Payment initiation service rules

Open Interface - a publicly available technical interface for interaction between account administrators, payment service providers, payment initiation service providers, account information service providers, other service providers, payers and recipients.

Payment initiation service provider, Billing information service provider, Paysera - "Paysera LT", UAB, legal entity code 300060819, head office address: Pilaitės pr. 16, Vilnius, LT-04352, e-mail: [email protected], phone: +370 52071558. Electronic Money Institution Licence No. 1, issued on 27.09.2012; issuing and supervising authority is the Bank of Lithuania, identification code 188607684, address: Žirmūnų str. 151, Vilnius, e-mail: [email protected], phone: (8 5) 268 0501; data on "Paysera LT", UAB are collected and kept in the Register of Legal Entities of the Republic of Lithuania (hereinafter referred to as Paysera).

Payer - a natural (private) or legal person who has an account(s) with another payment service provider institution(s) and who consents to or provides payment orders from that account(s) using the Paysera services described in these Terms and Conditions.

Payment initiation service, PIP - a payment service that allows initiating, at the request of the Payer, a payment order from an account opened at an institution of another payment service provider through the Provider of the payment initiation service.

Payment service provider, PPS - in these Regulations is understood as the payment service provider, in the institution of which the Payer has an account, from which the Payer intends to give a payment order (for example, banks, credit institutions, etc.).

Account information service, AIS - payment service, which allows receiving consolidated information on the account or accounts of the Payer in an institution of other Payment service provider via Internet.

Rules - these rules for payment initiation service and account information service.

The main characteristics of EIP and EIS are

1. These Rules determine the functioning of IIP and IIP in Paysera system, indicate the main characteristics of IIP and IIP, regulate the provision of Payer's data in order to provide IIP and IIP, as well as confidentiality and security of these data. If the Payer agrees, Paysera provides IIP and IIP in combination.

2. The IIP provided by Paysera allows the Payer who intends to use the IIP to connect to his or her personal online banking account through the Paysera supported Open Interface or to obtain information about accounts opened at a particular PPU, account balances, and to select the account from which the Payer intends to initiate a Payment Order.

3. By providing the UIP, Paysera offers the Payer the opportunity to connect to his/her personal Internet Banking through the Open Interface supported by Paysera and to confirm (authorize) the Payment Order automatically generated for the PPU, i.e. the Payer provides and confirms the Payment Order by connecting to his/her Internet Banking not directly, but through the Paysera system and the Open Interface supported by Paysera.

4. The Payer is not charged an additional fee for either UIP or UIS; however, the Payer is notified by these Rules that the standard fee for a payment transfer of the respective type, which is applied to the Payer and debited by the UPU, is charged for the payment transfer. If the Payer's CCP informs Paysera of such payment transfer fee, Paysera shall in turn inform the Payer thereof before the Payer confirms the payment order.

Detailed description of the functioning of EPM and EPM

5. By submitting a request for the initiation of an IIP from his/her payment account and/or a request for account information, the Payer expresses his/her consent to use these services electronically and is redirected through the Paysera supported Open Interface to his/her PPU webpage, where he/she enters the Internet Banking connection details. When the Payer connects to online banking, Paysera automatically generates and initiates a payment order on behalf of the Payer. When performing this function, Paysera does not collect, save or store the Payer's online banking connection data (personal protective data), and the final recipient of the data is the payee specified in the Payer's Payment Order. Information used by the Payer when connecting to the Payer's Internet Banking (client code, password, codes of the generator or code card, etc.) is encrypted and is used only for one-time initiation of the payment order, one-time provision of account information and only for one session. The session is maintained until the payment order confirmation is received from the PPU, but no more than 10 (ten) minutes.

6. The payer grants Paysera's consent to initiate UIP and receive account information in each specific instance of service provision by clicking on the special button in the information window and subsequently performing active actions, i.e. by entering their Internet banking connection data and confirming the payment order generated by Paysera. The payer, using the Paysera UIP, solely initiates, on his/her own behalf, the submission of a payment order to his/her selected PPU. The payment order can be cancelled until the Payer agrees to the initiation of the UIP. The desire to cancel the payment order is expressed electronically by the Payer by interrupting the session with active actions.

