image.jpg
Exhibit 10.62

Certain identified information has been redacted from this exhibit because it is both (i) not material and (ii) a type that the registrant treats as private or confidential. Information that has been omitted has been identified in this document with a placeholder identified by the mark “[***].”

Bank of America Europe Designated Activity Company
Two Park Place, Hatch Street, Dublin 2, Ireland
T +353 (0)1 243 8500 | F+353 (0)1 243 8501




01/12/2022

Mr. Paul Donofrio
[***]


Dear Paul,

Letter of Appointment

The Board of Directors (the “Board”) of Bank of America Europe Designated Activity Company (the “Company” or “BofA Europe”) is pleased that you have accepted our offer to join the Board as the Chair and a Non-Executive director. Schedule 1 of this letter sets out the conditions to which this offer is subject and explains what you need to do if you wish to formally accept.

This letter sets out the main terms of your offer. It is agreed between us that when formally accepted, this will be a contract for services and will not be a contract of employment.

By accepting this appointment, you confirm that you are not subject to any restrictions which prevent you from holding office as a director.

1.APPOINTMENT

1.1Subject to the remaining provisions of this letter, your appointment as Non-Executive director commenced on the date of regulatory approval, 1 December 2022, for a term of one year, unless terminated by either party giving the other one month’s prior written notice (or, at the Company’s discretion, by making a payment of the appropriate pro rata fee in lieu of such notice). Your appointment as Chair of the Board of BofA Europe will commence on 1 January 2023. The Board may invite you to serve for an additional period. Should the Board do so, this letter of appointment will automatically renew for such further period of appointment as approved by the Board and the term specified in this paragraph 1.1 shall be deemed to be extended accordingly.

1.2Your appointment is subject to the articles of association of the Company, as amended from time to time (the “Articles”). Nothing in this letter shall be taken to exclude or vary the terms of the Articles as they apply to you as a director of the Company.





Bank of America Europe Designated Activity Company is registered in Ireland. Registered Office: Two Park Place, Hatch Street, Dublin 2, Ireland. Registered No.: 229165. VAT No. IE 8229165F. A wholly owned subsidiary of Bank of America Corporation. A list of names and personal details of every director of the company is available for inspection to the public at the company’s registered office for a nominal fee. Bank of America Europe Designated Activity Company is regulated by the Central Bank of Ireland.

image.jpg
Page 2 of 16

1.3Your appointment is also subject to all applicable laws or regulations, including, without limitation, the Companies Act 2014. If any term of this letter should conflict or be inconsistent with any applicable laws or regulations, then the applicable laws or regulations shall prevail.

1.4Notwithstanding the above paragraphs the Company may terminate your appointment with immediate effect:
(a)if you have committed any serious or repeated breach or non-observance of your obligations to the Company (which include an obligation not to breach your statutory, fiduciary, or common-law duties); or
(b)if you have not complied with the Company’s anti-corruption and bribery policy and procedures and/or the Prevention of Corruption Acts 1889 – 2010 as amended from time to time; or
(c)if you have been guilty of any fraud or dishonesty or acted in any manner or engaged in any conduct which, in the opinion of the Company, brings or is likely to bring you or the Company into disrepute or is materially adverse to the interests of the Company whether or not connected with your engagement hereunder; or
(d)if you have been declared bankrupt or have made an arrangement with or for the benefit of your creditors; or
(e)if you have been restricted or disqualified from acting as a director; or
(f)if the Company determines that it is or may at any time be unable to satisfy itself that you are fit and proper for whatever reason; or
(g)immediately in the event that your status as a Pre-Approval Control Function
(“PCF”) in respect of the Company is withdrawn for any reason at any time: or
(h)if you fail to satisfy at the sole discretion of the Company any of the conditions contained within this appointment letter.

1.5On the termination of your appointment as a director (howsoever arising), you shall only be entitled to accrued fees as at the date of termination together with reimbursement of any reasonable and documented expenses properly incurred prior to that date.

