Legal Information

INTRODUCTION: Welcome to the mobile application of the „UWin®“ Loyalty Programme, especially developed for cardholders of UNITED BULGARIAN BANK AD. Developer and owner of the source code of the Application is Horizon Software Solutions Ltd. ("HSS") company registered in England and Wales under company number 05750041, BOOTH STREET CHAMBERS, ASHTON UNDER LYNE, LANCASHIRE, OL6 7LQ, UK.

The purpose of these General Terms - referred to hereafter as “Terms” - is to determine the procedure, manner and the rules of using the Application and the information, which the Bank will be providing through it to the end users.

1.GENERAL RULES RELATING TO CONDUCT: The mobile application of the „UWin®“ Programme has been created in order to recognize UBB AD clients as participants in the Programme and to inform them of third-party partners, which, by virtue of a separate agreement with the Bank, have agreed to provide them with trade discounts, as well as information about the location of their commercial sites on the territory of Bulgaria.

1.1 How to download the application:

Any user, owner of a smart device, can download the Application, as Android users have to visit the Google Play Store, and Apple users - iOS operating system - have to download the application from iTunes, as it is enough to enter UWin, after which the application will be visible.

1.2 How to use the discounts at the commercial sites, included in the programme:

For this purpose, you need to be a client of UBB with an issued debit or credit card of the Bank, which has to be active and not blocked as at the moment when you enter your data All debit and credit cards of the Bank for individuals and legal entities participate in the programme automatically after registration of a client from the application’s homepage menu. Certain categories of personal data are entered in this menu, such as specific digits from the owned debit or credit card, as well as date of birth, which are processed by UBB AD solely for the purpose of identifying you as a cardholder of UBB, as the discounts under the programme are intended only for UBB cardholders. In case that you do not have an issued debit or credit card you can refer to any branch of the Bank and fill out a request for issuing of a debit or credit card by UBB AD.

Upon registration and activation of the access to the Application, its user consents to adhere to these terms. If there are questions regarding the Application or the present Terms, the user may contact the Bank in any of the ways listed in item IX of these General Terms.

In case of dissent with these Terms, the user has to immediately terminate the use of the application.

2. Access to offers and proposals under the loyalty programme

The clients of the Bank, users of the Application, receive access to structured commercial content, QR code scanner, special offers, promotions with discount percentages, offers for receipt of points, prize raffles and - in case of given explicit consent by them in line with the purposes, stated in the Confidentiality Statement /Information on the Processing of Personal Data of UBB AD clients - they have the option to receive notifications through the Application. Clients consent to receive the respective notifications by marking a checkbox on the display of the mobile app. Clients can also cancel the notifications at any moment by unchecking the respective box in the window on the same screen. Until the client makes their active choice with regard to the receipt of notifications they will not be using this service.

Based on the information about the card type (debit/credit/corporate), which clients use, as well as data which they have submitted entirely voluntarily and which is being processed for the purpose of identifying them as UBB AD cardholders, clients will be able to take advantage of offers by merchants, willing to provide discounts to our clients, depending on the type of used card. In case the data has been entered by a person who is not an active cardholder of UBB AD, it will be stored for a limited period of time - 30 calendar days, after the expiration of which the entered data will be deleted.

3. Screen with personal offers

By entering their personal data in the Personal Offers section clients consent to be profiled and to receive personal offers, based on their age, Gender, Place of residence, also depending on their location after processing the information they filled in this section. It is possible that they may receive offers with a personal address “Dear Mr. ..., Dear Ms. ...”, as well as offers for their birthday. It is possible that based on their preferred commercial offers clients could receive a secret offer, visible only by them and which has been received after a certain action by the client, described in detail in each offer. If the client has stated a telephone number, it will be used to contact them for the receipt of a prize related to lotteries or another type of game offers. If the client has stated a Company ID/ Bulstat of a company, they can receive a special offer as an owner, manager or an employee of this company, from a merchant in the application. In case that the client does not wish to be profiled and to receive personal offers, he/she can immediately delete his/her data from the screen. As of that moment their data will not be processed for this purpose and will not be stored by the Bank or the service provider. The client may delete or edit the data, entered by him/her at any moment, thus withdrawing his/her consent to the processing of their data for the purpose of profiling and preparing personal offers from merchants, partners of the Bank. The data in these fields is not mandatory and is only filled out optionally and if the client wishes so. In case that the client deletes their data from the Personal Offers section, only data for the registration of the client in the Platform will be stored. The registration data can be deleted after a submitted request by the client to UBB AD at [email protected] After receipt and review of the request for the deletion of the data they will be immediately deleted from the platform. If the downloaded mobile application is deleted from a specific device the profile of the registered client is kept and he/she can download the application again on other devices, using the data from his/her initial registration.

