Terms and Conditions
1. General
1.1. DSK Bank AD is registered in Bulgaria credit institution having its seat and management address in Sofia 1036, 19, Moskovska Str., registered in the Trade Register of the Registry Agency under UIC 121830616 (“DSK Bank”).
1.2. TPPs are: Account Information Service Providers (AISP), Payment Initiation Service Providers (PISP) and Payment service providers, issuing card-based payment instruments, asking whether an amount necessary for the execution of a card-based payment transaction is available on the payment account of the payer (PIISP). Hereinafter TPPs are referred as “TPP” or as “API User”
1.3. DSK Bank provides access to the following infrastructure:
(a) Sandbox for test environment which is intended to be a secure test environement where API Users can try out their services using dummy data.
(b) Access to production environment – Open APIs, where API Users are providing payment services.
1.4. DSK Bank provides access to its infrastructure only to API Users which are registered according to the Bulgarian and European legislation. When registering to use DSK Bank’s open APIs the TPP needs to submit a valid PSD2 eIDAS certificate – QWAC for identification purpose.
1.5. Some of the terms, used in these Terms and conditions shall have the meanings given to them in the Glossary in Schedule 1.
2. Entire Agreement and Scope of the Terms
2.1. Notwithstanding any provisions in any (current or future) agreement between the Parties, these Terms and conditions (the “Terms”) constitute the entire agreement, that is called – “Participation Conditions”. In respect of the matters dealt with in it, the Participation Conditions supersede any previous agreements between the Parties or any of them relating to such matters notwithstanding the terms of any previous agreement or arrangement expressed to survive termination.
2.2. The Participation Conditions set out the role and responsibilities of DSK Bank and each API User, including the API Users’ access to the Open Data made available through the DSK Bank API
2.3. These Terms are in accordance with Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (PSD II), with Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication, and the Bulgarian Law on Payment Services and Payment Systems and the Bulgarian Law, including the Payment Services and Payment Systems Act.
2.4. By registering on the DSK Bank’s API Portal website (the “Portal”) to use the Open APIs or to use the Sandbox, the API User agrees to comply with these Terms and conditions.
3. Registration
3.1. The registration of the API User is fulfilled electronically, remotely and difers, depending on the registration purposes – to use the sandbox, or the Open APIs Portal. During the registration, the API User specifies his e-mail address.
3.2. Registration for DSK Bank’s Sandbox:
3.2.1. The Portal provides documentation and a sandbox for the APIs that will be provided by DSK Bank. The TPP must register remotely through the website at www.developer.dskbank.bg for access. The Bank may reject the application in its discretion without the need to provide any reasons. By registering, the API user agrees that it will disclose to DSK Bank any actual or potential conflicts of interest with respect to the registration.
3.2.2. Upon successful registration, the API user may be provided with access credential, user names, passwords and other account information (the “Credentials”). The Credentials are, and will remain, property of DSK Bank and the API user is granted a nontransferable license to use the Credentials for the sole purpose of participating in the Portal. The API user must keep the Credentials confidential and may not sell, transfer, sublicense, or otherwise disclose them to any other person or for any other purpose. If the API user becomes aware or suspects that the confidentiality of the Credentials has been compromised, the API user is obliged to inform DSK Bank without undue delay. It must not attempt to circumvent or modify any Credentials or other security mechanism used by DSK Bank in connection with the Portal.
3.3. Access to DSK production environment is provided after successfully passed test of APIs, given by DSK Bank certification and approval for giving that access to the TPP and after agreeing with these Terms and conditions.
3.4. DSK Bank provides to the API user the following APIs for:
(a) DSK Client enrollment service for the TPP (for AISP, PISP and PIISP).
(i) DSK Client enrollment service for the TPP (for AISP, PISP and PIISP).
(ii) DSK Client enrollment service for the TPP (for AISP, PISP and PIISP).
(iii) DSK Client enrollment service for the TPP (for AISP, PISP and PIISP).
(b) Account Balance service (for AISP and PISP) in accordance with the requirements of Art. 73 of the Payment Services and Payment Systems Acts.
(c) Statement information for last 3 months (for AISP and PISP).
(d) Payment initiation service (for PISP only) in accordance with the requirements of Art. 72 of the Payment Services and Payment Systems Act.
(e) Confirmation whether an amount necessary for the execution of a card-based payment transaction is available on the payment account of the payer (for PIISP) in accordance with the requirements of Art. 71 of the Payment Services and Payment Systems Act. The confirmation may and shall consist only in a simple ‘yes’ or ‘no’ answer and not in a statement of the account balance. That confirmation shall not be stored or used for purposes other than for the execution of the card-based payment transaction.