1.6On the termination of your appointment, you shall cease to hold yourself out as in any way connected with the Company thereafter and observe the duty of confidentiality set out in paragraph 7 of this letter notwithstanding such termination.

2.TIME COMMITMENT

2.1From the date of your appointment under the terms of this letter, you will be required to devote such time as is necessary for you to properly perform your duties, normally including chairing a minimum of six board meetings (which may be more frequent, where required),



image.jpg
Page 3 of 16





and attendance at other committee meetings as required. In addition, you will be required to consider all relevant papers prior to each meeting.

2.2By accepting this appointment, you confirm that you are able to allocate sufficient time to meet the expectations of your role. Should you not be able to commit to the required time (as stated in clause 2.1), you will inform the Company immediately. For avoidance of doubt, the Company reserves the right at its absolute discretion to determine the number of directorships held at any one time.

3.ROLE AND DUTIES

3.1As a non-executive director you shall have the same general legal responsibilities to the Company as any other director. The Board as a whole is collectively responsible for the affairs of the Company. The Board's role is to:
(a)provide leadership of the Company within a framework of prudent and effective controls which enable risk to be assessed and managed;
(b)set the Company's strategic aims, ensure that the necessary financial and human resources are in place for the Company to meet its objectives, and review management performance; and
(c)set the Company's values and standards and ensure that its obligations to its shareholders and others are understood and met.

3.2All directors must act in the way they consider, in good faith, in the interests of the Company as a whole. In doing so, as a director, you must have regard (among other matters) to:
(a)the likely consequences of any decision in the long term;
(b)the interests of the Company's employees;
(c)the need to foster the Company's business relationships with suppliers, customers and others;
(d)the impact of the Company's operations on the community and the environment;
(e)the desirability of the Company maintaining a reputation for high standards of business conduct; and
(f)the need to act fairly as between the members of the Company.

3.3In your role as Chair and a non-executive director, you shall also be required to:
(a)lead the Board of the Company;
(b)encourage critical discussion and challenge mindsets;
(c)promote effective communication between executive and non-executive directors;
(d)attend and chair board meetings;
(e)constructively challenge and contribute to the development of strategy;



image.jpg
Page 4 of 16



(f)scrutinise the performance of management in meeting agreed goals and objectives and monitor the reporting of performance;
(g)satisfy yourself that financial information is accurate and that financial controls and systems of risk management are robust and defensible;
(h)have a role in appointments and in succession planning, where applicable;
(i)at all times comply with the Articles of the Company;
(j)abide by your statutory, fiduciary or common-law duties as a director of the Company, including any duties or obligations which are or which may be imposed by relevant regulatory authorities from time to time;
(k)diligently perform your duties and use your best endeavours to promote, protect, develop and extend the business of the Company;
(l)immediately report your own wrongdoing or the wrongdoing or proposed wrongdoing of any employee or other director of the Company of which you become aware to the Head of Compliance of the Company; and
(m)inform the Company Secretary if you intend to take on any additional directorships other than those already noted.

3.4You represent and warrant to the Company that you are not engaged in, or currently intending to engage in, any lawsuit or other legal or administrative proceedings or arbitration which would adversely affect, in any material respect, your ability to perform your obligations hereunder and to the best of your knowledge, information and belief, no such litigation or arbitration is pending or threatened against you.

3.5You shall be entitled to request relevant information about the Company's affairs as is reasonably necessary in order to enable you to discharge your duties.

4.FEES

From the date of your appointment as non-executive director and Chair, you shall be paid annual fees totalling one hundred sixty thousand euro (€160,000) in respect of your appointments, €100,000 (one hundred thousand euro) of which is attributable to your role as non-executive director of the Company and €60,000 (sixty thousand euro) of which is attributable to your role as Chair of the Board. These annual fees will be prorated for the portion of the calendar year in which you are appointed to the Board as a non-executive director and the calendar year you are appointed as Chair, respectively, and shall be paid in equal instalments monthly in arrears after deduction of any taxes and other amounts that are required by law. The Company shall reimburse you for all reasonable and properly documented expenses that you incur in performing the duties of your office.



image.jpg
Page 5 of 16





5.INDEPENDENT LEGAL ADVICE

In some circumstances you may consider that you need professional advice in the furtherance of your duties as a director and it may be appropriate for you to seek advice from independent advisors at the Company's expense. In these circumstances you should notify the General Counsel, EMEA in advance of seeking advice so that it can be discussed whether it is appropriate to obtain such advice and the procedure for doing so.

