General Terms and Conditions

Paywiser Limited (Company No.: 10677553) is registered in the UK at 36-38 Westbourne Grove Newton Road, London, United Kingdom, W2 5SH and authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN: 901086).

Please read these Terms and Conditions carefully before using the www.paywiser.com website (“the Website”) owned by Paywiser Limited (“us”, “we”, or “our”). Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service.

By accessing or using the Website you agree to be bound by these Terms. If you disagree with any part of the terms you should not use the Website.

Please be informed that the Website contains also product descriptions and information provided by “Paywiser”, company incorporated in United Kingdom, in order to provide the visitors for their own convenience with the most complete information on all the businesses of Paywiser group companies.

GOVERNING LAW

These Terms shall be governed and construed in accordance with the laws of United Kingdom, without regard to its conflict of law provisions.

Paywiser Limited or any other Paywiser group company’s failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Website, and supersede and replace any prior agreements we might have between us regarding the Service.

COPYRIGHTS

You may not reproduce, distribute, modify, or show in public any of the content on this website, including files downloadable from this website, without the permission of the owner.

CHANGES

We reserve the right, at our sole discretion, to modify or replace these Terms at any time. We will post these changes on the Website. It is your sole responsibility to periodically check the Term for any changes. By continuing to access or use our Website after those changes have been made, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Website.

NO WARRANTY

This website is provided “as is” without any representations or warranties, express or implied. Paywiser Limited or any other Paywiser group company makes no representations or warranties in relation to this website or the information and materials provided on this website.

Whilst Paywiser Limited will try to ensure that the Website is of highest standard, we do not warrant that this website will be constantly available, or available at all or the information on this website is complete, true, accurate or non-misleading.

In no event Paywiser Limited or any other Paywiser group company will be liable for any damages, including, but not limited to direct or indirect damages arising from or in connection with the use of the Website. Nothing on this website constitutes, or is meant to constitute, advice of any kind.

INDEMNITY

You hereby indemnify and undertake to keep Paywiser Limited and any other Paywiser group company indemnified against any losses, damages, costs, liabilities and expenses (including without limitation legal expenses and any amounts paid by Paywiser to a third party in settlement of a claim or dispute on the advice of Paywiser’s legal advisers) incurred or suffered by Paywiser or any other Paywiser group company arising out of any breach by you of any provision of these terms and conditions, or arising out of any claim that you have breached any provision of these terms and conditions.

LINKS TO OTHER WEB SITES

Our Service may contain links to third-party web sites or services that are not owned or controlled by Paywiser Limited or any other Paywiser group company. Paywiser Limited or any other Paywiser group company has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party web sites or services. You further acknowledge and agree that Paywiser Limited or any other Paywiser group company shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content or services available on or through any such web sites or services.

We strongly advise you to read the terms and conditions and privacy policies of any thirdparty web sites or services that you visit.

Last updated: Oct 30, 2021

HK – Terms & Conditions

THE USE OF OUR SERVICE IS SUBJECT TO THE FOLLOWING TERMS AND CONDITIONS

Users of our services agree that access to and use of our services are subject to the following terms and conditions and other applicable laws of Hong Kong.

Copyright

The contents included in this site and its services, including but not limited to text, graphics or code is copyrighted as a collective work under the laws of Hong Kong and is the property of Paywiser Limited. The service and products involved includes works which belong exclusively to Paywiser Limited. Any other use, including but not limited to the reproduction, distribution, display or transmission of the content of this site is strictly prohibited, unless authorized by Paywiser Limited. You further agree not to change or delete any proprietary notices from materials downloaded from the site.

Trademarks

All trademarks, service marks and trade names of Paywiser Limited used in the site are trademarks or registered trademarks of Paywiser.com.

Warranty Disclaimer

This site and the materials and products on this site are provided “as is” and without warranties of any kind, whether express or implied. To the fullest extent permissible pursuant to applicable law, Paywiser Limited disclaims all warranties, express or implied, including, but not Paywiser Limited to, implied warranties of merchantability and fitness for a particular purpose and non-infringement. Paywiser Limited does not represent or warrant that the functions contained in the site will be uninterrupted or error-free, that the defects will be corrected, or that this site or the server that makes the site available are free of viruses or other harmful components. Paywiser.com does not make any warranties or representations regarding the use of the materials in this site in terms of their correctness, accuracy, adequacy, usefulness, timeliness, reliability or otherwise. Some states do not permit limitations or exclusions on warranties, so the above limitations may not apply to you.

Limitation of Liability

Paywiser Limited shall not be liable for any special or consequential damages that result from the use of, or the inability to use, the services and products offered on this site, or the performance of the services and products. Paywiser.com does not guarantee or warranty any information that they gather or use.

Typographical Errors

In the event that a product is mistakenly listed at an incorrect price, Paywiser Limited reserves the right to refuse or cancel any orders placed for product listed at the incorrect price. Paywiser reserves the right to refuse or cancel any such orders whether or not the order has been confirmed and your credit card charged. If your credit card has already been charged for the purchase and your order is cancelled, Paywiser.com shall issue a credit to your credit card account in the amount of the incorrect price.

Termination

These terms and conditions are applicable to you upon you using our services. These terms and conditions, or any part of them, may be updated or terminated by Paywiser.com without notice at any time, for any reason. The provisions relating to Copyrights, Trademark, Disclaimer, Limitation of Liability, Indemnification, shall survive any termination.

Notice

Paywiser Limited may deliver notice to you by means of e-mail, a general notice on the site, or by other reliable method to the address you have provided to Paywiser.com.

Use of Site

Harassment in any manner or form on the site, including via e-mail, chat, or by use of obscene or abusive language, is strictly forbidden. Impersonation of others, including a Paywiser employee or other licensed employee, host, or representative, as well as other members or visitors on the site is prohibited. You may not upload to, distribute, or otherwise publish through the site any content which is libelous, defamatory, obscene, threatening, invasive of privacy or publicity rights, abusive, illegal, or otherwise objectionable which may constitute or encourage a criminal offense, violate the rights of any party or which may otherwise give rise to liability or violate any law. You may not upload commercial content on the site or use the site to solicit others to join or become members of any other commercial online service or other organization.

Participation Disclaimer

Paywiser Limited does not and cannot review all communications and materials posted to or created by users accessing the site or using our services and is not in any manner responsible for the content of these communications and materials. You acknowledge that by providing you with the ability to view and display user-generated content hosted on the site, Paywiser Limited is merely acting as a passive conduit for such distribution and is not undertaking any obligation or liability relating to any contents or activities on the site. However, Paywiser.com reserves the right to block or remove communications or materials that it determines to be (a) abusive, defamatory, or obscene, (b) fraudulent, deceptive, or misleading, (c) in violation of a copyright, trademark or; other intellectual property right of another or (d) offensive or otherwise unacceptable to Paywiser.com in its sole discretion.

Indemnification

You agree to indemnify, defend, and hold harmless Paywiser Limited its officers, directors, employees, agents, licensors and suppliers (collectively the “Service Providers”) from and against all losses, expenses, damages and costs, including reasonable attorneys’ fees, resulting from any violation of these terms and conditions or any activity related to your seals or account (including negligent or wrongful conduct) by you or any other person accessing the site using your account.

Third-Party Links

In an attempt to provide increased value to our visitors, Paywiser Limited may link to sites operated by third parties. However, even if the third party is affiliated with Paywiser Limited, Paywiser Limited has no control over these linked sites, all of which have separate privacy and data collection practices, independent of Paywiser.com. These linked sites are only for your convenience and therefore you access them at your own risk. Nonetheless, Paywiser.com seeks to protect the integrity of its web site and the links placed upon it and therefore requests any feedback on not only its own site, but for sites it links to as well (including if a specific link does not work).

Governing Law

The service provided by Paywiser Limited and the terms and conditions stated herein are governed by the laws of Hong Kong.

HK – Data Protection Policy

1.Introduction

Paywiser Limited is a private limited company duly incorporated in Hong Kong (the “Company”). The Company is committed to data protection and privacy. We respect and protects the rights of individuals, particularly the right to data protection and privacy as far as the processing and use of personal data is concerned. This Data Protection Policy (“Policy”) is approved by the Board of Directors of the Company. The Data Protection Officer of the Company shall be responsible for the compliance and enforcement of data protection and privacy.

This Policy defines the standard for the data protection compliant processing of personal data. It defines the requirements for business processes that involve personal data and assigns clear responsibilities.

The Company must ensure that all processes involving the processing of personal data are able to fulfill the requirements stated in this Policy. As employers, the Company have the responsibility for the processing of their employees’ personal data. When handling personal data in course of their duties, all employees of the Company are required to follow the requirements of this Policy.

The principles mentioned in this Policy are based on the Personal Data (Privacy) Ordinance of Hong Kong (“PDPO”). These principles apply to all staff members of the Company.

2.Definitions

• Anonymous data & Anonymized data
  Anonymous and anonymized data is data that does not refer to an identifiable natural person. Even if other data or additional information were added, identification of the natural person is not (or is no longer) possible. This Policy does not apply to such data.
• Biometric data
  Personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person (such as fingerprints or facial images).
• Consent
  Any freely given and unambiguous statement or other clear affirmative action by which the data subject indicates in an informed manner that he or she agrees to the processing of his or her personal data for a specific purpose.
• Controller
  Any natural or legal person that, alone or jointly with others, determines the purposes and means of the processing of personal data. For the personal data of its employees, customers, suppliers, partners, or other persons, Paywiser Limited is regarded as the controller.
• Data concerning health
  Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
• Erasure
  The irretrievable obliteration or physical destruction of saved personal data or its anonymization in such a way that makes it impossible to re-identify the natural person after the fact.
• Genetic data
  Personal data relating to the inherited or acquired genetic characteristics of a natural person that gives unique information about the physiology or the health of that natural person and which result in particular from an analysis of a biological sample from the natural person in question.
• Personal Data
  Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Natural persons can be identified directly based on, for example, names, phone numbers, e-mail addresses, postal addresses, user IDs, tax and social insurance numbers or indirectly through a combination of any other information. The personal data that is subject to this Policy includes data of employees, applicants, customers, suppliers and users of websites and services of the Company. It can be contained in the Company’s own systems, in systems which third parties operate on behalf of the Company, or in the systems operated by the customers themselves, by the Company, or by third parties, to the extent that employees of the Company can gain access to the saved personal data there in the course of support and consulting activities.
• Processor
  A natural or legal person that processes personal data on behalf of the controller, such as an external service provider or a different Paywiser company that is not the controller itself.
• Processing
  Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. The anonymization of data also represents a processing of personal data.
• Pseudonymization
  Processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person. Pseudonymized data constitutes personal data as defined in the PDPO; therefore, this Policy also applies to pseudonymized data.
• Special categories of personal data
  Certain personal data that is particularly sensitive due to its nature, whose processing is likely to result in significant risks for the rights of the data subject and therefore requires special protection. This includes data concerning health, Genetic data, biometric data processed to uniquely identifying a personal data, information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, or sexual orientation. Depending on the context, this may also include data that could be misused for identity theft purposes, such as social security-, credit card- and bank account numbers, ID-card or driver’s license-numbers, also personal data regarding criminal investigation proceedings, convictions, and crimes, or data that is subject to professional confidentiality obligation.
• Third party
  A natural or legal person, public authority, agency, or body other than
  1. the data subject,
  2. the controller,
  3. the processor and
  4. the persons who are authorized to process personal data under the direct authority of the controller or processor.
• Recipient
  A natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the laws of a particular jurisdiction shall not be regarded as recipients.

3.Principles for Protecting Personal Data

Personal data shall only be processed lawfully and in accordance with the principles set out below.

1. Lawfulness, Fairness, and Transparency
   Personal data may only be processed lawfully, fairly and in a transparent manner in relation to the data subject. This is the case when: processing is legally permitted in the specific case. Among others, the laws permit all cases of data processing that:
   • are necessary for the performance of contracts with the data subject (e.g. the storage and use of necessary personal data in the context of an employment- or service contract),
   • are necessary to take steps at the request of the data subject prior to entering a contract (e.g. a customer requests information about product X and then purchases said product. The data necessary to send the information material and to execute the contractual relationship may be processed),
   • are necessary for compliance with legal obligations, e.g. due to tax or social insurance laws,
   • are necessary to protect the vital interests of the data subject or of another natural person,
   • are necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (e.g. for direct marketing),
   • include decision-making based on automated processing in an individual case that produces legal effects concerning the data subject, when this automated decision is legally permitted, required for the performance of a contract with the data subject, or for which the data subject has explicitly granted consent, or
   • when a data subject has granted his or her consent (for example, when registering on a website or subscribing to a newsletter).
   Personal data should be collected directly from the data subject. If this is not the case, the data subject must be notified, particularly about the types of personal data that are being collected, processed, and/or used and for which specific purposes this occurs.
2. Specific Purpose
   Personal data may only be collected for specific, explicit purposes. It may not be processed in a manner that is incompatible with those purposes.
   The specific purpose must be defined before data collection. Processing for a purpose other than that for which the data have been collected is only permitted in exceptional cases, when a law permits processing for another purpose or if it is based on the data subject’s consent. To ascertain whether the other purposes are compatible with the agreed purposes, the reasonable expectations of the data subject towards the Company with regard to such further processing, the type of data used, the possible consequences of the intended further processing for the data subject, and measures of encryption or pseudonymization must be taken into account.
3. Data Minimization
   Personal data may only be collected to the extent which is absolutely necessary to fulfill the defined purpose. Processing must be adequate, relevant, and limited to what is necessary in relation to the purposes for which the data is processed.
4. Accuracy
   Personal data must be accurate and up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay. All processes that involve the processing of personal data must provide an option for rectification and update.
5. Storage Limitation (Obligation to Erase)
   Personal data may only be stored as long as is necessary for the purposes for which it is processed or due to other legal requirements, particularly to comply with statutory retention periods. After this point, personal data must generally be erased or anonymized. All processes for processing personal data must contain an option for erasure or blocking to the extent required by law.
6. Integrity, Availability, and Confidentiality
   Personal data and its processing operations must always be appropriately protected by means of technical and organizational measures. This includes, in particular, suitable measures to protect against unauthorized or unlawful processing, accidental loss, destruction or damage, accidental disclosure and unauthorized access.
7. Processing of Special Categories of Personal Data
   The collection, processing, and use of special categories of personal data should always be transparent for the data subject. Unless the collection and processing of such data is explicitly authorized by law, e.g. if necessary, for carrying out obligations and exercising rights in the field of employment, social security, social protection, it should only be collected on the basis of explicit prior notification and consent of the data subjects.
   The consent must explicitly refer to these special data categories and their processing for one or more specified purposes. Unless applicable laws stipulate otherwise, special categories of personal data may only be processed and used with the explicit consent of the data subjects. Increased protective measures must be established to protect the data (e.g. physical security measures, access restrictions and encryption).

4.Rights of Data Subjects

1. Right to be informed
   Data subjects have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the PDPO. The Company must provide the data subjects with information including: our purposes for processing their personal data, our retention periods for that personal data, and who it will be shared with.
2. Right of Access and Data Portability
   Data subjects have the right to obtain from the Company confirmation as to whether or not personal data concerning her or him are being processed. In such case, the Company shall provide for access as required by law. The information is provided in writing, unless the data subject submitted the request for information electronically. The information to be provided to the Data Subjects must include the purpose of storage, the recipients of the data, and all other legally required information pursuant to Article 15 of the PDPO. The data subject must be provided with a copy of the personal data that are undergoing processing. Upon request by the data subject, the data that he or she has provided to the controller must be made available in a structured, commonly used and machine-readable format.
3. Right to Rectification, Restriction, and Erasure
   When personal data prove to be incorrect, incomplete, or out-of-date, each data subject has the right to rectification of his or her personal data. This can be the case, for example, if the data subject has changed history her name due to marriage.
   Data subjects also have the right to obtain restriction of processing of their personal data when one of the following applies:
   • The data subject contests the accuracy of the personal data and verification of the accuracy of the personal data takes some time. In this case, the data subject can demand restriction for the period of the verification of the accuracy.
   • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
   • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims. Should it become apparent that certain information have a respective value to the data subject, the data subject must be notified of the pending erasure with reasonable notice.
   • The data subject has objected to processing for the duration of the clarification as to whether the legitimate interests for processing outweigh those of the data subject.
   Within the restriction process, the stored personal data of the data subject must be marked with the aim to restrict access and limit their further processing. In addition, data subjects have the right to the erasure of their personal data in the following cases:
   • The purpose of the data processing no longer applies.
   • The data subject withdraws his or her consent for a specific purpose of processing.
   • Address data is used for direct marketing purposes and the data subject objects to such use.
   • The data is processed unlawfully.
   • Erasure is required to meet legal obligations.
   All processes in which personal data is collected, processed, or used must include a concept for the regular retention and deletion of personal data. This concept must ensure that personal data is erased in a timely manner after the fulfillment of the specified purpose or the lapse of the authorization for storage, particularly statutory retention terms. Instead of erasure, personal data may also be anonymized. If there is an obligation to erase personal data and said data has already been made public, other controllers shall be notified of the request to erase his or her data, including all links to this data.
4. Right to Object
   Data subjects have the right to object to data processing when the Company processes personal data based on a decision in favor of its legitimate interests. In this case, the data subject must claim his or her own rights or interests on grounds relating to his or her particular situation, which outweigh the Company’s legitimate interest to process the data. Data subjects can object to the processing of their personal data for purpose of direct marketing, including profiling if such is related to direct marketing, at any time and without giving reasons. If an objection is raised, the Company will not process this data further for these purposes. This does not apply where the processing cannot be ceased due to compelling legitimate grounds for the processing, particularly the establishment, exercise, or defense of legal claims.
5. Right to Complain
   If a data subject wishes to file a complaint with regard to processing of her or his personal data, they can do so directly in an e-mail to the data protection officer: [email protected].
   The data subject must be notified about all measures taken based on her or request within one month at the latest.

5.Data Protection Governance Structure

Responsibility for compliance with data protection requirements rests with the board of directors of the Company that processes the personal data for its business purposes. Executive management may delegate the task to fulfill this responsibility to managers at different levels within the organizational framework and the associated business processes.

6.Responsibilities for Data Protection Compliance

1. Management of Paywiser
   The board of directors of the Company must ensure that the processes in their areas of responsibility in which personal data is processed (herein: “processes") meet the requirements of this Policy.
2. Employees
   All employees are required to handle all personal data that they can access in the course of performing their duties for Paywiser Limited with strict confidentiality and to not collect, process, or use such data without authorization. Employees of the Company may only process personal data within the scope necessary to fulfill their duties as defined by their employment contracts. If the processing of personal data is not recognizably prohibited for an employee, he or she may assume the legality of the instructions from their superiors. When in doubt, employees should seek clarification from their managers.

7.Transfer/Commissioned Data Processing

If personal data is to be transferred to an associated company, a review must first take place as to whether contractual agreements regarding data protection and privacy are needed. Such review is required only when an associated company or external service provider is to process personal data on behalf of the Company (referred to as “transfer for processing purposes").

In addition, the following rules apply to the transfer of personal data:

• Transfer for commissioned processing:
  If the Company commissions an associated entity or an external company with the processing of personal data, it remains responsible for compliance with data protection and privacy requirements.
• Transfer for the recipients’ own purposes:
  The Company may transfer personal data to an associated company or an external company for their own purposes only if this is legally permitted or required, or if the data subjects have first given consent.

8.Transfer of Customer Data

The Company processes personal data of customers and on behalf of customers. The use and, if relevant, transfer of such customer data must be in accordance with the applicable laws.

