TERMS & CONDITIONS
Thank you for your interest in the Grindrod Bank API.
Please read these Grindrod Bank API terms and conditions (“T&C’s”) carefully, as they are the legal agreement between you the Fintech company (below referred to as the Fintech, you or yours) and Grindrod Bank Limited (below referred to as Grindrod, us or we). By signing the T&C’s this indicates your acceptance and you agree to be bound by these T&C’s. If you are accepting on behalf of a legal entity, you represent and warrant that you are expressly and duly authorized to accept these T&C’s on behalf of the entity.
If you do not accept these T&C’s, you may not use or access the API.
Please see the definitions section at the end of these T&C’s for any capitalized terms not otherwise defined.
- 1. GRANTING YOU ACCESS TO THE API
- 1.1. Grindrod grants you a limited, non-exclusive, revocable, non-transferable, non-sub licensable access to use the API solely for purposes of developing, testing, and using App’s in the Sandbox.
- 1.2. Access to the API is also subject to any and all instructions we may issue to you and any documentation we may make available regarding the API.
- 1.3. These T&C’s relate solely to developing, testing, and using Apps in the Sandbox and does not grant you any right or license to conduct or process transactions using our services or systems, or authorise persons outside your legal entity to access or use the API or Sandbox.
- 1.4. If you violate any T&C’s, this license will automatically terminate.
- 2. RESPECTIVE PRIVACY OBLIGATIONS
- 2.1. At all times, the Fintech, your Apps and your use of the API will comply with all Applicable Law, regulations and best practices concerning privacy, including the obligations stipulated in the Protection of Personal Information Act, data protection and on demand or downloadable software.
- 2.2. The privacy of the Personal Information (Personal Information shall be for the information set out in section 1 of the Protection of Personal Information Act No 4 of 2013 (“POPI”). The Fintech will ensure that all the Grindrod’s Personal Information will not be disclosed, transferred or sold to any third party for any purpose.
- 3. OUR API AND APP DEVELOPMENT RIGHTS
- 3.1. You acknowledge and agree that Grindrod may independently create additional API’s, Apps, content, and other products or services that may be similar to or in competition with your Apps, their content and your other products and services.
- 3.2. Nothing in these T&C’s will restrict or prevent us from creating and fully exploiting such API’s, Apps, content, products and services and other items, without any obligation to you.
- 4. PROMOTION OF YOUR APPS
- 4.2. You may not use any of the Grindrod brands (including, indicia, trademarks, service marks, trade names, logos, symbols or brand names) or otherwise refer to the API.
- 4.3. You also may not claim or in any way imply in any advertising that your Apps are created, certified, sponsored, or endorsed in any manner by Grindrod. To clarify, this means that you cannot refer to Grindrod or the API in advertising, publicity releases, or promotional or marketing publications or correspondence to third parties without, in each case, securing our prior written consent.
- 5. YOUR USE OF THE APIs
- 5.1. Grindrod will try to ensure that future versions of our API are backward compatible to at least the previous version to the extent reasonably possible.
- 5.2. We may modify or update our APIs from time to time
- 5.3. We may limit the number of API calls we permit you to make during any given period and will advise you of this.
- 5.4. We may, in our sole discretion, charge you for API calls that exceed the call limits or terminate your access to the API.
- 5.5. Our call limits will be based on various factors, including the ways your Apps may be used or the anticipated volume of use associated with your Apps. If we believe that you have attempted to exceed or circumvent these limitations, we may temporarily or permanently block your ability to use APIs or the API.
- 5.6. You agree that we may collect certain usage data and information related to your use of our APIs and the API, and that we may use such usage data for any business purpose, internal or external, including providing enhancements to the API, or Grindrod services, providing support, or otherwise.
- 6. OUR PROPRIETARY RIGHTS
- 6.1. We retain all right, title, and interest, including, all intellectual property rights, not otherwise expressly granted herein, including to the API, the Developer Program Tools, our systems, services, and branding, as well as any derivative works and compilations based on the foregoing.
- 6.2. Use of any proprietary right without the express written permission of Grindrod is expressly prohibited.