6.OUTSIDE INTERESTS

6.1It is accepted and acknowledged that you have business interests other than those of the Company and have declared any conflicts that are apparent at present. If you become aware of any potential conflicts of interest, these should be disclosed to the Chief Executive Officer and Company Secretary as soon as you become aware of them and you should isolate yourself from decision-making on any matter on which there is a conflict.

6.2During your appointment you will not without the prior written consent of the Company, which shall not be unreasonably withheld, undertake any additional directorship appointments or other business or work activity that may conflict with your appointment with the Company. In considering whether to give consent the Company reserves the right at its reasonable discretion to determine what types of activities may be in conflict. Any questions, clarification or doubts regarding other activities by you and potential conflict must be raised with the Company. You also acknowledge and agree that the prior approval of the CBI (and other relevant regulatory authorities) will be required prior to you taking on any other directorships (other than directorships within the Company’s group).

7.CONFIDENTIALITY

7.1All information acquired prior to and during your appointment is confidential to the Company and should not be disclosed to third parties or used for any reason other than in the interests of the Company, either before, during or following termination of your appointment (by whatever means), without prior written clearance from the Chief Executive Officer or the Company Secretary.

7.2Your attention is also drawn to the requirements under both legislation and regulation as to the disclosure of inside information. Consequently, you should avoid making any statements that might risk a breach of these requirements without prior clearance from the Chief Executive Officer or the Company Secretary.

7.3In line with local regulations and the Bank of America Code of Conduct, the Company acts in compliance with the Ireland Whistleblowing Policy, which sets out the preferred procedure for whistleblowing. Under Irish rules Pre-Approval Controlled Functions (“PCFs”) are required to report certain types of misconduct to the CBI including: (i) information relating to breaches of financial services legislation; or (ii) the destruction or concealment of relevant evidence related to such breaches. The affirmative obligations on PCFs to



image.jpg
Page 6 of 16





disclose this information to the CBI applies except where: (i) the report would lead to self- incrimination; or (ii) where the information has already been disclosed to the CBI. Failure by a PCF to disclose such contraventions could result in an investigation by the CBI into the PCF.

8.REVIEW PROCESS

The performance of individual directors and the whole Board is evaluated annually. If, in the interim, there are any matters which cause you concern about your role you should discuss them with the Chair of the Nominations Committee as soon as possible.

9.INDEMNITY

The details of your right to indemnification as a director of the Company are contained in Article VIII of the bylaws of the Bank of America Corporation, a copy of which you have already been provided with. The Company routinely receives requests from regulatory authorities to provide information in relation to their inquiries and should you become the subject of or party to any investigation by the CBI or any other regulatory authority, the Company has policies and processes in place to collate and safeguard any documentation held by the Company that it may be required to produce and will provide such additional support and assistance as is reasonable in all the circumstances, subject to any applicable legal or regulatory duties.

10.INSURANCE

The Company has directors' and officers' liability insurance and it intends to maintain such cover for the full term of your appointment. You will be notified on each renewal date that the policy has been renewed and advised of any material change in coverage.

11.THIRD PARTY RIGHTS

No person other than you and the Company shall have any rights under this letter and the terms of this letter shall not be enforceable by any person other than you and the Company.

12.MISCELLANEOUS

12.1Your appointment with the Company and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Ireland and you and the Company irrevocably agree that the courts of Ireland shall have non-exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this appointment or its subject matter or formation (including non-contractual disputes or claims).



image.jpg
Page 7 of 16





12.2This letter constitutes the entire terms and conditions of your appointment and supersedes all previous discussions, correspondence, negotiations, arrangements, understandings and agreements between you and the Company relating to its subject matter.

