Terms Required by Providers of Data on Individuals
This schedule (“Schedule”) includes required flow-down obligations under The Berwyn Group, Inc.’s (“Service Provider”) license agreements with third party data providers pursuant to which Service Provider receives addresses, dates of birth, and other data about individuals (the “Data on Individuals”).
If a Service Provider client (“Client”) receives any Data on Individuals in connection with or through the services provided by Service Provider (the “Services”), then the terms and conditions set forth in this Schedule shall be incorporated into the agreement(s) between Service Provider and Client for such Services (the “Agreement”).
- GLBA Data. Some of the information contained in the Services is “nonpublic personal information,” as defined in the Gramm-Leach-Bliley Act (15 U.S.C. § 6801, et seq.) and related state laws (collectively, the “GLBA”), and is regulated by the GLBA (“GLBA Data”). Client shall not obtain and/or use GLBA Data through the Services in any manner that would violate the GLBA, or any similar state or local laws, regulations and rules. Client acknowledges and agrees that it may be required to certify its permissible use of GLBA Data falling within an exception set forth in the GLBA at the time it requests information in connection with certain Services and will recertify upon request by Service Provider. Client certifies with respect to GLBA Data received through the Services that it complies with the Interagency Standards for Safeguarding Customer Information issued pursuant to the GLBA.
- DPPA Data. Some of the information contained in the Services is “personal information,” as defined in the Drivers Privacy Protection Act (18 U.S.C. § 2721, et seq.) and related state laws (collectively, the “DPPA”), and is regulated by the DPPA (“DPPA Data”). Client shall not obtain and/or use DPPA Data through the Services in any manner that would violate the DPPA. Client acknowledges and agrees that it may be required to certify its permissible use of DPPA Data at the time it requests information in connection with certain Services and will recertify upon request of Service Provider.
- Social Security Numbers. Service Provider may in its sole discretion permit Client to access Social Security numbers (“SSNs”). If Client is authorized by Service Provider to receive SSNs, and Client obtains SSNs through the Services, Client certifies it will not use the SSNs for any purpose other than as expressly authorized by Service Provider policies, the terms and conditions herein, and applicable laws and regulations. In addition to other restrictions on distribution, Client agrees that it will not permit SSNs obtained through the Services to be used by an employee or contractor that is not an authorized user with an authorized use. Client agrees it will certify in writing, its uses for SSNs and recertify upon request by Service Provider. Client may not, to the extent permitted by the terms of this Agreement, transfer SSNs via email or ftp without Service Provider’s prior written consent. However, Client shall be permitted to transfer such information so long as: (A) a secured method (for example, sFTP) is used, (B) transfer is not to any third-party, and (C) such transfer is limited to such use as permitted under this Schedule and the Agreement. Service Provider may, at any time and for any or no reason, cease to provide or limit the provision of SSNs to Client.
- Copyrighted and Trademarked Materials. Client shall not remove or obscure any trademarks, copyright notices or other notices contained on materials accessed through the Services.
- National Change of Address Database. Service Provider is a licensee of the United States Postal Service’s NCOALINK database (“NCOA Database”). The information contained in the NCOA Database is regulated by the Privacy Act of 1974 and may be used only to provide a mailing list correction service for lists that will be used for preparation of mailings. If Client receives all or a portion of the NCOA Database through the Services, Client hereby certifies that it will not use such information for any other purpose. Prior to obtaining or using information from the NCOA Database, Client agrees to complete, execute and submit to Service Provider the NCOA Processing Acknowledgement Form.
