an Infringement Claim is brought, or in RMS Cloud’s reasonable opinion is likely to be brought:

• against the RMS Pay Services or RMS System, RMS Cloud may, at its option: (i) procure the right for the Merchant’s continued use of the RMS Pay Services or RMS System; (ii) replace or modify the RMS Pay Services or RMS System within a reasonable period of time with a non-infringing alternative having substantially equivalent performance; or (iii) if neither is reasonably practicable, require the Merchant to cease use of the infringing component of the RMS Pay Services or RMS System, in which case the Merchant and RMS Cloud will negotiate a reasonable reduction in Fees to reflect its removal, if feasible; or
• against the Merchant’s system (excluding the RMS System) through its use of the RMS Pay Services or RMS System, the Merchant must, at its own expense, promptly: (i) procure the right to continue using its system in a non-infringing manner; (ii) modify or replace its system with a non-infringing alternative that maintains compatibility with the RMS Pay Services and RMS System; or (iii) if neither is reasonably practicable, cease use of the infringing component of its system, with any resulting indemnification obligations governed by Clause 8(b)(i).
• The indemnification obligations set forth in this clause 8 (Indemnities) are the Merchant ’s exclusive remedy and RMS Cloud sole liability with respect to RMS Cloud’s infringement or misappropriation of any third-party Intellectual Property Rights of any kind
  
  

9. Liability

(a) Notwithstanding any other provision of this Agreement, or any other Agreement governing the use of the RMS System and except in the case of any breach of Intellectual Property Rights of a third-party party or Merchant ’s obligation to pay the Fees, and to the maximum extent permitted by law, the following limitations apply to the this Agreement (for the RMS Pay Services) for the duration of this Agreement and thereafter for any claim (whether in contract (including under an indemnity), tort (including negligence), under statute or otherwise):

(i) neither party (including any group member of RMS Cloud or their subcontractors) will be liable under this Agreement for any indirect, special, consequential, incidental, or punitive damages of any nature, including loss of profit or revenue, loss of reputation, loss of opportunity or business, loss of anticipated savings and or any loss of data, regardless of whether a party knew or should have known of the potential for such damages; and

(ii) each party’s (including any group member of RMS Cloud and any of its associated or related corporations or their subcontractors) maximum liability for any single event or series of related events giving rise to a claim under this Agreement will be limited to the greater of (i) the total amount of fees paid to RMS Cloud (excluding that portion of the fees that represent all pass-through fees levied by third-party payment schemes) during the three (3) months immediately preceding the date of the event or series of related events giving rise to the liability; or (ii) One thousand U.S. dollars (US$1,000) per Merchant entity affected by the event or series of events.

(b) Each party’s liability for loss or damage sustained by the other will be reduced proportionately to the extent that such loss or damage has been:

(i) caused by the other party's failure to comply with this Agreement; and/or

(ii) contributed to by the other party (including any failure by the party seeking damages, or claiming under any indemnity, to take all reasonable steps to mitigate any relevant loss or damage), regardless of whether the claim is for breach of contract or otherwise.

10. Force Majeure

Except for payment obligations, including but not limited to the Merchant’s obligations to pay Fees, chargebacks, refunds, reversals, or any other liabilities arising from the use of RMS Pay Services neither party will be liable to the other for delay or failure to perform its obligations under this Agreement if such delay or failure is caused by a Force Majeure Event.

11. Notices

All notices given by a party will be delivered to the other party either personally, via certified mail, email or overnight courier. Notices will be deemed effective, if delivered personally, when delivered; if delivered by email, when emailed to the address of the recipient as set out in Information Table (or to such address as subsequently amended by written notice to that recipient); and if delivered via certified mail or overnight courier, on confirmation of delivery

12. General Provisions

12.1 Intellectual Property

(a) RMS Cloud warrants that it owns or is authorised to use all applicable rights, title and interest in and to all Intellectual Property Rights embodied in or associated with the RMS Pay Services (“Materials”).

(b) for the duration of this Agreement, RMS Cloud grants the Merchant a personal, revocable, non-transferable, royalty-free licence to use the Materials for the purposes of the Merchant receiving the RMS Pay Services. 

(d) The Merchant agrees and acknowledges that nothing in this Agreement shall operate to assign or transfer any Intellectual Property Rights from RMS Cloud to the Merchant relating to the RMS Pay Services or the Terminals.

(e) RMS Cloud agrees and acknowledges that the Merchant owns the Merchant Data and all Intellectual Property Rights in the Merchant Data.

12.2 Acknowledgments

The Merchant acknowledges that:

• complex software is never wholly free from defects, errors and bugs and RMS Cloud gives no warranty or representation that the RMS Pay Service will be wholly free from defects, errors and bugs.
• RMS Cloud may (at its discretion) modify and update the RMS Pay Service and the RMS System (including the functionality, data formats and other matters relating to the RMS Pay Service, and the support service parameters) from time to time, so long as any such modifications do not substantially reduce the functionality or performance of the RMS Pay Service or the Merchant ’s ability to continue to use the RMS Pay Service in the manner contemplated by this Agreement;
• RMS Cloud may develop new functionality of or extensions to the RMS Pay Service, to which RMS Cloud may elect to make available to its customer base (including the Merchant) subject to payment of additional fees to acquire that new functionality /extension.

12.3 Confidentiality

The parties to this agreement must keep the terms of this agreement confidential and must ensure that their officers and employees keep the terms of this agreement confidential, save for any necessary disclosure to their respective legal and financial advisers and any disclosure required for a purpose related to this agreement or the performance of the rights or obligations of any party to it, or by law.

12.4 Privacy

If RMS Cloud accesses Personal Information through RMS Pay Services under this Agreement, RMS Cloud must:

• comply with applicable Privacy Laws related to payment processing;
• follow reasonable directions from the Merchant or a data protection authority regarding Personal Information processed via RMS Pay Services;
• notify the Merchant promptly of any breach of this Clause 12.4, Privacy Laws, a Data Breach, or a related complaint involving payment processing data, and assist the Merchant or authority in addressing it.

13.5 General Compliance

PCI DSS Compliance

(a) RMS Cloud maintains PCI DSS certification for its systems and software underlying the RMS Pay Services including the RMS System, through annual assessment by a Qualified Security Assessor (QSA) or self-assessment , as appropriate to its scope of services. This certification does not extend to the Merchant’s systems, infrastructure or processes. A current copy of RMS Cloud’s PCI DSS certification is available to the Merchant via the RMS website atwww.rmscloud.com/terms-and-conditionsor upon request to compliance@rmscloud.com.

