Published on
December 15, 2025
This Customer Terms and Conditions (“CRA Terms & Conditions”) is entered into by and between Findigs CRA, Inc., a Delaware Corporation and affiliate of Findigs Inc. (Findigs CRA Inc. and Findigs Inc. together “Findigs”) and the Customer set forth in the applicable order form (“You” or “Customer”) pursuant to the terms in the Order Form (the “Order Form” (collectively, the “”). Findigs provides the services in this Agreement on the condition Customer accepts and complies with such terms. By clicking “I Accept” on an Order Form, by executing or submitting any Order Form, or by accessing or using the services in any manner, You acknowledge that you have read, understand, and agree to be bound by any such Order form, by this Agreement and by such other terms, conditions, policies, and documents that may be incorporated herein by reference, and represent and warrant that you have the organizational and legal authority to accept these terms on such company’s or other organization’s behalf and to bind such company or organization.
Definitions.
The following terms have the following meanings when used in the Agreement:
“Applicant” means any prospective applicant, applicant, or current renter using Findigs Services in connection with a property owned or managed by Customer.
“Applicant Data” means all data submitted by or about Applicant to Findigs.
“Applicant Screening Reports” or “Reports” means any reports provided to Customer through provision of the Services for the purpose of screening and verification of Applicants to rent a property owned or managed by Customer.
“Documentation” means any manuals, documentation, and other supporting materials related to the Services that Findigs provides to Customer or that Customer can access under this Agreement. Documentation is considered part of the Services.
“Effective Date” means the date specified in the applicable Order Form.
“Findigs Data” means all data collected by Findigs through or related to the operation of the Services, Applicant Data, Applicant Screening Reports, and Applicant’s and Customer’s use thereof, including but not limited to performance and usage metrics and analysis.
“Decision Assist” means Applicant Screening, including the Property Manager Dashboard and application experience provided to Applicants on behalf of Customer in accordance with the SOP that must be provided by Customer during onboarding.
“Findigs Fees” means any amount due to Findigs under an Order Form or invoice.
“Property Manager Dashboard” means the online Findigs portal and related tools that Findigs makes available to Customer to access Customer Services and manage Applicant workflow processes.
“Services” means the online services related to Applicant screening and Applicant workflow management provided by Findigs to or on behalf of Customer as provided for in an Order Form, together with any applicable Documentation. For the avoidance of doubt, “Services'' includes, without limitation, Applicant Screening Reports, the Property Manager Dashboard, DecisionAssist, Pet Verification, and Termwise, each as described herein.
“SOP” means a set of rules, or standard operating procedures, provided to Findigs by the Customer that controls how the Report content, including, but not limited to credit, eviction and criminal records, are filtered, categorized, and/or displayed on a Report.
“Authorized User” means an individual who is authorized by Customer to use the Services, for whom Customer has ordered the Services, as specified in the Order Form, or who signs up for the Services using a Customer email address.
This Agreement shall be incorporated into and form a part of each Order Form upon mutual execution of such Order Form. For each Order Form, Findigs grants Customer a nonexclusive, limited, nonsublicensable, nontransferable right and license to access and use the Findigs Services during the applicable Order Form Term, as defined in the Order Form, solely for Customer’s internal business purposes only as provided in this Agreement or an applicable Order Form.
a. Customer Services
i. DecisionAssist. Findigs shall offer Customer Decision Assist via an applicable Order Form, Findigs shall provide to Customer automated workflow services for the purposes of Applicant Screening and a recommendation center in the Property Manager Dashboard (“Recommendation”). DecisionAssist includes, but is not limited to, the remittance of adverse action notices, individualized assessments, and consideration of any mitigating information or appeals presented by or on behalf of an Applicant as requested at the direction of Customer and in accordance with Customer’s SOP. For avoidance of doubt, Customer is responsible for all final decision making regarding Applicants.
ii. Pet Verification. If Customer enables Pet Verification service, Findigs will use commercially reasonable efforts to collect and verify the required information from or concerning the prospective Applicant’s animal in accordance with Customer’s SOP and applicable laws and industry practices.
iii. Enhanced Housing History. If Customer enables Enhanced Housing History, Findigs will use commercially reasonable efforts to collect and verify the required information from or concerning the prospective Applicant(s) housing history in accordance with Customer’s SOP and applicable laws and industry practices.
iv Reporting. Findigs will provide standard analytics information for Customer as part of the Services as defined in Findigs standard data feed. If Customer requires additional reporting, Findigs and Customer may review Customer’s requirements and mutually agree upon the provision of additional reports at an additional charge.
b. Renter Services. Customer and Findigs may agree to offer certain other services to Applicants through third-parties (“Renter Services''). Renter Services may be subject to additional terms. Findigs will have no liability to the Customer for the provision of Renter Services.
a. Consumer Reporting Information
Findigs makes certain consumer report information Services from consumer reporting databases, which may include credit, criminal, and other public record information (“Consumer Report[s]” or “Consumer Report Information”) available to its customers who have a permissible purpose for receiving such information in accordance with the Fair Credit Reporting Act (15 U.S.C. §1681 et seq.) including, without limitation, all amendments thereto (“FCRA”). Customer acknowledges and agrees that such Consumer Reports are subject to certain policies (“Consumer Report Policies”), which are attached as Exhibit C and incorporated by reference, are required by such consumer reporting databases and agrees to comply with all Consumer Report Policies, which may be updated from time to time.
b. Scores
ii. Customer may request, in writing, that Findigs provide Customer certain scores (such as scores received from Third Party Credit Bureaus (as defined below) in connection with the delivery of a Consumer Report obtained hereunder collectively referred to herein as “Scores” for Customer’s exclusive use. Such credit reporting agencies agree to perform such processing as reasonably practicable. Customer shall use Scores only in accordance with its permissible purpose under the FCRA and may store Scores solely for Customer’s own use in furtherance of Customer’s original purpose for obtaining the Scores. Customer shall not use the Scores for model development or model calibration and shall not reverse engineer the Scores.
ii. Adverse Action Factors Customer recognizes that factors other than the Scores may be considered in making a decision regarding a consumer. Such other factors include, but are not limited to, the credit report, the individual account history, application information, and economic factors. Findigs may provide score reason codes to Customer, which are designed to indicate the principal factors that contributed to the Scores, and may be disclosed to consumers as the reasons for taking adverse action, as required by the Equal Credit Opportunity Act (“ECOA”) and its implementing Regulation (“Reg. B”). The Score itself, when accompanied by the corresponding reason codes, may also be disclosed to the consumer who is the subject of the Score. However, the Score itself may not be used as the reason for adverse action under Reg B.
iii. Confidentiality of Scores All Scores are proprietary to Findigs and the the third party credit reporting agency (“Third Party Credit Bureau) supplying the Score and, accordingly, without appropriate prior written consent the Scores may not be sold, licensed, copied, reused, disclosed, reproduced, revealed, or made accessible, in whole or in part, to any person except as expressly permitted herein when accompanied by the corresponding reasons codes, to the consumer who is the subject of the Score as required by law. Customer shall not, nor permit any third party to, publicly disseminate any results of the validations or other reports derived from the Scores without prior written consent.
