Regulations for Accepting Transactions in the Payment Gateway provided by SIBS Pagamentos

Article 1

1. These Terms and Conditions set forth the rules regarding the Supplier’s services for handling payments made electronically by the Purchaser using the various payment methods listed in Article 2, Paragraph 1 (“Payment”), constituting a single payment transaction within the meaning of the Payment Services Agreement dated August 19, 2011, to entities (Business Partners) that have entered into agreements with the Supplier enabling them to accept Payments.
   
   
2. The Provider of the Purchasers is SIBS PAGAMENTOS, S.A., headquartered in Lisbon (1649-031), Rua Soeiro Pereira Gomes, Lote 1, Lisbon, Portugal, registered under number: 509776965 in the Lisbon Commercial Register, with share capital of EUR 1,400,000.00, being a EU payment institution within the meaning of the Payment Services Act of August 19, 2011, registered in the Portuguese Payment Services Register under number 8703 (hereinafter referred to as “Provider”). The execution of payment services by the Provider is supervised by Banco de Portugal (Portugal’s central bank).

Article 2

1. The Trading Partner accepts electronic payments according to the payment method selected by the Purchaser. Payment methods covered by the Terms and Conditions are:
   a. payments made by payment cards,
   b. payments made by electronic transfer (including online and BLIK payments).
   
   
2. In order to use the Provider’s service, it is necessary that:
   1) the buyer has read and accepted the Terms and Conditions,
   2) in the case of payments made by the Purchaser with a payment card, that the Purchaser has a payment card authorized by banks for online transactions,
   3) the buyer had a device capable of accessing the Internet, including a program for viewing Internet resources.
   
   
3. In order to use the service, the Purchaser should provide the following data: first name, last name and e-mail address. Depending on the payment method selected, it may be necessary to provide additional data in accordance with the form on the Supplier’s website, in particular, in the case of payments made by the Purchaser with a payment card, it is necessary to provide the card number and verification code (CVV or CVC).
   
   
4. Upon submission of the data indicated in paragraph 2 and acceptance of the Terms and Conditions, a contract is concluded between the Purchaser and the Supplier, the subject of which is the provision of services indicated in these Terms and Conditions.
   
   
5. The terms and conditions of service will be specified in the Purchaser’s payment order received in accordance with the contract.
   
   
6. The direct debit is transferred when the amount of the Payment is credited to the Supplier’s account. For direct debits received on a day that is not a business day, the direct debit is considered to be transferred on the nearest business day. The processing time of the Purchaser’s Payment to the Business Partner depends on the selected payment method and the rules set forth in the agreement between the Supplier and the Business Partner. The Supplier shall process the Purchaser’s Payment to the Business Partner no later than the next business day after receipt of the Purchaser’s payment order.
   
   
7. The Supplier informs the Purchaser of the payment made through an electronic message delivered to the Purchaser in the form of an e-mail sent to the address indicated by the Purchaser.
   
   
8. The Supplier reserves the right to refuse to make a particular Payment if:
   1) violated the provisions of these Regulations, generally applicable regulations or rules of social intercourse,
   2) the Supplier doubts whether the transaction to which the Payment relates or the Payment itself complies with generally applicable regulations,
   3) the Purchaser is not a person authorized to use the payment instrument indicated in the choice of payment method, in particular, a payment card, based on the agreement with the issuer of the payment instrument,
   4) the purchaser has provided false or misleading information indicated in paragraph 2 above.
   
   
9. If the Payment is returned for any reason, the Supplier will inform the Purchaser at the email address provided in accordance with paragraph 2 above and agree with the Purchaser on how the amount of the Payment is to be returned.
   
   
10. For non-performance or inadequate performance of services, the Provider shall be liable under the terms of the law, in particular the Payment Services Act of August 19, 2011.

Article 3

1. The Supplier shall process the Purchaser’s data as a processor to the Business Partner during the execution of the transaction, with the proviso that the Supplier shall be the Administrator of the Purchaser’s personal data, such as the Purchaser’s identification data and transaction data for purposes:
   
   1.1. Implementation of the contract with the Purchaser for electronic payments for transactions for goods and services and complaints,
   1.2. To establish, assert or defend legal claims,
   1.2.1. the legal basis is the need to process the data for the purpose of entering into and performing contracts with the Supplier to which the Purchaser is a party (Article 6(1)(b) RODO),
   1.3. Prevention of fraud and fraud-related activities concerning the payment services provided,
   1.4. detecting and investigating such fraud,
   1.5. Identification of the Purchaser to the extent required by law,
   1.6. handling of Purchaser’s complaints,
   1.7. storing data for archiving purposes and ensuring accountability (proving our compliance with legal obligations),
   1.7.1.1. legal basis is the need to process the data in order to fulfill these legal obligations (Article 6(1)(c) RODO),
   1.7.2. to carry out analytics, other types of statistical analysis, improve the quality of the Provider’s services and product development,
   1.7.2.1. legal basis is the need to process the data in order to pursue such legitimate interests of the Supplier (Article 6(1)(f) RODO),
   1.8. conduct marketing activities for its own services,
   1.9. conduct marketing activities for third-party services, whereby contacting the Purchaser in the aforementioned scope by means of certain means of communication may require the prior, separate and voluntary consent of the Purchaser – the legal basis being the aforementioned consent (Article 6(1)(a) RODO).
   
   
2. The Supplier obtained the Purchaser’s personal data from the Business Partner with whom the Purchaser enters into a transaction.
   
