CONFIDENTIAL TREATMENT REQUESTED—REDACTED COPY

Confidential Treatment has been requested for portions of this Exhibit. Confidential

portions of this Exhibit are designated by [*****]. A complete version of this Exhibit has

been filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

Exhibit 10.7

SERVICE AGREEMENT

The following are parties in this private Instrument, hereinafter referred to together as “Parties” and individually as “Party”, on one side:

PAGSEGURO INTERNET SA, a company headquartered in the city of São Paulo, São Paulo State, at Avenida Brigadeiro Faria Lima, n^o 1384, 4⁰ andar — Parte A, Jardim Paulistano, Brazil, CEP 01451-001, enrolled on the Corporate Taxpayer’s National Register at the Ministry of Finance (CNPJ/MF) under no. 08.561.701/0001-01, hereinafter referred to simply as “PAGSEGURO” and on the other UOL DIVEO TECNOLOGIA LTDA., a limited company, with headquarters in the city of São Paulo, São Paulo State, at Alameda Barão de Limeira, 425, 1⁰ andar, Campos Elíseos neighborhood, CEP 01202-001, enrolled on the CNPJ/MF under no. 01.588.770/0001-60, hereinafter referred to simply as “CONTRACTOR”, both belonging to the same economic group of UNIVERSO ONLINE (UOL), represented in the form of its articles of incorporation.

In witness whereof, the Parties execute this Service Agreement (“Agreement”), which they mutually accept, grant and undertake to comply with fully, in accordance with the terms and conditions established below:

1. - PURPOSE

1.1. The purpose of this Agreement is for the CONTRACTOR to provide PAGSEGURO with consultancy, development, implementation, maintenance, management of computer programs (“Software”) and technical support services, in accordance with PAGSEGURO’s business rules and processes, inherent to the scope of this instrument, which will be defined by means of the Technical- Commercial Proposal(s) attached to this Agreement, which, duly validated and accepted by PAGSEGURO, will be an integral part of this covenant.

1.1.1 Each request to be executed by the CONTRACTOR will be the subject of a specific Proposal, in which all the particularities of that service provision shall be provided, in a detailed and meticulous manner.

1.2. The CONTRACTOR represents that the services it provides are included among those that make up its business purpose and that it has knowledge and experience in the execution thereof, as well as that it has all the registrations and licenses necessary to perform them with PAGSEGURO, there being is no restriction or impediment thereto.

1.3 The CONTRACTOR will be solely responsible for the Services to be provided to PAGSEGURO, and cannot subcontract third parties to perform them, except with PAGSEGURO’s prior and express authorization.

1.4 In the event of any divergence between the provisions of the Technical-Commercial Proposal(s) and the provisions of the Agreement, the provisions of the Agreement will prevail, except with respect to the amounts contained only in the Technical-Commercial Proposal(s).

2. – ACCESS TO THE PAGSEGURO NETWORK

2.1 The CONTRACTOR, for itself, its professionals, as well as for all those who may be involved in the use of the respective equipment, will be responsible for access to the PAGSEGURO’s Corporate network, and will be jointly responsible for compliance with the PAGSEGURO’s access security rules, which shall mandatorily be followed, in accordance with the following:

a) It is aware that it read and understood this Agreement;

1

EXECUTION VERSION

b) It is responsible for compliance with the requirements contained herein, as well as PAGSEGURO’s Access to the Corporate Network Policy;

c) It will pass on to its employees, representatives, and all those who may be involved in the use of the respective equipment, the obligation to comply with the rules established herein; and

d) It will arrange for its professionals, representatives, as well as all those who may be involved to sign the individual Statement of Liability for the use of the equipment and respective access to it.

2.2 The CONTRACTOR is aware of and agrees that:

a) Access to PAGSEGURO’s corporate network of is solely for the specific use related to the purpose of this Agreement, excluding any other type of activity or access;

b) The responsibilities established in this Agreement are valid regardless of the physical location of the CONTRACTOR;

c) In accordance with the PAGSEGURO’s security policy, the maintenance of confidentiality and the correct handling of the information accessed is the sole responsibility of the CONTRACTOR;

d) The access system to PAGSEGURO’s corporate network ensures the authenticity and non-denial of the access and operations executed by the CONTRACTOR;

e) All access and operations are registered and may be audited at any time, without prior notice, by PAGSEGURO’s information security and human resources areas.

f) PAGSEGURO’s password and software license or those acquired from third parties for PAGSEGURO and any device provided for access to the PAGSEGURO network are for personal, non-transferable use and the responsibility of the CONTRACTOR;

g) All the controls and security requirements in the secure access policy to PAGSEGURO’s Corporate network shall be used by the CONTRACTOR and its professionals, representatives and others who have access;

h) Only equipment that complies with the minimum requirements determined by the PAGSEGURO security area is authorized and allowed to access the PAGSEGURO Corporate network. In no case may the CONTRACTOR use, in the provision of the services that are the subject matter of this Agreement, equipment not approved by PAGSEGURO;

i) The architecture and system used to access the PAGSEGURO Corporate network shall be the one indicated by the PAGSEGURO security area, excluding any other;

j) The equipment used to access the PAGSEGURO Corporate network must only use operational systems, anti-virus software, personal firewall and anti-spyware approved and indicated by the PAGSEGURO Corporate Support;

k) In the identification of any security incident or improper access, the CONTRACTOR shall notify PAGSEGURO immediately; and

l) The CONTRACTOR is liable for the use of the equipment, excluding any and all of PAGSEGURO’s liablity, for any damages caused to it when it is used in the provision of the services that are the subject matter of this Agreement, and the CONTRACTOR shall ensure the safety of the equipment.

2

EXECUTION VERSION

3. – THE CONTRACTOR’S OBLIGATIONS

3.1 In addition to the provisions of this Agreement, the following constitute the CONTRACTOR’s obligations:

3.1.1 To perform the contracted services in accordance with the technical specifications and standards agreed with PAGSEGURO in this Agreement and in each Technical-Commercial Proposal, using a qualified and properly trained workforce for the execution of the Services.

3.1.2 To perform the implementation, observing the efficiency, rationality and security of the systems, in addition to analyzing and solving technical problems and developing technical manuals, if necessary.

3.1.3 To be responsible for the schedules drawn up with PAGSEGURO, proposing modifications, estimating additional resource needs and even suggesting alternative schedules, always in an expressive and coordinated way.

3.1.4 To supply its employees with food, transportation and accommodation, if necessary, by virtue of the purpose of the Contract.

3.1.5 To supply PAGSEGURO with detailed reports on the services, whenever expressly and previously requested by PAGSEGURO, including a report on all occurrences during the execution of the Services (compliance with deadlines, failures, installation problems, interpersonal relationships etc.).

3.1.6 To provide to PAGSEGURO with all the means and facilities necessary for the inspection of the services, meeting all the requests it makes, promptly and unrestrictedly.

3.1.7 To obtain PAGSEGURO’s prior approval as to the employee(s)/representative(s) to be allocated for the accomplishment of this Agreement and of each Technical-Commercial Proposal, as well as to obtain prior approval from PAGSEGURO upon the need to replace and/or remove employee(s)/representative(s) already allocated.

3.1.8 To provide for the replacement of any of its employees or representatives, whose conduct violates PAGSEGURO’s internal rules or upon simple request thereof.

3.1.9 To ensure the safekeeping and maintenance of the equipment and places of service provision that may be made available by PAGSEGURO.

3.1.10 To be responsible for all tax, administrative, social security, and civil obligations arising from this Agreement, maintaining the relevant supporting documentation at the disposal of PAGSEGURO.

3.1.11 To be fully liable for any and all damages or losses that might come to be caused to PAGSEGURO or third parties as a result of the performance of this Agreement.

3.1.12 Request the exclusion of PAGSEGURO from any lawsuit in which it is involved, through a fact or an act of the CONTRACTOR’s responsibility, as a result of this Agreement, assuming, therefore, the role of defendant in the lawsuit;

3.1.12.1 PAGSEGURO will inform the CONTRACTOR of any judicial and/or administrative claim in which it might come to be involved as a result of this Agreement, and the CONTRACTOR must, without prejudice to the obligation contained in clause 3.1.9, make information, evidence and/or witnesses available to PAGSEGURO for the corresponding defense, the administration of which will remain at the sole discretion of PAGSEGURO.

3

EXECUTION VERSION

3.1.13 To reimburse PAGSEGURO for any and all amounts it is obliged to pay due to an unappealable decision, whether administrative or judicial, handed down by virtue of a fact or an act of the CONTRACTOR’s responsibility, within a maximum term of 05 (five) days counting from the delivery of the proof of payment of these expenses.

3.1.14 To adopt all necessary measures so that employees/representatives discharged from the provision of CONTRACTED services do not enter PAGSEGURO’s premises, keeping it informed about all discharges.

3.1.15 Not to employ in the execution of the services that are the subject matter of this Agreement, any former PAGSEGURO employees, except with prior and express agreement thereto.

3.1.16 Not to permit children under the age of eighteen (18) years to work at night, in dangerous or unhealthy activities, nor to allow any work for children under the age of 16 (sixteen) years, except as an apprentice from 14 (fourteen) years of age, as established in Article 7, item XXXIII of the Federal Constitution.

3.1.17 Not to use discrimination practices that are negative and restricting of access to, or maintenance of, employment relationships, such as, but not limited to, reasons of sex, origin, race, color, physical condition, religion, marital status, age, family situation or pregnancy.

