TERMS AND CONDITIONS FOR MOBILEPAY FOR BUSINESSES

Effective from 12 December 2016

MobilePay by Danske Bank® for Businesses (in These Terms and Conditions for MobilePay for A1. Changes to terms and conditions Businesses are divided into five sections: the following "MobilePay for Businesses") Danske Bank reserves the right to change  Section A describes the general conditions consists of various payment solutions which these Terms and Conditions at any time for payment solutions and services can be used by the business for receiving and without notice. We will notify your business of  Section B describes MobilePay Business requesting payments from users of MobilePay any changes by letter or electronically (by e-  Section C describes MobilePay AppSwitch by Danske Bank® (in the following mail or notification in your eArchive in the  Section D describes MobilePay Point of "MobilePay"). The payment solutions are online administration system, for example). Sale referred to as solutions and are described in  Section E describes MobilePay Bonus more detail in the individual sections. A2. Commercial purposes etc.  Section F describes MobilePay

Memberships The business may also get access to services A2.1. Commercial purposes  Sectiopn G describes the general which are not payment solutions, but are MobilePay for Businesses may be used for conditions for online administration of associated with MobilePay for Businesses. commercial purposes only. Any information MobilePay payment solutions and services These services are described in more detail in obtained is strictly for your business's own

the sections on the individual solutions. use. Information may not be disclosed to any In addition to these Terms and Conditions, the third party.

København

– following documents apply: In addition to the individual solutions and  General conditions services, the business will have access to an MobilePay for Businesses may be used for  The charges for the individual solutions online administration system. fundraising purposes only if permitted under associated with MobilePay for Businesses the individual payment solution and subject to

In order to obtain access to MobilePay for the conditions stipulated. Businesses, the business must sign an Section A – General conditions for agreement with Danske Bank and have an payment solutions and services The business may not make funds transfers, account with the bank. disburse cash or transfer money from

MobilePay to solutions that may function as a

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 1 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

payment instrument or payment surrogate. But Danske Bank is entitled to assess your MobilePay or any related solutions or services a business may make refunds (see sections business's financial position at regular without Danske Bank's consent. B3.8, C3.8 and D3.8). intervals. A3. Charging fees from the business's MobilePay for Businesses may not be used for A2.2. Use of MobilePay trademarks etc. customers etc. illegal activities or purposes. MobilePay for Danske Bank authorises your business to use The business has an obligation to comply with Businesses may not be used for activities or MobilePay, any technology used in MobilePay applicable legal requirements on collecting purposes that Danske Bank deems to be belonging to Danske Bank, any associated fees from its customers for the use of morally or ethically questionable or that may confidential know-how and associated MobilePay. harm the image or brand of Danske Bank or trademarks (in the following collectively MobilePay. "MobilePay") in and in relation to A daily maximum amount has been fixed for MobilePay solutions and services, subject to MobilePay transfers by the individual Danske Bank reserves the right to block your your business's compliance with agreed-upon MobilePay users. For information about access to MobilePay for Businesses if your terms and conditions and authorisation by current limits, see mobilepay.dk (in Danish business fails to comply with these Danske Bank. only).

requirements. MobilePay is the property of Danske Bank and When a MobilePay user makes a payment with

København

– Before concluding the MobilePay for may only be used by your business subject to MobilePay, the purchase date, the purchase Businesses agreement, Danske Bank will the conditions and guidelines stipulated by amount, and the business's name and address, evaluate your business's intended use of Danske Bank. You may not assign your right to among other things, may appear on the MobilePay for Businesses and may decide not use MobilePay to any third party. MobilePay user's account statement. to enter into the agreement on the basis of such evaluation. Any matter relating to the marketing, A4. Employees' use of MobilePay etc. advertising and promotion of MobilePay is Your business must ensure that your subject to Danske Bank's prior written employees who use MobilePay for Businesses consent, and you may not publish any launch of are familiar with these Terms and Conditions.

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 2 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

You are responsible for your employees' use of Danske Bank is entitled to charge a fee for MobilePay for Businesses. providing additional details or information at A6. Responsibility and liability more frequent intervals than agreed when the Your business must comply with the legal A5. Charges MobilePay for Businesses agreement was requirements governing trade in your goods The current charges for the solutions and concluded. Danske Bank may charge a fee for and services applicable at any time, including services appear on the list of charges applying transfers that your business makes from an requirements governing the treatment of to the individual solutions and services offered account and for providing you with details information about MobilePay users that the under MobilePay for Businesses. about payments made. business obtains. This applies to rules governing disclosure of information, marketing Danske Bank reserves the right to change the The charges and fees for MobilePay for and processing of personal data. If your charges at any time at 30 days' notice. We will Businesses, including the individual solutions, business fails to comply, we will deem it a notify your business of any changes by letter or are stated exclusive of VAT. If MobilePay for breach of your MobilePay for Businesses electronically (by e-mail or notification in your Businesses, including the individual solutions, agreement with Danske Bank. Please note that eArchive in the online administration system, is subject to VAT at the time when your Danske Bank does not provide information on for example). business enters into a MobilePay for the applicable rules of law in this area.

Businesses agreement with Danske Bank, or if Danske Bank debits charges and fees to the the solution becomes subject to VAT at a later Danske Bank is not liable for

København

– account designated as fee account by you. The time, Danske Bank is entitled to add VAT to the  any loss incurred by your business as a rules for changing charges are described in MobilePay for Businesses charges. result of your customers' or any third Danske Bank's General Conditions. party's unauthorised use of customer Danske Bank is entitled charge you any VAT access to MobilePay Danske Bank is entitled to bundle and debit paid by Danske Bank for services already  any loss incurred by your business as a fees more than one month after the provided to or paid by your business. The result of any third party's unauthorised use transaction to which they relate has been applicable VAT amount or rate appears on the of your access to MobilePay for processed. current list of charges for MobilePay for Businesses Businesses at mobilepay.dk (in Danish only).

