DATA BREACH SERVICES AGREEMENT
THIS DATA BREACH SERVICES AGREEMENT (this “Agreement”) is made by and between CSIdentity Corporation (d/b/a CSID), a Delaware corporation (the “Company”), and the party identified as “Client” in the order form submitted by Client to the Company for the delivery of certain Data Breach Services. This Agreement shall be effective as of the Order Date (as also defined in the foregoing submitted order form) – this shall therefore be deemed the Effective Date The Company and Client are sometimes referred to herein as a “party” and collectively as the “parties.” The order form submitted by and signed by Client, which explicitly references the URL where this Agreement is viewable, is made a material part of this Agreement and is incorporated herein by this reference.
A. The Company is a provider of data breach services through the use of its proprietary platform (as set forth and described on Exhibit A hereto, the “Services”); and
B. The Company and Client now desire to enter into this Agreement pursuant to which the Company will provide the Services to third parties for use by Covered Persons (as defined below) residing in the United States in the event Client has a data breach incident.
NOW, THEREFORE, the parties hereby agree as follows:
1. LICENSE AND NOTICE
Subject to Client’s compliance with the terms and conditions of this Agreement, the Company hereby appoints and grants Client the non-exclusive, non-sublicensable and non-transferable license to distribute the Services to individual end-users residing in the United States who have been affected by a security or data breach or similar occurrence (the “Covered Persons”).
2. LIMITATIONS ON USE OF SERVICES
2.1. Subject to the provisions of this Agreement and after receipt of notice from Client, the Company agrees to provide the Covered Persons with access to the Services through the Company’s platform described on Exhibit A (the “Platform”) for delivery to the Covered Persons. The Services covered under this Agreement, and the procedures and deliverables for each party, are as set forth on Exhibit A, which is attached hereto and incorporated herein by reference.
2.2. Notwithstanding anything to the contrary herein, the Company reserves the right to (upon ninety (90) days’ prior written notice to Client or earlier if required by applicable Laws) modify and/or discontinue delivery of any or all of the Services, if the Company believes in good faith that it cannot provide the Services as described in this Agreement without violating applicable international, federal, state or local law, rule, regulation, ordinance, treaty or administrative or judicial pronouncement or decision or such laws, rules, regulations, ordinances, treaties or administrative or judicial pronouncements in other jurisdictions, whether in the United States or outside the United States (collectively, the “Laws”).
3. TERMS AND CONDITIONS
The Company’s obligation to provide the Services to Covered Persons shall be subject to the acceptance by such Covered Person of the Company’s then current form of End User Terms and Conditions (“Subscription Agreement”) and obtaining consent from the Covered Person for the Company to render reports and alerts about the Covered Person and provide the Services to such Covered Person.
4. INTELLECTUAL PROPERTY
4.1. The Company will have the sole and exclusive right, title and ownership in and to any and all Intellectual Property (as defined below) relating to the Platform, the Services (including, without, limitation, any and all Service outputs, such as alerts and notifications) and/or any Intellectual Property developed pursuant to this Agreement and all Intellectual Property Rights (as defined below) associated therewith.
4.2. As used herein, “Intellectual Property” means all copyrights (including software programs and related documentation), mask work rights, inventions, ideas, improvements, concepts, designs and discoveries (whether patentable or not), trademarks, service marks, trade names, moral rights and trade secrets and all reissues, divisions, continuations, continuations-in-part, renewals, derivatives and extensions of the foregoing and “Intellectual Property Rights” means any and all common law, statutory, legal, equitable and contractual rights and associated rights of action associated with the subject Intellectual Property, including, without limitation, the right to sue for, settle or release claims with respect to any past, present of future wrongful use or infringement of the subject Intellectual Property. Such Intellectual Property Rights include, without limitation, rights under trademarks and service marks, rights under trademark or service mark registrations, rights under trademark or service mark applications for registration, patent rights, rights under patent applications, common law copyrights, rights under copyright applications for registration, rights under copyright registrations, trade secrets, moral rights for all purposes and uses, or other similar property rights, whether protected under the Laws of the United States of America, or some other jurisdiction.
