Termeni si conditii privind inregistrarea si utilizarea cardurilor emise de Raiffeisen Bank in aplicatia Google Pay

Termeni si conditii privind inregistrarea si utilizarea cardurilor emise de Raiffeisen Bank in aplicatia Google Pay

Prin termenii si conditiile de mai jos se stabileste modul de inregistrare si utilizare a cardurilor emise de Raiffeisen Bank in aplicatia Google Pay si de aceea, va recomandam sa cititi cu atentie si integral prezentul document inainte sa acceptati continutul sau. Daca nu sunteti de acord cu oricare dintre prevederile acestor termeni si conditii va rugam sa nu continuati procesul de inregistrare a cardului emis de Raiffeisen Bank.

1. Definirea unor termeni

“Aplicatie”/”Google Pay” este platforma de plata oferita de Google Ireland Limited, prin intermediul careia Utilizatorul poate inregistra carduri emise de Raiffeisen Bank pentru a efectua plati cu ajutorul dispozitivelor android compatibile cu aceasta aplicatie.

“Google” reprezinta Google Ireland Limited cu sediul in Xxxxxx House, Barrow Street, Dublin 4, Ireland furnizor al Google Pay si al altor produse si servicii specifice.

“Banca”/”Raiffeisen Bank” este Raiffeisen Bank S.A., persoana juridica romana, administrata in sistem dualist, cu sediul in Cladirea Sky Tower, Calea Floreasca nr. 246 C, Sector 1, Bucuresti, numar de ordine in Registrul Comertului J40/44/1991, inmatriculata in Registrul Bancar sub nr. RB-PJR-40-009/1999, cod unic de inregistrare 361820, cod de inregistrare fiscala in scopuri de TVA RO361820.

“Card” reprezinta orice card de debit/card de credit activ, emis de Raiffeisen Bank, care poate fi inregistrat si utilizat in Google Pay in vederea realizarii de operatiuni de plata.

“Clientul”/”Utilizatorul” este Utilizatorul de Card de debit si/sau Card de credit principal, suplimentar sau Card Comercial, emis de Banca, asa cum acestia sunt definiti in Conditiile Generale de Derulare a Operatiunilor Bancare pentru Persoane Fizice, respectiv pentru Persoane Juridice.

„Termeni si conditii” reprezinta Termenii si conditiile privind inregistrarea si utilizarea cardurilor emise de Raiffeisen Bank in aplicatia Google Pay din prezentul document, care constituie contractul legal incheiat de Banca cu Clientul.

“Token” este o serie unica de cifre in format digital ce asigura substituirea securizata a datelor unui Card inregistrat de Utilizator in Google Pay pe un dispozitiv Google.

2. Cerinte generale

Pentru inregistrarea si utilizarea Cardurilor in Google Pay vor fi indeplinite minimum urmatoarele conditii:

(i) Utilizatorul sa fie client al Raiffeisen Bank si sa aiba inregistrat in sistemele Bancii un numar de telefon valid;

(ii) Clientul sa detina cel putin un Card activ de debit si/sau de credit principal/suplimentar sau Card Comercial, emis de Banca;

(iii) Clientul trebuie sa fie proprietarul/detinatorul legitim al unui dispozitiv android compatibil, asa cum acestea sunt indicate pe site-ul Google: xxxxx://xxx.xxxxxx.xxx/xxxxx/

(iv) Dispozitivul android pe care se doreste inregistrarea Cardului sa contina software original, compatibil cu aplicatia Google Pay, tehnologia NFC activa si sistemul de operare indicat de Google.

(v) Clientul sa indeplineasca conditiile specifice ale Google pentru inregistrarea ca Utilizator in Google Pay si orice alte cerinte stabilite si/sau solicitate de Google pentru utilizarea Aplicatiei. Banca nu are nici o responsabilitate in raport cu Utilizatorul referitor la cerintele/conditiile si/sau orice limitari/restrictii privind utilizarea Aplicatiei stabilite de catre Google si nici la modificarea si/sau comunicarea acestora Utilizatorului.

Functionalitatile Aplicatiei Google Pay precum si modalitatile de blocare/deblocare ale dispozitivului Google pot fi imbunatatite/modificate de Google in termenele si conditiile agreate si/sau stabilite cu/de acesta.

Achizitionarea de catre Utilizator a Serviciilor/produselor oferite de alti furnizori cum ar fi, dar fara a se limita la furnizorul dispozitivului pe care este instalata aplicatia Google Pay, furnizorul retelei de telefonie mobila, comerciantii ale caror site-uri sau servicii integreaza sau permit utilizarea Google Pay, este reglementata prin propriile lor conditii contractuale privind furnizarea respectivelor servicii/produse.

Acesti furnizori/comercianti sunt terti fata de Banca, aceasta din urma nefiind responsabila pentru legalitatea, securitatea sau orice alt aspect legat de furnizarea/prestarea acestor produse/servicii. Utilizatorul este pe deplin responsabil de citirea si asumarea/respectarea prevederilor contractuale puse la dispozitie de acesti terti inainte de inregistrarea sau/si utilizarea Cardului prin intermediul Google Pay.

Banca nu este raspunzatoare si nu ofera suport sau asistenta pentru hardware, software sau alte produse sau servicii oferite de terti, cum ar fi spre exemplu aplicatia Google Pay sau dispozitivul pe care aceasta este instalata. Daca aveti intrebari sau intampinati probleme in legatura cu un produs sau un serviciu oferit de Google sau de un alt tert, va rugam sa contactati pentru suport respectivul furnizor/tert.

3. Inregistrarea si utilizarea Cardurilor emise de Raiffeisen Bank in Google Pay

3.1 Inregistrarea Cardurilor in Google Pay

Cardurile eligibile pe care Utilizatorul le poate inregistra in Google Pay sunt:

a) Cardurile emise pentru persoane fizice respectiv Cardurile de debit si/sau de credit, emise titularului precum si Cardurile suplimentare emise de Banca pe contul titularului Cardului la cererea acestuia, pe numele unei terte persoane desemnate de catre titular, inregistrate in sistemul Bancii ca atare;

b) Cardurile emise pentru persoane juridice, respectiv Cardurile de debit si/sau de credit emise de Banca Utilizatorilor de Carduri Comerciale.

Utilizatorii pot adauga in Aplicatie Carduri emise de Raiffeisen Bank prin metodele puse la dispozitie de Aplicatie.

In plus, Utilizatorii Cardului care beneficiaza de Serviciul Raiffeisen Smart Mobile oferit de Banca pot sa inregistreze Cardurile din aplicatia aferenta acestui serviciu, astfel incat datele Cardului vor fi preluate direct in Google Pay, fara sa mai fie nevoie de introducerea lor manuala in Aplicatia Google Pay. Pentru autentificarea Utilizatorului Cardului care urmeaza sa fie inregistrat in Google Pay, Banca va trimite un cod prin SMS (OTP – One Time Password) la numarul de telefon personal asociat Utilizatorului respectiv in sistemul Bancii. Inainte de transmiterea codului OTP, Google Pay va afisa ultimele cifre ale numarului de telefon personal declarat de Client in relatia cu Banca. In cazul in care Utilizatorul Aplicatiei nu recunoaste numarul de telefon pe care urmeaza sa fie transmis codul OTP, Cardul nu va putea fi inregistrat. Utilizatorul va fi indrumat sa obtina asistenta din partea Bancii, prin apelarea serviciului Call Center la numerele de telefon indicate in sectiunea 7 de mai jos. Codul OTP transmis in scopul identificarii Utilizatorului va fi comunicat prin SMS la numarul de telefon personal al Utilizatorului de Card de debit si/sau de credit principal sau suplimentar, dupa caz Card Comercial, declarat de acesta Bancii, in cel mai recent formular furnizat de Banca in acest scop.

