Terms and Conditions

  • Home
  • Terms and Conditions

Terms and Conditions

30/03/2022 2023-03-22 18:25

OBJECT

The present General Conditions (hereinafter, the “Conditions”) regulate the provision by Finanzas Orama S.L., with NIF B-16707317, and address at Calle Alfonso XII 46, 6 IZQ, Madrid (Madrid); with email support@orama.ai (hereinafter, “ORAMA”), of the Financial Management service (hereinafter “Financial Management Service” or the “Service”), consisting of facilitating and assisting the user and/or his company (hereinafter, the “User”), a series of tools that allow a better management of his personal finances or those of the company he represents. The User should read these Terms and Conditions, as well as the Privacy Policy and the Cookie Policy carefully and determine, freely and voluntarily, whether he/she wishes to order the Service from Orama. Likewise, in the event that the user uses the Orama service for his company, he declares that he has the necessary powers to represent the company in the acceptance of these Terms and Conditions on behalf of the company. Whether the service is provided to the User personally or to the company he/she represents, hereinafter the present terms shall in both cases be referred to as “User”.


THE FINANCE MANAGEMENT SERVICE

The Financial Management Service is a paid service that provides the User with the possibility of grouping all his bank accounts in a single application, thus having access to the management of his income and expense portfolio, offering him the possibility of easily understanding his financial situation in the number of accounts according to the contracted plan (https://orama.ai/planes) in those credit institutions with which the User has a relationship. Likewise, the Financial Management Service informs the User about the day-to-day transactions. To access the Service, the User will use his or her own Internet banking or similar data. With your express prior authorization, we will extract the personal and financial data contained in your Internet bank account, which we consider relevant in each case to provide you with the Service. Among the data required, your national identification number, account number, contact details, monthly cash flow, payers and recipients of payments, transfers, loans and other transactions may be used. The collection, structuring and delivery of the information is done instantly each time you use the Service. This service is outsourced to the provider Morpheus Aiolos, and its conditions are included below, specifically in the section “GENERAL CONDITIONS APPLICABLE TO THE ACCOUNT INFORMATION SERVICE”.


SERVICE SUBSCRIPTION

In order to contract and access the Financial Management Service, the user must be of legal age, and must unequivocally and unreservedly accept these Conditions after reading and agree to make diligent use of the websites and the Financial Management Service in accordance with the stipulations enshrined in these Conditions and the applicable regulations. The user, likewise, declares to have known the present Conditions prior to their acceptance, being able to be stored and reproduced. To register for the Service, the User must enter a valid e-mail address and a password of at least 8 characters. The Web app will send an automatic key activation message to the registered e-mail address, and the activation of the Service will take place when the instructions in the Service registration e-mail are executed. The User of the Service is responsible for the custody of the passwords and is not authorized to share them with anyone. In the event of any security risk with respect to such passwords, the User shall immediately change them. Likewise, the User may at any time modify or replace his or her passwords, using the tools provided for this purpose, and may reinstate the passwords in the event of forgetting them. To unlock or recover the passwords, the User can send an e-mail to support@orama.ai.


ACCESS TO THE FINANCE MANAGEMENT SERVICE

The Financial Management Service is provided only through the Internet, the possibilities of accessing it are through computer equipment (Mac, PC, etc.), mobile devices (cell phones, tablets, smartwaches, etc.) and other telematic channels that technology allows at all times and that ORAMA makes available. The functionalities of the Service will be the same as when accessed through mobile devices and other means other than computer equipment, always bearing in mind that some functionalities may not be fully operational for technical reasons.


WEB SECURITY

The Web Site (https://orama.ai) and the web application (https://app.orama.ai) transmit information securely using the SSL protocol. The database has a double encryption, the first maintains a security standard aes-256-cbc on specific fields and the second internal encryption system known as encryption at Rest, which ensures that not only is readable for the User’s computer and those of the Websites but the database itself is encrypted and in the event of an external attack the data would not be readable. In compliance with the provisions of the LeyOrgánica 3/2018, of 5 December on the Protection of Personal Data and guarantee of digital rights, a regulation that adopts in our legal system the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (i.e. GDPR), we inform you that the completion of any existing form on the Websites or the sending of an email to any of our addresses: They will be treated with the utmost confidentiality and will be part of the files owned by ORAMA, for management and to respond to them. It implies the acceptance of these Terms and Conditions and of the Privacy Policy of the following link as well as the authorization to the Company to process the personal data provided: www.orama.ai/privacidad

