Date Last Revised: April 18, 2018
These Minimum Terms of Service for End User (“ToS”) represent a set of minimum terms governing the use of the Services (as defined below) by customers of the ASPSP (as defined below). These ToS (or the equivalent of these ToS) must be incorporated by the ASPSP into its existing terms and conditions applicable to its customers. By accessing and using the Services the ASPSP’s customer or the company, organization or other legal entity that such customer represents (“End User”) agrees to be bound by these ToS. End User shall not use the Services if End User does not agree to all of the terms and provisions of these ToS.
If End User is a company, corporation, organization or other legal entity (collectively, “Legal Entity”), then all provisions hereof shall be applicable to such Legal Entity except for the provisions limited by the context to individuals. If End User uses the Services on behalf of a Legal Entity, End User agrees to these ToS for that Legal Entity and represents and warrants that End User has the authority to bind that Legal Entity to these ToS. In this case, “End User” shall refer to that Legal Entity.
For the purposes of these ToS, in addition to the capitalized terms defined elsewhere in these ToS, the following terms shall have the meanings ascribed to them as follows:
1.1. “Account Contract” means the contract between End User and its ASPSP which contains the terms and conditions for setting up and using a Payment Account and for the execution of individual and successive Payment Transactions.
1.2. “AISP” means account information service provider, a licensed payment service provider that provides consolidated information on one or more Payment Accounts held by End User with either another payment service provider or with more than one payment service provider.
1.3. “Applicable Laws” means:
- the General Data Protection Regulation (EU) 2016/679 and any other similar or equivalent laws, regulations or rules in force from time to time relating to the privacy, processing and use of Personal Data;
- the revised Payment Services Directive (PSD2 - EU Directive 2015/2366), together with all regulatory technical standards, codes of practice, guidelines and/or formal interpretations issued by a regulator with jurisdiction over the Services contemplated in these ToS, and all laws or regulations in force from time to time in ASPSP’s jurisdiction giving effect to PSD2; and
- all laws, statutes, rules, regulations, decrees, orders or directives in force from time that are applicable to the Services contemplated in these ToS.
1.4. “ASPSP” means account servicing payment service provider, a payment service provider (such as bank, credit institution or electronic money institution) that provides and maintains a Payment Account for End User.
1.5. “Authenticator” means the mobile application Priora Authenticator that makes available Confirmation Codes to End User and transmits them from ASPSP to End User and from End User to ASPSP.
1.6. “Confirmation Code” means a unique identifier made of a combination of letters, numbers or symbols generated by ASPSP that End User must provide in order to confirm End User’s actions carried out through a remote channel, including without limitation linking of TPPs and confirmation of Payment Transactions.
1.7. “Consent” of End User means any freely given, specific, informed and unambiguous indication of End User’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the actions to be performed by a TPP.
1.8. “Metadata” means all ancillary information, metadata, usage data, service data, relationships, trends, metrics, logs and all other information derived from End User’s use of the Services and Priora Platform.
1.9. “Payment Account” means an account held in the End User’s name by the ASPSP which is used for the execution of Payment Transactions.
1.10. “Payment Account Data” means data relating to End User’s Payment Account, particularly:
- account information (including without limitation account number, type, currency, balance);
- transactions information (including without limitation transaction amount, date, description, currency); and
- account holder information (including without limitation name, address, email, phone number) – optional access to such information, in whole or in part, may be provided by the respective ASPSP in its sole discretion.
1.11. “Payment Order” means an instruction by the End User to its ASPSP requesting the execution of a Payment Transaction.
1.12. “Payment Order Data” means data relating to the Payment Order, including without limitation amount, currency, status, description, payee details.
1.13. “Payment Transaction” means an act initiated by End User or on End User’s behalf of placing, transferring or withdrawing funds from End User’s Payment Account.
1.14. “Personal Data” means any information relating to an identified or directly or indirectly identifiable natural person.
1.15. “Personalized Security Credentials” means personalized features provided by ASPSP to End User for the purposes of authentication, including without limitation username, password, access number, security questions and answers, token/SMS codes, multifactor information, device information.
1.16. “PISP” means payment initiation service provider, a regulated payment service provider that initiates Payment Orders at End User’s request with respect to End User’s Payment Account held with the ASPSP.
1.17. “Priora Account” means End User’s account on the Website which is automatically created when End User starts using the Services.
1.18. “Priora APIs” means application programming interfaces that establish secure communication between TPPs and ASPSPs during the provision of Services.
