Last Update: October 7, 2024 Read in Indonesian (PDF)
This Privacy Notice explains how Bank of America (under legal entity Bank of America, N.A.) collects, uses, shares and protects personal data for distribution of market research, financial, and ESG materials, press releases, and SEC filings, as well as general interaction with the media and investors.
This Privacy Notice is in addition to other privacy notices related to products and services that the bank provides to clients and individuals.
Personal Data is information that identifies or relates to an identifiable individual. Please refer to Appendix A to see the Personal Data we may collect in relation to the distribution of market research, financial, and ESG materials, press releases, and SEC filings, as well as general interaction with the media and investors.
You provide Personal Data to us in order to receive market research, financial, and ESG materials, press releases, and SEC filings. We also receive Personal Data from third party service providers or obtain it through public sources where you have made it available for us to interact with members of the media. Please refer to Appendix A for additional information.
To the extent permitted by applicable law and as appropriate to achieve the purposes described in this Notice, Personal Data may be disclosed by the Company as follows:
Given the global nature of the Company’s activities, the Company may (subject to applicable law) transmit Personal Data, to other Bank of America affiliates or operations located in other jurisdictions, including the United States or other jurisdictions where data protection laws may not provide an equivalent level of protection to the laws in the media or investor contact’s home jurisdiction.
The Company may disclose in accordance with applicable law relevant Personal Data to certain third parties in connection with the provision of services to the Company. Where the processing of Personal Data is delegated to a third party data processor, such as those listed in Appendix A, the Company will delegate such processing in writing, will choose a data processor that provides sufficient guarantees with respect to technical and organizational security measures, such as data protection and information security requirements, governing the relevant processing and will ensure that the processor acts on the Company’s behalf and under the Company’s instructions.
Personal Data also may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of the Company or any of its subsidiary or affiliated companies. Personal Data also may be released, to protect the legitimate interests of the Company (unless this would prejudice the rights and freedoms or interests of the media or investor contact), or in the Company’s judgement to comply with applicable legal or regulatory obligations and regulatory inquiries or requests subject to local law.
The Company does not use automated decision making on media and investor contacts’ process.
The Company maintains appropriate technical and organizational measures designed to protect against unauthorized or unlawful processing of Personal Data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to Personal Data.
We will retain Personal Data for as long as it is needed or permitted in light of the purposes for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you, (ii) whether there is a legal claim or complaint to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations, or a preservation order, subpoena or search warrant).
The appropriate retention period is determined on a case-by-case basis and will depend upon the length of time we need to keep your Personal Data for the purpose(s) for which it was collected. For instance, we may need to retain your Personal Data to provide our client(s) with services, to comply with a legal obligation to which we are subject or in situations where retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). The retention period may vary between jurisdictions.
We keep information collected using Cookies in accordance with the Cookie Policy (PDF).
We do not solicit individuals under the age of eighteen (18) and we do not knowingly collect Personal Data from individuals under 18.
To the extent permitted by applicable laws and regulations or otherwise allowed by regulators, Personal Data may be stored and processed in any country/territory where we have facilities or in which we engage service providers, including the United States. In certain circumstances, subject to applicable laws, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries/territories may be entitled to access Personal Data.
Where local data protection law requires it we have put in place adequate measures, such as data transfer agreements. Where permitted by applicable laws and regulations or otherwise allowed by regulators, transfers may also be made pursuant to contracts in your interest or at your request.
Given the global nature of the Company’s activities, the Company may transfer your Personal Data to countries located outside of the European Economic Area (“EEA”), the UK or Switzerland. With regards to transfers from the EEA, UK or Switzerland to other countries, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your information. Where necessary we added the UK SCC addendum (for transfers from UK) and/or additional clauses for Switzerland (for transfers from Switzerland). Media and investor contacts in the EEA, UK or Switzerland may obtain a copy of these measures by going to:
https://commission.europa.eu/law/law-topic/data-protection_en
Where countries are considered adequate by the EU, UK and Switzerland respectively, we rely on this adequacy decision as a safeguard. Countries that are subject to an adequacy decision can be found on the links below.
Individuals may also file a complaint with a supervisory authority competent for their relevant country or region. A list of data protection authorities in the EEA is available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. The data protection authority in the UK is the Information Commissioners Office (the ICO) and in Switzerland it’s the Federal Data Protection and Information Commissioner (FDPIC).