Paywiser Limited
April 2023

Slovenia – Privacy policy

PAYWISER PRIVACY POLICY

Last updated: October 1, 2022

This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.

1. INTRODUCTION

PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia (or “PAYWISER”) obtained an authorization to provide electronic money issuance and payment services in EEA from the Bank of Slovenia in accordance with the Slovenian Payment Services, Services of Issuing Electronic Money and Payment Systems Act.

We provide technical solutions for payment processing and issuing for personal and commercial use (PAYWISER issuing service). Businesses of all sizes use our software and services to accept payments and manage their businesses online (PAYWISER acquiring service).

While providing products and services, PAYWISER processes personal data with utmost care and responsibility and in compliance with the national and EU Data Protection Regulation, specially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the Regulation or GDPR).

PAYWISER commits to safety and privacy of your personal data. GDPR does not apply to information about legal entities (e.g., limited liability companies), yet it does apply to individuals that are related to legal entities.

This Privacy Policy (hereinafter Policy) provides general information about our personal data processing activities. This document describes how we collect and use your personal data and how we share it, your rights, especially your data subject rights, including the right to object to some uses of your personal data by us, and how you can contact us about our privacy terms and measures.

We may provide this notice in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.

If you have concerns about how we use your personal data, you can contact the person authorized for the data protection (“DPO”) on [email protected].

1.1 DEFINITION OF TERMS WE USE IN THIS POLICY

“PAYWISER” or “we / our / us” stands for the Paywiser d.o.o. entity responsible for the collection and processing of personal data under this Privacy Policy in the frame of providing our Services.

“Personal data” means any information that relates to an identified or identifiable individual and can include information related to you which: (a) we know about you (for example, if you are an individual or a director of a company applying for a business relationship with PAYWISER, we may ask you to provide identification documents) and (b) can be used to personally identify you (for example, a combination of your name and postal address).

“Services” stands for all PAYWISER-provided products (devices, applications, such as web-application, mobile app, Merchant Dashboardb etc.) and services (e.g., issuing, acquiring, payment processing, payment gateway services etc.).

“Service Provider” refers to PAYWISER.

“Business Relationship” means any of PAYWISER-provided Services based relationship between PAYWISER and you (such as business relationship between PAYWISER and Merchant for providing of acquiring services, business relationship between End User and PAYWISER for providing of payment card, etc).

“Merchant’ or ‘you / your” refers to any legal entity entering into business relationship with us and, where applicable, it’s duly authorized representatives and successors.

“Service User” or “you” is the user of products and/or services provided by PAYWISER. Since we provide services for commercial and/or personal use, depending on the context, “you” can relate to the Merchant and can also relate to:

• (i) the Representative, when you are acting on behalf of the Service User (e.g., you are a founder of a company, or administering a business relationship with PAYWISER for a Merchant, who is a Service User);
• (ii) the End User, when you directly use a PAYWISER-provided Services for your individual personal use;
• (iii) the Customer, when you do business with, or otherwise transact with a Service User (typically a Merchant using Services);
• (iv) the Potential Service User, when you visit our website or web-application (e.g., you send us a message asking for more information because you are considering being a user of our products or services).

2. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

PAYWISER d.o.o., with its registered office at the address Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia. The Data Protection Officer is available via paper post on the registered office address and via e-mail: [email protected].

Depending on the activity, PAYWISER acts as a “Data Controller” or “Data Processor”.

PAYWISER is the ‘Processor’, processing your personal data on behalf of the ‘controller, if you are a Customer of a certain company (e.g. Merchant) that uses PAYWISER-provided Services, or one of its employees who uses the Services, when we provide to the Merchant integration and access to Gateway Software and technical support necessary for acceptance of the Cards on Merchant Website and settling payment transactions. In this case the Merchant as the Service User is the controller of your personal data and should provide you appropriate information about how it processes your personal data and the appropriate contact to receive your Data Subject Right Requests such as request to get information on the processing of your personal data, request to access, correction, deletion or portability of their personal data and objection to processing including objecting to processing for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

3. HOW DO WE COLLECT YOUR PERSONAL DATA AND WHICH DATA CATEGORIES WE PROCESS?

We collect your personal data when (a) you use our website at www.paywiser.com; (b) you use one of our business applications (such as E-commerce website, internet payment pages, mobile app etc.) and (c) you use any of the Services available to you through the our business applications or website.

We may also collect your personal data from other people or companies or other sources.

4. HOW DO WE USE YOUR PERSONAL DATA?

Preparing anonymous statistical datasets. We prepare anonymous statistical datasets about spending patterns: (i) for forecasting purposes; (ii) to understand how you use PAYWISER business applications or account and (iii) to comply with governmental requirements and requests. These datasets may be shared internally or externally with others, including non-PAYWISER companies/institutions. We produce these reports using information about you, HOWEVER, the information used and shared in this way is never personal data and you will never be identifiable from it.

Whenever your personal data is processed based on our legitimate interest or based on your explicit consent, you have the right to object to such processing and to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn. We will always offer you a possibility to manage your choices for receiving our messages with promotional and other content.

Compliance with Legal Obligations. We use personal data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer (“KYC”) and Know-Your-Business (“KYB”) laws, anti-terrorism, anti-fraud, export control and prohibitions on doing business with restricted persons or in certain business areas, and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of personal data is critical to this effort. For example, we may monitor patterns of Payment Transactions andother online signals and use those insights to reduce the risk of fraud, money laundering and other activity that is harmful to PAYWISER or you.

Minors. PAYWISER-provided Services are not directed to minors, including children under the age of 15, and we request that they do not provide personal data through the Services. In some countries, we may impose higher age limits as required by applicable law.

5. WHO ARE YOUR PERSONAL DATA SHARED WITH?

In the scope of PAYWISER-provided Services your personal data is used by:

• PAYWISER. Your personal data are shared within PAYWISER entity and are available to authorizedpersonnel, responsible for providing our products and services. These persons are legally and contractuallyobliged to protect the confidentiality of personal data.
• Service Providers or Processors that use your personal data on our behalf and based on our instructions.PAYWISER uses their services in order to provide Services to you as our Service Users and to communicate, market and advertise regarding our Services. Service providers provide a variety of critical services, such as hosting (storing and delivering), analytics to assess the speed, accuracy and/or security of our Services, identity verification, customer service, email and auditing. We authorize such service providers to use or disclose your personal data that we make available to perform services on our behalf and to comply with applicable legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of personal data they process on our behalf. Our service providers are predominantly located in the EEA and Hong Kong.In order to adequately fulfill our contractual and legal obligations, we must also disclose your personal data to third parties:
• Financial Partners. “Financial Partners” are financial institutions that we partner with to offer the Services(including Card Schemes, Banks etc.).
• Compliance and Harm Prevention. We share personal data: (i) to competent state authorities and authoritiesresponsible for financial, tax or banking supervision (e.g., the Office for the Prevention of Money Laundering, the Financial Administration, courts, etc.) in order to comply with applicable law; (ii) to payment method providers, to comply with rules imposed by payment method in connection with use of that payment method (e.g. network rules for Mastercard, UnionPay or other); (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of PAYWISER, you or others, including against other malicious or fraudulent activity and security incidents; (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence and (vi) to natural and legal persons who demonstrate an appropriate legal basis for receiving personal data, based on their reasoned written request or natural and legal persons who present themselves with the authorization of the individual to whom the personal data refer.
• Corporate Transactions. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but subject to the terms of this Policy.
• Others with Consent. In some cases, we might refer you to, or enable you to engage with our other Partners for certain services to be provided to you. In these cases, we will clearly disclose the identity of the third party and your personal data and information related to you will be shared with them only based on your prior explicit consent.

All users of your personal data are obliged to respect and protect personal data in accordance with the applicable legislation on the protection of personal data and other legal regulations.

We will never sell your personal data.

6. ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE EU /EEA?

We are a global business, providing an international Services, so we may need to transfer your personal data outside the European Economic Area (EEA). Personal data may be stored and processed in any country where we do business; or where our service providers do business; or if you use an international payment method or financial partner service, the countries in which that payment method or financial partner operates, when: (i) the

We may transfer your personal data to countries other than your own country. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. Where applicable law requires a data transfer mechanism, we use one or more of the following: (i) sign with a data recipient outside the EEA EU Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your personal data to those entities outside the EEA; (ii) verification that the recipient has implemented Binding Corporate Rules, or (iii) other legal methods available to us under applicable law.

7. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

We retain your personal data as long as we are providing the Services to you or our Service Users. Even after we stop providing Services directly to you or a Service User with which you are doing business, and even if you terminate your business relationship with PAYWISER or complete a Transaction with a Service User, we retain your personal data in order to comply with our legal and regulatory obligations, such as fraud monitoring, detection and prevention activities; to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods you used.

We keep personal data in accordance with limitation periods and retention obligations that are imposed by applicable law. As a rule, your personal data is kept for ten (10) years after the termination of the business relationship or execution of the transaction. Data processed on the basis of your consent are kept until your cancellation or requests for data deletion, but no longer than ten (10) years after the termination of the business relationship or until the purpose for which they were acquired is fulfilled.

After the expiration of the retention period, personal data are deleted, destroyed or anonymized – unless there is another legal basis or if this is necessary to enforce or defend legal claims.

8. WHAT ARE YOUR DATA SUBJECT RIGHTS?

You may have choices regarding our collection, use and disclosure of your personal data:

a. Opting out of receiving electronic communications from us

If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or by requesting the exercising of your right. We will try to comply with your request(s)

as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, our partners may still send you messages and direct us to send you messages on their behalf.

b. Your data protection rights

You may have the following rights with regard to the personal data PAYWISER processes as the Controller:

• the right to request confirmation of whether PAYWISER processes personal data relating to you, and ifso, to request a copy of that personal data (Right to access);
• the right to request that PAYWISER corrects or updates your personal data that is inaccurate,incomplete or outdated (Right to rectification);
• the right to request that PAYWISER erase your personal data in certain circumstances provided by law(Right to deletion / erasure or Right to be forgotten);
• the right to request that PAYWISER restrict the use of your personal data in certain circumstances,such as while we consider another request that you have submitted (Right to restrict processing);
• the right to request that we export your Personal Data that we hold to another company, wheretechnically feasible (Right to portability);
• where the processing of your personal data is based on your previously given consent, you have theright to withdraw your consent at any time (Right to withdraw consent);
• where we process your information based on our legitimate interests, you may also have the right toobject to the processing of your personal data (Right to object to processing). Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.

c. Process for exercising your data protection rights

To exercise your data protection rights please contact us by sending your message to the following e-mail address: [email protected].

PAYWISER will decide on the individual request of the individual without undue delay, or at the latest within the statutory period of 30 days from the receipt of the request.

For all questions regarding data processing or your rights, or in case of misuse of your data, please contact the authorized person for data protection: [email protected].

When resolving complaints related to the processing of personal data, which we cannot resolve directly with you, we cooperate with the competent regulatory authorities. You have the right to legal protection. You can contact the Information Commissioner of the Republic of Slovenia. Before each application, please contact us so that we can solve your problem together.

If you are an individual/Customer doing business or transacting with our Service User (e.g., Merchant using PAYWISER-provided Services), please refer to the privacy policy or notice of the Service User or contact the Service User directly.

9. DO YOU MAKE AUTOMATED DECISIONS ABOUT ME?

PAYWISER does not use means to make automated decisions that could have legal consequences for you. In the event of an automated decision, we will notify you beforehand and give you the right to personal intervention by the controller; the right to express your point of view; the right to get an explanation of the decision made in this way and the right to challenge such a decision.

10. UPDATES AND NOTIFICATIONS

We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective when we post the revised Policy.

We may provide you with disclosures and alerts regarding the Policy or personal data collected by posting them on our website.

If applicable law requires that we provide notice in a specified manner prior to making any changes to this Policy applicable to you, we will provide such required notice.

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your personal data. We maintain organizational, technical and administrative measures designed to protect personal data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. Personal data is only accessed by a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

If you have reason to believe that your interaction with us is no longer secure, please contact us.

If you have any questions or complaints about this Policy, please contact us by sending your message to [email protected].

PAYWISER POLITIKA ZASEBNOSTI

Izjava o varstvu osebnih podatkov

Zadnja verzija: 1. oktober 2022

Ta Izjava o varstvu osebnih podatkov vključuje pomembne informacije o vaših osebnih podatkih in priporočamo vam, da vsebino natančno preberete.

1. UVOD

Družba PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, Slovenija (“PAYWISER”) je, v skladu z Zakonom o plačilnih storitvah, storitvah izdajanja elektronskega denarja in plačilnih sistemih, od Banke Slovenije pridobila dovoljenje za opravljanje storitev izdaje elektronskega denarja in plačilnih storitev na območju EGP.

tehnične rešitve za obdelavo plačil in izdajateljstvo za osebno in komercialno uporabo (PAYWISER storitev izdajateljstva). Podjetja vseh velikosti uporabljajo našo programsko opremo in storitve za sprejemanje plačil in upravljanje svojega poslovanja prek spleta (PAYWISER storitev pridobiteljstva).

PAYWISER pri zagotavljanju produktov in storitev obdeluje osebne podatke z največjo skrbnostjo in odgovornostjo ter v skladu z nacionalno in EU zakonodajo o varstvu osebnih podatkov, še posebej Uredbo (EU) 2016/679 Evropskega parlamenta in Sveta z dne 27. aprila 2016 o varstvu fizičnih oseb pri obdelavi osebnih podatkov in o prostem pretoku teh podatkov ter o razveljavitvi Direktive 95/46/ES (Splošna uredba o varstvu podatkov) (v nadaljevanju Uredba ali GDPR).

PAYWISER se zavezuje k varnosti in zasebnosti vaših osebnih podatkov. GDPR ne velja za podatke o pravnih osebah (npr. družbe z omejeno odgovornostjo), velja pa za posameznike, ki so povezani s pravnimi osebami.

Ta Izjava o varstvu osebnih podatkov (v nadaljevanju politika zasebnosti) zagotavlja splošne informacije o naših dejavnostih obdelave osebnih podatkov. Ta dokument opisuje, kako zbiramo in uporabljamo vaše osebne podatke in kako jih delimo, vaše pravice, zlasti pravice posameznika, na katerega se nanašajo osebni podatki, vključno s pravico do ugovora nekaterim uporabam vaših osebnih podatkov, in kako se lahko obrnete na nas glede naših pogojev u ukrepov za zagotavljanje vaše zasebnosti.

To obvestilo je v izvirniku v angleškem jeziku in je prevedeno v slovenščino in druge jezike. Če obstajajo kakršne koli razlike med slovenskim besedilom in besedilom v angleškem jeziku, je verodostojna verzija v angleškem jeziku.

Če imate pomisleke o tem, kako uporabljamo vaše osebne podatke, se lahko obrnete na pooblaščeno osebo za varstvo podatkov (“DPO”) na [email protected].

1. OPREDELITEV POJMOV, KI SO UPORABLJENI V TEM DOKUMENTU

   “PAYWISER” ali “mi / naš / nas” je družba Paywiser d.o.o., ki je odgovorna za zbiranje in obdelavo osebnih podatkov v skladu s to politiko zasebnosti v okviru zagotavljanja naših storitev.

   “Osebni podatki” so kakršne koli informacije, ki se nanašajo na določenega ali določljivega posameznika in lahko vključujejo podatke, povezane z vami, ki: (a) jih vemo o vas (na primer, če ste posameznik ali direktor podjetja, ki se prijavlja za poslovno razmerje s PAYWISER-jem, lahko od vas zahtevamo predložitev identifikacijskih dokumentov) in (b) ki se lahko uporabijo za vašo osebno identifikacijo (na primer kombinacija vašega imena in poštnega naslova).

   “Storitve” pomeni vse produkte (naprave, aplikacije, kot so spletna aplikacija, mobilna aplikacija, spletna platforma s statistikami za trgovce, ipd.) in storitve (npr. izdajateljstvo, pridobiteljstvo, obdelava plačil, storitve plačilnih prehodov itd.), ki jih ponuja PAYWISER.

   “Ponudnik storitev” je PAYWISER.

   “Poslovno razmerje” pomeni katero koli razmerje med PAYWISER-jem in vami, ki temelji na produktih in storitvah, ki jih ponuja PAYWISER, (kot je poslovno razmerje med PAYWISER-jem in trgovcem za zagotavljanje storitev pridobiteljstva, poslovno razmerje med končnim uporabnikom in PAYWISER-jem za zagotavljanje plačilne kartice ipd.).

   “Trgovec” ali “vi / vaš” se nanaša na katero koli pravno osebo, ki vstopa v poslovni odnos z nami, in, kjer je primerno, njene ustrezno pooblaščene zastopnike in naslednike.

   “Uporabnik storitve” ali “vi” je uporabnik produktov in/ali storitev, ki jih ponuja PAYWISER. Ker nudimo storitve za komercialno in/ali osebno uporabo, se “vi” glede na kontekst lahko nanaša na trgovca in se lahko nanaša tudi na:

   • zastopnika, ko delujete v imenu uporabnika storitve (npr. ste ustanovitelj podjetja ali upravljate poslovno razmerje s PAYWISER-jem za trgovca, ki je uporabnik storitve);
   • končnega uporabnika, ko neposredno uporabljate produkte in storitve, ki jih zagotavlja PAYWISER, za vašo individualno osebno uporabo;
   • stranko, ko poslujete z uporabnikom storitve (običajno s trgovcem, ki uporablja storitve);
   • potencialni uporabnik storitve, ko obiščete naše spletno mesto ali spletno aplikacijo (npr. pošljete nam sporočilo z zahtevo po več informacijah, ker razmišljate o tem, da bi postali uporabnik naših produktov ali storitev).

2. KDO JE UPRAVLJAVEC VAŠIH OSEBNIH PODATKOV?

PAYWISER d.o.o., s sedežem na naslovu Bravničarjeva ulica 13, 1000 Ljubljana, Slovenija. Pooblaščena oseba za varstvo podatkov je dosegljiva po pošti na naslovu sedeža in preko elektronske pošte: [email protected].

Odvisno od dejavnosti PAYWISER deluje kot “Upravljavec podatkov” ali “Obdelovalec podatkov”.

PAYWISER je ‘Upravljavec’ (a) ko zagotavlja storitve uporabnikom storitev v okviru svoje licence (kot so izdajateljstvo, pridobiteljstvo, obdelava plačil, storitve plačilnega prehoda ipd.), vključno z določanjem tretjih oseb (bank in ponudnikov plačilnih sredstev), ki jih je potrebno uporabiti; (b ) ko izvaja spremljanje, preprečevanje in odkrivanje goljufivih plačilnih transakcij in drugih goljufivih dejavnosti; (c) ko izpolnjuje zakonske ali regulativne obveznosti, ki veljajo za PAYWISER, vključno z izpolnjevanjem obveznosti pregleda za preprečevanje pranja denarja in poznavanja svojih strank; in (d) analiziranje, razvoj in izboljšanje svojih izdelkov in storitev.

PAYWISER je ‘Obdelovalec’, ko obdeluje vaše osebne podatke v imenu upravljavca, če ste stranka določenega podjetja (npr. trgovca), ki uporablja produkte in storitve, ki jih zagotavlja PAYWISER, ali eden od njegovih zaposlenih, ki uporablja storitve, ko trgovcu zagotovimo integracijo in dostop do programske opreme Gateway in do tehnične podpore, potrebne za sprejemanje kartic na spletnem mestu trgovca in za poravnavo plačilnih transakcij. V tem primeru je trgovec kot uporabnik storitve upravljavec vaših osebnih podatkov in vam mora zagotoviti ustrezne informacije o tem, kako obdeluje vaše osebne podatke, in ustrezen kontakt za prejemanje zahtevkov za uveljavljanje pravic posameznika, na katerega se nanašajo osebni podatki, kot je zahteva za pridobitev informacij o obdelavi vaših osebnih podatkov, zahteva za dostop, popravek, izbris ali prenosljivost vaših osebnih podatkov in ugovor zoper obdelavo, vključno z ugovorom zoper obdelavo za namene neposrednega trženja, kar vključuje profiliranje v obsegu, ki je povezan s takim neposrednim trženjem.

