AGREEMENT FOR CREDIT REPORTING SERVICES
THIS AGREEMENT is made on ___________________, 20___, between ________________________(“End User”) and
1. This Agreement states the terms and conditions under which TRC will provide consumer credit reports to End User.
2. When requested by End User, TRC will provide End User with consumer credit reports (“Reports”) after a request from End User.
a. End User agrees to make full payment within fifteen (15) days after the date of each invoice from TRC. Past due amounts will be subject to a late charge of the greater of $15 or 1.5% of the past due amount and, in addition, will bear interest at the rate of twenty-four percent (24%) per annum, beginning on the date of invoice and continuing until paid.
b. End User understands that TRC provides Reports prepared and compiled by others and, for that reason, TRC cannot and does not guarantee the accuracy of any Report. End User releases TRC from all claims, liabilities, costs and expenses of every kind and nature relating in any way to inaccurate or incomplete information in any Report.
3. This Agreement is effective when (i) TRC receives from End User all documents TRC requires to open the account and (ii) TRC activates End User’s account. After this Agreement becomes effective, it will continue in full force and effect until terminated by either End User or TRC.
4. End User and TRC each agrees that it will at all times fully comply with the Federal Fair Credit Reporting Act and all other applicable state, federal and local laws and regulations. Without limitation, End User will at all times fully comply with the requirements set forth in Exhibit A to this Agreement.
5. End User agrees that it will at all times fully comply with the requirements of Experian / Isaac, Fair, as set forth in Exhibit B to this Agreement.
6. End User recognizes that it has a joint responsibility with TENANTREPORTS.COM LLC to protect the privacy of consumers, as set forth in Exhibit C to this Agreement.
7. This Agreement and the relationship between End User and TRC (to the extent not specified in this Agreement) will be governed by the Uniform Commercial Code as most currently adopted by both the American Law Institute and the National Conference of Commissioners on Uniform State Laws.
8. End User does not have the right or ability to assign any or all of its rights under this Agreement. Any change in ownership of a majority of End User’s equity will be considered a prohibited assignment of End User’s rights under this Agreement.
9. To the extent any provision of the California Civil Code applies to any Report requested by End User, End User agrees that it will be responsible for full compliance with all applicable requirements of the California Civil Code, and that TRC will have no such responsibility.
10. If there is any litigation or arbitration proceeding between End User and TRC, whether relating to this Agreement or otherwise, in addition to all other appropriate relief, the prevailing party will be entitled to recover its attorneys’ fees and other costs incurred in the proceedings.
11. This Agreement sets forth the parties’ entire understanding with respect to the subject matter hereof and, in regard to its subject matter, this Agreement supersedes all prior letters of intent, agreements, arrangements, communications, representations, and warranties, whether oral or written, by any officer, employee, or representative of either party.
12. END USER AGREES THAT IN NO EVENT SHALL TRC BE LIABLE UNDER ANY THEORY OF LIABILITY (INCLUDING, BUT NOT LIMITED TO, BREACH OF CONTRACT, BREACH OF WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY) FOR (A) DIRECT DAMAGES OR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES SUCH AS, BUT NOT LIMITED TO, DOWN-TIME, INTERRUPTION IN USE, UNAVAILABILITY OF PRODUCT OR SERVICE, LOSS OF INFORMATIONOR DATA, LOST PROFITS, EXEMPLARY OR PUNITIVE DAMAGES, OR ANY OTHER DAMAGES, WHETHER OR NOT FORESEEABLE AND WHETHER OR NOT TRC OR ITS REPRESENTATIVES OR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) ANY OTHER CLAIM, DEMAND OR DAMAGES OF ANY KIND OR NATURE RESULTING FROM OR ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE DELIVERY, USE OR PERFORMANCE OF TRC’S PRODUCTS AND SERVICES.THIS LIMITATION OF LIABILITY ALSO EXTENDS TO ANY SUPPLIER OR LICENSOR OF ALL OR ANY PART OF TRC’S PRODUCTS AND SERVICES. EACH SUCH SUPPLIER OR LICENSOR IS AN INTENDED BENEFICIARY OF THIS LIMITATION OF LIABILITY.
Authorization of Payments
I (we), the undersigned, authorize and request TRC (dba TENANTREPORTS.COM LLC) to do the following actions per the payment method
I (we) have chosen:
A) Initiate electronic debit entries or use any other commercially accepted practice to charge my (our) account indicated below in the BANK named below and I (we) authorize and request BANK to honor the debit entries initiated by TRC and debit these charges to that account.
B) Charge my Visa/Mastercard/American Express/Discover card, which is indicated above, for my TRC payment. This authorization relates to all payments required on my (our) TRC account and the related membership agreement. It also covers changes in amounts and payments due because of additional agreements between me (us) and TRC that relate to the membership agreement. This authorization will remain in effect until all amounts owed are paid in full, or until I (we) cancel this authorization. To cancel, I (we) must notify TRC in writing far enough in advance to give TRC reasonable opportunity to act. I (we) understand it my (our) responsibility to notify TRC to cancel the payment information on file should I wish to terminate this payment option.
Exhibit A- FCRA Amendment
End User is a ___________________________ (insert profession- property manager, landlord, etc.) and has a permissible purpose for obtaining consumer reports, as defined by Section 604 of the Federal Fair Credit Reporting Act, 15 USC 1681b et. seq. (“FCRA”), only when End User intends to use that consumer report information: (a) in accordance with the FCRA and all state law counterparts; and (b) for the following permissible purpose: Tenant Screening.
