JOINT MARKETING AGREEMENT
Exhibit 10.2
***CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION.
CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTION.
This Joint Marketing Agreement (“Agreement”) is effective as of the 11th day of May 2009
(“Effective Date”), by and between XxxxxxxxXxxxxxXxxxxx.xxx, L.L.C. (“NCRC”), with its principal
place of business at 0000 Xxxxx Xxxxxxxx Xxx, Xxxxx 000 Xxxxxx Xxxxx, XX 00000 and First Advantage
Membership Services, Inc. (“FAMS”) with its principle place of business at 00000 Xxxxx Xxxxxxxx
Xxx, Xxxxx, XX 00000. In consideration of the mutual agreements of the parties herein and the
benefits each expects to derive hereunder, the parties agree as follows:
MARKETING, FAMS REPORTS, AND RELATED MATTERS
1.1 FAMS Reports and Marketing Activities. NCRC will market FAMS’s consumer reports, credit
reporting monitoring services and credit scores (together, “FAMS Reports”) as part of NCRC’s
products and services (the “Services”) directly to consumers who are the subjects of such reports
(“Consumer Users”). The FAMS Reports will be provided directly by First Advantage Credco
(“Credco”), and an affiliate of FAMS that is a consumer reporting agency. If NCRC’s web site is
used as a mechanism for placing orders for FAMS Reports, NCRC agrees to comply with the
requirements set forth in Exhibit A-1, attached hereto and incorporated herein by reference. NCRC
may not market or place orders for, FAMS Reports through any third party website unless FAMS first
agrees in writing in each specific case.
NCRC will market the FAMS Reports pursuant to methods agreed upon in writing by NCRC and FAMS.
NCRC will provide FAMS the opportunity to review and approve all marketing materials in connection
with FAMS Reports proposed to be used by NCRC (including all material changes to materials
previously approved by FAMS) at least three (3) business days prior to use, publication, or
release, and will make any changes requested by FAMS. FAMS will not unreasonably withhold
approval. NCRC shall bear all marketing costs and expenses of all marketing of FAMS Reports.
1.2 Format of FAMS Reports. FAMS Reports will be provided in an HTML format. NCRC agrees
to publish the Credit Report Acceptance of Terms (Exhibit A-2) on their web site related to the
ordering of FAMS Reports.
1.3 Restriction on Use of FAMS Reports. FAMS Reports will be provided to Consumer Users
solely for their personal use. Consumer Users must give written instructions for FAMS/CREDCO to
provide FAMS Reports as part of NCRC’s products and services they have ordered (“Consumer User
Instructions”). If the Consumer User Instructions are given in electronic format, the electronic
authorization must (a) comply with the requirements set forth in Exhibit A-3, attached hereto, and
incorporated herein by reference, be in a form that (b) be capable of being retained for later
reference, (c) clearly evidence Consumers User’s instructions to obtain the FAMS Report, and (d)
comply with all applicable federal and state laws and regulations. NCRC shall retain copies of all
Consumer User Instructions for at least five (5) years, and FAMS, at its own expense, shall have
the right, during normal business hours and with reasonable prior written notice, to audit and make
copies of such instructions. Within seven (7) business days after receipt of FAMS’s written
request, NCRC shall promptly provide FAMS samples of the Consumer User Instructions or specific
Consumer User Instructions, as specified by FAMS. Prior to destroying any Consumer User
Instructions, NCRC shall notify FAMS of its intent to take such action and, if requested by FAMS,
shall deliver such instructions to FAMS, at FAMS’s expense. NCRC agrees to (a) implement
sufficient procedures and controls to assure that FAMS Reports are ordered only by the subject of
the report and to take reasonable steps to detect and prevent fraud in connection with such orders,
(b) accurately provide FAMS with the Consumer User identifying information as received by NCRC, and
(c) assure the accuracy of such identifying information.
1.4 Compliance. NCRC agrees to adhere to the requirements mandated by the national credit
repositories (Experian, Equifax and Trans Union, hereinafter referred to as the “Repository(s)”)
including any new requirements that are mandated by the Repositories, in connection with the FAMS
Reports. NCRC also agrees to adhere to all applicable regulatory requirements. NCRC agrees to
respond to any written objection pertaining to NCRC controllable issues from any Repository
relating, but not limited to the marketing, publication, release, use or sale of FAMS Reports.
NCRC shall make such response directly to FAMS and NCRC will, in good faith, make every reasonable
effort to assist FAMS to get the objecting Repository to agree to waive the objection, or NCRC will
change what is objected to in order to comply with Repository requirements. If NCRC is unable to
change what is objected by the Repository(s), then this Agreement will terminate immediately. In no
event will FAMS have any obligation to provide any FAMS Reports if FAMS determines, under advice of
independent counsel and having given NCRC a reasonable notice to cure (not to exceed thirty (30)
days), that providing such report may cause FAMS or CREDCO to violate the Fair Credit Reporting Act
or any other applicable law or require FAMS or CREDCO to violate any of their agreements with the
Repositories.
1.5 Site Availability. FAMS shall maintain its own system that accesses FAMS Reports for
delivery to Consumer Users. This system processes FAMS Report orders and delivers them to the
Consumer User. NCRC shall be responsible for displaying the FAMS Reports for Consumers Users as
defined in Exhibit A-2. NCRC shall be solely responsible for maintaining its systems, interface
and web site in order for NCRC to comply with the provisions of this Agreement. FAMS shall
maintain its system such that it is available 24/7/365. FAMS may schedule up to 8 hours of
maintenance per month. For planned maintenance events that exceed 8 hours, notice will be sent to
NCRC with one weeks advance notice. FAMS and NCRC will provide to each other technical support
contacts defined as personnel available 24/7 to correct any site availability issues.
(a) Business Continuity.
1. FAMS shall maintain and adequately support a business continuity program that ensures the
operational levels set forth and, in the event of an interruption, the recovery of all
functions necessary to meet FAMS’s obligations under this Agreement, in accordance with the
business continuity standards. Such business continuity program must be in place on the
Effective Date.
2. FAMS shall provide a summary of such business continuity program to NCRC within two (2)
business days of the Effective Date and upon request. NCRC shall have the right to require
FAMS, at least once every six (6) months during the Term, to meet with NCRC to review, or to
assess in writing, the continuing adequacy of the business continuity plan and FAMS’s
compliance with the terms of this agreement.
(b) Incident Response and Reporting.
1. No later than 24 business hours after detection, FAMS will notify NCRC of any actual or
potential security intrusion or violation that will or could affect NCRC Confidential
Information, including without limitation, customer data and financial data. This
notification includes any complaint or report FAMS receives from a third party (such as
NCRC’s customers), but excludes a detailed description of FAMS’s development, review and
testing procedures. In FAMS’s notification, it will report on the nature of the incident,
estimated impact on NCRC and investigative action taken or planned. Incidents include,
without limitation, violations or potential violations of a federal or state law, including,
without limitation, the Bank Secrecy Act.
2. FAMS shall provide NCRC with an incident status report every 2 hours or within a timeframe
mutually agreed upon by the parties until both parties agree that a status report is no
longer necessary.
3. Within three (3) business days after the initial incident report, FAMS will provide NCRC
with a written updated report that summarizes the results of the investigative action and
corrective/remedial action taken.
4. Upon completion of the investigation, FAMS will provide NCRC with a final written report
that gives a full accounting of the extent of the security intrusion or security violation,
including, without limitation, a description of NCRC Confidential Information disclosed,
destroyed, compromised, or altered; specific corrective/remedial action taken.
5. NCRC reserves the right to disconnect the FAMS service if unauthorized access is
discovered. FAMS reserves reciprocal rights. This does not however, relieve FAMS of its
commitment to deliver on its service obligations which may be unaffected by this loss in
connection. Such unaffected service requirements will have to be met by alternate methods of
servicing until the inappropriate access can be investigated and resolved to the satisfaction
of NCRC.
