E-Admin Terms and Conditions Administrator Is Appointed by the Login Credentials Company, Is Responsible for E-Admin Temporary Password and User ID

E-admin Terms and Conditions administrator is appointed by the Login Credentials Company, is responsible for e-admin Temporary password and User ID. 2020/04 within the Company and will be the contact person that Eurocard sends PCI DSS 1. Introduction information regarding e-admin to. The The Payment Card Industry Data Security E-admin is Eurocard's online system for super administrator is able to access all Standard (PCI DSS) is a widely accepted the administration of Cards and Accounts. functions and modules that the Company set of policies and procedures intended to has been granted access to and has optimize the security of credit, debit and E-admin offers a number of different immediate access to all Cards and cash card transactions and protect functions that the Company has Accounts connected to the Company in e- cardholders against misuse of their immediate access to, as well as a number admin. Super administrators also have the personal information. Websites of the PCI of optional modules that the Company right to appoint new administrators and Security Standards Council, (www. pcisecuritystandards.org) include can request access to. update and delete administrators’ access rights. A super administrator is not instructions and information concerning The Company has access to the following allowed to appoint new super safe handling of card data. functions in e-admin: administrators. Temporary password Card An eight-digit OTP (One-Time Password) • View Cards and Accounts Refers to Eurocard Corporate cards with sent to the Administrator’s mobile phone • Apply for and close Cards and the exception of Eurocard Corporate Limit number . The OTP is used in combination Accounts cards. It is a physical card to be used for with the User ID and registered mobile • Reconciliation of payments, payment of business expenses. phone number to access certain functions invoices and transactions and modules in e-admin. Cardholder

Refers to a person in whose name a Card Travel Account The Company can also choose to add the 1 has been issued. Travel Account (TAC) is a solution that following modules : handles invoices and is offered by SEB Company Kort Bank AB (Diners Club). The system is

• Administration module Refers to the legal entity that has applied built on a co-operation between the travel

• Flexible limit module for and been granted access to e-admin. agency, the Company, the travel provider

• Eurocard Single-Use Account Eurocard and Diners Club. All related travel module Refers to whichever of SEB Kort Bank AB expenses will be booked on a specific

• File Download module (in Sweden), SEB Kort Bank, Oslofilialen (in account. Some options in e-admin, e.g.

• Statistics module Norway), SEB Kort Bank, Denmark, branch limiting and the possibility to apply for a of SEB Kort Bank AB (in Denmark) or SEB new account, are not available for the 2. Parties to the agreement Kort Bank AB, Helsinki branch (in Finland), Travel Account. The parties to this agreement are who is the issuer of the relevant Cards User ID Eurocard and the Company. and Accounts. A six-digit code used by the Administrator This agreement consists of the Company’s Eurocard Purchasing Account to access e-admin. The code is sent to the application for access to e-admin, these e- An account with a card number issued to Administrator in an e-mail once Eurocard admin Terms and Conditions and pricelist, the Company for internet or other has registered the Administrator. as well as Eurocard’s approval of the distance purchases. application, collectively referred to as the “agreement”. Eurocard Single-Use Account 4. Introductory provisions An account with one or more card The Company is liable for payments in numbers connected. The card numbers accordance with this agreement and is 3. Definitions are generated by Administrators via e- also responsible for ensuring that

admin in the Eurocard Single-Use Account administrators are aware of and comply Account module. The account is issued to the with this agreement and applicable Refers to an account issued by Eurocard Company for internet or other distance instructions from Eurocard at any given which is used for the execution of purchases. time. payment transactions and to which one or Eurocard Hotel Account more Cards can be connected. It can also An account with one or more card 5. Appointment of super be a Eurocard Purchase Account, Eurocard numbers connected. The card numbers administrators and Single-Use Account, Eurocard Hotel are generated by the Company’s travel Account or Travel Account. agency on behalf of the Company in the administrators Administrator(s) travel agency’s booking system. The When applying for e-admin, the Company The individual(s) at the Company who are account is issued to the Company for must appoint at least one super authorized to administer the Company’s travel related purchases booked by the administrator with special responsibility Cards and Accounts. A Company can have travel agency. for e-admin within the Company. The Company shall provide information both super administrators and General terms for Cards and administrators. Super administrators and including the name, national identification Accounts administrators are commonly defined as number, e-mail address and mobile phone Administrators in the agreement. A super Refers to the general terms issued by number of the appointed super Eurocard for each Card and Account.

