General conditions for making payments through ePay.bg

General Terms and Conditions for Executing of Payments through ePay.bg

I. MAIN TERMS

Payment via Internet means the payment for goods and services, the executing of transfers and/or the payment of obligations, where the Internet network is used as the environment for the payment data exchange.

Operator (Epay AD) is a legal entity, which registers with itself all merchants and clients willing to execute payments using ePay.bg by bank cards or other means of payment that it has approved, and which provides for and guarantees the executing of these payments between the parties in information and technical terms in adherence to the relevant technology that it has established and that the issuing banks, BORICA AD and Easypay AD has accepted.

Easypay AD is a licensed payment service provider in accordance with the Law on Payment Services and Payment Systems (LPSPS), on the grounds and under the conditions of the individual license No RD 22–1604 dated 14 July 2010, issued by the Bulgarian National Bank to carry on business as a payment institution. The payment transactions in relation to the payments and/or transfers ordered within the system of the Operator shall be executed by Easypay AD in the capacity of payment service provider.

BORICA is a payment system operator licensed by BNB to execute the payments associated with bank card transactions on the territory of the country.

еPay.bg is an electronic payment system that is accessible via the website of the Operator Epay AD and/or via the mobile application of the Operator.

Client is a natural person or a legal entity willing to use the services of the Operator and to execute payments through the Operator’s system, or who has provided, on the basis of a contract with the Operator, the necessary rights and data to execute in his/her name online authorization of payments for goods and services, executing of transfers, paying of bills and/or obligations via Internet.

Merchant (Internet Merchant), within the meaning of this contract, is a person offering goods and services, which is a party to a contract with the Operator or with the Operator and Easypay AD, on grounds of which the merchant can accept payments through еPay.bg using bank cards or other means of payment approved by the Operator.

Working day is an official working day for the banks in the Republic of Bulgaria.

Means of Payment means a Microaccount or a bank card registered with ePay.bg, whereby the client orders payments through the Operator’s system.

Microaccount is a payment instrument within the meaning of LPSPS for identification of the payer or of the payee at a distance (via Internet) and for submission of payment orders to Easypay AD or to third persons within certain limits. The cash for the execution of the payments ordered by the Client shall be available to Easypay AD in advance (in the Microaccount of the Client).

Available Balance in the Client’s Card means the sum recorded as being at hand (available) in the card of the client with the bank of the Client and/or with the card operator BORICA AD as at a given moment, when the client executes a payment via the relevant website of the Operator.

PIN code of the card - the personal identification number (PIN code) of the card - is the numerical password that the bank provides to a client holder of a bank card in accordance with a special procedure and which is entered by the client only into specialized devices (ATM and payment terminal). The PIN code of the card shall never and under no circumstances be entered into the Internet. The Operator or Easypay AD do not require under any circumstances the entering of any data concerning the PIN code of the Client’s bank card into the website of the Operator or of Easypay AD.

II. REGISTRATION

1. The registration of clients with the Operator’s system shall be carried out personally by the Client on the website of the Operator: www.epay.bg. By means of the registration, the Client declares that he/she is willing to use the services, provided by the Operator.

1.1. Registration of Clients, who are natural persons – it is carried out through the filling in of a registration form, wherein the following information shall compulsorily be entered: full name, personal number for Bulgarian nationals, or date of birth, citizenship, address, valid e-mail and user name and password for access that the Client selects himself/herself. The password for access shall comply with the minimum security requirements set out by the Operator. The Operator shall send a link to the e-mail address indicated in the registration form, to be used for the finalization of the registration, whereupon the client account is created on the Operator’s website. After the successful registration, the Client acquires access to the system, which is realized through the username and the password that he/she has entered, when registering.

1.2. Registration of Clients that are legal entities – If the Client is a legal entity, an authorized representative of the Client shall fill in an application for registration (registration form on the website of the Operator), wherein the following information shall compulsorily be entered: name of the company in accordance with the registration, UIC (BULSTAT), manager, address, valid e-mail address and a username and a password to be used for identification so as to enter the system. The password for access shall comply with the minimum security requirements set out by the Operator. The Operator shall send a link to the e-mail address indicated in the registration form, to be used for the finalization of the registration, whereupon the client account is created on the Operator’s website. After the successful registration, the Client acquires access to the system of the Operator, which is realized through the username and the password that he/she has entered into the registration form.