Please indicate your acceptance of these terms by signing and returning one copy of this letter to Sarah McGuinness, Company Secretary, at Bank of America Europe, [***], Ireland.

Yours sincerely



/s/ Jennifer Becker
....................................................

Jennifer Becker, Head of International Human Resources

For and on behalf of Bank of America Europe Designated Activity Company

I agree to the above terms of appointment as Chair and a Non-Executive Director.




/s/ Paul Donofrio
………………………………………………………

Paul Donofrio
Chair and Non-Executive Director


        23 January 2023
Signed on ......................................



image.jpg
Page 8 of 16





Schedule 1
Conditions of the offer


Conditions of this offer are that:

1.You sign and return all required documentation as set out in this Schedule;
2.You are able to provide evidence of your right to work and remain in Ireland, in accordance with legal requirements, if required;
3.You will comply with Bank of America Corporation policies and any other Company procedures and policies that may apply to non-executive directors from time to time; and
4.You also meet any further requirements as stated in this Schedule and the letter of appointment.

We reserve the right to withdraw this offer if any of the above conditions are not met.

If, as we hope, you wish to accept the offer, you will need to sign and return one copy of this letter.



image.jpg
Page 9 of 16





Non-Executive Director Data Protection Notice
NON-EXECUTIVE DIRECTOR DATA PROTECTION NOTICE
I.INTRODUCTION

The legal entity named in the letter of appointment of the Non-Executive Director (collectively, the “Bank”) have prepared this Non-Executive Director Data Protection Notice (“Notice”) to outline its practices regarding the collection, use, storage, transfer and other processing of individually identifiable information about Non-Executive Directors (“Personal Data For the purposes of this Notice, “individually identifiable information” means information regarding an identified or identifiable Non-Executive Director. For the purposes of this Notice, “Non-Executive Director” means any member of the board of directors of any Bank entity who is not an employee of the Bank or its affiliates and has no executive responsibilities for the Bank or its affiliates. The Bank also may provide to Non-Executive Directors additional data protection or privacy notices from time to time.

In the event this Notice is provided to a Non-Executive Director in a language other than English, any discrepancy, conflict or inconsistency between the two language versions shall be resolved in favour of the English version, subject to applicable law.

II.PERSONAL DATA COLLECTION AND PURPOSES OF USE

Best practice and the effective running of our business require the Bank to collect, use, store, transfer and otherwise process certain Personal Data.

The Bank collects Personal Data that is directly relevant to its business, required to meet its legal obligations, or otherwise permissible to collect under applicable laws. Listed in Appendix A of this Notice are the categories of Personal Data that we collect and the purposes for which we use the data that we collect except where restricted by applicable law. We receive Personal Data from you and from other sources, such as referees and background check providers, and public sources.

We collect and process Personal Data about you: (i) because we are required or permitted to do so by local applicable law, (ii) because such information is necessary to perform any contract between you and the Bank, fulfil your appointment and to facilitate your relationship with the Bank, (iii) because such information is of particular importance to us and we have a specific legitimate interest under law to process it , (iv) where a public interest requires it, (v) where the Personal Data is necessary for the establishment, exercise or defence of legal claims, or (vi) where necessary to protect the vital interests of you or another person.
Where necessary, we obtain your consent for collection and processing of Personal Data.
If you do not provide certain categories of Personal Data, the Bank may not be able to accomplish some of the purposes outlined in this Notice and the issue may need to be escalated to Human Resources and Corporate Secretary to deal with as appropriate.



