DATA SERVICES AGREEMENT
Exhibit 10.2
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
This DATA SERVICES AGREEMENT (this "Agreement") made and entered into as of September 26, 2016 (the "Effective Date") by and between Digital Matrix Systems, Inc., a Texas corporation, located at 00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000 ("DMS") and Intersections Inc., a Delaware corporation, located at 0000 Xxxxxxxxxx Xxxx., Xxxxxxxxx, XX 00000 ("Intersections").
W I T N E S S E T H:
WHEREAS, Intersections desires DMS to provide certain on-line credit and third party data access and processing services through DMS' proprietary web-based application known as the Alert Processing Engine ("APE") and access, process and retain the Third Party Data as outlined herein (the "Services"), and DMS is willing to provide the Services to Intersections in accordance with the terms and conditions hereof; and
WHEREAS, in connection with the Services, Intersections desires DMS to process and retain certain credit and other third party information (the "Third Party Data") obtained from consumer reporting agencies such as Experian, Equifax, and Trans Union and other Intersections selected third party data providers (collectively, the "Data Providers") in order to prepare and provide to Intersections Alert Processing Engine responses based on each specific product or transaction type; and
NOW, THEREFORE, in consideration of the premises and the mutual covenants and agreements herein set forth, the parties, intending to be legally bound, agree as follows:
Section 1. Services. In accordance with the terms of this Agreement, DMS will provide Intersections access to its Services to enable Intersections to request Credit Information of or from the Data Providers, or other Third Party Data sources as determined by Intersections and agreed to by DMS, and for DMS to return the Credit Information to Intersections through Alert Processing Engine responses based on specific product or transaction type, as identified by Intersections, via the Internet. Each such request received and processed by DMS shall be defined as a "Transaction." Intersections hereby authorizes DMS to obtain (and retain as applicable) Third Party Data on its behalf using the Data Provider access codes provided by Intersections to DMS. DMS shall retain such Third Party Data in such a manner allowing Intersections to retrieve the Third Party Data as outlined herein. Intersections right to retrieve retained Third Party Data and DMS right to access Third Party Data shall not extend beyond the Term of this Agreement. The parties recognize that in order to provide the Services DMS will receive Personal Information (as defined in Section 17 of the Agreement).
(a) Implementation Services – DMS shall provide the implementation services set forth below:
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 1 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
1. |
Set up of hardware environments, including testing, production, and disaster recovery.
|
2. |
Deployment of the Alert Processing Engine (the "APE") application across hardware environments covering user acceptance testing, production, and disaster recovery environments.
|
3. |
Establish and test Credit Bureau connectivity and processing of the APE application.
|
4. |
Establish and test the data retention database and related support services.
|
5. |
Test Disaster Recovery procedures for all Credit Bureau connections, the APE, and Third Party Data and Personal Information retention services.
|
6. |
Support for Intersections Acceptance Testing.
|
(b) Third Party Data processing and data retention services for the Data Providers as outlined on Exhibit B. Intersections will be responsible for all DMS access to the Third Party Data from the Data Providers, its format, and delivery method of each "data component" within the Third Party Data.
(c) Periodic Disaster Recover (DR) Failover Testing
1. |
Creating the DR rollover test plans.
|
2. |
Executing the DR site rollover.
|
3. |
Testing the DR site, fail back to the primary site and testing the fall back.
|
(d) Support for Services in (b) above
1. |
Process documentation for DMS Operations.
|
2. |
Training DMS staff for 7/24/365 production support.
|
(e) DMS shall, upon written request and subject to an executed Amendment to this Agreement, develop for Intersections a separate non-production database that replicates the information maintained by DMS as part of the Services, including Third Party Data and Personal Information ("Intersections Database"). The Intersections Database shall be updated every 24 hours and may be accessed by Intersections employees in accordance with this Agreement. Intersections shall only use this database for its internal purposes.
The Services shall at all times comply with the requirements of the Service Level Agreement outlined in Exhibit A hereto, as applicable.
Section 2. Acceptance Testing. The term "Acceptance Testing" means testing performed by Intersections to determine whether the relevant Services comply with the documentation. Within fifteen (15) business days after receipt of the Services, Intersections shall provide DMS a written list of items that it finds unacceptable, including a written description of the failure sufficient to allow DMS to replicate such Acceptance Test failure and DMS shall correct the items
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 2 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
within fifteen (15) business days. This process shall continue until Intersections signs off on receipt and acceptance of the Services. Rework required shall not be charged back to Intersections unless the rework is the result of an error in, or change to, the requirements provided by Intersections to DMS. Intersections shall be deemed to have accepted the Services upon the earlier of (1) providing DMS written acceptance of the Services, or (2) thirty (30) calendar days after delivery or redelivery of the Services for which Intersections does not provide DMS a written list of unacceptable items. Intersections shall be solely responsible for determining the appropriateness of all Acceptance Testing elements.
Section 3. Security. DMS shall maintain reasonable and appropriate administrative, technical and physical security safeguards to (i) insure the security and confidentiality of the Third Party Data and Personal Information; (ii) protect against anticipated threats or hazards to the security or integrity of the Third Party Data and Personal Information; and (iii) protect against unauthorized access or use of Third Party Data and Personal Information. Such safeguards will include maintaining compliance with prevailing industry standards, including the Xxxxx-Xxxxx-Xxxxxx Act, establishing procedures to prevent any of its employees or agents from using any Third Party Data or Personal Information for personal reasons or transferring any such information to any third party (other than as provided in this Agreement). DMS will, as allowed by Applicable Laws, promptly notify Intersections of any actual or suspected unauthorized access to Third Party Data or Personal Information as outlined in Exhibit C.