II. PURPOSE OF THE APPLICATION

The application is provided for the purpose of receiving reference information for offered commercial discounts upon payment of goods and services with a debit or a credit card, issued by UBB AD in commercial sites of third parties - partners of the „UWin®“ Programme.

The access to the information for discounts is provided after registration of the user with an e-mail in the Application and the access to special offers and discounts is provided after identification of the user in his/her capacity as a current UBB AD client and holder of an active debit and/or credit card, issued by the Bank, and consent through filling of their data in the screen. Some of the third parties - partners of the „UWin®“ Programme - may request that the identified user should perform other actions in the Application for the purpose of receiving a discount or other preference - for example to scan a QR code, barcode, to provide access to the teller for the entering of a unique code. The registration in the Application is being made based on a valid e-mail address, which the cardholder writes either directly, or through a Facebook or Google profile. For authentication purposes, the user has to fill out one-off his/her date of birth and the first 6 and last 4 digits of his/her bank card, issued by UBB AD. This personal data is provided to the Bank for the purpose of the client’s identification as a UBB AD cardholder. On its part, the Bank will return a confirmation to the supplier that the respective person is a client, or, respectively, is not a client of UBB AD, actively using credit/debit/corporate card of the Bank. Based on the received information on the screen of the device, offers and discounts are respectively visualized, intended for the user of the programme. If the answer by the Bank is that the person is not a client of UBB AD with an active bank card, the entered data for the card is no longer stored.

In case of need of additional authentication (duplication of data) it is possible that entering a UBB AD client number may be required.

The access to the Application is based on an e-mail address, Facebook or Google profile and a password, which are provided by the user of the application, as the latter is responsible for their safekeeping and privacy. After a successful registration as a cardholder with a card, issued by UBB, the client can use the discounts of the merchants, included in the programme.

When using the Application, the user has to adhere to all applicable laws of the Republic of Bulgaria and the current Terms and Conditions.

III. CONTENT: The copyrights on all materials, contained in or accessible through the Application, including all the information, data, text, music, sound, pictures, graphics and video messages, the selection and their arrangement, are property of UBB AD and third parties, partners of the „UWin®“ Programme. All rights are reserved. The user may review, print or download excerpts from the material for their own personal use, but they cannot copy, edit, change, reproduce, publish, show, disseminate, store, transfer, etc., in any form whatsoever, without the explicit permission of UBB AD.

The trademarks, brands for services and logos (“Trademarks”), contained in the Application, are owned by UBB AD or third parties, partners of the „UWin®“ Programme. The user cannot use, copy, edit, change, reproduce, publish, show, disseminate, store, transfer the trademarks without the prior written consent of UBB AD or the respective partner of the „UWin®“ Programme.

IV. LINKS WITH THIRD PARTIES: The Application may contain links to web-sites, managed by third-parties (“Web pages of third parties”). UBB AD may realize some of these links through the use of partner programmes of third parties. Independently from such partner programmes, UBB AD has no influence whatsoever or control over such web-sites of third parties and - unless stated otherwise – shall bear no responsibility for the web-sites of third parties or for their availability or content.

V. CUSTOMER DATA PROTECTION:

UBB AD will process the personal data of the user of the application only on the basis and for the purposes, stated in these General Terms and in the respective agreements for bank products, concluded between the user and the Bank.

The Bank shall process the personal data of its clients by virtue of and in accordance with the Personal Data Protection Act (PDPA) and Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). By signing an agreement for the issuing of a card, as well as by downloading the application and entering their data in the fields on the screens of the Loyalty Programme, clients state that they have acquainted themselves with the UBB AD Information on the Processing of Personal Data document, available on the Internet page of the Bank www.ubb.bg, in the banking halls and in the Useful Documents section of the mobile application, and that they have received information through the stated document:

5.1. for UBB AD in its capacity as a Personal Data Controller and how to contact the Bank’s Data Protection Officer;

5.2. what their rights are in relation with the processing and protection of their personal data and the way to exercise those, including information on their entitlement to obtain details on the types of data, pertaining to him/her and processed by the Bank, as well as the source of such data, in case they have not been collected from the Client; their right to demand that the Bank should obliterate, rectify or restrict the processing of their personal data, which processing is being improperly or unlawfully handled; their entitlement to data portability; their right to object to the processing of their personal data, when such is being made on grounds of a legitimate interest of the Bank; their right to withdraw the provided consent to the processing of their personal data for particular purposes, as well as their lawful entitlement to complaint before the Commission for Personal Data Protection in the latter’s capacity as a supervisory authority within the meaning of the General Data Protection Regulation;

5.3. The need to have their personal data processed and the eventual consequences, upon failure to provide this data;

5.4. The grounds for processing of their personal data, incl. information that the Bank is not going to process their personal data for the purpose of elaborating a client profile and for offering of tailor-made products and services in a direct way, without their explicit consent;

5.5. The purposes, for which the Bank processes their personal data, received under the terms and conditions of the particular Agreement, including together with other personal data of theirs, which the Bank has lawfully obtained from third parties, incl. other personal data controllers, as well as about the Bank’s entitlement to process their personal data even after discontinuing the provision of payment services, when such processing is needed for fulfillment of a statutory obligation of the Bank or for protection of its lawful interests, as well as in other cases, permitted by law.

