Digital Banking Service Terms
Last Updated: 21-Jan-2026
These Service Terms are incorporated into the CSI Supplemental Agreement for Digital Banking Platform Services (CSI Supplemental Agreement). By using the Digital Banking Services, Customer agrees to be bound by the provisions of these Service Terms. Capitalized terms used in these Service Terms but not defined below shall have the meanings assigned in the CSI Supplemental Agreement or the Master Services Agreement between Customer and Computer Services, Inc. (Agreement). In the event of a conflict between these Service Terms and the terms set out in the body of the Agreement, these Service Terms shall control. These Service Terms may be modified by CSI from time to time; provided however, no modification of these Service Terms will be binding until the Parties execute an amendment to or restatement of the CSI Supplemental Agreement or CSI otherwise provides written notice to Customer.
PART I: Customer Terms
1 Digital Banking Services Universal Terms
1.1 Technical Requirements. Customer acknowledges that the ability of Clients, Customer employee users of the Digital Banking Services, and any other end users of Digital Banking Services associated with Customer (collectively, Users) to access the Digital Banking Services is dependent upon continuous access to the necessary telecommunications and Internet services. Customer further acknowledges that the proper functioning of the Digital Banking Services requires properly integrated, configured, and operational Customer Systems meeting such minimum system requirements as may be communicated to Customer in writing or set forth in documentation. Customer Systems means information technology infrastructure owned, licensed, or engaged by Customer for the conduct of its business, including its hardware, software, databases, systems, networks and services, whether operated directly by Customer or by its third-party service providers, but excluding the Digital Banking Services, CSI Systems (defined below), and CSI intellectual property. Customer has and shall retain sole responsibility for all Customer Systems. CSI is neither responsible nor liable for the performance, security, operation, or maintenance of any Customer Systems.
1.2 Connectivity and Network Hardware. CSI may specify minimum bandwidth and connectivity specifications and communications protocols required to access the Digital Banking Services and interface with CSI computing systems, software, endpoints, interfaces, tools, and any other technology infrastructure used to deliver the Digital Banking Services (CSI Systems). Customer authorizes CSI to acquire necessary hardware and software required for the CSI Systems to integrate to and interface with Customer Systems. To the extent necessary to provide the Digital Banking Services, CSI may furnish Customer a network router in order to encrypt the exchange of information between the CSI System and Customer Systems. To the extent the router is in Customer’s custody or control, Customer will be responsible for physical security of the router and other hardware and shall ensure the router is located behind a firewall. Customer will be responsible for fees and expenses associated with (i) troubleshooting problems with CSI-provided network hardware and/or software which are due to improper use, and (ii) replacement of or upgrades to routers and related hardware and software. The router and any other hardware provided to Customer shall be exclusively dedicated to supporting the Digital Banking Services. Customer is responsible for procuring and maintaining all other hardware and software necessary to establish and maintain connectivity between the Customer Systems and CSI Systems. From time to time, CSI may amend hardware and software specifications, at its discretion, to ensure compatibility with the CSI Systems.
1.3 Third-Party Providers. Certain features, functions, and other aspects of the Digital Banking Services may be supported, enabled, or provided by third-party service providers engaged by CSI (Third-Party Providers). Customer and Client shall use and access Digital Banking Services subject to and in compliance with the then-current end user terms and conditions prescribed or presented by the Third-Party Providers associated with the Digital Banking Services. Digital Banking Services may be provided through a website and supporting technology infrastructure maintained by Third-Party Providers (the TPP Site). Customer is responsible for providing all content required to implement and configure the TPP Site in accordance with the Third-Party Provider’s then-current development guidelines and format requirements. The TPP Site, together with associated URLs, design elements, and features are the exclusive property of CSI or the Third-Party Provider. Customer represents and warrants that it holds valid trademarks, copyrights, or licenses to any and all text, images, or other content it supplies for display through the Digital Banking Services and/or a TPP Site. Customer grants CSI and its Third-Party Providers a non-exclusive, royalty-free license to display the text, images, and other content through and in connection with the Digital Banking Services. Customer shall indemnify, defend and hold CSI, its Affiliates, Third-Party Providers, and their respective Affiliates, harmless from and against any claim brought against CSI, its Affiliates, Third-Party Providers, or their Affiliates, alleging that Customer-provided text, images, or other content infringe, misappropriate or violate a third party’s intellectual property rights.
1.4 Dependencies. CSI’s ability to perform or provide the Digital Banking Services may depend on action by Customer or its third-party service providers (Customer Vendors) including, without limit, providing suitable access to systems, providing adequate information or instructions, or providing reasonable advance notice of changes in systems or service providers (each a Dependency). Dependencies shall include, without limit, (i) a failure by Customer or Customer Vendors to reasonably cooperate with CSI, (ii) a failure by Customer to Test the Digital Banking Services, (iii) a failure by Customer to provide suitable resources or cooperation in connection with the implementation or maintenance of the Digital Banking Services, (iv) issues or disruptions caused by changes in Customer processes and operations, or (v) issues or defects attributable to the configuration, performance, or adequacy of Customer Systems. Customer will promptly resolve any Dependencies and will provide reasonable advance written notice to CSI concerning any changes to Customer Systems and Customer Vendors which may have an impact on the provision or functionality of the Digital Banking Services. Customer will provide CSI with at least 90 days’ prior written notice of any material changes to Customer Systems requiring regression or other testing of Digital Banking Services or files.
1.5 Changes to Digital Banking Services and Systems. CSI may update, upgrade, or modify the Digital Banking Services or the CSI Systems used to deliver the Digital Banking Services from time to time, provided that no update, upgrade, or modification shall materially degrade the use, functionality, or security of the Digital Banking Services. Access to upgraded Digital Banking Services which expand features and functions, improve experience, or address changes in legal requirements may be subject to an amendment to the CSI Supplemental Agreement confirming Customer’s subscription to upgraded Digital Banking Services and memorializing associated fees and charges.
1.6 Discontinuation. CSI may, in its discretion, discontinue or substantially reduce or limit features, functionality, or other aspects of the Digital Banking Services (Discontinuation). CSI shall use commercially reasonable efforts to provide Customer with at least 60 days’ advance written notice of a Discontinuation. In the event of a Discontinuation, the Parties shall negotiate in good faith to adjust fees in a manner commensurate with the impact of the Discontinuation, considering factors such as market trends as well as user activity and volumes across all CSI customers. Any financial adjustment must be memorialized in a written amendment to the CSI Supplemental Agreement in order to be effective. The Parties agree that a Discontinuation shall not constitute a breach of the Agreement or the CSI Supplemental Agreement.