DMS Information Security Requirements shall be as outlined on Exhibit C and the federal and state regulations that apply to the Services performed by DMS hereunder. In addition, DMS Services will contract to have an annual ***** audit performed and shall provide Intersections a copy of such audit reports, which shall be considered DMS Confidential Information.
During the term of this Agreement, and for a period of one (1) year thereafter, either party may, upon reasonable notice and during normal business hours, audit the other party's policies, procedures and records to ensure compliance with this Section 3. DMS shall comply with reasonable audit requirements from Intersections, including Intersections data providers whose data is subject to the Services provided pursuant to this Agreement. A security-related questionnaire may be required to be completed during the annual audit or an Intersections' client request. Any such third party auditors must comply with the confidentiality requirements of DMS.
DMS will conduct or obtain, and ensure that its agents, independent contractors, and subcontractors conduct or obtain, background checks designed to prevent them from the hiring, retaining or engaging of officers or employees (including de facto employees under the FDIC Act, 12 USC § 1829), or agents or independent contractors or subcontractors who have been convicted of or entered into a pretrial diversion program for fraud, embezzlement, larceny, perjury, terrorism or breach of fiduciary duty from performing any responsibilities or functions in connection with: processing Third Party Data as outlined herein. Intersections may require confirmation from the DMS that the independent contractor or subcontractor successfully completed the background
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 3 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
check consistent with DMS' policies and procedures. If DMS learns that an employee or independent contractor or subcontractor is convicted of (or enters into pretrial diversion for) a felony identified above, or DMS learns of a prior conviction or diversion during the term of the Agreement, it will take appropriate action to inform Intersections of the conviction and remove the employee, independent contractor, or subcontractor from performing any services for Intersections if requested by Intersections.
Intersections shall maintain the security of logon identification credentials used by Intersections and Intersections' employees and its authorized users to gain access to the Services. Intersections will implement any credentialing or procedures reasonably requested by DMS from time to time to maintain security of access to the Services.
Section 4. Term. The initial term of this Agreement shall be a period of one year, commencing on the Effective Date. Unless earlier terminated pursuant to the terms and conditions hereof, this Agreement shall automatically be extended for successive terms of one year each, unless either party shall give the other party written notice of its election not to extend the term 30 days prior to the conclusion of the then-current term. Notwithstanding the foregoing, DMS may immediately discontinue offering the Services, or any part thereof, in the event DMS is no longer authorized to provide the Third Party Data pursuant to Intersections' or DMS' arrangements with the Data Providers.
Section 5. Conditions of Use of the Services.
(a) As a condition to DMS providing the Services hereunder, Intersections agrees that Intersections and its affiliates will use the Services and Credit Information only for a permissible purpose under the federal Fair Credit Reporting Act 15 U.S.C. § 1681 et seq., as amended ("FCRA") and that DMS' Services will not directly or indirectly violate or interfere with the terms of any other agreement to which Intersections is a party.
(b) Intersections will implement strict security procedures designed to ensure that Intersections' employees and its authorized users use the Services in accordance with the Agreement. Intersections will treat and hold the Services in strict confidence and will restrict access to the Services to Intersections' employees and authorized users who agree to act in accordance with the confidentiality requirements set forth in Section 15 hereof. Intersections will inform Intersections' employees and authorized users to whom any Third Party Data is disclosed of the provisions of this Section 5(b).
(c) Intersections acknowledges the proprietary and confidential nature of the Services, and that the Services are, will continue to be the exclusive property of DMS, and shall be used only as authorized in writing by DMS. DMS grants to Intersections a limited, non-exclusive, non-transferable and non-assignable or sublicensable license to access and use the Services and any
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 4 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
other data or information that is proprietary to DMS for purposes authorized by this Agreement. Intersections will require its employees and authorized users that have access to the Services to comply with all of the terms and conditions of this Agreement, and if any of such persons breach this Agreement such breach shall be deemed a breach of this Agreement by Intersections. Except as expressly set forth in this Section 5(c), nothing contained in this Agreement shall be deemed to convey to Intersections, Intersections' affiliates, employees, agents, authorized users or to any other party, any right, title or interest, including any patent, copyright, trademark or other proprietary right, in or to the Services or any other data or information that is proprietary to DMS. Intersections will not use or permit its affiliates, employees, agents, subcontractors and authorized users to use the trademarks, service marks, logos, names or other proprietary designations of DMS without its prior written consent.
Section 6. Fees. In consideration for the Services provided hereunder, Intersections shall pay to DMS the following fees:
(a) A one-time Implementation Fee of $***** that shall be billable upon execution of this Agreement.
(b) Third Party Data Processing and Retention Services shall be billed in equal installments per month (the "Monthly Fee") not to exceed the amount set forth in the applicable Contract Year below. A Contract Year shall be defined as each 12-month period, with the first Contract Year One beginning with the earlier of (1) the date of Acceptance by Intersections, and (2) live production processing by Intersections, and each successive 12-month period thereafter. The pricing for the for each Contract Year is as set forth below:
(i) |
Contract Year One $*****
|
(ii) |
Contract Year Two $*****
|
(iii) |
Contract Year Three *****
|
(iv) |
The initial Monthly Fee shall be due upon customer the earlier of (1) the date of Acceptance, and (2) live production processing by Intersections using the Services.
|
Intersections agrees to pay DMS within 30 days of the receipt of each DMS invoice. DMS may assess a late charge of *****% per month or the highest rate allowed by law, whichever is less, on past due invoices. Intersections obligation to pay invoiced amounts is absolute and unconditional and not subject to any offset, defense or counterclaim. Failure to timely pay such fees may result in discontinuation of Services.
