1. General

ReceiptHero Oy (“ReceiptHero”) has developed an open ReceiptHero ecosystem for receipts that enables the transmission of electronic receipts and thereto related services ("ReceiptHero Service").

These terms and conditions define the terms under which the ReceiptHero Service is integrated as part of the merchant’s cash register systems, payment services, applications or online store and according to which the merchant can provide electronic receipts to its customers who utilise the ReceiptHero Service.

2. Definitions

Merchant means a seller of goods/services that offers electronic receipts with the ReceiptHero Service and has a contractual relationship with ReceiptHero. Application Developer means an entity who processes electronic receipts transmitted by ReceiptHero and has a contractual relationship with ReceiptHero. Partner Application means an Application Developer's application that is integrated with the ReceiptHero Service. Application Developer's Customer means an Application Developer's customer who has no contractual relationship with ReceiptHero, but whose payment card data and electronic receipts are processed by ReceiptHero in accordance with the agreement between the Application Developer and ReceiptHero. Business Customer means both a company that utilises ReceiptHero as well as its representatives. Consumer means a consumer that uses the ReceiptHero Service. End User means both Business Customers and Consumers that have a contractual relationship with ReceiptHero.

3. Agreement

These terms and conditions, together with any other agreement documents separately agreed by ReceiptHero and the Merchant, form the entire agreement concerning the ReceiptHero Service between ReceiptHero and the Merchant ("Agreement").

The Agreement is concluded when the Merchant has approved the Agreement in writing or starts using the ReceiptHero Service, whichever occurs first. In case of conflicts between other agreement documents and these terms and conditions, the other agreement documents will prevail.

If a Merchant uses an application, which it wishes to turn into ReceiptHero's Partner Application, this must be separately agreed with ReceiptHero.

4. Integration, Authorisation, Identification Details, Excluded Partner Applications

The ReceiptHero Service will be integrated into the Merchant's cash register systems, payment services, applications or online store under a separate integration project ("Integration").

Integration will be carried out through the interfaces offered by ReceiptHero and in accordance with ReceiptHero's requirements and specifications.

To the extent that the Merchant uses the cash register systems or payment service solutions of ReceiptHero's co-operation partners (“Co-Operation Partner”, a list of Co-Operation Partners is available at ReceiptHero's website (https://getreceipthero.com) and in the ReceiptHero Service), the Merchant authorises ReceiptHero to perform the Integration on behalf of the Merchant. In other occasions, the Merchant executes the Integration at its own expense and in its desired schedule. The Merchant keeps ReceiptHero informed about the progress of the Integration and answers to ReceiptHero's questions regarding Integration without undue delay. The Merchant may begin to utilise the ReceiptHero Service when ReceiptHero has either approved the Integration or notified of the Integration's completion in writing.

As a part of the Integration, the Merchant shall provide ReceiptHero with all necessary identification details concerning the Merchant’s cash register systems, payment service solutions, acquirers, and other payment related relationships, systems and solutions (“Merchant Identification Information”). Alternatively, the Merchant may authorize ReceiptHero to acquire the Merchant Identification Information from third parties. The Merchant understands and acknowledges that accurate and upto-date Merchant Identification Information is essential to the operation and availability of the Integration as well as to the ReceiptHero Service. Accordingly, the Merchant shall promptly inform ReceiptHero of any upcoming changes to the Merchant Identification Information and shall aim not to implement any changes until ReceiptHero has had reasonable time to update the Merchant Identification Information accordingly. To the extent the changes in the Merchant Identification Information cannot be made known to ReceiptHero in advance, the Merchant shall provide the updated information as soon as possible and without delay if so requested by ReceiptHero. ReceiptHero assumes no liability whatsoever for the issues in the ReceiptHero Service insofar as they are caused by incorrect or outdated Merchant Identification Information.

Also, during the Integration, the Merchant shall notify ReceiptHero in writing of any such Partner Applications to which electronic receipts from the Merchant must not be transmitted. If no such notification has been made, and the parties have not separately agreed otherwise in writing at a later stage, ReceiptHero will transmit all electronic receipts from the Merchant, insofar as they concern End Users or Application Developer’s Customers and the same has been agreed with the End User and/or the Application Developer, to all current and future Partner Applications utilising the ReceiptHero Service. The list of Partner Applications is available at the ReceiptHero’s website and at the ReceiptHero Service.