image.jpg
Page 10 of 16





SENSITIVE PERSONAL DATA

The Bank may collect and process certain special categories of Personal Data (“Sensitive Personal Data”) about Non-Executive Directors where required by applicable law, where necessary for the establishment, exercise or defence of legal claims, or, where necessary, the Non-Executive Director has provided explicit consent. Subject to applicable law, the Bank may process information about:
physical and/or mental health in order to address workplace health, safety and accommodation issues and to monitor absences and fitness for the role
racial or ethnic origin or religious or similar beliefs in order to monitor compliance with equal opportunities legislation
information relating to any criminal proceedings in which you have been involved for insurance purposes and in order to comply with legal requirements and obligations to third parties
biometric data, such as fingerprints and iris scans, for the purposes of electronic identification, authentication and corporate security, at secured Bank premises

PERSONAL DATA ABOUT FAMILY AND DEPENDENTS

If a Non-Executive Director provides the Bank with Personal Data about members of his/her family and/or other dependents (e.g., for emergency contact), it is the Non-Executive Director’s responsibility to inform such individuals of their rights (see Section VII) and to obtain their explicit consent, where necessary, to the processing (including transfer) of that Personal Data as set out in this Notice.

III.COOKIES

Non-essential and essential cookies are collected on some websites and mobile applications that the Bank uses. Please refer to the following policy.

IV.ACCESS BY BANK PERSONNEL

Where permitted by law, access to Personal Data is restricted to those individuals who need such access for the purposes listed in Appendix A, including but not limited to members of the Human Resources Department and to authorised representatives of the Bank’s internal control functions such as Corporate Secretary, Compliance, Chief Administrative Office, Information Security, Corporate Security, Audit and Legal. Access may also be granted on a strict need-to-know basis to others where permitted by law.

V.DISCLOSURE

To the extent permitted by applicable law and as appropriate to achieve the purposes described in this Notice, Personal Data may be disclosed by the Bank as follows:

Given the global nature of the Bank’s activities, the Bank may (subject to applicable law) transmit
for the purposes described in this Notice Personal Data, including Sensitive Personal Data, to other



image.jpg
Page 11 of 16





Bank of America affiliates or operations located in the United States or other jurisdictions where data protection laws may not provide an equivalent level of protection to the laws in the Non- Executive Director’s home jurisdiction. The affiliates belonging to the Bank of America Corporation group are listed at the link below. The listing is available upon request if you do not have access to the internal site: [***]

The Bank may disclose in accordance with applicable law relevant Personal Data to certain third parties in connection with the provision of services to the Bank. Where the processing of Personal Data is delegated to a third party data processor, such as those listed in Appendix A, the Bank will delegate such processing in writing, will choose a data processor that provides sufficient guarantees with respect to technical and organisational security measures, such as data protection and information security requirements, governing the relevant processing and will ensure that the processor acts on the Bank’s behalf and under the Bank’s instructions.

Personal Data also may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of the Bank or any of its subsidiary or affiliated companies. Personal Data also may be released to protect the vital interests of Non-Executive Directors, to protect the legitimate interests of the Bank (unless this would prejudice the rights and freedoms or interests of the Non- Executive Director), or in the Bank’s judgement to comply with applicable legal or regulatory obligations and regulatory inquiries or requests.

VI.SECURITY

The Bank maintains appropriate technical and organisational measures designed to protect against unauthorised or unlawful processing of Personal Data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to Personal Data.

VII.ACCESS, PORTABILITY, RECTIFICATION AND SUPRESSION, LIMITATION AND RESTRICTION OF PROCESSING AND ACCURACY OF PERSONAL DATA

Non-Executive Directors are entitled to access Personal Data held about them (with the exception of any documents that are subject to legal privilege, that provide Personal Data about other individuals such as other directors or any Employees, or that otherwise are not subject to data subject access rights). Any Non-Executive Director who wishes to access his/her Personal Data or (where permitted under applicable law) request portability of their data should contact a member of the Human Resources Department or Corporate Secretary using the contact information set out in Section IX below.

To the extent required by applicable law, Non-Executive Directors have the right to have inaccurate data corrected or removed (at no charge to the Non-Executive Director and at any time) or to limit or restrict processing of their data.



image.jpg
Page 12 of 16





To assist the Bank in maintaining accurate Personal Data, Non-Executive Directors must ensure they provide the Bank with updated Personal Data. In the event that the Bank becomes aware of any inaccuracy in the Personal Data it has recorded, it will correct that inaccuracy at the earliest practical opportunity.