4.3. Client may not disassemble, reverse engineer, decrypt, decompile, create derivative works from, modify, or translate the Services, the Platform and related systems and APIs (collectively, the “CSI System”), the documentation relating thereto (the “Documentation”) or any portion or component thereof, or recreate or attempt to recreate the Service, the CSI System or the Documentation, in whole or in part by reference to the Services, the CSI System or the Documentation, or perform any process intended to determine the source code for the CSI System (or any component thereof) except to the extent that the foregoing restriction is prohibited by applicable Laws. Except as permitted pursuant to the terms of this Agreement, Client shall not sublicense, distribute, deliver, disclose or otherwise provide to a third party the Services, the CSI System or Documentation or any portion or component thereof, and any unauthorized attempt to assign, sublicense or grant other rights to the Service, the CSI System or Documentation shall be immediately and automatically void.
5. SERVICE PRICING
The parties acknowledge that the pricing set forth on the signed order form submitted by Client to Company shall not be changed by the Company during the Term. Thereafter, should the parties agree to extend this Agreement, the Company may change and/or modify such pricing with thirty (30) days’ advance written notice (which may be delivered via e-mail), but no more often than one time in any twelve (12) month period and by not more than 5% of the then current pricing for the applicable Service.
6. EXCLUSIVE AGREEMENT
In consideration of the agreement of the Company to provide the Services to Client and to charge Client at the rates set forth in the signed order form submitted by Client to Company, the Company will be Client’s exclusive provider of the Services outlined under Exhibit A. CLIENT EXPRESSLY ACKNOWLEDGES AND AGREES THAT CLIENT’S FAILURE TO COMPLY WITH THE OBLIGATIONS SET FORTH IN THIS SECTION 6 SHALL BE DEEMED A MATERIAL BREACH OF THIS AGREEMENT.
7.1. Client agrees to pay the Company the fees (the “Fees”) according to the pricing detailed within the signed order form submitted by Client to the Company, as the same may be amended, supplemented or updated in accordance with Section 5 above (which Fees are not commissions, rents, or royalties in any way, shape or form). The Fee pertaining to the Full Services Restoration Services shall be due and owing upon commence of delivery of Services by Company. The Fee pertaining to the redemption of PIN Codes for enrollment purposes shall be invoiced on a monthly basis for all PIN Codes redeemed in the prior calendar month. Client shall remit the Fees to the Company within thirty (30) days of invoicing. All remittances will be in U.S. dollars. If Client fails to pay the full amount of the charges detailed in any invoice within thirty (30) days after the invoice date, then the unpaid amounts of such invoice shall accrue interest at a rate of 1.5% per month or, if less, the maximum rate permitted by law. If Client does not make full payment of the Fees within thirty (30) days from the date of receipt an invoice, then the Company may immediately (a) deactivate the PIN Codes and cease further performance under this Agreement until such Fees are paid in full by Client, or (b) terminate this Agreement and the Covered Persons’ Subscription Agreement and access to the Services through the Platform. If any collection efforts are required, Client shall be liable for, and agrees to pay, all costs of collection, including, without limitation, attorneys’ fees, costs and expenses.
