THIS DATA USE AGREEMENT (the "Agreement”) is entered into with effect from January 2025 (the "Effective Date”) by and between InfoPay, Inc.,
having its principal place of business at
Suite 227, 28 Atlantic Ave Boston, MA, 02110-3802 ("InfoPay, Inc.”),
and , as entered in the
Registration Form
with principal offices at ("Customer”). Collectively,
InfoPay, Inc. and Customer shall be referred to as the "Parties”.
NOW, WHEREAS, the Parties agree as follows:
- 1. RESTRICTED USAGE. With successful credentialing and
payment of fees for data access, InfoPay, Inc. grants to Customer a restricted license to use the InfoPay, Inc. Data Services and any data contained therein, subject to the restrictions and limitations set forth
below:
- 1.1. Generally. Customer represents and warrants
that all of Customer’s use of the InfoPay, Inc. Data Services shall be for only for the business
purposes disclosed in the Data Services Application. Customer shall not use the InfoPay, Inc. Data
Services for other business purposes, for marketing purposes, or for personal (non-business)
purposes. Customer agrees that if InfoPay, Inc. Data determines or reasonably suspects that
Customer is engaging in marketing activities or using the InfoPay, Inc. Data Services for personal
(non-business) purposes or using the InfoPay, Inc. Data information in any way violating any
provision of this Agreement, or any of the laws or regulations, InfoPay, Inc. Data may take
immediate action, including, without limitation, terminating the delivery of, and the
license to use, the InfoPay, Inc. Data Services. InfoPay, Inc. Data may at any time mask or cease to
provide Customer access to any InfoPay, Inc. Data Services or portions thereof which InfoPay, Inc. Data
may deem, in InfoPay, Inc. Data’s sole discretion, to be sensitive or restricted information.
Customer shall not resell, reproduce, retransmit, publish or otherwise transfer for
commercial exploitation any information that Customer receives from Services.
- 1.2. Unauthorized Data Compilation. Customer
acknowledges that it will not use any manual or automated software, devices, or other
automated processes to "scrape" or download data from any web pages contained in the
Service. Any attempt to scrape or download data is strictly prohibited.
- 1.3. GLBA Data. Some of the information contained
in the InfoPay, Inc. Data Services is "nonpublic personal information,” as defined in the
Gramm-Leach-Bliley Act (15 U.S.C. § 6801, et seq.) and related state laws, (collectively,
the "GLBA”), and is regulated by the GLBA ("GLBA Data”). Customer shall not obtain and/or
use GLBA Data through the InfoPay, Inc. Data Services, in any manner that would violate the GLBA,
or any similar state or local laws, regulations and rules. Customer acknowledges and agrees
that it may be required to certify its permissible use of GLBA Data falling within an
exception set forth in the GLBA at the time it requested by InfoPay, Inc. Data.
- 1.4. Fair Credit Reporting Act. The InfoPay, Inc. Data
Services provided pursuant to this Agreement are not provided by "consumer reporting
agencies,” as that term is defined in the Fair Credit Reporting Act (15 U.S.C. §1681, et
seq.) (the "FCRA”), and do not constitute "consumer reports” as that term is defined in the
FCRA. InfoPay, Inc. Data Services may not be used in whole or in part as a factor in determining
eligibility for credit, insurance, employment, housing, or another purpose in connection
with which a consumer report may be used under the FCRA.
- 1.4.1. By way of clarification, without limiting the
foregoing, Customer may use, except as otherwise prohibited or limited by this
Agreement, information received through the InfoPay, Inc. Data Services for the following
purposes:
- To verify or authenticate an individual’s identity;
- To prevent or detect fraud or other unlawful activity;
- To locate an individual;
- To review the status of a legal proceeding;
- To collect a debt, provided that such debt collection does not constitute in
whole or in part, a determination of an individual consumer’s eligibility
for credit or insurance to be used primarily for personal, family or
household purposes; or
- To determine whether to buy or sell consumer debt or a portfolio of consumer
debt in a commercial secondary market transaction, provided that such
determination does not constitute in whole or in part, a determination of an
individual consumer’s eligibility for credit or insurance to be used
primarily for personal, family or household purposes;
- 1.4.2. If Customer is using the InfoPay, Inc. Data Services in
connection with collection of a consumer debt on its own behalf, or on behalf of a
third-party, Customer shall not use the InfoPay, Inc. Data Services:
- To revoke consumer credit;
- To accelerate, set or change repayment terms; or
- For the purpose of determining a consumer’s eligibility for any repayment
plan; provided, however, that Customer may, consistent with the
certification and limitations set forth in this section 1.4, use the InfoPay, Inc. Data Services for identifying, locating, or contacting a consumer in
connection with the collection of a consumer’s debt or for prioritizing
collection activities; and
- to take any "adverse action”, as that term is defined in the FCRA.