4. API User Obligations
4.1. When a payment is initiated by Payment initiation service provider, each API User is obliged:
(a) to ensure that he does not hold at any time the payer’s funds in connection with the provision of the payment initiation service;
(b) to ensure that the personalised security credentials of the payment service user are not accessible to other parties and that they are transmitted by the payment initiation service provider through safe and efficient channels;
(c) to ensure that any other information about the payment service user, obtained when providing payment initiation services, is only provided to the payee and only with the payment service user’s explicit consent;
(d) to identify itself towards DSK Bank and communicate with DSK Bank, the payer and the payee in a secure way, in accordance with the requirements set out in a delegated instrument adopted by the European Commission on the grounds of Article 98(4) of Directive (EU) 2015/2366;
(e) to ensure that it does not store sensitive payment data of the payment service user;
(f) to ensure that it does not request from the payment service user data other than those necessary to provide the payment initiation service;
(g) to ensure that it does not use, process or store any data for purposes other than for the provision of the payment initiation service as explicitly requested by the payer;
(h) to ensure that it does not modify the amount, the payee or any other feature of the transaction;
(i) to prove, within its sphere of competence, that the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or some other deficiency relating to the payment service for which the payment initiation service provider was responsible;
Where a payment service user denies having authorised a payment transaction, the use of a payment instrument recorded by the payment initiation service provider, shall in itself not be sufficient to prove either that the payment transaction was authorised by the payer or that the payer acted fraudulently or failed with intent or gross negligence to fulfil one or more of his obligations under Art. 75 of the Payment Services and Payment systems Act. The payment initiation service provider, shall provide supporting evidence to prove fraud or gross negligence on part of the payment service user;
(j) where the payment initiation service provider is liable for the unauthorised payment transaction, it shall immediately compensate DSK Bank at its request for the damages incurred or sums paid as a result of the refund to the payer, including the amount of the unauthorised payment transaction.
It is for the payment initiation service provider to prove in accordance with Art. 78(2) of the Payment services and payment systems Act that within its sphere of competence the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or some other deficiency of the payment service for which the payment initiation service provider was responsible.
4.2. The account information service provider shall be obliged to:
(a) provide services only where based on the payment service user’s explicit consent;
(b) ensure that the personalised security credentials of the payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that when they are transmitted by DSK Bank, this is done through safe and efficient channels;
(c) every time when making contact, identify itself towards DSK Bank and communicate with DSK Bank and the payment service user in a secure way, in accordance with the requirements set out in a delegated instrument adopted by the European Commission on the grounds of Article 98(4) of Directive (EU) 2015/2366;
(d) use only the information from designated payment accounts and associated payment transactions;
(e) not request sensitive payment data linked to the payment accounts;
(f) not use, process or store any data for purposes other than for performing the account information service explicitly requested by the payment service user.
4.3. A payment service provider issuing card-based payment instruments can request confirmation whether an amount necessary for the execution of a card-based payment transaction is available on the payment account of the payer in DSK Bank provided that the following conditions are met:
(a) the payer has given explicit consent to the payment service provider to request such confirmation;
(b) the payer has initiated the card-based payment transaction using a card-based payment instrument issued by the payment service provider; and
(c) the payment service provider issuing card-based payment instruments authenticates itself towards DSK Bank before each confirmation request, and securely communicates with DSK Bank in accordance with the requirements set out in a delegated instrument adopted by the European Commission on the grounds of Article 98(4) of Directive (EU) 2015/2366.
(d) The confirmation shall consist only in a simple ‘yes’ or ‘no’ answer and not in a statement of the account balance. That confirmation shall not be stored or used for purposes other than for the execution of the card-based payment transaction.
4.4. In addition to the above obligations of the TPPs, originating from their specific roles and services that they are providing, each API User (of the sandbox or of the Open APIs) shall have also the following responsibilities:
(a) Each API User will carry out the processes associated with its role in open banking as set out in the Participation Conditions. Each API User will be bound by and will be responsible for its obligations under these Terms. DSK Bank will not be responsible for the performance of any obligation or duty owed by any API User under these Terms.
(b) Each API User is responsible for ensuring that it has taken all technical and organizational measures to access DSK Bank’s Open Data and to perform its obligations under the Participation Conditions.
