finAPI GmbH, Adams-Lehmann-Straße 44, D-80797 Munich (registered with the Munich AG (Amtsgericht/local court) in
Commercial Register Commercial Division B under number HRB 175250), e-Mail: kontakt@finapi.io, fax number: +49
89 416177-559 (hereinafter: ‘finAPI’), is a payment institution that is under the supervision of BaFin, the
German Federal Financial Supervisory Authority, Graurheindorfer Str. 108, D-53117 Bonn, Fax number: + 49 228
4108-1550, e-mail: poststelle@bafin.de.
The account information service (‘AIS’) provided by finAPI as online services enables end users to read their
account balances and account transactions (hereinafter: ‘account information’) from payment accounts and other
accounts of credit institutions and financial services institutions, credit card companies and other financial
data providers (hereinafter: ‘account providers’), provided that the account in question is included in the
scope of services agreed between the end user and the service provider (as defined below).
The payment triggering service (‘PTS’) provided by finAPI as an online service makes it possible for end users
to trigger (i.e. release) payment orders and payment transactions at the account provider.
The AIS/PTS services offered by finAPI can include both legally regulated access and account access and payment
transactions that is/are not specifically regulated by law.
The arrangements set down in this Usage Agreement for end users (‘Usage Agreement’) regulate the legal
relationship between finAPI and consumers and businesses, who at the same time are Users of a service (that can
also be delivered via an app) (the ‘service’) provided by a service provider (‘service provider’), who processes
the account information and/or collects the payment orders and payment transactions that he then passes on in
order to trigger a payment transaction (‘finAPI AIS/PTS’).
The account information read is stored at finAPI and is made accessible to the end user across an API
(Application Programming Interface) via the service of the service provider.
finAPI and the service provider are legally and economically independent companies and provide different services for the end users. For details of the interaction between finAPI and the service, see Section 2.1.1.
A precondition for the delivery of account information services and/or payment triggering services by finAPI is the entering into of this Usage Agreement. To this end, the end user will be transferred from the service to a webpage/system of finAPI. On this webpage/in this system, the end user can carry out the following activities:
1.3.1. The end user can take note of the data protection notice and the precontractual information for account information services and payment triggering services and the Terms of Use. By clicking on the ‘Weiter’ (‘Next’) button, the end user consents to the Terms of Use. The contract between the end user and finAPI is formed by means of this consent (‘formation of the contract’). The Terms of Use are available to the end user via a link so that they can be downloaded and/or printed out.
1.3.2. Next, the end user can enter his access details for accessing the account provider (incl. user identification or similar and PIN/password). In some cases, the end user also has the option to permit finAPI to store the PIN or to refuse this permission. By clicking on the corresponding button (e.g. ‘Bankverbindung importieren’/‘Import the bank account’), the access details are communicated to finAPI and the connection to the account provider is established by finAPI.
1.3.3. In the case of a finAPI AIS/PTS, the account provider can require strong customer authentication. In this case, the end user can state his personalised security features such as a TAN in the input screen and communicate them to the account provider via finAPI, in so far as this is necessary and technically feasible.
In principle, it is possible to include further account providers and/or accounts after the contract has been entered into, provided that this is supported by service providers and also takes place by transferring the end user to a finAPI webpage/system.
Nothing but these Terms of Use apply to the relationship between finAPI and the end user in respect of the delivery of the account information services or payment triggering services by finAPI. Changes to these Terms of Use will be communicated in a timely way in writing, in electronic form or in text form prior to their coming into force; they are considered to have been approved if finAPI has not received an objection from the end user by a time one month after being notified of the changes. This notification may be made either via finAPI (by communicating it in the input screen) or via the service provider. An objection entitles the end user to terminate this Usage Agreement without notice. finAPI will inform the end user about the option of and deadline for the submission of an objection.
The end user can utilise the finAPI AIS and PTS services via the service provider’s service. In doing so, the entering and administration of the end user’s personal access details for the respective account provider and the execution of the AIS/PTS services are carried out directly for the end user by finAPI. Following the execution of the AIS/PTS functionality, finAPI will provide the end user with the corresponding data for the communication and processing as part of the service provider’s service. The service provider does not receive any sensitive payment details at any time in this process that would make it possible for him to access account information at the end user’s account providers. The sensitive payment details are transferred directly to finAPI systems, are processed by finAPI and - in the case of AIS - stored by finAPI. finAPI protects the sensitive payment details entered by the end user against unauthorised access. The end user authorises finAPI to use the stored sensitive payment details to perform a PTS process. The sensitive payment details are not stored within the PTS.
