Conferma Connect Opt In Form Terms & Conditions

Welcome to Conferma Connect, the service that automatically finds the best way to securely transmit virtual card information.

These Terms and Conditions are intended to explain your obligations related to virtual card confirmation acceptance. Please read them carefully.

By opting in you authorise Conferma to transmit a virtual card number to the Conferma Connect Opt In Option you have provided and you acknowledge that you have read and understood these Terms and Conditions.

These Terms and Conditions were last updated on 20th October 2016.


Conferma Limited (Company No. 05704113) whose registered office is at 5 Brooks Drive, Cheadle Royal Business Park, Cheadle, Cheshire, SK8 3TD, United Kingdom (“Conferma”)


2 Registering Supplier(“Merchant”)


A. Conferma is the owner, licensor and provider of virtual payment card distribution, settlement, reconciliation and associated services, and the provider of the secure email transmission service known as Conferma Connect

B. Merchant is a provider of services which accepts and processes virtual card numbers which have been transmitted by Conferma on behalf of its Customers in order to facilitate payment for corporate travel bookings.

PCI Compliance and Data Protection

1. Obligations of Merchant

The Merchant is responsible for complying with any instructions that Conferma, the travel management company and/or the virtual card number issuing bank may provide in relation to a booking. In respect of personal data or billing instructions that are under its control, the Merchant shall process such data only as necessary for the purposes it is provided.

The Merchant shall use appropriate technical and organisational security measures to protect the data against unauthorised use, unlawful processing and against accidental loss, damage and/or destruction.

The Merchant should

a) When receiving a secure email

– ensure that it is deleted once the virtual card number has been charged. The Merchant should have measures in place to ensure that such deletion is permanent and cannot be reversed;

– ensure that the email is received by the designated email address as set out in the Opt In form only;

b) Not make copies (whether physically or electronic) or send the virtual card number to anyone whether internally or externally;

c) Not extract the virtual card number or any personal data for any other purpose other than the reason it has been provided;

d) Assign a unique identification to each person within the Merchant organisation who has access to billing instructions;

e) Use a PCI-compliant terminal for charging the virtual card number.

This list of recommended activities is not exhaustive, and the Merchant should seek guidance from a PCI specialist to ensure compliance with applicable laws and regulations.

2. Obligations of Conferma

To the extent Conferma is provided with personal data it will comply with all applicable privacy and/or Data Protection Laws and regulations as regards the processing and storage of personal data.

Conferma will process such personal data only as required and will establish and maintain reasonable safeguards (taking into account the nature of the technology) to protect such personal data whilst it is in Conferma’s possession against accidental or unlawful destruction or accidental loss or alteration, unauthorized disclosures or access, in particular where the processing involves the transmission of personal data over a network, and against all other unlawful forms of processing.