Common use of Security Clause in Contracts

Security. 5.1 Security Prior to Activating the Method – loss or theft. If the mobile telephone to which the one-time password should be sent is lost or stolen or the e-mail address to which the one-time password should be sent is misused or blocked before you create the Certificate, or the mobile telephone to which the one-time password should be sent is lost or stolen prior to activating the method, the Certificate Holder shall be obliged to notify the Bank without any unnecessary delay to the telephone number +▇▇▇ ▇▇▇ ▇▇▇ ▇▇▇ and agree upon an alternative method of the delivery of a new one-time password. The Bank shall subsequently invalidate the old password. The Bank can deliver the one-time password at the electronic address of the Certificate Holder, if such an address is stated in the Contract, in the case of the Certificate. 5.2 Certificate. The Certificate Holder shall be fully responsible for the process of the creation of the Certificate, including the generation of a Public and Private Key on the PC that the Certificate Holder has used for this purpose. Being the sole user of the Certificate including the Private Key, the Certificate Holder shall be liable for their use. 5.3 A Private Key stored in a data file is protected by a password. A Private Key stored on a chip card is protected by a PIN Code. 5.5 The Certificate Holder shall be obliged to protect his/her Private Key, the password and, as the case may be, the PIN and PUK Codes, to be used with the Private Key throughout the entire term of the validity of the Certificate, in particular from a possible loss, disclosure to a third party, alteration, or unauthorised use. The password or the PIN and PUK Codes to be used with the Private Key must not be stored in the same place or on the same media as the Private Key and may never be stored in any manner that would make them accessible to third parties. In particular, the Certificate Holder must not leave an unsecured Private Key in the PC with a password entered and the key activated, or leave the chip card inserted in the chip card reader outside the time when he/she is logging into a given Banking Service or is using the Electronic Signature. The Certificate Holder must continuously make sure that the Certificate has not been lost, stolen, misused or used without authorisation. Other obligations to ensure the security of the Certificate Holder's equipment. When using his/her device, the Certificate Holder has the following obligations: use and update anti-virus software, use an updated operating system and an updated web browser, visit only known sites, not to download or install programmes from untrusted sources, not to use a mobile device with modified settings (e.g. jailbreak or root), use a trusted and properly secured device, download only applications from official sources (e.g. Google Play, Apple Store, Windows Phone Store), use a password that is not simple and cannot be derived from personal data, keep the device under control at all times, not to provide access data to a third party, not to record it in an easily recognizable form and not to store or carry it with the device, not allowing the browser to remember his/her password, not entering sensitive data over the Internet without any reason, not opening attachments of suspicious emails or files with unknown content, not responding to suspicious email messages in particular, not to respond to e-mail messages requesting passwords, PIN codes, credit card numbers, etc., and not to click on links in such messages and e-mails. The Certificate Holder can verify the authenticity of the e-mail sent from the KB according to the Rules for sending electronic communications, which can be found in the Decalogue of the Safe Internet Banking. The Certificate Holder is also obliged to protect his/her device used for Direct Banking or on which he/she has activated the method for creating an Electronic Signature from misuse by a third party, to use only his/her computer or mobile phone to log in to Direct Banking, to refuse a request and to contact the Bank immediately if he/she receives a request to log in or a transaction he/she did not enter, to keep track of his/her Direct Banking login history and to regularly check the transaction history.

Security. 5.1 Security Prior to Activating the Method – loss or theft. If the mobile telephone to which the one-time password should be sent is lost or stolen or the e-mail address to which the one-time password should be sent is misused or blocked before you create the Certificate, or the mobile telephone to which the one-time password should be sent is lost or stolen prior to activating the method, the Certificate Holder shall be obliged to notify the Bank without any unnecessary delay to the telephone number +▇▇▇ ▇▇▇ ▇▇▇ ▇▇▇ and agree upon an alternative method of the delivery of a new one-time password. The Bank shall subsequently invalidate the old password. The Bank can deliver the one-time password at the electronic address of the Certificate Holder, if such an address is stated in the Contract, in the case of the Certificate. 5.2 Certificate. The Certificate Holder shall be fully responsible for the process of the creation of the Certificate, including the generation of a Public and Private Key on the PC that the Certificate Holder has used for this purpose. Being the sole user of the Certificate including the Private Key, the Certificate Holder shall be liable for their use. 5.3 A Private Key stored in a data file is protected by a password. A Private Key stored on a chip card is protected by a PIN Code. 5.5 5.4 The Certificate Holder shall be obliged to protect his/her Private Key, the password and, as the case may be, the PIN and PUK Codes, to be used with the Private Key throughout the entire term of the validity of the Certificate, in particular from a possible loss, disclosure to a third party, alteration, or unauthorised use. The password or the PIN and PUK Codes to be used with the Private Key must not be stored in the same place or on the same media as the Private Key and may never be stored in any manner that would make them accessible to third parties. In particular, the Certificate Holder must not leave an unsecured Private Key in the PC with a password entered and the key activated, or leave the chip card inserted in the chip card reader outside the time when he/she is logging into a given Banking Service or is using the Electronic Signature. The Certificate Holder must continuously make sure that the Certificate has not been lost, stolen, misused or used without authorisation. Other obligations to ensure the security of the Certificate Holder's equipment. When using his/her device, the Certificate Holder has the following obligations: use and update anti-virus software, use an updated operating system and an updated web browser, visit only known sites, not to download or install programmes from untrusted sources, not to use a mobile device with modified settings (e.g. jailbreak or root), use a trusted and properly secured device, download only applications from official sources (e.g. Google Play, Apple Store, Windows Phone Store), use a password that is not simple and cannot be derived from personal data, keep the device under control at all times, not to provide access data to a third party, not to record it in an easily recognizable form and not to store or carry it with the device, not allowing the browser to remember his/her password, not entering sensitive data over the Internet without any reason, not opening attachments of suspicious emails or files with unknown content, not responding to suspicious email messages in particular, not to respond to e-mail messages requesting passwords, PIN codes, credit card numbers, etc., and not to click on links in such messages and e-mails. The Certificate Holder can verify the authenticity of the e-mail sent from the KB according to the Rules for sending electronic communications, which can be found in the Decalogue of the Safe Internet Banking. The Certificate Holder is also obliged to protect his/her device used for Direct Banking or on which he/she has activated the method for creating an Electronic Signature from misuse by a third party, to use only his/her computer or mobile phone to log in to Direct Banking, to refuse a request and to contact the Bank immediately if he/she receives a request to log in or a transaction he/she did not enter, to keep track of his/her Direct Banking login history and to regularly check the transaction history.