BENFICIAL OWNERSHIP ID TERMS & CONDITIONS FOR END USER
a. Services. Except as otherwise provided, the Services will be used solely by the End User to perform Transactions for its own commercial use. End User may not use the Services for the benefit of any third party. Any attempt by End User to use the Services for, or on behalf of a third party, will immediately and automatically terminate this Agreement and may result in additional charges to End User. For purposes of this Agreement, “Transaction(s)” means any verification or other transaction, completed or submitted by End User to GIACT pursuant to this Agreement. These Terms and Conditions Applicable to End User’s Use of GIACT’s Services shall not limit or affect the performance of the Parties under the End User Agreement of even date herewith.
i. Non-FCRA-Related Services. Merchant certifies that because the information provided in the Beneficial ID Services is not consumer report information, End User will not request or use these Services as a factor in establishing a consumer’s eligibility for credit or insurance to be used primarily for personal, family, or household purposes, employment purposes, tenant screening, or for any other purpose authorized under the FCRA or similar state or local statute, rules or regulations.
ii. Gramm-Leach-Bliley Act.
Permissible Use. End User certifies that it will order and use the reports provided by the Beneficial ID service in connection with the following use involving the subject of the report and for no other use: To use in the ordinary course of business to verify the accuracy of information submitted by the consumer to protect against or prevent actual fraud, unauthorized transactions, claims or other liability.
iii. OFAC Alerts. The portion of the Beneficial ID service that provides OFAC information is an information service that is based on information that was not collected, in whole or in part, for the purpose of serving as a factor in establishing a consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; employment purposes; or any other purpose authorized under the FCRA. Accordingly, End User certifies it will not use any information related to OFAC status or alerts as part of its decision-making process for determining the consumer’s eligibility for any credit products or other products, benefits, or services applied for. End User acknowledges that such an indicator is merely a message that the consumer may be listed on one or more U.S. government-maintained lists of persons subject to economic sanctions, and End User further certifies that upon receipt of an OFAC alert, it will contact the appropriate government agency for confirmation and instructions. The OFAC alert indicator may or may not apply to the consumer whose eligibility is being considered by End User.
b. Declination. GIACT reserves the right to decline to provide the Services at any time if it believes that End User is using or may use the Nonpublic Personal Information (as that term is defined in 12 C.F.R. § 1016.3(p)(1)) (“Data”) or the Services for a purpose other than as permissible under this Agreement or in violation of Applicable Law. For purposes of this Agreement, “Applicable Law(s)” means laws, policies, guidelines, regulations, ordinances, and rules applicable to a Party, this Agreement, its business or the Transactions and the orders of any governmental authority or regulatory body having jurisdiction over the subject matter hereof, including, but without limitation, the rules promulgated by industry associations, the U.S. Federal Trade Commission, the electronic communication rules of the CAN-SPAM Act, the FCRA, the GLBA, including its privacy and data security requirements and the unfair, deceptive, or abusive acts or practices requirements and regulations thereof, the Driver’s Privacy Protection Act, and the Telephone Consumer Protection Act, the Restore Online Shoppers’ Confidence Act, the General Data Protection Regulation, and regulations and equivalent state laws thereof.
a. Access to Account; ID and Passwords. End User will set up an account ID and password in order to obtain secured access to the Services. End User will only grant access to its account ID and password to its employees who need access in order for End User to conduct its business. End User will be solely responsible for maintaining adequate security and control of its account ID and password (or any other codes for purposes of providing End User access to the Services). GIACT will be entitled to rely on information it receives from End User through the secured access and may assume that all such information was transmitted by an End User employee. End User will comply with all GIACT recommendations and notices regarding the security of End User’s account ID, password and GIACT account(s).
b. Security Requirements. End User will establish and maintain such security and privacy measures and procedures as are required by Applicable Laws and that which are reasonably practicable to provide for the safe custody, control and access of any (i) Data, and (ii) GIACT’s Confidential Information in its possession and to prevent unauthorized access thereto or use thereof.
3. Data Security, Retention, Authorization & Use.
a. Data Security. Each Party will be solely responsible for the security of the Data residing on its servers (or third-party servers designated by such Party). Each Party will comply with all Applicable Laws governing the security, collection, retention and use by it of financial information (including checking account numbers, and all other personally identifiable customer information). End User agrees to provide notice to its customers by all appropriate means, including but not limited to, by providing information on its web site that discloses how and why personal and financial information is collected and used, including uses governed by this Agreement. End User agrees that it is solely responsible for verifying the accuracy and completeness of all Transactions submitted to GIACT associated with End User’s use of the Services. Industry Standards. Each Party will comply with all then-current legal obligations and industry standard security measures, as applicable, including but without limitation those issued by industry associations and the Federal Trade Commission, associated with the collection, security, dissemination and destruction of Data and Transaction data, and expressly including the Payment Card Industry (PCI) Data Security Standard. Each Party warrants that it has taken precautions as are necessary to ensure that its server and electronic systems are secure from breach or intrusion by unauthorized third parties. In the event that a Party’s system is breached, and an unauthorized third party has access to or has accessed Data or Transaction data, the breached Party will notify the other Party promptly in writing of the breach and will, at its own expense, take all measures necessary to remediate the breach, including notifying customers (as necessary), and take precautions to prevent future systems and data breaches. Data Retention. End User will compile and retain permanent records of all Transactions and Data for End User’s reference. Except as otherwise provided herein, at no time will GIACT have an obligation to store, retain, report or otherwise provide any copies of or access to any records of Transactions or Data collected or processed by GIACT.
d. Customer Approvals. End User (including its employees or agents) (i) has obtained all required approvals from its customers relating to the Services, and (ii) will maintain proof of all such approvals and provide such proof to GIACT at GIACT’s request. If Beneficial ID is an included Service and End User is required by law to obtain consent from persons supplying information in response to a request from End User, End User will supply legally compliant consent language to GIACT. Should persons supplying information in response to a request from End User withdraw consent, End User shall notify GIACT of such withdrawal of consent at firstname.lastname@example.org immediately.
e. No Marketing Use. End User certifies that it will not use the Services for any marketing purposes, including but not limited to creating a telemarketing call list or direct mailing list.
f. Use of Data in U.S. End User affirms and agrees that it will not transfer, process, store, or access any Services or other information or responses provided by GIACT in connection with the Services outside of the United States without GIACT’s written consent. End User further affirms and agrees that it will not submit to GIACT any Data regarding non-U.S. residents.