3.1.18 To undertake to protect and preserve the environment, as well as to prevent and eradicate practices harmful to the environment, performing its services in compliance with the legislation in force with regard to the National Policy on the Environment and Environmental Crimes, as well as the legal, regulatory and administrative acts related to the environmental and related areas, issued by the Federal, State and Municipal spheres.

3.1.19 To inform PAGSEGURO of any queries, omissions or contradictions that may be identified in the technical documentation supplied for the execution of the services.

3.1.20 Redo or repair, at its own expense and within the terms stipulated by PAGSEGURO, any and all services considered unacceptable, even those that have already been paid.

3.1.21 Not to use PAGSEGURO’s name, trademark, logotype and/or brand logo in advertising material of any kind, except with the written authorization of PAGSEGURO.

3.1.22 To return to PAGSEGURO, when formally requested, all PAGSEGURO documents, procedures, information, products, equipment, parts and pieces that are in its possession, within a term of 48 (forty-eight) hours, counting from the date of the request.

3.1.23 The CONTRACTOR is obliged to follow the safety rules and standards used by PAGSEGURO in its establishments. It is hereby agreed that the CONTRACTOR’s employees or representatives, upon access to the PAGSEGURO premises, will wear an identification name tag.

3.1.24 The CONTRACTOR guarantees that its product/solution does not have any active or passive mechanism that allows the obtaining, copying, storage, visualization or other access to any data or records that travel through it, by the CONTRACTOR or third parties, without the express authorization of PAGSEGURO. Passive means any form of access given to third parties without the consent of PAGSEGURO for these third parties to request data. Active means any form of sending data decided on by the solution itself, but without PAGSEGURO’s consent.

4. – PAGSEGURO’S OBLIGATIONS

4.1 Make payments due to the CONTRACTOR strictly within the terms agreed in this Agreement and/or in its Technical-Commercial Proposal(s).

4

EXECUTION VERSION

4.2 Inform the CONTRACTOR, in writing, of any problems that may occur with the professionals assigned to perform the Services.

4.3 Place at the disposal of the CONTRACTOR the infrastructure, information, data and materials necessary for the execution of the services, which may be provided on the premises of the CONTRACTOR, of PAGSEGURO or in any other places that the latter might come to indicate.

5. – TERM OF VALIDITY

5.1 This Agreement shall start on January 1, 2017 and will remain in force for a term of 60 (sixty) months, renewable automatically for equal and successive periods, provided that one of the Parties does not give prior and express notification of its lack of interest in the renewal at least thirty (30) days in advance.

6. – PRICE AND CONDITIONS OF PAYMENT

6.1 PAGSEGURO will pay the CONTRACTOR the amounts set forth in the terms stipulated in the Technical-Commercial Proposal(s) attached to this instrument, by means of monthly presentation of the respective Invoice/Bill.

6.2 The payments set forth will be made upon receipt by PAGSEGURO of the Invoice/Bill sent by the CONTRACTOR, within 40 (forty) days from the date of issue.

6.3 The failure to issue by the CONTRACTOR of one or more Invoices/Bills, or even the absence on the Invoice/Bill of information, will authorize the suspension of the respective payment by the PRINCIPAL, until the CONTRACTOR issues the Invoice/Bill or corrects it, as the case may be, and delivers it immediately to the PRINCIPAL, respecting, furthermore, the term for payment set forth in Paragraph One above.

6.4 No other payment will be due to the CONTRACTOR, as well as travel, stay or other expenses related to the contracted service, unless expressly and previously authorized by PAGSEGURO, and the reimbursable amounts are limited to the amounts practiced by PAGSEGURO, in accordance with its internal policies, which will be reported at the appropriate time. This billing will come about in the same manner as described in this Agreement.

6.5 All payments will be made through the issue by the CONTRACTOR of the Invoice/Bill with PAGSEGURO’s information contained in the preamble of this instrument.

6.5.1 The failure to issue by the CONTRACTOR of one or more Invoices/Bills, or even the absence on the Invoice//Bill of the abovementioned information, will authorize the suspension of the respective payment by PAGSEGURO, until the CONTRACTOR issues the Invoice//Bill or corrects it, as the case may be, and delivers it immediately to PAGSEGURO.

6.5.2 Failure to make payments in the form and terms agreed herein due to PAGSEGURO’s fault, will result in the application of interest of 1% (one percent) per month and a late payment fine of 2% (two percent) of the amount due.

6.6 PAGSEGURO will pay for the services the execution and completion of which are duly documented by the CONTRACTOR, pursuant to and in the terms agreed herein. Any services not proven appropriately will remain pending payment until they are actually proven by the CONTRACTOR.

6.7 PAGSEGURO may deduct from the value of the Invoices/Bills fines and any compensation arising from this Agreement and/or its Technical-Commercial Proposals, including for any lost or damaged materials due to the CONTRACTOR’s responsibility.

5

EXECUTION VERSION

6.7.1 If the amounts due, in the form of the previous item, are greater than the value of the Invoice/Bill, the CONTRACTOR will be responsible for the difference, which may be discounted from future payments, including those relating to other credits that the CONTRACTOR has with PAGSEGURO.

6.8 The CONTRACTOR shall supply, when requested by PAGSEGURO, the authenticated supporting documents regarding:

a) negative certificate of federal taxes and contributions; (180d)

b) negative certificate of state taxes; (180d)

c) negative certificate of municipal taxes; (180d)

d) National Social Security (INSS) payment receipt (GPS – Social Security Form); (30d)

e) Workers’ Severance Indemnity Fund (FGTS) payment receipt; (30d)

6.8.1 The verified existence of a CONTRACTOR’s debt at any time due to non-payment of taxes, fees, contributions or charges directly or indirectly levied on the services contracted herein and/or delay in or non-compliance with the delivery of proof of discharge of all social security and employment obligations of its employees and of its subcontractors, even if partially, will imply the immediate withholding of the payment of the Invoice/Bill for Services, until the irregularity is remedied and the payment receipts are duly presented, there being no interest, monetary restatement or any adjustment, fine and/or compensation.

7. – TAXES

7.1 The prices agreed in this Agreement and in the Technical-Commercial Proposal(s) include all taxes, fees and charges directly or indirectly levied on the services contracted herein, as well as employment, social and social security contributions in force and payable on the base date of prices.

7.2 In the event of a change in the tax legislation in force, which entails the creation of new taxes, increases in the calculation basis and/or rate, or which, in any way, increases the financial burden of this Agreement, the Parties will negotiate, in good faith, any changes to the prices agreed upon herein, provided that automatic transfers or unilateral increases in prices will not be allowed under any circumstances. If the Parties do not reach a consensus regarding the new amounts to be practiced, this Agreement will be automatically terminated, by operation of law, without any charge or penalties.

8. – CONTRACTUAL BREACH

8.1 In the event of non-compliance with the obligations contracted by this Agreement, the adversely affected Party shall notify the defaulting Party for it to fulfil its obligation in a term of up to 15 (fifteen) days counting from the receipt of the notification.

8.2 PAGSEGURO, without prejudice to the right to terminate this Agreement, may demand from the CONTRACTOR compensation in the amount equivalent to the loss it causes.

9. – CONFIDENTIAL INFORMATION

9.1 The CONTRACTOR and its technical team undertake to maintain absolute confidentiality regarding PAGSEGURO’s operations, data, technical specifications, innovations, documents, and information, and which it may be aware of or have access to or be trusted with due to this Agreement, including also any and all information provided verbally (“Confidential Information”). Likewise, the CONTRACTOR undertakes, under any pretext, not to disseminate, disclose, reproduce, use or make third parties outside this contractual relationship aware of it.

6

EXECUTION VERSION

9.2 If the CONTRACTOR comes to be legally obliged to disclose PAGSEGURO’s Confidential Information by virtue of law or judicial decision, the CONTRACTOR will immediately notify PAGSEGURO in writing, so as to enable it to request in a timely manner, if necessary, a provisional measure or other appropriate measure to prevent the disclosure of the Confidential Information. If disclosure of Confidential Information is necessary, the CONTRACTOR shall disclose only Confidential Information that is legally enforceable and will use its best efforts to obtain confidential treatment for any Confidential Information that is disclosed.

9.3 The CONTRACTOR undertakes to immediately return to PAGSEGURO any and all material that contains Confidential Information, as soon as the provision of the services that are the subject matter of this Agreement and its respective Technical-Commercial Proposals is completed or terminated or on request by PAGSEGURO’s office.

9.4 The CONTRACTOR’s obligation of secrecy set forth in this Agreement and its respective Technical-Commercial Proposals will survive its termination or the termination of the provision of the services that is the subject matter of this Agreement, for a term of three (3) years, counting from the date of termination of this Agreement.

9.5 The CONTRACTOR undertakes to instruct its employees and representatives regarding these provisions, which shall be observed even after the end or termination of this Agreement.

10. – INTELLECTUAL PROPERTY

10.1 The computer programs mentioned in Clause 1 above, owned and/or in the possession of PAGSEGURO, for which the CONTRACTOR will provide the services may be subject to changes and adaptations arising from the provision of services that is the subject matter of this Agreement. Any changes to computer programs owned by PAGSEGURO that result in improvements must continue with PAGSEGURO.

10.2 Any patrimonial or exploitation rights existing or that might come to exist as a result of the services provided under this Agreement are hereby assigned and transferred to PAGSEGURO by the CONTRACTOR, definitively, exclusively, irrevocably and irreversibly, and PAGSEGURO may, within the period set forth in Article 49, II of Law no. 9.610, of February 19, 1998, regardless of any expression of opinion, consent or notification to the CONTRACTOR, and regardless of the payment of any other amount, increase or additional to the price defined below, freely use, utilize, enjoy, have the benefit, or dispose thereof (including licensing or assignment).