7.2. Client agrees, for purposes of sales, use, excise taxes, gross receipts in lieu of sales tax, other transaction taxes that are owed with respect to a sale of tangible personal property, intangible personal property, and/or services (as may be defined by the applicable laws or authority of the Delivery Address (as defined below)) under this Agreement, or any other similar taxes or fees assessed by any taxing jurisdiction (collectively, “Sales Taxes”), Client is the ultimate consumer and is solely responsible for all Sales Taxes. The prices set forth in the signed order form submitted by Client to Company do not include Sales Taxes, and Sales Taxes shall be charged separately. Where such a tax is required to be paid by applicable law, the Company shall designate the tax portion on the invoice, collect it from Client, and remit to the appropriate tax authorities. Client agrees to provide the Company with evidence of all Sales Tax payments associated with the sale of the Services within thirty (30) days of written request. Client shall indemnify, defend, and hold harmless the Company for any and all Sales Taxes and any damages incurred by the Company in connection with Client’s failure to properly report and remit all required Sales Taxes to the appropriate government authorities on a timely basis
7.3. This Agreement establishes the Delivery Address, the Sales Tax jurisdictions, and the delivery method for the Services purchased by Client. Both parties agree that Client’s ship-to address, electronic delivery, or primary access address for all purchases of the Services, and/or licenses (if applicable), is the Covered Person’s place of remote access as determined by IP address (if known prior to payment of Fees) or mailing address (if the IP address is not known prior to the payment of Fees but the mailing address is known) or Client’s principal place of business address in this Agreement (if both the IP address and the mailing addresses are not known prior to the payment of fees)(the “Delivery Address”). Both parties agree that the Services are intended to service Covered Persons in the United States and that the benefit from any service performed in Texas or any other state or location by the Company is for use in the Covered Person’s locale and not solely in Texas. If applicable, title, risk of loss, and the Company’s obligation to deliver the Services shall pass from the Company to Client at the Delivery Address. Sales Taxes shall be applied to purchases made by Client from the Company based on the laws or authority of the Delivery Address jurisdiction, and Sales Tax is not based on any other address identified or indicated on an invoice. Any other address or location(s) identified on an invoice (e.g., jurisdiction of usage) are for internal reference only; provided, however, that to the extent any tax authority determines, or a party is reasonably advised by its tax advisors, that this Section is not in compliance with the applicable tax law, the parties will amend this Section in conformity with such determination or reasonable advice.
8. REPRESENTATIONS AND WARRANTIES
8.1. Each party is solely responsible for ensuring, and hereby represents and warrants that the Services are provided, used and/or sold hereunder in compliance with all applicable Laws.
8.2. Client and the Company each represents and warrants to the other that (a) each has all right and authority to enter into this Agreement and perform all of its applicable obligations hereunder, and (b) neither party’s performance and obligations hereunder will be in conflict with contractual obligations either party has to any third party.
9. TERM AND TERMINATION
9.1. The term of this Agreement begins on the Effective Date and continues for a period of twelve (12) months from the Effective Date (the “Term”). Termination shall not relieve either party of obligations incurred prior thereto.
9.2. Notwithstanding anything to the contrary contained herein, this Agreement may be terminated in accordance with the following:
9.2.1. By either party upon material breach by the other party, if the party in breach fails to cure such breach within thirty (30) days from receipt of written notice from the other party.
9.2.2. By either party, by written notice to the other, if the other party becomes insolvent, makes any assignment for the benefit of its creditors, initiates liquidation or has a receiver or a trustee appointed for the benefit of creditors, whether voluntary or otherwise, or seek the protection of, or has a proceeding instituted against it, under the bankruptcy code, or any similar statute.
10. MUTUAL CONFIDENTIALITY
10.1. Each party acknowledges that it may obtain certain valuable information regarding the business of the other party during the course of this Agreement, including business plans, pricing and marketing and sales strategies, and other materials and information regarding the other party’s business operations (“Proprietary Information”).
10.2. Each party shall at all times keep and maintain the confidentiality of all Proprietary Information, and shall not use or reproduce Proprietary Information except for the purposes provided herein and shall not disclose any Proprietary Information to any third party. Each party shall inform its Affiliates, employees, agents and contractors of the nondisclosure requirements set forth in this Agreement and shall obtain their respective commitments to abide by such requirements. Each party hereto shall be responsible for the actions of any of its Affiliates, employees, agents or contractors that would constitute a violation of such party’s rights under this Section 10.2 if such violation had been committed directly by such party. For purposes of this Agreement, the term “Affiliates” is defined as any entity controlled by, under common control with or that controls the applicable party, where “control” means ownership of fifty percent (50%) or more of the ownership interest of an entity.