- 7. YOUR REPRESENTATIONS AND WARRANTIES
- 7.1. The API, and other content provided through these T&C’s are provided “as is,” “as available,” and with all faults. We do not represent or warrant that the foregoing will be error free, uninterrupted, free from spyware, malware, adware, viruses, worms, or other malicious code, or will function to meet your requirements.
- 7.2. You represent and warrant to us that:
• The information you and your developers provide us regarding your registration and use of the API and Apps is true and correct;
• You own or have properly licensed all rights necessary to develop, distribute, and use your App;
• Your Apps will not infringe the intellectual property rights of any third party; and
• Your use of the API and Sandbox will comply with all Applicable Law.
- 8. LIMITATION OF LIABILITY
- 8.1. Grindrod Bank and its business partners, employees, representatives, and Affiliates are not and shall not be liable to you or any third party for any direct, indirect, special, punitive, exemplary, consequential, or any other damages whatsoever.
- 8.2. You waive any and all claims, now known or later discovered, that you or any third party may have against us or our business partners, employees, representatives, or Affiliates arising out of the API or any content or information provided to you under this T&C’s.
- 9. INDEMNIFICATION
- 9.1. You will indemnify, defend, and hold harmless Grindrod Bank, its subsidiaries, affiliates, directors, officers, agents, employees, advertisers, vendors, suppliers, licensors, and partners from and against any and all claims, liabilities, damages (actual and consequential), losses, fines, and expenses arising from or in any way related to:
• Your participation in the API;
• Your Apps;
• Your breach of this T&C’s;
• Use of your Apps; or
• Trademarks, service marks, names, logos, avatars and similar identifiers, and all other intellectual property you provide regarding the API.
- 9.2. You may not enter into any stipulated judgment or settlement that purports to bind us without our prior express written authorization, which will not be unreasonably withheld or delayed.
- 10. CONFIDENTIAL INFORMATION
- 10.1. Our communications to you and the API may contain Grindrod Confidential Information. You will treat all Grindrod Confidential Information as strictly confidential and use the same degree of care to prevent disclosure of Grindrod Bank’s Confidential Information as you would use with respect to your own most confidential and proprietary information.
- 10.2. All Grindrod Confidential Information is and remains our property, and, except as expressly provided in this T&C’s:
(i) no license or other right in any Grindrod Confidential Information is granted to you, and
(ii) you may not use or disclose any Grindrod Confidential Information without our prior written consent. On termination of these T&C’s or on our written request at any time, you will destroy or return to us all Grindrod Confidential Information in your custody or control.
- 10.3. This provision will survive any termination of these T&C’s for so long as you have in your possession any Grindrod Confidential Information.
- 11. CREDENTIALS
- 11.1. You and your authorized developers and users will not share your Login Credentials and Credentials and will reasonably and appropriately restrict access to your developer accounts.
- 11.2. You are responsible for maintaining the confidentiality and security of your Credentials and Login Credentials and will immediately notify us of any related breach or disclosure.
- 11.3. You may not sell, transfer, sublicense, or otherwise disclose your Credentials or Login Credentials or use Credentials or Login Credentials for any other purpose than as authorized under this T&C’s.
- 11.4. You are responsible for maintaining up-to-date and accurate information (including a current e-mail address and other required contact information) for your accounts.
- 11.5. As a condition to register and receive Credentials and Login Credentials, we may require you to submit certain information to authenticate your identity. From time-to-time, we may require you to renew your registration for the API or the Credentials.
