BitToro Card General Terms and Conditions

Personal Information

We carefully safeguard your personal data (the “Personal Information”) and, in particular, we are responsible for the security of sensitive cardholder data we process and transmit on your behalf, such as name, surname, personal identification number, date of birth, address, e-mail address, telephone number, facial image, live video recording, identity document data and a copy of the document, transaction data, PAN, expiry date, CVV, payment account number, IP address, citizenship, employment, public office, other applicable data required by money laundering and terrorist financing prevention legislation. Bittoro is the data controller of your Personal Information that you provide to us. If you wish to contact us about the processing of your Personal Information, please contact our Data Protection Officer . Subject to your explicit consent, we may transfer your Personal Information to third parties, also explaining the intended use of the transferred Personal Information. When you provide your consent to such transfer, the specified third party becomes the Data Controller of the Personal Information we transfer to them. You can withdraw your consent at any time using the App or the Website.

Your Personal Information will be processed for the purposes described in the Agreement, including for contractual reasons, in order to provide you with the Services e.g. to produce cards for use with the Account and to provide you with Account-related communications, for purposes where we have a legal right or a legal obligation including for tax and accounting reasons, or for fraud and money laundering detection and for marketing where you consent to this.

You have a right of access to your Personal Information and you can correct (rectify) that Personal Information at any time.

We will process the Personal Information which you provided to us during the registration process. The Personal Information you provide at registration is both a statutory requirement and necessary for us to enter into the Agreement. Providing your Personal Information to us is voluntary; if you do not provide us with the necessary information and documents, we will not be able to perform the Services. You have a right to ask us to restrict processing or to erase your Personal Information and where you make this request we will apply your instructions to any third parties who are processing your Personal Information on our behalf, and we will consider your request in the light of our legitimate interests. Where a request to erase Personal Information is received on behalf of a minor, we will take extra care to consider the impact on them of any decision we make.

You also have a right to object to the processing of your Personal Information, provided it is processed based on public interest or our legitimate interests. Furthermore, you may also ask us to provide your Personal Information in machine-readable form back to you, for onward sharing with another data controller or to provide this data to a third party for their use, at your direction.

Where you have given us your explicit consent for the processing of Personal Information, you also have the right to withdraw this consent at any time by contacting us . However, such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal was submitted.

If you feel your rights and freedoms in relation to processing your Personal Information have been infringed in any way, please let us know so that we can attempt to resolve the issue. The Personal Information also comes from your usage of the Card, including information about payments you make or receive, and from your other interactions with us, for example through social media, and, if it is compliant with the applicable law, from third parties such as credit reference agencies (who may check the Personal Information against other databases – public or private – to which they have access) or fraud prevention agencies.

Subject to your consent, we may also monitor or record telephone calls between you and us or capture images or video recordings during our interactions. We will use these recordings for risk management and fraud prevention purposes, to check your instructions to us, and for training and quality purposes.

If you give us Personal Information about other people including minors which we use to provide the Services, then you confirm that (i) you have ensured that they agree to our holding and use of that data or that you are otherwise allowed to give us this Information and consent on their behalf to our holding and use of it, and (ii) you have provided them with all the Information contained in this Policy, regarding the processing of personal data as required under the applicable law.

If you cancel or we decline your registration or you decide not to go ahead with it, we will keep the Personal Information for as long as we are allowed to under applicable law and for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

How we use the Personal Information

We use the Personal Information for security, identity verification, to communicate with you and to comply with the law.We may process the Personal Information abroad, within or outside the European Union, provided we comply with the applicable laws and regulations. Where we are sharing the Personal Information with organizations outside of the EEA, we will ensure they agree to apply equivalent levels of protection as we do. We use legal mechanisms, such as standard contractual clauses as indicated in General Data Protection Regulation (2016/679) art. 46 to implement the cross-border transfer of your personal data; or implement security measures like anonymization on the data before the cross border data transfer. For any inquiries on means that safeguards data transfer outside EU please contact us .

3.Open-BankingWe will transfer data to any entity who you authorize us to share information about your Account with, provided they are listed as a suitably authorized entity at the time of your request. We will rely upon your instructions to the third party to access your account information from us, as evidence of your consent to share your data.

Requirement to update your Personal Information

You must notify us immediately of any and all data and circumstances that have changed with regard to the data set out in the Agreement, or the documents submitted to us (e.g. changes in personal or contact details, residency or tax residency, loss or theft or other reason for change of an identity document) as well as of any and all circumstances that may affect the fulfilment of your obligations towards us (e.g. commencement of bankruptcy procedures of a natural person). We may request documentary evidence of the changes, which you must provide. This notification obligation applies even if the above changes have been made public (e.g. registered in a public register or published through the mass media). If you fail to fulfil the notification obligation, Bittoro is entitled to assume the correctness of the data at Bittoro’s disposal, unless otherwise prescribed in the jurisdiction of your residency.Notices and exchange of information

We may provide you with all information electronically via the Website, App, e-mail or mobile phone, unless otherwise established in the applicable laws. We are entitled to use third-party services for processing or delivering electronic notices and information to you.