To the extent available under applicable law, Non-Executive Directors may also have the following rights (including but not limited to):
to request a copy of Personal Data held by the Bank (as part of an access request above);
to request further information or complain about the Bank’s practices and processes regarding their Personal Data;
to object to, withdraw consent to, restrict, or request discontinuance of collection, use, disclosure and other processing of their Personal Data as described in this Notice and to request deletion of such Personal Data by the Bank.

For all inquiries, Non-Executive Directors should contact a member of the Human Resources Department or Corporate Secretary using the contact information set out in Section IX below. Under applicable law, in certain circumstances, the Bank may be exempt from or entitled to refuse the above requests or rights. Certain additional terms and conditions may be applicable to process requests or rights, such as requiring communications to be in writing or requiring proof of identity.


VIII.MODALITIES OF THE PROCESSING AND DATA RETENTION

The Bank does not use automated decision making on Non-Executive Director processes.
‘Automated decision-making’ is the process of making a decision by automated means without any
human involvement.

Collection, use, disclosure, transfer and other processing, including storage, of Personal Data may be by electronic or manual means, including by hard-copy or soft-copy documents or other appropriate technology. Personal Data may be stored in a Non-Executive Director’s home jurisdiction and/or other jurisdictions in which the Bank has operations.

The Bank will maintain Personal Data for as long as it is required to do so by applicable law(s) or for as long as necessary for the purpose(s) of use and processing in Section II, whichever is longer. Any maximum storage term set forth by applicable law will prevail. The Bank will delete Personal Data after the applicable retention period.

The criteria used to determine our retention periods include:
As long as we have an ongoing relationship with you;
As required by a legal obligation to which we are subject;
As advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).



image.jpg
Page 13 of 16





IX.QUESTIONS

Should any Non-Executive Director have any questions, concerns or complaints about this Notice, please contact:
For EMEA: Human Resources Service Center by phone at [***] or
[***]
For APAC: [***]

In certain countries, if you have additional queries about the way in which the Bank processes your Personal Data more broadly you may contact the local Data Protection Officer using the following contact details:

EMEA Region[***]
APAC Jurisdictions[***]

You may have the right to lodge a complaint with the Data Protection authority for your country.

X.CHANGES TO THIS NOTICE

Should the Bank substantially modify the manner in which it collects or uses Personal Data, the type of Personal Data it collects or any other aspect of this Notice, it will notify Non-Executive Directors as soon as reasonably possible by reissuing a revised Notice or taking other steps in accordance with applicable laws including obtaining Non-Executive Director consent where required.



image.jpg
Page 14 of 16





EMEA & Hong Kong Acknowledgement of the Notice
I have read the “Non-Executive Director Data Protection Notice” dated January 2018 describing the collection, processing and use of my Personal Data, including Sensitive Personal Data, by the Bank, and the international transfer of my Personal Data to jurisdictions where data protection laws may not provide an equivalent level of protection to the laws of my home jurisdiction) during the course of my appointment as a Non-Executive Director.

Please refer to instructions for how to acknowledge the Notice.

APAC
Consent to the Notice

I have read the “Non-Executive Director Data Protection Notice” dated January 2018 describing the collection, processing and use of my Personal Data, including Sensitive Personal Data, by the Bank, and the international transfer of my Personal Data to jurisdictions where data protection laws may not provide an equivalent level of protection to the laws of my home jurisdiction) during the course of my appointment as a Non-Executive Director. I understand its contents and expressly and voluntarily consent to the application of its terms during the course of my appointment.
I also confirm that I have duly provided my family members and dependents (if any) with all information regarding the processing of their Personal Data and their related rights, as described in the Notice and that I have obtained the explicit consent of those individuals, where necessary, to the processing of their Personal Data.

Please sign below to indicate your consent to the Notice.