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 3 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

 any indirect losses, operating losses, loss  your business fails to comply with the legal contract, we are, however, entitled to of business or loss of interest requirements governing the sale of its terminate the agreement without notice.  any other losses resulting from goods and services circumstances beyond Danske Bank's  your business does not immediately A9. Change of address and assignment of control, including technical breakdown and comply with requirements resulting from rights data transmission or network problems objections raised by its customers You must notify us in writing if your business regarding its goods or services changes its postal or e-mail address. Note that additional provisions on  Danske Bank receives numerous responsibility and liability may apply to the objections from your customers Your business may not assign its rights or individual solutions and services.  your business fails to comply with the obligations in the MobilePay for Businesses Terms and Conditions for MobilePay for solution to a third party without the prior A7. Breach of contract Businesses written consent of Danske Bank. Your business Breach of contract includes, but is not limited may not assign the agreement to a third party. to, the following events: A8. Termination  your business fails to meet its payment A10. Contact and assistance

obligations under the agreement, such as A8.1. Termination by your business Support Direct at Danske Bank can assist you payment refunds Your business may terminate the agreement in with technical questions about MobilePay for

København

–  your business suspends its payments writing without notice. Termination will not Businesses. You will find the telephone number  your business is subject to reconstruction affect any claims raised by Danske Bank for Support Direct at mobilepay.dk (in Danish  your business is declared bankrupt or is against your business as a result of customer only). subject to other forms of insolvency objections, however. Subscription fees and any proceedings prepaid charges are not repayable. A11. Governing law and venue  your business is the subject of an Any disputes arising out of these Terms and execution or attachment order A8.2. Termination by Danske Bank Conditions for MobilePay for Businesses are We may terminate the agreement at 30 days’ subject to Danish law, and the proper venue notice in writing. In the event of breach of will be the courts of Denmark.

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 4 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

stickers are free of charge and will be sent to Section B – MobilePay Business MobilePay Business can be used in several the address stated in your MobilePay Business outlets. You can deregister outlets in the agreement. In addition to the terms and conditions set out MobilePay Business module. When you have in section A, the following terms and conditions deregistered an outlet, you will be notified that Your business is responsible for ensuring that apply if your business has signed up for the you can no longer receive payments from the information provided when setting up the MobilePay Business solution. MobilePay users via the outlet. MobilePay MobilePay Business solution in the module and Business is currently compatible with iOS and in the app is correct and up to date. B1. What is MobilePay Business? Android. MobilePay Business is a payment solution In order to prevent unauthorised use of consisting of B2. Activation of MobilePay Business MobilePay Business, your business must store  an app for receiving and requesting When your business has concluded a its outlets (mobile phones/tablets) in such a payments for goods and services from MobilePay Business agreement, users under way as to prevent others from gaining MobilePay users the agreement will receive a temporary PIN unimpeded access to MobilePay Business.  an administration module (the MobilePay and an eSafeID. Users can subsequently

Business module) providing your business activate MobilePay Business by following the If possible, outlets should be protected by a with an online overview of all payments guide to setting up MobilePay that has been password or a keypad lock. Do not disclose the

København

– from MobilePay users, enabling your sent to the business or can obtain more password to third parties. business to manage its outlets (mobile information on mobilepay.dk. Afterwards, your devices) and transfer payments from business is equipped to receive customer B3. Using MobilePay Business account(s) associated with the MobilePay payments with MobilePay Business. Business solution B3.1. Not for online sales Next, your business will receive stickers which MobilePay Business may not be used to An outlet is defined as a MobilePay Business you can display to show your customers that receive payments for online sales or for app to which a unique phone number is they can use MobilePay to pay for goods and subscription agreements. MobilePay Business associated. services at your place of business. The

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 5 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

may be used for fundraising purposes. For The requested amount may not exceed the additional information, see section B3.10 If your MobilePay Business agreement is purchase amount. MobilePay thus cannot be terminated or expires, irrespective of the used to make cash withdrawals. B3.2. Charges cause, the MobilePay stickers must be Charges for MobilePay Business are set out in removed. Any unused stickers must be Finally, the business can enable customers to the list of charges for MobilePay Business. returned to Danske Bank. pay with MobilePay via a link or a QR code – e.g. Danske Bank reserves the right to change on an invoice. The generation of links can be MobilePay Business charges at any time at 30 Danske Bank is not liable for any damage to done through a third party – e.g. an ERP days' notice. See section A5, Charges. shop fittings or other equipment that results provider – if they offer the solution or the from your business's use of MobilePay stickers business can generate the links/QR B3.3. Clearly displayed information at or any other MobilePay Business material. themselves - see mobilepay.dk (in Danish only). business premises Danske Bank are solely making the Only official material supplied by Danske Bank B3.4. Request for payment with MobilePay functionality available and assumes no may be used to advise customers of the You must inform customers of your business's responsibility for the business’s or the third MobilePay option. Stickers must be placed at mobile number and the final purchase amount parties generation of the link/QR code. Be

eye level, unobstructed by other elements. before requesting payment with MobilePay. aware that Danske Bank do not offer any support if the link/QR code is generated via a

København

– You must ensure that You can also send the customer a request for third party. In this case the business must  information is posted at the entrance to payment in MobilePay in connection with a contact the third party. The functionality must your business premises or your physical purchase. You must enter the final purchase not be used for online sales – see section B3.1. outlet, clearly and visibly advising amount. The request for payment must take customers that they can pay with place according to the instructions shown in B3.5. Customer payments MobilePay the app and on mobilepay.dk. The customer As soon as a customer has approved a  the mobile number to which payments then receives the payment request for payment in MobilePay, the customer can see must be made is displayed at the cash approval. that the amount will be paid. The money is register, clearly and visibly transferred only if the payment is approved

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 6 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

and MobilePay is not blocked. For more Your business can reverse payments made deems to be morally or ethically questionable information, see mobilepay.dk (in Danish only). with MobilePay through MobilePay Business if or that may harm the image or brand of Danske a customer wants to return a purchase, for Bank or MobilePay. B3.6. Confirmation of transfer to the example. You will find this function on the page customer displaying the receipt. You cannot refund more B3.10. Fundraising Customers receive confirmation of the than the amount paid by the customer. The Any use of MobilePay Business for fundraising transfer in MobilePay once payments are reversal can be seen under Aktiviteter purposes must comply with the rules of the completed. Customers can view confirmations (activities) together with the original payment Danish tax authorities and the Danish of previous transfers under Aktiviteter made by the customer. Your business may not Fundraising Act and is subject to Danske (activities) in MobilePay. It is a transfer charge the customer a fee for the reversal. Bank's prior written consent. confirmation and not a purchase confirmation. You must provide your customers with a B3.9. Business location and logo In connection with fundraising, your business purchase receipt. You can upload your business logo to the must comply with the rules applicable at any MobilePay Business app to display it on time on use of the MobilePay logo etc., which B3.7. Post-transaction information MobilePay users' receipts etc. in MobilePay. are provided on approval of the fundraising.