Section 7. Maintenance Services and Enhancement.
During the term of this Agreement, DMS will provide to Intersections telephone support in accordance with the provisions of the Service Level Agreement attached hereto as Exhibit A.
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 5 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
The Services will be subject to DMS' standard maintenance services which shall include, in addition to the obligations outlined in Exhibit A, (1) routine changes instigated by the Data Providers within data layout, version, and format changes in order to continue delivery of the Services as outlined herein; (2) corrections of Errors as defined in Exhibit A; and (3) SLA reporting as outlined in Exhibit A.
Enhancements, including access to new Data Providers or other third party data suppliers, formats, and report types, to be defined by mutual agreement of the parties, including any additional fees for the Services provided pursuant to this Agreement.
Section 8. Disclaimer of Warranty. Intersections acknowledges that the Services provided hereunder entail the possibility of some human and/or machine errors, omissions, delays and losses, including errors in the Third Party Data, or delays caused by the Data Providers or Internet delivery of the Services, which may give rise to loss or damage. ACCORDINGLY, DMS DOES NOT GUARANTEE OR WARRANT THE ACCURACY, TIMELINESS, COMPLETENESS, CURRENTNESS, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OF THE SERVICES, THE THIRD PARTY DATA.
Section 9. Insurance. Each party represents that as of the Effective Date it has, and agrees that it shall maintain in force during the Term, at least the insurance coverage set forth below:
(a) |
Statutory workers' compensation covering all state and local statutory requirements;
|
(b) |
Employer's liability with a limit of $***** for one or more claims arising from each accident;
|
(c) |
Commercial general liability, including coverage for completed operations, products liability and contractual operations;
|
(d) |
Professional liability for errors and omissions with a limit of $*****; and
|
(e) |
Crime and Fidelity Insurance with a limit of $*****.
|
The limits of coverage for section (c) above shall be $***** per occurrence combined single limit bodily injury and property damage plus $***** excess or umbrella liability coverage. DMS shall cause its insurers to (i) waive all rights of subrogation against the other party, and its officers, directors and employees; and (ii) each party shall furnish the other party certificates of insurance evidencing that the above insurance is in effect and otherwise complies with the requirements of this Insurance Section.
No party shall be required to indemnify another party under this Agreement to the extent insurance coverage is available to cover the liability in question unless the insurance company has
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 6 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
not paid (or only partially paid) the claim within 60 days of the date the claim is reported. Otherwise, the carrying by a party of the insurance required herein shall in no way be interpreted as relieving the insured party of any other obligations it may have under the Agreement.
Section 10. Limitation of Liability. Except for a Party's breach of Indemnification (Section 11), or Security (Section 3), for all other claims relating to this Agreement, whether in contract, tort, strict liability, or otherwise, each Party's sole and exclusive remedy shall be the recovery of actual, direct damages, not to exceed $*****. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INCIDENTAL, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INDIRECT DAMAGES, INCLUDING, BUT NOT LIMITED TO, ANY DAMAGES RESULTING FROM A DISRUPTION IN A PARTY'S BUSINESS, EVEN IF SUCH PARTY HAS BEEN ADVISED AS TO THE POSSIBILITY OF SUCH DAMAGES.
Section 11. Indemnification. Intersections will indemnify, and defend and hold DMS and its affiliated entities, officers, directors, employees, contractors and agents harmless from and against any and all liabilities, damages, losses, claims, costs and expenses, including reasonable attorney's fees, which may be asserted against or incurred by the foregoing parties, arising out of or resulting from: (i) access or any unauthorized access to or use of the DMS Services or the disclosure, sale or transfer of the Third Party Data; (ii) Intersections' breach of the Confidentiality provisions of this Agreement; (iii) any violations of the FCRA or other applicable laws due to the acts or omissions of Intersections; or (iv) any third-party claim against DMS of infringement or misappropriation of any Intellectual Property Rights alleged to have occurred because of Intersections provided items pursuant to the Services; and (v) any claim against DMS from Intersections customers and Data Providers based upon DMS' provision of the Services to Intersections pursuant to this Agreement.
DMS will indemnify, and defend and hold Intersections and its affiliated entities, officers, directors, employees, contractors and agents harmless from and against any and all liabilities, damages, losses, claims, costs and expenses, including reasonable attorney's fees, which may be asserted against or incurred by the foregoing parties, arising out of or resulting from: (i) any claim that the DMS Services, including any related support services, infringe upon, violate, or misappropriate the intellectual property rights of a third party including, without limitation, patent, copyright, trademark, and trade secret rights; (ii) DMS' breach of the Confidentiality provisions of this Agreement; or (iii) any violations of the FCRA or other applicable laws due to the acts or omissions of DMS. In addition to the foregoing obligations, DMS at its exclusive option shall, at its own expense and within sixty (60) days of learning that any part of the Services has become the subject of an infringement claim or has become the subject of an injunction or settlement prohibiting the use of the Services, (i) procure for Intersections the right to continue offering the Services; (ii) replace such Services with non-infringing DMS products with equivalent or better capacity performance and functionality, in which case Intersections shall immediately begin utilization of the non-infringing Services; or (iii) reasonably assist Intersections to find and/or transition to a third party service similar to the Services, each party bearing its own expenses. This
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 7 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
indemnity does not extend to any infringement claim due solely to Intersections' unauthorized modification of the Services or the combination of the Services with any product or service not supplied or mandated by DMS.
