Contract Terms on Providing of EVERIFIN Payment Services

The purpose of these Contract Terms (hereinafter as the “CT”) is to set out a legal framework in which our company providing services of a certain type interacts with you as a user of our services.

Please read these contract terms carefully, in order to gain information on the type, scope of and guarantees for the services provided by us and in order to gain information on what we expect from you in this respect.

By clicking on the button “I agree with the Framework Contract and with the Contract Terms” you acknowledge that you have understood their content and declare your consent with their wording and enter into the legal relationship on providing of Information Payment Service on Payment Account and Payment Initiation Service.

In case you need help with explaining these terms, we will gladly welcome your questions at the e-mail address: info@everifin.com.

I. Provider of Services

Provider of payment services pursuant to these terms, that enters into a contractual relationship with you, is

Usability Engineering Center, s. r. o.

Mikovíniho 8, SK – 917 01 Trnava, Slovakia,

identification number (IČO): 46963774 , Business Register of the District Court Trnava, Section Sro, insertion No. 30858/T

License number: https://subjekty.nbs.sk/entity/3999/

Insurance policy No. B2000OMP604534, supervising authority National Bank of Slovakia, Imricha Karvaša 1, 813 25 Bratislava

The provider provides payment services through the Everifin application and operates the website www.everifin.com. Everifin trademark represents its intangible property.

Terms “Provider”, “Everifin”, “we” and “our” used in these contract terms refer to company Usability Engineering Center, s. r. o. and to its team (staff).

II. Conditions for Use of the Services

The essential condition for using our services is that you have reached the age enabling you to enter into this contractual relationship (Slovakia, 18 years of age).

The next condition is that you have opened at least one or several payment accounts in one or in several Other Providers in countries of the European Union, in Norway, Iceland, or in Lichtenstein (e.g. in the bank) or you are authorized for disposition with them.

You will also need a device that meets all requirements regarding system and compatibility (which may change from time to time) for our services, functioning access to the internet and compatible software. The quality of operated services and the ability to use them may be affected by the above-specified requirements. You are solely responsible for meeting those system requirements.

III. Terms and Definitions

Account Information Service (AIS) – means separate online service operated through internet network or through other electronic distribution channel consisting of providing consolidated services on one or several payment accounts which are available online through internet network or through other online distribution channel and that Another Provider of Payment Services or several providers of payment services (Section 2 (1)(h) of Act on Payment Services provide for you as a user of payment services (hereinafter as the “AIS”));

Payment Initiation Service (PIS) – means separate online service consisting of submitting payment order based upon your instruction as a user of payment services with respect to payment account which is accessible online through internet network and is administered by Another Provider of Payment Services (Section 2 (1)(g) of Act on Payment Services (hereinafter as the “PIS”));

Another Provider of Payment Services – another provider of payment services pursuant to Act on Payment Services that has opened and administers Payment Account (for example bank);

Payment Account– means account administered by Another Provider of Payment Services that is accessible online and with respect to which user may use the Information Service on the Payment Account and the Payment Initiation Service;

Payment Order - means instruction of payer or addressee to the Provider of Payment Services to perform payment operation;

Payment Operation - means a transfer of finances based upon the order of payer or on his behalf or based upon the order of addressee to the Provider of Payment Services;

Payer – means a person with an opened payment account that submits Payment Order from such payment account to the provider of Payment Services or to the provider of Payment Initiation Services or a person that does not have a payment account opened that submits payment order to the Provider of Payment Services;

The user of payment services (hereinafter as the “User“) – means a person that uses payment services as a payer or as the addressee. For the purpose of the Everifin application and for the purpose of this GT you are the User;

Consumer – means the natural person who, upon entering into and/or in performing of the Framework Contract in the Everifin application and with respect to particular Payment Account, does not act in the course of his / her employment, profession or business or as statutory representative of a legal entity, its procura holder or agent (including the agent of a natural person - entrepreneur). The Provider does not consider any legal entity or natural person – entrepreneur as the Customer;

Authorization – means granting of consent/permission of the User for performing of payment operation;

Authentication – means procedure which enables the Provider of Payment Services to verify the identity of the User of the Payment Services or Authorization for using of the means of payment including using of personalized security elements of the User of Payment Services;

Strong Authentication – means authentication based upon two or more elements pursuant to Section 2 (48) of Act on Payment Services;

CT – means Contract Terms to the Framework Contract on Providing of Payment Services EVERIFIN, governing providing of payment services EVERIFIN;

