Terms of Use for End Users of QPLIX Account Information Services

1.1 Contracting Partiesand Subject Matter
QPLIX GmbH, Nußbaumstraße12, 80336 Munich (Local Court (Amtsgericht) Munich, HRB 200052), e-mail: info@qplix.com (hereinafter "QPLIX"), is a paymentinstitution (Zahlungsinstitut) licensed and supervised by the Federal FinancialSupervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht –"BaFin"), Graurheindorfer Str. 108, 53117 Bonn, fax: +49 2284108-1550, e-mail: poststelle@bafin.de.

QPLIX provides a web-basedAccount Information Service (Kontoinformationsdienst – "AIS") thatenables end users to retrieve account balances and account transactions(collectively "Account Information") from payment accounts and otheraccounts held at credit institutions, financial service institutions, creditcard companies and other financial data providers (collectively "AccountServicing Payment Service Providers" or "ASPSPs"), to the extentsuch accounts fall within the scope of services agreed between the end user andthe Service Provider (as defined below).

The Account Informationretrieved via the AIS is processed by QPLIX and transmitted to the service usedby the end user through technical interfaces.

‍1.2 Relationship with the Service Provider
‍QPLIX and the ServiceProvider are legally and economically independent entities that each provideseparate and distinct services to the end user (for the interaction betweenQPLIX and the Service, see Section 2.1.1).

‍1.3 Process of Concluding the Contract
‍The conclusion of theseTerms of Use is a prerequisite for the provision of Account InformationServices by QPLIX. For this purpose, the end user is redirected from theService Provider's service to a website or system operated by QPLIX; this mayalso take the form of an embedded presentation (e.g. via iFrame) within theService. On this website or system, the end user may carry out the followingsteps:

1.3.1 The end user mayreview these Terms of Use, including the pre-contractual information and theprivacy notice, and enter his or her access credentials for the relevant ASPSP(user ID or similar, as well as PIN/password). By clicking the "Continue"or "Continue to TAN entry" button, the end user declares his or heracceptance of these Terms of Use. Upon such acceptance, the contract betweenthe end user and QPLIX is concluded (hereinafter "Conclusion ofContract"). The access credentials are then transmitted to QPLIX and theconnection to the ASPSP is established by QPLIX.

1.3.2 In the context of theAIS, the ASPSP may require Strong Customer Authentication (starkeKundenauthentifizierung – "SCA"). In such case, the end user mayenter the requested personalised security credentials (personalisierteSicherheitsmerkmale), e.g. a TAN, in the QPLIX input form for transmission tothe ASPSP, provided this is required and technically feasible.

‍1.4 Amendments to these Terms of Use
‍These Terms of Use shallapply exclusively to the provision of Account Information Services in therelationship between QPLIX and the end user. Amendments will be communicated indue time prior to their intended effective date in writing, in electronic formor in text form (Textform) within the meaning of Section 126b of the GermanCivil Code (BGB). Amendments shall be deemed approved unless QPLIX receives anobjection from the end user within one month of notification. Notification maybe made by way of a display within the QPLIX input form or via the ServiceProvider. In the event of an objection, the end user shall be entitled toterminate these Terms of Use without notice. QPLIX will expressly draw the enduser's attention to the objection period and the right of termination with eachamendment notification.

2.1 Functionality andInteraction
2.1.1 Interactionbetween the Service and QPLIX
‍The end user may access theAIS functions from within the Service Provider's service. The entry andprocessing of the end user's personal access credentials with the relevantASPSP, as well as the execution of the AIS, are carried out directly by QPLIX. Afterexecution of the AIS functions, QPLIX makes the retrieved data available to theend user for display and further processing within the Service Provider'sservice. At no time does the Service Provider receive sensitive payment data(sensible Zahlungsdaten) that would enable it to independently access AccountInformation held at the end user's ASPSPs. Sensitive payment data istransmitted to and processed exclusively by QPLIX. QPLIX protects the sensitivepayment data entered by the end user against unauthorised access throughappropriate technical and organisational measures.

