Terms & Conditions for Merchants
ReceiptHero Oy (“ReceiptHero”) has developed an open ReceiptHero ecosystem for receipts that enables the transmission of electronic receipts and thereto related services ("ReceiptHero Service").
These terms and conditions define the terms under which the ReceiptHero Service is integrated as part of the merchant’s cash register systems, payment services, applications or online store and according to which the merchant can provide electronic receipts to its customers who utilise the ReceiptHero Service.
Merchant means a seller of goods/services that offers electronic receipts with the ReceiptHero Service and has a contractual relationship with ReceiptHero. Application Developer means an entity who processes electronic receipts transmitted by ReceiptHero and has a contractual relationship with ReceiptHero. Partner Application means an Application Developer's application that is integrated with the ReceiptHero Service. Application Developer's Customer means an Application Developer's customer who has no contractual relationship with ReceiptHero, but whose payment card data and electronic receipts are processed by ReceiptHero in accordance with the agreement between the Application Developer and ReceiptHero. Business Customer means both a company that utilises ReceiptHero as well as its representatives. Consumer means a consumer that uses the ReceiptHero Service. End User means both Business Customers and Consumers that have a contractual relationship with ReceiptHero.
These terms and conditions, together with any other agreement documents separately agreed by ReceiptHero and the Merchant, form the entire agreement concerning the ReceiptHero Service between ReceiptHero and the Merchant ("Agreement").
The Agreement is concluded when the Merchant has approved the Agreement in writing or starts using the ReceiptHero Service, whichever occurs first. In case of conflicts between other agreement documents and these terms and conditions, the other agreement documents will prevail.
If a Merchant uses an application, which it wishes to turn into ReceiptHero's Partner Application, this must be separately agreed with ReceiptHero.
4. Integration, Authorisation, Identification Details, Excluded Partner Applications
The ReceiptHero Service will be integrated into the Merchant's cash register systems, payment services, applications or online store under a separate integration project ("Integration").
Integration will be carried out through the interfaces offered by ReceiptHero and in accordance with ReceiptHero's requirements and specifications.
To the extent that the Merchant uses the cash register systems or payment service solutions of ReceiptHero's co-operation partners (“Co-Operation Partner”, a list of Co-Operation Partners is available at ReceiptHero's website ([l]https://getreceipthero.com/) and in the ReceiptHero Service), the Merchant authorises ReceiptHero to perform the Integration on behalf of the Merchant. In other occasions, the Merchant executes the Integration at its own expense and in its desired schedule. The Merchant keeps ReceiptHero informed about the progress of the Integration and answers to ReceiptHero's questions regarding Integration without undue delay. The Merchant may begin to utilise the ReceiptHero Service when ReceiptHero has either approved the Integration or notified of the Integration's completion in writing.
As a part of the Integration, the Merchant shall provide ReceiptHero with all necessary identification details concerning the Merchant’s cash register systems, payment service solutions, acquirers, and other payment related relationships, systems and solutions (“Merchant Identification Information”). Alternatively, the Merchant may authorize ReceiptHero to acquire the Merchant Identification Information from third parties. The Merchant understands and acknowledges that accurate and upto-date Merchant Identification Information is essential to the operation and availability of the Integration as well as to the ReceiptHero Service. Accordingly, the Merchant shall promptly inform ReceiptHero of any upcoming changes to the Merchant Identification Information and shall aim not to implement any changes until ReceiptHero has had reasonable time to update the Merchant Identification Information accordingly. To the extent the changes in the Merchant Identification Information cannot be made known to ReceiptHero in advance, the Merchant shall provide the updated information as soon as possible and without delay if so requested by ReceiptHero. ReceiptHero assumes no liability whatsoever for the issues in the ReceiptHero Service insofar as they are caused by incorrect or outdated Merchant Identification Information.
Also, during the Integration, the Merchant shall notify ReceiptHero in writing of any such Partner Applications to which electronic receipts from the Merchant must not be transmitted. If no such notification has been made, and the parties have not separately agreed otherwise in writing at a later stage, ReceiptHero will transmit all electronic receipts from the Merchant, insofar as they concern End Users or Application Developer’s Customers and the same has been agreed with the End User and/or the Application Developer, to all current and future Partner Applications utilising the ReceiptHero Service. The list of Partner Applications is available at the ReceiptHero’s website and at the ReceiptHero Service.