5.6.About the recipients, to which their personal data could be provided by the Bank in the cases, permitted by law – other personal data controllers or personal data processors, acting on the Bank’s behalf,

5.7. The periods for storage of their personal data by the Bank.

VI. DISCONTINUATION OF A SERVICE: UBB AD reserves its right to discontinue the provision or to migrate the content of the Application to another platform with a 30-day prior notice.

VII. THIRD PARTY PARTNERS: If the user consents to buy goods and/or services from a third party, partner of the „UWin®“ Programme, announced through the Application, UBB AD shall not be liable for the quality and reliability of these goods and/or services and in case of questions or complaints in relation to them, these should be addressed directly to the third party, partner of the „UWin®“ Programme. All clients may send alerts for merchants who have not provided the requested by them discounts at [email protected], as well as reach UBB's Customer Service Center at 0700 117 17 or + 359 2 483 17 17.

VIII. UBB AD reserves its right to update the current document. If this occurs, the updated version will come into effect immediately and these General Terms will be accessible through a link in the Application. The user shall be responsible for the regular review of these Terms in order to acquaint themselves with all changes in them in a timely fashion.

IX. CONTACTS: [email protected]


I. Privacy Policy Summary

When you use HSS products and services, you trust us with your information. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. This is important; we hope you will take time to read it carefully. HSS cares about your privacy. For this reason, we collect and use personal data only as it might be needed for us to deliver to you our world-class products, services, websites and HSS Mobile Apps (collectively, “HSS Platform”). Under the Data Protection Act 1998, the EU General Data Protection Regulation (GDPR) approved by the EU Parliament on 14 April 2016 and related laws, we have a legal duty to protect the personal information we collect from you.

Your personal data includes information such as:

Date of birth, Email address, masked card number, which could identify you directly or indirectly.

Our Privacy Policy also describes options we provide for you to access, update or otherwise take control of your personal data that we process. If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at [email protected] This inbox is actively monitored and managed so that we can deliver an experience that you can confidently trust.

II. What information we collect

1. Information you give us

1.1 Information that is necessary for the use of the HSS Platform.

We ask for and collect the following personal information about you when you use the HSS Platform. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.

Account Information. When you sign up for HSS Mobile Apps, we require certain information such as email address.

1.2 Information you choose to give us

Marketing consent to receive information by email, Push notifications, Facebook.

Other Information. You may otherwise choose to provide us information when you fill in a form, conduct a search, update or add information to your HSS membership account, respond to surveys, participate in promotions, or use other features of the HSS Platform.

2. Information We Automatically Collect from Your Use of the HSS Platform

When you use the HSS Platform, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the HSS Platform.

Geo-location Information. When you use certain features of the HSS Platform, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device’s GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. HSS may also collect this information even when you are not using the app if this connection is enabled through your settings or device permissions.

Usage Information. We collect information about your interactions with the HSS Platform such as the pages or content you view, your acceptance of promotions, QR or barcode scanning, Offer redemption, bookings you have made, and other actions on the HSS Platform.

Log Data and Device Information. We automatically collect log data and device information when you access and use the HSS Platform. That information includes, among other things: details about how you’ve used the HSS Platform, IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the HSS Platform.

Cookies and Similar Technologies. We use cookies and other similar technologies. We may also allow our business partners to use these tracking technologies on the HSS Platform or engage others to track your behavior on our behalf. For more information on our use of these technologies, see our Cookie Policy.

3. Information We Collect from Third Parties

HSS may collect information, including personal information that others provide about you when they use the HSS Platform, or obtain information from other sources and combine that with information we collect through the HSS Platform and the Payment Services. We do not control, supervise or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.

Third Party Services. If you link, connect, or login to our HSS Mobile Apps with a third party service (e.g. Google or Facebook), the third party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.

Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you.

III. How we utilize information

We strongly believe in both minimizing the data we collect and limiting its use and purpose to only that (1) for which we have been given permission, (2) as necessary to deliver the Services we are obliged to provide, or (3) as we might be required or permitted for legal compliance or other lawful purposes. These uses include: Delivering, improving, updating and enhancing HSS Platform and the Services we provide to you. We collect various information relating to your use and/or interactions with HSS Platform.

We utilize this information to:

Improve and optimize the operation and performance of our Services (including HSS Platform and HSS Mobile Apps)

Diagnose problems with and identify any security risks, errors, or needed enhancements to the HSS Platform

Collecting aggregate statistics about use of the HSS Platform

Understand and analyze how you use HSS Platform and what products and services are most relevant to you.