1.6 Customer Service. FAMS shall maintain a customer service center staffed with
trained personnel sufficient to handle phone, e-mail and mailed customer inquiries (“FAMS Customer
Services”). Subject to the provisions set forth in Exhibit C, FAMS agrees to maintain such
staffing to meet the service level standards set forth in Exhibit B.
1.7 Manner of Providing FAMS Reports. FAMS will provide FAMS Reports for inclusion in the
Services as follows: NCRC shall transmit Consumer User orders obtained by it for FAMS Reports by
providing FAMS with an electronically readable transmitted file specifying the number of
Repositories to be used in the FAMS Report, the type of FAMS Report and the number of each type,
and the individual Consumer Users’ respective names, addresses (current address is required and
previous address, if available), dates of birth, social security numbers, and other agreed upon
identifying information (together, “Identification Information”).
-2-
1.8 Authentication. FAMS shall provide Experian’s L3 (“L3”) authentication process or
other process to authenticate a Consumer User’s identity. If such authentication fails, FAMS shall
attempt to manually authenticate Consumer User’s via telephone. Consumer Users who cannot be
authenticated will not be able to receive FAMS Reports. FAMS will deliver the required FAMS
Reports on Consumer Users who have been authenticated.
1.9 Fulfillment Procedures. As set forth in section 1.8 above, NCRC will get FAMS
Reports that fail online authentication via a post back to a specified NCRC URL. NCRC may send a
FAMS Report directly to the Consumer User by First Class US mail (“exception fulfillment”) where a
Consumer User claims that he or she did not receive such Report, where orders for such report are
not delivered online due to consumer request for delivery via the mail. NCRC will incur the costs
of buying the FAMS Report, printing it, and mailing it to the Consumer User.
1.10 Billing and Volume. Not later than 15 business days after the end of each calendar
month, FAMS shall provide NCRC a monthly cumulative report detailing billing and volume and will
note core Ids (client provided unique identification numbers for each FAMS Report request) on the
invoices. Additional reporting frequencies may be delivered at NCRC’s request as mutually agreed
upon by FAMS Client Relations team.
1.11 Related Matters. NCRC shall pay to FAMS a per FAMS Report fee as specified in Exhibit
“C,” attached hereto, and incorporated herein by reference, to support the costs of dedicated
inbound toll free telephone lines provided by FAMS for service to Consumer Users for calls related
to FAMS Reports ordered and delivered under this Agreement. NCRC shall disclose to Consumer Users
in such manner and form as agreed upon in writing by the parties that (a) CREDCO is the consumer
reporting agency that is providing the CREDCO Credit Reports to the Consumer Users, (b) under the
Fair Credit Reporting Act, as amended (“FCRA”) and applicable state laws, Consumer Users may have
the right to obtain a copy of their credit files at the Bureaus without charge as defined by the
FCRA or for a nominal charge. To the extent required under applicable law, FAMS will participate in
the reinvestigation process to the extent required by applicable law for Consumer User disputes
regarding information in their FAMS Report, and, where applicable, provide disclosures to Consumer
Users. Periodically, FAMS may, together with one or more Repositories or separately, on seven (7)
days’ prior written notice to NCRC, at its own expense, conduct reasonable on-site audits during
normal business hours of NCRC in order to monitor its compliance with the terms of this Agreement.
FAMS shall take commercially reasonable steps necessary to avoid any material disruption to NCRC’s
business during the audit. Notwithstanding anything in the foregoing to the contrary, the scope of
the audit shall exclude technical and competitive business plans, forecasts, and other business or
technical related information, including trade secrets, belonging to NCRC, as well as any other
information that is not strictly necessary for FAMS to determine NCRC’ compliance with the terms of
this Agreement.
1.12 Representations, Warranties, and Covenants. Each party represents, warrants, and
covenants to the other party that throughout the term of this Agreement, its performance shall
comply with all relevant federal, state, and local laws and regulations applicable to such party,
including, but not limited to, the FCRA and applicable state laws. Without limiting the generality
of the foregoing, each party agrees that during the term of this Agreement, it will use all
“nonpublic personal information” it obtains on Consumer Users in connection with this Agreement
solely to perform its respective duties and obligations under this Agreement, it will not use any
such information contrary to the requirements of the Xxxxx-Xxxxx-Xxxxxx Act and the regulations of
the Federal Trade Commission there under (together, “G-L-B Act”), and it will otherwise comply with
all applicable requirements under the G-L-B-Act in connection with such information and the
Consumer Users to whom such information relates. NCRC and FAMS agree to comply with the foregoing.
2
TERM and TERMINATION
TERM and TERMINATION
2.1 Term. The initial term of this Agreement shall be for a two year term commencing on the
Effective Date. Thereafter, this Agreement shall automatically renew for successive one-year terms
unless either party gives the other party written notice of its intent to terminate this Agreement
at least sixty (60) days prior to the expiration of the then current term, in which event, this
Agreement shall terminate at the end of such term. In addition, FAMS can terminate this Agreement,
without penalty, effective upon written notice to NCRC if NCRC does not pay FAMS a *** in FAMS
Charges (defined below) for FAMS Reports (Credit Reports and monitoring). FAMS may also terminate
this Agreement immediately, without penalty, if required to do so by any Repository; FAMS will
provide NCRC as much advance notice as possible.
2.2 Termination for Cause. Either party may terminate this Agreement prior to the end of
the then current term in the event that the other party has materially breached a representation,
warranty, covenant, or other agreement hereunder and has not cured such breach within thirty (30)
days after its receipt of written notification by the other party of the breach and its intent to
terminate. In addition, FAMS may terminate this Agreement effective on seven (7) days prior
written notice to NCRC, in the event NCRC has breached any of its obligations with respect to the
use of FAMS Reports and the protection of the privacy of such information and NCRC has not cured
such breach within such seven (7) day period. Termination of this Agreement for cause shall not
impair any other rights or remedies available to the terminating party with respect to the breach
that gave rise to such termination.
2.3 Effect of Termination. At the termination of this Agreement, FAMS will have no further
obligation to provide any new FAMS Reports.
***CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION.
CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTION.
-3-
3
PAYMENT FOR FAMS REPORTS; COLLECTIONS
PAYMENT FOR FAMS REPORTS; COLLECTIONS
3.1 FAMS Charges; Collections. FAMS shall be entitled to receive from NCRC the amounts set
forth in Exhibit “C” (“FAMS Charges”). NCRC’s obligation to pay the FAMS Charges is absolute and
unconditional, and is payable irrespective of the prices paid by Consumer Users for FAMS Reports or
actual collections by NCRC. NCRC shall be solely responsible, for collecting payment for the FAMS
Reports from Consumer Users, and NCRC shall bear the sole risk of nonpayment. NCRC shall
indemnify, defend, and hold harmless FAMS from any losses, costs, expenses (including, without
limitation, reasonable attorney fees, costs of litigation, and costs of enforcing judgment),
liabilities, penalties, claims, and damages (together, “Damages”) incurred by FAMS in connection
with NCRC’s collection activities.
3.2 Payment Terms. NCRC agrees that it will remit the FAMS Charges to FAMS within 30 days
after receipt of the invoice for the FAMS Charges.
3.3 Effect of Price Changes. If, during the term of this Agreement, FAMS’s cost of
providing FAMS Reports increases as a result of increased fees from any or all of the Repositories,
or the imposition of new state/federal requirements that increase FAMS’s cost of selling FAMS
Reports to Consumer Users in such states, FAMS may increase the FAMS Charges set forth in Exhibit
“C”, to cover the Repository(s) price increase plus an amount to maintain FAMS’s existing profit
margin percentage on consumer reports. FAMS shall provide NCRC with as much notice as practicable
under the circumstances of any such price increase, and the price increase will be effective after
thirty (30) days written notice to NCRC. In the event FAMS imposes such increase, NCRC may
terminate this Agreement, without penalty, by written notice to FAMS at any time prior to the
effective date of the increase.