iv. Model Development Restrictions. Customer shall not use any Scores for model development or model calibration and shall not reverse engineer any Scores. All Scores provided hereunder will be held in strict confidence and may never be sold, licensed, copied, reused, or reproduced, and may never be disclosed, revealed or made accessible, in whole or in part, to any Person, except (i) to those employees of End User with a need to know and in the course of their employment; (ii) to those agents and contractors of End User who have a need to know in connection with End User’s use of the Scores as permitted hereunder and who have executed a written agreement that limits the use of the Scores by the third party only to the use permitted to End User and contains the prohibitions set forth herein regarding model development, model calibration, reverse engineering and confidentiality; (iii) when accompanied by the corresponding reason codes, to the consumer who is the subject of the Score, when in connection with an adverse action notice; (iv) to government regulatory agencies; or (v) as required by law. For the purpose of this Section, “Person” shall mean an individual, a partnership, a corporation, a limited liability company, a trust, a joint venture, an unincorporated organization and any Government Authority. For the purpose of this Section, “Government Authority” means any national, provincial, state, municipal, local or foreign government, ministry, department, commission, board, bureau, agency, authority, instrumentality, unit, or taxing authority thereof.
v. Score Performance. Certain Scores are implemented with standard minimum exclusion criteria. Findigs and any Third Party Credit Bureau shall not be liable to End User for any claim, injury, or damage suffered directly or indirectly by End User as a result of any End User requested changes to the exclusion criteria which result in normally excluded records being scored by such Scores. Third Party Credit Bureau warrants that the scoring algorithms used in the computation of the scoring services provided under this Agreement (“Models”), are empirically derived from credit data and are a demonstrably and statistically sound method of rank-ordering candidate records with respect to the purpose of the Scores when applied to the population for which they were developed, and that no scoring algorithm used by a Score uses a “prohibited basis” as defined in ECOA and Reg. B promulgated thereunder. The Score may appear on a credit report for convenience only, but is not a part of the credit report nor does it add to the information in the report on which it is based.
c. Subscriber Forms.
Findigs may electronically maintain and make available to Customer, at Customer’s request and direction, Customer forms including consumer correspondence. Customer acknowledges and agrees that it is Customer’s obligation to ensure the accuracy and completeness of the forms and to ensure its compliance with all applicable laws related to the use of such forms. Findigs makes no representations or warranties as to the content or use of such forms.
d. FCRA Penalties.
Customer ACKNOWLEDGES AND UNDERSTANDS THAT THE FCRA PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES MAY BE FINED UNDER TITLE 18, OR IMPRISONED NOT MORE THAN TWO (2) YEARS, OR BOTH.
e. Customer Certifications.
Customer is a Property Management Company and has permissible purpose for obtaining consumer reports in accordance with the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) including, without limitation, all amendments thereto. Customer certifies that it shall request Consumer Report Information solely for Customer’s exclusive one-time use and use such information solely for the permissible purpose(s) that are indicated by Customer below in and for no other purpose, subject however, to the additional restrictions set forth herein. Moreover, if requested by Findigs, Customer agrees to, and shall, individually certify the permissible purpose for each Consumer Report it requests, in addition to the blanket certification set forth herein. For purposes of this Agreement, the term “adverse action” shall have the same meaning as that term is defined in the FCRA.
f. Consumer Report Information Permissible Purpose(s). Customer certifies that it has at least one of the following permissible purposes for requesting Consumer Report Information:
i. In connection with Customer’s legitimate business need for the information in connection with a business transaction that is initiated by a consumer for personal, family, or household purposes, including, but not limited to, for tenant screening; or
ii. In connection with the underwriting of insurance involving the consumer or review of existing policy holders for insurance underwriting purposes, or in connection with an insurance claim where written permission of the consumer has been obtained; or
iii. Pursuant to the written authorization of the consumer who is the subject of the Consumer Report Information, Customer certifies that each such written authorization will expressly authorize Customer to obtain the Consumer Report Information, and will contain at a minimum the subject’s name, address, Social Security number (where available), and signature (verbal authorization of consumers are permitted as long as such comply with the requirements of the Electronic SIgnatures in Global and National Commerce Act (E-Sign Act)). Customer further agrees to retain copies of all such written authorizations for a minimum of five (5) years from the date of inquiry, and make such authorizations available to Findigs upon request.
iv. Customer certifies that it shall use the Consumer Reports: (a) solely for the permissible purpose(s) certified by the Customer and for no other purpose; and (b) solely for Customer’s exclusive one-time use, including, but not limited to, for the purpose of selling, leasing, renting or otherwise providing information obtained under this Agreement to any other party, whether alone, in conjunction with Customer’s own data, or otherwise in any service which is derived from the consumer reports. The Consumer Reports shall be requested by, and disclosed by Customer only to Customer’s designated and authorized employees having a need to know and only to the extent necessary to enable Customer to use the Consumer Reports in accordance with this Agreement. Customer shall ensure that such designated and authorized employees shall not attempt to obtain any Consumer Reports on themselves, associates, or any other person except in the exercise of their official duties. Certification under this permissible purpose does not authorize the Customer to purchase consumer reports for the purpose of selling or giving the report or any portion of the report to the subject of the report, or to any other third-party.
g. Customer Review and Decisions.
i. Applicant and/or Tenant Consent. Customer will obtain the written consent of each individual Applicant and/or Tenant before initiating an Applicant / Tenant Review.
ii. Customer Rental Decisions. Customer acknowledges and agrees that Findigs provides only Consumer Reports concerning an Applicant or a Tenant, and that all decisions of whether or not to rent property to a particular Applicant or Tenant, as well as terms of any such rental, will be made by Customer. Findigs shall have no liability to Customer or to any Applicant, Tenant, or other person or entity for any rental, or the failure to rent, to any Applicant or Tenant, or the terms of any such rental, regardless of whether or not Customer’s decision was based on Consumer Report Information, or other information provided to Customer by Findigs.
h. Compliance With Local Laws.
