Regulations on the provision of electronic services by PKO Bank Polski S.A. within the scope of Open Banking of PKO Bank Polski

PKO Bank Polski

§1.

Introductory provisions

These Regulations on the provision of electronic services by PKO Bank Polski S.A. on the website available at developers.pkobp.pl (hereinafter referred to as the “Regulations”) constitute regulations on the provision of electronic services within the meaning of the Act of 18 July 2002 on provision of electronic services.

§2.

Glossary

Terms used in the Regulations shall have the following meanings:

1) PKO Bank Polski, the Bank — Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna with its registered office in Warsaw at ul. Puławska 15, 02-515 Warsaw, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number 0000026438, Tax ID No (NIP): 525-000-77-38, Statistical ID No (REGON): 016298263; share capital (fully paid-up) PLN 1,250,000,000.

2) Portal — website available at www.developers.pkobp.pl, allowing for use, among others, of the submission form to API of PKO Bank Polski (hereinafter: the “Form”) and the Services.

3) Regulations — these Regulations on the provision of electronic services by PKO Bank Polski S.A. within the scope of Open Banking of PKO Bank Polski.

4) Complaint — any application addressed to the Bank by the User in which the User reports reservations concerning provision of the Service.

5) Service — the service provided electronically via API of PKO Bank Polski in the Bank’s test environment, used for testing the connection and functionality of API of PKO Bank Polski, as well as User software and applications within the scope of services involving information about the accounts and payment initiation (according to the applicable PolishAPI standard): i.e. “getaccounts”, “gettransactionsdone”, “getaccount”, “domestic”, “eea”, “getpayment” as well as authorization services: “authorize” and “token” (OAuth2).

6) User — an entrepreneur within the meaning of the Act of 6 March 2018 — Entrepreneur Law, using Services provided via the Portal.

§3.

Using the Portal and the Form

1. Using the Services requires prior acceptance of the contents of the Regulations and sending a filled out Form. When entering data in the Form, the User is obliged to use current and complete data to which they have full rights, including: first and last name of the person authorized to represent the User before the Bank in order to perform a service, the business e-mail of the authorized person (from the entity’s official domain), telephone number, name of the organization as well as the country of origin of the entity and the number in the register competent for the given entity.

2. Using false, invalid, incorrect or incomplete data or data of other persons constitutes the basis for immediate termination of the agreement concluded between the User and the Bank.

3. After submission of the Form, the User will receive a message confirming receipt of the submission to the e-mail address indicated in the registration process.

4. After receiving the submission, the Bank commences its verification by contacting the User by telephone and electronically.

5. In the case of change of registration or contact data, the User undertakes to inform the Bank immediately about this fact. Any notifications sent by the Bank as part of the Regulations shall be deemed effectively delivered if sent to the last current correspondence address (including e-mail address) specified by the User in the Form.

§4.

General terms and conditions of Portal use

1. The User, when using the Portal, acknowledges that the Portal is intended exclusively for entrepreneurs in connection with their business activity.

2. Upon positive verification of the Form and submitted data by the Bank, resulting in electronic submission of technical specification of API of PKO Bank Polski, an agreement on provision of services shall be concluded on terms and conditions specified in these Regulations.

3. Access to data made available via API of PKO Bank Polski involves the necessity to meet the requirements specified in separate provisions, including, in particular, the provisions of Regulation (EU) 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

4. These Regulations and Services may be modified by the Bank at any time and any modifications made shall be applicable immediately after publication of the current version of the Rules or, respectively, technical specification of API. All Users who entered an e-mail address in the Form shall be notified of the changes.

5. The Bank reserves the right to restrict, replace, remove or change, at any time, a function, structure or any other aspects of the Portal, software, API interfaces or contents of the Portal, upon communicating this fact electronically at least 5 business days before introducing these changes. The User is obliged to cease the use of the Portal if the changes are not accepted — further use shall mean acceptance of the changes. The changes made by the Bank, referred to in the preceding sentence, shall not result in deactivation of the Portal and Services to the extent to which their operation is required by commonly applicable provisions.