7. The UIP provided by Paysera allows the Payer to see the Payer's account(s) and balance on the Payer's account(s) at a particular PPU institution at the time of payment initiation. If the Payer has more than one account at a particular PPU institution, the Payer should select the account from which the payment order is to be executed when making the transfer.

8. At the moment when the Payer connects to Personal Internet Banking, Paysera shall automatically generate a payment order for the Payer according to the data provided by the Payer, including:

8.1. if the recipient of the funds is a Paysera customer from whom the Payer intends to purchase a good or service, the purpose of the payment is automatically indicated in accordance with the recipient's data in the Paysera system, by which the recipient can then easily identify the payment order and the good or service, or other purpose for which the payment order has been provided;

8.2. the amount of payment, which was indicated and confirmed by the Payer when initiating the payment order;

8.3. after the payment order has been formed, it is impossible to change the amount, recipient or other transaction data in it.

9. The Payer confirms (authorizes) the payment order automatically generated by Paysera.

10. Upon successful provision of the payment order initiation service, Paysera provides the Payer and the beneficiary with confirmation of the proper initiation and execution of the Payment Order in a reliable data transmission environment, which at the same time serves as confirmation of the successful initiation of the Payment Order at the Paying Institution servicing the Payer's account. Together with this information, Paysera provides data enabling the Payer and the recipient of funds to recognize the payment transaction, the amount of the payment transaction and, in certain cases (e.g. when using the Taxpayer identification number (personal code) transfer service with the Payer's consent), to recognize the Payer, together with the data sent with the payment transaction.

11. Paysera shall inform the recipient of the funds on the successful execution of the payment.

12. By providing the UIP, Paysera provides the Payer and the recipient of funds with the data that allows identifying the payment transaction and the Payer.

13. By providing UIP and/or UIS, Paysera in no case holds the funds of the Payer.

Liability

14. Paysera shall be solely responsible for the correct provision of the Payer's payment order to the Payer's chosen UIP as well as the security and confidentiality of the Payer's online banking connection data.

15. In the event that Paysera has provided UIP pursuant to a payment order initiated by the Payer and in accordance with this information the funds specified by the Payer have been credited to the beneficiary's account, but for any reason the funds have not been debited and transferred from the Payer's account or have been returned to the Payer, Paysera shall consider such funds a debt of the Payer to the beneficiary.

16. If the Payer becomes aware of an unauthorized or incorrectly executed payment transaction during the use of Paysera services, the Payer shall address this matter to the Payer's payment account administrator in accordance with the procedure set out in the agreement with the payment account administrator.

Data Protection

17. To ensure payment transfers security and confidentiality of the Payer's data, Paysera shall not store any Payer's personal security data (such as unique identifiers, passwords or payment transfers confirmation (authorization) codes) in the information technology systems and servers used. All received data is provided by the personal data subject himself/herself.

18. All Payer's Internet banking connection data (personal security data) shall be used only once during the session. Throughout the session such data is encrypted and cannot be seen, restored or used in Paysera system. At each request to initiate a payment order and/or account information, the Payer shall be obliged to re-confirm his/her identity to the Paysera account servicer. 19.

19. All data provided by the Payer in the Paysera system during the transfer process shall be transmitted to the PSU institution via a secure channel protected by a SSL certificate. Thus, the Payer's Internet banking connection data and confirmation (authorization) codes for payment orders and/or account information requests remain secure and cannot be intercepted by third parties.

20. In order to provide EPM and EPM, the following data about the payment transfer is collected and stored in Paysera system: Payer's name and surname (or name of a legal entity); identification number (if transmitted with the payment order); date, amount and purpose of payment; Payer's e-mail address and account number.

21. Paysera shall inform the Payer that its personal data will be processed by Paysera, and the Payer, by initiating a payment order or an account information request in the Paysera system via an IPP, agrees that its data will be processed by Paysera. If the Payer does not agree to have his/her data processed by Paysera, the service shall not be provided to the Payer. 22.