In cazuri justificate, Banca poate decide sa accepte/refuze solicitarea de inregistrare a Cardului in Google Pay. In cazul in care solicitarea de inregistrare este respinsa, Utilizatorul poate contacta Call Center-ul Bancii pentru suport la numerele de telefon indicate in sectiunea 7 de mai jos.

Ca urmare a inregistrarii Cardului in Google Pay se va genera un Token de plata al Cardului respectiv (numar de card alternativ), acest Token urmand a fi asociat Cardului pe dispozitivului mobil respectiv. Numarul Tokenului este diferit de numarul de pe fata Cardului inregistrat in Google Pay pentru cresterea securitatii tranzactiilor.

Utilizatorul are posibilitatea sa inregistreze un Card emis de Banca in Google Pay pe mai multe dispozitive Google in acelasi timp, pentru inregistrarea fiecarui Card in parte fiind necesara parcurgerea procedurii stabilita de prezentii Termeni si Conditii. Prin inregistrarea Cardului in Google Pay si validarea acestuia prin introducerea in aplicatie a codului OTP primit prin SMS la numarul de telefon declarat Bancii de Utilizatorul Cardului respectiv, Clientul confirma calitatea de Utilizator al Cardului si de acceptant al Termenilor si Conditiilor. Clientul intelege ca respectivul Card va fi inregistrat in Google Pay pentru a putea fi utilizat la

efectuarea de operatiuni de plata, conform termenilor si conditiilor Google, respectiv ale aplicatiei Google Pay si a prezentilor Termeni si Conditii.

Pentru fiecare inregistrare a aceluiasi Card pe dispozitive diferite se va genera un Token diferit asociat dispozitivului respectiv.

Inregistrarea Cardurilor in Google Pay se realizeaza fara perceperea vreunui comision/taxe de catre Banca.

3.2. Utilizarea Cardului respectiv a Tokenului prin Google Pay

Dupa inregistrarea Cardului in Google Pay conform prevederilor de mai sus, Tokenul va fi utilizat prin intermediul Google Pay pentru:

(i) plati contactless la comercianti, atunci cand este asociat unui dispozitiv mobil de tip Android sau dispozitiv compatibil cu Google Pay;

(ii) tranzactii pe internet, pe site-urile si in aplicatiile comerciantilor ce accepta la plata cardurile Visa si/sau MasterCard afisand optiunea Google Pay.

In plus, prin intermediul Cardurilor inrolate in Google Pay se pot efectua retrageri de numerar la ATM-urile compatibile, care permit utilizarea Aplicatiei. Pentru retragerea de numerar este necesara si introducerea PIN- ului Cardului pe terminalul ATM de la care se efectueaza retragerea.

Facilitatile de utilizare, prevazute mai sus, sunt valabile la acest moment, insa este posibil ca Google sa ofere si alte modalitati de utilizare a Google Pay sau sa le modifice pe cele existente, acestea urmand a fi comunicate Utilizatorului prin modalitatile agreate cu acest furnizor.

Google Pay nu poate fi utilizata prin Cardurile pentru care Utilizatorul a dezactivat optiunea de tranzactii contactless. Daca Utilizatorul si-a inregistrat mai multe Carduri in Google Pay, atunci primul Card inregistrat pe dispozitiv va fi selectat ca implicit pentru efectuarea platilor. Utilizatorul are posibilitatea sa modifice oricand Cardul selectat ca implicit pentru plata in Google Pay.

Modul de utilizare a Aplicatiei pentru efectuarea platilor de catre Client precum si elementele de securitate folosite in vederea autorizarii platilor (deblocarea dispozitivului prin amprenta, recunoastere faciala, etc) sunt stabilite de catre Google, mai multe detalii, precum si variantele actualizate ale acestora pot fi consultate pe pagina de suport a furnizorului.

4. Blocarea si stergerea Tokenului

In cazuri justificate, Banca are dreptul de a bloca temporar sau de a sterge Tokenul Clientului.

In mod special, banca isi rezerva dreptul de a bloca temporar/sterge token-ul/token-urile din Aplicatie, in cazul in care furnizorul Google modifica politica de securitate a Aplicatiei si a dispozitivelor, astfel incat aceasta nu mai respecta prevederile legale nationale si europene aplicabile la momentul modificarii.

Pe perioada blocarii temporare, Token-ul nu va mai putea fi utilizat pentru efectuarea platilor prin Google Pay. Token-ul blocat temporar de Banca poate fi deblocat la incetarea cauzei care a determinat blocarea sa si va putea fi folosit in continuare pentru efectuarea platilor in Google Pay. Stergerea unui Token din Aplicatie are efect definitiv, pentru a relua utilizarea Cardului in Aplicatie fiind necesara reluarea etapelor de inregistrare descrise in sectiunea 3 de mai sus.

Utilizatorul are posibilitatea de a solicita Bancii blocarea temporara sau stergerea Tokenului, prin apel in Call Center la oricare din numerele de telefon mentionate in cadrul sectiunii „ Asistenta” din prezentul document. La incetarea cauzei care a determinat blocarea temporara, Utilizatorul poate solicita deblocarea Tokenului prin modalitatea mai sus descrisa.

Independent de posibilitatile oferite de Banca Utilizatorului pentru blocarea sau stergerea Token-ului, Google poate oferi Utilizatorului posibilitatea de blocare temporara sau stergere aToken-ului in aplicatiile proprii, detalii putand fi consultate pe pagina de suport a furnizorului Google Pay. Banca are dreptul de stergere a Token-ului in urmatoarele situatii:

(i) Banca a luat la cunostinta ca dispozitivul care are e Aplicatia activa sau Cardul a fost pierdut, furat, compromis; masura stergerii va fi aplicata ulterior notificarii Bancii de catre Utilizator cu privire la evenimentul intervenit; Utilizatorul are posibilitatea de a solicita Bancii emiterea unui nou Card pe care il poate inregistra in Google Pay parcurgand etapele indicate in sectiunea 3 de mai sus;

(ii) exista suspiciuni ale Bancii cu privire la ultilizarea neautorizata/frauduloasa a dispozitivului pe care Aplicatia este activa;

(iii) nu sunt respectate de catre Utilizator prevederile legale si/sau contractuale, inclusiv in cazul incalcarii acestor Termeni si Conditii sau nu sunt respectate regulile unei conduite adecvate care poate aduce Bancii prejudicii de orice natura;

(iv) atunci cand Utilizatorul sterge contul asociat Google Pay de pe telefon sau reseteaza dispozitivul avand aplicatia activa pe dispozitivul ce are Token asociat;

(v) exista o prevedele legala care impune acest fapt sau daca exista o dispozitie a unei autoritati competente in acest sens;

La expirarea termenului de valabilitate mentionat pe fata Cardului inregistrat in Google Pay, Tokenul aferent va putea fi utilizat doar in urma inregistrarii in Google Pay a Cardului reinnoit.