Customer payments can be viewed under Aktiviteter (activities) in MobilePay Business You can also register your location to enable B4. Objecting to payments

København

– immediately after the customer has completed MobilePay users to view your business name If one of your customers raises a claim against the payment. in MobilePay when they are in the vicinity, Danske Bank as a result of an objection provided that they use this function. relating to the purchase of goods or services This is your business's documentation for the from your business, Danske Bank will instruct completion of the MobilePay transfer to your In case of unauthorised use, Danske Bank the customer to raise the claim against your account. reserves the right to block your access to business. Your business must indemnify MobilePay Business if you have provided Danske Bank for any claims raised in B3.8. Reversal of payments incorrect information about the location of connection with a customer complaint. outlets, or if you use logos that Danske Bank

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 7 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

B5. Blocking access to MobilePay Business transactions. When your business requests a If the outlet (mobile phone/tablet) with the payment from a customer with MobilePay We use these data only to operate the systems phone number or SIM card registered for Business, Danske Bank sends the customer a and prepare statistics, which may be used, for MobilePay Business is lost or stolen, or if you message with the amount, name, mobile example, to improve MobilePay Business. Data suspect that the outlet or SIM card is lost or number, date of the request, and any message from electronic traces cannot be used for stolen, you must contact Danske Bank as soon to the customer. obtaining personal data. Danske Bank does not as possible to block access to MobilePay sell or pass on these data to third parties. Business. Danske Bank stores this information and uses it in its bookkeeping, in your business's In concluding a MobilePay Business agreement Call +45 70 114 115 and state your phone MobilePay Business transaction overview and with Danske Bank and downloading and number. Our lines are open 24 hours a day. in connection with any correction of errors. installing the app, your business accepts that it Danske Bank passes on this information to leaves electronic traces. It is not technically B6. Unauthorised use third parties only if required by law or in possible to use MobilePay Business without If you suspect or discover unauthorised use of connection with claims under legal actions. We leaving electronic traces. If you do not wish to your MobilePay Business access, you must keep the information on file during the year of leave electronic traces, you must uninstall the

contact us immediately. You must also give us registration and for the following five years. app and cancel your MobilePay Business all the information required for us to agreement.

København

– investigate the suspected unauthorised use of B8. Electronic traces your MobilePay Business solution and to take Your business accepts that Danske Bank Section C – MobilePay AppSwitch corrective and legal measures. gathers the following data via electronic traces from your use of MobilePay Business: In addition to the terms and conditions set out B7. Registration and protection of data  the app screens your business's users in section A, the following terms and conditions In using MobilePay, your business accepts that have viewed apply if your business has signed up for the Danske Bank registers the mobile phone and  the outlets used MobilePay AppSwitch solution. account numbers associated with MobilePay  your operating system Business, as well as the dates and amounts of  your IP address C1. What is MobilePay AppSwitch?

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 8 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

MobilePay AppSwitch is a payment solution MobilePay AppSwitch is compatible with setup in the MobilePay AppSwitch module and allowing businesses to integrate MobilePay as Android, iOS and Windows. in the app is correct and up to date. a payment solution in their own apps. MobilePay AppSwitch allows MobilePay users C2. Implementation and activation of C2.2. Implementation of MobilePay to choose MobilePay as a payment option in MobilePay AppSwitch AppSwitch the business's app. The user will be taken to Your business is responsible for ensuring that the MobilePay app where payment can be C2.1. Activation of MobilePay AppSwitch MobilePay AppSwitch has been correctly effected. Once the payment has been When your business has concluded a implemented in your app and in compliance completed, the user will return to your app. MobilePay AppSwitch agreement, users under with Danske Bank's rules and instructions, the agreement will receive a temporary PIN which are available at mobilepay.dk (in Danish The solution is supported by an online and an eSafeID. Users can subsequently only). In addition, the solution must be tested administration module (the MobilePay activate MobilePay AppSwitch by following the according to the procedure described at AppSwitch module) and a web services information on setting up MobilePay on mobilepay.dk (in Danish only). module. The administration module provides mobilepay.dk. your business with an overview of all payments C3. Use of MobilePay AppSwitch

from MobilePay users and enables you to set Your business is now equipped to receive up an AppSwitch ID, which is used for customer payments with MobilePay C3.1. Only for use for purchases made through

København

– integrating MobilePay in your app, and to AppSwitch. apps transfer amounts from accounts associated Your business may only receive payments in with your MobilePay AppSwitch. The web You can set up several AppSwitch IDs in the MobilePay AppSwitch for sales of goods and services module enables your business to MobilePay AppSwitch module if, for example, services intended for use outside the app. perform server validation of payments, set you wish to integrate MobilePay into several aside amounts for payments, cancel amounts apps. Your business may not use MobilePay set aside and make refunds directly from your AppSwitch for receiving payments for business's own systems. You are responsible for ensuring that the subscription agreements. information provided in connection with the

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 9 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

C3.2. Use and responsibility and liability for MobilePay AppSwitch charges at any time at product will automatically be transferred to use 30 days' notice. MobilePay when your app switches to Your business must comply with any rules and MobilePay. conditions applying at any time to your app and See section A5, Charges. sales made through your app. This applies, for The amount requested to be paid in MobilePay example, to the rules stipulated by Apple, C3.4. Clearly displayed information in the may not exceed the purchase amount. Google and Microsoft on development and use business's app MobilePay thus cannot be used to make cash of your app. For example, your business may Your business must ensure that information is withdrawals. not receive payments in your app via provided in your business's app, clearly and MobilePay AppSwitch for services intended for visibly advising customers that they can pay If your business uses the function "set aside use in the app. Examples of such services are with MobilePay. amount", your business must ensure that the music services, magazines and subscriptions. customer has been notified of this, and the Your business must ensure that MobilePay is setting aside must be terminated immediately If your business fails to comply with the above spelled correctly and that only official logos afterwards. requirement, it will be deemed to be a material received from Danske Bank are used. Logos

breach. Your business must indemnify Danske may be downloaded via mobilepay.dk. C3.6. Customer payments Bank for any loss Danske Bank may be met As soon as a customer has approved a

København

– with and any loss Danske Bank may incur as a If your MobilePay AppSwitch agreement is payment in MobilePay, the customer can see in result of your failure to comply with the above terminated or expires, irrespective of the the MobilePay app that a purchase has been requirement. cause, the MobilePay instructions and logos made. must be removed from your apps. C3.3. Charges The money is transferred only if the payment is Charges for MobilePay AppSwitch are set out C3.5. Request for payment with MobilePay approved and MobilePay is not blocked. For in the list of charges for MobilePay AppSwitch. You must inform customers of the final more information, see mobilepay.dk (in Danish Danske Bank reserves the right to change purchase amount before requesting payment only). with MobilePay. The amount to be paid for the