22. Paysera processes personal data in accordance with the following provisions:

22.1. does not request data other than that which is not necessary for the provision of the EIP and the EIP;

22.2. ensures the obtaining of information about the Payer, when providing EPM exclusively by the Payer of the funds and only after obtaining an explicit consent from the Payer;

22.3. ensures receipt of information about the Payer when granting IIP solely by the Receiver of funds and only after obtaining an explicit consent from the Payer;

22.4. does not store the Payer's unaffiliated payment data, i.e. data that can be used for fraudulent purposes and that falls under the definition of personal protected data;

22.5. protects the Payer's personal protected data from the possibility of access to it by third parties, except the Payer and the issuer of the personal protected data (the respective PPU);

22.6. does not use the data for purposes not related to the EPM and/or EPM, as well as does not access or store the data for purposes other than those specified;

22.7. has access solely to the specified payment accounts and information related to the payment transactions and receives payment-related personal data solely to the extent necessary to provide the EPM and/or EPM with the payment transactions;

22.6. does not change the amount, recipient of funds or other data of the payment transaction;

22.9. takes appropriate organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure or any other unlawful acts, as indicated in the legal acts regulating personal data processing

22.10. implements security measures aimed at preventing the use of PII for the purpose of acquiring or gaining access to funds by fraudulent means.

23. The subject of personal data has the right to request to be allowed to see his or her personal data held by Paysera, the manner of its processing and to request that such data be made available. Once a calendar year, data may be provided free of charge, but in other cases a fee may be charged for the provision of data, not exceeding the cost of providing the data.

24. The data subject has the right to demand that Paysera correct any inaccuracies in his or her personal data, delete, restrict or transfer it free of charge. The data subject shall also have the right not to consent to the processing of his personal data and to its disclosure to third parties, except in cases where this is necessary for the provision of the services indicated on the site. Please note that the right to request immediate deletion of personal data may be restricted or impracticable in connection with the obligation imposed on Paysera as a payment service provider to maintain data concerning the identity of clients, payment transactions, contracts entered into, etc. for a period of time specified in the legal regulations.

25. Personal data for the purpose of providing EPM and/or EPM shall be retained for a period of 3 years from the date of its receipt.

26. Requests for access, corrections and dissent shall be sent to the e-mail address: [email protected]. The request must clearly state the first and last name. Contacts for the Paysera Data Protection Officer: [email protected].

Final Provisions.

27. A payer using Paysera's services is advised to read Paysera's recommendations and tips for safe use of the Paysera system.

28. These Terms and Conditions shall be governed by the law of the Republic of Lithuania, including the cases when the dispute between the Payer and Paysera falls within the competence of the court of another country.

29. Payers shall have the right to submit their complaints or claims regarding the provided payment services to the common e-mail address [email protected]. The term for processing written complaints does not exceed 15 working days from the moment the complaint is filed. In exceptional cases, where for reasons beyond Paysera's control, it is not possible to reply within 15 working days, Paysera will provide an interim reply. In any event, the deadline for providing a final response will not exceed 35 business days.

30. If the Payer is not satisfied with the decision made by Paysera, the Payer shall have the right to seek other remedies:

30.1. file a complaint with the Bank of Lithuania by mail to Totorių g. 4, LT-01121 Vilnius, or Žirmūnų g. 151, LT-09128 Viljus, and/or by e-mail to [email protected] or [email protected].

30.2 If the Payer is a user, he shall also have the right to apply to the Bank of Lithuania as an institution dealing with consumer disputes out of court(more details).

31. If it is impossible to resolve the dispute amicably or through other methods of extrajudicial dispute settlement, the dispute shall be resolved in the courts at the location of Paysera, in accordance with the procedure established by law.

32. These Rules shall come into force when the Payer initiates a payment order and/or when submitting a request for account information by means of an IIP and/or IIP in the Paysera system. The person using UIP in Paysera system confirms that he/she has read these Rules, agrees with them and undertakes to comply with them.

33. Paysera reserves the right to unilaterally change these Terms and Conditions at any time. Such changes shall become effective on the date of their publication. Interested parties are advised to promptly review the latest version of these Terms and Conditions, which is published on the Paysera website.