5. Principal Tasks of the Merchant

The Merchant must, for their own part, maintain the Integration as well as the Merchant's cash register systems, payment services, applications, online store, operational environment and network connections that are necessary for the functioning of the ReceiptHero Service. Additionally, the Merchant is responsible for ensuring that its personnel is familiar with ReceiptHero's basic functions and operational guidelines and is committed to comply with the obligation of secrecy regarding the processing of personal data.

The Merchant is also responsible for its warranty or other obligations relating to the goods or services purchased by an End User as well as for complying with the laws and regulations relating to the provision of receipts at all times.

6. Maintenance of the ReceiptHero Service and Defects

ReceiptHero makes reasonable efforts to ensure that the ReceiptHero Service and its interfaces are available 24 hours per day every day of the year, excluding the development and service windows of which ReceiptHero endeavours to communicate well in advance.

In case the Merchant detects a fault or a defect in the ReceiptHero Service, it must notify ReceiptHero without delay, and upon ReceiptHero's request, to a reasonable extent participate in the resolving of the fault or defect with ReceiptHero and/or Application Developer.

7. Modifications

ReceiptHero may develop and modify the ReceiptHero Service. ReceiptHero has the right to modify these terms and conditions by informing of it at least 90 days in advance. If the Merchant uses the ReceiptHero Service thereafter, such use is considered to be an acceptance of the updated terms and conditions.

8. Marketing and References

After the Integration is completed, the Merchant will inform its customers of the implementation of the ReceiptHero Service.

During the term of the Agreement, the Merchant has the right to use trademarks referring to the ReceiptHero Service in accordance with good business practices.

ReceiptHero has the right to use the Merchant's name or logo as well as the parties' cooperation, based on this Agreement, as a reference in accordance with good business practices.

9. Charges and Expenses

The ReceiptHero Service, including any optional marketing or other value-added services provided by ReceiptHero to the Merchant, will be agreed separately between the Merchant and ReceiptHero. In addition, both parties are responsible for their own costs incurred in connection with this Agreement and its performance (including the cost of any equipment, software or network connections required to use the ReceiptHero Service), unless otherwise agreed in writing.

10. Data Protection

10.1 General

Data protection legislation shall mean applicable legislation and regulations relating to the processing of personal data including, the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR’) and any guidance or binding statutory codes of practice issued by any relevant supervisory authority as amended or updated from time to time (“Data Protection Regulation”).

Data protection related terms such as controller, processor, and personal data shall bear the meaning given to them in the GDPR.

ReceiptHero complies with data protection legislation in force in Finland.

ReceiptHero acts as the controller for its own customer’s, i.e. the End User’s electronic receipts and other personal data. The Application Developer acts as the controller for receipts and other personal data of the Application Developer's Customer, whereas ReceiptHero acts as the processor of the personal data. The Merchant acts as the controller and ReceiptHero as the processor for the personal data that concerns those receipts of the Merchant that do not relate to the End Users of ReceiptHero or the Application Developer's Customers (“Merchant's Other Customers”).

The Merchant may choose to implement the Integration in such a way that only receipts of ReceiptHero's End Users and Application Developer's Customer are delivered to ReceiptHero, in which case ReceiptHero will not process any receipts of the Merchant's Other Customers. The implementation of the integration in this way and the reimbursement of any costs arising therefrom shall be agreed separately between the Merchant and ReceiptHero. In the same context, the Merchant and ReceiptHero shall likewise separately agree upon the usage of any payment transaction data originating from ReceiptHero’s Co-Operation Partners and made available to Merchant for the purposes of the Integration.