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 10 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

C3.7. Confirmation of transfer to the aside, the payment will be transferred to your In connection with fundraising, your business customer business's account when your business must comply with the rules applicable at any Customers receive confirmation of the collects the payment with the capture service. time on use of the MobilePay logo etc., which transfer in MobilePay once payments are are provided on approval of the fundraising. completed. Customers can view confirmations C3.10. Business name and logo of previous transfers under Aktiviteter You must enter the business name and logo C4. Objecting to payments (activities) in MobilePay. It is a transfer when setting up the AppSwitch ID in the If one of your customers raises a claim against confirmation and not a purchase confirmation. MobilePay AppSwitch module. The name and Danske Bank as a result of an objection You must provide your customers with a logo will appear on the MobilePay user's relating to the purchase of goods or services purchase receipt. receipt in MobilePay. from your business, Danske Bank will instruct the customer to raise the claim against your C3.8. Reversal of payments In case of unauthorised use, Danske Bank business. Your business must indemnify Your business can reverse payments made reserves the right to block your business's Danske Bank for any claims raised in with MobilePay through MobilePay web access to MobilePay AppSwitch if you use connection with a customer complaint. services if a customer wants to return a logos that Danske Bank deems to be morally or

purchase, for example. The function is available ethically questionable, or that may harm the C5. Blocking access to MobilePay AppSwitch if your business is integrated with MobilePay image or brand of Danske Bank or MobilePay. You must contact Danske Bank as soon as

København

– web services. You cannot refund more than the possible to block access to MobilePay amount paid by the customer. Your business C3.11. Fundraising AppSwitch if you suspect any inappropriate may not charge the customer a fee for the Any use of MobilePay AppSwitch for use of your app, including MobilePay reversal. fundraising purposes must comply with the AppSwitch. rules of the Danish tax authorities and the C3.9. Post-transaction information Danish Fundraising Act and is subject to Call +45 70 114 115 and state your Once the customer has approved a payment Danske Bank's prior written consent. AppSwitch ID. Our lines are open 24 hours a via MobilePay, Danske Bank will set aside the day. amount or transfer it. When amounts are set

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 11 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

C6. Unauthorised use on this information to third parties only if confirms the purchase by approving the If you suspect or discover unauthorised use of required by law or in connection with claims amount in his or her MobilePay app. your MobilePay AppSwitch, you must contact under legal actions. We keep the information us immediately. You must also give us all the on file during the year of registration and for MobilePay POS is compatible with iOS, Android information required for us to investigate the the following five years. and Windows. suspected unauthorised use of your MobilePay AppSwitch and to take corrective and legal Section D – MobilePay Point of Sale D2. Implementation and activation of measures. MobilePay POS In addition to the terms and conditions set out You may remove MobilePay as a payment in section A, the following terms and conditions D2.1. Requirements for use of MobilePay POS function in your app if your suspect any apply if you have the MobilePay Point of Sale In order to use MobilePay POS, the business inappropriate use of the app, and Danske Bank solution (in the following "POS"). must may at any time block an agreement in case of  sign an agreement with Danske Bank on suspected unauthorised use. D1. What is MobilePay POS? MobilePay POS MobilePay POS is a payment solution allowing  purchase the desired number of MobilePay

C7. Registration and protection of data businesses to integrate MobilePay as a boxes / card terminals In using MobilePay AppSwitch, your business payment solution in their payment systems  arrange for a payment system supplier

København

– accepts that Danske Bank registers the (point-of-sale terminals or self-service certified by Danske Bank to install the account number associated with MobilePay machines). solution AppSwitch, as well as the dates and amounts of transactions. MobilePay POS allows MobilePay users to pay D2.2. Implementation of MobilePay POS by holding their phones to the MobilePay box or You are responsible for ensuring that Danske Bank stores this information and uses a MobilePay enabled card terminal installed by MobilePay POS is correctly implemented in it in its bookkeeping, in your business's your business at the payment system. A your business's payment systems and that all MobilePay AppSwitch and in connection with request for the purchase amount is then sent MobilePay boxes/card terminals are correctly any correction of errors. Danske Bank passes to the user's phone, and the MobilePay user installed and connected.

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 12 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

You deregister shop IDs associated with configuration of MobilePay. If other payment You are responsible for purchasing and MobilePay POS in the MobilePay POS module. service providers or providers of other configuring your own payment systems and all Once a shop ID has been deregistered, your services want to use Danske Bank's systems, the MobilePay boxes/card terminals needed business can no longer receive payments from such use requires an agreement to be for roll-out in your business. MobilePay users in shops where the ID was concluded with Danske Bank, and Danske Bank used. reserves the right to demand payment for the You are also responsible for any correction of use. errors and maintenance of your own payment D2.4. Access for other parties to MobilePay systems and MobilePay boxes/card terminals. boxes Danske Bank cannot be held liable for disruptions, losses or expenses in relation to D2.3. Activation of MobilePay POS This sections does only apply to companies other payment service providers' or providers When the requirements for use of MobilePay using the MobilePay box. of other services' access to and use of the POS are met, users under the agreement will MobilePay boxes. receive a temporary PIN and an eSafeID for an You are not entitled to sell or in any other way online administration module (the MobilePay make arrangements for the MobilePay boxes D3. Use of MobilePay POS

POS module). Users can subsequently activate without Danske Bank's prior consent. D3.1. Physical trade only MobilePay POS by following the guide to You may only receive payments in MobilePay

København setting up MobilePay that has been sent to the You may grant access to MobilePay boxes to – POS for sales of goods and services in physical business. other payment service providers or providers shops where the goods or services are of other services. In such case, Danske Bank delivered in direct connection with the Afterwards, your business is now equipped to will be entitled to payment of the connection payment or prior to payment. receive customer payments with MobilePay fee set out in the list of charges for MobilePay POS. Your business can use MobilePay POS in POS. Upon such a connection, the Bank must MobilePay POS may not be used to receive different shops, self-service machines or other always be informed of the serial number of the payments for online sales or for subscription physical outlets. MobilePay box. Moreover, it is assumed that no agreements. changes will be made to the existing technical

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 13 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

