PCI Addendum to Service Agreement between Dave Operating LLC and Galileo Financial Technologies, LLC

Contract Categories: Business Operations Services Agreements
Summary

This addendum, effective October 12, 2022, modifies the existing Service Agreement between Dave Operating LLC and Galileo Financial Technologies, LLC. It allows Dave to receive sensitive payment card data from Galileo, subject to strict security standards (PCI DSS). Dave must ensure compliance through third-party audits, secure the data, and promptly delete it when no longer needed. Dave is responsible for any breaches and must indemnify Galileo, with liability limits except in cases of willful misconduct or fraud. The addendum is governed by Utah law and does not alter other terms of the original agreement.

Read More Arrow
EX-10.8 9 dave-ex10_8.htm EX-10.8 EX-10.8

 

Exhibit 10.8

 

CERTAIN INFORMATION IN THIS DOCUMENT, MARKED BY [**], HAS BEEN EXCLUDED PURSUANT TO REGULATION S-K, ITEM 601(B)(10)(iv). SUCH EXCLUDED INFORMATION IS NOT MATERIAL AND IS THE TYPE THAT THE REGISTRANT TREATS AS PRIVATE OR CONFIDENTIAL.

Execution Copy

 

PCI ADDENDUM TO SERVICE AGREEMENT

 

THIS PCI ADDENDUM TO SERVICE AGREEMENT (the “Addendum”) is entered into as of 10/12/2022 (the “Effective Date”), by and between Dave Operating LLC, f.k.a. Dave, Inc. (“Customer”), a Delaware corporation with a principal business address of 1265 S. Cochran Avenue, Los Angeles, California 90292, and Galileo Financial Technologies, LLC (Galileo”), a Delaware limited liability company with a principal business address of 9800 South Monroe Street, 7th Floor, Sandy, Utah 84070 as an Addendum to that certain Service Agreement (the “Agreement”) between Galileo and Customer dated March 18, 2020. Capitalized terms used herein but not defined have the meanings given to them in the Agreement.

 

Whereas, the parties wish to amend the Agreement, and as such this Addendum is being entered into for the purpose of modifying the Agreement in the manner and to the extent set forth herein; and

Whereas, Customer wishes to receive from Galileo certain sensitive data, including but not limited PAN, CVV, and expiration date (“Data”), subject to the Payment Card Industry Data Security Standard (“PCI DSS”) promulgated by the PCI Security Standards Council;

The parties agree as follows:

 

Agreement

 

1.
Customer hereby acknowledges and agrees that any such Data it receives pursuant to this Addendum shall be subject to Customer’s then existing PCI DSS and shall be within the scope of Customer’s PCI audits going forward. Customer shall declare in its next PCI audit its receipt and use of such Data, including how it transmits, stores, or processes such Data.

 

2.
Customer acknowledges and agrees that certification of such PCI DSS compliance shall be performed by a third-party assessor at all times Galileo is providing the Data to Customer.

 

3.
Customer hereby acknowledges and agrees that it is responsible for the security of the Data it possesses, including the functions relating to storing, processing, and transmitting of the Data.

 

4.
Customer shall purge any Data from its systems immediately after it no longer has a business purpose to store such Data.

 

 

5.
Indemnification.

 

a.
Subject to the limitations contained in this Section 5 of this Addendum, Customer shall indemnify and hold harmless Galileo and its directors, officers, employees, agents and affiliates from and against any and all third party claims, liabilities, losses and damages (including reasonable attorney fees, expert witness fees, expenses and costs of settlement) arising out of or with respect to the Addendum or the Agreement to the extent Customer breaches its obligations to keep the Data secure.

 

b.
Notwithstanding anything to the contrary, except for willful misconduct, gross negligence, and fraud, Customer’s cumulative liability for any loss or damage, direct or indirect, for any cause whatsoever with respect to claims (whether third party claims, indemnity claims or otherwise) relating to this Addendum shall under any circumstances exceed

[**] in the aggregate.

 

6.
Galileo acknowledges that the Customer was party to a Merger Agreement dated on or about January 5, 2022, whereby “Dave Operating LLC” is the surviving entity of the transactions contemplated therein, such that all references to Customer hereinafter refer to “Dave Operating LLC”.

 

7.
This Addendum constitutes the entire agreement between Customer and Galileo concerning the subject matter of this Addendum. Except as explicitly modified by this Addendum, all of the terms and conditions of the Agreement shall remain in full force and effect. This Addendum may be executed in any number of counterparts, each of which when so executed and delivered shall be deemed an original and all of which counterparts, taken together, shall constitute one and the same instrument. Delivery of an executed counterpart of this Addendum by telefacsimile shall be equally as effective as delivery of an original executed counterpart of this Addendum. This Addendum is governed by and must be construed under the laws of the State of Utah.

 

[Remainder of Page Intentionally Left Blank]

 

IN WITNESS WHEREOF, this Addendum is executed effective as of the Effective Date.

 

 

Dave Operating LLC: Galileo Financial Technologies, LLC:

 

By: /s/ Kyle Beilman By: /s/ William Kennedy

Name: Kyle Beilman Name: William Kennedy

Title: Chief Financial Officer Title: Chief Financial Officer