1 Please note that not all modules and functions may be available in all markets. administrator. The Company can also 8. Apply for and close Cards transaction will be declined. However, a appoint one or more administrator(s). requirement for Eurocard to be able to and Accounts decline purchases on a Card or Account is The administrators’ appointment is not The Company can use e-admin to apply that the point of sale seeks authorization limited to actions within the e-admin for Cards and Accounts. For security for the individual purchase and that the online system but covers also the reasons, Administrators have a limited transaction takes place as an online administration as described in the e- ability to choose the address to which the transaction. admin application of the same cards and Card and PIN code shall be sent. In There are also, for security reasons, accounts in general, e.g. by using paper addition, Eurocard reserves the right, for underlying security parameters applications. security purposes, to set limits on how established by Eurocard on all Cards and many cards an Administrator may request Accounts to prevent misuse. This might be The Company shall ensure that there is through e-admin during a certain period. a maximum charge amount per always at least one super administrator transaction or for a certain period. appointed. If the Company wishes to The super administrators may use e- Even if a transaction is within the limits change super administrator, the Company admin to close Cards and Accounts. Note set by the Company, the transaction may must notify Eurocard in writing and special restrictions for Cards with private be declined because of Eurocard’s submit information of the appointed payment liability as mentioned in section security parameters for the reasons super administrator. The Company shall 7. described above. The Company should ensure that information regarding super therefore contact Eurocard at times when administrators and administrators is 9. Reconciliation of invoices unusually large transactions are to be updated if administrators leave their charged to a Card or an Account. and transactions position within the Company or if they for If the selected limitation does not work other reasons shall no longer have access The Administrator(s) can use e-admin to: for reasons beyond Eurocard's control, to e-admin. the Company is still liable for payment in 1. Access all invoices pertaining to accordance with applicable legislation and the Company's Cards and 6. Duality this agreement. Accounts The Company shall ensure that employees Companies may apply for a dual signature 2. View individual transaction data requirement in e-admin for actions that are given information on any limitations for an invoice of Cards and Accounts. Eurocard considers actions with a certain 3. View non billed transactions degree of risk e.g. when administrators that have been booked after the apply for new card(s) or account(s) or Note special restrictions for Cards with most recent invoicing date private payment liability as mentioned in when administrators do changes to limits 4. View interest on overdue on card(s) and/or account(s). Duality is section 7. payments, fees for late when one administrator initiates an action payments and other fees 11.2 that a second administrator needs to Limiting according to approve before it is actually performed. Note special restrictions for Cards with merchant category Note also that duality will prevent private payment liability as mentioned in Every acquirer in the Mastercard network administrators from administrating their section 7. is obligated, according to transaction own card(s) alone. rules, to register a special code that E-admin modules (optional) indicates to which merchant category the E-admin functions point of sale belongs. The Company can limit its Cards and Accounts in relation to 7. View Cards and Accounts 10. Administration module such merchant categories. In order for the The Company can use e-admin to view The Administration module in e-admin desired limitation on certain merchant cards and accounts. provides the possibility for the Company categories to work, the acquirer must to reorder cards and reorder PIN codes. have registered the correct merchant The Company may view cards with private category code. payment liability in e-admin, but the view Note special restrictions for Cards with As Eurocard cannot guarantee that the is limited: the Company cannot see private payment liability as mentioned in point of sale's category registration is transactions, invoices and payments and section 7. correct, Eurocard cannot guarantee that Cardholder specific spending relating to a the desired limitations for a certain Card with private payment liability. 11. Flexible limit module merchant category will always apply. The Company thus remains liable for payment Aggregated spending on Company Cards 11.1 Limiting - general even for transactions carried out at a and Accounts is available e.g. in the Cards and Accounts are generally Statistic module and Cards with private point of sale belonging to a business that, unlimited, but with the Flexible limit in terms of its merchant category, is payment liability are included in the module the Company can limit its Cards Cardholder lists, but the Company may excluded by the Company’s limitations. and Accounts. not administrate Cards with private When Eurocard receives an authorization payment liability i.e. close cards, reorder request from the point of sale to 11.3 Limiting at geographical cards and reorder PIN codes or set determine whether the transaction shall level limitations on such Cards. be approved, it is checked against the The Company can limit its Cards and

limitations the Company has placed on Accounts by geography. This limitation the Card and Account. In the event that cannot be used for online purchases or the authorization request exceeds the other forms of distance sales. The reason limits the Company has set, the for this is that many online shops choose