(b) The RMS System and the RMS Pay Services are designed and implemented to operate with encrypted tokens to initiate End User transactions with Payment Schemes and do not receive, view, store, or have access to any unencrypted End User Data (e.g., cardholder data) that would enable unauthorized transactions.

(c) The Merchant acknowledges that while the RMS System and RMS Pay Services are PCI DSS certified, this does not render the Merchant PCI DSS compliant. The Merchant is solely responsible for ensuring that its own systems, processes, and handling of cardholder data - including any third-party integrations or use of the RMS API - comply with all applicable PCI DSS requirements and other applicable Payment Scheme Rules. This includes maintaining secure infrastructure, conducting required assessments (e.g., Self-Assessment Questionnaires or QSA audits) and implementing appropriate security controls.

(d) The Merchant agrees to indemnify and hold RMS Cloud harmless from any claims, fines, damages (subject to the limitations in Clause 9(a)(i)), losses or costs arising from the Merchant’s failure to comply with PCI DSS obligations. In accordance with Clause8, RMS Cloud agrees to indemnify the Merchant from any claims, fines, damages (subject to Clause 9(a)(i)), losses, or costs arising directly from RMS Cloud’s failure to maintain PCI DSS certification as required under Clause 13.5(a), provided the Merchant is otherwise compliant with this Agreement.

AML

The Merchant acknowledges that as part of the onboarding process with the Licensed Financial Services Provider, the Merchant must comply with the Licensed Financial Services Provider’s Anti Money Laundering processes and procedures. The Licensed Financial Services Provider will ensure compliance with any relevant anti money laundering laws.

RMS API

 Any Merchant using an Application Programming Interface made available by RMS Cloud (“RMS API”) to manage its own ecommerce site and acquire End User transactions for settlement through RMS Pay Services is solely responsible for ensuring its site remains fully compliant with PCI DSS and all other payment security regulations. The Merchant agrees to indemnify and hold RMS Cloud harmless from any claims, fines, damages (subject to Clause 9(a)(i)), losses or costs suffered, incurred or paid by RMS Cloud arising out of or in connection with:

• the Merchant’s use of the RMS API;
• any failure by the Merchant to comply with PCI DSS or other security regulations;
• any security breach, fraud or data compromise affecting the Merchant’s site or its End Users.

This indemnity survives the termination of this Agreement and applies to all liabilities incurred by RMS Cloud, whether arising during the period of this Agreement’s effectiveness or following its termination.

13.6 Relationship of parties

The parties agree that the relationship between the parties is one of independent contractor.  Nothing in this Agreement will be interpreted as creating the relationship of employer and employee, master and servant or principal and agent or a partnership between the parties.

13.7 Entire Agreement

This agreement together with any Licensed Financial RMS Pay Services Provider terms and conditions constitute the entire agreement between the parties in respect of its subject matter and supersedes all prior agreements representations negotiations and correspondence.

13.8 Legal Costs

Each party will bear their own legal costs and expenses in connection with the preparation, negotiation, execution and completion of this agreement.

13.9 Severability

If any provision of this agreement is held to be invalid or unenforceable in any way, the remaining provisions will not be affected, and this agreement will be interpreted so as to most nearly give effect to the intentions of the parties as it was originally signed.

13.10 No waiver

It is not a waiver of a breach of this agreement or of a party's rights under this agreement if that party:

(a) does not exercise or partly exercises or delays exercising a right;

(b) gives a concession to the other party or accepts a late payment; or

(c) attempts to mitigate its loss.

13.11 Modification

Except as otherwise provide in this Agreement for unilateral changes by RMS Cloud, the provisions of this agreement may only be changed by written agreement between the parties.

13.12 Governing law

This Agreement will be governed by the laws of the jurisdiction in which the registered business office of RMS is located. The parties agree to submit to the exclusive jurisdiction of the courts in that jurisdiction and any courts having jurisdiction to hear appeals from those courts and waives any right to object to any proceedings being brought in those courts.

13.13 Counterparts

This agreement may be entered into by the exchange of executed counterparts, which together comprise a fully executed agreement.

Schedule 1

Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") is entered into between:

Merchant (hereinafter "Controller"); and

RMS (hereinafter "Processor")

collectively referred to as the "Parties," with an effective date of the acceptance of the Sales Order or other document that form part of this Agreement.

This DPA forms an integral part of the RMS Pay Services Agreement, which is the Agreement defined in Clause 1.1 of the RMS Pay Services Terms and Conditions. In case of inconsistency between this DPA and the RMS Pay Services Terms and Conditions, the provisions of this DPA shall prevail.

1. Recitals

In order to comply with various data protection laws worldwide, the Processor must enter into this DPA with the Controller to govern the Processing of Personal Data on behalf of the Controller.

The Parties wish to define their data processing relationship accordingly.

1.1 Definitions and Interpretations

Unless otherwise defined in this DPA, the following terms shall have the meanings assigned to them under applicable data protection laws, including but not limited to the EU General Data Protection Regulation (EU GDPR), UK GDPR, Australian Privacy Act 1988 (Cth), Singapore Personal Data Protection Act (PDPA), and relevant U.S. laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• “Applicable Data Protection Laws” means all laws and regulations applicable to the Processing of Personal Data under this DPA, as listed in the opening paragraph of this Clause 1.1, including any other applicable data protection laws.
• "Controller" (or "Organisation", "APP Entity") means the entity that determines the purposes and means of the processing of Personal Data.
• "Processor" (or "Data Intermediary") means the entity that processes Personal Data on behalf of the Controller.
• "Data Subject" (or "individual") means the natural person to whom the Personal Data relates.
• "Personal Data" (or "Personal Information") means any information relating to an identified or identifiable natural person.
• "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, storage, alteration, retrieval, use, disclosure, or erasure.
• "Supervisory Authority" (or "Commission", "Commissioner", "Privacy Commissioner") refers to the relevant data protection authority under applicable law.
• "Services" means the RMS Pay Services provided by RMS entailing the processing of Personal Data in accordance with the Controller’s instructions.
• "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
• "Sub-Processor" means any third party engaged by the Processor to process Personal Data on its behalf.
• "Restricted Transfer" means any transfer of Personal Data to a country or territory outside the jurisdiction of the Controller that is not recognized as providing an adequate level of protection without appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions.
• “Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of Personal Data to third countries approved by the European Commission or other competent authority, as updated or replaced from time to time, or equivalent mechanisms under other applicable data protection laws.

