THIS DOCUMENT (EVIDENCE OF INSURANCE) IS ISSUED FOR INFORMATION ONLY. IT DOES NOT CONSTITUTE A LEGAL CONTRACT OF INSURANCE. THIS EVIDENCE IS FURNISHED IN ACCORDANCE WITH, AND IN ALL RESPECTS IS SUBJECT TO, THE TERMS OF THE MASTER POLICY. THIS EVIDENCE REPLACES ANY OTHER EVIDENCE PREVIOUSLY ISSUED COVERING THE INSURANCE DESCRIBED HEREIN. This document is to notify you of the insurance with us under a Master Policy issued to the Policyholder as per the master policy number shown in the Schedule. If the Master Policy is terminated, your benefits will also end effective that date. It is the Policyholders obligation to inform You of any termination of the Master Policy. The original Master Policy document may be inspected at the Policyholders offices and a copy is available on request to the Policyholder. The relevant terms of coverage provided under the Master Policy are set out in this document. Please read this document including any exclusions and conditions carefully. Terms that appear in bold face type have special meanings. Please see the definitions section for more information.

Any Insured Event must first be discovered and be reported to Us during the Period of Cover. All Insured Events arising from the same original cause will be considered one Insured Event, starting at the time of the first Insured Event.

MAIN COVER

Subject to the actual loss or Third Party Claim and the applicable Limit of Liability, Deductible, conditions and exclusions We will cover You for:

1. THEFT OF FUNDS

a. We will cover You for the following incidents:

i. Theft of Funds resulting from unauthorised access due to a Cyber Incident or Hacking of Your online bank account, credit/debit card or Mobile Wallets by a Third Party.
ii. Direct and pure financial loss of Your funds resulting from You being an innocent victim of Phishing or Email Spoofing.

The following conditions apply:

i. You report the incident to the issuing bank or mobile wallet company within 48 hours of discovering the Theft of Funds,
ii. You provide written evidence that the issuing bank and/or mobile wallet company is not reimbursing You for the Theft of Funds, and
iii. You report the incident detailing the Theft of Funds to the police within 72 hours of discovery by You and obtain a crime reference number.

b. If You suffer Theft of Funds or direct and pure financial loss from being a victim of Phishing or Email Spoofing, We will cover the reasonable and necessary additional account charges for not keeping the minimum bal-ance in Your account or for failure to pay the monthly loan payment.

c. We will cover the reasonable and necessary legal costs incurred by You to pursue:

i. a claim against Your bank and/or mobile wallet company for compensation of the Theft of Funds,
ii. a criminal case against the Third Party for committing the Theft of Funds, Phishing or Email Spoofing against You.


2. IDENTITY THEFT

Identity Theft happens when a person other than Your partner or immediate family illegally use Your identity document or confidential information relating to Your identity. Identity Theft can result in additional expenses and Lost Income.

a. We will cover the following expenses after an Identity Theft incident if we give Our written consent:

i. Costs to reapply for loan or credit applications which the credit provider rejected due to a bad credit rating.
ii. Costs to certify documents for law enforcement agencies, financial institutions or credit agencies.
iii. Telephone calls and postage to amend Your records and to reflect Your true name or identity.
iv. Credit monitoring with identity theft education and assistance from established providers for up to six months.
v. Costs to reissue the identity document which was used for the Identity Theft.


b. If You become a victim of Identity Theft during the Policy Period, We will cover Your expenses and Lost In-come for time You take off from work to sort out the Identity Theft incident. The following conditions apply:

i. You must report the incident to Us and the Police within 72 hours of discovering the Identity Theft.
ii. You provide a written confirmation from Your employer that the Lost Income will not be reimbursed.


3. DATA RESTORATION / MALWARE DECONTAMINATION

a. We will cover the reasonable and necessary costs:

i. For an Expert to restore Your Data and Software to the closest possible condition it was in immediately pri-or to the Cyber Incident.
ii. For an Expert to decontaminate, clean and restore Your Computer System, Data and Electronic Media af-fected by Malware. Malware is any unauthorised or illegal Software or code designed to cause harm or to gain access to or disrupt Computer Systems.
iii. To replace Your Computer System or parts of it, if the Expert determines that the replacement will be more efficient and economical than restoration. The replacement system shall be of similar quality and specifica-tion as the Computer System to be replaced.