1.7 Clients and Client Agreements. Prior to permitting a Client to access or use the Digital Banking Services, Customer will require each Client to enter into an agreement governing the relationship between Customer and Client as it relates to the applicable Digital Banking Services (Client Agreement). Client Agreements will include restrictions and requirements concerning access to and use of the Digital Banking Services which are consistent with the restrictions and requirements set out in the Agreement, the CSI Supplemental Agreement, and these Service Terms. Further, CSI may, from time to time, prescribe certain provisions or clauses for inclusion in Client Agreements. To the extent that CSI requires specific or revised language or terms in Client Agreements, Customer will promptly update such agreements upon CSI’s written request. Customer will ensure that any access to or use of the Digital Banking Services by its Clients is in accordance with the provisions of the Agreement, the CSI Supplemental Agreement, and these Service Terms and shall be responsible and liable for any misuse of the Digital Banking Services by its Users. For the avoidance of doubt, Customer shall be solely responsible for the drafting, dissemination, updating, content, and enforcement of its Client Agreements. Customer shall indemnify, defend, and hold CSI and Third Party Providers harmless from and against all claims, actions, and demands, and from all liability, damages and losses relating thereto, that arise, directly or indirectly, out of or as a result of Customer’s failure to establish and enforce adequate Client Agreements with its Clients. In the event that Client Agreements are displayed and/or acknowledged through, within, or by way of this Digital Banking Services, then any post-Production changes to such Client Agreements or related configurations shall be subject to additional fees at CSI’s then-current professional fees rates.
1.8 Relationships with Clients. Customer shall have sole discretion to determine pricing it charges Clients for use of the Digital Banking Services (Client Pricing). Under no circumstances shall CSI participate in determining Client Pricing. The Customer shall have the discretion to change its Client Pricing without notice to CSI and shall be solely responsible for compliance with all legal requirements applicable to any such changes. Prior to providing a Client with access to the Digital Banking Services, Customer will ensure that Clients receive and properly acknowledge all disclosures, notices, documents, and consents (including, without limit, account agreements, Client Agreements, consents related to Client personal information, and consents and notices related to the receipt of SMS/MMS, email or other communications) that the Customer deems necessary or advisable under applicable legal requirements. Customer is solely responsible for the accuracy, completeness and legal compliance of any disclosures, descriptions, or prompts for consent it provides to Clients. Except as specifically set out in the CSI Supplemental Agreement, Customer will be responsible for managing all contact and communication with Clients, including, without limit, sales, training, implementation, customer care, system support, and communications. Customer shall be responsible for regularly screening Clients and transactions against all sanctions/restricted list published by any United States governmental authority, including the Bureau of Industry and Security’s Denied Persons list and the Office of Foreign Assets Control’s Specially Designated Nationals and Blocked Persons list and prohibited countries list, (Restricted Lists) and comply with any sanctions or restrictions relating to Clients or the transactions of Clients. Customer shall ensure that its privacy notices and published privacy policies contain statements which are consistent with Customer’s business practices and which conform to legal requirements as well as applicable industry guidelines and rules, including, without limit, guidelines, rules, and requirements published and enforced by Apple and Google in connection with their mobile application stores and platforms (e.g. the Apple App Store and Google Play Store) as well as rules and requirements imposed by applicable text message campaign registries and authorities. Customer acknowledges that adherence of its privacy notices and policies to the foregoing requirements may constitute a Dependency which may prevent CSI from updating, deploying, and providing a mobile banking application or text messaging campaign on behalf of Customer.
1.9 No Compliance Advice. CSI will not provide Customer with legal, regulatory, or compliance advice in connection with the Digital Banking Services. Any sample forms, disclosures, default or suggested configurations, default or suggested limits, statements of industry best practice, Client Agreements or other documentation (collectively, Sample Materials) shared or made available to Customer by CSI are provided solely for illustrative purposes. Use of such Sample Materials, in whole or in part, shall at all times remain subject to Customer’s independent business and legal judgment and discretion.
1.10 Network Rules. Network Rules shall mean the mandatory rules of any applicable payments association, network, or organization, including, without limit, VISA, MasterCard, or the National Automated Clearing House Association. Customer will comply with all Network Rules applicable to the Digital Banking Services and will not initiate, or permit Clients to initiate, any payment transactions through the Digital Banking Services in violation of legal requirements or Network Rules.
1.11 Further Customer Responsibilities. Customer is responsible for (i) acquiring, maintaining, and paying all costs associated with Customer telecommunications services, internet services, network services, and third-party integrations necessary to enable, access, and use of the Digital Banking Services; (ii) all information, instructions, and materials provided by or on behalf of Customer or any User in connection with the Digital Banking Services; (iii) the security and use of Customer’s and its Users’ user names, passwords, identification numbers or codes, security tokens, multi-factor authentication mechanisms, API keys, or other credentials (collectively Access Credentials); and (iv) all access to and use of the Digital Banking Services directly or indirectly by or through the Customer Systems or its Users’ Access Credentials.
1.12 Suspension of Digital Banking Services. CSI may suspend provision of and Customer’s and any and all Clients’ access to the Digital Banking Services without liability in the event (a) CSI identifies a reasonable threat to the technical security or technical integrity of CSI Systems related to Customer’s or a Client’s use of the Digital Banking Services; (b) CSI reasonably determines that Customer’s or a Client’s use of the Digital Banking Services could adversely impact the CSI System or Digital Banking Services or subject CSI to third-party liability; (c) CSI reasonably determines that use of the Digital Banking Services could be fraudulent or in violation of legal requirements; (d) CSI reasonably determines that Customer or a Client has violated any provision of Section 3 of these General Terms; or (e) Customer fails to timely fulfill any of its obligations under Section 6 of these General Terms. CSI shall provide advance or contemporaneous written notice to Customer of any such suspension whenever practicable. Such notice shall include an explanation of the reason or reasons that Digital Banking Services have been suspended. A suspension of Digital Banking Services shall be reasonably tailored in scope, Client impact, and duration relative to the underlying basis for such suspension, and the Parties shall collaborate in good faith to promptly resolve all issues giving rise to the suspension of Digital Banking Services.
1.13 Customer Data. Customer Data means all information, data, text, images, and other content submitted, posted, transmitted, uploaded or otherwise provided by Customer or Clients through, or transferred, received or processed by the Digital Banking Services, including personal information, account information, and transaction information. Customer and Clients must furnish accurate and complete Customer Data to enable proper functioning and use of the Digital Banking Services. Customer has and shall retain sole responsibility for the accuracy, quality, and availability of Customer Data provided to CSI or Third-Party Providers. Customer expressly authorizes CSI to access and use Customer Data, including all Customer Data accessible through the CSI core banking system for the purposes set forth in the Agreement, the CSI Supplemental Agreement, these Service Terms, including the performance, improvement, or development of Digital Banking Services. Further, Customer acknowledges and agrees that CSI may share Customer Data related to specific Clients with third-party applications and organizations pursuant to such Clients’ express consent and instructions and in accordance with legal requirements. Customer, for itself and any of its applicable Affiliates, represents to CSI that Customer has obtained consents and authorizations from Customer’s Clients which are sufficient to legally authorize CSI and its Third-Party Providers to use Customer Data for the purposes described in the Agreement, the CSI Supplemental Agreement, and these Service Terms.
1.14 Hosting and Storage of Customer Data. CSI shall employ a redundant and geographically diverse cloud infrastructure in support of the Digital Banking Services and associated data stores. CSI will ensure the storage of all Customer Data on secure systems and devices located in the United States.
1.15 Record Retention; Compliance. CSI will retain and dispose of Customer Data and related materials in accordance with its current record retention policy and standard procedures for the deletion of data from its operational data stores. For the avoidance of doubt, the Digital Banking Services shall not function as Customer’s system of record for banking transactions, customer identification programs or processes, Bank Secrecy Act compliance, Network Rules compliance, AML compliance, Regulation E compliance, or any other purpose not expressly recited within the CSI Supplemental Agreement.