If, in accordance with the applicable laws and/or this Agreement, you have the right to terminate the Agreement, you shall send the termination notification to support@bittoro.com

Unless otherwise stipulated by the applicable laws, any notice given by Bittoro must be considered to have been received if sent by e-mail or via the App or other electronic means of communication, on the day of technical dispatch.

Using the CardThe Card is a Mastercard bearer debit card. It is valid until its expiry date, which is visible on the front of the Card – or on the Card image accessible online for virtual cards and payment bands.To activate plastic cards please follow the instructions provided with the Card. Also, you must:- not allow anyone else to use your Card;- not reveal your PIN or the Code;- not write down your PIN, unless you do this in a way that would make it impossible for anyone else to recognise it;- delete the PIN from your mobile phone when you receive it;- only release the Card, card number, PIN or the Code to make (or try to make) a transaction with a merchant or ATM displaying the Mastercard® Acceptance Mark.You can use it at all locations that display the Mastercard Acceptance Mark: for purchases in physical stores – including contactless, and at automated teller machines (“ATM”) for cash withdrawals as well as for online and telephone purchases. You can also enrol it in Apple Pay and Google Pay. It allows you to receive cash-back when making purchases in physical stores, however it cannot be used for other cash transactions such as withdrawing cash from a bank and purchasing traveller’s cheques or foreign exchange from a bureau de change. Limits and fees apply.The Card is automatically registered for Mastercard Identity Check, to enhance security. When using your Card for online purchases, you may be required to enter on the merchant site a code (the “Code”) that will be sent to your mobile phone number or to authorise a transaction via the App.

In so far as this is not a result of our negligence, we will not be responsible nor liable for a retailer’s failure to or delay in accepting your Card nor for an ATM failing to issue cash. In these circumstances, we will not be liable for the way in which you are told about any refusal or delay.All transactions require authorisation. Authorisation is also your instruction for us to carry out a transaction. We will not normally authorise a transaction if the balance on your Card is insufficient to cover the transaction and any related transaction fee. If, for any reason whatsoever, you are able to make a transaction when there are insufficient funds on your Card (the “Shortfall”), we will seek reimbursement of the Shortfall from you immediately. You may ask us to provide you with information about transactions for up to 5 years from the date of the transaction.

For a contactless transaction:(a) below the limit applicable in the country where you are using the Card (“Contactless Limit”), which is outside the control of Bittoro, a transaction is deemed authorized upon transmission of the details of the Card that are required to execute the transaction, by placing the Card in the proximity of the device that allows for reading the data saved in the Card contactless module; and(b) In excess of the Contactless Limit, the transaction is deemed authorized by entry of the PIN number on the acceptance terminal. Please note that in certain countries contactless transactions with PIN are not available.In so far as this is not a result of our negligence, we are not obligated to authorise a transaction where a system problem occurs or events outside our reasonable control arise. In addition to that we are not obligated to authorise a transaction where we are concerned about misuse of your Card. We shall not be liable to you when a transaction is not authorised in these circumstances and/or if we cancel or suspend use of your Card.

If your Card is lost or stolen, or someone else finds out the PIN, or if you think your Card, card number, or PIN may be misused, you must:

-block the Card immediately calling us on +44 7863 503468 (we have a 24 hour service) so that we can block your Card;
-stop using the Card, card number or PIN immediately. We will block or restrict your Card or PIN on justified grounds relating to:
the security of your Card, card number or PIN. For example: when the wrong PIN is entered several times in a row;
-the suspected unauthorised or fraudulent use of your Card or PIN. For example: where we detect that another person uses your card, we consider activity suspicious or abnormal, etc. We will, if possible, inform you before blocking, or restricting your Card or PIN that we intend to do so and the reasons for doing this. If we are unable to do so, then we will inform you immediately afterwards. The requirement to inform you does not apply where it would compromise reasonable security measures or it would be unlawful to do so;
-AML transfer verification checks. In line with the mandatory requirements for the prevention of money laundering and terrorist financing, we have implemented an automatic account blocking system where algorithms check all transactions and block transfers (accounts) which our system considers suspicious (automatically). Upon receiving a system report of suspicious activity, our compliance team performs a manual check, during which our specialists thoroughly evaluate the automatically detected suspicious activity. At this stage, you may be asked to provide additional documents or explanations. The account is unblocked when the validity of the transfer is verified. In case the collected information does not dispel doubts about the validity of the transfer, we may close the account; situations where it is not possible for the supplier to obtain online authorisation to confirm that you have sufficient balance for the transaction. For example: transactions on certain trains, ships, and some in-flight purchases, andpurchases at service stations when the merchant verifies your PIN with us without providing the final amount of your purchase. A Card transaction will be regarded as authorised by you when you authorise the transaction by following the instructions provided by the merchant, retailer or ATM, which may include:

- entering your PIN or providing the Code;
- providing the Card details and/or any other details as requested;
- waving or swiping the Card over a card reader for the purpose of making a payment. When we suspect there may be an attempt to use your Card fraudulently, we may ask you to confirm a transaction prior to or after authorising it.