In accordance with current legislation on data protection, the Company has adopted the security levels appropriate to the data provided by Users and has also installed all the means and measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and extraction of the same. The use of cookies is necessary for the use of the Websites. The cookies used on the Websites are necessary for access to the Service. You have the possibility to configure your browser to be notified on screen of the reception of cookies and to prevent the installation of cookies on your hard drive. Please see our cookie policy for more information at the following address: www.orama.ai/politica-de-cookies

ORAMA reserves the right to limit, prevent or eliminate access to the Service when technical difficulties arise due to events or circumstances beyond the company’s control that, in its opinion, diminish or nullify the security levels adopted for the proper functioning of access to the Service.


DUTIES, OBLIGATIONS AND USER RESPONSIBILITY

The User is obliged to use the Service with the greatest possible diligence, without using in any way the access codes of third parties, maintaining the confidentiality of the access codes to the Service. The Financial Management Service does not constitute any type of financial or investment, insurance, legal or tax advice. ORAMA is not responsible for the actions taken by the User in view of the information contained in the Web or webAPP. The User grants ORAMA the right to use the actions of categorization and configuration of the forecasts and data offered using the Service for its improvement and the development of its activity, without the right to any compensation for this re-use.


DATA PROTECTION

Our personal data protection has an exclusive section dedicated to it, you can find it in the following link: www.orama.ai/privacidad


RIGHT OF WITHDRAWAL

The User is informed that the right of withdrawal does not apply to our policy, under the legal exception of Article 103.1.m) “Exceptions to the right of withdrawal” when it states the following: “the supply of digital content that is not provided on a material support when the execution has begun with the prior express consent of the consumer and user with the knowledge on his part that he consequently loses his right of withdrawal”. Therefore, the User is informed that in these Conditions, the right of withdrawal does not apply, given that he/she gives his/her express consent, the activity being a supply of digital content that is not provided in any material support.


COOKIES POLICY

Our cookies policy has an exclusive section dedicated to it, you can find it in the following link: www.orama.ai/politica-de-cookies


INTELLECTUAL AND INDUSTRIAL PROPERTY

The User understands, acknowledges and accepts that all intellectual and industrial property rights over any elements included in the “www.orama.ai” y “app.orama.ai“including all the elements that make up procedures, functionalities, software, trademarks or distinctive signs, images, photographs, graphics, text files, audio, video and other contents included in said Web belong to Orama and/or to third parties that have transferred their rights to Orama. It is strictly forbidden to be reused or exploited by the User or third parties, nor may it be modified, copied, altered, reproduced, adapted or translated without the express authorization of the legitimate and respective owners of said contents. The mere viewing, printing, downloading or temporary storage, either in whole or in part, of the contents and/or elements inserted in the Web sites or in the pages that make up the Web sites is authorized exclusively for personal, private, non-profit use by the user, provided that the origin and/or author of the same is indicated and that, where appropriate, the copyright symbol and/or industrial property notes of their owners appear. Under no circumstances does access to the Websites imply any kind of permission, waiver, transmission, license or total or partial transfer of such rights by their owners, unless expressly stated otherwise. The present conditions of use of the Websites do not grant the User any other right of use, alteration, exploitation, reproduction, distribution or public communication of the Websites and/or their Contents other than those expressly provided for herein. Any other use or exploitation other than those already mentioned in this policy shall be subject to the prior and express authorization specifically granted for that purpose by Orama or, if applicable, by the third party owner of the rights affected.


DISCLAIMER OF LIABILITY TO ORAMA

ORAMA reserves the right to modify and/or update at any time and without prior notice, the information contained in its Web, both in the Spanish version and in other languages, the configuration and presentation thereof and the conditions of access. The documents and graphics incorporated in the Web may include technical inaccuracies or typographical errors. ORAMA provides without express or implied warranty, the materials and graphics contained in the Web, and disclaims any warranties or conditions on the information contained herein, including warranties of merchantability, non-infringement of intellectual property or fitness for any particular purpose. In no event shall ORAMA or its third party providers be liable for any damages of any kind, including those resulting from lost profits, business interruption, or loss of data due to the use or misuse of the materials contained on this server, even if ORAMA has been advised of the possibility of such damages. ORAMA does not guarantee the non-existence of interruptions or errors in the access to its Web or in its different contents. Nor does it guarantee that it will always be free of errors and all cases updated, although it will make its best efforts to avoid them, correct them or update such content as soon as possible. ORAMA assumes no responsibility for any of the information contained in other Web sites to which the Web may refer through hypertext links. ORAMA assumes no liability for viruses or other elements that may be produced by the granting or contents of the links to third parties referred to on the Web, nor does it guarantee that they may cause alterations in the computer system, whether hardware or software, documents or user files, excluding, likewise, any liability for damages of any kind caused to the user for this reason. Therefore, it is not responsible for the content of any of them, nor for any changes or updates they may undergo. The unauthorized use of any information contained in these Web sites, its resale, as well as the transfer of ORAMA’s Intellectual or Industrial Property rights will give rise to the legally established responsibilities.