4. CYBER BULLYING, CYBER STALKING AND LOSS OF REPUTATION

a. Cyberbullying and Cyberstalking:
We will cover reasonable costs for Experts to remove online material from the Internet if it relates to Cyberbully-ing or Cyberstalking up to the limit shown in the Policy Schedule. In addition, We will reimburse actual Lost In-come resulting from Cyberbullying or Cyberstalking if it is not covered by Your employer.

Cyberbullying involves bullying over the Internet and can result in Your wrongful termination of employment, false arrest, disciplinary action at a school or shock and mental injury as diagnosed by a medical practitioner. Cyberbullying must include two or more acts of bullying, such as:

• Harassment, including repeated personal interaction despite your rejection
• Intimidation
• Defamation of character
• Invasion of privacy, including unauthorised usage monitoring of Your Internet usage and electronic communication
• Threats of violence


Cyberstalking involves someone that uses electronic devices or the Internet to repeatedly harass or frighten You.

b. Loss of reputation:
We will cover Your Loss of Reputation after someone published private and offensive material about You on the Internet. If You suffered a significant negative impact on Your reputation, We will cover:

i. Lost Income as a result of this incident, if it is not paid by Your employer.
ii. Costs necessary for an Expert to manage and protect Your reputation.

c. Legal costs: We will cover reasonable and necessary costs incurred by You to take legal action against a Third Party for acts of Cyberbullying, Cyberstalking or for information that they publish on the Internet about You.
d. Trauma benefit: If Cyberbullying or Cyberstalking causes emotional trauma, We will pay a fixed benefit amount to assist with trauma counselling as diagnosed by a licensed professional.
e. Additional school costs: We will cover Your expenses up to the limit shown in the Policy Schedule if Your Child is affected by an act of Cyberbullying or Cyberstalking or for information published on the Internet. Cover includes expenses for additional school fees, school uniforms and educational material if a licensed psy-chologist recommends that Your Child needs to be placed in another school.

5. CYBER EXTORTION

a. We will cover any Ransom You pay and any reasonable and necessary costs You incur to resolve a Cyber Extortion incident. The following conditions apply:

i. The Ransom payment must be lawful and subject to Our prior written consent.
ii. You must notify the relevant law enforcement authorities of the Cyber Extortion incident.

6. NETWORK SECURITY LIABILITY (INCLUDING IOT) You can be held legally liable for damages to a Third Party if you failed to prevent a Cyber Incident on Your Computer System or other Internet-connected components.

a. We will cover the following expenses after a Cyber Incident:

i. The amounts which You are legally liable to pay for resultant damages to a Third Parties’ Computer System.
ii. Your Legal Defence Costs.
iii. The reasonable and necessary costs for an Expert to investigate and report to You and Us the reasons and circumstances of the Cyber Incident.

7. PRIVACY AND DATA BREACH LIABILITY

You can be held legally liable for damages to a Third Party when a Data Breach of Personal Data occurs or if You failed to comply with the applicable data protection laws.

a. We will cover the following expenses after a Data Breach incident:

i. The amounts which You are legally liable to pay for a Data Breach relating to Personal Data of a Third Party, or for infringement of applicable data protection laws.
ii. Your Legal Defense Costs.
iii. The reasonable and necessary costs for an Expert to investigate and report to You and Us the reasons and circumstances of the Data Breach.

8. PRIVACY BREACH AND DATA BREACH BY THIRD PARTY

We will cover Your reasonable and necessary legal costs for claims for damages lodged by You against a Third Party for a Data Breach relating to your Personal Data, provided the Third Party has communicated in writing to You or has acknowledged publicly by electronic or print media the Data Breach of your Personal Data.

DEFINITIONS

Aggregate Limit of Liability the amount stated in the Schedule and is the maximum amount We will pay under this Policy during any one Policy Period including any payment by Us to the Incident Response Provider.