TENANTREPORTS.COM LLC and End User agree as follows:
Section 1 – Permissible Purpose; Limited Scope
TENANTREPORTS.COM LLC agrees to furnish End User with consumer reports in connection with a Tenant Screening application involving the consumer to determine propriety of dealing with a consumer and extending credit. These reports are based upon information obtained in good faith by one or more consumer reporting agencies (Experian, Equifax, and TransUnion). End User understands that the accuracy of any consumer report is not guaranteed by TENANTREPORTS.COM LLC and End User releases TENANTREPORTS.COM LLC, Experian, Equifax and TransUnion, and their respective affiliate companies, affiliated consumer reporting agencies, employees and independent contractors from liability, even if caused by negligence, from any loss or expense suffered by End User resulting directly or indirectly from TENANTREPORTS.COM LLC, Experian, Equifax or TransUnion information. Consumer reports on End User’s employees will be requested only in connection with Tenant Screening. End User will be forbidden from obtaining reports on themselves, associates, or any other persons except in the exercise of their official duties.
End User will (1) verify the identity of the consumer of each report, (2) obtain written authorization from the consumer prior to accessing consumer file, (3) permit TENANTREPORTS.COM LLC to audit End User’s procedures related to this Agreement, and (4) understand that the consumer reporting agencies may periodically audit End User directly or via TENANTREPORTS.COM LLC regarding their compliance with the FCRA. Audits will require End User to provide documentation as to permissible use of particular consumer reports. End User will provide full cooperation during audits and will be responsible for assuring full cooperation of its employees. End User hereby certifies and warrants that it will request and use consumer information received from TENANTREPORTS.COM LLC solely in connection with the permissible purpose type disclosed to TENANTREPORTS.COM LLC as defined by the FCRA. All consumer information shall be maintained by End User in strict confidence and disclosed only to those whose duties reasonably relate to the legitimate business purpose for which the information is requested, except as otherwise required by law.
End User warrants to TENANTREPORTS.COM LLC that it is not a detective agency, investigative company, bail bond company, financial counseling, law firm, credit repair clinic, dating service, or a person that will not be the end user of the consumer report. End User warrants that it will not resell TENANTREPORTS.COM LLC reports, sell TENANTREPORTS.COM LLC reports on the Internet, or otherwise. End User certifies that it will order consumer reports for no other purpose except in connection with a Tenant Screening. End User is limited to access bureau information for the purposes that have been indicated on TENANTREPORTS.COM LLC’s service application. A separate customer account is required for each permissible purpose under the FCRA. End User will use the appropriate account number for the business designated with that account.
Section 2 – Fair Credit Reporting Act (“FCRA”)
The following five (5) sections of the FCRA are of direct consequence to users who obtain reports on consumers. TENANTREPORTS.COM LLC requires that all employees of End User become familiar with the following sections:
Section 604 Permissible Purpose of Reports Section 607 Obligations of Resellers Section 615 Requirements on Users of Consumer Reports
Section 619 Obtaining Information under False Pretenses Section 623 Responsibilities of Furnishers and Obligations of Users of Consumer Reports
TENANTREPORTS.COM LLC strongly endorses the letter and spirit of the FCRA. TENANTREPORTS.COM LLC believes that this law and similar state laws recognize and preserve the delicate balance between the rights of the consumer and the legitimate needs of commerce. In addition to the FCRA, other federal and state laws addressing such topics as computer crime and unauthorized access to protected databases have also been enacted. As a prospective user of consumer reports, TENANTREPORTS.COM LLC requires that End User and its staff become fully familiar with all relevant federal statutes of the states in which End User operates. Record Retention: It is important that End User keeps tenant screening applications for a reasonable period of time. This will help to facilitate the investigative process if a consumer claims that End User inappropriately accessed their consumer report. (Note: The FCRA states that a creditor must preserve all written or Recorded Information connected with an application for a reasonable amount of time. TENANTREPORTS.COM LLC suggests 24-36 months.) Under section 621 (a)(2)(A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation.
Section 3 – Financial Terms
Upon review of payment history, TENANTREPORTS.COM LLC reserves the right to impose additional credit limit restrictions on End User’s account and/or require personal guarantee(s) from the principals of the End User, until such time as the End User establishes a positive payment
history.TENANTREPORTS.COM LLC will take any necessary measures to collect unpaid obligations. Upon default, TENANTREPORTS.COM LLC shall have the option of any of the following actions: (a) suspending / terminating all of End User’s accounts; (b) commencing collection actions to recover any unpaid balance; (c) reporting delinquent account balance to credit reporting agencies; and / or (d) pursuit of legal action. End User agrees to pay all additional costs incurred by TENANTREPORTS.COM LLC in pursuit of collection efforts, including collection agency fees, attorney fees, and all related reasonable court costs. If End User is negligent in their financial obligation to TENANTREPORTS.COM LLC, they will immediately be reported to a web based database which is used by other resellers of credit reports across the United States. If End User name or company name is placed in database, End User will not be able to obtain credit reports from other resellers.