3. KAKO ZBIRAMO VAŠE OSEBNE PODATKE IN KATERE KATEGORIJE PODATKOV OBDELUJEMO?

Vaše osebne podatke zbiramo, ko (a) uporabljate našo spletno stran www.paywiser.com; (b) uporabljate eno od naših poslovnih aplikacij (kot je spletno mesto za e-trgovino, spletne strani za plačevanje, mobilna aplikacija itd.) in (c) uporabljate katero koli od storitev, ki so vam na voljo prek naših poslovnih aplikacij ali spletnega mesta.

Vaše osebne podatke lahko zbiramo tudi od drugih ljudi ali podjetij ali drugih virov.

4. KAKO UPORABLJAMO VAŠE OSEBNE PODATKE?

5. S KOM DELIMO VAŠE OSEBNE PODATKE?

V okviru storitev, ki jih zagotavlja PAYWISER, vaše osebne podatke uporablja:

• PAYWISER. Vaše osebne podatke delimo zaposleni v družbi PAYWISER in so na voljo le pooblaščenemu osebju, odgovornemu za zagotavljanje naših produktov in storitev. Te osebe so zakonsko in pogodbeno zavezane k varovanju zaupnosti osebnih podatkov.
• Ponudniki storitev ali obdelovalci, ki uporabljajo vaše osebne podatke v našem imenu in na podlagi naših navodil. PAYWISER uporablja njihove storitve za zagotavljanje svojih storitev vam kot našim uporabnikom storitev, ter za komuniciranje, trženje in oglaševanje v zvezi z našimi storitvami. Ponudniki storitev zagotavljajo različne ključne storitve, kot so gostovanje (shranjevanje in dostavljanje), analitika za oceno hitrosti, točnosti in/ali varnosti naših storitev, preverjanje identitete, storitve za stranke, e-pošta in revizija. Takšne ponudnike storitev pooblaščamo za uporabo ali razkritje vaših osebnih podatkov, ki jih damo na voljo za izvajanje storitev v našem imenu in za izpolnjevanje veljavnih zakonskih zahtev. Od teh ponudnikov storitev zahtevamo, da se pogodbeno zavežejo k varovanju varnosti in zaupnosti osebnih podatkov, ki jih obdelujejo v našem imenu. Naši ponudniki storitev se večinoma nahajajo v EGP in Hong Kongu.

Za ustrezno izpolnjevanje naših pogodbenih in zakonskih obveznosti moramo vaše osebne podatke razkriti tudi tretjim osebam:

• Finančni partnerji. To so finančne institucije, s katerimi sodelujemo pri zagotavljanju storitev (vključno s kartičnimi shemami, bankami ipd.).
• Skladnost in preprečevanje škode. Osebne podatke delimo: (i) s pristojnimi državnimi organi in organi, pristojnimi za finančni, davčni ali bančni nadzor (npr. Urad za preprečevanje pranja denarja, Finančna uprava, sodišča ipd.) zaradi zagotavljanja skladnosti z veljavno zakonodajo; (ii) s ponudniki plačilnih sredstev, za izpolnjevanje pravil, ki jih nalaga plačilno sredstvo v povezavi z uporabo tega plačilnega sredstva (npr. omrežna pravila za Mastercard, UnionPay ali druge); (iii) za uveljavljanje naših pogodbenih pravic; (iv) za zavarovanje ali zaščito storitev, pravic, zasebnosti, varnosti in lastnine PAYWISER-ja, vas ali drugih, vključno z zavarovanjem pred drugimi zlonamernimi ali goljufivimi dejavnostmi in varnostnimi incidenti; (v) za odgovarjanje na veljavne zahteve sodnih postopkov sodišč, organov kazenskega pregona, regulatornih in nadzornih organov in agencij ter drugih javnih in vladnih organov, ki lahko vključujejo organe zunaj vaše države stalnega prebivališča, in (vi) s fizičnimi in pravnim osebami, ki izkažejo ustrezno pravno podlago za prejem osebnih podatkov, na podlagi njihove obrazložene pisne zahteve; ali fizičnim in pravnim osebam, ki se izkažejo s pooblastilom posameznika, na katerega se osebni podatki nanašajo.
• Poslovne transakcije. V primeru, da sklenemo ali nameravamo skleniti transakcijo, ki spreminja strukturo našega poslovanja, kot je reorganizacija, združitev, prodaja, skupno vlaganje, dodelitev, prenos, sprememba nadzora ali drugo razpolaganje z vsemi oz. katerim koli delom našega poslovanja, sredstev ali delnic, lahko delimo osebne podatke s tretjimi osebami v povezavi s tako transakcijo. Vsak drug subjekt, ki kupi nas ali del naše družbe, bo imel pravico do nadaljnje uporabe vaših osebnih podatkov, vendar le v skladu s pogoji te politike.
• Drugi, z vašo privolitvijo. V nekaterih primerih vas lahko napotimo k našim drugim partnerjem ali vam omogočimo sodelovanje z njimi, da vam zagotovimo določene storitve. V teh primerih bomo jasno razkrili identiteto tretje osebe, vaši osebni podatki in informacije v zvezi z vami pa bodo posredovani le na podlagi vaše predhodne izrecne privolitve.

Vsi uporabniki vaših osebnih podatkov so zavezani k spoštovanju in varovanju osebnih podatkov v skladu z veljavno zakonodajo o varstvu osebnih podatkov in drugimi zakonskimi predpisi.

Vaših osebnih podatkov ne bomo nikoli prodali.

6. ALI SE VAŠI OSEBNI PODATKI PRENAŠAJO IZVEN EU/EGP?

Smo globalno podjetje, ki zagotavlja mednarodne storitve, zato bomo morda morali vaše osebne podatke prenesti izven Evropskega gospodarskega prostora (EGP). Osebni podatki se lahko hranijo in obdelujejo v kateri koli državi, kjer poslujemo; ali kjer poslujejo naši ponudniki storitev; ali če uporabljate mednarodno plačilno sredstvo ali storitev finančnega partnerja, v državah, v katerih ta plačilna metoda ali finančni partner deluje, kadar: (i) je prenos potreben za izvedbo pogodbe z vami ali v primeru pogajanj za sklenitev pogodbo z vami (npr. v primeru transakcij v ali iz tretje države); (ii) je prenos potreben za sklenitev ali izvajanje pogodbe med PAYWISER-jem in drugo fizično ali pravno osebo, ki je v vašem interesu (npr. v primeru opravljanja storitev na ozemlju tretje države); (iii) PAYWISER prejme pravno zahtevo za posredovanje podatkov upravnim organom za izvajanje ukrepov za preprečevanje pranja denarja in ukrepov proti financiranju terorističnih dejavnosti.

Vaše osebne podatke lahko prenesemo v države, ki niso vaša država. Te države imajo morda drugačna pravila o varstvu podatkov kot vaša država. Pri čezmejnem prenosu podatkov sprejmemo ukrepe za skladnost z veljavno zakonodajo o varstvu podatkov v zvezi s takim prenosom. Kadar veljavna zakonodaja zahteva mehanizem prenosa podatkov, uporabimo enega ali več ukrepov: (i) s prejemnikom podatkov izven EGP podpišemo standardne pogodbene klavzule EU, ki jih odobri Evropska komisija, da zagotovimo ustrezno raven zaščite za prenos vaših osebnih podatkov subjektom zunaj EGP; (ii) preverjanje, ali je prejemnik izvajal zavezujoča poslovna pravila; ali (iii) druge pravne metode, ki so nam na voljo v skladu z veljavno zakonodajo.

7. KOLIKO ČASA HRANIMO VAŠE OSEBNE PODATKE?

Vaše osebne podatke hranimo, dokler vam ali našim uporabnikom storitev zagotavljamo storitve. Tudi potem, ko prenehamo zagotavljati storitve neposredno vam ali uporabniku storitev, s katerimi poslujete, in tudi če prekinete svoje poslovno razmerje s PAYWISER-jem ali zaključite transakcijo z uporabnikom storitev, obdržimo vaše osebne podatke, da zagotovimo skladnost z našimi zakonskimi in regulativnimi obveznostmi, kot so dejavnosti spremljanja, odkrivanja in preprečevanja goljufij; za izpolnjevanje naših davčnih, računovodskih in finančnih obveznosti glede poročanja, kjer moramo podatke hraniti v skladu s pogodbenimi obveznostmi do naših finančnih partnerjev in kjer hrambo podatkov zahtevajo ponudniki plačilnih sredstev, ki ste jih uporabili.

Osebne podatke hranimo v skladu z zastaralnimi roki in obveznostmi hrambe, ki jih nalaga veljavna zakonodaja. Vaše osebne podatke praviloma hranimo še deset (10) let po prenehanju poslovnega razmerja ali po izvedbi posla. Podatke, obdelane na podlagi vaše privolitve, hranimo do vašega preklica ali zahteve po izbrisu podatkov, vendar najdlje deset (10) let po prenehanju poslovnega razmerja oziroma do izpolnitve namena, za katerega so bili pridobljeni.

Po preteku roka hrambe se osebni podatki izbrišejo, uničijo ali anonimizirajo – razen če obstaja druga pravna podlaga ali če je to potrebno za uveljavljanje ali obrambo pravnih zahtevkov.

8. KAKŠNE SO VAŠE PRAVICE V ZVEZI Z VARSTVOM OSEBNIH PODATKOV?

Morda imate izbiro glede našega zbiranja, uporabe in razkritja vaših osebnih podatkov:

1. Zavrnitev prejemanja naših elektronskih sporočil

   Če od nas ne želite več prejemati elektronskih sporočil, povezanih s trženjem, prejemanje lahko zavrnete s klikom na povezavo za odjavo, ki je vključena v tovrstna e-sporočila, ali tako, da zahtevate uveljavljanje svoje pravice. Poskušali bomo ugoditi vaši zahtevi, takoj ko bo to razumno izvedljivo. Upoštevajte, da če zavrnete prejemanje naših e-poštnih sporočil, povezanih s trženjem, vam bi lahko naši partnerji še vedno pošiljali sporočila in nas usmerjali, da vam pošiljamo sporočila v njihovem imenu.

2. Vaše pravice do varstva podatkov

   V zvezi z osebnimi podatki, ki jih PAYWISER obdeluje kot upravljavec, imate lahko naslednje pravice:

   • pravico zahtevati potrditev, ali PAYWISER obdeluje osebne podatke v zvezi z vami, in če jih, zahtevati kopijo teh osebnih podatkov (pravica do dostopa);
   • pravico zahtevati, da PAYWISER popravi ali posodobi vaše osebne podatke, ki so netočni, nepopolni ali zastareli (pravica do popravka);
   • pravico zahtevati, da PAYWISER izbriše vaše osebne podatke v določenih okoliščinah, ki jih določa zakon (pravica do izbrisa/izbrisa ali pravica do pozabe);
   • pravico zahtevati, da PAYWISER omeji uporabo vaših osebnih podatkov v določenih okoliščinah, na primer, ko obravnavamo drugo zahtevo, ki ste jo vložili (pravica do omejitve obdelave);
   • pravico zahtevati, da PAYWISER vaše osebne podatke, ki jih ima, izvozi v drugo podjetje, kjer je to tehnično izvedljivo (pravica do prenosljivosti);
   • če obdelava vaših osebnih podatkov temelji na vaši predhodno podani privolitvi, imate pravico, da svojo privolitev kadarkoli prekličete (pravica do preklica privolitve);
   • če obdelujemo vaše podatke na podlagi naših zakonitih interesov, imate lahko tudi pravico do ugovora zoper obdelavo vaših osebnih podatkov (pravica do ugovora zoper obdelavo). Razen če imamo nujne zakonite razloge ali če je to potrebno zaradi pravnih razlogov, bomo prenehali obdelovati vaše podatke, ko boste ugovarjali.
3. Postopek za uveljavljanje vaših pravic do varstva osebnih podatkov

   Za uveljavljanje svojih pravic do varstva podatkov nas kontaktirajte tako, da nam pošljete sporočilo na e-naslov: [email protected].

   PAYWISER bo o posamezni zahtevi posameznika odločil brez nepotrebnega odlašanja oziroma najkasneje v zakonskem roku 30 dni od prejema zahteve.

   Za vsa vprašanja v zvezi z obdelavo podatkov ali vašimi pravicami ali v primeru zlorabe vaših podatkov se obrnite na pooblaščeno osebo za varstvo podatkov na: [email protected].

   Pri reševanju pritožb v zvezi z obdelavo osebnih podatkov, ki jih ne moremo rešiti neposredno z vami, sodelujemo s pristojnimi nadzornimi organi. Imate pravico do sodnega varstva. Lahko se obrnete na Informacijskega pooblaščenca RS. Pred vsako prijavo nas kontaktirajte, da skupaj rešimo vašo težavo.

   Če ste posameznik/stranka, ki posluje ali opravlja transakcije z našim uporabnikom storitve (npr. s trgovcem, ki uporablja storitve, ki jih zagotavlja PAYWISER), si oglejte politiko zasebnosti tega uporabnika storitve ali se obrnite neposredno nanj.

9. ALI SPREJEMAMO AVTOMATIZIRANE ODLOČITVE V ZVEZI Z VAMI?

PAYWISER ne uporablja sredstev za sprejemanje avtomatiziranih odločitev, ki bi lahko imele pravne posledice za vas. V primeru avtomatizirane odločitve vas bomo o tem predhodno obvestili in vam dali pravico do osebnega posredovanja upravljavca; pravico do izražanja svojega stališča; pravico dobiti obrazložitev tako sprejete odločitve in pravico do izpodbijanja takšne odločitve.

10. POSODOBITVE IN OBVESTILA

Vsebino te politike zasebnosti lahko občasno spremenimo, da odraža nove storitve, spremembe v naših praksah glede zasebnosti ali spremembe ustreznih zakonov. Navedba “Nazadnje posodobljeno” na začetku te politike označuje, kdaj je bila ta vsebina nazadnje pregledana in spremenjena. Vse spremembe začnejo veljati, ko objavimo spremenjeno politiko zasebnosti. Informacije in opozorila v zvezi s politiko zasebnosti ali zbranimi osebnimi podatki vam lahko zagotovimo tako, da jih objavimo na našem spletnem mestu. Če veljavna zakonodaja zahteva, da vas obvestimo na določen način, še preden spremenimo vsebino politike, ki velja za vas, vam bomo posredovali tako zahtevano obvestilo. Sprejemamo vse razumne ukrepe in si prizadevamo zagotoviti raven varnosti, ki ustreza tveganju, povezanemu z obdelavo vaših osebnih podatkov. Vzdržujemo organizacijske, tehnične in administrativne ukrepe za zaščito osebnih podatkov, ki jih obravnava ta politika zasebnosti, pred nepooblaščenim dostopom, uničenjem, izgubo, spremembo ali zlorabo. Do osebnih podatkov dostopa le omejeno število osebja, ki potrebuje dostop do informacij za opravljanje svojih nalog. Na žalost noben sistem za prenos ali shranjevanje podatkov ne more biti 100-odstotno varen.

Če menite, da vaša interakcija z nami ni več varna, se prosimo obrnite na nas.

Če imate kakršna koli vprašanja ali pritožbe glede te politike zasebnosti, nam prosimo pošljite sporočilo na [email protected].

UK – Data Protection Policy

DATA PROTECTION POLICY

1. Introduction
   Paywiser Limited is a company incorporated in England and Wales under the company number 10677553 (the “Company”). The Company is committed to data protection and privacy. We respect and protects the rights of individuals, particularly the right to data protection and privacy as far as the processing and use of personal data is concerned. This Data Protection Policy (“Policy”) is approved by the Board of Directors of the Company. The Data Protection Officer of the Company shall be responsible for the compliance and enforcement of data protection and privacy.
   This Policy defines the standard for the data protection compliant processing of personal data. It defines the requirements for business processes that involve personal data and assigns clear responsibilities.
   The Company must ensure that all processes involving the processing of personal data are able to fulfill the requirements stated in this Policy. As employers, the Company have the responsibility for the processing of their employees’ personal data. When handling personal data in course of their duties, all employees of the Company are required to follow the requirements of this Policy.
   The principles mentioned in this Policy are based on the European data protection and privacy laws and take into account the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679 - GDPR). These principles apply to all staff members of the Company.
2. Definitions
   