2. Roles and Applicable Terms

Merchant as Data Controller: Determines the purposes and means of processing Personal Data, including data related to its customers or clients processed via RMS Pay Services.

RMS as Data Processor: Processes Personal Data on behalf of Controller, following Controller’s documented instructions, as outlined in this DPA and Annex 1.

Annexes Forming an Integral Part of this DPA
The following annexes are incorporated into and form an integral part of this Data Processing Agreement (DPA), as if fully set forth herein:

• Annex 1: Controller to Processor Terms
• Annex 2: Specific Local Requirements
• Annex 3: Description of Processing

Annex 1: Controller to Processor Terms

1. Scope of Processing and General Obligations

• Obligations: Controller decides which Personal Data categories are shared with Processor and ensures such sharing complies with Data Protection Laws.
• Processor shall Process Personal Data only per Controller’s documented instructions and to provide the Services, unless required otherwise by applicable law (Annex 3 describes processing activities).
• Both Parties shall comply with applicable Data Protection Laws.

Instructions: The RMS Pay services Terms and Conditions herein and this DPA constitute Controller’s instructions. Controller ensures these instructions are lawful; Processor must notify Controller if it believes an instruction violates Data Protection Laws, though Controller remains liable for its instructions.

Controller indemnifies Processor against claims arising from unlawful instructions.

Third Parties: Processor is not responsible for Personal Data processing by third parties (e.g., Payment Schemes and networks, payment gateway providers, payment processors including banks and other financial institutions) when directed by Controller.

2. Data Subject Requests

Processor has no direct relationship with Data Subjects or individuals and will direct them to Controller. If Processor receives requests, complaints, or legal demands regarding Personal Data, it will notify Controller promptly (unless prohibited by law) and only respond if authorized by Controller or required by law.

3. Data Location

Processor may store Personal Data in an applicable jurisdiction, provided that appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions, or other mechanisms required by Applicable Data Protection Laws. Data may be accessed by Processor’s employees or Sub-Processors globally, subject to these safeguards.

4. Security Obligations

Processor shall implement technical and organizational measures to ensure Personal Data security, aligning with Data Protection Laws and industry standards. These include:

• Preventing unauthorized access to systems.
• Ensuring authorized access is limited to need-to-know.
• Protecting data during transmission and storage.
• Logging access and changes.

Processor will conduct annual audits (e.g., SOC 2 Type II equivalent) and provide updated certificates to Controller upon request.

5. Personal Data Breach

Processor will notify Controller within 72 hours of any Personal Data Breach, detailing:

• Nature and scope of the breach.
• Contact point for further information.
• Likely consequences and mitigation measures.

Processor will assist Controller in addressing the breach to meet legal obligations.

6. Sub-Processors

Controller authorizes Processor to engage Sub-Processors (list available at https://www.rmscloud.com/terms-and-conditions#subprocessors. Processor will:

• Ensure Sub-Processors comply with data protection obligations materially equivalent to those in this agreement.
• Update the list at https://www.rmscloud.com/terms-and-conditions#subprocessors. promptly upon appointing or replacing Sub-Processors of comparable capability or standing, and review any reasonable objections raised by Controller in good faith.
• Remain fully responsible for the performance and compliance of its Sub-Processors.

7. Assistance

Processor will assist Controller with:

• Compliance with Data Protection Laws.
• Data Subject requests (e.g., access, deletion).
• Data protection impact assessments, where feasible given the nature of processing.

8. Indemnification

Processor will indemnify Controller against losses arising from breaches of this Data Processing Agreement (DPA) not attributable to Controller. This indemnity is subject to the limitations of liability set out in Clause 9 of the RMS Pay Services Terms and Conditions. Processor’s liability under this clause covers third-party claims and damages in connection with the Processing of Personal Data in accordance with this DPA.

9. Term and Termination

This Data Processing Agreement (DPA) shall take effect from the Effective Date of this Agreement and continues until the cessation of the Processor services, at which point this DPA will automatically terminate concurrently. Clauses intended by their nature to survive termination will remain in full force and effect.

Upon termination or expiration of this DPA, Processor shall, at Controller’s request, return or delete any Personal Data and provide written confirmation of such return or deletion. However, Processor is not obligated to delete Personal Data that has been provided to or is otherwise retained by the Licensed Financial Services Partner, where retention is required by applicable law or by Scheme Owners for payment transactions using their Payment Methods. In such cases, Processor will assist the Controller in identifying and communicating with the Licensed Financial Services Partner and will ensure that such Personal Data is only used and retained by the Licensed Financial Services Partner for lawful compliance purposes. Where deletion by the Processor is technically infeasible or unreasonably burdensome, pseudonymization is not permitted or supported by the Licensed Financial Services Partner, the Processor will inform the Controller and work with the Licensed Financial Services Partner to determine alternative legally compliant measures to protect the Personal Data from further processing, except for compliance purposes.

Annex 2: Specific Local Requirements

If applicable privacy laws apply including but not limited to:

• theCalifornia Consumer Privacy Act (CCPA),
• theCalifornia Privacy Rights Act (CPRA),
• theEuropean Union General Data Protection Regulation (EU GDPR),
• theUnited Kingdom General Data Protection Regulation (UK GDPR),
• theSingapore Personal Data Protection Act 2020 (PDPA), and
• theAustralian Privacy Act 1988 (Cth):

then the following terms shall apply:

• Processor will process Personal Data solely to provide the Services specified by Controller and will not 'sell' or 'share' such data as defined under applicable privacy laws worldwide.
• Processor will assist Controller with Data Subject requests (e.g., deletion requests) and, upon Controller’s request, return or delete Personal Data, to the extent it remains within the Processor’s systems. Where Personal Data has been provided to or is retained by the Licensed Financial Services Partner, Processor will assist the Controller in liaising with the Licensed Financial Services Partner to address such requests, subject to the Partner’s legal obligations and data retention requirements..

Annex 3: Description of Processing

The Processor acts on behalf of the Controller in accordance with the RMS Pay services Terms and Conditions, to process Personal Data, following Controller’s instructions, for the following purposes:

• Delivering the services under the RMS Pay Services Terms and Conditions, including:
• Processing payment transactions and related support services;
• Conducting fraud detection;
• Defending charge-backs;
• Providing access and reporting on payment transactions.

To initiate a payment, Processor may transmit payment details with the Licensed Financial Services Partner (LSP) who will have access to information containing Personal Data, depending on the payment methods selected by Controller and the services procured. Once transmitted, the LSP assumes responsibility for the processing and retention of such Personal Data under its own legal and regulatory obligations.