1.19. “Priora Platform” means the Website, Priora APIs, Authenticator and any and all materials, documentation, articles and/or guidelines prepared and/or provided by Salt Edge in connection with using the Services, Website, Priora APIs and/or Authenticator.
1.21. “Salt Edge” means the company Salt Edge Inc., including its respective affiliates, related companies, unaffiliated partners and/or licensors, that is a third-party system provider engaged by End User’s ASPSP to provide the Services on ASPSP’s behalf.
1.22. “Services” has the meaning given to it in Section 2.
1.23. “TPP” means a third-party provider, such as AISP or PISP.
1.24. “Website” means the website https://priora.saltedge.com.
During the term of the Account Contract Salt Edge shall provide the following services (“Services”) to End User via Priora Platform in accordance with and subject to the terms and conditions set forth in these ToS and as further described in these ToS. The Services include:
- linking TPPs to End User’s ASPSP;
- confirming Payment Transactions that require the application of strong customer authentication as set forth in the Applicable Laws;
- provision of secure communication channels through Priora APIs between End User, ASPSP and TPP for the purpose of granting access to TPP authorized by End User (through End User’s Consent) to End User’s Payment Account;
- transmission of Confirmation Codes from ASPSP to End User and from End User to ASPSP for verification;
- access to various tools made available in Priora Account that enable End User to: (i) manage TPPs that have been granted access to End User’s Payment Account and (ii) view information relating to the actions performed by TPPs with respect to End User’s Payment Account.
3. LICENSE TERMS
3.1. License Grant: The Services and Priora Platform are protected by copyright, trade secret, and other intellectual property laws. Salt Edge hereby grants End User a personal, limited, non-exclusive, revocable, non-sublicensable, non-transferable right and license to use the Services and Priora Platform during the term of the Account Contract in accordance with the terms and provisions of these ToS. Except for rights expressly granted to End User in these ToS, Salt Edge reserves all other rights, title and interest in and to the Services and Priora Platform. No rights are granted by implication, estoppel or otherwise. End User acknowledges that only Salt Edge shall have the right to maintain, enhance or otherwise modify the Services and Priora Platform.
End User shall use the Services solely as contemplated in these ToS. Without limiting any other provision of these ToS, End User agrees that End User shall not (and will not allow any third party to), either directly or indirectly:
- circumvent any End User limits or other use restrictions that are built into the Priora Platform and/or Services;
- breach, override or otherwise circumvent any authentication or security measures;
- remove or obliterate any proprietary notices, ownership labels, classified legends or marks from the Priora Platform and/or Services;
- indulge in any action with the Priora Platform and/or Services that meddles with, disturbs, destroys, or accesses in an unlawful way the server networks, connections, records, or other assets, tools or services of Salt Edge or any related third party;
- use the Priora Platform, Services or any part thereof for any unlawful or fraudulent purpose or otherwise in any way not permitted by these ToS;
- reverse engineer, decompile, decode, decrypt, disassemble, decipher or otherwise attempt to derive the source code for the Services or any related technology that is not open source; modify, alter, copy, translate or create derivative works of any aspect of the Services;
- transmit any worms, viruses, Trojan horses, or any other malware, disruptive or harmful software or data through End User’s access to or use of the Priora Platform and Services;
- disclose the Confirmation Codes to any unauthorized third party or otherwise in breach of these ToS; and
- allow access to the Authenticator and/or Priora Account to any third party.
4. USE OF THE SERVICES
4.1. Using the Authenticator: When installing the Authenticator on End User’s mobile device, End User must register using a PIN code and, optionally, biometric authentication (together, “Authenticator Credentials”). End User will be required to provide the Authenticator Credentials each time End User accesses the Authenticator. The Authenticator allows End User to initiate the following processes:
- enrollment process, or linking the Authenticator on End User’s mobile device to End User’s Payment Account with the ASPSP;
- linking process, where the Confirmation Code is required to confirm the linking of a TPP to End User’s Payment Account with the ASPSP; and
- payment process, where the Confirmation Code is required to confirm the execution of a Payment Transaction as set forth in the Applicable Laws.
4.2. Using the Priora Account: In order to access the Priora Account, End User must first select its ASPSP and authenticate himself/herself by typing the Personalized Security Credentials required to access End User’s Payment Account with that ASPSP. End User shall be allowed, through the terms of the Account Contract, to provide its Personalized Security Credentials to Salt Edge on the Website. In the Priora Account End User can:
- view a list of TPPs End User has granted access to its Payment Account, including without limitation scope of Consent, date and time when such Consent has been granted;
- view Payment Orders initiated through a PISP and related Payment Order Data;
- view details of access by AISP to End User’s Payment Account, including without limitation date, time and status;
- revoke authorization for TPPs that have previously been granted access to End User’s Payment Account; and
- delete its Priora Account.