(c) Each API User is responsible for the operation and security of its Participant System and will amongst other:
(i) take reasonable steps to protect its hardware, software, data and other from viruses, malware, and other internet security risks;
(ii) take reasonable steps to prevent the introduction by any unauthorized third parties, or by its agents or personnel of any computer viruses (including worms, trojan horses or other contaminants, and any code which can be used to access, modify, delete or damage any Open Data, files or other computer programs) into any Open Data made available through the DSK Bank APIs;
(iii) take any and all action reasonably required and which is within its power to exclude it from access to the Open APIs if it or anyone associated with it is engaging, knowingly or otherwise, in virtual attacks or similar on the DSK Bank APIs;
(iv) take reasonable steps to prevent the unauthorized use of the electronic information system. Such use will involve – in case of committing any crime – the criminal and / or civil liability of the user.
(d) Each API User is obliged to provide to DSK Bank only with information that is real and accurate;
(e) Each API User is responsible for all activities that occur when the TPP is using DSK Banks Open APIs and sandbox;
(f) Each API User agrees and acknowledges that they may be required to co-operate with the supervisory authorities from time to time, or as required by Applicable Law, as part of their participation in the DSK Bank Services;
(g) Each API User is required to develop their system in order to call the API in line with the Security and Technical Standards of DSK Bank, published on its web site;
(h) Each API User that has a concern about the operation or conduct on an API Provider or API User, must raise it immediately with DSK Bank, who may invoke an investigation and deliver a decision on the issue.
(i) Each API User is responsible for all activities that occur under the usage of its Credentials, regardless whether undertaken by the TPP or someone else.
(j) Each API User is obliged to comply with all legal requirements and refrain from creating content that is unlawful or otherwise objectionable, or any content that may be construed as such.
(k) Each API User is prohibited from, and must not engage, in any of the following activities:
- reverse engineer, dissemble, reconstruct, or decompile any object code of the Portal, any DSK Bank test data, the DSK Bank API(s) or any other data provided by DSK Bank in connection with the Portal (the “DSK Content”);
- attempt unauthorized access to, or use of, DSK Bank’s services or systems;
- damage, disrupt, or otherwise negatively affect the operation of DSK Bank’s services or systems;
- engage in any activity that prevents any other user from using the DSK Content;
- use any robot, spider, site search or other application to retrieve or index DSK Content;
- collect information about other users or
- introduce any viruses or other malicious code.
5. Role and Responsibilities of DSK Bank
5.1. DSK Bank will provide the services set out below and perform all of its other obligations under the Participation Conditions with reasonable skill and care and in accordance with Applicable Law.
5.2. DSK Bank shall ensure that it carries out the following administrative and other functions prior to, and where applicable:
(a) publish Security and Technical Documentations on APIs;
(b) creating and maintaining the User Guides;
(c) publishing the DSK Bank APIs as URLs on the DSK Bank website.
6. Resignation by an API User
6.1. Any API User (the "Resigning API User") may end its participation in the DSK Bank Services by giving DSK Bank at least 20 Business Days written notice.
6.2. On or after the date when DSK Bank receives notice from a Resigning API User, DSK Bank shall have the right to publish a written notice stating that the Resigning API User will cease to be an API User of the DSK Bank Services because it has resigned together with the time and date when such cessation will take effect, and will update the Directory accordingly.
7. Intellectual Property Rights
7.1. Except as expressly provided in the Participation Conditions, no Party shall acquire any proprietary rights, title or interest in or to any Intellectual Property Rights of another Party or any other Participant pursuant to the Participation Conditions.
7.2. Each of the Parties acknowledges and agrees that all Intellectual Property Rights in any Open Data or other information will at all times remain with the Party or Participant from which such Open Data or other information originated (or its licensors), whether the Open Data or other information is in human or machine readable form.
7.3. The Portal is and remains property of DSK Bank and is protected by applicable intellectual property laws.
The API User of the electronic information system provided by DSK Bank (DSK Bank Open APIs and Sandbox) acknowledges that the sole owner of the electronic information system is DSK Bank and any rights related to the system belongs solely to DSK Bank. Based on the above, the use of the electronic information system can be monitored, logged and recorded by DSK Bank.
7.4. DSK Bank hereby grants to each API User upon registration a limited, revocable, non-exclusive, non-transferable, non sub-licensable (see the conditions of Clause 14.2) royalty-free licence to use the Portal for the duration of such API User's participation in the DSK Bank Services, to use, distribute and copy the Documentation solely to the extent necessary to carry out the API User's obligations under these Terms and Conditions.
7.5. Each API User shall only use, distribute or copy the Documentation as expressly provided in Clause 7.4.
7.6. No API User shall delete, remove or in any way obscure any proprietary notice of DSK Bank on any copy of the Documentation or part thereof.
