Terms and Conditions for Use of the Bank Mandiri API Portal and Sandbox

PT Bank Mandiri (Persero) Tbk., (hereinafter referred to as “Bank Mandiri”) has prepared the Terms and Conditions of the API Portal and Sandbox of Bank Mandiri (“Terms and Conditions”) as guidelines for the User in using the website of API (Application Programming Interface) Developer of Bank Mandiri.
 

About the Terms and Conditions
The User must carefully read the Terms and Conditions before using the website of API Developer of Bank Mandiri and API Sandbox of Bank Mandiri operated by Bank Mandiri (the "Service"). These Terms and Conditions apply to all visitors and users who access or use the Service. By accessing or using the Service, the User agrees to comply with all of these Terms and Conditions.

Use of Service
If the User enters this Service on behalf of a company, organization or another legal entity ("Entity"), the User agrees to these Terms and Conditions on behalf of the Entity and represents to Bank Mandiri that the User has the authority to bind the Entity and any of its Affiliates to this Service, in which case the terms “License Recipient”, "User" or related capitalized terms in these Terms and Conditions will refer to the Entity and any of its Affiliates. If the User does not have such authority, or if the User does not agree to these Terms and Conditions, the User is prohibited from receiving this Service and is not permitted to access or use API.
 

Definitions
The capitalized terms will have the following meaning:

• API is a collection of functions, documentation and protocols of products accompanying or related to source code, executable applications and other materials owned by Bank Mandiri through the API portal which enables Partners/Prospective Partners to run a test through a sandbox simulator which has been provided.
• Application means web or other software services or applications developed by Users that use or interact with API and are permitted to be published.
• Credential is a third-party application identity used to access API of Bank Mandiri.
• User is a representative of Partners/Prospective Partners who is tasked to develop applications to be integrated with banking services of Bank Mandiri.
• Intellectual Property Rights means patents, inventions, copyrights, trademarks, domain names, trade secrets, expertise and all other intellectual property and/or proprietary rights. 
• Sandbox is an interface for Partners/Prospective Partners of Bank Mandiri to run a trial and error test on selected API services.
• Visitor is a party who has access to the API portal of Bank Mandiri.
• Certification is a series of stages of testing carried out by Bank Mandiri on User-developed Applications before they enter the Production process.
• End User is a party who has access to applications that have been connected through the Service to Bank Mandiri Products.
• Bank Mandiri Products are financial services provided by Bank Mandiri which consist of various products and can be selected by the User and connected to the Applications to be used by the End User.

Requirements

The User must carefully read these Terms and Conditions before using (the "Service"). These Terms and Conditions apply to all visitors and users who access or use the Service. By accessing or using the Service, Users agree to comply with all of these Terms and Conditions:

• The User is a business entity both incorporated and unincorporated as regulated in the provisions of laws and regulations in Indonesia.
• Registration for use of the Service is carried out by providing valid information on identity. The User guarantees that all information provided for registration to Bank Mandiri is valid and current, and the User must immediately inform Bank Mandiri if there is a change in the data provided.
• The User understands that all activities in the Service are the property of Bank Mandiri and are subject to the regulations of Bank Mandiri.
   