Paul M. Donofrio
Name
/s/ Paul M. Donofrio
Signature
23 January 2023
Date







image.jpg
Page 15 of 16





13.    APPENDIX A

The Categories of Personal Data We May Collect, Use, Transfer And Disclose:

Personal Demographic Information: Date and place of birth; gender; name (including birth surname and any other former names); family/marital status
Visa/ Citizenship Details: Passport details; Nationality; Resident details; National ID
Primary Address: Service address; home address and past addresses; telephone and email
Emergency contact details: name, address, telephone number
Appointment and Position Information: Occupation; Appointment Letter; Biography; pre- appointment references; post-appointment references
Payroll: Social insurance number or other tax identifier number; bank account details; tax and social security contributions; payroll payments and deductions and other financial information; Tax forms e.g. P60 (UK)
Expenses administration
Global Mobility: Business travel information (including business visa details and travel logs and itineraries)
Absence Data: Absence details e.g. sickness
Physical Security and Life Safety Data: Swipe card entry data; CCTV; photograph (Security ID Card); Accident and Incident Reporting; Biometrics
Compensation: Compensation information
Education and Training: Academic Record, Professional Qualifications and Memberships; professional training; Bank internal training
Regulatory Data (where applicable): Licenses and certifications; financial regulatory registration
Technical information: Including username and passwords, IP address, domain, browser type, operating system, click-stream data and system logs) and electronic and non-electronic content and documents created or produced by you using Bank systems or in the performance of your role with the Bank
Securities and Stock Trading: Details of outside business activities and directorship(s) (appointments held, external appointments and past appointments)
Sensitive Personal Data: (e.g. physical health, criminal charges/convictions)

The Purposes For Which We May Collect, Use, Transfer And Disclose Personal Data:

Administering and managing the Non-Executive Director relationship, general administration and budgeting
Authentication/identification of Non-Executive Directors (e.g. for help desk)
Information technology and information security support (including firewall monitoring, anti- spam and virus protection, and other monitoring, for example in accordance with the Bank’s regional Cyber Security Monitoring Notices)
Management of internal business operations (including monitoring compliance with Bank policies and procedures, for example in accordance with the Bank’s regional Cyber Security Monitoring Notices)



image.jpg
Page 16 of 16





Complying with applicable government reporting and other local and foreign law requirements (including the requirements of the US Sarbanes-Oxley Act or other applicable internal control regulations and in such areas as immigration, tax or statutory financial regulation) and other legal obligations
Payroll and compensation management, administration and processing
Complying with local or foreign state and/or country specific tax and immigration laws and regulations and payroll reporting, not limited to but including business travel
Training and advice purposes
Defending, preparing for, participating in and responding to potential legal claims, investigations and regulatory inquiries (all as allowed by applicable law)
Managing relationships with third parties (including licensing and registration bodies, legal counsel, stock exchanges, or business counterparties)
Post-Non-Executive Director appointment purposes (for example, providing Non-Executive Director references, and any of the purposes listed above that may be applicable during the post-appointment period).

The Categories Of Unaffiliated Third Parties With Whom We May Share Personal Information
Professional Advisors: Accountants, auditors, lawyers, insurers, bankers, tax advisors and other outside professional advisors in all of the countries in which the Bank operates.
Service Providers: Companies that provide products and services to the Bank in the countries in which the Bank operates, such as payroll, training, expense management, IT systems suppliers and support; reception and security, catering and logistics services providers, translation services, third parties assisting with event organizing and marketing activities, medical or health practitioners, trade bodies and associations, and other service providers.
Public and Governmental Authorities: Entities that regulate or have jurisdiction over the Bank in the countries in which the Bank operates, such as regulatory authorities, law enforcement, public bodies, licensing and registration bodies, judicial bodies and third parties appointed by such authorities.
Parties Related to a Corporate Transaction: A third party in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the Bank’s business, assets or stock (including in connection with any bankruptcy or similar proceedings), e.g., stock exchanges and business counterparties.