LEGISLATION AND FORUM

These General Conditions are governed by Spanish law. The parties submit, at their option, for the resolution of conflicts and renouncing any other jurisdiction, to the courts and tribunals of the user’s domicile.


CONFIDENTIALITY AGREEMENT – Orama Onboarding Assistance

In the event that you request assistance in contacting Orama, all members of Orama, hereinafter referred to as “Orama”, shall be bound by this confidentiality agreement, which includes the following clauses:

1.-Object: Refers to the information that THE User provides to ORAMA, either orally, graphically, in writing, or through the platform (https://app.orama.ai/) in order to assist the User in getting started with the tool, or “Onboarding”.

2.- ORAMA shall only use the information provided by THE User for the purpose mentioned in the previous Stipulation, and ORAMA undertakes to maintain the strictest confidentiality with respect to such information. ORAMA may not reproduce, modify, make public or disclose to third parties the information subject of this Agreement without prior written and express authorization from THE User. Similarly, ORAMA will adopt the same security measures it would normally adopt with respect to its own Company’s confidential information, avoiding as far as possible its loss, theft or subtraction.

3.- Both parties agree that the confidentiality obligation shall not apply in the following cases:
a) When the information was in the public domain at the time it was provided to ORAMA.
b) When the information was already known to ORAMA prior to the signing of this Agreement and with no obligation of confidentiality.
c) When disclosure is required by law or court order. In this case, ORAMA will notify THE User of such eventuality and will make every effort to ensure that the information is treated confidentially.
d) In case ORAMA can prove that the information was legitimately developed or received from third parties, independently from its relationship with THE User.
4.-The intellectual property rights of the information subject of this Agreement belong to THE User, and disclosing it to ORAMA will not change this situation. If ORAMA intentionally or negligently discloses, discloses or uses in any way different from the purpose of this Agreement, it shall indemnify THE User for any damages caused.
5.- This Agreement shall enter into force at the moment of use by the User of the Orama tool (https://app.orama.ai/), extending its validity until a period of 48 months after the end of the relationship between the parties or, where appropriate, the provision of the service.
6.-In the event of any conflict or discrepancy that may arise in relation to the interpretation and/or fulfillment of this Agreement, the parties expressly submit to the Courts and Tribunals of Madrid, applying the Spanish legislation in force.


GENERAL CONDITIONS APPLICABLE TO THE ACCOUNT INFORMATION SERVICE

FIRST – DEFINITIONS
For the purposes of the provisions of these General Conditions, the following definitions shall apply:

User or Active Customer or End Customer : In relation to the account information service, the natural or legal person who is the holder of the account(s) for which Morpheus Aiolos provides the aggregated account information service.

Multi-contract: Those cases in which financial entities allow their users to connect to different profiles that, in turn, group accounts of different customers.

Electronic commerce : It is the entity that (i) it sells goods or offers services to users through its website, or it has a platform on which e-commerce can offer its goods or services and users can purchase them, and it wishes to make available to its customers or users the possibility of making payment by bank transfer ordered by the end customer and initiated through Morpheus Aiolos; or (ii) wishes to offer its customers or users the service of account information or financial aggregation, through Morpheus Aiolos.

Account information service: an online service whose purpose is to provide aggregated information about one or more payment accounts held by the payment service user with either another payment service provider or several payment service providers.

Account servicing payment service provider: a payment service provider that provides a payer with one or more payment accounts and is responsible for their maintenance.

Personalized security credentials/Keys/Passwords: personalized elements that the account servicing payment service provider provides to the payment service user for authentication purposes, to access his payment account data and/or to initiate a payment transaction in online banking on the official website of the account servicing payment service provider.

