The Terms and Conditions of Use of the “API Portal” BNP Paribas Bank Polska S.A.
§ 1. INTRODUCTION
1. These regulations define the terms and conditions of use of the API PORTAL.
2. The entity providing the services specified in the Terms and Conditions is Bank BGŻ BNP Paribas S. A. with its registered office in Warsaw at ul. Kasprzaka 2, 01-211 Warsaw, registered in the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0000011571, holder of Tax ID No (NIP) 526-10-08-546, with the share capital of PLN 147 593 150, paid-up in full (hereinafter: “Bank”).
3. The Terms and Conditions are regulations within the meaning of Article 8 of the Act of 18 July 2002 on the provision of electronic services.
§ 2. DEFINITIONS
1. The terms used in the Terms and Conditions shall have the following meaning:
1) AIS- service that entails provision of information about a payment account.
2) API PORTAL – a web-based application (specific interface) of the Bank allowing access to:
a) Testing Facility as well as testing the connection and functionalities of the Application with regard to the AIS, PIS and CAF services within the meaning of the Provisions (Sandbox);
b) Go Live Facility and use of connection and functionalities of the Application with regard to AIS, PIS and CAF services within the meaning of the Provisions,
3) Application – a User application for mobile devices or a solution implemented on the website that is:
a) the subject of the User’s testing of AIS, PIS and CAF services in the API PORTAL or;
b) product which is put into operation and used by a User of AIS, PIS and CAF services in the API Portal;
4) CAF – service that entails confirmation of availability of funds;
5) eIDAS certificate – qualified certificate that meets the conditions set out in Article 34 of RTS PSD2;
6) PIS – service that entails payment initiation;
7) Entrepreneur – an entity other than the Bank that, in accordance with the Provisions, runs a business consisting in the provision of PIS, AIS or CAF service, authorised to provide the above payment services, or applying for such a status, that has submitted an application to the competent supervision authority for the relevant authorisation to provide of the above-mentioned payment services;
8) Provisions – applicable law, in particular:
a) “Directive PSD2” – Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC
b) “RTS PSD2” – Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication;
c) Act of 10 May 2018 amending the act on payment services and certain other acts (Journal of Laws of 2018, item 1075), implementing in the Polish law the provisions of “Directive PSD2”;
9) Technical Specification – documentation of each interface defining the set of routines, protocols, and tools referred to in Article 30(3) of RTS PSD2;
10) Testing Facility– the testing facility available in the API PORTAL referred to in Article 30(5) of RTS PSD2;
11) Go Live Facility – go live facility (access interface) available in the API PORTAL referred to in Article 30 of RTS PSD2,
12) Agreement – the Agreement on the use of the API PORTAL concluded by the Bank with the User pursuant to these Terms and Conditions;
13) User – an Entrepreneur who has registered in the API PORTAL in accordance with Article 4 for the purpose of using a testing facility or go live facility acting by means of a natural person authorised by them,
14) Terms and Conditions – these Terms and Conditions of use of the API PORTAL.
§ 3. CONCLUSION OF THE AGREEMENT
1. The Agreement shall be concluded upon registration of an account in the API PORTAL in accordance with Article 4.
2. The Agreement shall be concluded for an unspecified term.
3. The User shall use the API Portal free of charge. The User shall bear the costs of access to the Internet, including for data transfer in accordance with the applicable rates and tariffs.
§ 4. ACCOUNT REGISTRATION IN THE API PORTAL
1. To correctly register an account in the API PORTAL, the Entrepreneur shall:
1) fill in the registration form at https://www.openbankingbnpparibas.pl/ ,
2) submit a statement specified during registration of the account in the API PORTAL, including the approval these Terms and Conditions,
3) send to firstname.lastname@example.org a document confirming the existence of an authorisation (issued by the KNF or other competent national authority of a Member State) or use an eIDAS Certificate for identification – in the case of Entrepreneurs holding the above-mentioned authorisation,
4) send to email@example.com an acknowledgement of the application filed with the competent authority (KNF or other competent national authority of a Member State) or use a test eIDAS Certificate for identification – in the case of Entrepreneurs applying for the above-mentioned authorisation,
2. The Bank reserves the right to verify the data provided by the Entrepreneur in the registration form and sent by them to firstname.lastname@example.org.