Terms and Conditions

• Registration
  After the Visitor requests registration, the Visitor will receive an email containing an account activation link. If the Visitor provides identity information which is invalid or does not comply with the requirements for registration of API of Bank Mandiri, Bank Mandiri has the right to deactivate the account. If the account activation is successful, the Visitor officially becomes a User and has a registered Developer Account and is responsible for all activities in API Portal. Bank Mandiri has the right to deactivate any inactive registered account without the consent of the owner of the account.
• Access to API Sandbox of Bank Mandiri
  The User is only allowed to access the API Sandbox of Bank Mandiri in the manner described in the documentation of website developer of API of Bank Mandiri. If Bank Mandiri provides the User with confidential data (for example, ClientID), the User must maintain the confidentiality of the data. The data provided is only valid for API services that the User have the right to access. The User must not cover and/or hide the User's identity when using the API Sandbox of Bank Mandiri. The User must not reproduce the API documentation of Bank Mandiri and distribute it without the permission of Bank Mandiri. In the account provided, the User can register an Application and access a certain API that Bank Mandiri provides through the API Portal with relevant documentation. The User will receive a unique credential to identify each User’s Application and the User will need this credential for all calls made by the User’s Application to API.
• Data of API Sandbox of Bank Mandiri
  The User agrees that the data accessed through the API Sandbox of Bank Mandiri is dummy (experimental) information. Bank Mandiri may change and/or delete the data without prior notice. These Terms and Conditions only cover the initial development of the User’s application in the Sandbox. To get access to Production, the User application must meet certain standards and obtain the certificates and permits in accordance with applicable regulations. The User must also enter into a cooperation agreement with Bank Mandiri before Production.
• Potential Steps After Sandbox
  To enter the Production mode, a User’s Application must go through certification, which aims to ensure that the Application does not have any flaws and the potential to cause harm when used by the public. The testing conducted by Bank Mandiri uses tests based on the standards set by Bank Mandiri and the regulators. The following are the expectations of the Application that Bank Mandiri has determined:
  • It combines the appropriate registration, authentication, process and procedure technologies to reduce the risk of unauthorized registration or access to sensitive customer information.
  • It has validation of device characteristics (e.g., level of security control, type of operating system, operating system version, if the device is rooted or jailbroken and patch status).
  • It contains a process to deactivate an older version that no longer meets the minimum-security requirements or ask the end-user to upgrade to an acceptable version.
  • It ensures that important information (e.g., password and account number or card number) is not directly available on the device, unless it is important for the functionality of the Application.
  • If important information is on the device, the Application must encrypt and store it securely (e.g., in the encrypted part of the data or in the encrypted storage in the file system).
  • It must contain the User’s agreement, security and data storage.
  • It uses development and distribution techniques that are safe for it.
  • It collects any end-user information only if it is necessary and stores it in a safe place and any available relevant analysis reported inside or outside the Application.
  • It reduces the risks of devices that have not been shipped or are no longer supported by the manufacturer.
  • It safely deletes sensitive end-user information when the User exits the Application.
  • It secures the back-end server that contains the Application and customer data.
    
    The User is also required to comply with certain privacy policies and procedures. The process of developing a User’s Application will be audited to ensure that the User uses safe programming techniques. Therefore, the user is required to use open-source software.
     
• Limitations on API Sandbox of Bank Mandiri
  Bank Mandiri has the right to set API usage limitations, for example the type and number of transactions per second (TPS) in API requests that users can access. Hence, the User agrees not to attempt to go beyond any of these API limitations. If the User goes beyond the limitations, a temporary or permanent block will be imposed on the User to the API Portal or API Sandbox services. If the User intends to use API of Bank Mandiri beyond the specified usage limitations, please contact us at api.support@bankmandiri.co.id.
• Licensed Granted
  Bank Mandiri grants the User with a limited License to access and use API Portal for the purpose of developing, testing and using the Application in the Sandbox. Bank Mandiri does not grant the User with any License other than the above (for example, processing transactions using the services or systems of Bank Mandiri). If the User violates these Terms and Conditions, this license will automatically terminate.
• Right to Application Development (Noncompete Clause)
  The User agrees that Bank Mandiri may develop applications, contents, and other products or services that are similar or compete with the User’s Application.
• Credentials
  The User must not share Login Credentials and User’s Credentials. The User must maintain the safekeeping of Login Credentials and User Credentials and immediately report any violations that occur. The User may not use Login Credentials and User Credentials for purposes other than what is permitted in these Terms and Conditions. The user must enter the latest information about the User's contact (email, telephone number, and other contact information) and at any time Bank Mandiri will ask the User to renew the User's registration for the API Portal, Sandbox, or Credentials.
• Monitoring
  THE USER AGREES THAT BANK MANDIRI MAY CONDUCT MONITORING OF THE USE OF API SANDBOX TO MAINTAIN THE QUALITY OF SERVICES, IMPROVE THE QUALITY OF PRODUCTS OF BANK MANDIRI, AND INSPECT THE COPMPLIANCE OF THE USE OF API SANDBOX. In the context of monitoring, Bank Mandiri has the right to have access for the purpose of preventing criminal acts against Bank Mandiri. Bank Mandiri based on certain considerations may terminate the access of API User to Bank Mandiri
• Prohibitons
  In using the Service, The User is prohibited from:
  • Transferring the use of API of Bank Mandiri to other parties in any manner whatsoever.
  • Storing, imitating, changing and/or disseminating contents and features of API services of Bank Mandiri for commercial purposes beyond the transactions on the use of API services of Bank Mandiri.
  • Spreading/saving/planting viruses or similar technology (malware) that may disrupt/harm the operational activities and/or use API of Bank Mandiri.
  • Interrupting or disrupting the API, server or API networks of Bank Mandiri.
  • Promoting or facilitating illegal activities in Indonesia (such as gambling and pornography).
  • Removing and/or amending the Terms and Conditions.
  • Using software, programs, algorithms, methodologies, and other automated tools such as deeplinks, spiders, page-scraps, robots, click spam, or crawl to monitor, access, obtain information, generate searches, copy, or collect data, information or contents found on this Service, or using the manual process which for the purpose of interfering with Bank Mandiri's operational activities and/or use of APIs of Bank Mandiri.
  • Applying API outside the territory of the Republic of Indonesia
• About the Use of Promotion and Marketing
  The User hereby grants Bank Mandiri with all of the rights and approvals required for promotional and marketing purposes. Bank Mandiri may promote, market, or demonstrate the Services that the User uses by using User the logos / brands of the User or the product names of the User/the User’s company.
• Use of API
  Bank Mandiri will make its best efforts to ensure that the future versions of API Bank Mandiri will be compatible with versions that are not too far from the previous versions. Bank Mandiri may modify or update API of Bank Mandiri from time to time. The user agrees to the use of data and information collected through the use of the API Portal and Sandbox by the User for internal and external business purposes including provision of additional devices.
• Bank Mandiri Products
  Bank Mandiri provides financial services to give ease for the User and the End-User. The User understands that each of products of Bank Mandiri has rights and obligations that may be different, so the User will first learn the Terms and Conditions of each of the Products before binding itself to each of the agreements on Bank Mandiri Products.
• Confidential Information
  The communication between Bank Mandiri and the User in the API Portal may contain Confidential Information. The user as a service user is must maintain the confidentiality of information and must prevent the disclosure of that information. All Confidential Information of Bank Mandiri is the property of Bank Mandiri, and, except as expressly specified in these Terms and Conditions: (i) no license or other rights in the Confidential Information of Bank Mandiri are given to the User, and (ii) the User may not use or disclose any Confidential Information of Bank Mandiri without prior written consent of Bank Mandiri. If the Terms and Conditions or written request have expired, the User is required to destroy or return to Bank Mandiri all of Confidential Information of Bank Mandiri. This provision will continue to apply as long as the User still has the Confidential Information of Bank Mandiri.
• Intellectual Property Rights The User acknowledges that Bank Mandiri has a license for the Service including any and all copyrights, patents, trade secrets, moral rights and other related intellectual property rights and that the User has no right, title or interest in the license for the Services, except for the rights to use as permitted under these Terms and Conditions.
• INDEMNITY
  BANK MANDIRI IS NOT RESPONSIBLE FOR:
  • Loss of part or all of the profits, revenues and/or data when the User uses the Service;
  • Direct or indirect loss and damage caused by the User's negligence dan intention;
  • Claims and accusations from any party due to misuse of the Service or violation of the Terms and Conditions by the User or end users of the User’s Application.