1.3. Registration of a Client to use the mobile application of the Operator: ePay Mobile – The services of the Operator may be used through the mobile application. The application may be activated through the existing registration of the Client with ePay.bg or without a registration. For the identification of the Client for the purposes of the mobile application, the Client needs a 6-digit code for access to the application, to be selected by the Client upon its activation. This code shall be used for confirmation of the payment transactions executed through the mobile application.

2. The Client shall be fully liable for the entering of the complete, correct, precise and up-to-date information necessary for his/her registration with the Operator’s System and for the creation of the client account, or, respectively, for the use of the mobile application. Should a change in the data specified in the registration form occur, the Client undertakes to update the information in his/her client account in a timely manner, using the field intended for that purpose, or to contact the Operator in order to enter the changes. In case of a dispute or a need to recover the Client’s access, the data in the client account with the Operator’s System shall coincide with the data contained in the official identification documents submitted by the Client. The Operator and Easypay AD shall not be liable for any losses, damages and/or loss of profits suffered by the Client, if these are due to any incorrect, incomplete or outdated information provided by the Client in his/her client account on the website of the Operator.

III. USE OF AND ACCESS TO THE OPERATOR’S SERVICES

3.The Client is able to use the Operator’s services:

3.1. Via the website of the Operator: еPay.bg;

3.2. Through the mobile application for access to еPay.bg – after activating the application.

4. Certain of the Operator’s services may be used without any prior registration of the client with the Operator’s system.

5. Means of payment for settlement – Each registered Client can execute payments through his client account using a bank card registered with the account of the Client, or a Microaccount.

5.1. For the executing of payments with a bank card, the card needs to be registered in advance with the account of the Client. The registration of the card shall be done at an ATM or using a bank statement of the card’s account, in accordance with the Operator’s instructions that are published on its website. The Client is entitled to register with his/her client account on the Operator’s website more than one bank card belonging to him/her. The registration of the card is possible after the registration of the Client with the Operator’s System. After the successful registration of the card with the account of the Client, he/she is entitled to execute payments using this card, without being necessary to enter all the information about the card for each payment. The Client can deregister/erase from his/her account a bank card, which has previously been registered for executing of payments.

5.2. Each Client registered with the Operator’s System can execute payments using a Microaccount. The Microaccount is opened and administered by Easypay AD in the name of the Client, using the personal data provided by the Client when registering with the website of the Operator. Further information about the Microaccount and the General Terms and Conditions for the Use of a Microaccount are published on the website of the Operator.

5.3. When using the services of the Operator, for which no prior registration is required, or when using the mobile application without a registration, the payment shall be executed by a bank card. For the executing of each payment, the Client shall enter into the payment form the complete information about the bank card to be used for the executing of the payment: card number, period of validity, CVC/CVV security code, personal secret password for 3D identification. By providing the necessary data, the Client identifies himself/herself, confirms the sum to be paid and orders the debiting of the sum to be paid from the card’s account and the transferring of such sum to the payee’s account. The Client shall not be entitled to challenge any payments, which have been confirmed by entering the correct password for identification (CVC/CVV security code, personal secret password for 3D identification or another password/identification code), or payments confirmed by the entering of a 6-digit code for access to the mobile application.

5.4. For a certain part of the Operator’s services, the payment can be executed by a bank card of the Client at a АТМ, using a special menu of the ATM.

6. Each registered Client shall be assigned a certain level of access to the provided payment and information services on the Operator’s website. The individual user levels, as well as the relevant services that are available to them, are published on the Operator’s website.

7. The list of the merchants, to which the Client may execute payments, is published on the Operator’s website.

III. CONTRACT

8. By his/her registration with the Operator’s website, respectively, by the activation of the mobile application, the Client declares that he/she has reviewed and accepts the Operator’s General Terms and Conditions and that he/she undertakes to comply with all procedures and rules that are published by the Operator on its website.

9. As of the moment of registration and/or using of any of the services offered by the Operator, a valid contract shall be deemed to exist between the parties (Operator and Client), which is entered into pursuant to the requirements of these General Terms and Conditions. No express written form shall be necessary as regards the existence of this contract.

10. For the use of certain Operator’s services or services provided by the latter in cooperation with a partner, the Client may have to accept the general terms and conditions for the relevant service, provided that the Client shall be informed about that by the Operator before using/registering for the relevant service.

11. Changes in the contractual clauses. Termination of the Contract.

11.1. The Operator is entitled to change these General Terms and Conditions. The change shall enter into force after being published on the website of the Operator. In case of a change, the Operator undertakes to publish a notice to that effect at a visible place on its website. If the Client does not initiate the termination of his/her contract by submitting a request for the closing of his/her client account, it shall be deemed that he/she accepts it together with the introduced changes.

