Compulsory data related to authorized online points of sale

In compliance with Croatian legislation and card issuing companies' terms, all authorized online points of sale must be constantly able to promptly provide data listed in this document.

Compulsory data checklist:

Data related to the point of sale
Data related to products and/or services
Terms of sale (including payment, delivery, complaints)
Confidential data protection
User Privacy Notice
Conversion statement (related to non-natives with foreign customers)
Logos for accepted card types
Logos for cards' security programs
WSPay logo

Online merchant must provide requested data, otherwise it is not possible to activate and close the agreement on card acceptance!

Data related to the point of sale:

Full company’s name (or sole trader/craftsmen)
National court register or another public register number, where the company is entered, and the information on the status of the registered entity
VAT number, if the company is obliged to pay the taxation of added value
Head office full address (and the address of the point of sale), including the country name
Other data needed to establish communication (telephone, telefax, mobile phones, etc.), including the e-mail address for a direct contact with customers (available for receiving information and filing complaints)

Products and/or services:

Exact name and main characteristics related to products and/or services offered for sale
Retail price, including VAT and all additional charges and fees presented in Croatian currency (Kuna)

Prices must be indicated clearly and unambiguously and, in particular, must indicate whether they are inclusive of tax and delivery costs, handling charges, or any other costs affecting the indicated price.

Terms of sale

Before closing the agreement, merchant is obliged to provide the following data in a clear, comprehensive and unambiguous manner:

Different levels involved in closing the agreement (selling/buying)
Methods and terms of payment
Means and time of delivery of goods or the provision of services
Delivery cost
Contractual provisions
General Terms of Business, constituting the Agreement
Declaration on Export Restrictions, customs provisions and any other applicable relevant provisions
Code of Practice available in digital format
After-sales services (servicing and selling of spare parts), warranties given for a product or a service
Consumer's right to terminate the contract pursuant to Articles 45 of Consumer Protection Act, the deadline for contract termination, situations in which the consumer's right to terminate a contract is excluded, complaints, return and refund policy

Before the checkout completion, merchants have to provide their buyers with the recognition and correction of the incorrect data entry. Contractual and general business provisions, related to contracts closed in digital format, must be available to buyers for storage, use and reproduction.

Confidential data protection

Personal and card data protection

For all connection options, merchants are required to protect buyers’ personal data and card data.

Card data storage is STRICTLY FORBIDDEN, unless the merchant has obtained PCI DSS Level 1 or Level 2 certification.

Entered data has to be continuously protected by 256-bit SSL encryption, and data can only be transferred using TLS 1.2 encryption.

User Privacy Notice

Points of sale must provide their buyers with the option not to participate in marketing campaigns, and the right to object to the processing of personal data by third parties.

Points of sale can use the following template for the user privacy notice:

[SALES_POINT_NAME] takes data protection and privacy very seriously. We collect only relevant and necessary data to accomplish the specified purpose and to meet our obligations. Our buyers are informed about the way the collected data is used, moreover, they can control and determine how their personal data is used. Buyers can also decide whether they want their name removed from the list used for marketing campaigns.
All user personal data is kept strictly confidential. It is available only to employees who require such data to perform their work tasks. All employees of [POINT OF SALE] and business partners are obliged to demonstrate that their activities are compliant with the Data Protection Principles.

If the prices, indicated on the point of sale web-site, are given in foreign currency (for example €, $...), the final price has to be calculated and indicated in Croatian currency (Kuna) before the checkout. It is necessary to provide the following statement of conversion (adapted to the currency, exchange rate and language of the bank):

All payments will be effected in Croatian currency (Kuna). The amount your credit card account will be charged for is obtained through the conversion of the price in Euro into Croatian currency (Kuna) according to the current exchange rate of the Croatian National Bank. When charging your credit card, the same amount is converted into your local currency according to the exchange rate of credit card associations. As a result of this conversion there is a possibility of a slight difference from the original price stated on our web site.

If the prices available on the sales point's web sites are given in Croatian currency (Kuna), and not in foreign currency, this statement about conversion can be used for the foreign customers:

All payments will be effected in Croatian currency (Kuna). The charged amount on your credit card account is converted into your local currency according to the exchange rate of credit card associations.

Statement about the Protection of Personal Data Transfer

Data protection pursuant to the General Data Protection Regulation of the European Parliament and the Council no. 2016/679- Regulation and implementation of the GDPR

WSPay, being the processor of authorization and payment made by credit cards, uses personal data as the processor pursuant to the General Data Protection Regulation of the European Parliament and the Council no. 2016/679, and compliant with PCI DSS Level 1 Regulations for data transfers.

WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer.

Personal data used for the purposes of authorization and payment are deemed to be confidential data.

The following customer's personal data are necessary to fulfil the Agreement (authorization and payment):

Name and Surname
E-mail
Telephone number
Address
City
Post Code
Country
Type of credit card
Credit card number
Expiry date (credit card)
CVV number for credit card

WSPay does not process or use these personal data except for the purpose of fulfilling the Agreement, the authorization and the payment.

WSPay ensures to meet the requirements determined by applicable personal data protection regulations, for the processors of personal data, especially taking all necessary technical, organizational or security measures confirmed by PCI DSS Level 1 certificate.

WSPay Usage Statement

__________________ (sales point) uses WSPay for online payments.

WSPay is a secure system for online payments, real time credit and debit card payments, and other payment methods. WSPay ensures the buyer and the merchant with the secure card data entry and transfer, which is also confirmed by PCI DSS certificate. WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer.

Credit Card and Security Programs Logos

The merchant is obliged to put the necessary credit card logos of American Express, Diners, MasterCard, Maestro and Visa and the respective security programs accepted and supported on their point of sale website.

Detailed instructions for logos can be found in the attached documents "Cards and logos standards", "Card acceptance logos (Diners Club International)", "Card acceptance logos (Discover)" and "Card acceptance logos (Dinacard)".