D3.2. Charges Using the stickers provided or your own Danske Bank is not liable for any damage to Charges for MobilePay POS are set out in list signage, you must ensure that shop fittings or other equipment that results of charges for MobilePay POS. Danske Bank  information is posted at the entrance to from your business's use of MobilePay POS reserves the right to change MobilePay POS your business premises, clearly and visibly stickers, MobilePay boxes or any other charges at any time at 30 days' notice. advising customers that they can pay with MobilePay POS material. MobilePay See section A5, Charges.  information is posted by the point-of-sale D3.4. Request for payment with MobilePay terminal, clearly advising customers that You must inform customers of the final D3.3. Clearly displayed information at they can pay with MobilePay purchase amount before requesting payment business premises  the MobilePay box/card terminal is placed with MobilePay. The request for the purchase Your business will receive stickers which you in a clear and visible location by the point- amount is automatically transferred to can display to show your customers that they of-sale terminal MobilePay when the request is sent from the can use MobilePay to pay for goods and payment system to MobilePay. services at your place of business. When MobilePay can be used for payment in a machine, it must clearly appear from the The amount requested to be paid in MobilePay

You may also be given access to graphic machine that it is possible to use MobilePay – may not exceed the purchase amount. material which will allow you to make your own either from the MobilePay sticker delivered or MobilePay thus cannot be used to make cash

København

– stickers and signs. In the event of any non- the display of the machine. withdrawals. compliance with the terms and conditions for use of MobilePay graphics, Danske Bank may If your MobilePay POS agreement is D3.5. Customer payments request that any non-compliant signage be terminated or expires, irrespective of the As soon as a customer has approved a removed. The terms and conditions for use of cause, the MobilePay stickers and other payment in MobilePay, the customer can see MobilePay graphics are available online signage must be removed. Any unused stickers that the amount will be paid. (website). You will receive a link to the website must be returned to Danske Bank. when you become a MobilePay POS customer. The money is transferred only if the payment is approved and MobilePay is not blocked. For

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 14 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

more information, see mobilepay.dk (in Danish a customer wants to return a purchase, for D3.10. Machines only). example. You cannot refund more than the MobilePay POS may be used for payment with amount paid by the customer. Your business MobilePay in machines and self-service D3.6. Confirmation of transfer to the may not charge the customer a fee for the solutions. Subject to prior approval by Danske customer reversal. Bank, your business can receive payments via Customers receive confirmation of the a QR code in a display instead of payment via transfer in MobilePay once payments are D3.9. Business location and logo the MobilePay box. completed. Customers can view confirmations You must upload your business logo in the of previous transfers under Aktiviteter MobilePay POS administration module when D3.11. Fundraising (activities) in MobilePay. It is a transfer you set up your brand and shop IDs so that the Any use of MobilePay POS for fundraising confirmation and not a purchase confirmation. logo is displayed on MobilePay users' receipts purposes must comply with the rules of the You must provide your customers with a etc. in MobilePay. You must also register your Danish tax authorities and the Danish purchase receipt. location to enable MobilePay users to view Fundraising Act and is subject to Danske your business name in MobilePay when they Bank's prior written consent. D3.7. Post-transaction information are in the vicinity, provided that they use this

Customer payments can be viewed in the function. In connection with fundraising, your business payment system immediately after the must comply with the rules applicable at any

København

– customer has completed the payment. In case of unauthorised use, Danske Bank time on use of the MobilePay logo etc., which reserves the right to block your access to are provided on approval of the fundraising. This is your business's documentation for the MobilePay POS if you have provided incorrect completion of the MobilePay transfer to your information about the location of outlets, or if D4. Objecting to payments account. you use logos that Danske Bank deems to be If one of your customers raises a claim against morally or ethically questionable or that may Danske Bank as a result of an objection D3.8. Reversal of payments harm the image or brand of Danske Bank or relating to the purchase of goods or services Your business can reverse payments made MobilePay. from your business, Danske Bank will instruct with MobilePay through the payment system if the customer to raise the claim against your

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 15 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

business. Your business must indemnify account number you have designated for E1. What is MobilePay Bonus? Danske Bank for any claims raised in MobilePay POS, as well as the dates and MobilePay Bonus is a function linked to connection with a customer complaint. amounts of transactions. When your business MobilePay for Businesses that enables your requests a payment from a customer via business to offer its customers a bonus when D5. Blocking access to MobilePay POS MobilePay POS, the purchase amount and the they pay with MobilePay. You must contact Danske Bank as soon as business name and logo are sent to the possible to block access to MobilePay POS if customer. E2. Requirement for use of MobilePay Bonus you suspect any inappropriate use of your You must have MobilePay Business to offer MobilePay POS, including systems linked to Danske Bank stores this information and uses your customers a bonus. You activate the MobilePay POS. it in its bookkeeping, in your business's function in the administration module for MobilePay POS transaction overview and in MobilePay. The function will be active from 12 Call +45 70 114 115 and state your customer connection with any subsequent correction of midnight the day after activation. number. Our lines are open 24 hours a day. errors. Danske Bank passes on this information to third parties only if required by If you do not want the possibility of activating D6. Unauthorised use law or in connection with claims under legal the function, you must contact Danske Bank's

If you suspect or discover unauthorised use of actions. We keep the information on file during support. The telephone number can be found at your MobilePay POS, you must contact Danske the year of registration and for the following mobilepay.dk.

København

– Bank immediately. You must also give us all the five years. information required for us to investigate the E3. Bonus amount suspected unauthorised use of your MobilePay Section E – MobilePay Bonus When activating MobilePay Bonus, you must POS and to take corrective and legal decide what percentage to offer your measures. In addition to the terms and conditions set out customers. The percentage may be changed in section A, the following terms and conditions once a day with effect from 12 midnight the D7. Registration and protection of data apply if your business has signed up for the following day. In using MobilePay, your business accepts that MobilePay Bonus solution.

Danske Bank registers the name, address and

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 16 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

The bonus offered will be rounded off to the MobilePay for Businesses. If your customers nearest whole one hundredth of a Danish krone E5. Expiry of bonus do not receive the bonus to which they are for each purchase. The bonus earned does not expire unless entitled, or if they have any objections to the - you deactivate MobilePay Bonus. In bonus earned, you are under an obligation to E4. Earning and using a bonus such case, it must be possible for your ensure that they receive the bonus to which When the bonus function has been activated, customers to use their earned they are entitled. your customers – provided that they have bonuses for a period of six months signed up for it – will automatically earn the after deactivation. No bonus is earned If, regardless of the reason, Danske Bank bonus you have decided to offer them every during the six-month period becomes obligated to pay a bonus to your time they pay with MobilePay in your shop. - your business closes down, customers, you must repay the amount to us to irrespective of the cause indemnify Danske Bank. The bonus earned can then be used the next - your agreement with Danske Bank on time they shop with you. The bonus cannot be the use of MobilePay is terminated E8. Danske Bank's liability for MobilePay converted into cash, and customers do not - the individual MobilePay user Bonus earn a bonus on that part of the payment that deregisters from MobilePay Bonus Danske Bank only makes the function available

is made with a bonus. to your business and performs calculations of E6. Registration of information earned and used bonuses.