In general, finAPI’s AIS/PTS services encompass the following functionality for the end user, although note that the functionality available to the end user in a particular case also depends on the scope of services agreed between the end user and the service provider, which means that some of the following functions may not be available to a particular end user in a particular case:
Individual functionalities of the finAPI AIS/PTS service depend on the products and services of third parties, which finAPI has no influence over. This may mean that individual functionalities of the finAPI AIS/PTS service may be unavailable temporarily or permanently.
In case of doubt, guarantees and warranties made by finAPI in relation to service features can only be construed as being such if they are made in writing (and signed) and are designated as a ‘Garantie’ (‘Guarantee’).
The end user is entitled to the finAPI functionalities to the extent of the scope of usage agreed between the end user and the service provider and to the usage thereof in accordance with this Usage Agreement.
End users are not permitted to use the finAPI functionality in a way that is not expressly permitted in these Terms of Use.
End users are not permitted to access or use the finAPI AIS/PTS to:
finAPI is entitled to block the end user’s access if there are indications of service misuse or of a threat to data security.
Within the framework of the statutory provisions, finAPI is liable for damage (including harm, injury and loss(es)), in so far as this:
In other respects, finAPI’s liability is excluded irrespective of the legal ground, apart from where finAPI is liable by imperative provision of the law, especially due to psychological suffering or damage done to a person’s body or health, takeover of an explicit guarantee, fraudulent non-disclosure of an impairment/defect or under the German Product Liability Act.
The limitations on liability also apply in respect of claims made against employees of and agents of finAPI.
End users use the finAPI AIS/PTS free of charge.
The contract commences when it is formed and is entered into for an indefinite period of time. The contract can
be terminated by either party with two weeks’ notice. This does not affect the right to extraordinary
termination. Terminations must be made in text form (e.g. by e-mail).
The contract ends without requiring a declaration by the end user or finAPI if:
finAPI will delete the end user’s personal data when the contract ends, in so far as finAPI is not entitled to or obliged to retain the data by law.
It is solely German law that is applicable to this contract and to any and all disputes that arise in this connection.
If the customer is a businessperson, a legal entity under public law or a separate fund under public law then the sole place of jurisdiction is Munich, Germany. In this case, finAPI is still entitled to bring a legal action at the customer’s business location.
This Usage Agreement applies exclusively. Conflicting or deviating general terms and conditions of the end user are not recognised by finAPI and do not create any legal effect, unless finAPI expressly agrees to them beforehand in writing.
Notice(s)
I: Duty to inform when delivering payment services
Precontractual information for account information services and payment triggering services (Article 675d BGB ((German Civil Code) in conjunction with Article 248 EGBGB (Introductory Law to the German Civil Code))
These details can also be pre-filled by the service provider.
The account information service provided by finAPi as an online service is an online service for the communication of consolidated information about payment accounts and other accounts of credit institutions and financial services institutions, credit card companies and other financial data providers. The contract between the end user and finAPI for an account information service is formed when the end user enters the personalised security features (user identification or similar and/or possibly account number or IBAN and PIN/password) on finAPI’s webpage and confirms his express consent for the account information service by confirming the corresponding dialogue field.
You will not be charged anything for using finAPI’s payment services. finAPI has no influence over fees, interest and exchange rates that arise from your contractual relationship with the account holder.
The precontractual ‘duty to inform’ information is provided to the end user by finAPI prior to the formation of the respective contracts. The communication between the end users and finAPI takes place in the German language. The contractual language too is German.
In the case of a suspected or actual fraud or in the event of security risks, finAPI or the service provider will inform the end user about this.
6.1. If unauthorised payment transactions are based on a lost, stolen or otherwise disappeared payment instrument or on another improper use of a payment instrument then the account provider can demand the sum of up to 50 euros from the end user as compensation for the resulting losses.
6.2. The end user is not liable under Article 6.1 if:
1. it was not possible for him to notice the loss, theft, disappearance or other improper use of the payment instrument before the unauthorised payment transaction was made, or if
2. the loss of the payment instrument was caused by an employee of, agent of or branch of the end user’s account provider or by another office to which the activities of the end user’s account provider were outsourced.
6.3. 6.3 Contrary to Articles 6.1 and 6.2, the end user is obliged to compensate his account holder for the entire loss that occurred following an unauthorised payment transaction if the end user:
1. acted with fraudulent intent or
2. brought about the loss through intentional or grossly negligent violation:
a) of one or more duties pursuant to Article 675l paragraph 1 or
b) of one or more agreed conditions for the issuing and usage of the payment instrument.
6.4. Contrary to Articles 6.1 and 6.3, the end user is not obliged to compensate his account holder if:
1. the account provider does not require the end user to provide strong customer authentication within
the meaning of Article 1, paragraph 24 of the ZAG (the German Payment Services Supervision Act), or if
2. the payee or his payment services provider does not accept a strong customer authentication within
the meaning of Article 1, paragraph 24 of the ZAG (the German Payment Services Supervision Act).