Act on Payment Services – Act of the National Council of the Slovak Republic No. 492/2009 Coll. on Payment Services as amended;

IV. Account Information Service

1. Account Information Service enables you to gain information in the electronic environment on the Payment Account administered by Another Provider of Payment Services. Providing of the Payment Service is subject to granting and, when necessary, updating of consent with providing/using of the Account Information Service (including Strong Authentication by Another Provider of Payment Services) granted in favour of our company (hereinafter as the “User Consent”). Based upon such valid user consent, the Provider will be able to acquire, and the Another Provider of Payment Services will be authorized to provide with respect to all Payment Accounts that were connected by the User pursuant to Article VI (3) of these CT, information to the Provider which is available to the User from Another Provider of Payment Services and is necessary for due providing of the service.

2. The Provider shall not be responsible for the extent, correct, and up-to-date nature of the information in case the lack of their extent or of correct and up-to-date nature was caused by Another Provider of Payment Services or by the User.

3. The basic extent of the provided services amounts to Payment Account name, Payment Account number, Payment Account balance, transactions at the Payment Account, and their identification specified by Another Provider of Payment Services. Such extent may be extended by graphs, a summary of spending, tips, etc. based upon provisions of the CT.

4. Information about the Payment Account of the User is being transmitted between the Everifin application and Another Provider of Payment Services. Refreshing of the provided information occurs upon each logging into the application by the User and subsequently periodically in the repeated time intervals.

5. Account Information Service by Another Provider of Payment Services shall be terminated solely in case of termination of consent with Account Information Service Provider with respect to individual Payment Account. Termination of consent may occur in case the user removes his / her payment account from the Everifin application or automatically after 90 days in case the consent is not updated before the expiration of the respective period.

6. Even after termination of such consent, the Provider will display to the User in the Everifin application all information on the Payment Account which were previously acquired, until that account is disconnected by the user from the list of the Payment Accounts in the Everifin application. The same applies even in case of termination of contract based upon which the Payment Account is administered or in case of termination of respective authorizations of the User with respect to the Payment Account under such contract.

V. Payment Initiation Service

1. The Payment Initiation Service is available in the Everifin application to the User with respect to all Payment Accounts and such Payment Account is included in the list of the Payment Accounts administered by Another provider of Payment Services.

2. Through the Everifin application solely non-cash payment operations may be initiated – payments of finances based upon submitted payment order.

3. The Provider undertakes to submit the Payment Order authorized by the User (accepted by clicking the button “Send order”) to Another Provider of Payment Services. The fact that the Provider enabled the User to send the payment order does not necessarily have to lead to its processing by Another Provider of Payment Services. After submitting the respective Payment Order for processing, the terms of Another Provider of Payment Services apply. With exception of the cases specified in paragraph (4) of this Article, the Provider shall not be responsible for the result of the processing of the Payment Order or for the date of performing of payment based upon such order.

4. The Provider shall be liable for ensuring that:

a) the Payment Order is delivered to Another Provider of Payment Services (is submitted to Another Provider of Payment Services),

b) the Payment Initiation Service is authenticated, duly recorded, and not affected by technical error or by other deficiencies connected with non-performing, ill-performing, or belated performing of the payment operation within powers of the Provider.

5. After submitting the Payment Order, Another Provider of Payment Services will request performing of the Strong Authentication by the User. The initiated payment shall be subject to payment limits as defined by Another Provider of Payment Services.

6. In case of Payment Orders wherein the User submitting the order and the Provider mutually agree that the order shall be performed on a particular day (on the due date or upon elapsing of the particular time period), the User may revoke the Payment Order at the latest until the end of the business day preceding the agreed date. The moment of receiving of Payment Order shall in such case be the agreed date. In case the agreed date does not represent the business day of Another Provider of Payment Services, the received payment order shall be considered as received on the following business day.

7. User of the Payment Services may not revoke Payment Order after the moment of its receiving by Another Provider of Payment Services.

The moment of receiving of Payment Order shall be the moment when Another Provider of Payment Services has accepted the Payment Order submitted by the Provider. In case such moment does not represent the business day of Another Provider of Payment Services, the Payment Order shall be considered as received on the following business day.

8. In case the Provider receives information from Another Provider of Payment Services on performing / non-performing of the Payment Order initiated through the Everifin application, the Provider shall provide such information to the client together with related information to the extent provided by Another Provider.

VI. Logging Into the Everifin Application, Accounts Connecting, Submitting of Payment Order

1. Logging into the Everfin application

User may log into his/her user account, which he has created upon first entering the Everfin application environment, by typing login information – user name and password (min. 8 signs, combination of upper-case and lower-case letters and numbers).