10.3 PAGSEGURO shall have the full right to use and economically exploit the results of the services provided by the CONTRACTOR, in any way, without any territorial, temporal or quantitative limitation.

10.4 It is expressly defined between the Parties that if PAGSEGURO identifies that the computer programs developed by the CONTRACTOR contain “bugs” or errors, such corrections will be made by the CONTRACTOR, and PAGSEGURO will not be liable for any additional costs.

11. – EMPLOYMENT LIABILITY

11.1 The parties agree that, since the CONTRACTOR is the sole and exclusive party responsible for the provision of services, it will be fully liable for all employment and social security charges, taxes, insurance, compensation and all other expenses brought about by the employment relationship, maintained by it with its employees and its other contractors and subcontractors who provide services to PAGSEGURO, in constituting a burden that is exclusively the CONTRACTOR’s.

7

EXECUTION VERSION

11.2 It is agreed that, provided that PAGSEGURO has not contributed in the filing of a lawsuit (e.g., in the case of harassment), the CONTRACTOR will assume the role of defendant in any employment lawsuit, instituted by its employees and/or subcontractors, arising directly or indirectly from this Agreement, exempting PAGSEGURO and/or its Clients from any liability in the case and promptly reimbursing any and all expenses incurred by PAGSEGURO, moral), on legal fees, procedural costs, compensation, etc.

11.2.1 If PAGSEGURO and/or its Clients are not excluded from the lawsuit, after the sending of the supporting documents, the CONTRACTOR shall reimburse the amounts spent in up to 40 (forty) days under penalty of PAGSEGURO withholding the equivalent of 35% (thirty-five per cent) of the monthly payment for a period equal to the verified delay in being excluded from the case, until all expenses are paid.

11.3 PAGSEGURO, has the option, with the express authorization hereby from the CONTRACTOR, to withhold payment from the moment it becomes aware of an employment claim in which it is a party, filed by virtue of an agreement with the CONTRACTOR. The withholding of amounts will come about upon presentation of calculations of settlement of the lawsuit to the CONTRACTOR, carried out by an expert accountant, up to the limit of the presented amounts. At the end, when the lawsuit is dismissed, the amounts will be delivered to the CONTRACTOR, monetarily corrected by the index defined by PAGSEGURO.

11.4 In the event of a court adverse judgment against PAGSEGURO, in respect of the service that is the subject matter of this Agreement, even if partial or in the first instance and even if pending a decision on appeal, the CONTRACTOR undertakes, if the option provided for in the previous item is not exercised or the amount previously withheld is exceeded, to reimburse it, for the total amount that it might come to spend, in a term of 72 (seventy-two) hours, counting from receipt of a postal letter indicating the amount owed, including the principal and all the ancillary or resulting instalments, including fees, fines, costs and procedural expenses.

11.5 If the reimbursement set forth in the abovementioned items is not made, the CONTRACTOR expressly authorizes PAGSEGURO to deduct the amount of the award, in advance, from the payments due to it as a result of the services provided. The total amount necessary to comply with the agreement or the judgment or also for an appeal deposit may be deducted, regardless of new authorization from the CONTRACTOR or any other formality, and it is enough for the latter to be notified of this fact.

11.6 If the withholdings do not attain the value of the award, PAGSEGURO has the option of instituting judicial collection of the debt, based on Articles 784, III et seq of the Brazilian Code of Civil Procedure, in which case proof of the amounts due will be made through the proof of payment of the expenses incurred.

11.7 The CONTRACTOR will be fully liable for malicious or omissive acts committed by its partners, managers, representatives, advisors, employees or contractors and any other agents that have relations with it, involved in the provision of the Services, which cause losses to PAGSEGURO or third parties.

11.8 Without prejudice to other liabilities set forth in law and those set forth in this instrument, the CONTRACTOR will also exclusively bear the consequences of:

a) negligence, misfeasance, recklessness, illegal acts, theft, robbery, loss, damage to materials or equipment by the professionals involved in the provision of the Services; and

b) accidents of any kind with the professionals involved in the provision of the Services or with third parties.

8

EXECUTION VERSION

11.9 The CONTRACTOR will also assume all liability for the payment of the expenses arising from the situations set forth above, covering direct and indirect material and moral damages, and consequential damages.

11.10 The CONTRACTOR will be civilly and criminally liable, including to third parties, for any losses and damages and loss of profits, caused by misfeasance, negligence or recklessness, of its employees and/or subcontractors.

12. – BENEFITS FOR PAGSEGURO’S PROFESSIONALS

12.1 The CONTRACTOR declares itself aware of the PAGSEGURO’s internal policy, which establishes that:

a) demonstrations of cordiality between PAGSEGURO’s professionals and its clients, suppliers and partners, such as the exchange of gifts of small value at Christmas, for example, are allowed;

b) in the event of an intention to offer gifts of significant value to the PAGSEGURO’s professionals by clients, suppliers and partners, whether in goods or services (including travel and courses, even for training related to the purpose of the agreement), such intention must be communicated previously to the HR Management, via the e-mail fverdicchio@uolinc.com, who will decide on the appropriateness of accepting (or not) the offer by the professional. Failure to comply with this clause may lead to termination of the agreement by the PAGSEGURO without any penalty.

13. – GENERAL PROVISIONS

13.1 Each Party represents that it has the power and authority to sign, deliver and comply with this agreement and that said signature, delivery and compliance will not violate, conflict with or result in violation or termination of any provisions or constitute negligence of any Articles of Incorporation, by-laws, lease, Contract or other agreement or instrument in which it might be a party or by which it might be bound. No agent, employee or representative of each Party has any authority to bind the other Party in any communication, representation, understanding, agreement or warranty unless specifically included in this agreement.

13.2 This Agreement and its respective Technical-Commercial Proposals are the only legal and regulatory instruments of the contracted services, replacing all and any previous documents exchanged between the parties for the same services and may only be amended by an instrument executed in writing by the Parties.

13.3 The CONTRACTOR may not assign or transfer the rights and obligations set forth in this Agreement and/or in the Technical-Commercial Proposals, without prior and express consent of PAGSEGURO.

13.4 If any provision of this agreement is deemed to be null, illegal or unenforceable, pursuant to the relevant legislation, the provision in question will only be invalid to the extent of the nullity, illegality and unenforceability of that provision, and it will not affect any other provisions contained herein.

13.5 The Parties agree that no amendment to this Agreement and/or Technical-Commercial Proposals, or failure to exercise the rights set forth herein by any of the Parties, will be due to the novation of any obligation or provisions contained herein, unless established otherwise by the Parties.

13.6 If any rework is necessary, the CONTRACTOR will assume the burden related to the resources and materials used, and in case of failure to carry it out, PAGSEGURO will execute such tasks through third parties, at the CONTRACTOR’s expense.

9

EXECUTION VERSION

13.7 The Parties undertake, for themselves and their officers, directors, employees and/or actual and legal representatives to respect Brazilian laws and faithfully undertake not to commit any act, whether directly or indirectly, that may constitute corruption or an act harmful to the government, whether national or foreign, as provided in Article 5 of Federal Law 12,846/2013, such as offering a promise and/or undue payments, gratuities, gifts, or any advantage directly or indirectly to public agents, employees of State in any sphere, political parties and their officials, as well as to agents or officials of the foreign governments. Failure to comply with any Anti-Corruption Laws by the CONTRACTOR will be considered a serious breach of the Agreement and will confer upon PAGSEGURO the right to terminate it immediately. Without prejudice to immediate termination, any violation of the Anti-Corruption Laws that PAGSEGURO becomes aware of will entitle PAGSEGURO to suspend and retain any and all payments related to this Agreement in order to compensate it for any losses suffered.

13.7.1 PAGSEGURO will not be liable for actions and/or omissions of any nature, losses and damages, loss of profits arising from or related to non-compliance with any anticorruption laws attributable to the CONTRACTOR, including its officers, directors, employees and/or representatives. The CONTRACTOR will indemnify and exempt PAGSEGURO and/or officers, directors, employees and/or representatives from any loss, claim, fine, cost or any expenses incurred by PAGSEGURO arising from any breach set forth in this Clause. Without prejudice to the applicable legal measures, the CONTRACTOR acknowledges and agrees that PAGSEGURO will supply pertinent data and information, when requested by the competent authorities, in the event of institution of any procedure the purpose of which is the verification of violation of anti-corruption laws applicable to this Agreement.

13.8 The parties agree that the conditions related to termination, adjustment by the energy index and SLA will be regulated by a contract with a similar purpose agreed between UOL and UOL DIVEO.

14. – JURISDICTION

14.1 This Agreement will be governed by and construed in accordance with the laws of Brazil. The Parties elect the venue of the Judicial District of São Paulo, São Paulo State, to resolve any doubts arising from this Agreement.

In witness whereof, being in agreement with the terms and conditions stipulated retroactively, the Parties execute this instrument in 02 (two) counterparts of equal form and content, for it to produce all its legal effects.

São Paulo, January XX, 2017

/s/ Renato Bertozzo Duarte             /s/     [Illegible]

PAGSEGURO INTERNET S.A.

/s/ Renato Bertozzo Duarte         /s/     [Illegible]

UOL DIVEO TECNOLOGIA LTDA.

Witnesses 1.	2.
Name:	Name:
Individual Taxpayer’s Registration No. (CPF):	CPF:

10

Execution Version

            

Commercial Proposal

Managed Services – OPT-17/21628

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 2/12

São Paulo, January 1, 2017.