København Danske Bank's system will register any award – You can always see the total outstanding bonus amount in the administration module for of a bonus. The information is used exclusively E9. Charges MobilePay. for the administration of MobilePay Bonus in See section A5 on charges in Terms and compliance with these Terms and Conditions. Conditions for MobilePay for Businesses.

If an article is returned and the customer Danske Bank may change the charges at 30 E7. Your liability for MobilePay Bonus wants a refund of the amount, the bonus used days' notice. When you have activated the bonus function, to pay for the article will be reversed, and the you will be under an obligation to offer your bonus earned on the specific purchase will be E10. Clearly displayed information customers a bonus on the terms under deleted.

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 17 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

You must ensure that information is displayed use of already earned bonus points are still membership in your business. This enables the clearly in your shop, informing your customers applicable (see also sections E4 and E5). customer's membership number to be sent that they will earn a bonus when paying with automatically to your business when the MobilePay if they have signed up for the E 12. Termination of MobilePay for customer makes a payment with MobilePay function in their MobilePay. Businesses without the customer's needing to show a If your MobilePay for Businesses agreement is membership card or disclose a membership Your business will receive material, which you terminated, regardless of the reason, the number. can display to tell your customers that they access to and use of MobilePay Bonus will also can earn a bonus when paying with MobilePay. be terminated.

E13. Danske Bank's right in case of Your business must ensure that MobilePay is termination/blocking spelled correctly and that only official logos If Danske Bank terminates the agreement on received from Danske Bank are used. Logos the use of MobilePay for Businesses, the may be downloaded via mobilepay.dk. access to MobilePay Bonus will also be

terminated. The same applies if Danske Bank E11. Deactivation of MobilePay Bonus blocks the access to MobilePay. You must remove all MobilePay signs and

København

– logos in connection with deactivation of See also section A (general termination etc.). MobilePay Bonus and termination or expiry of

the MobilePay for Businesses agreement. Section F – Memberships

You may deactivate MobilePay Bonus at any Memberships is a feature that can be linked to time. You deactivate MobilePay Bonus in the MobilePay Point of Sale. Memberships gives administration module for MobilePay, with your customers the opportunity to register effect from 12 midnight the following day. their membership numbers in MobilePay for Please note that the obligations regarding the

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 18 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

F1. Activation of Memberships Danske Bank harmless in every respect for any In order to enable your customers to use F4. The business's responsibility for loss. Memberships and offer them the service, you Memberships must have MobilePay Point of Sale. You can After you have activated the feature, your F5. Charges activate the feature by contacting Danske Bank business is required to process the See section A5, Charges. Danske Bank may Business Support on tel. +45 70 11 41 15. membership number that was transferred change the charges at 30 days' notice. from Danske Bank to your business in F2. Use of Memberships accordance with the prevailing rules on F6. Termination of MobilePay for Businesses When Memberships has been activated – processing membership numbers. If your agreement on MobilePay Point of Sale is assuming that your customer has entered his terminated – for whatever reason – access to or her membership number for your business – Your business's Membership programme must Memberships will also be terminated. Danske Bank will automatically transfer the comply with the prevailing rules on the You can deactivate Memberships by membership number to your cash register programme at all times. For example, your contacting Danske Bank Business Support on system. In this way, your customer need not business is required to state the terms and tel. +45 70 11 41 15. The feature can be show the membership card or disclose the conditions of the Membership programme. deactiviated at any time.

membership number to the cash register staff. The obligations in section F4 are still Danske Bank is not a party to the agreement applicable for existing claims even if your

København

– F3. Registration of information on the Membership programme between you agreement on Memberships are terminated. Upon the transfer of a membership number, and your customer. the number will be registered in Danske Bank's F7. Danske Bank's rights in case of systems for use in the administration of the If Danske Bank is required to disburse a bonus termination or blocking Memberships feature. or other types of membership benefits offered If Danske Bank terminates the agreement on to your business's customers or to act as the use of MobilePay Point of Sale, the The information is used exclusively for the though it is a party to the agreement – for agreement on Memberships will be terminated administration of Memberships in accordance whatever reason – your business must hold at the same time. The same applies if Danske with these Terms and Conditions. Bank blocks access to MobilePay.

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 19 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

is registered in your eArchive in the online the following five years as a minimum. If Danske Bank believes that a business has administration system. Documents received in However, the documents will be deleted if your defaulted on the agreement on Memberships, electronic form in eArchive have the same business changes its customer number, or if it reserves the right to block or terminate the legal effect as ordinary mail in hardcopy. your MobilePay for Businesses agreement agreement on MobilePay (see also the Terms expires, irrespective of the cause. Therefore, and Conditions for MobilePay Point of Sale). G2.1. Documents received in electronic form we always recommend you to copy the The same applies if it is required according to Your business will receive all documents and documents for your own storage. legal requirements or the provisions of public notices from Danske Bank relating to the authorities. MobilePay for Businesses in electronic form in If you need to keep documents on file for longer eArchive. In special cases, Danske Bank may than is possible in the online administration Section G: General conditions for send documents by ordinary mail. system, you should copy them to your own online administration of MobilePay filing system. payment solutions and services G2.2. Access to documents in eArchive The rights and authorisations granted to G2.4. Deregistering eArchive G1. Transactions individual users determine which documents If your business no longer wishes to receive

Through the online administration system they can view. A user will, for example, always documents in eArchive, you must contact us. If associated with MobilePay for Businesses, you be able to view his or her individual user requested, Danske Bank may send documents

København

– can transfer amounts to one of your accounts authorisation in the online administration by ordinary mail against a fee. to the account designated by you for one or system. Users with permission to view or more MobilePay for Businesses solutions. operate an account are granted access to view G3. User authorisation the documents relating to the account in Users must be duly authorised to perform G2. Documents from Danske Bank in eArchive question in eArchive. transactions in the online administration When you enter into a MobilePay for system on behalf of your business. Your Businesses agreement, your business is G2.3. Storage business may grant such user authorisation automatically registered for receipt of Danske Bank keeps documents on file in using Danske Bank's user authorisation. electronic documents from Danske Bank. This eArchive during the year of registration and for Before granting authorisation to use

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 20 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