Section 5 – Legal Compliance; Indemnity
By signing this Agreement, End user agrees to adhere to all End User Access Security Requirements. Applicants must qualify based on TENANTREPORTS.COM LLC End User policies prior to activation. End user acknowledges that its account contact information (address, phone, etc…) must be kept current at all times. End User must have an accessible business phone line; caller block services or privacy directory services are not permitted. TENANTREPORTS.COM LLC reserves the right to suspend or terminate service at any time if End User enters a non-compliant state, is under investigation for any reason, fails to respond to an audit, and/or is suspected of any inappropriate or illegal activity. End User agrees that TENANTREPORTS.COM LLC has the right to audit End User for documentation to prove the validity and/or permissible purpose of any consumer related transaction made, including audits initiated by one of the consumer reporting agencies. End User will comply with all federal, state, and local statues, regulations, and rules applicable to it, including without limitation, the FCRA as amended by the FACTA and the Gramm-Leach-Bliley Act. If End User unlawfully obtains a credit report from TENANTREPORTS.COM LLC, End User specifically agrees to indemnify, defend, and hold TENANTREPORTS.COM LLC, Experian, Equifax, and TransUnion harmless from any damages, claims and expenses, including reasonable attorney fees, which may be asserted against or incurred by TENANTREPORTS.COM LLC, Experian, Equifax, and TransUnion. Other than unlawfully obtained credit reports, under no circumstances will TENANTREPORTS.COM LLC, Experian, Equifax, TransUnion or End User have any obligation or liability to the other for any incidental, indirect, consequential, or special damages incurred by the other party (including damages for lost business, lost profits or damage to business reputation) regardless of how such damages arise.
End User access to credit reports via TRC ONLINE is subject to TENANTREPORTS.COM LLC security policies, which are monitored regularly for inactivity. All End User accounts are considered to be inactive after one hundred twenty (120) days of inactivity. This policy is designed to protect End User and TENANTREPORTS.COM LLC from misuse. To reactive End User account, new compliance information and documentation may be required.
Section 6 – USER CERTIFICATION OF COMPLIANCE, California Civil Code – Section 1785.14(a)
Section 1785.14(a), as amended, states that a consumer credit reporting agency does not have reasonable grounds for believing that a Section 1785.14(a)(1) states: “If a prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the consumer credit reporting agency shall, with a reasonable degree of certainty, match at least three categories of identifying information within the file maintained by the consumer credit reporting agency on the consumer with the information provided to the consumer credit reporting agency by the retail seller. The categories of identifying information may include, but are not limited to, first and last name, month and date of birth, driver’s license number, place of employment, current residence address, previous residence address, or social security number. The categories of information shall not include mother’s maiden name. “Section 1785.14(a)(2) states: “If the prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the retail seller must certify, in writing, to the consumer credit reporting agency that it instructs its employees and agents to inspect a photo identification of the consumer at the time the application was submitted in person. This paragraph does not apply to an application for credit submitted by mail. “Section 1785.14(a)(3) states: “If the prospective user intends to extend credit by mail pursuant to a solicitation by mail, the extension of credit shall be mailed to the same address as on the solicitation unless the prospective user verifies any address change by, among other methods,
contacting the person to whom the extension of credit will be mailed. “In compliance with Section 1785.14(a) of the California Civil Code, “End User” hereby certifies to Consumer Reporting Agency as follows: End User IS NOT a retail seller, as defined in Section 1802.3 of the California Civil Code (“Retail Seller”) and issues credit to consumers who appear in person on the basis of applications for credit submitted in person (“Point of Sale”).End User also certifies that if End User is a Retail Seller who conducts Point of Sale transactions, End User will, beginning on or before July 1,1998, instructs its employees and agents to inspect a photo identification of the consumer at the time an application is submitted in person. End User also certifies that it will only use the appropriate End User code number designated by Consumer Reporting Agency for accessing consumer reports for California Point of Sale transactions conducted by Retail Seller. If End User is not a Retail Seller who issues credit in Point of Sale transactions, End User agrees that if it, at any time hereafter, becomes a Retail Seller who extends credit in Point of Sale transactions, End User shall provide written notice of such to Consumer Reporting Agency prior to using credit reports with Point of Sale transactions as a Retail Seller, and shall comply with the requirements of a Retail Seller conducting Point of Sale transactions, as provided in this certification.
Section 7 – Miscellaneous
Amendments – TENANTREPORTS.COM LLC reserves the right to revise the terms, conditions, or pricing under Service Agreement in order to meet any requirement imposed by federal, state or local law, rule or regulation, or to address matters concerning privacy and confidentiality. If at any time during the duration of this business relationship the undersigned party becomes no longer affiliated with End User, TENANTREPORTS.COM LLC reserves the right to suspend the account immediately until a new Service Agreement is signed by a valid representative of the End User.
Monitoring – TENANTREPORTS.COM LLC will monitor End User on an ongoing basis to assure the continued compliance with the requirements of the Service Agreement.
Section 8– Release of Credit Information and Authorization to Check Credit References
TENANTREPORTS.COM LLC will periodically check End User credit references. A credit report will be required on the principal(s) of any business in operation less than a year.
Exhibit B – Scoring Addendum
Section 1 – End User Agreement for Fair Isaac CLASSICSM CREDIT RISK SCORE SERVICES and BANKRUPTCYCREDIT RISK SCORE SERVICES from TransUnion
1. Based on an agreement with Trans Union LLC (“Trans Union”) and Fair Isaac Corporation (“Fair Isaac”) (“Reseller Agreement”),Reseller has access to a unique and proprietary statistical credit scoring service jointly offered by Trans Union and Fair Isaac which evaluates certain information in the credit reports of individual consumers from Trans Union’s data base (“Classic”) and provides a score which rank orders consumers with respect to the relative likelihood that United States consumers will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring (the “Classic Score”).
