Common use of Responsibilities of Client Clause in Contracts

Responsibilities of Client. You are responsible to comply with the following regarding your use of the Data Protection Service: a) You are required to comply with the Card Organization Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (PCI DSS). You must ensure that all third parties and software use by you in connection with your payment processing are compliant with PCI DSS. Use of the Data Protection Service will not, on its own, cause you to be compliant or eliminate your obligations to comply with PCI DSS or any other Card Organization Rule. You must demonstrate and maintain your current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor (QSA) with corresponding Report on Compliance (ROC) or by successful completion of the applicable PCI DSS Self- Assessment Questionnaire (SAQ) or Report on Compliance (ROC), as applicable, and if applicable to your business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with Card Organization Rules and PCI DSS. b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of your point of sale systems or any facility where you process and/or store transaction data (collectively, “Merchant Systems”). c) You must deploy the Data Protection Service (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout your Merchant Systems including replacing existing Card numbers on your Merchant Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. d) You must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. e) If you send or receive batch files containing completed Card transaction information to/from Processor, you must use the service provided by Processor to enable such files to contain only Tokens or truncated information. f) You must use truncated report viewing and data extract creation within reporting tools provided by Processor. g) You are required to follow rules or procedures we may provide to you from time to time related to your use of the Data Protection Service (“Data Protection Rules and Procedures”). We will provide you with advance written notice of any such rules or procedures or changes to such rules or procedures. h) You have no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Addendum assigns or transfers any such right, title or interest to you. You shall not take any action inconsistent with the stated title and ownership in this Addendum. You will not file any action, in any forum that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of this Addendum. We have the right to immediately terminate this Addendum and your access to and use of the Data Protection Service in the event of a challenge by you. No additional rights are granted by implication, estoppel or otherwise. i) You will not: (1) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party;

Responsibilities of Client. You are responsible to comply with the following regarding your use of the Data Protection Service: a) You are required to comply with the Card Organization Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (PCI DSS). You must ensure that all third parties and software use by you in connection with your payment processing are compliant with PCI DSS. Use of the Data Protection Service will not, on its own, cause you to be compliant or eliminate your obligations to comply with PCI DSS or any other Card Organization Rule. You must demonstrate and maintain your current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor (QSA) with corresponding Report on Compliance (ROC) or by successful completion of the applicable PCI DSS Self- Assessment Questionnaire (SAQ) or Report on Compliance (ROC), as applicable, and if applicable to your business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with Card Organization Rules and PCI DSS. b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of your point of sale systems or any facility where you process and/or store transaction data (collectively, “Merchant Systems”). c) You must deploy the Data Protection Service (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout your Merchant Systems including replacing existing Card numbers on your Merchant Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. d) You must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. e) If you send or receive batch files containing completed Card transaction information to/from Processor, you must use the service provided by Processor to enable such files to contain only Tokens or truncated information. f) You must use truncated report viewing and data extract creation within reporting tools provided by Processor. g) You are required to follow rules or procedures we may provide to you from time to time related to your use of the Data Protection Service (“Data Protection Rules and Procedures”). We will provide you with advance written notice of any such rules or procedures or changes to such rules or procedures. h) You have no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Addendum Agreement assigns or transfers any such right, title or interest to you. You shall not take any action inconsistent with the stated title and ownership in this Addendum. You will not file any action, in any forum that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of this AddendumAgreement. We have the right to immediately terminate this Addendum and your access to and use of the Data Protection Service in the event of a challenge by you. No additional rights are granted by implication, estoppel or otherwise. i) You will not: (1) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party;; (2) modify, enhance, translate, supplement, create derivative works from, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or any portion of it; or (3) sell, license or otherwise distribute the Data Protection Service or any portion of it; (4) make any copies, or permit any copying, of the Data Protection Service or any portion of it; or (5) use any portion of the Data Protection Service as a standalone program or in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of Processor or any third party, you will not remove, alter, modify, relocate or erase such notice or legend on such item. j) You will only use the Data Protection Service for your internal business purposes in a manner consistent with this Addendum. k) You will use only unaltered version(s) of the Data Protection Service and will not use, operate or combine the Data Protection Service or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 2. l) You will promptly notify us of a breach of any terms of this Addendum.

Responsibilities of Client. You are responsible to comply with the following regarding your use of the Data Protection Service: a) You are required to comply with the Card Organization Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (PCI DSS). You must ensure that all third parties and software use by you in connection with your payment processing are compliant with PCI DSS. Use of the Data Protection Service will not, on its own, cause you to be compliant or eliminate your obligations to comply with PCI DSS or any other Card Organization Rule. You must demonstrate and maintain your current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor (QSA) with corresponding Report on Compliance (ROC) or by successful completion of the applicable PCI DSS Self- Assessment Questionnaire (SAQ) or Report on Compliance (ROC), as applicable, and if applicable to your business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with Card Organization Rules and PCI DSS. b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of your point of sale systems or any facility where you process and/or store transaction data (collectively, “Merchant Systems”). c) You must deploy the Data Protection Service (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout your Merchant Systems including replacing existing Card numbers on your Merchant Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. d) You must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. e) If you send or receive batch files containing completed Card transaction information to/from Processor, you must use the service provided by Processor to enable such files to contain only Tokens or truncated information. f) You must use truncated report viewing and data extract creation within reporting tools provided by Processor. g) You are required to follow rules or procedures we may provide to you from time to time related to your use of the Data Protection Service (“Data Protection Rules and Procedures”). We will provide you with advance written notice of any such rules or procedures or changes to such rules or procedures. h) You have no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Addendum assigns or transfers any such right, title or interest to you. You shall not take any action inconsistent with the stated title and ownership in this Addendum. You will not file any action, in any forum that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of this Addendum. We have the right to immediately terminate this Addendum and your access to and use of the Data Protection Service in the event of a challenge by you. No additional rights are granted by implication, estoppel or otherwise. i) You will not: (1) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party;; (2) modify, enhance, translate, supplement, create derivative works from, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or any portion of it; or (3) sell, license or otherwise distribute the Data Protection Service or any portion of it; (4) make any copies, or permit any copying, of the Data Protection Service or any portion of it; or (5) use any portion of the Data Protection Service as a standalone program or in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of Processor or any third party, you will not remove, alter, modify, relocate or erase such notice or legend on such item. j) You will only use the Data Protection Service for your internal business purposes in a manner consistent with this Addendum. k) You will use only unaltered version(s) of the Data Protection Service and will not use, operate or combine the Data Protection Service or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 2. l) You will promptly notify us of a breach of any terms of this Addendum.