We may change this Privacy Notice from time to time. The “LAST UPDATED” legend at the top of the Privacy Notice indicates when it was last revised. Any changes will become effective when we post the revised Privacy Notice and will apply to the use of market research, financial, and ESG materials, press releases, and SEC filings, as well as general interaction with the media and investors.
Keeping your Personal Information accurate and up to date is very important. If your Personal Information is incomplete, inaccurate, or not current, you may be able to make changes to your information directly in the platforms. You can also notify us of the need for changes in accordance with the “Contacting Us” section below. Depending on the jurisdiction, you may have legal rights under applicable laws which may be subject to limitations and/or restrictions. For further details of which rights you may have, please see the “individual rights” section in your local privacy notice available at Global Privacy Notices (bofa.com). These rights may include:
To make a request or inquire about such rights, please send an email to the appropriate address from the “Contacting Us” section below and include “Attn: Privacy” in the subject line. In your request or complaint, please make clear what information you are inquiring about, as well as the nature of your request (such as whether you would like to access or correct the data) or details of your complaint. For your protection, we may implement requests with respect to only the information associated with the email address you use to send us your request or other agreed-upon identifier, and we may need to verify your identity before implementing your request.
Please note that we may need to retain certain Personal Information for recordkeeping purposes or where required by applicable law. There may also be residual information that will remain within our databases, backups, and other records that cannot be removed.
Should you have any questions, concerns or complaints about this Notice, please contact the Data Protection Officer using the contact details below.
Individuals may also file a complaint with a supervisory authority for their relevant country or region.
The table below contains the purpose for which we may process your personal data, the types of processing activities that may take place and the category of personal information that would be used for such processing as well as the legal basis for the processing.
| Purpose | Examples of Processing Activities | Personal Information Categories | Legal Basis |
|---|---|---|---|
Media and investor relations |
|
|
Consent
|
The Categories of Unaffiliated Third Parties with whom we may share personal information.
| Categories of third parties | Personal Data | Purpose of processing your Personal Data | Destination Countries |
|---|---|---|---|
Media and investor relations Vendors |
|
For use in providing market research, financial, and ESG materials, press releases, and SEC filings, or engaging with media and investor contacts | Globally where we have a presence Bank of America Locations |
Last Update: October 7, 2024 Read in Indonesian (PDF)
This Privacy Notice explains how Bank of America (under legal entity Bank of America, N.A.) collects, uses, shares and protects personal data for distribution of market research, financial, and ESG materials, press releases, and SEC filings, as well as general interaction with the media and investors.
This Privacy Notice is in addition to other privacy notices related to products and services that the bank provides to clients and individuals.
Personal Data is information that identifies or relates to an identifiable individual. Please refer to Appendix A to see the Personal Data we may collect in relation to the distribution of market research, financial, and ESG materials, press releases, and SEC filings, as well as general interaction with the media and investors.
You provide Personal Data to us in order to receive market research, financial, and ESG materials, press releases, and SEC filings. We also receive Personal Data from third party service providers or obtain it through public sources where you have made it available for us to interact with members of the media. Please refer to Appendix A for additional information.
To the extent permitted by applicable law and as appropriate to achieve the purposes described in this Notice, Personal Data may be disclosed by the Company as follows:
Given the global nature of the Company’s activities, the Company may (subject to applicable law) transmit Personal Data, to other Bank of America affiliates or operations located in other jurisdictions, including the United States or other jurisdictions where data protection laws may not provide an equivalent level of protection to the laws in the media or investor contact’s home jurisdiction.
The Company may disclose in accordance with applicable law relevant Personal Data to certain third parties in connection with the provision of services to the Company. Where the processing of Personal Data is delegated to a third party data processor, such as those listed in Appendix A, the Company will delegate such processing in writing, will choose a data processor that provides sufficient guarantees with respect to technical and organizational security measures, such as data protection and information security requirements, governing the relevant processing and will ensure that the processor acts on the Company’s behalf and under the Company’s instructions.
Personal Data also may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of the Company or any of its subsidiary or affiliated companies. Personal Data also may be released, to protect the legitimate interests of the Company (unless this would prejudice the rights and freedoms or interests of the media or investor contact), or in the Company’s judgement to comply with applicable legal or regulatory obligations and regulatory inquiries or requests subject to local law.
The Company does not use automated decision making on media and investor contacts’ process.
The Company maintains appropriate technical and organizational measures designed to protect against unauthorized or unlawful processing of Personal Data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to Personal Data.