2. Subscriber, from time to time, may desire to obtain Classic Scores from Trans Union via an on-line mode in connection with consumer credit reports.
3. Subscriber has previously a permissible purpose for obtaining consumer reports, as defined by Section 604 of the Federal Fair Credit Reporting Act (15 USC 1681b) including, without limitation, all amendments thereto (“FCRA”).
4. Subscriber certifies that it will request Classic Scores pursuant to procedures prescribed by Reseller from time to time only for the permissible purpose certified above, and will use the Classic Scores obtained for no other purpose.
5. Subscriber will maintain copies of all written authorizations for a minimum of three (3) years from the date of inquiry.
6. Subscriber agrees that it shall use each Classic Score only for a one-time use and only in accordance with its permissible purpose under the FCRA.
7. With just cause, such as delinquency or violation of the terms of this contract or a legal requirement, Reseller may, upon its election, discontinue serving the Subscriber and cancel this Agreement, in whole or in part (e.g., the services provided under this Addendum only) immediately.
8. Subscriber recognizes that factors other than the Classic Score may be considered in making a credit decision. Such other factors include, but are not limited to, the credit report, the individual account history, and economic factors.
9. Trans Union and Fair Isaac shall be deemed third party beneficiaries under this Addendum.
10. Up to five score reason codes, or if applicable, exclusion reasons, are provided to Subscriber with Classic Scores. These score reason codes are designed to indicate the reasons why the individual did not have a higher Classic Score, and may be disclosed to consumers as the reasons for taking adverse action, as required by the Equal Credit Opportunity Act (“ECOA”) and its implementing Regulation (“Reg. B”). However, the Classic Score itself is proprietary to Fair Isaac, may not be used as the reason for adverse action under Reg. B and, accordingly, shall not be disclosed to credit applicants or any other third party, except: (1) to credit applicants in connection with approval/disapproval decisions in the context of bona fide credit extension transactions when accompanied with its corresponding score reason codes; or (2) as clearly required by law. Subscriber will not publicly disseminate any results of the validations or other reports derived from the Classic Scores without Fair Isaac and Trans Union’s prior written consent
11. In the event Subscriber intends to provide Classic Scores to any agent, Subscriber may do so provided, however, that Subscriber first enters into a written agreement with such agent that is consistent with Subscriber’s obligations under this Agreement. Moreover, such agreement between Subscriber and such agent shall contain the following obligations and acknowledgments of the agent: (1) Such agent shall utilize the Classic Scores for the sole benefit of Subscriber and shall not utilize the Classic Scores for any other purpose including for such agent’s own purposes or benefit; (2) That the Classic Score is proprietary to Fair Isaac and, accordingly, shall not be disclosed to the credit applicant or any third party without Trans Union and Fair Isaac’s prior written consent except (a) to credit applicants in connection with approval/disapproval decisions in the context of bona fide credit extension transactions when accompanied with its corresponding score reason codes; or (b) as clearly required by law; (3) Such Agent shall not use the Classic
Scores for model development, model validation, model benchmarking, reverse engineering, or model calibration; (4) Such agent shall not resell the Classic Scores; and (5) Such agent shall not use the Classic Scores to create or maintain a database for itself or otherwise.
12. Subscriber acknowledges that the Classic Scores provided under this Agreement which utilize an individual’s consumer credit information will result in an inquiry being added to the consumer’s credit file.
13. Subscriber shall be responsible for compliance with all applicable federal or state legislation, regulations and judicial actions, as now or as may become effective including, but not limited to, the FCRA, the ECOA, and Reg. B, to which it is subject.
14. The information including, without limitation, the consumer credit data, used in providing Classic Scores under this Agreement were obtained from sources considered to be reliable. However, due to the possibilities of errors inherent in the procurement and compilation of data involving a large number of individuals, neither the accuracy nor completeness of such information is guaranteed. Moreover, in no event shall Trans Union, Fair Isaac, nor their officers, employees, affiliated companies or bureaus, independent contractors or agents be liable to Subscriber for any claim, injury or damage suffered directly or indirectly by Subscriber as a result of the inaccuracy or incompleteness of such information used in providing Classic Scores under this Agreement and/or as a result of Subscriber’s use of Classic Scores and/or any other information or serviced provided under this Agreement.