Application the application for cover under this Policy and any Policy of which this Policy is a renewal or replacement; including the proposal form and/or any other information submitted in connection with the application, or at any later date.

Child or Children Your financially dependent Child as specified on the Policy Schedule. Your Child must be under the age of 21, or under 25 years (if a full-time student) and can include a biological child, stepchild, grandchild, legally fostered child or adopted child.

Computer Systems information technology and communications systems (including hardware, Infra-structure, Software, or Electronic Media) used to create, store, process or transmit Data. Computer Systems do not include Operational Technology.

Cyber Extortion any credible threat, including a demand for Ransom, by a Third Party to cause an Insured Event on Your Computer System or to end a Cyber Incident caused by that Third Party on Your Computer System.

Cyber Incident any Malicious Act that has a negative impact on Your Computer Systems, including Hacking, Cyber Extortion, Theft of Data or Malware.

Data any digital information, irrespective of how it is used or displayed including text, figures, images, video or Software.

Data Breach a security breach where someone retrieves, destroys, changes, loses or discloses personal data unlawfully from Your Computer System or the Computer System of a Third Party which You have a contract with for hosted computer application services or the processing, maintenance, hosting or storage of Your Data.

Deductible each Deductible as stated in the Schedule. This is the amount payable by You before We make any payment under this Policy.

DoS Attack any Malicious Act causing total or partial disruption or unavailability of Your Computer Systems.

Electronic Media IT devices that are used to record and store digital Data. This includes external drives, CD-ROMs, DVD-ROMs, magnetic tapes or disks and USB sticks.

Email Spoofing the act of forging or falsifying and email header by a third party with malicious intent so that the message appears to have been sent from the legitimate source.

Expert any person or legal entity appointed by or in consultation with Us and/or the Incident Response Provider.

Hacking the gaining of unauthorised access to data in Your system or computer by a third party.

Identity Theft the theft of non-public Personal Data over the Internet, which has resulted or could reasonably result in the wrongful use of such Personal Data.

Incident Response Provider the person or entity stated in the Schedule.

Infrastructure communication equipment or facilities that are used to maintain the functioning of electronic facilities that support Computer Systems and Data.

Insured

a) the Insured as stated in the Schedule.
b) the Insured`s Partner as stated in the Schedule.
c) up to a maximum of 3 of the Insured`s Children as stated in the Schedule.


Insured Event any Theft of Funds, Identity Theft, Cyber Incident, Cyberbullying, Cyberstalking, Loss of Reputation, Cyber Extortion and Third Party Claim.

Internet the worldwide public data network that allows the transmission of Data.

Legal Defense Costs any costs, expenses and/or fees for Experts, investigations, court appearances, surveys, examination and/or procedures that are necessary for Your civil, administrative and/or criminal defense. This does not include Your general expenses (such as salaries and overheads).

Loss of Reputation any evident and significant negative impact to Your reputation as a result of a Third Party posting any untrue content on the Internet.

Limit of Liability the amount stated in the Schedule, including any sub-limit and Aggregate Limit of Liability.

Lost Income actual income lost for the time reasonably and necessarily taken off from work to rectify Your records after an Insured Event. The Lost Income for self-employed persons will be based on the previous year’s tax returns.

Malicious Act any unauthorised or illegal act, intending to cause harm, or to gain access to, or disclose Data from Computer Systems using any Computer System.

Mobile Wallet any virtual mobile wallet you store money in and which you can use to perform transactions. This does not include any crypto-currencies, credit bought or earned within a game or gambling site or a subscription purchased online.

Operational Technology hardware and Software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise, including any technology used to steer or control technical processes, embedded systems or any other industrial IT.

Partner the Insured’s life partner who the Insured has lived with for longer than 12 months, the Insured’s spouse or civil union partner. A maximum of one Partner will be covered under this Policy.

Personal Data information as defined by applicable data protection laws. This data identifies a person, for example a name, identification number, location data including an online identifier or a physical, genetic, mental, economic, cultural or social identity.

