Privacy
General Terms and Conditions regarding the ordering, delivery and utilization of Edenred Cards as regards the Clients – Effective as of 16.07.2018
(hereinafter referred to as: “GTC”)
⦁ “Issuer” is PrePay Technologies Limited, a limited company registered in the UK with number 04008083, contact: United Kingdom, PO BOX 3883, Swindon, SN3 9EA. PrePay Technologies Limited was registered with number 900010, its e-money issuer licence was issued by and its supervisory authority is the Financial Conduct Authority.
⦁ “Programme Owner” is Edenred Magyarország Kft. (hereinafter referred to as: “Edenred”) (registered office: H-1134 Budapest, Váci út 45.), the Issuer’s payment intermediary.
⦁ “Client” is a natural or legal person providing the Edenred Card to the Card Holder.
⦁ “Card Holder” is a natural person deemed by the Client eligible for using the Card to whom the Card is issued, and who undertakes to comply with the GTC concerning the Card Holder attached as Annex 5.
⦁ “Partner Card Holder” Rules governing Card Holders shall be implicitly applicable to the Partner Card Holder. Each Edenred Card may be accompanied by one Partner Card at most, the Fees of which (regulated in Annex 6) will be borne by the Client.
⦁ “Service Fee” is the percentage fee calculated based on the par value of the crediting, to be paid by the Client, the amount of which would be specified in the applicable Tariff Annex.
⦁ “Card Fee” is the cost to be paid by the Client for the manufacturing of the card plastic. “Card Fee” is charged on occasion of the first issuance, “Card Replacement Fee” is charged for the replacement of existing (stolen, damaged, lost, expired) cards, and “Partner Card Fee” is charged when a second card requested for an existing card is produced.
⦁ “Delivery Charge” is the fee charged for the delivery of the Cards ordered by the Client, including the possible repeated delivery.
⦁ “Edenred Card” or “Card”, according to Act CXVII of 1995 on Personal Income Tax (“PIT Act”), is a benefit given off in an electric form, supplied in the form of a non-transferable plastic card provided with a magnetic stripe or a microchip protected by a PIN code, that can be used for paying the full or partial consideration for goods sold or services rendered by the Participating Vendor, within the scope permitted by law. The Edenred Card contains a pre-paid benefit without credit function, bound to the holder’s name. The rules pertaining to Edenred Cards apply implicitly to the Parter Card provided by Edenred.
⦁ Gift Card: a Card the credited amount on which may be used for purchasing products and services concerning certain specified benefits specified by the PIT Act.
⦁ School Starter Card: a Card the credited amount on which may be used for purchasing schoolbooks, school materials and outfits concerning the regulations on certain specified benefits specified by the PIT Act.
⦁ Culture and Sports Card: a Card the credited amount on which – concerning the regulations on benefits specified by the PIT Act – may be used for purchasing tickets, passes for the recourse to cultural services (for exhibitions, theatrical, dance, circus or music performances provided by museums and arts facilities [exhibition sites], or for requisitioning cultural services provided by organizations carrying on public education activities) and registration fees to libraries, and for purchasing tickets and passes for sports events falling within the scope of the Sports Act.
⦁ Motivation Card: a Card the credited amount on which may be used for purchasing products and services concerning gift for business purposes specified by the PIT Act.
⦁ “Participating Vendor” or “Participating Business” is an entity accepting Edenred Cards from the Card Holders (or Partner Card Holders) in case of the sale of products or the provision of services, and where the Programme Owner makes accepting cards technically available.
⦁ “Delivery” is the process by which, in liaison with the Programme Owner, the Client receives the Edenred Card ordered for the Card Holders.
⦁ Card Crediting is the process by which the amount of the benefit ordered by the Client is made available by the Programme Owner to the Card Holders.
⦁ Card Activation is an action executed by the Card Holder per the Card Holder’s GTC.
⦁ “Edenred Card Service” or “Service” means the complex service provided by the Programme Owner to the Client under these GTC, in connection with the issue and use of the Card.
⦁ Data Processing Policy: Annex 2 to these GTC: Data Processing Policy concerning Edenred Card Service
⦁ General Provisions
⦁ The programme owner for the Edenred Cards is Edenred. The purpose of these GTC is to set out the general contract terms of the ordering, delivery and use of Cards for the Clients, Card Holders and any Partner Card Holders. These GTC regulate the legal relationship between the Issuer, the Programme Owner and the Client; hereinafter jointly referred to as “Parties”, or singularly as “Party”. The direct legal relationship between the Issuer and the Card Holder is regulated by the so-called Card Holder GTC, attached hereto as an annex.
⦁ The Client, explicitly based on and aware of the regulations of these GTC, concludes the specific order for requisitioning the Service (hereinafter referred to as: „Order”). The Client acknowledges that the Service pertains to engaging and providing a complex service, of which the issue of an benefit in the form of electronic money is only a component. The condition to the provision of the Service per these GTC by the Programme Owner and the Issuer, and of the submission of the Order is the acceptance by the Client of these GTC, the recognition and acceptance of which will be recognized by the Client by the signing of the Unique Card Agreement included in Annex 3 to this GTC. Departing from these GTC, including their annexes, is only possible by a Specific Contract concluded by the Parties. The Client shall not be regarded as a consumer in relation to the Issuer or the Programme Owner.
⦁ Order, Freight and Delivery Terms
The Client may place its Order at the site www.edenredonline.hu. By placing the Order, the Client confirms the expressed acceptance of the GTC in force at the time of placing the Order. The Edenred will issue a Notice of Charges within 1 day from the receipt of the Order, according to the content of the Order. Should the Client not settle the Notice of Charges within 30 days, the Edenred will cancel the Order. Edenred will issue the invoice once the countervalue on the Notice of Charges is credited on the bank account of Edenred. Edenred will manufacture the Card not later than within 10 days from the date the countervalue of the Order is credited on the bank account.
In case the Client placed an Order to reload the balances of the Cards concurrently to ordering the manufacturing of the Card, and paid its amount in the way and within the deadline included in this point, the amount will be credited concurrently to the manufacturing of the Card.
In case of an Order exclusively concerning the crediting of the balances of the Cards, the Cards will be credited within 2 working days from the day the countervalue of the amount is credited on the Edenred bank account.
⦁ The Client’s Obligations
⦁ Beyond those specified in point III, the Client shall ensure that in case of a Card Order its employee or representative authorised to receive the Card stays at the address agreed as the Place of Delivery at the time of the Delivery (8 AM to 4 PM on weekdays). If the Programme Owner’s agent is unable to hand over the Cards to the Client at the address indicated as Destination due to a reason imputable to the Client, the Client may take over the Cards in the Programme Owner’s office or request a repeated Delivery, in which case the Programme Owner shall be entitled to charge a separate Delivery Charge, regardless of whether it could have charged a transportation fee for the failed Delivery.
⦁ The Client shall not withdraw the submitted Order after it has been placed and the countervalue per the Notice of Charges has been settled.
⦁ Client shall pay the Service Fee and the Card Fee to the Programme Owner even if it cancels its already placed Order if the production of the Card has commenced already according to the Programme Owner.
⦁ Client shall inform Programme Owner in writing within 5 business days or at the latest within 48 hours preceding the placement of the next Order, whichever is the sooner, of any change to its company name, registered office, phone and fax number, bank account number, or VAT code, and of any change in its contact details, by sending the changed data to the e-mail address ⦁ edenredkartya-hu@edenred.com. Programme Owner shall bear no liability for any consequences, including any delays in delivery, arising from omission or late performance of this obligation.
⦁ The Client undertakes and guarantees to verifiably inform all future Card Holders before their placing of the orders, on the processing of personal data concerning the Service by means of handing them over the Data Processing Policy. The Client undertakes an obligation of ordering a Partner Card from the Programme Owner exclusively to natural persons to whom he made the Data Processing Policy available.
⦁ Should the Card Holder or the Programme Owner suffer any damage due to the incomplete completion of the personal data requirements for the provision of the Service, the Client shall be liable for such damages.
⦁ The Client undertakes the obligation to order Edenred Cards exclusively for persons to whom it shall credit funds within 180 days from the date of placing the order. If the Client fails to meet this obligation, the Programme Owner shall be entitled to charge an annual fee for each Card. The extent of the Annual Card Fee is at all times specified by Annex 6 to these GTC.
⦁ The Client shall inform the Card Holders in a verifiable manner about the terms and provisions of these GTC applicable to the Card Holders, as well the about the related prevailing tax legislation on the benefits relating to the use of the Card. In failure of this imposes no liability on Edenred and the Issuer. Moreover, the Client shall make available the Card Holder GTC to the Card Holder and the Partner Card Holder.
⦁ Programme Owner’s Obligations
⦁ The Programme Owner is entitled to involve subcontractors into the execution of these GTC. The Programme Owner shall be as liable for any of the subcontractors’ activity as it is liable for its own performance.
⦁ The Programme Owner shall enable the Card Holder to buy goods from or use services of the Participating Vendors using the Edenred Cards within the limits of their current balance, in accordance with the laws in force. The Card may only be used at the Participating Vendors that are in contractual relationship with the Programme Owner, or where the Programme Owner enabled to accept the Card based on the Participating Vendor’s Merchant Category Code (MCC). The Programme Owner accepts no liability for cases when the card company classification of the terminals in the stores is different from what is expected or for any incidental changes in the classification of the stores. The Programme Owner reminds the Client that the Participating Vendor conducting the transaction and the Card Holder shall be liable for the legitimate use of the Card. The Programme Owner is not entitled to inspect the legitimacy of use, therefore, the Programme Owner shall bear no liability in any direction for any illegitimate conduct of the Participating Vendor or the Card Holder.
⦁ Details of the Services, Consideration, Bearing of Expenses
⦁ The Client acknowledges and accepts that the Programme Owner’s compliance with its obligations arising from the Order shall be conditional upon the Client’s full payment for the given Order per the GTC.
⦁ The Client acknowledges and accepts that the Programme Owner may charge fees and charges for the use of the Services according to the prevailing Annex 6 to these GTC. Indexing of the fees and charges per Annex 6 does not constitute an amendment of the GTC.
⦁ The Programme Owner is entitled to charge a Service Fee on the crediting of the electronic voucher balance of each Card based on the nominal value of the crediting. In addition, as countervalue of the Edenred Card ordered by the Client for the Card Holder / Partner Card Holder, the Programme Owner is entitled to charge a Card Fee (Partner Card Fee) for each Card. The rate of the Service Fee and the Card Fee is set out in Annex 6 to these GTC.
⦁ The Programme Owner is entitled to charge a Delivery Fee for the delivery of the Cards ordered by the Client for the Card Holders. The rate of the Delivery Charge is set out in Annex 6 to these GTC.
Validity of the Card, Expiring Cards
⦁ The Edenred Card shall be valid for 3 years as of the date of issue. The month and year when the Card expires is displayed on the front side of the Card. The Card will be valid until the end of the last day of the month of expiry.
⦁ Edenred will send the Client electronically a written notification on the expiring though still active cards 6 weeks preceding the date of expiration of the Card. This notification will include the data enabling the Card Holder’s unequivocal identification. The Client shall indicate the renewal of which Cards they want within 10 days from the receipt of the above notification. Edenred renews only the expiring Cards the Client requests to be renewed, the renewal of which would be charged by a Card Replacement Fee. The extent of the Card Replacement Fee is included in Annex 6 to these GTC. Should the Client not comply with the above obligation within the specified deadline, the expiring Cards belonging to the Client will be permanently suspended after the period of validity is over.