15. 1 Fair Isaac, the developer of Classic, warrants that the scoring algorithms as delivered to Trans Union and used in the computation of the Classic Score (“Models”) are empirically derived from Trans Union’s credit data and are a demonstrably and statistically sound method of rank-ordering candidate records with respect to the relative likelihood that United States consumers will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring when applied to the population for which they were developed, and that no scoring algorithm used by Classic uses a “prohibited basis” as that term is defined in the Equal Credit Opportunity Act (ECOA) and Regulation B promulgated there under. Classic provides a statistical evaluation of certain information in Trans Union’s files on a particular individual, and the Classic Score indicates the relative likelihood that the consumer will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring relative to other individuals in Trans Union’s database. The score may appear on a credit report for convenience only, but is not a part of the credit report nor does it add to the information in the report on which it is based. THE WARRANTIES SET FORTH IN SECTION 15.1 ARE THE SOLE WARRANTIES MADE UNDER THIS ADDENDUMCONCERNING THE CLASSIC SCORES AND ANY OTHER DOCUMENTATION OR OTHER DELIVERABLES AND SERVICESPROVIDED UNDER THIS AGREEMENT; AND NEITHER FAIR ISAAC NOR TRANS UNION MAKE ANY OTHERREPRESENTATIONS OR WARRANTIES CONCERNING THE PRODUCTS AND SERVICES TO BE PROVIDED UNDER THISAGREEMENT OTHER THAN AS SET FORTH IN THIS ADDENDUM. THE WARRANTIES AND REMEDIES SET FORTH INSECTION 15.1 ARE IN LIEU OF ALL OTHERS, WHETHER WRITTEN OR ORAL, EXPRESS OR IMPLIED (INCLUDING, WITHOUTLIMITATION, WARRANTIES THAT MIGHT BE IMPLIED FROM A COURSE OF PERFORMANCE OR DEALING OR TRADEUSAGE). THERE ARE NO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
16. IN NO EVENT SHALL ANY PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, OR PUNITIVEDAMAGES INCURRED BY THE OTHER PARTIES AND ARISING OUT OF THE Springfield, Pa 19064 office Ph 866.910.1503 Fax 866.271.2570 PERFORMANCE OF THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOSS OFGOOD WILL AND LOST PROFITS OR REVENUE, WHETHER OR NOT SUCH LOSS OR DAMAGE IS BASED IN CONTRACT,WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY, INDEMNITY, OR OTHERWISE, EVEN IF A PARTY HAS BEEN ADVISEDOF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OFESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
17. THE FOREGOING NOTWITHSTANDING, WITH RESPECT TO SUBSCRIBER, IN NO EVENT SHALL THE AFORESTATEDLIMITATIONS OF LIABILITY, SET FORTH ABOVE IN SECTION 16, APPLY TO DAMAGES INCURRED BY TRANS UNION AND/ORFAIR ISAAC AS A RESULT OF: (A) GOVERNMENTAL, REGULATORY OR JUDICIAL ACTION(S) PERTAINING TO VIOLATIONSOF THE FCRA AND/OR OTHER LAWS, REGULATIONS AND/OR JUDICIAL ACTIONS TO THE EXTENT SUCH DAMAGESRESULT FROM SUBSCRIBER’S BREACH, DIRECTLY OR THROUGH SUBSCRIBER’S AGENT(S), OF ITS OBLIGATIONS UNDERTHIS AGREEMENT.
18. ADDITIONALLY, NEITHER TRANS UNION NOR FAIR ISAAC SHALL BE LIABLE FOR ANY AND ALL CLAIMS ARISING OUT OFOR IN CONNECTION WITH THIS ADDENDUM BROUGHT MORE THAN ONE (1) YEAR AFTER THE CAUSE OF ACTION HASACCRUED. IN NO EVENT SHALL TRANS UNION’S AND FAIR ISAAC’S AGGREGATE TOTAL LIABILITY, IF ANY, UNDER THISAGREEMENT, EXCEED THE AGGREGATE AMOUNT PAID, UNDER THIS ADDENDUM, BY SUBSCRIBER DURING THE TWELVE(12) MONTH PERIOD IMMEDIATELY PRECEDING ANY SUCH CLAIM, OR TEN THOUSAND DOLLARS ($10,000.00),WHICHEVER AMOUNT IS LESS.
19. This Addendum may be terminated automatically and without notice: (1) in the event of a breach of the provisions of this Addendum by Subscriber; (2) in the event the agreement(s) related to Classic between Trans Union, Fair Isaac and Reseller are terminated or expire; (3) in the event the requirements of any law, regulation or judicial action are not met, (4) as a result of changes in laws, regulations or regulatory or judicial action, that the requirements of any law, regulation or judicial action will not be met; and/or (5) the use of the Classic Service is the subject of litigation or threatened litigation by any governmental entity.
Section 2 – Credit Scoring Services Agreement with Experian Information Solutions
For good and valuable consideration and intending to be legally bound, Subscriber and Experian/Fair, Isaac hereby agree as follows:
1. General Provisions
A. Subject of Agreement. The subject of this Agreement is Subscriber’s purchase of certain credit scoring services known as the “Experian/Fair, Isaac Model” from Experian/Fair, Isaac. B. Application. This Agreement applies to all uses of the Experian/Fair, Isaac Model by Subscriber during the Term (as defined below).C. Meaning of Experian/Fair, Isaac Model. For purposes of this Agreement, the term “Experian/Fair, Isaac Model” means application of a
risk model developed by Experian and Fair, Isaac and Company which employs a proprietary algorithm and which, when applied to credit information relating to individuals with whom Subscriber has a credit relationship or with whom Subscriber contemplates entering into a credit relationship will result in a numerical score; the purpose of the models being to rank said individuals in order of the risk of unsatisfactory payment. D. Term. The term of this Agreement (the “Term”) is the period consisting of the Initial Term and, if this Agreement is renewed, the Renewal Term(s), as follows: (1) Initial Term. The “Initial Term” is the period beginning at 12:01 a.m. on the date written above and ending at 11:59p.m. on the day before the first anniversary of that date. (2) Renewal Term(s). Unless one or both of the parties delivers written notice of such party’s (parties’) intent not to renew no later than thirty (30) days before the end of the Initial Term, this Agreement will renew automatically and without further action by either party for an additional one-year period (a “Renewal Term”). Thereafter, this Agreement will continue to renew automatically unless and until either party delivers non-renewal notice no later than thirty (30) days before the end of a Renewal Term. This Agreement will terminate without further action by either of the parties in the event Subscriber discontinues use of the Experian/Fair, Isaac Model.