   • Anonymous data & Anonymized data
     Anonymous and anonymized data is data that does not refer to an identifiable natural person. Even if other data or additional information were added, identification of the natural person is not (or is no longer) possible. This Policy does not apply to such data.
   • Biometric data
     Personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person (such as fingerprints or facial images).
   • Consent
     Any freely given and unambiguous statement or other clear affirmative action by which the data subject indicates in an informed manner that he or she agrees to the processing of his or her personal data for a specific purpose.
   • Controller
     Any natural or legal person that, alone or jointly with others, determines the purposes and means of the processing of personal data. For the personal data of its employees, customers, suppliers, partners, or other persons, Paywiser Limited is regarded as the controller.
   • Data concerning health
     Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
   • Erasure
     The irretrievable obliteration or physical destruction of saved personal data or its anonymization in such a way that makes it impossible to re-identify the natural person after the fact.
   • Genetic data
     Personal data relating to the inherited or acquired genetic characteristics of a natural person that gives unique information about the physiology or the health of that natural person and which result in particular from an analysis of a biological sample from the natural person in question.
   • Personal Data
     Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Natural persons can be identified directly based on, for example, names, phone numbers, e-mail addresses, postal addresses, user IDs, tax and social insurance numbers or indirectly through a combination of any other information. The personal data that is subject to this Policy includes data of employees, applicants, customers, suppliers and users of websites and services of the Company. It can be contained in the Company’s own systems, in systems which third parties operate on behalf of the Company, or in the systems operated by the customers themselves, by the Company, or by third parties, to the extent that employees of the Company can gain access to the saved personal data there in the course of support and consulting activities.
   • Processor
     A natural or legal person that processes personal data on behalf of the controller, such as an external service provider or a different Paywiser company that is not the controller itself.
   • Processing
     Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. The anonymization of data also represents a processing of personal data.
   • Pseudonymization
     Processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person. Pseudonymized data constitutes personal data as defined in the GDPR; therefore, this Policy also applies to pseudonymized data.
   • Special categories of personal data
     Certain personal data that is particularly sensitive due to its nature, whose processing is likely to result in significant risks for the rights of the data subject and therefore requires special protection. This includes data concerning health, Genetic data, biometric data processed to uniquely identifying a personal data, information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, or sexual orientation. Depending on the context, this may also include data that could be misused for identity theft purposes, such as social security-, credit card-and bank account numbers, ID-card or driver’s license-numbers, also personal data regarding criminal investigation proceedings, convictions, and crimes, or data that is subject to professional confidentiality obligation.
   • Third party
     A natural or legal person, public authority, agency, or body other than
     1. the data subject,
     2. the controller,
     3. the processor and
     4. the persons who are authorized to process personal data under the direct authority of the controller or processor.
   • Recipient
     A natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the laws of a particular jurisdiction shall not be regarded as recipients.
3. Principles for Protecting Personal Data
   Personal data shall only be processed lawfully and in accordance with the principles set out below.
   1. Lawfulness, Fairness, and Transparency Personal data may only be processed lawfully, fairly and in a transparent manner in relation to the data subject. This is the case when: processing is legally permitted in the specific case. Among others, the laws permit all cases of data processing that:
      • are necessary for the performance of contracts with the data subject (e.g. the storage and use of necessary personal data in the context of an employment- or service contract),
      • are necessary to take steps at the request of the data subject prior to entering a contract (e.g. a customer requests information about product X and then purchases said product. The data necessary to send the information material and to execute the contractual relationship may be processed),
      • are necessary for compliance with legal obligations, e.g. due to tax or social insurance laws,
      • are necessary to protect the vital interests of the data subject or of another natural person,
      • are necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (e.g. for direct marketing),
      • include decision-making based on automated processing in an individual case that produces legal effects concerning the data subject, when this automated decision is legally permitted, required for the performance of a contract with the data subject, or for which the data subject has explicitly granted consent, or
      • when a data subject has granted his or her consent (for example, when registering on a website or subscribing to a newsletter).
      Personal data should be collected directly from the data subject. If this is not the case, the data subject must be notified, particularly about the types of personal data that are being collected, processed, and/or used and for which specific purposes this occurs.
   2. Specific Purpose
      Personal data may only be collected for specific, explicit purposes. It may not be processed in a manner that is incompatible with those purposes.
      The specific purpose must be defined before data collection. Processing for a purpose other than that for which the data have been collected is only permitted in exceptional cases, when a law permits processing for another purpose or if it is based on the data subject’s consent. To ascertain whether the other purposes are compatible with the agreed purposes, the reasonable expectations of the data subject towards the Company with regard to such further processing, the type of data used, the possible consequences of the intended further processing for the data subject, and measures of encryption or pseudonymization must be taken into account.
   3. Data Minimization
      Personal data may only be collected to the extent which is absolutely necessary to fulfill the defined purpose. Processing must be adequate, relevant, and limited to what is necessary in relation to the purposes for which the data is processed.
   4. Accuracy
      Personal data must be accurate and up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay. All processes that involve the processing of personal data must provide an option for rectification and update.
   5. Storage Limitation (Obligation to Erase)
      Personal data may only be stored as long as is necessary for the purposes for which it is processed or due to other legal requirements, particularly to comply with statutory retention periods. After this point, personal data must generally be erased or anonymized. All processes for processing personal data must contain an option for erasure or blocking to the extent required by law.
   6. Integrity, Availability, and Confidentiality
      Personal data and its processing operations must always be appropriately protected by means of technical and organizational measures. This includes, in particular, suitable measures to protect against unauthorized or unlawful processing, accidental loss, destruction or damage, accidental disclosure and unauthorized access.
   7. Processing of Special Categories of Personal Data
      The collection, processing, and use of special categories of personal data should always be transparent for the data subject. Unless the collection and processing of such data is explicitly authorized by law, e.g. if necessary, for carrying out obligations and exercising rights in the field of employment, social security, social protection, it should only be collected on the basis of explicit prior notification and consent of the data subjects.
      The consent must explicitly refer to these special data categories and their processing for one or more specified purposes. Unless applicable laws stipulate otherwise, special categories of personal data may only be processed and used with the explicit consent of the data subjects. Increased protective measures must be established to protect the data (e.g. physical security measures, access restrictions and encryption).
4. Rights of Data Subjects
   
   1. Right to be informed
      Data subjects have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. The Company must provide the data subjects with information including: our purposes for processing their personal data, our retention periods for that personal data, and who it will be shared with.
   2. Right of Access and Data Portability
      Data subjects have the right to obtain from the Company confirmation as to whether or not personal data concerning her or him are being processed. In such case, the Company shall provide for access as required by law. The information is provided in writing, unless the data subject submitted the request for information electronically. The information to be provided to the Data Subjects must include the purpose of storage, the recipients of the data, and all other legally required information pursuant to Article 15 of the GDPR. The data subject must be provided with a copy of the personal data that are undergoing processing. Upon request by the data subject, the data that he or she has provided to the controller must be made available in a structured, commonly used and machine-readable format.
   3. Right to Rectification, Restriction, and Erasure
      When personal data prove to be incorrect, incomplete, or out-of-date, each data subject has the right to rectification of his or her personal data. This can be the case, for example, if the data subject has changed history her name due to marriage. Data subjects also have the right to obtain restriction of processing of their personal data when one of the following applies:
      
      • The data subject contests the accuracy of the personal data and verification of the accuracy of the personal data takes some time. In this case, the data subject can demand restriction for the period of the verification of the accuracy.
      • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
      • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims. Should it become apparent that certain information have a respective value to the data subject, the data subject must be notified of the pending erasure with reasonable notice.
      • The data subject has objected to processing for the duration of the clarification as to whether the legitimate interests for processing outweigh those of the data subject.
      Within the restriction process, the stored personal data of the data subject must be marked with the aim to restrict access and limit their further processing. In addition, data subjects have the right to the erasure of their personal data in the following cases:
      • The purpose of the data processing no longer applies.
      • The data subject withdraws his or her consent for a specific purpose of processing.
      • Address data is used for direct marketing purposes and the data subject objects to such use.
      • The data is processed unlawfully.
      • Erasure is required to meet legal obligations.
      All processes in which personal data is collected, processed, or used must include a concept for the regular retention and deletion of personal data. This concept must ensure that personal data is erased in a timely manner after the fulfillment of the specified purpose or the lapse of the authorization for storage, particularly statutory retention terms. Instead of erasure, personal data may also be anonymized. If there is an obligation to erase personal data and said data has already been made public, other controllers shall be notified of the request to erase his or her data, including all links to this data.
   4. Right to Object
      Data subjects have the right to object to data processing when the Company processes personal data based on a decision in favor of its legitimate interests. In this case, the data subject must claim his or her own rights or interests on grounds relating to his or her particular situation, which outweigh the Company’s legitimate interest to process the data. Data subjects can object to the processing of their personal data for purpose of direct marketing, including profiling if such is related to direct marketing, at any time and without giving reasons. If an objection is raised, the Company will not process this data further for these purposes. This does not apply where the processing cannot be ceased due to compelling legitimate grounds for the processing, particularly the establishment, exercise, or defense of legal claims.
   5. Right to Complain
      If a data subject wishes to file a complaint with regard to processing of her or his personal data, they can do so directly in an e-mail to the data protection officer: [email protected].
      The data subject must be notified about all measures taken based on her or request within one month at the latest.
5. Data Protection Governance Structure
   Responsibility for compliance with data protection requirements rests with the board of directors of the Company that processes the personal data for its business purposes. Executive management may delegate the task to fulfill this responsibility to managers at different levels within the organizational framework and the associated business processes.
6. Responsibilities for Data Protection Compliance
   
   1. Management of Paywiser
      The board of directors of the Company must ensure that the processes in their areas of responsibility in which personal data is processed (herein: “processes") meet the requirements of this Policy.
   2. Employees
      All employees are required to handle all personal data that they can access in the course of performing their duties for Paywiser Limited with strict confidentiality and to not collect, process, or use such data without authorization. Employees of the Company may only process personal data within the scope necessary to fulfill their duties as defined by their employment contracts. If the processing of personal data is not recognizably prohibited for an employee, he or she may assume the legality of the instructions from their superiors. When in doubt, employees should seek clarification from their managers.
7. Transfer/Commissioned Data Processing
   If personal data is to be transferred to an associated company, a review must first take place as to whether contractual agreements regarding data protection and privacy are needed. Such review is required only when an associated company or external service provider is to process personal data on behalf of the Company (referred to as “transfer for processing purposes"). If personal data that is to be transferred to a country outside the EEA, it must be ensured beforehand that an appropriate level of protection is guaranteed, pursuant to Article 44 of the GDPR.
   
   • Transfer for commissioned processing:
     If the Company commissions an associated entity or an external company with the processing of personal data, it remains responsible for compliance with data protection and privacy requirements.
   • Transfer for the recipients’ own purposes:
     The Company may transfer personal data to an associated company or an external company for their own purposes only if this is legally permitted or required, or if the data subjects have first given consent.
8. Transfer of Customer Data
   The Company processes personal data of customers and on behalf of customers. The use and, if relevant, transfer of such customer data must be in accordance with the applicable laws.

Paywiser Limited
October 2020

Slovenia – Codes of Etics and Business Conduct

Last updated: October 1, 2022

This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.

1. INTRODUCTION

PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia (or “PAYWISER”) obtained an authorization to provide electronic money issuance and payment services in EEA from the Bank of Slovenia in accordance with the Slovenian Payment Services, Services of Issuing Electronic Money and Payment Systems Act.

We provide technical solutions for payment processing and issuing for personal and commercial use (PAYWISER issuing service). Businesses of all sizes use our software and services to accept payments and manage their businesses online (PAYWISER acquiring service).

While providing products and services, PAYWISER processes personal data with utmost care and responsibility and in compliance with the national and EU Data Protection Regulation, specially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the Regulation or GDPR).

PAYWISER commits to safety and privacy of your personal data. GDPR does not apply to information about legal entities (e.g., limited liability companies), yet it does apply to individuals that are related to legal entities.

This Privacy Policy (hereinafter Policy) provides general information about our personal data processing activities. This document describes how we collect and use your personal data and how we share it, your rights, especially your data subject rights, including the right to object to some uses of your personal data by us, and how you can contact us about our privacy terms and measures.

We may provide this notice in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.

If you have concerns about how we use your personal data, you can contact the person authorized for the data protection (“DPO”) on [email protected].

1.1 DEFINITION OF TERMS WE USE IN THIS POLICY

“PAYWISER” or “we / our / us” stands for the Paywiser d.o.o. entity responsible for the collection and processing of personal data under this Privacy Policy in the frame of providing our Services.

“Personal data” means any information that relates to an identified or identifiable individual and can include information related to you which: (a) we know about you (for example, if you are an individual or a director of a company applying for a business relationship with PAYWISER, we may ask you to provide identification documents) and (b) can be used to personally identify you (for example, a combination of your name and postal address).

“Services” stands for all PAYWISER-provided products (devices, applications, such as web-application, mobile app, Merchant Dashboardb etc.) and services (e.g., issuing, acquiring, payment processing, payment gateway services etc.).

“Service Provider” refers to PAYWISER.

“Business Relationship” means any of PAYWISER-provided Services based relationship between PAYWISER and you (such as business relationship between PAYWISER and Merchant for providing of acquiring services, business relationship between End User and PAYWISER for providing of payment card, etc).

“Merchant’ or ‘you / your” refers to any legal entity entering into business relationship with us and, where applicable, it’s duly authorized representatives and successors.

“Service User” or “you” is the user of products and/or services provided by PAYWISER. Since we provide services for commercial and/or personal use, depending on the context, “you” can relate to the Merchant and can also relate to:

1. (i) the Representative, when you are acting on behalf of the Service User (e.g., you are a founder of a company, or administering a business relationship with PAYWISER for a Merchant, who is a Service User);
2. (ii) the End User, when you directly use a PAYWISER-provided Services for your individual personal use;
3. (iii) the Customer, when you do business with, or otherwise transact with a Service User (typically a Merchant using Services);
4. (iv) the Potential Service User, when you visit our website or web-application (e.g., you send us a message asking for more information because you are considering being a user of our products or services).

2. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

PAYWISER d.o.o., with its registered office at the address Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia. The Data Protection Officer is available via paper post on the registered office address and via e-mail: [email protected].

Depending on the activity, PAYWISER acts as a “Data Controller” or “Data Processor”.

PAYWISER is the ‘Processor’, processing your personal data on behalf of the ‘controller, if you are a Customer of a certain company (e.g. Merchant) that uses PAYWISER-provided Services, or one of its employees who uses the Services, when we provide to the Merchant integration and access to Gateway Software and technical support necessary for acceptance of the Cards on Merchant Website and settling payment transactions. In this case the Merchant as the Service User is the controller of your personal data and should provide you appropriate information about how it processes your personal data and the appropriate contact to receive your Data Subject Right Requests such as request to get information on the processing of your personal data, request to access, correction, deletion or portability of their personal data and objection to processing including objecting to processing for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

3. HOW DO WE COLLECT YOUR PERSONAL DATA AND WHICH DATA CATEGORIES WE PROCESS?

We collect your personal data when (a) you use our website at www.paywiser.com; (b) you use one of our business applications (such as E-commerce website, internet payment pages, mobile app etc.) and (c) you use any of the Services available to you through the our business applications or website.

We may also collect your personal data from other people or companies or other sources.

4. HOW DO WE USE YOUR PERSONAL DATA?

Preparing anonymous statistical datasets. We prepare anonymous statistical datasets about spending patterns: (i) for forecasting purposes; (ii) to understand how you use PAYWISER business applications or account and (iii) to comply with governmental requirements and requests. These datasets may be shared internally or externally with others, including non-PAYWISER companies/institutions. We produce these reports using information about you, HOWEVER, the information used and shared in this way is never personal data and you will never be identifiable from it.

Whenever your personal data is processed based on our legitimate interest or based on your explicit consent, you have the right to object to such processing and to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn. We will always offer you a possibility to manage your choices for receiving our messages with promotional and other content.

Compliance with Legal Obligations. We use personal data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer (“KYC”) and Know-Your-Business (“KYB”) laws, anti-terrorism, anti-fraud, export control and prohibitions on doing business with restricted persons or in certain business areas, and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of personal data is critical to this effort. For example, we may monitor patterns of Payment Transactions and other online signals and use those insights to reduce the risk of fraud, money laundering and other activity that is harmful to PAYWISER or you.

Minors. PAYWISER-provided Services are not directed to minors, including children under the age of 15, and we request that they do not provide personal data through the Services. In some countries, we may impose higher age limits as required by applicable law.

5. WHO ARE YOUR PERSONAL DATA SHARED WITH?

In the scope of PAYWISER-provided Services your personal data is used by:

• PAYWISER. Your personal data are shared within PAYWISER entity and are available to authorizedpersonnel, responsible for providing our products and services. These persons are legally and contractuallyobliged to protect the confidentiality of personal data.
• Service Providers or Processors that use your personal data on our behalf and based on our instructions.PAYWISER uses their services in order to provide Services to you as our Service Users and to communicate, market and advertise regarding our Services. Service providers provide a variety of critical services, such as hosting (storing and delivering), analytics to assess the speed, accuracy and/or security of our Services, identity verification, customer service, email and auditing. We authorize such service providers to use or disclose your personal data that we make available to perform services on our behalf and to comply with applicable legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of personal data they process on our behalf. Our service providers are predominantly located in the EEA and Hong Kong.In order to adequately fulfill our contractual and legal obligations, we must also disclose your personal data to third parties:
• Financial Partners. “Financial Partners” are financial institutions that we partner with to offer the Services(including Card Schemes, Banks etc.).
• Compliance and Harm Prevention. We share personal data: (i) to competent state authorities and authoritiesresponsible for financial, tax or banking supervision (e.g., the Office for the Prevention of Money Laundering, the Financial Administration, courts, etc.) in order to comply with applicable law; (ii) to payment method providers, to comply with rules imposed by payment method in connection with use of that payment method (e.g. network rules for Mastercard, UnionPay or other); (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of PAYWISER, you or others, including against other malicious or fraudulent activity and security incidents; (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence and (vi) to natural and legal persons who demonstrate an appropriate legal basis for receiving personal data, based on their reasoned written request or natural and legal persons who present themselves with the authorization of the individual to whom the personal data refer.
• Corporate Transactions. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but subject to the terms of this Policy.
• Others with Consent. In some cases, we might refer you to, or enable you to engage with our other Partners for certain services to be provided to you. In these cases, we will clearly disclose the identity of the third party and your personal data and information related to you will be shared with them only based on your prior explicit consent.

All users of your personal data are obliged to respect and protect personal data in accordance with the applicable legislation on the protection of personal data and other legal regulations. We will never sell your personal data.

6. ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE EU /EEA?

We are a global business, providing an international Services, so we may need to transfer your personal data outside the European Economic Area (EEA). Personal data may be stored and processed in any country where we do business; or where our service providers do business; or if you use an international payment method or financial partner service, the countries in which that payment method or financial partner operates, when: (i) the

We may transfer your personal data to countries other than your own country. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. Where applicable law requires a data transfer mechanism, we use one or more of the following: (i) sign with a data recipient outside the EEA EU Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your personal data to those entities outside the EEA; (ii) verification that the recipient has implemented Binding Corporate Rules, or (iii) other legal methods available to us under applicable law.

7. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

We retain your personal data as long as we are providing the Services to you or our Service Users. Even after we stop providing Services directly to you or a Service User with which you are doing business, and even if you terminate your business relationship with PAYWISER or complete a Transaction with a Service User, we retain your personal data in order to comply with our legal and regulatory obligations, such as fraud monitoring, detection and prevention activities; to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods you used.

We keep personal data in accordance with limitation periods and retention obligations that are imposed by applicable law. As a rule, your personal data is kept for ten (10) years after the termination of the business relationship or execution of the transaction. Data processed on the basis of your consent are kept until your cancellation or requests for data deletion, but no longer than ten (10) years after the termination of the business relationship or until the purpose for which they were acquired is fulfilled.

After the expiration of the retention period, personal data are deleted, destroyed or anonymized – unless there is another legal basis or if this is necessary to enforce or defend legal claims.

8. WHAT ARE YOUR DATA SUBJECT RIGHTS?

You may have choices regarding our collection, use and disclosure of your personal data:

1. a. Opting out of receiving electronic communications from us If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or by requesting the exercising of your right. We will try to comply with your request(s) transfer is necessary for the performance of a contract with you or in the case of negotiations to conclude a contract with you (e.g. in the case of Transactions to or from a third country); (ii) the transfer is necessary for the conclusion or implementation of a contract between the PAYWISER and another natural or legal person that is in your interest (e.g. in the case of providing Services in the territory of a third country); (iii) PAYWISER receives a legal request to provide data to administrative authorities for the implementation of measures to prevent money laundering and measures against the financing of terrorist activities. as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, our partners may still send you messages and direct us to send you messages on their behalf.
2. b. Your data protection rights You may have the following rights with regard to the personal data PAYWISER processes as the Controller:
   • the right to request confirmation of whether PAYWISER processes personal data relating to you, and ifso, to request a copy of that personal data (Right to access);
   • the right to request that PAYWISER corrects or updates your personal data that is inaccurate,incomplete or outdated (Right to rectification);
   • the right to request that PAYWISER erase your personal data in certain circumstances provided by law(Right to deletion / erasure or Right to be forgotten);
   • the right to request that PAYWISER restrict the use of your personal data in certain circumstances,such as while we consider another request that you have submitted (Right to restrict processing);
   • the right to request that we export your Personal Data that we hold to another company, wheretechnically feasible (Right to portability);
   • where the processing of your personal data is based on your previously given consent, you have theright to withdraw your consent at any time (Right to withdraw consent);
   • where we process your information based on our legitimate interests, you may also have the right toobject to the processing of your personal data (Right to object to processing). Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.c. Process for exercising your data protection rightsTo exercise your data protection rights please contact us by sending your message to the following e-mail address: [email protected].PAYWISER will decide on the individual request of the individual without undue delay, or at the latest within the statutory period of 30 days from the receipt of the request.For all questions regarding data processing or your rights, or in case of misuse of your data, please contact the authorized person for data protection: [email protected]. When resolving complaints related to the processing of personal data, which we cannot resolve directly with you, we cooperate with the competent regulatory authorities. You have the right to legal protection. You can contact the Information Commissioner of the Republic of Slovenia. Before each application, please contact us so that we can solve your problem together.If you are an individual/Customer doing business or transacting with our Service User (e.g., Merchant using PAYWISER-provided Services), please refer to the privacy policy or notice of the Service User or contact the Service User directly.