- 1.5. Driver’s Privacy Protection Act. The InfoPay, Inc. Data Services provided pursuant to this Agreement are provided subject to the Driver’s
Privacy Protection Act (15 USC § 2721, et. seq.) (the "DPPA”). InfoPay, Inc. Data Services related
to a "motor vehicle record”, as defined by the DPPA, may only be used in whole or in part
for one of the following reasons:
- 1.5.1. For use by any government agency, including any
court or law enforcement agency, in carrying out its functions, or any private
person or entity acting on behalf of a Federal, State, or local agency in carrying
out its functions.
- 1.5.2. For use in connection with matters of motor vehicle
or driver safety and theft; motor vehicle emissions; motor vehicle product
alterations, recalls, or advisories; performance monitoring of motor vehicles, motor
vehicle parts and dealers; motor vehicle market research activities, including
survey research; and removal of non-owner records from the original owner records of
motor vehicle manufacturers.
- 1.5.3. For use in the normal course of business by a
legitimate business or its agents, employees, or contractors, but only —
- to verify the accuracy of personal information submitted by the individual
to the business or its agents, employees, or contractors; and
- if such information as so submitted is not correct or is no longer correct,
to obtain the correct information, but only for the purposes of preventing
fraud by, pursuing legal remedies against, or recovering on a debt or
security interest against, the individual.
- 1.5.4. For use in connection with any civil, criminal,
administrative, or arbitral proceeding in any Federal, State, or local court or
agency or before any self-regulatory body, including the service of process,
investigation in anticipation of litigation, and the execution or enforcement of
judgments and orders, or pursuant to an order of a Federal, State, or local court.
- 1.5.5. For use in research activities, and for use in
producing statistical reports, so long as the personal information is not published,
redisclosed, or used to contact individuals.
- 1.5.6. For use by any insurer or insurance support
organization, or by a self-insured entity, or its agents, employees, or contractors,
in connection with claims investigation activities, anti fraud activities, rating or
underwriting.
- 1.5.7. For use in providing notice to the owners of towed
or impounded vehicles.
- 1.5.8. For use by any licensed private investigative agency
or licensed security service for any purpose permitted under this subsection.
- 1.5.9. For use by an employer or its agent or insurer to
obtain or verify information relating to a holder of a commercial driver’s license
that is required under chapter 313 of title 49.
- 1.5.10. For use in connection with the operation of private
toll transportation facilities.
- 1.5.11. For any other use in response to requests for
individual motor vehicle records if the State has obtained the express consent of
the person to whom such personal information pertains.
- 1.5.12. For bulk distribution for surveys, marketing or
solicitations if the State has obtained the express consent of the person to whom
such personal information pertains.
- 1.5.13. For use by any requester, if the requester
demonstrates it has obtained the written consent of the individual to whom the
information pertains.
- 1.5.14. For any other use specifically authorized under the
law of the State that holds the record, if such use is related to the operation of a
motor vehicle or public safety.
- 1.6. California Consumer Privacy Act of 2018. The
InfoPay, Inc. Data Services provided pursuant to this Agreement are provided subject to the
California Consumer Privacy Act of 2018 (Cal Civ Code § 1798.105(d)(1)) (the "CCPA”).
InfoPay, Inc. Data Services to the extent they are subject to the CCPA must only be used in
compliance with the CCPA. The Parties agrees that, in relation to the Personal Information
(as defined by the CCPA) processed under this Agreement, each Party shall be each considered
a Third-Party. Each Party is individually responsible for its own compliance with the
requirements of the CCPA.