To PagSeguro

Att.: Márcio Drumond

Re.: UOLDIVEO Proposal – OPT-17/21628-A

In answer to your request, we present a technology integrated solution proposal to meet the needs of PAGSEGURO regarding IT infrastructure services.

We offer PAGSEGURO our experience in high quality services provided to the corporate market. We prepared this Proposal according to our commitment to offer the best solution to meet the business needs of PAGSEGURO.

We present below our technical proposal and thank you for this opportunity. We remain at your disposal for any clarifications.

Kind Regards,

/s/ Paulo Barbosa

PAULO BARBOSA

ACCOUNT EXECUTIVE

(011) 3092-1522

(011) 98101-5386

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 3/12

Table of Contents

Non-Disclosure Agreement	4
Presentation	5
About UOLDIVEO	5
Portfolio of Services	6
UOLDIVEO’s Experience	8
Quality	9
Certifications	9
Customers	10
Commercial Conditions:	11
Considerations:	11

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 4/12

Non-Disclosure Agreement

All information included herein is strictly confidential and is provided exclusively to technically describe UOLDIVEO solutions, as requested by PAGSEGURO, and it must not be used for any other purpose.

With regards to the services described herein, in the event PAGSEGURO chooses a provider other than UOLDIVEO, or does not choose a provider within 15 days from the date hereof, PAGSEGURO agrees to return all exclusive and confidential information to UOLDIVEO, including, but not limited to, this document. Moreover, PAGSEGURO will not use or disclose this information in any way to obtain an unfair business advantage for itself, its subsidiaries, affiliates or partners in future business opportunities in which it may, directly or indirectly, compete with UOLDIVEO.

PAGSEGURO will not publish or disclose this information, in full or in part, without the prior written consent of UOLDIVEO. A number of company and service names included herein are trademarks. All of them are recognized in this representation.

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 5/12

Presentation

About UOLDIVEO

UOLDIVEO, a company of the UOL Group with over 17 years of experience, offers complete IT Outsourcing solutions for mission critical environments.

It has the biggest Data Center infrastructure in Brazil, the best and most flexible Business Cloud, and a wide range of managed services. All of this is supported by one of the largest certified technical teams in Brazil, standardized processes, and cutting-edge technology, which allow an IT Transformation approach, aimed at offering a fast, efficient, and business focused IT.

UOLDIVEO serviced more than 3,000 customers and has 1,500 employees with over 280 international certifications.

UOLDIVEO is headquartered in São Paulo and has offices in 7 Brazilian capitals.

Legend

17 anos Experiência de Mercado = 17 years Market Experience

+ 3 mil Clientes = + 3,000 Customers

1.500 Colaboradores = 1,500 Employees

26 mil m² Data Centers = 26,000 sq mt Data Centers Rede Própria em 7 Cidades = Own Network in 7 Cities

15 Petabytes em Armazenamento = 15 Petabytes of Storage

Soluções Orientadas por Segmento de Mercado = Solutions Developed by Market Segment

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 6/12

Portfolio of Services

Our portfolio consists of complete and integrated solutions to meet a number of IT requirements from companies, awarding us our recognition as trusted advisors by our partners.

Legend

Exterior Circle; upper quadrant

SERVIÇOS GERENCIADOS = MANAGED SERVICES

GESTÃO DE WAN = WAN MANAGEMENT

GESTÃO DE REDES = NETWORK MANAGEMENT

GESTÃO DE BACKUP = BACKUP MANAGEMENT

GESTÃO DE STORAGE = STORAGE MANAGEMENT

GESTÃO DE BANCOS DE DADOS = DATABASE MANAGEMENT

GESTÃO DE SISTEMA OPERACIONAL = OPERATING SYSTEM MANAGEMENT

GESTÃO DE APLICAÇÕES = APPLICATION MANAGEMENT

GESTÃO DE MIDDLEWARE = MIDDLEWARE MANAGEMENT

GESTÃO DE PROJETOS E ESPECIALISTAS = PROJECT AND SPECIALIST MANAGEMENT

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 7/12

Exterior Circle; left quadrant

E-COMMERCE SERVICES = E-COMMERCE SERVICES

MIDDLEWARE SERVICES = MIDDLEWARE SERVICES

CORE TECHNOLOGIES SERVICES = CORE TECHNOLOGIES SERVICES

SOLUÇÕES PARA NEGÓCIO = BUSINESS SOLUTIONS

Exterior Circle; right quadrant

GOVERNANÇA DE TI = IT GOVERNANCE

ARQUITETURA DE TI = IT ARCHITECTURE

ENGENHARIA DE SOFTWARE = SOFTWARE ENGINEERING

CONSULTORIA = CONSULTING SERVICES

Exterior Circle; lower quadrant

SERVIÇOS À APLICAÇÃO = APPLICATION SERVICES

STRESS TEST = STRESS TEST

OTIMIZAÇÃO DE PERFORMANCE = PERFORMANCE OPTIMIZATION

MONITORAMENTO DE PERFORMANCE = PERFORMANCE MONITORING

TESTES FUNCIONAIS = FUNCTIONAL TESTING

1^st Inner Circle; left side

SERVIÇOS DE SEGURANÇA = SECURITY SERVICES

VULNERABILITY SCAN = VULNERABILITY SCAN

SMART CORRELATION = SMART CORRELATION DDOS PROTECTION = DDOS PROTECTION

WEB APPLICATION FIREWALL =

WEB APPLICATION FIREWALL BRAND PROTECTION = BRAND PROTECTION

1^st Inner Circle; right side

PLATAFORMA E SOFTWARE = PLATFORM AND SOFTWARE

SERVIÇOS DE PAGAMENTOS = PAYMENT SERVICES

PIN PAD = PIN PAD

AUTOMAÇÃO E CONTROLE = AUTOMATION AND CONTROL

PREVENÇÃO À FRAUDE = FRAUD PREVENTION

EXCHANGE = EXCHANGE

WEBFILTER = WEBFILTER

Innermost Circle; upper half

DATACENTER = DATACENTER

COLOCATION = COLOCATION CENTER

SERVIÇOS COMPARTILHADOS = SHARED SERVICES

HOSTING = HOSTING

Innermost Circle; lower half

MPLS = MPLS

LAN TO LAN = LAN TO LAN

INTERNET = INTERNET

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 8/12

UOLDIVEO’s Experience

We are a leading Brazilian company in IT Outsourcing. We are supported by a solid group with strong experience in the Brazilian market. In addition, we have experience in the management of mission critical and high-volume environments and offer robustness and agility in our operations.

Servicing and Operations:

☐ +2.2 billion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ monitoring +500,000 infrastructure active elements

☐ +14 million active mail boxes

☐ +400,000 internet domain names

☐ +7,000 database instances

Backbone:

☐ + 200 Gbps in traffic capability

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous streaming sections/second

☐ 7 billion page views/month

☐ +34 million one-time visitors

Data Center:

☐ + 15PBytes of stored data, equivalent to +3 million hours of HD movies

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 9/12

Quality

Through IT service management best practices, we prepare continuous improvement plans aiming at business maintenance and satisfaction of our employees and customers.

Accordingly, we developed out processes based on ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI requirements and ITIL v3 and CobiT methodologies.

Certifications

Ö Company:

Focused on Security, Quality, Performance, and Reliability, we have the following certifications:

Ö PROFESSIONALS:

Skilled and certified professionals that provide high-quality services:

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 10/12

Customers

We have a solid portfolio of customers:

☐ 250 among the top 500 companies in Brazil;

☐ 3 biggest airline companies in Brazil;

☐ 7 among the top 10 retail companies in Brazil (90% of big e-commerce companies);

☐ 6 biggest operators of mobile phones in Brazil;

☐ 3 among the top 4 education groups in Brazil;

☐ 6 among the top 10 contact centers in Brazil;

☐ 3 among the top 5 purchasers in Brazil;

☐ 6 among the top 10 real estate groups in Brazil;

☐ 3 among the top 4 cosmetic companies in Brazil;

☐ 2 among the top 3 chemical companies in Brazil;

☐ more than 100 companies of the financial segment.

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

CONFIDENTIAL TREATMENT REQUESTED

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 11/12

Commercial Conditions:

Description of Services Refers to services described in the OPT-17/21628-A Technical Proposal	Monthly fee for an engagement period of 60 months
	Including taxes
Managed Services Virtualization, Network, Backup, Storage, and Security	[*****]

Considerations:

• expiration of the proposal: 15 business days. After this period, if the CUSTOMER does not return this proposal duly signed to UOLDIVEO, the terms and conditions provided herein may be reviewed by UOLDIVEO;

• taxes and tax rates will be charged pursuant to applicable law:

• Telecom services: PIS, COFINS, and ICMS apply (as applicable to each region);

• Data Center Solution services, Managed Services, Software Services, Application Services, and/or Security Management Services: ISS, PIS, and COFINS apply, according to the type of service;

• Internet access provider services and Cloud services: PIS and COFINS apply.

• any changes in tax rates or tax calculation basis on the value of services provided hereunder, as well as the creation of any taxes as of the date hereof, even if arising out of the cancellation of a tax exemption, will result in an adjustment to the prices offered (representing a price increase or decrease), according to the relevant change;

• noncompliance with the obligations set forth in the Technical and Commercial Proposals by the CUSTOMER, resulting in delays in the originally proposed schedule, does not exempt the CUSTOMER from timely complying with its other obligations, primarily those regarding the amounts payable;

• monthly fees will be invoiced as follows:

• the first (1^st) installment will be invoiced on a pro rata basis and will be payable on the 10^th day of the month following the delivery of the contracted Solution, in full or in part, to be agreed by the Parties;

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

Execution Version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21628

Page: 12/12

• the second (2^nd) installment, as well as the other instalments that become due until the expiration of the Agreement, will be invoiced by the 20^th day, payable on the 2^nd day of the following month;

• the monthly payments for products with variable fees may vary, according to the effective consumption of resources listed and amounts provided in the Commercial Proposal.