2. User identification

2.1. By clicking on the button “Accounts Overview” or “Account” for the first time, the user will be prompted to specify his / her personal identity to the following extent:

a) name, surname, date of birth, personal number (if it was provided), permanent residence address or other residence address, nationality, type and number of identification document, scanned or photographed official identification document (e.g. identity card or passport), declaration whether the person is or is not politically exposed.

b) in case of a natural person – entrepreneur, the user must, in addition to the information specified in subparagraph (a), provide also address of the place of business, identification number, if it was provided, identification of official register or other official list wherein the entrepreneur is registered and number of registration in such register or list,

c) in case of a legal entity, the user must state its name, address of registered office, identification number, tax identification number, VAT identification number (if exists), country of registration, identification of official register, or other official list wherein the legal entity is registered, the number of registration in such register or list and identification of natural person authorized to act on its behalf.

2.2. The User shall without delay and with necessary proof inform the Provider of any changes concerning the provided identification information.

2.3. After specifying the identification information, the User will be prompted to enter into the Framework Contract and to agree with these CT. After entering into the Framework Contract and after agreeing with the CT, the User will be able to connect Payment Account or Payment Accounts of his / her own choosing administered by Another Provider.

3. Connecting of account/accounts

3.1. In case the User decides to connect Payment Account or Payment Accounts administered by Another Provider with the Everifin application, he shall proceed in accordance with the steps displayed in the Everifin application. The procedure of connecting accounts is specified also in the section Help and support/connecting accounts or the user may contact the Provider through helpdesk or through e-mail address info@everifin.com.

3.2. In case the User does not act in his / her own name, he shall prove in form of binding written declaration the name, surname, personal number or date of birth of the natural person or company name, registered office, and identification number of the legal entity on which behalf he/she is acting.

3.3. After connecting one or several accounts and identification or after verification of identification of the User, the following information will be displayed to the user:

- list of connected accounts with account balance and total balance

- detail of each account (transactions at account) and transactions search option

- overviews, graphs on spending, daily balances, charges, etc.

3.4. Connected accounts may at any time be disconnected by the User.

4. Submitting of Payment Order

In submitting the Payment Order, the User shall proceed in accordance with steps displayed by the Everifin application. The procedure of submitting Payment Order is specified also in section Help and support/submitting payment order or the user may contact the Provider through helpdesk or through e-mail address info@everifin.com.

After submitting of Payment Order, confirmation on successful/unsuccessful submitting of Payment Order with payment identification and specification of sum and of related information in the extent of information provided by Another Provider will be displayed to the user.

5. Logging Out

After finishing using the Everifin application the User logs out from the application by clicking the button “Log Out”. For security reasons, when using the application through a web browser, the system will automatically log out the user in case of inactivity for several minutes (maximum up to 15 minutes).

VII. Security

1. Personalized security elements of the User

Personalized security elements of the User issued by Another Provider of Payment Service (e. g. bank) are not stored and are not visible in the system of the Everifin application.

2. Password of the User for the Everifin application

Change of password / Forgotten password

The User may at any time set a new password by clicking the link “Forgotten password” directly from the log-in page. After typing the e-mail address used by the User upon registration, instruction on further steps for creating of new password will be sent to that e-mail address. Upon creating of the new password, the previous password is automatically deactivated.

Lost password / stolen password

In case the User gains doubts or finds out that an unauthorized person gained access to the password, or in case the User is not sure whether the password was stolen or not, or in case the User finds out that the password was stolen, the User shall immediately use the change password functionality or shall immediately contact the helpdesk of the Provider through e-mail address info@everifin.com with the subject heading “Lost password”.

3. Unauthorized or incorrectly performed payment transaction

Suspected unauthorized or incorrectly performed payment transaction shall be notified by the User to the Provider immediately, however at the latest within 13 months after the date of the finances debiting from the bank account and this information shall also be notified to the provider of payment services that open or administers payment account wherefrom the transaction was performed.