Authentication: a procedure that enables the account servicing payment service provider to verify the identity of a payment service user or the validity of the use of a given payment instrument, including the use of the user’s personalized security credentials.

Consumer: a natural person who, in payment service contracts, acts for purposes other than his economic, commercial or professional activity.

Microenterprise: an enterprise, considered as such both natural persons carrying out a professional or business activity and legal persons, which, at the date of conclusion of the payment services contract, employs fewer than ten persons and whose annual turnover or annual balance sheet total does not exceed two million euros, in accordance with the provisions of Articles 1 and 2, paragraphs 1 and 3, of the Annex to the Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises.

SECOND.-SERVICE PROVIDER’S DATA

MORPHEUS AIOLOS, S.L. (hereinafter ” Morpheus Aiolos “), with CIFB-86556420, incorporated in Madrid, on September 27, 2012, registered in the Mercantile Registry of Madrid, in volume 30408, folio 12, sheet number M-547305, 1st inscription. It is authorized by the Bank of Spain to provide payment initiation and account information services and is subject to the supervision of the Bank of Spain and the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses, and is duly registered in the Special Registry of Payment Initiation Service Providers, Payment Institutions and Account Information Service Providers of the Bank of Spain under code number 6901. The registered office is located at calle San Andrés, 8, 28004 Madrid.

THIRD.- SCOPE OF ACTION OF THE USER

When the User does not have the status of consumer or microenterprise for the purposes set forth in the payment services regulations, the provisions of Title II of Royal Decree-Law 19/2018, of 23 November, on Payment Services and other urgent measures in financial matters, as well as its implementing provisions, shall not be applicable, in accordance with the provisions of art. 28.2 of the aforementioned Royal Decree-Law.Likewise, in accordance with the provisions of article 34.1 of RoyalDecree-Law 19/2018, of November 23, the application of articles 35.1, 36.3, 44, 46, 48, 49, 52, 60 and 61 of the aforementioned RoyalDecree-Law is expressly excluded.

FOURTH OBJECTIVE

These general terms and conditions contain the information that Morpheus Aiolos, in its capacity as an account information service provider, must provide to users of payment services. Likewise, this document also regulates the essential rights and obligations of the users of these payment services. All of the above, in accordance with the provisions of Royal Decree-Law 19/2018, of November 23, on payment services and other urgent measures in financial matters and its implementing regulations.

FIFTH – CONDITIONS ASSOCIATED WITH ACCESS TO PAYMENT ACCOUNT INFORMATION

MORPHEUS AIOLOS will provide E-Commerce with the financial information derived from the positions held at any time by the User in any credit institution or financial institution in general, provided that such information can be accessed through the Internet by means of personal passwords provided by the User. Furthermore, MORPHEUS AIOLOS will provide the E-Commerce, with the User’s express consent, with the overall position of the User’s current accounts, bank transactions and information on the User’s cards so that the E-Commerce can carry out the corresponding evaluation prior to the granting of loans.
a) CLIENT credit institution that needs to do a profiling in order to grant a loan: it will access only once to the final client’s data.
b) Treasury manager CLIENT: will access up to a maximum of 4 times a day for a maximum period of 90 days.
c) CUSTOMER whose service combines several functionalities (for example, cash management with bank aggregation and, in addition, issuing invoices to customers with payment option through the MORPHEUS AIOLOS payment initiation service): You will be able to parameterize the number of accesses and their duration as follows:
– For the use of the bank aggregation: _ daily accesses, for a maximum of _ days.

SIXTH: AUTHENTICATION

Payment initiation transactions shall be deemed authorized when the ordering user has given consent to their execution through Morpheus Aiolos, in accordance with the authentication procedures provided to the user by the account servicing payment service provider. In the absence of such consent the payment transaction shall be deemed unauthorized.The ordering user shall not revoke the payment order once he has given Morpheus Aiolos his consent to initiate the payment transaction.Access to users’ payment accounts shall be deemed authorized when the user has given his consent through Morpheus Aiolos, in accordance with the authentication procedures provided to the user by the account managing payment service provider. In the absence of such consent, access to the payment account shall be deemed unauthorized. In those cases in which Morpheus Aiolos stores in its platform data of the financial information obtained in the accesses to the User’s payment accounts, a reinforced authentication process that combines two independent authentication measures will be applied, consisting of:
– A knowledge factor: the password.
– A factor of possession: cell phone.

