|
BANK OFAMERICA -*j'
<br /> Data Protection Laws. Collectively,all U.S. national and state laws and regulations,the EU Data Protection Directive(Directive 95/46/EC),
<br /> the EU General Data Protection Regulation(Regulation 2016/679),and the United Kingdom Data Protection Act 1998,and all other
<br /> applicable laws regarding the collection, use,storage,transfer and processing of data, including Personal Data, relating to individuals(or,
<br /> where applicable, legal persons). The term Data Protection Laws includes any laws, regulations or decrees promulgated by a financial
<br /> regulator governing the use and/or disclosure of customer data, including bank secrecy obligations.
<br /> Data Protection Authority. The competent authority for regulating the processing of Personal Data in a relevant jurisdiction.
<br /> De-identification or De-identified. Removing,obscuring, masking,or obfuscating enough Personal Data from a record to ensure that the
<br /> remaining information does not directly or indirectly identify an individual.
<br /> E-Commerce Laws. All applicable laws for or on the regulation of commerce and business via electronic means.
<br /> Employee Misuse. Use of a Card Account, Convenience Check or Card where:(i)the person or entity using the Card Account,
<br /> Convenience Check or Card is your employee or agent;(ii)that person or entity has actual, implied or apparent authority to use the Card
<br /> Account, Convenience Check or Card;and(iii)that use does not benefit you directly or indirectly.
<br /> Extended Workforce. Any of our subcontractors or vendors with access to CPI.
<br /> Financial Services Industry Best Practices. The standards,policies and practices generally used in the corporate card issuing business
<br /> by banks of comparable size and scope to us, including appropriate mitigating controls.
<br /> Fraud. Misuse or theft of card information by individuals that are not your employees or agents that involves, but is not limited to,account
<br /> takeover,counterfeit cards, lost/stolen cards,fraudulent card not present Transactions,skimming, database hacking,franchise software
<br /> hacking or phishing.
<br /> Grace Days. The number of days after the Billing Statement closing date within which payment is due.
<br /> Guarantor. A person or entity, other than you or a Participant,that agrees to assume responsibility for your obligations under the
<br /> Agreement,including payment of any amounts owed.
<br /> Information Processing System(s). The individual and collective electronic,mechanical,and software components of our and our
<br /> Extended Workforce's operations that store,access, process or protect data related to the Services.
<br /> Information Security Event.Any situation where there is unauthorized access,acquisition, unauthorized use or disclosure of unencrypted
<br /> CPI or encrypted electronic CPI and the relevant confidential process(es)or key(s),that is capable of compromising the security,
<br /> confidentiality or integrity of the CPI maintained by us and,with respect to Personal Data,that we have determined creates a substantial risk
<br /> of identity theft or fraud against an individual.
<br /> Information Security Policy. Our written information security policy,which may be amended from time to time by us in our discretion.
<br /> License.A non-transferable,nonexclusive,worldwide, revocable, limited license to access and use the Applications and any related
<br /> services, in a manner intended for authorized use,and to the extent authorized by us.
<br /> Materials. The Software, user identification codes, passwords,codes, keys,test keys,security devices, authenticators,personal
<br /> identification numbers,embedded algorithms,digital signatures and certificates,other similar devices and information, User Documentation
<br /> and any documentation we provide to you in connection with the Services.
<br /> Notifiable Event. Any actual or suspected loss or theft of a Card, Convenience Check or Card Account or any actual or suspected
<br /> Unauthorized Use or Fraud.
<br /> Participant. A Subsidiary or affiliate of yours which you designate in writing on a Participant Account Form and which we approve,for us to
<br /> issue a Card Account with its own account number. A Participant Account Form, upon completion by you and approval by us,will be made a
<br /> part of this Agreement.
<br /> Payment Due Date.The payment due date shown on the Billing Statement which date shall be the last day of the Grace Days or such other
<br /> agreed between us in writing.
<br /> PCI-DSS. The Payment Card Industry-Data Security Standard as amended from time to time and any successor standard adopted by the
<br /> payment card industry establishing security standards for payment cards.
<br /> Personal Data. Means(i)any"non-public personal information"as such term is defined under Title V of the U.S.Gramm-Leach-Bliley Act,
<br /> 15 U.S.C.§6801 et seq.and the rules and regulations issued thereunder;(ii)any"personal data"as defined in EU Directive 95/46/EC, EU
<br /> Regulation 2016/679,the United Kingdom Data Protection Act 1998 or any equivalent or similar concept of personal data or personal
<br /> information under any applicable law;or(iii)any other information that can specifically identify an individual,such as name,address and
<br /> social security number("SSN"),together, in each case,with any other information that relates to an individual who has been so identified.
<br /> 00-35-6182NSBW 02-26-2020 AK Page 2 of 16
<br /> Bank of America — Confidential ©2020 Bank of America corporation
<br />
|