1.16 Analytical Data. CSI or its Third-Party Providers may use Customer Data to generate Analytical Data. Analytical Data means information, data and other content that is obtained, aggregated, or derived by or through the Digital Banking Services from processing specific Customer Data sets and elements. Analytical Data may be used by CSI or its Third-Party Providers in furtherance of the provision, improvement, monitoring, benchmarking, or development of Digital Banking Services and supporting analytical models. Analytical Data which has been processed such that any constituent Personal Information cannot be identified from the inspection, analysis, or further processing of such information, data, or content shall constitute CSI intellectual property. CSI will not be required to return or destroy Analytical Data upon expiration or termination of the Digital Banking Services, and CSI or its Third-Party Providers may continue to use Analytical Data for the purposes contemplated by this Section 1.16.
1.17 Intellectual Property; Feedback. The term CSI IP means all intellectual property or proprietary rights, including but not limited to copyrights, moral rights, trademarks (trade names and service marks), patents (including patent applications) and trade secrets associated with (i) CSI’s marketing and business activities, (ii) CSI Confidential Information, (iii) Analytical Data, (iv) the Digital Banking Services, Software, CSI Systems, or Documentation, (v) any modifications to or extensions of the Digital Banking Services, Software, CSI Systems, or Documentation, (vi) all processes, methods, or technologies used to perform the Digital Banking Services, and (vii) all ideas, concepts, know-how, works of authorship, inventions, or other intellectual property created or conceived by CSI in connection with the Digital Banking Services, Software, CSI Systems, or Documentation. As between Customer and CSI, CSI owns all CSI IP. Other than the licenses expressly granted in the Agreement or the CSI Supplemental Agreement, neither Customer nor Users have any right, title, interest, claim or license (express or implied) in or to any CSI IP. If Customer or its employee Users provide CSI with suggestions, comments or feedback (whether orally or in writing) with respect to the Digital Banking Services, Software, CSI Systems, or documentation (Feedback), Customer acknowledges that any and all rights in such Feedback shall belong exclusively to CSI and shall be considered CSI IP. Customer irrevocably transfers and assigns to CSI all rights in Feedback and waives any and all moral rights that Customer or its employee Users may have in respect to Feedback. CSI may use or decline to use Feedback in its sole discretion. Customer grants to CSI and its Third-Party Provider a worldwide, non-exclusive, royalty-free, fully paid up, sublicensable right and license, during the Term, to use, reproduce and display Customer trademarks, service marks, logos and other branding (Customer Branding) in connection with performance of the Digital Banking Services. The foregoing license includes the right to make modifications to size, format or other aspects of the Customer Branding solely as necessary to incorporate or include such Customer Branding within the Digital Banking Services.
1.18 Penetration and Vulnerability Testing. Customer will not conduct and will ensure no third party conducts penetration testing, load testing or vulnerability scans of the Digital Banking Services or CSI Systems without CSI’s prior written consent. Customer will not attempt and will ensure no Users attempt to circumvent or disable any of the security features of the CSI Systems or Third-Party Provider products or systems. Customer will not provide the Digital Banking Services to any third party as a time-sharing service, service bureau, or consortium. Customer will neither disclose the results of any benchmarking of any Digital Banking Services nor use such results for its own technology development activities without the prior written permission of CSI.
1.19 AI Systems. AI System means any machine-based system that, for any explicit or implicit objective, infers from the inputs the system receives how to generate outputs, including content, decisions, predictions, or recommendations, that can influence physical or virtual environments. The Digital Banking Services may use and include AI Systems. Customer understands that AI Systems included within the Digital Banking Services are not designed or intended to make decisions or be a substantial factor in making decisions. Customer shall not use the Digital Banking Services to make or substantially inform decisions that have material legal or similarly significant effect on the provision or denial to any consumer, or the cost or terms of, any financial or lending services (or any other consequential decision) (collectively, Consequential Decisions). Customer will not use AI Systems incorporated into the Digital Banking Services to make any Consequential Decision and shall prohibit its Clients and other Users from using any AI Systems to make Consequential Decisions.
1.20 Threatening Condition. If CSI or a Third-Party Provider reasonably believes that any Digital Banking Services or any Customer or Client conduct in using such Digital Banking Services (including without limitation any Client intentionally initiating fraudulent or unauthorized transfers, account access or violating any agreement under which it has been provided access to the Digital Banking Services) violates these Service Terms, legal requirements, Network Rules, or industry standards, or otherwise poses a threat to CSI’s or a Third-Party Provider’s system, security, equipment, processes, intellectual property or reputation (Threatening Condition), then CSI or the Third-Party Provider may immediately terminate any and all use of the affected or associated Digital Banking Services unless and until such Threatening Condition is resolved or cured. Customer will use reasonable efforts to cure or correct of the Threatening Condition following notice by CSI or its Third-Party Provider. CSI may permanently terminate Customer’s and/or a Client’s use of the affected or associated Digital Banking Services without further requirement of notice if the Threatening Condition remains uncured more than 30 calendar days after notice of the Threatening Condition.
1.21 NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, CSI SHALL HAVE NO LIABILITY WHATSOEVER FOR LOSSES RESULTING FROM (I) ANY FRAUDULENT OR UNAUTHORIZED TRANSACTIONS INITIATED, CONDUCTED, OR COMPLETED THROUGH OR IN CONNECTION WITH THE DIGITAL BANKING SERVICES; OR (II) COMPROMISED ACCESS CREDENTIALS.
1.22 NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, CSI’S TOTAL LIABILITY FOR ALL CLAIMS IN THE AGGREGATE RELATING IN ANY WAY TO THE DIGITAL BANKING SERVICES SHALL NOT EXCEED THE TOTAL FEES PAID TO CSI UNDER THE CSI SUPPLEMENTAL AGREEMENT DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE ACT OR EVENT GIVING RISE TO THE CLAIM. CSI DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, FREE FROM ERROR, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, OR COMPLETE. CSI SHALL NOT BE RESPONSIBLE FOR ANY DECISIONS OR ACTIONS TAKEN BASED UPON INFORMATION OBTAINED THROUGH OR IN CONNECTION WITH THE SERVICES. CSI SHALL NOT BE RESPONSIBLE FOR THE LOSS, CONFIDENTIALITY, PRIVACY, OR SECURITY OF DATA OR INFORMATION WHILE IN TRANSMISSION OVER THIRD-PARTY COMMUNICATION LINES, OR IN ANY OTHER NETWORK INTERCONNECTION OVER WHICH CSI DOES NOT HAVE CONTROL. CSI DISCLAIMS ALL IMPLIED COVENANTS AND WARRANTIES OF ANY KIND IN CONNECTION WITH THE AGREEMENT, THE CSI SUPPLEMENTAL AGREEMENT, THE DIGITAL BANKING SERVICES, OR THE CSI SYSTEMS, INCLUDING ANY WARRANTIES OF QUALITY, MERCHANTABILITY, TITLE, NON-INFRINGEMENT, SUITABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
2 Bill Pay Services
Digital Banking Services involving bill payment, presentment, and related services (Bill Pay Services) engaged under the CSI Supplemental Agreement are provided by and through alternative Third-Party Providers. Customer may select its preferred Third-Party Provider for Bill Pay Services which will be confirmed in Attachment 1 to the CSI Supplemental Agreement. The following general terms apply to all Bill Pay Services regardless of Third-Party Provider:
A. Customer will provide CSI and the Third-Party Provider with such access to Customer Systems as may be reasonably required to implement and perform the Bill Pay Services or supporting activities. Customer is responsible for all files and support required to complete the migration of existing Customer Data to the Third-Party Provider system. Client is responsible for the accuracy of account and other information provided and required in connection with implementation and performance of the Bill Pay Services.