‍2.1.2 Scope of the AIS
‍The AIS provided by QPLIXgenerally comprises the functions described below; the functions actuallyavailable to the end user in any individual case also depend on the scope ofservices agreed between the end user and the Service Provider, meaning that certainfunctions listed below may not be available:

‍General:
- Receipt of the end user's personal access credentials for the relevant ASPSP on a separate and secure website or system operated by QPLIX. Receipt of a TAN or other additional security credential on a separate QPLIX website or system and transmission to the end user's ASPSP.
- Additionally: Ad-hoc retrieval of Account Information at the end user's request. Retrieval of Account Information by the service used by the end user.

‍2.2 Availability and Use
‍The functionalities providedby QPLIX are available to the end user to the extent agreed between the enduser and the Service Provider. Use is governed by these Terms of Use.

3.1 Intended Use
The end user may use the QPLIX functions only within the usage scenarios expressly permitted under theseTerms of Use. In particular, the end user shall not use the AIS to: disrupt, overload or interrupt the functionality of the AIS; circumvent, impair or manipulate the operation or functionality of the AIS; circumvent technical safeguards or restrictions; embed the AIS on third-party websites or in other applications, or otherwise link to it; compromise the security of any software, network or server used by QPLIX, or exploit security vulnerabilities thereof; use the AIS in connection with activities that   constitute a criminal offence or violate applicable national or international laws or regulations.

3.2 Suspension in Caseof Misuse
QPLIX is entitled to suspendthe end user's access to the AIS functions if there are concrete indications ofmisuse or a threat to data security.

QPLIX shall be liable inaccordance with the applicable statutory provisions for damages that were caused by QPLIX intentionally or through gross negligence; or were caused by QPLIX through slight negligence and result from a breach of material contractual obligations (Kardinalpflichten) – i.e. obligations the fulfilment of which is essential for the proper performance of this contract and on the observance of which the end user may regularly rely. In such case, liability shall be limited in amount to the damage that was foreseeable and typical for this type of contract.The above limitations ofliability shall apply accordingly to claims against employees and agents ofQPLIX. Liability for damages arising from injury to life, body or health shallremain unaffected.

The use of the AIS providedby QPLIX is free of charge for the end user.

6.1 Term and Termination
‍The contract becomeseffective upon Conclusion of Contract and is entered into for an indefiniteperiod. Either party may terminate the contract by giving two weeks' notice intext form (Textform), e.g. by e-mail. The right to extraordinary termination forgood cause shall remain unaffected.The contract shall terminateautomatically, without the need for any declaration by either party, if: the contractual relationship between QPLIX andthe Service Provider ends; or the contractual relationship between the end userand the Service Provider ends.
‍
‍6.2 Consequences of Termination
‍Upon termination of thecontract, QPLIX will delete all stored personal data of the end user, unlessQPLIX is entitled or obliged to retain such data under applicable statutoryprovisions.

7.1 Governing Law
This contract and anydisputes arising in connection herewith shall be governed exclusively by thelaws of the Federal Republic of Germany.

7.2 Jurisdiction
If the end user is amerchant (Kaufmann), a legal entity under public law or a special fund underpublic law (öffentlich-rechtliches Sondervermögen), Munich shall be theexclusive place of jurisdiction. QPLIX shall in such case also be entitled tobring proceedings at the end user's registered seat.

7.3 Exclusive Applicability
Any general terms andconditions of the end user that deviate from or supplement these Terms of Useshall not apply unless QPLIX has expressly agreed to their applicability inwriting.