6. The Bank shall own the right to the Portal. Both the Portal as a whole and individual elements of its contents shall be protected according to the provisions of the law, in particular the Act on copyright and related rights of 4 February 1994, the Act of 27 July 2001 on database protection, the Act of 16 April 1993 on combating unfair competition and the Act of 30 June 2000 — Industrial Property Law.

7. Users shall have the right to use the Portal exclusively to use the Services, only within the framework of functionalities provided by the Bank, according to technical specifications published and updated by the Bank on the Portal. The User undertakes to use the Portal according to current specifications applicable on the date on which the User uses the Portal. Any other use of the Portal shall be prohibited and shall constitute a material breach of these Regulations by the User.

8. The technical condition for using the Portal is the entity requesting access to the Services having Internet access and an e-mail account.

9. The Portal can be used via Internet Explorer version 11, Chrome 70, FireFox 60.3 (or newer versions), provided that JavaScript and cookies are enabled in the user’s online browser, as well as via a mobile application.

10. The following technologies may be used on the Portal: JavaScript, XML, PHP, DHTML, cookies, HTML, CSS, SSL. All sub-pages of the Platform may require logging in or using an encrypted SSL transmission protocol.

11. The Bank shall not be liable for technical breaks in the Portal’s operation, made pursuant to the provisions of the Regulations.

12. Automated access to the Portal, involving in particular use of bots, indexing robots and other automated tools which allow for the Portal to be used without the User’s intervention shall be prohibited. Automated access shall only be permitted if the Bank grants written consent to such access (under the pain of invalidity).

13. The user shall not be involved in activities detrimental to the Portal, the Bank or other Portal Users.

14. Should third parties be admitted to use the Portal according to the provisions of the Regulations, the User shall be responsible for actions and omissions of such persons as if they were their own actions and omissions.

§5.

Test environments

1. After receiving a submission and positive verification of certificates, the user shall receive a unique application identifier and a possibility to use the Portal’s test environments.

2. The test environment, fictional data, tools and other contents shall be provided and available as visible on the Portal and in later electronic correspondence, including all defects. The Bank does not guarantee that they will be free from errors or meet the specific requirements of the User.

3. The User agrees that the Portal must be used according to its purpose and without violating the law; they shall also be fully liable for any trade and sharing of elements identifying the user (APIKEY, logins, passwords, certificates, etc.).

§6.

API services

1. According to legal requirements, the Bank, in the case of submissions made using the Form, may request an eIDAS certificate from the entity — issued according to ETSI TS 119 495.

2. The Bank may, at any time, modify or update its API interfaces. In such cases, the User shall be informed about it adequately in advance, electronically to the e-mail address provided in the Form.

3. The User agrees that the Bank may collect specific anonymous data (i.e. data not allowing for identification) about the use and information concerning the use of our API interfaces and test environments as well as that the Bank may use such usage data for any internal or external business purposes.

4. The User shall endeavour to submit to zgloszenia.api@pkobp.pl any information about errors concerning API of PKO Bank Polski, in particular concerning: stable and secure connection, replacement of relevant certificates, ability to send and receive error notifications as well as performance of Services and the user’s ability to rely on authentication procedures provided by the Bank to its customers.

5. The test environment shall not be used for sharing data subject to special protection.

§7.

Disclaimers

1. Any information and contents presented on the Portal shall be purely informative. The contents on the Portal and the manner of their transmission shall not constitute an offer within the meaning of the provisions of the Civil Code or activities within the scope of legal assistance, tax consultancy, investment consultancy or any other consultancy. The Bank does not guarantee or make any representations as regards the Portal’s functionalities, absence of any errors on the Portal or presence of any shortcomings on the Portal. Any liability of the Bank within this scope shall be excluded to the extent permitted by the applicable provisions.