3.4 Sales Tax. The prices set forth in Exhibit C do not include sales, use, or
excise taxes, or any other taxes or fees assessed by any state or local authority in connection
with the sale of FAMS Reports to Consumer Users (collectively, “Sales Taxes”), and Sales Taxes
shall be charged separately. If applicable, NCRC shall disclose to Consumer Users that Sales Taxes
will be charged and the amount thereof. NCRC shall be solely responsible for collecting, as FAMS’s
agent, all Sales Taxes due in connection with sales of FAMS Reports to Consumer Users and
remitting, when due, to the appropriate governmental authorities, all such Sales Taxes. NCRC
agrees to provide FAMS with evidence of all Sales Tax payments to governmental authorities
concurrently with payment, and will permit FAMS to audit its books and records on reasonable notice
to verify that all required Sales Taxes have been properly paid. NCRC shall indemnify, defend, and
hold harmless FAMS for any and all such Sales Taxes and any Damages incurred by FAMS in connection
with NCRC’s failure to properly collect and deliver to the appropriate government authorities on a
timely basis all required Sales Taxes.
4
CONFIDENTIAL AND OTHER PROTECTED INFORMATION
CONFIDENTIAL AND OTHER PROTECTED INFORMATION
4.1 Each party acknowledges that the other party owns all rights to “Confidential
Information” that may be disclosed from time to time by the owning party (“Disclosing Party”) to
the other party (“Receiving Party”). “Confidential Information” means all trade secrets and other
nonpublic proprietary information that the Disclosing Party has identified to the Receiving Party
as such prior to disclosure or promptly thereafter if such disclosure is oral. The Receiving Party
agrees to use the Disclosing Party’s Confidential Information only to perform its obligations under
this Agreement, and to use the same level of diligence and care that a prudent business would use
to protect its own confidential and proprietary information in order to prevent unauthorized use,
dissemination, or disclosure of the Disclosing Party’s Confidential Information. Each party will
take reasonable steps to assure that its employees and agents comply with the foregoing
requirements. The parties acknowledge that any breach of this Section 4 by one party could
cause irreparable harm to the other party, and each party hereby consents to entry of an injunction
or other equitable relief, without the necessity of posting bond or proving damages, in the event
of any such threatened or actual breach by it in addition to monetary damages and any other
available remedies. Confidential Information of the Disclosing Party does not include any
information that is (a) already known to the Receiving Party prior to its receipt of such
information, (b) is developed independently, or legitimately obtained from a third party, by the
Receiving Party, or (c) is required by law or court order to be disclosed; provided,
however, if the Receiving Party is the party subject to such court order or other legal
obligation, it will provide the Disclosing party with prior notice to enable the Disclosing party
to contest such order or obligation or seek appropriate protective remedies. Except as otherwise
required by law, the parties agree to treat as Confidential Information the terms of this Agreement
(including all exhibits and amendments), provided, however, that FAMS may provide a
copy of this Agreement to any Repository, if so requested. In addition, NCRC recognizes that FAMS
has devoted significant resources to developing the format of the FAMS Reports and agrees that such
format is the proprietary information and a valuable commercial asset of FAMS. Accordingly, NCRC
agrees that, except pursuant to this Agreement, it will not directly or indirectly use, or permit
any third party with a marketing relationship with NCRC to provide consumer reports to NCRC
customers in such format or any format that is intentionally designed to be substantially similar
and is likely to be confused with such format.
-4-
4.2 Consumer Data. Except as permitted under this Agreement, each party agrees not to
disclose any “Consumer Data” (defined below) to anyone except its employees and agents with a need
to know in order to enable that party to perform its duties and obligations under this Agreement.
Each party agrees to use diligent efforts, and at least the same degree of care it uses to protect
its own confidential information, to prevent unauthorized use or disclosure of the Consumer Data
and to require all agents to agree in writing to comply with such requirements. Each party will
promptly provide the other party with copies of such agreements upon request. “Consumer Data” is
defined as all information or data, in whatever form, provided by or through either party to the
other in connection with this Agreement concerning or relating to any Consumer User, including,
without limitation, names, addresses, telephone numbers, other identifying information, and
information relating to personal characteristics, preferences, or credit history from the
repositories. In order to comply with the laws that regulate the Consumer Data, each party agrees
to institute the following systems, procedures, and controls (together, “Security Procedures”):
| a. | Each party will limit the persons who have access to the Consumer Data to employees and agents who have a need to have access to such information in order to enable that party to provide the services under this Agreement (“Authorized Persons”). FAMS may also provide the Consumer Data to Credco and to the Repositories in order to provide the FAMS Reports under this Agreement; |
| b. | Neither party will make any copies of any Consumer Data except secure backups and will require all Authorized Persons to agree to the same limitation. FAMS and Credco may maintain copies of the Consumer Data to meet its obligations under applicable law, including, but not limited to the Fair Credit Reporting Act, as amended; |
| c. | Each party will institute procedures to protect the confidentiality of the Consumer Data such as keeping materials in a locked room to which persons other than Authorized Persons will not have access; |
| d. | Each party shall implement such other security procedures that NCRC and FAMS may mutually agree are reasonably required from time to time. |
| e. | Each party shall permit FAMS to audit the Security Procedures during normal business hours upon seven (7) days’ prior notice, subject to the audit limitations stated in paragraph 1.11, above. |
5
DISCLAIMERS AND LIMITATION ON LIABILITIES
DISCLAIMERS AND LIMITATION ON LIABILITIES
5.1 ALL FAMS REPORTS AND ALL OTHER PRODUCTS AND SERVICES PROVIDED BY FAMS (FAMS REPORTS
AND ALL OTHER PRODUCTS AND SERVICES PROVIDED BY FAMS, TOGETHER REFERRED TO AS “FAMS SERVICE(S)”)
UNDER THIS AGREEMENT ARE PROVIDED “AS IS.” NEITHER FAMS NOR ANY OF ITS AFFILIATES (INCLUDING, BUT
NOT LIMITED TO CREDCO) MAKES ANY REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT
TO ANY FAMS SERVICE INCLUDING, WITHOUT LIMITATION, WITH RESPECT TO THE ACCURACY, VALIDITY, OR
COMPLETENESS OF ANY FAMS SERVICE (OR ANY INFORMATION CONTAINED THEREIN). NO WARRANTIES WILL BE
CREATED BY COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE USAGE, AND FAMS EXPRESSLY DISCLAIMS
ALL SUCH REPRESENTATIONS AND WARRANTIES. IN ADDITION, NEITHER FAMS, NOR ANY OF ITS AFFILIATES
WARRANT THAT THE FAMS SERVICES (OR ANY INFORMATION THEREIN) WILL BE FREE FROM ERRORS, WILL MEET
NCRC’S OR CONSUMER USER’S NEEDS, OR WILL BE PROVIDED ON AN UNINTERRUPTED BASIS SUBJECT TO THE
BOUNDARIES OF THIS AGREEMENT. In no event will FAMS or any of its affiliates have any liability to
NCRC, any Consumer User, or any third party, for incidental, special, consequential, or any other
similar Damages resulting from the invalidity, inaccuracy, or incompleteness of the information
contained in any FAMS Report or any delay in providing such report, even if specifically advised of
the possibility of such Damages. FAMS’s maximum liability in connection with any FAMS Report shall
not exceed the amount of the FAMS Charge received by FAMS with respect to such report. Neither
party shall have any liability to the other party in connection with any delay, interruption, or
failure in performance hereunder resulting from any cause if such cause is beyond the reasonable
control of the failing party including, with respect to FAMS, the unavailability of consumer
information from any Repository for any reason. For the purposes of this Section 5, the term
“FAMS” also includes the Repositories.
