ADDENDUM TO BUSINESS INTEGRATOR ONLINE TERMS AND CONDITIONS

wanderooswarrenAI and Robotics

Nov 21, 2013 (3 years and 7 months ago)

73 views




ADDENDUM TO
BUSINESS INTEGRATOR

ONLINE TERMS AND CONDITIONS


1.

Introduction

1.1

The Client makes use of the BI Online Service and such use is subject to the to the Bank's terms and
conditions applicable
to Business Integrator Online, which terms and conditions were referred to or included in the document which was signed
by the Client titled "Business Integrator
-

Online Registration and Terms and Conditions" (the "
BI Online Terms an
d
Conditions
").

1.2

The Bank has introduced new security and verification procedures and requirements and has introduced new systems,
policies, conditions, requirements and procedures relating to the digital certificates which are to be utilised by or on beha
l
f
of Users in order to access the BI Online Service.

1.3

It is therefore necessary to amend and supplement the BI Online Terms and Conditions so as to regulate, amongst other
things, the use by the Users of digital certificates in order to access the BI Online

Service.

1.4

This document (this "
Addendum
") is an addendum to the BI Online Terms and Conditions and amends and supplements
the BI Online Terms and Conditions.

1.5

PLEASE NOTE:
If any System Manager or Operator proceeds to apply for a Digital Certificate in the
manner
envisaged in this Addendum, the Client shall be deemed to have accepted and be in agreement with this
Addendum and its contents.



2.

Definitions and Interpretation

In this Addendum,
unless otherwise stated o
r inconsistent with the context:

2.1

the followin
g words and expressions shall
bear the following meanings
,

with

cognate words and expressions bear
ing

corresponding meanings
:

2.1.1


Applicant
” means a natural person who has submitted a Certificate Application and has not yet been issued a
Digital
Certificate.
Once issued with a
Digital
Certificate an Applicant is then known as a Subscriber. The Applicants
will comprise the

System Managers and Operators that submit Certificate Applications;

2.1.2

"
Authorised Signatory
" means a person appointed by the Client as its au
thorised representative in respect of all
matters related to the use by the Client of the BI Online Service and other services and products offered by the Bank,
pursuant to a resolution of the Client, which resolution is required to be in a form and format

which is satisfactory to
the Bank;

2.1.3

"
BI Online

Service
" means the service offered by the Bank to certain of its clients, known as "Business Integrator
Online", that, amongst other things, provides Users with online Digital Certificate access to certain of
the Bank’s
Information Systems in order to remotely transact on behalf of the Client on accounts and products offered by the
Bank to the Client, as may be further described in the Manual. This definition replaces the definition of "Service" in
clause 1.12
of the BI Online Terms and Conditions and all references to the "Service" in the BI Online Terms and
Conditions shall be deemed to be a reference to the BI Online Service;

2.1.4

"
BI Online Terms and Conditions
" means the terms and conditions referred to or
included in the documen
t

titled
"Business Integrator
-

Online Registration and Terms and Conditions" which was signed by the Client ;



2.1.5


Certificate Application
” means the application and information submitted by an Applicant when applying for the
issuance

o
r
renewal of a
Digital
Certificate
;

2.1.6


Certificate Authority
” or “
CA
” means
a legal entity that issues, signs, manages, and revokes
Digital
Certificates and
performs all functions related thereto, including identification, authentication and revocation of
Su
bscribers
, and
vouches for the binding between the Data items in a
Digital
Certificate. L@Wtrust is, for all purposes in terms of this
Agreement and the Certification Practice Statement, the Certificate Authority
;

2.1.7

"
Certification Practic
e Statement
" or "
CP
S
" means
the
L@Wtrust

Certificate Policy and/or the L@Wtrust
Certification Practice Statement

document/s
(available for download at
www.lawtrust.c
o.za
)
that,
amongst other
things
, define the rules and/or practices required to be adhered to by all persons participating in the L@
Wtrust Public
Key Infrastructure scheme
;

2.1.8

"
Client
" means the legal entity that has registered for the BI Online Service and
has signed the document titled
"Business Integrator
-

Online Registration and Terms and Conditions
"
;

2.1.9


Data

means,

for purposes of the definitions of "Data Message"
,

"Digital Signature"

and "Key Pair",


electronic
representations of information in any form
;

2.1.10


Data Message
” means Data generated, sent, received or stored by electronic means;