3. In the event that the data referred to in (2) are not negatively verified at the stage of registration, the Bank shall send the Entrepreneur a confirmation of registration of the account to the e-mail address indicated by them.
4. In order to complete the account registration process in the API PORTAL, the Entrepreneur shall confirm the registration via a link provided in the message sent by the Bank to the e-mail address indicated by the User.
5. The Entrepreneur may have access to the API PORTAL using more than one account if each User separately meets the registration condition in accordance with this paragraph.
6. In order to log into the API PORTAL, a registered User shall enter the login and password created when filling in the registration form on the website https://www.openbankingbnpparibas.pl/.
7. The User shall be obliged to update immediately the data provided during the registration process in the API PORTAL.
8. The Bank reserves the right to gather data and statistics regarding registered and potential users of the API PORTAL. The details of personal data processing are determined in Art. 10 hereof.
§ 5. DEFINITION OF THE USER’S APPLICATION
1. After a registered User logs into the API PORTAL they receive access to the PORTAL under the conditions specified in the Terms and Conditions.
2. In order to start using the connections and functionalities of AIS, PIS and CAF services in the API PORTAL, the User shall be obliged to add the Application via the form available after logging on the website of the API PORTAL.
3. The Bank reserves the right to verify the Application and data provided by the User in the form.
4. After positive verification, the User shall receive a confirmation of acceptance of the Application to the e-mail address provided by them in the form.
5. At the moment when the User adds the Application to the API PORTAL, the User represents and agrees that:
1) the User is entitled to all rights, including copyrights or rights arising from the relevant licence, permit or authorisation entitling the User to add Applications to the API PORTAL, and the User may freely use and dispose of those rights,
2) the User’s Application does not contain any illegal content,
3) the User’s Application does not violate personal or any other rights of third parties, in particular copyrights and moral rights or related rights,
4) the User’s Application is not encumbered with third party rights or legal defects,
5) the addition of the Application to the API PORTAL will not infringe any third party rights,
6) in the event that a third party submits claims for breach of their rights, the User shall compensate the Bank, as solely responsible, for damages and costs incurred in connection with the claim against the Bank, and shall release the Bank from any obligation arising due to those claims.
§ 6. PRINCIPLES OF USE OF THE PORTAL API
1. The User shall be obliged to use API PORTAL in accordance with the law, including the Provisions, Technical Specification, good practices and provisions of the Terms and Conditions.
2. The Bank shall make the Technical Specification available on the API PORTAL.
3. The Technical Specification, Go Live Testing and the Testing Facility or any other element of the API PORTAL should not be used for purposes other than
1) For the Testing Facility - testing of the connectivity and functionalities of the Application with regard to AIS, PIS and CAF services, as well as software and applications used by the User;
2) For Go Live Facility – using the connection and functionalities of the Application with regard to AIS, PIS and CAF services.
4) The Testing Facility is based on non-authentic data.
5) The Go Live Facility is based on authentic data.
6) It is prohibited for the User to provide through the API PORTAL any illegal, offensive, unintended or misleading content, content containing malicious software or content that may cause interference or damage to computer and IT systems. As such action shall in particular be considered:
1) attempting to use in the Go Live Facility any other data than authentic data of clients to whom the Entrepreneur provides AIS, PIS or CAF services,
2) creating fictitious accounts on the API PORTAL, including without the authorisation of the Entrepreneur, or using untrue data,
3) attempting to use eIDAS certificates to which the User has no authorisations,
4) using the Technical Specification or the Testing Facility API PSD2 for purposes other than those provided for in RTS PSD2.
7) Any problems that may be related to a security breach of the API PORTAL shall be immediately reported to the Bank by e-mail to email@example.com
8) The Bank reserves the possibility to make technical interruptions in the functioning of the API PORTAL in the case of conducting technical works related to the functioning of the API PORTAL, and the relevant information on technical works will be provided by the Bank in messages published on the API PORTAL or sent to the e-mail address given by the User.