9. DO YOU MAKE AUTOMATED DECISIONS ABOUT ME?

PAYWISER does not use means to make automated decisions that could have legal consequences for you. In the event of an automated decision, we will notify you beforehand and give you the right to personal intervention by the controller; the right to express your point of view; the right to get an explanation of the decision made in this way and the right to challenge such a decision.

10. UPDATES AND NOTIFICATIONS

We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective when we post the revised Policy.

We may provide you with disclosures and alerts regarding the Policy or personal data collected by posting them on our website.

If applicable law requires that we provide notice in a specified manner prior to making any changes to this Policy applicable to you, we will provide such required notice.

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your personal data. We maintain organizational, technical and administrative measures designed to protect personal data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. Personal data is only accessed by a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

If you have reason to believe that your interaction with us is no longer secure, please contact us.

If you have any questions or complaints about this Policy, please contact us by sending your message to [email protected].

Slovenia – Kodeks etike in poslovnega ravnanja

Kodeks etike in poslovnega ravnanja

PAYWISER d.o.o.

1. Namen kodeksa

Kodeks etike in poslovnega ravnanja (v nadaljevanju imenovan: kodeks) je najvišji interni akt v PAYWISER družba za izdajo elektronskega denarja in plačilne storitve, d.o.o. (v nadaljevanju imenovana: PAYWISER).

Kodeks opredeljuje temeljne vrednote in načela etičnega poslovnega ravnanja in s tem postavlja osnovna vodila našega delovanja in odgovornosti, ki jih imamo v PAYWISER tako v medsebojnih odnosih kot v odnosih do naših strank in ostalih deležnikov, ki na različne načine vzpostavljajo odnos z nami, ter do družbenega in naravnega okolja, v katerem delujemo. Na določilih tega kodeksa temeljijo tudi vsa druga pravila in navodila poslovanja.

Določbe tega kodeksa veljajo za člane Nadzornega sveta, za družbenike ter za vse zaposlene v PAYWISER (poslovodstvo in vodstveni delavci so vključeni pod skupnim izrazom »zaposleni«) in za vse v enaki meri. Zaposleni moramo pri svojem delu vedno ravnati z integriteto, iskrenostjo ter pravno skladnostjo. Zavezanost k etičnim standardom PAYWISER pričakujemo tudi od naših zunanjih izvajalcev, pogodbenih partnerjev in ostalih deležnikov, ki so kakorkoli povezani z našim poslovanjem.

Zavedamo se, da je zaupanje v PAYWISER ključno za ohranjanje našega ugleda in dolgoročnega uspeha. Kodeks zato določa ničelno toleranco do vsakršnega delovanja, ki je nedopustno z zakonskega, moralnega ali etičnega vidika oziroma lahko negativno vpliva na ugled PAYWISER.

Kodeks, ki je pred nami, predstavlja temeljni dokument PAYWISER korporativne kulture. Še več kot to. Kodeks za nas ni le dokument, zaposleni v kodeks verjamemo in ga živimo. Naš skupni in osebni cilj je delati prav in ne le, kar je dovoljeno in skladno z zakonodajo, zato je kodeks naše vodilo tako pri sprejemanju odločitev kot pri vedenju in ravnanju.

2. Temeljna načela, vrednote ter standardi zaželenega vedenja in ravnanja

Naše vrednote so izhodišče za delo z našimi strankami in medsebojno sodelovanje ter nam pomagajo pri doseganju naših ciljev. Korporativno kulturo gradimo na zaupanju, zakonitem poslovanju, odgovornosti, odličnosti, sodelovanju in pripadnosti, verjamemo in delujemo z integriteto ter transparentno.

Ključ za doseganje teh standardov ravnanja je tudi močna kultura skladnosti poslovanja, ki jo PAYWISER izvaja v praksi z dolžnim vedenjem in ravnanjem vseh zaposlenih v skladu z internimi politikami, pravilniki in drugimi notranjimi akti ter v skladu z vso relevantno zakonodajo in regulativo. V PAYWISER verjamemo v naše vrednote, zato spoštujemo standarde zaželenega ravnanja in se zavedamo, kaj je nedopustno ravnanje.

Naš kodeks odraža našo zavezo delati prav.

2.1. Ravnamo etično in zakonito

V PAYWISER se zavedamo, da je za naš uspeh izrednega pomena zaupanje strank. Spodbujamo poslovanje na pravi način s spoštovanjem najvišjih etičnih vrednot, moralnih standardov in veljavne

zakonodaje. Zaposleni v PAYWISER verjamemo v ta kodeks ter smo pravno in moralno zavezani k ravnanju v skladu z njegovimi načeli. Pri delu in komunikaciji smo strokovni, vestni, pošteni in odgovorni, spoštujemo interna pravila ter zakonodajo. Vedno ravnamo tako, kot je prav.

Vsa naša dejanja in vsaka odločitev morajo biti skladni s tem Kodeksom, z zakonodajo in drugimi predpisi ter z veljavnimi internimi akti. S temi dokumenti moramo biti dobro seznanjeni in ravnati v skladu z navodili, ki urejajo opravljanje naših nalog. Izogibamo se ravnanjem, ki bi lahko pomenila domnevno kršitev predpisanih pravil.

Za skladno ravnanje je izjemnega pomena, da pravočasno identificiramo svoje pomisleke o morebitni (tudi prihodnji oziroma potencialni) neskladnosti. Le tako je mogoče preprečiti nastanek kršitev. V primeru, da smo v dvomu, se obrnemo na svojega nadrejenega ali na službo Skladnosti poslovanja.

PAYWISER je zavezan k spoštovanju vseh veljavnih predpisov, ki urejajo preprečevanje korupcije in prejemanja podkupnin. V vseh poslovnih razmerjih in poslih ravnamo transparentno in z najvišjo stopnjo integritete ter ne dovoljujemo pridobivanja dejanskih ali potencialnih koristi, ki bi izvirale iz nedovoljenih ravnanj. Enako mero integritete pričakujemo tako od svojih zaposlenih kot od vseh ostalih deležnikov, ki poslujejo z nami. Zaposleni smo dolžni preprečevati, zaznavati in naznaniti vsak poskus dajanja ali prejemanja podkupnin ter druge oblike korupcije, ki izvirajo ali so povezane s poslovanjem PAYWISER. Velja ničelna toleranca do kakršnekoli oblike korupcije in dajanja ali obljubljanja oz. prejemanja podkupnin zaposlenim ter ostalim deležnikom.

Darila in pogostitve strank, zunanjih sodelavcev, poslovnih partnerjev ali drugih tretjih oseb so do neke mere sicer v skladu z običajno poslovno prakso, vendar pa pri tem obstaja možnost nastanka dejanskega ali potencialnega nasprotja interesov in s tem nevarnost za ugled PAYWISER. Zaposleni v PAYWISER zase ali za sodelavce lahko sprejemamo darila ali pogostitve le izjemoma ob upoštevanju notranjih aktov, pri čemer morebiten sprejem darila ali pogostitve ne vpliva in ne sme vplivati na našo poslovno odločitev.

V PAYWISER dajemo velik poudarek odkrivanju in preprečevanju pranja denarja in financiranja terorizma. Zaposleni v okviru svojih nalog in odgovornosti dosledno izvajamo naloge, ki jih določajo notranji akti, in o vsakem odstopanju ali sumu možnosti zlorabe s tega področja obvestimo službo PPDFT. PAYWISER je zavezan k skladnosti z vsemi veljavnimi omejevalnimi ukrepi in uredbami glede embargov.

Zaposleni v PAYWISER razumemo in sprejemamo odgovornost za sprejemanje pravilnih odločitev, ki jih vodijo predvsem poslovni interesi. Nasprotje interesov je situacija, v kateri je PAYWISER in/ali kateri koli zaposleni izpostavljen različnim vplivom, ki bi lahko negativno vplivali na nepristransko in objektivno opravljanje nalog ali rezultate poslovanja. Nasprotje interesov je potrebno identificirati, se mu izogibati in, kjer to ni mogoče, z njim ustrezno upravljati. Zaposleni svoje funkcije ali službe v PAYWISER ne sme uporabiti za to, da bi sebi ali komu drugemu uresničil kakšen nedovoljen zasebni interes. Dolžnost vsakega zaposlenega je, da je pri opravljanju svojih nalog pozoren na vsako dejansko ali možno nasprotje interesov in da o vseh zaznanih okoliščinah nasprotij interesov poroča službi Skladnosti poslovanja.

Osebni odnosi med zaposlenimi na delovnem mestu lahko povzročijo okoliščine nasprotja interesov. Zato moramo paziti, da se takšnim situacijam izognemo. Zaposlovanje oseb, ki so povezane z zaposlenimi ni prepovedano, je pa zaželeno, da svojega dela ne opravljajo v okviru iste organizacijske enote, prav tako je potrebno takšne okoliščine razkriti službi Skladnosti poslovanja, da se sprejmejo ustrezni ukrepi za učinkovito upravljanje z nasprotji interesov.

Do nasprotja interesov lahko privedejo tudi zunanje aktivnosti zaposlenih. Zaposleni pri zasebnih aktivnostih nikoli ne smemo ustvarjati vtisa, da delujemo v imenu ali za račun PAYWISER. V času trajanja delovnega razmerja ne smemo brez soglasja direktorja opravljati nobene plačane ali neplačane dejavnosti ali sklepati poslov za svoj ali tuj račun ter biti vključeni v pravnih osebah, ki sodijo v dejavnost, ki jo opravlja PAYWISER in pomeni ali bi lahko pomenila za PAYWISER konkurenco, ali opravljati plačane ali neplačane dejavnosti ali sklepati poslov za svoj ali tuj račun, ki je enaka ali podobna tisti, ki jo opravljamo na svojem delovnem mestu v PAYWISER, in pomeni ali bi lahko pomenila konkurenco. V primeru opravljanja dodatnih aktivnosti zaposleni o tem obvesti službo Skladnosti poslovanja v skladu z internimi pravili PAYWISER.

PAYWISER je politično nevtralna družba in ne sodeluje v političnih kampanjah ter ne prispeva denarnih ali drugih sredstev političnim strankam ali kandidatom na volitvah. V primeru, da smo zaposleni politično dejavni, smo dolžni tovrstne aktivnosti strogo ločiti od svojih delovnih obveznosti in nalog ter zagotoviti, da virov PAYWISER (vključno z našim delovnim časom) ne izrabljamo za te namene. Zaposleni sodelavcev ne smemo novačiti ali jih prepričevati, naj prispevajo k delovanju političnih strank oz. drugih političnih struktur. Pred nastopom funkcije smo dolžni obvestiti svojega nadrejenega ter službo Skladnosti poslovanja in preveriti morebitno nezdružljivost oz. prepoved opravljanja tovrstne javne funkcije.

Strogo varovanje poslovnih skrivnosti in zaupnih podatkov strank je eno od najpomembnejših zahtev za zaupen odnos med PAYWISER in njenimi strankami. Zaposleni morajo na koncu delovnega dne poskrbeti, da so njihovi papirni in elektronski dokumenti, ki vsebujejo zaupne podatke ali informacije, ki štejejo za poslovno skrivnost, pospravljeni in shranjeni na način, da niso dostopni nepooblaščenim osebam. Obveznost zaupnosti morajo zaposleni izpolnjevati tudi po prenehanju njihovega delovnega razmerja ali statusa zaposlitve. Formalna ali neformalna izmenjava kakršnih koli informacij v zvezi z delovanjem in dejavnostmi PAYWISER v primerih, kadar to ni potrebno za redne poslovne postopke niti povezano z nalogami zaposlenega in v primerih, v katerih sodelujejo osebe, ki niso zaposleni ali poslovni partnerji, ni dovoljeno.

2.2. Spoštujemo sodelavce in skrbimo za zdravo in varno delovno okolje

V PAYWISER se zavedamo, da je ključ do zadovoljne stranke, zadovoljni zaposleni. Zaposleni v PAYWISER med seboj komuniciramo spoštljivo, strokovno in pošteno. Naši sodelavci so naše notranje stranke. Delujemo po sistemu, da najprej poslušamo, potem govorimo. Spodbujamo dialog in izmenjavo mnenj, pobud ter zamisli. Konstruktivno kritiko podajamo na spoštljiv in iskren način. Tako prispevamo k pozitivni korporativni kulturi ter doseganju skupnih ciljev. Odzivamo se hitro in ustrezno. O morebitni odsotnosti pravočasno obvestimo naše sodelavce, po prihodu pa se odzovemo v čim krajšem času.

Pri PAYWISER se zavedamo, da lahko le skupaj dosežemo in presežemo zastavljene cilje, zato skrbimo za dobro počutje naših zaposlenih. Zdravo, varno in prijazno delovno okolje s trdno korporativno kulturo so ključnega pomena. Zaposleni upoštevamo interna pravila in usmeritve glede varnosti pri delu in požarne zaščite. Sodelavce obravnavamo z dostojanstvom in spoštovanjem raznolikosti. Skrbimo za redno izobraževanje naših sodelavcev in prenašanje dobrih praks. Zaposlenim omogočamo učinkovito usklajevanje zasebnega in poklicnega življenja.

Zavedamo se, da uporaba alkohola in nedovoljenih substanc, drog in/ali drugih psihotropnih snovi tako na delovnem mestu kot tudi v delovnem času ni dovoljena. Priložnostne zdravice v delovnem času so dopustne le, če za to obstaja upravičen poslovni razlog in so del poslovnega protokola in bontona.

Vodstveni delavci imajo dodatno odgovornost za vzpostavljanje ter ohranjanje kulture in vedenja, kjer zaposleni poznajo in razumejo svoje naloge ter lahko brez zadržkov sporočijo svoje pomisleke in težave.

V PAYWISER velja ničelna toleranca do diskriminacije in nadlegovanja. PAYWISER nudi enake zaposlitvene možnosti vsem ustrezno usposobljenim osebam. Kandidatov in svojih zaposlenih ne razlikuje glede na spol, starost, raso, barvo kože, narodnost, spolno usmerjenost, versko prepričanje in druge osebnostne lastnosti. Kakršnokoli obliko diskriminacije, neenakopravne in nepoštene obravnave zaposlenih kakor tudi kakršnegakoli nasilja, nadlegovanja, ustrahovanja, trpinčenja ali šikaniranja posameznikov na delovnem mestu ne dopuščamo in ga obsojamo. Pri PAYWISER spoštujemo človekove pravice in spodbujamo pozitivno delovno okolje.

Spoštujemo pravico do zasebnosti in interese vseh svojih zaposlenih, zato posebno skrb posvečamo varstvu osebnih podatkov zaposlenih.

2.3. Spoštujemo naše stranke in ostale deležnike, poslujemo pošteno, transparentno in odgovorno

V PAYWISER smo zavezani k spoštovanju človekovih pravic in temeljnih svoboščin. Svojo družbeno odgovornost izražamo v odnosu do svojih zaposlenih, strank, poslovnih partnerjev in vseh ostalih deležnikov. Stremimo k dolgotrajnemu zaupanju vseh deležnikov v PAYWISER, zato poslujemo celovito, skladno, transparentno, pozitivno in v skladu z zastavljeni cilji in obljubami. Stranke PAYWISER so ključne za doseganje našega skupnega cilja – uspešnega poslovanja.

Zaposleni imamo pri svojem delu najprej v mislih interese naših strank in družbe PAYWISER d.o.o. ter hkrati tudi interese drugih deležnikov (lastnika, poslovnih partnerjev, javnosti nasploh). Pri PAYWISER so stranke v središču naše pozornosti, odličnost pa ena izmed temeljnih vrednot. Stranke želimo dobro poznati in razumeti njihove želje, potrebe in interese. Prizadevamo si za zagotavljanje odličnih storitev, ki so strankam na voljo kadarkoli in kjerkoli, ki jim olajšajo finančno poslovanje, odlikuje pa jih učinkovitost, enostavnost in inovativnost.

Pri PAYWISER stranke in vse ostale deležnike (poslovne partnerje, tretje osebe) spoštujemo, obravnavamo pošteno, profesionalno, skrbno in odgovorno. Svoje spoštovanje izkazujemo tudi na način, da varujemo informacije in podatke, ki so nam zaupani, ter preprečujemo njihovo morebitno zlorabo ali razkritje nepooblaščeni osebi. Informacije strankam podajamo strokovno in jasno ter na ne- zavajajoč način, ki bi jih lahko zavedel in spodbudil k ravnanju, ki ni v njihovem interesu.

Zavzemamo se za dialog, morebitne nesporazume in pritožbe pa rešujemo strokovno, etično, pošteno, hitro in učinkovito, s ciljem pozitivne rešitve problema, ki je vir pritožbe, da do podobne situacije ne bi več prišlo.

Zaščita sredstev in računov strank je ključna in najpomembnejša. Vsaka organizacijska enota PAYWISER je odgovorna za uvedbo vseh potrebnih ukrepov za zagotavljanje ustrezne zaščite denarja in sredstev strank.

2.4. Skrbno in etično ravnamo s sredstvi in premoženjem PAYWISER

Premoženje PAYWISER je sestavljeno iz opredmetenega in finančnega premoženja ter iz pravic intelektualne lastnine. S premoženjem ravnamo gospodarno in odgovorno ter ga ščitimo pred poškodovanjem, uničenjem, odtujitvijo, zlorabo ali izgubo. Uporabljamo ga izključno za doseganje poslovnih ciljev PAYWISER in nikoli v zasebne namene, za kar smo osebno odgovorni.

Z delovnimi in drugimi sredstvi ravnamo tako, da čim manj obremenjujemo okolje (npr. prihranek pri energiji in papirju). Ravnamo skladno s predpisi na področju varovanja okolja in trajnostnega razvoja.

Uporaba informacijskih virov PAYWISER je dovoljena v le poslovne namene. Vire in sredstva informacijske tehnologije je treba uporabljati na spoštljiv in profesionalen način, odgovorno ter skladno z notranjimi pravili, nalaganje vsebin, ki jih ni odobrila pristojna oseba, ni dovoljeno.

Ugled je pomemben del premoženja PAYWISER, zaposleni pa smo varuhi ugleda. Vedno ravnamo in komuniciramo tako, da ne škodujemo ugledu PAYWISER, temveč ga ohranjamo, varujemo in krepimo. Upoštevamo profesionalne in etične standarde, ravnamo skladno z našimi skupnimi vrednotami ter izpolnjujemo druga pravila ustreznega ravnanja, vedenja in komuniciranja. Zaposleni smo odgovorni, da prepoznavamo nevarnosti, ki bi lahko negativno vplivale na ugled, ter jih v čim večji meri odpravljamo in učinkovito obvladujemo.

Zaposleni skrbimo za ugled PAYWISER tudi v zasebnem času – tako ne opravljamo dejavnosti ali funkcij, ki bi lahko imele negativni vpliv na poslovanje oziroma ugled PAYWISER, ki bi lahko škodovale strankam ali ki bi lahko dajale vtis zlorabe položaja. Zaposleni odgovorno ravnamo tudi pri uporabi družbenih omrežij in zasebna sporočila strogo ločimo od poslovnih, obenem pa se zavedamo, da tretje osebe in javnost vsa naša sporočila ter dejanja (tudi tista, ki jih izražamo v prostem času) povezujejo z vrednotami in kulturo PAYWISER.