Section 12. Termination; Remedies. (a) Either party shall be in default if it fails to perform any of its duties or obligations hereunder and does not cure such failure within 30 (thirty) days after written notice is given to the defaulting party. Upon a default, the non-defaulting party may terminate this Agreement by providing written notice of termination to the defaulting party, reserving unto the non-defaulting party all rights and remedies it may have under this Agreement or may otherwise have at law or in equity. Notwithstanding the foregoing, DMS may immediately cease providing the Services or access thereto to Intersections if (i) DMS believes in its reasonable judgment that Intersections has failed to comply with any of its obligations hereunder, including in particular, Section 5 of this Agreement, (ii) for any reason one or more of the Data Providers ceases to provide the Third Party Data to DMS or Intersections, or (iii) DMS receives reliable information from Intersections, law enforcement authorities, accredited news reports (i.e. a recognized, documented news source rather than an anonymous blog or its equivalent), or other reputable third parties that Intersections or any of Intersections' officers, directors, managers, shareholders, members, partners, employees, agents, or affiliates has engaged in, or is suspected to have engaged in, illegal or fraudulent activities, whether related to the provision of Services under this Agreement or otherwise. DMS SHALL NOT BE LIABLE TO INTERSECTIONS FOR ANY COST, EXPENSES OR DAMAGES (DIRECT OR OTHERWISE) INCURRED AS A RESULT OF THE EXERCISE OF ANY AND ALL OF DMS' RIGHTS AND REMEDIES UNDER THIS SECTION 12.
(b) The provisions of Sections 8, 10, 11, 12, 13, 14, 15, 16, 17 and 18 shall survive any expiration or termination of this Agreement, for any reason or of DMS' obligation to provide the Services hereunder.
Section 13. Taxes and Other Charges. In addition to all amounts payable by Intersections hereunder, Intersections will pay amounts equal to all sales, use, personal property and other taxes resulting from this Agreement or any activities under this Agreement, excluding taxes based on DMS' net income, unless Intersections furnishes annual proof of exemption from payment of such taxes in a form reasonably acceptable to DMS. DMS may separately reflect on its invoices to Intersections the amount of any taxes paid by DMS on Intersections' behalf, and Intersections shall pay DMS for such amounts.
Section 14. Nonsolicitation.
(a) Neither party shall, during the term of this Agreement and for a period of one year after termination of this Agreement, either directly or indirectly, recruit or hire or attempt to recruit or hire, directly or indirectly, any employee, consultant or independent contractor of the other party. Neither party shall be prohibited from responding to or hiring employees of the other party
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 8 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
who inquire about employment on their own accord or in response to a public advertisement or employment solicitation in general.
(b) Each party agrees that a breach or violation of this Section 14 may cause irreparable injury for which the non-breaching party would have no adequate remedy at law, and that the non-breaching party will be entitled to preliminary or other injunctive relief issued by any court or arbitration panel of competent jurisdiction, restraining any such breach or violation. Such injunctive relief will be in addition to, and in no way in limitation of any other remedies or rights that the non-breaching party may have at law or in equity.
(c) In the event any restriction set forth in this Section 14 is deemed to be unenforceable for being overly broad, the parties agree to amend the applicable provision as necessary to make it enforceable to the maximum extent legally permitted.
Section 15. Confidentiality. Each party (each, a "Receiving Party") understands and agrees that in the performance by the other party (each, a "Disclosing Party") of its duties hereunder, the Disclosing Party will communicate to the Receiving Party certain confidential and proprietary information concerning the business of the Disclosing Party, and certain know-how, technology, techniques, computer code for software products proprietary to the Disclosing Party, whether in source code or object code form and related documentation, and customer lists, all of which are confidential, proprietary information and trade secrets of the Disclosing Party (collectively the "Confidential Information"). The Receiving Party agrees to hold and protect all such Confidential Information and shall not, unless authorized pursuant to this Agreement of with specific prior written consent of an authorized officer of the Disclosing Party, utilize in any manner, communicate or disclose any part thereof to any third party. The Receiving Party shall require all of its employees, affiliates, subcontractors, agents, authorized users, as applicable, to maintain the confidentiality of the Disclosing Party's Confidential Information in accordance with this Agreement. Confidential Information shall not include information that the Receiving Party can show by documented evidence: (a) is now or subsequently becomes lawfully known through no fault of the Receiving Party; (b) is known by the Receiving Party at the time of disclosure and is not subject to restriction; (c) is lawfully obtained from a third party who has the right to make such disclosure; or (d) is required to be disclosed by lawful process, provided that the Receiving Party shall provide the Disclosing Party with timely notice in order for the Disclosing Party to seek a protective order or otherwise object. Each party acknowledges that (i) the restrictions contained in this Section 15 are reasonable and necessary to protect the other party's legitimate interests, (ii) remedies at law will be inadequate and any violation of these restrictions will cause irreparable damage to the Disclosing Party within a short period of time, and (iii) the Disclosing Party will be entitled to injunctive relief against each violation. Each party further agrees that all confidentiality commitments hereunder shall survive termination of this Agreement for any reason.
Section 16. Data Ownership and Storage. In the course of working with the data provided by Intersections, which may include Personal information, DMS will create electronic
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 9 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
records for the purposes of providing the service described herein. Such electronic records will be maintained as confidential by DMS, subject to any disclosure mandated by the Fair Credit Reporting Act or other Applicable Laws.
Section 17. Handling of Personal Information. During the term of this Agreement, DMS and Intersections agree to comply with all federal, state and local statutes, regulations and rules applicable to it, including, without limitation the FCRA, with any changes enacted to FCRA during the term of this Agreement, The Gramm Xxxxx Xxxxxx Act and Its implementing regulations, and any state or local laws governing the disclosure, use, and storage of consumer credit information (the "Applicable Laws"). Each party to this Agreement agrees to hold all non-public information of consumers, as defined in the Xxxxx-Xxxxx-Xxxxxx Act ("Personal Information"), received from the other party as confidential and will not disclose or use such Personal Information other than to perform its obligations as set forth in this Agreement or as otherwise authorized by Applicable law. Each party shall use commercially reasonable efforts to assist the other party in its efforts to comply with such Applicable Laws.