Subparagraph 1 does not apply if the end user acts with fraudulent intent. In the case of subparagraph 1 number 2, the party that does not accept a strong customer authentication is obliged to reimburse the end user’s account provider for the resulting losses.
6.5. 6.5 Contrary to Articles 6.1 and 6.3, the end user is not obliged to
compensate damage that arises from using a payment instrument after the notification was made pursuant
to Article 675l paragraph 1 sentence 2. In addition, the payer is not obliged to compensate for losses
within the meaning of paragraph 1 if the account provider has failed to fulfil his duty in respect of
Article 675m paragraph 1 Nr. 3.
Sentences 1 and 2 are not to be applied if the end user acts with fraudulent intent.
The end user is obliged to inform his account provider without delay once an unauthorised or defectively executed payment transaction is discovered. Claims and objections cannot be made by the end user in respect of his account provider if the end user has failed to inform his account provider at the latest by 13 months after the date of the unauthorised or defective payment transaction.
In the case of an unauthorised payment transaction, the end user’s account provider is not entitled to reimbursement of his expenditure. The end user’s account provider is obliged to reimburse the payment amount to the end user without delay and, in so far as the amount was debited from a payment account, to return this payment account to the state it would have been in if it had not been debited with the unauthorised payment transaction. This obligation is to be fulfilled without delay but at the latest by the end of the business day that follows the day on which the account provider was notified that the payment transaction was unauthorised or on which he learned of it another way. Claims and objections cannot be made by the end user in respect of his account provider if the end user has failed to inform his account provider at the latest by 13 months after the date on which the unauthorised or defectively executed payment transaction was debited.
9.1 When a payment transaction is triggered by the end user then in the event of an unperformed or defective execution of the payment order he may demand that the payment amount be reimbursed in full without delay. If the amount was debited from a payment account of the end user then this payment account must be returned to the state it would have been in if it had not been debited with the defectively executed payment transaction. If fees were deducted from the payment amount contrary to Article 675q paragraph 1 then the end user’s account provider must inform the payee without delay about the amount deducted. If the end user’s account provider demonstrates that the payment amount was received in full by the payee’s payment services provider then there is no liability under this paragraph.
9.2 If a payment transaction is triggered by the end user then if the payment order is executed late, he can require his account provider to assert the claim under subparagraph 2 against the payee’s payment services provider. The end user’s account provider can require the payee’s payment services provider to credit the payment amount to the payee’s payment account in the way that this would have been done if the payment transaction had been carried out properly. If the end user’s account provider demonstrates that the payment amount was received by the payee’s payment services provider in good time then there is no liability under this paragraph.
9.3 The end user cannot claim against his account provider under paragraph 9.1 sentences 1 and 2 if the payment order was carried out in accordance with the defective customer identification stated by the payment services user. In this case, the end user can still require his account provider to endeavour to recover the payment amount in so far as it is possible for him to do so.
9.4 In addition to his claims under 9.1, an end user can require his account provider to reimburse the fees and interest that the latter either invoiced him for or debited from his payment account in connection with the unperformed or defective execution of the payment transaction.
9.5 If multiple payment services providers participated in the payment transaction process and at least one of them is located inside and at least one is located outside the EEA (European Economic Area) then paragraphs 9.1 to 9.2 are not to be applied to those parts of the payment transaction process that were effected within the EEA.
In the case of complaints, by virtue of Article 60 ZAG (German Payment Services Supervision Act) end
users can turn to the German Federal Financial Supervisory Authority (the BaFin). The complaints must be
submitted to the BaFin in writing or as an official record and should set out both the situation and the
grounds for complaint. The complaint is to be addressed to:
Bundesanstalt für Finanzdienstleistungsaufsicht
The German Federal Financial Supervisory Authority (BaFin)
Graurheindorfer Straße 108, 53117 Bonn, Germany
In principle, finAPI is prepared to participate in dispute resolution procedures conducted by the German
Bundesbank’s arbitration board, which is an official consumer arbitration board. Its relevant
jurisdiction is laid down in law.
Schlichtungsstelle bei der Deutschen Bundesbank
Arbitration Board of the German Bundesbank
P.O. Box 10 06 02
60006 Frankfurt am Main, Germany
Tel.: +49-(0)69 / 9566-3232
e-mail:
schlichtung@bundesbank.de
Internet website:
https://www.bundesbank.de/de/service/schlichtungsstelle
In the event of linguistic ambiguities, contradictions, problems of interpretation or other doubts regarding the translation of these Terms of Use, the German version shall prevail.