2. Any decisions, including business or investment decisions based on the contents included on the Portal shall be made at the User’s own responsibility and any liability of the Bank (including contractual or tort liability) for the effects of such decisions is hereby excluded. In no case should the contents included on the Portal be considered an explicit or implied representation or guarantee or any kind, made by the Bank or persons acting on behalf of the Bank.

3. To the extent permitted by the applicable provisions, the Bank’s liability for any damage which has occurred or may occur in connection with the contents presented on the Portal and in connection with the User using the portal is hereby excluded, regardless of the indirect or direct cause of such damage, as well as regardless of contractual or tort liability.

4. The Bank’s liability for temporary or permanent unavailability of the Portal for any reason is hereby excluded.

5. The User represents that they are aware of the limitations resulting from the foregoing provisions as well as of their sole responsibility for decisions made on the basis of test data received on the Portal.

§8.

Complaint handling

1. The User may file complaints concerning the use of the Portal.

2. Information about errors identified within the test environment, referred to in § 6 paragraph 4, shall not constitute the basis for filing the complaints referred to in paragraph 1.

3. Complaints may be filed by sending e-mails to zgloszenia.api@pkobp.pl or in writing to the Bank’s correspondence address.

4. Complaints should contain data allowing for identification of the User filing the complaint as well as a description of the event causing the complaint. If the data or information submitted in the complaint need to be supplemented, before considering the complaint, the Bank shall ask the User to supplement them within the scope specified.

5. Complaints shall be considered within 14 days of the date of receipt of a correctly filed complaint (containing the required elements and not requiring supplementation) by the Bank.

6. The User shall receive information about the method of considering the complaint by e-mail to the address specified in the complaint.

§9.

Information about personal data processing

1. Pursuant to Regulation (EU) of the European 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the “General Data Protection Regulation”, please be informed about the following:

1) Data controller

The controller of personal data of the User (person representing the User) shall be Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna with its registered office in Warsaw at ul. Puławska 15, 02-515 Warsaw, registered in the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under the KRS number 0000026438, Tax ID No (NIP): 525-000-77-38, Statistical ID No (REGON): 016298263, share capital (paid-up capital) PLN 1,250,000,000, hotline: 800 302 302, hereinafter referred to as the “Bank”.

2) Data Protection Officer

A Data Protection Officer has been appointed at the Bank. Address: Data Protection Officer, ul. Puławska 15, 02-515 Warsaw, e-mail: iod@pkobp.pl. Information about the Data Protection Officer is available on the Bank’s website in the “RODO” [“GDPR”] tab as well as at the Bank’s branches and agencies.

3) Purpose of data processing and legal basis

The personal data are processed by the Bank for the purpose of concluding an agreement with the Bank on access to the Portal and for the purpose of the Bank providing access to the Portal and Services on the basis of Article 6 paragraph 1 point b) of the Regulation.

4) Sharing personal data

Personal data of the User (person representing the User) may be shared by the Bank with entities and bodies which the Bank is obliged to share personal data with pursuant to commonly applicable legal provisions.

5) Personal data retention period

Personal data of the User (person representing the User) shall be processed for 5 years from the date on which the User ceases to use the Services.

6) Rights

In connection with personal data processing by the Bank, the User shall have the following rights:

1) the right of access to personal data,

2) the right to rectify personal data,

3) the right to erasure of personal data (the right to be forgotten),

4) the right to restrict processing of personal data,

5) the right to lodge a complaint to the President of the Office of Personal Data Protection if the User concludes that the processing of personal data violates the provisions of the General Data Protection Regulation.

7) Requirement to provide data

Provision of the User’s personal data is necessary for the purpose specified in item 3) above, to report the willingness to use the Services via API and allow you to use all functionalities offered by the aforementioned service in this manner.

8) Automated decision-making, including profiling

The User’s personal data shall not be processed in an automated manner, including by profiling.