- 12. RESTRICTED ACTIVITIES OF THE FINTECH COMPANY
- 12.1. Relating to your participation in the API, you will not (and will not allow anyone else to) do any of the following:
• Gain unauthorized access or use to, or otherwise damage, impede, or disrupt our services or systems, including through fraudulent or disruptive means;
• Engage in fraudulent or illegal conduct of any kind;
• Access or use the API for the benefit of our competitors, or to compete with us;
• Transmit any viruses, worms, defects, Trojan horses, or any programming of a destructive nature;
• Store or archive the API to your own or a third party’s computer systems or storage devices;
• Access or use the API to create Apps that offer or promote services that may be damaging to, disparaging of, or otherwise detrimental to us or our licensors, licensees, affiliates, or partners;
• Assign or transfer your rights or obligations under this T&C’s;
• Distribute, publish, or allow access or linking to the API or Grindrod Content from any location or source other than your Apps;
• Use the Grindrod Content to establish Grindrod user identities or user profiles;
• Collect personal information of any Grindrod user;
• Modify, decompile, reverse engineer or otherwise alter the Developer Program Tools, API or Grindrod Content;
• Use robots, spiders, crawlers, scraping or other similar technology to access or use Grindrod Content or any Grindrod Bank site or services to obtain any information beyond what Grindrod provides to you under this T&C’s;
• Use the API or APIs in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage or otherwise fails to comply or is inconsistent with any part of the Grindrod developer documentation;
• Use any information we provide to dispute or contest the validity of Grindrod Bank’s intellectual property rights;
• Use the names, trade names, trademarks, service marks, slogans, logos, domain names, or other indicia of Grindrod including any use that in any way would:
◦ Imply a relationship or affiliation with Grindrod;
◦ Imply that Grindrod sponsors or endorses you or your Apps;
◦ Be reasonably interpreted to suggest your Apps have been authored certified, or in any way approved by Grindrod;
◦ Disparage Grindrod, its products or services; or
◦ Tarnish, dilute, or otherwise impair Grindrod or any of the Grindrod brands;
• Attempt to register any trademarks or service marks or other brand identifiers (including, trademarks and domain names) that are confusingly similar in any way (e.g., in sound, in appearance, in spelling) to any of the Grindrod brands;
• Create a unitary composite mark involving the Grindrod brands; or
• Remove any copyright notice or other Grindrod source identifier contained in the APIs.
- 13. MODIFICATIONS
- 13.1. We may add or change features, and functionality to the API at any time.
- 13.2. We may discontinue, modify, or change the API, our related systems and services at any time and may not tell you in advance.
- 13.3. We may require you to obtain and use the most recent version of the API to retain functionality of your Apps.
- 13.4. Modifications and changes to the API, Developer Program Tools, and Grindrod Bank’s services and systems may affect your Apps, requiring you to change your Apps at your own cost.
- 13.5. We will have no liability or obligation to you for any modifications or changes we make to the API or our services or systems.
- 13.6. While we currently make the API available without charge to developers, we may in the future charge for access to or use of the API or at any time, and on a case by case basis.
- 14. TERMINATION
- 14.1. We may, in our sole discretion, refuse to issue Credentials, revoke your Credentials or access to the APIs, suspend Apps, discontinue your participation in the API, decline or withdraw certification, or terminate these T&C’s at any time.
- 14.2. We will attempt to provide notice where possible of any such action, but reserve the right to do so without prior notice.
- 14.3. On termination of these T&C’s for any reason, the rights and licenses granted to you will immediately terminate. You will, however, remain responsible for providing support to your Apps’ users and notifying them of the termination.
- 14.4. We may provide a termination notice period to you for certain Apps as may be required by Applicable Law.
- 15. WAIVER
- 15.1. Our failure or delay to exercise or enforce any right or provision of these T&C’s or our rights under Applicable Law does not mean we waive any of those provisions or rights. If any provision of these T&C’s is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court will give effect to the parties’ intentions as reflected in the provision, and the other provisions of the T&C’s remain in full force and effect.
- 16. GOVERNING LAW
- 16.1. These T&C’s will be construed, interpreted, and performed exclusively according to the laws of South Africa.
- 16.2. The Fintech will ensure that at all times, the Fintech, its use of the API and Apps will be compliant with any necessary Law, regulations, licenses required, in the jurisdiction that the Fintech operates.
- 17. RELATIONSHIP OF THE PARTIES
- 17.1. These T&C’s do not create a joint venture, co-ownership, partnership, employment or agency relationship between you and us.