Customer acknowledges and understands that certain jurisdictions may impose upon a landlord or property manager limitations on the type of information a landlord or property manager may consider in making its decision regarding the leasing of any property. Customer is solely responsible for ensuring that the Evaluation Criteria provided to Findigs is in compliance with any particular laws applicable to Customer, and Findigs shall have no liability to Customer to the extent that the Evaluation Criteria, or Findigs’ implementation of same, does not comply with Customer’s legal obligations pursuant to any state and local law.
i. Consumer Report Retention.
i. Unless otherwise stated in writing by Findigs, Consumer Report Information is retained on behalf of Customer for a period of sixty (60) days. Consumer Report Information may be accessed by Customer within this retention period only for and in connection with the original permissible purpose certified by Customer and may not be used for any other subsequent use, even if the permissible purpose of any subsequent use is the same as that originally certified by Customer. The parties agree that Recommendations are based on Customer’s Evaluation Criteria and the may be retained by Findigs on behalf of Customer beyond sixty (60) days and used for depersonalized data analytics and customer service purposes.
j. Compliance with Laws.
i. Each party shall be responsible, on an ongoing basis, for its own compliance with all applicable federal and state legislation, regulations and judicial actions, including, but not limited to, FCRA,
ii. GLBA and all other applicable privacy laws, “do not call” laws, the Drivers Privacy Protection Act (18 U.S.C. Section 2721 et seq.) and similar and/or associated state laws and regulations governing the use and disclosure of drivers’ license information to which it is subject. Changes in the performance of Findigs’ obligations under this Agreement necessitated by Findigs’ good faith interpretations of any applicable law, regulation, judicial or regulatory action or license rights, shall not constitute a breach of this Agreement.
iii. When Customer requests a consumer report on a Vermont resident, Customer expressly agrees to obtain the consumer’s consent before requesting said consumer report to the extent and in the manner required by Vermont law. In the event Customer obtains Office of Foreign Asset Control (”OFAC”) Screen or other public record Services from Findigs in conjunction with Consumer Report or as an append to an ancillary service, Customer shall be solely responsible for taking any action that may be required by law as a result of a potential match to the OFAC Screen information or other public record information, and shall not deny or otherwise take any adverse action against any consumer which is based, in whole or in part, on Findigs’ OFAC Screen or any other public record information services. Such messages may be delivered with Consumer Report Information as a convenience, but are not part of a consumer’s file nor are they intended to be Consumer Reports.
k. Death Master File Data.
Data provided by Findigs as part of Services may include information obtained from the Death Master File (“DMF”) made available by the US Department of Commerce National Technical Information Service and subject to regulations found at 15 CFR Part 1110. Customer has a legitimate fraud prevention interest, or has a legitimate business purpose pursuant to a law, governmental rule, regulation or fiduciary duty, and shall specify the basis for certifying. Customer shall not disclose information derived from the DMF to the consumer or any third party, unless clearly required by law. Customer shall comply with all applicable laws including, with respect to DMF data, 15 CFR Part 1110. Recipients of DMF data that fail to comply with 15 CFR Part 1110 may be subject to, among other things, penalties under 15 CFR 1110.200 of $1,000 for each disclosure or use, up to a maximum of $250,000 in penalties per calendar year.
i. Customer shall indemnify and hold harmless TransUnion and the U.S. Government/NTIS from all claims, demands, damages, expenses, and losses, whether sounding in tort, contract, or otherwise, arising from other in connection with Customer or Customer’s employees, contractors or subcontractors use of the DMC. This provision shall survive termination of the Agreement and will include any and all claims or liabilities arising from intellectual property rights.
ii. Liability. Neither TransUnion nor the U.S. Government/NTIS (a) make any warranty, express or implied, with respect to information provided under this section of the Policy, including, but not limited to, implied warranties of merchantability and fitness for any particular use; (b) assume any liability for any direct, indirect or consequential damages flowing from any use of any part of the DMF, including infringement of third party intellectual property rights; and (c) assume any liability for any errors or omissions in the DMF. The DMF does have inaccuracies and NTIS and the Social Security Administration (SSA), which provides the DMF to NTIS, do not guarantee the accuracy of the DMF. SSA does not have a death record for all deceased persons. Therefore, the absence of a particular person on the DMF is not proof that the individual is alive. Further, in rare instances, it is possible for the records of a person who is not deceased to be included erroneously in the DMF.
iii. If an individual claims that SSA has incorrectly listed someone as deceased (or has incorrect dates/data on the DMF), the individual should be told to contact their local Social Security office (with proof) to have the error corrected. The local Social Security office will:
a. Make the correction to the main NUMIDENT file at SSA and give the individual a verification document of SSA’s current records to use to show any company, recipient/purchaser of the DMF that has the error; OR,
b. Find that SSA already has the correct information on the main NUMIDENT file and DMF (probably corrected sometime prior), and give the individual a verification document of SSA’s records to use to show to any company subscriber/ purchaser of the DMF that had the error.
a. Account Creation. In addition to entering into this Agreement and an associated Order Form, each Authorized User must create an account before accessing the Property Manager Dashboard. The Order Form will specify the fees and Services that apply.
b. Customer’s Responsibilities. Customer will (a) be responsible for Authorized Users’ compliance with this Agreement, including Exhibit A which is incorporated herein by reference, (b) use commercially reasonable efforts to prevent unauthorized access to or use of the Services and notify Findigs promptly of any such unauthorized access or use, (c) use the Services only in accordance with the Documentation and all applicable laws and regulations, including, without limitation, applicable export control laws and regulations of the United States and other jurisdictions, and (d) maintain a website privacy policy in compliance with all applicable laws and regulations. Additionally, Customer represents, warrants and covenants that it will not use Applicant Data for any purpose other than screening potential Applicants for renting a property owned or managed by Customer. Customer is responsible for all activities conducted on its account or its Authorized Users’ accounts. Customer hereby consents to provide to Findigs any relevant books and records as needed to comply with (a) upstream consumer reporting agency requirements, (b) Findigs’ requirements, or (c) applicable law, within ten (10) business days of Findigs’ request, unless an expedited response is required by Findigs. No more than once per calendar year, Customer shall be subject to remote and / or onsite assessments of its information security controls and compliance by Findigs or its agent; provided, however that (a) Findigs provides reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Customer’s business; (b) such assessment shall only be performed during business hours and occur no more than once per calendar year; and (c) such audit shall be restricted to data relevant to Findigs. Customer further acknowledges that access requirements may change from time to time and Customer agrees that its continued compliance with such updated requirements may be a condition precedent for continued service to Customer. Findigs will have no liability to Customer or to any Applicant or other person or entity regarding: (i) the decision of whether or not to rent property to a particular Applicant, provided that if the Services specified in an Order Form include DecisionAssist, Findigs shall perform such Services in material accordance with the SOP; (ii) any rental or failure to rent, to any Applicant; (iii) the terms of such rental, or (iv) the accuracy or results of the Pet Verification service.
c. Restrictions. Customer will not, directly or indirectly, itself or through an agent, Authorized User, or third party (a) make the Services available to, or use the Services for the benefit of, anyone other than Customer, Applicants, or Authorized Users, (b) sell, resell, license, sublicense, distribute, rent, or lease the Services, or include the Services in a service bureau or outsourcing offering, (c) use the Services to store or transmit infringing, libelous, unlawfully threatening or harassing, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use the Services to store or transmit malicious code, (e) interfere with or disrupt the integrity or performance of the Services or any third-party data contained therein, (f) attempt to gain unauthorized access to the Services or any related systems or networks, (g) permit direct or indirect access to or use of the Services in a way that circumvents a contractual usage limit, (h) copy the Services or any part, feature, function, or user interface thereof, (i) frame or mirror any part of the Services, other than framing on Customer’s own intranets or otherwise for Customer’s own internal business purposes or as permitted in the Documentation, (j) access the Services in order to build a competitive product or service, (k) reverse engineer, disassemble, or decompile the Services, (l) use or store the Services outside of the United States, or (m) allow access to the Services through terminals located outside of Customer’s operations.