10.3. Subject to compliance with applicable Law and except as otherwise permitted under this Agreement, each party agrees not to disclose any Consumer Data (as defined below) (i) to anyone except its employees and agents (inclusive of Affiliates) with a need to know in order to enable that party to perform its duties and obligations under this Agreement and (ii) consistent with the requirements of the Subscription Agreement. Each party agrees to use diligent efforts, and at least the same degree of care it uses to protect its own Proprietary Information, to prevent unauthorized use or disclosure of the Consumer Data and to advise such party’s employees, agents and contractors of such party’s obligations with respect to the protection of the Consumer Data and obtain such employees’, agents’ and contractors’ commitment to the confidential treatment and restrictions on use of the Consumer Data. Each party hereto shall be responsible for the actions of any of its employees, agents or contractors that would constitute a violation of such party’s rights under this Section 10.3 if such violation had been committed directly by such party. As used herein, “Consumer Data” means all information or data, in whatever form, provided by either party to the other in connection with this Agreement concerning or relating to any Covered Person, including, without limitation, names, addresses, telephone numbers, other identifying information, and information relating to personal characteristics, preferences, or credit.
10.4. The provisions of this Section 10 will survive the expiration or termination of this Agreement or any sale and/or license created hereunder.
11. DISCLAIMERS AND OTHER LIMITATIONS
11.1. CLIENT HEREBY ACKNOWLEDGES AND AGREES THAT THE SERVICES PROVIDED BY COMPANY ARE INTENDED AS ELECTIVE AND OPTIONAL OFFERINGS WHICH CLIENT HAS ELECTED TO OFFER TO COVERED PERSONS. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES SET FOR IN SECTION 8 ABOVE, COMPANY MAKES NO OTHER WARRANTIES UNDER THIS AGREEMENT AND COMPANY FURTHER DISCLAIMS ANY AND ALL IMPLIED WARRANTIES REGARDING THE SERVICES, INCLUDING ANY WARRANTY OF ACCURACY, VALIDITY, OR COMPLETENESS OF THE SERVICES, OR ANY WARRANTY REGARDING CLIENT’S USE OF A SERVICE IN AN EFFORT TO COMPLY WITH LAW. THE SERVICES ARE NOT INTENDED TO, AND COMPANY EXPRESSLY DISCLAIMS ANY WARRANTY OR GUARANTEE THAT THE SERVICES WILL ENABLE CLIENT TO COMPLY WITH ANY LAW OR MITIGATE DAMAGES (INCLUDED BUT NOT LIMITED TO THOSE RELATED TO A DATA LOSS EVENT) OR AVOID ANY OTHER CONSEQUENCES OF A DATA LOSS EVENT OR FAILURE BY CLIENT TO INSTITUE PROPER SECURITY MEASURES. THE COMPANY DOES NOT OFFER ANY LEGAL ADVICE WHATSOEVER TO CLIENT RELATED TO ANY DATA BREACH INCIDENT AFFECTING COVERED PERSONS AND IT IS UNDERSTOOD AND AGREE THAT COMPANY’S PROVISION OF SERVICES HEREUNDER CANNOT SUBSTITUTE FOR THE ADVICE OF AN ATTORNEY.
11.2. IN NO EVENT SHALL THE COMPANY BE LIABLE TO CLIENT, UNDER ANY LEGAL OR EQUITABLE THEORY, FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL OR INDIRECT DAMAGES OF ANY KIND, INCLUDING LOST PROFITS AND LOST SALES, SUFFERED BY OR OTHERWISE COMPENSABLE TO CLIENT, ARISING OUT OF, UNDER OR RELATING TO THIS AGREEMENT, WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
11.3. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, THE COMPANY’S AGGREGATE LIABILITY TO CLIENT AND/OR ITS AFFILIATES FOR DAMAGES (i) CONCERNING THE PERFORMANCE OR NON-PERFORMANCE BY THE COMPANY OF ITS OBLIGATIONS HEREUNDER, OR (ii) IN ANY WAY RELATED TO OR ARISING OUT OF OR IN CONNECTION WITH THE SUBJECT MATTER OF THIS AGEEMENT (INCLUDING THE PROVISION OF THE SERVICES, AND INCLUDING PURSUANT TO THE COMPANY’S INDEMNIFICATION OBLIGATIONS SET FORTH UNDER THIS AGREEMENT), REGARDLESS OF WHETHER THE CLAIM FOR SUCH DAMAGES IS BASED ON CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED AN AMOUNT EQUAL TO THE FEE PAID BY CLIENT TO THE COMPANY UNDER THE APPLICABLE ORDER FORM SUBMITTED BY CLIENT TO COMPANY FOR THE DELIVERY OF SUCH SERVICES.