6
INDEMNIFICATION
INDEMNIFICATION
The parties mutually agree to indemnify, defend, and hold harmless, one another, its respective
affiliates, and the respective officers, directors, employees, agents, and suppliers and other
third party contractors of one another from and against any and all actions, lawsuits,
investigations, proceedings, costs, expenses (including, without limitation, attorney fees and
court costs), damage or claim (collectively, “Claims”) in any way connected with (1) any breach of
this Agreement by either parties employees, agents, or independent contractors, and (2) any Claim
by any Consumer User or any other third party, except to the extent directly caused by gross
negligence.
-5-
7
SECURITY BREACH
SECURITY BREACH
In the event of any actual or suspected security breach that NCRC either suffers or learns of that
either compromises or is likely to compromise FAMS data (including, but not limited to FAMS
Reports, or any information contained therein) (e.g., physical trespass on a secure facility,
computing systems intrusion/hacking, loss/theft of a PC (laptop or desktop), loss-theft of printed
materials, etc.) (collectively, a “Security Breach”), NCRC will promptly notify FAMS security
personnel within one (1) business day of the discovery of such Security Breach and will immediately
coordinate with FAMS security personnel to investigate and remedy the Security Breach, as directed
by FAMS security personnel. Notification to FAMS shall be made by calling FAMS at 0-000-000-0000.
Except as may be permitted by applicable law, NCRC agrees that it will not inform any third party
of any such Security Breach without FAM’s prior written consent; however, if such disclosure is
required by applicable law, NCRC agrees to work with FAMS regarding the content of such disclosure
so as to minimize any potential adverse impact upon FAMS and its clients and customers. NCRC also
agrees to comply with all applicable federal and state breach laws and to provide timely
notification under applicable law to those individuals affected by the Security Breach (including,
but not limited to, notification to law enforcement authorities in the jurisdiction of NCRC and/or
individual(s) effected) in the event the Security Breach was caused by or arose from the actions or
inactions of NCRC. In addition, NCRC agrees to offer and provide, if accepted, to each affected or
potentially affected consumer, credit history monitoring services for a minimum of one (1) year in
which the consumer’s credit history is monitored and the consumer receives daily notification of
changes that may indicate fraud or identity theft. The monitoring service must include the daily
data from at least one (1) national consumer credit reporting bureau. If the root cause of the
Security Breach is determined by FAMS to be under the control of NCRC (e.g., employee fraud,
misconduct or abuse, poor information security practices, etc.), FAMS may assess NCRC a reasonable
expense recovery fee. If the root cause of the Security Breach is determined by FAMS to be under
the control of NCRC (see above), NCRC is required to submit written documentation to FAMS outlining
the cause of the breach and suggested remedial actions. If a Security Breach occurs or is suspected
to have occurred, FAMS may take any action it considers appropriate to safeguard FAMS’s data,
including but not limited to suspension of NCRC’s access until FAMS has determined NCRC’s
environment is secure. FAMS will use commercially reasonable efforts to implement, maintain and
staff an intrusion detection system to minimize exposure to hacking incidents and allow for rapid
correction. FAMS agrees to follow industry-standard security practices at its end of the
connection, including, but not limited to, a firewall, in an effort to not allow unauthorized
traffic to pass into NCRC networks through any common Internet connection. FAMS will subscribe to
third-party, industry-recognized security-vulnerability and security-notification services such as
vendors, CERT, and the Cybertrust Certification alert service. FAMS will review associated
notifications and alerts daily and immediately notify NCRC of any intrusion breach. FAMS will
review, test, schedule, apply and validate security patches within thirty (30) days of issue.
8
GENERAL
GENERAL
Except as expressly set forth herein, the relationship of the parties under this Agreement shall
be, at all times, one of independent contractors, and neither party shall have authority to assume
or create obligations on the other’s behalf or take any action that has the effect of creating the
appearance of its having such authority without the other party’s express prior written consent.
This Agreement constitutes the entire agreement between the parties pertaining to the subject
matter hereof and supersedes all prior or contemporaneous oral or written communications,
proposals, commitments, representations, and agreements of the parties with respect to such subject
matter. No supplement, modification, or amendment of this Agreement shall be binding upon either
party unless executed in writing by both parties hereto. No waiver of any provision of this
Agreement shall be deemed or shall constitute a waiver of any other provisions, whether or not
similar, nor shall any waiver constitute a continuing waiver. No waiver shall be binding unless
executed in writing by the party making the waiver. As to FAMS, only a Senior Vice President or
the Compliance Officer may sign a writing supplementing, modifying, or amending this Agreement, or
waiving any right of FAMS hereunder. As to NCRC, only an Officer may sign a writing supplementing,
modifying, or amending this Agreement, or waiving any right of NCRC hereunder. The recitals,
exhibits and addendums specifically referred to, and attached to this Agreement are part of this
Agreement for all purposes. Except as otherwise expressly provided in this Agreement, all notices,
requests, demands, and other communications in connection with this Agreement shall be in writing
and shall be delivered personally or sent by Federal Express (priority overnight) or a similar
courier service, or sent by first class mail, registered or certified, postage prepaid with return
receipt requested, properly addressed to the other party at the address set forth in the first
paragraph of this Agreement, or to such other address as shall be furnished in writing by either
party in the manner for giving notices hereunder. Any notice provided in accordance with the
requirements of this Agreement shall be deemed to have been given (a) upon personal delivery, or
(b) the earlier of: (i) two business days after it has been sent to the other party as provided
above, or (ii) actual receipt. This Agreement may not be assigned, in whole or in part, by either
of the parties without the prior written consent of the other party unless assignment is voluntary,
by merger or operation of law. In the event of any litigation between the parties to interpret or
enforce the terms of this Agreement, the prevailing party shall be entitled to recover its
reasonable attorney’s fees, costs and expenses.
-6-
Assignment. This Agreement may not be assigned, in whole or in part, by either party
without the prior written consent of the other party (which consent may not be unreasonably
withheld or delayed).
This Agreement binds and inures to the benefit of each party’s permitted successors and assigns.
This Agreement is governed by and construed in accordance with the internal laws of the state of
California. If any provision of this Agreement is declared invalid by a court of competent
jurisdiction, the other provisions remain in full force and effect, and this Agreement is deemed to
be amended to replace, to the extent legally possible, the rights and obligations contained in the
invalid provision. The invalidity of any provision is not a failure of consideration. No
representation or promise, or modification or amendment to this Agreement is binding on either
party unless in writing signed by authorized representatives of both parties. The provisions of
Sections 4, 5, 6, 7 and 8 of this Agreement (and any other provisions hereof which by their nature
should survive) shall survive the expiration or termination of this Agreement.
IN WITNESS WHEREOF, the parties have caused their duly authorized officers to execute this
Agreement effective as of the date first above written.