2.1.11

"
Digital Certificate

or “
Certificate

means a
Digitally Signed
Data Message

that is a
Public Key

certificate in the
version 3 format specified by
ITU
-
T Recommendation X.5
09
, which includes the following information: (i) identity of
the
Certificate Authority

issuing it; (ii) the name or identity of its
Subscriber
, or a device or electronic agent under the
control of the subscriber; (iii) a Public Key that corresponds to a
P
rivate Key

under the control of the
S
ubscriber; (iv)


the validity period; (v) the
Digital Signature

created using a Private Key of the Certificate Authority issuing it; and (vi)
a serial number
. Besides being associated with Digital Signatures, Digital Cer
tificates are also a recognised means of
controlling online access to Information Systems. For purposes of clarity, this definition replaces the definition of
"Digital Certificate" in clause 1.5 of the BI Online Terms and Conditions in respect of Digital C
ertificates which are
issued to System Managers and Operators as envisaged in this Addendum, and the obligations of the User in the BI
Online Terms and Conditions relating to Digital Certificates shall continue to apply to the Pre
-
existing Digital
Certific
ates ;

2.1.12


Digital Signature
” means
Data attached to, incorporated in, or logically associated with other Data and which is
intended by the user to serve as
that user's

signature. This involves the transformation of a Data Message using an
asymmetric cryptosy
stem such that a person having the initial message and the signer's Public Key can determine
whether: (i) the transformation was created using the Private Key that corresponds to the Subscriber's Public Key;
and (ii) the message has been altered since the
transformation was made
;

2.1.13


Digitally Signed

means signed by means of a
Digital Signature

(
as opposed to a hand
-
written signature
)
;

2.1.14


Information System
” means an information technology and telecommunications infrastructure and system used for
generating, sending, receiving, storing, displaying or otherwise processing Data Messages and includes the
computer and telecommunications networks, equipment, hard
ware, software, middleware, firmware,
data
, databases,
terminals and components;

2.1.15


ITU
-
T Recommendation X.509
” means the cryptography standards for Public Key Infrastructure as published by
The International Telecommunications Union (
http://www.itu.int
)
;



2.1.16


Key Pair
” means
two mathematically related Data keys, referred to as a Private Key and a Public Key, having the
properties that (i) one key can encrypt a Data Message which only the other key can decrypt, and (ii) even kn
owing
the one key, it is computationally infeasible to discover the other key
;

2.1.17


L@Wtrust
” means

Law Trusted Third Party Services (Pty) Ltd, a company duly incorporated in accordance with the
laws of the Republic of South Africa, with registration number: 2
001/004386
/07
;

2.1.18

"
Pre
-
existing Digital Certificate
" means a digital certificate issued by the Bank to a User prior to the implementation
by the Bank of the processes envisaged in this Addendum and which was also not issued to the User pursuant to the
CPS and

RA Charter;

2.1.19


Private Key
” means
the key of a Key Pair used to create a Digital Signature

or access to an Information System,

and is required to be kept secret;

2.1.20


Public Key
” means
the key of a Key Pair used to verify a Digital Signature

or access to an Inf
ormation System,

and
may be publicly disclosed;

2.1.21


Public Key Infrastructure


or “
PKI


means the structure of,
inter alia
,
i
nfrastructure, people, processes, and policies
th
at

collectively support the implementation and operation of a Certificate
-
based
p
ubli
c
k
ey cryptography scheme
;

2.1.22


RA Charter
” means the
Absa BIO Registration Authority Charter

(as amended from time to time) and, subject to the
provisions of the CPS, describes,

amongst
other things
, the authentication, permissions and restrictions of
Subscribers when using Digital Certificates to access
the Bank
’s Information Systems;



2.1.23


Registration Authority

or “
RA

means an entity that, inter alia: (i) receives Certificate Applications
, and (ii)
validates information supplied in support of a Certificate Application, (iii) requests a Certificate Authority to issue a
Certificate containing the information as validated by the Registration Authority, and (iv) requests a Certificate
Authorit
y to revoke Certificates issued
. The Bank is
for all purposes in terms of this Agreement and the Certification
Practice Statement, the
Registration Authority
;

2.1.24


Subscriber
” means an Applicant whose Certificate Application has been approved, and has been iss
ued a
Digital
Certificate, and who is the subject named or otherwise identified in the
Digital
Certificate, controls the Private Key that
corresponds to the Public Key listed in that Certificate, and is the individual to whom
access rights to the Bank’s
In
formation Systems,

as
verified by reference to such
Digital
Certificate
,

are

to be attributed
.
The
Subscribers

in
terms of this
Addendum and the BI Online Terms and Conditions will
comprise the
Authorised Signatory, System
Managers and Operators who have
been issued with a Digital Certificate. A Subscriber shall also be deemed to be a
"User" for purposes of the BI Online Terms and Conditions;