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda Barão de Limeira, 425 - São Paulo – SP www.UOLDIVEO.com.br

EXECUTION VERSION

Technical Proposal

IT Asset Management and Monitoring

EXECUTION VERSION

Page: 2/29

São Paulo, January 01, 2017.

To

PAGSEGURO INTERNET LTDA

Regarding the UOLDIVEO (OPT-17/21628-A) Proposal

In response to your request, we present a proposal for an integrated technology solution to meet the expectations of PAGSEGURO INTERNET LTDA in relation to IT infrastructure services.

We offer PAGSEGURO INTERNET LTDA our experience in providing excellent quality services to the corporate market. We have developed this Proposal with the commitment of offering a solution that most adheres to the business needs of PAGSEGURO INTERNET LTDA.

We are grateful for the opportunity and remain at your entire disposal for any clarification that may be necessary.

Sincerely,

/s/ Paulo Sergio Nova Rodrigues

Paulo Sergio Nova Rodrigues

Solution Architect

EXECUTION VERSION

Page: 3/29

Summary

Table of Contents

	Page
Summary		3
Confidentiality Agreement		4
Presentation		5
About UOLDIVEO		5
Portfolio of Services		6
About Multicloud		7
UOLDIVEO is Multicloud		7
UOLDIVEO’s Experience		8
Quality		9
Certifications		9
Partners		10
Clients:		10
Introduction		11
Objective		11
Preliminary Instructions:		12
Management Services		12
Data storage management (Storage):		12
Storage Area Network (SAN) Management:		13
Backup management:		13
Management of computational resources (Virtualization):		15
Network management:		16
Security equipment management (Firewalls and Load balancers)		18
Place of the Provision of management Services:		18
UOLDIVEO Customer Service and Service Management:		18
UOLDIVEO Service Desk:		18
UOLDIVEO Operation:		19
Basic Volumetric Analysis of Service		25
Regular Deliverables		26
Exceptions		27
Considerations for the Proposal:		27
Responsibilities:		28
Annex – SLA (Service Level Agreements):		29

EXECUTION VERSION

Page: 4/29

Confidentiality Agreement

All the information contained in this document is strictly confidential and is provided for the sole purpose of technically describing UOLDIVEO solutions at the request of PAGSEGURO INTERNET LTDA, and shall not be used for any other purpose.

With respect to the services described herein, if PAGSEGURO INTERNET LTDA chooses a supplier other than UOLDIVEO, or if it does not select any supplier within 15 days from the date of this proposal, PAGSEGURO INTERNET LTDA hereby agrees to return all UOLDIVEO’s exclusive and confidential information, including but not limited to this document, and will not use nor disclose this information in any way in order to gain an unfair business advantage for itself, its subsidiaries, associations or partners in any way, for future business opportunities in which it may be directly or indirectly competing with UOLDIVEO.

PAGSEGURO INTERNET LTDA will not publish nor disclose this information, in whole or in part, without the prior written permission of UOLDIVEO. Many of the service and business names mentioned in this document are registered trademarks. All of them are recognized through this declaration.

EXECUTION VERSION

Page: 5/29

Presentation

About UOLDIVEO

UOLDIVEO, a UOL Group company with more than 17 years of experience, has complete IT Outsourcing solutions to meet mission critical environments.

It has the largest Data Center infrastructure in the country, the best and most flexible Corporate Cloud, in addition to a wide range of managed services. All supported by one of the country’s largest certified technical bodies, standardized processes and cutting edge technology that enable an IT Transformation approach aiming to deliver IT with agility, efficiency and a focus on the business.

More than 3 thousand clients are served and there are 1500 employees with more than 280 international certifications.

UOLDIVEO is headquartered in São Paulo with a presence in 7 Brazilian capitals.

EXECUTION VERSION

Page: 6/29

Portfolio of Services

Our portfolio is composed of complete and integrated solutions that meet the most diverse needs of IT companies, making us trusted advisors of our partners.

EXECUTION VERSION

Page: 7/29

About Multicloud

In recent years, companies with typically digital characteristics are changing the traditional markets, providing new experiences to clients. While established companies have to deal with traditional systems, processes and methodologies, they are at the same time under pressure to adapt, innovate and be agile. Driven by the “Internet of Things” and Big Data, companies will undergo a transformation that will make the largest part of the business digital and the technological basis of this transformation is precisely Cloud Computing. But before making the decision to take workloads to the clouds it must be kept in mind that:

“There is no single cloud for all applications and not every application consumes any cloud”

Therefore a Multicloud approach, where companies use clouds with different technologies and characteristics, is so important.

UOLDIVEO is Multicloud

At UOLDIVEO, companies can rely on the services of leading players in the public cloud market, such as AWS, Microsoft Azure, VMWare and OpenStack, as well as Private Cloud offers on OpenStack and VMWare and also Virtual Data Center with Virtustream technology.

All these technologies and an extensive service layer, which starts with the analysis of the application characteristics and recommendation of appropriate cloud, to cloud use management and improvement services, make Multicloud UOLDIVEO the right way to go about the digital transformation of companies.

For us, Multicloud is more than offering alternative hardware, software, infrastructure or an access panel to different public clouds. It is being close to the client in order to understand their challenges and appropriately compose a solution that meets the needs of each application, within a differentiated context of service that allows the support to grow our clients business.

EXECUTION VERSION

Page: 8/29

UOLDIVEO’s Experience

We are the leading Brazilian IT Outsourcing company. We have a solid group with strong experience in the domestic market, experience in management of mission critical environments and high volume, in addition to robustness and agility in our operations.

Service and Operations:

☐ +2.2 Billlion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ Monitoring of +500,000 active elements of infrastructure

☐ +14 million active mailboxes

☐ +400,000 internet domains

☐ +7,000 instances of databases

Backbone:

☐ + 200 Gbps traffic capacity

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous sections/second of streaming

☐ 7 Billion pageviews/month

☐ +34 million unique visitors

Data Center:

☐ + 15PBytes of stored data which is equivalent to +3 million hours of HD film

EXECUTION VERSION

Page: 9/29

Quality

Through best practices in IT service management, we carry out continuous improvement plans aimed at maintaining the business as well as the satisfaction of our employees and clients.

In order to do this, we developed our processes based on the requirements of ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI, SOX, and ITIL v3 and CobiT methodologies.

Certifications

☑ COMPANY:

Focusing on Security, Quality, Performance and Reliability, it has the following certifications:

☑ PROFESSIONALS:

Highly qualified and certified professionals to provide high quality services:

EXECUTION VERSION

Page: 10/29

Partners

To meet the needs of our clients, we offer solutions for their business. In order to do this we have several technological partnerships of which the following are highlighted:

Clients:

We have a solid portfolio of clients:

☐ 250 of the 500 largest companies in Brazil;

☐ the 3 largest airlines in Brazil;

☐ 7 of the 10 largest retail companies in Brazil (90% of the big e-commerces);

☐ the 6 largest mobile telephone operators in Brazil;

☐ 3 of the 4 largest education groups in Brazil;

☐ 6 of the 10 largest contact center companies in Brazil;

☐ 3 of the 5 largest purchasers in Brazil;

☐ 6 of the 10 largest real estate groups in Brazil;

☐ 3 of the 4 largest cosmetic industries in Brazil;

☐ 2 of the 3 largest chemical industries in Brazil;

EXECUTION VERSION

Page: 11/29

Introduction

Objective

We present the UOLDIVEO service bases of Managed Services for PAGSEGURO INTERNET LTDA, including the respective processes of Information Technology Asset Management and Monitoring, operating in total synergy with the processes of PAGSEGURO INTERNET LTDA, in accordance with the following services:

• Data storage management service;

• StorageArea Network (SAN) management;

• Data backup management service;

• Computational resource management service;

• Network equipment management service;

• Security equipment management (Firewalls and Load balancers)

This proposal replaces the terms and conditions of the proposal previously in force, becoming, therefore, the new reference for scope, terms and conditions for the operation of Managed Services for PAGSEGURO INTERNET LTDA.

EXECUTION VERSION

Page: 12/29

Preliminary Instructions:

This proposal includes the solution of services managed by UOLDIVEO supplying the following services:

• Data storage management (Storage);

• Storage Area Network (SAN) management;

• Data backup management;

• Computational resource management service;

• Network equipment management;

• Security equipment management (Firewalls and Load balancers);

Described below:

Management Services

Data storage management (Storage):

The data storage management service enables PAGSEGURO INTERNET LTDA to maintain the stability, quality and integrity of PAGSEGURO INTERNET LTDA’s data storage equipment by adopting the best market practices, architecture and software updates in accordance with the published updates by the manufacturers.

The service includes:

• Monitoring: Monitor usage and performance, generate availability reports;

• Patch Management: Hardware, Firmware and Software updates recommended by the manufacturer;

• Interaction with manufacturer: Interact with storage manufacturers for problem or support solutions;

• Provisioning: Provision volumes and resources;

• Configuration: Configure data storage infrastructure solutions, for example replication, mirroring and zoning;

PAGSEGURO INTERNET LTDA’s data storage management service is established for an available volume of 3.4 PB (Peta Bytes) of data, distributed in 13 storages through an SAN network and 4 NFS Share storages through an ethernet network. If PAGSEGURO INTERNET LTDA exceeds the volume established by 10% in the month assessed, it will be subject to an additional charge for the service.

