- The BDP service is a payment gateway that AVAIBOOK offers to the CLIENT integrating the technological platform of payments certified PCI DSS level I of Paytpv On Line Entidad de Pago, S.L. (PAYTPV) payment entity registered in the Register of Payment Entities of the Bank of Spain, with the number 6874; through which it integrates solutions for collection and custody of card data, with the security environment required by the brands of cards (Visa, Mastercard, American Express, JCB, Discover and China Union Pay). The CUSTOMER knows and accepts it, within the scope of using the BDP service, the following obligations must be met:
- Not to store the complete information of the magnetic band of the card in any support neither the codes or data of authentication that consist in the same one. Likewise, the entire card number cannot be stored. For these purposes, the CLIENT will only be authorized to store the number of the card in an incomplete manner that does not allow identification, the name of the cardholder, and the expiration date of the card. The CUSTOMER shall ensure that any data on a card that the CUSTOMER or a third party on their behalf is authorized to store or process is securely stored in accordance with the Security and Operating Standards at all times. Without limiting the generality of the foregoing, the CUSTOMER undertakes to use the information collected from a cardholder on the occasion of a card transaction exclusively for the purpose of processing a transaction with that cardholder or attempting to resubmit a retrocession in relation to such an operation.
- Destroy or delete the supports or documentation containing transaction data with cardholder information once the legal periods during which these must be compulsorily conserved have elapsed. In the case that the conservation or storage of data is carried out by a third party service provider contracted by the CUSTOMER, this obligation will be transferred contractually.
- To hold AVAIBOOK harmless from any claim from cardholders, Payment Systems, issuing entities or third parties for damages related to the processing of payment operations under this contract.
- Guarantee, in any case, the confidentiality and security of the card data involved in the payment transactions processed under this Agreement. By way of illustration and without limitation, the CLIENT agrees to comply with all applicable laws, rules and regulations regarding the truncation or hiding of data of cardholders and expiration dates in receipts of operations processed in the BDP.
- To comply at all times with the legal regulations applicable to the marketing of its services, including the codes specified in the particular conditions of conduct to which it adheres, having all the administrative authorisations necessary to carry out its activity and to adopt the technical and organisational measures that for regulatory requirements or prudential reasons are adequate to guarantee such compliance in a reasonable and continuous manner. In particular, the CUSTOMER must strictly observe all consumer and user protection and advertising regulations.
- Declaration of activity: the CUSTOMER declares and confirms that the use of the BDP system will be used exclusively for the collection of the amounts of the reservations in their ACCOMMODATIONS and services directly related to them (such as bonds, taxes, etc.) and never for any other activity.
- Refrain from offering products and services that do not meet all the requirements required by law or whose trade is illegal. Do not process transactions that are illegal. Refrain from distributing content or articles that: 1) may incite violence or discrimination for any reason, 2) violate the rights of the child or harm the normal development of the personality of children, 3) consist of gambling activities such as casinos, bingos, etc., through the Internet, 4) are sexually explicit or 5) damage the good name or reputation of AVAIBOOK.
- Guarantee that their employees, agents and other authorized persons know the contents of this Contract and comply with the obligations that for the CLIENT derive from it, in particular with the rules governing the operation of Payment Systems, assuming full responsibility for the actions or omissions of such persons without limitation.
- Communicate to AVAIBOOK the proposed or carried out operations that show signs of being anomalous, communication that will be done by the fastest means as soon as it detects those signs, so that the carrying out or repetition of irregular operations can be avoided.
- Not to process operations that do not respond to the effective provision of the service offered by the CUSTOMER, being prohibited the use of payment systems that are made available to carry out operations aimed at self-financing.
To attend and resolve any complaint or claim related to the provision of the service whose payment has been made by card under these general conditions, not involving AVAIBOOK in its resolution and assuming directly before the claimant all the responsibilities that, where appropriate, correspond to the marketing of such services.
The content of this Contract is completed by the rules and instructions that AVAIBOOK establishes, imparts or refers to regarding the security of card data and processed payment transactions and their successive modifications, as well as the technical instructions regarding the operation of the equipment necessary to accept payment with cards and their successive modifications (hereinafter the "Security and Operating Rules"), which the CLIENT is obliged to comply with. In particular, the following standards are considered as "Safety and Operational Standards": the Payment Card Industry Security Standards (hereinafter "Payment Card Industry Standards") promulgated by the Payment Card Industry (PCI) Security Standards Council (including, without limitation, the Payment Application Data Security Standard); the operational and security regulations established by the Payment Systems and their successive amendments (hereinafter the "Payment Systems Regulations"), including the Visa and MasterCard regulations. These Payment Systems Regulations can be found on the following websites: es.pciscuritystandards.org, www.visaeurope.com, www.visainternational.com and www.mastercardintl.com respectively, and the websites that will replace them in the future. The Payment Card Industry Standards can be found at: es.pcisecuritystandards.org, and the web pages that will replace them in the future. The CUSTOMER expressly acknowledges having accessed the previous links and websites and having read, prior to signing this Contract, the Systems Regulations and the Payment Card Industry Regulations, which they accept as binding and an integral part of the Contract for all purposes. Also, the CUSTOMER consents to the content of the Regulations of Payment Systems and Payment Card Industry Standards being modified as those are updated in the links and websites referred to above that the Commerce undertakes to verify periodically.