Often, much of the data collected is aggregated or statistical data about how individuals use HSS Platform, and is not linked to any personal data, but to the extent it is itself personal data, or is linked or linkable to personal data, we treat it accordingly. Sharing with trusted third parties. We may share your personal data with affiliated companies within our corporate family, with third parties with which we have partnered to allow you to integrate their services into our HSS Platform, and with trusted third party service providers as necessary for them to perform services on our behalf, such as:

Serving advertisements, Conducting contests or surveys, Performing analysis of our Services and customers demographics and Communicating with you, such as by way email or survey delivery.

We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilizing, sharing or retaining your personal data for any other purpose than as they have been specifically contracted for (or without your consent).

Communicating with you. We may contact you directly or through a third party service provider regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service related communications. We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests. You don’t need to provide consent as a condition to use our services. These contacts may include:

Email, Mobile app notification

You may also update your subscription preferences with respect to receiving communications from us and/or our partners by signing into our mobile app and visiting “Profile” page.

If we collect information from you in connection with a co-branded offer, it will be clear at the point of collection who is collecting the information and whose privacy policy applies. In addition, it will describe any choice options you have in regards to the use and/or sharing of your personal data with a co-branded partner, as well as how to exercise those options.

If you would like to request that your personal information is removed from our database, please contact us at [email protected]

Transfer of personal data abroad. Please note that information collected by the HSS Platform will be stored in the European Union which may have different data protection laws than the country you reside in. You consent to our storage and processing of this information in the European Union by installing and using the HSS

Mobile Apps. If you utilize our HSS Platform from a country other than the country where our servers are located, your communications with us may result in transferring your personal data across international borders. Also, when you call us or initiate a chat, we may provide you with support from one of our global locations outside your country of origin. In these cases, your personal data is handled according to this Privacy Policy.

Website analytics. We use multiple web analytics tools provided by service partners such as Google Analytics to collect information about how you interact with our website or mobile applications, including what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use and network and IP information. We use the information provided by these tools to improve our Services. These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website. Each cookie cannot be used by anyone other than the service provider (ex: Google for Google Analytics). The information collected from the cookie may be transmitted to and stored by these service partners on servers in a country other than the country in which you reside. Though information collected does not include personal data such as name, address, billing information, etc., the information collected is used and shared by these service providers in accordance with their individual privacy policies. You can control the technologies we use by managing your settings through our Cookie Policy or the ‘cookie banners” that may be presented (depending on URL of website visited) when you first visit our webpages, or by utilizing settings in your browser or third-party tools.

Third-party websites. Our website and our mobile applications contain links to third-party websites. We are not responsible for the privacy practices or the content of third-party sites. Please read the privacy policy of any website you visit

IV. How you can access, update or delete your data

To easily access, view, update or delete your personal data (where available), or to update your subscription preferences, please sign into our HSS Mobile Apps and visit “Profile” screen. If you are unable for any reason to access your Membership account details, you may also contact us by one of the methods described in the “Contact Us” section below and if you request us to do so, we will remove your personal data from our servers maximum within 30 (thirty) days.

V. How we secure, store and retain your data

We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate. We retain personal data only for as long as necessary to provide the services you have requested and thereafter for a variety of legitimate legal or business purposes. If you have any questions about the security or retention of your personal data, you can contact us at [email protected]

VI. Transfer in the Event of Sale or Change in Control.

We may transfer information, including your personal information, in connection with a merger, sale, reorganization, acquisition or other change of ownership or control by or of Horizon Software Solutions Ltd. or any affiliated company (in each case, whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify users before their information becomes subject to different privacy and security policies and practices.

VII. Parent control

To download, install, access or use the HSS Mobile Apps, you must be 14 years of age or over. If you are under 14 and you wish to use, download, install, access or use the App, you must get consent from your parent or guardian before doing so.

A note for parents concerning privacy: HSS Mobile Apps and the App Store is for a general audience although age gating may be set by the relevant App Store based upon information we provide when we submit the App to the relevant App Store. The Internet offers children wonderful educational and entertainment resources. Your guidance and involvement are essential to help ensure that children have a safe and rewarding online experience. We encourage you to visit http://www.google.co.uk/safetycenter/families/start/basics/ to learn more about parental control tools.

VIII. Changes in our Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty days prior to the implementation of the changes.

IX. Contact us

If you have any questions, concerns or complaints about our privacy Policy, our practices or our Services, you may contact our Office of the DPO by email at [email protected] In the alternative, you may contact us by either of the following means: By Mail: Attn: Horizon Software Solutions Ltd, Booth Street Chambers, Ashton under Lyne, Lancashire, OL6 7LQ, United Kingdom By Phone: +44 7887854959