Skip to main content

Terms and Conditions

The terms of service that are outlined here are a legal agreement between you and our company and by using this website and the PSD2 APIs you agree to these terms of service.

Take time to read and understand what the terms are. If you do not agree to these terms, do not use this website or the PSD2 APIs.

Without notification, the terms can be changed at any time. The content of this website might also change. These Terms and Conditions ("Agreement") govern the use of the provided PSD2 APIs (Application Programming Interfaces) provided by SpareBank 1 Østfold Akershus ("Bank") and their customers ("Customers") by PSD2 Third Party Providers ("TPP") acting as either Account Information Service Providers (AISP) or Payment Initiation Service Providers (PISP), or in any other role. By accessing and using the PSD2 APIs, the TPP agrees to comply with the terms outlined below:

API Access, Usage and Compliance:

  • The Bank grants the TPP a non-exclusive, non-transferable right to access and use the PSD2 APIs solely for the purpose of providing AIS or PIS services to the Customers.
  • The TPP shall only access the PSD2 APIs in accordance with the applicable regulations, including but not limited to the Revised Payment Services Directive - PSD2 (Directive (EU) 2015/2366), the EU General Data Protection Regulation - GDPR (Directive (EU) 2016/679) directive and any other relevant laws and regulations.

Security Measures:

  • The TPP shall implement appropriate security measures to protect against unauthorized access, disclosure, alteration, and destruction of data transferred through the PSD2 APIs.
  • The TPP shall promptly report any security incidents or breaches to the Bank.
  • Failures in complying with the security measures by the TPP might lead to blocking of access to the PSD2 APIs.

Fees:

  • The Bank may charge fees to the Customer for the use of some functions provided by the PSD2 APIs, these can be found in the general price lists of the Bank internet pages and is not part of this Developer Portal

Intellectual Property:

  • The Bank retains all intellectual property rights in the PSD2 APIs and related documentation.
  • The TPP shall not attempt to reverse engineer, decompile, or otherwise disassemble the PSD2 APIs.

Blocking in case of a breach in the Agreement:

  • The Bank reserves the right to temporarily or permanently block access to the PSD2 APIs, with or without prior notice, if the Bank reasonably suspects that the TPP is misusing the service or is involved in fraudulent activities, including but not limited to being a used by an external actor for hacking, or any other actions that may compromise the security or integrity of the Bank's systems, customer data, or services.
  • The Bank will make reasonable efforts to notify the TPP in advance of any blocking action, except in cases where immediate action is required to protect the Bank's systems or customer data.
  • The Bank may lift the block at its sole discretion upon resolution of the issue to the Bank's satisfaction.

Service Levels and Availability:

  • The Bank will use reasonable efforts to ensure the availability and reliability of the PSD2 APIs. The Bank will strive to maintain an SLA (Service Level Agreement) for the PSD2 APIs that is comparable to other digital channels provided by the Bank.
  • The TPP acknowledges that while the Bank aims to provide a reliable and consistent service, the availability and performance of the PSD2 APIs may be subject to factors beyond the Bank's control, including but not limited to system maintenance, unexpected technical issues, or external disruptions.
  • The Bank does not guarantee that the SLA will be met at all times, and the TPP acknowledges that occasional interruptions, delays, or variations in service levels may occur.
  • The Bank reserves the right to suspend or terminate access to the PSD2 APIs at any time for maintenance, security, or other operational reasons, and such actions may temporarily impact the SLA. In these cases, a message will be dispatched to the e-mail address registered through the TPP contact info endpoints in the PSD2 API.
  • The TPP agrees that the Bank shall not be liable for any loss or damages incurred by the TPP or its customers due to variations in service levels, interruptions, or unavailability of the PSD2 APIs, except as expressly provided in this Agreement or as required by applicable laws.

Notification of Breaking Changes:

  • The Bank agrees to provide the TPP with advanced notice of any planned breaking changes or material updates to the PSD2 APIs that may significantly affect the functionality or integration of the TPP's services.
  • The Bank will publish details of such planned breaking changes, including their nature, any necessary adjustments or modifications required on the TPP's part, and the anticipated impact on the TPP's services, on the Bank's official Developer Portal at least three (3) months in advance of the scheduled change implementation date.
  • The TPP is responsible for regularly monitoring the Developer Portal for updates and notifications regarding breaking changes.
  • The TPP agrees to promptly review and respond to the information provided on the Developer Portal and to take necessary actions to adapt its systems or services to accommodate the impending breaking change within the specified timeframe.

By accessing the PSD2 APIs, the TPP acknowledges and agrees to be bound by these Terms and Conditions. The Bank reserves the right to update or modify these terms at any time, and the TPP is responsible for regularly reviewing them.