2.1.25

"
Subscriber Agreement
" means the terms and conditions agreed by a System Manager or Operator (as the case
may be)
when a Certificate Application is made by the System Manager or Operator, which terms and conditions
regulate the use of Digital Certificates by the System Manager and Operator and also incorporates the CPS and the
RA Charter; and

2.1.26

"
User Name
" means the Ab
sa BIO User ID allocated to an Operator or System Manager by the Bank and included in
the Digital Certificate issued to that Operator or System Manager, as further described in the CPS and RA Charter.
This Absa BIO User ID shall be pre
-
populated in the rel
evant fields of the log
-
in page for the Service where the
System Manager or Operator utilises its Digital Certificate in order to access the BI Online Service.



2.2

the words and expressions which are defined in the BI Online Terms and Conditions, the CPS or t
he RA Charter
, shall

have

the

same meaning whenever used
in this Addendum

unless a different definition is given in this Addendum
and
cognate words and expressions shall bear corresponding meanings
.

3.

Conflicts

3.1

In the event of any conflict or inconsistency between this Addendum and the BI Online Terms and Conditions, the
provisions of this Addendum will prevail.

3.2

For purposes of clarity
:

3.2.1


the definition of "Digital Certificate" in clause 1.5 of the BI Online Ter
ms and Conditions is hereby replaced in its
entirety with the definition of "Digital Certificate" in clause
2.1.11

above

in respect of Digital Certi
ficates which are
issued to System Managers and Operators as envisaged in this Addendum. The obligations of the User in the BI
Online Terms and Conditions relating to Digital Certificates shall continue to apply to the Pre
-
existing Digital
Certificates;

3.2.2

the definition of "Service" in clause 1.12 of the BI Online Terms and Conditions
is hereby replaced in its entirety with
the definition of "
BI Online Service
" in clause

2.1.3

above and all references to the "Service" in the BI Online Terms
and Conditions shall be deemed to be a reference to the "BI Online Service";

3.2.3

all references to "Access code" and "Access Code" in the BI Online Terms and Conditions shall only appl
y to the
extent that Pre
-
existing Digital Certificates continue to be used by the User to access the BI Online Service, but the
Users obligations relating to Access Codes shall continue to apply after the expiry of any Pre
-
existing Digital


Certificate. Not
withstanding the definition of "Access code", Users of valid Pre
-
existing Digital Certificates will only
require 1 password to logon to the BI Online Service with that Pre
-
existing Digital Certificate; and

3.2.4

all obligations of the User in the BI Online Terms

and Conditions relating to Access Codes shall also extend and
apply to the User Names.

3.3

The use of
the BI Online Service

by the Client and the Users shall be subject to the provisions of the BI Online Terms and
Conditions, read together with this Addendum
.



3.4

To the extent allowed by law, there
are no other oral or written understandings or agreements between the
P
arties relating
to the
BI Online
Service.

4.

Digital Certificates and passwords

4.1

For clarity:

4.1.1

the obligations of the User in the BI Online Terms and
Conditions relating to Digital Certificates shall continue to
apply to the Pre
-
existing Digital Certificates;

4.1.2

all references to "Access code" and "Access Code" in the BI Online Terms and Conditions shall only apply to the
extent that Pre
-
existing Digital C
ertificates continue to be used by the User to access the BI Online Service, but the
Users obligations relating to Access Codes shall continue to apply after the expiry of any Pre
-
existing Digital
Certificate. Notwithstanding the definition of "Access code
", Users of valid Pre
-
existing Digital Certificates will only
require 1 password to logon to the BI Online Service with that Pre
-
existing Digital Certificate; and



4.1.3

all obligations of the User in the BI Online Terms and Conditions relating to Access Codes sh
all also extend and
apply to the User Names.

4.2

In order to log
-
in to access and use the BI Online Service, each individual System Manager and Operator shall require (i)
a valid Pre
-
existing Digital Certificate or a Digital Certificate issued to it in the ma
nner envisaged by this Addendum; and
(ii) one password .

4.3

When the Pre
-
existing Digital Certificate issued to a System Manager or Operator expires or is revoked for any reason, the
System Manager and Operator shall be required to apply for and obtain a Di
gital Certificate in the manner described in the
CPS and RA Charter.

