regarding the ordering, delivery and utilisation of Edenred Benefit Cards as regards the Clients

1. “Issuer” is PrePay Technologies Limited, a limited company registered in the UK with number 04008083, contact: United Kingdom, PO BOX 3883, Swindon, SN3 9EA. PrePay Technologies Limited was registered with number 900010, its e-money issuer licence was issued by and its supervisory authority is the Financial Conduct Authority.
2. “Programme Owner” is Edenred Magyarország Kft. (hereinafter referred to as: “Edenred”), (registered office: H–1134 Budapest, Váci út 45.), the Issuer’s payment intermediary;
3. “Client” is a natural or legal person providing the Edenred Card to the Card Holder.
4. “Card Holder” is a natural person deemed by the Client eligible for using the Card to whom the Card is issued, and who electronically enters into a contract with the Card Issuer following the consultation of the Card Holder GTC attached hereto as Annex 5 and the Information on Tariffs described in Annex 6 hereto.
5. “Partner Card Holder” Rules governing Card Holders shall be implicitly applicable to the Partner Card Holder. Each Edenred Benefit Card may be accompanied by three Partner Cards at most, the fees of which (regulated in Annex 6) will be borne by the Client.
6. “Service Fee” is the percentage fee calculated based on the par value of the crediting, to be paid by the Client, the amount of which would be specified in the applicable EDENRED Benefit Card contract.
7. “Card Fee” is the cost to be paid by the Client for the manufacturing of the card plastic. “Card Fee” is charged on occasion of the first issuance, “Card Replacement Fee” is charged for the replacement of existing (stolen, damaged, lost, expired) cards, and “Partner Card Fee” is charged when further cards requested for an existing card are produced.
8. “Delivery Charge” is the fee charged for the delivery of the Cards ordered by the Client, including the possible repeated delivery.
9. “Electronic Money” the amount embodied by the claim against the issuer of the electronic money that is stored electronically – including magnetic storing –, issued against the receipt of funds for the purpose of performing payment operations provided in the Act on the Pursuit of the Business of Payment Services and, beyond the issuer of the electronic money, also accepted by other natural and legal persons, economic entities without legal personality and individual entrepreneurs. The electronic money qualifies as a non-cash means of payment.
10. “Edenred Benefit Card“ or “Card” is a non-transferable microchip plastic card protected with a PIN code where the Electronic Money covered by the amount of money having been transferred by the Client in advance, in relation to the given card is recorded, and that can be used for paying the full or partial consideration for goods sold or services rendered by the Participating Vendor. The rules pertaining to Edenred Cards apply implicitly to the Partner Card provided by Edenred.

a) Edenred Silver Card: it can be used for purchasing specific goods and services at the contracted participating business networks.
b) Edenred Gold Card: It can be used for purchasing all products and services available at participating businesses accepting
Mastercard.
c) Edenred Platinum Card: It can be used for purchasing all products and services available at participating businesses accepting
Mastercard, as well as for cash withdrawal.
d) Edenred special cards: any of such Cards with which the credited amount can be used at participating businesses accepting
Mastercard selected according to the Client’s specific preferences.

11. “Mastercard International Incorporated”: Mastercard International Incorporated, a business entity with its registered office located at 2000 Purchase Street, Purchase, New York 10577 USA.
12. “Mastercard Acceptance Mark” is the logo of Mastercard International Incorporated, indicating that the Card is accepted at the place where it is displayed;
13. “Edenred Acceptance Mark” is the logo of Edenred, indicating that the Card is accepted at the place where it is displayed;
14. “Participating Vendor” or “Participating Business” is an entity accepting Edenred Benefit Cards from the Cardholders (or Partner Cardholders) in the case of the sale of products or the provision of services, and where the Programme Owner made accepting the Cards technically available, and who placed out the Mastercard or Edenred Acceptance Mark.
15. “Delivery” is the process by which, in liaison with the Programme Owner, the Client receives the Edenred Benefit Card ordered for the Card Holders.
16. “Card Crediting” is the process by which the amount of the Electronic Money ordered by the Client is made available by the Programme Owner to the Card Holders.
17. “Card Activation” is an action executed by the Card Holder per the Card Holder’s GTC.
18. “Edenred Card Service” or “Service” means the complex service provided by the Programme Owner to the Client under these GTC, in connection with the issue and use of the Card.
19. “Data Processing Policy”: Data Processing Policy concerning Edenred Card Service, Annex 2 to this GTC.

1. The programme owner for the Edenred Cards is Edenred. The purpose of these GTC is to set out the general contract terms of the ordering, delivery and use of Cards for the Clients, Card Holders and any Partner Card Holders. These GTC regulate the legal relationship between the Issuer, the Programme Owner and the Client; hereinafter jointly referred to as “Parties”, or singularly as “Party”. The direct legal relationship between the Issuer and the Card Holder is regulated by the so-called Card Holder GTC, attached hereto as an annex.
2. The Client, explicitly based on and aware of the regulations of these GTC, concludes the specific order for requisitioning the Service (hereinafter referred to as: „Order”). The Client acknowledges that the Service pertains to engaging and providing a complex service, of which the issue of Electronic Money is only a component. The condition to the provision of the Service per these GTC by the Programme Owner and the Issuer, and of the submission of the Order is the acceptance by the Client of these GTC, the recognition and acceptance of which will be recognized by the Client by the signing of the Edenred Benefit Card Agreement included in Annex 3 to this GTC. Any deviation from this GCTC – including its annexes – is only allowed in a Special Contract concluded by the Parties in writing. The Client shall not be regarded as a consumer in relation to the Issuer or the Programme Owner.

The Client may place its Order at the site www.edenredonline.hu. By placing the Order, the Client confirms the expressed acceptance of the GTC in force at the time of placing the Order. The Edenred will issue a Notice of Charges within 1 day from the receipt of the Order, according to the content of the Order. Should the Client not settle the Notice of Charges within 30 days, the Edenred will cancel the Order. Edenred will issue the invoice once the countervalue on the Notice of Charges is credited on the bank account of the Issuer. Edenred will manufacture the Card not later than within 10 days from the date the countervalue of the Order is credited on the bank account.
In case the Client placed an Order to reload the balances of the Cards concurrently to ordering the manufacturing of the Card, and paid its amount in the way and within the deadline included in this point, the amount will be credited concurrently to the manufacturing of the Card.
In case of an Order exclusively concerning the crediting of the balances of the Cards, the Cards will be credited within 2 working days from the day the countervalue of the amount is credited on the bank account.

1. Beyond those specified in point III, the Client shall ensure that in case of a Card order its employee or representative authorised to receive the Card stays at the address agreed as the Place of Delivery at the time of the Delivery (8 AM to 4 PM on weekdays). If the Programme Owner’s agent is unable to hand over the Cards to the Client at the address indicated as Destination due to a reason imputable to the Client, a repeated Delivery may be requested, in which case the Programme Owner shall be entitled to charge a separate Delivery Charge, regardless of whether it could have charged a transportation fee for the failed Delivery.
2. The Client shall not withdraw the submitted Order after it has been placed and the countervalue per the Notice of Charges has been settled.
3. Client shall pay the Service Fee and the Card Fee to the Programme Owner even if it cancels its already placed Order if the production of the Card has commenced already according to the Programme Owner.
4. Client shall inform Programme Owner in writing within 5 business days or at the latest within 48 hours preceding the placement of the next Order, whichever is the sooner, of any change to its company name, registered office, phone and fax number, bank account number, or VAT code, and of any change in its contact details, by sending the changed data to the e-mail address ugyfelszolgalat-hu@edenred.com. Programme Owner shall bear no liability for any consequences, including any delays in delivery, arising from omission or late performance of this obligation.
5. The Client undertakes and guarantees to verifiably inform all future Card Holders before their placing of the orders, on the processing of personal data concerning the Service by means of handing them over the Data Processing Policy. The Client undertakes an obligation of ordering a Partner Card from the Programme Owner exclusively to natural persons to whom he made the Data Processing Policy available.
6. Should the Card Holder or the Programme Owner suffer any damage due to the incomplete completion of the personal data requirements for the provision of the Service, the Client shall be liable for such damages.
7. The Client undertakes the obligation to order Edenred Benefit Cards exclusively for persons to whom it shall credit funds within 180 days from the date of placing the order. If the Client fails to meet this obligation, the Programme Owner shall be entitled to charge an annual fee for each Card. The extent of the Annual Card Fee is specified by Annex 6 to these GTC.
8. The Client shall inform the Card Holders in the Client’s usual, but verifiable manner about the terms and provisions of these GTC applicable to the Card Holders. In failure of this imposes no liability on Programme Owner and the Issuer. Moreover, during the Delivery of the Cards the Client shall make available the Card Holder GTC and the Information on Tariffs to the Card Holder and the Partner Card Holder in a verifiable manner.
9. In the cases defined in Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (‘AML’), the Issuer is obliged to conduct a customer due diligence with regard to the Cardholder. The Card Holder undertakes in the Card Holder GTC relating to them to deliberately partake in the customer due diligence against money laundering to be performed by the Issuer or its legally appointed agent (AML, Section 7 to 11). In the Card Holder GTC relating to the Card Holder, the Card Holder undertakes and acknowledges that the Issuer and the Programme Owner will not activate, or have the right to provisionally block the Card and suspend any relating service until the completion of the customer due diligence. The exclusions from liability and limitations of liability of the Issuer and the Programme Owner concerning the Card Holder specified in Point 13 of the Card Holder GTC also concern the provisional blocking of the card up to the completion of the obligatory customer due diligence, and any such measure taken by the Issuer and the Programme Owner may in no way be interpreted as defective performance with respect to the Client or the Card Holder. The Client undertakes to inform the Card Holders in relation to the requirements pertaining to the customer due diligence, and to the maximum extent act in cooperation with the Issuer and the Programme Owner during this customer due diligence.
10. The Client agrees to advise the Card Holders that the Issuer and the Programme Owner are not able to provide services to the Card Holder until the Card Holder electronically enters into a contract with the Issuer. The Issuer and the Programme Owner may not be made liable for their inability to provide services to the Card Holder, because the Card Holder has not entered electronically into a contract with the Issuer.

1. The Issuer and the Programme Owner is entitled to involve subcontractors into the execution of these GTC. The Issuer and the Programme Owner shall be as liable for any of the subcontractors’ activity as it is liable for its own performance.
2. The Issuer and the Programme Owner shall enable the Card Holder to buy goods from or use services of the Participating Vendors using the Edenred Benefit Cards within the limits of their current balance and at the Participating Vendors carrying the Mastercard Acceptance Mark, in accordance with the laws in force. The Card may only be used at the Participating Vendors that are in contractual relationship with the Programme Owner or the Mastercard International Incorporated, or where the Programme Owner enabled to accept the Card based on the Participating Vendor’s Merchant Category Code (MCC). The Programme Owner accepts no liability for cases when the card company classification of the terminals in the stores is different from what is expected or for any incidental changes in the classification of the stores. The Programme Owner reminds the Client that the Participating Vendor conducting the transaction and the Card Holder shall be liable for the legitimate use of the Card. The Issuer and the Programme Owner is not entitled to inspect the legitimacy of use, therefore, the Issuer and the Programme Owner shall bear no liability in any direction for any illegitimate conduct of the Participating Vendor or the Card Holder.

1. The Client acknowledges and accepts that the compliance of the Issuer and the Programme Owner with its obligations arising from the Order shall be conditional upon the Client’s full payment for the given Order per the GTC.
2. The Client acknowledges and accepts that the Issuer and the Programme Owner may charge fees and charges for the use of the Services according to the prevailing Annex 6 to these GTC. Indexing of the fees and charges per Annex 6 does not constitute an amendment of the GTC.
3. The Issuer is entitled to charge a Service Fee on each crediting operation of the Card with Electronic Money based on the nominal value of the crediting. In addition, as consideration for the Edenred Benefit Card ordered by Client for the Cardholder/Partner Card Holder, the Issuer shall be entitled to charge a Card Fee (Partner Card Fee) for each Card. The rate of the Service Fee and the Card Fee is set out in Annex 6 to these GTC.
4. The Programme Owner is entitled to charge a Delivery Fee for the delivery of the Cards ordered by the Client for the Card Holders. The rate of the Delivery Charge is set out in Annex 6 to these GTC.
5. The Client expressly consents to the issuance of electronic invoices (e-invoices) only. The Programme Owner shall send the electronic invoices to the Client automatically, solely from the edenred@szamlakozpont.hu e-mail address, to the e-mail address set out in the contractual datasheet (Annex 3 to these GTC: Specific Card Agreement) as specified by the Client .

Validity of the Card, Expiring Cards
6. The Card shall be valid for 5 years as of the date of issue. The month and year when the Card expires is displayed on the front side of the Card. The Card will be valid until the end of the last day of the month of expiry.
7. The Programme Owner will send the Client electronically a written notification on the expiring though still active cards 6 weeks preceding the date of expiration of the Card. This notification will include the data enabling the Card Holder’s unequivocal identification. The Client shall indicate the renewal of which Cards they want within 10 days from the receipt of the above notification. The Programme Owner shall charge a Card Replacement Fee for the renewal of the Cards. The extent of the Card Replacement Fee is included in Annex 6 to these GTC. Should the Client not comply with the above obligation within the specified deadline, the expiring Cards recorded in the Issuer’s system and belonging to the Client will be permanently blocked after the period of validity is over. The Cardholder may request the redemption of the Electronic Money for a period of 6 years following the expiry date of the Card.