11.2. The Client shall be entitled to terminate the contract with the Operator at any time. The termination shall be realized through the closing of the client account. If the Client wants to terminate the Contract, he/she shall send an e-mail to the following address: office@epay.bg, requesting the deleting of his/her registration. The request shall specify the identification credentials used for his/her registration with the Operator’s System - CIN, e-mail, names. The Operator shall be entitled to require from the Client to identify himself/herself by submitting of an ID document at an office of the Operator or at an office of Easypay AD (for Clients of the 3rd user level of access) or to request further information from the Client needed in relation to the closing of his/her Client account.

11.3. The transfer of the Client’s registration from one Client to another shall not be allowed. Should incorrect/inaccurate data (for example personal number) be submitted for the registration, and the Client has no access in order to change these, the Operator is entitled to delete the registration. The Client needs to send a request to the Operator to the specified e-mail address, indicating the reasons to that effect.

11.4. The Operator shall be entitled to terminate the contract with the Client at any time, by a one-month prior notice, provided that for such purpose the Operator shall send him/her a message to the e-mail address specified by the Client.
The Operator shall be entitled to terminate the contract with the Client when the profile is not used to send or receive payments in 12 consecutive months and when Microaccount/payment account balance is 0,00.

IV. TERMS AND METHOD OF PAYMENT

12. Before executing the payment, the Client shall review the information provided by the system about the merchant, i.e. the payee, the description of the transaction, the date and number of the invoice, the sum payable, the fee for the payment (if applicable) and other available information for the specific payment. Having verified their accuracy, the Client shall select the means of payment registered with his/her client account, which shall be used for the executing of the payment, or enter the data of the card or other required information about the executing of the payment.

13. For registered clients, in order to confirm the payment, the Client shall enter the password. The Operator’s system shall check the validity of the entered password.

14. If the Client has decided to execute the payment by a bank card, the Operator’s system shall send to BORICA AD, respectively, to the bank that has issued the card, a message to authorize the payment. If the balance of the card is sufficient for the executing of the payment, including the fee for the payment (if applicable), and the total sum is within the card limits for settlement, the transaction shall be executed and BORICA AD, respectively, the bank that has issued the card, shall send back to the Operator’s system an authorization code so as to confirm the payment. The Operator shall inform the Client of the successfully executed payment. Easypay AD shall execute the payment transaction, related to the debiting of the Client’s card, used for the executing of the payment, and the crediting of the payee’s account. The client is provided with information about the applicable fee owed by him/her to Easypay AD for the transfer. The fee is added to the the amount of payment.

Should the payment fail due to any reason whatsoever (for example the card is blocked/inactive, the balance is not sufficient, the payment limits are exceeded, etc.), BORICA AD shall send back to the Operator’s System a code for rejection of the payment, respectively, the Operator’s System shall inform the Client that the payment is not successful and shall provide to the Client the received information about the reason for the rejection.

15. If the Client has chosen to execute the payment using his/her Microaccount, the Operator’s System is sending to Easypay AD a message to debit the client’s Microaccount, respectively, to credit the account of the payee specified by the Client. For the successful execution of the payment, the following is necessary: 1) sufficient balance available to the Client’s Microaccount, incl. the fee for the execution of the payment transaction (if applicable); and 2) the sum of the payment transaction shall be within the limits of the Microaccount in accordance with the user level of the client payer and of the client payee, respectively. After entering of the password and confirmation of the transaction by the Client and after running the relevant preliminary checks of its execution, Easypay AD shall debit the sum to be paid from the Microaccount of the Client and credit the account of the payee.

16. The payments ordered via the Internet or through the mobile application, shall be deemed accepted at the moment of their confirmation by the Client using his/her password for access to еPay.bg, respectively, to the mobile application ePay Mobile, and/or by a temporary password send by a SMS, one- time password or another identification code. In case of a payment by card without registration with the Operator’s System, the payment shall be deemed accepted after the entering of the card’s data and selection of the confirmation/payment button.

When executing the payment at an ATM in relation to a service of the Operator, the payments ordered shall be deemed accepted at the moment of confirmation of the payment by entering of a valid PIN code to the bank card, whereby the payment is executed. The Client shall not be entitled to challenge the payment, which is confirmed by the entering of a correct password for his/her identification within the Operator’s System, respectively, in the mobile application, or after confirmation of the payment using the PIN code of the card (when the payment is executed at an ATM).