Blocking and Replacement of Cards
⦁ Lost, stolen or damaged Cards may be blocked via the online administration platform on the Programme Owner’s website (www.edenredkartya.hu) 24 hours a day per the Card Holder GTC. An activated card may only be blocked by the Card Holder. The Programme Owner undertakes to produce a new Card in case of a written order by the Client, a reported loss or stealth of the Card, or the blocking submitted by the Card Holder, and after the Client’s order, and to make available the full balance of the replaced Card at the time of the blocking for the new Card. The Programme Owner will not provide an option for replacement due to faults solely of an aesthetic nature which do not hinder the use, provided that such defect arose after the Card has been handed over. As the consideration for the replacement Edenred Card ordered by the Client for the Card Holder, or for the re-manufacturing of a lost or stolen Card, the Programme Owner is entitled to charge a Card Replacement Fee for each Card, the rate of which is included in Annex 6 to these GTC.
Mistaken Crediting, Transfer of Balance
⦁ The Client may reclaim the amount transferred by it and credited solely if the Cards indicated by the Client have not been activated yet. The Client may initiate the recovery of the credited amount by sending the Programme Owner the form titled “Request for Crediting Edenred Cards” included in Annex 7 to these GTC filled out and duly signed by the Client. The Programme Owner will charge a handling cost in relation to the crediting of the balance, the extent of which will be specified by Annex 6. If the above conditions are met, the amount minus the handling charge will be credited to the Client’s bank account within 30 days from the receipt of the form per Annex 7 by the Programme Owner.
⦁ Edenred shall provide option for transferring amounts mistakenly transferred and credited by the Client across Cards within 2 working days after the crediting by sending the Programme Owner the form titled “Request for Transfering Card Balance” included in Annex 8 to these GTC filled out and duly signed by the Client. Any transfer may be accomplished exclusively within between the Client’s Cards and identical types of benefits. The Programme Owner will charge the Client a handling cost in relation to the transfer of the balance, the extent of which will be specified by Annex 7. The Programme Owner will not transfer the balance if the amount to be transferred is not available on the Cards specified by Client. The Parties agree that the Programme Owner will proceed in the cases included in this point exclusively to the Client’s request, accordingly, it has no liability in any disputes between the Client and the Card Holder regarding any transfer or retransfer. If the above conditions are met, the transfer between the Cards will be accomplished within 30 days from the receipt of the form per Annex 8 by the Programme Owner.
Validity of the Crediting of the Cards
⦁ The funds credited to the Edenred Cards are valid only for a certain period of time.
⦁ The balance of the Card is personal and may only be used by the Card Holder. In case of the decease of the Card Holder, the balance forms part of the heritage, for the pecuniary splitting of which between the inheritors is governed by the grant of probate. The Client shall immediately inform the Programme Owner about the Card Holder’s death, thus it will suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. In case the Card Holder’s death is disclosed, the Programme Owner preserves the right to suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. Any liability concerning the transactions done with the Card during the period from the Card Holder’s death and the Programme Owner’s becoming aware of it shall be borne by the inheritors. The Programme Owner will make available to the inheritor(s) the amount remaining on the deceased Card Holder’s Card that forms part of the heritage exclusively in the nature of a Card exclusively within the period of validity of the credited amounts relating to the Card. The inheritor(s) shall duly prove to the Programme Owner the completion of the probate procedure (in particular, a duplicated copy of the death certificate, the heritor’s ID card and residence card; in case the heritor is under-age, the injunction of the guardianship authority and the order of the liquidation of the heritage, including the amount on the Card as a heritage), within 90 days from the receipt of which it will make available to the heritor(s) in the nature of a Card per the grant of probate.
⦁ The period of validity of any Crediting is the last calendar day of the year the benefit was credited in case the it was credited until 31 August, or the last day of the year following the year the benefit was credited in case it was credited after 1 September.
⦁ Any balance available on the Card after the expiry of the period of validity of the crediting will remain for the Programme Owner and will not be transferred to the Client.
⦁ Customer Services and the Rules of Complaint Management
⦁ If the Client or the Card Holder has any observation on the operation of the Card or other issues, they may be reported to the Call Centre provided by the Programme Owner:
Edenred Customer Service: +36 1 413 3333 (opening hours available on the edenred.hu website).
Card Activation; Balance Inquiry and Card Blocking are available to Card Holders 24 hours a day, call +36 1 382 4000 (Edenred Card Info Line).
Lost or stolen Cards may be reported on the Website (www.edenredkartya.hu) in the MyAccount interface, 24 hours a day. In this exact spot, the Forgotten PIN feature may also be used 24 hours a day.
⦁ The Programme Owner provides further information regarding the Service provided by Edenred (phone numbers, contact details, business hours etc.) at the ⦁ www.edenredkartya.hu or ⦁ www.edenred.hu websites.
⦁ Privacy Rules
⦁ The Programme Owner shall process and use the personal data required in order to provide the Service under these GTC and acquired by it during the performance thereof per the data protection regulations in force. The legal basis of the processing of data is the execution of the Contract [Article 6 (1) (b) of GDPR].
⦁ Detailed rules of data processing related to the Card Holders’ personal data are provided in the Data Processing Policy.
⦁ The Controller and the Programme Owner will process data on behalf of the Client concerning the personal data to be processed regarding the contract between the Client and the Programme Owner. According to Article 13 of Directive 2016/679/EU of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), the Client is subject to any obligation to provide prior information concerning the processing of personal data per the GTC set between the Client and the Programme Owner, with the mention that it shall explicitly inform all persons wishing to avail himself of the Service per this GTC, that the prerequisite to availing himself of the Service is that the Card Holders’ personal data would be processed by the Programme Owner, and should the Card Holder concerned not provide his personal data strictly necessary for the Programme Owner for providing the service, the Card Holder won’t be able to avail himself of the Programme Owner’s Services.
⦁ Within the scope of and to the extent necessary for the performance of the Contract, the Programme Owner is entitled to disclose personal data to its contractual partners as data controllers or data processors, within the scope specified in the Data Processing Policy. The Programme Owner reserves the right to change the subcontractors, as data controllers and processors employed by it for the performance of these GTC, and shall provide information on such changes on the website www.edenredkartya.hu.
⦁ During the activities regulated herein, the Programme Owner shall operate and process personal data in accordance with the law, with the due care of organisations or people providing such activities. The Programme Owner has taken the measures necessary for compliance with the requirements of data security, the electronically processed data and the related password-protected software are only available to the employees entitled for them. The Issuer’s computer networks are protected by firewalls, from time to time revised by the Issuer and the Issuer provides the proper virus protection of the systems, and by a internal regulation, it ensures an adequate protection to the processed data, it reviews and revises them from time to time according to the state of the art.
⦁ In regard to the fact that in the framework of the service provided by the Programme Owner, it will access personal data processed by the Client, and thereby its activity will include the processing of personal data, it shall provide adequate guarantees in complying with the processing of data per GDPR and taking the suitable technical and organisational measures in order to safeguard the rights of all concerned.
⦁ Summarizing table of the Programme Owner’s processing of personal data:
| Summary of the processing of data concerning the Service provided by the Programme Owner to the Client | |
| Data Controller | In the processing of personal data regarding the contract concluded between the Programme Owner and the Client, the Client is the Controller and the Programme Owner is the Processor. |
| The purposes of the processing | Performance of the Services included in the GTC by the Client |
| Legal basis of data processing | The legal basis of the processing of data is the execution of the Contract [Article 6 (1) (b) of GDPR]. |
| Scope of data processed | Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (post code, town, street, number); correspondence if other than residence (post code, town, street, number); e-mailing address; cell phone number; amount to upload, value; serial No. of card; habitual residence in Hungary if Data Subject is a foreigner; workplace address |
| Term of data processing | Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service) |
| Processors | Programme Owner Purpose of the processing: Provision of Edenred Card Service PrePay Solutions Ltd. (member of the Edenred group; head office: London: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom). Idemia Hungary Kft. (head office: Tó-Park land reg. No.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary) purpose of data processing: manufacturing of cards; Y-Collective Kft. (head office: H-7628 Pécs, Arany János u. 24., Hungary) purpose of data processing: extranet operation, processing of card orders, operation of website and application; IT support activity |
⦁ The data processing contract on the data processing activity regarding personal data learned during the execution of the contract concluded between the Programme Owner and the Client, and the provision of the Service, is included in Annex 4 of the GTC.
⦁ Effective Date, Amendment, Disclosure, Derogation, Assumption of Delivery
⦁ These GTC will enter into force on 16 July 2018 and will be an inseparable part of any Order or Specific Contract aiming at Edenred Card benefits generated on the basis of these GTC. Any verbal or written representation between the Parties made before the signing of a Specific Contract executed on the basis of these GTC shall become void when the Specific Contract is signed; the Parties’ legal relationship shall be governed exclusively by the GTC and the relevant Specific Contract.
⦁ The prevailing text of the GTC is published in the sites ⦁ www.edenred.hu and ⦁ www.edenredkartya.hu.
⦁ The Programme Owner is entitled to modify this GTC unilaterally, which modification shall be published in its website at least 15 days before its entry into force, and shall also publish a notification on the modification on the site www.edenred.hu. Inasmuch as the Client does not address any objection in writing, the modifications shall be considered as expressly accepted by the Client. After the modification enters into force, the legal relationship between the Parties, including the subsequently submitted specific Order, will be governed by the provisions of the modified GTC and those of the Specific Contract.
⦁ The Parties may diverge from the GTC including its annexes only by in writing in the Specific Contract.
⦁ Contact between the Parties on this contract and on its execution is possible via the contact data verbally (word of mouth, phone), in e-mail or in writing. E-mailed communication is not considered written communication, excluding e-mailed declarations provided with an electronic signature of enhanced security. Communications shall be considered delivered as follows: in the case of post with confirmation of receipt, on the date of refusal if acceptance is refused; on the 10th business day following the first delivery attempt, if post is returned with the mention “unclaimed”; on the 10th business day following posting, if post is returned with the mention “insufficient address” caused by error in data communicated by the addressee. The Client undertakes that if the Programme Owner or the Issuer requisitions the Hungarian Post Co. or any courier (UPS, FedEx, DHL), the Client may not claim not having received a notification on the failure of the attempt to deliver by the postal operator.
⦁ Term and Termination of the Contract, Final Provisions
⦁ The contract made under these GTC shall be for an indefinite term and may be terminated by the Parties with a 60-day notice posted in mail with acknowledgement of receipt. In the event of the material breach of an essential provision of this contract, the aggrieved Party shall be entitled to terminate the contract with immediate effect. In the event of the termination of the contract, the Parties shall settle their accounts towards each other within 30 days of the date of termination.
⦁ Matters not regulated in this contract shall be governed by the relating provisions of Act V of 2013 on the Hungarian Civil Code and other Hungarian legal regulations.
⦁ In case of a legal dispute, the regular Hungarian court is exclusively authoritative according to the seat of the Programme Owner is authoritative with the condition that having regard to the location of the Issuer’s registered office, the ordinary English courts with competence based on the Issuer’s seat shall have exclusive jurisdiction with regard to legal disputes concerning also the Issuer.
⦁ For the purposes of the Parties’ contract, any (legal) statement shall be considered executed in written form solely if it is signed by the party making the statement.
⦁ Solely the Parties’ representatives authorised to sign on behalf of the companies or people authorised in writing by them shall be considered to be the Parties’ representatives. By entering the contract, each of the Parties’ representatives declare and confirm that he/she has unrestricted rights to enter, sign and perform the contract; moreover, he/she represents and warrants that full performance of the agreement and of the related obligations and documents shall be valid and binding obligations upon the Client both at the time of signing and continuously during the term of the contract.
⦁ The Services contemplated in the contract between the Parties are divisible.
⦁ In each case, Parties are obligated to inform each other promptly if performance of any obligation undertaken in the contract is expected to face obstacles.
⦁ The Client shall be entitled to assign its rights under the contract solely with the Programme Owner’s prior written consent.
⦁ The Parties’ contract shall not incorporate any practices whose application the Parties agreed on or established during their prior business relationship. Furthermore, the contract shall not incorporate any practices widely known and regularly applied by parties of similar contracts in the given business sector.