Blocking, Replacement of Cards
8. Lost, stolen or damaged Cards may be blocked via the online administration platform and the mobile application on the Programme Owner’s website (www.edenredkartya.hu) 24 hours a day per the Card Holder GTC. An activated card may only be blocked by the Card Holder. The Programme Owner undertakes to produce a new Card in case of a written order by the Client, a reported loss or stealth of the Card, or the blocking submitted by the Card Holder, and after the Client’s order, and to make available the full balance of the replaced Card at the time of the blocking for the new Card. The Programme Owner will not provide an option for replacement due to faults solely of an aesthetic nature which do not hinder the use, provided that such defect arose after the Card has been handed over. As the consideration for the replacement Edenred Benefit Card ordered by the Client for the Card Holder, or for the re-manufacturing of a lost or stolen Card, the Programme Owner is entitled to charge a Card Replacement Fee for each Card, the rate of which is included in Annex 6 to these GTC.

Mistaken Crediting, Transfer of Balance
9. The Client may reclaim the amount transferred by it and credited solely if the Cards indicated by the Client have not been activated yet. The Client may initiate the recovery of the credited amount by sending the Programme Owner the form titled “Request for Crediting Edenred Cards” included in Annex 7 to these GTC filled out and duly signed by the Client. The Programme Owner will charge a handling cost in relation to the crediting of the balance, the extent of which will be specified by Annex 6. If the above conditions are met, the amount minus the handling charge will be credited to the Client’s bank account within 30 days from the receipt of the form per Annex 7 by the Programme Owner.
10. The Programme Owner shall provide option for transferring amounts mistakenly transferred and credited by the Client across Cards within 2 working days after the crediting by sending the Programme Owner the form titled “Request for Transferring Card Balance” included in Annex 8 to these GTC filled out and duly signed by the Client. Any transfer may be accomplished exclusively within between the Client’s Cards, as well as identical types of cards that belong to identical benefits. The Programme Owner will charge the Client a handling cost in relation to the transfer of the balance, the extent of which will be specified by Annex 6. The Programme Owner shall perform transfer in relation to the Cards specified by the Client up to the available amount. The Parties agree that the Programme Owner will proceed in the cases included in this point exclusively to the Client’s request, accordingly, it has no liability in any disputes between the Client and the Card Holder regarding any transfer or retransfer. If the above conditions are met, the transfer between the Cards will be accomplished within 30 days from the receipt of the form per Annex 8 by the Programme Owner.
11. The balance of the Card is personal and may only be used by the Card Holder. In case of the decease of the Card Holder, the balance forms part of the heritage, for the pecuniary splitting of which between the heirs is governed by the grant of probate. The Client shall immediately inform the Programme Owner about the Card Holder’s death, thus it will suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. In case the Card Holder’s death is disclosed, the Programme Owner and the Issuer reserve the right to suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. Any liability concerning the transactions done with the Card during the period from the Card Holder’s death, as well as the Issuer and Programme Owner’s becoming aware of it shall be borne by the heir(s). The heir(s) shall have the duly prove to the Programme Owner or the Issuer the completion of the probate procedure (in particular, a duplicated copy of the death certificate, the heritor’s ID card and residence card; in case the heritor is under-age, the injunction of the guardianship authority and the order of the liquidation of the heritage, including the amount on the Card as a heritage), within 90 days from the receipt of which it will make available to the heritor(s) in the form of a Card as provided in the grant of probate.

1. If the Client or the Card Holder has any observation on the operation of the Card or other issues, they may be reported to the Call Centre provided by the Programme Owner:
Edenred Customer Service: +36 1 413 3333 (opening hours available on the www.edenred.hu website).
Balance Inquiry and Card Blocking are available to Card Holders 24 hours a day, call +36 1 382 4000 (Edenred Card Info Line).

Lost or stolen Cards may be reported on the website www.edenredkartya.hu 24 hours a day. Also here, you can use the function designed for the case where you forget your PIN code 24 hours a day.
2. The Programme Owner provides further information regarding the Service provided by Edenred (phone numbers, contact details, business hours etc.) at the www.edenredkartya.hu or www.edenred.hu websites.

1. The Programme Owner shall process and use the personal data required in order to provide the Service under these GTC (card ordering, card crediting and card renewal) and acquired by it during the performance thereof per the data protection regulations in force. The legal grounds for data processing are constituted the performance of the Contract [Article 6 (1) (b) of the GDPR].
2. Detailed rules of data processing related to the Card Holders’ personal data are provided in the Data Processing Policy.
3. The Controller and the Programme Owner will process data on behalf of the Client concerning the personal data to be processed regarding the contract between the Client and the Programme Owner. According to Article 13 of Directive 2016/679/EU of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), the Client is subject to any obligation to provide prior information concerning the processing of personal data per the GTC set between the Client and the Programme Owner, with the mention that it shall explicitly inform all persons wishing to avail himself of the Service per this GTC, that the prerequisite to availing himself of the Service is that the Card Holders’ personal data would be processed by the Programme Owner, and should the Card Holder concerned not provide his personal data strictly necessary for the Programme Owner for providing the service, the Card Holder won’t be able to avail himself of the Programme Owner’s Services.
4. Within the scope of and to the extent necessary for the performance of the Contract, the Programme Owner is entitled to disclose personal data to its contractual partners as data controllers or data processors, within the scope specified in the Data Processing Policy. The Programme Owner reserves the right to change the subcontractors, as data controllers and processors employed by it for the performance of these GTC, and shall provide information on such changes on the website www.edenred.hu.
5. During the activities regulated herein, the Programme Owner shall operate and process personal data in accordance with the law, with the due care of organisations or people providing such activities. The Programme Owner has taken the measures necessary for compliance with the requirements of data security, the electronically processed data and the related password-protected software are only available to its employees entitled for them. The Issuer’s computer networks are protected by firewalls, from time to time revised by the Issuer and the Issuer provides the proper virus protection of the systems, and by a internal regulation, it ensures an adequate protection to the processed data, it reviews and revises them from time to time according to the state of the art.
6. In regard to the fact that in the framework of the service provided by the Programme Owner, it will access personal data processed by the Client, and thereby its activity will include the processing of personal data, it shall provide adequate guarantees in complying with the processing of data per GDPR and taking the suitable technical and organisational measures in order to safeguard the rights of all concerned.
7. Summarizing table of the Programme Owner’s processing of personal data:

Summary of the processing of data concerning the Service provided by the Programme Owner to the Client
Data Controller In the processing of personal data regarding the contract concluded between the Programme Owner and the Client, the Client is the Controller and the Programme Owner is the Processor
The purposes of the processing Performance of the Services included in the GTC by the Client.
Legal grounds for data processing The legal grounds for data processing are constituted by the execution of the Contract [Article 6 (1) (b) of GDPR].
Scope of the processed data Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (postal code, town, street, number); correspondence if other than residence (postal code, town, street, number); e-mail address; mobile phone number; amount to be credited; serial no. of card; habitual residence in Hungary if Data Subject is a foreigner; workplace address of the Data Subject
Term of data processing Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service)
Processors Programme Owner purpose of the processing: Provision of Edenred Card Service

PrePay Solutions Ltd. (member of the Edenred group; head office: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY  UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom).

Programming Pool Romania (registered office: Strada Transilvaniei 18A, Baia Mare, Romania), purpose of data processing: supply of software supporting services related to the Card, IT support

Idemia Hungary Kft. (registered office: Tó-Park, lot nr.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary), purpose of data processing: manufacturing of cards;

Y-Collective Kft. (registered office: H–7628 Pécs, Arany János u. 24., Hungary), purpose of data processing: operation of the extranet, processing of card orders, operation of website and Edenred Mobile Application; IT support activity

The Rocket Science Group LLC d/b/a MailChimp (registered office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA) purpose of data processing: data processing for the purposes of advertising – sending out newsletters: Sending of information e-mails concerning the Card services (system messages, amendment of the GTC, update of the mobile application)

 

8. The data processing contract on the data processing activity regarding personal data learned during the execution of the contract concluded between the Programme Owner and the Client, and the provision of the Service, is included in Annex 4 of these GTC.

1. These GTC will enter into force on 7 December 2018 and will be an inseparable part of any Specific Card Agreement or Order concluded in relation to the issuance of the Edenred Benefit Card and its crediting with Electronic Money. Any verbal or written representation between the Parties made before the signing of a Specific Contract executed on the basis of these GTC shall become void when the Specific Contract is signed; the Parties’ legal relationship shall be governed exclusively by the GTC and the relevant Specific Contract.
2. The text of the GTC as applicable from time to time shall be disclosed on the www.edenred.hu website.
3. The Programme Owner shall have the right to amend these GTC unilaterally, which amendment shall be published on its website at least 60 days before it enters into force, and shall also disclose information on the modification on the www.edenred.hu website. Inasmuch as the Client does not address any objection in writing, the modifications shall be considered as expressly accepted by the Client. After the modification enters into force, the legal relationship between the Parties, including the subsequently submitted specific Order, will be governed by the provisions of the modified GTC and those of the Specific Contract.
4. The Parties may diverge from the GTC including its annexes only by in writing in the Specific Contract.
5. Communication between the Parties relating to this Contract and the performance of the same is possible via the contact details verbally (word of mouth, by phone), in e-mail or in writing. E-mail communication is not considered written communication, excluding the declarations made in e-mail and provided with an electronic signature of enhanced security. Communications shall be considered delivered as follows: in the case of post with confirmation of receipt, on the date of refusal if acceptance is refused; on the 10th business day following the first delivery attempt, if post is returned with the mention “unclaimed”; on the 10th business day following posting, if post is returned with the mention “insufficient address” caused by error in data communicated by the addressee. The Client undertakes that if the Programme Owner or the Issuer employs Magyar Posta Zrt. or any courier service (UPS, FedEx, DHL), the Client may not claim not having received a notification on the failure of the attempt to deliver by the service provider involved.

1. The contract made under these GTC shall be for an indefinite term and may be terminated by the Parties with a 60-day notice posted in mail with acknowledgement of receipt. In the event of the material breach of an essential provision of this contract, the aggrieved Party shall be entitled to terminate the contract with immediate effect. In the event of the termination of the Contract, the Parties shall settle their accounts towards each other within 30 days from the date of termination.
2. Matters not regulated in this contract shall be governed by the relating provisions of Act V of 2013 on the Hungarian Civil Code and other Hungarian legal regulations.
3. In the case of a legal dispute, the regular Hungarian Court competent according to the Programme Owner’s registered office shall have exclusive competence.
4. For the purpose of the Contract between the Parties, any (legal) declaration shall be considered executed in written form solely if it is signed by the Party making such declaration.
5. Solely the Parties’ representatives authorised to sign for the company or people authorised in writing by them shall be considered to be the Parties’ representatives. By entering the contract, each of the Parties’ representatives declare and confirm that he/she has unrestricted rights to enter, sign and perform the contract; moreover, he/she represents and warrants that full performance of the agreement and of the related obligations and documents shall be valid and binding obligations upon the Client both at the time of signing and continuously during the term of the contract.
6. The Services provided in the Contract between the Parties are divisible.
7. In every case, Parties are shall inform each other immediately if the performance of any obligation undertaken in the Contract is expected to face obstacles.
8. The Client shall be entitled to assign its rights under the contract solely with the Programme Owner’s prior written consent.
9. The Parties’ Contract shall not incorporate any practices whose application the Parties agreed on or established during their prior business relationship. Furthermore, the Contract shall not incorporate any practices widely known and regularly applied by parties to similar contracts in the given business sector.

Date: Budapest, 7 December 2018

8 annexes pertain to these GTC as inseparable parts thereof:

Annex 1: Data content of card orders and card crediting
Annex 2: Data Processing Information
Annex 3: Edenred Benefit Card Agreement
Annex 4: Data Processing Contract
Annex 5: Card Holder GTC
Annex 6: Information on Tariffs
Annex 7: Request for Crediting the Edenred Cards
Annex 8: Request for Transferring Card Balance

Programme Owner reserves the right to unilaterally amend these annexes. Programme Owner shall make available the applicable annexes to Client and Card Holders on the www.edenred.hu website.

Date: Budapest, 7 December 2018

Data content of card order to be provided

  • Card Holder’s last name
  •  Card Holder’s first name
  •  Name on card, 21 characters at maximum
  •  Place and date of birth
  •  Permanent address (zip code, city, name and type of public area, house number)
  • Mailing address, if different from permanent address (zip code, city, name and type of public area, house number)
  • Cardholder’s e-mail address
  • Card Holder’s mobile phone number
  • Amount to be credited
  • Client’s delivery address

Data content of card crediting to be provided:

  • Card Holder’s last name
  • Card Holder’s first name
  • Card serial number
  • Card crediting value:

I expressly accept the General Terms and Conditions in force on the day of the submission of the Order.


Data Processing Information


Edenred Magyarország Korlátolt Felelősségű Társaság [Edenred Hungary Limited] (head office/official mailing address: H–1134 Budapest, Váci út 45. , company registration number: 01-09-266926; electronic contact details: ugyfelszolgalat-hu@edenred.com and dpo.hungary@edenred.com; web address: https://adatvedelem.edenred.hu/adatkezelesi-tajekoztato/; phone: +36 1 413 3333, represented by: Krisztián Balázs, hereinafter: Programme Owner) in accordance with the related legislative provisions specifying the protection of personal data[1], informs the users of its services on the processing of data it applies.


1.Presentation of data processing


The Programme Owner provides employers (hereinafter: Client) services in the context of which the Issuer and Programme Owner shall give the employees of the Client (hereinafter: Card Holder) non-transferable microchip plastic card protected with a PIN code that can be used for paying the full or partial consideration for goods sold or services sold by the Participating Vendor.