5. Obligatiile Utilizatorului si raspunderea partilor

Utilizatorul isi va inregistra Cardul in Google Pay doar pe dispozitive care ii apartin in mod legal si pe care le utilizeaza personal. Dupa inregistrarea Cardului, Utilizatorul trebuie sa isi ia masurile de siguranta adecvate, pentru a evita utilizarea neautorizata a Tokenului.

Utilizatorul are obligatia de a anunta Banca atunci cand Cardul inregistrat si/sau dispozitivul pe care a fost inregistrat a fost pierdut/furat sau folosit fara acordul sau si de a bloca/de a solicita blocarea Tokenul/lui asociat acestuia, conform optiunilor prezentate in sectiunea 4 de mai sus. In caz contrar, Banca nu va fi responsabila pentru platile efectuate cu Token-ul pana la momentul notificarii sale cu privire la aparitia unuia dintre evenimentele anterior enumerate.

Utilizatorul are obligatia de a pastra in siguranta dispozitivul pe care instalata Aplicatia, precum si datele sale de autentificare in Google Pay. Banca nu este raspunzatoare pentru platile cu Token daca sunt efectuate de alte persoane fie cu acordul Utilizatorului, fie ca urmare a neindeplinirii de catre acesta a obligatiilor ce-i revin. Utilizatorul are obligatia de a pastra in mod separat Cardul de dispozitivul pe care acesta este inregistrat in Google Pay.

Utilizatorul are obligatia de a monitoriza tranzactiile efectuate cu Token si de a comunica imediat Bancii prin apelarea Call Center-ului Bancii orice neconcordanta sau neregula identificata in legatura cu acestea.

Utilizatorul are obligatia de a sterge Tokenul asociat unui dispozitiv atunci cand inceteazasa mai utilizeze respectivul dispozitiv, precum si atunci cand intentioneaza sa dezactiveze metodele de securizare impotriva utilizarii neautorizate ale dispozitivului.

Banca nu controleaza aceste metode de securizare si nu raspunde pentru pierderile cauzate ca urmare a dezactivarii lor de catre Utilizator sau de modul in care Google Pay sau furnizorul dispozitivului utilizeaza respectivele metode de securizare.

Inregistrarea si utilizarea Tokenului depind de Google Pay si/sau de reteaua furnizorului de internet a Utilizatorului. Banca nu are control direct si nici indirect asupra operatiunilor acestor furnizori si nu va raspunde pentru nicio situatie legata de serviciile furnizate de acestia care pot provoca intreruperea si/sau impiedicarea inregistrarii/ utilizarii Tokenului pentru efectuarea de plati.

Banca nu este responsabila cu privire la securitatea dispozitivului mobil pe care este instalat Google Pay si nici pentru modul de functionare al acesteia, Banca fiind tinuta raspunzatoare fata de Client doar pentru indeplinirea obligatiilor sale legale in calitate de emitent al Cardului.

Banca nu este responsabila pentru nicio pierdere sau dauna morala sau patrimoniala cauzata de nerespectarea prezentilor Termeni si conditii, precum si pentru pierderea sau coruperea continutului datelor Clientului, daca

pierderea sau coruperea respectiva nu este cauzata de Banca sau nu se afla sub controlul acesteia. Raiffeisen Bank nu raspunde fata de Client si/sau fata de terte parti pentru niciun fel de daune directe sau indirecte inclusiv, dar fara a se limita la pierderi de profit, castiguri nerealizate si/sau nefructificarea unor oportunitati de afaceri sau orice alte pierderi similare suferite de Client ca urmare nefunctionarii sau functionarii necorespunzatoare a Aplicatiei.

Pentru limitarea unor potentiale prejudicii aduse prin utilizarea Token-ului de catre terti, Raiffeisen Bank recomanda Clientului sa nu instraineze/imprumute dispozitivul mobil si sa nu divulge metoda de deblocare a acestuia.

Raiffeisen Bank nu poate controla sistemul de operare al dispozitivului mobil folosit de catre Client. De aceea Raiffeisen Bank nu este responsabila de niciun fel de prejudicii cauzate dispozitivului mobil, incluzand dar fara a se limita la orice bresa de securitate cauzate de virusi, erori, inselaciuni, falsificare, omitere, intrerupere, defectiune, intarziere in operatiuni sau transmisiuni, linii computerizate sau cadere a retelei sau orice alta defectiune tehnica produsa.

Banca nu poate fi tinuta raspunzatoare pentru prejudicii rezultate din executarea unor plati neautorizate generate de expunerea dispozitivului Clientului la virusi si/sau alte aplicatii/programe, precum si de furtul acestuia.

6. Notificari

In cadrul procesului de inregistrare si ulterior pe parcusul perioadei de utilizare a Aplicatiei este posibil ca Banca sa contacteze Clientul, prin intermediul unuia sau mai multor canalele de comunicare, cum ar fi dar fara a se limita la: e-mail, scrisoare, notificare prin SMS, apel telefonic.

7. Asistenta

Pentru orice problema legata de inregistrarea, blocarea/deblocarea, stergerea unui Card sau de executarea platilor efectuate cu Cardurile in Google Pay, Clientul poate contacta Banca prin intermediul serviciului de Call Center la oricare din urmatoarele numere de telefon:

- *2000 (numar cu tarif normal, aplelabil din orice retea de telefonie mobila din Romania), disponibil 24/7;

- 0040213063002 (numar cu tarif normal, aplelabil din orice retea, din Romania si din strainatate) disponibil 24/7.

8. Modificarea Termenilor si Condiiilor

Termenii si Conditiile se completeaza in mod corespunzator cu Conditiile Generale de Derulare a Operatiunilor Bancare pentru Persoane Fizice (“CGB-PF”), respectiv pentru Persoane Juridice (“CGB-PJ”), cu Contractul specific de Card de debit/card de credit incheiat cu Banca si cu lista de Tarife si Comisioane, aplicabile Persoanelor Fizice, respectiv Persoanelor Juridice. Prezentii Termeni si Conditii, Conditiile Generale de Derulare a Operatiunilor Bancare si lista de Tarife si Comisioane, aplicabile Persoanelor Fizice si Persoanelor Juridice pot fi consultate oricand pe site-ul Bancii xxx.xxxxxxxxxx.xx.

Banca poate modifica Termenii si Conditiile cu respectarea prevederilor CGB-PF, respectiv CGB-PJ. Noua versiune a Termenilor si Conditiilor revizuiti va fi disponibila in cadrul aplicatiei Google Pay si pe site-ul Bancii, Clientului revenindu-i obligatia de a se informa cu privire la noul continut al acestora.

Clientul are posibilitatea de elimina oricand Cardurile din aplicatie, in cazul in care nu este de acord cu oricare din prevederile noii versiuni a Termenilor si Conditiilor.

9. Prelucrarea datelor cu caracter personal

Banca prelucreaza, in calitate de operator, datele cu caracter personal ale Utilizatorilor care doresc sa utilizeze Google Pay, astfel cum se mentioneaza in cadrul prezentilor Termeni si Conditii, in conformitate cu prevederile legale aplicabile in domeniul protectiei datelor cu caracter personal. Prezenta sectiune se completeaza in mod corespunzator cu prevederile CGB-PF si CGB-PJ si ale Politicii privind protectia datelor cu caracter personal si confidentialitatea, disponibila la link-ul xxxxx://xxx.xxxxxxxxxx.xx/xxxxxx-xxx/xxxxxxxx-xx-xxxxxxxxxxxxxxxxx/.