5. END USER’S OBLIGATIONS
The right to use the Services granted to End User under these ToS is conditional upon End User’s compliance with its obligations set forth herein:
- End User shall be solely responsible for verifying that End User agrees to the terms and conditions of a TPP before giving End User’s Consent to such TPP;
- access to End User’s Payment Account granted via the Services to a TPP shall be considered authorized as long as End User has given its Consent to such access;
- End User must secure the Authenticator and Authenticator Credentials against any unauthorized access, use or disclosure. If End User suspects that the Authenticator Credentials have been stolen, compromised or been made known to others, End User must change them immediately and report the issue promptly to Salt Edge at email@example.com;
- End User must secure the Personalized Security Credentials against any unauthorized access, use or disclosure. If End User suspects that the Personalized Security Credentials have been stolen, compromised or been made known to any unauthorized third party, End User must change them immediately and report the issue promptly to Salt Edge at firstname.lastname@example.org and/or to the respective ASPSP; and
- End User must report promptly to Salt Edge at email@example.com any suspicious activity of any TPP the End User interacts with via the Services or any unauthorized actions detected in the Authenticator and/or Priora Account.
6. SALT EDGE’S OBLIGATIONS
Salt Edge shall:
- ensure that the Services and Priora Platform are provided in compliance with the requirements laid down in the Applicable Laws;
- put in place and maintain appropriate technological and organizational security measures and controls to protect End User’s Personal Data from unlawful and unauthorized use and disclosure and to ensure safe handling of such data in conformity with the Applicable Laws;
- ensure that its software, IT systems and networks used to provide the Services meet the required level of technical security and data protection as laid down in the Applicable Laws; and
ensure that TPPs authorized by End User (through End User’s Consent) are granted access to End User’s Payment Account and the associated Payment Account Data through the Services only for the purposes set forth in, and to the extent permitted by, the Applicable Laws. Specifically:
- for AISP: to read and retrieve Payment Account Data;
- for PISP: to initiate Payment Orders on End User’s behalf.
7. USE OF THE SERVICES WITH END USER’S MOBILE DEVICE
The Services may be available to End User through a compatible mobile device, in which case Internet access and additional software may be required. End User agrees that End User is solely responsible for these technical requirements, including but not limited to: (i) any applicable charges, updates and/or additional fees imposed by End User’s telecommunications provider; and (ii) using the Services in compliance with the terms of End User’s agreement with its telecommunications provider.
End User also acknowledges and agrees that Salt Edge makes no warranties or representations of any kind, express, statutory or implied, as to:
- whether telecommunications services from End User’s provider will be available and accessible at any time or from any location;
- any loss, damage, or other security intrusion of the telecommunications services; and
- failure of the telecommunication services to transmit any data, communications or settings connected with the Services.
End User acknowledges and agrees that:
- Salt Edge reserves the right to restrict or temporarily suspend End User’s access to the Services and Priora Platform in the event of: (i) suspicious activity, fraud or other illegal actions with respect to End User’s use of the Services attributed to End User or third parties, including without limitation TPPs; (ii) a request from End User’s ASPSP, allowing the ASPSP time to conduct an investigation in accordance with the Applicable Laws of (suspected) fraudulent End User’s behavior or (suspected) fraudulent actions of TPPs; (iii) a security breach or suspected security breach of Salt Edge’s systems, software or IT infrastructure that may affect the Services and/or Priora Platform, in which case notice shall be given to End User in accordance with the Applicable Laws;
- End User shall be solely responsible for all actions performed with the Authenticator and in the Priora Account; all such actions are deemed to be performed and authorized by End User, except for fraud or other illegal actions attributed to third parties as proven by the results of an investigation;
- End User may revoke authorization through the Services for any given TPP that has previously been granted access to End User’s Payment Account; however, such revocation shall not affect the lawfulness of TPP’s actions performed through the Services based on End User’s Consent prior to the revocation of authorization;
- Salt Edge may report any suspicious activity, fraud or other illegal actions with respect to End User’s use of the Services attributed to End User or third parties, including without limitation TPPs, to the respective ASPSP, competent national authorities and/or regulatory bodies for further investigation; and
- End User can’t revoke a Payment Transaction through the Services. The manner in which a Payment Transaction can be revoked, and the terms and conditions that apply, including any refund rights, shall be governed exclusively by the Account Contract and not these ToS.