5. Principal Tasks of the Merchant
The Merchant must, for their own part, maintain the Integration as well as the Merchant's cash register systems, payment services, applications, online store, operational environment and network connections that are necessary for the functioning of the ReceiptHero Service. Additionally, the Merchant is responsible for ensuring that its personnel is familiar with ReceiptHero's basic functions and operational guidelines and is committed to comply with the obligation of secrecy regarding the processing of personal data.
The Merchant is also responsible for its warranty or other obligations relating to the goods or services purchased by an End User as well as for complying with the laws and regulations relating to the provision of receipts at all times.
6. Maintenance of the ReceiptHero Service and Defects
ReceiptHero makes reasonable efforts to ensure that the ReceiptHero Service and its interfaces are available 24 hours per day every day of the year, excluding the development and service windows of which ReceiptHero endeavours to communicate well in advance.
In case the Merchant detects a fault or a defect in the ReceiptHero Service, it must notify ReceiptHero without delay, and upon ReceiptHero's request, to a reasonable extent participate in the resolving of the fault or defect with ReceiptHero and/or Application Developer.
ReceiptHero may develop and modify the ReceiptHero Service. ReceiptHero has the right to modify these terms and conditions by informing of it at least 90 days in advance. If the Merchant uses the ReceiptHero Service thereafter, such use is considered to be an acceptance of the updated terms and conditions.
8. Marketing and References
After the Integration is completed, the Merchant will inform its customers of the implementation of the ReceiptHero Service.
During the term of the Agreement, the Merchant has the right to use trademarks referring to the ReceiptHero Service in accordance with good business practices.
ReceiptHero has the right to use the Merchant's name or logo as well as the parties' cooperation, based on this Agreement, as a reference in accordance with good business practices.
9. Charges and Expenses
The ReceiptHero Service, including any optional marketing or other value-added services provided by ReceiptHero to the Merchant, will be agreed separately between the Merchant and ReceiptHero. In addition, both parties are responsible for their own costs incurred in connection with this Agreement and its performance (including the cost of any equipment, software or network connections required to use the ReceiptHero Service), unless otherwise agreed in writing.
10. Data Protection
Data protection legislation shall mean applicable legislation and regulations relating to the processing of personal data including, the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR’) and any guidance or binding statutory codes of practice issued by any relevant supervisory authority as amended or updated from time to time (“Data Protection Regulation”).
Data protection related terms such as controller, processor, and personal data shall bear the meaning given to them in the GDPR.
ReceiptHero complies with data protection legislation in force in Finland.
ReceiptHero acts as the controller for its own customer’s, i.e. the End User’s electronic receipts and other personal data. The Application Developer acts as the controller for receipts and other personal data of the Application Developer's Customer, whereas ReceiptHero acts as the processor of the personal data. The Merchant acts as the controller and ReceiptHero as the processor for the personal data that concerns those receipts of the Merchant that do not relate to the End Users of ReceiptHero or the Application Developer's Customers (“Merchant's Other Customers”).
The Merchant may choose to implement the Integration in such a way that only receipts of ReceiptHero's End Users and Application Developer's Customer are delivered to ReceiptHero, in which case ReceiptHero will not process any receipts of the Merchant's Other Customers. The implementation of the integration in this way and the reimbursement of any costs arising therefrom shall be agreed separately between the Merchant and ReceiptHero. In the same context, the Merchant and ReceiptHero shall likewise separately agree upon the usage of any payment transaction data originating from ReceiptHero’s Co-Operation Partners and made available to Merchant for the purposes of the Integration.