Prelucrarile de date cu caracter personal ale Utilizatorilor desfasurate de Google si/sau de alti terti in contextul utilizarii Google Pay sunt supuse conditiilor politicilor de confidentialitate sau altor documente prin care aceste entitati realizeaza informarea din perspectiva protectiei datelor cu caracter personal. Banca nu are un control sau vreo responsabilitate cu privire la modul in care Google si/sau alti terti prelucreaza datele cu caracter personal ale Utilizatorilor care opteaza pentru inregistrarea Cardurilor in Google Pay.

Scopuri si temeiuri de prelucrare

Banca prelucreaza date cu caracter personal ale Utilizatorilor pentru urmatoarele scopuri si avand la baza urmatoarele temeiuri de prelucrare:

i. In vederea indeplinirii obligatiilor legale, pentru urmatoarele scopuri: asigurarea conformarii cu cerintele legale care incumba in sarcina Bancii, inclusiv cele privind cunoasterea clientelei in vederea prevenirii spalarii banilor si combaterii finantarii terorismului.

Furnizarea datelor cu caracter personal pentru aceste scopuri este necesara, refuzul in acest sens putand rezulta in imposibilitatea Utilizatorilor de a-si inregistra Cardurile in Google Pay.

ii. In baza contractului incheiat intre Banca si Utilizatori (reprezentat de acesti Termeni si Conditii), pentru urmatoarele scopuri:

⮚ incheierea, derularea si gestionarea relatiei contractuale cu Utilizatorii prin asigurarea furnizarii tuturor serviciilor si functionalitatilor specifice prevazute in acesti Termeni si Conditii. Procesul de inregistrare a Cardului in Google Pay se finalizeaza prin luarea unei decizii, fara interventie umana, care are la baza o prelucrare exclusiv automata si care este posibil sa aiba ca rezultat refuzul la inregistrarea Cardului in Google Pay. Aceasta decizie se va lua in urma parcurgerii procesului de inregistrare a Cardului si a analizarii informatiilor transmise de Google catre Banca, inclusiv a recomandarilor primite din partea Google in acest sens. O astfel de activitate de prelucrare implica un proces decizional automatizat. Cu privire la aceasta, Utilizatorii au dreptul de a obtine interventia umana din partea Bancii, de a-si exprima punctul de vedere si de a contesta decizia luata pe baza prelucrarii automate, prin utilizarea cailor de contact indicate prin acesti Termeni si Conditii;

⮚ asigurarea suportului tehnic necesar prin raportare la specificul serviciilor si functionalitatilor oferite;

⮚ derularea in bune conditii a tranzactiilor bancare;

⮚ optimizarea serviciilor financiar-bancare;

⮚ gestionarea calitatii datelor;

⮚ gestionarea reclamatiilor si sesizarilor primite cu privire la prevederile acestor Termeni si Conditii;

⮚ transmiterea de comunicari, inclusiv prin SMS, necesare prin raportare la serviciile si functionalitatile oferite, de exemplu: trimiterea unui SMS continand un cod (OTP – One Time Password) necesar pentru identificarea Utilizatorilor Cardului care urmeaza sa fie inregistrat in Google Pay; notificarea Utilizatorilor cu scopul confirmarii inregistrarii Cardului in Google Pay; notificarea Utilizatorilor pentru oferirea suportului tehnic necesar in cazul aparitiei unor probleme/dificultati in procesul de inregistrare a Cardului in Google Pay; trimiterea unui SMS pentru fiecare tranzactie realizata prin Google Pay.

iii. Furnizarea datelor cu caracter personal pentru aceste scopuri este necesara pentru incheierea contractului cu Banca, refuzul in acest sens putand rezulta in imposibilitatea Utilizatorilor de a-si inregistra Cardurile in Google Pay. In baza interesului legitim al Bancii, pentru urmatoarele scopuri:

⮚ identificarea segmentului de clienti ai Bancii care ar fi interesati de utilizarea Google Pay in vederea efectuarii de plati cu cardurile emise de Banca;

⮚ constatarea, exercitarea sau apararea unor drepturi ale Bancii in instanta;

⮚ realizarea de analize statistice;

⮚ imbunatatirea proceselor de lucru si experienta Utilizatorilor.

Interesul legitim al Bancii consta in luarea masurilor necesare pentru asigurarea drepturilor Bancii in raport cu Utilizatorii si imbunatatirea serviciilor si produselor oferite de Banca. Furnizarea datelor cu caracter personal pentru scopurile indicate mai sus nu reprezinta o obligatie legala sau contractuala a Utilizatorilor. Cu toate acestea, in anumite situatii, refuzul furnizarii datelor in aceste scopuri poate rezulta in imposibilitatea Utilizatorilor de a-si inregistra Cardurile in Google Pay.

iv. In baza consimtamantului exprimat de catre Utilizatori, pentru urmatoarele scopuri:

⮚ transmiterea de comunicari comerciale prin mijloace de comunicare la distanta pentru promovarea posibilitatii de a utiliza Google Pay in vederea efectuarii de plati cu Cardurile.

Astfel de comunicari pot fi transmise si in vederea incurajarii acelor Utilizatori care (a) au inceput procesul de inregistrare a Cardului in Google Pay, insa nu l-au finalizat sau care (b) si-au inregistrat Cardul in Google Pay, insa nu au realizat tranzactii prin Google Pay cu o anumita regularitate.

⮚ evaluarea continua a interactiunii Utilizatorilor cu Google Pay in contextul inregistrarii Cardurilor, in vederea crearii profilurilor de utilizatori. In baza profilurilor create se vor lua decizii, fara interventie umana, care in anumite situatii ar putea rezulta in acordarea de catre Banca in favoarea unor Utilizatori a unor beneficii/avantaje in contextul utilizarii Google Pay, pentru incurajarea finalizarii procesului de inregistrare, respectiv pentru realizarea tranzactiilor cu o anumita periodicitate. O astfel de activitate de prelucrare implica un proces decizional automatizat. Cu privire la aceasta, Utilizatorii au dreptul de a obtine interventia umana din partea Bancii, de a-si exprima punctul de vedere si de a contesta decizia luata pe baza prelucrarii automate, prin utilizarea cailor de contact indicate prin acesti Termeni si Conditii.

Furnizarea datelor cu caracter personal si a consimtamantului pentru aceste scopuri este voluntara, refuzul in acest sens nu va rezulta in vreo consecinta negativa pentru Utilizatori.

Consimtamantul exprimat cu privire la activitatile de prelucrare de mai sus poate fi retras in orice moment, fara a afecta legalitatea activitatilor de prelucrare efectuate inaintea retragerii, prin urmarea instructiunilor incluse in comunicarile comerciale transmise ori prin trimiterea unei cereri la datele de contact indicate mai jos.

Categoriile de date cu caracter personal prelucrate si sursa acestora

In vederea indeplinirii scopurilor de prelucrare mentionate anterior, Banca prelucreaza urmatoarele categorii de date cu caracter personal ale Utilizatorilor colectate din urmatoarele surse:

a. date furnizate de Utilizatori in mod direct Bancii si date generate de Banca, direct sau prin imputernicitii sai: nume, prenume, gen, data nasterii, numar de telefon, adresa de e-mail, voce, date privind autentificarea, cod numeric personal, date privind tranzactiile realizate prin Google Pay, date de card (numar card, cod IBAN, data de expirare si CVV), adresa de facturare, adresa de livrare, tara, date privind comportamentul rezultat din utilizarea Google Pay.

b. date colectate din alte surse, respectiv din partea Google: nume, prenume, adresa de facturare, date de card (data de expirare si CVV), date cu privire la dispozitivele utilizate pentru inregistrarea Cardului, gradul de securitate evaluat de Google in functie de dispozitivul/contul si numarul de telefon utilizate

pentu inregistrarea Cardului, date referitoare la recomandarea Google cu privire la inregistrarea Cardului in cadrul Google Pay, urmare a analizei efectuate de Google.