I. Information on thePayment Service Provider (Zahlungsdienstleister)
1. Name and Address
‍QPLIX GmbH
Nußbaumstraße 12
80336 Munich, GermanyTelephone: +49 89 998 2716-0
E-mail: info@qplix.com
Web: https://www.qplix.comBaFin ID: 154608

‍2. Competent Supervisory Authority and Registration
‍Federal Financial Supervisory Authority (Bundesanstalt fürFinanzdienstleistungsaufsicht – BaFin)
E-mail: poststelle@bafin.de | Web: www.bafin.deOffice in Bonn: Graurheindorfer Str. 108, 53117 Bonn
Office in Frankfurt: Marie-Curie-Str. 24-28, 60439 FrankfurtDeutsche Bundesbank
Regional Office Berlin and Brandenburg (Hauptverwaltung Berlin und Brandenburg)
Leibnizstr. 10, 10625 Berlin
E-mail: info@bundesbank.de | Web: www.bundesbank.de

‍II. Information on the Use of Payment Services (Zahlungsdienste)

1. Account Information Service (Kontoinformationsdienst)
The Account InformationService (Kontoinformationsdienst) provided by QPLIX is an online service forthe provision of consolidated information on payment accounts and otheraccounts held at credit institutions, financial service institutions, creditcard companies and other financial data providers. The contract between the enduser and QPLIX is concluded when the end user enters his or her personalisedsecurity credentials (personalisierte Sicherheitsmerkmale) – i.e. user ID orsimilar, and where applicable account number or IBAN and PIN/password – on aQPLIX website or an embedded QPLIX website (e.g. via iFrame) and grants his orher express consent to the Account Information Service by confirming thecorresponding dialogue field.

‍2. Fees and Exchange Rates
‍The use of the AccountInformation Service provided by QPLIX is free of charge for the end user. QPLIXhas no influence over any fees, interest rates or exchange rates arising fromthe contractual relationship between the end user and the ASPSP.

‍3. Communication
‍The pre-contractualinformation is made available to the end user by QPLIX prior to the conclusionof the relevant contract.

‍4. Protective and Remedial Measures
‍In the event of suspected oractual fraud or security risks, QPLIX or the Service Provider will inform theend user without undue delay.

‍5. Liability Information
‍5.1 Where unauthorisedpayment transactions (nicht autorisierte Zahlungsvorgänge) result from the useof a lost, stolen or otherwise misappropriated payment instrument(Zahlungsinstrument), or from other misuse of a payment instrument, the ASPSPmay demand from the end user compensation for the resulting damage up to anamount of EUR 50.

5.2 The end user shall notbe liable under Section 5.1 if:
it was not possible for the end user to detectthe loss, theft, misappropriation or other misuse of the payment  instrument prior to the unauthorised payment transaction; or the loss of the payment instrument was caused by an employee, agent, branch of the end user's ASPSP, or any other entity to which activities of the ASPSP have been outsourced.

5.3 Notwithstanding Sections 5.1 and 5.2, the end user shall be liable to the ASPSP for the full amount ofdamage resulting from an unauthorised payment transaction if the end user:
acted with fraudulent intent; or caused the damage through intentional or grosslynegligent breach of his or her obligations under Section 675l(1) of the German Civil Code (BGB), or of the agreed conditions for the issuance anduse of the payment instrument.
5.4 Notwithstanding Sections 5.1 and 5.3, the end user shall not be liable for damages if:
the ASPSP did not require Strong Customer Authentication (starke Kundenauthentifizierung) within the meaning of     Section 1(24) of the Payment Services Supervision Act(Zahlungsdiensteaufsichtsgesetz – ZAG); or the payee or the payee's payment service provider did not accept Strong Customer Authentication within the meaning of Section 1(24) ZAG.This shall not apply if theend user acted with fraudulent intent. In the case of sentence 1 no. 2, theparty that did not accept Strong Customer Authentication shall be obliged tocompensate the end user's ASPSP for the resulting damage.

5.5 The end user shall notbe liable for damages arising from the use of a payment instrument afternotification has been made in accordance with Section 675l(1) sentence 2 of theGerman Civil Code (BGB). The same applies if the ASPSP has failed to complywith its obligation under Section 675m(1) no. 3 BGB. Sentences 1 and 2 shallnot apply if the end user acted with fraudulent intent.
‍
‍6. Notification Periodfor Unauthorised or Incorrectly Executed Payment Transactions
‍The end user is obliged tonotify the ASPSP without undue delay (unverzüglich) upon becoming aware of anyunauthorised or incorrectly executed payment transaction. Claims and objectionsof the end user against the ASPSP shall be excluded if notification is not madewithin 13 months of the date of the relevant payment transaction at the latest.