B. All releases and updates for the Bill Pay Services are mandatory and will be deployed in production in accordance with CSI or its Third-Party Provider’s release and update processes.
C. Clients must enroll in the Bill Pay Services and complete the then-current Third-Party Provider registration process prior to using the Bill Pay Services. Customer is responsible for ensuring that Clients have been evaluated pursuant to a suitable customer identification program and OFAC screening of Clients prior to availing Bill Pay Services.
D. The Third-Party Provider will have the right, in its sole discretion, to deny Bill Pay Services to any Client that has not completed the required Client enrollment and registration process, who has unpaid obligations to the Third-Party Provider in connection with other services or transactions, or otherwise based upon the Client’s financial condition.
E. Customer is responsible for selection and use of the authentication, limits, and security features available through the Bill Pay Services.
F. Customer shall establish Client Agreements with all Clients with access to the Bill Pay Services which shall contain, without limitation, (i) the Client’s authorization to allow Customer to provide the Bill Pay Services to Client; (ii) all legally required disclosures; (iii) the Client’s authorization for Customer to originate ACH entry debits to the Client’s account; and (iv) authorization for CSI’s and its Third-Party Provider to access and retrieve information in the Client’s biller accounts. Further, Customer will include appropriate provisions in its Client Agreements regarding, and shall indemnify, defend, and hold harmless CSI and its Third-Party Provider from claims arising from: (a) any Client’s use of or inability to use the Bill Pay Service, specifically including, without limitation, any Client’s claim for late charges or other economic loss or damages arising from the Client’s use of the Bill Pay Service, (b) transactions effected with a lost, stolen, counterfeit or misused Access Credentials; and (c) any payments initiated by a Client which are not completed due to lack of funds in the Client’s settlement account.
G. Customer will deliver evidence of Client Agreements to CSI or its Third-Party Provider upon written request. Customer will notify CSI as soon as commercially practicable, but in no event later than one business day, if Customer becomes aware that any Client is in breach of its Client Agreement with respect to the Bill Pay Services.
H. Instructions provided by Client and/or Customer for a payment to be made using the Bill Pay Services (Payment Instructions) must be accurate and complete in order for the Bill Pay Services to function properly.
I. Neither CSI nor its Third-Party Provider shall be liable for any fraudulent or otherwise unauthorized access to and use of the Bill Pay Service.
J. The Customer hereby accepts the risk for any and all Client enrollments and transactions in the Bill Pay Services, including any fraud and chargebacks associated with Client enrollments and transactions. Customer shall indemnify and hold harmless CSI from any and all costs, expenses, losses, or liability arising from Client enrollments or transactions, including but not limited to any liability CSI may have to the Third-Party Provider as a result of a Transaction Loss or otherwise related to the Client’s use of the Bill Pay Services. Transaction Loss is a loss that occurs because a Bill Pay Services transaction was rescinded as unauthorized or has been returned and is uncollectable.
K. CSI and its Third-Party Provider may assess Fees for research time in connection with investigation of disputed payment transactions.
L. Notwithstanding anything to the contrary in the Agreement, the CSI Supplemental Agreement, or these Service Terms, neither CSI nor the Third-Party Provider is responsible for any costs, claims, or losses resulting from or related to Customer requests that CSI or the Third-Party Provider modify, change, or duplicate a Client payment account.
M. In the event that a Client’s Bill Payment Services transaction is not processed or is delayed as the result of an error by CSI or its Third-Party Provider, CSI or its Third-Party Provider will be responsible to the Customer for the amount of any late charges actually incurred by the Client up to a maximum limit of $50.00. Notwithstanding the foregoing, no late fees/penalties will be reimbursed by CSI or its Third-Party Provider for payments not initiated at least 5 business days prior to the payment due date. Amounts payable under this Section shall represent Client and Customer’s exclusive remedy in connection with any late charges.
N. Customer shall be responsible for, and defend, hold harmless and indemnify CSI, its Affiliates, and its Third-Party Provider from and against all claims by a Client relating to the provision or use of the Bill Pay Services, including but not limited to insufficient funds, repudiation of authorization for payment, fraud on the Client’s account, and, except as set forth in Section J. above, late fees. For the avoidance of doubt, CSI and its Third-Party Provider shall have no liability whatsoever in connection with any one or more of the following circumstances: (a) if, through no fault of CSI (or its Third-Party Provider, if any), any designated Client account from which funds for bill payments are deducted does not contain sufficient funds to complete the transaction and is cancelled by the Customer; (b) the Bill Pay Services are not working properly and the Customer knows or had been advised by CSI (or its Third-Party Provider, if any) through the communication method of its choosing about the problem before the Client executes the transaction; (c) the payee of a bill payment mishandles or delays processing the payment; or (d) a Client has not provided complete and accurate information about itself or a payee or has otherwise provided incomplete Payment Instructions.
O. Customer acknowledges that it shall be the Originator (as defined under the NACHA rules) with respect to ACH payments submitted by a Client for processing through the Bill Pay Services. Customer and the Third-Party Provider will be Third-Party Senders (as defined in the NACHA rules) with respect to ACH payments. Customer will not act as a Third-Party Sender on behalf of any other Originator in connection with the Bill Pay Services without CSI or the Third-Party Provider’s prior written consent. CSI or the Third-Party Provider may withhold consent for any reason, including in circumstances in which the Originating Depository Financial Institution (ODFI) (as defined in the NACHA rules), supporting the Bill Pay Services does not provide consent.
P. The Third-Party Provider will facilitate processing ACH payments submitted by Clients by transmitting ACH files to one or more ODFIs that has agreed to originate ACH payments for the Bill Pay Services. Customer authorizes CSI, the Third-Party Provider, and the ODFI to create entries on behalf of Customer to the accounts designated in the Payment Instructions. When the Third-Party Provider receives a Payment Instruction, Customer authorizes CSI and the Third-Party Provider to debit the Client’s account for the amount indicated in the Payment Instructions, together with any related fees in effect at the time the Client initiates the Payment Instruction, and to remit funds on the Client and Customer’s behalf. Customer also authorizes CSI and the Third-Party Provider to credit a Client’s account for the receipt of payments, including but not limited to payments which are cancelled and returned to the Client because the processing of the Payment Instruction could not be completed.
Q. During the Term and for a period of 1 year following termination or expiration, CSI or CSI’s Third-Party Provider , the ODFI or an independent third party selected by CSI will be entitled, following reasonable advance written notice to Customer, but not more than once during any calendar year, to audit the books and records of Customer with respect to verifying compliance with these Service Terms and the Network Rules. Any such audit will be conducted during regular business hours, and in a manner so as not to unreasonably interfere with Customer’s business operations.
R. The Third-Party Provider is not responsible for the security or use of Access Credentials enabling access to the Bill Pay Services.