4. Refunds

The User may request from his / her Another Provider of Payment Services (e.g. bank) refund of unauthorized or incorrectly performed payment transaction under the following conditions:

- date of debiting of the sum from the account is not more than 13 months from the date when the request is submitted

- customer has not acted fraudulently

- customer has not breached the terms of service

- in case of payment was initiated through lost or stolen access data and the customer did not act intentionally or with gross negligence

In case such conditions are met, Another Provider shall provide the User refund at the latest until the end of the following business day. The User may bear costs in a maximum amount up to 50 EUR and only in case:

- the payment was initiated through lost or stolen access data

- loss or theft could not have been discovered by the customer

- loss or theft was not caused by act or omission of the Provider

Another Provider of Payment Services administering payment account shall be responsible for refunds towards the User and the Everifin customer support assists the User-based upon his / her request in communication with Another Provider of Payment Services (e.g. bank) so that the request for refund is filed correctly.

5. Adequate security measures on the side of the User

The User should observe the following recommendations in order to minimize the risk connected with communication through Internet:

- use an operating system with the latest security updates

- use a web browser with the latest security updates

- use antivirus with the latest security updates

- use credible and secured internet connection, for example at home, at work, through your own cellular data, etc., and avoid public WiFi networks that are not sufficiently secured, such as in restaurants, at airports, and so on.

- do not share user login data, not even with customer support of the Provider. The Provider will not request the login data of the User. In case such a situation occurs, this most certainly represents phishing, when an attacker unlawfully pretends to be a provider and fraudulently tries to obtain login data.

- keep user login data at a secure location, ideally encrypted or offline

- do not leave the device (computer, tablet, or smartphone) with operating and unlocked Everifin application without your presence at the place accessible to third parties

VIII. Change of Contract Terms

1. As a result of changes in the applicable legislation or in the business policy of the Provider, or based upon the decision of the management of the Provider, the Provider is entitled to change or completely replace these contract terms (hereinafter jointly as the “Change of CT”). Change of CT shall be notified by the Provider by their publishing at www.everifin.com, notification sent to the e-mail address of the User or through other similar means.

The Provider will at the same time determine the date of validity and the date of effect of the Change of CT, where the notification shall be sent by the Provider at the latest two months before the Change of CT takes effect.

2. In case the client does not agree with the Change of CT, the client is entitled to notify the Provider in writing that he does not accept the Change, where such notification shall be served to the Provider at the latest until the day when the Change of CT takes effect. In such case, the User shall be entitled to immediately terminate the contractual relationship in question.

3. In case the client does not notify his / her unacceptance of the Change of CT to the Provider in writing within the specified period, it is considered that he has accepted the change and mutual relationship between the Provider and the User shall from the date of its effect be governed by the changed CT. In case the User notifies the Provider on not accepting the Change of CT and does not exercise the right to terminate the contractual relationship, the Provider is entitled to terminate providing of the affected service or services, unless the Provider and the user agree otherwise.

4. The place for serving of notification on the Change of CT to the User shall be the inbox of the User within the Everifin application environment.

IX. Termination of the contractual relationship

1. The Provider reserves right to interrupt access or cancel the access of the User to the services or to remove your account from the Everifin application in case:

- the User substantively or repeatedly violates these contract terms,

- the Provider is obliged to do so under the applicable legislation or based upon court order;

- due to the person of the User or due to nature of transactions performed by the User, further duration of the contractual relationship would substantively endanger or harm reputation or renown of the Provider or in case the User acted in such manner as result whereof trust between him/her and the Provider is seriously corrupted (including the case of initiation of the court proceeding or another proceeding with the Provider, denial of the validity of the contract between the Provider and the User, deliberate providing of untrue declarations, lack of cooperation, abuse of Everifin commercial brand at social networks or in case of any attacks in any form against the Provider or its employees, etc.),

- in the course of the Contract duration the User is placed on a sanctions list or on other similar list issued by the European Union or by any of its member states.

2. The User terminates the contractual relationship by disconnecting his / her connected accounts and by sending an e-mail message with notification on termination of the contractual relationship to the e-mail address info@everifin.com. All the above-specified conditions must be met in order for the termination of the contractual relationship to take effect.

3. In case the User has used the free-of-charge form of the service, the contractual relationship shall be terminated based upon his / her notification on termination up to the last day of the calendar month in which his / her accounts were disconnected and e-mail message with notification on termination of his / her contractual relationship was served. In the period from notification of the e-mail message containing notification on termination of the contractual relationship until termination of the contractual relationship on the last day of the respective calendar month, the User may not use any payment services in the Everifin application.

4. In case the User has used paid form of the service with a monthly subscription, based upon his / her notification on termination of the contractual relationship will be ended on the day following after the day when the pre-paid / paid monthly subscription fee for using of the Payment Service of the Everifin application.

5. In case the User has used paid form of the service with yearly subscription, based upon his / her notification on termination of the contractual relationship will be ended on the last day of the calendar month following after the calendar month in which the User served the notification. In such a case, the Provider shall return the respective portion of the paid subscription fee.