We will retain Personal Data for as long as it is needed or permitted in light of the purposes for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you, (ii) whether there is a legal claim or complaint to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations, or a preservation order, subpoena or search warrant).
The appropriate retention period is determined on a case-by-case basis and will depend upon the length of time we need to keep your Personal Data for the purpose(s) for which it was collected. For instance, we may need to retain your Personal Data to provide our client(s) with services, to comply with a legal obligation to which we are subject or in situations where retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). The retention period may vary between jurisdictions.
We keep information collected using Cookies in accordance with the Cookie Policy (PDF).
We do not solicit individuals under the age of eighteen (18) and we do not knowingly collect Personal Data from individuals under 18.
To the extent permitted by applicable laws and regulations or otherwise allowed by regulators, Personal Data may be stored and processed in any country/territory where we have facilities or in which we engage service providers, including the United States. In certain circumstances, subject to applicable laws, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries/territories may be entitled to access Personal Data.
Where local data protection law requires it we have put in place adequate measures, such as data transfer agreements. Where permitted by applicable laws and regulations or otherwise allowed by regulators, transfers may also be made pursuant to contracts in your interest or at your request.
Given the global nature of the Company’s activities, the Company may transfer your Personal Data to countries located outside of the European Economic Area (“EEA”), the UK or Switzerland. With regards to transfers from the EEA, UK or Switzerland to other countries, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your information. Where necessary we added the UK SCC addendum (for transfers from UK) and/or additional clauses for Switzerland (for transfers from Switzerland). Media and investor contacts in the EEA, UK or Switzerland may obtain a copy of these measures by going to:
https://commission.europa.eu/law/law-topic/data-protection_en
Where countries are considered adequate by the EU, UK and Switzerland respectively, we rely on this adequacy decision as a safeguard. Countries that are subject to an adequacy decision can be found on the links below.
Individuals may also file a complaint with a supervisory authority competent for their relevant country or region. A list of data protection authorities in the EEA is available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. The data protection authority in the UK is the Information Commissioners Office (the ICO) and in Switzerland it’s the Federal Data Protection and Information Commissioner (FDPIC).
We may change this Privacy Notice from time to time. The “LAST UPDATED” legend at the top of the Privacy Notice indicates when it was last revised. Any changes will become effective when we post the revised Privacy Notice and will apply to the use of market research, financial, and ESG materials, press releases, and SEC filings, as well as general interaction with the media and investors.
Keeping your Personal Information accurate and up to date is very important. If your Personal Information is incomplete, inaccurate, or not current, you may be able to make changes to your information directly in the platforms. You can also notify us of the need for changes in accordance with the “Contacting Us” section below. Depending on the jurisdiction, you may have legal rights under applicable laws which may be subject to limitations and/or restrictions. For further details of which rights you may have, please see the “individual rights” section in your local privacy notice available at Global Privacy Notices (bofa.com). These rights may include:
To make a request or inquire about such rights, please send an email to the appropriate address from the “Contacting Us” section below and include “Attn: Privacy” in the subject line. In your request or complaint, please make clear what information you are inquiring about, as well as the nature of your request (such as whether you would like to access or correct the data) or details of your complaint. For your protection, we may implement requests with respect to only the information associated with the email address you use to send us your request or other agreed-upon identifier, and we may need to verify your identity before implementing your request.
Please note that we may need to retain certain Personal Information for recordkeeping purposes or where required by applicable law. There may also be residual information that will remain within our databases, backups, and other records that cannot be removed.
Should you have any questions, concerns or complaints about this Notice, please contact the Data Protection Officer using the contact details below.
Individuals may also file a complaint with a supervisory authority for their relevant country or region.
The table below contains the purpose for which we may process your personal data, the types of processing activities that may take place and the category of personal information that would be used for such processing as well as the legal basis for the processing.
| Purpose | Examples of Processing Activities | Personal Information Categories | Legal Basis |
|---|---|---|---|
Media and investor relations |
|
|
Consent
|
The Categories of Unaffiliated Third Parties with whom we may share personal information.
| Categories of third parties | Personal Data | Purpose of processing your Personal Data | Destination Countries |
|---|---|---|---|
Media and investor relations Vendors |
|
For use in providing market research, financial, and ESG materials, press releases, and SEC filings, or engaging with media and investor contacts | Globally where we have a presence Bank of America Locations |
.jpg/_jcr_content/renditions/original){kind=logo}