10.2 Processing regarding personal data of the Merchant’s Other Customers
Insofar ReceiptHero processes personal data of the Merchant’s Other Customers to identify End Users among the information provided, the following shall apply regarding the personal data processing, provided the parties do not agree otherwise:
A. ReceiptHero's obligations and rights
ReceiptHero processes personal data only on behalf of the Merchant and in accordance with data protection legislation and the Agreement;
ReceiptHero wont carry out any transfer of personal data outside the EU/EEA area only in accordance with data protection legislation;
ReceiptHero processes personal data only in accordance with documented instructions provided by the Merchant, unless otherwise required by mandatory legislation applicable to ReceiptHero. This Agreement shall constitute documented instructions;
ReceiptHero ensures that persons entitled to process personal data are either committed to comply with the obligation of secrecy or are subject to an appropriate statutory obligation of secrecy;
ReceiptHero will take mandatory technical and organisational measures, such as security measures, concerning the processor to ensure the security of processing;
ReceiptHero assists the Merchant by appropriate technical and organisational measures, where possible, to fulfil the controller's obligation to respond to requests for the exercise of the rights of the data subject;
ReceiptHero assists the Merchant, at its request, to comply with the requirements of data protection legislation, which concern the Merchant, or to verify, or to demonstrate compliance by the Merchant with such requirements, and makes all information available to the Merchant that is necessary to act as a processor and to demonstrate compliance with the legislation;
ReceiptHero assists the Merchant to ensure that the obligations imposed on the Merchant as a controller regarding processing security, notification of data breaches to data subjects and authorities and conducting an impact assessment and the prior consultation relating to it are complied with as far as it concerns processing carried out by ReceiptHero, taking into account the nature of the processing and the information available to the processor;
ReceiptHero will delete or return, at the request of the Merchant, any personal data for which processing is no longer necessary after the end of the Agreement between the Merchant and ReceiptHero, unless otherwise required by mandatory legislation applicable to ReceiptHero;
ReceiptHero allows and participates in audits carried out by the Merchant or another authorised auditor of the Application Developer, such as examination;
ReceiptHero shall inform the Merchant without undue delay upon receipt of information about a personal data breach, or if it considers that the instructions given by the Merchant for the processing of personal data are unlawful;
ReceiptHero shall maintain a list of processors it uses as well as inform of new processors at the subprocessors page. The controller may object to the addition of new processors.
ReceiptHero shall be responsible towards the Merchant for any personal data processing activities carried out by the other processor engaged by ReceiptHero; and
ReceiptHero has the right to charge the Merchant for the measures mentioned above on an hourly basis based on its current price list.
B. The Merchant's obligations and rights
The Merchant must process personal data in compliance with applicable data protection laws and good data processing practices;
The Merchant may, at its expense, provide ReceiptHero with written instructions and necessary information regarding the processing of personal data;
The Merchant is responsible for all controller’s obligations under data protection legislation in relation to data subjects (including informing data subjects about the processing of personal data) and ReceiptHero, and also that its instructions on the processing of personal data are in accordance with data protection legislation;
The Merchant represents and warrants that it has the right to provide the personal data that it provides to ReceiptHero; and
The Merchant authorises ReceiptHero to process the personal data it has provided in accordance with these terms and conditions.
C. Instructions for the processing of personal data provided by the Merchant
ReceiptHero must process personal data solely in order to identify, among the personal data provided by the Merchant, the receipts of those customers that concern the End Users of ReceiptHero or Application Developer's Customers, so that ReceiptHero can process the receipts as agreed with the End User and/or Application Developer;
ReceiptHero shall delete all such personal data provided by the Merchant that ReceiptHero is not able to identify as concerning its End Users or Application Developer's Customers within five (5) working days from the date of receipt of the information from the Merchant, unless otherwise instructed by the Merchant under the Agreement (e.g. to provide the Merchant with reports of Merchant’s Other Customers’ purchases or receipt archiving services);
The personal data processed by ReceiptHero concerns the electronic receipts of the Merchant's Other Customers and the information contained by said receipts, such as the seller's contact details, purchases with prices and taxes, the time when the receipt was issued, the receipt identifier and the payment card used in connection with the purchase, as well as other customary information on the receipt; and
The personal data to be processed concern the receipts of all the customers of the Merchant.
10.3 Transfer of End Users’ data to ReceiptHero, possible processing of Transaction Data
The Merchant acts as the controller regarding the End users’ receipt data. After a certain receipt has been identified to belong to a ReceiptHero’s specific End user and the Merchant has transferred this data to ReceiptHero, ReceiptHero acts as an independent controller regarding this data. The Merchant, who has provided ReceiptHero with the data, is also an independent controller insofar it still processes the data for its own purposes.
The processing actions mentioned in this Section 10.3 apply to End users’ personal data that the Merchant has transferred to ReceiptHero. When transferring personal data to ReceiptHero, the Merchant may use the services of ReceiptHero’s Co-Operation Partners or other third parties acting on behalf of the Merchant.