S. Customer agrees to notify CSI and the Third-Party Provider within 2 business days in the event Customer learns of or reasonably suspects fraud involving the Bill Pay Services. In the event notice is prohibited by law enforcement or another government entity, then Customer will provide notice as soon as practicable or permissible thereafter.
T. Customer will be responsible for managing all contact with Bill Pay Services Clients, including sales, training, implementation, customer care, system support, customer disclosures required by applicable laws, rules and regulations and communications, including but not limited to communicating then-current terms and conditions of Bill Pay Service specified or published by the Third-Party Provider.
U. The Third-Party Provider reserves the right to set and change its Client support policies, procedures, and availability without the consent of Customer. Additional Service Terms applicable to Bill Pay Services provided by each alternative Third-Party Provider follow in Sections 2.1 through 2.4 below. For the avoidance of doubt, the Service Terms in Section 2.1 through 2.4 below are Third-Party Provider-specific and apply only to Bill Pay Services furnished by the selected Third-Party Provider. By way of illustration, Service Terms set out in Section 2.1 below apply only to Checkfree Bill Pay Services and do not apply to Payrailz or Metavante Bill Pay Services.
2.1 CheckFree Bill Pay Services
2.1.1 The Third-Party Provider shall be responsible for a Transaction Loss solely to the extent that the Transaction Loss occurs because the debit of a Client’s account for the transaction was returned for an insufficient available balance from the Client regardless of funding method (e.g., NACHA Reason Codes R01 (Insufficient Funds) or R09 (Uncollected Funds)), but not for any other reason including, without limit, if the Transaction Loss is due to a closed or frozen Client account or due to an unauthorized or fraudulent transaction. The Third-Party Provider will have the right to collect funds against such Transaction Losses for which it is responsible. Customer shall be responsible for all other Transaction Losses regardless of the amount or circumstance of the Transaction Loss. Without limiting the preceding sentence, Customer will research complaints that it receives from any Client that an unauthorized transaction has occurred through the Bill Pay Services and will be responsible for any Transaction Losses or other amounts due Clients or another party resulting from such unauthorized transaction.
2.1.2 Risk override or similar features allow Customer to override the Third-Party Provider’s risk processing rules and to allow a modified risk limit to be assigned for Clients. Notwithstanding anything to the contrary in the Agreement, the CSI Supplemental Agreement, or these Service Terms, Customer is responsible for and guarantees the full dollar amount of transactions transacted through the Bill Pay Service(s) within such modified risk limits and agrees to fund CSI or its Third-Party Provider the full amount of transactions up to the modified risk limit regardless of the availability of funds in the Client’s account.
2.1.3 Customer agrees to engage with the Third-Party Provider’s customer care center for first-tier customer support for Bill Pay Services. Customer and CSI’s Third-Party Provider shall establish clear escalation criteria and processes whereby the Third-Party Provider’s customer care may transfer, escalate, or turn over Client-related questions which do not directly deal with Bill Pay Services back to the Customer.
2.1.4 The Third-Party Provider will manage merchant relationships, manage a Third-Party Provider merchant database, process payments as instructed by Customer and its Clients, research payment posting discrepancies with the payees, and use commercially reasonable efforts to support problem resolution in accordance with its then-current standard practices.
2.1.5 Bill Pay Services enable the automatic searching, identification, and retrieval of information about a Client’s payees and bills. A Third-Party Provider-approved consent is required from each subscribing Client authorizing access and use of information from the Client’s consumer report from a credit bureau and the Third-Party Provider’s biller network.
2.1.6 Insights Assist is a self-service reporting option that offers the ability for Customer to access and run reports without engaging CSI or its Third-Party Provider. A Subject Area is a group of reporting content with similar data (such as, but is not limited to subscriber activity), presented in one dashboard containing key metrics about the Subject Area, including reports that are pre-developed by CSI’s Third-Party Provider as well as a business objects universe in the dashboard which can be used by Customer to create custom reports. To gain access to a Subject Area, Customer must contact CSI in writing. Customer will then be billed for a minimum of 12 months after enabling each specific Subject Area and will continue to be billed monthly for each such Subject Area until Customer provides 30-day written notice to CSI to discontinue access to a Subject Area.
2.2 iPay Bill Pay Services
2.2.1 Customer is responsible for the timely receipt and posting of provided payment files. Cancellations must be complete before the cancellation cut off time.
2.2.2 Payments scheduled prior to the established cut-off time on business days will be processed on that day. CSI’s Third-Party Provider processes bill payment transactions and prepares corresponding debit files for the Customer. Customer acknowledges that Client payments are remitted through various channels, iPayNet (a proprietary payment gateway), ACH, or by printed check. Customer agrees the Client is responsible for scheduling the payments to arrive at the payee no later than the bill’s actual due date by specifying the payment date in the Payment Instructions. The estimated delivery date is provided as a guide and is not guaranteed. Payments scheduled after the cutoff time or on non-business bays will be considered entered in the Bill Pay Service on the next business day. Customer may cancel payments provided the cancellation is adequately communicated prior to the established cut off time.
2.2.3 Bill Pay Services may including the eBill bill presentment service. Whenever a Client activates the eBill service for a particular biller, the Client will be required to provide information necessary to access the Client’s account with such biller, such as login credentials for that biller’s website. The eBill service will use this information to log into the Client’s account at the biller’s website and extract information regarding the Client’s most recent statement in order for the eBill Service to present this information to the Client in conjunction with the Bill Pay Service. If a Client does not have complete and accurate access information for a biller’s site, or if they are unwilling to provide this information to CSI, then that Client cannot use the eBill Service for that biller, and CSI and its Third-Party Provider shall have no liability for any delays or failure to transact with that particular Client’s biller.
2.2.4 The eBill service includes technologies for (i) monitoring click activity (via tagging) of any eBill landing page that allows an end Client to view eBills for an individual biller, and (ii) monitoring click activity (via tagging) of an embedded digital ad graphic so that biller may learn whether an eBill ad graphic appearing on its eBill landing page was clicked by an end user (Usage Analytics). No account or other personal information shall be collected and the use of the data shall be purely for collecting click events. Customer agrees that Usage Analytics constituted Analytical Data and that CSI may share Usage Analytics results with its Third-Party Provider.
2.2.5 CSI may offer and support a Bill Pay Services funding model under which (i) electronic payments are debited from the Client’s account on the delivery date and (ii) all checks are drawn on the Client’s account and clear when presented to the payee’s financial institution (Hybrid Risk Model). If Customer elects for the Bill Pay Services to be performed using the Hybrid Risk Model, then Customer agrees it is responsible for and shall indemnify, defend and hold CSI harmless from claims arising from, the setting of the daily and monthly electronic processing risk limits which applies to electronic payments. Customer acknowledges that electronic payments always pay electronically unless the payment exceeds the risk limit established by the Customer and in that instance the payment is converted to a check for that specific transaction. When a Client submits an electronic payment that exceeds the risk limit established by the Customer, the Client must be advised by the Customer that the payment needs to be delivered as a check drawn on the Client’s account. The Client then has the option to either accept a conversion of the payment to check or to cancel the payment. Available payment limits include a maximum transaction cap, an email payment transaction cap, an email payment processing cap, a daily maximum for electronic transactions, and monthly maximum for electronic transactions. All electronic payments are subject to the electronic risk limits established by the Customer and when any transaction exceeds the limit, the transaction is converted to a check. Clients are notified during the online session as the consumer Bill Pay Services interface prompts the Client to provide a remittance address to use for that specific transaction. Customer may control the decision on non-sufficient funds (NSF) fees and uncollected fees. The Customer is responsible for deciding its risk tolerance per Client and setting limits based on its own assessment of the particular Client. Customer acknowledges that it retains all liability for all Unfunded Payments under the Hybrid Risk Model. Unfunded Payment means any electronic bill payment the Customer could not post due to any reason, including, but not limited to: insufficient funds, closed account, frozen account, etc. Check payments are drawn on the Client’s account with Customer and the Customer has the option to honor the check and can also charge NSF or uncollected fees to the Client. Under the Hybrid Risk Model, Customer will not have the opportunity to review and cancel payments.