- 17.2 Neither you nor Grindrod will have the authority to incur, assume, or create, orally or in writing, any liability, obligation, or undertaking of any kind in the name of, or on behalf of, or in any way binding upon, the other.
- 18. AUDIT AND ACCESS
- 18.1. Transparency is important to us, but there may be times when we will need to monitor and or audit your compliance with these T&C’s.
- 18.2. You agree that we may monitor and audit your Apps or activities relating to your use of the API or Developer Program Tools.
- 18.3. You will promptly provide us with access, free of charge, to your Apps and any other information that we may request from you from time-to-time regarding use and operation of the API or your Apps to verify your compliance with this T&C’s.
- 18.4. If you fail to provide this access, we may terminate these T&C’s or your use of any and all Credentials immediately.
- 18.5. Your failure to reasonably comply with our efforts to audit your compliance with these T&C’s is a material breach of this T&C’s.
- 19. AVATARS AND SIMILAR IDENTIFIERS
- In connection with your participation in the API, you may be permitted to use avatars and other similar identifiers to represent yourself and your Apps. We will specify the format and other parameters for the representations. Your representation may not be unlawful, harmful, threatening, intimidating, abusive, harassing, tortuous, defamatory, derogatory, vulgar, obscene, libelous, invasive of another's privacy or publicity rights, disrespectful, hateful, or racially, ethnically or otherwise objectionable. We may reject or remove any avatars and similar identifiers at any time without telling you. You are solely responsible for obtaining all rights necessary to furnish your avatar and similar identifiers to us for use in connection with the API.
- 20. FEEDBACK
- 20.1. You may provide feedback, suggestions, comments, improvements, ideas, etc. to us (collectively “Feedback”), regarding the API. Feedback is voluntary and we are not required to hold it in confidence.
- 20.2. We may use Feedback for any purpose without obligation of any kind.
- 20.3. You forever waive and agree never to assert against us or our business partners, employees, representatives, Affiliates, successors and licensees any and all moral rights that you may have in the Feedback even after expiration or termination of this T&C’s, to the extent permitted by Applicable Law.
- 21. LEGAL PROCESS AND REGULATORS
- 21.1. We may, without telling you, furnish any regulator or other governmental authority, both foreign and domestic, with information about your Apps and your use of the API.
- 22. AMENDMENTS
- 22.1. No amendment, interpretation or waiver of any of the provisions of this agreement shall be effective unless reduced in writing and signed by both parties.
- 22.2. It is specifically recorded that physical writing and signature of the Parties is required for the purposes of any such variation, modification and/or cancellation and all electronic forms of writing or signature as contemplated in section 13 of the Electronic Communications and Transactions Act 25 of 2002, are expressly excluded.
- 23. ENTIRE AGREEMENT
- 23.1. This agreement contains the entire agreement of the parties with respect to the subject matter of this agreement and supersedes all prior agreements between the parties, whether written or oral, with respect to the subject matter of this agreement.
- 24. DEFINITIONS
- “Affiliate” means any entity that controls, is controlled by, or is under common control with, in each case either directly or indirectly, either Grindrod or you, respectively.
- “Applicable Law” means all: (a) laws (including common law), ordinances, regulations, and codes; and (b) orders, requirements, directives, decrees, decisions, judgments, interpretive letters, guidance (oral or written) and other official releases of any regulator that are applicable to Grindrod Bank.
- “Apps” means the software application, website or other interface that you develop, own or operate that interacts with the APIs.
- “Grindrod Content” means all of the information we provide to you for your use in connection with this T&C’s, including documentation and information stored in and retrieved from the API and Sandbox. For the avoidance of doubt, Grindrod Content does not include information that you obtain independent of us and the APIs.
- “Confidential Information” includes the Developer Program Tools, Grindrod Content, processes, programs, testing procedures, software design and architecture, computer code, internal documentation, design and function specifications, product requirements, problem reports, analysis and performance information, and any other information which gives us the opportunity to obtain some competitive business advantage, or the disclosure of which could be detrimental to our interests, or which is:
24.1.1. marked “confidential,” “restricted,” “proprietary information,” or other similar marking;
24.1.2. known to be considered confidential and proprietary;
24.1.3. received under circumstances reasonably interpreted as imposing an obligation of confidentiality; or
24.1.4. any confidential transaction data.