Depending on the integration between the Merchant and ReceiptHero, ReceiptHero may provide or offer the Merchant access to its transaction data (“Transaction Data”), with which the Merchant (together with its service providers) carries out the identification of ReceiptHero’s End users or the customers of its co-operation partners and only provides ReceiptHero with receipts and other personal data that relate to these groups of people. Section 10.3 is also applied to such processing.
In case the Merchant receives Transaction Data from ReceiptHero, the Merchant may use the Transaction Data for the sole purpose of providing ReceiptHero with the receipt data corresponding to the transactions specified in the Transaction Data. In particular, the Merchant agrees not to, directly or indirectly:
share, disclose, resell, redistribute, lease, or sublicense any of the Transaction Data, or any information or data derived therefrom, to any other party for any purpose;
download, copy, recreate, modify, translate, reverse engineer, decompile, disassemble, create derivative works of, tamper or interfere with; or otherwise attempt to derive source code or other trade secrets from any Transaction Data;
use Transaction Data (even if such Transaction Data is aggregated or anonymized) for targeting, reporting, product features, profiling, analysing customer behaviour patterns, categorizing, or other marketing;
use Transaction Data for the specific purpose of promoting any products or services; or
use, combine or aggregate any Transaction Data with any other data.
The limitations of liability agreed in these Terms of Service do not apply to Merchant's contractual breaches regarding Transaction Data.
The Merchant may retain Transaction Data from ReceiptHero only for so long as is necessary for Merchant to comply with responsibilities laid out in these Terms of Service, and in no event longer than six (6) months after the receipt of Transaction Data from ReceiptHero.
A. Disclosure and processing of the personal data
Both parties as controllers shall commit to complying with the obligations incumbent on them pursuant to the data protection legislation regarding the processing of personal data. What is said in under this Section 10.3 shall not apply to the processing of personal data acquired by a party for its own purposes from a third party and not the other party to these Terms of Service.
The party disclosing personal data shall:
Only disclose personal data for the purpose of exercising its rights and fulfilling its obligations pursuant to the Agreement, or for purposes otherwise agreed in writing between the parties ("Permitted Purposes"),
Ensure that it has (i) delivered to data subject the appropriate information concerning disclosure of personal data to a data recipient or to an appropriate group of data recipients; and (ii) obtained the consents or authorisations required for data recipient to be allowed to freely process the personal data for the Permitted Purposes, and
Disclose personal data in special categories of personal data to a data recipient only when it is necessary for the Permitted Purposes and only when data discloser has obtained the specific consent of data subject in advance, or proven (in a way satisfactory to data recipient) that there are legal grounds for such disclosure.
When a party receives personal data from the other party, it must:
Not process personal data for any other than the Permitted Purposes (except to comply with the requirements of applicable legislation);
Not process personal data for any longer than is necessary for the Permitted Purposes (except to comply with the requirements of applicable legislation); and
Moreover, the party shall, considering relevant technology and its implementation costs, the nature and extent of the processing, the context and purposes and the probability and severity of risks to the rights and freedoms of natural persons, put in place the appropriate technical and organisational protective measures to ensure a level of security commensurate with the risks and measures agreed in these Terms of Service , to protect personal data from illicit or illegal processing and from accidental loss, destruction or damage
Unless otherwise agreed between ReceiptHero and the Merchant, ReceiptHero is permitted to process the personal data received from Merchant:
to provide and transmit electronic receipts between various stakeholders as agreed in further detail between the End Users, Merchants and Application Developers;
for any other purposes for which the data subject in question has provided its explicit consent or for which there exists another lawful ground to process the personal data.
For clarity, the use cases meant above shall be deemed Permitted Purposes.
B. Data breaches and security in disclosing personal data
In case of a personal data breach, data recipient shall notify data discloser without undue delay.
Either party shall, if the other party so requests, co-operate within reason in submitting reports to the supervisory authority, and possibly data subjects, concerning the personal data breach.
Data discloser shall be responsible for the data protection of personal data to the extend the said data are in the possession of data discloser. Data recipient shall be responsible for the data protection of personal data to the extend the said data are in the possession of data recipient.
C. Co-operation and mutual assistance between the Parties
Either party shall, if the other party so requests, co-operate within reason with the other party in matters concerning:
Data subject’s requests;
Other contact requests from data subject regarding the processing of his/her personal data; and
Contacts requests and communication from the supervisory authority regarding the processing of the personal data or compliance with the data protection legislation.