Third Party Provider Terms of Use ("Terms")
These Terms are in place to comply with our security requirements and for each party's appropriate protection and incentivisation.
These Terms are relevant to your use of the AIB application programming interface (API), the live production environment which makes available AIB customer account information to you pursuant to the requirements of the Payment Services Directive 2015/2366 (the Directive). These Terms are also relevant, where applicable, to the extent permissible by law, to your use of the API testing facility (the Sandbox). The words "you" and "your" mean you as a third party provider of payment services to AIB customers (including Payment Initiation Services Providers (PISP) or Account Information Services Providers (AISP), as those terms are more particularly defined in the Directive). The words "we", "us", "our", "AIB" means Allied Irish Banks, p.l.c. and we are regulated by the Central Bank of Ireland.
-
Sandbox
About
1.1. The Sandbox is a testing facility for the API, containing imitation data and functionality, to allow you to develop and test your service.
1.2. If you wish to participate, you must identify and authenticate yourself to us by providing us with certain information.
Licence
1.3. If access to the Sandbox is given, we grant you a limited, non-exclusive, as-is, non-transferable, non-sublicensable licence to use the Sandbox solely for the purposes of developing and testing your service within the Sandbox.
Use of the Sandbox
1.4. You must identify yourself to us each time you access the Sandbox by entering your unique credentials issued by us to you.
1.5. You acknowledge that your activity within the Sandbox may be monitored by us and that:
1.5.1. you have a limited right to access and use the Sandbox in accordance with these Terms. You may not authorise individuals outside your legal entity to access or use the Sandbox;
1.5.2. you may only upload imitation data to the Sandbox and you shall not represent to any third party that simulated transactions conducted using the Sandbox are real;
1.5.3. you do not have any right to conduct or process transactions using our services or systems;
1.5.4. your use of the Sandbox is subject to any further instructions we may give you from time to time.
1.6. We do not guarantee that the Sandbox, or any content on it, will always be available or will be uninterrupted. We reserve the right to limit, suspend or refuse access to the Sandbox when we have objectively justified and duly evidenced reasons for doing so, including where there is a threat to the integrity of the platform.
-
Access to and availability of API Content/Services
2.1. You agree that you are appropriately authorised or registered by the relevant competent authority (as and if applicable). In order to use the live API environment, we must be satisfied that you meet these standards.
2.2. Subject to your fulfilling the requirements set out at paragraph 2.1 above, we grant you a limited, non-exclusive, as-is, non-transferable, non-sublicensable licence to access and use the API content/services, in order to provide services to AIB customers who hold AIB payment accounts that are accessible online, and subject to you having obtained the explicit consent of such AIB customers to do so, solely for the following purposes: (i) as a PISP, for the provision of payment initiation services to AIB customers, (ii) as an AISP, for the provision of account information to AIB customers; or (iii) as a third party provider of any other services to AIB customers (Transactions).
2.3. Each time a Transaction is initiated by an AIB customer which requires you to access and use the API, you must identify and authenticate yourself to us using your access credentials. You are responsible for maintaining the confidentiality and security of your access credentials. You will not share your access credentials and will appropriately restrict access to the API. You will inform us immediately if there has been any unauthorised disclosure of your access credentials or if there has been any unauthorised access to the API as a result of such unauthorised disclosure. You shall not sell, transfer, sublicense, or otherwise disclose your access credentials issued to you by us or use your access credentials for any purpose other than as set out in these Terms. You shall ensure that any information you provide to us in connection with the API, including contact information, is accurate and up to date.
2.4. You shall comply with the requirements for common and secure open standards of communication as may be set out in any regulatory technical standards issued by European Banking Authority (EBA) and/or reasonably required by us for the integrity of the use of the API.
2.5. We do not guarantee that the API, or any content on it, will always be available or will be uninterrupted. We reserve the right to limit, suspend or refuse access to the API when we have objectively justified and duly evidenced reasons to suspect unauthorised access or fraud in respect of a Transaction, or where there is a threat to the integrity of the platform or the personal data of customers.