12.1. Client will indemnify, defend, and hold the Company, its Affiliates and parent companies, and their respective directors, officers, shareholders, employees and agents (collectively, the “Company Indemnified Parties”), harmless from and against any and all liabilities, damages, losses, claims, costs and expenses (including by way of example only, the Company’s costs of responding to a subpoena in any cause of action where Client is a named party), including reasonable attorneys’ fees (collectively, “Damages”), which may be asserted against or incurred by any of the Company Indemnified Parties, arising out of or resulting from (i) any claim related to Client’s data breach, including, but not limited to, a claim arising from any relationship between Client and Covered Persons (contractual, at Law or otherwise), Client’s failure to maintain security measures or comply with any local, state or federal law, rule or regulation (including any claim that the Services are inadequate for Client to comply with the same), (ii) Client’s misconduct or disregard of ordinary care in performing any of its obligations hereunder, or (iii) Client’s breach of any provisions of this Agreement.
12.2. The Company will indemnify, defend, and hold Client and its directors, officers, shareholders and, agents (the “Client Indemnified Parties”) harmless from and against any and all Damages, which may be asserted against or incurred by Client or any of the Client Indemnified Parties, arising out of or resulting from: (i) any material breach of the Subscription Agreement by Company; (ii) any material breach of Company’s obligations, representations or warranties under this Agreement; or (iii) any failure by Company to comply with any applicable local, state or federal law, rule or regulation.
12.3. In order for a party seeking indemnification under this Agreement (the “Indemnified Party”) to be entitled to any such indemnification, the Indemnified Party must provide prompt written notice of the claim to the party obligated to provide such indemnification (the “Indemnifying Party”). Such notice shall be no less than thirty (30) calendar days from the date the Indemnified Party knew or reasonably should have known of the claim. After receipt of such notice, the Indemnifying Party shall have the right to assume sole control over the defense, compromise or settlement of the claim at its expense; provided, however, that the Indemnifying Party shall not consent to the entry of any judgment or enter into any settlement that provides for non-monetary relief without the consent of the Indemnified Party. The Indemnified Party may, at its sole option, and at its own expense, engage separate counsel to participate in (but not control) the defense, compromise or settlement of the claim. The Indemnified Party shall provide to the Indemnifying Party all information, assistance and authority reasonably requested in order to evaluate the claim and effect any defense, compromise or settlement thereof. If the Indemnifying Party chooses not to assume the defense of the claim as provided herein, the Indemnified Party may defend, compromise or settle the claim in any manner it reasonably deems appropriate, provided that the Indemnifying Party shall remain responsible for paying the Indemnified Party’s reasonable legal fees and expenses incurred in defending, compromising or settling the claim.
13. RELATIONSHIP OF THE PARTIES
13.1. This Agreement shall not be deemed to establish any agency, joint venture, partnership relationship or any other association whatsoever between the parties.
13.2. Each party shall be responsible for the payment of all employee compensation, benefits and employment and other taxes pertaining to its employees and business, including, but not limited to, the Fair Labor Standards Act, Federal Insurance Contribution Act, the Social Security Act, the Federal Unemployment Tax Act, the provisions of the Internal Revenue Code, all state and local taxes.
13.3. Neither party shall have the authority to legally bind the other to any contract, proposal or other commitment or to incur any debt or create any liability on behalf of the other.
14. PROPRIETARY RIGHTS
14.1. Each of the Company and Client acknowledges that the other owns certain Intellectual Property used in the performance of this Agreement. Each of the Company and Client specifically disclaims any ownership or other right with respect to the Intellectual Property of the other.