17. For the execution of certain payments within the Operator’s System using a bank card, respectively, a Microaccount, the Operator and Easypay AD may request further information or the use of additional electronic identification credentials, provided that the Client shall be notified to that effect before the execution of the payment transaction.

18. The Operator guarantees that when the Client submits an order for a payment transaction, which is confirmed by the correct and accurate password, and the available balance in the card, respectively, the Microaccount of the Client, is sufficient, the Operator shall ensure the provision of the information as to the execution of the payment from the card/Microaccount of the Client to the account of the payee (merchant), and also guarantee the execution of the payment to the payee after its confirmation by the Client.

19. The Client has an opportunity not to confirm a given payment by selecting the payment rejection button.

20. The Client receives detailed information, which is accessible through his/her client account on the website of the Operator or through the mobile application, about all transactions (payments, transfers, etc.) and the fees charged for such transactions (if any), as well as all transactions related to the use of the information services offered by the Operator.

V. LIABILITIES

21. The Operator is not a party to the contract between the merchant/payee and the Client and shall not be liable for unrealized deliveries, for deliveries that do not comply with the Client’s requirements, for services not rendered, or for any other cases of disputes between the merchant/payee and the Client.

22. The Operator shall not be liable and shall not accept any claims, if the Client has provided his/her password to third persons and they execute payments in his/her behalf and at his/her expense, regardless of the way, in which it was done.

23. The Operator shall not be liable for a payment that has been ordered by mistake by the Client, which is confirmed using his/her password or confirmed after the entering of the card’s data, when it comes to one-off payments without registration.

24. The Client cannot lodge any claims against the Operator for unexecuted payments, if:

* his/her bank due to any reason has refused to execute the relevant payment,

* his/her bank is not able to execute it, regardless of the reasons to that effect (placing the bank under special supervision, declaring its insolvency, temporary insolvency, etc.).

25. The Operator undertakes to provide to the Client, upon request, the following data about the merchant: domicile and mailing address, telephone, e-mail, names of the merchants representatives, UIC (BULSTAT) of the merchant.

26. Epay AD and Easypay AD shall be liable and shall not be obliged to pay damages or loss of profits in case the Client is not able to execute payments at a given moment due to events of force majeure or due to any reasons beyond the control of the Operator or Easypay AD, including technical failures, communication breakdown, electricity blackout, etc.

VI. SECURITY

27. The Client shall be fully liable for the keeping of his/her password for access to the Operator’s System, respectively, the code for access to the mobile application ePay Mobile, from the knowledge of third parties. If the Client has doubts that third persons have learned his/her password/code for access in one way or another, he/she shall immediately change the password/access code using the section of the Operator’s website, respectively, the mobile application, intended for such purpose.

28. In order to guarantee the Clients funds, he/she shall not enter the PIN code of his/her bank card into any website, including the Operator’s website, and shall not enter his/her password/access code into other websites, except for the website of the Operator, which is expressly specified for such purpose.

29. The Operator, due to any reasons whatsoever, shall not send e-mail messages inviting the Client to update his/her data and account in the system or to provide his/her password and/or username, any card data or other identification credentials. Should the Client receive such a message, he/she shall consider it as an attempted fraud and he/she shall not open the links indicated therein under any circumstances, and shall not enter his/her personal and/or financial information.

30. The operator provides an opportunity to the Clients of the system to use certain additional security services for the payments via the Internet – a temporary SMS code for payments and a one-time password dpass, registration of a qualified electronic signature. The conditions and the method of using of the additional security services for payments are detailed on the Operator’s website.

31. The Operator shall be entitled to temporarily block the Client’s access to his/her registration on the Operator’s site in the following cases:

a) at the Client’s request;

b) in case of doubts that the registration might be used fraudulently;

c) in case of unauthorized use of the means of payment;

d) when the actions of the Client are in breach of the requirements of the existing legal acts, as well as the current General Terms and Conditions;

e) at the initiative of the Operator and Easypay AD – due to objective reasons associated with the security of the Client’s identification credentials, reasonable doubts for orders using the means of payment that are not authorized by the Client, and the fraudulent use of the means of payment;

f) automatically, if incorrect identification credentials (password for access) are entered into a certain number of times.

32. The blocking of the account (registration) of the Client shall not lead to an immediate and unconditional termination of the Client’s contract with the Operator and/or with Easypay AD.

33. When the blocking is initiated by the Client, the registration of the Client shall be blocked, when the Client submits the identification credentials required by the Operator.