3. Izvajanje kodeksa

3.1. Odgovornost za skladnost

Vsi zaposleni v PAYWISER smo dolžni ves čas delovati skladno z zakonodajo, notranjimi akti in etičnimi načeli. Temeljne standarde našega ravnanja in vedenja predstavljajo določila tega kodeksa, zato ga moramo zaposleni dobro poznati. Vsak zaposleni ob nastopu svoje zaposlitve podpiše izjavo o seznanjenosti in zavezanosti k spoštovanju tega kodeksa, izvajamo tudi redna izobraževanja glede poznavanja določil kodeksa. Prizadevamo si delovati po najvišjih veljavnih standardih.

Kršitve tega Kodeksa imajo lahko za posledico različne ukrepe (opozorilo, prekinitev pogodbe o zaposlitvi, civilno tožbo, itd.) ali civilne in/ali kazenske sankcije, vse v skladu in v okviru veljavne zakonodaje in internih aktov. Kršitve tega Kodeksa bo obravnavala in preiskovala služba Skladnosti poslovanja.

3.2. Vprašanja v zvezi s kodeksom

Kodeks opredeljuje osnovna načela sprejemljivega oziroma nesprejemljivega vedenja in ravnanja zaposlenih, vseh situacij in okoliščin pa ne more opredeliti. Pomembno je, da ves čas delujemo z najboljšimi nameni za ohranjanje ugleda in integritete, v primerih ko smo v dvomu, kako ravnati, pa se obrnemo na Skladnost poslovanja. V pomoč so nam lahko tudi naslednja vprašanja:

• ali je moje ravnanje zakonito?
• ali bo moje vedenje in ravnanje imelo pozitiven vpliv na ugled PAYWISER v javnosti?
• ali je moje ravnanje v skladu z internimi akti in pravili PAYWISER?
• ali je moje ravnanje skladno tako z mojimi osebnimi vrednotami kot z vrednotami, načeliPAYWISER in določbami tega kodeksa?
• ali lahko moje vedenje in ravnanje povzroči kakršnokoli škodo?

3.3. Dolžnost in pravica poročanja o kršitvah (whistleblowing)

PAYWISER je zavzel načelo ničelne tolerance do vseh oblik neetičnega ali nezakonitega ravnanja. Vsak zaposleni v PAYWISER ima dolžnost in pravico, da v primeru suma oziroma v primeru škodljivega ravnanja sodelavca, ki v zvezi s svojimi delovnimi nalogami sodeluje ali je sodeloval pri dejanju korupcije oziroma oškodovanju premoženja PAYWISER oz. pri kakšnih drugih kršitvah kodeksa in/ali veljavnih predpisov, takšna dejanja (anonimno) prijavi kot sum nedovoljenega ravnanja. Prijava mora vsebovati dovolj podatkov, da lahko PAYWISER ustrezno preveri vse navedbe. Vse prijave se štejejo za zaupne. Prijava se lahko poda službi Skladnosti poslovanja na elektronski naslov: [email protected] ali pa jo pošljete na naš sedež PAYWISER d.o.o., Služba Skladnosti poslovanja, Bravničarjeva ulica 13, 1000 Ljubljana s pripisom »ZAUPNO«.

Vse preiskave bodo izvedene temeljito, pošteno, diskretno in pravočasno. Ker dajemo velik poudarek preprečevanju, da bi se škodljiva ravnanja ponovila, se pregledajo ne samo dejanske okoliščine, temveč tudi trenutno stanje obstoječih procesov in notranje kontrole.

3.4. Zaščita prijavitelja

Prijavitelji oziroma t.i. žvižgači zaradi svoje prijave ne bodo utrpeli nobenih negativnih poklicnih posledic. V PAYWISER namreč ne toleriramo in ne dovolimo povračilnih ukrepov zoper zaposlene, ki poročajo o neželenih ravnanjih, če so bili pri tem pošteni in so ravnali v dobri veri, in sicer četudi se prijavljeno ravnanje ne izkaže kot neetično ali protipravno, prijavljeno pa je bilo v dobri veri. Zagotavljamo, da je zaščitena identiteta tistega, ki v dobri veri poroča o škodljivem ravnanju, kot tudi tistih, na katere se očitki o škodljivem ravnanju nanašajo. Služba za skladnost poslovanja bo zadeve te narave vedno obravnavala na zaupen in diskreten način.

4. Veljavnost kodeksa

Ta kodeks začne veljati z dnem sprejetja s strani direktorja in potrditve nadzornega sveta, uporablja pa se z dnem 8.8.2022 dalje.

Slovenia – Rules of internal appeal procedure

PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, registration number: 8640084000, on the basis of the Act on Payment Services, Electronic Money Issuing Services and Payment Systems (ZPlaSSIED) accepts the following

Rules on the internal appeal procedure and out-of-court dispute resolution

I. Preliminary provisions

Article 1

With the Rules on the internal appeal procedure and out-of-court dispute resolution (hereinafter: the Rules), PAYWISER d.o.o. determines the internal procedure for resolving complaints and the out-of-court dispute resolution scheme between PAYWISER d.o.o. and to the complainant, which can be any natural or legal person who is believed to be entitled to the consideration of the complaint and has filed a complaint.

Article 2

The internal complaint procedure is used when the complainant expresses dissatisfaction due to unfulfilled expectations in connection with the company PAYWISER d.o.o. With the complaint, the complainant requests the elimination of the irregularities that have occurred in his opinion and the establishment of a correct or different situation, and may also request the reimbursement of direct or indirect damage. The complainant can file a complaint against the PAYWISER d.o.o. or its employees or against a document issued by PAYWISER d.o.o.. The complainant can file a complaint even if PAYWISER d.o.o. does not perform a certain act, but in the opinion of the complainant should have performed it.

A complaint should be distinguished from an inquiry, which is a standard or general question related to a particular product or service. General, unspecified complaints against the company PAYWISER d.o.o. are not considered a complaint.

If the complaint relates to the area of data protection, the provisions of the Privacy Policy, which regulate the right to appeal, which the complainant asserts at PAYWISER d.o.o., are also taken into account in the internal appeal procedure and at the supervisory authority. The privacy policy is available on the paywiser.com website.

Financial complaints, i.e. the user's request to correct an error in the execution of a payment transaction, are dealt with special or additional conditions. In the case of financial complaints, the customer must also take into account the applicable general terms and conditions of the individual product or services that more precisely determine the procedure for resolving such complaints.

The out-of-court dispute resolution procedure can be used if the complainant does not agree with the decision of PAYWISER d.o.o. in the appeal procedure at the second level and in the event that the appellant in the appeal procedure referred to in the first paragraph of this article does not receive a decision that PAYWISER d.o.o. had to issue in the appeal procedure in accordance with these regulations.

II. Internal appeals procedure

Article 3

The internal appeal procedure is based on the following principles:

• equal treatment of all applicants,
• the order in which complaints are dealt with (complaints received earlier are dealt with before complaints received later),
• quick and efficient resolution of complaints.

Complaints are resolved quickly and efficiently and in accordance with applicable legislation, general terms and conditions of business valid at the time of the dispute, the concluded contract for the provision of services and good business practices. In each consideration of a customer's complaint, PAYWISER d.o.o. strives to reach an amicable solution to the complaint with the customer.

Article 4

The complainant can submit his complaint at level 1 in writing:

• by mail to the address: PAYWISER d.o.o., OE Reklamacije, Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia
• via e-mail to the address: [email protected]
• via an online form at https://paywiser.com/contacts/complaint/.

PAYWISER d.o.o. is required to respond in writing only to complaints submitted in writing.

The appeal must be understandable and clear and must contain the facts on which the appeal claim is based. It must contain at least the following:

• information about the complainant (name and surname of a natural person, or title and registered office of a legal entity or business operator, as well as address, e-mail address and telephone or other contact information),
• explanation of the reasons for appeal, description of the event and indication of key facts and date of the event,
• submission of evidence to confirm the facts on which the claimant's claim is based, if the claimant has it,
• the address for sending the reply, if it is different from the address of the customer's permanent or temporary residence or the company's headquarters, or provided email address,
• claim of the complainant (if relevant),
• signature of the complainant (in the case of submission of the complaint by mail to the address of the registered office of PAYWISER d.o.o.).

An appeal that does not contain all the elements from the third paragraph of this article does not meet the conditions for its consideration and is dismissed.

Article 5

The complaint handling system is two-tiered. Complaints are handled in the first instance by the complaints department. The procedure for dealing with a complaint includes: receiving, considering and deciding on the complaint and forwarding the answer to the complainant.

Article 6

PAYWISER d.o.o. only handles complaints that are complete and properly submitted. If the complaint is incomplete, incomprehensible or unclear, the complaint department invites the complainant to complete the complaint and sets him an 8-day deadline for completing the complaint. Supplementing the complaint cancels the deadline for sending a response to the complainant. In this case, the appeal procedure, and thus the deadline for resolving the appeal and sending a response to the appellant, begins the next day from the date of receipt of the complete appeal.

If the complainant does not complete the complaint within the given period, PAYWISER d.o.o. discards it.

Article 7

PAYWISER d.o.o. must respond to the complaint to the complainant in the shortest possible time, but mandatory within 8 working days in the first tier and within 15 working days in the second tier. PAYWISER d.o.o. informs the complainant in writing (via e-mail or regular mail) about the receipt of the complaint, the appeal procedure and the approximate deadline for submitting an answer (unless the response to the complaint or the request for additions is sent to the complainant within 2 working days after its receipt). The deadline for the resolution of the complaint begins on the following day from the date of receipt of the complete complaint.

If it is not possible to submit an answer to the complainant within the periods stated above or when the content is more demanding, PAYWISER d.o.o. informs the complainant about the reasons for extending the deadline for the response and when he can expect a response within the deadline set for the resolution of the complaint. If the complaint relates to payment services, the deadline for receiving a final answer must not exceed 35 working days.

When dealing with financial complaints, due to their nature and the rules of card schemes, different deadlines may apply. The user is informed about them through the general conditions of the individual product or services that more precisely determine the procedure for resolving such complaints.

Article 8

The complainant, who is not satisfied with the response to the complaint of the first-tier authority or does not receive a response within the forseen period, can file a complaint at the second level within 8 working days from the date of receiving the response, or after the deadline for receiving the response, if the response is not received within the time limit, and it is mandatory in writing with a note for the Appeals Commitee.

At the second tier, the Complaints Commitee is responsible for handling complaints. The Complaints Commitee is appointed by the management and consists of PAYWISER d.o.o. professionals.

Article 9

Decision of the first and second tier on the appeal of PAYWISER d.o.o. is sent to the complainant in writing via electronic, regular or registered mail.

III. Familiarization with the out-of-court dispute resolution process

Article 10

If the complainant, who is a consumer, does not agree with the decision on the appeal issued in the internal appeal procedure, or if he does not receive an answer to the appeal within 30 days from the filing of the appeal with the second-tier authority, he may, within a maximum period of 13 months from the filing of the appeal with PAYWISER d.o.o., file an initiative for out-of-court settlement of consumer disputes at Attorney Simona Goriup (Miklošičeva cesta 26, 1000 – Ljubljana, www.goriup.si) against the decision of PAYWISER d.o.o., in the manner determined by the Rules for the out-of-court settlement of consumer disputes (hereinafter: IRPS Rules), which are annex to this policy. The procedure for the out-of-court resolution of consumer disputes is carried out in the conditionally binding expedited arbitration procedure. The IRPS provider allows the consumer to file an initiative to start the procedure on its website, by regular mail (Advetnica Simona Goriup, Miklošičeva cesta 26, 1000 – Ljubljana) and by e-mail ([email protected]). The initiative to start the procedure is submitted on a form that is available in electronic form on the website of the IRPS provider (https://goriup.si/irps-zacetek-postopka/) and in paper form at the headquarters of the IRPS provider.

More information about the IRPS provider, about filing an initiative and about the method and procedure of the IRPS at Attorney Simona Goriup is available on the website https://goriup.si/irps/, https://goriup.si/wp-content/uploads/2016/06/Rules-procedure- IRPS.pdf).

Article 11

If the complainant, who is a payee – »Merchant«, does not agree with the decision on the appeal in relation to alleged violations of obligations of PAYWISER d.o.o. under the Regulation (EU) 2015/751 of the European Parliament and of the Council of 29 April 2015 on interchange fees for card-based payment transactions, issued in the internal appeal procedure, or if he does not receive an answer to the appeal within 30 days from the filing of the appeal with the second-tier authority, he may, within a maximum period of 13 months from the filing of the appeal with PAYWISER d.o.o., file an initiative for out-of-court settlement of disputes at Attorney Simona Goriup (Miklošičeva cesta 26, 1000 – Ljubljana, www.goriup.si) against the decision of PAYWISER d.o.o., in the manner determined by the Rules for the out-of-court settlement of disputes (hereinafter: IRS Rules), which are annex to this policy. The procedure for the out-of-court resolution of disputes is carried out via the mediation procedure. The IRS provider allows the complainant to file an initiative to start the procedure by regular mail (Odvetnica Simona Goriup, Miklošičeva cesta 26, 1000 – Ljubljana) and by e-mail ([email protected]).

PAYWISER d.o.o. is obliged to participate in the mediation process.

The procedure is conducted in accordance with the IRS Rules.

Article 12

The complainant can file a complaint regarding alleged violations of the Act on Payment Services, Electronic Money Issuing Services and Payment Systems by payment service providers also with Banka of Slovenia.

Despite the complaint with the IRPS, IRS provider or the Bank of Slovenia, the complainant has the right to file a lawsuit at any time to resolve the dispute regarding the provision of payment services between him and PAYWISER d.o.o. at the competent court.

IV. Final Provisions

Article 13

PAYWISER d.o.o. informs complainants about the appeals procedure and the out-of-court dispute resolution scheme. It is considered that the complainant is familiar with the latter if these Regulations and IRPS, IRS Rules are published on the website of PAYWISER d.o.o. (www.paywiser.com).

Complainants are also informed about the existence of the Rules through the general terms and conditions.

Amendment of the policy

Article 14

The complainant and PAYWISER d.o.o. they themselves bear the costs incurred by them as a result of the complaint procedure. The PAYWISER d.o.o. is entitled to compensation for damages and all costs incurred as a result of the complaint procedure, in the event that the complainant withdraws the complaint and in the event that the complainant caused the costs and damages intentionally or through negligence.

In the proceedings before the IRPS, IRS provider, the complainant and PAYWISER d.o.o. bear its costs of the procedure, in accordance with the provisions of the IRPS, IRS Rules.

Article 15

All participants in the appeal procedure must keep all information about the complainants in the procedure as confidential.

The content of the appeal, regardless of the stage of the appeal procedure in which it is located and all information relating to the course of the appeal procedure, constitute a business secret, whereby the complainant is liable for damages to PAYWISER d.o.o. in case of violation thereof.

In the case of resolving the dispute in question in the out-of-court consumer dispute resolution procedure at Attorney Simona Goriup, PAYWISER d.o.o. forwards all relevant documentation to the aforementioned contractor.

Amendment ofthe policy

Article 16

About changes to the Rules and/or Rules of IRPS, IRS, PAYWISER d.o.o. publishes a notice on the website www.paywiser.com.

Final provision

Article 17

These Regulations enter into force on 05.10.2023.

Ljubljana, 2.10.2023

PAYWISER d.o.o.
Janez Stajnko, CEO

Annex 1: Rules of the out-of-court settlement of consumer disputes
Annex 2: Rules of the out-of-court settlement of disputes

Slovenia – Pravilnik o pritožbenem postopku

PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, matična številka: 8640084000, na podlagi vsakokrat veljavnega Zakona o plačilnih storitvah, storitvah izdajanja elektronskega denarja in plačilnih sistemih (ZPlaSSIED) sprejema naslednji

Pravilnik o internem pritožbenem postopku in izvensodnem reševanju sporov

I. Uvodne določbe

1. člen

S Pravilnikom o internem pritožbenem postopku in izvensodnem reševanju sporov (v nadaljevanju: Pravilnik), PAYWISER d.o.o. določa interni postopek za reševanje pritožb ter shemo izvensodnega reševanja sporov med PAYWISER d.o.o. in pritožnikom, ki je lahko vsaka fizična ali pravna oseba, za katero se domneva, da je upravičena do obravnave pritožbe in je vložila pritožbo.

2. člen

Interni pritožbeni postopek se uporabi, ko pritožnik izrazi nezadovoljstvo zaradi neizpolnjenih pričakovanj v povezavi z družbo PAYWISER d.o.o. S pritožbo pritožnik zahteva odpravo po njegovem mnenju nastalih nepravilnosti in vzpostavitev pravilnega oziroma drugačnega stanja, lahko pa tudi povrnitev neposredno ali posredno nastale škode. Pritožnik lahko vloži pritožbo zoper ravnanje družbe PAYWISER d.o.o. ali njenih zaposlenih ali zoper dokument, ki ga je izdal PAYWISER d.o.o.. Pritožnik lahko vloži pritožbo tudi v primeru, če PAYWISER d.o.o. določenega dejanja ne opravi, pa bi ga po mnenju pritožnika moral opraviti.

Pritožbo je treba razlikovati od poizvedbe, ki je standardno ali splošno vprašanje, povezano z določenim produktom ali storitvijo. Za pritožbo se ne štejejo splošni, nekonkretizirani očitki družbi PAYWISER d.o.o.

Če se pritožba nanaša na področje varstva osebnih podatkov se v internem pritožbenem postopku upoštevajo tudi določbe Politike zasebnosti, ki urejajo pravico do pritožbe, ki jo pritožnik uveljavlja pri PAYWISER d.o.o. in pri nadzornem organu. Politika zasebnosti je dostopna na spletni strani paywiser.com.

Finančne reklamacije, to je zahteve uporabnika za odpravo napake pri izvajanju plačilne transakcije, se obravnavajo pod posebnimi oz. dodatnimi pogoji. Pri finančnih reklamacijah mora stranka upoštevati tudi vsakokrat veljavne splošne pogoje posameznega produkta oz. storitve, ki natančneje določajo postopek reševanja takšnih reklamacij.

Postopek izvensodnega reševanja sporov se lahko uporabi, če se pritožnik ne strinja z odločitvijo PAYWISER d.o.o. v pritožbenem postopku na drugi stopnji ter v primeru, če pritožnik v pritožbenem postopku iz prvega odstavka tega člena v predvidenem roku ne prejme odločitve, ki bi jo PAYWISER d.o.o. moral izdati v pritožbenem postopku skladno s tem pravilnikom, kot podrobneje opisano v 10. členu tega pravilnika.

II. IInterni pritožbeni postopek

3. člen

Interni pritožbeni postopek poteka po načelih:

• enakopravne obravnave vseh pritožnikov,
• vrstnega reda obravnavanja pritožb (prej prejeta pritožba se obravnava pred kasneje prejeto),
• hitrega in učinkovitega reševanja pritožb.

Pritožbe se rešujejo hitro in učinkovito ter v skladu z veljavno zakonodajo, splošnimi pogoji poslovanja, veljavnimi v času nastanka spora, sklenjeno pogodbo o opravljanju storitev ter dobrimi poslovnimi običaji. Pri vsaki obravnavi pritožbe stranke si PAYWISER d.o.o. prizadeva s stranko doseči sporazumno rešitev pritožbe.

4. člen

Pritožnik lahko vloži svojo pritožbo na 1. stopnji v pisni obliki:

• po pošti na naslov: PAYWISER d.o.o., OE Reklamacije, Bravničarjeva ulica 13, 1000 Ljubljana, Slovenija
• preko e-pošte na naslov: [email protected]
• preko spletnega obrazca, ki se nahaja: https://paywiser.com/contacts/complaint/?lang=sl.

PAYWISER d.o.o. je dolžan pisno odgovoriti le na pisno predložene pritožbe.