Place and Date: Budapest, 2 July 2018
10 annexes pertain to these GTC as inseparable parts thereof:
Annex 1: Data content of card orders and card crediting
Annex 2: Data Processing Policy
Annex 3: Unique Card Agreement
Annex 4: Data Processing Contract
Annex 5: Card Holder GTC
Annex 6: Information on Tariffs
Annex 7: Request for Crediting the Edenred Cards
Annex 8: Request for Transfering Card Balance
Programme Owner reserves the right to unilaterally amend these annexes. Programme Owner shall make available the applicable annexes to Client and Card Holders on the website www.edenredkartya.hu.
Place and Date: Budapest, 2 July 2018
Data content of card order to be provided
⦁ Card Holder’s last name
⦁ Card Holder’s first name
⦁ Name on card, 21 characters at maximum
⦁ Place and date of birth
⦁ Permanent address (zip code, city, name of public area, type of public area, house number)
⦁ Mailing address, if different from permanent address (zip code, city, name of public area, type of public area, house number) (mandatory)
⦁ Cardholder’s e-mail address
⦁ Card Holder’s mobile phone number
⦁ Amount to be credited
⦁ Company’s delivery address
Data content of card crediting to be provided:
⦁ Card Holder’s last name
⦁ Card Holder’s first name
⦁ Card Serial No.
⦁ Card crediting value:
I expressly accept the General Terms and Conditions in force on the day of the submission of the Order.
Az Edenred Magyarország Korlátolt Felelősségű Társaság [Edenred Hungary Limited] (head office/official mailing address: H-1134 Budapest, Váci út 45., company registration number: 01-09-266926; electronic contact details: ugyfelszolgalat-hu@edenred.com and dpo.hungary@edenred.com; web address: https://edenred.hu/hu/; phone: +36 1 413 3333, represented by: Krisztián Balázs, hereinafter referred to as: Programme Owner) in accordance with the related legislative provisions specifying the protection of personal data, informs the users of its services on the processing of data it applies.
⦁ Presentation of data processing
The Programme Owner provides employers (hereafter: Client) services concerning the allowances issued in an electronic form according to the act on Personal Income Tax, in the context of which, the Clients provides its employees (hereafter: Card Owner) a non-transferable magnetic stripe or microchip plastic card protected with a PIN code that can be used for paying the full or partial consideration for goods sold or services rendered by the Participating Vendor, within the scope permitted by law.
The Programme Owner pays prompt attention on the protection of personal data, therefore it permanently takes due care to guarantee fair and transparent processing the essential requirement of which is to provide appropriate information on the processing of data. This Data Processing Policy provides among others information on the processing of your personal data during the provision of service by the Programme Owner and data processing for advertising purposes: the source and scope of acquiring the processed data, the legal basis, purpose and term of the data processing, the rights concerning and the options of choice between personal data, and it also includes all the contact details in which the Data Subject can get answers to his questions on the Programme Owner’s practice of data protection.
| Summary of the processing of data concerning the Service provided by the Programme Owner to the Client | |
| Data Controller | In the processing of personal data regarding the contract concluded between the Programme Owner and the Client, the Client is the Controller and the Programme Owner is the Processor. |
| The purposes of the processing | Performance of the Services included in the GTC by the Client |
| Legal basis of data processing | The legal basis of the processing of data is the execution of the Contract [Article 6 (1) (b) of GDPR]. |
| Scope of data processed | Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (post code, town, street, number); correspondence if other than residence (post code, town, street, number); e-mailing address; cell phone number; amount to upload, value; serial No. of card; habitual residence in Hungary if Data Subject is a foreigner; workplace address |
| Term of data processing | Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service) |
| Processors | Programme Owner Purpose of the processing: Provision of Edenred Card Service PrePay Solutions Ltd. (member of the Edenred group; head office: London: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom). Idemia Hungary Kft. (head office: Tó-Park land reg. No.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary) purpose of data processing: manufacturing of cards; Y-Collective Kft. (head office: H-7628 Pécs, Arany János u. 24., Hungary) purpose of data processing: extranet operation, processing of card orders, operation of website and application; IT support activity |
The summaries serve only as an easy overview, please read the full prospectus.
| Summary of the processing of data concerning the Service provided by the Programme Owner to the Card Holder | |
| Data Controller | In the processing of personal data regarding the contract concluded between the Programme Owner and the Card Holder, the Programme Owner is the Processor. |
| The purposes of the processing | The Card Holder’s compliance with the Services included in the GTC |
| Legal basis of data processing | The compliance with the Contract concluded between the Programme Owner and the Card Holder [Article 6 (1) (b) of the GDPR] |
| Scope of data processed | Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (post code, town, street, number); correspondence if other than residence (post code, town, street, number); e-mailing address; cell phone number; amount to upload; serial No. of card; Data of the transaction; habitual residence in Hungary if Data Subject is a foreigner; Account history; workplace address |
| Term of data processing | Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service) |
| Processors | PrePay Solutions Ltd. (member of the Edenred group; head office: London: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom). Idemia Hungary Kft. (head office: Tó-Park land reg. No.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary) purpose of data processing: manufacturing of cards; Y-Collective Kft. (head office: H-7628 Pécs, Arany János u. 24., Hungary) purpose of data processing: extranet operation, processing of card orders, operation of website and application; IT support activity |
The summaries serve only as an easy overview, please read the full prospectus.
| Summary of the processing of data concerning the marketing / advertising activity of the Programme Owner | |
| Data Controller | Concerning the data processing regarding its marketing / advertising activity, the Programme Owner is the Data Controller. |
| The purposes of the processing | Sending marketing / advertising messages to the Card Holder |
| Legal basis of data processing | The Data Subject’s consent [Article 6 (1) (b) of the GDPR and Article 6 (1) of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activities]. The consent may be withdrawn at any time |
| Scope of data processed | The Data Subject’s surname; forename; e-mail address; mobile phone number; |
| Term of data processing | Until the withdrawal of the consent |
| Processors | Y-Shift Kft. (head office: H-7636 Pécs Arany János utca 24., Magyarország) purpose of data processing: data processing for the purposes of advertising. The Rocket Science Group LLC d/b/a MailChimp (head office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA) purpose of data processing: data processing for the purposes of advertising – sending out newsletters |
The summaries serve only as an easy overview, please read the full prospectus.
⦁ Definitions
⦁ Definitions used in this Data Processing Policy match the definitions included in the General Terms and Conditions regarding the ordering, delivery and utilization of Edenred Voucher Cards and the Card Holder GTC. For enhancing the interpretation of the Data Processing Policy, we repeat certain definitions in the following:
⦁ “Issuer” is PrePay Technologies Limited, a limited company registered in the UK with number 04008083, contact: United Kingdom, PO BOX 3883, Swindon, SN3 9EA. PrePay Technologies Limited was registered with number 900010, its e-money issuer licence was issued by and its supervisory authority is the Financial Conduct Authority.
⦁ ‘Programme Owner or Data Controller’ is Edenred Magyarország Kft. (head office: H-1134 Budapest, Váci út 45.), the Issuer’s payment intermediary.
⦁ “Client” is a natural or legal person providing the Edenred Card to the Card Holder.
⦁ ‘Card Holder’ is a natural person deemed by the Client eligible for using the Card to whom the Card is issued, and who undertakes to comply with the GTC concerning the Card Holder attached as Annex 6 of the GTC concerning Clients.
⦁ “Edenred Card” or “Card”, according to Act CXVII of 1995 on Personal Income Tax (“PIT Act”), is a benefit given off in an electric form, supplied in the form of a non-transferable plastic card provided with a magnetic stripe or a microchip protected by a PIN code, that can be used for paying the full or partial consideration for goods sold or services rendered by the Participating Vendor, within the scope permitted by law. The Edenred Card contains a pre-paid benefit without credit function, bound to the holder’s name. The rules pertaining to Edenred Cards apply implicitly to the Parter Card provided by Edenred:
⦁ Gift Card: a Card the credited amount on which may be used for purchasing products and services concerning certain specified benefits specified by the PIT Act.
⦁ School Starter Card: a Card the credited amount on which may be used for purchasing schoolbooks, school materials and outfits concerning the regulations on certain specified benefits specified by the PIT Act.
⦁ Culture and Sports Card: a Card the credited amount on which – concerning the regulations on benefits specified by the PIT Act – may be used for purchasing tickets, passes for the recourse to cultural services (for exhibitions, theatrical, dance, circus or music performances provided by museums and arts facilities [exhibition sites], or for requisitioning cultural services provided by organizations carrying on public education activities) and registration fees to libraries, and for purchasing tickets and passes for sports events falling within the scope of the Sports Act.
⦁ Motivation Card: a Card the credited amount on which may be used for purchasing products and services concerning gift for business purposes specified by the PIT Act.
⦁ ‘Edenred Card Service’ or ‘Service’ means the complex service provided by the Programme Owner to the Client and the Card Holders under these GTC concerning the ordering, delivery and use of Edenred Cards and the Card Holder GTC, in connection with the issuance and use of the Card.
⦁ “Participating Vendor” or “Participating Business” is an entity accepting Edenred Cards from the Card Holders (or Partner Card Holders) in case of the sale of products or the provision of services, and where the Programme Owner makes accepting cards technically available.
⦁ Data Subject
Data Subjects include the employees (Card Holders) of the employer (Client) ordering the Services of the Programme Owner, and – in case of a respective order – the close relatives of the Card Holders as Additional Card Holders (hereinafter referred to as Data Subject)
⦁ Sources of the acquisition of personal data by the Programme Owner
⦁ The Programme Owner would acquire the the personal data of the Data Subject not directly from the Data Subject, but, in regard to the characteristics of the Service, from the Data Subject’s employer (Client), concurrently with the ordering by the employer of the card issued by the Programme Owner.
⦁ The Data Subject would activate the Card provided to him by his employer on the website https://myaccount.edenredkartya.hu/#/login, by creating a user account providing the e-mail address or the serial number of the card, or by entering his user account already created by providing his e-mail address and password. In activating/entering, the Data Subject shall not provide personal data regarding the Data Subject provided by the Data Subject’s employer to the Programme Owner, the electronic system applied by the Programme Owner would associate them with the Data Subject. The Data Subject would accept the GTC concerning the Card Holder (hereinafter referred to as: GTC) during the activation/entering, and in this context, he would get information on the data processing by learning the Data Processing Policy being an integral part of the GTC.
⦁ The main purpose of the Edenrend card Pro application is to enable the Card Holders to electronically register their Edenred Cards and to trace their personal expenses. The Data Subject would activate the Card provided to him by his employer in the Edenred card Pro application by creating a user account providing the e-mail address or the serial number of the card, or by entering his user account already created by providing his e-mail address and password. In activating/entering, the Data Subject shall not provide personal data regarding the Data Subject provided by the Data Subject’s employer to the Programme Owner, the electronic system applied by the Programme Owner would associate them with the Data Subject. The Data Subject would accept the GTC concerning the Card Holder during the activation/entering, and in this context, he would get information on the data processing by learning the Data Processing Policy being an integral part of the GTC.
⦁ Legal basis of data processing
⦁ According to the contract concluded by the Programme Owner and the Client, the legal basis to the data processing strictly essential for providing the Service is the performance of the contract concluded by and between Programme Owner and the Client (Client GTC) regarding the ordering of cards to the Data Subject employees, during which, the Client becomes the data controller and the Programme Owner becomes the Client’s data processor.