2. Experian/Fair, Isaac Model
A. Generally. Upon request by Subscriber during the Term, Experian/Fair, Isaac will provide Subscriber with the Experian/Fair, Isaac Model.
B. Time of Performance. Experian/Fair, Isaac will use commercially reasonable efforts to provide the Experian/Fair Isaac Model as expeditiously as possible and in a timely manner; provided, however, Experian/Fair, Isaac will have no liability to Subscriber hereunder for delays in providing such Experian/Fair, Isaac Model. C. Warranty. Experian/Fair, Isaac warrant that the Experian/Fair, Isaac Model is empirically derived and demonstrably and statistically sound and that to the extent the population to which the Experian/Fair, Isaac Model is applied is similar to the population sample on which the Experian/Fair, Isaac Model was developed, the Experian/Fair, Isaac Model score may be relied upon by Subscriber to rank consumers in the order of the risk of unsatisfactory payment such consumers might present to Subscriber. Experian/Fair, Isaac further warrants that so long as it provides the Experian/Fair, Isaac Model, it will comply with regulations promulgated from time to time pursuant to the Equal Credit Opportunity Act, 15 USC Section 1691 et seq. THE FOREGOING WARRANTIES ARE THE ONLY WARRANTIES EXPERIAN/FAIR,ISAAC HAVE GIVEN SUBSCRIBER WITH RESPECT TO THE EXPERIAN/FAIR ISAAC MODEL AND SUCH WARRANTIES ARE IN LIEUOF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, EXPERIAN/FAIR, ISAAC MIGHT HAVE GIVEN SUBSCRIBER WITH RESPECTTHERETO, INCLUDING, FOR EXAMPLE, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Subscriber’s rights under the foregoing Warranty are expressly conditioned upon Subscriber’s periodic revalidation of the Experian/Fair, Isaac Model in compliance with the requirements of Regulation B as it may be amended from time to time (12 CFR Section 202 et seq.).
A. Generally. In consideration of Experian/Fair, Isaac’s performance of the Experian/Fair, Isaac Model, Subscriber will pay Experian/Fair, Isaac fees (the “Fees”) as agreed upon in writing by Subscriber and Experian/Fair, Isaac from time to time. B. Taxes. Subscriber will be solely responsible for all Federal, state, and local taxes levied or assessed in connection with Experian/Fair, Isaac’s performance of the Experian/Fair, Isaac Model, other than income taxes assessed with respect to Experian/Fair, Isaac’s net income, for which income taxes Experian/Fair, Isaac will be solely responsible.
C. Method of Payment. Periodically during the Term, Experian/Fair, Isaac will deliver to Subscriber invoices reflecting Fees (including taxes)for which Subscriber is responsible hereunder. Subscriber will pay Experian/Fair, Isaac the amounts indicated on such invoices within thirty(30) days after the invoice date. Subscriber’s obligation to pay Fees shall be absolute and unconditional and shall not be affected by any circumstance, including, without limitation, set off, counterclaim, recoupment, defense (other than the defense of payment itself) or other r right Subscriber may have or allege to have against Experian/Fair, Isaac for any reason whatsoever. If Subscriber does not pay any undisputed portion of invoiced Fees within the thirty (30) day period described above, then Subscriber will also pay interest on the unpaid amount at the rate of one and one-half percent (1.5%) per month or the highest rate permitted by law, whichever is less.
4. Intellectual Property
A. No License. Nothing contained in this Agreement shall be deemed to grant Subscriber any license, sublicense, copyright interest, proprietary rights, or other claim against or interest in any computer programs utilized by Experian/Fair, Isaac or any third party involved in the delivery of the Experian/Fair, Isaac Model. B. Subscriber Use Limitations. By providing the Experian/Fair, Isaac Model to Subscriber pursuant to this Agreement, Experian/Fair, Isaac
grants to Subscriber a limited license to use information contained in reports generated by the Experian/Fair, Isaac Model solely in its own business with no right to sublicense or otherwise sell or distribute said information to third parties. C. Proprietary Designations. Neither party will use, or permit their respective employees, agents and subcontractors to use, the trademarks, service marks, logos, names, or any other proprietary designations of the other party, the other party’s affiliates or any third party involved in the provision of the Experian/Fair, Isaac Model, whether registered or unregistered, without such party’s prior written consent.
5. Compliance and Confidentiality
A. Compliance with Law. In performing this Agreement and in using information provided hereunder, both parties will comply with all Federal, state, and local statutes, regulations, and rules applicable to consumer credit information and nondiscrimination in the extension of credit from time to time in effect during the Term. B. Confidentiality. Each party will maintain internal procedures to minimize the risk of unauthorized disclosure of information delivered hereunder. Both parties will take reasonable precautions to assure that such information will be held in strict confidence and disclosed only to those of their respective employees whose duties reasonably relate to the legitimate business purposes for which the information is requested or used and to no other person. Without limiting the generality of the foregoing, each party will take suitable precautions to prevent loss, compromise, or misuse of any tapes or other media containing consumer credit information while in the possession of either party and while in transport between the parties. C. Proprietary Criteria. Under no circumstances will Subscriber attempt in any manner, directly or indirectly, to discover or reverse engineer any confidential and proprietary criteria developed or used by Experian/Fair, Isaac in performing the Experian/Fair Isaac Model. D. Consumer Disclosure. Notwithstanding any contrary provision of this Agreement, Subscriber may disclose the scores provided to Subscriber under this Agreement to credit applicants, when accompanied by the corresponding reason codes, in the context of bona fide lending transactions and decisions only.