14.2. Except as expressly provided herein, neither party grants or transfers to the other, nor does the other party obtain, any right, title, claim, license or other interest in or to any of the Company or Client Services, Intellectual Property, information, consumer information database, systems, forms manuals or other proprietary information utilized or provided by the other party. Each party expressly prohibits any direct or indirect use, reference to, or other employment of its name, trademarks, service marks or trade names licensed to the other party, except as expressly authorized in writing by such party.
14.3. Each party shall not remove, alter, modify or destroy either party’s trademarks, trade names, logos, insignia, lettering or any related copyright notices, trademarks or other proprietary markings on, or included with, any Service, promotion and/or advertising materials without the other party’s express written consent.
14.4. Each party will, on termination of this Agreement, or upon request of the other party, discontinue its use of the other party’s name, trademarks, trade names, logos, insignia, lettering or any related copyright notices, trademarks or other proprietary markings on, or included with, any Service whether on any stationery, invoices, promotion material or otherwise.
15. MISCELLANEOUS TERMS AND CONDITIONS
15.1. Neither party may assign its rights or obligations under this Agreement without the written consent of the other party, except in the case of the acquisition of a party by merger, stock sale or a purchase of all or substantially all of such party’s assets, in which case the prior consent of the other party is not required. Any attempted assignment that is prohibited under this section shall be null and void. This Agreement will bind and inure to the benefit of each party’s successors and permitted assigns approved by the other party in writing, except as provided above.
15.2. This Agreement and its Exhibits constitute the full and complete understanding and agreement of the parties and supersedes all prior negotiations, understandings and agreements pertaining to the subject matter hereof. Any waiver, modification or amendment of any provision of this Agreement, or its Exhibits will be effective only if in form of a written amendment to this Agreement and signed by both parties.
15.3. The following provisions will survive expiration or termination of the Agreement: fees, indemnity obligations, confidentiality obligations, provisions limiting liability and disclaiming warranties, provisions regarding ownership of intellectual property, these miscellaneous provisions, and other provisions that by their nature are intended to survive expiration or termination of the Agreement.
15.4. Each party acknowledges and agrees that any breach of this Agreement with respect to the other party’s intellectual property rights or Proprietary Information could cause such other party to incur irreparable harm and significant injury that would be difficult to ascertain and would not be compensable by damages alone. Accordingly, each party acknowledges and agrees that, in addition to any and all remedies that the non-breaching party may have at law or otherwise with respect to such a breach, the non-breaching party will be entitled to seek specific performance, an injunction or other appropriate equitable relief.
15.5. Any and all notices given under the provisions of this Agreement must be delivered personally, given by mail or courier, or sent by fax or e-mail.
Notices to the Company shall be directed to:
1501 South MoPac Exp., Suite 200
Austin, Texas 78746
Attn: Joe C. Ross, President
Facsimile: (512) 532-9380
With a copy to:
1501 South MoPac Exp., Suite 200
Austin, Texas 78746
Attn: John A. Menchaca, Esq.,
Facsimile: (512) 532-9380
Notices to Client shall be directed to: Client’s address detailed on the order form submitted by Client.
The parties may change their respective addresses and addressees by written notice to the other party, sent as provided in this subsection. All notices must be in writing.
15.6. No delay or omission or failure to exercise any right or remedy provided for herein will be deemed to be a waiver thereof and any single or partial exercise of any such right or remedy, power or privilege will not preclude any later exercise thereof.
15.7. In the event that any provision of this Agreement is held to be invalid, illegal or unenforceable under present or future Laws, then such provision will be fully severable and this Agreement will be construed and enforced as if such invalid, illegal or unenforceable provision were not a part hereof.
15.8. The headings of Sections herein are for convenience only and will not be deemed to affect in any way the scope, intent or meaning of the provisions to which they refer.