   
3. Submission of data is voluntary, but refusal to submit data may make it difficult or impossible for the Provider to provide services.
   
   
4. The Purchaser’s personal data may be transferred to third parties if it is necessary for the correct performance of services to the Purchaser, in particular for the improvement of payment organization and payment services. Purchaser’s personal data may also be transferred to entities processing personal data on order received from the Supplier (processors), with such entities processing personal data on the basis of an agreement concluded with the Supplier, and the transfer of such data is subject to safeguards and control by the Supplier. Purchaser’s data may also be shared with entities authorized by law.
   
   
5. Purchaser’s personal data will not be transferred by the Supplier outside the European Economic Area or to international organizations, subject to the next sentence. Purchaser’s personal data may be transferred to third countries if transferred to payment organizations, in particular in connection with the fulfillment of obligations regarding the prevention of fraud in the payment services provided (with the exception of data listed in Article 9(1) of the RODO). Data may be transferred to third countries only after meeting the requirements set forth in Article 44 et seq. RODO.
   
   
6. Data storage: Data will be stored for the period of time necessary to fulfill the purposes of processing. For this purpose, the Supplier shall periodically review the stored personal data. The Supplier shall store personal data for the duration of the contracts and the period necessary to assert or defend against claims related to the performance of the contracts. Personal data obtained as a result of financial security measures and contained in the evidence of transactions and in the transaction register, including related documents, shall be retained for a period of 5 (five) years starting from the first day of the year following the year of termination of the contract. Personal data obtained, if relevant or sufficiently correct for the prevention of money laundering and terrorist financing, may be retained for a period of 7 (seven) years starting from the date of the contract. Personal data processed by the Supplier for marketing activities may be processed until the Purchaser objects or withdraws his/her voluntarily given consent. The said personal data may be kept longer if required by the competent supervisory authority.
   
   
7. Rights of data subjects: The Purchaser has the right to information, to request access to and to correct or delete personal data, or to restrict or object to its processing, as well as the right to data portability. If the processing is based on the Purchaser’s consent, the Purchaser has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. The Purchaser may exercise these rights by writing to the following address: Data Protection Officer, Rua Soeiro Pereira Gomes, Lote 1, 1649-031, Lisbon, Portugal, or electronically to the following email address: DataProtectionOfficer@sibs.com
   
   
8. The purchaser has the right to file a complaint with the supervisory authority.
   
   
9. If the Purchaser has questions about the processing of its data, if the Supplier is a processor of the Purchaser’s personal data, the Supplier recommends checking the privacy policy or other documents related to RODO provided by the Business Partner with which the Purchaser is transacting, or contacting the Business Partner directly.

Article 4

1. The Purchaser has the right to file a complaint if the services specified in the Regulations are not provided or are not provided in accordance with the provisions of the Regulations.
   
   
2. A complaint can be submitted directly to the Supplier or, for ease of contact, through PayTel S.A., a Polish subsidiary of the Supplier. PayTel S.A. will forward the received complaint to the Supplier. Regardless of the choice of entity and form of complaint submission, the complaint will be handled by the Supplier.
   
   
3. A complaint can be submitted in the following form:
   
   a) in writing to the address:
   (i) Suppliers: Rua Soeiro Pereira Gomes, Lote 1, 1649-031, Lisbon, Portugal.
   (ii) Intermediary entity for the transmission of complaints:
   – Headquarters: PayTel S.A., 14 Żwirki i Wigury St., 02- 092 Warsaw
   – Branch: PayTel S.A. branch in Nowy Sącz, 118 Nawojowska St., 33-300 Nowy Sącz
   
   b) in electronic form using the form available at www.paytel.pl/pl/kontakt/teleserwis,
   
   c) sending the complaint directly to the e-mail address: ecommerce.helpdesk@paytel.pl,
   
   d) by telephone at the hotline number +48 18 540 59 96,
   
   e) by fax to +48 18 521 18 01.
   
   
4. The complaint should include at least: the name, surname, address of the Purchaser (in the case of a complaint requiring a response by mail), the reason for the complaint, a description of the objections, the date of the event that became the subject of the complaint, the transaction ID received in the payment status email. If the subject of the complaint is a transaction completed by the Supplier, the notification should be accompanied by a confirmation of the transaction in the case of a debit. In addition, include: the transaction number and/or the exact amount of the payment, the date of the transaction and the name of the service/URL of the store where the transaction was made.
   
   
5. If the data or information provided by the Purchaser in the complaint needs to be supplemented, the Supplier shall have the right to request that the Purchaser supplement the complaint to the extent and by the date indicated in the request before the complaint is serviced.
   
   
6. The supplier will process the complaint as soon as possible, no later than within 15 working days of receiving the complaint. In particularly complex cases, the maximum time limit for handling a complaint may not exceed 35 working days from the date of receipt of the complaint.
   
   
7. The response to the complaint will be provided by the Supplier in writing or electronically, if the Purchaser has agreed to it.
   
   
8. In connection with the processing of complaints, in order to clarify any issues with payment instrument issuers, financial institutions and supervisory authorities, the Provider may require the Purchaser to send within 7 days of receiving such a request:
   1) additional necessary information on the transaction for which the claimed Payment was made, and
   2) copies of documents relating to the execution of the transaction for which the Purchaser made the Payment, including a copy of the confirmation of the purchase of goods or services.

Article 5

1. The regulations are available on the Supplier’s website.
   
   
2. The contract between the Purchaser and the Supplier shall be governed by Polish law.
   
   
3. Any disputes related to the services provided by the Supplier will be settled by the competent common courts in Poland.