MobilePay for Businesses, your business must authorisation at the account level, the user will  Separate mandate have the user's consent to pass on his or her have view access only.  Two persons jointly CPR number to Danske Bank. G3.2. Access to accounts The "agreement information" and "access and G3.1. Transaction types If your business authorises a user to make blocking" rights may be granted only as Your business must state which of the payments to unregistered accounts, that user separate mandates. following transaction types users should have must have authorisation at the account level. access to: In other words, the user must, for example, be G3.4.1. User administration  Domestic payments between registered authorised to make transfers from the account A user who has been granted user accounts with Danske Bank Group - for in question to an account outside Danske Bank administration rights is authorised to do the instance transfers to another Danske Bank Group. The user may be granted a separate following on behalf of your business: account under the agreement mandate for the account your business has  create and modify users, including giving  Payments to unregistered accounts in or linked to the online administration system. users access to the required authorisation outside Danske Bank Group – for instance and transaction type(s), modules and transfers to an account outside Danske G3.4. Administration rights accounts registered under the agreement

Bank. You must state whether the user is granted at any time one or more of the following administration  create and modify user master data

København

– Users may be granted a separate mandate for rights:  delete all user details, including master the transaction types above. The mandate is  User administration data generally used as the basis for all transfers  Agreement information under each transaction type. If your business  Access and blocking A user with the above rights is called a "user has chosen a more restrictive mandate at the administrator". account level (account access is described in When granting "user administration" rights, more detail in section 3.2), this mandate will you must consider which of the following You must state whether the user apply to payments to unregistered accounts. If mandates the user should have: administrator should be authorised to modify your business has chosen not to grant  Create/deposit his or her own user ID. If a user administrator

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 21 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

is not authorised to modify his or her own user User authorisations remain in force until ID, he or she will not be authorised to assign G3.5. Message system revoked by your business. Authorisations may the rights above to himself or herself either. All users can send messages electronically to be revoked in writing, in person at one of Nor will the user administrator be authorised Danske Bank through a secure encrypted . Danske Bank's branches or by means of a to create and approve payments. Individual users can view only their own digital signature. Authorisations may also be messages (sent and received) in the online revoked by telephone, but such revocation G3.4.2. Agreement information administration system. must always be confirmed in writing If your business grants a user "agreement immediately afterwards. The user's access to information" rights, the user will have access, G3.6. Changing user authorisations act on behalf of your business via the online through a user overview, to search for If your business wishes to extend or restrict a administration system is blocked after the agreement users and see their individual user's access to the online administration telephone call. access, including master data, access to the system, the user must sign a new user online administration system, administrator authorisation to replace the existing Danske Bank will subsequently provide written rights, access to accounts and payments. authorisation. confirmation that the user ID and eSafeID device have been deleted in our systems.

The user will have access to the user overview If the change relates to the user's and selected documents shown in the online authorisation or mandate at the account level, Termination of the agreement by your business

København

– administration system. your business must sign an account mandate. is deemed a revocation of all user Changes made by the user administrator authorisations issued under the agreement. G3.4.3. Access and blocking through the online administration system are A user who has been granted "access and approved by digital signature. However, account mandates granted to users blocking" rights will be authorised to do the by your business require separate revocation. following on behalf of your business: A user's authorisation may be affected if your  order temporary passwords for users business signs a "Mandate - Business" form. G4. Mandate types  order eSafeID devices for users Danske Bank uses the following types of  block and unblock user access G3.7. Revoking user authorisations mandate:

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 22 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

 Separate mandate  Internet-based support cooperation with your business’s IT  Two persons jointly  on-site support department and at your business's risk.

These types of mandate allow your business to User administration may involve establishing On-site support may include installation of the decide which users may approve the creation access agreements and authorisations, online administration system, training of staff of users, for example, on their own or together modifying the access of your business and its and troubleshooting. Troubleshooting may with another user. Separate mandates may be users to individual elements of support and result in modification of your business's granted with respect to payments only. service, deleting and blocking users, ordering computer setup, IT systems, registration temporary PINs and registering modified databases, the set up of routers, firewalls, G4.1. Separate mandate authorisations and mandates. proxy servers, internal security systems and Payments created by a holder of this type of other software and hardware modifications. mandate are automatically deemed approved Telephone support may include training, user Support for setting up and troubleshooting is by the user. instruction, troubleshooting assistance, provided over the Internet in cooperation with guidance in relation to modifications, and your business’s IT department and at your G4.2. Two persons jointly blocking in the online administration system. business's risk.

The creation or change of a user by a user with Telephone support in connection with a joint mandate requires the approval of installation, setup, training and G6. Technical issues

København

– another user holding the same type of mandate troubleshooting, etc. is provided in consultation in order to take effect (second approval). with your business’s IT department and at the G6.1. Transmission and access risk of your business. In order to use the online administration G5. Support Direct system, your business must establish a data Danske Bank provides support and service to Internet-based support may include training, communication link with Danske Bank. Your your business, including user instruction, troubleshooting assistance business must bear all expenses in this  user administration and guidance in relation to modifications. connection and must purchase, install, set up  telephone support, including blocking Internet-based support is provided in and maintain the IT equipment required. Your assistance business must also arrange for any

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 23 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

adaptations to its IT equipment that may be password and a so-called eSafeID device unauthorised access to user encryption keys required to use the connection and ensure generating security codes (a numeric code). and eSafeID devices. continuity of operations. The security code generated by the eSafeID device can be used only once and is saved G7. Acquiring a user ID, temporary password Danske Bank may at any time and without temporarily in the browser session while the and eSafeID device notice modify its own equipment, basic user remains logged on to the online When a user is created in the online software and related procedures to optimise administration system. administration system under the eSafeID operations and service levels. Danske Bank will security system, he or she is assigned a give 30 days' notice of any modifications Using the eSafeID solution ensures that data personal user ID and a temporary password requiring adaptation of your business's are encrypted before transmission to Danske and receives an eSafeID device. equipment in order to retain the link and its Bank and are not tampered with during Together with the eSafeID device, the access. Your business may not use special transmission. In addition, the identity of the temporary password is used for first-time software, such as overlay services or similar sender is always verified, and all financially identification when the user is first registered types of software, when accessing MobilePay binding transactions are provided with an in the system. The temporary password is for Businesses. Users must operate the electronic signature. system-created and printed without anybody

system directly from the user interface and the seeing the combination. If the letter containing software provided by Danske Bank. Danske Bank reserves the right to block your the temporary password and/or the letter

København

– business's or a user's access to the online containing the eSafeID device has been G6.2. Data security administration system if we detect actual or tampered with or is not intact, the user must The security system used for the online attempted unauthorised use. If access is contact Danske Bank to order a new administration system is called eSafeID. blocked, your business will be notified as soon temporary password and/or a new eSafeID eSafeID is Danske Bank's web-based security as possible. device. system for logging on to the online administration system. eSafeID is a two-factor Your business must implement effective For security reasons, the letters containing the authentication solution, based on something security procedures to prevent unauthorised eSafeID device and the temporary password you know and something you have: a personal use of the online administration system and are sent under separate cover.