⦁ The legal basis of the data processing strictly necessary for the Programme Owner for providing its service is the performance of the contract concluded by and between Programme Owner and the Data Subject (Card Holder GTC) (activating the card, assigning and using the e-money ordered to this effect to the Card (crediting), ensuring the access to dara [e.g. statement of account, available balance], processing of transactions) [Article 6 (1) (b) of the GDPR]. Should the Data Subject not provide personal data required by the Programme Owner for providing its service, the Data Subject will not be able to call upon the services provided by the Programme Owner. Concerning the data processing in relation to the contract concluded by and between the Programme Owner and the Data Subject, the Programme Owner is the data controller.
⦁ The legal basis for the Programme Owner for the data processing concerning the sending of advertisement is the Data Subject’s consent [Article 6 (1) (a) of the GDPR and Article 6 (1) of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activities]. The Data Subject may provide his consent to receive advertisement on the Programme Owner’s website or in the Edenred card Pro application.
⦁ The purpose of the data processing, the scope of data processed, the term of data processing
⦁ Data processed for the purposes of complying with the Client GTC
⦁ Programme Owner as Data Processor processes the following data in order to comply with the Client GTC i.e. the provision of the Service:
⦁ Data Subject’s last name;
⦁ Data Subject’s first name;
⦁ Name on card, 21 characters at maximum;
⦁ Date of birth;
⦁ Permanent address (zip code, city, name of public area, type of public area, house number);
⦁ Mailing address, if different from permanent address (zip code, city, name of public area, type of public area, house number) (mandatory);
⦁ Data Subject’s e-mail address;
⦁ Data Subject’s mobile phone number;
⦁ Amount and value to be credited;
⦁ Card Serial No.;
⦁ In case of foreign Data Subject, the place of residence in Hungary;
⦁ Address of the Data Subject’s workplace.
⦁ Personal data would be processed by the Programme Owner as Data Processor in connection with manufacturing the Card and the administration on the crediting and usage of the Card.
⦁ The Programme Owner will process the Data Subject’s data until the period required to achieve the purpose of the Client GTC, i.e. the total duration of the Service and 5 years following its termination (until the limitation period of the possible claims concerning the Service).
⦁ Data processed for the purposes of complying with the Card Holder GTC
⦁ Programme Owner processes the following data in order to comply with the Card Holder GTC i.e. the provision of his Service:
⦁ Data Subject’s last name;
⦁ Data Subject’s first name;
⦁ Name on card, 21 characters at maximum;
⦁ Date of birth;
⦁ Permanent address (zip code, city, name of public area, type of public area, house number);
⦁ Mailing address, if different from permanent address (zip code, city, name of public area, type of public area, house number) (mandatory);
⦁ Data Subject’s e-mail address;
⦁ Data Subject’s mobile phone number;
⦁ Amount and value to be credited;
⦁ Card Serial No.;
⦁ Data of the transaction.
⦁ In case of foreign Data Subject, the place of residence in Hungary;
⦁ Statement of account;
⦁ Address of the Data Subject’s workplace.
⦁ The Programme Owner will process the Data Subject’s data until the period required to achieve the purpose of the Card Holder GTC, i.e. the total duration of the Service and 5 years following its termination (until the limitation period of the possible claims concerning the Service).
⦁ Data processed for reasons of marketing / sending of advertisements, and the term of data processing
⦁ During the data processing for advertisement purposes, the Programme Owner will send advertisements via phone (SMS) or e-mails or push notifications (pop-up messages on mobile phones) to the Data Subject concerning the products of the Programme Owner, the Edenred Group and the Participating Vendors, and on the incidental campaigns, according to the Data Subject’s consent.
⦁ For this purpose it processes the following data:
⦁ Data Subject’s last name;
⦁ Data Subject’s first name;
⦁ Data Subject’s e-mail address;
⦁ Data Subject’s phone number;
⦁ The Programme Owner keeps record of the personal data of Data Subjects having made declaration of consent regarding the receipt of advertisements.
⦁ For sending advertisement, the Programme Owner keeps on processing the personal data processed per the declaration of consent provided by the Data Subject until revocation. The Data Subject can give his declaration of consent by ticking the relevant checkbox on the Programme Owner’s website or the Edenred card Pro application. The Data Subject may revoke his consent at any time via the unsubscribe link at the bottom of the marketing letter sent to the provided e-mail address.
⦁ Data processing
⦁ The Programme Owner will transmit and disclose the Data Subject’s data to the members of the Edenred Group and its contractual partners (including natural persons) in the course and for the purpose of and to the extent required for providing the Service, in relation to the card use.
⦁ Data Processors belonging to the Programme Owner’s contractual partners employed for complying with the provision of the Service, and for performing the marketing / promotional activity, who will process the Data Subject’s data are:
⦁ PrePay Solutions Ltd. (member of the Edenred group; head office: London: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK)
purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom).
⦁ Idemia Hungary Kft. (head office: Tó-Park land reg. No.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary)
purpose of data processing: manufacturing of cards;
⦁ Y-Collective Kft. (head office: H-7628 Pécs, Arany János u. 24., Hungary)
purpose of data processing: extranet operation, processing of card orders, operation of website and application;
⦁ Y-Shift Kft. (head office: H-7636 Pécs Arany János utca 24., Hungary)
purpose of data processing: data processing for the purposes of advertising.
⦁ The Rocket Science Group LLC d/b/a MailChimp (head office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA)
purpose of data processing: data processing for the purposes of advertising – sending out newsletters
⦁ Data transfer to third country
The Rocket Science Group LLC d/b/a MailChimp possesses a Privacy Shiled (https://www.privacyshield.gov/EU-US-Framework) qualification created according to the data protection framework agreement between the US and the EU, therefore, per Article 45 (1) of the GDPR, personal data may be transferred to it, ensuring an adequate level of protection.
⦁ Data security, persons authorized to know the data
⦁ The Programme Owner shall delete the Data Subject’s data upon the expiry of the data handling period.
⦁ The Programme Owner will ensure the security of the processed data and takes any measure against unauthorised access, modification, forwarding, disclosure, erasure or destruction, accidental destruction and deterioration, and inaccessibility due to the change of the technology applied, i.e. in order to ensure an adequate protection of the Data Subjects’ personal data per the legislation.
⦁ The Programme Owner processes the Data Subject’s data automatically and manually in a computer database applying the measures necessary for maintaining the data security requirements, and it has arranged to have the processing of the Data Subject’s data within a closed system protected by password in any event and saved in a hard disk, and that these systems would be used by those authorised to know the data exclusively in relation to the provision of the service, in a strictly necessary extent.
⦁ Those authorised to know the personal data are the Programme Owner (the Programme Owner’s employees employed in a post that manage matters concerning the card use), the members of the Edenred Group, and the Programme Owner’s contractual partners. The computer systems shall be protected by firewall and appropriate antivirus software.
⦁ The Programme Owner accomplishes the technical inspection of the system and takes prompt action in case any fault is detected or indicated.
⦁ The Programme Owner ensures to provide complete information about the data protection rules to those authorised to access the data. As a guarantee to data security, the senior executives and employees of the Programme Owner are bound by obligation of confidence and legal liability concerning the personal data learned in this regard.
⦁ The Data Subject’s rights and legal remedies
⦁ At the Data Subject’s request, the Programme Owner shall provide information on [Article 15 (1) of the GDPR; right of information]:
⦁ what data we process on you,
⦁ the purposes of the processing,
⦁ the category of addressees we may forward the personal data,
⦁ the term of processing,
⦁ his rights and the possibilities of remedy.
⦁ Before initiating the procedures regulated in this section, the Data Subject is entitled to call upon the Programme Owner with his claim (to be submitted electronically) in order to eliminate his anxieties concerning the data processing and to restore legality. The Programme Owner shall examine the claim within a month, makes a decision on whether it is well-founded and informs the Data Subject electronically in writing. If the Programme Owner ascertains the grounds for the Data Subject’s claim, restores the legality of data processing or ends the data processing, including further data recording and data transmission. In this case, the Programme Owner may no longer process the Data Subject’s personal data unless the Programme Owner demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims. The Programme Owner will communicate the claim and the relevant actions taken, to those to whom he transmitted the data concerned by the claim.
⦁ At the Data Subject’s request, the Programme Owner will make available the duplicate copy of the personal data in a commonly used electronic format or any other format chosen by the Data Subject. [Article 15 (3) of the GDPR; right of access, right of the issuance of duplicates].
⦁ At the Data Subject’s request, his personal data will be modified or rectified. Moreover, we also provide a possibility to rectify the personal data via the user profile. [Article 16 of the GDPR; right of rectification]. The exercise of the Data Subject’s rights regarding his access to his own data and the recitification of his personal data, the Data Subject may call upon the Programme Owner in an e-mail sent to the addresses adatkezeles-hu@edenred.com or dpo.hungary@edenred.com.
⦁ At the Data Subject’s request, the Programme Owner will erase the Data Subject’s personal data. The Programme Owner may refuse to comply with the request due to reasons included in Article 17 (3) of the GDPR, e.g. in the case when personal data are required for proposing or vindicating a legal claim, or for the compliance with the obligation per the law of the Union or a member state to be applied to the Programme Owner, or out of public interest or for exercising the right of freedom of expression and information. [Article 17 of the GDPR; right of erasure].
⦁ The Data Subject may cancel his declaration of consent to advertising purposes may be cancelled at any time without restriction and justification, free of charge, and he may also make a claim regarding the prohibition of receiving advertisements. In this case, the Programme Owner immediately erases the Data Subject’s name and any personal data from the records and will no longer send any advertisement to the Data Subject. This can be achieved by filling a notice of withdrawal either on the post, by sending a letter to the Programme Owner’s head office, or electronically by sending an e-mail to adatkezeles-hu@edenred.com or dpo.hungary@edenred.com, or in the settings on the Programme Owner’s website, or in the Edenred card Pro application [right of withdrawing the consent]. The withdrawal shall not affect the lawfulness of data processing based on consent before its withdrawal.
⦁ The Data Subject is entitled to request the restriction of the processing of personal data (blocking)
⦁ should he contest the accuracy of the personal data, he may request the blocking of the data until the Programme Owner checks the accuracy of the personal data;
⦁ if the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
⦁ the Programme Owner no longer needs the personal data, but it is required by the Data Subject for the establishment, exercise or defence of legal claims [Article 18 of the GDPR; right to restriction of processing (blocking)]
⦁ The Programme Owner complies with the request of blocking by storing the personal data separated from all other personal data. So for example, in case of electronic files, saving them to a external storage media or moving the personal data stored on paper into a separate folder. With the exception of storage, the Programme Owner will only process such personal data with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will inform you beforehand when the restriction of processing is lifted.
⦁ The Data Subject shall have the right to receive the personal data, in a commonly used and machine-readable, structured format and have the right to transmit those data to another controller. In addition, at a relevant explicit request, the Programme Owner ensures the direct transmission the Data Subject’s data to a Processor specified by the Data Subject. [Article 20 (1) and (2) of the GDPR; right to data portability].
⦁ The Programme Owner will inform the Data Subject on the actions taken within one month from receiving the Data Subject’s request. The Programme Owner shall inform You within one month from receipt of the request about the reasons of the refusal and about the opportunity of lodging a complaint with the Authority and seeking a judicial remedy.
⦁ The judicial remedy is free of charge. In certain cases, the Programme Owner may charge a reasonable fee based on the administrative costs or refuse to act on the request, if the Data Subject requests a duplicated copy of its data or if the Data Subject’s request definitely unsubstantiated or is – especially due to its repetitive character – exaggerated.
⦁ The Programme Owner retains the right to request further information necessary for the confirmation of the Data Subject’s identity, should it have doubts about the identity of the person who submitted the request. Such a case is when the Data Subject exercises his right of requesting a duplicated copy, in which case it is reasonable from the Programme Owner to check if the request has come from the authorised person.
⦁ Should the Data Subject consider that the Programme Owner offended his right to the protection of personal data, or should the Programme Owner perform an illegal data processing, he may initiate the procedure of the Auhtority. Contact details of the Authority: postal address: H-1530 Budapest, POB: 5, e-mail address: ugyfelszolgalat@naih.hu, phone: +36 (1) 391-1400, website: www.naih.hu.