d. Updates. From time to time, Findigs may provide upgrades, patches, enhancements, or fixes for the Services to its customers generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to this Agreement; provided that Findigs shall have no obligation under this Agreement or otherwise to provide any such Updates. Customer understands that Findigs may make improvements and modifications to the Services at any time in its sole discretion.
e. Third Party Data Providers. Customer acknowledges and agrees that the Service may operate on, with or using application programming interfaces (APIs) and/or other services, operated or provided by third parties, including without limitation through integrations or connectors to such Third Party Services that are provided by Findigs. Applicants may receive certain services offered through the Platform that are created, offered, supported and maintained by third parties unaffiliated with Findigs or its affiliates (collectively, “Third Party Services”). In certain instances, Customer may be required to enter into a separate agreement with such Third Party for Third Party Services (including any Applicant Data, Customer Data, or other information relating thereto) and for complying with any applicable terms or conditions thereof. Any exchange of data or other interaction between Customer and a third party provider is solely between Customer and such third party provider and is governed by such third party’s terms and conditions. Findigs does not make any representations or warranties with respect to Third Party Services or any third party providers.
f. Identify Verification Product. Customer certifies that it will not use any of the identity verification product it receives through the One Footprint Inc. Services via LexisNexis to determine, in whole or in part an individual’s eligibility for rental housing. Customer may use such information to verify or authenticate an individual’s identity, or to prevent or detect fraud or other unlawful acts.
a. Use of Applicant Screening Reports. Customer represents and warrants that (1) it has all necessary rights, consents, and authorizations to all information that it provides to or requests from Findigs or through the Services, including but not limited to any information accessed or requested through Third Party Services, credentials for Third Party Services, and Applicant Screening Reports; and (2) it will not use Applicant Screening Reports made available through Findigs for any purpose other than screening potential Applicants for renting a property owned or managed by Customer and the determination of security deposit requirements of Applicant as a condition of renting a property owned or managed by Customer. Neither Customer nor its Authorized Users, employees, or agents will request Reports relating to themselves, their families, friends, or associates or request Reports on other persons other than in the exercise of their official duties and as permitted by this Agreement and applicable law. Customer is responsible for initiating or directing the remittance of an adverse action notice and any other notice required by applicable laws and regulations resulting from its use of Applicant Screening Reports. Customer acknowledges and agrees that all decisions of whether or not to rent property to a particular Applicant, as well as the terms of any such rental, maintenance of screening criteria, matching of Applicant identity to report information before taking adverse action, application of individualized assessments, and consideration of appeals or mitigating information will be made by Customer.
b. Customer Certifications and Acknowledgements. Customer acknowledges it has received and understands its obligations under the “Notice to Users of Consumer Reports, Obligations of Users,” “Summary of Your Rights Under the Fair Credit Reporting Act,” and the “Identity Theft Summary of Rights.”
c. California Customers:
i. Customer represents, warrants, and certifies it will comply with all applicable provisions of the California Credit Reporting Agencies Act and the California Investigative Consumer Reporting Agencies Act as applicable, including but not limited to, providing a disclosure to the consumer that an investigative consumer report may be obtained about them, obtaining the consumer’s written authorization to do so prior to requesting any Services, and providing a conforming Adverse Action Notice where required.
ii. Customer represents, warrants, and certifies that (a) Customer is NOT a “retail seller” (as defined in Section 1802.3 of the California Civil Code), and (b) Customer does NOT issue credit to California residents who appear in person on the basis of applications for credit submitted in person. Customer further certifies that it will notify Findigs in writing 30 days PRIOR to becoming a retail seller or engaging in point of sale transactions with respect to California residents.
d. Massachusetts Customers: To the extent Customer is requesting Massachusetts iCORI information: (i) Customer notified the Consumer in writing of, and received permission via a separate authorization for Findigs to obtain and provide CORI information to Customer; (ii) Customer is in compliance with all federal and state credit reporting statutes; and (iii) Customer will not misuse any CORI information provided in violation of federal or state equal employment opportunity laws or regulations.
e. Vermont Customers: Customer certifies that, in accordance with the Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480a (2016), as amended (the “VFCRA”), it will comply with applicable provisions under Vermont law. In particular, Customer certifies that it will order information services relating to Vermont residents, that are credit reports as defined by the VFCRA, only after Customer has received prior consumer consent in accordance with VFCRA § 2480e and applicable Vermont Rules. Customer further certifies that a copy of VFCRA § 2480e was received during Customer Onboarding.
f. Workflow Design Certification. Customer expressly acknowledges and agrees that it is responsible for determining if its use of the system, Services, Reports, and data offered by and through the Services is compliant with Customer’s responsibilities under all applicable federal and state laws, regulations, and ordinances, including but not limited to the Gramm-Leach-Bliley Act, (P.L. 106-102 Title V, Subtitle A) and the FCRA, including the timing of any request for, and use of, information contained in Reports delivered by Findigs, and that Findigs makes no representation that Customer’s use of the Services is compliant with such applicable laws.
g. Criminal and Eviction History Information. Due to the nature of public records, Customer acknowledges there will be instances where, either: (1) no identifying information is reported to match the Applicant on which a Report is sought, but the Applicant does in fact have public record information; or (2) identifying information appears to match the Applicant on which a Report is sought, but such information may not pertain to the Applicant. Customer certifies that Customer shall conduct an independent verification of the information contained in any Report provided to ensure that the Report pertains to the Applicant before Customer takes any adverse action against the Applicant.
h. Customer Adjudications. Customer acknowledges and agrees that any messages to be returned on Reports (whether by default or otherwise) regarding criminal records, including but not limited to when arrest records are found that do not meet the criteria established by the Customer, are the outcome of Customer’s screening requirements and policy. Customer is solely responsible for any decisions it makes based on such requirements and policy as well as any Reports provided by Findigs and/or its affiliates to the extent based on such messages. Any communication with the Applicant concerning Customer’s decision to decline the application (1) shall state that the decision is a consequence of the Applicant not meeting Customer’s internal policy rules and (2) shall not name Findigs as a source for implementation of Customer’s internal policy rules. Any claim made against Findigs and/or any of its affiliates related to any screening outcome provided by Findigs based upon Customer’s screening requirement or policy and/or any decision by Customer regarding the provision of housing services shall be subject to the Customer’s indemnification obligations set forth in in Section 9.2 below.
i. Security and Incident Notification. Customer shall implement and maintain a comprehensive information security program written in one or more readily accessible parts and that contains administrative, technical, and physical safeguards that are appropriate to the Customer’s size and complexity, the nature and scope of its activities, and the sensitivity of the information provided to the Customer by Findigs. Such safeguards shall include the elements set forth in 16 C.F.R. § 314.4 and shall be reasonably designed to (i) insure the security and confidentiality of the information provided through Findigs, (ii) protect against any anticipated threats or hazards to the security or integrity of such information, and (iii) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer. In the event of a suspected reportable security incident, Customer shall immediately notify Findigs in writing and comply with all compliance requirements of applicable law. Furthermore, in the event of a reportable security incident involving Findigs Reports due to the fault or negligence of Customer’s Authorized Users, employees, agents and/or representatives, Customer shall directly notify the affected consumers and the appropriate authorities and/or agencies and provide free credit monitoring to the consumers that were affected by such breach. Findigs reserves the right to step in and take over Customer’s obligations under this paragraph and Customer agrees to indemnify Findigs for the undertaking of such obligations. Findigs shall implement and maintain a comprehensive security program in accordance with the Exhibit A, attached hereto and incorporated herein by reference.