Banca nu prelucreaza datele biometrice din sistemul biometric al dispozitivului Utilizatorilor, cum sunt amprenta digitala – in cazul in care se utilizeaza functia de deblocare prin amprenta a dispozitivului sau imaginea faciala a Clientului – in cazul in care se utilizeaza functia de recunoastere faciala a dispozitivului. Aceste date si modelele biometrice asociate acestora sunt si raman stocate pe dispozitivul Utilizatorului si se supun regulilor de prelucrare stabilite si comunicate prin intermediul dispozitivului respectiv.

In masura in care Utilizatorii vor furniza in procesul de inregistrare a Cardurilor in Google Pay date cu caracter personal apartinand altor persoane fizice, avand in vedere imposibilitatea practica a Bancii de a asigura in mod direct informarea acestor categorii de persoane, este responsabilitatea Utilizatorilor sa informeze persoanele in cauza cu privire la prelucrarea datelor lor cu caracter personal de catre Banca si sa obtina consimtamantul acestora, in masura in care este necesar.

Categoriile de destinatari ai datelor cu caracter personal

Daca este necesar pentru indeplinirea scopurilor de prelucrare, Banca dezvaluie datele cu caracter personal ale Utilizatorilor catre urmatoarele categorii de destinatari: Utilizatori, in calitate de persoane vizate (in masura exercitarii dreptului de acces conform legislatiei aplicabile in materie), reprezentantii Bancii, alte persoane fizice sau juridice care prelucreaza datele cu caracter personal in numele sau impreuna cu Banca, entitatile din Grupul Raiffeisen, parteneri contractuali ai Bancii si ai entitatilor din Grupul Raiffeisen, autoritatea judecatoreasca, autoritati publice centrale si locale.

Transferul datelor cu caracter personal

Daca este necesar pentru indeplinirea scopurilor mai sus-mentionate, Banca va transfera anumite categorii de date cu caracter personal ale Utilizatorilor in afara Romaniei, atat in state din cadrul UE/SEE respectiv: Germania, Xxxxxx, Xxxxx Britanie, cat si in state din afara UE/SEE, respectiv catre Statele Unite ale Americii.

Banca isi va intemeia transferul datelor cu caracter personal pe baza clauzelor contractuale standard adoptate la nivelul Comisiei Europene sau alte garantii recunoscute de lege.

Este posibil ca pe parcursul desfasurarii activitatii, statele de transfer mai sus mentionate sa se modifice. Puteti obtine o lista actualizata cu statele unde se transfera datele cu caracter personal accesand Politica privind protectia datelor cu caracter personal si confidentialitatea, disponibila la link-ul xxxxx://xxx.xxxxxxxxxx.xx/xxxxxx-xxx/xxxxxxxx-xx-xxxxxxxxxxxxxxxxx/.

Durata prelucrarii

In vederea realizarii scopurilor de prelucrare mentionate, Banca va prelucra datele cu caracter personal pe durata indeplinirii scopurilor de prelucrare mentionate anterior, precum si ulterior, atunci cand exista o necesitate de afaceri legitima pentru a proceda astfel (de exemplu, pentru a furniza Utilizatorilor informatiile solicitate sau pentru a ne respecta obligatiile legale). Este posibil ca, in urma implinirii termenelor legale de arhivare, Banca sa dispuna anonimizarea datelor, lipsindu-le astfel de caracterul personal si sa continue prelucrarea datelor anonime pentru scopuri statistice.

Drepturile Utilizatorilor

Utilizatorii beneficiaza de urmatoarele drepturi in contextul prelucrarii de catre Banca a datelor cu caracter personal: dreptul la informare, dreptul de acces la date, dreptul la rectificare, dreptul la stergerea datelor („dreptul de a fi uitat”), dreptul la restrictionarea prelucrarii, dreptul la portabilitatea datelor, dreptul la opozitie, dreptul de a se adresa Autoritatii Nationale de Supraveghere a Prelucrarii Datelor cu Caracter Personal sau instantelor competente, in masura in care considera necesar.

Este posibil ca, in urma solicitarii de stergere a datelor, Banca sa anonimizeze aceste date (lipsindu-le astfel de caracterul personal) si sa continue in aceste conditii prelucrarea pentru scopuri statistice.

Informatii suplimentare si datele de contact ale Responsabilului privind Protectia Datelor

Pentru detalii suplimentare cu privire la activitatile de prelucrare efectuate de catre Banca, precum si pentru exercitarea drepturilor de care beneficiaza in acest context, Utilizatorii se pot adresa printr-o cerere scrisa, la adresele oricareia dintre unitatile Raiffeisen Bank SA (pentru lista completa a unitatilor, acceseaza pagina xxxxx://xxx.xxxxxxxxxx.xx/xxxxx/) sau printr-un e-mail catre Banca in acest sens, la urmatoarea adresa: xxxxxxxx@xxxxxxxxxx.xx.

De asemenea, Utilizatorii au posibilitatea de a contacta si Responsabilul privind Protectia Datelor desemnat la nivelul Bancii, la urmatoarea adresa de e-mail: xxx@xxxxxxxxxx.xx.

10. Diverse

Prezentii Termeni si Conditii au fost redactati in limba romana si engleza si sunt guvernati de legea romana. In cazul oricarui conflict sau neconcordanta intre versiunea in limba engleza si cea in limba romana a acestor Termeni si Conditii, versiunea in limba romana va prevala.

Google, Android, Google Pay sunt marci inregistrate ale Google LLC. Google Pay este o platforma pusa la dispozitie de Google Ireland Limited.

Terms and Conditions Regarding the Registration and Use of Cards Issued by Raiffeisen Bank in Google Pay Application

Based on the terms and conditions provided below, the modality of registering and using the cards issued by Raiffeisen Bank in Google Pay application is determined, and therefore, we advise you to carefully and fully read this document before accepting its content. If you do not agree with any of the provisions of these terms and conditions, we kindly ask you not to continue the process of registering the card issued by Raiffeisen Bank.

1. Definition of terms

“Application”/”Google Pay” refers to the payment platform provided by Google Ireland Limited through which the User may register cards issued by Raiffeisen Bank in order to make payments by using android devices compatible with this application.

“Google” refers to Google Ireland Limited with the registered office in Xxxxxx House, Barrow Street, Dublin 4, Ireland, the provider of Google Pay and other specific products and services.

“Bank”/”Raiffeisen Bank” refers to Raiffeisen Bank S.A., Romanian two tier corporate model, with the registered office in Bucharest 1, 246 C Sky Tower Building, registered with the Trade Register Office under no J40/44/1991, registered with the Bank Register under no. RB-PJR-40-009/1999, Sole Registration Code 361820, Tax Code for VAT purposes RO361820.

“Card” refers to any active debit/credit card issued by Raiffeisen Bank which can be registered and used in Google Pay in order to carry out payment operations.