⦁ Should the Data Subject consider that the Programme Owner offended his right to the protection of personal data, he may initiate a legal hearing and may demand the reimbursement of the damage caused to the Data Subject by the illegal processing of his data or by violating the data security, or, in case of the violation of a personality right, the payment of a restitution. In case of judicial proceedings, the Data Subject may also initiate the lawsuit in the courthouse of his residence or habitation.
⦁ Further provisions
⦁ Should the Programme Owner modify the GTC with an influence on the Data Processing Policy, it shall place an appropriate announcement on the website and shall send the the modified policy to the e-mail address provided by the Data Subject so that the Data Subject may study it.
⦁ Where the Programme Owner intends to further process the personal data for a purpose other than that for which the personal data were obtained, it will provide the Data Subject prior to that further processing with information on that other purpose and with any relevant further information.
⦁ The Programme Owner shall inform the data subject at the latest on the first occasion of disclosing the data also to other recipient(s).
Effective from: 16 July 2018.
⦁ Definitions
⦁ ‘Data Controller’: The customer of the complex service provided by the Programme Owner to the Client under these GTC, in connection with the issue and use of the Card.
⦁ ‘Processor’: The Programme Owner
⦁ ‘GDPR’: DIRECTIVE 2016/679/EU OF 27 APRIL 2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on repealing Directive 95/46/EC (Directive).
⦁ ‘Applicable Law’ means Hungarian statutes created according to or having regard to the GDPR or the explicit authorisation provided by the GDPR, other data protection statutes, or the documents issued by the National Authority for Data Protection and Freedom of Information (NAIH), or codes of conduct concerning the Processor.
⦁ ‘Demand’ is any petition, claim, announcement handled as factual claim, demand or procedure.
⦁ ‘Damage’ is any claim, loss, damage, expense, penalty, fine, fee, imposition, amount adjudged to a third party, costs and any other other (predictable or potential) obligation, including direct, indirect or consequential damages.
⦁ ‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
⦁ ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
⦁ ‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
⦁ ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
⦁ ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
⦁ ‘Personal Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
⦁ ‘Data Processing Appendix’ means an appendix becoming part of this Contract as of the time accepted and specified by the parties as the effective date, that determines the data processing concerning this Contract.
⦁ ‘Service’ means the services provided by the Data Processor in the framework of the Service Agreement concerning the processing of personal data – according to description in the applicable Data Processing Policy.
⦁ ‘Data Subject’s Exercising of Rights’ is a request submitted by the data subject, with the purpose of information, access to his personal data (including the request for duplicated copy), modification, erasure (including the right to be forgotten), the restriction of the data data processing, data portability, or for the Data Subject’s protest against the data processing.
⦁ ‘Third Country’ means any of the countries not being an EEA member state (member states of the EU, Iceland, Lichtenstein, Norway).
⦁ Subject and Term
⦁ The subject of this Contract is to specify the conditions concerning the Services to be performed by the Data Processor on behalf of the Data Controller.
⦁ Any data data processing activity to be performed by the Data Controller shall be explicitly specified in the Data Processing Appendix.
⦁ This Contract enters into force on the Effective Date, and terminates after the Processor has erased any personal data having handled per this Contract and hands over a certified copy of the minutes recorded on this fact to the Controller.
⦁ Compliance of the Processor with the GDPR
⦁ The Processor guarantees to have expert level knowledge, reliability and resources to perform the technical and organisational actions that ensure the requirements of the GDPR, including the security of data processing.
⦁ Extent of the work
⦁ The sole purpose of the processing of personal data by the Controller is to provide Services according to the GTC.
⦁ The processing of the personal data by the Processor is performed in the framework of this Data Processing Contract and only to the extent the Processor was ordered by the Controller, and exclusively concerning the Service. The Processor processes personal data on behalf of the Data Controller.
⦁ The Processor must not process or use personal data for any other purpose to a degree that goes beyond what expected and necessary for the provision of the Services, not including services provided per the Card Holder GTC concluded between the Programme Owner and the Card Holders.
⦁ General obligations of the Processor
⦁ The Processor shall always be suitable for proving its compliance with the GDPR, especially as regards the identification of the risk related to the processing, their assessment in terms of origin, nature, likelihood and severity, and the identification of best practices to mitigate the risk.
⦁ The Processor shall observe the Governing law. The Processor shall provide all forms of cooperation and support and provide any information demanded by the Controller in order to prove its compliance with the Governing law and the performance of its obligations, as well as to cooperate with the NAIH or the supervisory authority conducting the proceedings and to execute its orders or decisions by being able to meet the deadline specified by the NAIH or the supervisory authority.
⦁ The Processor processes the personal data only on documented instructions from the Controller, unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
⦁ The Processor guarantees that employees or other persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
⦁ The Processor guarantees that employees or other persons authorised to process the personal data have received adequate training concerning the maintaining, protection and processing of personal data.
⦁ Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
⦁ actions that inhibit unauthorised persons to access the data data processing systems that process or use personal data;
⦁ actions that inhibit data processing systems to be used without permission;
⦁ actions that ensure that persons authorised to use data processing systems may only access personal data in regard of which they have right of access, and that personal data may not be read, copied, modified or erased during the processing or use of data and after their storage;
⦁ actions that ensure that personal data may not be read, copied, modified or erased during electronic transmission or transport;
⦁ actions that ensure that ensure checking and ascertaining if personal data were entered to the data processing systems, they were modified or erased, and by whom;
⦁ actions that ensure that during the processing of personal data by the Processor, the personal data are processed strictly in accordance with the Controller’s orders;
⦁ the pseudonymisation and encryption of personal data;
⦁ the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
⦁ the ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident;
⦁ a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
⦁ The Processor shall store personal data processed on behalf of the Controller at least logically separated from personal data processed on behalf of third parties, and it also seeks the physical separation of personal data processed on behalf of the Controller.
⦁ In assessing the appropriate level of security, the Processor shall take into account in particular the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
⦁ The Processor shall take actions to ensure that any natural person acting under the authority of the Controller or the Processor who has access to personal data does not process them except on instructions from the Controller, unless he or she is required to do so by Union or Member State law.
⦁ The Processor agrees and guarantees that the security measures are suitable for protecting the personal data against casual or illegal destruction or casual loss, alteration, unjustifiable disclosure or unjustifiable access, especially if the data processing includes the transmission of data via the network, moreover against any other unjustifiable form of data processing, and guarantees that these measures ensure a level of data security matching the risks that originate from the characteristics of the personal data to be protected, taking into account the state of the art and the costs of implementation.
⦁ The Processor takes into account the nature of the data processing, and, if possible, assists the Controller with adequate technical and organisational actions in complying with its obligation to answer the requests concerning the practice of the Data Subject’s rights included in the Applicable Law.
⦁ The Processor actively assists the Controller in ensuring the compliance with the obligations per the Applicable Law, including the answering of the requests concerning the practice of the Data Subjects’ rights included in the Applicable Law.
⦁ The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the Applicable Law or other Union or Member State data protection provisions.
⦁ The Processor makes available to the Controller all information necessary to prove the compliance with the obligations laid down in the Applicable Law, and to authorise and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
⦁ After terminating the provision of Service relating to processing of data, according to the nature of the data processing Controller’s order, the Processor deletes or returns all personal data to the Controller, and deletes any existing copies unless Union or Member State law requires storage of the personal data. Inasmuch as the Processor is ordered by the law of the Union or the member state to store personal data, the Processor shall prove the Controller by an adequate document justifying this, the further storage of the personal data processed by the Controller, immediately or at least 5 working days from acknowledging this.
⦁ Should the Processor by any reason not be able to comply with, or foresees not to be able to comply with its obligations per this Contract or the Applicable Law, it shall commit to expeditiously, or at least within 3 working days, notify the Controller about this fact.
⦁ The Processor shall keep record of any data processing activity performed on behalf of the Controller, including at least the following:
⦁ the nature and purposes of the data processing, the term of the data processing, the types of personal data and the categories of the Data Subjects;
⦁ if applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and the documentation of suitable safeguards;
⦁ the description of the technical and organisational safety measurements.
⦁ The Controller shall not be held liable if the Processor keeps the data processing records per the GDPR or does not make it available at the request of the supervisory authority.
⦁ The Processor has sole responsibility in sizing up whether they shall assign a data protection officer per the Applicable Law.
⦁ Requisitioning additional processors
⦁ The Controller grants the Processors a general authorisation to recruit additional processors concerning the data processing procedures strictly essential for providing the Service. The Processor undertakes to inform the Controller on any additional processor.
⦁ Where a Processor engages additional processors for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this Data Processing Contract shall be imposed on that other processor by way of a contract, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Applicable Law.
⦁ The Processor shall check the correspondence of the additional processors requisitioned by the Processor to the requirements of this Data Processing Contract (especially Section 5) and the Applicable Law.
⦁ Should the processor requisitioned by the Processor not comply with his data protection obligations, the Processor retains full responsibility to the Controller in complying with its further processing obligations.
⦁ Order of relations and instructions
⦁ The Controller undertakes to inform the Processor on the name, e-mail address and phone number of the Controller’s Contact Person(s) within one working day from the conclusion of the Contract. On behalf of the Controller, it’s the Controller’s Contact Person(s) who are authorised to give instructions concerning the data processing, and the Processor shall communicate this Contact Person(s) its observations. The Controller undertakes to provide information to the Processor about the change in these data within one working day from the occurrence of the change.
⦁ The Data Processor undertakes to inform the Processor on the name, e-mail address and phone number of the data processor’s Contact Person(s) within one working day from the conclusion of this Contract. The Controller shall address its instructions regarding this Contract to the Processor’s Contact Person(s). The Controller undertakes to provide information to the Processor about the change in such data within one working day from the occurrence of the change.
⦁ The Parties agree to have the e-mail as a primary form of communication concerning this Data Processing Contract, and the instructions given by the Controller in e-mail constitute a suitable form of communication. The Processor is entitled to request to receive the instruction by post beside the e-mail, or it may also initiate – having regard to extension or character of the instruction – it may also initiate the amendment of this Contract. Inasmuch as the Controller’s Contact Person gives oral instructions to the Processor due to the nature or urgency of the measure, it shall subsequently confirm the oral instruction in e-mail or in writing within three working days.
⦁ The Processor undertakes to notify the Controller’s Contact Person within one working day if:
⦁ any request from a public authority concerning the processing or transmission of personal data covered by this Contract is received, unless the notification of the Controller is expressly prohibited by the law;
⦁ a request directly from the Data Subject or a third party is received concerning the Data Subject’s exercising of his rights.
⦁ In case of a personal data breach or any pressing case at the Processor’s discretion, the Processor undertakes to phone the Controller’s contact person and inform him about the breach or pressing case. In case of a personal data breach, the contacting will not concern the Processor’s obligations per Section 8.
⦁ Reporting of a personal data breach
⦁ The Controller shall document any personal data breach, reporting the facts relating to the personal data breach, its effects and the remedial action taken, in a manner that the document will enable NAIH or the competent supervisory authority to control the correspondence to the Applicable Law, in which the Data Controller shall cooperate to the maximum extent possible.
⦁ In case of a personal data breach, the Processor shall notify the Controller without undue delay and not later than within 24 hours after becoming aware of a personal data breach and cooperate with the Controller during the notification of the competent supervisory authority.
⦁ The Data Controller shall report the following within 24 hours:
⦁ the nature of personal data breach (accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data)
⦁ name and contact details of the data protection officer or other contact point where more information can be obtained
⦁ The Processor may not decide that the personal data breach would not result in a risk concerning the rights and freedoms of natural persons.
⦁ Should the Processor fail to notify the Controller within 24 hours, the Processor shall advise the Controller on the reasons of the delay.