7.7. Each API User ("Licensor") hereby grants to DSK Bank ("Licensee") a perpetual, non-exclusive, non-transferable, royalty-free licence in respect of all information which is owned by (or licensed to) the Licensor and provided to the Licensee (such information being "Licensed Information") to access, use, reproduce (in whole or in part), store, electronically distribute, and display the Licensed Information (the object code and other content that the API user uploads, programs on the Portal, in paper, electronic or any other form) as required or permitted to carry out the Licensee's obligations, or to exercise the Licensee's rights, under these Trems and Conditions. The API user warrants that it has the intellectual property rights in any content uploaded to, or programmed on, the Portal by it and that such content does not violate or infringe the intellectual property rights of any third party. The API user remains solely responsible for any such content, and DSK Bank disclaims any and all liability for such content. The API user shall indemnify and hold harmless DSK Bank from any costs or damages suffered by DSK Bank as a result of a third party bringing or threatening any claim or action against DSK Bank on the grounds that such content or any other material provided or used by the API user in connection with the Portal infringes the intellectual property rights or other rights of any third party.
8. Confidential Information and personal data protection
8.1. In relation to any Confidential Information accessed by or disclosed to any Party ("Recipient") by or on behalf of another Party ("Disclosing Party"), the Recipient undertakes to the Disclosing Party:
(a) to keep all such Confidential Information confidential;
(b) not to use any such Confidential Information for any purpose other than the purpose for which it is supplied under the Participation Conditions;
(c) not to disclose any such Confidential Information except to its employees, agents or sub-contractors if and to the extent they need to know such Confidential Information to perform the Recipient's obligations under the Participation Conditions or in connection with the proper operation of the DSK Bank Services in accordance with the Participation Conditions and provided always that they will not use any such Confidential Information for any purpose other than the purpose for which it is supplied under the Participation Conditions;
(d) to use its best endeavours to prevent the disclosure of any such Confidential Information to, or access to any such Confidential Information by, any third party without the prior written consent of the Disclosing Party except for disclosure to or access by the Recipient's professional advisers or as may be required by law or any legal or regulatory authority; and
(e) to use a reasonable degree of care to protect all such Confidential Information and in any event not less than the degree of care which the Recipient uses to protect its own Confidential Information.
8.2. The obligations of confidentiality in this Clause 8 will not apply to any Confidential Information to the extent that the information:
(a) concerns the API User's participation in the DSK Bank Services and each API User consents to the publication of the fact that it is an API User of the DSK Bank Services and to the publication by DSK Bank of any notice pursuant to Clause 14.4.;
(b) is in, or comes into, the public domain other than as a result of a breach of this Clause 8 or any other duty of confidentiality relating to such information;
(c) was, is or becomes available to the Recipient on a non-confidential basis from a person who is not bound by any obligation of confidence in respect of, or otherwise prohibited from disclosing, such information to the Recipient;
(d) was known to the Recipient before its disclosure by the Disclosing Party; or
(e) is developed by or for the Recipient independently of the information disclosed by the Disclosing Party.
8.3. Each Party will be permitted to disclose any Confidential Information to the extent it is required to do so:
(a) to enable the Recipient to perform its obligations, or exercise its rights, under the Participation Conditions;
(b) by any Applicable Law or by any court, arbitral or administrative tribunal in the course of proceedings before it, any government agency or regulatory body lawfully requesting the same or by the regulations of any stock exchange provided that (to the extent not prohibited by law or order of court, arbitral or administrative tribunal, government agency or regulatory body, or stock exchange regulation) the Recipient promptly notifies and consults with the Disclosing Party in advance in relation to the timing and content of such disclosure; or
(c) in order to give proper instructions to any professional adviser of the Recipient who has an obligation to keep such Confidential Information confidential.
8.4. The Recipient will comply promptly with any and all reasonable instructions given by the Disclosing Party, from time to time, in connection with the use of all or any of the Confidential Information of or relating to the Disclosing Party.
8.5. The Recipient will not acquire any right in, or title to, any Confidential Information belonging or relating to the Disclosing Party.
8.6. The obligations in this Clause 8 will survive the cessation of the Disclosing Party's and/or the Recipient's participation in the DSK Bank Services.
8.7. The Bank and The API Users are exchanging personal data of their staff or other persons who are assigned to manage relations between them, on the grounds of concluded contract between and/or in compliance with the Banks’ obligation by law to provide The TTP access to its’ infrastructute.
8.8. The personal data could be provided to persons, to whom the Bank or The API Users have assigned to process the data by organizational reasons, to auditors, authorities, to persons from the corporate group that the Bank or API users are belonging to and to another persons in case of any legislative reasons.