4.4

The Bank may also notify a System Manger or Operator if a Pre
-
existing Certificate issued to it is due to expire within the
next 30 days and such System Manager and Operator shall be ab
le to apply for a Digital Certificate in the manner
described in the CPS and RA Charter.

4.5

Digital Certificates shall be issued to Subscribers in the manner described in the CPS and RA Charter and must only be
used by the relevant Subscriber for the speci
fic purposes of utilising the BI Online Service on behalf of the Client.

4.6

After a Digital Certificate is issued to a System Manager pursuant to the CPS and RA Charter, the Bank shall provide the
System Manager with a temporary password for the purposes of e
nabling the System Manager to log in with the Digital
Certificate to access and use the BI Online Service, except that where the Operator had previously been issued a Pre
-
existing Certificate then that Operator shall not have a temporary password and shall

use its existing password to log
-
in
with the Digital Certificate to access and use the BI Online Service. It shall be the responsibility of the System Manager t
o


change such temporary password on the first occasion on which the System Manager logs in to
access and use the BI
Online Service after a Digital Certificate is issued to it.

4.7

The System Manager must ensure that it changes the passwords selected by it frequently and on a regular basis. Without
limiting the obligations of the System Manager to chan
ge the passwords selected by it, each password will expire every 30
days and the System Manager will not be able to access the BI Online Service with an expired password and will be
required to select a new password before, or following, the expiry of a pa
ssword. The Bank may impose requirements as
to the length and composition of the passwords selected by the System Manager.

4.8

After a System Manager registers an Operator on the BI Online Service
in the manner described in the Manual
, the
System Manager sha
ll provide the Operator with the temporary password selected by the System Manager when
registering the Operator . The System Manager shall be required to keep such temporary password secret and only
disclose them to the relevant Operator for whom it was c
reated.

4.9

After a Digital Certificate is issued to an Operator pursuant to the CPS and RA Charter, the Operator shall be required to
use the temporary password created for it by a System Manager, in order to log
-
in with the Digital Certificate to access and
use the BI Online Service, except that where the Operator had previously been issued a Pre
-
existing Certificate then that
Operator shall not have a temporary password and shall use its existing password to log
-
in with the Digital Certificate to
access and
use the BI Online Service. It shall be the responsibility of the Operator to change such temporary password on
the first occasion on which the Operator logs in to access and use the BI Online Service after the Digital Certificate is
issued to it.

4.10

The Ope
rator must ensure that it changes the passwords selected by it frequently and on a regular basis. Without limiting
the obligations of the Operator to change the passwords selected by it, each password will expire every 30 days and the


Operator will not be
able to access the BI Online Service with an expired password and will be required to select a new
password before, or following, the expiry of a password. The Bank may impose requirements as to the length and
composition of the passwords selected by the O
perator.

4.11

Subject to clause
4.16
, all acts and transactions performed, and all instructions given, through the use of the BI Online
Service where the Digital Certif
icate and relevant password/s of an Operator or System Manager have been provided upon
login, shall be deemed to have been performed by the relevant Operator or System Manager with the authority of the
Client. The Bank shall be entitled to process and car
ry out all such transactions and instructions and the Client hereby
authorises the Bank to do so.

This clause
constitutes an assumption of risk and liability by
the Client

and
limits and excludes liabilities
, obligations

and legal responsibilities which
the Bank will have towards the Client
.
T
h
e Client will be deemed to have authorised all
actions, instructions and transactions by the System Managers and Operators and the Client authorizes the Bank to
process and carry out all of these instructions and t
ransactions, This clause
places
the

risks, liabilities, obligations
and legal responsibilities on
the Client for the acts or transactions performed, and the instructions given, by the
System Managers or Operators. This
clause
also limits and excludes th
e Client's

rights and remedies against
the Bank
where the System Managers or Operators perform any acts or transactions or give any instructions to the Bank
without the actual authority or consent of the Client, or where the Bank processes or carries out t
hese instructions or
transactions.