10.2 Processing regarding personal data of the Merchant’s Other Customers

Insofar ReceiptHero processes personal data of the Merchant’s Other Customers to identify End Users among the information provided, the following shall apply regarding the personal data processing, provided the parties do not agree otherwise:

A. ReceiptHero's obligations and rights

1. ReceiptHero processes personal data only on behalf of the Merchant and in accordance with data protection legislation and the Agreement;

2. ReceiptHero wont carry out any transfer of personal data outside the EU/EEA area only in accordance with data protection legislation;

3. ReceiptHero processes personal data only in accordance with documented instructions provided by the Merchant, unless otherwise required by mandatory legislation applicable to ReceiptHero. This Agreement shall constitute documented instructions;

4. ReceiptHero ensures that persons entitled to process personal data are either committed to comply with the obligation of secrecy or are subject to an appropriate statutory obligation of secrecy;

5. ReceiptHero will take mandatory technical and organisational measures, such as security measures, concerning the processor to ensure the security of processing;

6. ReceiptHero assists the Merchant by appropriate technical and organisational measures, where possible, to fulfil the controller's obligation to respond to requests for the exercise of the rights of the data subject;

7. ReceiptHero assists the Merchant, at its request, to comply with the requirements of data protection legislation, which concern the Merchant, or to verify, or to demonstrate compliance by the Merchant with such requirements, and makes all information available to the Merchant that is necessary to act as a processor and to demonstrate compliance with the legislation;

8. ReceiptHero assists the Merchant to ensure that the obligations imposed on the Merchant as a controller regarding processing security, notification of data breaches to data subjects and authorities and conducting an impact assessment and the prior consultation relating to it are complied with as far as it concerns processing carried out by ReceiptHero, taking into account the nature of the processing and the information available to the processor;

9. ReceiptHero will delete or return, at the request of the Merchant, any personal data for which processing is no longer necessary after the end of the Agreement between the Merchant and ReceiptHero, unless otherwise required by mandatory legislation applicable to ReceiptHero;

10. ReceiptHero allows and participates in audits carried out by the Merchant or another authorised auditor of the Application Developer, such as examination;

11. ReceiptHero shall inform the Merchant without undue delay upon receipt of information about a personal data breach, or if it considers that the instructions given by the Merchant for the processing of personal data are unlawful;

12. ReceiptHero shall maintain a list of processors it uses as well as inform of new processors at the subprocessors page. The controller may object to the addition of new processors.

13. ReceiptHero shall be responsible towards the Merchant for any personal data processing activities carried out by the other processor engaged by ReceiptHero; and

14. ReceiptHero has the right to charge the Merchant for the measures mentioned above on an hourly basis based on its current price list.

B. The Merchant's obligations and rights

1. The Merchant must process personal data in compliance with applicable data protection laws and good data processing practices;

2. The Merchant may, at its expense, provide ReceiptHero with written instructions and necessary information regarding the processing of personal data;

3. The Merchant is responsible for all controller’s obligations under data protection legislation in relation to data subjects (including informing data subjects about the processing of personal data) and ReceiptHero, and also that its instructions on the processing of personal data are in accordance with data protection legislation;

4. The Merchant represents and warrants that it has the right to provide the personal data that it provides to ReceiptHero; and

5. The Merchant authorises ReceiptHero to process the personal data it has provided in accordance with these terms and conditions.

C. Instructions for the processing of personal data provided by the Merchant

1. ReceiptHero must process personal data solely in order to identify, among the personal data provided by the Merchant, the receipts of those customers that concern the End Users of ReceiptHero or Application Developer's Customers, so that ReceiptHero can process the receipts as agreed with the End User and/or Application Developer;

2. ReceiptHero shall delete all such personal data provided by the Merchant that ReceiptHero is not able to identify as concerning its End Users or Application Developer's Customers within five (5) working days from the date of receipt of the information from the Merchant, unless otherwise instructed by the Merchant under the Agreement (e.g. to provide the Merchant with reports of Merchant’s Other Customers’ purchases or receipt archiving services);

3. The personal data processed by ReceiptHero concerns the electronic receipts of the Merchant's Other Customers and the information contained by said receipts, such as the seller's contact details, purchases with prices and taxes, the time when the receipt was issued, the receipt identifier and the payment card used in connection with the purchase, as well as other customary information on the receipt; and

4. The personal data to be processed concern the receipts of all the customers of the Merchant.

   
   

10.3 Transfer of End Users’ data to ReceiptHero, possible processing of Transaction Data

The Merchant acts as the controller regarding the End users’ receipt data. After a certain receipt has been identified to belong to a ReceiptHero’s specific End user and the Merchant has transferred this data to ReceiptHero, ReceiptHero acts as an independent controller regarding this data. The Merchant, who has provided ReceiptHero with the data, is also an independent controller insofar it still processes the data for its own purposes.