The Issuer and the Programme Owner pays prompt attention on the protection of personal data, and for this reason it permanently takes due care to guarantee fair and transparent processing the essential requirement of which is to provide appropriate information on the processing of data. This Data Processing Policy provides among others information on the processing of your personal data during the provision of service by PrePay Solutions Ltd. (member of the Edenred group; head office: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK; hereinafter: and the Programme Owner and data processing for advertising purposes: the source and scope of acquiring the processed data, the legal basis, purpose and term of the data processing, the rights concerning and the options of choice between personal data, and it also includes all the contact details in which the Data Subject can get answers to his questions on the Issuer and the Programme Owner’s practice of data protection.

Summary of the processing of data concerning the Service provided by the Programme Owner to the Client
Data Controller In the processing of personal data regarding the contract concluded between the Programme Owner and the Client, the Client is the Controller and the Programme Owner is the Processor
The purposes of the processing Performance of the Services included in the GTC by the Client.
Legal grounds for data processing The legal grounds for data processing are constituted by the execution of the Contract [Article 6 (1) (b) of GDPR].
Scope of the processed data Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (postal code, town, street, number); correspondence if other than residence (postal code, town, street, number); e-mail address; mobile phone number; amount to be credited; serial no. of card; habitual residence in Hungary if Data Subject is a foreigner; workplace address of the Data Subject
Term of data processing  Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service)
Processors Edenred Magyarország Kft.: (registered office: H-1134 Budapest, Váci út 45.), purpose of data processing: Provision of Edenred Card Service

PrePay Solutions Ltd. (member of the Edenred group; head office: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom).

Programming Pool Romania (registered office: Strada Transilvaniei 18A, Baia Mare, Romania), purpose of data processing: supply of software supporting services related to the Card, IT support

Idemia Hungary Kft. (registered office: Tó-Park, lot nr.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary), purpose of data processing: manufacturing of cards;

Y-Collective Kft. (registered office: H–7628 Pécs, Arany János u. 24., Hungary), purpose of data processing: operation of the extranet, processing of card orders, operation of website and Edenred Mobile Application; IT support activity

The Rocket Science Group LLC d/b/a MailChimp (registered office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA) purpose of data processing: data processing for the purposes of advertising – sending out newsletters: Sending of information e-mails concerning the Card services (system messages, amendment of the GTC, update of the mobile application)

Summaries merely serve the purposes of convenience. Please read the complete information.

__________________
¹Directive 2016/679/EU of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); The text of the GDPR may be downloaded in any official language of the European Union via this link.

 

Summary of the processing of data concerning the Service provided by the Issuer to the Cardholder
Data Controller In the processing of personal data regarding the contract concluded between the Issuer and the Card Holder, the Programme Owner is the Processor.
The purposes of the processing Performance of the Services included in the GTC by the Client.
Legal grounds for data processing The legal grounds for data processing are constituted by the execution of the Contract [Article 6 (1) (b) of GDPR].
Scope of the processed data Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (postal code, town, street, number); correspondence if other than residence (postal code, town, street, number); e-mail address; mobile phone number; amount to be credited; serial no. of card; Data of the transaction; habitual residence in Hungary if Data Subject is a foreigner; Account history; workplace address, bank account number
Term of data processing  Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service)
Processors Edenred Magyarország Kft.: (registered office: H–1134 Budapest, Váci út 45.), purpose of data processing: Operation of systems relating to the provision of services and supporting activity.

Programming Pool Romania (registered office: Strada Transilvaniei 18A, Baia Mare, Romania), purpose of data processing: supply of software supporting services related to the Card, IT support

Idemia Hungary Kft. (registered office: Tó-Park, lot nr.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary), purpose of data processing: manufacturing of cards;

Y-Collective Kft. (registered office: H–7628 Pécs, Arany János u. 24., Hungary), purpose of data processing: extranet operation, processing of card orders, operation of website and Edenred Mobile Application; IT support activity

The Rocket Science Group LLC d/b/a MailChimp (registered office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA) purpose of data processing: data processing for the purposes of advertising – sending out newsletters: Sending of information e-mails concerning the Card services (system messages, amendment of the GTC, update of the Edenred Mobile application)

 

Summaries merely serve the purposes of convenience. Please read the complete information.

Summary of the processing of data by the Issuer concerning the Cardholders’ customer due diligence
Data Controller Issuer PrePay Solutions Ltd. (member of the Edenred group; head office: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK)
The purposes of the processing Compliance with the obligation to perform customer due diligence and identification regarding the Cardholders
Legal grounds for data processing Compliance with legal obligation [GDPR Article 6 (1) c)] and Sections 7–11 of the AML
Scope of the processed data Data Subject’s surname; forename; name on card (21 characters at most); place and date of birth; permanent residence (postal code, town, street, number); correspondence if other than residence (postal code, town, name of the public area, type of the public area, number); e-mail address; mobile phone number; amount to be credited; serial no. of card; Data of the transaction; habitual residence in Hungary if Data Subject is a foreigner; Account history, Surname of the Data Subject at birth; Forename of the Data Subject at birth; Nationality, Mother’s birth name, Permanent residence, Habitual residence, Type of the personal identification document, Number of the personal identification document, Bank account number, photo
Term of data processing  8 years from the termination of the Service
Processors Edenred Magyarország Kft.: (registered office: H–1134 Budapest, Váci út 45.), purpose of data processing: contribution in the customer due diligence and identification activities.

Y-Collective Kft. (registered office: H–7628 Pécs, Arany János u. 24., Hungary), purpose of data processing: extranet operation, processing of card orders, operation of website and Edenred Mobile Application; IT support activity

 

Summary of the processing of data concerning the Programme Owner’s marketing / advertising activity
Data Controller Concerning the data processing regarding its marketing / advertising activity, the Programme Owner is the Data Controller.
The purposes of the processing Sending marketing / advertising messages to the Card Holder
Legal grounds for data processing The Data Subject’s consent [Article 6 (1) (b) of the GDPR and Section 6(1) of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activities]. The consent may be withdrawn at any time
Scope of the processed data The Data Subject’s surname; forename; e-mail address; mobile phone number;
Term of data processing  Until the consent is withdrawn
Processors Y-Shift Kft. (head office: H–7636 Pécs Arany János utca 24., Magyarország) purpose of data processing: data processing for the purposes of advertising.

The Rocket Science Group LLC d/b/a MailChimp (registered office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA) purpose of data processing: data processing for the purposes of advertising – sending out newsletters

Summaries merely serve the purposes of convenience. Please read the complete information.

2. Definitions


2.1. Definitions used in this Data Processing Policy match the definitions included in the General Terms and Conditions regarding the ordering, delivery and utilization of Edenred Voucher Cards and the Card Holder GTC. For enhancing the interpretation of the Data Processing Policy, we repeat certain definitions in the following:

2.1.1. “Issuer” is PrePay Technologies Limited, a limited company registered in the UK with number 04008083, contact: United Kingdom, PO BOX 3883, Swindon, SN3 9EA. PrePay Technologies Limited was registered with number 900010, its e-money issuer licence was issued by and its supervisory authority is the Financial Conduct Authority.

2.1.2. ‘Programme Owner or Data Controller’ is Edenred Magyarország Kft. (head office: H–1134 Budapest, Váci út 45.), the Issuer’s payment intermediary;

2.1.3. ‘Client’ is a natural or legal person providing the Edenred Card to the Card Holder.

2.1.4. ‘Cardholder’: a natural person deemed by the Client eligible for using the Card, to whom the Card is issued, and who enters into a Card Holder Agreement defined in the GTC with Issuer.

2.1.5. “Electronic Money” the amount embodied by the claim against the issuer of the electronic money that is stored electronically – including magnetic storing –, issued against the receipt of funds for the purpose of performing payment operations provided in the Act on the Pursuit of the Business of Payment Services and, beyond the issuer of the electronic money, also accepted by other natural and legal persons, economic entities without legal personality and individual entrepreneurs. The electronic money qualifies as a non-cash means of payment.

2.1.6. “Edenred Card“ or “Card” is a non-transferable microchip plastic card protected with a PIN code where the Electronic Money covered by the amount of money having been transferred by the Client in advance, in relation to the given card is recorded, and that can be used for paying the full or partial consideration for goods sold or services rendered by the Participating Vendor. The rules pertaining to Edenred Cards apply implicitly to the Partner Card provided by Edenred.

2.1.7. ‘Edenred Card Service’ or ‘Service’ means the complex service provided by the Issuer to the Client and the Card Holders under these GTC concerning the ordering, delivery and use of Edenred Cards and the Card Holder GTC, in connection with the issuance and use of the Card.

2.1.8. “Participating Vendor” or “Participating Business” is an entity accepting Edenred Cards from the Card Holders (or Partner Card Holders) in case of the sale of products or the provision of services, and where the Programme Owner makes accepting cards technically available.

3. Data Subject


Data Subjects include the employees (Card Holders) of the employer (Client) ordering the Services of the Issuer and the Programme Owner, and – in case of a respective order – the close relatives of the Card Holders as Additional Card Holders (hereinafter referred: Data Subject).

4. Sources of the acquisition of personal data by the Programme Owner


The Issuer and the Programme Owner would acquire the some of the personal data of the Data Subject not directly from the Data Subject, but, in regard to the characteristics of the Service, from the Data Subject’s employer (Client), concurrently with the placement of an Order by the employer, but will also request such personal data from the Data Subject during the customer due diligence and identification procedure that are necessary for the completion of the customer due diligence and the provision of the services related to the Card, while they are not required for the placement of the Order.

5. Legal grounds for data processing


5.1. According to the contract concluded by and between the Programme Owner and the Client, the legal basis to the data processing strictly essential for providing the Service is the performance of the contract concluded by and between Programme Owner and the Client (Client GTC) regarding the cards ordered for the Data Subject employees, during which, the Client becomes the data controller and the Programme Owner becomes the Client’s data processor.

5.2. The legal basis of the data processing strictly necessary for the Issuer to perform its service is the performance of the contract concluded by and between Programme Owner and the Data Subject (Card Holder GTC) (activating the card, assigning, crediting and using the e-money ordered to this effect to the Card, ensuring the access to data [e.g. account history, available balance], processing of transactions) [Article 6 (1) (b) of the GDPR]. Should the Data Subject not provide personal data required by the Issuer for providing its service, the Data Subject will not be able to call upon the services provided by the Issuer. Concerning the data processing in relation to the contract concluded by and between the Issuer and the Data Subject, the Issuer is the data controller.

5.3. The legal basis for data processing by the Issuer in connection with the customer due diligence concerning the Card Holders is the fulfilment of legal obligations [Article 6 (1) b) of the GDPR, Sections 7–11 of Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (AML)]. With respect to data processing connected with the customer due diligence, the Issuer shall act as the data controller.

5.4. The legal basis for the Programme Owner for the data processing concerning the sending of advertisement is the Data Subject’s consent [Article 6 (1) (a) of the GDPR and Article 6 (1) of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activities]. The Data Subject may provide his consent to receive advertisement on the Programme Owner’s website or in the Edenred card Pro application.

6. The purpose of the data processing, the scope of data processed, the term of data processing


6.1. Data processed for the purposes of complying with the Client GTC
6.1.1. Programme Owner as Data Processor processes the following data in order to comply with the Client GTC i.e. the provision of the Service to the Client:
– Data Subject’s surname;
– Data Subject’s forename;
– Name on card, 21 characters at maximum;
– Date of birth;
– Permanent address (zip code, city, name and type of public area, house number);
– Mailing address, if different from permanent address (zip code, city, name and type of public area, house number);
– Data Subject’s e-mail address;
– Data Subject’s mobile phone number
– Amount, value to be credited;
– Card serial number;
– In case of foreign Data Subject, the place of residence in Hungary;
– Address of the Data Subject’s workplace.

6.1.2. Personal data would be processed by the Programme Owner as Data Processor in connection with manufacturing the Card and the administration on the crediting and usage of the Card.

6.1.3. The Programme Owner will process the Data Subject’s data until the period required to achieve the purpose of the Client GTC, i.e. for the total duration of the Service and 5 years following its termination (until the limitation period of the possible claims concerning the Service).

6.2. Data processed for the purposes of complying with the Card Holder GTC
6.2.1. The Issuer processes the following data in order to comply with the Card Holder GTC i.e. the provision of his Service by the Issuer to the Card Holders:
– Data Subject’s surname;
– Data Subject’s forename;
– Name on card, 21 characters at maximum;
– Date of birth;
– Permanent address (zip code, city, name and type of public area, house number);
– Mailing address, if different from permanent address (zip code, city, name and type of public area, house number);
– Data Subject’s e-mail address;
– Data Subject’s mobile phone number
– Amount, value to be credited;
– Card serial number;
– Data of the transaction.
– In case of foreign Data Subject, the place of residence in Hungary;
– Account history;
– Address of the Data Subject’s workplace;
– Bank account number.

6.2.2. The Issuer will process the Data Subject’s data until the period required to achieve the purpose of the Card Holder GTC, i.e. for the total duration of the Service and 5 years following its termination (until the limitation period of the possible claims concerning the Service).

6.3. Data processed for reasons of customer due diligence, and the term of data processing

6.3.1. For the purpose of customer due diligence, as well as the fulfilment of the relevant legal obligations, the Issuer shall handle the following data:
– Data Subject’s surname;
– Data Subject’s forename;
– Data Subject’s surname at birth;
– Data Subject’s forename at birth;
– Nationality,
– Place and date of birth;
– Mother’s birth name
– Permanent residence
– Habitual residence in case there is no permanent address Type of the personal identification document,
– Number of personal identification document

6.3.2. The Issuer will process the Data Subject’s data for the period required for the fulfilment of its relevant legal obligations, i.e. for the total duration of the Service and 8 years following its termination.