The volumetric analysis of PAGSEGURO INTERNET LTDA’s data storage management service was agreed from the total available volume used by all UOL Group companies, being UOL HOST Tecnologia LTDA, Universo OnLine S/A, and PAGSEGURO INTERNET LTDA, with a total of 8.6 PB, 33 SAN Storages and 10 VNX NFS Storages, respectively distributed in the proportion 15% UOLHOST, 45% Universo OnLine and 40% PAGSEGURO INTERNET LTDA.

Volumetric analysis of the Service:

The items of monitoring, patch management, interaction with manufacturers, provisioning and configuration are considered constant activities in a data storage environment, if the monthly amount of PB specified is exceeded or new storages are added, additional charges for the service may be incurred.

EXECUTION VERSION

Page: 13/29

Arrays or Direct Attached Storage (DAS) are not considered elements of the data storage Management service.

Storage Area Network (SAN) Management:

UOLDIVEO SAN Network Management aims to act effectively on the implementation, operation and maintenance demands related to PAGSEGURO INTERNET LTDA’s SAN network devices in order to improve the operational efficiency of the service.

The service includes:

• Patch Management: Perform software update on SAN network switches in accordance with a pre-defined maintenance window.

• Resolution of faults: Resolve incidents to bring the proper operating state back through workaround solutions or replacement of defective equipment.

• Root Cause Analysis: Implement solutions to remedy serious incidents and eliminate their recurrence.

• Change management: Manage and implement changes in the SAN network environment.

• Network Monitoring: Monitor SAN network devices using SNMP protocol based tools to detect, predict and respond to incidents.

This proposal includes management of the following equipment:

EQUIPMENT	Quantity
24 FC port switches		16
48 FC port Switches		12
Core 192 FC port Switches (Directors)		02

The volumetric analysis of PAGSEGURO INTERNET LTDA’s SAN network management service was considered from the equipment listed above used in the shared modality by all companies of the UOL Group, being UOL HOST Tecnologia LTDA, Universo OnLine S/A, and PAGSEGURO INTERNET LTDA.

The network management service included in this proposal is sized to meet the technical and operational demands for the quantity of equipment above, if PAGSEGURO INTERNET LTDA increases the quantity of equipment, this proposal will be subject to review as well as the amounts for the provision of the SAN network management service.

Backup management:

The backup management service aims to ensure the storage and restoration of data in the event of any corruption of data in PAGSEGURO INTERNET LTDA’s environment. Through backup systems and external storage services purchased by PAGSEGURO INTERNET LTDA, UOLDIVEO maintains the monitoring, control and management of the system and the internal and external data storage process if any data recovery is required.

The service includes:

• Monitoring of backup routine: Monitor and generate reports indicating the successful execution of the backup routines, resolve faults in critical backup routines;

• Tape management: Manage tape rotation, establish handling procedures, external storage rotation of the tapes outside the datacenter;

• Restoration: Meet requests for restoration of files and databases;

EXECUTION VERSION

Page: 14/29

The PAGSEGURO INTERNET LTDA backup Management service is established for a volume of 800 TB (Tera Bytes) of data, using the Symantec Netbackup and Self-service tool for automation of the backup routines. If PAGSEGURO INTERNET LTDA exceeds the volume established by 30% in the month assessed, it will be subject to an additional charge for the service.

Volumetric Analysis of the Service:

The items of monitoring of the backup routines, tape management and restoration are considered constant activities in a backup environment, except for restoring files and databases, see table below, with the respective volumetric analysis for both, if the specified monthly quantity is exceeded there may be an additional charge for the service.

Possible requests	Monthly quantity
Resoration of files	300
Restoration of databases	30
Emergency resoration of tape	2 (Limited to 12 tapes)

Service Level Objectives (SLO):

For the backup management service the following monthly objectives were agreed:

Description	Monthly Target1
Backup Jobs executed	95%
Successful restorations	95%

¹  Excluding envrionments with requests/changes that might affect backup/restoration

Considerations for the backup management service:

The technical solution adopted and acquired by PAGSEGURO INTERNET LTDA is the Symantec Netbackup for the execution of 100% of the the backup routines of its computational environment.

The installation of the backup agents in the servers is the responsibility of PAGSEGURO INTERNET LTDA, being an item of crucial importance for the correct execution of the backup, UOLDIVEO will send daily reports to PAGSEGURO INTERNET LTDA with the servers that had a backup fault due to lack or failure of the backup agents.

The servers that fail to execute the backup due to fault or lack of the backup agent will be disregarded from the previously agreed SLO target.

If PAGSEGURO INTERNET LTDA acquires another technical backup solution in partial or total replacement of the current solution, UOLDIVEO reserves the right to review this proposal, subject to an additional service charge due to the need to technically enable its team to maintain the service level previously agreed.

The tapes or media used to execute the backup are the property of PAGSEGURO INTERNET LTDA, therefore, any cost related to the acquisition, destruction, emergency transport or any other action related to the storage tapes and media will be subject to additional charge.

The approval, testing, architecture design and migration of the backup systems to other technical solutions different from the management service that is currently being provided are not included in the backup management service.

Depending on the type of data being protected, there is variation in the frequency of the backup and retention of the data, in accordance with the needs of PAGSEGURO INTERNET LTDA. UOLDIVEO understands that the retention policy is guided by PAGSEGURO INTERNET LTDA and dependent on elements of network infrastructure, servers and storages. Therefore, if there is a need for additional costs, UOLDIVEO will present

EXECUTION VERSION

Page: 15/29

PAGSEGURO INTERNET LTDA with the new costs for approval thereof and adaptation of the retention policy.

The guarantee of restoration of a retained file is directly linked to the useful life of the media on which the file is retained, and UOLDIVEO cannot be held liable for media stored and retained after the life cycle of the product;

32- bit operational system backups are not supported. If backup takes place in a virtual environment where there is no need to install a backup agent on the virtual server, this type of backup can be executed;

Management of computational resources (Virtualization):

In this modality of management, UOLDIVEO is responsible for configuring and maintaining the computational resources, in accordance with the virtualization architecture topology specified by PAGSEGURO INTERNET LTDA.

Among the activities carried out by the UOLDIVEO operations team are:

• Administration of Virtual Servers (create / delete / edit / restart / disconnect);

• Adminstration of the internal networks in VLANs (connect / disconnect);

• Adminstration of disk volume (connect / disconnect);

• Carry out Snapshot of Virtual Servers in production;

• Restore images from Snapshots;

• Import and Export images from Virtual Servers;

• Creation of additional VLANs;

• Administration of the Load balancers (create / delete / edit balancing Pool);

• Administration of firewall rules (create / delete / edit).

EXECUTION VERSION

Page: 16/29

This proposal includes the management of the following equipment:

Tamboré Datacenter	Equipament	Quantity
	Physical Servers	6
	Virtual Servers	96
	Useful Disk (TB)	16
Glete Datacenter	Physical Servers	17
	Virtual Servers	162
	Useful Disk (TB)	20

The computational resource management service included in this proposal is sized to meet the technical and operational demands for the quantity of equipment and virtual servers in the table above, if PAGSEGURO INTERNET LTDA increases the quantity of virtual servers equipment this proposal will be subject to review as well as the amounts for the provision of the computational resource management service.

Network management:

UOLDIVEO network Management has the objective of effectively acting on the implementation, operation and maintenance demands related to PAGSEGURO INTERNET LTDA’s network devices and communication links in order to improve the operational efficiency of the service.

The service includes:

• Patch Management: Perform software update on the network equipment in accordance with a pre-defined maintenance window.

• Resolution of faults: Resolve incidents to bring the proper operating state back through workaround solutions or replacement of defective equipment.

• Root Cause Analysis: Implement solutions to remedy serious incidents and eliminate their recurrence.

• Change management: Manage and implement changes in the network environment.

• Network Monitoring: Monitor the network devices using SNMP protocol based tools to detect, predict and respond to incidents.

EXECUTION VERSION

Page: 17/29

This proposal includes management of the following equipment and communication links:

NETWORKS - TELEPHONY	EQUIPMENTS / LINKS	Quantity
	CISCO CALL-MANAGER	5
	ROUTERS	11
	E1 LINK – EMBRATEL	17
	E1 LINK – INTELIG	35
	E1 LINK – VIVO	23
	VIDEO CONF SERVER	2
	VOICE GATEWAY	10
	VIDEO CONFERENCE	26
	IP TELEPHONE	3006
PAGSEGURO NETWORK	AGGREGATIONS (L2 / L3)	12
	SWITCHES (L2)	53
	ROUTERS	31
	GGSN LINK	18
	PARTNERS’ LINK	22

The network management service included in this proposal is sized to meet the technical and operational demands for the quantity of equipment and links in the table above, if PAGSEGURO INTERNET LTDA increases the quantity of equipment or links this proposal will be subject to review as well as the amounts for the provision of the network management service.

The telephony network management service items in the table above reflect the quantity of elements used by the companies Universo OnLine S/A and PAGSEGURO INTERNET LTDA and are subject to scoping review should the number of items be increased.

EXECUTION VERSION

Page: 18/29

Security equipment management (Firewalls and Load balancers)

Security equipment management has the objective of effectively acting on the technical and operational demands related to PAGSEGURO INTERNET LTDA’s equipment, such as:

• Patch Management: Perform software update on the network equipment in accordance with a pre-defined maintenance window.

• Resolution of faults: Resolve incidents to bring the proper operating state back through workaround solutions or replacement of defective equipment.