34. The Client shall not be entitled to use the Operator’s website or the mobile application ePay Mobile, including the payment instruments registered with his/her client account, for purposes that are at variance with the law, including the acquisition of goods or services, which are prohibited by the effective Bulgarian legislation.

VII. FEES AND COMMISSIONS

35. The Operator shall charge fees for the provided information services in accordance with the Tariff published on its website: www.epay.bg. The Operator shall be entitled to change the Tariff, provided that it shall publish the changes in advance on its website. Easypay AD shall charge fees for the provided payment services related to the processing of payment transactions using a card or a Microaccount, in accordance with the Tariff published on the website: www.epay.bg.

36. In case of card payments using the Operator’s System, the cardholder’s Bank, in turn, may charge fees on the cardholder’s account for each executed transaction, provided that this shall be set out in advance in its tariff.

37. Cookies policy. Security and identification.

37.1. The cookies are small files containing data, which are transferred by a website from the internet browser of the computer or another device (mobile telephone) used by the Client to access the Internet, either temporarily, during the visit to the website, or for a longer period, depending on the type of the cookies used.

37.2. The operator uses temporary cookies to facilitate the Clients’ access to the Operator’s website, to facilitate the Clients’ access to their user accounts and to control the security. The cookies are used to identify the user within a specific session, to control the security of the connection and to guarantee that only the user can see the information that he/she has entered.

37.3. The cookies used for identification and security purposes are deleted automatically after the termination of the session of the used internet browser or are kept for a limited period of time with a view to ensure the obstacle-free use of the website. These cookies and the other types of cookies on the Operator’s website do not store the personal data entered by the Client.

37.4. The Operator’s website (www.epay.bg) uses cookies to store information about the selected language version, so as to preserve this setting in the current session and to ensure the optimum convenience when visiting the site.

37.5. If the Client is not willing to accept the use of cookies by the Operator’s site, he/she can deactivate them through the settings of the internet browser that he/she is using. If the Client rejects the use of cookies, certain functions of the Operator’s site may not work properly.

VIII. PERSONAL DATA COLLECTION

38. The Operator Epay AD is the personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which is applicable as from 25 May 2018, as well as the national legislation. The Operator shall collect personal data and use the collected personal information only for the purposes of offering the services, unless a reasonable assessment is made that these shall also be processed for another purpose compatible with the initial one. Should personal data need to be processed for another purpose, which is not compatible with the initial one, the Operator shall inform the data subject.

39. Epay AD is processing personal data either individually, or jointly with other controllers, such as banks, Easypay AD and other payment service providers and system operators, specified in the Law on Payment Services and Payment Systems (LPSPS). The data associated with payments through the System of Epay AD, as well as the Client’s identification credentials, shall be processed jointly with Easypay AD, in the capacity of payment service provider under LPSPS.

40. Epay AD shall collect from the Client the data necessary for the identification and for the performance of the contractual obligations of Epay AD and the Client:

* names, personal number and foreigner’s personal number, foreigner’s date of birth, address, telephone, e-mail address;

* names, personal number, address and other particulars of a proxy;

* number, date of issue, validity and issuer of an ID document;

* data collected when executing the payment – credit or debit card number, bank account and other payment information collected when processing the payments ordered by the Client through the systems operated by Epay AD – via the Internet, through the system ePay.bg, other online platforms for automatic payments using payment cards or payment accounts, at an ATM, mobile applications;

* data contained in the client account – username; information about the qualified electronic signature registered with the Operator’s System; identification credentials contained in the Client account with the Operator’s System; the subscription numbers, client numbers and other information related to the offered services for payments to registered merchants, as added to the client account; payment history;

41. Epay AD is processing the collected data for the following purposes:

41.1. For the provision of the services that have been initiated by the Clients /data subjects/;

41.2. For the exercise of contractual rights and the performance of obligations of the Operator under a contract to which the Client is a party;

41.3. For the compliance with the legal obligations related to the provision of payment services by Easypay AD to clients, who are using the payment services through the systems operated by Epay AD.

41.4. For the provision of information about the client and the services that he is using upon an inquiry/request/inspection by a competent authority;

41.5. For the purposes of direct marketing of goods and services offered by the Operator.

42. The collected personal data are kept and processed in adherence to the requirements of the Personal Data Protection Law and the General Data Protection Regulation (Regulation (EU) 2016/679), whereupon all applicable personal data protection rules are complied with. The Statement of Privacy and Personal Data Protection of Epay AD contains detailed information regarding the collection of personal data, their processing, storage period, as well as the rights of the Clients /data subjects/.