j. Title. Findigs and its licensors own all rights, title, and interest in and to the Services, including accounts established by or for Applicants, whether in operation as of the date of this agreement or later developed. Customer’s rights to the Services are limited to the rights expressly granted to Customer in Section 3 of this Agreement. If Customer provides any ideas, feedback, or suggestions regarding any of Findigs’ products or Services (“Feedback”) Customer shall, and hereby does, grant to Findigs a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose. Findigs reserves all rights not expressly granted in this Agreement.
a. Term. This Agreement is effective as of the Effective Date and will continue for a 12-month period (“Initial Term”) unless otherwise specified in an applicable Order Form. The Agreement will auto-renew for successive twelve (12) month periods (each a “Renewal Term” and the Initial Term and Renewal Terms together, the “Term”) unless terminated in accordance with this section.
b. Termination.
i. Termination. Upon commencement of the Initial Term or a Renewal Term, Customer may only terminate this Agreement and/or any Order Forms or Statements of Work by providing written notice of termination at least sixty (60) days prior to the end of the then-current Term.
ii. Termination for Breach. Either party may immediately terminate this Agreement if the other party breaches any material term of this Agreement and, if such breach is capable of cure, the breaching party fails to cure such breach within twenty (20) days of written notice thereof. Without limiting the foregoing, Findings may terminate this agreement immediately if it reasonably determines that Customer is not a legitimate business or does not have a permissible purpose to obtain a Report it has requested or has used a Report for a purpose other than the purposes specified herein.
iii. Effect of Termination. Upon termination or expiration of this Agreement (a) the Initial or Renewal Term and any applicable Order Form Term(s) shall end; (b) all rights to use the Services granted to Customer hereunder shall immediately terminate. Customer may download applicable Customer Data and Applicant Screening Reports from the Findigs Portal during the Transition Period; (c) Findigs will disable Customer and all Authorized User access to the Services and may delete Customer Data and Applicant Screening Reports as of the date of termination; and (d) any ongoing assistance that Customer requires following the termination of this Agreement will be subject to additional fees and terms and conditions. Notwithstanding the foregoing, Customer acknowledges and agrees that within sixty (60) days’ of the date of termination (the “Export Period”), Customer may export Customer Data and Applicant Screening Reports from the Property Manager Dashboard and, following the expiration of the Export Period, Findigs shall have no obligation to provide any export of Customer Data and Applicant Screening Reports. In the event that Customer does not utilize the Services for ninety (90) days (“Inactive Period”), Findigs reserves the right to consider the Customer inactive and has no obligation to provide any export of Customer Data and Applicant Screening Reports sixty (60) days from Inactive Period. Those provisions of this Agreement that by their terms or sense are intended to survive termination or expiration of this Agreement will survive and remain in full force and effect, including, without limitation, Sections 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14.
c. Change of Address or Ownership. Customer shall provide notice within ten (10) business days of any change in its mailing address or physical location(s). Customer represents and warrants that it has the full power and authority to bind itself to every obligation of Customer under this Agreement, and Customer shall abide by, and be subject to, this Agreement and any amendment thereto. Notwithstanding the foregoing, Customer shall provide thirty (30) days’ written notification to Findigs in the event of any anticipated change in ownership or control (including any change in control pursuant to a management contract) of Customer authorized to receive Services hereunder. Notwithstanding any change of ownership or control, Customer agrees to remain fully liable for the use of the Services and for all fees incurred in connection with the Services accessed under Customer’s authorized access, including access through Authorized Users’ accounts, until written notification is provided to Findigs and Findigs provides written confirmation of receipt. Customer understands that Customer may be required to credential any new entity, owners, or control persons of such new entity and that Services are not guaranteed to be made available by Findigs to any successor.
a. Application Fee. Customer appoints Findigs as its agent to accept payments by or on behalf of Applicant in conjunction with the Services (“Application Fee”) as determined and set by the Customer in the Findigs portal. Customer is responsible for compliance related to the amount of the fee, fee-related disclosures, refunds, and calculations for the Application Fee. Findigs will retain the Findigs Fee as set forth in the Order Form and shall remit the balance of the Application Fee to Customer (“Customer Fee”). In the event that the Application Fee established by Customer is less than the Findigs Fee, Findigs shall invoice Customer for the difference and Customer shall pay in accordance with Section 6(e) of the Agreement. As of the commencement of the next Renewal Term and for each Renewal Term thereafter, the Findigs may increase the Findigs Fee to no more than the increase specified in the Order Form.
b. Additional Applicant Screening Reports. In the event that Customer exceeds the number of subscribed Applicant Screening Reports (as set forth in the Order Form), Findigs shall remit an invoice to Customer for the additional Applicant Screening Reports and Customer shall pay in accordance with Section 6(e) of the Agreement.
c. Implementation Fee. If agreed upon by Customer and Findigs in an applicable Order Form, Customer will pay Findigs an implementation fee. Findigs shall remit an invoice to Customer as set forth in the Order Form and Customer shall pay in accordance with Section 6(e) of the Agreement.
d. Pet Verification Fee. If Customer has enabled Pet Verification, Findigs will charge Applicant the applicable Pet Verification fee set forth in the Order Form. Findigs may change the Pet Verification fee at any time in its sole discretion.
e. Customer Payment Obligations. Customer agrees to pay all Findigs Fees set forth in the applicable Order Form or any applicable invoice in accordance with the payment terms therein. Customer will send payment thirty (30) days from receipt of invoice. If Findigs cannot charge Customer’s selected payment method for any reason (such as expiration or insufficient funds), Customer remains responsible for any undisputed uncollected amounts. If Customer fails to make any payment when due, late charges will accrue at the rate of 1.5% per month or, if lower, the highest rate permitted by applicable law and Findigs may suspend the Services until all payments are made in full. Customer will reimburse Findigs for all reasonable costs and expenses incurred (including reasonable attorneys’ fees) in collecting any late payments or interest.