| FIRST ADVANTAGE MEMBERSHIP SERVICES, INC. | XxxxxxxxXxxxxxXxxxxx.xxx, L.L.C. | |||||||||||
| By: | /s/ Xxxxx Xxxxxxx | By: | /s/ Xxxxxxx X. Xxxxxxx | |||||||||
| Printed: | Xxxxx Xxxxxxx | Printed: | Xxxxxxx X. Xxxxxxx | |||||||||
| Its: | Director | Its: | CEO | |||||||||
-7-
EXHIBIT A-1
Internet Security Requirements
| A. | NCRC will be permitted to allow Consumer Users to access FAMS Reports at a secure location (“Secure Site”) located on NCRC’s web site, known as www.NCRC (“NCRC Website”), that is accessible only by the particular Consumer User who ordered the information. |
| B. | NCRC represents and warrants to FAMS that (a) a Consumer User will be able to access FAMS Reports through the Internet only at the Secure Site, and (b) each time NCRC provides a Consumer User access to FAMS Reports at the Secure Site, NCRC will have in effect a written agreement with the Consumer User that authorizes NCRC, on behalf of the Consumer User, to place the Consumer User’s order for the FAMS Report with FAMS. NCRC certifies to FAMS that each time it places such orders with FAMS for FAMS Reports; NCRC will do so solely on behalf of the authenticated Consumer User that ordered such information pursuant to the Consumer User’s written instructions. |
| C. | In order to enter the Secure Site, a Consumer User must use a unique user logon identification code and password (“Logon Code” and “Password,” respectively). |
| D. | NCRC agrees that prior to transmitting any FAMS Reports or non-public consumer information (“Consumer Information”) (FAMS Reports and Consumer Information being referred to cumulatively as “Subject Information”) through the Internet, or permitting any Consumer User to access such information at the Secure Site, NCRC will maintain in effect each of the following security procedures to prevent unauthorized use or dissemination of Subject Information: |
| 1. | All transmissions of Subject Information through the Internet will be encrypted. 128-bit SSL/TLS or higher strength encryption is required. |
| 2. | Subject Information must also be protected when stored on servers, subject to at least the following requirements: |
| (A) | Servers storing Subject Information must be separated by firewall or other comparable method from publicly accessible web-servers; |
| (B) | Subject Information must not be stored on a server that can be accessed by TCP services directly from the Internet and should not be referenced in public domain name services (DNS) tables; |
| (C) | All security access to these servers, both physical and network, must include authentication and, in the case of network security, passwords that are changed at least every 90 days; and |
| (D) | All servers must be kept current with all operating system patches, within 90 calendar days at they become available. |
| 3. | When displaying Subject Information, no Subject Information can be stored permanently on the presentation server(s). NCRC shall use the presentation server(s) only to receive the HTTP services. All HTML shall be dynamically created or interpreted by the application server. The presentation server(s) shall only receive the data and process it back and forth to the application server. Data transmitted between NCRC’s browser and the application server must not be cached, in any form, on the presentation server(s). |
| 4. | Subject Information may not be shared with, or accessed by any person other than an Authorized Employee (as defined below). All transmission of Subject Information is subject to all the terms and conditions contained in these Internet Security Requirements. Only Authorized Employees shall have computer network or terminal or any other access to any Subject Information. Authorized Employees are employees of NCRC who have a need to access Subject Information in order to carry out their official duties with NCRC for the purposes specified in this Agreement. Prior to providing an Authorized Employee with access to any Subject Information, NCRC will provide the Authorized Employee with adequate training regarding these Internet Security Requirements and the Fair Credit Reporting Act (“FCRA”) and other applicable laws, and will require the Authorized Employee to agree to comply with all such requirements and laws (together, “Employee Requirements”). Without limiting the generality of the foregoing, NCRC will inform all Authorized Employees that unauthorized access to information in Credit Reports may subject them to civil and criminal liability under the FCRA and other applicable laws, punishable by fines, imprisonment, or both. NCRC will not add any employee as an Authorized Employee unless the employee has received the required training and has agreed to comply with the Employee Requirements. |
-8-
| 5. | NCRC shall implement adequate security measures in order to prevent use or access of Subjection Information by persons other than Authorized Employees, including, without limitation, the following: (a) assigning each Authorized Employee a unique Internet identification and password (together, “Operator Passwords”), (b) changing the Operator Passwords at least once every ninety (90) days or sooner if a specific Authorized Employee is no longer responsible for accessing Subject Information or NCRC has learned or suspects that there has been unauthorized access to an Operator Password, (c) limiting knowledge of the Subject Information and Operator Passwords to Authorized Employees and strictly prohibiting the sharing, disclosure or public display of any such information, (d) using all security features in the software and hardware used to access Subject Information, (e) not transferring any hardware or software between locations without deletion of all Subject Information and Operator Passwords, and (f) if unauthorized access to Subject Information is discovered or suspected, immediately notifying FAMS and further undertaking all remedial efforts within its power and control to cure such unauthorized access or use. |
| 6. | NCRC will obtain and maintain in effect throughout the term of this Agreement, a third party network security certification and review in form and substance reasonably satisfactory to FAMS. The third party utilized by NCRC must be one of the following: (1) Cybertrust, (2) Foundstone, Inc., (3) ePlus (4) International Network Service, or (5) Secure Works, Inc. The certification and review will include the following: |
| (A) | A scan of all external IP addresses to determine if vulnerabilities exist in the NCRC’s infrastructure; |
| (B) | Intrusion testing on at least a calendar quarter basis; |
| (C) | Review of security policies and procedures and incident management. |
| 7. | NCRC’s Internet connection must be protected with dedicated, industry-recognized firewalls that are configured and managed to adhere to industry best practices. |
| 8. | Subject Information may only be held on a secure server which can only be accessed by a secure presentation server, through one of the following: |
| (A) | Dual or multiple firewall method (preferred) — This methods consists of a firewall between the Internet and the presentation server(s) and another firewall between the presentation server(s) and the application server holding the Subject Information. The network firewall should ensure that only the presentation server is allowed to access the application server holding Subject Information. |
| (B) | Single firewall method (acceptable) — When a dual firewall method is not feasible, a single firewall will provide acceptable levels of protection. The firewall should be installed between the Internet and the presentation server. Multiple interfaces to separate the presentation server and the application server holding Subject Information are required. The firewall should be configured to allow only the presentation server access to the application server holding Subject Information. |
| 9. | All administrative access to the firewalls and servers should be through a secure internal network. No direct modem access should be available to the firewalls or servers. |
| 10. | No internal Internet Protocol (IP) addresses should be publicly available or natively routed to the Internet. |
| 11. | The internal network should not provide any external access to any firewall or servers without proper strong authentication or through firewalls. |
| 12. | Any exceptions or alerts must be logged and reviewed by NCRC and maintained for at least one (1) year for review by FAMS. |
| 13. | If approved in writing by FAMS, NCRC may utilize an alternative method of Consumer User verification, in the form of issuance by NCRC, and use by the Consumer User, of a User ID and password. FAMS requires that NCRC securely protect each Consumer User’s User ID and password. Password security procedures must offer appropriate protections against random access and provide for regular password changes. Normally, the initial password must be issued by NCRC and not created by the Consumer User. |
-9-
| E. | NCRC agrees that it will not archive, store, or use any FAMS Reports received from FAMS (whether on any server or any other component of NCRC’s network, NCRC’s Website, any Secure Site, or otherwise), and it will purge all such information as soon as no longer needed by the Consumer User who ordered it, but in no event will NCRC store any FAMS Reports for more than five (5) days without FAMS written approval. In no event will NCRC resell such information or distribute, disseminate, transfer, or provide other access to such information to any person unless agreed to by FAMS under terms and conditions agreed to by NCRC and FAMS, except that NCRC shall provide access to such information to the Consumer User who ordered it as provided in this Agreement. NCRC shall be responsible, in event of NCRC error, for any migration or leakage of Subject Information, or any other transfer of such information, to any location that can be accessed by any person other than the Consumer User that ordered it. |
| F. | FAMS may, from time to time, change any of the requirements herein (including by imposing new requirements or procedures or modifying existing ones) by giving NCRC written notice of the change. NCRC will conform its systems, applications, process, and procedures to comply with, or seek mutual clarification of, the change not later than the effective date specified by FAMS in the notice, or if none is specified, thirty (30) days after receipt of the notice. |
| G. | Compliance by NCRC with the above listed requirements shall not relieve NCRC from the obligation to observe any other or further contractual, legal or regulatory requirements, nor shall FAMS’s review or approval of any of NCRC’s systems, applications, processes, or procedures constitute or be deemed to constitute the assumption by FAMS of any responsibility or liability for compliance by NCRC with any of the same. NCRC shall remain solely responsible for the security of its systems and the security of all Subject Information received by it from FAMS and for any breach of that security. FAMS retains the right, in its sole discretion, to withhold approval of Internet access of FAMS Reports for any reason. FAMS may suspend or terminate access to the Subject Information at any time if FAMS has reason to believe that NCRC has violated any of these Internet Security Requirements or any contractual, legal, or regulatory requirements, rules or terms. NCRC will be provided a detailed explanation pertaining to the termination and will be allowed the ability to cure such non-compliance within seven (7) days from official notice. |
EXHIBIT A-2
ACCEPTANCE OF TERMS
The following terms and conditions (“Terms and Conditions” or “Agreement”) apply to all Credit
Reports defined below) provided by First Advantage Membership Services, Inc. (“FAMS”) and First
Advantage Credco, LLC (“Credco”) transacted at or through NCRC (the “Website”). Your order of, use
of, and access to, your consumer report (“Basic Report”), credit scores (“Scores”) and other
enhancements to the Basic Report through the Website are subject to all terms and conditions
contained herein and all applicable laws and regulations. For purposes of these Terms and
Conditions, the term “Credit Reports” includes Basic Reports, Scores and other enhancements to
Basic Reports, individually or collectively, as the context requires. PLEASE READ THESE TERMS AND
CONDITIONS CAREFULLY. YOUR ORDER OF, ACCEPTANCE OF, USE OF, AND/OR ACCESS TO CREDIT REPORTS
CONSTITUTES YOUR AGREEMENT TO ABIDE BY EACH OF THE TERMS AND CONDITIONS SET FORTH HEREIN. IF YOU
DO NOT AGREE WITH ANY OF THESE TERMS OR CONDITIONS, DO NOT ORDER, USE OR ACCESS ANY CREDIT REPORT
AND CALL CUSTOMER SERVICE TO CANCEL YOUR MEMBERSHIP.