2 to process their transactions in a country 14. Statistics module • not to disclose Card and other than where the shop is registered. With the Statistics module the Company Account information to Similarly, limiting by geography can be can run predefined reports where data is unauthorized persons; affected by so-called border trade or if the presented in a consolidated format and • to only make a note of a transaction is carried out when travelling, save such reports as an Excel, PDF or CSV personal code in such a way that e.g. by plane, boat or train. file. third parties will not suspect

The Company may also search, view and that the note refers to a 12. Eurocard Single-Use export specific transactions (with some personal code;

limitations for Cards with private payment • to comply with the provisions Account module concerning use of e-admin in With the Eurocard Single-Use Account liability according to section 7 ) and get an overview of the Cards and Accounts accordance with the agreement; module the Company can create card issued to the Company. • to upon misuse or attempted numbers directly in e-admin. The intrusion from outside parties Company is responsible for ensuring that The data presented in the Statistics module is based on the merchant assist Eurocard in any the card numbers, expiry date, CVV code category codes registered by the acquirer investigation to gather and Mastercard Identity Check are information as to how such an handled confidentially and given only to (as mentioned in section 11.2). Eurocard cannot be held responsible in case of any event was possible and; the people within the Company who will incorrect category codes, which can affect • to ensure that users of Cards be using the card numbers. and Accounts receive The card details and associated the statistics negatively. information on the General Mastercard Identity Check shall be terms for Cards and Accounts. distributed in a secure manner to users Miscellaneous and shall also be stored securely, so that The Company shall be liable towards unauthorized persons cannot gain access 15. Security requirements Eurocard for damages occurring through to this information. All information In order to access e-admin, the negligent management of e-admin, also containing card numbers shall be handled Administrator shall log in with the including liability to Eurocard in the event in accordance with PCI DSS rules. The Temporary Password or with other of illegal intrusion through so-called Company agrees to comply with these solutions that might be available in hacking of the Company's network requirements. certain markets as instructed by Eurocard. whereby outside parties gain access to e- The Administrator may not create more For some of the modules in e-admin it is admin and thereby cause damages to card numbers than the Company needs at required – for security reasons - that the Eurocard. any given time, as such card numbers can Company provides the applicable IP The Company shall be liable for any acts pose a security risk. address on the application form. Eurocard or omissions of its employee related to For security reasons, Eurocard has will record the IP addresses in question the use of e-admin, and for acts of an implemented a number of security and will also verify that enquiries come authorized party respectively as for the parameters in relation to use of Eurocard from authorized computers/devices. acts of its employee using e-admin. Single-Use Account. In the event that it becomes necessary to issue a large 16. Conditions for use of e- 18. Eurocard’s right to number of card numbers over a short period of time or for larger transactions, admin and confidentiality update and block e-admin the Company must contact Eurocard. Information on e-admin Login Credentials Eurocard reserves the right to block e- The Eurocard Single-Use Accounts can be must not be given to or used by any admin for any of the following reasons: limited even if the Company does not outside parties. E-admin Login Credentials have the Flexible limit module. and/or other information linked to e- 1. if the secure use of e-admin admin shall be considered a valuable could be compromised e.g. for 13. File Download module document and shall be kept and handled technical reasons,

With the File Download module the in a secure manner to prevent outside 2. if unauthorized or fraudulent Company can manually retrieve Card and parties from using this information. use of the payment solutions in Account transactions from e-admin and E-admin may not be used in contravention e-admin is suspected. transfer them into the Company’s travel of applicable legislation. expense management system or other Eurocard is governed by rules of Where appropriate, Eurocard shall inform financial management system. The confidentiality. The Company undertakes the Company that e-admin has been Company must ensure that it has a high to manage and process personal data and blocked and of the reasons for this. level of security which ensures that no other customer information in e-admin in Eurocard also reserves the right to update unauthorized parties can gain access to a manner that is in compliance with and modify e-admin on an on-going basis. sensitive transaction information. If the applicable legislation. The Company shall be given advance downloaded files contain card numbers, notice in the event of major changes. these must be handled in accordance with 17. The Company’s Minor changes and updates will be implemented without special notification. PCI DSS rules. Transaction data may not obligations and liabilities be used for any purposes other than The Company shall be obliged: those stated in these e-admin Terms and 19. Reporting of loss

Conditions or as otherwise specially Loss of the e-admin Login Credentials or • to destroy any previously described by Eurocard. unauthorized use of e-admin shall be received e-admin Login reported immediately upon detection. Credentials upon receiving the Eurocard shall be notified by telephone: new e-admin Login Credentials; To Sweden: 08 14 67 67 (from abroad +46 8 14 67 67). 3