Pritožba mora biti razumljiva in jasna ter mora vsebovati dejstva, na katerih temelji pritožbeni zahtevek. Obvezno mora vsebovati najmanj naslednje:

• podatke o pritožniku (ime in priimek fizične osebe oziroma naziv in sedež pravne osebe ali nosilca dejavnosti ter naslov, elektronski naslov in telefon ali drug kontaktni podatek),
• obrazložitev pritožbenih razlogov, opis dogodka in navedbo ključnih dejstev in datum dogodka,
• predložitev dokazov za potrditev dejstev, na katerih temelji zahtevek pritožnika, če pritožnik z njimi razpolaga,
• naslov za pošiljanje odgovora, če je ta drugačen od naslova stalnega ali začasnega prebivališča stranke oziroma sedeža družbe oz. posredovanega elektronskega naslova,
• zahtevek pritožnika (če je relevantno),
• podpis pritožnika (v primeru oddaje pritožbe po pošti na naslov sedeža PAYWISER d.o.o.).

Pritožba, ki ne vsebuje vseh elementov iz tretjega odstavka tega člena, ne izpolnjuje pogojev za njeno obravnavo in se zavrže.

5. člen

Sistem obravnave pritožb je dvostopenjski. Pritožbe na prvi stopnji rešuje enota za reklamacije. Postopek obravnave pritožbe obsega: sprejem, obravnavo in odločanje o pritožbi ter posredovanje odgovora pritožniku.

6. člen

PAYWISER d.o.o. obravnava le pritožbe, ki so popolne in pravilno predložene. Če je pritožba nepopolna, nerazumljiva ali nejasna, pristojna organizacijska enota pritožnika pozove k dopolnitvi pritožbe in mu postavi 8 dnevni rok za dopolnitev pritožbe. Dopolnitev pritožbe prekine tek roka za pošiljanje odgovora pritožniku. V tem primeru pritožbeni postopek ter s tem rok za rešitev pritožbe in pošiljanje odgovora pritožniku prične teči naslednji dan od dneva prejema popolne pritožbe.

V kolikor pritožnik pritožbe v danem roku ne dopolni, jo PAYWISER d.o.o. zavrže.

7. člen

PAYWISER d.o.o. mora pritožniku odgovoriti na pritožbo v najkrajšem času, obvezno pa v 8 delovnih dneh na prvi stopnji in v 15 delovnih dneh na drugi stopnji. PAYWISER d.o.o. pritožnika v pisni obliki (preko elektronske ali navadne pošte) obvesti o prejemu pritožbe, pritožbenem postopku ter okvirnem roku za podajo odgovora (razen v kolikor je odgovor na pritožbo ali poziv za dopolnitev poslan pritožniku v roku 2 delovnih dni po njenem prejemu). Rok za rešitev pritožbe začne teči naslednji dan od dneva prejema popolne pritožbe.

Če pritožniku odgovora v predpisanem roku ni mogoče predložiti ali kadar gre za vsebinsko zahtevnejše primere, PAYWISER d.o.o. pritožnika, v roku, predvidenem za rešitev pritožbe, obvesti o razlogih za podaljšanje roka za odgovor ter kdaj lahko pričakuje odgovor. Če se pritožba nanaša na plačilne storitve, rok za prejem končnega odgovora ne sme biti daljši od 35 delovnih dni.

Pri reševanju finančnih reklamacij lahko zaradi njihove narave in pravil kartičnih shem veljajo drugačni roki oz. pravila. O njih je uporabnik obveščen preko splošnih pogojev posameznega produkta oz. storitve, ki natančneje določajo postopek reševanja takšnih reklamacij.

8. člen

Pritožnik, ki ni zadovoljen z odgovorom na pritožbo prvostopenjskega organa ali odgovora ne dobi v predvidenem roku, lahko v roku 8 delovnih dni od dneva prejema odgovora oziroma po poteku roka za prejem odgovora, če odgovora ne prejme v roku, vloži pritožbo na drugo stopnjo, in sicer obvezno v pisni obliki s pripisom za Komisijo za pritožbe.

Na drugi stopnji je za obravnavo pritožb pristojna Komisija za pritožbe. Komisijo za pritožbe imenuje vodstvo in jo sestavljajo strokovni delavci PAYWISER d.o.o.

9. člen

Odločitev prve in druge stopnje o pritožbi PAYWISER d.o.o. pošlje pritožniku v pisni obliki preko elektronske, navadne ali priporočene pošte.

III. Seznanitev s postopkom izvensodnega reševanja sporov

10. člen

Če se pritožnik, ki je potrošnik, z odločitvijo o pritožbi, izdani v internem pritožbenem postopku ne strinja, ali če v 30 dneh od vložitve pritožbe na drugostopenjski organ neutemeljeno ne prejme odgovora na pritožbo, lahko v roku največ 13 mesecev od vložitve pritožbe pri PAYWISER d.o.o., vloži pobudo za izvensodno reševanje potrošniških sporov pri Odvetnici Simoni Goriup (Miklošičeva cesta 26, 1000 – Ljubljana, www.goriup.si) zoper odločitev PAYWISER d.o.o., na način določen z vsakokrat veljavnimi Pravili postopka izvensodnega reševanja potrošniških sporov (v nadaljevanju: Pravila IRPS), ki so priloga tega pravilnika. Postopek izvensodnega reševanja potrošniških sporov se izvaja v postopku pogojno zavezujoče pospešene arbitraže. Izvajalka IRPS na svoji spletni strani, po navadni (Odvetnica Simona Goriup, Miklošičeva cesta 26, 1000 – Ljubljana) in elektronski pošti ([email protected]) omogoči potrošniku vložitev pobude za začetek postopka. Pobuda za začetek postopka se vloži na obrazcu, ki je v elektronski obliki dostopen na spletni strani izvajalke IRPS (https://goriup.si/irps-zacetek-postopka/) in v papirni obliki na sedežu izvajalke IRPS.

Več informacij o izvajalki IRPS, o vložitvi pobude ter o načinu in postopku IRPS pri Odvetnici Simoni Goriup je na voljo na spletni strani https://goriup.si/irps/, https://goriup.si/wp-content/uploads/2016/06/Pravila-postopka-IRPS.pdf).

11. člen

Če se pritožnik, ki je prejemnik plačil (»trgovec«), z odločitvijo o pritožbi v zvezi z domnevnimi kršitvami obveznosti družbe PAYWISER d.o.o., kot ponudnika plačilnih storitev, po Uredbi 2015/751/EU (Uredba (EU) št. 2015/751 Evropskega parlamenta in Sveta z dne 29. aprila 2015 o medbančnih provizijah za kartične plačilne transakcije), izdani v internem pritožbenem postopku ne strinja, ali če v 30 dneh od vložitve pritožbe na drugostopenjski organ neutemeljeno ne prejme odgovora na pritožbo, lahko v roku največ 13 mesecev od vložitve pritožbe pri PAYWISER d.o.o., vloži pobudo za izvensodno reševanje sporov pri Odvetnici Simoni Goriup (Miklošičeva cesta 26, 1000 – Ljubljana, www.goriup.si) zoper odločitev PAYWISER d.o.o., na način določen z vsakokrat veljavnimi Pravili postopka izvensodnega reševanja sporov (v nadaljevanju: Pravila PIRS), ki so priloga tega pravilnika. Postopek izvensodnega reševanja sporov se izvaja v postopku mediacije. Izvajalka PIRS po navadni (Odvetnica Simona Goriup, Miklošičeva cesta 26, 1000 – Ljubljana) in elektronski pošti ([email protected]) omogoči pritožniku vložitev pobude za začetek postopka.

PAYWISER d.o.o. se je postopka mediacije dolžan udeležiti. Postopek se vodi v skladu s Pravili PIRS.

12. člen

Pritožnik lahko vloži pritožbo v zvezi z domnevnimi kršitvami Zakona o plačilnih storitvah, storitvah izdajanja elektronskega denarja in plačilnih sistemih s strani ponudnikov plačilnih storitev tudi pri Banki Slovenije.

Kljub pritožbi pri izvajalki IRPS, PIRS ali Banki Slovenije, ima pritožnik pravico kadarkoli vložiti tožbo za rešitev spora v zvezi z opravljanjem plačilnih storitev med njim in PAYWISER d.o.o. pri pristojnem sodišču.

IV. Končne določbe

13. člen

PAYWISER d.o.o. pritožnike seznani s pritožbenim postopkom in shemo izvensodnega reševanja sporov. Šteje se, da je pritožnik s slednjim seznanjen, če sta ta Pravilnik in Pravila IRPS, PIRS objavljena na spletni strani PAYWISER d.o.o. (www.paywiser.com).

O obstoju Pravilnika so pritožniki seznanjeni tudi preko splošnih pogojev poslovanja.

14. člen

Pritožnik in PAYWISER d.o.o. sama nosita stroške, ki so jima nastali zaradi pritožbenega postopka. Družba PAYWISER d.o.o. je upravičena do povračila škode in vseh stroškov, ki so ji nastali zaradi pritožbenega postopka, v primeru, da pritožnik umakne pritožbo ter v primeru, da je pritožnik stroške in škodo povzročil naklepno ali iz malomarnosti.

V postopku pred izvajalcem IRPS, PIRS krijeta pritožnik in PAYWISER d.o.o. svoje stroške postopka, skladno z določili Pravil IRPS, PIRS.

15. člen

Vsi udeleženci v pritožbenem postopku morajo kot zaupne varovati vse podatke o pritožnikih v postopku.

Vsebina pritožbe, ne glede na stopnjo pritožbenega postopka, v kateri se nahaja in vsi podatki, ki se nanašajo na potek pritožbenega postopka predstavljajo poslovno skrivnost, pri čemer je pritožnik v primeru kršitve le-te odškodninsko odgovoren PAYWISER d.o.o.

V primeru reševanja spora v postopku izvensodnega reševanja spora pri Odvetnici Simoni Goriup lahko PAYWISER d.o.o. se lahko posreduje vso tozadevno dokumentacijo omenjeni izvajalki.

Sprememba pravilnika

16. člen

O spremembi Pravilnika in/ali Pravil IRPS, PIRS PAYWISER d.o.o. objavi obvestilo na spletni strani www.paywiser.com.

Končna določba

17. člen

Ta Pravilnik začne veljati dne 5.10.2023.

Ljubljana, 2.10.2023

PAYWISER d.o.o.

Janez Stajnko, direktor

Priloga 1: Pravila postopka izvensodnega reševanja potrošniških sporov
Priloga 2: Pravila postopka izvensodnega reševanja sporov

Slovenia – pravila postopka izvensodnega reševanja potrošniških sporov

ODVETNICA Simona Goriup
Čufarjeva 1, Ljubljana, tel. 01 430 08 18, fax. 01 430 08 19

Na podlagi 3. odstavka 12. člena Zakona o izvensodnem reševanju potrošniških sporov (Uradni list RS, št. 81/2015), je odvetnica Simona Goriup dne 17.10.2016 sprejela:

PRAVILA

postopka izvensodnega reševanja potrošniških sporov

1. člen

Pri izvensodnem reševanju potrošniških sporov (v nadaljnjem besedilu: IRPS), ki jih vodi odvetnica Simona Goriup, kot izvajalec IRPS oz. oseba, ki vodi postopek IRPS (v nadaljnjem besedilu: izvajalec IRPS), se uporabljajo določbe Zakona o izvensodnem reševanju potrošniških sporov (Ur. List RS 81/2015) in ta Pravila postopka izvensodnega reševanja potrošniških sporov (v nadaljnjem besedilu: Pravila), ki podrobneje urejajo način, področja in vrste reševanja potrošniških sporov.

2. člen

Pravila postopka IRPS se uporabljajo za reševanje pogodbenih sporov med ponudniki in potrošniki (v nadaljnjem besedilu: stranki postopka, ki so v zvezi z prodajo blaga ali opravljanjem storitev in niso bili rešeni s pogajanji med strankami na podlagi pravočasnega in pravilnega zahtevka potrošnika za odpravo napake, povračilo škode ali izvedbo plačila.

V teh pravilih izraz potrošnik pomeni fizično osebo, ki pridobiva ali uporablja blago in storitev za namene zunaj svoje poklicne ali pridobitne dejavnosti, ponudnik pa pomeni fizično ali pravno osebo, ki opravlja pridobitno dejavnost, ne glede na svojo pravnoorganizacijski obliko, kakor tudi fizično ali pravno osebo, ki ne opravlja pridobitne dejavnosti, če zagotavlja potrošnikom blago in storitve.

3. člen

Za potrošniški spor se štejejo tako domači kot tudi čezmejni spori, ki izvirajo iz pogodbenega razmerja med ponudniki in potrošniki.

4. člen

Izvajalec IRPS, oz. oseba ki vodi postopek IRPS, izvaja izvensodno reševanje potrošniških sporov za vsa področja in je pristojna za izvensodno reševanje vseh vrst domačih in čezmejnih sporov, ki izvirajo iz pogodbenih razmerij med strankami in jih sproži potrošnik proti ponudniku.

5. člen

Oseba, ki pri izvajalcu IRPS vodi ali sodeluje v postopkih reševanja potrošniških sporov mora biti strokovna, neodvisna in nepristranska in ne sme biti vezana na navodila strank ali njihovih pooblaščencev.

6. člen

Potrošnik se prostovoljno odloči ali bo vložil pobudo za začetek postopka pri izvajalcu IRPS, ponudnik pa se prostovoljno odloči ali bo sodeloval v postopku.

Ne glede na prvi odstavek tega člena je sodelovanje ponudnika v postopku IRPS pri izvajalcu IRPS obvezno, če poseben zakon ali uredba Evropske unije to izrecno določata.

7. člen

Potrošnik in ponudnik imata pravico, da se v razumnem roku, ki ne sme biti krajši od osmih dni, izrečeta o dejstvih in dokazih, da izrazita svoja stališča ter da se izrečeta o navedbah, dokazih, dokumentih in dejstvih, ki jih je predložila nasprotna stranka.

8. člen

Postopki IRPS pri izvajalcu IRPS morajo biti enostavni, kratki in ekonomični.

Postopek je za potrošnika brezplačen, razen pristojbine, ki jo določi izvajalec IRPS in katere vsota znaša 20,00 – EUR.

Že plačana pristojbina iz prejšnjega odstavka tega člena se vrne, če ponudnik ne soglaša s pobudo potrošnika za začetek postopka ali soglasje umakne v skladu s četrtim odstavkom 18. člena, o čemer mora izvajalec IRPS obvestiti potrošnika v osmih dneh od dneva ko prejme odgovor ponudnika.

9. člen

Pobudo za začetek postopka pri izvajalcu IRPS lahko vloži le potrošnik.

Potrošnik in ponudnik imata pravico, da ju v kateri koli fazi postopka zastopa pooblaščenec oziroma jima da pomoč tretja oseba, o čemer morata biti seznanjena pred začetkom postopka. Pooblaščenec se izkaže s pooblastilom stranke.

Če potrošnik nima pooblaščenca ga izvajalec IRPS oz. oseba ki vodi ali sodeluje v postopku reševanja potrošniškega spora na začetku postopka na primeren način pouči o njegovih pravicah in možnostih, da si zagotovi ustrezno strokovno pomoč, o stroških take pomoči in kdo jih nosi.

Potrošnik nosi stroške svojega pooblaščenca ali tretje osebe, če jo ima, ter stroške izvedenskega mnenja, ki ga potrošnik zahteva, čeprav izvajalec IRPS oceni, da je mogoče potrošniški spor rešiti tudi brez njega.

10. člen

Postopek reševanja IRPS je zaupen postopek reševanja domačih in čezmejnih potrošniških sporov in so vsi podatki, ki izvirajo iz postopka ali so z njim povezani zaupni, razen če so se stranke sporazumele drugače, če njihovo razkritje zahteva zakon, ali če je razkritje potrebno za izpolnitev ali prisilno izvršitev odločbe o rešitvi spora.

V postopkih IRPS je javnost izključena. Osebe, ki niso stranke v sporu oziroma njihovi pooblaščenci, so lahko navzoči samo z dovoljenjem vseh strank in izvajalca IRPS oz. osebe, ki pri izvajalcu IRPS vodi postopek.

V postopku se zagotavlja varstvo osebnih podatkov v skladu s pravili varstva osebnih podatkov ter poslovne skrivnosti.

11. člen

Postopek reševanja potrošniškega spora se izvaja v postopku pogojno zavezujoče pospešene arbitraže (v nadaljnjem besedilu: postopek).

Postopek vodi izvajalec IRPS oz. oseba, ki pri izvajalcu IRPS vodi postopke IRPS in izpolnjuje pogoje predpisane z zakonom, ki ureja izvensodno reševanje potrošniških sporov.

Izvajalec IRPS oz. oseba, ki vodi postopek IRPS praviloma vodi in odloči o sporu kot posameznik.

12. člen

Postopek pogojno zavezujoče pospešene arbitraže se praviloma izvede pisno in z uporabo razpoložljivih elektronskih sredstev.

Če se stranki tako dogovorijo, se lahko postopek izvede tudi ustno, na arbitražnem naroku.

13. člen

Potrošnik vloži pri izvajalcu IRPS pisno pobudo za začetek postopka najkasneje v roku 13 mesecev od dneva vložitve pritožbe pri ponudniku.
Pisna pobuda mora vsebovati :

• osebno ime ( ime in priimek );
• naslov prebivališča;
• elektronski naslov in kontaktno telefonsko številko;
• podatke o ponudniku;
• dejstva v zvezi z domnevnimi kršitvami ponudnika;
• predloge dokazov, na katere opira pobudo;
• izjavo, da o zadevi ne teče upravni ali sodni postopek ali postopek pri drugem izvajalcu IPRS.

Izvajalec IRPS na svoji spletni strani, po navadni in elektronski pošti omogoči potrošniku vložitev pobude za začetek postopka.

Pobuda za začetek postopka se vloži na obrazcu, ki je v elektronski obliki dostopen na spletni strani izvajalca IRPS in v papirni obliki na sedežu izvajalca IRPS.

Potrošnik lahko v postopku IRPS predloži vsa ali samo izbrana dejanska ali pravna vprašanja, ki so po njegovem mnenju relevantna za rešitev spora.

14. člen

Postopek reševanja potrošniških sporov se začne z dnem, ko je izvajalec IRPS potrošniku izdal pisno potrdilo o prejemu pobude za začetek postopka, razen če zakon, ki ureja izvensodno reševanje potrošniških sporov, ne določa drugače.

15. člen

Po prejemu pobude za začetek postopka izvajalec IRPS preveri ali pobuda vsebuje vse sestavine, določene v drugem odstavku 13. člena teh Pravil, in potrošnika po potrebi pozove k njeni dopolnitvi.

Če potrošnik kljub pozivu pobude za začetek postopka ustrezno ne dopolni v roku 15 dni, se šteje, da je pobudo umaknil.

16. člen

Izvajalec IRPS pobudo za začetek postopka zavrne, če:

• o zadevi že teče upravni ali sodni postopek ali postopek pri drugem izvajalcu IRPS;
• je upravni ali sodni organ ali drug izvajalec IRPS že odločil o istem zahtevku;
• potrošnik predhodno ni uveljavil pritožbe neposredno pri ponudniku, zoper katerega je

sprožil spor pri izvajalcu IRPS;

• je očitno, da potrošnik s pobudo ne bo uspel;
• je pobuda neresna ali pomeni očitno zlorabo postopka;
• vrednost spora ne dosega vrednosti 30 EUR;
• potrošnik pri izvajalcu IRPS ni vložil pobude za začetek postopka v roku, ki ne sme biti krajši od enega leta od dneva, ko je potrošnik vložil pritožbo pri ponudniku;
• je pobuda preveč kompleksna in zahtevna za reševanje pri izvajalcu IRPS, kar bi lahko ogrozilo učinkovito delovanje izvajalca IRPS.