This Agreement may be updated from time to time. Online customers should check the Website
regularly for updates to these Terms and Conditions. Each time you order, access or use the Credit
Reports, you signify your acceptance and agreement, without limitation or qualification, to be
bound by the then current Agreement.
-10-
In consideration of your of, access to, and/or use of Credit Reports provided by FAMS/Credco, you
agree to provide true, accurate and complete current information about yourself when prompted to do
so by the registration or application forms or requested to do so by FAMS/Credco.
By submitting your order through the Website, you acknowledge receipt of FAMS/Credco’s Privacy
Policy and agree to its terms.
See below for a copy of FAMS/Credco’s Privacy Policy.
By requesting your Credit Report from NCRC, you certify that you are eighteen (18) years of age or
older. If any information you provide is untrue, inaccurate or not current, FAMS or Credco, at
their sole discretion, has the right to suspend or terminate your order of, use of, and/or access
to Credit Reports provided by FAMS or Credco, and refuse all current or future orders of, use of,
and/or access to Credit Reports provided by FAMS or Credco, or suspend or terminate any portion
thereof. Further, you agree that neither FAMS nor Credco will be liable to you or any third party
if FAMS or Credco suspends or terminates your order of, use of, or access to any Credit Report
provided by FAMS or Credco, or any portion thereof, for any reason.
Credco/FAMS obtains credit information used to prepare Credit Reports from the three national
credit repositories (Equifax, Experian, Trans Union). The Credit Reports Credco/FAMS provides are
intended to furnish you with information that you may not otherwise have readily available to you,
but should not be relied upon for important personal and financial decisions. You should consult
your own professional adviser for specific advice tailored to your personal situation. You agree
that Credco/FAMS have no liability for information (accurate or inaccurate) in your Credit Report.
You understand and agree that by submitting your order you are providing “written instructions” in
accordance with the Fair Credit Reporting Act, as amended (“FCRA”), for Credco/FAMS to obtain
information from your personal credit profile from any consumer reporting agency. You also
authorize Credco/FAMS to access your personal credit profile to verify your identity and to provide
Credit Reports.
ARBITRATION
YOU UNDERSTAND AND AGREE THAT ALL CLAIMS, DISPUTES OR CONTROVERSIES BETWEEN YOU AND FAMS/CREDCO AND
THEIR PARENTS, AFFILIATES, SUBSIDIARIES OR RELATED COMPANIES, INCLUDING BUT NOT LIMTED TO TORT AND
CONTRACT CLAIMS, CLAIMS BASED UPON ANY FEDERAL, STATE OR LOCAL STATUTE, LAW, ORDER, ORDINANCE OR
REGULATION, AND THE ISSUE OF ARBITRABILITY, SHALL BE RESOLVED BY FINAL AND BINDING ARBITRATION AT A
LOCATION DETERMINED BY THE ARBITRATOR. ANY CONTROVERY CONCERNING WHETHER A DISPUTE IS ARBITRABLE
SHALL BE DETERMINED BY THE ARBITRATOR AND NOT BY THE COURT. JUDGMENT UPON ANY AWARD RENDERED BY
THE ARBITRATOR MAY BE ENTERED BY ANY STATE OR FEDERAL COURT HAVING JURISDICTION THEREOF. THIS
ARBITRATION CONTRACT IS MADE PURSUANT TO A TRANSACTION IN INTERSTATE COMMERCE AND ITS
INTERPRETATION, APPLICATION, ENFORCEMENT AND PROCEEDINGS HEREUNDER SHALL BE GOVERNED Y THE FEDERAL
ARBITRATION ACT (“FAA”). NEITHER YOU NOR FAMS/CREDCO SHALL BE ENTITLED TO JOIN OR CONSOLIDATE
CLAIMS IN ARBITRATION BY OR AGAINST OTHER CONSUMERS OR ARBITRATE ANY CLAIM AS A REPRESENTATIVE OR
MEMBER OF A CLASS OR IN A PRIVATE ATTORNEY GENERAL CAPACITY. THE PARTIES VOLUNTARILY AND KNOWINGLY
WAIVE ANY RIGHT THEY HAVE TO A JURY TRIAL.
YOU UNDERSTAND THAT IT MAY BE A VIOLATION OF FEDERAL AND/OR STATE LAW FOR YOU TO OBTAIN A CREDIT
REPORT ON ANY PERSON OTHER THAN YOURSELF, AND THAT UNDER THE FCRA, ANY PERSON WHO KNOWINGLY AND
WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES
SHALL BE FINED UNDER XXXXX 00, XXXXXX XXXXXX CODE, IMPRISONED FOR NOT MORE THAN 2 YEARS, OR BOTH.
The FCRA allows you to obtain copy of all of the information in your consumer credit file
disclosure from consumer reporting agencies for a reasonable charge. Full disclosure of
information in your file at the three national credit repositories must be obtained directly from
the repositories by calling:
Experian: |
1-800-EXPERIAN (0-000-000-0000) | |||
Equifax: |
0-000-000-0000 | |||
Trans Union: |
0-000-000-0000 | |||
-11-
The FCRA also states that individuals are entitled to receive a disclosure directly from the
consumer reporting agency free of charge under the following circumstances:
| • | You certify in writing that you are unemployed and intend to apply for employment in the next 60 days; |
| • | You are a recipient of public welfare assistance; |
| • | You have reason to believe that your file at the consumer reporting agency contains inaccurate information due to fraud; |
| • | You have been denied credit, insurance, or employment within the past 60 days as a result of your Credit Report; |
The FCRA also permits consumers to dispute inaccurate information in their Credit Report without
charge. Accurate information cannot be changed. You do not have to purchase your Credit Report
from NCRC to dispute inaccurate or incomplete information in your credit file maintained by
Experian, Equifax or Trans Union (the “Repositories”).
The FCRA allows consumers to get one free comprehensive disclosure of all of the information in
their credit file from each of the Repositories once every 12 months through a central source.
Georgia residents can receive two disclosures per year. Although comprehensive, the credit reports
from each of the Repositories that are available from FAMS/Credco may not have the same information
as a credit report obtained directly from the Repositories or through the central source. To
request your free annual report under the FCRA, you must go to
xxx.xxxxxxxxxxxxxxxxxx.xxx, or call
000-000-0000. FAMS/Credco Credit Reports are not related to the free FCRA disclosure that you are
or may be entitled to.