- Likewise (if applicable to the contracted SERVICE), the 'Client' expressly acknowledges and accepts the general conditions established for the provision of the card acquisition service as a means of payment by Paytpv, and the general conditions applicable to the payment service provided by Paytpv.
- Guarantee measures to safeguard the funds received from BDP collections in compliance with the regulations of Payment Entities (if applicable to the contracted SERVICE):
Paytpv shall safeguard the funds received from users of payment services or through another payment service provider subject to the procedure provided for in Article 10.1 a) of Law 16/2009 of 13 November on payment services. In particular, such funds shall at no time be mixed with the funds of any natural or legal person who is not a payment service user in whose name the funds are held and, if they are still in Paytpv's possession and have not yet been delivered to the beneficiary by the end of the business day following the day on which the funds were received, they shall be deposited in a separate bank account at a credit institution held by Paytpv, called "customer balances", under the terms set out in Article 17.2 of Royal Decree 712/2010 of 28 May.In accordance with the provisions of Article 10.1 a) of Law 16/2009, of 13 November, on payment services, users of payment services as holders of the funds shall have the right to separate the said account, in accordance with bankruptcy regulations, for the benefit of users of payment services, with respect to possible claims by other Paytpv creditors, particularly in the event of insolvency.
- The BDP service allows the CLIENT to process credit/debit card payments to PASSENGERS who have reserved in one of their ACCOMMODATIONS through the BOOKING ENGINE or the CHANNEL MANAGER (for channels in which the integration includes the downloading of card data for the payment of the reservation).
- The CUSTOMER is responsible for defining a collection template, which will be evaluated and executed when a reservation is received. At this moment, the BDP will securely store the card data, and will program the charges that the CLIENT has defined in their template, so that later attempts are made to execute against the stored card data.
- The CUSTOMER may make charges, whether programmed or manual, to the card data stored in the question.
- The BDP is PCI compliant and therefore will never display the card data in its entirety, but in a masked form. The CUSTOMER must not know, use or store the entire card data at any time and undertakes not to do so.
- The CUSTOMER undertakes to use BDP only to collect the amounts related to the question, always in accordance with the RESERVATION CONDITIONS and complying with the CANCELLATION POLICIES. Not being able to charge more than the amounts established in the reserve.
- Card details have always been entered by the TRAVELLER in the PORTAL, BOOKING ENGINE or technically PCI compliant pages. And this data will arrive via secure technical integration into the BDP service. The CUSTOMER undertakes not to use the BDP in any way that does not guarantee this security chain in the flow of card data.
- AVAIBOOK is not responsible for the success of attempted collections, as there may be balance limitations or certain limitations on the card. When a collection fails, the CUSTOMER will be informed by e-mail.
- If a charge fails and the CLIENT has to ask the TRAVELLER to change the card, the TRAVELER must guarantee to do so by a means that guarantees compliance with the security standards required by the brands of cards.
- The funds resulting from the operations will be channelled through the AVAIBOOK BALANCE ACCOUNT, with the client's funds always remaining unbundled in a CUSTOMER BALANCE ACCOUNT supervised and managed by PAYTPV to ensure compliance with current regulations.
- SERVICE COSTS: AVAIBOOK will charge a BDP usage fee based on the amount transacted.
- The reference rate is 2% of the amount charged.
- The processing of certain cards (according to their brand, type or origin) can carry an additional commission of 2%, always being informed to the CUSTOMER which are these cards in their private area.
- These rates can be different according to the PLAN that each CLIENT has contracted and according to particular conditions with the same one.
- By default and unless otherwise indicated, this SERVICE COST is non-refundable in case of cancellation of the reservation.
- RISK CONTROL: The BDP system evaluates different control rules, as a result of which each operation has a level of risk or fraud scoring. This level of risk, in conjunction with other parameters, will determine the date of availability of the amount collected when it is taken to the AVAIBOOK BALANCE ACCOUNT (as explained in that specific section).
- DOCUMENTATION: The CUSTOMER undertakes to document and verify all collection operations carried out through BDP.