Section 18. General Terms and Conditions.
(a) Entire Agreement. This Agreement contains the entire understanding of the parties with respect to its subject matter, and supersedes any and all related prior understandings and agreements, oral or written. This Agreement cannot be modified or amended except in writing signed by both parties.
(b) Force Majeure. Either Party shall be excused from delays in performing or from its failure to perform hereunder, and such delays or failures shall not constitute breaches of this Agreement, to the extent that such delays or failures result from causes beyond its reasonable control, including but not limited to the acts or omissions of the Data Providers (e.g., one or more of the Data Providers ceases to provide the Third Party Data to DMS or Intersections for any reason), delay and interruptions in sending and receiving Third Party Data via the Internet, denial of service attacks, labor disputes, strikes or other labor or industrial disturbances, acts of God, floods, lightning, shortages of materials, utility or communication failures, earthquakes, casualty, war, riots, insurrections, embargoes, regulations or orders from any governments, or any agency or subdivision thereof; provided that, in order to be excused from delay or failure to perform, DMS must act diligently to remedy the cause of such delay or failure.
(c) Independent Contractor. DMS is providing the Services to Intersections as an independent contractor. DMS does not undertake by this Agreement or otherwise to perform any obligation of Intersections, whether by regulation or contract, unless specified in writing.
(d) Governing Law. THE VALIDITY, CONSTRUCTION AND PERFORMANCE OF THIS AGREEMENT, AND THE LEGAL RELATIONS AMONG THE PARTIES
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 10 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
SHALL BE GOVERNED BY AND CONSTRUED IN ACCORDANCE WITH THE LAWS OF THE STATE OF TEXAS.
(e) Dispute Resolution. With the exception of any action taken under Sections 5, 12 and 15 of this Agreement, the parties shall resolve any dispute arising out of or relating to this Agreement in binding arbitration conducted in accordance with the then pertaining rules for commercial arbitration of the American Arbitration Association by a single arbitrator selected by the American Arbitration Association or an arbitrator agreed upon by the parties. Any such arbitration shall be held in Dallas, Texas unless the parties otherwise agree. The parties shall be entitled to conduct reasonable discovery, in accordance with the Texas Rules of Civil Procedure and applicable case law, prior to the arbitration hearing, and the Texas Rules of Evidence shall be applicable to the arbitration proceeding. The decision of the arbitrators shall be final and binding on DMS and Intersections and may be entered and enforced in any court of competent jurisdiction by either party.
(f) Severability. This Agreement shall be deemed to be severable and, if any provision of this Agreement shall be finally determined to be void, illegal or unenforceable, then it is the parties' desire and intention that such provision be deemed automatically adjusted to the minimum extent necessary to conform to applicable requirements of validity, legality and enforceability and, as so adjusted, be deemed a provision of this Agreement as if it were originally included herein; provided, however, if such provision cannot be adjusted without substantially and materially altering the rights and duties hereunder and fundamentally depriving one party of the benefit of the bargain (taken as a whole) contemplated by this Agreement, then the parties will seek to reform this Agreement through the procedure outlined in Section 18(e) above so as to restore, as nearly as possible, the parties' respective rights, duties, and bargain. In any case, the remaining provisions of this Agreement shall remain in effect.
(g) No Waiver. No delay or omission by either party hereto to exercise any right or power occurring upon any non-compliance or default by the other party with respect to any of the terms of this Agreement shall impair any such right or power or be construed to be a waiver thereof. A waiver by either of the parties hereto of any of the covenants, conditions or agreements to be performed by the other shall not be construed to be a waiver of any succeeding breach thereof or of any other covenant, condition, or agreement herein contained. Unless otherwise stated, all remedies provided for in this Agreement shall be cumulative and in addition to and not in lieu of any other remedies available to either party at law, in equity, or otherwise.
(h) Notices. Under this Agreement, if one party is required or permitted to give notice to the other, such notice shall be deemed given if mailed by registered or certified first class mail, postage paid with return receipt requested, or if sent by facsimile, with receipt confirmed, and addressed as follows (or as subsequently noticed to the other party):
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 11 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
Digital Matrix Systems, Inc.
00000 Xxxxxxxx Xxxxx, 0xx Xxxxx
Xxxxxxx, XX 00000-0000
ATTN: Contracts Department
Telephone: (000) 000-0000
Fax: (000) 000-0000
00000 Xxxxxxxx Xxxxx, 0xx Xxxxx
Xxxxxxx, XX 00000-0000
ATTN: Contracts Department
Telephone: (000) 000-0000
Fax: (000) 000-0000
Intersections Inc.
President, Identity Guard
0000 Xxxxxxxxxx Xxxx.
Xxxxxxxxx, XX 00000
ATTN: President, Identity Guard
CC: Chief Risk Officer & Chief Legal Officer
Fax: (000) 000-0000
President, Identity Guard
0000 Xxxxxxxxxx Xxxx.
Xxxxxxxxx, XX 00000
ATTN: President, Identity Guard
CC: Chief Risk Officer & Chief Legal Officer
Fax: (000) 000-0000
(i) Binding Effect; No Assignment. This Agreement shall inure to the benefit of and be binding upon and enforceable against each party and it successors and assigns. Intersections may not sell, assign, convey, sublicense or transfer this Agreement or its rights or obligations hereunder through merger, acquisition, sale of all or substantially all of Intersections' assets, or otherwise without the prior written consent of DMS. Any assignment, transfer, conveyance or sublicense in violation of this paragraph shall be null and void.