The Processor does not have full control over Personal Data processed or retained by the LSP and relies on the LSP’s policies, legal obligations, and system capabilities when responding to Data Subject requests or Controller instructions concerning such data. The Processor will assist the Controller in liaising with the LSP, but cannot guarantee the LSP’s actions or compliance where the LSP operates independently.

These details may include but are not limited to:
•Categories of Data: Name, billing address, email address, IP address, and payment-specific information.

• Payment Requests: Payment requests could include the following:

• Credit/Debit Cards: Cardholder name, card number, CVC, expiry month, expiry year, issue number (if applicable).
• Bank Transfers: Bank account number, BSB, BIC, bank name, bank location ID, country code.
• Fraud Detection: Shopper name, device fingerprint, persistent cookie, shopper email, IP address, shopper reference, telephone, billing/delivery address, and additional data provided by Controller (e.g., basket information, browser language, delivery method, shopper country).

Personal Data may be retained by the LSP in accordance with their legal obligations (e.g., anti-money laundering or financial regulations). Processor will assist Controller in liaising with the LSP regarding any requests to delete, restrict, or access Personal Data, but cannot guarantee enforcement where the LSP has its own legal retention obligations.

In response to the growing threat of improper use of credit cards the payment card industry formed the PCI Security Standards Council. The council has developed a set of standards (PCI DSS) for anyone who stores, processes or transmits credit card data. The primary goal of the council and the purpose of the DSS is to protect card holder’s data.

There are two elements of PCI that may relate to RMS customers where they accept credit cards as a form of payment.

The Payment Card Industry Data Security Standard (PCI DSS)

This standard stipulates the conditions under which credit card data can be processed, stored and transmitted in a way that complies with the agreement between the card issuers, the bank, and the merchant.

The PCI DSS details all aspects of business practice including, policies, security, devices such as credit card processing terminals and the environment in which they operate. Quite apart from any business information software, such as RMS, the merchant is obliged to comply with the standard. An example of not complying with the standard might include the practice of recording credit card details in a book that is left in an opened draw.

The Payment Application Data Security Standard (PA DSS)

This is a standard for a software or hardware payment application that stores, processes or transmits credit card data. A property management system such as RMS is deemed to be a payment application if it stores processes or transmits credit card data.

Instances of RMS that store credit card details are not PA DSS compliant. However, RMS can be configured and supplied in such a way that it is impossible to store credit cards in any part of the system. Neither can it process or transmit card data. Furthermore, such examples of RMS cannot be re configured by the user to allow for the storage of credit cards post installation.

By definition of the PA DSS, any application that does not store, process or transmit credit card data is out of the scope of PA DSS and is not required to comply. Customers who are seeking to establish a business environment that complies with the PCI DSS should consider using a version of RMS which has had the ability to store, process and transmit credit cards disabled. Using the nonpayment application version of RMS forms a significant part of operating a PCI DSS compliant business environment.

PCI Compliance otherwise referred to as Payment Card Industry Data Security Standard (PCI DSS) is a propriety information security standard for organisations working with major branded credit cards such as Visa, MasterCard, American Express and JCB.

The PCI Compliance Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

The PCI Compliance Standard was created to increase controls around cardholder data and reduce credit card fraud. Validation of compliance is performed annually by either external Qualified Security Assessors (QSA) or by an internal department focused on Internal Security Assessment (ISA) that creates a Report on Compliance (ROC) for organisations handling large volumes of transactions.

Alternatively, a Self-Assessment Questionnaire (SAQ) can be completed by companies handling smaller volumes.

View our PCI DSS Compliance Certificates below:

Certificate of Compliance.pdf

Attestation of Compliance (SAQ-D).pdf

Payment Gateways

Payment Gateways are an e-commerce application provided by merchant services to authorize and process credit card payments in a PCI compliant manner.

Setting up RMS to connect with a Payment Gateway merchant account provides the ability to securely process payments or refunds directly from any account in RMS.

Obtaining a Gateway Account

Prior to being able to process payments via a Payment Gateway in RMS, you will require an account with your chosen provider.

To begin this process, first, contact your bank to enhance your merchant facility to be e-commerce enabled.

Once your merchant facility has been enhanced for e-commerce, contact your chosen provider to sign up for an account.

Payment Gateways are an e-commerce application provided by merchant services to authorize and process credit card payments taken online in a PCI DSS compliant manner.

Setting up RMS to connect with a Payment Gateway merchant account provides the ability to securely process online payments or refunds directly from any account in RMS.

The following Payment Gateways are currently available for interface in RMS:

• BrainTree
• BridgePay
• CommWeb
• GK Solutions
• Elavon  
• NGenius  
• Opayo
• OpenEdge
• Red Dot
• Stripe
• Till Payments
• Wallee (in development)
• Windcave

The availability of a specific Payment Gateway Provider is determined by your country of operation.

• RMS Payment Gateway – default option

Click Here to access our Knowledge Base article on PCI Compliance, Payment Gateways, and our FAQs

Obtaining a Gateway Account

Prior to being able to process online payments via a Payment Gateway in RMS, you will require an account with your chosen provider from the list above.

To begin this process, please contact one of the listed Payment Gateway Providers direct.

Once your merchant facility with one of the listed Payment Gateway Providers is active these details need to be entered into RMS.

Alternatively, you may select the default option available within RMS and after providing any additional information requested, you will automatically have a payment gateway account opened for you and registered within RMS.  You may then take online payments immediately which shall deposit to your nominated bank account.

It is usual business practise that under the appropriate conditions customers provide credit card data with the understanding that those details may be reused to:

• Secure a service for a later date
• Process a subsequent payment or refund
• Some other agreed reason

Through collaborations with a number of online payment gateway providers around the world RMS can provide access to a guests card data while remaining out of scope of PCI compliance requirements. This process is called tokenisation.

How it works

Credit card details are collected in three main ways:

• When a guest enters the details into the payment section of the online booking system
• When an operator collects them during a telephone call, or,
• When the guest presents a credit card at the reception desk

Tokens

A token is simply a string of data that acts like a receipt of the credit card data. It is completely innocuous and can only be used by you via the gateway. With the token you can process subsequent payments and receipts directly in the RMS account receipt screens.

Online Booking Deposits

If you opt to collect a deposit at the time the booking is made the guest will be prompted to enter their credit card details. The form in which they enter the details is hosted by the payment gateway. The guest doesn’t leave the booking site, the details do not enter RMS and only the gateway sees them. The gateway then authorises that the card is valid and if successful processes the payment.