8.9. The personal data under clause 8.7. shall be stored for 5 years after termination of relations between the Bank and API User, unless a longer period is required by the relevant legislation. After the expiration of that period, the parties shall delete the personal data, unless there is another reason to process.
8.10. With regard to the processing under Clause 8.7., DSK Bank publishes on the Portal information on personal data processing which the API Users shall bring to the attention of persons whose data it has provided, in a manner allowing for unequivocal proof.
8.11. The API Users and The Bank are separate data Controllers according to the provisions of General Data Protection Regulation and shall process the personal data contained on the Portal of data subjects – clients of DSK Bank in accordance with the requirements of Regulation (EC) 2016/679 and the applicable Bulgarian legislation.
9. Warranties
9.1. The API User warrants, represents and undertakes to DSK Bank that:
(a) it has the necessary rights to perform its rights and obligations under the Participation Conditions;
(b) it has full legal authority to enter into the Participation Conditions;
(c) all information provided by or on behalf of such API User to DSK Bank is accurate and complete; and
(d) each representative of its operational team, and each representative of its senior management has full authority to bind such API User in relation to the conclusion and execution of the Agreement and the Participation Conditions in whole.
9.2. DSK Bank warrants, represents and undertakes to the API User that:
(a) it has the necessary rights to perform its rights and obligations under the Participation Conditions; and
(b) it has full legal authority to enter into the Participation Conditions.
9.3. To the fullest extent permitted by law, and unless expressly set out to the contrary in the Participation Conditions, all warranties and terms which would otherwise be implied by law, custom or usage are excluded from the Participation Conditions.
9.4. In accordance with the applicable legislation, all access to the DSK Bank APIs is made available to API Users on a continuous basis and under the subscribtion conditions, stated in the Agreement, if any, and all Open Data shall be as accurate, comprehensive and up to date as reasonably practicable. API Users agree that access to the DSK Bank APIs and use of the Open Data is at their sole risk.
10. No Warranties and Limitation of Liability
10.1. The Portal and the DSK Content are provided “as is”, and use of the Portal is entirely on the API users’ risk. DSK Bank disclaims all warranties and does in particular not provide any warranty in respect to the Portal as being error free, with respect to its availability or accuracy. DSK Bank shall not be liable to the API user neither for intent or gross negligence, nor for ordinary negligence. This shall not apply if such exclusion would contravene applicable law. DSK Bank is not liable for damage caused by third parties. In the case the registration of the API user is terminated, DSK Bank shall not be held liable for any damages incurred by the API user.
10.2. The information contained in the Portal is for information purposes only and does not constitute a proposal, offer, contract or other binding DSK Bank statement. DSK Bank does not hold itself out as providing legal, financial or other advice via the Portal.
10.3. The use of hyperlinks in the Portal is at the API users’ risk. DSK Bank provides hyperlinks to other locations on the Internet for information and convenience purposes only. No endorsement of third party web sites or content is implied. DSK Bank is not responsible for the content of any other web sites or pages linked to or from the Portal. DSK Bank has not verified the content of any such web sites, or pages. It is recommended that the API user views the linked website's terms and privacy notice pages to understand how the use of that website may affect the user.
11. Compliance with Laws and Regulations
11.1. Each API User is responsible for ensuring that it, its subcontractors, agents, nominees and anyone carrying out its obligations under the entire Agreement, including these Terms, on its behalf comply with any Applicable Law governing the access and use of API.
11.2. Nothing in the Participation Conditions will require an API User to perform any obligation or to take or omit taking any action that would place it in breach of any Applicable Law.
11.3. Each API User will promptly provide, at its own cost and expense, all information within its possession or control that is reasonably requested by DSK Bank to enable DSK Bank to comply with Applicable Law or to comply with an information request from a Supervisory Authority. All information disclosed by API Users will be subject to the obligations of confidentiality under the Participation Conditions.
12. Liability
12.1. The TPP is responsible for the execution of the payment services it is providing according to all requirements for it under the applicable Bulgarian and European legislation and under the Participation Conditions.
12.2. DSK Bank shall not exercise control over the subject or over the correspondence of the transactions and services of the TPP with the legal requirements, unless otherwise provided for in the applicable legislation.
12.3. DSK Bank shall not be liable for any damages suffered by the TPP as the result of incorrect use of the API or of the TPPs’ impossibility to connect to the DSK Banks’ API.
12.4. DSK Bank is not a part of the TPPs contracts with payment service users of the TPPs services and does not bear any kind of responsibility arising of their relations.