a. For the purposes of this Agreement, “Confidential Information” means any business or technical information that either party discloses to the other party, in writing, orally, or by any other means, that should reasonably have been understood by the receiving party due to “confidential” and similar markings, the circumstances of disclosure, or the nature of the information itself, to be proprietary and confidential to the other party, including, without limitation, computer programs, code, algorithms, data, know-how, formulas, processes, ideas, inventions (whether patentable or not), schematics and other technical, business, financial, and product development plans, names and expertise of employees and consultants, and customer lists. Neither party will use the other party’s Confidential Information, except as permitted under this Agreement. Each party agrees to maintain in confidence and protect the other party’s Confidential Information using at least the same degree of care as such party uses for its own information of a similar nature, but in all events at least a reasonable degree of care. Each party agrees to take all reasonable precautions to prevent any unauthorized disclosure of the other’s Confidential Information, including, without limitation, disclosing Confidential Information only to such party’s employees, independent contractors, consultants and legal and financial advisors (collectively, “Representatives”) (a) with a need to know such information, (b) who are parties to appropriate agreements sufficient to comply with this Section 7, and (c) who are informed of the nondisclosure obligations imposed by this Section 7. Each party will be responsible for all acts and omissions of its Representatives. The foregoing obligations will not restrict either party from disclosing Confidential Information of the other party pursuant to the order or requirement of a court, administrative agency or other governmental body, provided that the party required to make such a disclosure gives reasonable notice to the other party to enable them to contest such order or requirement. The restrictions set forth in this Section 7 shall remain in effect during the Term, and for 5 years thereafter. The restrictions set forth in Section 7 will not apply with respect to any Confidential Information that: (i) was or becomes publicly known through no fault of the receiving party; (ii) was rightfully known or becomes rightfully known to the receiving party without confidential or proprietary restriction from a source other than the disclosing party who has a right to disclose it; (iii) is approved by the disclosing party for disclosure without restriction in a written document which is signed by a duly authorized officer of such disclosing party; or (iv) the receiving party independently develops without access to or use of the other party’s Confidential Information.
a. Findigs Data. As between Customer and Findigs, Findigs retains all right, title and interest in and to all Findigs Data; provided, however, that Customer shall retain all right, title and interest in and to the Customer Data in accordance with Section 8(b).
b. Customer Data. “Customer Data” means all property data or information submitted by Customer to Findigs through the Services. Customer grants Findigs a nonexclusive, fully paid-up, royalty free, sublicensable, transferable right and license to use, display, modify, copy, translate, transcribe, reproduce, distribute, create derivative works, and process Customer Data during the applicable Order Form Term in connection with the Services and Findigs’ business. Customer, not Findigs, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data and Customer acknowledges and agrees that Findigs shall have no liability with respect to the foregoing. Customer represents and warrants that it has all rights necessary to provide the Customer Data to Findigs as contemplated hereunder, in each case without any infringement, violation or misappropriation of any third party rights (including, without limitation, intellectual property rights and rights of privacy). Findigs is not responsible to Customer for unauthorized access to Customer Data or the unauthorized use of the Services. Customer is responsible for the use of the Services by any person to whom Customer has given access to the Services, even if Customer did not authorize such use. Except as provided for in this Agreement or an applicable Order Form, Findigs will not disclose Customer Data to any third party in a manner that identifies Customer without Customer’s consent other than (i) to Findigs’ third party service providers who use it for the benefit of Findigs or as required to provide Customer the Services; or (ii) as may be required by applicable law or legal process. Notwithstanding anything to the contrary, Customer acknowledges and agrees that Findigs may (a) internally use and modify (but not disclose) Customer Data for the purposes of generating Aggregated De-Identified Data (as defined below), and (b) freely use, retain and make available Aggregated De-Identified Data for Findigs’ business purposes (including without limitation, for purposes of improving, testing, operating, promoting and marketing Findigs’ products and services). “Aggregated De-Identified Data” means data submitted to, collected by, or generated by Findigs in connection with Customer’s use of the Service, but only in aggregate, de-identified form which does not identify Customer.
a. Mutual Indemnification Obligation. Each party (the “Indemnifying Party”) shall indemnify, defend and hold harmless the other party and its parent companies, subsidiaries, affiliates, shareholders, member, manager, officers, directors, employees, agents and representatives (as applicable, the “Indemnified Parties”) from and against any and all third party claims, costs, proceedings, demands, losses, damages, and expenses (including, without limitation, reasonable attorney’s fees and legal costs, which will be reimbursed as incurred) of any kind or nature (“Losses”), arising from or relating to, any actual or alleged breach of any of the Indemnifying Party’s representations, warranties or covenants in this Agreement or the Indemnifying Party’s negligence or misconduct. For the avoidance of doubt, the indemnification obligations under this section do not apply to the Services provided in connection with DecisionAssist unless Findigs has acted in clear violation of Customer’s applicable SOP.
b. Customer’s Indemnification Obligation. Customer shall indemnify, defend and hold harmless the Findigs Indemnified Parties from and against any and all third party Losses arising from or relating to, (a) Customer’s violation of this Agreement; (b) an allegation of Customer’s non-compliance with applicable laws, including but not limited to, consumer reporting and Applicant screening laws, the FCRA, Americans with Disabilities Act and the Fair Housing Act; (c) Customer Data or Applicant Data provided by or on behalf of Customer or Customer’s use, disclosure, sale or transfer of Customer Data including, without limitation, or (d) Customer’s decision of whether or not to rent property to a particular Applicant; (ii) any rental or failure to rent, to any Applicant; or (iii) the terms of such rental.
c. Findigs’ Indemnification Obligation. Findigs shall indemnify, defend and hold harmless the Customer Indemnified Parties from and against any and all third party Losses arising from or relating to an allegation that Customer’s use of the Services as permitted under this Agreement infringes a patent, copyright, or trademark or misappropriates a trade secret of any third party (each, an “Infringement Claim”).
i. Exclusions. Customer understands that Findigs has no obligation to indemnify Customer for any Infringement Claim that is based on (a) modification of the Services by any party other than Findigs; (b) Customer’s use of the Services other than as authorized by this Agreement and the Documentation; (c) Customer’s failure to use updated or modified Services that Findigs makes available to Customer that would have avoided or mitigated the Infringement Claim; (d) Customer’s failure to stop using the Services after receiving written notice to do so from Findigs in order to avoid further infringement or misappropriation; or (e) the combination, operation, or use of the Services with equipment, devices, software, systems, or data that Findigs did not supply.
ii. Right to Ameliorate Damages. If Customer’s use of the Services is, or in Findigs’ reasonable opinion is likely to be, subject to an Infringement Claim under Section 9(c), Findigs may, at its sole option and at no charge to Customer (and in addition to Findigs’ indemnity obligation to Customer in Section 9(c)): (a) procure for Customer the right to continue using the Services; (b) replace or modify the Services so that it is non-infringing and substantially equivalent in function to the original Services; or (c) if options (a) and (b) above are not commercially practicable in Findigs’ reasonable estimation, Findigs can terminate this Agreement and all licenses granted hereunder (in which event, Customer will immediately stop using the Services) and refund the fees for the Services that Customer pre-paid for the remainder of the then-current Term.
iii. Sole Remedy.This Section 9 sets forth Findigs’ sole and exclusive obligations, and Customer’s sole and exclusive remedies, with respect to claims of infringement or misappropriation of third party intellectual property rights.
