|
BANK OFAMERICA �®F
<br /> We scan internal and external facing Information Processing System(s) with applicable industry standard security vulnerability scanning
<br /> software(including network, server, application and database scanning tools)at a minimum once per month and perform mitigations that we
<br /> deem appropriate to address issues identified.
<br /> We perform a comprehensive application penetration test and security evaluation of all websites used to store,access, or process CPI prior to
<br /> use and at least annually thereafter.
<br /> 21.14 De-identification of Personal Data Used in Non-Production Environments. We perform De-identification of all Personal Data prior
<br /> to storing, accessing, or processing the information in environments other than in our production environments or those of our Extended
<br /> Workforce, provided that we do not do so if:
<br /> i. The security controls used in the environment are equivalent to the security controls used in the production environment.
<br /> ii. De-identification would interfere with the resolution of a current production failure.
<br /> iii. De-identification would interfere with an atypical, short-term, non-production activity (e.g., near-production final testing)
<br /> where De-identification would distort the results of the activity; or
<br /> iv. De-Identification would interfere with our legal or regulatory obligations.
<br /> 22. LIMITATION OF LIABILITY
<br /> 22.1 Indirect and other loss.Subject to the remaining provisions of this Section 22,we are liable to you only for actual damages incurred as
<br /> a direct result of our failure to exercise reasonable care in providing a service. In no event will either party be liable for any indirect,
<br /> consequential or punitive loss,damage,cost or expense of any nature. In addition,to the extent permitted by applicable law, in no event shall
<br /> either party be liable for any economic loss or damage, expense and loss of business, profits or revenue, goodwill and anticipated savings,
<br /> loss of or corruption to the other party's data, loss of operation time or loss of contracts,even if advised of the possibility of such loss,damage,
<br /> cost or expense.
<br /> 22.2 Failure to authorize. You acknowledge that we shall have no obligation or liability to you or any Cardholder where:
<br /> i. any third party fails to honor any payment or transaction requested in connection with a Card,Card Account or Convenience
<br /> Check(if applicable); or
<br /> ii. we refuse or fail to authorize the use of any Card, Card Account or Convenience Check(if applicable).
<br /> 22.3 Acts and omissions. Neither party will be responsible for the acts or omissions of the other's officers,employees or agents(including
<br /> but not limited to the amount, accuracy,timeliness or authorization of any instructions or information received).We will not be responsible for
<br /> the acts or omissions of any other person or entity, including any clearing-house, card network or processor, any U.S. Federal Reserve Bank
<br /> or any other country's central bank, any other financial institution or any supplier(except for our suppliers providing the Services under this
<br /> Agreement),and no such person or entity will be deemed our agent.
<br /> 22.4 Subsidiaries and other persons. If you permit any Subsidiary or other person to access one of our Service installations on your
<br /> premises through use of a remote-access software package, we will not be responsible or liable for such Subsidiary or person's use or misuse
<br /> of our Service or access to accounts owned by you and for which you did not authorize that Subsidiary or person to have access via your
<br /> installation. We may and will treat all instructions and information received by us through this arrangement as provided by and for the benefit
<br /> of you and subject to all our rights under this Agreement with respect to a Service.
<br /> 22.5 Force majeure. Neither you nor we will be liable for and will be excused from any failure or delay in performing our respective obligations
<br /> for a Service if such failure or delay is caused by circumstances beyond the control of the other party, including any natural disaster(such as
<br /> earthquakes or floods),emergency conditions(such as war, riot,fire,theft or labor dispute),legal constraint or governmental action or inaction,
<br /> or for the act,omission, negligence or fault of the other.
<br /> 22.6 Compliance with law. Neither party will be liable for any failure to act on its part if such party reasonably believed that its action would
<br /> have violated any law, rule or regulation.
<br /> 23. PROTECTION FROM THIRD PARTIES
<br /> You will indemnify us,keep us indemnified and hold us harmless from and against any and all liabilities,claims,costs,expenses and damages
<br /> of any nature (including legal expenses) arising out of or relating to disputes or legal actions by parties other than you and us concerning a
<br /> Service, including your negligence or willful misconduct. The obligations contained in the preceding sentence will continue after the Service
<br /> you are using and/or the Agreement is terminated for claims that arise based on events occurring during the use of the Services. This Section
<br /> 23 does not apply to any cost or damage attributable to our gross negligence or intentional misconduct.
<br /> 24. GOVERNING LAW
<br /> The Agreement and the Services are governed by the United States laws respecting national banking associations and, to the extent not
<br /> covered by those laws, by the laws of the State of North Carolina, without reference to that state's principles of conflicts of law, regardless of
<br /> where you reside or where a Cardholder resides or uses a Card Account.
<br /> 00-35-6182NSBW 02-28-2020 AK Page 14 of 16
<br /> Bank of America — Confidential ©2020 Bank of America Corporation
<br />
|