Authorisation for a transaction may not be withdrawn or revoked by you.You may demand from us the return of the amount of an authorized transaction initiated by or via the recipient, if such transaction was already executed while:

(a) the amount of the transaction was not determined precisely when it was being authorized; and
(b) the amount of the transaction is higher than the amount you could expect, taking account of the type and value of previous transactions, provisions of the Agreement and any significant circumstances of the case.

You may request such refund within 8 weeks from the date of the transaction.Using the Card in foreign currencies

If you make a payment with your Card in a currency different from the currency of the Card, the amounts will be converted by Mastercard on the date they process the transaction, using the exchange rate they use for all such currency conversions. This means the rate of exchange may differ from the rate on the date you made the card payment, if the payment is processed by the card scheme after that date. The foreign exchange rate used by Mastercard can be found on www.mastercard.co.uk/en-gb/consumers/get-support/convert-currency.html. We also charge a fee based on the payment amount, as shown in the Tariff Table.

Card terminals may offer you the option of seeing the payment amount or withdrawal in the currency of your Card or in a currency other than the cash withdrawal or purchase currency, and allow you to choose to pay that amount in that currency. The exchange rate used for this will generally be provided by the operator of the terminal or ATM, so it won’t be under our control and won’t be covered by our Tariff Table. Please check the exchange rate at the ATM, the terminal or with the respective operator before authorizing the transaction.As soon as practical after you make a Card transaction in foreign currency we will display as part of the transaction information we provide in the App or the Website, details of the amount of the conversion to the currency of your Card and how the exchange rate applied by us compares to reference rates published by the European Central Bank.
Restrictions on the functionality of your account. You may only use the Bittoro account to make purchases of goods and services, and to receive and send funds in accordance with applicable legislation and this Agreement.
If we have reasonable cause to believe that you have violated the requirements of this Agreement or applicable legislation, Bittoro may take measures to protect itself, its customers or third parties. In this case, Bittoro may, amongst other things, do the following:

- restrict, suspend or close access to your Bittoro Account or to any of its services;
- notify users who have mutual settlements with you, their bank, their issuer or law enforcement authorities;
- require you to update any incorrect or incomplete information that you have provided;
- cancel the Services (in which case we will give you notice in accordance with these terms).

Keeping your Card and Account safe. You must keep safe at all time your Card details – including PAN (the 16 digits number displayed on the front of the Card), expiry date, CVV (the 3 digits number, displayed on the back of the Card), PIN (Personal Identification Number), and any passwords and devices you use to access security details of the Card and/or Account by any method (together the “Personalised Security Features”). This also includes any Card details in e-wallets, on retailer’s websites or on devices such as mobile phones. If you have registered a Card on a device or within an e-wallet this will include passwords and security processes used to access your device or e-wallet (device ID, passcodes or passwords) and any fingerprints or other biometric or identification methods stored in your device. Please note that not all Personalized Security Features may be applicable to your Card.

We will never contact you to request any of your Personalised Security Features and we will not ask anyone else to do so on our behalf. If you receive such a request it is likely to be fraudulent and you must not supply any of your Personalised Security Features in any circumstances. You should report any such activity to us immediately. Treat emails received from senders claiming to be us with caution and be wary of emails asking you for any Personalised Security Features.

When you call us we may need to identify you, depending on the nature of your query. We may do this by asking for certain information (such as answers to questions) known only to you and requesting random digits of certain passcodes or passwords, but we would never ask you for a full PIN or passcode. You must not give these to anyone who asks for them, even if that person appears to be an official.

You are responsible for the quality, safety, legality or any other aspect of any goods or services that you buy with your Card. Any disputes about purchases or payments made with the Card must be settled with the goods or service provider concerned.If you become aware of the loss, theft or misappropriation of your Card or of its unauthorized use, call us straight away on +44 7863 503468.Balance and statements to view your available balance and transaction history please visit the Website or use the App, if available. By accepting the General Terms and Conditions you specifically agree not to receive paper statements.FeesYou must pay all relevant fees for the Services. The applicable fees are established in the Tariff Table which is available on the Website.Fees and other amounts payable by you shall be debited to the Account, unless otherwise specified in the Tariff Table.If there are no funds on the Account or if the funds are insufficient to cover the fees, other claims and your debts arising from the Agreement, we are entitled to suspend provision of the Services to you until such fees and indebtedness are covered. Notwithstanding the above, we will only charge applicable monthly fees until there is a positive balance on the Account and we will not charge uncollected monthly fees retroactively.We shall notify you of changes of the fees in the Tariff Table with 60 days’ prior notice, following the same procedure as provided in section “Changes to the Agreement” below.

If your Card is used without your permission, or is lost, stolen or if you think your Account may have been misused, we may ask you to write us within seven days to confirm the loss, theft or possible misuse at the Address. We may disclose to law enforcement agencies any inform ation which we reasonably believe may be relevant. If you believe you have been tricked into transferring money to the account of someone you don’t know or have transferred money in good faith from your Account but have not received the goods or services contracted for (the “Authorised Push Payment scams”), you can contact us and we will investigate for you and try to recover your money, however we will bear no liability save that which may be imposed upon us by applicable laws and regulations at the time of the Authorised Push Payment scam.