9) The Bank reserves the right to make any changes to the Technical Specification or the API PORTAL, including in particular concerning the introduction of new services and expansion of functionalities within the API PORTAL or the discontinuation of the provision of certain services and discontinuation of certain functionalities of the API PORTAL in accordance with the Provisions. In the event that these changes affect the content of the Terms and Conditions, such amendments to the Terms and Conditions shall be made in accordance with Article 12.
10) All information and content presented on the API PORTAL is purely for information. The content contained in the API PORTAL does not constitute an offer within the meaning of the provisions of the civil code or activities relating to the provision of legal assistance, tax advisory activities, investment advice services or any other advice.
11) The Bank does not guarantee and does not make any representations regarding the functionality of the API PORTAL, the lack of possible errors within the API PORTAL and occurrence of any faults within the API PORTAL. Any liability of the Bank in this respect shall be excluded to the extent permitted by the applicable law.
§ 7. TECHNICAL REQUIREMENTS AND TECHNICAL SUPPORT
1. Access to the API PORTAL is possible using devices with access to the Internet that fulfil the following technical requirements:
1) availability on browsers: Chrome, Firefox, Safari (supported versions up to the last 3 versions),
2) the User’s browser is required to accept cookies.
2. The Bank conducts ongoing supervision of the technical functioning of the API PORTAL in order for it to operate correctly.
3. The Bank shall provide Users with technical support for the API PORTAL. In order to benefit from the technical support, a Participant may contact the Bank in one of the following manners:
1) by e-mail to: firstname.lastname@example.org,
2) via other contact channels made available at https://www.openbankingbnpparibas.pl/
§ 8. RIGHT TO USE THE API PORTAL
1. The API PORTAL as a whole and individual elements of its content, including Technical Specification and other content made available in the API PORTAL, which may include in particular graphics, data, distinguishing marks, photos, texts, interfaces (hereinafter referred to as the “Bank’s Content”) are protected by the law and in particular the Act of 4 February 1994 on copyright and related rights, the Act of 27 July 2001 on database protection and the Act of 16 April 1993 on combating unfair competition and the Act of 30 June 2000 Industrial property right law.
2. The User has the right to use the API PORTAL and the Bank’s Content for the term of the Agreement solely for the purpose of using them as part of the functionalities provided by the Bank, in accordance with the current Technical Specification. Any other use of the API PORTAL is prohibited and constitutes a material violation of the Terms and Conditions by the User.
3. In relation to the API PORTAL and the Bank’s Content, the User is not in particular entitled to:
1) reproduce, disseminate, make available, place on the market, excluding temporary reproduction, unless it is necessary to make use of the available functionalities of the API PORTAL,
2) lend or rent the original or a copy,
3) translate, adapt, change the layout or make any other changes, including incorporation into other works,
4) interfere in the source code, including correction of errors.
The Bank shall not give the User any rights, including licenses, to trademarks or other industrial property rights belonging to the Bank or third parties made available within the API PORTAL.
§ 9. COMPLAINTS
1. Complaints related to the operation of the API PORTAL, as well as questions regarding the use of the API PORTAL shall be sent by e-mail to: email@example.com
2. A complaint shall contain:
1) name, surname, e-mail address of the User,
2) specification of the object of the complaint,
3) presentation of the circumstances justifying the complaint.
3. Complaints shall be processed within 14 days from the date of receipt by the Bank of a duly filed complaint (containing the required elements and not requiring supplementation).
4. The User shall be informed about the manner in which the complaint is processed by electronic correspondence sent to the e-mail address specified in the complaint.
The Bank advises that:
1) Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and repealing Directive 95/46/EC, BNP Paribas Bank Polska S.A. having its registered office in Warsaw (01-211) ul. Kasprzaka 2 is the controller of personal data.