15.9. This Agreement shall be governed and construed in accordance with the laws of State of California, without resort to the conflict of law principles thereof. Both parties hereby irrevocably consent to the exclusive venue and jurisdiction of the courts located in Orange County, California, whether federal, state or local, with respect to any actions brought to enforce or interpret this Agreement (or the relationship of the parties contemplated hereby), and such courts shall serve as the exclusive venue and jurisdiction for any action arising out of this Agreement or the relationship of the parties contemplated hereby. The Prevailing Party in any legal proceeding based on or arising from or in connection with this Agreement may recover reasonable attorneys’ fees, investigation costs, and other costs incurred in connection with such legal proceeding from the party that is not the Prevailing Party, in addition to any other relief to which such Prevailing Party is entitled. The reasonableness of such costs and attorneys’ fees shall be determined by the court and not the jury. As used herein, the term “Prevailing Party” means that the court finds and/or declares that the applicable party is the prevailing party, whether or not that party obtains monetary, declaratory, injunctive, equitable or nominal relief. With respect to any monetary claim, no award of damages shall be necessary in order for a party to be found by the court to have prevailed. With respect to any non-monetary claim, no equitable relief shall be necessary in order for a party to be found by the court to have prevailed. This subsection shall survive the expiration or termination of this Agreement.
15.10. Neither party will be responsible for any failure or delay in its performance under this Agreement (except for any payment obligations) due to causes beyond its reasonable control, including, but not limited to shortages of or inability to obtain energy, raw materials or supplies, war, terrorism, riot, acts of God or governmental action.
15.11. To the extent there is any inconsistency or conflict between this Agreement and any Exhibit, this Agreement shall control.
15.12. Each party represents to the other that, as deemed necessary by such party, this Agreement has been reviewed by each party and its legal and other advisors, and such party has had an opportunity to make all relevant inquiries and receive sufficient responses relating to this Agreement.
CyberAgent® is CSID’s proprietary Internet surveillance technology that monitors Internet activity for the trading and/or selling of a Covered Person’s personal information. CyberAgent® searches networks, chat rooms, thousands of websites and millions of data points worldwide for stolen identity credentials, finding data regardless of nationality or location.
When compromised data is identified, bots are triggered to grab full identity strings. This unique data is then collected and stored by CSID. Once a match with a Covered Person is found, CSID delivers to the Covered Person an alert of the matched elements or identity string.
Covered Persons may submit the following elements for monitoring:
- 1 Social Security number
- 1 Driver’s license number
- 1 Passport number
- 10 Email addresses
- 10 Telephone numbers
- 10 Medical ID numbers
- 10 Credit/Debit card numbers
- 10 Bank Account numbers
- 10 Retail Credit Cards
- 10 International Bank Account Number (IBAN)
- 1 National Identification Number
- Supported National Identifiers include:
- Australia – Tax File Number
- Brazil – Cadastro de Pessoas Fisicas
- Canada – Social Insurance Number
- France – INSEE code
- Steuereliche (Tax Payer ID Number)
- Identifikationsnummer or Steuer – IdNr
- Supported National Identifiers include:
- Italy – Codice Fiscale
- Poland – Powszechny Elektroniczny System Ewidencji Ludności (PESEL)
- Turkey – Türkiye Cumhuriyeti Kimlik Numarası
- UK – National Insurance Number
CyberAgent®’s database is updated on a daily basis.
Identity Theft Insurance
Identity Theft Insurance will reimburse Covered Persons residing in the United States and outside the United States for certain ancillary expenses associated with restoring their identity should they become a victim of identity theft after such Covered Person is properly enrolled. The Company has been issued a policy that covers eligible expenses for up to $1,000,000, with no deductible, from an A.M. Best “A-rated” carrier, subject to the terms, limits and/or exclusions of the policy. The insurance policy issued to CSID will reimburse the Covered Person for certain reimbursable expenses in accordance with the policy’s terms. Covered Persons must make claims for reimbursement in accordance with the terms and condition of the policy, which claims procedure and other delivery requirements will be mutually agreed to by the parties and conducted in accordance with the terms of the policy and applicable state insurance law and regulations.
Full Service Identity Restoration
Full Service Identity Restoration includes the assignment of a certified Identity Theft Restoration Specialist to work on behalf of the Covered Person. The Identity Restoration Specialist obtains a Limited Power of Attorney from the Covered Person allowing the Restoration Specialist to work on behalf of the Covered Person to investigate alerts, dispute fraudulent events, and return the Covered Person to a pre-theft status.