⦁ Concerning the personal data breach, the Data Controller shall notify the Controller without delay on the following, as soon as the specific circumstances are clarified:
⦁ detailed description of the personal data breach
⦁ the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
⦁ the name of each person concerned (or if this is not possible, the number of data subjects and records / databases including personal data);
⦁ name and contact details of the data protection officer or other contact point where more information can be obtained
⦁ the probable outcomes of a personal data breach;
⦁ measures taken or proposed to be taken by the Controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
⦁ When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller may not inform the Contact Person or the supervisory authority on the personal data breach without firstly consulting with the Controller and acquiring its explicit prior consent, unless the default periods to be observed make it necessary.
⦁ Data portability
⦁ In consideration of the legal bases described in Annex I of the Data Processing Contract, the Processor assists the Controller in complying with the obligations concerning the data portability by performing any and all data processing activities on behalf of the Controller ensuring the Data Subjects’ entitlement to receive their personal data relating to them provided by them to the Controller or the Processor in an articulated form in a widely used and computer-readable format, and in addition, it authorises their right to transmit these data to another Controller/Processor without the Controller/Processor impeding this.
⦁ Transparent information, communication and modalities for the exercise of the rights of the Data Subject
⦁ The Processor actively supports the Controller in complying with its duty to provide any information and any communication relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
⦁ The information shall be provided by the Processor in writing, or by other means, including, where appropriate, by electronic means.
⦁ The Controller may not communicate with the Data Subjects without firstly consulting with the Controller and acquiring its explicit prior consent, unless the default periods order this.
⦁ Right of access by the Data Subject
⦁ To the Data Subjects’ request, the Processor actively supports the Controller in complying with its duty to confirm whether or not the processing of personal data regarding the Data Subject is in progress, and if so, in granting access for the Data Subject to personal data and information.
⦁ Data protection impact assessment
⦁ The Processor shall provide support to the Controller in accomplishing the impact assessments, and to cooperate with the Controller and in cooperation introduce the measures for reducing the data protection risk.
⦁ Where necessary, the controller shall carry out a review to assess if processing is performed in accordance with the data protection impact assessment at least when there is a change of the risk represented by processing operations.
⦁ Right of the Data Subjects to rectification or erasure or the restriction of data processing.
⦁ The Processor shall provide active support to the Controller for accomplishing its following duties without undue delay:
⦁ to rectify inaccurate personal data;
⦁ to complement incomplete personal data;
⦁ to erase personal data;
⦁ to restrain the processing where one of the following applies.
⦁ In case of an erasure, the Processor shall make the data unrecognisable in a way its reconstruction is no longer possible, and to verify having accomplished the erasure to the Controller’s Representative in writing.
⦁ Inasmuch as the Controller receives a request of a data subject per Article 18 (1) (a) of the GDPR, to the Controller’s order, Processor will restrain data processing in the system until the time indicated in it, therefore especially cease all access authorisations, except for those who participate in managing the data subject request on behalf of the Processor.
⦁ Inasmuch as the Controller receives a request of a data subject per Article 18 (1) (b) to (d) of the GDPR, to the Controller’s order, the Processor will copy the personal data indicated in the Controller’s order to a data carrier and the Processor will erase them from its system. In case of a request according to Article 18 (1) (d) of the GDPR, the Controller may decide that the Processor shall proceed per Sub-Section 13.3.
⦁ If the Controller receives requests concerning 1.13. Data Subject’s Exercise of Rights directly from the Data Subject, the Processor shall forward these requests immediately to the Controller and the Data Subject may answer to this request in case of the Controller’s written consent.
⦁ Responsibility
⦁ The Processor shall be responsible for any Damage arising from the breach of any of the obligations according to the Contract or the Applicable Law.
⦁ The Controller guarantees to make good the Controller any Damage arising from the breach of any of the obligations according to the Contract or the Applicable Law.
⦁ Competence, Governing Law
⦁ The competent courts at the Processor’s location possess exclusive jurisdiction for judging any legal dispute arising from or related to this Contract.
⦁ This Contract shall be interpreted and the Parties’ rights shall be determined in accordance with the Hungarian provisions of law, excluding the conflict-of-law rules.
⦁ Miscellaneous Provisions
⦁ Should any competent court or administrative court decide for the invalidity or nullity of any of the dispositions of this Contract, the Parties shall carry out bona fide negotiations on the substitute disposition that can be matched to the greatest extent possible to such an invalid or null disposition. Accordingly, the same shall be applied if this Contract does not determine a certain subject and this is not the consequence of the Parties’ respective intention. The unlawfulness, invalidity or nullity of any provision of this Contract does not affect the validity of the remaining dispositions of this Contract and its enforceability.
⦁ The Data Processing Contract and the attached Annex I constitute the all-round agreement between the parties in its subject, and will overwrite any agreement, consensus and reconciliation previously concluded between the parties.
⦁ The rights and obligations formulated in the dispositions of this Contract are authoritative for the Parties and the legal successors and assignees of the Parties.
⦁ Any right, competency, prerogative, legal remedy or the delay or omission of any law, competency, prerogative by any of the Parties may not be interpreted as a waiver of the specific law or any other, competence, jurisdiction, prerogative, legal remedy, and does not establish them.
⦁ This Contract contains the full agreement between the Parties at the date of being signed by the Parties under this subject This Contract may be modified or complemented by a written document that all Parties approved of. The same applies to the requirement concerning the written form.
Annex I
Data Processing Appendix
In the framework of this Contract, the Controller provides the following services:
The Processor provides a Service to the Data Controller that, according to Act CXVII of 1995 on Personal Income Tax (“PIT Act”), is a benefit given off in an electric form, supplied in the form of a non-transferable plastic card provided with a magnetic stripe or a microchip protected by a PIN code, that can be used for paying the full or partial consideration for goods sold or services rendered by the Participating Vendor, within the scope permitted by law.
This Data Processing Appendix specifies the types of Personal data processed by the Processor, and the purposes in favour of which the Processor processes personal data.
CHARACTERISTICS AND PURPOSES OF DATA PROCESSING:
The customer of the complex service provided by the Processor to the Client, in connection with the issue and use of the Card.
DURATION OF DATA MANAGEMENT:
The term that spans until the contract between the Controller and the Processor is cancelled.
TYPES OF PERSONAL DATA AND THE CATEGORIES OF DATA SUBJECTS:
Data content of the Card ordering file
• Card Holder’s last name
• Card Holder’s first name
• Name on card, 21 characters at maximum (mandatory)
• Date of birth
• Permanent address (zip code, city, name of public area, type of public area, house number)
• Mailing address, if different from permanent address (zip code, city, name of public area, type of public area, house number)
• Cardholder’s e-mail address
• Card Holder’s mobile phone number
• Amount to be credited
• Name and address of the Card Holder’s workplace
• Data content of card crediting to be provided:
• Card Holder’s last name
• Card Holder’s first name
• Serial number of the card
• Card crediting value
ESTIMATED AMOUNT OF PROCESSED PERSONAL DATA:
1 to 10000
ADDITIONAL DATA PROCESSORS:
PrePay Solutions Ltd. (member of the Edenred group; head office: London: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom).
Idemia Hungary Kft. (head office: Tó-Park land reg. No.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary) purpose of data processing: manufacturing of cards;
Y-Collective Kft. (head office: H-7628 Pécs, Arany János u. 24., Hungary) purpose of data processing: extranet operation, processing of card orders, operation of website and application; IT support activity
GENERAL CHARACTERISATION OF THE TECHNICAL AND ORGANISATIONAL SECURITY MEASURES SPECIFIED IN ARTICLE 32 (1) OF THE GDPR:
Az Adatfeldolgozási szerződés tartalmazza a megtett technikai és szervezeti biztonsági intézkedéseket.
Please read this Contract carefully before using your card. The below information sets out the General Terms and Conditions (GTC) pertaining to your Card and regulates the relationship between you and the Issuer. Plural first person pronouns pertain to the Issuer. By using the Card, you accept the conditions set out in this Contract. With respect to matters relating to the interpretation of the Contract, or if you do not agree to any provision thereof, please contact our Customer Service at any of the contacts set out in Clause 16 of the Contract.
1. DEFINITIONS
Account: the function recording the amount of money available and assigned to your Card (not a deposit, savings or other bank account);
Card Holder GTC: this Card Holder GTC and its new versions as updated from time to time;
Available Balance: value of the funds available on your Card for use;
HUF: Hungarian forints, the official currency of Hungary;
Card: any and all Cards issued to you under this Contract per the Client GTC;
Card Number: the 16-digit card number found on the front side of your Card;
Card Holder: a private person found eligible by the Company to use the Card entering into this Contract with us;
Company: the natural or legal person, institution or service provider participating in the Program;
Customer Service: the contact center dealing with inquiries and requests for services in connection with your Card. The contacts of the Customer Service are set out in Clause 16;
Full Deductible Amount: amount of the entire Transaction, including – in addition to the Transaction itself – all connected fees, expenses and taxes;
MasterCard International Incorporated: MasterCard International Incorporated, a business organisation with its registered office located at 2000 Purchase Street, Purchase, New York 10577 USA;
MasterCard Acceptance Mark: the logo of MasterCard International Incorporated, indicating that the Card is accepted at the place where it is displayed;
“Participating Vendor” or “Participating Business” is an entity accepting Edenred Cards from the Card Holders (or Partner Card Holders) in case of the sale of products or the provision of services, and where the Programme Owner makes accepting cards technically available, and who placed out the MasterCard Acceptor sticker.
MyAccount: the interface on the Website where – upon registration – you can access your own Account and view your Available Balance and Transaction History online. MyAccount provides you with up-to-date information regarding your account. You need Internet connection to access MyAccount;
PIN: personal identification number, PIN code;
POS: point of sale;
Program: the Cafeteria Card program, in the scope of which the Card has been issued to you;
Programme Owner: Edenred’s Hungarian subsidiary, a company established in Hungary with its registered office located at: Hungary, H-1134 Budapest, Váci út 45., the Issuer’s payment intermediary;
Transaction: all POS and online commercial sales carried out with your Card;
Issuer: PrePay Technologies Limited, a limited company registered in the UK with number 04008083, contact: United Kingdom, PO BOX 3883, Swindon, SN3 9EA. PrePay Technologies Limited was registered with number 900010, its e-money issuer licence was issued by and its supervisory authority is the Financial Conduct Authority;
Website: the www.edenredkartya.hu website where you can access the information related to your Card and read these GTC;
You: the natural person found eligible by the Company to use the Card.
2. GENERAL PROVISIONS
2.1 Your Card is an e-money – cafeteria card that can be credited repeatedly. It is not a credit or debit card. The Available Balance does not earn interest and may not be used for savings only for payment, and only in accordance with the conditions set out in this Contract and the Client GTC available on the site www.edenred.hu in all cases.
2.2 Your Card was issued based on the permission of MasterCard International Incorporated. This Card is an e-money product. The e-money associated with this Card is provided by the Issuer. The Issuer’s electronic money issuing activity is regulated by the Financial Conduct Authority. Your rights and obligations with respect to the use of the Card are regulated by this Contract concluded between You and the Programme Owner; You have no rights whatsoever towards MasterCard International or its affiliated companies. The crediting onto the Card is done to the Programme Owner’s order, in HUF, with the terms and conditions set out in this document and the Client GTC. It is the Programme Owner who authorises you to use your Edenred Card, exclusively for paying for the specified products and services, up to the amount available with regard to the Card concerned. The Card will remain in the Issuer’s ownership. Although your balance is your property (with the conditions and limitations specified in this document and the Client GTC), any and all legal rights/entitlements associated with the electronic money issued by the Issuer and the underlying accounting/record keeping system (e.g. intellectual property rights) shall remain in the ownership of the Programme Owner and/or the Issuer, shall not be transferred to you, and you shall have no further utilisation rights with regard to them.