The processing actions mentioned in this Section 10.3 apply to End users’ personal data that the Merchant has transferred to ReceiptHero. When transferring personal data to ReceiptHero, the Merchant may use the services of ReceiptHero’s Co-Operation Partners or other third parties acting on behalf of the Merchant.

Depending on the integration between the Merchant and ReceiptHero, ReceiptHero may provide or offer the Merchant access to its transaction data (“Transaction Data”), with which the Merchant (together with its service providers) carries out the identification of ReceiptHero’s End users or the customers of its co-operation partners and only provides ReceiptHero with receipts and other personal data that relate to these groups of people. Section 10.3 is also applied to such processing.

In case the Merchant receives Transaction Data from ReceiptHero, the Merchant may use the Transaction Data for the sole purpose of providing ReceiptHero with the receipt data corresponding to the transactions specified in the Transaction Data. In particular, the Merchant agrees not to, directly or indirectly:

1. share, disclose, resell, redistribute, lease, or sublicense any of the Transaction Data, or any information or data derived therefrom, to any other party for any purpose;

2. download, copy, recreate, modify, translate, reverse engineer, decompile, disassemble, create derivative works of, tamper or interfere with; or otherwise attempt to derive source code or other trade secrets from any Transaction Data;

3. use Transaction Data (even if such Transaction Data is aggregated or anonymized) for targeting, reporting, product features, profiling, analysing customer behaviour patterns, categorizing, or other marketing;

4. use Transaction Data for the specific purpose of promoting any products or services; or

5. use, combine or aggregate any Transaction Data with any other data.

The limitations of liability agreed in these Terms of Service do not apply to Merchant's contractual breaches regarding Transaction Data.

The Merchant may retain Transaction Data from ReceiptHero only for so long as is necessary for Merchant to comply with responsibilities laid out in these Terms of Service, and in no event longer than six (6) months after the receipt of Transaction Data from ReceiptHero.

A. Disclosure and processing of the personal data

Both parties as controllers shall commit to complying with the obligations incumbent on them pursuant to the data protection legislation regarding the processing of personal data. What is said in under this Section 10.3 shall not apply to the processing of personal data acquired by a party for its own purposes from a third party and not the other party to these Terms of Service.

The party disclosing personal data shall:

1. Only disclose personal data for the purpose of exercising its rights and fulfilling its obligations pursuant to the Agreement, or for purposes otherwise agreed in writing between the parties ("Permitted Purposes"),

2. Ensure that it has (i) delivered to data subject the appropriate information concerning disclosure of personal data to a data recipient or to an appropriate group of data recipients; and (ii) obtained the consents or authorisations required for data recipient to be allowed to freely process the personal data for the Permitted Purposes, and

3. Disclose personal data in special categories of personal data to a data recipient only when it is necessary for the Permitted Purposes and only when data discloser has obtained the specific consent of data subject in advance, or proven (in a way satisfactory to data recipient) that there are legal grounds for such disclosure.

When a party receives personal data from the other party, it must:

1. Not process personal data for any other than the Permitted Purposes (except to comply with the requirements of applicable legislation);

2. Not process personal data for any longer than is necessary for the Permitted Purposes (except to comply with the requirements of applicable legislation); and

3. Moreover, the party shall, considering relevant technology and its implementation costs, the nature and extent of the processing, the context and purposes and the probability and severity of risks to the rights and freedoms of natural persons, put in place the appropriate technical and organisational protective measures to ensure a level of security commensurate with the risks and measures agreed in these Terms of Service , to protect personal data from illicit or illegal processing and from accidental loss, destruction or damage

Unless otherwise agreed between ReceiptHero and the Merchant, ReceiptHero is permitted to process the personal data received from Merchant:

1. to provide and transmit electronic receipts between various stakeholders as agreed in further detail between the End Users, Merchants and Application Developers;

2. for any purposes that are in compliance with ReceiptHero's Privacy Policy, as amended from time to time; and

3. for any other purposes for which the data subject in question has provided its explicit consent or for which there exists another lawful ground to process the personal data.