“Client”/”User” refers to the main or additional User of credit card and/or debit card or Commercial Card issued by the Bank, as they are defined in the General Conditions for Natural Persons and Legal Persons to Carry Out Bank Operations.

„Terms and conditions” refers to the Terms and conditions regarding the registration and use of cards issued by Raiffeisen Bank in Google Pay application from this document, which is the legal contract concluded by the Bank with the Client.

“Token” refers to a unique sequence of figures in digital format, which ensures the secured substitution of the data of a Card registered by the User in Google Pay on an Google device.

2. General requirements

For the registration and use of Cards in Google Pay, at least the following conditions shall be complied with:

(i) The User should be a client of Raiffeisen Bank and he/she should be registered in the Bank’s systems with a valid telephone number;

(ii) The Client should have at least one main/additional Credit Card and/or Debit Card or Commercial Card active and issued by the Bank;

(iii) The Client should be the legitimate owner/holder of a compatible android device, as indicated on Google website: xxxxx://xxx.xxxxxx.xxx/xxxxx/;

(iv) The android device on which it is desired to register the Card should contain original software compatible with Google Pay application, active NFC technology and the operating system indicated by Google.

(v) The Client should comply with Google specific conditions for registration as User in Google Pay, and any other requirements established and/or requested by Google for using the Application. The Bank has no responsibility towards the User with regard to the requirements/conditions and/or any limitations/restrictions established by Google with regard to the use of the application or with regard to their modification and/or communication to the User.

The functionalities of Google Pay Application and also the modalities of locking/unlocking an Google device can be improved/modified by Google under the terms and conditions agreed and/or established with it.

The procurement by the User of the Services/products provided by other suppliers, like, without limitation to the provider of the device on which Google Pay application is installed, the mobile telephony network supplier, the traders whose websites or services integrate or allow the use of Google Pay, is regulated under their own contractual conditions regarding the supply of the respective services/products.

These suppliers/traders are third parties in relation to the Bank, the latter not being responsible for the legality, security or any other aspect related to the supply/deployment of such products/services. The user is fully responsible for reading and undertaking/complying with the contractual provisions made available by these third parties prior to the registration and/or use of the Card via Google Pay.

The Bank is not responsible and does not provide support or assistance for hardware, software or other products or services provided by third parties, like, for example, Google Pay Application or the device on which it is installed. For further questions or issues related to any product or service provided by Google or a third party, please, contact the respective provider/third party for support.

3. Registration and use of Cards issued by Raiffeisen Bank in Google Pay

3.1 Registration of Cards in Google Pay

The eligible cards which the User may register in Google Pay are as follows:

a) Cards issued by natural persons, i.e. Debit Cards and/or Credit Cards issued to the holder, and also the additional Cards issued by the Bank on the account of the Card holder, upon his/her request, on the name of a third party designated by the holder and registered as such into the Bank system;

b) Cards issued by legal persons, i.e. Debit Cards and/or Credit Cards issued by the Bank to the Commercial Card Users.

The Users may add in the Application Cards issued by Raiffeisen Bank through methods made available by the Application.

In addition, Card Users that have Raiffeisen Smart Mobile Service offered by the Bank can register the Cards from the application related to this service, so that the Card data will be taken directly into Google Pay, without the need to enter it manually the Google Pay Application.

For the authentication of the Card User to be registered in Google Pay, the Bank shall send a code via SMS (OTP – One Time Password) to the personal telephone number associated to the respective User into the Bank’s system. Prior to sending OTP code, Google Pay will display the last figures from the personal telephone number indicated by the Client in relation to the Bank. In case the Application User does not recognize the telephone number to which OTP code is to be sent, the Card shall not be registered. The User shall be advised to request assistance to the Bank by calling the Call Center service at the telephone numbers indicated in Section 7 below. OTP code sent for the purpose of identifying the User shall be communicated via SMS to the personal telephone number of the main or additional User of Credit and/or Debit Card or Commercial Card declared by him/her to the Bank in the latest form provided by the Bank for this purpose.

In justified cases, the Bank may decide to accept/reject the application for the registration of the Card in Google Pay. In case the registration application is rejected, the User may contact the Call Center of the Bank for support at the telephone numbers provided in Section 7 below.

As a result of the registration of the Card in Google Pay, a Payment Token of the respective Card (alternative card number) shall be generated, such Token being associated with the Card on the respective mobile device. The number of the Token is different from the number impressed on the Card registered in Google Pay in order to increase the security level of transactions.

The user has the possibility to register a Card issued by the Bank in Google Pay on several Google devices at the same time, for the registration of each Card being necessary to carry out the procedure set forth by these Terms and Conditions.

By registering the Card in Google Pay and validating it by inserting in the application OTP code received via SMS at the telephone number provided to the Bank by the User of the concerned Card, the Client confirms the capacity of Card User and acceptant of the Terms and Conditions. The Client understands that the Card shall be registered in Google Pay in order to be used when performing payment operations, according to Google and Google Pay terms and conditions and these Terms and Conditions.

For each registration of the same Card on different devices, a different Token shall be generated and associated with the concerned device.

The Cards are registered in Google Pay without the Bank levying any fee/tax.

3.2. Use of Token via Google Pay

After registering the Card in Google Pay according to the abovementioned provisions, the Token shall be used via Google Pay for:

(i) contactless payment at merchants, when it is associated to a mobile device, like Android or device compatible with Google Pay;

(ii) Internet transactions, on the websites and in the applications of the merchants which accept Visa and/or MasterCard for payment and displaying Google Pay option.

In addition, via the cards enrolled in Google Pay, can be performed cash withdrawal operations at compatible ATMs, which allow the use of the application. For ATM cash withdrawal, introduction of card PIN is also required on the ATM terminal.

The utilization of the facilities provided above are currently valid, but it is possible for Google to also provide other modalities of using Google Pay or to modify the existing ones, communicating them to the User by means agreed with this provider.

Google Pay may not be used in the case of the Cards for which the User has disabled the contactless transactions option. If the User has registered several Cards in Google Pay, the first Card registered on the device shall be selected as default for making the payments, the User having the possibility to modify the Card selected as default for payment in Google Pay.

The modality of using the Application in order for the Client to make the payments, and also the security elements used in order to authorize the payments (unlocking the device through Touch ID, Face ID etc.), are established by Google. For further details, and also for their updated versions, please access the support page of the provider.

4. Locking and deleting the Token

In justified cases, the Bank has the right to temporarily lock or delete the Token of the Client.

In particular, the bank reserves the right to temporary block / delete the token / tokens in the Application, in case Google vendor changes security policy of the Application and devices, so that it is not anymore compliant with national and European legal provisions applicable at the moment of changes.

During the temporary locking period, it shall no longer be possible for the Token to be used for payments via Google Pay.

The Token temporarily locked by the Bank may be unlocked when the cause which determined its locking ceases and it may continue to be used for payments in Google Pay. Deletion of a Token from the Application is definitive, and in order to resume the use of the Card in the Application it shall be necessary to cover again the registration stages described in Section 3 above.

The user has the possibility to request the Bank to temporarily lock or delete the Token by calling the Call Center at any of the telephone numbers provided in section “Support” of this document. When the cause determining the temporary locking ceases, the User may request for the Token to be unlocked as described above.