2.3 These conditions included in the GTC have been created and are available only in the Hungarian language. We undertake to carry out all correspondences with you regarding matters concerning your Card or Account using the Hungarian language.
3. RECEIPT AND ACTIVATION OF YOUR CARD
3.1 You have to sign your Card immediately after receiving it, and then you have to call the Activation Line (see Clause 16 for details). No liability is borne by the Programme Owner for the failure to be signed and/or activated.
3.2 After activating the Card, depending on the type of the Card, you will receive or may specify a 4-digit PIN. Keep your PIN safe, do not disclose it to anyone and ensure that it is not easily visible to anyone when you enter it. We will not disclose your PIN to third parties. Should you forget your PIN, call our Customer Service for the reset code or visit www.edenredkartya.hu and follow the instructions.
3.3 If you want to change your PIN code, visit the www.edenredkartya.hu website, where you can view your current PIN code under the Forgotten PIN Code menu item. If you do not know the PIN code, and want to change it, please call our card information line on the +36 1 382 4000 telephone, and select the Change PIN Code menu item. If you are not in the position to use the online Forgotten PIN Code menu item, but want to have a new PIN code, please call our card information line on the +36 1 382 4000 telephone, and select the option to talk to our administrator in order to request a reset code. Then, call our card information line (+36 1 382 4000), where you can select the Forgotten PIN Code menu item, and use the reset code that you have been given to set a new PIN code.
3.4 Please ensure that your Card is registered on the Website www.edenredkartya.hu. Thus you will be able to use the online services available on MyAccount, and may for example block your Card if it is stolen and this is the way You will get a notification on Your outrunning balance.
4. USING THE CARD
4.1 The Card may only be used at Participating Vendors that are in contractual relationship with the Programme Owner, or where the Programme Owner made it possible to accept the Card based on the acceptor’s Merchant Category Code (MCC). The Programme Owner accepts no liability for cases when the card company classification of the terminals in the stores is different from what is expected or for any incidental changes in the classification of the stores. The balance of electronic money available with regard to a certain Card may only be used for the partial or full settlement of the consideration paid for the scope of products and services indicated on that Card, in accordance with the current rules governing Personal Income Taxes. The Programme Owner shall not be responsible for the misuse of the Cards. Your Card and the Available Balance associated with it may be used only for Transactions executed in HUF, excluding redemption and conversion to cash or scriptural money.
4.2 Your Card is a card that can be credited repeatedly, which means that your employer or business partner may freely credit new funds to the balance of your Card. A transaction shall only be authenticated if the Full Deductible Amount is lower than or equal to the Available Balance on your Card. You will not be able to use your Card after its expiry date or if the Full Deductible Amount exceeds the Available Balance. If for any reason, a Transaction is processed with a higher amount than the Available Balance on your Card, you shall pay to the Programme Owner the amount(s) by which the Full Deductible Amount exceeds your Available Balance within 14 days of the receipt of the invoice from the Programme Owner. If you fail to pay the amount within 14 days of the receipt of the invoice from the Programme Owner, the Programme Owner shall be entitled to take all measures necessary for the collection of the outstanding amount, including legal action and the blocking the further use of the card.
4.3 You can authenticate the transactions to be carried out with the Participating Vendors by providing your PIN or – in the case of online Transactions – CVC code in each case. If the Merchant does not accept PIN authentication, it may provide you the option to authenticate the Transaction by signing the receipt. You are responsible for all Transactions that you authenticate.
4.4 You may check your Available Balance any time by calling the Customer Service, viewing it via the mobile app or visiting the Website (see Clause 16 for the details).
4.5 For security reasons, the Participating Vendors accepting your Card shall request authorisation via a POS or VPOS terminal from the Issuer for your Transactions. In some cases, a Participating Vendor may require that your Available Balance be higher than the value of the transaction you intend to carry out. You will only be charged for the actual and final amount of the Transaction carried out. Merchants request this if they may require a larger amount of funds than which you wished to spend originally. For example:
4.5.1 Hotels and car rental – As Participating Vendors are not able to determine the amount of your final invoice preliminarily, they may request authorisation to deduct an amount of funds exceeding your Available Balance.
4.5.2 Participating Vendors on the Internet – Certain participating internet websites may send you a request for payment authorisation at the time of registration or the payment step in order to check availability of the funds; this may impact your Available Balance temporarily. Please note also that some websites do not charge the amount to be paid until the delivery of the goods. When viewing your Available Balance, please take into consideration such possible changes of the funds available, and determine based on that whether there is a sufficient amount on your Card to cover your purchases. The Card may not be used for online payments for the liquidation of which a bank with a non-Hungarian head office is requisitioned.
4.6 The Card can not be used for the verification of identity.
4.7 Your Card cannot be used for the withdrawal of cash, and the Available Balance or the future balance cannot be transferred, converted or redeemed for cash or scriptural money.
4.8 You may not use your Card to redeem traveller’s cheques, have cash refunded from Participating Vendor or settle balances outstanding in connection with credit cards, bank overdrafts or loan agreements, gambling, dating or escort services or at automated gas/petrol stations.
4.9 The Available Balance on your Account does not earn interest.
5. CREDITING OF THE CARD
5.1 You cannot credit funds to your own Card. Only your employer or business partner is eligible for recharging via the Issuer. Should your employer/business partner wishes to credit more funds to Your Card, we will credit it to the Available Balance on Your Card on the receipt of the Programme Owner’s order, only after the amount paid by the employer / business partner is credited to our bank account.
5.2 You hereby acknowledge that the frequency of updating your Available Balance in accordance with Clause 5.1 above will depend entirely on the Programme Owner’s ordinary course of business.
6. EXPIRY OF THE CARD AND THE CREDIT // RULES DIFFERING FROM THE CIVIL CODE
6.1 The expiration date of your Card is printed on the Card’s front side. You will not be able to use your card after the expiration date.
6.2 The funds credited to the Edenred Cards are valid only for a certain period of time.
6.3 The balance of the Card is personal and may only be used by the Card Holder. In case of the decease of the Card Holder, the balance forms part of the heritage, for the pecuniary splitting of which between the inheritors is governed by the grant of probate. The Client or the inheritor(s) of the Card Holder shall immediately inform the Programme Owner about the Card Holder’s death, thus it will suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. In case the Card Holder’s death is disclosed, the Programme Owner preserves the right to suspend the Card until the end of the probate procedure, including the use of the Partner Card by any close relative of the deceased. Any liability concerning the transactions done with the Card during the period from the Card Holder’s death and the Programme Owner’s becoming aware of it shall be borne by the inheritors. The Programme Owner will make available to the inheritor(s) the amount remaining on the deceased Card Holder’s Card that forms part of the heritage exclusively in the nature of a Card exclusively within the period of validity of the credited amounts relating to the Card. The inheritor(s) shall duly prove to the Programme Owner the completion of the probate procedure (in particular, a duplicated copy of the death certificate, the heritor’s ID card and residence card; in case the heritor is under-age, the injunction of the guardianship authority and the order of the liquidation of the heritage, including the amount on the Card as a heritage), within 90 days from the receipt of which it will make available to the heritor(s) in the nature of a Card per the grant of probate.
6.4 No Transaction will be processed after the Card is expired.
6.5 In the case of certain types of cards, we block the unused balance at certain expiry dates in order to comply with the applicable laws. The amount credited to the Card that has been blocked may not be refunded at all, or in certain cases may only be refunded if this is initiated by the employer / business partner, by observing the applicable laws and the contractual terms in accordance with Section VI of the GTC.
6.6 The period of validity of any Crediting is the last calendar day of the year the benefit was credited in case the it was credited until 31 August, or the last day of the year following the year the benefit was credited in case it was credited after 1 September.
6.7 Pursuant to Clause 2.2, after the expiry date of the Card or the expiry dates regarding each crediting, any Available Balance remaining on your Card and all statutory rights relating to the e-money will remain in the Programme Owner’s ownership and will not be transferred to you.
6.8 In order to enable you to utilise any amounts credited to your Card appropriately before the expiry date, the Programme Owner shall do all in its power inform you at any of the contacts you provided during the registration on the website edenredkartya.hu regarding any amounts on your Card that will expire soon.
7. CARD HOLDER’S LIABILITY; AUTHENTICATIONS
7.1 We may restrict or deny the authentication of your Card if the Card is or may be used in breach of this Contract or if we can suspect on reasonable grounds that you or a third party committed or intend(s) to commit a crime or other abuse in connection with the Card.
7.2 If we have to investigate a Transaction carried out using the Card, you are obligated to cooperate with us or – if necessary – any other authorised body in this.
7.3 Never:
7.3.1 let anyone else use your Card; or get access to it in any way;
7.3.2 write down your PIN on your Card or anywhere else;
7.3.3 disclose or otherwise make available your PIN to anyone else in writing, in a manner that it may be observed by others when entering the code or otherwise.
7.4 You are responsible for any Transaction that you authenticated via your signature, PIN or CVC code.
7.5 You agree to hold harmless and indemnify us, our partners and any company belonging to the same company group as the above with regard to the expenses incurred by any legal action initiated in order to enforce these GTC, any breach of these GTC and/or the fraudulent use of your Card by you or authenticated by you.
8. LOST, STOLEN OR DAMAGED CARDS
8.1 You have to handle the benefits on the Card in the same manner as cash in your wallet. If you lose your Card or if it is stolen, the amount on it may be lost just as if it had been in your wallet.
8.2 In the event of loss, theft, fraud or any other threat that involves the risk that the Card may be used in an unauthorised manner, or if the Card is damaged or malfunctioning, contact the Customer Service immediately. You have to provide your Card Number in order for the Customer Service to deal with your issue. You also have the option to take measures to have your card blocked using the Website’s MyAccount interface (see Clause 16.2). To be able to do so, you have to register your Card preliminarily on MyAccount.
8.3 Provided that you notified us in accordance with Clause 8.2 and the Clause 8.4 does not apply, you will not be liable for losses incurred after the time you notified our Customer Service in accordance with the above, nevertheless, the liability for any damage is borne exclusively by You. If there is Available Balance remaining on your Card after the notification, your Employer may request the Programme Owner to replace your Card and that the last Available Balance be made available on the new Card.
8.4 If the reported event was caused by your breach of contract or your alleged conduct or if reasonable suspicion of fraudulent or improper conduct arises with respect to it, you will be held liable for all losses.
9. DISPUTED MATTERS
9.1 If you have reason to suspect that a Transaction for which your Card was used was unauthorised or was carried out on your Account by mistake, we will examine the Account and the circumstances of the Transaction, provided that you notify is within 13 months of the date of the Transaction. In this scope, we may require you to contact the relevant authorities in connection with the disputed Transaction.
9.2 If at the time when you report the unauthorised Transaction, based on the evidence available to us we have no reasonable cause to assume that you failed to comply with these requirements of the GTS due to negligence or willfulness, or that you acted in a fraudulent manner, we will refund you all unauthorised Transactions.
9.3 However, if we receive information that suggests that the disputed Transaction was real, we will be entitled to deduct the value of any such Transaction from your Account.
9.4 We reserve the right not to refund you such amounts if you acted in breach of this Contract or if you did not report any possible fraudulent claims to the competent authorities.
9.5 If you entered into an agreement pursuant to which another person operating in the European Economic Area may deduct payments from your Card (e.g. if you disclosed your Card’s data to a Merchant for the purposes of payment), then – if all of the below conditions are fulfilled – you may request us to refund the payment which we will perform within 10 business days of the receipt of your request:
9.5.1 if the exact amount to be paid was not specified in the authorisation;
9.5.2 if the amount charged from your Account was higher than what you could have expected given the circumstances (e.g. based on your previous payment patterns); and
9.5.3 if you notify us regarding your refund request within 8 weeks of the date when the amount is charged from your Account.