6.4. Data processed for reasons of marketing / sending of advertisements, and the term of data processing

6.4.1. During the data processing for advertisement purposes, the Programme Owner will send advertisements via phone (text message) or e-mails or push notifications (pop-up messages on mobile phones) to the Data Subject concerning the products of the Programme Owner, the Edenred Group and the Participating Vendors, and on the incidental campaigns, according to the Data Subject’s consent.

6.4.2. For this purpose it processes the following data:
– Data Subject’s surname;
– Data Subject’s forename;
– Data Subject’s e-mail address;
– Data Subject’s mobile phone number

6.4.3. The Programme Owner keeps record of the personal data of Data Subjects having made declaration of consent regarding the receipt of advertisements.

6.4.4. For sending advertisement, the Programme Owner keeps on processing the personal data processed per the declaration of consent provided by the Data Subject until revocation. The Data Subject can give his declaration of consent by ticking the relevant checkbox on the Programme Owner’s website or the Edenred Card Pro application. The Data Subject may revoke his consent at any time via the unsubscribe link at the bottom of the marketing letter sent to the provided e-mail address.

7. Data processing


The Issuer and the Programme Owner will transmit and disclose the Data Subject’s data to the members of the Edenred Group² and its contractual partners³

(including natural persons) in the course and for the purpose of and to the extent required for providing the Service, in relation to the card use.

7.1. Data Processors belonging to the Issuer and the Programme Owner’s contractual partners employed for complying with the provision of the Service, and for performing the marketing / promotional activity, who will process the Data Subject’s data are:

  • Edenred Magyarország Kft.: (registered office: H–1134 Budapest, Váci út 45.), purpose of data processing: contribution in the customer due diligence and identification activities, operation of the systems connected with the provision of Service and assistance
  • Programming Pool Romania (registered office: Strada Transilvaniei 18A, Baia Mare, Romania)
    purpose of data processing: supply of software supporting services related to the Card, IT support
  • Idemia Hungary Kft. (registered office: Tó-Park, lot nr.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary)
    purpose of data processing: manufacturing of cards;
  • Y-Collective Kft. (registered office: H–7628 Pécs, Arany János u. 24., Hungary)
    purpose of data processing: extranet operation, processing of card orders, operation of website and Edenred Mobile Application;
  • Y-Shift Kft. (head office: H–7636 Pécs Arany János utca 24., Hungary)
    purpose of data processing:
  • The Rocket Science Group LLC d/b/a MailChimp (head office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA)
    purpose of data processing: data processing for marketing purposes – sending of newsletters, Sending of information e-mails concerning the Card services (system messages, amendment of the GTC, update of the Edenred Mobile application)


8. Data transfer to third country


The Rocket Science Group LLC d/b/a MailChimp possesses a Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) qualification created according to the data protection framework agreement between the US and the EU, therefore, per Article 45 (1) of the GDPR, personal data may be transferred to it, ensuring an adequate level of protection.

9. Data security, parties entitled to obtain the data


9.1. The Issuer and the Programme Owner shall delete the Data Subject’s data upon the expiry of the data handling period.

9.2. The Issuer and the Programme Owner will ensure the security of the processed data and takes any measure against unauthorised access, modification, forwarding, disclosure, erasure or destruction, accidental destruction and deterioration, and inaccessibility due to the change of the technology applied, i.e. in order to ensure an adequate protection of the Data Subjects’ personal data per the legislation.

9.3. The Issuer and the Programme Owner processes the Data Subject’s data automatically and manually in a computer database applying the measures necessary for maintaining the data security requirements, and it has arranged to have the processing of the Data Subject’s data within a closed system protected by password in any event and saved in a hard disk, and that these systems would be used by those authorised to know the data exclusively in relation to the provision of the service, in a strictly necessary extent.

9.4. Those authorised to know the personal data are the Issuer and the Programme Owner (the Issuer and the Programme Owner’s employees employed in a post that manage matters concerning the card use), the members of the Edenred Group, and the Programme Owner’s contractual partners. The computer systems are equipped with firewall and appropriate anti-virus software.

9.5. The Issuer and the Programme Owner accomplishes the technical inspection of the system and takes prompt action in case any fault is detected or indicated.

9.6. The Issuer and the Programme Owner ensures to provide complete information about the data protection rules to those authorised to access the data. As a guarantee to data security, the senior executives and employees of the Issuer and the Programme Owner are bound by obligation of confidence and legal liability concerning the personal data learned in this regard.

_______________
²The members of the Edenred Group are listed on the www.edenred.hu website, as modified from time to time.
³In the course of providing the Service, Edenred shall be entitled to unilaterally employ other data controllers at any time. The list of data controllers is available at the www.edenredkartya.hu, as modified from time to time.

10. The Data Subject’s rights and remedies


10.1. At the Data Subject’s request, the Issuer and the Programme Owner shall provide information on [Article 15 (1) of the GDPR; right of information]:
– the way how the personal data of Data Subjects are processed,
– the purposes of the processing,
– the categories of recipients to whom the personal data are transferred,
– the term of processing,
– the rights and legal remedies.

10.2. Before initiating the procedures regulated in this section, the Data Subject is entitled to call upon the Issuer and the Programme Owner with his claim (to be submitted electronically) in order to eliminate his anxieties concerning the data processing and to restore legality. The Issuer and the Programme Owner shall examine the claim within a month, makes a decision on whether it is well-founded and informs the Data Subject electronically in writing. If the Issuer and the Programme Owner ascertains the grounds for the Data Subject’s claim, restores the legality of data processing or ends the data processing, including further data recording and data transmission. In this case, the Issuer and the Programme Owner may no longer process the Data Subject’s personal data unless the Issuer and the Programme Owner demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims. The Issuer and the Programme Owner will communicate the claim and the relevant actions taken, to those to whom he transmitted the data concerned by the claim.

10.3. At the Data Subject’s request, the Issuer and the Programme Owner will make available the duplicate copy of the personal data in a commonly used electronic format or any other format chosen by the Data Subject. [Article 15 (3) of the GDPR; right of access, right of the issuance of duplicates].

10.4. At the Data Subject’s request, his personal data will be modified, rectified. Moreover, we also provide a possibility to rectify the personal data via the user profile. [Article 16 of the GDPR; right of rectification]. The exercise of the Data Subject’s rights regarding his access to his own data and the rectification of his personal data, the Data Subject may call upon the Issuer and the Programme Owner in an e-mail sent to the addresses adatkezeles-hu@edenred.com or dpo.hungary@edenred.com.

10.5. At the Data Subject’s request, the Issuer and the Programme Owner will erase the Data Subject’s personal data. The Issuer and the Programme Owner may refuse to comply with the request due to reasons included in Article 17 (3) of the GDPR, e.g. in the case when personal data are required for proposing or vindicating a legal claim, or for the compliance with the obligation per the law of the Union or a member state to be applied to the Issuer and the Programme Owner, or out of public interest or for exercising the right of freedom of expression and information. [Article 17 of the GDPR; right of erasure].

10.6. The Data Subject may cancel his declaration of consent to the communication of advertisements may be cancelled at any time without restriction and justification, free of charge, and he may also make a claim regarding the prohibition of receiving advertisements. In this case, the Issuer and the Programme Owner immediately erases the Data Subject’s name and any personal data from the records and will no longer send any advertisement to the Data Subject. This can be achieved by filling a notice of withdrawal either on the post, by sending a letter to the Programme Owner’s head office, or electronically by sending an e-mail to adatkezeles-hu@edenred.com or dpo.hungary@edenred.com, and in the settings on the Issuer and the Programme Owner’s website, or in the Edenred mobile application (Edenred Card Pro) [right of withdrawing the consent]. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

10.7. The Data Subject is entitled to request the restriction (blocking) of processing personal data
– should he contest the accuracy of the personal data, he may request the blocking of the data until the Issuer and the Programme Owner
checks the accuracy of the personal data;
– if processing is unlawful and the Data Subject opposes the erasure of the personal data, and requests the restriction of their use instead;
– The Issuer and the Programme Owner no longer needs the personal data, but it is required by the Data Subject for the establishment,
exercise or defence of legal claims [Article 18 of the GDPR; right to restriction of processing (blocking)]
– The Issuer and the Programme Owner complies with the request of blocking by storing the personal data separated from all other
personal data. Thus for example, in the case of electronic files, it saves them on an external data carrier, or transfers personal data stored on
paper in a separate folder. With the exception of storage, the Issuer and the Programme Owner will only process such personal data with
the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural
or legal person or for reasons of important public interest of the Union or of a Member State. The Issuer and the Programme Owner shall
advise the Data Subject in advance about the release of the restriction of processing.

10.8. The Data Subject is entitled to receive his or her personal data in a structured, commonly used and machine-readable format, and has the right to transmit these data to another controller. In addition, at a relevant explicit request, the Issuer and the Programme Owner ensures the direct transmission the Data Subject’s data to a Processor specified by the Data Subject. [Article 20 (1) and (2) of the GDPR; right to data portability].

10.9. The Issuer and the Programme Owner will inform the Data Subject on the actions taken within one month from receiving the Data Subject’s request. The Issuer and the Programme Owner shall inform You within one month from receipt of the request about the reasons of the refusal and about the opportunity of lodging a complaint with the Authority and seeking a judicial remedy.

10.10. The exercise of this right is free of charge. In certain cases the Issuer and the Programme Owner may charge a fee based on administrative costs, or refuse to take action on the basis of the application, if the Data Subject requests a copy of his or her data, or if the Data Subject’s application is clearly ungrounded or – especially on account of its repeated nature – exaggerated.

10.11. The Issuer and the Programme Owner retains the right to request further information necessary for the confirmation of the Data Subject’s identity, should it have doubts about the identity of the person who submitted the request. Such a case is when the Data Subject exercises his right of requesting a duplicated copy, in which case it is reasonable from the Issuer and the Programme Owner to check if the request has come from the authorised person.

10.12. Should the Data Subject consider that the Issuer and the Programme Owner offended his right to the protection of personal data, or should the Issuer and the Programme Owner perform an illegal data processing, he may initiate the procedure of the Authority. Contact details of the Authority: postal address: H–1530 Budapest, P.O. box: 5, e-mail address: ugyfelszolgalat@naih.hu, phone: +36 (1) 391-1400, website: www.naih.hu.

10.13. Should the Data Subject consider that the Issuer and the Programme Owner offended his right to the protection of personal data, he may initiate a legal hearing and may demand the reimbursement of the damage caused to the Data Subject by the illegal processing of his data or by violating the data security, or, in case of the violation of a personality right, the payment of a restitution. In the event of a judicial enforcement, the Data Subject may start the action at the court of his or her residence or habitation.

11. Miscellaneous provisions


11.1. Should the Programme Owner modify the GTC with an influence on the Data Processing Policy, it shall place an appropriate announcement on the website and shall send the modified policy to the e-mail address provided by the Data Subject so that the Data Subject may study it.

11.2. Where the Issuer and the Programme Owner intends to further process the personal data for a purpose other than that for which the personal data were obtained, it will provide the Data Subject prior to that further processing with information on that other purpose and with any relevant further information.

11.3. If the Issuer and the Programme Owner shall inform the data subject at the latest on the first occasion of disclosing the data also to other recipient(s).

Enters into force on: Budapest, 7 December 2018

1. Definitions

1.1. ‘Data Controller’: The customer of the complex service provided by the Programme Owner to the Client under these GTC, in connection with the issue and use of the Card.

1.2. ‘Processor’: The Programme Owner

1.3. ‘GDPR’: DIRECTIVE 2016/679/EU OF 27 APRIL 2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on repealing Directive 95/46/EC (“Directive”).

1.4. ‘Applicable Law’ means Hungarian statutes created according to or having regard to the GDPR or the explicit authorisation provided by the GDPR, other data protection statutes, or the documents issued by the National Authority for Data Protection and Freedom of Information (NAIH), or codes of conduct concerning the Processor.

1.5. ‘Demand’ is any petition, claim, announcement handled as factual claim, demand or procedure.

1.6. ‘Damage’ is any claim, loss, damage, expense, penalty, fine, fee, imposition, amount adjudged to a third party, costs and any other (predictable or potential) obligation, including direct, indirect or consequential damages.

1.7. ‘Personal Data’ means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.8. ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.9. ‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1.10. ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.11. ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.12. ‘Personal Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

1.13. ‘Data Processing Appendix’ means an appendix becoming part of this Contract as of the time accepted and specified by the parties as the effective date, that determines the data processing concerning this Contract.

1.14. ‘Service’ means the services provided by the Data Processor in the framework of the Service Agreement concerning the processing of personal data – according to description in the applicable Data Processing Policy.

1.15. ‘Data Subject’s Exercising of Rights’ is a request submitted by the data subject, with the purpose of information, access to his personal data (including the request for duplicated copy), modification, erasure (including the right to be forgotten), the restriction of the data processing, data portability, or for the Data Subject’s protest against the data processing.

1.16. ‘Third Country’ means any of the countries not being an EEA member state (member states of the EU, Iceland, Lichtenstein, Norway).

2. Subject and Term

2.1. The subject of this Contract is to specify the conditions concerning the Services to be performed by the Data Processor on behalf of the Data Controller.

2.2. Any data processing activity to be performed by the Data Controller shall be explicitly specified in the Data Processing Appendix.

2.3. This Contract enters into force on the effective date, and terminates after the Processor has erased any personal data having handled per this Contract and hands over a certified copy of the minutes recorded on this fact to the Controller.

3. Compliance of the Processor with the GDPR

3.1. The Processor guarantees to have expert level knowledge, reliability and resources to perform the technical and organisational actions that ensure the requirements of the GDPR, including the security of data processing.