Phishing when someone pretends to be a trustworthy entity in electronic communication to obtain sensitive information such as usernames, passwords, and credit card details.

Policy the Schedule and this wording read together as one document.

Policy Period the duration of this Policy as stated in the Schedule, or any earlier cancellation date.

Ransom any funds or property demanded by a Third Party during Cyber Extortion.

Sanction any Sanction, prohibition or restriction under United Nations resolutions or the trade or Sanctions, laws or regulations of the European Union, United Kingdom or United States of America.

Schedule the schedule to this Policy.

Social Media websites and applications that facilitate the creation and sharing of information and participate in social networking activities.

Software is a set of instructions that tell a Computer System what to do or how to per-form a task. You must be in possession of the licence to this software.

Theft of Funds any unauthorised electronic transaction of money or monetary funds.

Third Party any person or legal entity other than the Insured as stated in the Schedule.

Third Party Claim any written demand or claim for compensation or damages by a Third Party against You.

We, Us and Our the Insurer or their agent as stated in the Schedule.

Your Computer Systems Computer Systems owned, leased, licenced or hired and controlled by You.

You and Your the Insured ‘insured`s spouse and¬/or the family members as stated in the Schedule.

What is not covered

The Program will not cover any claim by You arising directly or indirectly from the following:

1. Insured Events or circumstances, which occurred or which You knew could lead to a claim before the start of this Policy;

2. Failure or interruption of Infrastructure or related services not under Your control such as telecommunication, Inter-net service, satellite, cable, electricity, gas or water providers;

3. Acts of terrorism. This exclusion does not apply to cyber terrorism where someone damages, disrupts or accesses Your Computer Systems for religious or political purposes or to influence the government or to put the public in fear;

4. Strike, riot or civil commotion;

5. War, including acts of foreign enemies, hostilities or warlike operations (whether war is declared or not), civil war, invasion, insurrection, rebellion, revolution or military coup; including action taken by government authorities in hindering or defending against any of these;

6. Seizure, confiscation, demand, destruction or damage to Your Computer System, due to the action, requirement or order of any government, regulator, court or other body acting within its lawful authority;

7. Use of illegal or unlicensed Software;

8. Fault, defect, error or omission in design, plan or specification of Your Computer Systems making them unfit for purpose;

9. Any activities carried out by You for business or professional purposes;

10. Any criminal, dishonest, reckless, deliberate or malicious acts by You or members of Your family;

11. Loss of or damage to tangible property and any consequential losses, including the loss of use of tangible property;

12. Any fund transfer or transaction via an Automatic Teller Machine (ATM);

13. Theft of Funds where You are not in possession of Your payment card;

14. Any payment of a claim or provision of any other benefit under this policy if We are prevented from doing so by any Sanction;

15. Failure to comply with the authorised regulator for the use of Personal Data under the data protection laws;

16. Fines, punitive damages or penalties;

17. Investment or trading losses including the inability to sell, transfer or dispose of securities;

18. Scheduled downtime or planned outages of the Computer Systems;

19. Failure to pay for, renew or extend any lease, contract, licence, or order to supply goods or services;

20. Bodily injury, trauma, illness or death;

21. Misappropriation, theft or violation of any intellectual property with respect to patents, trademarks and copyrights;

22. Contractual liability that You accepted by way of a contract with a Third Party. This exclusion does not apply to the Privacy and data breach liability benefit or if your liability is the subject of a non-disclosure agreement;

23. Your failure to remove website or webpage Data controlled by You after receiving a complaint or request from a Third Party;

24. Costs to improve Your Computer System after an Insured Event unless it is unavoidable;


25. Use of Computer Systems which have not:

i. completed development,
ii. passed testing including security assessments, and
iii. proved to be successful in a live environment.

26. Coins, tokens and keys that are lost, misplaced, broken, modified, unavailable, inaccessible or delayed when trading with cryptocurrencies. It includes coins (e.g. Bitcoin, Ethereum, Ripple, IOTA), tokens (e.g. EOS, Nem, Tether) or public and private keys;

27. Loss of funds whereby You were falsely convinced to make an upfront payment in return for payment, goods or ser-vices at a later stage for the greater value.