Responsibilities of Client. You are responsible to comply with the following regarding your use A. Following review of the Data Protection Service: a) You are required to comply with the Card Organization Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards submitted documents (PCI DSS). You must ensure that all third parties see Sections 2.D and software use by you in connection with your payment processing are compliant with PCI DSS. Use of the Data Protection Service will not, on its own, cause you to be compliant or eliminate your obligations to comply with PCI DSS or any other Card Organization Rule. You must demonstrate and maintain your current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor (QSA) with corresponding Report on Compliance (ROC) or by successful completion of the applicable PCI DSS Self- Assessment Questionnaire (SAQ) or Report on Compliance (ROC2.N above), Client will make final determination of suitability of THP documented competencies and experience as applicablepresented by Favorite for the designated assignment. B. Provide orientation which, at minimum, includes the review of policies and procedures regarding medication administration, documentation procedures, patient rights, Infection Prevention, and Fire and Safety, OSHA and EMR/Charting (if applicable to your business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with Card Organization Rules and PCI DSS. b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of your point of sale systems or any facility where you process and/or store transaction data (collectively, “Merchant Systems”applicable). cC. Manage Favorite’s THPs consistent with Client’s own policies and procedures and address any incident consistent with those policies and procedures. Promptly notify (within 24 hours) You must deploy Favorite by written documentation of any unexpected incidents, errors and sentinel events that involve THPs and of any occupational safety hazards or events that involve THPs. X. Xxxxxxxxx Favorite’s policy regarding the Data Protection Service floating of staff whereby THPs are instructed not to accept a floating assignment if they do not have the skills required to perform a competent level of care. E. Assist Favorite with the periodic evaluation (including implementing no less than annually) of THP job performance. Travelers will be evaluated after each assignment. F. If applicable, when advanced practice services are requested (NPs and/or PAs), it is the responsibility of the CLIENT to have an executed copy of the Collaborative Agreement between the advanced practice personnel and the collaborating physician. G. Promptly (within 24 hours) notify Favorite by written documentation of any upgrades unsatisfactory job performance or action taken to terminate the services of a THP due to incompetence, negligence, or misconduct. In such event Client shall only be obligated to compensate Favorite for actual THP time worked. H. Provide at least two hours’ notice of any cancellation of assignment or accept responsibility for payment of two hours of service at the applicable rate for Per Diem shifts. Travelers should not be cancelled unless rescheduled within the same week. I. Timely and accurately approve THP’s time via paper timecards. THP will provide the shift information to Client and Client will review and approve. Once a commercially reasonable period THP’s timecard has been approved it will be submitted to Favorite Healthcare electronically and an email confirmation will be sent to the Supervisor if they choose to receive one. Weekly invoices will include a copy of time after the Supervisor’s approval along with the approval details for each shift. If the Client requires the THP to provide additional information such as nursing notes, narratives, etc., the Client approval acknowledges the receipt of such upgrades) throughout your Merchant Systems including replacing existing Card numbers on your Merchant Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. d) You must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. e) If you send or receive batch files containing completed Card transaction information to/from Processor, you must use the service provided by Processor to enable such files to contain only Tokens or truncated additional information. f) You must use truncated report viewing J. In the event Client finds it necessary to terminate a Traveler’s assignment, for no fault of Favorite or Traveler, the Client shall reimburse Favorite for all contractual obligations for transportation and data extract creation within reporting tools provided by Processorhousing incurred as a result of Favorite’s placement of Traveler with Client. g) You are required K. Remit payment for services directly to follow rules or procedures we may provide to you from time to time related to your use Favorite Healthcare Staffing, Inc. upon receipt of invoice, no later than 45 days. In the event the client questions any amounts invoiced, an explanation of any items in question must be received by Favorite’s Accounts Receivable department within 15 days. This notification must be made by one of the Data Protection Service following means: By telephone: (“Data Protection Rules and Procedures”). We will provide you with advance written notice of any such rules or procedures or changes 800) 676 - 3456 By fax: 000-000-0000 By e-mail: xxxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxx.xxx By U.S. Mail to: Favorite Healthcare Staffing, Inc. Attn.: Accounts Receivable 0000 X. 00xx Xxxx., Xxxxx 000 Xxxxxxxx Xxxx, Xxxxxx 00000 L. Pay interest not to such rules or procedures. h) You have no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Addendum assigns or transfers any such right, title or interest to you. You shall not take any action inconsistent with the stated title and ownership in this Addendum. You will not file any action, in any forum that challenges the ownership exceed 1% per month of the Data Protection Serviceunpaid portion, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of this Addendum. We have the right to immediately terminate this Addendum and your access to and use of the Data Protection Service in the event of a challenge by you. No additional rights are granted by implication, estoppel or otherwise. i) You will not: (1) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party;as allowable under Iowa Code section 8A.514..