During the registration process the payment service user will be required to enter his/her e-mail address, password and cell phone number, which will be verified as follows:
– In the email inbox, the paid service user will receive a one-time use link to verify that it is a valid address.
– The user of the payment service will receive an SMS on his cell phone with a single-use code, which must be entered in the registration form.

On subsequent logins, you will be prompted for these two factors: password and one-time key that verifies that you are in possession of your cell phone.

SEVENTH – OBLIGATIONS OF MORPHEUS AIOLOS

7.1. Obligations as an account information or aggregation service provider.
Morpheus Aiolos, in its capacity as an account information service provider, shall perform the following obligations:
a) shall provide its services exclusively on the basis of the explicit consent of the Paid Service User;
(b) ensure that the payment service user’s personalized security credentials are not accessible to third parties other than the payment service user and the issuer of the personalized security credentials, and that, when transmitted by the payment service provider providing the account information service, the transmission is made through secure and efficient channels;
(c) in each communication, identify itself to the account servicing payment service provider(s) of the payment service user and communicate in a secure manner with the account servicing payment service provider(s) and the payment service user, in accordance with the provisions of Delegated Regulation 2018/389 and the criteria that, within the provisions of the European Banking Authority applicable to it, the Bank of Spain shall determine;
d) access only the information of the payment accounts designated by the user and the corresponding payment transactions;
e) shall not request sensitive payment data linked to payment accounts;4
f) will not use, store or access any data for purposes other than the provision of the account information service expressly requested by the Payment Service User, in accordance with data protection regulations.

EIGHTH.-LIMITATIONS ON ACCESS TO PAYMENT ACCOUNTS BY PAYMENT SERVICE PROVIDERS.

The account managing payment service provider may deny access to a payment account to Morpheus Aiolos for objectively justified and duly documented reasons in the event of unauthorized or fraudulent access to the payment account by Morpheus Aiolos, in particular with the unauthorized or fraudulent initiation of a payment transaction. In such cases, the account servicing payment service provider shall inform the user, in an agreed manner, of the denial of access to the payment account and the reasons for it. Such information shall be provided to the user, if possible, before denying access and at the latest immediately after the denial, unless the communication of such information would jeopardize objectively justified security measures or is prohibited by other legal provisions.The account servicing payment service provider shall allow access to the payment account once the grounds for denying access no longer exist.

NINTH – INFORMATION

Transmission of information or notifications:
Where appropriate, if the transmission of information or notifications to the user will be made by telematic means, you will be informed in advance of the technical requirements applicable to the equipment and software.You will also be provided with the secure notification procedure in case of suspected fraud, actual fraud or security threats, as follows: Morpheus Aiolos will notify by email at the time the computer system detects suspected fraud, actual fraud or security threats. The user has the right to receive prior information and conditions of the provision of payment service, in order to give their agreement with them. Morpheus Aiolos will provide the user with all legally required information in Spanish and at least once a month.

TENTH.- MODIFICATION OF THE CONDITIONS

Morpheus Aiolos reserves the right to request the modification of these conditions. In the event that the user has the status of microenterprise or consumer, Morpheus Aiolos must communicate any change in the5 conditions no less than two months prior to the date on which the proposed change comes into force, after which time the change will be applied without opposition from the user. If the user objects to the modifications, he/she may terminate the modifications free of charge prior to the date on which the modifications are to take effect. If the modification decided upon is clearly beneficial to the user, it may be applied immediately. In the event that the user is considered a microenterprise or consumer, Morpheus Aiolos must propose any modification to these conditions in a clear, individualized manner, without cumulating it with other information or advertising, on paper or other durable medium, no less than two months prior to the date on which the proposed modification comes into force. The user may accept or reject the modifications to the conditions before the proposed date of their entry into force by the same means by which they are notified, however, Morpheus Aiolos may immediately apply all those modifications that are unequivocally more favorable to the user. Both parties agree that the user shall be deemed to have accepted the modification of the terms and conditions in question if he/she does not notify Morpheus Aiolos of his/her non-acceptance prior to the proposed effective date. In such an event, the user shall have the right to terminate these terms and conditions free of charge and with effect from any time prior to the date on which the modification would have been applied.