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 24 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

It is the responsibility of your business to  third parties having gained access to the If the user has not received the letter ensure that the user changes his or her personal password or the personal containing the temporary password within password at regular intervals. Further encryption key or the eSafeID device three business days of ordering, the user must, information about security recommendations for security reasons, contact Danske Bank to is available at the websites of Danske Bank and G8. Changes to the online administration cancel it and order a new password. Upon in other guidelines. system registration, the user creates his or her own The online administration system gives access password. The user must subsequently G7.3. Deregistering users/eSafeDevices to the services provided in the online destroy the temporary password. Your business must notify Danske Bank if you administration system by Danske Bank at all want to block or delete a user. Your business is times. G7.1. Storing user IDs, temporary passwords responsible for all transactions made by a user and eSafeID devices until Danske Bank has been requested to Danske Bank may at any time extend the scope The following rules apply to the use of eSafeID: delete or block the user. Your business is also of the online administration system without  Only the user may use the user ID, responsible for all future transactions notice, but the bank gives 30 days' notice if the password and eSafeID device previously requested by a deleted/blocked user scope of the services is limited or the terms

 The password, eSafeID and security codes until Danske Bank is notified that the are made more restrictive. are strictly personal and may not be transactions are to be cancelled.

København

– passed on to third parties G9. Responsibility and liability  Passwords and security codes may be G7.4. Misuse or potential misuse used when communicating with Danske Your business or the user must immediately G9.1. Your business's responsibility and Bank only contact Danske Bank to block user access in liability  The password must not be written down or case of Your business uses the online administration stored together with the eSafeDevice  suspected unauthorised use of the user's system at its own risk, which includes risks in personal password, your business's or a areas such as the following: G7.2. Changing the password user's encryption key or the eSafeID device  transmission of data to Danske Bank, including the risk that transmitted data are

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 25 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

destroyed, lost, damaged, delayed or errors and omissions arising out of your  ensure that your users are familiar with affected by transmission errors or business's own circumstances, including non- the terms and conditions governing the omissions, e.g. during intermediate observance of safety and control procedures. online administration system and comply handling or processing of data content with the help texts displayed on the  information is passed on to third parties as It is also the responsibility of your business to screens a result of errors or unauthorised  obtain the consent of the users before intrusion on the data transmission line disclosing their CPR numbers to Danske G9.2. Danske Bank’s liability  all dealings and transactions involving the Bank Danske Bank is liable for late or defective security codes of your business or its  always verify that the terms of the user performance of its contractual obligations users authorisations are consistent with the resulting from error or negligence. Danske  ensuring that users keep their passwords authorisations and mandates that the Bank is not liable for errors or omissions secure so that they are not passed on to business and any third party have granted resulting from third parties users  third-party software that is an integrated  ensuring data security in connection with  the terms of a user authorisation are in part of the online administration system storage of user security codes in the accordance with the requirements of the  users disclosing their temporary PIN

business’s IT environment to prevent business in all other respects and/or personal passwords unauthorised access to the security codes  open and check all electronic documents  modifications to the security systems (not

København

–  any erroneous use or unauthorised use of sent by Danske Bank to the same extent performed by Danske Bank) the online administration system by users that they would have been checked if they  the security system’s integration with  unauthorised use of the online had been sent in hardcopy by ordinary mail other systems or software not supplied by administration system  notify Danske Bank if for a period of time Danske Bank the business has had no access to the  information and data supplied by third Your business cannot hold Danske Bank liable online administration system and parties for any consequences of the risks above therefore requests electronic documents materialising. Nor can your business raise any sent in hardcopy by ordinary mail Even in areas of stricter liability, Danske Bank claims against Danske Bank in respect of is not liable for losses arising from

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 26 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

 breakdown of or failure to provide access concluded or ought to have avoided or agreement to another entity under Danske to IT systems or damage to data in such overcome the cause of the loss Bank Group at any time. systems due to any of the factors listed  under Danish law, Danske Bank is liable for below, regardless of whether or not the cause of the loss under any Danske Bank may assign its rights under the Danske Bank or a third-party supplier is circumstances agreement to subcontractors. An assignment responsible for the operation of such will not exempt Danske Bank from liability systems Danske Bank is liable only for direct losses and under the agreement.  power failure or a breakdown of Danske thus not for any indirect consequences or Bank's telecommunications, legislative or more extensive adverse effects even when G10.2. Special provisions concerning administrative intervention, acts of God, such consequences or effects are the result of payment accounts and the Danish Payment war, revolution, civil unrest, sabotage, errors made by the bank. Services Act terrorism or vandalism (including Payment accounts are governed by the Danish computer virus attacks or hacking) Danske Bank is liable in damages in Payment Services Act.  strikes, lockouts, boycotts or picketing, accordance with the rules set out in section regardless of whether Danske Bank or its 9.2 above. Consequently, section 68 of the Unless otherwise stipulated by these Terms

organisation is itself a party to or has Payment Services Act does not apply. and Conditions or agreed with us, Danske Bank started such conflict and regardless of its has deviated from the provisions of the Act to

København

– cause; (this applies even if the conflict G10. Other terms and conditions the extent permissible. affects only part of Danske Bank)  other circumstances beyond Danske G10.1 Assignment, transfer and third parties If the business is entitled to operate a payment Bank’s control This agreement has been concluded by Danske account by way of a special payment Bank on behalf of Danske Bank Group. This instrument, such as a debit card, such Danske Bank is not exempt from liability if means that any entity of Danske Bank Group is operation is governed by the provisions of the  Danske Bank ought to have foreseen the entitled to fulfil and enforce the agreement. It agreements concluded with respect to the cause of the loss when the agreement was also means that Danske Bank may assign or payment instruments concerned. transfer its rights and obligations under the

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 27 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80

See also Terms and Conditions for Payment Accounts.

G11. Termination and breach See section A.8.

G12. Law and venue See section A.11.

København

Danske Bank A/S CVR 6162 No. 12 28 MobilePay by Danske Bank® is a trademark registered by Danske Bank A/S Page 28 of 26 Danske Bank, Holmens Kanal 2-12, DK-1092 København K Tel. +45 33 44 00 00, fax +45 70 12 10 80