12.5. In addition to the other obligations according to the Participation Conditions, includind those in Clause 3 above, the payment initiation service provider shall be responsible also for:
(a) The burden to prove that the payment order, initiated by it, was received by DSK Bank in accordance with Art. 83 of the Payment services and Payment systems Act and that within its sphere of competence the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the non-execution, defective or late execution of the transaction.
(b) Where the payment initiation service provider is liable for the non-execution, defective or late execution of the payment transaction, it shall immediately compensate DSK Bank at its request for the losses incurred or sums paid as a result of the refund to the payer.
12.6. Where DSK Bank has beared liability, including as a result of the actions of TPP, the TPP who has caused the non-execution or the defective execution of the payment transaction shall compensate DSK Bank who has taken responsibility, for any losses incurred.
12.7. Where a payment initiation service provider is liable for defectively executed payment transactions as a result of which the funds have been wrongly transferred to an account with a unique identifier other than the one specified in the payment order, or for an unauthorised payment transaction as a result of which the payee’s account has been credited with an amount other than that specified by the payer in the payment order or where the payment transaction is executed more than once, he can request a correcting transfer directly to the payee’s payment service provider or through DSK Bank within 5 business days of the date on which the payer’s payment service provider has refunded the amount of the incorrectly executed payment transaction into the payer’s account, but not later than one month after having been informed by the payer, or in another way, of the defectively executed payment transaction.
12.8. In addition to the above, in case of failure to fulfill any of the obligations under the Participation Conditions, each party shall be obliged to pay damages to the other party for any actually incurred damages as the result of its acts, or omissions to act, its behaviour or the behaviour of its employees, or other persons with assigned tasks in connection with the execution of the Contract, or the omission of such behavior by it or by the aforementioned third parties and employees.
12.9. Nothing in the Participation Conditions will exclude or limit a Party's liability under or in connection with the Participation Conditions:
(a) for death, personal injury or breach of the Participation Conditions, resulting from the negligence of that Party or its officers, agents, employees or sub-contractors;
(b) for fraud or fraudulent misrepresentation;
(c) to any Supervisory Authority; or
(d) for any other matter in respect of which liability cannot by Applicable Law be excluded or limited.
12.10. Each Party will use its reasonable endeavours to minimise and mitigate any Loss and/or damages for which it is entitled to bring a claim against another Party.
12.11. Nothing in these Terms shall prevent any Supervisory Authorithy from imposing financial or administrative penalties on API Users for breaches of the Participation Conditions and/or the applicable law.
12.12. Each of the Parties represents and agrees that in entering into the Participation Conditions it does not rely on, and will have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently or innocently made) of any person (whether a Party or not) except as expressly set out in the Participation Conditions. The only remedy available to any Party for breach of the warranties will be for breach of contract under the terms of the Participation Conditions. No Party will be entitled to rescind the Participation Conditions (except for fraudulent misrepresentation).
13. Relief Events and Force Majeure
13.1. Liability under the Participation Agreement shall not apply in cases of abnormal and unforeseeable circumstances beyond the control of the party pleading for the application of those circumstances, the consequences of which would have been unavoidable despite all efforts to the contrary, or where the relevant party is bound by other legal obligations covered by the legislation of the European Union or the legislation of a Member State. The exemption is valid only for the period while the Force Majeure event is in effect.
13.2. DSK Bank shall not be in breach of these Terms nor liable for delay in performing, or failure to perform, any of the DSK Bank Services under these Terms if such delay or failure result from events, circumstances or causes beyond its reasonable control.
14. Suspension and Exclusion
14.1. Each API User is entitled to participate in the DSK Bank Services only for so long as such API User complies with its obligations under the Participation Conditions.
14.2. Suspension by DSK Bank shall be possible under the following conditions:
(a) DSK Bank may, at all times acting reasonably, suspend any API User (the "Suspended API User") from the DSK Bank Services with immediate effect with prior notice on reasonable grounds which may include (without limitation):
(i) if DSK Bank would be entitled to exclude such API User from participating in the DSK Bank Services pursuant to Clause 14.3
(ii) if DSK Bank has given such API User notice to exclude it from participating in the DSK Bank Services pursuant to Clause 14.4, in respect of all or any part of the period until such exclusion notice takes effect; or
(iii) if DSK Bank has reasonable grounds to suspect that the API User's continued participation in the DSK Bank Services poses a serious and imminent threat to other Participants and / or the DSK Bank APIs.
(iv) if the suspension is in compliance with legislative requirements or required by supervisory authorities.