d. Indemnification Procedure. The Indemnifying Party may not settle any indemnified claim against the Indemnified Parties unless the settlement unconditionally releases Indemnified Parties of all liability. The Indemnified Parties, at the Indemnified Parties’ expense, may undertake and control the defense of any indemnified claim in the event of the material failure of the Indemnifying Party to undertake and control the same. Subject to Section 11, the Indemnifying Party will pay all damages and costs (including reasonable legal fees) finally awarded by a court of final appeal attributable to such indemnified claim, provided that the Indemnified Parties notify the Indemnifying Party in writing of any such indemnified claim as soon as reasonably practicable and allows the Indemnifying Party to control, and reasonably cooperates with Indemnifying Party in the defense of, any such indemnified claim and related settlement negotiations.
a. Findigs Representations and Warranties. Findigs represents and warrants that the Services will be performed in a good, workmanlike manner in accordance with generally accepted industry standards. For any breach of the foregoing warranty, Customer’s exclusive remedy and Findigs’ entire liability shall be, at Findigs’ discretion, as applicable: (a) reperformance of the Services; or (b) if Findigs cannot substantially correct such breach, Findigs may terminate the relevant Order Form and refund to Customer any fees Customer has paid to Findigs for the deficient Services.
b. Mutual Representations and Warranties. Each party represents and warrants that (a) it has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement; and (b) it will comply with all applicable laws and regulations in its performance, in the case of Findigs, and use, in the case of Customer, of the Services.
c. Disclaimer. EXCEPT AS EXPRESSLY SET FORTH HEREIN AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, FINDIGS PROVIDES THE SERVICES ON AN “AS IS”, “AS AVAILABLE” BASIS. TO THE EXTENT PERMITTED BY LAW, FINDIGS AND ITS SUPPLIERS AND LICENSORS DISCLAIM ALL OTHER REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS, STATUTORY OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, CUSTOM, TRADE, COURSE OF DEALING, QUIET ENJOYMENT, NONINFRINGEMENT, AVAILABILITY OR ACCURACY OF INFORMATION. FINDIGS DOES NOT WARRANT THAT THE SERVICES WILL BE AVAILABLE, WILL MEET CUSTOMER’S REQUIREMENTS OR WILL OPERATE IN AN UNINTERRUPTED, ERROR-FREE OR COMPLETELY SECURE MANNER OR THAT ERRORS OR DEFECTS WILL BE CORRECTED. TO THE EXTENT PERMITTED BY APPLICABLE LAW, FINDIGS DOES NOT MAKE ANY REPRESENTATIONS, WARRANTIES, OR CONDITIONS REGARDING THE USE OR THE RESULTS OF THE USE OF THE SERVICES, IN TERMS OF THEIR ACCURACY, RELIABILITY, TIMELINESS, COMPLETENESS, OR OTHERWISE. FINDIGS MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE LEGALITY OR PROPRIETY OF THE USE OF THE SERVICES IN ANY GEOGRAPHIC AREA. TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL FINDIGS HAVE ANY LIABILITY FOR EVENTS OR CAUSES BEYOND ITS REASONABLE CONTROL.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY OR ANY OF THEIR SUPPLIERS OR LICENSORS HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING FOR LOSS OF PROFIT, REVENUE, OR DATA) ARISING OUT OF OR IN CONNECTION WITH THE SERVICES OR THIS AGREEMENT, HOWEVER CAUSED, AND UNDER WHATEVER CAUSE OF ACTION OR THEORY OF LIABILITY BROUGHT (INCLUDING UNDER ANY CONTRACT, NEGLIGENCE, OR OTHER TORT THEORY OF LIABILITY) EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE EXTENT PERMITTED BY APPLICABLE LAW, FINDIGS’ TOTAL CUMULATIVE LIABILITY TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF OR IN CONNECTION WITH THE SERVICES OR THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, WILL BE LIMITED TO AND WILL NOT EXCEED LESSER OF (I) THE FEES PAID OR PAYABLE BY CUSTOMER TO FINDIGS FOR THE 2 MONTHS PRECEDING THE CLAIM OR (II) FIVE-THOUSAND DOLLARS ($5,000). THE PARTIES AGREE THAT THIS SECTION 11 REPRESENTS A REASONABLE ALLOCATION OF RISK.
Customer hereby grants Findigs a non-exclusive license to reproduce and use Customer’s name and/or logo in customer lists, on Findigs’ public-facing website, and otherwise in Findigs’ marketing materials. Additionally, from time to time, Customer also agrees to participate in case studies as reasonably requested by Findigs.
This Agreement shall be governed by and construed in accordance with the laws of the State of New York, excluding its conflicts of law rules. Any controversy or claim arising out of or relating to this contract, or the subject matter or breach thereof, shall be settled by arbitration administered in English and in New York, New York, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with such Rules. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. Notwithstanding the foregoing obligation to arbitrate disputes and regarding exclusive jurisdiction and venue, Findigs shall have the right to pursue injunctive or other equitable relief any time, from any court of competent jurisdiction.
a. Relationship of the Parties. The parties shall at all times perform their respective obligations pursuant to this Agreement as independent contractors. The parties acknowledge that this is a business relationship based on express provisions of this Agreement and no partnership, joint venture, employment, agency, fiduciary, or other similar relationship is intended or created by this Agreement. Neither party is the legal representative or agent of, nor has the power or right to obligate, direct, or supervise the daily affairs of the other party, nor shall either party act or represent or hold itself out as such. The rights, duties, obligations, and liabilities of the parties shall be several and not joint, each party being individually responsible only for its obligations as set forth in this Agreement.
b. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety, without consent of the other party, in connection with a merger, acquisition, corporate reorganization, financing in whole or in part, or sale of all or substantially all of its assets or equity. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.
c. Amendment; Waiver. No modification, amendment or waiver of any provision of this Agreement shall be effective unless in writing and signed or issued by Findigs. No failure or delay by either party in exercising any right, power or remedy under this Agreement, except as specifically provided herein, shall operate as a waiver of any such right, power or remedy.
d. Force Majeure. Neither party will be responsible for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control, including, without limitation, acts of God, strikes, lockouts, riots, acts of war, epidemics, government action, communication line failure, and power failures and any other similar or dissimilar causes.
e. Notices. All notices between the parties shall be in writing and shall be deemed to have been given if personally delivered or sent by certified mail (return receipt requested), electronic mail or facsimile, to the other party’s current or last known address. Notices shall be deemed effective upon receipt if personally delivered, 3 business days after it was sent if by certified mail, or 1 business day after it was sent if by electronic mail or facsimile.
f. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, such provision shall be changed and interpreted so as to best accomplish the objectives of the original provision to the fullest extent allowed by law and the remaining provisions of this Agreement shall remain in full force and effect.
g. Complete Understanding. This Agreement, including properly incorporated Order Form(s) and Documentation, constitutes the entire agreement and understanding of the parties with respect to the subject matter of this Agreement, and supersedes any and all prior understandings and agreements, whether oral or written, between the parties with respect to the subject matter of this Agreement.
h. Electronic Signature. Each party agrees that the electronic signatures, whether digital or encrypted, of the parties included in this Agreement, if any, are intended to authenticate this writing and to have the same force and effect as manual signatures.