-
Data Protection & Data Security
Data Protection
3.1. You agree to comply with the data protection principles specified in the Data Protection Acts 1988 to 2018 and regulation (EU) 2016/679 known as the General Data Protection Regulation (GDPR), and any other data protection or information privacy laws (Data Protection Law) that are applicable to you in connection with your accessing and use of the API content/services. AIB is a data controller in relation to any and all personal data available on the API and you are advised of the AIB Privacy Policy (https://developer.aib.ie/developer-portal-privacy-statement-ROI). You agree that you will in turn be a data controller in respect of any personal data which you legitimately access and retrieve from the API. You confirm that you have an appropriate legal basis in order to access, process and retain the AIB customer personal data which is necessary for the execution of Transactions, and that you have provided those AIB customers with all information which must be provided to data subjects pursuant to Data Protection Law. The terms 'personal data' 'data controller' and 'data subjects' shall have the meanings as set out in Data Protection Law.
3.2. In relation to card-based payment instruments, subject to us being given the necessary explicit consent from the relevant AIB customer in relation to their account, we shall upon request by you, confirm the availability of funds in the relevant AIB customer account. You agree that such confirmation will consist only in a 'yes' or 'no' answer and not a statement of the account balance. You confirm that you will not store our response or use it for purposes other than for the execution of the card-based payment transaction.
3.3. PISPs shall:
3.3.1. not request from AIB customers any data other than those necessary to execute a Transaction;
3.3.2. not use, access or store any data for purposes other than for the provision of the Transaction as explicitly requested by the payer;
3.3.3. not modify the amount, the payee or any other feature of the Transaction;
3.3.4. apply strong customer authentication (as currently drafted at any particular time). In doing so, PISPs may rely on the authentication procedures provided by AIB to AIB customers.
3.4. AISPs shall:
3.4.1. access only the information from designated AIB customer payment accounts and associated payment transactions;
3.4.2. not request Sensitive Payment Data (as defined in the Directive) linked to the AIB customer payment accounts;
3.4.3. not use, access or store any data for purposes other than for performing the account information service explicitly requested by the payment service user;
3.4.4. apply strong customer authentication (as currently drafted at any particular time). In doing so, AISPs may rely on the authentication procedures provided by AIB to AIB customers.
Data Security
3.5. We may modify the Sandbox and/or API, or add or change features and functionality to the Sandbox and/or API at any time. Except for emergency situations when we cannot tell you in advance, AIB will make available any forthcoming technical specification changes in line with applicable regulations. We will have no liability or obligation to you for any modifications or changes we make to the Sandbox and/or API.
3.6. You acknowledge that:
3.6.1. all information and data contained on the Sandbox and/or API is our confidential and proprietary information, and you shall keep any such information accessed and retrieved by you confidential;
3.6.2. you have in place adequate security measures to protect the confidentiality and integrity of AIB customers' data;
3.6.3. you have in place and follow a security policy document, including a detailed risk assessment in relation to payment services and a description of security control and mitigation measures taken to adequately protect payment service users against the risks identified, including fraud and illegal use of sensitive and personal data;
3.6.4. you shall maintain effective incident management procedures, including for the detection and classification of major operational and security incidents. You shall comply with any and all EBA regulatory technical standards or guidelines on the criteria and on the conditions for establishment, and monitoring, of security measures, as they may be amended or updated from time to time;
3.6.5. you shall be solely responsible for the security of any information which you retrieve from the Sandbox and/or API, and we shall not be liable for any use by you, including modifications or alterations, of the data once it has been retrieved from the Sandbox and/or API by you.