The Credit Report you are requesting from Credco/FAMS through NCRC is not intended to constitute
the disclosure of Experian, Equifax or Trans Union information required by the FCRA or similar
state laws.
Consumers residing in the states of Colorado, Maine, Maryland, Massachusetts, New Jersey, and
Vermont may receive an additional free copy of their credit report once per year and residents of
the state of Georgia may receive two (2) additional copies per year. For Illinois residents,
credit reporting agencies are required by law to give you a copy of your credit record upon request
at no charge or for a nominal fee.
See below for a full text of your summary of rights.
MODIFICATION OF SERVICES
Credco/FAMS may, at their discretion, modify, or discontinue providing, the Credit Reports, with or
without notice. You agree that Credco/FAMS will not be liable to you or any third party for any
modification or discontinuance of, the Credit Reports.
DISCLAIMERS AND LIMITATIONS OF LIABILITY
YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE WEB SITE, THE CREDIT REPORTS, AND CONTENT
IS AT YOUR SOLE RISK. ALL CREDIT REPORTS (AND THE INFORMATION CONTAINED THEREIN) ARE PROVIDED ON
AN “AS IS” OR “AS AVAILABLE” BASIS. CREDCO, FAMS AND THEIR SUPPLIERS EXPRESSLY DISCLAIM ALL
WARRANTIES, GUARANTEES, REPRESENTATIONS AND CONDITIONS OF ANY KIND WHETHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, TITLE OR NONINFRINGEMENT. THE INFORMATION CONTAINED IN THIS WEB SITE, OR THE CREDIT
REPORTS DOES NOT CONSTITUTE LEGAL, TAX, ACCOUNTING OR OTHER PROFESSIONAL ADVICE. CREDCO, FAMS AND
THEIR RESPECTIVE SUPPLIERS MAKE NO WARRANTY OR REPRESENTATION THAT (I) THE CREDIT REPORTS (AND THE
INFORMATION CONTAINED THEREIN) ARE ACCURATE, COMPLETE OR VALID, (II) THE CREDIT REPORTS WILL BE
DELIVERED IN A TIMELY FASHION, (III) THE CREDIT REPORTS WILL BE DELIVERED ON AN UNINTERRUPTED BASIS
OR BE ERROR-FREE; AND (IV) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE CREDIT REPORTS WILL
BE RELIABLE.
YOU UNDERSTAND AND AGREE THAT CREDCO, FAMS AND THEIR SUPPLIERS WILL NOT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES RESULTING FROM OR IN ANY WAY
CONNECTED TO YOUR ACCESS TO, USE, OR INABILITY TO USE THE WEBSITE, OR THE CREDIT REPORTS, EVEN IF
CREDCO, FAMS OR THEIR SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. SOME
JURISDICTIONS EITHER DO NOT ALLOW OR PLACE RESTRICTIONS UPON THE EXCLUSION OR LIMITATION OF DAMAGES
IN CERTAIN TYPES OF AGREEMENTS; FOR THESE JURISDICTIONS, THE AFOREMENTIONED LIMITATION ON LIABILITY
SHALL BE TO THE MAXIMUM DEGREE PERMITTED BY APPLICABLE LAW. IF, NOTWITHSTANDING THE ABOVE,
LIABILITY IS IMPOSED UPON CREDCO OR FAMS, THEN YOU AGREE THAT CREDCO’S AND FAMS’S TOTAL LIABILITY
TO YOU FOR ANY OR ALL OF YOUR LOSSES OR INJURIES FROM FAMS’S OR CREDCO’S ACTS OR OMISSIONS,
REGARDLESS OF THE NATURE OF THE LEGAL OR EQUITABLE CLAIM, SHALL NOT EXCEED THE AMOUNT PAID BY YOU
FOR THE CREDIT REPORT TO WHICH YOUR CLAIM RELATES.
-12-
NOT A CREDIT REPAIR ORGANIZATION OR CONTRACT
FAMS/Credco offers access to your Credit Report and other credit information. Neither FAMS nor
Credco are credit repair organizations, and are not offering to sell, provide or perform any
service to you for the express or implied purpose of either improving your credit record, credit
history or credit rating or providing advice or assistance to you with regard to improving your
credit record, credit history or credit rating. You acknowledge and agree that you are not seeking
to purchase, use or access any of the Credit Reports, the Website or content in order to do so.
Accurate adverse information in your Credit Report cannot be changed. If you believe that your
Credit Report contains inaccurate, non-fraudulent information, it is your responsibility to contact
the relevant Repository, and follow the appropriate procedures for notifying the Repository that
you believe that your Credit Report contains an inaccuracy. Any information provided to you
regarding the procedures followed by the various Repositories related to the removal of inaccurate,
non-fraudulent information is provided without charge to you and is available for free.
These terms and conditions, the Privacy Policy, and other policies Credco/FAMS may post to this
Website, constitute the entire agreement between Credco/FAMS and you in connection with your use of
the Credit Reports, and supersede any prior versions of the terms and conditions, if applicable.
Credco/FAMS may update these terms and conditions from time to time by posting revised terms and
conditions on this Web Site, without notice to you, and your subsequent use of the Web Site is
governed by those new terms and conditions. The terms and conditions are effective until
terminated by Credco and/or FAMS. In the event of termination, the Disclaimers and Limitations of
Liability provisions set forth in these Terms and Conditions will survive. In the event of a
conflict between any other notice, policy, disclaimer or other term contained in this Website,
these Terms and Conditions will control. If any provision is deemed to be unlawful or
unenforceable, it will not affect the validity and enforceability of the remaining provisions. The
section headings are for convenience only and do not have any force or effect.
Privacy Policy Notice
Credco’s/FAMS’s policy on how your personal information is used and disclosed is contained in
Credco’s/FAM’s Privacy Policy. The Credit Reports provided under these Terms and Conditions are
web-based and you agree to accept this notification, revisions, and the provision of an annual
notice electronically through this Website.
LEGAL NOTICE
1) NEITHER NCRC (“NCRC”), ITS EMPLOYEES, AGENTS, SUCCESSORS, AND/OR ASSIGNS, MAKE ANY WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE, OR ASSUME ANY LEGAL LIABILITY OR RESPONSIBILITY FOR THE ACCURACY, COMPLETENESS, OR
USEFULNESS OF ANY INFORMATION CONTAINED AT THIS WEB SITE OR REPRESENT THAT USE OF THIS INFORMATION
WOULD NOT INFRINGE OTHER THIRD PARTY RIGHTS. FURTHER NCRC SHALL NOT BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, OR INCONSEQUENTIAL DAMAGES TO THE USER, OR A THIRD PARTY ARISING FROM USE
OF THIS WEB SITE.
2) In providing this information, NCRC does not assume any liability as a result of the use or
misuse of the information. By your use of this information, you recognize and agree to hold NCRC
harmless from any liability as a result of your using this information, materials, products or
services listed at this web site.
3) NCRC reserves the right to change any information at this website without prior notice.
4) NCRC and its vendors and suppliers have taken substantial steps to insure the confidentiality of
information transmitted to them via the Internet. However the user is cautioned that unexpected
changes in technology may be used by unauthorized third parties to intercept your information.
Accordingly NCRC assumes no liability or responsibility should confidential information belonging
to the user be intercepted and subsequently used by an unintended recipient.
5) You understand that the credit report is being provided by FAMS/CREDCO not by NCRC, that NCRC is
not a credit bureau, that
NCRC and its product are solely mechanisms of communication for you to obtain the Credit Report,
and NCRC assumes no responsibility or liability whatsoever for it.