Once the payment is processed the gateway drops a token into RMS against the guest.

Mail Order, Telephone Order Payments (MOTO)

Credit card details can be collected over the phone for the purpose of collecting a deposit or simply to secure a reservation by first creating a token. A token can be created against a guest in a reservation by using the “Create Token” feature. When this feature is activated a form which is hosted by the payment gateway appears into which the details can be entered. The details are not entered into RMS. The gateway authorises the validity of the card and if successful creates a token against the guest.

Card Present Transactions (In Store)

A token can be created against a guest similar to the process for MOTO with the added benefit of using a magnetic card reader to simplify and expedite the process. Only card reading devices that do not compromise your PCI compliant status should be used for this purpose.

For more information Click Here to access our Knowledge Base articles.

When establishing PCI compliant process and practices from a technology perspective, commercial accommodation providers need to consider both, the systems they use and the environment in which they operate.

As a system provider, RMS has the choice or providing software that complies with the Payment Application Data Security Standard (PA DSS) or staying out of the scope of PCI requirements altogether. RMS has determined that as a long term solution, the latter option provides a safer, less expensive and more robust solution. The tokenization method employed by RMS means that credit card details are never stored, transmitted or processed in RMS rendering the property owner completely out of scope of PCI.

Whilst it is relatively simple to achieve the requirements of the DSS as they apply to payment applications, it would completely ignore the environment in which it operates. Property owners who self-host RMS would find the task of maintaining a network that fully complied with the DSS almost impossible. The responsibility of data security ultimately falls on the merchant. Vulnerabilities exist even in the most secure environments where staff members have access to the network, or the server is not under constant vigilance. A breach of your security may provide open access to cardholder data despite having a PCI compliant payment application installed.

Over time the low cost per transaction incurred by using a payment gateway is far less than the ongoing cost of securing a local environment. This is not to mention the peace of mind that comes from removing the onus of card security.

RMS cloud hosted customers enjoy extremely robust data security. Nonetheless, the decision was made that responsibility for cardholder security is best managed by the industry-specific services supplied by payment gateway providers.

It is undeniable that the safest and most efficient method of providing cardholder security and complying with your merchant obligations is by use of the tokenization method.

Can I still charge against the guest credit card for unpaid incidentals or unreported damage to the room?

Yes. When you enter credit card details in RMS the details are passed to and stored with the internet payment gateway provider. RMS will retain a "token" which relates to that credit card. Each time you wish to make a payment against that credit card account all you do is process the payment in RMS as usual. RMS will send the token to the payment gateway along with the details of the sale to facilitate the payment.

Do the transaction fees apply for all credit card payments?

You need only pay the transaction fees for transactions processed via RMS. If you don't need to store the credit card details you can simply process the transaction as normal via your credit card terminal.

Can I use my existing merchant facility?

You will require an “e-commerce” merchant facility to use the tokenization process and the services of the payment gateway provider. Conditions can vary in different geographical regions. The merchant services department of your bank can assist with this matter.

Can I perform a refund or a pre-authorisation using the PCI compliant solution?

You can refund money to a credit card stored by the payment gateway provider directly from RMS.

General Terms of Use

The Guest Portal that you are accessing allows you to manage your relationship with the property you have made or wish to make accommodation bookings.

The range of services that are available to you at an individual property Guest Portal are set by the property themselves, not by RMS. These services can include:

• Track and manage your bookings,
• Check in and check out services,
• Make secure payments,
• Communicate directly with the property through Guest Portal Messaging,
• Make new bookings at the property,
• Update and manage your profile and preferences.

Use of the RMS Guest Portal is subject to the Terms of Service set out below and the terms posted by the property available to you on the property portal. Users are required to familiarize themselves with these Terms of Service before using the Guest Portal.

Access

Access to the portal is via the booking reference provided to you by the property or via the email address you have registered with your guest profile relating to that booking at the property.

Depending on the services enabled by the property, a password may also be required, or you may be required to login in using authentication by a secure third-party website.

Rules

By using the Guest Portal you acknowledge the following:

1. You take responsibility for all transactions (new bookings, changes to existing bookings, payments etc) made under your username.
2. You take responsibility for all communication messages under your username.
3. You shall not post or transmit any data, text, or message, that is defamatory, abusive, vulgar, obscene or harassing, insulting, threatening, bigoted, hateful or racially offensive, or that could be deemed to be stalking, and that RMS shall be entitled to remove and communication messages of this nature.
4. That RMS or the property may suspend or terminate your access to all or any part of the Guest Portal if in either RMS or the property’s sole discretion you have been deemed to be in breach of the applicable terms of service.

The RMS Privacy Policy was updated on 10th May 2021

RMS is committed to protecting and safeguarding any personal data you give us. We act in the best interests of our clients and their customers’ interest and we are transparent about our processing of your personal data.

RMS provides a subscription cloud-based Property Management System to its clients for managing accommodation bookings, front desk operations, guest billing, housekeeping, maintenance management, sales and marketing, events management, point of sale, door locking and other in-room and property access and control systems. RMS provides its clients with an Online Booking Engine to enable their customers to make bookings at their property and a Channel Management system to allow our clients to receive bookings from a large range of online travel agents and other booking services. RMS also provides its clients with integrations to other third-party services such as client loyalty programs, rate management services and business intelligence tools.

What kind of personal data does RMS collect and why?

Customers of RMS Clients

RMS Clients will collect personal information of their customers using the RMS services.

RMS acts as the data processor regarding the services provided by our clients. Our clients therefore have the primary responsibility for the protection of your personal information.

Our client’s using our Guest Portal web pages and any website using the RMS booking engine to collect and process personal information to provide their services. Our clients may also use the RMS channel management service to receive and process personal information collected by online travel agents and other booking services.

Therefore, RMS will process on behalf of our clients, personal information of their customers including but not limited to:

• Your name;
• Preferred contact details, including email or social media address, home address, telephone number, and date of birth,;
• The names of anybody travelling with you;
• Your payment information; and
• Any other information which you decide for yourself to submit including special requests or preferences.

Our clients’ collect and processes personal information from its customers for the performance of a contract, specifically to administer their online bookings from customers. If the required personal information is not provided, our clients cannot finalize the booking and ensure your stay with them is as enjoyable as possible. Our client’s may also use your personal information to provide customer service by informing the customer of any changes to the booking, latest deals and special offers and other products or services which they believe may be of interest to you. An RMS client may also use your personal information for the purpose of sending you a survey or for future marketing and sales activities. If you would like to find out the specific purposes that our client has collected your personal information, please refer to the privacy policy of the client or contact the property direct.