- Fair Credit Reporting Act. The Services provided are not provided by “consumer reporting agencies,” as that term is defined in the Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.) (the “FCRA”), and do not constitute “consumer reports” as that term is defined in the FCRA. Accordingly, the Services may not be used in whole or in part as a factor in determining eligibility for credit, insurance, employment or another purpose in connection with which a consumer report may be used under the FCRA. Further, (A) Client certifies that it will not use any of the information it receives through the Services to determine, in whole or in part, an individual’s eligibility for any of the following products, services or transactions: (1) credit or insurance to be used primarily for personal, family or household purposes; (2) employment purposes; (3) a license or other benefit granted by a government agency; or (4) any other product, service or transaction in connection with which a consumer report may be used under the FCRA or any similar state statute, including without limitation apartment rental, check-cashing, or the opening of a deposit or transaction account; (B) by way of clarification, without limiting the foregoing, Client may use, except as otherwise prohibited or limited by the Agreement or this Schedule, information received through the Services for the following purposes: (1) to verify or authenticate an individual’s identity; (2) to prevent or detect fraud or other unlawful activity; (3) to locate an individual: (4) to review the status of a legal proceeding; (5) to collect a debt, provided that such debt collection does not constitute, in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; or (6) to determine whether to buy or sell consumer debt or a portfolio of consumer debt in a commercial secondary market transaction, provided that such determination does not constitute, in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; (C) specifically, if Client is using the Services in connection with collection of a consumer debt on its own behalf or on behalf of a third-party, Client shall not use the Services: (1) to revoke consumer credit; (2) to accelerate, set or change repayment terms; or (3) for the purpose of determining a consumer’s eligibility for any repayment plan, provided, however, that Client may, consistent with the certification and limitations set forth in this Section 6, use the Services for identifying, locating, or contacting a consumer in connection with the collection of a consumer’s debt or for prioritizing collection activities; and (D) Client shall not use any of the information it receives through the Services to take any “adverse action,” as that term is defined in the FCRA.
- HIPAA. Client represents and warrants that Client will not provide Service Provider with any “protected health information,” as defined in 45 C.F.R. § 160.103, with “electronic health records” or “personal health records,” (each as defined in 42 U.S.C. §17921(5), and 42 U.S.C. § 17921(11)), or with information from such records, without the prior written consent of Service Provider.
- GLBA Regulated Credit Header Data. If the Services include GLBA regulated credit header data, then such data is subject to additional obligations and restrictions as required by Experian and as available online at https://www.lexisnexis.com/en-us/terms/supplemental.page under Section 15 (the “Experian Terms”). The Experian Terms are hereby incorporated by reference as applicable.
- Search Inquiry Data. Client agrees that Service Provider or Service Provider’s third party data providers may use Client’s search inquiry data (used to access the Services) consistent with applicable federal, state and local laws, rules and regulations.
- Service Provider Audit Rights. Client understands and agrees that, in order to ensure compliance with the FCRA, GLBA, DPPA, other similar state or federal laws, regulations or rules, regulatory agency requirements, this Schedule or the Agreement, and Service Provider’s obligations under its contracts with its data providers and Service Provider’s internal policies, Service Provider may conduct periodic reviews of Client’s use of the Services and may, upon reasonable notice, audit Client’s records, processes and procedures related to Client’s use, storage and disposal of Services and information received therefrom. Client agrees to cooperate fully with all audits and to respond to any such audit inquiry within ten (10) business days, unless an expedited response is required. Violations discovered in any review and/or audit by Service Provider may result in suspension or termination of the Agreement and any affected Services, reactivation fees, legal action, and/or referral to federal or state regulatory agencies.
- Indemnification; Limitation of Liability. Client agrees to indemnify, defend, and hold harmless Service Provider, and its officers, directors, employees, agents, personnel parents, subsidiaries, affiliates, data providers and representatives, from and against any and all first or third party claims, demands, suits, causes of action, proceedings, costs, damages, losses, liabilities, or attorneys’ fees and costs (including but not limited to settlement costs) (collectively, “Losses”) relating to Client’s receipt or use of the Data on Individuals or any breach of this Schedule by Client and whether arising in contract, tort, negligence, strict liability in tort, by statute, or otherwise. In no event shall Service Provider’s aggregate liability arising from or related to Data on Individuals exceed the fees paid by Client to Service Provider in the twelve (12) month period preceding the claim. Service Provider shall not be liable for any other Losses, including but not limited to any indirect, incidental, or consequential damages, including but not limited to any lost profits, revenues or goodwill, or special, cover, business interruption, or punitive damages (whether in contract, tort, negligence, strict liability in tort, by statute, or otherwise).
- Further Disclosure. If Client discloses any Data on Individuals to a third party, Client shall require such third party to agree to the terms of this Schedule as if a party hereto.
- Conflict of Terms. Client acknowledges that the terms of this Schedule, in the event of a conflict with the terms of the Agreement, apply in addition to, and not in lieu of, the Agreement, with respect to the Data on Individuals.
Last updated: 11/1/2024