Open connection interface – public technical interface for connection maintenance between payment service providers, payment initiation service providers, account information service providers and other payment service providers managing accounts, payers, and recipients.
Payment initiation service provider, Account Information Service Provider, Paysera – Paysera LT, UAB, legal entity code: 300060819, official address: Pilaitės pr. 16, Vilnius, LT-04352, e-mail address: [email protected], phone: +370 52071558. Electronic Money Institution Licence No. 1, issued on September 27, 2012, the issuing and supervisory body is the Bank of Lithuania; identification code: 188607684, address: Žirmūnų g. 151, Vilnius, e-mail address: [email protected], phone No. (8 5) 268 050; data about Paysera LT, UAB is collected and stored in the Register of Legal Entities of the Republic of Lithuania.
Payer – a natural (private) or legal person who has a payment account (accounts) in another (other) payment service provider’s institution (institutions) and allows to perform or submits payment orders from that payment account (accounts) using services provided by Paysera described in the present Rules.
payment initiation service, PIS – a payment service, when a payment order is initiated by a request from the Payer from a payment account opened in another payment service provider’s institution via the payment initiation service provider.
Payment service provider, PSP – under the present Rules is understood as a payment service provider, in the institution of which the Payer has a payment account from which they intend to execute a transfer order (e.g. banks, other credit institutions, etc.).
Account Information Service, AIS – a payment service, when consolidated information about one or several payment accounts of the Payer in the institution of another payment service provider is provided via the Internet.
Rules – the present rules for the provision of the Payment Initiation and Account Information Services.
General Features of the PIS and the AIS
1. These Rules determine the functioning of the PIS and the AIS in the Paysera system, provide the main features of the PIS and the AIS, regulate the submission of data of the Payer for the purpose of provision of the PIS and the AIS, and the security and confidentiality of this data. Under consent of the Payer, Paysera provides both the PIS and the AIS together.
2. The AIS provided by Paysera allows the Payer, who intends to use the PIS, to log in to their personal electronic banking system via the Open connection interface supported by Paysera and receive information about their accounts at a specific PSP, balance on the accounts, and select an account which the Payer intends to initiate a Payment order from.
3. Using the PIS provided by Paysera, the Payer has the possibility to log in to a personal electronic banking system via the open connection interface supported by Paysera, and confirm (authorise) an automatically generated payment order to the PSP institution of the Payer, i.e. the Payer initiates and confirms a payment order by logging in to their electronic banking not directly, but via the Paysera system and the supported Open connection interface.
4. Both the AIS and the PIS in the Paysera system do not cost the Payer additionally, although the Payer, under the present Rules, is informed that the Payer will be applied with their PSP institution’s standard commission fee for payment transfers of a relevant type charged by the PSP of the Payer. If the PSP of the Payer informs about the price of such payment transfer, Paysera shall also inform the Payer thereof before they authorise the payment order.
Detailed Description of the Operation of the PIS and AIS
5. When submitting a request to initiate a payment order from their payment account and/or submitting a request for account information provision, the Payer electronically expresses their consent to Paysera for the use of these services and is redirected via the Open connection interface supported by Paysera to their PSP website where they enter their login data to the electronic banking. After the Payer logs in to their electronic banking, Paysera automatically generates and initiates a payment order on behalf of the Payer. When executing this function, Paysera does not collect, accumulate, or store any electronic banking data (personalised security data) provided by the Payer, and the final recipient of data is the payment recipient provided by the Payer in the Payment order. Information which the Payer uses to log in to their electronic banking (client ID, password, generated codes, password card codes, or any other) is encrypted and used only once for payment order initiation, account information, and during only one session which is supported only until reception of confirmation of the payment order from the PSP, but not longer than 10 (ten) minutes.
6. In each separate instance of service provision, the Payer gives their consent to initiate the PIS and receive information about the account electronically, by clicking the consent button in the provided information window and later when performing some actions, i.e. entering their login data to the electronic banking and confirming the payment order generated by Paysera. Using the Paysera AIS, the Payer personally, on their behalf, and unilaterally initiates submission of the payment order to the selected PSP. The payment order may be cancelled up to the moment when the consent to initiate the PIS is given by the Payer. The wish to cancel a payment order is expressed by the Payer electronically by terminating the session.