(v) if API User does not comply with the participation requirements and the API USER has failed to remedy such noncompliance.
(b) Any suspension may take effect on issuance of the suspension notice or the exclusion notice referred to in Clause 14.2(a)(ii) (or such later date as is specified in the suspension notice) and will continue for the period specified in the suspension notice or, if applicable, until the exclusion notice takes effect.
(c) At the end of any period of suspension the Suspended API User will be reinstated to full participation in the DSK Bank Services unless such API User is excluded from participating in accordance with Clause 14.3or such API User resigns in accordance with Clause 6.
(d) Any suspension will be without prejudice to DSK Bank's right to exclude such API User from participating in the DSK Bank Services on the same or other grounds pursuant to Clause 14.3.
14.3. DSK Bank may exclude any API User's participation in the DSK Bank Services by giving such API User (the "Excluded API User") reasonable written notice:
(a) if such API User has committed a material breach of the Participation Conditions and, if such breach is capable of remedy, has failed to remedy the same within 5 (five) Business Days of receipt of notice of the breach;
(b) if such API User has committed a serious and persistent breach of the Participation Conditions.
(c) if such API User: (i) stops or suspends payment of any of its debts, or is unable to, or admits its inability to, pay its debts as they fall due. (ii) has a moratorium is declared in respect of any of its indebtedness. (iii) has any action, proceedings, procedure or step taken against it for: (1) the suspension of payments, a moratorium of any indebtedness, winding up, dissolution, administration or reorganisation (using a voluntary arrangement, scheme of arrangement or otherwise); or (2) the composition, compromise, assignment or arrangement with any creditor; or (3) the appointment of a liquidator, receiver, administrative receiver, administrator, compulsory manager or other similar officer in respect of it or any of its assets; or (4) the enforcement of any Security over any of its assets. (iv) commences negotiations, or enters into any composition, compromise, assignment or arrangement, with one or more of its creditors with a view to rescheduling any of its Indebtedness (because of actual or anticipated financial difficulties). (v) has any event occur in relation to it similar to those in Clause 14.3(c)(i) to (iv) under the laws of any applicable jurisdiction.
14.4. On or any time after the Business Day that DSK Bank suspends or excludes any API User pursuant to Clause 14.2 or 14.3, DSK Bank will have the right to publish a written notice stating:
(a) that the API User in question has been suspended or excluded from participation in the DSK Bank Services;
(b) the reason for such suspension;
(c) the time and date when such suspension will take effect and the period of such suspension, and will update the Directory accordingly.
14.5. As a consequence of suspension or exclusion:
(a) such Suspended/excluded API User will not be entitled to exercise any of its rights under the Participation Conditions; and
(b) any other Participant who deals or communicates with the Suspended/excluded API User does so at its own risk without the benefit of such Suspended API User's participation in the DSK Bank Services.
14.6. Notwithstanding the above, the contractual relations between DSK Bank and the API user may be terminated upon mutual consent between the parties.
14.7. Termination or suspension of the Participation Conditions in respect of any API User for any reason will not affect any rights and/or obligations of any Participant which have accrued before such exclusion or suspension, or any provision of the Participation Conditions which expressly or by implication is intended to come into effect or to continue in effect on or after such exclusion or suspension.
15. Assignment and Sub-Contracting
15.1. The Participation Conditions are personal to each of the Parties. No Party other than DSK Bank may assign, novate or transfer in any way, or charge the benefit of, any of its rights, liabilities or obligations under the Participation Conditions on a temporary or permanent basis to any third party.
16. Relationship of the Parties
16.1. Each API User waives and releases DSK Bank from any and all rights, claims, actions and/or causes of action (whether in contract, tort or otherwise) arising out of or in any way related to such API User's agreement to the terms of the Participation Conditions and/or such API User's performance of its obligations under the Participation Conditions.
16.2. Nothing in the Participation Conditions is intended to create, or will be construed as constituting or evidencing, a partnership or joint venture or relationship of employer and employee between any of the Parties or to authorise, or will be construed as authorising, a Party to act as agent for any other Party. Except where expressly so stated in the Participation Conditions, no Party has authority to make any representation for, act in the name or on behalf of or otherwise to bind any other Party.
17. Change of the Terms
17.1. DSK bank is entitled to make amendments or variations to these Terms and the relevant documentation, published on the web site of DSK Bank at any time without the prior consent of the API Users, by making the new Terms public through the DSK Bank website: www.dskbank.bg.
18. Notices
18.1. All notices to be given under the Participation Conditions must be in writing and may be given personally, by post or in electronic mail unless otherwise specified in these Terms. Notices given to API Users must be sent to the address or email address of each API User as specified during the registration. Notices given to DSK Bank must be sent to: APIGATE@dskbank.bg.