(j) Authority. DMS and Intersections each represent to the other that the execution, delivery, and performance of this Agreement by such party have been duly approved by all necessary corporate action, and do not conflict with, or result in a material breach of the articles of incorporation or by-laws of such party, any material agreement by which such party is bound, or any law, regulation, rule, judgment, or decree of any governmental instrumentality or court having competent jurisdiction over such party. Each party further represents that this Agreement has been duly executed by such party and constitutes a valid and legally binding obligation of such party enforceable in accordance with its terms.
Signature Page Follows
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 12 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
IN WITNESS WHEREOF, the parties have executed this Agreement as of the date first written above.
DIGITAL MATRIX SYSTEMS, INC.
|
|
By:
|
/s/ Xxxxx XxXxxx
|
Name:
|
Xxxxx XxXxxxx
|
Title:
|
CEO
|
By:
|
/s/ Xxxxx X. Xxxxx
|
Name:
|
Xxxxx X. Xxxxx
|
Title:
|
President, Identity Guard
|
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 13 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
Exhibit A – Service Level Agreement
THIS EXHIBIT A ("Exhibit A") is attached to and made a part of the DATA SERVICES AGREEMENT dated September 26, 2016 (the "Agreement"), by and between Intersections Inc. ("Intersections") and Digital Matrix Systems ("DMS"). Capitalized terms used in this Exhibit A have the meanings attributed to them in the Agreement.
1. Product and Services Support. DMS will respond to Intersections' request for support services ("Support") regarding the DMS Services in accordance with the procedures identified below. In each case, Intersections may describe the problem by telephone, facsimile or electronic mail. DMS shall use commercially reasonable efforts to meet the obligations under this Exhibit A.
Telephone Support. As part of DMS Services, DMS shall provide technical support personnel accessible by toll-free telephone on a 24/7 basis for the resolution of technical questions and DMS Services Errors as further defined and described herein. Without limitation of the foregoing, DMS shall provide to Intersections, without additional charge, all reasonably necessary telephone consultation requested in connection with Intersections' use and operation of the DMS Services or any problems therewith.
Notice of Errors; Error Correction. As part of Support, DMS shall provide the services set forth below:
(a) Error Classifications. Each error or problem with the DMS Services ("Error") encountered by Intersections and under the responsibility of DMS as provided for in this Agreement will be classified into one of the following classifications:
(i) Class 1 Error. A "Class 1 Error" is any Error that renders continued use of the Services either impossible or substantially interrupts the use of the Services or normal business operations of Intersections.
(ii) Class 2 Error. A "Class 2 Error" is any material nonconformance of the Services with its specifications, documentation or the applicable Exhibit A that is not a Class 1 Error.
(iii) Class 3 Error. A "Class 3 Error" is any Error that is not a Class 1 Error or a Class 2 Error.
(iv) Notification of Errors and Escalation. DMS shall provide to Intersections a contact person for Intersections to contact in order to report an Error or to notify DMS that Support is not being provided as set forth herein.
(iv) Response to Error Notification. Intersections will inform DMS of the Error Class when initially contacting DMS. The Error class will be used to determine DMS's required response time to Intersections. From the time that an Error was reported to DMS, DMS shall respond to Intersections prior to expiration of the times listed below for each class of Error. The beginning point for calculation of the response time is when a voice
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 14 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
message or digital page is left with the DMS contact person at 0-000-000-0000.
Error Class
|
DMS Response Time
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
(b) Documentation and Correction of Errors.
(i) Class 1 Errors and Class 2 Errors. For any Class 1 Error or Class 2 Error, Intersections shall provide DMS sufficient documentation to enable DMS to reproduce the Error and DMS shall then take all reasonably necessary steps to supply a correction to Intersections as soon as practicable. If DMS is unable to reproduce a Class 1 Error or Class 2 Error, the parties will work in good faith to correct such Error on a mutually agreed-upon schedule. This will include assigning qualified, dedicated staff to work on the Error. Upon detecting or being notified of a Class 1 Error or Class 2 Error, DMS shall assemble the appropriate personnel to analyze the problem, identify potential solutions and determine the best plan of action (which may include providing a temporary work-around until a permanent correction can be provided). Intersections shall be permitted to participate in this process. A DMS representative shall keep Intersections continuously informed of the status. If DMS provides Intersections with a workaround for a Class 1 Error, such Error will be re-classified as a Class 2 Error.
(ii) Class 3 Errors. For any Class 3 Error, DMS shall work with Intersections to document the Error through mutually established standards. Class 3 Errors shall be resolved according to mutually agreed priorities. DMS personnel shall be dedicated to resolving Class 3 Errors through DMS's normal software support procedures, but in any event, each Class 3 Error shall be resolved no later than the date of next release of the applicable software and DMS Services.
2. Scheduled Maintenance and Notifications
Standard Maintenance Windows. DMS will use commercially reasonable efforts to schedule maintenance on Sundays between the hours of 12:01am and 4:00 am Central Time North America.
Notification of Scheduled Maintenance Downtime. DMS will notify Intersections of any Scheduled Maintenance Downtime that will occur outside of the Standard Maintenance Windows outlined above. Except in cases of emergency, notification will be provided at least one business day prior to such downtime. In cases of emergency, DMS will use commercially reasonable efforts to notify Intersections of a planned downtime as soon as practicable.