4. Extent of the work

4.1. The sole purpose of the processing of personal data by the Controller is to provide Services according to the GTC.

4.2. The processing of the personal data by the Processor is performed in the framework of this Data Processing Contract and only to the extent the Processor was ordered by the Controller, and exclusively concerning the Service. The Processor processes personal data on behalf of the Data Controller.

4.3. The Processor must not process or use personal data for any other purpose to a degree that goes beyond what expected and necessary for the provision of the Services, not including services provided per the Card Holder GTC concluded between the Programme Owner and the Card Holders.

5. General Obligations of the Processor

5.1. The Processor shall always be suitable for proving its compliance with the GDPR, especially as regards the identification of the risk related to the processing, their assessment in terms of origin, nature, likelihood and severity, and the identification of best practices to mitigate the risk.

5.2. The Processor shall observe the Governing law. The Processor shall provide all forms of cooperation and support and provide any information demanded by the Controller in order to prove its compliance with the Governing law and the performance of its obligations, as well as to cooperate with the NAIH or the supervisory authority conducting the proceedings and to execute its orders or decisions by being able to meet the deadline specified by the NAIH or the supervisory authority.

5.3. The Processor processes the personal data only on documented instructions from the Controller, unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

5.4. The Processor guarantees that employees or other persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

5.5. The Processor guarantees that employees or other persons authorised to process the personal data have received adequate training concerning the maintaining, protection and processing of personal data.

5.6. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

5.6.1. actions that inhibit unauthorised persons to access the data processing systems that process or use personal data;
5.6.2. actions that inhibit data processing systems to be used without permission;
5.6.3. actions that ensure that persons authorised to use data processing systems may only access personal data in regard of which they have right of access, and that personal data may not be read, copied, modified or erased during the processing or use of data and after their storage;
5.6.4. actions that ensure that personal data may not be read, copied, modified or erased during electronic transmission or transport;
5.6.5. actions that ensure that ensure checking and ascertaining if personal data were entered to the data processing systems, they were modified or erased, and by whom;
5.6.6. actions that ensure that the processing of personal data by the Processor is performed strictly in accordance with the Controller’s orders;
5.6.7. the pseudonymisation and encryption of personal data;
5.6.8. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
5.6.9. the ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident;
5.6.10. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

5.7. The Processor shall store personal data processed on behalf of the Controller at least logically separated from personal data processed on behalf of third parties, and it also seeks the physical separation of personal data processed on behalf of the Controller.

5.8. In assessing the appropriate level of security, the Processor shall take into account in particular the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

5.9. The Processor shall take actions to ensure that any natural person acting under the authority of the Controller or the Processor who has access to personal data does not process them except on instructions from the Controller, unless he or she is required to do so by Union or Member State law.

5.10. The Processor agrees and guarantees that the security measures are suitable for protecting the personal data against casual or illegal destruction or casual loss, alteration, unjustifiable disclosure or unjustifiable access, especially if the data processing includes the transmission of data via the network, moreover against any other unjustifiable form of data processing, and guarantees that these measures ensure a level of data security matching the risks that originate from the characteristics of the personal data to be protected, taking into account the state of the art and the costs of implementation.

5.11. The Processor takes into account the nature of the data processing, and, if possible, assists the Controller with adequate technical and organisational actions in complying with its obligation to answer the requests concerning the practice of the Data Subject’s rights included in the Applicable Law.

5.12. The Processor actively assists the Controller in ensuring the compliance with the obligations per the Applicable Law, including the answering of the requests concerning the practice of the Data Subjects’ rights included in the Applicable Law.

5.13. The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the Applicable Law or other Union or Member State data protection provisions.

5.14. The Processor makes available to the Controller all information necessary to prove the compliance with the obligations laid down in the Applicable Law, and to authorise and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

5.15. After terminating the provision of Service relating to processing of data, according to the nature of the data processing Controller’s order, the Processor deletes or returns all personal data to the Controller, and deletes any existing copies unless Union or Member State law requires storage of the personal data. Inasmuch as the Processor is ordered by the law of the Union or the member state to store personal data, the Processor shall prove the Controller by an adequate document justifying this, the further storage of the personal data processed by the Controller, immediately or at least 5 working days from acknowledging this.

5.16. Should the Processor by any reason not be able to comply with, or foresees not to be able to comply with its obligations per this Contract or the Applicable Law, it shall commit to expeditiously, or at least within 3 working days, notify the Controller about this fact.

5.17. The Processor shall keep record of any data processing activity performed on behalf of the Controller, including at least the following:

5.17.1. the nature and purposes of the data processing, the term of the data processing, the types of personal data and the categories of the Data Subjects;
5.17.2. if applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and the documentation of suitable safeguards;
5.17.3. the description of the technical and organisational safety measurements.

5.18. The Controller shall not be held liable if the Processor keeps the data processing records per the GDPR or does not make it available at the request of the supervisory authority.

5.19. The Processor has sole responsibility in sizing up whether they shall assign a data protection officer per the Applicable Law.

6. Requisitioning Additional Processors

6.1. The Controller grants the Processors a general authorisation to recruit additional processors concerning the data processing procedures strictly essential for providing the Service. The Processor undertakes to inform the Controller on any additional processor.

6.2. Where a Processor engages additional processors for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this Data Processing Contract shall be imposed on that other processor by way of a contract, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Applicable Law.

6.3. The Processor shall check the correspondence of the additional processors requisitioned by the Processor to the requirements of this Data Processing Contract (especially Section 5) and the Applicable Law.

6.4. Should the processor requisitioned by the Processor not comply with his data protection obligations, the Processor retains full responsibility to the Controller in complying with its further processing obligations.

7. Order of Relations and Instructions

7.1. The Controller undertakes to inform the Processor on the name, e-mail address and phone number of the Controller’s Contact Person(s) within one working day from the conclusion of the Contract. On behalf of the Controller, the Controller’s Contact Person(s) is/are authorised to give instructions concerning the data processing, and the Processor shall communicate this Contact Person(s) its observations. The Controller undertakes to provide information to the Processor about the change in these data within one working day from the occurrence of the change.

7.2. The Data Processor undertakes to inform the Processor on the name, e-mail address and phone number of the data processor’s Contact Person(s) within one working day from the conclusion of this Contract. The Controller shall address its instructions regarding this Contract to the Processor’s Contact Person(s). The Controller undertakes to provide information to the Processor about the change in such data within one working day from the occurrence of the change.

7.3. The Parties agree to have the e-mail as a primary form of communication concerning this Data Processing Contract, and the instructions given by the Controller in e-mail constitute a suitable form of communication. The Processor is entitled to request to receive the instruction by post beside the e-mail, or it may also initiate – having regard to extension or character of the instruction – it may also initiate the amendment of this Contract. Inasmuch as the Controller’s Contact Person gives oral instructions to the Processor due to the nature or urgency of the measure, it shall subsequently confirm the oral instruction in e-mail or in writing within three working days.

7.4. The Processor undertakes to notify the Controller’s Contact Person within one working day if:

7.4.1. any request from a public authority concerning the processing or transmission of personal data covered by this Contract is received, unless the notification of the Controller is expressly prohibited by the law;

7.4.2. a request directly from the Data Subject or a third party is received concerning the Data Subject’s exercising of his rights.

7.5. In case of a personal data breach or any pressing case at the Processor’s discretion, the Processor undertakes to phone the Controller’s contact person and inform him about the breach or pressing case. In case of a personal data breach, the contacting will not concern the Processor’s obligations per Section 8.

8. Reporting of a Personal Data Breach

8.1. The Controller shall document any personal data breach, reporting the facts relating to the personal data breach, its effects and the remedial action taken, in a manner that the document will enable NAIH or the competent supervisory authority to control the correspondence to the Applicable Law, in which the Data Controller shall cooperate to the maximum extent possible.

8.2. In case of a personal data breach, the Processor shall notify the Controller without undue delay and not later than within 24 hours after becoming aware of a personal data breach and cooperate with the Controller during the notification of the competent supervisory authority.

8.3. The Data Controller shall report the following within 24 hours:
8.3.1. the nature of personal data breach (accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data)
8.3.2. name and contact details of the data protection officer or other contact point where more information can be obtained.

8.4. The Processor may not decide that the personal data breach would not result in a risk concerning the rights and freedoms of natural persons.

8.5. Should the Processor fail to notify the Controller within 24 hours, the Processor shall advise the Controller on the reasons of the delay.

8.6. Concerning the personal data breach, the Processor shall notify the Controller without delay on the following as soon as the specific circumstances are clarified:

8.6.1. detailed description of the personal data breach
8.6.2. the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
8.6.3. the name of each person concerned (or if this is not possible, the number of data subjects and records / databases including personal data);
8.6.4. name and contact details of the data protection officer or other contact point where more information can be obtained.
8.6.5. the probable outcomes of a personal data breach;
8.6.6. measures taken or proposed to be taken by the Controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

8.7. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller may not inform the Contact Person or the supervisory authority on the personal data breach without firstly consulting with the Controller and acquiring its explicit prior consent, unless the default periods to be observed make it necessary.

9. Data Portability

9.1. With respect to the legal grounds described in Appendix I to the Data Processing Contract, the Data Processor shall assist the Data Controller in fulfilling its obligations in relation to data portability by performing all the data processing activities on behalf of the Data Controller in manner that ensures the rights of the Data Subjects to receive the personal data that pertain to them, and they have made available to the Data Controller or Data Processor in a structured, broadly used, machine-readable format, as well as to forward these data to any other Data Controller/Data Processor without being hindered by the Data Controller/Data Processor in such activities.

10. Transparent Information, Communication and Modalities for the Exercise of the Rights of the Data Subject

10.1. The Data Processor shall actively support the Data Controller in fulfilling its obligation to provide the Data Subjects with all advise and every piece of information in relation to the control of personal data in a concise, transparent, understandable and easily accessible form, by using a clear and comprehensible language.

10.2. The Data Processor shall provide such information in writing or in any other manner, including – as the case may be – electronic routes of communication.

10.3. The Data Processor may not enter into communication with the Data Subjects without firstly consulting with the Data Controller and acquiring its explicit prior consent, unless the statutory deadlines to be observed make it necessary.

11. Right of Access by the Data Subject

11.1. Upon the request of the Data Subjects, the Data Processor shall actively support the Data Controller in fulfilling its obligation to confirm whether or not the processing of personal data in relation to certain Data Subjects is in progress, and – in any given case – grant access for the Data Subjects to their personal data and information.

12. Data Protection Impact Assessment

12.1. The Data Processor shall give assistance to the Data Controller in performing impact assessments, and in this process act in cooperation with the Data Processor, introduce data protection risk mitigation measures in the context of such cooperation.

12.2. As required or within 3 business days following any change when it is necessitated by changes in the risks imposed by the data processing operations, the Data Processor shall conduct a review to assess whether data processing is in line with the data protection impact assessment.

13. The Data Subjects’ Rights of Rectification, Erasure or the Restriction of Data Processing

13.1. The Data Processor shall actively support the Data Controller in fulfilling its obligation without unreasonable delay to

13.1.1. rectify inaccurate personal data;
13.1.2. amend any incomplete personal data;
13.1.3. erase personal data,
13.1.4. restrict the processing of data.

13.2. In the event of any erasure, the Data Processor is obliged to make the data unrecognizable in a manner preventing all restoration, and confirm the execution of such erasure towards the Data Controller, in the form of a written notice sent to the Contact Person of the Data Controller.

13.3. If the Data Controller receives any data subject request defined in Article 18 (1) a) of the GDPR, then upon the Data Controller’s instruction, for the period specified therein, the Data Processor shall restrict the processing of data in the system, and in particular temporarily suspend all access authorities with the exception of those who are involved in the administration of the data subject request on behalf of the Data Controller or Data Processor.

13.4. If the Data Controller receives any data subject request defined in Article 18 (1) b)–d) of the GDPR, then upon the Data Controller’s instruction the Data Processor shall copy the personal data specified in the Data Controller’s instruction to the data carrier provided by the Data Controller, and the Data Processor shall erase the same data from tis system. In the event of any data subject request defined in Article 18 (1) d) of the GDPR, the Data Controller may as well decide to have the Data Processor act within the meaning of Subsection 13.3.

13.5. In case the Data Processor receives directly from the Data Subject Enquiries concerning the Exercise of Rights of the Data Subject, the Data Processor is required to forward such enquires promptly to the Data Controller, and may respond to the Data Subject solely with the Data Controller’s written consent.

14. Liabilities

14.1. The Data Processor shall be liable for all Damage that arises from the violation of the obligations set out in this Contract or the Governing Law.

14.2. The Data Processor warrants to compensate the Data Controller for all Damage that arises from the violation of the obligations set out in this Contract or the Governing Law.

15. Jurisdiction, Governing Law

15.1. The courts of justice that are competent at the Data Processor’s registered address shall be exclusive competence to decide on all the legal disputes originating from or connected with this Contract.

15.2. This Contract shall be interpreted, and the rights of the Parties shall be determined in line with Hungarian law, with the exclusion of the application of the rules pertaining to the conflict of laws.

16. Miscellaneous Provisions

16.1. If any competent court of justice or administrative court resolves that any provision of this Contract is invalid or null and void, the Parties shall enter into negotiations with each other in good faith in order to find such a provision for replacement that corresponds to the provision deemed to be invalid or null and void to the largest extent allowed under the governing law. Accordingly, the same shall be applicable to cases when this Contract fails to set forth provisions in relation to any subject-matter beyond the consequences of the Parties’ associated intentions. The invalidity or nullity of any provision of this Contract shall not affect the validity and enforceability of the remaining provisions of this Contract.