18.2. Any notice will be deemed to have been received:
(a) if sent by e-mail, at the time the e-mail enters the intended recipient's information system (being the recipient's system for generating, sending, receiving, storing or otherwise processing electronic communications) provided that:
(i) no error message indicating failure to deliver has been received by the sender; and
(ii) an email will not be deemed to have been received if the recipient notifies the sender that it has not been opened because it contains, or is accompanied by a warning or caution that it could contain or be subject to, a virus or other computer programme which could alter, damage or interfere with any computer software or email;
(b) if delivered personally, at the time of delivery; and
(c) if sent by post or prepaid international airmail, on the time when the delivery is certified by the post office officer.
(d) in each case provided that if deemed receipt occurs before 9 am on a Business Day, the notice will be deemed to have been received at 9 am on that Business Day, and if deemed receipt occurs after 5.30 pm on a Business Day or on a day which is not a Business Day, the notice will be deemed to have been received at 9 am on the next following Business Day.
18.3. Each of the Parties should immediately inform the other Party in writing for any changes in the contact details indicated above. Otherwise all the information and documents that was sent to the contact details above shall be deemed received.
19. Governing Law and Jurisdiction
19.1. Each Party agrees that the Participation Conditions and the relationship between the Parties will be exclusively governed by and interpreted in accordance with the Bulgarian law and that all disputes arising out of or in connection with the Participation Conditions and/or the DSK Bank Services, and/or with the negotiation, validity or enforceability of any provision of the Participation Conditions, and/or the relationship between the Parties in relation to the subject matter of the Participation Conditions and/or the DSK Bank Services, (in each case whether or not regarded as contractual claims) will be exclusively governed by and determined in accordance with the Bulgarian law.
19.2. The Parties agree to inform each other of any circumstances that may obstruct the correct execution of this Agreement.
19.3. All disputes, arising from this Agreement or related to it, including those arising from or concerning its interpretation, invalidity, performance or termination, as well as the disputes for filling gaps in this contract or its adaptation to newly established facts, shall be referred for resolution to the Court of Arbitration at the Bulgarian Chamber of Commerce and Industry in compliance with its Rules for Litigations, based on arbitration agreements. The language of arbitration shall be Bulgarian and the place of arbitration shall be Sofia, Bulgaria.
20. Miscellaneous
20.1. Should any provision of these Terms and Conditions be or become invalid, the validity of the Terms and Conditions as a whole shall remain unaffected. The invalid provision must be replaced by a valid provision within the context of the remaining contractual interpretation which corresponds to the economic intent and purpose of these rules as a whole. For companies or in case if you are a merchant, the place of jurisdiction shall be Sofia, Bulgaria. These Terms and Conditions are subject to Bulgarian law.
Schedule 1 – Definitions
| API | Version |
| API Provider | means DSK Bank |
| API User | means individuals or organisations that choose to access the DSK Bank APIs. |
| Participation Conditions | means: (a) these Terms; (b)the relevant documentation published on the website of DSK Bank. |
| Business day | means any day on which banks are open for business in Bulgaria. |
| Confidential Information | means, in relation to any Party, all information (written or oral) that is or may be defined as protected by the law (such as: trade secret, or bank secret or personal data); which is used in or otherwise relates to that Party's business, customers or financial or other affairs, including information provided for the purposes of investigation, mitigation, defence and/or settlement of complaints and or dispites, and any information otherwise disclosed in relation to the conduct of any Dispute, in each case whether or not marked "Confidential", and any and all other information clearly designated as "Confidential" by the disclosing person, in each case existing in any form. |
| Intellectual Property Rights | means: (a) patents, trademarks, service marks, registered designs, trade and business names, domain names, unregistered trademarks and service marks, copyrights (including future copyrights), semiconductor or circuit layout rights, know-how, trade secrets, database rights, rights in designs and inventions, in each case (except in relation to future copyright) from the time such rights come into existence; and (b) applications for any of those rights (where such applications can be made); and (c) rights of the same or similar effect or nature as or to those in (a) or (b) or which would in any way prevent or hinder the use or exploitation of the matters to which they relate, in each case in any jurisdiction. |
| DSK Banks User Guides | means the guidelines produced and maintained by DSK Bank applicable to Participants, including any annexes or documentation referred to therein. |
| DSK Banks Technical and Security Documentations | means the technical and security requirements issued by DSK Bank, and published on DSK bank website for APIs in compliance with the applicable legislation. |