ELEVENTH.- DURATION AND TERMINATION OF THE TERMS AND CONDITIONS

The duration of these conditions shall be one calendar year from its signature and shall be tacitly extended for annual periods in the absence of written communication to the contrary by either of the intervening parties addressed to the other with a minimum notice of two (2) months prior to its expiration initiates any of its extensions.In the event that the user has the status of microenterprise or consumer, you may terminate these conditions at any time, without notice, and Morpheus Aiolos must proceed with the fulfillment of the order of termination of these conditions within 24 hours of receipt of the request for termination.the termination of these conditions by the passage of time will not entitle either party to compensation.

TWELFTH.-CLAIM PROCEDURES AVAILABLE TO THE CUSTOMER

i) Customer Service Department (CSD)
Morpheus Aiolos has a Customer Service Department, in accordance with the obligations set forth in Order ECO/734/2004, of March 11, 2004, on Customer Service Departments and Services and the Customer Ombudsman of Financial Institutions, whose purpose is to attend to and resolve both complaints and claims made by users. The SAC contact details are as follows:

MORPHEUS AIOLOS, S.L.
Customer Service
Calle San Andrés, number 8, 28004 Madrid
e-mail: sac@afterbamks.com

The procedure for resolving complaints and claims is described in the Rules of Operation of the Customer Service Department, which is available to customers at all Morpheus Aiolos offices, as well as on the website (h ttp://www.Morpheus Aiolos.com) and at the Bank of Spain (www.bde.es).

ii) Claim before the Bank of Spain’s Claims ServiceIn the event that the claim filed before the company’s Customer Service Department is rejected or if the period of one month has elapsed without the Customer Service Department having replied, the customer may file a claim before the Bank of Spain’s Claims Service:
In person, at the following address:
Bank of Spain
Claims Service
C/ Alcalá 48, 28014 Madrid
Telematically, at the following link:
https://app.bde.es/psr_www/faces/psr_wwwias/jsp/op/InicioSesion/PantallaAsistenteForm.jsp

THIRTEENTH – PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING

The user undertakes to (i) provide to the e-commerce, so that it in turn makes available to Morpheus Aiolos, the information and documentation, if any, that Morpheus Aiolos requires in application of the due diligence and internal control measures required of Morpheus Aiolos by the regulations for the prevention of money laundering and the financing of terrorism; and (ii) to inform Morpheus Aiolos, through electronic commerce, of any variation that affects the information and documentation previously provided to Morpheus Aiolos in compliance with the provisions of these general conditions, providing updated documentation.

FOURTEENTH.- PRICE

The account information service provided by Morpheus Aiolos will be free of charge for the user, corresponding to the e-commerce the payment of the price in the terms agreed with Morpheus Aiolos.

FIFTEENTH.- MORPHEUS AIOLOS WARRANTIES

– Security
Morpheus Aiolos guarantees that the service will be provided with security mechanisms that ensure the encryption of the keys provided and guarantees the impossibility of fraudulent use of them.
– Structured and standardized information Morpheus Aiolos ensures that it will provide financial and non-financial information to the user in a structured and standardized manner. Structured” means that the information is in a container that can be easily processed electronically (JSON or XML). Standardized” means that information from different entities is presented in exactly the same format and that this format is standardized according to the standards for the type of data in question.

SIXTEENTH – PROTECTION OF PERSONAL DATA

In the event that for the provision of the account information service it is necessary to process personal data and in compliance with the provisions of Article 12 of the Organic Law on Data Protection (LOPD), Morpheus Aiolos, as Data Processor, expressly states and undertakes to: (i) to use and process the data for the sole and exclusive purpose of fulfilling the purposes foreseen in these general conditions and following in any case the instructions received from the user, (ii) to observe the utmost confidentiality and reserve with respect to the personal data provided by the user, (iii) return to the user all documents and files containing the data at the end of the contractual relationship, (iv) restrict access to and use of the data to those persons to whom it is absolutely essential that they have access to and knowledge of the data upon written confirmation by the user for the performance of the provision of the account information service, and (v) adopt the data protection security measures that correspond to the level of security required depending on the files to which it has access. Morpheus Aiolos, for the provision of the service described above, will require the outsourcing of hosting services and LOPD audit services.

SEVENTEENTH. APPLICABLE REGULATION

The provision of the account information service to the user by Morpheus Aiolos shall be governed by the conditions set forth in these general terms and conditions and, as not provided herein, by the rules contained in Royal Decree-Law 19/2018, of November 23, on payment services and other urgent measures in financial matters, its implementing regulations, and by other applicable Spanish regulatory and transparency provisions.