7. With the help of the AIS provided by Paysera during payment initiation, the Payer is displayed the payment account (accounts) at a specific PSP institution and its (their) balance. If the Payer has several payment accounts in a specific institution of the PSP, the Payer selects the account from which they intend to execute the payment order.
8. After the Payer logs in to their electronic banking, Paysera automatically generates a payment order according to the data of the Payer provided to Paysera, also indicating:
8.1. if the recipient of funds is a client of Paysera, who the Payer intends to purchase goods or services from – the payment purpose is indicated automatically according to the data of the recipient of funds in the system, which will later help the recipient o funds to easily recognise the payment order, the purchased goods or services, and the purpose of the payment;
8.2. the payment amount confirmed by the Payer during the initiation of the payment order;
8.3. after a payment order is generated, the amount, the recipient of funds, and other transaction data cannot be changed.
9. The Payer shall confirm (authorise) a payment order automatically generated by Paysera.
10. After successful provision of the payment order initiation service, via a durable medium, Paysera submits a confirmation to the Payer and the recipient of funds about the proper initiation of the payment order and the successfully completed Payment order, which at the same time is also a confirmation that the payment order has been appropriately initiated at the institution of the PSP managing the payer’s account. Along with this information, Paysera submits the data that allows the Payer and the recipient of funds to recognise the payment transaction, the amount of the payment transaction, and, in certain cases (for example, by using the service of provision of transfer of the personal ID number), for the recipient of funds to recognise the Payer, together with the data sent with the payment transaction.
11. Paysera shall inform the recipient of funds about the successful execution of a payment order.
12. When providing PIS, Paysera provides the Payer and the recipient with data that allows them to identify the payment transaction and the Payer.
13. When providing PIS and/or AIS, Paysera does not keep the funds of the Payer at any moment.
14. Paysera undertakes full responsibility for the proper submission of a payment order of the Payer to the PSP selected by the Payer, as well as the security and confidentiality of login data to the electronic banking provided by the Payer.
15. In case Paysera provides the PIS according to the payment order initiated by the Payer, and according to this information the funds indicated by the Payer have been credited for the recipient of funds, but for some reason the funds have not been debited and transferred or have been returned to the Payer, Paysera shall deem such funds as a debt of the Payer to the recipient of funds.
16. If the Payer finds out about an unauthorised or inappropriately executed payment transaction using the Paysera services, the Payer shall contact the operator of their payment account thereof under the procedure indicated in the agreements with their account operator.
17. Ensuring the security of payment transfers and the confidentiality of the data of the Payers, Paysera does not store any data of the Payer related to personalised security data (e.g. unique identifiers, passwords, or payment order confirmation (authorisation) codes) in the information technology systems and servers used. All the data received are submitted by the personal data subject themselves.
18. All the personalised login data (personalised security data) for the electronic banking of the Payer are used only during one-time sessions, throughout which they are encrypted and cannot be seen, recovered, or used in the Paysera system. Each time when the Payer submits a request to initiate a payment order and/or a request for account information, they must once again confirm their identity to the PSP operating their account.
19. All the data provided by the Payer in the Paysera system during payment execution are transmitted to a PSP institution through a safe channel secured by SSL certificate. Therefore, login data to the electronic banking of the Payer and payment order confirmation (authorisation) codes remain safe and cannot be taken over by third persons.
20. For the purpose of provision of the PIS and AIS, the following data about the payment transfer are collected and stored: full name, personal code (national ID number, if transferred together with the payment order), payment date, payment amount, payment purpose, email address and account number of the Payer.
21. Paysera informs the Payer that their personal data will be processed by Paysera, and the Payer, by initiating a payment order and submitting an account information request in the Paysera system, agrees for their personal data to be processed and stored by Paysera. If the Payer does not agree for their personal data to be processed by Paysera, the service shall not be provided to the Payer.