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 15 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
3. Detailed Service Level Requirements SLA for the following:
(a) |
*****
|
(b) |
*****
|
(c) |
*****
|
(d) |
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 16 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
*****
|
*****
|
*****
|
*****
|
|
*****
|
(1) *****
(2) *****
Intersections and DMS shall review the SLA Requirements outlined in the table above for the initial ninety (90) days of DMS' delivery of the Services and the parties shall mutually agree on the final SLA Requirements, which shall then be in force.
|
Definition of "validated" – *****:
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
*****
|
Recovery Time Objective (RTO) – DMS shall have twenty-four (24) hours to restore the Services outlined in the Agreement in the event of a disaster or major disruption in the Services.
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 17 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
Recovery Point Objective (RPO) – DMS shall restore the datavault application data associated with the Services with a forty-eight (48) hour maximum loss of data measured from the point of any failure of the Services as outlined in the RTO.
The RPO and RTO shall each be an SLA Requirement.
SLA Penalties – during the initial ninety (90) days of the Services, the parties agree that no SLA penalties shall apply until the parties mutually agree on the final SLA Requirements.
o |
In the event DMS fails to meet individual SLA Requirements as measured over the course of a calendar month period, DMS shall pay Intersections 3% of the monthly Third Party Data Processing and Retention Services fee for each SLA Requirement not met (with maximum payment in any month of 12%) reported by Intersections and confirmed by DMS or reported by DMS and confirmed by Intersections.
|
o |
Ten percent (10%) of the monthly Third Party Data Processing and Retention Services fee shall be credited to Intersections for availability of the Services at less than 95% as measured over a calendar month period.
|
4. SLA Reporting. DMS shall provide reporting to Intersections, no later than the 10th business day of each month for the previous month, to verify its compliance with SLAs set forth in this Section 3 of this Exhibit A.
Exhibit B – Data Providers and Data Retention Services Include:
Data Providers:
|
*****
|
|
*****
|
|
*****
|
|
*****
|
Data Retention:
|
*****
|
|
*****
|
|
*****
|
|
*****
|
|
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 18 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
|
*****
|
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 19 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
EXHIBIT C
INFORMATION SECURITY REQUIREMENTS
1. Purpose. This Exhibit C sets forth the minimum information security program and infrastructure policies (the "Information Security Requirements") in effect as of the Effective Date of the Agreement that DMS will meet and maintain in order to protect Intersections' Confidential Information, Credit Information, and Personal Information (the "Information") from unauthorized use, access, disclosure, theft, manipulation, reproduction and/or possible Security Breach during the Term of the Agreement and for any period of time thereafter during which DMS has possession of or access to Intersections Confidential Information, Third Party Data or Personal Information.
2. Information Security Safeguards.
2.1 Appropriate Safeguards. DMS and all of its Affiliates, Contractors and representatives that have access to Intersections' Confidential Information have established, implemented, and will maintain ***** designed to insure the security and confidentiality of Information; protect against anticipated threats or hazards to the security and integrity of Information; protect against unauthorized access to or use of Information; and provide for the proper disposal of Information, all as required by applicable law, including but not limited to the Xxxxx-Xxxxx Xxxxxx Act and Massachusetts Regulation 201 CMR 17.00 ("Information Security Safeguards").
a. Standards & Practices. Information Security Safeguards shall incorporate commercially reasonable and appropriate methods and safeguards to protect the security, confidentiality, integrity, availability and privacy of Information, including those contained in *****.
b. Updates. Information Security Safeguards shall be documented and kept current in light of changes in applicable law, and appropriate industry security standards (as referenced in Section 2.1.a above) for the Services provided to Intersection by DMS pursuant to this Agreement. DMS shall permit Intersections to review such documentation at DMS's facilities upon the reasonable request of Intersections.
2.2 Authorized Persons. DMS shall limit access to Information to those employees, authorized agents, vendors, consultants, representatives and subcontractors who have a need to access such data in connection to the uses permitted by this Agreement ("Authorized Persons"). Each Authorized Persons shall be trained with respect to the Information Security Safeguards and shall comply with the requirements of DMS's Information Security Safeguards. DMS shall re-evaluate its list of Authorized Persons at least annually. DMS shall be responsible for any failure of its employees, agents, subcontractors and its authorized third parties to comply with these terms and conditions regarding Information.
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 20 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
2.3 DMS Information Security Policies. DMS shall have in place and adhere to internal information security and privacy policies that address the roles and responsibilities of DMS Personnel and any Authorized Persons, including both technical and non-technical personnel, who have direct or indirect access to Information. These internal security and confidentiality policies shall, at a minimum, include: *****.
3. Vulnerability Assessments. *****
4. Third Party Security Assessment Questionnaire. At Intersections request, no more than once a calendar year, DMS shall complete Intersections Third-Party Security Assessment Questionnaire and forward a completed copy to Intersections Information Protection Department. The completed Security Assessment Questionnaire shall be treated as DMS Confidential Information. DMS hereby warrants that all information provided and statements made by DMS to Intersections in the completed Third-Party Security Assessment Questionnaire, to the best of DMS's knowledge are true as of the date that the completed document was provided to Intersections. DMS agrees to provide prior written notice to Intersections of any material change in the information provided by DMS to Intersections in the completed Third-Party Security Assessment Questionnaire. Intersections may, with DMS's consent (not to be unreasonably withheld), at Intersections own expense, be permitted to conduct independent on site security assessments, at a time mutually agreed upon by Intersections and the DMS, with respect to the Service security and compliance with Information Security Requirements. Any results and reports from such on site security assessments shall be DMS's Confidential Information.