4.12

In addition to and without derogating from the obligations of the Client, or of the System Managers and of the Operators in
the further provisions of this Addendum and the BI Online Terms and Conditions:



4.12.1

t
he Client
shall cause each System Manager and Operator to accept the provisions of the Subscriber Agreement
, the
CPS and the RA Charter

prior to a Digital Certificate being issued to that person;

4.12.2

the Client shall ensure that each System Manager

and Operator complies

with the provisions of the Subscriber
Agreement
, the CPS and the RA Charter

;

4.12.3

each System Manager and Operator must ensure that the Digital Certificate issued to it and all passwords used or
selected by it, are kept secret and confidential and are not di
sclosed or provided to any other person, including any
other System Manager or Operator;

4.12.4

the Client shall ensure that each System Manager and Operator keeps the Digital Certificate issued to it and all
passwords used or selected by it, secret and confid
ential and does not disclose or provide these Digital Certificates
and passwords to any person, including any other System Manager or Operator;

4.12.5

the Client shall educate all System Managers and Operators, and shall implement appropriate policies and
procedu
res within its business, regarding the proper and permitted uses, storage, disclosure and handling of the
Digital Certificates and the passwords of the Operators and System Managers; and

4.12.6

the Client must immediately inform the Bank's Relationship Manager in

writing, with sufficient particularity of any
actual, threatened or suspected fraud or any actual, threatened or suspected unauthorised use of the BI Online
Service or the Information Systems of the Client;

4.12.7

the Client must immediately inform the Bank's Tr
ansactional Banking Operations Division in writing, with sufficient
particularity, of any actual, threatened or suspected compromise of a Digital Certificate or password of a System
Manager or Operator, which shall include situations where any password or
part of a Digital Certificate becomes lost


or stolen or is shared, stored, used or disclosed in a manner not permitted by this Agreement, the CPS, the RA
Charter or the Subscriber Agreement.

4.13

Where there is any actual, threatened or suspected compromise of
a Digital Certificate or password of an Operator (which
shall include situations where any password or part of a Digital Certificate becomes lost or stolen or is shared, stored, use
d
or disclosed in a manner not permitted by this Agreement), a System Manag
er shall be required to immediately, in the
manner described in the Manual, access the BI Online Service and remove all the transactional, approval and
authorisation rights, including the rights and limitations to perform particular transactions, of the Op
erator. Such changes
shall be required to be immediately confirmed by the requisite number of System Managers , in the manner described in
the Manual.

4.14

Where there is any actual, threatened or suspected compromise of a Digital Certificate or password of a
System Manager
(which shall include situations where any password or part of a Digital Certificate becomes lost or stolen or is shared,
stored, used or disclosed in a manner not permitted by this Agreement), the Authorised Signatory shall be required to
im
mediately notify the Bank's Transactional Banking Operations Division of this in writing and requesting that the System
Manager's rights to use the BI Online service be removed. Following the receipt of such a notice, the Bank will remove all
the transacti
onal, approval and authorisation rights, including the rights and limitations to perform particular transactions, of
the System Manager

4.15

To the extent allowed by law, the Bank shall not be liable for any loss or damage suffered by the Client or any entity o
r
person as a result of a failure by the Client, the Authorised Signatory, a System Manager or an Operator to comply with
any obligations in clauses
4.12
,
4.13

or
4.14
.



This clause
constitutes an assumption of risk and liability by
the

Client

and
limits and excludes liabilities
, obligations

and legal responsibilities which
the Bank will have towards the Client

and other persons. This clause
also limits and
excludes the Client's

rights and remedies against
the Bank

and places
the

risks,
liabilities, obligations and legal
responsibilities on
the Client for any breaches of
clauses
4.12
,

4.13

or
4.14

by the Client, the Authorised Signatory, a
System Manager or an Operator
.

4.16

In addition to, and without limiting, the Bank's rights and obligations in the CPS and the RA Charter as a Registration
Authority relating to the revocation of

a Digital Certificate, upon receipt of a a notice pursuant to clause
4.12.7
, the Bank
shall as soon as reasonably practicable thereafter take measures to prevent t
he ongoing use of the BI Online Service by
any person using the relevant Digital Certificates and passwords which are the subject of the notice.

5.

Surephrase

5.1

SurePhrase™ is a mechanism that

endeavours to

provide

Users

confidence that the Business Integrator
Online site they
are logging onto is legitimate and not a fraudulent w
ebsite.

5.2

Each System Manager and Operator will be required to select and enable a
SurePhrase™

of its choice, through the use of
the BI Online Service, and will have a period of 45

days

t
o do so
.

5.3

The
SurePhrase™

selected by a User

will be displayed

to the User
prior to each logon

to the BI Online Service
.


If
the
SurePhrase
displayed to the User is not the same SurePhrase selected by that User
or
is
not
displayed to the User, the
U
ser
must

not

enter his password or

logon.