- It will be an obligatory condition that the CLIENT verifies the cards with which a TRAVELLER has paid any amount related to a reservation through BDP, having to verify the originality of the card, and identifying the holder of the same one.
- The CUSTOMER must print and get the card holder sign the tickets or proofs of payment (available in AVAIBOOK) of all payments made through BDP.
- In addition, the traveller must document the RESERVATION CONDITIONS signed by them, where the payment plan is reflected and there is agreement with the BDP charges made.
- The CLIENT undertakes to keep the documentation for a minimum period of 10 years, complying with data protection regulations in force, and make it available to AVAIBOOK when required.
- The CUSTOMER undertakes to cancel any payment made if they are unable to identify the cardholder and document the entire process, in order to prevent this operation from being reversed.
- AVAIBOOK may ask the CLIENT for the documentation relating to any BDP charge and the CLIENT undertakes to provide it within a maximum period of 1 working day.
- AVAIBOOK may request to return any operation to the CLIENT of which there are high risk indicators, a profile suspected of fraud, or of which the CLIENT has not been able to provide adequate documentation. If the CUSTOMER does not attend this retrocession AVAIBOOK may do so autonomously, always informing the customer. It may also apply future availability dates for the amounts of suspicious transactions in order to safeguard the funds for a prudential time against the risk of retrocession, or require the customer to provide a certain amount on their GUARANTEE ACCOUNT to cover such risks. And if the risk behaviour is very frequent or these requirements are not met, AVAIBOOK may cease the BDP service to the CUSTOMER.
- Claims or Retrocessions: the CUSTOMER is aware that the card holder or the entity issuing the card with which a BDP transaction has been carried out, in accordance with the law and/or the Payment Systems Regulations, can claim and request the retrocession of the operation due to fraud or improper use of the card. To this end, the following clauses are provided:
- Retreival Request or Fraud Confirmed: in the case that the holder of the card with which a BDP charge has been made or the issuing entity make a claim or communicate that the operation has to be catalogued as "confirmed fraud" AVAIBOOK will claim all the information relating to the charge in question from the CUSTOMER, who must provide it in full and complete within a period of less than 5 working days. Provided that the information provided is adequate AVAIBOOK will proceed to manage the response to that claim. AVAIBOOK may hold in custody an amount equal to the funds associated with said transaction if it estimates the risk that it may be reversed, for a maximum period of 45 days.
- ChargeBack: if the holder of the card on which a charge has been made or the issuing entity carry out the retrocession.
- The CLIENT accepts that they will be responsible for this amount, for which they authorize AVAIBOOK to charge it against their GUARANTEE ACCOUNT.
- AVAIBOOK will claim all the information related to the payment in question from the CUSTOMER, who must provide it in full and complete within a period of less than 5 working days.
- Provided that the information provided is adequate, and if after the study of the case AVAIBOOK estimates that the collection has been carried out correctly, and according to the CONDITIONS OF RESERVATION, it will proceed to the representation of the case and its follow-up.
- If the case is resolved favorably for the CUSTOMER then AVAIBOOK will refund the funds associated with the AVAIBOOK BALANCE ACCOUNT.
- AVAIBOOK reserves the right to charge a fee for the management and representation of retrocessions if it considers the frequency with which a CUSTOMER receives retrocessions to be high.
- AVAIBOOK may use the CUSTOMER'S GUARANTEE ACCOUNT to hold a certain amount on deposit, as a guarantee, according to the use made by the customer of the BDP, to cover the possible risks of retrocessions, according to the risk levels shown by the customer and/or the operations carried out, according to the level of retrocessions and requests for information received regarding its BDP operations, according to the volume of the amounts traded, or any indicator that AVAIBOOK handles internally that advises it to do so for security reasons.
- 3D Secure Environment (hereinafter 3Ds): this is a secure payment environment supported by certain card brands, through which it is verified that the payer is the actual cardholder by requesting a security code that only they know (depending on the issuing entity is a type - SMS, card coordinates, etc.).
- The BDP service is compatible and allows to operate with 3Ds.
- In order to operate by 3Ds, the payer must be present at the moment of the operation because the required security code is requested at the moment, and therefore it will not be possible to operate in this environment in programmed collections, in collections for reservations that arrive by XML channels, etc.
- Whenever possible the CUSTOMER undertakes to operate in 3D environment.
Responsible for processing personal data.
By making use of our tool, as your technology providers, we have the condition of being in charge of the treatment of personal data. You can check the obligations and rights that correspond to you in the Agreement of Manager of the processing of personal data.
AVAIBOOK links the present document and the use of the WEBSITE in general to this Legal notice, in which all aspects of the data protection policy, among others, are contained. And the CLIENT expresses to know and accept this Legal warning.