Če izvajalec IRPS odloči, da zavrne pobudo potrošnika za začetek postopka, potrošniku in ponudniku v treh tednih po prejemu potrošnikove pobude za začetek postopka pošlje pisno obrazložitev o zavrnitvi pobude.

17. člen

Katerakoli stranka lahko predlaga, da izvajalec IRPS povabi nasprotno stranko k sklenitvi sporazuma o predložitvi spora glede reševanja potrošniškega spora v postopku pogojno zavezujoče pospešene arbitraže pri izvajalcu IRPS.

Sporazum mora določati uporabo teh Pravil v postopku reševanja potrošniškega spora in mora biti zapisan v posebni listini, ki jo stranki lastnoročno podpišeta.

Šteje se, da sta stranki soglašale z uporabo teh Pravil, kadar sta v pisnem sporazumu določile, da bosta reševanje vseh ali posameznih pravnih vprašanj predložili v postopek reševanja potrošniških sporov, ki ga organizira in mu nudi administrativno podporo izvajalec IRPS.

18. člen

Izvajalec IRPS v osmih dneh od prejema popolne pobude za začetek postopka obvesti ponudnika o vloženi pobudi in ga pozove, da se izreče ali s pobudo soglaša, razen v primerih, ko zakon, ki ureja izvensodno reševanje sporov določa drugače.

Ponudnik v osmih dneh od prejema obvestila iz prejšnjega odstavka izvajalcu IRPS sporoči, ali s pobudo soglaša, sicer se šteje, da soglasje ni dano. Če ponudnik soglaša s pobudo, se izreče tudi o pobudi in dokazih, ki jih je predlagal potrošnik.

Če ponudnik soglaša s pobudo za začetek postopka, izvajalec IRPS v osmih dneh od prejema odgovora ponudnika obvesti potrošnika in ponudnika o nadaljnjem poteku in trajanju postopka.

Če ponudnik ne soglaša s pobudo za začetek postopka ali soglasje umakne, izvajalec IRPS postopek ustavi in o tem obvesti potrošnika v osmih dneh od dneva, ko prejme odgovor ponudnika.

19. člen

Izvajalec IRPS omogoči izmenjavo informacij med potrošnikom in ponudnikom po navadni ali elektronski pošti v skladu z izbiro potrošnika ali ponudnika.

20. člen

Izvajalec IRPS lahko v okviru priprav na začetek postopka reševanja potrošniškega spora in kadarkoli med postopkom od vsake stranke zahteva dodatna pojasnila ali podatke v razumnem roku, ki ga določi.

Vsaka stranka lahko kadarkoli tekom postopka po lastni presoji, delno ali v celoti umakne ali spremeni svoj zahtevek, vendar ga lahko umakne brez privolitve nasprotne stranke nasprotne stranke samo dokler se nasprotna stranka ni spustila v obravnavanje glavne stvari.

Izvajalec IRPS lahko, kadarkoli oceni, da je to ustrezno izvede pripravljalno telefonsko, video ali skype konferenco u vsemi strankami v sporu, na kateri lahko med drugim :

• ugotavlja naravo spora vključno z dejansko in pravno podlago;
• ugotavlja zgodovino dosedanjih pogajanj in preverja stališča strank;
• ugotavlja katere listine so si stranke že izmenjale in določi razumne roke za predložitev

listin in drugega dokaznega gradiva;

• na predlog strank oceni, ali bi bilo potrebno pridobiti izvedensko ali drugo strokovno

mnenje ;

• uskladi datum ustne obravnave v arbitražnem postopku, če je potrebna.

21. člen

Izvajalec IRPS odloči o sporu, najpozneje v 45 (petinštiridesetih) dneh od prejema popolne pobude za začetek postopka in izda pravno zavezujočo arbitražno odločbo.

Izdana odločba je zavezujoča za ponudnika in potrošnika pod odložnim pogojem, da niti ponudnik niti potrošnik v roku 8 dni po prejemu te odločbe, izvajalcu IRPS s priporočeno pošto ne pošlje lastnoročno podpisane izjave, da je ne sprejema kot zavezujoče.

Če je spor zahtevnejši, lahko izvajalec IRPS po lastni presoji rok iz prvega odstavka tega člena podaljša in o tem obvesti stranki v postopku o podaljšanju roka in pričakovanem času, ki je potreben za rešitev spora.

22. člen

Odločba se izda v pisni obliki in je obrazložena, razen če se stranki postopka strinjata, da obrazložitev ni potrebna.

V odločbi morajo biti navedeni datum njene izdaje, sedež izvajalca IRPS in ime in priimek osebe, ki je izdala odločbo.

Odločbo podpiše oseba, ki je izdala odločbo.

Strankama se vroči po en izvod podpisane odločbe s priporočeno poštno pošiljko ali v varni elektronski predal, če ga imata.

23. člen

Če nobena od strank v roku 30 dni od prejema odločbe pisno ne nasprotuje objavi te odločbe, lahko izvajalec IRPS v pomembnejših zadevah tako odločbo objavi na spletni strani v anonimizirani obliki, brez podatkov o strankah v postopku.

24. člen

Če stranki v okviru postopka reševanja potrošniškega spora dosežeta sporazum o vseh ali o nekaterih spornih vprašanjih, jo lahko izvajalec IRPS zapiše v obliki izvensodne poravnave ali pa izda sporazumno, pravno zavezujočo, obrazloženo arbitražno odločbo.

Stranke se lahko sporazumejo za predložitev sklenjene poravnave v odobritev pristojnemu sodišču ali za vpis poravnave v obliki izvršljivega notarskega zapisa in nosijo vse stroške takega postopka.

V primeru sklenitve sporazuma o rešitvi spora morata biti potrošnik in ponudnik pred privolitvijo v sporazum seznanjena s pravnimi posledicami privolitve v sporazum.

Preden potrošnik in ponudnik privolita v sporazum, morata imeti na voljo razumen rok za razmislek.

25. člen

Šteje se, da je postopek končan:

• ko je potrošnik umaknil pobudo za začetek postopka;
• ko je potrošnik seznanjen z odločitvijo ponudnika, da ne da soglasja ali da je umaknil

soglasje k pobudi za začetek postopka;

• ko je potrošnik seznanjen z odločbo izvajalca IRPS;
• z dnem sklenitve sporazuma o rešitvi spora.

Izvajalec IRPS v roku 8 dni seznani potrošnika in ponudnika o koncu postopka po navadni ali elektronski pošti v skladu z izbiro potrošnika ali ponudnika.

26. člen

Izvajalec IRPS je dolžan v jasnem in razumljivem jeziku na svoji spletni strani in v poslovnih prostorih ter na zahtevo tudi na trajnem nosilcu podatkov objaviti vse informacije, ki jih predvideva 29. člen Zakona o izvensodnem reševanju potrošniških sporov.

Poleg informacij iz prejšnjega odstavka je izvajalec IRPS dolžan na spletni strani in v poslovnih prostorih objaviti tudi Kodeks etičnih standardov in Pravila postopka izvensodnega reševanja potrošniških sporov.

27. člen

Potrošnik lahko pri izvajalcu IRPS vloži pobudo v slovenskem, srbskem, hrvaškem ali angleškem jeziku.

Postopek IRPS, ki ga vodi izvajalec IRPS in oseba, ki vodi ali sodeluje v postopkih IRPS bo potekal v jeziku iz prejšnjega odstavka tega člena, v katerem je potrošnik vložil pobudo za začetek postopka.

28. člen

Stroški postopka IRPS so administrativni stroški izvajalca IRPS, stroški za izvedbo dokazov in nagrada ter potni stroški nevtralnemu strokovnjaku.

Stroški in nagrada so opredeljeni in se obračunajo v skladu s Pravili o stroških postopkov potrošniških sporov izvajalca IRPS.

29. člen

Glede vseh postopkovnih vprašanj, ki niso urejena s temi Pravili in določbami ZIsRPS se neposredno uporabljajo določbe Zakona o arbitraži (Uradni list RS št. 45/ 08).

30. člen

Pravila postopka izvensodnega reševanja potrošniških sporov so bila sprejeta s strani odvetnice Simone Goriup dne 17.10.2016, veljati in uporabljati pa se začnejo z dnem vpisa odvetnice Simone Goriup v register izvajalcev IRPS, ki ga vodi Ministrstvo za gospodarski razvoj in tehnologijo.

Ljubljana, dne 17.10.2016
Odvetnica
Simona Goriup

Slovenia - Pravila izvensodnega reševanja sporov s trgovci

PRAVILA O MEDIACIJI KOT NAČINU IZVENSODNEGA REŠEVANJA SPOROV

1. člen

Ta pravila se uporabljajo v mediaciji, če poteka pri Odvetnici Simoni Goriup kot izvajalki izvensodnega reševanja sporov (v nadaljevanju: Izvajalka IRS), kadar stranke v sporu (v nadaljevanju: stranke) želijo doseči sporazumno rešitev spora in so se bodisi s pogodbo, sklenjeno pred nastankom spora, bodisi s pisnim sporazumom po nastanku spora dogovorile, da se bodo v mediaciji uporabila ta pravila. Šteje se, da so stranke soglašale z uporabo teh pravil vselej, kadar s pogodbo pred nastankom spora ali s pisnim sporazumom po nastanku spora, reševanje vseh ali posameznih dejanskih in pravnih vprašanj predložijo v mediacijo, ki jo organizira Odvetnica Simona Goriup, ne da bi navedle, da se bodo uporabila ta pravila.

2. člen

Mediacija pomeni postopek, v katerem stranke prostovoljno s pomočjo nevtralne tretje osebe (Izvajalke IRS) skušajo doseči mirno rešitev spora, ki izvira iz ali je v zvezi s pogodbenim ali drugim pravnim razmerjem, ne glede na to, ali se za ta postopek uporablja izraz mediacija, konciliacija, pomirjanje, posredovanje v sporih ali drug podoben izraz.

Izvajalka IRS oz. oseba, ki jo Izvajalka IRS imenuje za vodenje oz. reševanje izvensodnih sporov vodi mediacijo v skladu z veljavnimi zakonskimi predpisi o izvensodnem reševanju sporov in mediaciji in Pravili o mediaciji.

3. člen

Stranke se lahko kadarkoli pred ali med postopkom mediacije dogovorijo, da bodo spremenile ta pravila.

4. člen

Vsaka stranka ali stranke v sporu, ki želijo začeti postopek mediacije, lahko to storijo s pisno predložitvijo v mediacijo, ali s predlogom ene stranke za mediacijo v skladu s temi pravili.

Stranka lahko predlaga, da Izvajalka IRS povabi nasprotno stranko k sodelovanju v mediaciji. Na podlagi prejetega predloga stranke, bo Izvajalka IRS stopila v stik z nasprotno stranko v sporu in poskušala pridobiti njeno soglasje za sodelovanje v mediaciji.

Predlog stranke za mediacijo mora vsebovati kratko izjavo o vsebini spora in kontaktno informacijo o vseh strankah v sporu ter njihovih odvetnikih, če jih zastopajo v mediaciji.

5. člen

Izvajalka IRS mora ves čas mediacije ravnati popolnoma nevtralno, neodvisno in nepristransko v odnosu do strank in do izida mediacije.

Izvajalko IRS zavezujejo pravila stroke in etični standardi mediatorjev (Evropski kodeks etičnih načel za mediatorje).

Izvajalka IRS je od začetka do konca mediacije dolžna brez odlašanja razkriti katerokoli okoliščino, ki bi lahko vzbudila razumen dvom v njeno nepristranskost oziroma neodvisnost.

6. člen

Če kadarkoli med postopkom mediacije stranke menijo, da bi morala biti vodena s strani drugega mediatorja,
lahko prekličejo imenovanje Izvajalke IRS in o tem pisno obvestijo Izvajalko IRS.
Stranke v takem primeru niso upravičene do povrnitve plačane nagrade Izvajalki IRS.

7. člen

Vsako stranko v postopku mediacije lahko zastopa pooblaščenec po njeni izbiri. Pravne osebe, ki sodelujejo v mediaciji morajo zastopati pooblaščenci s polnimi pooblastili za sklenitev poravnave.

8. člen

Izvajalka IRS določi datum in čas začetka mediacijskega srečanja. Mediacija se izvede v prostorih Izvajalke IRS ali v katerihkoli drugih prostorih, če se o tem strinjajo stranke in Izvajalka IRS.
Če stranke soglašajo, se mediacijsko srečanje lahko izvede tudi z uporabo elektronskih sredstev komuniciranja in svetovnega spleta.

9. člen

Na podlagi predhodnega posvetovanja s strankami lahko Izvajalka IRS vodi postopek mediacije na način, za katerega meni, da je ustrezen ob upoštevanju okoliščin spora, želja strank v sporu in potrebe po hitri rešitvi spora.

Izvajalka IRS ni pooblaščena za kakršnokoli določanje rešitve spora med strankami. Stranke lahko predlagajo, da Izvajalka IRS ustno ali pisno priporoči ustrezen način rešitve spora (konciliacija). Izvajalka IRS je pooblaščena, da vodi skupna in ločena srečanja s strankami. Kadar Izvajalka IRS v ločenih srečanjih s strankami sprejme informacijo v zvezi s sporom s strani ene stranke, z njeno vsebino lahko seznani nasprotno stranko, razen če je stranka, ki je informacijo dala, izrecno postavila pogoj, da mora taka informacija ostati zaupna in je v takem primeru Izvajalka IRS ne sme razkriti drugi stranki.

10. člen

V mediacijskih srečanjih je javnost izključena. Osebe, ki niso stranke v sporu oziroma njihovi pooblaščenci, so lahko navzoče samo z dovoljenjem vseh strank in Izvajalke IRS.
Mediacijska srečanja potekajo ustno, zapisnik se ne piše. Izvajalka IRS in stranke lahko tekom mediacijskega postopka komunicirajo pisno in ustno.

11. člen

Razen če so se stranke dogovorile drugače, so vse informacije, ki se nanašajo na postopek mediacije zaupne, če ni z zakonom drugače določeno ali če je razkritje potrebno zaradi prostovoljne ali prisilne izvršitve dogovora doseženega v mediaciji.

12. člen

Stranke v mediaciji, Izvajalka IRS in katerakoli tretja oseba, vključno s tistimi, ki skrbijo za administrativno podporo postopku mediacije, ne smejo v arbitražnem, sodnem ali drugem podobnem postopku predložiti ali se sklicevati na dokaze ali pričati o:

• vabilu stranke k mediaciji ali dejstvu, da je bila stranka pripravljena sodelovati v mediaciji;
• mnenjih in predlogih glede možne rešitve spora, ki so jih stranke izrazile med mediacijo,
• izjavah ali priznanjih dejstev, ki so jih stranke dale med mediacijo;
• predlogih mediatorja;
• dejstvu, da je stranka pokazala pripravljenost sprejeti mediatorjev predlog za mirno rešitev spora;
• istinah, pripravljenih izključno za potrebe mediacije.

Prejšnji odstavek se uporablja ne glede na obliko, v kateri so bile informacije ali dokazi iz prejšnjega odstavka. Prejšnji odstavki tega člena se uporabljajo ne glede na to ali se arbitražni, sodni oziroma drug ustrezen postopek nanaša na spor, ki je, oziroma je bil predmet postopka mediacije.

13. člen

Stranke mediacijskega postopka se lahko zavežejo, da tekom mediacije ne bodo začele nobenega arbitražnega ali sodnega postopka glede obstoječega spora, razen če stranka ne izkaže, da bi sicer nastale težke in nepopravljive posledice.

Začetek takega postopka sam po sebi ne pomeni umika soglasja za mediacijo ali izjave o zaključku mediacije.

14. člen

Postopek mediacije se opravi hitro in s čim manjšimi stroški. Izvajalka IRS vabi stranke na sestanek z navadno ali elektronsko pošto, ustno ali s katerimkoli drugim načinom sporočanja, ki je sprejemljiv za stranke.
Postopek mediacije sme trajati največ 90 dni, s pisnim soglasjem strank pa se lahko postopek podaljša.

15. člen

Sodelovanje strank v postopku mediacije je prostovoljno. Vsaka stranka lahko kadarkoli umakne soglasje za sodelovanje v postopku mediacije.

Izvajalka IRS je dolžna posredovati v sporu toliko časa, dokler stranke napredujejo v smeri sklenitve poravnave in dokler postopek teče brez zavlačevanja. V nasprotnem primeru lahko Izvajalka IRS postopek mediacije zaključi brez obrazložitve.

16. člen

Mediacija se konča:

• če je sklenjen sporazum o rešitvi spora, z dnem sklenitve tega sporazuma;
• če Izvajalka IRS po posvetovanju s strankami izjavi, da nadaljevanje postopka ni smiselno, z dnem te izjave;
• če stranke pisno izjavijo Izvajalki IRS, da je postopek zaključen, z dnem te izjave;
• če ena stranka pisno izjavi drugim strankam in Izvajalki IRS, da je postopek zaključen, z dnem te izjave. Če v postopku sodeluje več strank, ki so pripravljene mediacijo med seboj nadaljevati, se mediacija konča samo za stranko, ki je podala izjavo.

17. člen

Izvajalka IRS lahko sodeluje pri oblikovanju besedila sporazuma o rešitvi spora. Stranke se lahko sporazumejo, da se sporazum o rešitvi spora sestavi v obliki neposredno izvršljivega notarskega zapisa, poravnave pred sodiščem ali arbitražne odločbe na podlagi poravnave.

18. člen

Ta pravila razlaga in uporablja Izvajalka IRS, pri čemer upošteva potrebo po spodbujanju enotne uporabe Zakona o mediaciji v civilnih in gospodarskih zadevah (ZMCGZ).
Za vprašanja, ki niso izrecno urejena v tem pravilniku, se smiselno uporablja ZMCGZ.

19. člen

Razen, če se stranke mediacijskega postopka ne dogovorijo drugače, nosi vsaka stranka svoje stroške sodelovanja v postopku mediacije ter polovico administrativnih stroškov Izvajalke IRS, nagrade Izvajalki IRS in morebitnih ostalih stroškov mediacijskega postopka.

20. člen

Razen, če se stranke ne dogovorijo drugače, se v mednarodnih ali čezmejnih gospodarskih sporih uporabljajo pravila o konciliaciji UNCITRAL, razen v delu, ki se nanaša na imenovanje konciliatorjev, v katerem se uporabljajo določbe slovenskega Zakona o mediaciji v civilnih in gospodarskih zadevah.

Šteje se, da gre za mednarodni oziroma čezmejni gospodarski spor, če:

• je sedež dejavnosti strank v času sklenitve konciliacijskega sporazuma v različnih državah ali
• je država sedeža dejavnosti strank različna od države v kateri je treba izpolniti bistveni del poslovnega razmerja, oziroma je država sedeža dejavnosti strank različna od države s katero je najbolj povezan predmet spora.

V primeru, da ima stranka več sedežev dejavnosti se šteje, da ima stranka sedež tam kjer je dejavnost najtesneje povezana s konciliacijskim sporazumom.

Če stranka nima sedeža dejavnosti, se šteje, da ima stranka sedež tam kjer ima stalno prebivališče oziroma običajno prebivališče.

Pravila UNCITRAL se uporabljajo tudi takrat, kadar se stranke izrecno dogovorijo za konciliacijo v mednarodnih oziroma čezmejnih gospodarskih sporih oziroma za uporabo konciliacijskih pravil UNCITRAL.

21. člen

Ta pravilnik sprejme Izvajalka IRS in velja od dne 01.01.2022 dalje.