• Root Cause Analysis: Implement solutions to remedy serious incidents and eliminate their recurrence.

• Implement configurations on equipment:

• VLAN / NAT / QoS / Link Aggregation

• Static and dynamic routing

• Firewall rules / client to site VPN / site to site VPN

• Load balancing

• Change management: Manage and implement changes in the security equipment.

• Monitoring: Monitor the security equipment using SNMP protocol based tools and tools supplied by manufacturers to prevent, detect and respond to incidents.

This proposal includes the management of the following equipment and communication links:

EQUIPMENT	Quantity
LOAD BALANCERS – BIG IP	20
FIREWALL – JUNIPER AND FORTINET	8 (Distributed into 4 clusters)

The security equipment management service included in this proposal is sized to meet the technical and operational demands for the quantity of equipment in the table above, if PAGSEGURO INTERNET LTDA increases the quantity of equipment, this proposal will be subject to review as well as the amounts for the provision of the network management service.

Place of the Provision of management Services:

For the Management Services, UOLDIVEO uses its installations on a 24x7x365 baiss from the Security Operation Center located in its Data Center in the Glete unit, and in redundancy in the Tamboré Data Center.

UOLDIVEO Customer Service and Service Management:

UOLDIVEO Service Desk:

The Service Desk aims to be a unique communication channel between the Clients and UOLDIVEO.

The Service Desk has a Customer Service Center, which acts as the 1^st contact. At this point the request is registered and forwarded to the 1^st level support team. If this team is unable to resolve the request or reported incident, the call will be forwarded to a 2^nd level specialized support team for assistance and due handling of the registered request, which we refer to as the “Call”.

EXECUTION VERSION

Page: 19/29

Customer Service Hours:

The Service Desk will be available 24 hours a day, 7 days a week, including holidays.

How to open a call to register requests or Incidents:

In case of queries or any abnormality, PAGSEGURO INTERNET LTDA may make contact by calling the UOLDIVEO Service Desk to register a call or clarification through the number 4003-1100 or via the Customer Panel.

UOLDIVEO Operation:

The operation is responsible for Event Management, Incident Management, Problem Management, Service Requisition Management and Change Management. The processes have been defined based on the best practices described in ITIL^®.

Event Management:

Event Management is responsible for including and maintaining monitoring information on all elements that need to be monitored. The responsibilities of Event Management, among other functions, are:

• Suppress alerts during maintenance windows and ensure that they are operational after maintenance is complete;

• Configuration and adjustment of normal limits of operation (thresholds);

• Evaluation of recurrences of detection of monitoring alerts and consequently the registration of a problem for investigation by Problem Management;

• Opening of incidents from monitoring events;

• Confirmation of resolution of incidents opened from monitoring events;

• Forwarding of incidents and monitoring alerts to Incident Management solving groups.

Incident Management:

An Incident is any event that is not part of the standard operation of a service that causes, or can cause, an interruption, or reduction, in the quality of that service.

The objective of incident management is to reestablish the affected service in the shortest possible time, reducing the impact that the incident has on the business. To do this, the following steps are used:

EXECUTION VERSION

Page: 20/29

Key:
Acompanhemento do Incidente feito pelo Service Desk ao longo de todo o ciclo	Incident followed by the Service Desk throughout the entire cycle
Chamado aberto pelo cliente ou evento detectado pela monitoração	Call opened by the client or event detected by the monitoring
Registro do Incidente	Registration of Incident
Classificação	Classification
Investigação	Investigation
Resolução	Resolution
Cliente concorda com a solução?	Does the cliente agree with the solution?
Sim	Yes
Não, incidente reaberto	No, incident reopened
Incidente Encerrado	Incident Closed

The Incident Management team receives and handles all registered incidents, both from Event Management and from the Service Desk.

After registration, the classification of the incident with the identification of the abnormal situation and which services are affected is carried out, based on this perception a priority is assigned and a group of incident analysts is assigned. This prioritization will allow incidents to be handled with different urgencies.

Once classified and forwarded to the appropriate team, a search is carried out on the knowledge database to check for a registered problem and whether there is a published workaround solution.

If there is a workaround solution, it is applied immediately, remedying the fault and recovering the fault in the shortest possible time. If there is no workaround solution, the team investigates the failure, proposes a solution, recording the necessary steps for the solution.

Once the team finds the solution, the UOLDIVEO Service Desk Team will contact the person who opened the incident registration to confirm that the failure has been resolved. The Incident is only terminated upon confirmation from the requester (the incident may be terminated if the requester does not respond in a timely manner), if the requester declares that the solution applied did not correct the failure, the incident is reopened and handled again by the team of Incident Analysts.

During all the stages of Incident Management, the Service Desk monitors the status of the calls and, if necessary, carries out the hierarchical escalation of the call triggering more specialized areas and management.

Problem Management:

The goal of problem management is to minimize the impact of incidents that are caused by errors somewhere in the service support infrastructure, as well as to prevent recurrence of incidents related to those errors.

To achieve these objectives, the process seeks to identify the root cause of the incidents and then initiate actions to improve the environment and correct the failure.

The problem management process has reactive and proactive aspects. The reactive aspect deals with solving problems in response to one or more incidents. The proactive aspect identifies and solves known problems and errors before incidents occur.

EXECUTION VERSION

Page: 21/29

The Problem Management team is composed of the most experienced and knowledgeable analysts, and acts as a specialist in the event of aiding the solution of more complex incidents and is responsible for the execution of the Problem Management process described below:

Key:
Recorrência de Incidentes ou após incidente grave (P2)	Recurrence of Incidents or after serious incident (P2)
Registro do Problema	Registration of Problem
Classificação	Classification
Investigação de causa raiz	Investigation of root cause
Proposta Solução de contorno	Workaround Solution proposal
Solução de contorno funciona?	Does the workaround solution work?
Publicação de Erro Conhecido	Publication of Known Error
Base de Conhecimento para uso de Gestão de Incidentes	Knowledge Base for Incident Management use
Investigação de Solução definitiva	Investigation of definitive solution
Solução definitiva é viável?	Is the definitve solution viable?
Abertura de Requisição de Mudanças (RM) para implantar solução definitiva	Opening of Change Requisition (RM) to implemente defintive solution
Solucionou problema?	Did it solve the problem?
Sim/Não	Yes/No
Encerramento do problema	Problem closed

The beginning of the process occurs with the registration of a problem from three situations:

• After the identification of an incident classified as serious;

• After the identification of a recurrence of incidents;

• After identification of a failure by proactive analysis;

In this Problem all the information about the symptom, the situation in which the problem was detected, main systems affected, perceived impacts among other information relevant to the investigation are registered.

Next, a problem analyst is allocated who will be responsible for classifying the problem, assigning a priority, and establishing an investigation plan to seek to identify the root cause.

For each root cause hypothesis a workaround solution is proposed. This solution is validated and if it offers a temporary solution to the incident related to the problem, a Known Error registration is opened with the information of what the root cause is and which workaround solution is to be applied for each related incident in order to expedite the solution of the incidents.

From the published Known Error, the investigation of a definitive solution to the problem is started so that there are no more incidents generated by this failure. The definitve solution is validated before being implemented through the Change and Release Management process. After the implementation, a final validation is carried out so that the problem is terminated.

EXECUTION VERSION

Page: 22/29

Change and Release Management:

The reason for the Change Management process is to control and coordinate the life cycle of all changes, enabling beneficial changes to be made with minimal disruption to IT services.

The objectives of Change Management are:

• Responding to clients’ changing business needs while maximizing value, reducing incidents, disruptions and rework;

• Responding to business and IT requisitions to promote alignment of the services with the business needs;

• Ensuring that changes are registered and evaluated, and that authorized changes are prioritized, planned, tested, implemented, documented and reviewed in a controlled manner;

• Ensuring that all changes to configuration items are registered in the configuration management system;

• Improve overall business risk.

The scope of the change process covers all the resources that make up the provision of the services rendered by UOLDIVEO. These resources include, for example:

• Hardware and software configurations;

• Configuration of communication network elements;

• Applications;

• Cataloguing of Web pages etc.

• Other resources contracted by the client

EXECUTION VERSION

Page: 23/29

The activities of the change process are represented in the figure below.

EXECUTION VERSION

Page: 24/29

Key:
Registro da Mudança	Registration of Change
Mudança pré-aprovada?	Is the Change pre-approved?
Sim/Não	Yes/No
Implantação de mudança	Implementation of change
Revisão	Review
Mudança Emergencial?	Emergency Change?
Planejamento Emergencial, avaliação de risco, impacto	Emergency Planning, evaluation of risk, impact
Emergenciais: Aprovação no Comitê de Aconselhamento de Mudanças Emergenciais (CAB-EC)	Emergencies: Approval at the Emergency Change Advisory Commitee (CAB-EC)
Planejamento Normal, avalição de risco (categorização), impacto	Normal Planning, evaluation of risk (categorization), impact
Categoria?	Category?
Rico Menor: Aprovação com Gestores da Operação	Low risk: Approval with Operation Managers
Risco Significante: Aprovação no Comitê de Aconselhamento de Mudança (CAB)	Significant Risk: Approval at the Change Advisory Committee (CAB)
Risco Maior: Aprovação no Comitê de Aconselhamento de Mudança (CAB)	High risk: Approval at the Change Advisory Committee (CAB)
Mudança aprovada?	Is the change approved?
Construção e Homologação: Nesta fase ocorrem todas as atividades para se preparar a execução da mudança e testes de homologação para garantir que a execução tenha o menor risco possível, são validados procedimentos de retorno em caso de falha, etc.	Construction and Approval: At this phase all the activities take place to prepare and execute the change and approval tests to ensure that the execution has the lowest risk possible, the return procedures in case of failure are validated, etc.
Mudança Homologada?	Is the Change Homologated?
Implantação: Nesta fase ocorrem todas as atividades para execução da mudança, testes de validação e em caso de falha execução do procedimento de retorno	Implementation: At this phase all the activities take place to execute the change, validation tests and in case of failure execution of return procedure
Revisão: Nesta fase a mudança é revista para identificar pontos de melhoria para o processo de mudanças	Review: In this phase the change is reviewed to identify points of improvement for the change process
Mudança encerrada	Change closed

The Change and Release Management process begins with the registration of a change, where the requester describes the scope, the reason for the change being proposed, and the proposed date for the change.