2) The Bank processes personal data for the following purposes:
a) to take actions to conclude an Agreement and to execute an Agreement concluded with the Bank (Article 6(1)(b) of the GDPR)
b) to exercise or defend potential claims related to the concluded Agreement or to non-conclusion thereof (Article 6(1)(f) of the GDPR).
3) There is the right to lodge an objection against data processing based on Article 6(1)(f),
4) Personal data will be retained for the period of execution of the Agreement concluded with the Bank and after the Agreement is terminated – for a period necessary to secure potential claims, and to satisfy the obligations under the law. Where the data processing is based on legal regulations, the data shall be retained for the period defined in specific regulations.
5) In connection with processing of personal data by the Bank, the User has the right of access to their data (Article 15 of the GDPR), rectification thereof (Article 16 of the GDPR), removal of the data (Article 17 of the GDPR), restriction of processing of the data (Article 18 of the GDPR), data transfer (Article 20 of the GDPR) and lodging an objection to data processing (Article 21 of the GDPR).
6) The provision of personal data is voluntary; however, it is a condition for concluding the Agreement and meeting legal obligations. If personal data are not provided, the Agreement cannot be concluded and the obligations of the Bank cannot be met.
7) The User the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.
8) The data provided may be processed by automated means for the purpose of concluding the Agreement with the Bank.
9) The Bank has appointed the Data Protection Officer who can be contacted by email: firstname.lastname@example.org.
§ 11. BLOCKING ACCESS AND TERMINATION OF THE AGREEMENT
1. The Bank reserves the right to block wholly or in part access to the API PORTAL for justified safety reasons, in particular in the event of unauthorised or illegal access to the API PORTAL.
2. The Bank shall inform the User about blocking access to the API PORTAL by sending an e-mail to the address they provided before blocking the access or, if this is impossible, immediately after blocking it, unless sending such a message would be unjustified for safety reasons or is prohibited under the law.
3. The blocking shall be maintained until the cause for which it was carried out has ceased to exist.
4. The User may terminate the Agreement with one month’s notice, by submitting a statement:
1) as a document – to the e-mail address: email@example.com
2) in writing – to the address of the Bank’s registered office.
5. The Bank may terminate the Agreement with immediate effect if the User fails to execute or improperly executes the aforementioned Agreement, including in breach of the provisions of the Terms and Conditions, the law, the rules of social co-existence or good practices, in particular when:
1) the User infringes the provisions of the Terms and Conditions, in particular those stipulated in Article 6(6),
2) the User has provided false, inaccurate, incorrect or incomplete data or made false, inaccurate, incorrect or incomplete statements,
3) the User’s actions or omissions adversely affect the good name of the Bank or otherwise materially harm the Bank.
6. Termination of the Agreement shall be tantamount to the Bank deleting the User’s access to the API PORTAL.
§ 12. FINAL PROVISIONS
1. The Terms and Conditions are available on the website of the API PORTAL in such a way as to enable Users to obtain, reproduce and record its content by printing or recording them on a data carrier at any time.
2. The Bank is entitled to amend the Terms and Conditions unilaterally.
3. The Bank shall make the new wording of the Terms and Conditions available to the User through the website: https://www.openbankingbnpparibas.pl/.
4. The User may terminate the Agreement within 14 days from the date of receipt of the notification of amendment to the Terms and Conditions, otherwise the amendment shall be deemed to have been accepted and shall be valid.
5. The supervision authority exercising supervision over the Bank’s activities is the Polish Financial Supervision Authority. The User may lodge a complaint with the Polish Financial Supervision Authority regarding an activity of the Bank, if this activity is in breach of the law.
6. The language used in the Bank’s contacts with the User is Polish.
7. The law applicable to the Agreement is the law applicable in Poland.
8. The court competent for the settlement of disputes relating to the execution of the Agreement shall be determined in accordance with the applicable law on jurisdiction, including the act of 17 November 1964 – Code of civil procedure.
9. E-mails regarding the API PORTAL can be sent to the email address: firstname.lastname@example.org. Correspondence in writing concerning the Agreement shall be addressed to the address of the Bank’s registered office.