6) Clicking on certain links within this web site might take you to other web sites for which NCRC
assumes no responsibility of any kind for the content or otherwise. The content presented at this
site may vary depending upon your browser.
-13-
EXHIBIT A-3
FAMS will allow the “Yes” click on NCRC’s website to constitute “written instructions” so long as
certain requirements are followed. Such requirements will be necessary whenever the application
requires reliance on the “written instructions” permissible purpose.
NCRC is responsible for an independent evaluation of whether it will rely on a “Yes” click on the
NCRC website as “written instructions” permissible purpose.
The NCRC website requirements, which must be followed by NCRC, are as follows:
| 1. | A prominently displayed message informing the consumer that his or her credit profile will be consulted for a stated purpose and no other, and that clicking on the “I AGREE” button constitutes written instructions under the Fair Credit Reporting Act. Sample disclosure language is provided below; |
| 2. | The “I AGREE” button must immediately follow the notice provided above. Also, the notice and “I AGREE” button must be separate from any other notice or message contained on the NCRC website (i.e., not part of any general privacy notice); |
| 3. | A second click by the consumer following a statement asking the consumer to confirm his or her agreement. Sample language for a second, confirming click is provided below; |
| 4. | The ability of the consumer to fully review any of the terms to which he or she is agreeing immediately preceding the consensual click. This means that the notice and message must be in full text above the “I AGREE” button and cannot be contained in a separate part of the website with a notification that the consumer may review the terms if he or she wishes by clicking a separate icon; |
| 5. | The consumer must not be able to proceed in the process without affirmatively agreeing to the terms in the notice, and confirming the agreement with a second click; |
| 6. | The consumer must have the ability to print out the terms to which he or she is agreeing (i.e., the ability to print out the notice and consent provided in 1 above); and |
| 7. | NCRC must have the ability to download or otherwise store the fact that the consumer has provided “written instructions” by clicking “I AGREE”. This cannot be satisfied by the fact that the consumer is not permitted to go further in the process unless he or she clicks “I AGREE”. NCRC must have the ability to print out a log or other document that indicates affirmatively that the consumer consented by clicking “I AGREE”, and preferably the date and time of the consent. |
FAMS requires that the notice provided by NCRC be substantially as follows:
“You understand that by clicking on the “I AGREE” button immediately following this notice, you are
providing “written instructions” to FAMS/Credco under the Fair Credit Reporting Act authorizing
FAMS/Credco to obtain information from your personal credit profile from Experian, Equifax and
Trans Union. You authorize FAMS/Credco to obtain such information solely to {purpose for accessing
credit report (a) for your own use; (b) to confirm your identity to avoid fraudulent transactions
in your name; (c) monitoring your credit file for changes}.” [Use all that apply]
The second click notice should read substantially as follows:
“Please confirm your authorization for FAMS/Credco to obtain your credit profile from Experian,
Equifax and Trans Union to {purpose for pulling the report}.”
-14-
Exhibit B
Customer User Service Standards
Customer Service Provider
CREDCO produces the JMA Credit Reports, delivers them to Consumer Users, and provides Customer
Service. CREDCO is responsible for assuring that CREDCO maintains the service standards described
in this Exhibit B, and CREDCO also has the direct responsibilities and obligations set
forth below.
Customer Service Hours
| (a) | Customer Service shall be provided during no less than the following hours: Monday through Friday from 9a.m. to 9:00 p.m. EST. Customer service will not be provided on the following days: New Year’s Day, Memorial Day, Independence Day, Labor Day, Thanksgiving and Christmas. |
Customer Service Average Response Time
| (a) | “Customer Service Response Time” (“CS Response Time”), with respect to a call placed by a Consumer to CREDCO customer service facility means the time that elapses between the time the call is connected and the time the call is answered by a live operator who is fully qualified to resolve the Consumer User’s Request, including any time the Consumer is placed on hold after the call is initially answered. |
| (b) | “Average CS Response Time”, with respect to a day, means the average CS Response Time of all calls placed by Consumer Users to CREDCO customer service facility during such day. |
| (c) | The Average CS Response Time shall be 80% of all calls answered within 60 seconds with any time a Consumer User is placed on hold after the call is initially answered being included in this time calculation. |
| (d) | CREDCO shall take the following action if the Average CS Response Time in any given day does not meet 80% of all calls answered within 60 seconds as provided above: CREDCO shall promptly deliver to NCRC a written explanation and statement, acceptable to NCRC, of its plans to ensure that the Average CS Response Time is met and shall make reasonable efforts to achieve that objective within thirty (30) days after delivering the statement. |
Customer Service Abandonment
| (a) | Abandoned Customer Service Call (“Abandoned CS Call”) means any call placed by a Consumer User to CREDCO customer service facility that ends prior to being answered and resolved by a live operator, either because (i) the caller ended the call because the wait time exceeded 60 seconds, or (ii) the call was terminated through no act of the caller. |
| (b) | Customer Service Abandonment Rate (“CS Abandonment Rate”), with respect to a day, is the ratio of (i) all Abandoned CS Calls for each such day to (ii) all calls placed by Consumer User’s to CREDCO customer service facility on such day. |
| (c) | The CS Abandonment Rate shall be no more than seven percent (7%). |
Additional Reporting Requests
From time to time additional customer service performance reports may be requested by NCRC.
Reporting data types and frequencies of data reporting will be reviewed and mutually agreed upon
prior to inclusion in a monthly reporting schedule.
-15-
Exhibit “C”
| *** | *** | *** | *** | *** | ||||||
1B Experian Report
|
*** | *** | *** | *** | *** | |||||
1B TransUnion Report
|
*** | *** | *** | *** | *** | |||||
1B Equifax Report non CSC State
|
*** | *** | *** | *** | *** | |||||
1B Equifax Report CSC State
|
*** | *** | *** | *** | *** | |||||
3B Report non CSC State
|
*** | *** | *** | *** | *** | |||||
3B Report CSC State
|
*** | *** | *** | *** | *** | |||||
1B Experian Monitoring
|
*** | *** | *** | *** | *** | |||||
1B TransUnion Monitoring
|
*** | *** | *** | *** | *** | |||||
1B Equifax Monitoring
|
*** | *** | *** | *** | *** | |||||
3B Monitoring
|
*** | *** | *** | *** | *** | |||||
Online Authentication
|
*** | *** | *** | *** | *** | |||||
1B Score
|
*** | *** | *** | *** | *** | |||||
3B Score
|
*** | *** | *** | *** | *** | |||||
What if Simulator (TransUnion report required)
|
*** | *** | *** | *** | *** | |||||
Customer Service
|
*** | *** | *** | *** | *** | |||||
Customer Service Training
|
*** | *** | *** | *** | *** | |||||
Customer Service Curriculum Development
|
*** | *** | *** | *** | *** | |||||
Credit Interface Set-Up Fee
|
*** | X/X | X/X | X/X | X/X | |||||
***Minimum
|
*** | *** | ||||||||
| Product | Info/Notes | |
| 1B Report | Experian Report |
|
| 3B Report non CSC State | ||
| 3B Report CSC State | Arkansas, Iowa, Illinois, Indiana, Kansas, Kentucky, Louisiana,
Minnesota, Missouri, North Dakota, Nebraska, Ohio, Xxxxxxxx, Xxxxx,
Xxxxxxxxx |
|
| 0X Monitoring | Experian Monitoring |
|
| 3B Monitoring | Daily Monitoring |
|
| Online Authentication | Experian L3 Product |
|
| 1B Score | TU Algorithm score range 150- 930 |
|
| 3B Score | TU Algorithm score range 150- 930 |
|
| What if Simulator | Charged per consumer use (unlimited simulations for 30 days) |
|
| Customer Service | Volume tier is based on per minute of talk time, includes long distance |
|
| Customer Service Training | Per Hour |
|
| Customer Service Curriculum Development | Per Hour |
***CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION.
CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED
PORTION.
-16-