In case the remaining sum of paid subscription does not cover providing of the Payment Services of Everifin for the entire duration of the notice period, the contractual relationship shall be terminated upon the day following after the day when the residual pre-paid / paid sum for using of the Payment Services of the Everifin application.

6. In case the User has terminated the contractual relationship on the grounds specified in Article VIII (2) of these CT, the Provider shall return to the User the respective part of paid subscription fee.

X. Handling of Complaints

The client is entitled to file a complaint in writing to the address of the registered office of the Provider or through e-mail message to address info@everifin.com.

The Provider shall receive the submitted complaint and consider whether it is justified under the terms prescribed by Complaint Handling Procedure. The Provider shall inform the client in writing about the handling of the complaint by the response to the complaint which shall be served by the Provider without undue delay to the last known e-mail address of the client.

XI. Liability

1. The Provider shall bear no liability for the loss sustained by the User as a result of the fact that at a certain moment he/she cannot use the AIS / PIS services in accordance with the terms of these contract terms.

2. The Provider reserves the right to interrupt providing of the Payment Services in case of maintenance of information systems, software update or of prophylactics.

3. The Provider shall bear no liability for loss caused by or related to errors in transmission, by technical breakdowns, line interruptions, interferences with devices of a company providing telecommunication services or by providers of private networks as well as by other technical issues of various nature, with exception of the cases caused intentionally by the Provider. Liability for the correctness of transmitted data, for the failure of hardware and software equipment on the side of the User, shall be borne by the User.

4. The Provider shall not be liable for loss or other consequences caused by:

- intervention of another person into the ongoing connection between the user or Another Provider of P. S. (e.g. bank) and the Provider of payment services performed through technical devices and networks;

- making available and abusing of data concerning the User that represent bank secret, including personal data of the User that the Provider or the User transmitted through electronic communication medium based upon, or in connection with, providing of services within the Everifin application;

- incorrect using of identification, authentication, and authorization tools or other means of protection by the User

- fraudulent conduct of the User

- unauthorized use of the Everifin services

- violation of business and/or bank secret by the User

- violation of personal data of the Provider or of protected data of the User, provided that such violation was caused by the User

- an unusual or unpredictable event which could not have been affected and consequences of which could not have been avoided even if acting with due care

5. The Provider shall be liable for loss occurring as a result of errors, misunderstandings, and mistakes in the delivery of data through electronic communication media between the Parties only in case it has been caused by the Provider. This applies even in the case of multiplied submitting of individual orders through an electronic communication medium.

6. The Provider has no right to examine whether the client is authorized to obtain information concerning the Payment Account and/or perform the Payment Operation to the costs of the Payment Account. Such rights and permissions arise solely under the contractual relationship governing opening and administration of the Payment Account between client and Another Provider of Payment Service. In providing Everifin services, the Provider shall therefore rely upon the presumption that client is entitled to obtain all information delivered in the course of providing Information Payment Service on Payment Account to the Provider from Another Provider of Payment Services, as well as upon presumption that client is authorized to initiate the Payment Service for the respective Payment Account. The Provider will at the same time not review whether the client in using of individual Payment Services acts on his / her own behalf or in the course of his / her employment, office or business, either as statutory representative of a legal entity, its procura holder or agent (including a representative of natural person - entrepreneur).

7. The User may not copy, modify, distribute, sell or lease any part of our services or software. He/she may not perform reverse analysis or try to extract any source code. Otherwise, the User shall be fully liable for loss caused to the Provider and for its lost profit.

XII. Third-party services

Third parties are engaged in providing Payment Services that are necessary for their providing, e. g. Another Provider of Payment Services, identity verification services, cryptographic services, and so on.

For the purpose of technical performance of the Payment Services, the Provider engages external providers of services and chooses and reviews them with due care, while paying attention to confidentiality obligation and personal data protection in accordance with applicable legislation.

XIII. Protection against money-laundering and financing of terrorism (AML/CFT)

The Provider shall observe all measures in the area of combatting money-laundering and financing of terrorism pursuant to Act No. 297/2008 on Protection Against Legalising Proceeds From Criminal Activity and on Protection Against Financing of Terrorism and on the amendment and supplementing of several statutes as amended and pursuant to the Program of Own Activities directed against legalising of proceeds from criminal activities and against the financing of terrorism.

Publication of the Contract Terms on 1 November 2021

The Contract Terms take effect from 1 November 2021.