From the registration an evaluation of whether the change is a standard change is carried out, where there are already pre-defined procedures for the execution, tests and review of the change. Hence a plan that is already standardized is used and speed in the execution of the changes is gained

If the Change is not standard, it will undergo an evaluation to verify if it is emergency or can be performed under normal planning. Emergency changes are reserved for corrections of failures in production that impact the environment and for emergencies, for example, a change that needs to come into effect on a specific date, such as meeting the compliance rules or product/service launch date.

After the classification, the changes go through a planning phase, which will detail the activities that need to be carried out, map the existing risks, and evaluate the possibility of having a plan to return to the situation before the change (back-out plan). With this information the change is categorized in accordance with the associated risk: Low, Significant or High Risk.

With the completion of change planning and its categorization, the change will undergo approval. If the change is not approved, it will go back to the planning stage so that it can be improved before being resubmitted for approval.

Once approved, the activities to prepare the execution of the change can begin to occur in the Construction and Approval phase. This phase only ends when all preparatory activities have been executed and the Approval tests have been successful. Part of the Construction and Approval phase is the definition and execution of prior communication of the changes to be executed.

With the approval, the change can enter the Implementation phase, which is when the change window will actually be made. All procedures for execution and return must be available, tested, and known about by the release team that will perform the change in the environment. During the execution of the change, if something happens that was not planned, the return plan shall be triggered. In this event, the change ends unsuccessfully and a new change shall be registered for a new execution attempt undergoing the whole process again, with the addition of actions necessary to mitigate the risk of a new failure in the execution of the change.

EXECUTION VERSION

Page: 25/29

At the end of the execution of all changes, there is a final review phase of the change process to assess whether the change can be a candidate for pre-approved change and raise opportunities for improvement in the change execution process and procedures.

The operational procedures of this process are subject to discussion and agreement between UOLDIVEO and

PAGSEGURO INTERNET LTDA and must be defined at the time of the implementation of the services. For the processes to be appropriate some items are relevant:

• List of persons responsible for the Acceptance of the Service Agreement;

• List of persons authorized to access the installations of PAGSEGURO INTERNET LTDA within the Data Center;

• Scaling List for cases of Failures;

• Scaling List of Logical Security Problems;

• Advance terms (deadlines) for requesting changes;

• Emergency changes will be scheduled and executed through negotiation with the UOLDIVEO Change Management.

Basic Volumetric Analysis of Service

Due to the size and complexity of each environment, the baseline of volumetric analysis of activities and their limiters are agreed. In the event of an additional need, the service will take place normally, however, it will generate a cost related to the additional activities in accordance with a matrix of amounts to be defined.

• Incidents

• Baseline of 6000 incidents registered per month

• Incidents not related to the infrastructure with a proven recurrence pattern under the responsibility of the client or third parties outside the UOLDIVEO scope are subject to charge for the respective technical hours

• Problems

• No volumetric analysis limit for infrastructure problems

• Requisition

• Baseline of 800 service requisition calls per month

• Prioritization of up to 3% of total requests per month

• Changes

• Baseline of 800 changes per month (including pre-approved changes)

EXECUTION VERSION

Page: 26/29

Regular Deliverables

One of the fundamental pillars of the IT Management process is the continuous measurement of its key indicators, accompanied by review by the competent areas to guide any adjustments and preparation of applicable action plans.

The UOLDIVEO process of IT Management allows a high degree of customization of process flows and deliverables related to the health indicators of the IT environment. The UOLDIVEO process is fully integrated with the Management methodology practiced at PAGSEGURO INTERNET LTDA and such synergy will be extended in a transparent manner to the other services offered in this proposal.

NOTE: The operational system patch update plan can be customized in accordance with the client’s management and governance standard.

The table below describes the items that comprise the basic periodical deliverables according to the category of each asset. The list of deliverables will be adjusted to best fit the needs of the client’s business, whether in content, format or frequency, and may result in a commercial review if necessary. The implementation of the routines for generation and publication of the regular deliverables will be done in accordance with the order of priorities to be agreed between UOLDIVEO and the CLIENT during the term of validity of the contract.

DELIVERABLES	Evidence of delivery	Frequency
Backup Lamp Report	Report	DAILY
Communication through the incident Management process of critical events generated by the tool	Call	Per event
Registration, communication and scaling of incidents according to severity	Call	Unlimited
Third part actioning and communcation during incident	Call	Unlimited
CAB Participation	Record of approval of CAB	WEEKLY
Communicatoin during execution of changes	Call	Per change
RDP – Probelm Report	Report	On Demand
Book of consolidated results	Report	MONTHLY

EXECUTION VERSION

Page: 27/29

Exceptions

There can occur many day-to-day situations that require services that are not covered by the contracted management. However, part of these needs is covered by our portfolio of services. We list below the most usual demands indicating those that can be requested through additional projects.

Item/Service	Is it in our portfolio of services	Billed as an additional service
Acquisition and supply of any kind of hardware, spare parts, software and software licenses.	Yes	Yes
Transport of large infrastructure hardware (large servers, storages and other large and/or heavy equipment) or any large volume assets, within a locality or between localities.	Yes	Yes
Maintenance of infrastructure hardware (servers, storage and network equipment), including replacement of defective parts.	Yes	Yes, if not covered by a regular contract
Acquisition, destruction, emergency transportation, or any action related to storage media or the backup environment that is billed by a partner or supplier	Yes	Yes

Considerations for the Proposal:

• UOLDIVEO’s operations are restricted to the supply of management services presented in this proposal. Any elements, inputs or activities that are not explicitly specified are not part of the scope and, if necessary, must be contracted additionally or supplied / executed directly by PAGSEGURO INTERNET LTDA.

• Proposal does not include upgrade of database version, operational systems or any applications;

• All windows for execution of changes, requisitions or any type of actions that imply unavailability will be previously communicated and agreed with PAGSEGURO INTERNET LTDA;

• PAGSEGURO INTERNET LTDA will be fully responsible for making available all hardware/software resources necessary to execute the service, except for the resources owned by UOLDIVEO;

• When necessary PAGSEGURO INTERNET LTDA, must ensure that professionals are available and able to support the activities inherent to the solution contracted and described in this proposal.

• Third-party products (hardware, software, etc.) acquired by PAGSEGURO INTERNET LTDA will follow the manufacturers’ standard lifecycle, and it is therefore at UOLDIVEO’s discretion whether or not to supply support for the items mentioned when they are beyond their life cycles (there will be no SLA for products the life cycle of which has been terminated by manufacturers);

EXECUTION VERSION

Page: 28/29

Responsibilities:

☑ UOLDIVEO’s RESPONSIBILITIES:

• Supply the information and technical clarification requested by PAGSEGURO INTERNET LTDA on the execution of the services;

• Have access to the installations of the environments that are the subject matter of this proposal only with the knowledge and authorization supplied by PAGSEGURO INTERNET LTDA;

• Issue, in the due terms, all documents that are its responsibility;

☑ PAGSEGURO INTERNET LTDA’s RESPONSIBILTIES:

• Any item that comes to be altered or included will be the subject of an additional commercial proposal;

• Supply authorization to access their installations when necessary to execute the scope of activities in this proposal;

• Supply in a timely manner, when it is its responsibility, the data and clarification requested by UOLDIVEO;

• Make available to UOLDIVEO the technical information about managed environment devices, including manuals, plans and data on previously executed services;

• Make a focal point availale capable of supplying environmental information necessary for the execution of the activities contained in the schedule presented in this document;

EXECUTION VERSION

Page: 29/29

Annex – SLA (Service Level Agreements):

UOLDIVEO is committed to fully complying with the SLA commitments by supplying redundancy and diversity in every aspect. All UOLDIVEO infrastructure equipment is implemented with redundancy for maximum availability.

We work with the following indicators of annual availability, evaluated monthly for credit purposes:

• Infrastructure available 99.9% of time;

• Internet provision in the Data Center (when applicable) available 99% of time;

The following average repair times, Mean Time to Recovery (MTTR), will be considered:

Type of Impact	Severity	Mena Time to Recovery (MTTR)
• Availability of the services totally affected (completely unavailable); • All or most users are unable to operate; • Risk of loss of physical security of the Data Center environment; • Detection of attack or invasion of the environment* • Risk of fraud or breach of confidential information*.	P1	4 hours
• Availability of the services partially affected; • A considerable number of users are having difficulty operating; • Client environment degraded or with intermittent drops; • Partially unavailable link access*.	P2	12 hours
• Degradation of services without unavailability (degradation of quality); • A very small number of users with difficulty to operate or consult information; • A group of clients unable to use some non-critical function.	P3	24 hours
• Requests for non-critical technical support; • Requests for information or non-strategic or critical activities; • Request for occasional reports for verification.	P4	96 hours

* When applicable.

Other information related to the SLA is included in the Service Level Annex which is an integral part of the contract.