2.2.6 CSI may offer and support a retail Bill Pay Services funding model under which payments will be collected from Client and held overnight (Good Funds Model). Under the Good Funds Model, the Customer may cancel electronic payments within designated timeframes but may not return any debits for electronic bill payments processed. Check payments may be drawn on accounts at the Third-Party Provider and settled with the Customer, and Customer may cancel payments before they are paid. Alternately, check payments may be drawn on the Client’s account enabling the Customer to clear the item once it is presented to the Customer.
2.2.7 CSI may offer and support a retail Bill Pay Services funding model under which the Third-Party Provider is allowed to verify funds’ availability for electronic payments and hard post the debits for bill payments to the Client’s account with the Customer on the same day the payment is processed (Funds Verification Model). The Funds Verification Model is only available for Customers on a Jack Henry & Associates banking core platform. Check payments can only be drawn on the Client’s account with Customers having the option to clear the item once it is presented to the Customer. Stop payments may be placed by the Client with the Bill Pay Services. Customer acknowledges that Client fees for expedited payments, gift pay or bill pay do not go through the same funds verification process.
2.2.8 On a daily basis, the Third-Party Providers’ financial institution will originate an ACH debit entry to Customer to collect the funding for the bill payments initiated by Customer’s Clients. Customer may not return such ACH debit entry for any reason. As soon as notice is provided to Customer that any debited funds have been returned, Customer shall immediately wire to a designated account at CSI’s Third-Party Provider’s financial institution on that same day immediately available funds in the amount of any returned ACH debit entry. All bill payment funds held overnight will be maintained in overnight investment accounts and any interest on such funds will be paid to the Third-Party Provider as part of its compensation for the Bill Pay Services.
2.2.9 Customer is responsible for assisting with returns and exception handling, without limitation, providing CSI and/or Third-Party Provider with access to Client’s information to resolve issues with the Bill Pay Services. CSI and its Third-Party Providers shall not be responsible for issues or errors caused by Customer, Clients, or billers.
2.2.10 If Customer subscribes to the Third-Party Providers’ compliance package, then a daily report of potential OFAC SDN List payee matches is made available to Customer through the Bill Pay Services. Customer shall be responsible for reviewing the report daily and determining whether to block any payment transactions.
2.3 Metavante Bill Pay Services
2.3.1 Customer understands that it is fully responsible for the availability of good funds necessary to settle Client transactions initiated through the Bill Pay Services. CSI’s Third-Party Provider shall initiate debit ACH entries against each Client’s designated account for bill payment activities initiated by the Use. Customer is and shall remain solely and exclusively responsible to CSI for the entire amount of any bill payment processed for and on behalf of a Client in accordance with instructions received through the Bill Pay Services and which is not funded by the Client due to insufficient funds in the applicable depository account or for any other reason outside CSI’s or its Third-Party Provider’s control.
2.3.2 Neither CSI nor its Third-Party Provider shall be responsible for any losses associated with payments to or by governmental bodies or entities. Customer shall be exclusively responsible for and, upon CSI’s demand, reimburse CSI for, the amount of any such which CSI or its Third-Party Provider reasonably believe it cannot collect from the Client for any reason.
2.3.3 Payment Instructions, paper bill images and e-bill images will be available for 12 months following the applicable transaction. Payment transaction data and bill images will be stored and made available online for Clients and Users to view for a period of 24 months. Third-Party Provider will maintain check images for no more than 90 days after the check has cleared. The Third-Party Provider may research and provide a response to Client inquiries on transaction data and bill images for a period up to 7 years after the date of the transaction.
2.3.4 Check payments will be issued using a check drawn on the Third-Party Provider’s account.
2.3.5 All U.S. Postal rate increases will be passed-through as actual costs to Customer with or without prior notice.
2.4 Payrailz Bill Pay and P2P
2.4.1 Customer’s right to use Payrailz Bill Pay Services, person to person (P2P) payment services and fraud monitoring services (Payrailz Services) is limited only to the use by its authorized Clients. Payrailz Services are not for further resale, relicense or other use by third parties.
2.4.2 Instant Account Verification Service means those certain account authentication services and any other services provided in connection with the Payrailz Services that are provided by Plaid, Inc. or its successor (Plaid). Notwithstanding anything herein to the contrary, Client data entered into the Payrailz Services by a Client in connection with the Instant Account Verification Service may be disclosed to Plaid and shall be maintained and processed by Plaid in accordance with Plaid’s privacy policy (currently available at www.plaid.com/legal). Customer shall provide all notices and obtain all consents required by law from Clients for Plaid to process the Clients’ data in accordance with its privacy policy.
2.4.3 Customer shall not copy, reproduce, modify, or make derivative works of or improvements or enhancements to the Payrailz Services and shall not, by any direct or indirect action or inaction, impair or alter the functionality of the Payrailz Services.
2.4.4 Customer shall not cause or permit the reverse engineering, disassembly, translation, adaptation, or de-compilation of the Payrailz Services, or any attempt to derive source code or algorithms of the Payrailz Services, and shall not use the results of such processes.
2.4.5 Customer shall be bound by its confidentiality and non-use obligations in the Agreement with respect to any information related to the Payrailz Services as furnished or disclosed to Customer.
2.4.6 Customer shall not assign or sublicense its license to use the Payrailz Services except in the instance of assignment to affiliates or in connection with a sale of substantially all of the Customer’s business or assets.
2.4.7 Customer does not have any right, title or interest (including intellectual property rights) in or to the Payrailz Services.
2.4.8 All Clients shall be bound by a written Client Agreement which contains, at a minimum, those terms set forth in Part II, Section 5 of these Service Terms.
2.4.9 CSI and its Third Party Provider shall have no liability or responsibility for any support to Clients.
2.4.10 Customer shall promptly notify CSI of any issue requiring support from CSI and provide CSI with reasonable detail of the nature and circumstances of the incident. If an incident requires support from CSI or the Third-Party Provider, Customer shall provide access to its network environment, facilities, personnel and contractors as necessary to effectively perform the support.
2.4.11 Neither CSI nor its Third-Party Provider shall have any obligation to provide support for issues that arise out of or result from, in whole or in part: (a) any fault or failure in any third party products or services; (b) use of the Payrailz Services in combination with any third party products and services; (c) negligence, abuse, misapplication or incorrect use of, or damage to, the Payrailz Services by Customer; (d) circumstances or causes outside of the control of CSI or its Third-Party Provider; (e) maintenance, updates, improvements or other modifications to the Payrailz Services by Customer; or (f) any breach by Customer of its obligations under the Agreement, the CSI Supplemental Agreement, or these Service Terms.