16.2. The Data Processing Contract, including Appendix I hereto, shall form the entire agreement of the Parties in the subject-matter hereof, and override all the earlier agreements, arrangements and negotiations of the Parties to this end.

16.3. The rights and obligations set out in the provisions of this Contract shall be applicable to the Parties, as well as the legal successors and assignees of the Parties.

16.4. Any delay or omission in the exercise of any right, competence, remedy or any other legal option may not be deemed as a waiver or cannot serve as legal grounds for such a waiver from the given right, competence, remedy or other legal option.

16.5. This Contract covers the Parties’ entire agreement concerning the subject-matter hereof. This Contract may be replaced or amended solely by a written deed to which all the Parties have given their consent. The same shall be applicable to the requirement of the application of written forms of communication.

Appendix I
Data Processing Appendix

In the framework of the Contract made with the Data Controller, the Data Processor shall provide the following services:

The Data Processor shall render services to the Data Controller wherein such non-transferable microchip plastic cards shall be issued that are protected with PIN codes, and where the Electronic Money covered by the amount of money having been transferred by the Client in advance to the Programme Owner, in relation to the given card is recorded, and that can be used for paying the full or partial consideration for goods sold or services rendered by the Participating Vendor.

This Data Processing Appendix defines the types of the personal data handled by the Data Processor, as well as the purposes for which the Data Processor processes these personal data.

NATURE AND PURPOSE OF DATA PROCESSING:

To provide complex services to the Client by the Data Processor in connection with the issue and use of the Card.

DURATION OF DATA PROCESSING:

Until the cancellation of the contract between the Data Controller and the Data Processor.


TYPES OF PERSONAL DATA, CATEGORIES CONCERNED:

Data content of card order to be provided

  • Card Holder’s last name
  • Card Holder’s first name
  • Name on card, 21 characters at maximum
  • Place and date of birth
  • Permanent address (zip code, city, name and type of public area, house number)
  • Mailing address, if different from permanent address (zip code, city, name and type of public area, number)
  • Cardholder’s e-mail address
  • Card Holder’s mobile phone number
  • Amount to be credited
  • Name and address of the Card Holder’s workplace

Data content of card crediting to be provided:

  • Card Holder’s last name
  • Card Holder’s first name
  • Card serial number
  • Card crediting value

ESTIMATED VOLUME OF THE PROCESSED PERSONAL DATA:

1–10,000

FURTHER DATA PROCESSORS:

PrePay Solutions Ltd. (member of the Edenred group; head office: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom).

Idemia Hungary Kft. (registered office: Tó-Park, lot nr.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary), purpose of data processing: manufacturing of cards;

Programming Pool Romania (registered office: Strada Transilvaniei 18A, Baia Mare, Romania), purpose of data processing: supply of software supporting services related to the Card, IT support

Y-Collective Kft. (registered office: H–7628 Pécs, Arany János u. 24., Hungary), purpose of data processing: extranet operation, processing of card orders, operation of website and Edenred Mobile Application; IT support activity

The Rocket Science Group LLC d/b/a MailChimp (head office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA)
purpose of data processing: data processing for marketing purposes – sending of newsletters, Sending of information e-mails concerning the Card services (system messages, amendment of the GTC, update of the Edenred Mobile application)

GENERAL DESCRIPTION OF THE TECHNICAL AND ORGANISATIONAL SECURITY MEASURES THAT ARE DEFINED IN ARTICLE 32 (1) OF THE GDPR:

The Data Processing Contract describes the technical and organizational security measures taken.

Please read this Contract carefully before using your card. The below information sets out the General Terms and Conditions (GTC) pertaining to your Card and regulates the legal relationship between you and the Issuer. Plural first person pronouns pertain to the Issuer. By using the Card, you accept the conditions set out in this Contract. With respect to matters relating to the interpretation of the Contract, or if you do not agree to any provision thereof, please contact our Customer Service at any of the contacts set out in Section 19 of the Contract.

1. DEFINITIONS
Account: the function recording the amount of money available and assigned to your Card (not a deposit, savings or other bank account);
Contract: the electronic form completed by the Cardholder and accepted by the Issuer, the entry of the unique code for entering into the contract sent by the Issuer, as well as the contract itself established as a result of the Activation the terms and conditions of which are set out in these Cardholder GTC and the updated versions of the same released from time to time;
Activation: the operation executed at the website www.edenredkartya.hu or by using the Edenred Mobile application available on IOS and Android, during which the Cardholder can perform the process required for using the Card issued to the Cardholder and can enter the Contract by using the unique code for entering into the contract as well as complete the steps required for the customer due diligence.
Edenred Mobile application: The Programme Owner’s Edenred Mobile application which enables the Cardholders to enter the Contract, activate the Card and register their Edenred Cards electronically, as well as to trace their personal expenses.
Available Balance: value of the funds available on your Card for use;
HUF: Hungarian forint, the official currency of Hungary;
Electronic money: the amount embodied by the claim against the issuer of the electronic money that is stored electronically – including magnetic storing –, issued against the receipt of funds for the purpose of performing payment operations provided in the Act on the Pursuit of the Business of Payment Services and, beyond the issuer of the electronic money, also accepted by other natural and legal persons, economic entities without legal personality and individual entrepreneurs. The electronic money qualifies as a non-cash means of payment;
Card: any and all Cards issued to you under this Contract according to the Client GTC;
Card Number: the 16-digit card number found on the front side of your Card;
Cardholder: a private individual found eligible by the Company to use the Card entering into this Contract with us;
Fee: the fees and costs to be borne by the Cardholder in relation to the Card, contained in Section 10 of these GTC;
Company: the natural or legal person, institution or service provider participating in the Programme;
Contactless payment: A means of payment that enables the Cardholders to pay contactless by holding their card against the POS terminal reader. No PIN code is required for transactions not exceeding HUF 5,000;
Customer Service: the contact centre dealing with inquiries and requests for services in connection with your Card. The contacts of the Customer Service are provided in Section 19;
Full Deductible Amount: amount of the entire Transaction, including – in addition to the Transaction itself – all connected fees, expenses and taxes;
Inactivity: if no amount is credited to the Card for a period of 12 months or the Card is not used for any transactions;
Mastercard International Incorporated: Mastercard International Incorporated, a business entity with its registered office located at 2000 Purchase Street, Purchase, New York 10577 USA;
Mastercard Acceptance Mark: the logo of Mastercard International Incorporated, indicating that the Card is accepted at the place where it is displayed;
Edenred Acceptance Mark: the logo of Edenred, indicating that the Card is accepted at the place where it is displayed;
“Participating Vendor” or “Participating Business” is an entity accepting Edenred Cards from the Cardholders (or Partner Cardholders) in the case of the sale of products or the provision of services, and where the Programme Owner made accepting the Cards technically available, and who placed out the Mastercard or Edenred Acceptance Mark.
www.edenred.hu website, MyAccount: the interface on the Website where – following registration – you can access your own Account and view your Available Balance and Transaction History online. You can find up-to-date information about your account at the website www.edenred.hu. You need Internet connection to access the website;
PIN: personal identification number, PIN code;
POS: point of sale;
Programme: the Benefits Card Programme, in the scope of which the Card has been issued to you;
Programme Owner: Edenred’s Hungarian subsidiary, a business entity established in Hungary: Edenred Magyarország Kft.; registered office: H-1134 Budapest, Váci út 45., the Issuer’s payment intermediary;
Client: The Cardholder’s employer or business partner with whom the Programme Owner has entered into a contract under which the Card has been manufactured to the Cardholder.
Transaction: all POS and online commercial sales carried out with your Card, as well as the use of other services executed with ATMs and those offered by ATM machines that are enabled by the Programme Owner and the Issuer (depending on the type of the Card), such as cash withdrawal.
Issuer: PrePay Technologies Limited, a limited company registered in the UK under number 04008083; contact details: United Kingdom, PO BOX 3883, Swindon, SN3 9EA. PrePay Technologies Limited was registered under number 900010, its e-money issuer licence was issued by the Financial Conduct Authority (financial supervisory authority of the UK), also acting as its supervisory authority.
Website: the website www.edenredkartya.hu where you can access the information related to your Card and read these GTC;
Cardholder: the natural person found eligible by the Issuer and the Programme Owner to use the Card.

2. GENERAL PROVISIONS
2.1. Your Card is a card that can be repeatedly credited with Electronic Money. It is not a credit or debit card. The Available Balance does not earn interest and may not be used for savings, but for payment and operations executed with ATMs, and only in accordance with the conditions set out in this Contract and the Client GTC available on the website www.edenred.hu in all cases.
2.2. Your Card was issued based on the permission of Mastercard International Incorporated. This Card is anElectronic Money product that qualifies as a non-cash means of payment. The Electronic Money associated with this Card is provided by the Issuer. The Issuer’s electronic money issuing activity is regulated by the Financial Conduct Authority (UK). Your rights and obligations with respect to the use of the Card are regulated by this Contract concluded between You and the Issuer; You have no legal relationship whatsoever with Mastercard International or its affiliated companies. Crediting amounts to the Card is carried out based on the Client’s order with the Programme Owner’s assistance, in HUF, with the terms and conditions provided in this document and the Client GTC. It is the Issuer who authorises you to use your Edenred Card, exclusively for paying for the specified products and services enabled by the type of the Card, up to the amount available with regard to the Card concerned. The Card will remain in the Issuer’s ownership. Although your balance is your property (with the conditions and limitations specified in this document and the Client GTC), any and all legal rights/entitlements associated with the electronic money issued by the Issuer and the underlying accounting/record keeping system (e.g. intellectual property rights) shall remain in the ownership of the Programme Owner and/or the Issuer, shall not be transferred to you, and you shall have no (further) utilisation rights with regard to them.
2.3. The terms and conditions provided in these GTC were made in writing and are available only in Hungarian. We undertake to carry out all correspondences with you in matters concerning your Card or Account using the Hungarian language.

3. ENTERING INTO THE CONTRACT
3.1. By entering the code for entering into the contract in the dedicated interface during the course of electonic registration available at the www.edenred.hu website or in Edenred’s Mobile Application, the Cardholder expressly requests the establishment of the corresponding contract between the Cardholder and the Issuer by electronic means.
3.2. In the event of accepting the Cardholder’s offer for entering into a contract, the Issuer sends a unique ID to the Cardholder. Before entering into the Contract – upon the sending of the ID –, the Issuer complies with its obligation to provide prior information and sends to the Cardholder the Cardholder GTC and the Fees.
3.3. The Contract is established between the Issuer and the Cardholder if the code for entering into the contract is entered in the Programme Owner’s interface. The Contract is not established if the code for entering into the contract is not entered, thus the Cardholder will not be able to use the Card issued to him.
3.4. The Contract is established for an indefinite term, provided that only the Client can credit any amounts to the Card, meaning that the Contract is terminated after 6 years from the expiry date of the Card, and the thus remaining balance shall be due to the Issuer.

4. RECEIPT AND ACTIVATION OF YOUR CARD
4.1. You have to sign your Card immediately after receiving it.
4.2. The Card can be used solely following the establishment of the Contract and Activation. Upon Activation, please proceed as instructed in the information document attached to the Card received. No liability is borne by the Issuer and the Programme Owner for the failure to sign and/or activate the Card.
4.3. Pursuant to Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (‘AML’), the Issuer is obliged to conduct a customer due diligence and identification procedure with regard to all Cardholders. The Issuer complies with this obligation in the course of the Activation process.
4.4. In these GTC, the Cardholder undertakes and acknowledges that, pursuant to the AML, the Issuer is not obliged to activate the Card, or shall have the right to temporarily block it and suspend the provision of any related services until the customer due diligence is completed. The exclusions and limitations of the Issuer’s and Programme Owner’s liabilities set out in Section 15 of these GTC shall also apply to the denial of activating the Card or the temporary blocking of the same until the mandatory customer due diligence is completed, and any such measure taken by the Issuer and the Programme Owner may not be interpreted as defective performance under any circumstances.
4.5. After activating the Card, you will receive a 4-digit PIN code. Always keep your PIN code safe, do not disclose it to anyone and ensure that it is not readable by anyone when you enter it. We will not disclose your PIN code to third parties. If you forget your PIN code, please visit the website www.edenred.hu or open the Edenred Mobile Application, and choose the option to view your PIN code.
4.6. Please ensure that your Card is registered on the website www.edenred.hu. This is the way to use the service described herein.