22. Paysera processes personal data in compliance with the following provisions:
22.1. does not request to submit any data other than that required for the provision of the PIS and AIS;
22.2. ensures that information about the Payer received during the provision of the AIS will be provided only to the Payer and only after receiving a clear consent from the Payer;
22.3. ensures that information about the Payer received during the provision of the PIS will be provided only to the recipient of funds and only after receiving a clear consent from the Payer;
22.4. does not store sensitive payment data of the Payer, i.e. data which can be used to commit fraud and which includes personalised security data;
22.5. ensures that personalised security data will not be available to other parties except the Payer themselves and the issuer of the personalised security data (relevant PSP);
22.6. does not use the data for purposes other than the provision of the PIS and/or AIS, does not have access to or store the data for anything other than the mentioned purposes;
22.7. has access only to indicated payment accounts and information of related payment transactions, and receives only as much personal data related to payment accounts and related payment transaction, as necessary for the provision of the PIS and/or AIS;
22.8. does not change the amount, the recipient, and other features of the payment transaction;
22.9. implements appropriate organisational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, and any other illegal handling, as set forth in the legislation regulating the processing of personal data;
22.10. implements measures to prevent PIS or AIS from being used by individuals who seek to obtain or take control over funds by deception.
23. The subject of the personal data has the right to demand to be acquainted with the personal data stored by Paysera, learn how it is processed, and request to have such data submitted to them. The data can be provided free of charge once per calendar year, but in other cases provision of data may be charged at an amount which does not exceed the cost of data provision.
24. The subject of personal data is entitled to request Paysera to correct inaccuracies in their personal data free of charge or delete, limit, or transfer them. The subject of personal data is also entitled not to agree with the processing of their personal data and their disclosure to third parties, except when it is necessary for the provision of services given on the website. Please note that the right to request to delete personal data immediately may be limited or impossible due to legal obligations of Paysera, as provider of payment services, to protect the data about the identification of the client, payment transactions, concluded agreements, and so on, for the period determined by the law.
25. For the purpose of PIS and/or AIS provision, personal data are stored for 3 years after their receipt.
26. Requests for access, correction, and non-consent shall be sent by email to [email protected]. In the request, the Client shall clearly indicate their name and surname. Contacts of the Paysera Data Protection Officer: [email protected].
27. The Payer, using Paysera services, is advised to get acquainted with the guidelines and recommendations for the safe use of the Paysera system.
28. The present Rules are subject to the law of the Republic of Lithuania, even if a dispute between the Payer and Paysera falls under the jurisdiction of a country other than the Republic of Lithuania.
29. The Payer has the right to submit claims and complaints about the payment services provided to the general email address [email protected]. A written claim from the Payer shall be examined not later than within 15 business days from the day of receipt. In exceptional cases, when due to circumstances that are out of the control of Paysera the response cannot be provided within 15 business days, Paysera shall provide an indecisive response. In any case, the final response shall be provided not later than within 35 business days.
30. If the Payer is not satisfied with the solution of Paysera, the Payer has the right to exercise other legal remedies and:
30.2. If the Payer is a user, they also have the right to contact the Bank of Lithuania as an institution resolving consumer disputes in an extra-judicial manner (find out more).
31. In case of failure to settle a dispute amicably or in another extrajudicial method of dispute resolution, the dispute shall be settled by the courts following the procedure established by the law according to the location of Paysera’s office.
32. The present Rules come into force upon initiation of a payment order and/or submission of a request for account information by the Payer using the PIS and/or AIS provided by the Paysera system. The person, using the PIS in the Paysera system, acknowledges that they are familiar with the present Rules, agree with them, and undertake to comply with them.
33. Paysera reserves the right to amend these Rules unilaterally at any time, and such amendments come into force upon their publication. Persons are advised to always get acquainted with the latest version of these Rules published on the Paysera website.
Rules for the provision of payment initiation service (valid until 16.09.2019)