2.4.12 Customer shall indemnify and hold harmless CSI, Plaid and Third-Party Provider, including their respective affiliates and officers, directors, shareholders, employees, representatives, agents, subcontractors, successors and assigns from and against all claims of third parties, and any and all loss, damage, settlement or expense (including reasonable attorney’s fees and legal expenses) incurred by the indemnified parties to the extent arising out of Clients’ access to or use of the Payrailz Services.
2.4.13 Fraud Monitor is a cloud-native, AI-based solution that detects multiple fraud attributes and indicators and generates an actionable score when payment transactions are initiated. Customer can configure score ranges and other thresholds based on their unique risk tolerance. Neither CSI nor its Third-Paty Provider shall be liable for any damages incurred by Customer arising out of Customer’s use of Fraud Monitor, including but not limited to any fraud-related losses incurred by Customer. The data shared by Customer in connection with Fraud Monitor, if any, is shared globally with the Third-Party Provider’s other customers on Fraud Monitor.
3 MX Aggregation Services
3.1 Aggregation Services means any one or a bundle of My Spending, PULSE, account data aggregation, data cleansing, instant account verification (IAV), identity verification (IDV), and personal financial/wealth management Services furnished or supported by CSI’s Third-Party Provider, MX. MX together with its third-party service providers shall be referred to as the Aggregation Service Providers.
3.2 Customer agrees that the Aggregation Service Providers may perform Customer Data extraction and retrieval services that are expressly requested or authorized by a Client but which may be independent from performing Digital Banking Services for Customer. Customer authorizes CSI to provide the Aggregation Service Provider’s direct data feeds (via current versions of OFX, MDX, or FDX as applicable) to/from CSI Systems containing Client financial data.
3.3 Prior to providing a Client access to the Aggregation Services, Client must enter into a Client Agreement which includes the minimum terms set out in Part II, Section 1 of these Service Terms.
3.4 CSI and the Aggregation Service Providers do not warrant that Aggregation Services involving external accounts held-away at third-party financial institutions will be accurate or uninterrupted. CSI and the Aggregation Service Providers shall not be responsible for errors associated with Aggregation Services for external accounts held-away at third-party financial institutions, except for errors and defects which are solely attributable to CSI or the Aggregation Service Providers.
3.5 Customer will:
3.5.1 notify CSI as soon as reasonably practicable of any unauthorized access to or misuse of the Aggregation Services;
3.5.2 permit CSI or its My Spending Service Provider to access Client account and transactional information through the channels requested by CSI; and
3.5.4 cooperate with CSI and its Third-Party Provider to test and ensure the proper functioning of the Aggregation Services.
3.6 Aggregation Services may only be availed to authorized Clients. Customer shall ensure that no Users intentionally interfere with or disrupt the integrity or performance of the Aggregation Services, CSI Systems, or the TPP Site.
3.7 Customer shall not make any legally binding commitment, representation, or warranty concerning the Aggregation Services to its Clients or other Users.
4 Multi-Factor Authentication
4.1 Voice Authentication Services (VA Services) enable multi-factor User authentication by way of cryptographically generated single-use Access Credentials which are communicated to a User through a telephone call placed over a network carrier and which are required for login into the Digital Banking Services. Out of Band uthentication Services (OoB Services) enable multi-factor User authentication by way of hardware or software which displays or communicates a changing Access Credentials required for login into the Digital Banking Services. VA Services and OoB Services shall be collectively referred to at MFA Services.
4.2 Prior to providing a Client access to MFA Services, Customer must ensure that Clients have entered into a Client Agreement which includes the terms referenced in Part II, Section 4 of these Service Terms. VA Services may be subject to additional required Client terms as may be communicated from time to time. Further, Customer shall secure each Client’s written acknowledgement (via Client Agreement or otherwise) that the Client may incur additional charges from their telephone carriers and shall be solely responsible for such charges when sending and/or receiving any voice calls placed as part of the MFA Services. Neither CSI nor its Third-Party Providers shall be responsible to reimburse Customer or its Clients for any telecommunications, messaging, data, or related charges.
4.3 Neither Customer nor its Users shall use the MFA Services in support of or for any illegal, fraudulent, or improper purpose, and will immediately notify CSI if Customer learns of any unauthorized use of the MFA Services.
4.4 Customer (i) shall be responsible for obtaining, documenting, and retaining any and all Client disclosures, consents, and acknowledgments required in connection with delivery of the MFA Services, (ii) shall use the MFA Services only in compliance with applicable law and regulation, including privacy and data protection requirements as well as applicable choice and notice requirements; and (iii) has reviewed Part II, Section 4 (below) and understands its obligations thereunder and will comply with these obligations.
4.5 Customer will not export, or re-export, either directly or indirectly, any part of the MFA Services, Access Credentials or portions thereof, without first obtaining any and all necessary licenses from the United States government or agencies or any other country for which such government or any agency thereof requires an export license or other governmental approval at the time of modification, export, or re-export. Customer will be deemed to be the importer of record of for any portion of the MFA Services or Access Credentials outside of the U.S., and shall be responsible for any related import filings, requirements, documentation, fees, taxes, duties, or other compliance obligations imposed by the applicable destination country or jurisdiction. Customer also agrees that it will not use the MFA Services or Access Credentials for any purposes prohibited by applicable law.
4.6 Customer understands that the MFA Services will be provided by Third-Party Providers. The MFA Services depend on the facilities, networks, connectivity and other acts of parties not under CSI or the Third-Party Providers’ control, including wireless carriers, government entities and network operators. NEITHER CSI NOR ITS THIRD-PARTY PROVIDERS SHALL BE LIABLE FOR ANY INTERRUPTION, DELAY, SUSPENSIONS, AND OTHER ACTS AND/OR OMISSION BY SUCH PARTIES THAT ARE NOT WITHIN THEIR CONTROL.
4.7 All orders to purchase physical OoB Services tokens (Hard Tokens) are subject to acceptance by the Third Party Provider (occurring at the time of shipment), and the Third-Party Provider may decline or cancel any order for any reason at any time. Customer, on behalf of itself and any User for whom Hard Tokens or another product is purchased, consents to the transfer of Customer’s and such User’s email addresses or other contact information, when such transfer is required to complete the order. Customer’s employees and agents placing orders on behalf of Customer shall be duly authorized to commit Customer. Customer may not cancel or amend any accepted order without CSI’s written consent. Any cancellation by Customer permitted hereunder must be requested in writing and specify in reasonable detail basis for cancellation.
4.8 Notwithstanding anything in the Agreement or the CSI Supplemental Agreement to the contrary, all purchases of Hard Tokens shall be at the prices prevailing at the time of shipment as determined by CSI and the Third-Party Provider. Quoted prices are subject to change without notice and do not include taxes, handling, shipping, transportation, duties or other charges or fees.