5. USING THE CARD
5.1. Specific Card types may only be used at Participating Vendors that are in contractual relationship with the Programme Owner, or where the Programme Owner made it possible to accept the Card based on the acceptor’s Merchant Category Code (MCC). The enabled services for each Card type is specified in Section 5.7. The Programme Owner accepts no liability for cases when the card company classification of the terminals in the stores or store chains is different from what is expected or for any incidental changes in the classification of the stores. The balance of electronic money available with regard to a certain Card may only be used for the partial or full settlement of the consideration paid for the scope of products and services indicated on that Card. The Issuer and the Programme Owner shall not be responsible for the misuse of the Cards. Your Card and the Available Balance associated with it may be used only for Transactions executed in HUF, excluding redemption or conversion to cash or scriptural money.
5.2. Your Card is a card that can be credited repeatedly, which means that the Client may freely credit new funds to the balance of your Card. A transaction shall only be authenticated if the Full Deductible Amount is lower than or equal to the Available Balance on your Card. You will not be able to use your Card after its expiry date or if the Full Deductible Amount exceeds the Available Balance. If, for any reason, a Transaction is processed with a higher amount than the Available Balance on your Card, you shall repay to the Issuer the amount(s) by which the Full Deductible Amount exceeds your Available Balance within 14 days of the receipt of the invoice from the Issuer. If you fail to pay the amount within 14 days of the receipt of the invoice from the Issuer, the Issuer shall be entitled to take all measures necessary for the collection of the outstanding amount, including legal action and the suspension of the further use of the card.
5.3. You can authenticate the transactions to be carried out at the Participating Vendors by providing your PIN or – in the case of online Transactions – CVC code in each case. In the event of contactless transactions up to the amount of HUF 5,000, no PIN code is required for the authentication. You are responsible for all Transactions that you authenticate. You can also authenticate contactless transactions by holding your Card against an appropriate reader which supports such payments. Please keep in mind that, as a general rule, it is not possible to stop a Transaction once approved and received by the Issuer. The Issuer may reject Transactions if it finds them to be conflicting with the provisions of these GTC or be violiating the law (e.g. Transactions carried out with a stolen Card).
5.4. The Cardholder can query his available balanceat the website www.edenred.hu, in the Edenred Mobile Application or by Phone.
5.5. For security reasons, the Participating Vendors accepting your Card shall request authorisation via a POS or VPOS terminal from the Issuer for your Transactions. In some cases, a Participating Vendor may require that your Available Balance be higher than the value of the Transaction you intend to carry out. You will only be charged for the actual and final amount of the Transaction carried out. Merchants request this if they may require a larger amount of funds than which you wished to spend originally. For example:
5.5.1. Hotels and car rental – As Participating Vendors are not able to determine the amount of your final invoice preliminarily, they may request authorisation to deduct an amount of funds exceeding your Available Balance.
5.5.2. Participating Vendors on the Internet – Certain participating internet websites may send you a request for payment authorisation at the time of registration or the payment step in order to check availability of the funds; this may impact your Available Balance temporarily. Please note also that some websites do not charge the amount to be paid until the delivery of the goods. When viewing your Available Balance, please take into consideration such possible changes of the funds available, and determine based on that whether there is a sufficient amount on your Card to cover your purchases. The Card cannot be used for online payments where the currency of settlement is not HUF.
5.6. The Card cannot be used for the verification of identity.
5.7. The scope of services available with the Cards varies by Card type as follows:
5.7.1. Edenred Silver Card: it can be used for purchasing specific goods and services at the contracted participating business networks.
5.7.2. Edenred Gold Card: it can be used for purchasing all products and services available at participating businesses accepting Mastercard.
5.7.3. Edenred Platinum Card: it can be used for purchasing all products and services available at participating businesses accepting Mastercard, as well as for cash withdrawal.
5.7.4. Edenred special card: a Card with which the credited amount can be used at participating businesses accepting Mastercard selected according to the Client’s specific preferences.
5.8. You may not use your Card to redeem traveller’s cheques, have cash refunded from Participating Vendors or settle balances outstanding in connection with credit cards, bank overdrafts or loan agreements, gambling, dating or escort services.
5.9. The Available Balance on your Account does not earn interest.

6. CREDITING OF THE CARD
6.1. You cannot credit funds to your own Card. Only the Client shall be entitled to credit funds to the Card through the Issuer. If the Client wishes to credit further funds to your Card, then we will credit it to the Available Balance on your Card following the receipt of the Programme Owner’s order after the receipt of the Client’s payment by the Issuer.
6.2. You hereby acknowledge that the frequency of updating your Available Balance in accordance with Section 6.1 above will depend entirely on the Programme Owner’s and the Issuer’s ordinary course of business.

7. EXPIRY DATE OF THE CARD
7.1. The expiry date of your Card is printed on the Card’s front side. You will not be able to use your card after the expiry date.
7.2. The Programme Owner will send the Client electronically a written notification on the expiring cards 6 weeks preceding the expiry date of the Card. The Client shall indicate electronically in writing within 10 days of the receipt of the notification whether it intends to have the Card renewed. The Issuer will charge a fee for the re-manufacturing of the Card if renewed. The amount of the fee is included in the schedule on tariffs of the Client GTC. If the Client does not request the renewal of the Card, then the Issuer will irreversibly block the Cards recorded in its system following the expiry date of the Card. The Cardholder may request the redemption of the Electronic Money for a period of 6 years after the expiry date of the Card.
7.3. The balance on the Card is associated with a person, and may be used solely by the Cardholder. In the event of the Cardholder’s death, the balance forms part of the heritage, for the pecuniary splitting of which between the inheritors is governed by the grant of probate. The Client or the inheritor(s) of the Cardholder shall immediately inform the Programme Owner about the Cardholder’s death, thus it will suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. In case the Card Holder’s death is disclosed, the Programme Owner and the Issuer reserve the right to suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. Any liability concerning the transactions executed with the Card during the period between the Cardholder’s death and the time when the Programme Owner or the Issuer became aware of the same shall lie with inheritors. The inheritor(s) shall duly prove to the Programme Owner or the Issuer the completion of the probate procedure (in particular, a duplicated copy of the death certificate, the heritor’s ID card and residence card; in case the heritor is under-age, the injunction of the guardianship authority and the order of the liquidation of the heritage, including the amount on the Card as a heritage), within 90 days from the receipt of which it will make available to the heritor(s) in the form of a Card as provided in the grant of probate.
7.4. With regard to the Card, the Issuer may charge an inactivity fee specified in Section 10.

8. CARDHOLDER’S LIABILITY; AUTHENTICATIONS
8.1. We may restrict or deny the authentication of your Card if the Card is or may be used in breach of this Contract, or if we can suspect on reasonable grounds that you or a third party committed or intend(s) to commit a crime or other abuse in connection with the Card.
8.2. If we have to investigate a Transaction carried out with the Card, you are obliged to cooperate with us or – if necessary – any other official body.
8.2.1. Never:
8.2.2. let anyone else use your Card, or get access to it in any way;
8.2.3. write down your PIN code on your Card or anywhere else;
8.2.4. disclose or otherwise make available your PIN code to anyone else in writing, in a manner that it may be observed by others when entering the code or otherwise.
8.3. You are responsible for any Transaction that you authenticated via your signature, PIN or CVC code. In the event of contactless transactions, it is your responsibility to prove that no third person could access your Card.
8.4. You agree to hold harmless and indemnify us, our partners and any company belonging to the same company group as the above with regard to the expenses incurred by any legal action initiated in order to enforce these GTC, any breach of these GTC and/or the fraudulent use of your Card by you or authenticated by you.
8.5. The Cardholder may immediately – but not later than the day of the thirteenth month following the execution of the Transaction corresponding to the date of debiting the Card – initiate the rectification of the unapproved payment transactions or those approved but incorrectly executed. If the month of expiry does not contain the calendar day corresponding to the Date of Debiting, then the time limit for such rectification shall be the last day of the month.
8.6. The Cardholder expressly acknowledges and agrees that the Participating Business and/or the Cardholder shall be liable for any legal consequences arising from the unlawful use of the Card, and therefore the Programme Owner or the Issuer shall not have any liability in this regard.
8.7. If any reimbursement becomes necessary for the Cardholder under the legal relationship established between the Participating Business and the Cardholder, then – upon the written request of the Participating Vendor or the Cardholder and following the identification of the transaction – the Issuer and the Programme Owner execute the crediting, provided that if the payment for the Participating Business has already been executed, then it credits the amount to be reimbursed to the Cardholder’s Card only once the full amount is reimbursed by the Participating Vendor to the Issuer.
8.8. The Cardholder expressly acknowledges and agrees that the cancellation/modification of the transaction or the restoration of the original state may be initiated on real grounds and along with the Participating Business only, in the form of a jointly submitted unanimous declaration.
8.9. The Cardholder expressly acknowledges and agrees that the settlement or reimbursement between him and the Participating Business – as well as the related request and the resulting enforcement of claims – may not serve as a basis for offsetting upon settlement with the Programme Owner or the Issuer, thus on no legal grounds may the claims between the Participating Business and the Cardholder be enforced against the Programme Owner or the Issuer, who expressly and fully exclude any such liability.

9. LOST, STOLEN OR DAMAGED CARDS
9.1. You have to handle the Electronic Money on the Card in the same manner as the cash in your wallet. If you lose your Card or if it is stolen, the amount on it may be lost just as if it had been in your wallet.
9.2. In the event of loss, theft, fraud or any other threat that involves the risk that the Card may be used in an unauthorised manner, or if the Card is damaged or malfunctioning, contact the Customer Service immediately. You have to provide your Card number in order for the Customer Service to deal with your issue. Alternatively, you can arrange for the blocking of your Card at the website www.edenred.hu or in the Edenred Mobile Application. For this, you have to register your Card preliminarily at the website www.edenredkartya.hu.
9.3. Provided that you notified us in accordance with Section 9.2 and Section 9.4 does not apply, you will not be liable for losses incurred after the time you notified our Customer Service in accordance with the above. Before the notification, your liability for damages is limited in HUF 15,000. If there is Available Balance remaining on your Card after the notification, the Client may request the Programme Owner to replace your Card and that the last Available Balance be made available on the new Card.
9.4. If the reported event was caused by your breach of contract or your alleged conduct, or in case reasonable suspicion of fraudulent or improper conduct arises with respect to it, you will be held liable for all losses.

10. FEES
10.1. The following fees are charged during the use of the Card.
10.1.1. Monthly fee: the fee payable for the availability of the Electronic Money on the Card
10.1.2. Cash withdrawal fee: payable for cash withdrawal from ATM machines. Maximum amount of withdrawable cash: one-off limit: HUF 150,000, daily limit: HUF 300,000. The number of transactions on the same day is not restricted.
10.1.3. Inactivity fee: payable if no amount is credited to the Card for a period of 12 months or the Card is not used for any transactions;
10.1.4. Amenities fee: The fee payable for an ancillary service requested by the Cardholder, under which the Cardholder requests SMS notifications on any crediting to the Card and on the transactions.
10.1.5. ATM service fee: balance inquiry, payment of bills, unblocking of Cards, changing of PIN code
10.1.6. Account statement fee: payable if the Cardholder requests the postal delivery of printed account statements
10.1.7. Account closure fee: following the lapse of 5+6 years, the Issuer shall be entitled to enforce an account closure fee up to the amount of the remaining balance.
10.1.8. Redemption fee: The fee payable for the transferring of the Electronic Money upon the Cardholder’s request to the bank account appointed by the same. We proceed in accordance with the statutory provisions upon redemption. For information in this regard, please contact our Customer Service.
10.1.9. The Issuer forgoes the fee specified in Section 10.1.1 until 31 August 2019.
10.1.10. The Issuer forgoes the fees specified in Sections 10.1.4–10.1.7 until 31 December 2019.

Monthly fee Cash withdrawal fee Inactivity fee Amenities fee ATM service fee Account statement fee Account closure fee Redemption fee
Edenred Silver Card HUF 99/month HUF 499/month HUF 400/SMS HUF 100/transaction HUF 500 up to the amount of the remaining balance 6% of the transferred amount
Edenred Gold Card HUF 99/month HUF 499/month HUF 400/SMS HUF 100/transaction HUF 500 up to the amount of the remaining balance 6% of the transferred amount
Edenred Platinum Card HUF 99/month HUF 350/occassion HUF 499/month HUF 400/SMS HUF 100/transaction HUF 500 up to the amount of the remaining balance 6% of the transferred amount
Edenred Special Card HUF 99/month HUF 499/month HUF 400/SMS HUF 100/transaction HUF 500 up to the amount of the remaining balance 6% of the transferred amount

 

11. DISPUTED MATTERS
11.1. If you have reason to suspect that a Transaction for which your Card was used was unauthorised or was carried out on your Account by mistake, we will examine the Account and the circumstances of the Transaction, provided that you notify is within 13 months of the date of the Transaction. In this scope, we may require you to contact the relevant authorities in connection with the disputed Transaction.
11.2. If, based on the evidence available to us at the time when you report the unauthorised Transaction, we have no reasonable cause to assume that you failed to comply with the requirements of these GTC due to negligence or on purpose, or that you acted in a fraudulent manner, we will refund you all unauthorised Transactions.
11.3. However, if we receive information that suggests that the disputed Transaction was real, we will be entitled to deduct the value of any such Transaction from your Account.
11.4. We reserve the right not to refund you such amounts if you acted in breach of this Contract or if you did not report any possible fraudulent claims to the competent authorities.
11.5. If you entered into an agreement pursuant to which another person operating in the European Economic Area may deduct payments from your Card (e.g. if you disclosed your Card’s data to a Merchant for the purposes of payment), then – if all of the below conditions are fulfilled – you may request us to refund the payment which we will perform within 10 business days of the receipt of your request:
11.5.1. if the exact amount to be paid was not specified in the authorisation;
11.5.2. if the amount charged from your Account was higher than what you could have expected given the circumstances (e.g. based on your previous payment patterns); and
11.5.3. if you notify us regarding your refund request within 8 weeks of the date when the amount is charged from your Account.

12. COMPLAINTS
12.1. Any complaint made in connection with these General Terms and Conditions has to be reported first to the Programme Owner via the Customer Service mentioned in Section 19.
12.2. We handle all complaints in the scope of our own complaints procedure. Upon your request, we will provide you with a copy of the description of our complaints procedure.
12.3. The UK’s Financial Services Compensation Scheme (or any other deposit insurance system) shall not apply to the Card. However, we will protect your funds in the case of our insolvency.