To Denmark: 36 73 71 00 (from abroad reserves the right to provide the Company order to reconcile invoices and +45 36 73 71 00) with information via other electronic transactions etc. To Norway: 21 00 55 00 (from abroad communication e.g. via e-admin or SMS or +47 21 00 55 00) in writing by post. To Finland: 08 0015 5777 (from abroad Messages that are sent by e-mail, SMS or 26. Interpretation and +358 8 0015 5777 e-admin or any other form of electronic resolution of disputes communication shall be deemed to have This agreement shall be interpreted and Upon loss of e-admin Login Credentials reached the Company no later than the applied in accordance with the law of the and where there is a risk of unauthorized next working day if the message is sent to country in which Eurocard is located. use of the payment solutions in e-admin, an address or number that the Company Any disputes arising from this agreement the Company shall also report the loss to has provided to Eurocard. shall be resolved by the courts of the the police as soon as possible. country in which Eurocard is located. 24. Amendment of the Terms Nevertheless, Eurocard reserves the right to initiate legal proceedings at a court in 20. Force majeure and and Conditions and prices another country if the Company is limitation of liability Eurocard shall be entitled to amend the e- incorporated there or has assets in that In relation to this agreement, Eurocard is admin Terms and Conditions and prices, country. not liable in cases of unusual or and to introduce new fees and cost reimbursements with effect one month unpredictable circumstances over which 27. Transfer of rights and/or Eurocard has no control and the after the Company is notified of the consequences of which would have been amendment/introduction in accordance obligations impossible for Eurocard to prevent, with section 23. Amendments to the Eurocard shall be entitled to transfer to despite all its efforts. Nor is Eurocard benefit of the Company may be another party this agreement and all or implemented with immediate effect. If liable when Eurocard acts in accordance parts of its rights and obligations in with applicable laws. the Company does not accept the accordance with this agreement without amendments, the Company shall be the Company’s prior consent. Eurocard’s Losses that arise in other cases shall not entitled to terminate the agreement consent is required if the Company wishes be reimbursed by Eurocard if Eurocard before the day on which the amendments to transfer its obligations and/or rights has exercised normal due care and are due to take effect. If no notice of under this agreement to another party. attention. Nor shall Eurocard be liable for termination is given, the Company shall be deemed to have accepted the indirect losses unless the loss has been 28. Processing of personal caused wilfully or through Eurocard’s amendments. data gross negligence. 25. Term of the agreement Eurocard collects and processes personal data in accordance with applicable law. 21. Prices and fees and termination of the Collection and processing of personal data Prices and fees for the use of e-admin agreement is necessary to fulfil the agreement. shall be payable as specified in the An e-admin agreement is entered into on Information about the data subject rights pricelist or as agreed between the the day on which Eurocard approves the and a more detailed description regarding Company and Eurocard. The Company Company’s application for e-admin and how Eurocard collects, processes and agrees to the payment method specified notifies the Company through the super transfers personal data and information by Eurocard. administrator(s) of this accordingly. The about automated decisions, profiling and agreement is entered into for an marketing can be found on the website. 22. Information about the indefinite period. Either party may The Company shall take all measures agreement terminate the agreement for any reason, necessary to inform the administrators During the term of the agreement, the subject to giving two months' notice. The before personal data processing activities Company shall be entitled, upon request, Company and Eurocard may also terminate the agreement with immediate are performed by Eurocard and shall to receive a copy of this agreement by effect if the other party has committed a ensure that all administrators are aware post, e-mail or another durable medium. of the content of this section, of the material breach of the agreement. Eurocard will have the right to terminate information regarding personal data on 23. Communication and the agreement with immediate effect if the website and shall also ensure that all messages the Company ceases to make payments, is administrators receive any notifications that Eurocard may provide from time to The agreement shall be written in declared bankrupt, initiates negotiations Eurocard’s local language or English. If with the aim of making a composition time regarding processing of personal differences occur between the two with creditors or enters into liquidation. data. versions, the English version will prevail. When the agreement is terminated, the The language of communication between right to use e-admin shall cease the Company and Eurocard shall be either simultaneously. In this situation, Login Eurocard’s local language or English. Credentials and account information in

Eurocard will send information and relation to e-admin shall be destroyed as 2004 20 messages in accordance with this soon as possible. agreement by e-mail to the Company Eurocard may at its discretion and against NC through the super administrator(s). Any a separate fee grant the Company information or message sent to the super extended access to e-admin after the 2075 EC administrator(s) shall be deemed to have termination of the main agreement in reached the Company. Eurocard also 4