- “Credentials” or “Login Credentials”mean the confidential security keys we provide to you for your use of the API, including the client id, certificate id, and app id.
- “Master Developer Account” means the developer account on our API that allows a developer to create additional Authorized Developer Accounts for other developers associated with the same legal entity as the developer.
- “Sandbox” means a virtual space in which new or untested software or coding can be run securely.
- “Developers” means the natural persons at the Fintech company responsible for accessing the API.
- “End users” means the Fintech company’s client.
- HOW THIS WORKS
You may appreciate that Grindrod Bank operates in a highly regulated industry, requiring some extra care when building and maintaining API’s that may one day allow access to customer information or move funds. To ease this burden, we want to be as clear and transparent as possible in these T&C’s. This section therefore outlines our app development process.
So, here’s how this works. If we decide to grant you access, we will provide you with certain credentials for the use of our Sandbox.“Sandbox” means our test environment, which contains dummy data and functionality for you to create and test apps (including your Apps) that may eventually allow our customers to do interesting things with their Grindrod Bank accounts or other Grindrod products and services.
To gain access to the API, after you have provided us with certain information, we will create an online Master Developer Account and send you Login Credentials.
The Master Developer Account’s registered developer is liable for all activity on the API associated with such Master Developer Account, as well as any associated Authorized Developer Accounts and your Apps’ users.
Through these accounts, you will be able to register your Apps with us. On a case-by-case basis, we may grant you access to certain application programming interfaces and related software (“APIs”) that we make available through the API, as well as relevant documentation. You will receive unique Credentials for identifying each of your Apps, and you will need these Credentials for all calls your Apps make to an API. You may allow other members of your legal entity to test your Apps within the Sandbox. Please note, however, that you, your developers, and your users may only upload dummy data to the Sandbox.
For clarity, These T&C’s only covers your initial development of Apps in the Sandbox. We will only grant you access to our live production environment if your Apps meet certain standards and are certified. We also require a production T&C’s with you (which we may elect not to do). Please see the following section for further, high-level discussion of this point.
- POTENTIAL STEPS AFTER SANDBOX TESTING
We may select certain Apps to move past Sandbox testing. As discussed above, so to progress, your Apps will need to be certified. To certify your Apps, our team will need to be satisfied that the Apps meet certain standards, specifications, and policies, some of which our regulators expect. Because technology and the regulation of financial services continually evolve, we need the ability to evolve our certification requirements as well. We also must reserve the right to withdraw our decision to certify, if we consider it appropriate.
To help you avoid wasting time though, please consider the following current expectations for all Apps, which should:
• Incorporate enrollment and authentication technologies, processes and procedures appropriate to mitigate the risk of unauthorized enrollment or access to sensitive customer information or funds transfer functionality;
• Validate device characteristics (e.g., level of security controls, operating system type, operating system version, whether the mobile device is rooted or jailbroken, and patch status);
• Contain a process to deactivate older versions that no longer meet minimum security requirements or prompt the end user to upgrade to an acceptable version;
• Ensure that critical information (e.g., passwords and account or card numbers) does not reside directly on a device, unless essential to the Apps’ functionality. If critical information does reside on the device, the Apps should encrypt and securely store such information (e.g., within an encrypted data section or within encrypted storage in the file system);
• Employ secure development and distribution techniques for Apps;
• Collect any end user information only as necessary, and appropriately secure such information and any derived analytics reporting available within or external to the Apps;
• Mitigate the risk of unpatched devices or those that are no longer supported by the manufacturer;
• Securely wipe any sensitive end user information upon exiting the Apps; and
• Secure back-end servers containing the App and customer data.
We may also require that your Apps comply with certain privacy policies, end user obligations, and procedures that we stipulate. Please note that your Apps development processes may be subject to audit and must employ secure techniques and rigorous testing. Please also account for these realities with any use of open source software.