Irrespective of the possibilities provided by the Bank to the User for locking or deleting the Token, Google may provide to the User the possibility of temporary locking or deletion of the Token in its own applications, details in this respect being available on the support page of Google Pay provider. The Bank has the right to delete the Token in the following cases:

(i) the Bank takes note of the fact that the device which has the Application active or the Card was lost or compromised; the action of deletion shall be taken subsequent to the notification of the Bank by the User with regard to the occurred event; the User has the possibility of requesting the Bank to issue a new Card which he/she may register in Google Pay by covering all the stages provided in Section 3 above;

(ii) the Bank has suspicions with regard to the unauthorized/fraudulent use of the device on which the Application is active;

(iii) the User infringes the legal and/or contractual provisions, including in the case he/she fails to comply with these Terms and Conditions or with the rules of an adequate conduct, in this way being possible to cause any prejudice to the Bank;

(iv) when the User deletes the associated Google Pay account from the phone or resets the device with the app active on the device that has the associated Token;

(v) there is a legal provision which requires it, or there is a provision of a competent authority in this respect;

Upon expiring the validity period indicated on the Card registered in Google Pay, it shall be possible for the afferent Token to be used only after registering the renewed Card in Google Pay.

5. Obligations of the User and liability of the parties

The User shall register his/her Card in Google Pay only on devices which legally belong to him/her and he/she personally uses. After registering the Card, the User should take adequate safety measures in order to avoid the unauthorized use of the Token.

The User is bound to notify the Bank when the registered Card and/or device on which it was registered are lost/stolen or used without his/her consent, or to lock/request locking of the Token associated to it, according to the options provided in Section 4 above. Otherwise, the Bank shall not be responsible for the payments made with the Token until its notification with regard to the occurrence of one of the aforementioned events. The User is bound to keep safe the device on which the Application is installed, and also his/her Google Pay authentication. The Bank shall not be liable for the Token payments if they are made by other person with the consent of the User or as a result of the User failing to comply with his/her obligations.

The User is bound to keep the Card separate from the device on which it is registered in Google Pay.

The User is bound to monitor the transactions made with the Token and to immediately communicate to the Bank by calling the Call Center of the Bank any inconsistency or irregularity identified with regard to the transactions.

The User is bound to delete the Token associated to a device when he/she no longer uses the concerned device, and also when he/she intends to disable the methods of security against the unauthorized use of the device.

The Bank does not control such security methods and it is not liable for the losses caused as a result of their disabling by the User or for the way in which Google Pay or the provider of the device uses the respective security methods.

The registration and use of the Token depend on Google Pay and/or the network of the internet provider of the User. The Bank has no direct or indirect control over the operations of these providers, and it shall not be liable for any situation related to the services provided by them which could cause for the registration/use of the Token to be interrupted and/or hindered.

The Bank is not responsible for the security of the mobile device on which Google Pay is installed or for its operation, the Bank being held liable towards the Client only for the compliance with its legal obligations in the capacity of Card issuer.

The Bank is not responsible for any loss or moral or patrimonial damage caused by the failure to comply with these Terms and Conditions or for the loss or corruption of the Client's data, if such loss or corruption is not caused by the Bank or it is not under its control. Raiffeisen Bank is not liable towards the Client and/or third parties for any kind of direct or indirect damage, including, without limitation, loss of profit, unrealised gains and/or not benefiting from business opportunities or any other similar losses suffered by the Client as a result of outage or inadequate operation of the Application.

In order to limit potential prejudices caused by the use of the Token by third parties, Raiffeisen Bank recommends to the Client not to alienate/borrow the mobile device or to disclose its unlocking method.

Raiffeisen Bank cannot control the operating system of the mobile device used by the Client. Therefore, Raiffeisen Bank is not responsible for any kind of prejudices caused to the mobile device, including, without

limitation, any security breach caused by viruses, errors, deceptions, forgery, omission, discontinuation, outage, delay in operation or transmission, computerized lines or network breakdown or any other technical failure.

The Bank shall not be held liable for prejudices caused by making unauthorized payments generated by exposing the device of the Client to viruses and/or other applications/programs, and also by its theft.

6. Notifications

During the registration process and subsequently, during the utilization of the Application, it is possible for the Bank to contact the Client by means of one of several communication channels, including, without limitation: e-mail, letter, SMS notification, telephone call.

7. Support

For any issue related to the registration, locking/unlocking, deletion of a Card or making payments by using the Cards in Google Pay, the Client may contact the Bank via Call Center at any of the following telephone numbers:

- *2000 (telephone number with normal rate callable from any mobile telephony network from Romania) available 24/7;

- 0000000000000 (telephone number with normal rate callable from any mobile telephony network from Romania and abroad) available 24/7.

8. Modification of the Terms and Conditions

The Terms and Conditions shall be properly supplemented with the General Conditions for Natural Persons (“CGB-PF”) and Legal Persons (“CGB-PJ”) to Carry Out Bank Operations, with the specific Debit Card/Credit Card Contract concluded with the Bank and with the List of Tariffs and Fees applicable to Natural Persons and Legal Persons. These Terms and Conditions, General Conditions for Bank Operations and List of Tariffs and Commissions applicable to Natural Persons and Legal Persons can be accessed at any time on the website of the Bank at xxx.xxxxxxxxxx.xx.

The Bank may modify the Terms and Conditions by complying with CGB-PF and CGB-PJ provisions. The new versions of the revised Terms and Conditions shall be available in Google Pay application and on the website of the Bank, the Client being bound to inform himself/herself with regard to their new content.

The Client has the possibility to remove the Cards from the application at any time, in case he/she does not agree with any of the provisions of the new version of the Terms and Conditions.

9. Personal data processing

In the capacity of operator, the Bank processes the personal data of the Users who wish to use Google Pay, as provided in these Terms and Conditions, in accordance with the legal provisions applicable in the field of personal data protection. This section is properly supplemented with CGB-PF and CGB-PJ provisions and the Policy Regarding Personal Data Protection and Confidentiality available at xxxxx://xxx.xxxxxxxxxx.xx/xxxxxx- noi/politica-de-confidentialitate/.

Processing the personal data of the Users by Google and/or third parties in the context of using Google Pay shall be subject to the conditions of the confidentiality policies or other documents by which these entities carry out the information from the perspective of personal data protection. The Bank has no control or

responsibility with regard to the way in which Google and/or other third parties process the personal data of the Users who opt for the registration of the Cards in Google Pay.

Processing purposes and grounds

The Bank processes personal data of the Users for the following purposes and on the following processing grounds:

i. In order to comply with the legal obligations, for the following purposes: ensuring compliance with the legal requirements which are the responsibility of the Bank, including those on knowing the clients for the purpose of preventing money laundry and fighting terrorism funding.

Providing personal data for these purposes is necessary. Refusal in this respect may result in the impossibility of the Users to register their cards in Google Pay.

ii. Based on the contract concluded by the Bank with the Users (represented by these Terms and Conditions), for the following purposes:

⮚ concluding, deploying and managing the contractual relationship with the Users by ensuring the supply of all services and specific functionalities provided in these Terms and Conditions. The process for the registration of the Card in Google Pay is completed by taking a decision, without human intervention, which to be based on an exclusively automatic processing and which it is possible to result in the refusal to register the Card in Google Pay. Such decision shall be taken after carrying out the process for the registration of the Card and after reviewing the information provided by Google to the Bank, including the recommendations received from Google in this respect. Such processing activity involves an automated decision- making process. In this respect, the Users have the right to obtain human intervention from the Bank, to express their viewpoint and to challenge the decision taken based on automatic processing by using the means of contact indicated in these Terms and Conditions;

⮚ providing the necessary technical support by reference to the specificity of the provided services and functionalities;

⮚ carrying out the banking transactions in good conditions;

⮚ optimizing the financial and banking services;

⮚ managing data quality;

⮚ managing complaints and notifications received with regard to the provisions of these Terms and Conditions;

⮚ sending notifications, including via SMS, which are necessary by reference to the provided services and functionalities, for example: sending an SMS containing a code (OTP – One Time Password) necessary in order to identify the Users of the Card which is to be registered in Google Pay; notification of the Users for the purpose of confirming the registration of the Card in Google Pay; notification of the Users in order to provide technical support necessary in case of issues/difficulties in the process of registering the Card in Google Pay; sending an SMS for each transaction made via Google Pay.