6.

Accuracy of information

6.1

The Client must ensure and verify, and the Client must take all steps necessary to ensure and verify, that all information
and documentation provided by the Client, a User, System Manager or an Ope
rator is complete, true and accurate,
including (without limitation) all information and documentation provided as part of a Certificate Application, or relating t
o
the Client, a User, System Manager or an Operator . Without limiting the responsibilities
of the Client, the Client shall
ensure that:

6.1.1

the names, identity numbers, addresses and signature specimens provided by the Client, or provided by a User,
System Manager or Operator (including, without limitation, where this is provided as part of a Certif
icate Application),
in respect of each User, System Manager or Operator is that of the relevant User, System Manager or Operator; and

6.1.2

the e
-
mail address of each User, System Manager or Operator provided by the Client, or provided by a User, System
Manager
or Operator (including, without limitation, where this is provided as part of a Certificate Application), is the
correct e
-
mail address and is only accessible by the relevant User, System Manager or Operator to whom that e
-
mail
address belongs.

7.

Risk and
liability

In addition to its further obligations in this Addendum or the BI Online Terms and Conditions, to the extent allowed by law a
nd
subject to clause
9.2
, th
e Client agrees that the use of the BI Online Service and of the Digital Certificates and the passwords
issued to or used by an Operator or System Manager, is at the Client’s own risk
;

This clause
constitutes an assumption of risk and liability by
the
Client

and
limits and excludes liabilities
, obligations

and legal responsibilities which
the Bank will have towards the Client

and other persons. This clause
also limits and


excludes the Client's

rights and remedies against
the Bank

and places
the

risks, l
iabilities, obligations and legal
responsibilities on
the Client relating to the
use of the BI Online Service and of the Digital Certificates and the
passwords issued to or used by an Operator or System Manager
.


8.

Suspension and termination

Notwithstanding
anything to the contrary in the BI Online Terms and Conditions or this Addendum, and in addition to
the Bank
's
other
rights in the BI Online Terms and Conditions

and this Addendum
,
the Bank

shall

acting reasonably

be entitled
(but not
obliged)
to terminate

or suspend all or part of the BI Online Service or
to
suspend
or terminate
the rights of the Client, the
Users,
or
any of the System Managers and/or any of the Operators to access and use
all or part of
the BI Online Service,
where:

8.1.1

the Bank becomes aware

of any actual, threatened or suspected fraud or any actual, threatened or suspected
unauthorised use of the BI Online Service or of the Information Systems of the Client or of the Bank;

8.1.2

a Digital Certificate issued to an Operator or System Manager has bee
n suspended or revoked, as detailed in the
CPS or the RA Charter; or

8.1.3

any events have occurred which would entitle or require the Certification Authority, the Registration Authority or the
Subscriber to revoke or suspend a Digital Certificate or to request
the revocation or suspension of a Digital Certificate
in terms of the CPS or RA Charter;



8.1.4


the Bank

becom
es

aware of any actual, suspected
, threatened

or potential compromise of a Digital Certificate or of a
password of a System Manager or Operator, whic
h shall include (with
o
ut limitation) situations where any password or
part of a Digital Certificate becomes lost or stolen or is shared, stored, used or disclosed in a manner not permitted
by this
Addendum, the BI Online Terms and Conditions, the CPS, the

Subscriber Agreement or the RA Charter
.

9.

Consumer Protection Act

9.1

If

this Addendum, the BI Online Terms and Conditions, the CPS, RA Charter, or Subscriber Agreement (the
"
Documents")

and/or any goods and/or services provided pursuant to the Documents are r
egulated by the Consumer
Protection Act No 68 of 2008, as amended, replaced or re
-
enacted from time to time ("
the

Consumer Protection Act
"), it
is not intended that any provision of the Documents contravenes any provision of the Consumer Protection Act and
therefore all provisions of the Documents must be treated as being qualified, to the extent necessary, to ensure that the
provisions of
the Consumer Protection Act are complied with.

9.2

No provision of the Documents (as defined in clause
9.1

above) does or purports to limit or exempt the Bank from li
ability
for any loss directly or indirectly attributable to the Bank's gross negligence or wilful default or that of any individual
partner, employee, agent, or any other person acting for or controlled by the Bank to the extent that the law does not allow

this, and no provision of the Documents requires the Client or a User to assume risk or liability for this kind of loss to th
e
extent that the law does not allow this.