- 1.7. Social Security, Driver’s License Numbers, and Date of
Birth. InfoPay, Inc. Data may, in its sole discretion, permit Customer to access
Sensitive Personal Data (SPD), which includes full Social Security Numbers, full Date of
Birth, and full Driver’s License Numbers. InfoPay, Inc. Data may at any time and for any or no
reason cease to provide or limit the provision of SPD to Customer.
- 1.8. Death Master File. Certain data provided by
InfoPay, Inc. Data may include information obtained from the Death Master File (DMF) made
available by the US Department of Commerce National Technical Information Services (NTIS)
and subject to regulations found at 15 CFR Part 1110. All InfoPay, Inc. Data Subscribers are
required to comply with all applicable laws and, if Subscriber is granted access to DMF
data, Subscriber further certifies compliance with 15 CFR Part 1110.
- 1.9. Retention of Records. Customer shall maintain
for a period of five (5) years a complete and accurate record (including consumer identity,
purpose and, if applicable, consumer authorization) pertaining to every access to data.
- 1.10. Consumer Data Requests. Each Party is
responsible for complying with any Consumer rights under applicable data protection laws. To
the extent required under the law, Customer shall provide reasonable assistance to Accuom in
facilitating compliance with Consumer rights requests.
- 2. SECURITY. Customer acknowledges that the information
available through the InfoPay, Inc. Data Services may include personally identifiable information and it
is Customer’s obligation to keep all such accessed information confidential and secure.
- 2.1. Customer Obligations. Customer is required to
ensure that the following actions take place:
- 2.1.1. Restrict access to InfoPay, Inc. Data Services to those
employees who have a need to know as part of their official duties;
- 2.1.2. Train new employees prior to allowing access to
InfoPay, Inc. Data Services on Customer’s obligations under this Agreement;
- 2.1.3. Ensure that none of its employees shall obtain
and/or use any information from the InfoPay, Inc. Data Services for personal reasons, or
transfer any information received through the InfoPay, Inc. Data Services to any party
except as permitted hereunder;
- 2.1.4. Keep all user identification numbers, and related
passwords, or other security measures (collectively, "User IDs”) confidential and
prohibit the sharing of User IDs;
- 2.1.5. Immediately deactivate the User ID of any employee
who no longer has a need to know, or has been terminated. User ID for terminated
employees shall be deactivated or prior to the date of termination;
- 2.1.6. In addition to any obligations under Section 1
above, take all commercially reasonable measures to prevent unauthorized access to,
or use of, the InfoPay, Inc. Data Services or data received therefrom, whether the same is
in electronic form or hard copy, by any person or entity;
- 2.1.7. Maintain and enforce data destruction procedures to
protect the security and confidentiality of all information obtained through InfoPay, Inc. Data Services as it is being disposed;
- 2.1.8. Take all steps to protect their networks and
computer environments, or those used to access the InfoPay, Inc. Data Services, from
compromise.
- 2.2. Customer Review. Customer agrees that on at
least a quarterly basis it will review searches performed by its User IDs to ensure that
such searches were performed for a legitimate business purpose and in compliance with all
terms and conditions herein.
- 2.3. Customer Security & Notice. Customer will
implement policies and procedures to prevent unauthorized use of User IDs and the InfoPay, Inc. Data Services and will immediately notify InfoPay, Inc. Data, in writing to the InfoPay, Inc. Data, if
Customer suspects, has reason to believe or confirms that a User ID or the InfoPay, Inc. Data
Services (or data derived directly or indirectly therefrom) is or has been lost, stolen,
compromised, misused or used, accessed or acquired in an unauthorized manner or by any
unauthorized person, or for any purpose other than legitimate business reasons.
- 2.4. Security Event. Customer acknowledges that,
upon actual or suspected unauthorized acquisition or access of or to any information from
InfoPay, Inc. Data Services (a "Security Event"),
- 2.4.1. Customer shall inform InfoPay, Inc. of the Security Event
in writing no less than twenty-four (24) hours after becoming aware of the Security
Event.
- 2.4.2. Customer agrees that no notification of the Security
Event shall reference InfoPay, Inc. or the product through which the data was provided,
nor shall InfoPay, Inc. be otherwise identified or referenced in connection with the
Security Event, without InfoPay, Inc.’s express written consent.