6. Indemnification and Limitations
A. Indemnification of Experian/Fair, Isaac. Subscriber will indemnify, defend, and hold Experian/Fair, Isaac harmless from and against any
and all liabilities, damages, losses, claims, costs, and expenses (including attorneys’ fees) arising out of or resulting from any nonperformance by Subscriber of any obligations to be performed by Subscriber under this Agreement, provided that Experian/Fair, Isaac have given Subscriber prompt notice of, and the opportunity and the authority (but not the duty) to defend or settle any such claim. B. Indemnification of Subscriber. Experian/Fair, Isaac will indemnify, defend, and hold Subscriber harmless from and against any and all liabilities, damages, losses, claims, costs, and expenses (including attorneys’ fees) arising out of or resulting from any nonperformance by Experian/Fair, Isaac of any obligations to be performed by Experian/Fair, Isaac under this Agreement, provided that Subscriber has given Experian/Fair, Isaac prompt notice of, and the opportunity and the authority (but not the duty) to defend or settle any such claim. C. Limitation of Liability. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, UNDER NO CIRCUMSTANCES WILLEITHER PARTY HAVE ANY OBLIGATION OR LIABILITY TO THE OTHER OR TO ANY END USER HEREUNDER FOR ANYINCIDENTAL, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES INCURRED BY THE OTHER PARTY, REGARDLESS OF HOWSUCH DAMAGES ARISE AND OF WHETHER OR NOT A PARTY WAS ADVISED SUCH DAMAGES MIGHT ARISE. IN NO EVENTSHALL THE AGGREGATE LIABILITY OF EXPERIAN/FAIR, ISAAC TO SUBSCRIBER EXCEED THE FEES PAID BY SUBSCRIBERPURSUANT TO SECTION 3.A DURING THE 12 MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF SUBSCRIBER’S CLAIM.
A. Amendments. This Agreement may be amended at any time, but only by written agreement which refers expressly to this Agreement and is signed by both parties. B. Termination and Cancellation. This Agreement may be terminated by mutual agreement at any time, but only by a written agreement
which refers expressly to this Agreement and is signed by both parties. This Agreement shall terminate automatically in the event the Subscriber Service Agreement or other similar agreement which is entered into between Experian and Subscriber is terminated or canceled for any reason. This Agreement may be canceled unilaterally by either party, but only if and when (1)the other party has breached a material obligation under this Agreement, (2) the party desiring to terminate has delivered to the breaching party a written demand that the breaching party cure the breach, (3) the breaching party has failed to cure such breach within thirty (30)days after receipt of the demand, and (4) the party desiring to terminate then delivers to the breaching party written notice of cancellation. C. Waivers. Either party may at any time waive compliance by the other with any covenants or conditions contained in this Agreement, but only by written instrument signed by the party waiving such compliance. No such waiver, however, shall be deemed to constitute the waiver of any such covenant or condition in any other circumstance or the waiver of any other covenant or condition. D. Successors. This Agreement shall be binding upon and inure to the benefit of the successors of each of the parties hereto, but shall not be assignable by Subscriber without the prior written consent of Experian/Fair, Isaac. E. Third Parties. Subscriber acknowledges that the Experian/Fair, Isaac Model results from the joint efforts of Experian Information Solutions, Inc. and Fair, Isaac and Company, Incorporated. Subscriber further acknowledges that Experian/Fair, Isaac have a proprietary interest in said Model and agrees that either Experian Information Solutions, Inc. or the Fair, Isaac and Company, Incorporated may enforce
those rights as required .F. Complete Agreement. This Agreement sets forth the entire understanding of Subscriber and Experian/Fair, Isaac with respect to the subject matter hereof and supersedes all prior letters of intent, agreements, covenants, arrangements, communications, representations, or warranties, whether oral or written, by any officer, employee, or representative of either party relating thereto.
Exhibit C – Access Security
End User will comply with TENANTREPORTS.COM LLC policies and procedures, which End User hereby acknowledges have been received and reviewed. End User will comply with additional, updated, or new requirements when received from TENANTREPORTS.COM LLC. End User recognizes that it has a joint responsibility with TENANTREPORTS.COM LLC to protect the privacy of consumers. The following measures are designed to reduce unauthorized access of consumer reports. In signing this Agreement, End User agrees to the following measures:
1. To protect its TENANTREPORTS.COM LLC account number, user name, and password so that only key personnel know this sensitive information. Unauthorized persons should never have knowledge of such password. End User agrees not to post the information in any manner within its facility.
2. Assign each employee-user in its office his/her own unique user name and password. Do not allow employees to share login information.
3. Do not divulge the TENANTREPORTS.COM LLC account number and passwords by telephone with any unknown caller.
4. Restrict the ability to obtain consumer information to a few key personnel.
5. Place all terminal devices / computers used to obtain consumer information in a secure location within its facility. End User should secure this equipment so that unauthorized persons cannot easily access it.