10. COMPLAINTS
10.1 Any complaint included in these General Terms and Conditions has to be reported first to the Programme Owner via the Customer Service mentioned in Clause 16.
10.2 We handle all complaints in the scope of our own complaints procedure. Upon your request, we will provide you with a copy of the description of our complaints procedure.
10.3 The UK’s Financial Services Compensation Scheme (or any other deposit insurance system) shall not apply to the Card. However, we will protect your funds in the case of our insolvency.
11. AMENDMENTS
11.1 If any part of this Card Holder GTC conflicts with any legal or regulatory requirement, then we will not effectuate that part of the Contract, and we will consider it as if it reflected the provision contained in the relevant legal or regulatory requirement. If we have to make changes with respect to our operations before we are able to fully comply with the new legal or regulatory requirements, we will take the necessary steps as soon as reasonably practicable.
11.2 The Programme Owner is entitled to modify this Card Holder GTC unilaterally, which modification shall be published in its website at least 15 days before its entry into force, and shall also publish a notification on the modification on the site www.edenred.hu. Inasmuch as You do not avail yourself of your right of termination in writing and keeps on using the Card, the modifications shall be considered as expressly accepted by You.
12. TERMINATION AND SUSPENSION
12.1 If You are not entitled to use the Card any more for any reason, the Card will be blocked immediately and You will not be able to use the Available Balance any more.
12.2 We may terminate or suspend this Contract at any time:
12.2.1 if the contract between the Programme Owner and Your Employer or our Partner is terminated upon which service is provided to You (ordinary termination); or
12.2.2 with immediate effect (and until the settlement of the issue or the termination of this Card Holder GTC) if you have breached this Contract, used or intended to use the Card in an imputable or fraudulent manner or for illegal purposes or if we are unable to continue processing your Transactions due to the proceedings of third parties (extraordinary termination of contract).
12.3 After the contract concluded with the Client is normally terminated, the Programme Owner keeps on ensuring the availability to the amount credited before the termination of the legal relationship until the expiry of the credits.
12.4 If the contract is extraordinarily terminated, you will not be able to use your Available Balance any more as of the day of the termination of the contract.
12.5 If in any of the above cases of termination or if you are not entitled to use the Card any more, all statutory rights connected to the e-money and the Available Balance will remain in the ownership of the Programme Owner and will not be transferred to you.
13. OUR LIABILITY
13.1 The following exceptions and restrictions apply to our liability in connection with this Contract (relating to damages arising in connection with the provisions of the Contract or otherwise (including negligence), the breach of statutory duties or other):
13.1.1 we assume no liability for any damages arising directly or indirectly from reasons beyond our control (including but not limited to the failure of network services and data processing systems);
13.1.2 we assume no liability for lost profit, loss of business or any indirect, consequential, special or punitive damage or loss;
13.1.3 if the Card is faulty due to our negligence, our liability will be limited to the replacement thereof; and
13.1.4 in any other event of our default, our liability will be limited to the reimbursement of the Available Balance stored on your Card’s.
13.2 No provision of this Contract may exclude or limit our liability for any deaths or personal injuries that occur due to our negligence or fraud.
13.3 We expressly exclude the conditions and warranties set out in law to the largest extent allowed by the law.
13.4 The exclusions and limitations of liability set out in Clause 13 are also applicable to any liability arising towards you in connection with this Contract on the side of our affiliated companies such as the Programme Owner, MasterCard International Incorporated and other suppliers, contractors, agents, distributors and the affiliates thereof.
13.5 You may settle any disputed issue arising in connection with your purchases made with the Card with the Merchant. Neither the Programme Owner nor the Issuer assumes liability for the quality, safety, legality or any other property of the goods and services purchased with the Card.
14. PROCESSING OF PERSONAL DATA / YOUR DATA
14.1 The Programme Owner, as Data Controller, shall process and use the personal data required in order to provide the Service under these GTC and acquired by it during the performance thereof per the data protection regulations in force. The legal basis of the processing of data is the execution of the Contract [Article 6 (1) (b) of GDPR].
14.2 Summary table of the Programme Owner’s processing of personal data:
| Summary of the processing of data concerning the Service provided by the Programme Owner to the Card Holder | |
| Data Controller | In the processing of personal data regarding the contract concluded between the Programme Owner and the Card Holder, the Programme Owner is the Processor. |
| The purposes of the processing | The Card Holder’s compliance with the Services included in the GTC |
| Legal basis of data processing | The compliance with the Contract concluded between the Programme Owner and the Card Holder [Article 6 (1) (b) of the GDPR] |
| Scope of data processed | Data Subject’s surname; forename; name on card (21 characters at most); date of birth; permanent residence (post code, town, street, number); correspondence if other than residence (post code, town, street, number); e-mailing address; cell phone number; amount to be credited; serial No. of card; Data of the transaction; habitual residence in Hungary if Data Subject is a foreigner; Account history; Address of Data Subjtect’s workplace |
| Term of data processing | Total duration of the service and 5 years following its termination (until the limitation period of the possible claims concerning the Service) |
| Processors | PrePay Solutions Ltd. (member of the Edenred group; head office: London: 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY UK) purpose of the data processing: management of card balances, authorisation of card transactions, online balance inquiries, issuance and activation of Cards, crediting of e-money allocated for this purpose to the cards, providing access to data (e.g. transaction history, available balance), processing of Transactions; as regards PrePay Solutions Ltd. as the issuer of the card, the processing of data of the Data Subject shall be considered as if it took place in the territory of Hungary, inasmuch the data get processed within the European Union (United Kingdom). Idemia Hungary Kft. (head office: Tó-Park land reg. No.: 3301/21., H-2045 Törökbálint, Tópark utca, Hungary) purpose of data processing: manufacturing of cards; Y-Collective Kft. (head office: H-7628 Pécs, Arany János u. 24., Hungary) purpose of data processing: extranet operation, processing of card orders, operation of website and application; IT support activity |
The summaries serve only as an easy overview, please read the full Data Protection Information Notice that differs from that available on the site www.edenredkartya.hu.
| Summary of the processing of data concerning the marketing / advertising activity of the Programme Owner | |
| Data Controller | Concerning the data processing regarding its marketing / advertising activity, the Programme Owner is the Data Controller. |
| The purposes of the processing | Sending marketing / advertising messages to the Card Holder |
| Legal basis of data processing | The Data Subject’s consent [Article 6 (1) (b) of the GDPR and Article 6 (1) of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activities]. The consent may be withdrawn at any time. |
| Scope of data processed | The Data Subject’s surname; forename; e-mail address; mobile phone number; |
| Term of data processing | Until the withdrawal of the consent |
| Processors | Y-Shift Kft. (head office: H-7636 Pécs Arany János utca 24., Magyarország) purpose of data processing: data processing for the purposes of advertising. The Rocket Science Group LLC d/b/a MailChimp (head office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA) purpose of data processing: data processing for the purposes of advertising – sending out newsletters |
The summaries serve only as an easy overview, please read the full Data Protection Information Notice that differs from that available on the site www.edenredkartya.hu.
14.3 Should the Card Holder not provide personal data required by the Programme Owner for providing its service, the Card Holder will not be able to call upon the services provided by the Programme Owner.
14.4 The exercise of the Card Holder’s rights regarding his access to his own data, the Card Holder may call upon the Programme Owner in an e-mail sent to the addresses adatkezeles-hu@edenred.com or dpo.hungary@edenred.com.
15. GENERAL PROVISIONS
15.1 If we do not exercise or delay with exercising any right or legal remedy set out in this Contract, this shall not be considered as a waiver of that right or legal remedy or the exclusion of the later exercising of such right or legal remedy.
15.2 If any provision of this Contract is deemed unenforceable or illegal, this shall have no effect on the remaining provisions, provided that the unenforceable or illegal provision is not an essential part of the Contract.
15.3 You may not assign or transfer your rights and/or benefits arising from these General Terms and Conditions. Your liability will continue until all Cards issued to you are cancelled or expired, and you have paid all amounts payable under these GTC. We may assign our rights and benefits at any time without notifying you in writing. We may sub-contract any of our obligations arising from this Contract.
15.4 No third party that is not a party to these GTC shall have the right to enforce the provisions of this Contract, with the exception that MasterCard International Incorporated and its relevant affiliated companies shall be entitled to enforce any provision of this Contract that provides them any benefit or right, and the (legal) entities specified in Clause 13.4 shall be entitled to enforce the contents of Clause 13.
15.5 In case of a legal dispute, the regular Hungarian court is exclusively authoritative according to the seat of the Programme Owner is authoritative with the condition that having regard to the location of the Issuer’s registered office, the ordinary English courts with competence based on the Issuer’s seat shall have exclusive jurisdiction with regard to legal disputes concerning also the Issuer.
16. CUSTOMER SERVICE CONTACTS
16.1 If you require help or wish to report that your Card has been lost or stolen, call our Customer Service at the number +36 1 382 4000 in the business hours available on the website edenred.hu
16.2 Lost or stolen Cards may be reported on the Website (www.edenredkartya.hu) in the MyAccount interface, 24 hours a day. In this exact spot, the forgotten PIN feature may also be used 24 hours a day.
16.3 Card activation, Available Balance and Card Blocking are available to Card Holders 24 hours a day, call +36 1 382 4000.
16.4 If You have any difficulties using the Card, please contact our Customer Service or your employer.
Regarding the ordering, delivery and utilization of Edenred Cards as regards the Fees and Charges to be applied concerning the relating Services.
The Programme Owner may apply and levy the following fees and costs regarding the Services in cases specified in the Client GTC, and in the existence of the following circumstances.
⦁ Card Manufacturing and Delivering Charges
The fee of the manufacturing of the cards according to this table differs for each card, and the delivery fee shall be considered for packages.
| Type of Card | Card and Partner Card Fee | Card replacement fee (Lost, damaged or expired cards) | Delivery charge |
| Shopping | HUF 1,000 + VAT | HUF 1,000 + VAT | HUF 1,590 + VAT |
| Silver | HUF 1,000 + VAT | HUF 1,000 + VAT | HUF 1,590 + VAT |
| Gold | HUF 1,000 + VAT | HUF 1,000 + VAT | HUF 1,590 + VAT |
| School starter | HUF 1,000 + VAT | HUF 1,000 + VAT | HUF 1,590 + VAT |
| Culture and Sports | HUF 1,000 + VAT | HUF 1,000 + VAT | HUF 1,590 + VAT |
| Motivation | HUF 1,000 + VAT | HUF 1,000 + VAT | HUF 1,590 + VAT |
2. Handling charges:
⦁ Crediting of the balance of a not yet activated Card (per the GTC):
6% of the nominal value + VAT (but at least HUF 3000 + VAT). No crediting less than the minimum fee may be requested back.
⦁ Fee of transfer of balance between not yet activated Cards per the GTC:
The amount of the Administration Fee charged is HUF 1,000 + VAT / transfer / card.
3. Annual Card Fee
Shall be paid if the Client does not make any crediting to the (Partner) Card within 180 days after the Order per the GTC. Extent: 5.000 HUF/card
Any fee and charge specified in this annex shall be considered in HUF. VAT shall be determined in accordance with applicable laws. The fees and charges specified in this annex are in force from 16 July 2018.
Edenred may automatically modify the amounts of the fees and charges included in this annex as of the first day of each year, by the average consumer price index annually published by the Hungarian Central Statistical Office, authoritative for the previous calendar year, which increase shall not exceed the 10 percent of the given fee. The change of the fees and amounts modified thereby shall be published on the Edenred homepage. Edenred reserves the right not to validate the indexing of the fee once or even several times, according to a separate agreement, concerning certain clients / client groups.
CLICK HERE to download the Request for transfering card balance
CLICK HERE to download the Request for transfering card balance