Call Center Enrollment Assistance
The CSID Call Center provides enrollment support to our customers to aid the Covered Person with activation of the identity protection and fraud detection technologies and services. The Call Center Staff is available to customers 24 hours a day, 7 days a week. Our services are innovative, flexible and can be offered as customized support solutions to meet client requirements. CSID has four support centers in North America providing English, Spanish and French language support. Each center is PCI certified. All of our support staff are FCRA/FACTA certified and our restoration staff is CITRMS certified.
Web Landing Page
Provide HTML of the Web site landing page and URL, notification letter and FAQ’s. Build and host a standard Web Site for the purpose of enrolling the Covered Persons.
Description of Standard CSID Breach Protector Portal: Secure online enrollment interface and alert notification:
A. Online Covered Person enrollment interface providing the following capabilities:
- Secure URL and enrollment page that captures the following information provided by the Covered Person:
a. Unique code for Covered Person to enroll in Company Services (“Code”)
b. Covered Person’s first and last name
c. Covered Person’s email address
- Welcome page:
a. Confirms enrollment
b. Provides customer service contact phone number
B. Service Activation PIN Codes (“PIN Codes”)
- The Company will generate random, non-sequential PIN Codes in sufficient quantity so at least one PIN Code is generated per number of Covered Persons as determined by Client.
- PIN Codes will consist of alpha-numeric characters
- PIN Codes will be one-time use only codes
C. Delivery of welcome email informing Covered Persons that they have successfully enrolled in the Services, along with description of services to be provided to user and contact information for the Company.
D. Client will promptly notify the Company if Client loses any PIN Codes or if such PIN Codes are exposed to third parties (other than the Covered Persons). If this occurs, the Company will replace the lost or exposed PIN Codes with new PIN Codes.
CSID Breach Protector:
CSID’s Breach Protector Service Bundle is comprised of the following Services:
- CyberAgent® monitoring and alerts
- $1.0 million of identity theft insurance
- Full service restoration
Coverage Periods: Covered Persons will receive 12 months of full service restoration Services, measured from the date of notification (but subject to the terms below). With respect to CyberAgent® monitoring and identity theft insurance, Covered Persons will receive 12 months of coverage, measured from the date the PIN Code is activated and the Covered Person enrolls in the Services, provided that the Covered Person enrolls during the Enrollment Window described below. If the Covered Person timely enrolls and is eligible to receive 12 months of coverage for CyberAgent® monitoring and insurance, then the coverage period for the full service restoration Services will be automatically extended to match the coverage period for CyberAgent® monitoring and insurance.
Enrollment Window: Covered Persons may enroll in the Services only for the time period set forth in the accompanying order form submitted by Client, and all PIN Codes will expire and be of no further force and effect after such date.
Enrollment Process for CSID Breach Protector: To enroll eligible Covered Persons in the Services, the Client will notify eligible individuals by physical mail (as described below), with a description of the service bundle being offered, a single use enrollment PIN Code and enrollment URL and an 800 number (i.e., a “toll free” number) for such individuals to call into the Company’s Member Services team to receive any additional enrollment assistance as needed.
For delivery of notifications to Covered Persons Client may:
(i) opt to convey these notifications themselves or via use of a Client subcontractor,; or
(ii) request that an Affiliate of the Company (known as Experian Consumer Services) be retained in order to facilitate the delivery of such notifications. If Client elects this option then Client will be required to complete supplementary order documentation AND Client will provide that Affiliate of Company the text of the notification letter, the name and address of the Covered Persons, and such other information as the Affiliate of Company may require to send such notifications.
Regardless of delivery methodology elected by Client, Client will provide CSID Member Services a roster of eligible persons in advance of the notification process to eligible individuals. For purposes of clarity, in no event shall Company be obligated for delivery of PIN Codes or notification letters to Covered Persons.
Call Center Costs: Call Center Costs are included in the activation price and cover enrollment assistance only.