‍7. Liability of the ASPSP for Unauthorised Payment Transactions
‍In the case of anunauthorised payment transaction, the ASPSP shall have no claim forreimbursement of expenses against the end user. The ASPSP is obliged to refundthe payment amount to the end user without undue delay and, where the amounthas been debited from a payment account, to restore that payment account to theposition it would have been in had the unauthorised payment transaction nottaken place. This obligation must be fulfilled without undue delay, but nolater than by the end of the business day following the day on which the ASPSPwas notified that the payment transaction was unauthorised or otherwise becameaware thereof. Claims and objections of the end user against the ASPSP shall beexcluded if the end user does not notify the ASPSP within 13 months of the dateof the debit arising from the unauthorised or incorrectly executed paymenttransaction.

‍8. Liability for Non-Execution, Defective or Delayed Execution of a Payment Order
‍8.1 Where a paymenttransaction was initiated by the end user and was not executed or was executeddefectively, the end user may demand from the ASPSP immediate and full refundof the payment amount. Where the amount was debited from the end user's paymentaccount, the account must be restored to the position it would have been in hadthe defective payment transaction not taken place. To the extent that chargeswere deducted from the payment amount contrary to Section 675q(1) BGB, the enduser's ASPSP must transmit the deducted amount to the payee without unduedelay. Liability under this paragraph shall not apply if the end user's ASPSPproves that the payment amount was received in full by the payee's paymentservice provider.

8.2 Where a paymenttransaction initiated by the end user was executed late, the end user maydemand that the ASPSP assert the claim set out in sentence 2 against thepayee's payment service provider. The end user's ASPSP may demand that thepayee's payment service provider credit the payment amount to the payee'spayment account as if the payment transaction had been executed properly.Liability under this paragraph shall not apply if the end user's ASPSP provesthat the payment amount was received by the payee's payment service provider ina timely manner.

8.3 The claims under Section8.1 sentences 1 and 2 shall not exist to the extent the payment order wasexecuted in accordance with an incorrect unique identifier (Kundenkennung)provided by the end user. In such case, the end user may demand that the ASPSPmake reasonable efforts to recover the payment amount.

8.4 In addition to theclaims under Section 8.1, the end user may demand from the ASPSP reimbursementof any fees and interest charged or debited to the end user's payment accountin connection with the non-execution or defective execution of the paymenttransaction.

8.5 Where a paymenttransaction involves multiple payment service providers, at least one of whichis located within and at least one of which is located outside the EuropeanEconomic Area, Sections 8.1 to 8.2 shall not apply to the portions of the paymenttransaction conducted within the European Economic Area.

‍9. Complaint and Redress Procedures
‍End users may addresscomplaints to BaFin in accordance with Section 60 of the Payment ServicesSupervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG). Complaints must befiled in writing or recorded at BaFin and should describe the facts of the caseand the grounds for the complaint:

Federal FinancialSupervisory Authority (BaFin)
Graurheindorfer Straße 108, 53117 Bonn, Germany

QPLIX is generally willingto participate in dispute resolution proceedings before the conciliation bodyof the Deutsche Bundesbank (Schlichtungsstelle bei der Deutschen Bundesbank).This conciliation body is an official consumer dispute resolution body with alegally defined scope of competence:

Conciliation Body at the Deutsche Bundesbank (Schlichtungsstellebei der Deutschen Bundesbank)
P.O. Box 11 12 32, 60047 Frankfurt am Main, Germany
Telephone: +49 69 2388-1907
E-mail: schlichtung@bundesbank.de
Web: www.bundesbank.de/schlichtungsstelle