Provision of personal data for these purposes is necessary in order to conclude the contract with the Bank. Refusal in this respect may result in the impossibility of the Users to register their Cards in Google Pay.

iii. Within the legitimate interest of the Bank, for the following purposes:

⮚ Identifying the segment of Bank clients who would be interested in using Google Pay in order to make payments with the cards issued by the Bank;

⮚ ascertaining, exercising and defending rights of the Bank in the court;

⮚ carrying out statistical analyses;

⮚ improving the working processes and experience of the Users.

The legitimate interest of the Bank consists in taking the necessary measures in order to ensure the rights of the Bank in relation to the Users, and to improve the services and products provided by the Bank. Providing personal data for the abovementioned purposes is not a legal or contractual obligation of the Users. Nevertheless, in certain situations, the refusal to provide the data for these purposes could result in the impossibility for the Users to register their Cards in Google Pay.

iv. Based on the consent of the Users, for the following purposes:

⮚ sending commercial notifications by remote means of communication in order to promote the possibility of using Google Pay for the purpose of paying with Cards.

Such notifications may also be sent in order to encourage those Users who (a) have initiated the process of registration of the Card in Google Pay, but have not completed it, or who (b) have registered their Card in Google Pay, but have not made transactions via Google Pay on regular basis.

⮚ continuous evaluation of the interaction of the users with Google Pay in the context of the Cards registration, in order to create user profiles. Based on the profiles created, decisions will be made, without human intervention, which in certain situations could result in the Bank granting to users of some benefits/advantages in context of using Google Pay, to encourage the completion of the registration process, respectively to carry out transactions with a certain periodicity. Such processing activity implies an automated decision-making process. In this respect, the Users have the right to obtain human intervention from the Bank, to express their viewpoint and to challenge the decision taken based on automatic processing by using the means of contact indicated in these Terms and Conditions.

Providing personal data and expressing consent for these purposes is voluntary. Refusal in this respect will not result in any negative consequence for the Users.

The consent expressed with regard to the abovementioned processing activities may be withdrawn at any time, without affecting the legitimacy of the processing activities carried out prior to withdrawal, by following the instructions included in the provided commercial notifications or by submitting an application at the contact data indicated below.

Categories of processed personal data and their source

In order to meet the aforementioned processing purposes, the Bank processes the following categories of personal data of the Users collected from the following sources:

a. data directly provided by the Users to the Bank and data generated by the Bank, whether directly or through its data processors: first name, last name, gender, date of birth, telephone number, e-mail address, voice, authentication data, personal identification number, data regarding the transactions made via Google Pay, card data (card number, IBAN code, expiry date and CVV), billing address, shipping address, country, data regarding the behaviour resulted from using Google Pay.

b. data collected from other sources, i.e. Google: first name, last name, billing address, card data (expiry date and CVV), data with regard to devices used for Card registration, level of security assessed by Google depending on the device/account and telephone number used for Card registration, data concerning Google recommendation with regard to Card registration in Google Pay, as a result of the analysis carried out by Google.

The Bank does not process biometric data from the biometric system of the Users’ devices, such as fingerprint

– in case Touch ID of the device or the facial image of the Client is used – in case Face ID feature of the device is used. These data and their associated biometric models are stored and kept on the device of the User and they are subject to the processing rules established and communicated through the respective device.

To the extent the Users provide in the process of registering the Cards in Google Pay personal data belonging to other natural persons, considering the practical impossibility of the Bank to directly ensure the notification of such categories of persons, it is the responsibility of the Users to notify the concerned persons with regard to processing their personal data by the Bank, and to obtain their consent to the extent necessary.

Categories of personal data recipients

If necessary for meeting the processing purposes, the Bank shall disclose the personal data of the Users to the following categories of recipients: Users, in the capacity of concerned persons (to the extent the right of access is exercised according to the applicable relevant legislation), representatives of the Bank, other natural or legal persons who process the personal data on behalf of or together with the Bank, Raiffeisen Group entities, contractual partners of the Bank and of Raiffeisen Group entities, law court, central and local public authorities.

Transfer of personal data

If necessary in order to meet the abovementioned purposes, the Bank shall transfer outside Romania certain categories of personal data of the Users, both in EU/EEA states, namely: Germany, France, UK, and non- EU/EEA states, namely United States of America.

The Bank shall ground its transfer of personal data on the standard contractual clauses adopted by the European Commission or on other guarantees acknowledged by the law.

It is possible that, while carrying out the activities, the abovementioned transfer states are modified. You can obtain an updated list of the states in which the personal data are transferred by accessing the Personal Data Protection and Confidentiality Policy at xxxxx://xxx.xxxxxxxxxx.xx/xxxxxx-xxx/xxxxxxxx-xx-xxxxxxxxxxxxxxxxx/.

Processing period

In order to meet the abovementioned processing purposes, the Bank shall process the personal data during the compliance with the aforementioned processing purposes, and also subsequently, if a legitimate business necessity arises in order to proceed as such (for example, for the purpose of providing the Users with the requested information, or for complying with our legal obligations). Upon reaching the legal archiving terms, it is possible for the Bank to order the anonymization of the data, in this way depriving them of their personal character, and to continue processing the anonymous data for statistical purposes.

Rights of the Users

The Users benefit from the following rights in the context of the Bank processing their personal data: right to information, right to access data, right to rectification, right to delete the data (“right to be forgotten”), right to limit processing, right to data portability, right to oppose, right to address to the National Supervisory Authority for Personal Data Processing or to the competent courts, to the extent they consider necessary.

As a result of requesting the deletion of the data, it is possible for the Bank to anonymize such data (in this way depriving them of their personal character) and to continue their processing for statistical purposes under these conditions.

Additional information and contact data of the Data Protection Manager

For further details with regard to the processing activities carried out by the Bank, and also for the purpose of exercising the rights which they currently benefit from, the Users may send a written request to the addresses of any of Raiffeisen Bank SA units (for the complete list of the units, please, go to xxxxx://xxx.xxxxxxxxxx.xx/xxxxx/) or via e-mail to the Bank in this respect, at the following address: xxxxxxxx@xxxxxxxxxx.xx.

Moreover, the Users have the possibility to also contact the Data Protection Officer appointed at Bank level at the following e-mail address: xxx@xxxxxxxxxx.xx.

10. Miscellaneous

These Terms and Conditions were drawn-up in both Romanian and English, and they are governed by the Romanian law. In case of any conflict or inconsistency between the English version and Romanian version of these Terms and Conditions, the Romanian version shall prevail.

Google, Android, Google Pay are trademarks of Google LLC. Google Pay is a platform made available by Google.