General conditions

1. Our liability. Cover for the Period of Cover, irrespective of the number of Insured Events will be limited to the Limit of Liability as set out in the Schedule.

2. Representation and Warranty. In providing this cover we have relied upon the statements, representations and in-formation provided to us as being true and accurate. Any misrepresentations which were made with the actual intent to deceive and which materially affect Our acceptance of the risk or the hazard assumed, then We shall not be liable for a loss or claim based upon, arising from, or in consequence of, any such misrepresentation.

3. Subrogation. If any payment is made under this Program, we will be subrogated to the extent of such payment all Your rights of recovery from any Third Party. You must do all that is necessary to secure and must not prejudice any such rights. Any monies recovered will be applied first to any costs and expenses made to obtain the recovery, second to any payments made by Us, and third to any other payments made by You.

4. Other Insurance. If You have another insurance policy for the same Insured Event this Program will apply in excess of this other policy and will not contribute with this cover towards any loss insured under such other insurance policy.

5. Assignment. You must not assign any legal rights or interests in this Program without Our prior written consent.

6. Variations. Variations to this Program must be agreed by the parties in writing.

7. Laws or regulations. If any provision of this Program conflicts with the laws or regulations of the Republic of South Africa, this Program must be varied by the parties to comply with such laws or regulations.

8. Severability. Any unenforceable provision of this Program will not affect any other provisions and, if practicable, will be replaced with an enforceable provision with the same or similar intent as that unenforceable provision.

9. Third Party rights. No Third Party who is not a party to this Program shall have any right to enforce any part of this Program.

10. Law and jurisdiction. This Program will be governed by the laws of South Africa. Only South African courts will have jurisdiction for any dispute that cannot be resolved by mediation or arbitration.

HOW TO MAKE A CLAIM

1. Reporting.
You must report as soon as possible or in any event within 30 days:

a. to Us of any Third Party Claim.
b. to the Incident Response Provider and Us of any actual Insured Event, Data Breach, Cyber Incident or Cyber Extortion which may give rise to a claim under this Policy.

2. Your obligations.

You must:

a. provide Us with evidence demonstrating the Insured Event and describe the likely consequences;
b. take all reasonable and necessary measures to minimise the duration and effect of any Insured Event;
c. do and permit practical actions to be performed to establish the cause and extent of the Insured Event;
d. preserve any hardware, Software and Data and make these available to Us or the Incident Response Provider;
e. comply with any reasonable recommendations made by Us, the Expert or the Incident Response Provider.


3. Claims against You.

You must not, without Our prior written consent, admit liability for, pay, settle or prejudice any Third Party Claim. You must assist Us in investigating, defending and settling the Third Party Claim, and assist any lawyer or other Expert We appoint on Your behalf to defend the Third Party Claim.

4. Co-operation. If We request, You must, at Our expense:

a. co-operate with and assist Us when required including providing information and securing the co-operation and attendance in court of witnesses;
b. enforce any legal rights You or We may have against any Third Party who may be liable to You for a Cyber In-cident, including giving Us authority to bring court proceedings in Your name against a Third Party and to settle those proceedings;
c. provide any documents that We require to secure Our rights under this Policy.

THE PRIVACY OF YOUR PERSONAL INFORMATION

We care about the privacy, security and online safety of Your personal information and We take Our responsibility to protect this information very seriously. Below is a summary of how We deal with Your personal information. For a more detailed explanation, please read Our official Privacy Notice on Our website.

• Processing your personal information: We have to collect and process some of Your personal information in order to provide You with Our products and services, and also as required by insurance, tax and other legislation.

• Sharing your personal information: We will share Your personal information with other insurers, industry bodies, credit agencies and service providers. We do this to assess claims, prevent fraud and to conduct surveys.

• Protecting your personal information: We take every reasonable precaution to protect Your personal information (including information about Your activities) from theft, unauthorised access and disruption of services.

• Receiving marketing from us: Please contact Us if You want to change Your marketing preferences. Remember that even if You choose not to receive marketing from Us, We will still send you communications about this product.