13. AMENDMENTS
13.1. If any part of this Cardholder GTC conflicts with any legal or regulatory requirement, then we will not effectuate that part of the Contract, and we will consider it as if it reflected the provision contained in the relevant legal or regulatory requirement. If we have to make changes with respect to our operations before we are able to fully comply with the new legal or regulatory requirements, we will take the necessary steps as soon as reasonably practicable.
13.2. The Issuer shall be entitled to unilaterally amend the Contract without prior notification of the Client in a manner that is not adverse to the same. The amendments that are not adverse to the Cardholder shall be published by the Issuer at least 15 days before such amendments enter into force, and shall also disclose specific information on the amendment on the website www.edenred.hu .
13.3. The Issuer may not unilaterally amend the Contract by means of introducing a new fee or charge. Following the provision of preliminary information to the Cardholder, the Issuer shall be entitled to amend the Contract at the Cardholder’s disadvantage. The introduction of any Fee related to new services introduced by the Issuer shall not qualify as an amendment at the Cardholder’s disadvantage, if the amendment is not mandatorily applicable to the Cardholder or if it will apply only to those Cardholders who enter into a contract following the date of the amendment.
13.4. The Issuer informs the Cardholder about any amendments that are adverse to the Cardholders two months prior to the entry into force of such amendments on a durable media and on the website www.edenred.hu . If the Cardholder does not address any objection in writing until the date of entry into force of the amendment to the Contract, then the amendments shall be deemed as expressly accepted by the Cardholder. The Cardholder shall have the right to immediately terminate the Contract without any fee or charge payment liability or other payment liability until the entry into force of the amendments. After the amendment enters into force, the legal relationship between the Parties will be governed by the provisions of the amended GTC and those of the Contract.

14. TERMINATION AND SUSPENSION
14.1. If you are not entitled to use the Card any more for any reason, the Card will be blocked immediately and you will not be able to use the Available Balance any more.
14.2. We may terminate or suspend this Contract at any time:
14.2.1. with immediate effect (and until the settlement of the issue or the termination of the Contract) if you have breached these Cardholder GTC, used or intended to use the Card in an attributable, fraudulent manner or for illegal purposes or if we are unable to continue processing your Transactions due to the proceedings of third parties (extraordinary termination of contract).
14.3. Following the ordinary termination of the contract entered with the Client, the Issuer continues to ensure that the amount available to the Cardholders, credited prior to the termination of the legal relationship may be used until the date of expiry of the Card.
14.4. In the event of the extraordinary termination of the contract, you will not be able to use your Available Balance any more as of the day of the termination of the contract.
14.5. If in any of the above cases of termination or if you are not entitled to use the Card any more, all legal rights connected to the e-money and the Available Balance will remain in the ownership of the Issuer and will not be transferred to you.

15. THE PROGRAMME OWNER’S AND THE ISSUER’S LIABILITY
15.1. The following exceptions and restrictions apply to our liability in connection with this Contract (relating to damages arising in connection with the provisions of the Contract or otherwise – including negligence – the breach of statutory duties or other):
15.1.1. we assume no liability for any damages arising directly or indirectly from reasons beyond our control (including but not limited to the failure of network services and data processing systems);
15.1.2. we assume no liability for lost profit, loss of business or any indirect, consequential, special or punitive damage or loss;
15.1.3. if the Card is faulty due to our negligence, our liability will be limited to the replacement thereof; and
15.1.4. in any other event of our default, our liability will be limited to the reimbursement of the Available Balance on your Card.
15.2. No provision of this Contract may exclude or limit our liability for any deaths or personal injuries that occur due to our negligence or fraud.
15.3. We expressly exclude the conditions and warranties set out in law to the largest extent allowed by the law.
15.4. The exclusions and limitations of liability set out in Section 8 and this Section 15 are also applicable to any liability arising towards you in connection with this Contract on the side of our affiliated companies such as the Issuer, the Programme Owner, MasterCard International Incorporated and other suppliers, contractors, agents, distributors and the affiliates thereof.
15.5. You may settle any disputed issue arising in connection with your purchases made with the Card with the Merchant. Neither the Programme Owner nor the Issuer assumes liability for the quality, safety, legality or any other property of the goods and services purchased with the Card.

16. PROCESSING OF PERSONAL DATA / YOUR DATA
16.1. The Issuer as Data Controller shall process and use the personal data required in order to provide the Service under these GTC and acquired by it during the performance thereof in accordance the data protection regulations in force. The legal basis of the processing of data is the performance of the Contract [Article 6 (1) (b) of the GDPR].
16.2. Summary table of the Issuer’s and Programme Owner’s processing of personal data:

Summary of the processing of data concerning the Service provided by the Issuer to the Cardholder
Data Controller In the processing of personal data regarding the contract concluded between the Issuer and the Card Holder, the Programme Owner is the Processor.
The purposes of the processing Performance of Services specified in the Cardholder GTC
Legal basis of data processing The performance of the Contract concluded between the Issuer and the Cardholder [Article 6 (1) (b) of the GDPR]
Scope of the processed data Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (postal code, town, street, number); correspondence if other than residence (postal code, town, street, number); e-mail address; mobile phone number; amount to be credited; serial no. of card; Data of the transaction; habitual residence in Hungary if Data Subject is a foreigner; Account history; workplace address, bank account number
Term of data processing Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service)
Processors Edenred Magyarország Kft.: (registered office: H-1134 Budapest, Váci út 45.), purpose of data processing: Operation of systems relating to the provision of services and supporting activity.

Programming Pool Romania (registered office: Strada Transilvaniei 18A, Baia Mare, Romania), purpose of data processing: supply of software supporting services related to the Card, IT support

Idemia Hungary Kft. (registered office: Tó-Park, lot nr.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary), purpose of data processing: manufacturing of cards;

Y-Collective Kft. (registered office: H-7628 Pécs, Arany János u. 24., Hungary), purpose of data processing: extranet operation, processing of card orders, operation of website and Edenred Mobile Application; IT support activity

The Rocket Science Group LLC d/b/a MailChimp (registered office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA), purpose of data processing: data processing for advertising purposes – sending of newsletters: Sending of information e-mails concerning the Card services (system messages, amendment of the GTC, update of the Edenred Mobile application)

The summaries only serve the purpose of convenience, please read the full Privacy Note made available at the website www.edenred.hu

Summary of the processing of data by the Issuer concerning the Cardholders’ customer due diligence
Data Controller The Issuer is the PrePay Solutions Ltd. (member of the Edenred Group; registered office: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK)
The purposes of the processing Compliance with the obligation to perform customer due diligence and identification regarding the Cardholders
Legal basis of data processing Compliance with legal obligation [GDPR Article 6 (1) c)] and Sections 7–11 of the AML
Scope of the processed data Data Subject’s surname; forename; place and date of birth; permanent residence; correspondence if other than residence habitual residence in Hungary if Data Subject is a foreigner; Account history; Data Subject’s surname at birth; forename at birth; nationality, mother’s maiden name, habitual residence, type of ID document, number of ID document, photo
Term of data processing 8 years from the termination of the Service
Processors Edenred Magyarország Kft.: (registered office: H-1134 Budapest, Váci út 45.), purpose of data processing: contribution in the customer due diligence and identification activities.

Y-Collective Kft. (registered office: H-7628 Pécs, Arany János u. 24., Hungary), purpose of data processing: extranet operation, processing of card orders, operation of website and Edenred Mobile Application; IT support activity

 

The summaries only serve the purpose of convenience, please read the full Privacy Note made available at the website www.edenred.hu

Summary of the processing of data concerning the Programme Owner’s marketing / advertising activity
Data Controller Concerning the data processing regarding its marketing / advertising activity, the Programme Owner is the Data Controller.
The purposes of the processing Sending marketing / advertising messages to the Cardholder
Legal basis of data processing The Data Subject’s consent [Article 6 (1) (b) of the GDPR and Section 6(1) of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activities]. The consent may be withdrawn at any time
Scope of the processed data The Data Subject’s surname; forename; e-mail address; mobile phone number;
Term of data processing Until the consent is withdrawn
Processors Y-Shift Kft. (registered office: H-7636 Pécs Arany János utca 24., Magyarország) purpose of data processing: data processing for the purposes of advertising.

The Rocket Science Group LLC d/b/a MailChimp (registered office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA), purpose of data processing: data processing for advertising purposes – sending of newsletters

The summaries only serve the purpose of convenience, please read the full Privacy Note made available at the website www.edenred.hu

16.3. Should the Cardholder not provide the personal data essential for the provision of the Issuer’s services, then the Cardholder will not be able to use the Issuer’s services.
16.4. The Cardholder may contact the Programme Owner in order to ensure the enforcement of his rights with regard to the processing of his personal data by sending an electronic mail to either of the adatkezeles-hu@edenred.com dpo.hungary@edenred.com e-mail addresses.

17. GENERAL PROVISIONS
17.1. If we do not exercise or delay with exercising any right or legal remedy set out in this Contract, this shall not be considered as a waiver of that right or legal remedy or the exclusion of the later exercising of such right or legal remedy.
17.2. If any provision of this Contract is deemed unenforceable or illegal, this shall have no effect on the remaining provisions, provided that the unenforceable or illegal provision is not an essential part of the Terms.
17.3. You may not assign or transfer your rights and/or benefits arising from these General Terms and Conditions. Your liability will continue until all Cards issued to you are cancelled or expired, and you have paid all amounts payable under these GTC. We may assign our rights and benefits at any time without notifying you in writing. We may sub-contract any of our obligations arising from this Contract.
17.4. No third party that is not a party to these GTC shall have the right to enforce the provisions of this Contract, with the exception that Mastercard International Incorporated and its relevant affiliated companies shall be entitled to enforce any provision of this Contract that provides them any benefit or right, and the (legal) entities specified in Section 15.4 shall be entitled to enforce the contents of Section 15.
17.5. In the case of a legal dispute, the regular Hungarian Court competent according to the Programme Owner’s registered office shall have exclusive competence.

18. PROVISION OF INFORMATION AND COMMUNICATION
18.1. The language of the Contract is the Hungarian.
18.2. The Issuer provides the Cardholder who initiated the establishment of the Contract with information about the GTC and the fees, as well as any modifications or amendments made to these by means of a durable media and by disclosure on the website www.edenred.hu.
18.3. The Parties agree that the Issuer will send an account statement on the Transactions executed with the Card and the creditings to the Card once a month, by using durable media (i.e. in e-mail), as well as will make available all data related to the Transactions after their execution at the website www.edenred.hu and via the Edenred Mobile Application.
18.4. The Cardholder can obtain information about the amount of the Electronic Money available on his Card at any time by visiting the website www.edenred.hu or via the Edenred Mobile Application.
18.5. The Cardholder expressly agrees that, during the term of the Contract, the communication between him and the Issuer and the Programme Owner will take place by electronic means via the e-mail address provided by the Cardholder, and that they will regard this communication as valid and legally effective concerning the Contract, including any legal statements made in connection with the same.
18.6. The Parties agree to consider the e-mails as delivered on the second day following the sending of such e-mails.
18.7. The Issuer and the Programme Owner will send the notifications and statements to the Cardholder’s e-mail address entered during the course of the Cardholder’s registration at the website www.edenred.hu. The Issuer and the Programme Owner shall not be held liable for any damages arising from the failure to receive such notifications, including the case where the Cardholder entered an incorrect e-mail address or if the e-mail address no longer exists, or if the Cardholder has no longer access to the entered e-mail address.
18.8. The Cardholder can communicate with the Issuer via the Customer Service.

19. CONTACTS OF THE CUSTOMER SERVICE
19.1. If you need help or wish to report that your Card has been lost or stolen, call our Customer Service at the number +36 1 382 4000 in the business hours available on the website www.edenred.hu, or contact us by using the online interface also available on www.edenred.hu.
19.2. Lost or stolen Cards may be reported on the website www.edenred.hu 24 hours a day. Also here, you can use the function designed for the case where you forget your PIN code 24 hours a day.
19.3. Available Balance inquiry and Card Blocking are available to Cardholders 24 hours a day, call +36 1 382 4000.
19.4. If you have any difficulties using the Card, please contact our Customer Service or the Client.

Effective from 7 December 2018.

The Programme Owner may apply and charge the following fees and costs regarding the Services in cases specified in the Client GTC, and in the existence of the following circumstances.

1. Card Manufacturing and Delivering Charges
The fee of the manufacturing of the cards according to this table differs for each card, and the delivery fee shall be considered for packages.

Type of Card Card and Partner Card Fee Card replacement fee (Lost, damaged or expired cards) Delivery charge
Silver HUF 1000 + VAT HUF 1000 + VAT HUF 1590 + VAT
Gold HUF 1000 + VAT HUF 1000 + VAT HUF 1590 + VAT
Platinum HUF 1000 + VAT HUF 1000 + VAT HUF 1590 + VAT
Special cards to be specifically agreed to be specifically agreed HUF 1590 + VAT

 

2. Handling charges:• Cred

  • Creditingof the balance of a not yet activated Card (per the GTC):
    6% of the nominal value + VAT (but at least HUF 3000 + VAT). No crediting less than the minimum fee may be requested back.
  • Fee of transfer of balance between Cards per the GTC: The amount of the Administration Fee charged is HUF 1,000 + VAT / transfer / card.

3. Annual Card Fee
Shall be paid if the Client does not make any crediting to the (Partner) Card within 180 days after the Order per the GTC. Amount: 5000 HUF/card

Any fee and charge specified in this annex shall be considered in HUF. VAT shall be determined in accordance with applicable laws. The fees and charges specified in this annex are in force from 7 December 2018.

Edenred may automatically modify the amounts of the fees and charges included in this annex as of the first day of each year, by the average consumer price index annually published by the Hungarian Central Statistical Office, authoritative for the previous calendar year, which increase shall not exceed the 10 percent of the given fee. The change of the fees and amounts modified thereby shall be published on the Edenred website. Edenred reserves the right not to validate the indexing of the fee once or even several times, according to a separate agreement, concerning certain clients / client groups.