2. The Bank shall select with due care and apply appropriate technical and organizational measures that ensure protection of data processing, including IT security measures. The Bank protects data from their disclosure to unauthorized persons as well as other cases of their disclosure or loss and from destruction or unauthorized modification of the indicated data and from their processing with violation of the applicable provisions of the law.

3. The Bank informs that the Portal uses technical cookies to ensure that the website displays correctly and to ensure access to all functions. Such cookies do not collect data pertaining to you which could be used for marketing purposes. You can disable cookies in your web browser at any time. However, it can cause incorrect operation of the Portal. For more information, see the cookies policy>.

§10.

Access blocking

1. The Bank reserves the right to block access to the Portal in whole or in part for justified reasons related with security of access to these Services or in connection with suspected unauthorized use of access to the Portal.

2. The Bank shall inform the User by e-mail about blocking of access to the Portal prior to the blocking or, if that is impossible, immediately after performance of this task unless providing such information would be unjustified for security reasons or is prohibited under law.

3. The blockade shall be maintained until the reason for its establishment has been determined.

§11.

Termination of the agreement

1. Services shall be provided by the Bank on the Portal for indefinite period and the User shall be entitled to terminate the Agreement in writing (close the Profile) at any time by sending a written Agreement termination notice to the Bank’s address.

2. Subject to the remaining provisions of the Regulations, the Agreement may be terminated by the Bank with immediate effect for important reasons, including in particular when:

a) the User violates the provisions of the Regulations, in particular § 3 paragraph 2, § 4 paragraph 7, § 4 paragraph 10 or § 5 paragraph 3,

b) it is determined that the User provided untrue, invalid, incorrect or incomplete data or representations or data of other persons,

c) the User takes actions aimed at changing the contents of the website or making other modifications which may interrupt its work,

c) the User’s actions or omissions have negative impact on the Bank’s good name or are otherwise detrimental to the Bank.

3. The Bank reserves the right to cease to run the Portal at any time, without any compensation for the Users.

§12.

Final provisions

1. These Regulations are available at www.developers.pkobp.pl, allowing Users to obtain, reproduce and record their contents by printing or saving them on media at any time.

2. The Bank reserves the possibility to make technical breaks in operation of the Portal in the case of conducting technical works concerning the operation of the Portal; adequate information about technical works shall be provided by the Bank in messages published on the Portal or in electronic communication. The Bank also reserves the possibility to make any changes on the Portal, including in particular with regard to introducing new services and expanding functionalities within the Portal or discontinuing provision of specific services as well disabling specific Portal functionalities. If the aforementioned changes affect the Regulations, these changes shall be made by way of amendments to the Regulations.

3. The Bank may publish advertising or marketing content on the Portal in forms commonly used on the Internet.

4. The Bank reserves the possibility of unilateral amendment of these Regulations. Any amendments to the Regulations shall apply from the date of their publication on the Portal’s website in the form of uniform text.

5. In all matters not regulated herein, the provisions of commonly applicable Polish law shall apply, in particular the provisions of the Civil Code, General Data Protection Regulation as well as the Act of 18 July 2002 on provisions of electronic services.

6. The supervisory authority controlling the activities of the Bank is the Polish Financial Supervision Authority. The User may lodge a complaint about the Bank’s activity with the Polish Financial Supervision Authority if the activity violates the provisions of the law.

7. The language used in relationships between the Bank and the User shall be Polish and English, while Polish shall remain the leading language.

8. The governing law for resolution of disputes arising in connection with provision of services by the Bank shall be Polish law.

9. Electronic correspondence concerning the Portal may be sent to the following e-mail address: kontakt.api@pkobp.pl. Written correspondence concerning the Services should be sent to the Bank’s address, i.e.: Biuro Otwartej Bankowości, Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna, ul. Puławska 15, 02-515 Warszawa.

10. The court competent for consideration of disputes arising from application of the Regulations and agreements concluded on its basis shall be the common court of law with jurisdiction over the Bank’s registered office.

These Regulations shall enter into force on 14 March 2019.