For clarity, the use cases meant above shall be deemed Permitted Purposes.

B. Data breaches and security in disclosing personal data

In case of a personal data breach, data recipient shall notify data discloser without undue delay.

Either party shall, if the other party so requests, co-operate within reason in submitting reports to the supervisory authority, and possibly data subjects, concerning the personal data breach.

Data discloser shall be responsible for the data protection of personal data to the extend the said data are in the possession of data discloser. Data recipient shall be responsible for the data protection of personal data to the extend the said data are in the possession of data recipient.

C. Co-operation and mutual assistance between the Parties

Either party shall, if the other party so requests, co-operate within reason with the other party in matters concerning:

1. Data subject’s requests;

2. Other contact requests from data subject regarding the processing of his/her personal data; and

3. Contacts requests and communication from the supervisory authority regarding the processing of the personal data or compliance with the data protection legislation.

11. Data Security

ReceiptHero implements customary data security policies, such as the encryption or hashing of transmitted data and limited backups. ReceiptHero has the right to temporarily disable access to ReceiptHero Service, if (i) the Merchant, or the devices or software used by the Merchant, potentially endanger the data security of the ReceiptHero Service or third parties, or if (ii) a serious information security threat is directed at the ReceiptHero Service.

The Merchant shall, within 24 hours of becoming aware of, notify ReceiptHero of any complaint or request made by a data subject, a regulator or any other person requesting access to any data within the scope of this Agreement, including but not limited to personal data.

The Merchant shall, within 24 hours of becoming aware of, notify ReceiptHero of any breach of data within the scope of this Agreement, including but not limited to personal data.

The notifications meant above shall be made to privacy@receipthero.io.

12. Intellectual Property Rights

ReceiptHero or its licensors own all intellectual property rights to the ReceiptHero Service (including copyright, databases, trademarks, design rights, patents, utility models, domain names and the applications for such).

The Merchant may utilise the ReceiptHero Service only in accordance with the Agreement and for the term of the Agreement. The Merchant acknowledges and agrees that the ReceiptHero Service and its background software contain ReceiptHero's and third parties' business secrets, such as the source code of the software, the specific design of the software components, structural formula and logics, programming techniques and related documents. Copying, dismantling, inspecting or reverse engineering of ReceiptHero Service or its background software is prohibited.

In case a third party claims that the ReceiptHero Service infringes its intellectual property rights, ReceiptHero has the right (i) to acquire the necessary licences in order to continue the provision of the ReceiptHero Service, (ii) modify the ReceiptHero Service in order to eliminate the infringement or (iii) terminate the Agreement with immediate effect. ReceiptHero does not have any other responsibilities or obligations in such situations.

13. Confidentiality

The parties agree to keep confidential any material and information received from the other party, which have been marked as confidential or have to be understood to be confidential, including such material originating from the Co-Operation Partners of ReceiptHero ("Confidential Information").

Confidential information is not deemed to be information that (i) is generally available or otherwise public, (ii) is received from a third party without a confidentiality obligation, (iii) was in the possession of the receiving party, with no confidentiality obligation applicable, before receiving it from the other party, or (iv) the other party has independently developed without utilising the other party's Confidential Information.

The parties agree not to use Confidential Information for any other purposes than those specified in the Agreement and for those only for the term of the Agreement. The parties shall use the same care and protection in respect of Confidential Information as employed in respect of their own information of a similar nature, however, in no event less than a reasonable degree of care.

Parties shall further establish and maintain safeguards against the unauthorised access, destruction, loss or alteration of Confidential Information. Each party shall promptly notify the other of any breach or potential breach of security relating to the Confidential Information and investigate and remediate the effects of such breach or potential breach.