RMS also may from time to time have a need to access your personal information that has been collected and processed by our client. This will only ever occur when we are providing customer support services to our client and not for any other purpose.

Our clients may hold your personal information for as long as is reasonably necessary for the performance of the booking and for such time thereafter as they have a legal basis. In regard to any booking you have made with a client of RMS, you should consult the privacy policy of our client for the specifics of their data retention policy.

Does RMS share your data with third parties?

RMS itself does not disclose personal information for any purpose other than our employees, contractors or service providers needing to contact our clients, and then only to the extent reasonably necessary to fulfill our obligations to our client, or to comply with government or other regulatory requirement.

In order to support the use of the RMS services, your details may be shared with members of the RMS employees who act as service providers for RMS, including in relation to customer support services.

RMS may disclose personal information to third parties to comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities.

RMS may use service providers to process your personal data on our behalf. This processing is for several purposes, including notifying you of complimentary purchase opportunities from third parties to the email address you provided when using booking services provided by the RMS software. Third party service providers shall either be bound by:

• Our data privacy policy or have similar obligations in relation to the storage and processing of personal information, or
• Confidentiality clauses and are not allowed to use your personal data for other purposes than instructed by RMS.

Customer Lists:

RMS does not disclose the personal information of our clients’ customers to any third parties without consent.

RMS does not sell or rent personal information.

Third Party Integrations:

Different parties are integrated into the RMS services in a number of ways and for various reasons. RMS acts as the data processor for our clients and any personal information disclosed by and through these integrations is done so at the direction of and is the responsibility of our client.

How does RMS treat personal data of children?

RMS is a service provider and data processer to our clients. RMS services are not designed or directed at children. Our client’s will set their own policy for who can make a booking using the Guest Portal and on the client’s website using the RMS online booking engine. An RMS client may, as part of an online booking, collect and process the information of children only as provided by the parent or guardian or with their consent. If an RMS client becomes aware that they processed information of a child without the valid consent of a parent or guardian, they may reserve the right to delete it.

International transfers of personal data

RMS may transfer your personal information to our group companies or service providers based outside of the European Economic Area (“EEA”) for the purposes described in this policy.  Personal information transferred outside the EEA will be subject to appropriate safeguards set out in the law including the use of model contract terms approved by regulators.

RMS may process and store data in the cloud using services from IBM Cloud, Microsoft Azure, and Amazon Web Services. You acknowledge that these cloud service providers may process and store personal information in a jurisdiction that may have different privacy and data security protections from those of your own jurisdiction. 

Right to review personal information

Customers of RMS Clients

The rights of customers of RMS Client’s to review the personal information our client holds about you, to amend the personal information, to restrict the processing of the personal information and to delete your personal information is governed by regulations in place in your jurisdiction and the privacy policy of the RMS Client. 

Please contact the property direct and/or the relevant regulator if you have any queries in this regard.

RMS as the service provider and data processor has provided functionality to our clients to review customer personal information, restrict certain processing and to delete the personal information.  The use of that functionality is the responsibility of the RMS client who is the controller of that data.

RMS is also able to provide our clients with functionality where you may view the personal information held about you and make corrections to your personal information yourself.

Where your personal information is processed by an RMS client on the basis of your consent, you may be entitled to withdraw that consent at any time subject to applicable law. Moreover, where an RMS client processes your personal data based on legitimate interest or the public interest, you may, subject to applicable law have the right to object at any time to that use of your personal data when no opt-out mechanism is available to you. 

Please contact the property direct and/or the relevant regulator if you have any queries in this regard.

Security

RMS has implemented reasonable measures designed to secure personal information from accidental loss from unauthorized access, use, alteration and disclosure. RMS encrypts data in transmission and at rest, and all access to computer hardware containing personal information is password protected. Staff access to personal information is given on a need to know basis only.

RMS Clients have access to their customers’ personal information. RMS Clients are the data controllers for their data. RMS is not responsible for the security standards of RMS Clients. RMS services provide the client with functionality to restrict access to data.

If you have any questions relating to security at an RMS client please contact the property direct.

Internet Transmission

No data transmission over the Internet can be guaranteed to be secure. While RMS will endeavour to protect customer information, it cannot guarantee the security of any information any person may transmit when they access its website.

Even though RMS encrypts data transmitted over the Internet, it still cannot guarantee data transmitted cannot be unencrypted by persons with nefarious intentions. Nonetheless, the likelihood of this occurring is extremely low.

Cookies

Cookies may be placed on your computer or internet-enabled device whenever you visit RMS online booking pages. This allows the site to remember your computer or device and serves a number of purposes. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu).

You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of the features. Cookies by themselves do not tell us your email address or otherwise identify you personally.

Cookies are only used by online booking pages provided by RMS to improve the online booking process. By remembering the preferences of visitors to the online booking pages RMS streamline the reservation process.

Cookies are used for no other process and the information pertaining to them are not shared with any other person or entity.

Complaints

If you have any questions regarding this policy, or if you think your privacy has been breached, please email us atprivacyofficer@rmscloud.com.

Our team members will acknowledge receipt of your complaint within 72 hours, and will normally respond to your request within 10 business days. If your complaint is complicated or requires further investigation our response may take additional time to finalise.

We will respond to you by email or telephone.

RMS Member Companies

This Privacy Policy applies to the following:

• RMS Global Pty Ltd, a company registered in Australia.
• RMS (Aust) Pty Ltd, a company registered in Australia.
• RMS Europe Ltd, a company registered in the United Kingdom.
• RMS Cloud North America LLC, a company registered in Delaware, United States.
• RMS Hospitality Pte Ltd, a company registered in Singapore.
• RMSCloud Software Private Ltd, a company registered in India.
• RMS International FZE, a company registered in United Arab Emirates

The RMS Privacy Policy was updated on 10th May 2021

RMS is committed to protecting and safeguarding any personal data you give us. We act in the best interests of our clients and their customers’ interest and we are transparent about our processing of your personal data.

RMS provides a subscription cloud-based Property Management System to its clients for managing accommodation bookings, front desk operations, Owner billing, housekeeping, maintenance management, sales and marketing, events management, point of sale, door locking and other in-room and property access and control systems. RMS provides its clients with an Online Booking Engine to enable their customers to make bookings at their property and a Channel Management system to allow our clients to receive bookings from a large range of online travel agents and other booking services. RMS also provides its clients with integrations to other third-party services such as client loyalty programs, rate management services and business intelligence tools.

