Version date: 8 January 2025
Rootline BV
Prinsengracht 449a
1016 HN Amsterdam
The Netherlands
Introduction
This Service Level Agreement (hereinafter referred to as the 'SLA') details how Rootline both proactively and reactively addresses and works to prevent incidents affecting the functionality, security and performance of the Rootline Platform and the Services provided with the Rootline Platform.
Definitions
The capitalized terms used in this SLA have the following meanings (some of the definitions used in the Rootline Terms of Service are repeated below for ease of reading):
Client Merchant | A party which entered into a Merchant Agreement with Rootline for the provision of the Services solely via or in combination with the services of a particular Partner Merchant. |
Defect | A malfunction in the Rootline Platform due to which committed functionality in the Rootline Platform is not available for use by the Merchant and/or due to which the performance level of the Rootline Platform does not conform to the service levels set out in the Service Level Agreement. |
Partner Merchant | A party which entered into an Merchant Agreement with Rootline for the provision of the Services and which party enables and supports its Client Merchants in using the Services of Rootline via and/or in combination with the services of Partner Merchant. |
Rootline | Rootline BV, a Dutch private limited liability company with as registered address Prinsengracht 449a, 1016 HN Amsterdam, The Netherlands and Chamber of Commerce Registration number 83218025. |
Rootline Platform | The online payment flow management platform managed and hosted by Rootline and made available for use via the internet by Rootline to the Merchant. |
Services | All Services of Rootline as may be provided to Merchant pursuant to the Merchant Agreement between Merchant and Rootline. |
Business Continuity and certification
In order to minimize the chances of and impact of Defects in the Rootline Platform and to protect the security and integrity of the data processed via the Rootline Platform, Rootline commits to implement and maintain the following measures:
The Rootline Platform and all data processed via the Rootline Platform is hosted in at least 2 different, physically separated high security data centers.
The leveraged data centers are set up in a mirrored and fully redundant manner so that in case one data center goes down, the other data center can continue to provide the full scope of services with minimal potential loss of data and disruption of service due to an outage or catastrophic event affecting one site.
Each data center site will be provided with backup power and backup internet connections to minimize the impact of power outages and local internet disturbances on the Rootline Platform.
The following certifications and standards apply to Rootline and the Rootline Platform to help ensure their security, integrity and continuity:
Rootline and the Rootline Platform are certified as being compliant to the PCI Service Provider Level 1 standard. This is the most stringent level of certification available in the payments industry.
Also, the data centers leveraged by Rootline are audited against the applicable PCI DSS standards or are themselves PCI DSS certified.
Rootline is fully compliant with the Payment Services Directive (PSD2), a strict European regulation designed to enhance consumer protection, improve payment security, and foster innovation in the financial ecosystem.
Rootline’s PSD2 compliance ensures Rootline can meet the requirements for Strong Customer Authentication (SCA) and provide secure access to payment accounts through APIs.
All data centers leveraged for the Rootline Platform meet the requirements of ISO 27001 certification.
General usage support
For Client Merchants Rootline does NOT provide direct support in using the Services. Client Merchants are supported by their Partner Merchant in using the Services with Rootline providing second line support to the Partner Merchant where needed.
Resolving Defects
Rootline will as part of the Support Services use its reasonable efforts to address and resolve Defects in the Rootline Platform that it discovers as part of its proactive monitoring of the Rootline Platform and/or which are reported by the Merchant to Rootline.
Client Merchants must report any Defects in the Services to Partner Merchant and not directly to Rootline.
Scheduled maintenance / discontinued API support
As part of Support Services, Rootline may install updates to the Rootline Platform. Their implementation may temporarily affect availability of the Services for use by Merchant. Rootline standard implements updates in a manner that will not affect availability of the Rootline Platform to process Payment Transactions.
Updated versions of API’s or other technical connections which are expected not to be backward compatible with previous versions will, where technically possible, be made available for Merchant in parallel to the previous version to allow Merchant to time its own migration to the updated version. Rootline will where possible announce the scheduled discontinued support of older API’s and other older technical connections options for which newer versions have been made available at least 6 months in advance via messages on the Dashboard.
In case Merchant co-operation is needed to install an update or to activate an updated version of a certain feature (e.g. by switching to an updated API), Rootline may refuse to address Defects if Merchant does not enable the installation of an update that would prevent or resolve such Defect or refuses to switch its connections to an updated interface on the Rootline Platform. Rootline is also entitled and may be legally required to suspend part or all Services in case Merchant does not enable an update that is implemented by Rootline to meet or promote compliance to Compliance Requirements.
- 0 -