- 2.4.3. Customer shall be solely responsible for any other
legal or regulatory obligations which may arise under applicable law in connection
with such a Security Event and shall bear all costs associated with complying with
legal and regulatory obligations in connection therewith.
- 2.4.4. Customer shall provide samples of all proposed
materials to notify consumers and any third parties, including regulatory entities,
to InfoPay, Inc. for review and approval prior to distribution.
- 2.4.5. In the event of a Security Event, InfoPay, Inc. may, in
its sole discretion, take immediate action, including suspension or termination of
Customer’s account.
- 3. AUDIT. Customer understands and agrees that, in order
to ensure compliance with applicable laws, regulations, or rules, or InfoPay, Inc. ’s obligations under
its contracts with its data providers, InfoPay, Inc. may conduct periodic reviews of Customer’s use of the
InfoPay, Inc. Data Services. InfoPay, Inc. may, upon reasonable notice, audit Customer’s records, processes and
procedures related to Customer’s use, storage and disposal of InfoPay, Inc. Data Services and information
received therefrom. Customer agrees to cooperate fully with any and all audits and to respond to any
such audit inquiry within ten (10) business days, unless an expedited response is required.
Violations discovered in any review and/or audit by InfoPay, Inc. will be subject to immediate action
including, but not limited to, suspension or termination of the license to use the InfoPay, Inc. Data
Services. Customer acknowledges that InfoPay, Inc. maintains records of access to the Services in order to
comply with applicable laws and with the requirements of third parties, and that in certain limited
circumstances InfoPay, Inc. may be required to disclose that Customer accessed certain data in order to
meet these requirements.
- 4. INDEMNIFICATION. Customer agrees to indemnify and hold
harmless InfoPay, Inc., its Affiliates, subsidiaries, respective directors, officers, employees,
shareholders, representatives and agents and all other of their respective successors and permitted
assignees (the "InfoPay, Inc. Indemnified Parties"), from and against any and all suits, claims, actions,
causes of actions, liabilities, losses, damage to property, or for injury to or death of any person,
regulatory fines, costs and expenses (including, but not limited to, interest, penalties, reasonable
attorneys' fees and other expenses of litigation) (individually a " Claim”, collectively, "Claims")
arising from, or in connection with any actual or alleged: (i) inaccuracy in any representation or
warranty made by Customer in this Agreement, including, without limitation,any Application; (ii) any
act of Customer that causes a violation of applicable laws, including but not limited to GLBA, FCRA,
DPPA, and CCPA; (iii) breach or alleged breach of any covenant or obligation of Customer in this
Agreement; and (iv) willful misconduct or negligent act, error or omission of Customer, its agents,
servants, employees, subcontractors, consultants or other representatives.
- 5. CUSTOMER CHANGES. Customer shall notify InfoPay, Inc. immediately of any changes to the information on Customer's Credentialing Application for the
InfoPay, Inc. Data Services, including company name, address, contact information, industry, or data
purpose. Upon such change, InfoPay, Inc. will re-evaluate eligibility and may terminate this Agreement or
restrict access to certain data services.
- 6. CHANGE IN AGREEMENT. InfoPay, Inc. Data may, at any time,
impose restrictions and/or prohibitions on the Customer’s use of the InfoPay, Inc. Data Services or
certain data elements. Such restrictions are subject to Customer’s written consent.
- 7. PUBLICITY. Customer acknowledges that it will not name
InfoPay, Inc. or refer to its use of the InfoPay, Inc. Data Services in any press releases, advertisements,
promotional or marketing materials, or make any other third-party disclosures regarding InfoPay, Inc. or
Customer's use of the InfoPay, Inc. Data Services without the written permission of InfoPay, Inc. Data.
- 8. TERMINATION. This Agreement may be terminated by
InfoPay, Inc. at anytime, with or without notice or cause.
IN WITNESS WHEREOF, the parties have executed this Data Service Agreement as of the date first written
above.
The parties agree that this Application may be electronically signed. The parties agree that the
electronic signatures appearing on this Application are the same as handwritten signatures for the
purposes of validity, enforceability, and admissibility. Your setup will not be complete until you sign
our Data Use Agreement. If you leave this page before the signature process is complete, we may ask you
to upload a signed copy of this agreement along with other verification documents.