3.7. You shall not:
3.7.1. alter or remove any copyright, trademark, trade name or other proprietary notices, legends, symbols or labels appearing on or in the Sandbox and/or API;
3.7.2. sublicense (or purport to sublicense), distribute or disclose any of the Sandbox and/or API content, in whole or in part, to any third party;
3.7.3. engage in any activity, including the development or distribution of any software (whether in the form of object code or source code), that interferes with, disrupts, damages, or accesses in an unauthorised manner the Sandbox and/or API;
3.7.4. make any statements that you or your service is “certified” or otherwise endorsed, or that its performance is guaranteed, by AIB;
3.7.5. reverse engineer, reverse compile, decrypt, deobfuscate, unmask, or reverse assemble all or any portion of the Sandbox and/or API;
3.7.6. use the Sandbox and/or API content, or extract, scrape or otherwise deconstruct any of the said content, for the purpose of using individual data elements, combining data elements, compiling, enhancing, verifying, supplementing, or otherwise modifying databases, lists, or directories of any kind, including, but not limited to, location databases, mailing lists, contact lists, marketing lists, geographical directories, or any other compilation or collation of information which is sold, rented, published, distributed or in any manner supplied to a third party;
3.7.7. attempt to circumvent any security measures or technical limitations of the Sandbox and/or API;
3.7.8. use the Sandbox and/or API or their content in any manner or for any purpose that violates any law or any right of any person, including but not limited to any intellectual property or privacy rights;
3.7.9. otherwise use or exploit the Sandbox or API or their content for any purpose other than as expressly permitted by these Terms;
3.7.10. sell, transfer, sublicense, or otherwise disclose any access credentials issued to you by us or use your access credentials for any purpose other than as set out in these Terms.
-
Liability
4.1. You agree to indemnify, and hold AIB harmless from and against any and all claims, actions, proceedings, suits and all related liabilities, damages, settlements, penalties, fines, costs or expenses (including reasonable attorneys' fees and other litigation expenses) arising out of or relating to: (a) your use of the Sandbox or API; (b) any breach or alleged breach by you of any representation, warranty, or obligation contained in these Terms; (c) any damage or loss caused by negligence, fraud, dishonesty or wilful misconduct by you; (d) any infringement or alleged infringement by you of AIB's intellectual property rights; or (e) any alleged or actual violation by you of any applicable laws.
PISP Liability for Unauthorised Transactions
4.2. Unless otherwise agreed, if you cannot demonstrate to us that you are not liable for an unauthorised payment then you will immediately compensate the amount to AIB for any losses incurred.
4.3. Where you initiate a payment transaction, you shall be liable for the payment services you manage, including for compliance with the relevant authentication, recording and technical aspects, and must be able to produce proof of this upon request. You warrant that you have in place professional indemnity insurance or other comparable guarantee against your liability to AIB or to AIB customers resulting from non-authorised or fraudulent access to or non-authorised or fraudulent use of payment account information.
PISP Liability for defective, non-execution or late execution of payment transactions
4.4. AIB shall have no liability for defective, non-executed or late transactions for which you are responsible. You must immediately compensate AIB, upon request, for any losses or sums paid by AIB as a result of us having refunded the customer, and restored the customer’s payment account to state it would have been in had the defective payment transaction had not taken place, as a result of any such transactions. You will be responsible for providing evidence to the payer that the relevant payment order was received by AIB and that it was authenticated, accurately recorded and was not affected by a technical breakdown or other deficiency linked to the said transaction.
-
General
You agree as follows:
5.1. if applicable, that you are authorised or registered (as appropriate) under the Directive;
5.2. that you have obtained the explicit consent of AIB customers in order to access their account information within the API;
5.3. unless otherwise agreed with us, you shall not advertise or make any public announcements in relation to your use of AIB customer data or the accessing by you of the Sandbox and/or API, nor shall AIB provide any recommendations or endorsements for your service;
5.4. we are the owner or the licensee of all intellectual property rights (including all AIB trade marks, signs, logos and branding), in the Sandbox, API and all their content. You may not copy, reproduce, transmit, distribute, display or in any way use such intellectual property rights unless otherwise agreed with us. You acknowledge and agree that you shall not at any time acquire any intellectual property rights, title or interest in the Sandbox and/or API, except as set out in these Terms;
5.5. you shall not do anything that could or might bring AIB or any of its trade marks, signs, logos or branding into disrepute or damage the reputation of AIB;
5.6. AIB fully reserves its rights in relation to any violation, or suspected violation by you of these Terms;
5.7. AIB reserves the right in its sole discretion to amend these terms at any time, you should regularly check these Terms for any amendments; and
5.8. Irish law and the authority of the Irish courts apply to these Terms. We may however bring court action in any other jurisdiction.