What kind of personal data does RMS collect and why?

Customers of RMS Clients

RMS Clients will collect personal information of their customers using the RMS services.

RMS acts as the data processor regarding the services provided by our clients. Our clients therefore have the primary responsibility for the protection of your personal information.

Our client’s using our Owner & Guest Portal web pages and any website using the RMS booking engine to collect and process personal information to provide their services. Our clients may also use the RMS channel management service to receive and process personal information collected by online travel agents and other booking services.

Therefore, RMS will process on behalf of our clients, personal information of their customers including but not limited to:

• Your name;
• Preferred contact details, including email or social media address, home address, telephone number, and date of birth,;
• The names of anybody travelling with you;
• Your payment information; and
• Any other information which you decide for yourself to submit including special requests or preferences.

Our clients’ collect and processes personal information from its customers for the performance of a contract, specifically to administer their online bookings from customers. If the required personal information is not provided, our clients cannot finalize the booking and ensure your stay with them is as enjoyable as possible. Our client’s may also use your personal information to provide customer service by informing the customer of any changes to the booking, latest deals and special offers and other products or services which they believe may be of interest to you. An RMS client may also use your personal information for the purpose of sending you a survey or for future marketing and sales activities. If you would like to find out the specific purposes that our client has collected your personal information, please refer to the privacy policy of the client or contact the property direct.

RMS also may from time to time have a need to access your personal information that has been collected and processed by our client. This will only ever occur when we are providing customer support services to our client and not for any other purpose.

Our clients may hold your personal information for as long as is reasonably necessary for the performance of the booking and for such time thereafter as they have a legal basis. In regard to any booking you have made with a client of RMS, you should consult the privacy policy of our client for the specifics of their data retention policy.

Does RMS share your data with third parties?

RMS itself does not disclose personal information for any purpose other than our employees, contractors or service providers needing to contact our clients, and then only to the extent reasonably necessary to fulfill our obligations to our client, or to comply with government or other regulatory requirement.

In order to support the use of the RMS services, your details may be shared with members of the RMS employees who act as service providers for RMS, including in relation to customer support services.

RMS may disclose personal information to third parties to comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities.

RMS may use service providers to process your personal data on our behalf. This processing is for several purposes, including notifying you of complimentary purchase opportunities from third parties to the email address you provided when using booking services provided by the RMS software. Third party service providers shall either be bound by:

• Our data privacy policy or have similar obligations in relation to the storage and processing of personal information, or
• Confidentiality clauses and are not allowed to use your personal data for other purposes than instructed by RMS.

Customer Lists:

RMS does not disclose the personal information of our clients’ customers to any third parties without consent.

RMS does not sell or rent personal information.

Third Party Integrations:

Different parties are integrated into the RMS services in a number of ways and for various reasons. RMS acts as the data processor for our clients and any personal information disclosed by and through these integrations is done so at the direction of and is the responsibility of our client.

How does RMS treat personal data of children?

RMS is a service provider and data processer to our clients. RMS services are not designed or directed at children. Our client’s will set their own policy for who can make a booking using the Owner or Guest Portal and on the client’s website using the RMS online booking engine. An RMS client may, as part of an online booking, collect and process the information of children only as provided by the parent or guardian or with their consent. If an RMS client becomes aware that they processed information of a child without the valid consent of a parent or guardian, they may reserve the right to delete it.

International transfers of personal data

RMS may transfer your personal information to our group companies or service providers based outside of the European Economic Area (“EEA”) for the purposes described in this policy.  Personal information transferred outside the EEA will be subject to appropriate safeguards set out in the law including the use of model contract terms approved by regulators.

RMS may process and store data in the cloud using services from IBM Cloud, Microsoft Azure, and Amazon Web Services. You acknowledge that these cloud service providers may process and store personal information in a jurisdiction that may have different privacy and data security protections from those of your own jurisdiction. 

Right to review personal information

Customers of RMS Clients

The rights of customers of RMS Client’s to review the personal information our client holds about you, to amend the personal information, to restrict the processing of the personal information and to delete your personal information is governed by regulations in place in your jurisdiction and the privacy policy of the RMS Client. 

Please contact the property direct and/or the relevant regulator if you have any queries in this regard.

RMS as the service provider and data processor has provided functionality to our clients to review customer personal information, restrict certain processing and to delete the personal information.  The use of that functionality is the responsibility of the RMS client who is the controller of that data.

RMS is also able to provide our clients with functionality where you may view the personal information held about you and make corrections to your personal information yourself.

Where your personal information is processed by an RMS client on the basis of your consent, you may be entitled to withdraw that consent at any time subject to applicable law. Moreover, where an RMS client processes your personal data based on legitimate interest or the public interest, you may, subject to applicable law have the right to object at any time to that use of your personal data when no opt-out mechanism is available to you. 

Please contact the property direct and/or the relevant regulator if you have any queries in this regard.

Security

RMS has implemented reasonable measures designed to secure personal information from accidental loss from unauthorized access, use, alteration and disclosure. RMS encrypts data in transmission and at rest, and all access to computer hardware containing personal information is password protected. Staff access to personal information is given on a need to know basis only.

RMS Clients have access to their customers’ personal information. RMS Clients are the data controllers for their data. RMS is not responsible for the security standards of RMS Clients. RMS services provide the client with functionality to restrict access to data.

If you have any questions relating to security at an RMS client please contact the property direct.

Internet Transmission

No data transmission over the Internet can be guaranteed to be secure. While RMS will endeavour to protect customer information, it cannot guarantee the security of any information any person may transmit when they access its website.

Even though RMS encrypts data transmitted over the Internet, it still cannot guarantee data transmitted cannot be unencrypted by persons with nefarious intentions. Nonetheless, the likelihood of this occurring is extremely low.

Cookies

Cookies may be placed on your computer or internet-enabled device whenever you visit RMS online booking pages. This allows the site to remember your computer or device and serves a number of purposes. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu).

You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of the features. Cookies by themselves do not tell us your email address or otherwise identify you personally.

Cookies are only used by online booking pages provided by RMS to improve the online booking process. By remembering the preferences of visitors to the online booking pages RMS streamline the reservation process.

Cookies are used for no other process and the information pertaining to them are not shared with any other person or entity.

Complaints

If you have any questions regarding this policy, or if you think your privacy has been breached, please email us at privacyofficer@rmscloud.com.