9. PROTECTION OF PERSONAL DATA
11. CHANGES TO THE SERVICES
Salt Edge reserves the right at any time to modify, update or upgrade the Services and/or Priora Platform with notice to End User. Salt Edge will inform End User of any planned modifications, updates or upgrades by providing reasonable advance notice through the Website or Services. In case of any emergency or other unplanned modifications or updates to the Services and/or Priora Platform, Salt Edge will notify End User by posting a note on the Website or through the Services as soon as feasible informing End User of the implemented changes or updates. End User acknowledges and agrees that End User’s continued use of the Services after the date of changes to the Services indicates End User’s agreement to the changes.
End User also acknowledges and agrees that Salt Edge may perform scheduled or emergency maintenance of the Services and/or Priora Platform from time to time, by providing advance reasonable notice to End User through the Website or Services whenever feasible, which maintenance may result in interruptions or delays in the Services.
12. PROPRIETARY RIGHTS
For the purposes of these ToS, “Intellectual Property Rights” means any and all rights existing from time to time under trademark law, patent law, copyright law, trade secret law, privacy rights law and any and all other proprietary rights, whether registered or unregistered and including all registrations and applications for, and renewals or extensions of, such rights or forms of protection under the laws of any jurisdiction in any part of the world. As between Salt Edge and End User, End User acknowledges and agrees that Salt Edge owns all right, title and interest in and to the Services, including without limitation all Intellectual Property Rights contained therein, the underlying technology used to provide the Services and excluding components licensed by Salt Edge from third parties. End User further acknowledges and agrees that Salt Edge retains ownership of all Metadata.
13. FORCE MAJEURE
Salt Edge shall not be responsible or liable for any delay or failure in the performance of its obligations under these ToS or incur any liability to End User for any losses or damages of any nature whatsoever to the extent that Salt Edge is prevented from performing those obligations, in whole or in part, by, or such losses or damages are caused by, Force Majeure. For the purposes of this Section 13, “Force Majeure” means any circumstances that are beyond Salt Edge’s reasonable control, and which materially and adversely affect Salt Edge’s ability to perform its obligations under these ToS, including without limitation acts of God, normative acts issued by state or government institutions, strikes, war or any kind of military operations, blockade, epidemics, acts or threats of terrorism, etc.
14. LIMITATION OF LIABILITY
In no event shall Salt Edge be liable to End User or any third party in contract, tort or otherwise for any indirect, incidental, special, exemplary or consequential damages of any kind, including without limitation punitive or economic damages or lost profits, damages for failures of telecommunications, the Internet, or electronic communications, loss of business revenue or investment, or other intangible losses resulting from the use or inability to use the Services or otherwise under, or in connection with, any provision of these ToS. The foregoing limitations of liability apply regardless of whether Salt Edge shall be advised, shall have other reason to know or in fact shall know of the possibility of such damages.
15.1. Survival: The rights and obligations of Salt Edge and End User set forth in these ToS which by their express terms or nature and context are intended to survive termination of End User’s use of the Services, will survive any such termination.
15.2. Severability: If any term or provision of these ToS is held to be illegal, invalid, void or unenforceable, in whole or in part, by any court of competent jurisdiction, the remainder of the terms and provisions set forth herein shall remain in full force and effect and shall in no way be affected, impaired or invalidated thereby. Such illegal, invalid, void or unenforceable term or provision or part thereof shall be deemed modified to the extent required to render it enforceable; failing which, it shall be severed from these ToS, which shall continue in full force and effect and be binding upon End User.
15.3. Changes to the ToS: Salt Edge reserves the right to change these ToS at any time and from time to time with reasonable advance notice provided to End User to better reflect new regulatory requirements, changes to the Applicable Laws, or improvements to the Services. If Salt Edge decides to change these ToS in the future, Salt Edge will give reasonable advance notice to End Users through the Services or Website. Any non-material change (such as clarifications) will become effective on the date the change is posted and any material changes will become effective thirty (30) days from their posting on the Website. End User acknowledges and agrees that End User’s continued use of the Services after the date of changes to these ToS indicates End User’s agreement to the changes. The date of last update of these ToS is set out at the top of this document.
15.4. Non-Waiver: No failure or delay on the part of Salt Edge in exercising any right, power or remedy pursuant to these ToS shall operate as a waiver thereof, and no single or partial exercise of any such right, power or remedy shall preclude any other or further exercise thereof, or the exercise of any other right, power or remedy.