A. General. Findigs (“Company” “we” or “our”) believes that information is an extremely valuable asset that must be protected. Therefore, we have created and implemented an Information Security Program (the “Program”), as further described in this Information Security Addendum (the “Addendum”). The objective of the Program is the effective protection of personally identifiable and other sensitive information relating to Company’s business, customers, and business partners (collectively, “Sensitive Information”).
B. Definitions. For the purposes of this Addendum, the terms below have the following meanings whenever capitalized:
1. “Data Incident” means any unauthorized access to or acquisition, disclosure, use, or loss of Sensitive Information resulting from breach or compromise of Company Systems.
2. “Privacy and Security Requirements” means, to the extent applicable: (i) legal requirements (federal, state, local, and international laws, rules and regulations, and governmental requirements) related to the storage and collection of Sensitive Information; and (ii) generally accepted industry standards concerning privacy, data protection, confidentiality, or security of Sensitive Information.
3. “Security Coordinator” means a manager-level employee who is responsible for implementing, coordinating, and maintaining the Program, including without limitation the training of personnel, regular testing of the Program’s safeguards, and evaluation of third party service providers.
4. “Company Systems” means Company’s information technology systems and devices that store, process, and/or transmit Sensitive Information, including without limitation Company’s network, databases, computers, and mobile devices, to the extent applicable.
C. Sensitive Information. For clarity, Sensitive Information includes:
1. Any information that personally identifies an individual (including, but not limited to, name, postal address, email address, telephone number, date of birth, Social Security number, driver’s license number, other government-issued identification number, financial account number, or credit or debit card number).
2. All financial, business, legal, and technical information which is developed, collected, learned, or obtained by Company in the course of its business activities that would reasonably be understood to be confidential, including information belong to or pertaining to Company’s customers.
D. Security Program. Company shall create, implement, and maintain the Program to include reasonably appropriate administrative, technical, and physical safeguards to protect the confidentiality and security of Sensitive Information. Company shall also periodically review and update the Program, paying attention to developments in technology, Privacy and Security Requirements, and industry standard practices. Currently, protection for Company Systems includes:
1. Authorized User authentication controls, including secure methods of assigning, selecting, and storing access credentials, restricting access to Authorized Users, and blocking access after a reasonable number of failed authentication attempts.
2. Access controls and physical facility security measures, including controls that limit access to Sensitive Information to individuals that have a demonstrable genuine business need-to-know, supported by appropriate policies, protocols, and controls to facilitate access authorization, establishment, modification, and termination.
3. Regular monitoring of Company Systems to prevent loss or unauthorized access to, or acquisition, use, or disclosure of, Sensitive Information.
4. Technical security measures such as firewall protection, antivirus protection, security patch management, and intrusion detection.
5. Ongoing training and awareness programs designed to ensure workforce members and others acting on Company’s behalf are aware of and adhere to the Program’s policies, procedures, and protocols.
6. Ongoing adjustments to the Program based on periodic risk assessments, comprehensive evaluations (such as third-party assessments) of the Program, and monitoring and regular testing of the effectiveness of safeguards. Such review shall occur at least annually with additional review occurring whenever there is a material change in Company’s technical environment or business practices that implicate the security of Company Systems.
D. Access Control.
1. Company management provides guidance in creating a secure access environment by establishing access management policies, approving roles and responsibilities, and providing consistent coordination of security efforts across the company.
2. Rights to use and access Company Systems are based on each Authorized User’s access privileges. Access privileges are granted on the basis of specific business need (i.e. a “need to know” basis) and are restricted to only those personnel who require such access to perform their job functions as determined by Company management.
3. All Company resources, systems, and applications have access controls unless specifically designated as a public access resource.
4. Physical access to locations where Sensitive Information is stored is restricted to personnel and service providers who require access in order to perform their designated job functions or services. Where possible, storage areas containing Sensitive Information are protected against potential destruction or damage from physical hazards such as fire or floods.
5. Company’s employees, temps, contractors, consultants, and other workers including all personnel affiliated with third parties, are responsible for participating in maintaining secure access to Company Systems and for ensuring that Company adheres to its posted Privacy Policy.
F. System Monitoring and Protection.
1. Company reasonably monitors Company Systems for unauthorized use of or access to Sensitive Information.
2. Company retains, either in-house or on a consultant basis, at least one technician to provide support and routine maintenance of Company Systems and to report any actual or attempted attacks or intrusions to Company.
3. Malware protection software is installed on all computers storing Sensitive Information. At least once per year, all operating systems and applications are upgraded with any currently available security patches or other security-related enhancements available from their providers. To the extent that any personnel use home computers or remote access devices to conduct business, malware protection software is installed on such home computers or remote access devices.
4. To the extent that personnel are supplied with remote access devices such as laptops and handheld wireless access devices, Company labels them and take inventory at least once per year.
5. Sensitive Information stored on Company Systems is backed up on a regular basis.
G. Evaluation and Adjustment of the Program.
1. Company management shall periodically re-assess the reasonably foreseeable internal and external risks to the security and confidentiality of Sensitive Information.
2. Company reserves the right to revise the conditions of this Program at any time. Adequate notification of updates will be provided to all personnel. Personnel are responsible for understanding or seeking clarification of any rules outlined in this document and for familiarizing themselves with the most current version of this Program.
3. Company management will periodically evaluate and adjust the Program as appropriate to address: (a) the current risk assessment, management and control activities; (b) new risks or vulnerabilities identified by Company top management using the standards set forth above; (c) technology changes that may affect the protection of Sensitive Information; (d) material changes to Company’s business, including to the size, scope and type of Company’s business; (v) the amount of resources available to Company; (vi) the amount of Sensitive Information stored or held by Company; (vii) any increased need for security and confidentiality of Sensitive Information; and (viii) any other circumstances that Company management believes may have a material impact on the Program.
H. Personnel and Service Providers.
1. Company shall exercise necessary and reasonably appropriate supervision over its employees and others acting on its behalf to maintain confidentiality and security of Sensitive Information.
2. Prior to engaging any third-party service provider who may receive Sensitive Information, Company will take reasonable steps to select and retain third-party service providers that are capable of maintaining appropriate security measures to protect the Sensitive Information.
3. Company shall terminate an individual’s access to Company Systems as soon as reasonably practicable after such individual is no longer employed or engaged by Company. Terminated personnel are required to surrender all keys, IDs, access codes, badges, business cards and the like that permit access to Company’s premises and/or systems.
I. Data Incidents.
1. In the event of a Data Incident, the Security Coordinator will conduct a post-incident review of events and decide the appropriate actions to take to minimize the Data Incident and mitigate the consequences.
2. The Security Coordinator shall be in charge of assembling a qualified incident response team, which will be responsible for handling matters related to the Data Incident.
3. If necessary, the Security Coordinator shall make changes in business practices relating to protection of Sensitive Information following a Data Incident.
4. The Security Coordinator shall document the foregoing and provide a report to management.
J. Secure Return or Dispositions. Company shall return or dispose of Sensitive Information, whether in paper or electronic form, in a secure manner.