Our team members will acknowledge receipt of your complaint within 72 hours, and will normally respond to your request within 10 business days. If your complaint is complicated or requires further investigation our response may take additional time to finalise.

We will respond to you by email or telephone.

RMS Member Companies

This Privacy Policy applies to the following:

• RMS Global Pty Ltd, a company registered in Australia.
• RMS (Aust) Pty Ltd, a company registered in Australia.
• RMS Europe Ltd, a company registered in the United Kingdom.
• RMS Cloud North America LLC, a company registered in Delaware, United States.
• RMS Hospitality Pte Ltd, a company registered in Singapore.
• RMSCloud Software Private Ltd, a company registered in India.
• RMS International FZE, a company registered in United Arab Emirates

General Terms of Use

The Owner Portal that you are accessing allows you to manage your relationship with the property you have made or wish to make accommodation bookings.

The range of services that are available to you at an individual property Owner Portal are set by the property themselves, not by RMS. These services can include:

• Track and manage your bookings,
• Check in and check out services,
• Make secure payments,
• Communicate directly with the property through Owner Portal Messaging,
• Make new bookings at the property,
• Update and manage your profile and preferences.

Use of the RMS Owner Portal is subject to the Terms of Service set out below and the terms posted by the property available to you on the property portal. Users are required to familiarize themselves with these Terms of Service before using the Owner Portal.

Access

Access to the portal is via the booking reference provided to you by the property or via the email address you have registered with your Owner profile relating to that booking at the property.

Depending on the services enabled by the property, a password may also be required, or you may be required to login in using authentication by a secure third-party website.

Rules

By using the Owner Portal you acknowledge the following:

1. You take responsibility for all transactions (new bookings, changes to existing bookings, payments etc) made under your username.
2. You take responsibility for all communication messages under your username.
3. You shall not post or transmit any data, text, or message, that is defamatory, abusive, vulgar, obscene or harassing, insulting, threatening, bigoted, hateful or racially offensive, or that could be deemed to be stalking, and that RMS shall be entitled to remove and communication messages of this nature.
4. That RMS or the property may suspend or terminate your access to all or any part of the Owner Portal if in either RMS or the property’s sole discretion you have been deemed to be in breach of the applicable terms of service.

This statement, pursuant to s54(1) of the Modern Slavery Act 2015 (UK), sets out RMS Cloud’s policy, commitment and actions taken to ensure that slavery and human trafficking are not taking place in any part of our business or supply chain over the financial year ending 30 June 2021. RMS Cloud also welcomes the introduction of the Australian Modern Slavery Act 2018 (Cth), which came into effect in 2019. RMS Cloud’s employees, directors, agents, contractors and others who represent our business must respect and support human rights. As part of our commitment to identify and mitigate risks associated with modern slavery we:

• Consider any potential risk areas when taking on new suppliers • Regularly review our existing suppliers for potential risk • Protect whistleblowers • Make key personnel and business unit leaders aware of the risk areas associated with third party contracted labour and risk indicators of modern slavery • Make key personnel and business unit leaders aware of the severity of impact on the individual of modern slavery

RMS Cloud Structure, Operations and Supply Chain

RMS Cloud is headquartered in Melbourne, Australia, with sales and marketing hubs in the UK, US, Singapore, China, India and UAE. RMS Cloud employs all its staff directly at those locations and is directly responsible for and is directly able to oversee hiring and working practices. RMS Cloud internal governance states that forced, bonded or indentured labour, involuntary prison labour, slavery or trafficking of persons shall not be used within RMS Cloud business units or within its supply chain. There shall be no unreasonable restrictions on workers’ freedom of movement or unreasonable restrictions on entering or exiting RMS Cloud facilities. All workers must be provided with a written employment agreement in their native language that contains a description of terms and conditions. All work is voluntary, and workers shall be free to leave their work at any time or terminate their employment. Workers shall not be denied access to their identity immigration documents unless such holding is required by law. Workers shall not be required to pay employers’ or agents’ recruitment fees or other related fees for their employment. RMS Cloud’s principal supply chain vendors are Microsoft Azure, and AWS. RMS Cloud has inspected Microsoft Azure and AWS' policies and has confirmed to our satisfaction that the same commitment to sustainable social responsibility exists at Microsoft Azure and AWS and in their supply chains and that they pursue the highest standards of corporate responsibility. Microsoft’s membership in the Electronic Industry Citizenship Coalition (EICC) requires Microsoft to ensure its global policies and practices are aligned with EICC. These policies and practices are consistent with the RMS Cloud’s governance statement above. RMS Cloud has introduced a policy of seeking confirmation from other suppliers in its supply chain where potential risk has been identified by employees, directors or agents.

RMS User Licence holders enjoy the following privileges:

The following is a list of Subprocessors used by RMS as defined by the Standard Contractual Clauses pursuant to European data privacy regulations.

RMS updates this list at least annually:

The process of upgrading to The Cloud and to RMS 9+ is a relatively simple one, which involves two distinct steps which can occur simultaneously:

1. Transfer to The cloud

In order to commence the process of'transferring to the cloud'please call or email Erin Potter (Sales Executive) who will arrange for the paperwork to be sent to you. Email ep@rmscloud.com or Call (03) 8399 9462 ext. 2

As soon as you have completed the paperwork and returned it to us, one of our Customer Support Agents will arrange a time which is convenient for you to preform the'cloud transfer' with you.

The physical cloud transfer process generally takes less than 60 minutes (one hour).

The General Data Protection Regulation (GDPR) is a regulation in European Union (“EU”) law on data protection and privacy for all individuals within the EU. The GDPR, will replace the Data Protection Act 1998, and aims to simplify the regulatory environment by unifying the regulation within the EU. It imposes new regulations for organisations who engage with individuals’ in the EU, expands individuals’ rights with respect to the processing of their personal data and mandates data security measure appropriate to the risk of personal data. 

GDPR applies to any organisation that does business with citizens of the EU and European Economic Area (“EA”), and provides for two key areas with which organisations need to comply:

Consent: Provides greater rights and controls for individuals in the EU as to how their personal data is used

Accountability: Provides for greater accountability and the need for transparency across all organizations (effectively being able to demonstrate compliance with GDPR).

The primary obligation for compliance and the ability to demonstrate compliance with the six key principles that govern GDPR lies with the “Data Controller” (the organization dealing with the data subject, and in the case of RMS, the properties that use our software) 

Visit gdpr.eu for more information.

Read the RMS Data Processing Agreement

Read the RMS Data Processing Agreement

R.M.S. (AUST) PTY LTD

ABN: 63 003 134 243