5. Information Security Infrastructure.
5.1 Access Controls. DMS will utilize appropriate access controls to protect Information. DMS agrees that it shall maintain, throughout the Term of the Agreement and at all times during the access to or while in possession of Intersections Confidential Information, the access controls disclosed to Intersections and approved by Intersections prior to execution of the Agreement and shall not materially change or modify the access controls without prior written notification to Intersections. DMS shall also employ appropriate segregation of duties principles in the assignment of all critical job functions. Intersections will be solely responsible for implementing and maintaining access controls on its own systems to which the DMS may be granted access.
5.2 Password Administration. *****
5.3 Access Justification/Authorization Process. DMS shall have a process in place that is designed to confirm that only Authorized Persons and DMS Personnel (technical and non-technical) are granted access to Information. Access shall be authorized and granted consistent with DMS's obligations the confidentiality provisions outlined in the Agreement entered into by DMS and Intersections. Each authorization shall be approved by appropriate DMS management. All DMS employee authorizations and manager approvals shall be documented and retained. If
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 21 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
any individual among DMS's Personnel or Authorized Persons no longer requires access to Information, DMS shall take immediate steps to remove the access of that individual, or inform Intersections for removal from Intersections systems. The access removal will be documented with date and time and will be retained by DMS at all times while DMS is in possession of or has access to Information. Intersections retains the right to audit these access lists and justifications upon reasonable prior notice.
5.4 Encryption. *****
5.5 Network and Host Security. DMS shall have commercially reasonable and efficient network intrusion detection, firewalls and anti-virus protection in place and functioning properly (the "Network and Host Security Methods"). DMS shall use commercially reasonable efforts to ensure that operating systems and applications that are associated with Information shall be patched within a commercially reasonable time period after DMS has actual knowledge of any security vulnerabilities. DMS will exercise generally accepted industry standards to protect any software, systems, or networks that may interact with Intersections systems, networks, or any of Information from becoming infected by any Viruses. DMS agrees that it shall maintain, throughout the Term of the Agreement and at all times while in the possession of or during the access to Information, Network and Host Security Methods at least as secure as the Network and Host Security Methods disclosed to and assessed by Intersections prior to execution of the Agreement and shall not implement less secure Network and Host Security Methods without the prior written consent of Intersections.
6. Permitted Uses and Disclosures of Personal Information. DMS will not use or disclose any Personal information provided by Intersections about any individual, including, but not limited to, ***** Any use or disclosure of any Personal Information is specifically and expressly limited to the use or disclosure that is necessary to process transactions requested by Intersections or the individual to whom the information pertains. In addition, unless authorized by Intersections, DMS shall not use or permit others to use Personal Information to offer products or services, or otherwise commercially exploit Personal Information.
7. Security Breach Management.
7.1 Notice. Unless prohibited by Applicable Laws, DMS shall expeditiously notify Intersections, but in no more than *****, if DMS becomes aware that: (1) any Personal Information in DMS's custody is lost or cannot be accounted for; (2) there is an actual or potential unauthorized access to or use of Personal Information; or (3) Personal Information in written or electronic form has been transmitted, disclosed, stored, or disposed of in an unencrypted or unsecured format in violation of Applicable Law ("Security Breach"). DMS shall provide notice to Intersections Corporate Privacy Office by emailing *****, *****, and, ***** and shall include, to the extent known, the following information: (a) the nature of the Security Breach, (b) the estimated impact on Intersections, (c) the name of a senior level person responsible for communicating with Intersections regarding the Security Breach, and (d) the investigative action taken or planned.
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 22 of 23
|
API Processing Services August 2016
|
SPECIFIC TERMS IN THIS AGREEMENT HAVE BEEN REDACTED BECAUSE CONFIDENTIAL TREATMENT FOR THOSE TERMS HAS BEEN REQUESTED. THE REDACTED TERMS HAVE BEEN MARKED AT THE APPROPRIATE PLACE WITH FIVE ASTERISKS (*****).
00000 Xxxxxxxx Xxxxx, Xxxxxx Xxxxx, Xxxxxxx, XX 00000
|
DMS shall cooperate fully with all Intersections reasonable requests for information regarding the Security Breach and DMS shall provide regular updates on each Security Breach and the investigative action and corrective action taken. Such notices and updates shall be DMS's Confidential Information.
7.2. Remediation. Upon completion of the investigation and at Intersections request, DMS will provide Intersections with a final written report that fully describes, to the extent known, (a) the nature of the Security Breach, (b) the Personal Information disclosed, destroyed, compromised or altered, and (c) the specific corrective/remedial action taken. Such report shall be DMS's Confidential Information.
7.3. Customer Notices. In the event of a Security Breach, DMS will provide notifications to affected parties, regulatory agencies, and law enforcement to the extent that DMS is required to do so by Applicable Law. The content, timing and other details of such notice shall be subject to Intersections cooperation in providing DMS appropriate contact information and other relevant assistance to allow DMS to comply with the provisions outlined herein, including Intersections reasonable approval. For any Security Breach that is due to DMS's, or a DMS contractor's, failure to comply with the terms of this Agreement, DMS shall be responsible for the costs of such notifications (including credit monitoring services or identity theft protection services required Applicable Laws or by a state or federal regulator).
8. Return of Records. Upon termination of the relationship between DMS and Intersections, or at the request of Intersections, DMS shall immediately cease to process records containing Personal Information and shall promptly return to Intersections all such records, or destroy the same, in accordance with such instructions as may be given by Intersections at that time. Notwithstanding the foregoing, DMS may retain such records as necessary to comply with Applicable Law.
This document is confidential and the proprietary information of Digital Matrix Systems, Inc. and shall not be disclosed without written permission.
Digital Matrix Systems, Inc.
|
Page 23 of 23
|
API Processing Services August 2016
|