6. After normal business hours, be sure to turn off and secure all systems used to obtain credit information.
7. Secure hard copies and electronic files of consumer reports within End User’s facility so that unauthorized persons cannot easily access them.
8. Shred or destroy all hard copy consumer reports when no longer needed. Erase or scramble electronic files containing consumer information when no longer needed and when applicable regulation(s) permit destruction.
9. E-mailing consumer data is prohibited. E-mail is not a secure method of data transfer, and should not be used to transmit sensitive material such as the contents of a consumer report.
10. Make all employees aware that the company can access consumer information ONLY for the permissible purposes listed in the permissible purpose information section of your service application. End User employees may not access their own report or the report of a family member or friend if End User does not have permissible purpose.
The FCRA provides that any person “who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses shall be fined under Title 18 United States Code, imprisoned for not more than two years, or both.” End User agrees to comply with all requirements of the FCRA and all other applicable laws in ordering and using credit reports.
Access Security Requirements
We must work together to protect the private information of consumers. These security measures are designed to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, you may employ an outside service provider to assist you. Capitalized terms used have the meaning given in the Glossary section. We reserve the right to change these Security Requirements. This information provides minimum baselines for information security.
In accessing the credit reporting services, the following security requirements apply:
1. Implement Strong Access Control Measures
1.1. Do not provide your Subscriber Codes or passwords to anyone. No one from our company will ever contact you and request our Subscriber Code number or password.
1.2. Proprietary or third party system access software must have the Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel.
1.3. You must request your Subscriber Code password be changed immediately when any system access software is replaced by their system access software or is no longer used; or the hardware on which the software resides is upgraded, changed or disposed of.
1.4. Protect Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s).
1.5. Create a separate, unique user ID for each user to enable individual authentication and accountability for access to our system. Each user of the system access software must also have a unique logon password.
1.6. Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on users’ profiles.
1.7. Keep user passwords Confidential.
1.8. Develop strong passwords that are: not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) and that contain a minimum of seven (7) alpha/numeric characters for standard user accounts.
1.9. Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.
1.10. Active logins to credit information systems must be configured with a 30 minute inactive session, timeout.
1.11. Restrict the number of key personnel who have access to credit information.
1.12. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in your Contract.
1.13. Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in
connection with a credit transaction or for another permissible purpose.
1.14. Implement a process to terminate access rights immediately for users who access credit reporting information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information.
1.15. After normal business hours, turn off and lock all devices or systems used to obtain credit information.
1.16. Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.
2. Maintain a Vulnerability Management Program
2.1. Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate
system patches and updates.
2.2. Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.
2.3. Implement and follow current best security practices for Computer Virus detection scanning services and procedures: • Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks. • If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated. • On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files. • Implement and follow current best security practices for computer anti-Spyware scanning services and procedures: • Use, implement and maintain a current, commercially available computer anti- Spyware scanning product on all computers, systems and networks. • If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. • Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers. • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly.
3. Protect Data
3.1. Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use,storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.)
3.2. All credit reporting data is classified as Confidential and must be secured to this requirement at a minimum.
3.3. Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information.
3.4. Encrypt all credit reporting data and information when stored on any laptop computer and in the database using AES or 3DES with 128-bit key encryption at a minimum.
3.5. Only open email attachments and links from trusted sources and after verifying legitimacy.
4. Maintain an Information Security Policy
4.1. Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.
4.2. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information and to permit identification and prosecution of violators.
4.3. The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.4. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
5. Build and Maintain a Secure Network
5.1. Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.
5.2. Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation(NAT) technology should be used.
5.3. Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.
5.4. Any stand alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services, and network traffic.
5.5. Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available.
5.6. Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.
6. Regularly Monitor and Test Networks
6.1. Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).
6.2. Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by protecting against intrusions; securing the computer systems and network servers; and protecting against intrusions of operating systems or software.
Record Retention: The Equal Credit Opportunity Act states that a creditor must preserve all written or recorded information connected with an application for 25 months. In keeping with the ECOA, you are required to retain the credit application and, if applicable, a purchase agreement for a period of not less than 25 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, we will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract. Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA maybe liable for a civil penalty of not more than $2,500 per violation.
Computer Virus: A self-replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying.
Confidential: Very sensitive information. Disclosure could adversely impact your company.
Encryption: The process of obscuring information to make it unreadable without special knowledge.
Firewall: A piece of hardware and/or software that functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.
Information Lifecycle (Or Data Lifecycle): is a management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained.
IP Address: A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices – including routers, computers, time-servers, printers, Internet fax machines, and some telephones – must have a unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices.
Peer-to-Peer: A type of communication found in a system that uses layered protocols. Peer-to-Peer networking is the protocol often used for reproducing and distributing music without permission.
Router: A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data
Spyware: A broad category of malicious software designed to intercept or take partial control of a computer’s operation without the consent of that machine’s owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet.
SSID: Part of the Wi-Fi Wireless LAN, it is a code that identifies each packet as part of that network. Wireless devices that communicate with each other share the same SSID.
Subscriber Code: Your seven digit credit reporting agency account number.
WEP Encryption (Wired Equivalent Privacy): A part of the wireless networking standard intended to provide secure communication. The longer the key used, the stronger the encryption will be. This is older technology reaching its end of life.
WPA (Wi-Fi Protected Access): A part of the wireless networking standard that provides stronger authentication and more secure communications. Replaces WEP and uses dynamic key encryption verses static as in WEP (key is constantly changing and thus more difficult to break than WEP).