Termination
Bank Mandiri based on certain considerations has the right to terminate or stop the access to the Service. The termination of Service may be temporary or permanent according to the Service policies of Bank Mandiri which will be notified to the User. The termination of service may be imposed if Bank Mandiri identifies a potential violation by the User in using the Service, and the User will be given at least 45 calendar days to repair the Application so that the User can use the Service again. Permanent termination will be imposed if the User has made efforts or take actions or failure to make repair to a potential violation so that it disrupts the security/access/use of the Service and makes it potentially harmful to Bank Mandiri. The User can propose a repair within a period of at least 30 calendar days before the service is permanently terminated for the User from the receipt of notification from Bank Mandiri. After Bank Mandiri permanently terminates the User's access to the Service, the User must immediately delete the cache or content that the User has stored.

Amandment
Bank Mandiri may amend or replace any term n these Terms and Conditions at any time. Any amendment will be informed by Bank Mandiri through any means in accordance with applicable regulations.

Compliance with Laws
The User must follow the Terms and Conditions and the applicable provisions of laws. The User is prohibited from using the services for the purpose of encouraging or promoting illegal or unlawful activities. The use of services is governed by the provisions of laws of the Republic of Indonesia.

Force Majeure
The User will indemnify Bank Mandiri from any claims if there are events or circumstances beyond the control of Bank Mandiri including but not limited to computer virus or Trojan horse malicious components that may interfere with the Service, natural disasters, wars, riots, malfunction of equipment, systems or transmissions, power disruption, telecommunications disruption, government policies, and other events or circumstances beyond the control of Bank Mandiri.

Miscellaneous

• The User guarantees and is willing to provide the access rights for audit purposes to the competent authorities (Bank Indonesia, Indonesian Financial Services Authority), and/or external auditors appointed by government agencies, and to receive information for inspection purposes, including access rights, reasonably and physically to the data managed by the Parties in connection with the implementation of these Terms and Conditions by observing the applicable provisions of laws and regulations in Indonesia.
• Each Party is responsible for any and all tax obligations that must be borne by each Party in connection with the implementation of the cooperation as stated in these Terms and Conditions in accordance with the applicable taxation regulations in Indonesia.