After the Agreement has expired, the parties must return any Confidential Information received from the other party without delay or verifiably destroy them.

Parties shall ensure that their employees will comply with the confidentiality obligations under this Section 13.

The obligations defined in this section 13 will be in force for the term of the Agreement and in any case for the duration of three (3) years from the disclosure of the Confidential Information, even if the Agreement was to expire earlier. This section does not limit a party's statutory responsibilities relating to business or trade secrets.

Notwithstanding this section 13, a party has the right to use the data collected via the use of the ReceiptHero Service in its own business operations and disclose to third parties or otherwise publish the said data, provided that the data is anonymised or otherwise used in a form that does not endanger the protection of a party's Confidential Information. However, section 10 will always be applied to End Users' transactional and personal data.

14. No Warranties, Limitations of Liability

The Merchant utilises the ReceiptHero Service at its own risk. To the extent permitted by compelling legislation, the ReceiptHero Service is offered "as is" without any warranties regarding its availability, usability, accuracy or applicability for certain purposes.

ReceiptHero is not liable for direct or indirect damages, such as loss of data or its recreation, loss of profit or interest, decrease of revenue, harm to reputation, cover purchases, third party injuries or other unforeseeable damages.

15. Term of the Agreement

This Agreement is in force until further notice. Both parties have the right to terminate the Agreement for convenience with a 6 months' notice period. The terms of the Agreement shall be complied with during the notice period.

Each party has the right to terminate the Agreement for cause with immediate effect, if (i) the other party has materially breached the Agreement and it has not corrected its behaviour within 14 days after receiving the other party's written notification of a contract breach, or if (ii) the other party goes bankrupt, is placed in corporate debt reorganisation or otherwise becomes unable to meet its responsibilities under the Agreement.

16. Force Majeure

A party is not responsible for delay or damage that is due to an obstacle outside of the influence of a party, and which a party could not reasonably have been expected to take into consideration at the time of entering into the Agreement, and the consequences of which the party could not reasonably prevent or overcome, and due to which the fulfilment of the party's obligations or responsibilities becomes unreasonably difficult or impossible ("Force majeure"). A Force majeure is, for example, war, demonstration, labour dispute, strike, industrial action, fire, natural disaster, communications disruption or other similar event. A party has a right to terminate this Agreement with immediate effect if a Force majeure has had an impact or will have an impact to the fulfilment of the Agreement for at least 30 days.

17. Other terms

Applicable law and dispute resolution. Laws of Finland shall be applied to the Agreement. Disputes arising from or in connection with the Agreement will be first and foremost solved by negotiations between the parties. If no satisfactory conclusion for both parties is reached within 60 days of the commencement of the negotiations, the matter shall be solved in Finland, at the District Court of Pirkanmaa as a first instance.

Transfer of the Agreement, subcontracting. A party has the right to assign the Agreement, in whole or in part, to a third party to whom the business activities described in the Agreement are transferred to, or to a company belonging in the same group of companies. In other circumstances the transfer of the Agreement requires the written consent of the other party. A party has a right to use subcontractors in fulfilling this Agreement. A party is responsible for the actions of its subcontractors as for its own.

Partial invalidity. If any provision of this Agreement is later found to be void or invalid by a final judgment of a competent court of law or by another authority, such invalidity will not invalidate the entire Agreement, but the Agreement remains in force in all other respects. The parties agree that a void or invalid term will be replaced by a corresponding term agreed by both parties and the purpose of such a term shall be as equivalent as possible to the economic objectives of the void or invalid term.

Audits. The Merchant shall allow ReceiptHero or its Co-Operation Partners to conduct audits of the Merchant’s facilities, systems, procedure, practices, operations, books and records relating to the Merchant’s obligations and activities under this Agreement to determine the Merchant’s compliance with this Agreement, including, without limitation, with respect to Merchant’s confidentiality and security obligations under this Agreement, compliance with applicable laws. Such audit will occur during normal business hours of the Merchant.

Insurance. The Merchant shall procure and maintain, at its own cost, during the Agreement and one (1) year thereafter insurance policies that are appropriate and sufficient to cover the Merchant’s liabilities under the Agreement.