4.9 All deliveries of products will be made EX WORKS (Incoterms 2010) from the Third-Party Provider’s designated location. Risk of loss or damage to products will pass to Customer upon the Third-Party Provider’s delivery of the products to the shipper or transportation provider. Customer assigns all rights in the receivables resulting from sales of Hard Tokens or other products to its Clients until CSI receives full payment of amounts owed. Transportation charges will be on a “prepay and add” basis. Neither CSI nor the Third-Party Provider is responsible for spotting, switching, demurrage or other transportation charges. Neither CSI nor the Third-Party Provider is liable for any delays in delivery or for partial or early deliveries. Transportation charges will be in accordance with the Third-Party Provider’s shipping policy at the time of shipment. If Customer directs CSI to charge transportation fees to a third-party account number or to ship “freight collect”, Customer is responsible for all transportation and related charges associated with the order and is responsible for product loss and damage in transit claims with the transportation provider. Neither CSI nor the Third-Party Provider are liable for any Customer requirements not stated in these terms. Customer or the consignee receiving delivery must accept deliveries and must inspect the products and secure written acknowledgement from the transportation provider for any shortages, loss, damage or nonconformance. Customer must notify CSI in writing within two (2) days of receipt of any delivery of any shortages, defects or non-conforming products. If Customer fails to notify CSI with such two (2) day period of any shortages, defects or non-conforming products, the products will be deemed accepted.
4.10 Customer may only return products as permitted in this Section 4 of these Service Terms. Products otherwise will be non-returnable and the prices and fees will be nonrefundable. Customer may only return erroneously shipped products or products that were damaged prior to shipment. Products damaged after shipment may not be returned. In order to be eligible to receive credit for returned products, Customer must adhere to the Third-Party Provider’s then current returns processing guidelines. Customer must obtain a valid return authorization number (RMA) from the Third-Party Provider for all returns prior to returning any product. The Third-Party Provider has no obligation to issue RMAs. Customer is responsible for ensuring that the RMA is clearly visible on the address label of the product packaging and for complying with all other Third-Party Provider requirements provided to Customer when the RMA is issued. Unless otherwise agreed in writing by the Third-Party Provider, all product returns from Customer are DDP (Incoterms 2010) CSI’s OoB Third-Party Provider’s designated facility, and title and risk of loss will transfer to the Third-Party Provider upon receipt and acceptance of returned products at the Third-Party Provider’s facility. If Customer desires to return any products, Customer must first initiate a new order for the replacement products. The Third-Party Provider may refuse delivery of any package without a valid, clearly visible RMA. All products erroneously shipped by the Third-Party Provider must be returned with the original packaging intact (including manufacturer’s shrink wrap) and otherwise in unused, resalable condition. Credit, if any, will be provided for product returned in accordance with the Third-Party Provider’s return policies at the time the RMA was issued, provided Customer is not in breach of any of these Service Terms. If Customer returns any products without the Third-Party Provider’s authorization or does not comply with the Third-Party Provider’s return requirements, those products may be subject to return to the shipping location and, if refused, the Third-Party Provider may consider the products abandoned and dispose of them, without crediting Customer’s account. CSI and the Third-Party Provider reserves the right to charge a restocking fee for handling any product that is erroneously returned. CSI’s sole liability for any returned products will be acceptance of their return and issuance of credits pursuant to the Third-Party Provider’s then current returns processing guidelines.
4.11 Customer acknowledges that neither CSI nor the Third-Party Provider is the manufacturer of the Hard Tokens and other products. Product warranties, if any, are provided by the manufacturer or publisher of the products.
4.12 CUSTOMER WILL INDEMNIFY, DEFEND AND HOLD HARMLESS CSI, THE THIRD-PARTY PROVIDER, THEIR RESPECTIVE AFFILIATES, AND APPLICABLE MANUFACTURERS, AND EACH OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS FROM AND AGAINST ANY LIABILITIES, LOSSES, DAMAGES, COSTS OR EXPENSES OF ANY KIND (INCLUDING REASONABLE ATTORNEYS’ FEES AND DISBURSEMENTS) ARISING OR RESULTING FROM CLAIMS, DEMANDS, ACTIONS OR PROCEEDINGS OF ANY KIND ARISING FROM OR RELATING TO: (i) CUSTOMER’S USE, MARKETING, DISTRIBUTION OR SALE OF OOB SERVICES PRODUCTS IN A MANNER OTHER THAN AS SPECIFIED IN PRODUCT/SERVICE DESCRIPTIONS OR SPECIFICATIONS; (ii) CSI OR THE THIRD-PARTY PROVIDER’S OR THE APPLICABLE MANUFACTURER’S COMPLIANCE WITH DESIGNS, SPECIFICATIONS, OR INSTRUCTIONS PROVIDED BY CUSTOMER; (iii) CUSTOMER’S BREACH OF THESE SERVICE TERMS OR ACTS OR OMISSIONS OF CUSTOMER, ITS AFFILIATES, ITS AGENTS, OR THEIR RESPECTIVE EMPLOYEES, OFFICERS OR DIRECTORS; OR (iv) VIOLATION OR ALLEGED VIOLATION OF ANY APPLICABLE LAWS OR REGULATIONS BY CUSTOMER OR ITS USERS.
4.13 Neither CSI nor the Third-Party Provider will have liability for: (i) failure to allocate or reserve any product for Customer; (ii) failure to deliver products within a specified time period; (iii) availability and/or delays in delivery of products, (iv) discontinuation of products, product lines, or any part thereof; or (v) cancellation of any orders.
4.14 THE OBLIGATIONS OF THE THIRD-PARTY PROVIDER AND ANY AFFILIATE THEREOF, IF ANY, HEREUNDER ARE THE SEVERAL OBLIGATIONS OF EACH SUCH ENTITY, AND NOTHING HEREIN WILL BE DEEMED TO CREATE ANY JOINT AND SEVERAL LIABILITY BETWEEN OR AMONG THE THIRD-PARTY PROVIDER AND/OR ANY OF ITS AFFILIATES.
4.15 Customer may not alter or modify the MFA Services or related products in any way or combine the MFA Services or related products with any other product or material not authorized by CSI and/or the Third-Party Provider or the applicable manufacturer.
5 Interactive Voice Response (IVR) Services
5.1. Back Office Instructions means the processes, procedures, practices, scripts, content, and other written instructions used in connection with Customer’s call center, live agent/operator, back office (including chargeback processing), and other Digital Banking Services which, in each case, prescribe or inform interactions with Clients.
5.2 Contact Criteria means written criteria for contacting Clients, including Customer settings used to determine which Clients to contact and when to contact them, as well as the methods for contact (including e-mail, land-line or mobile voice call, voice or text messaging, or any other electronic means).
5.3 IVR Services refer to Services furnished via automated telephony systems that interact with callers, gather information, and route calls to appropriate menus, options, or recipients.
5.4 Customer will decide which IVR Services and settings are needed to satisfy Customer’s business requirements and to comply with its legal and other obligations.
5.5 Customer shall ensure that no Customer staff member or Client who is confirmed as a true match to an individual identified on any Restricted List accesses or uses the IVR Services.
5.6 With respect to IVR Services that involve ACH transactions, Customer will comply with all Network Rules, including all applicable obligations of the ODFI. Neither CSI nor its Third-Party Provider will be considered an Originator, ODFI, or Third Party Sender as defined in the NACHA Operating Rules.
5.7 In the case of IVR Services that require or permit CSI or its Third-Party Provider to contact or interact with Clients, Customer shall be solely responsible for all Contact Criteria and all Back Office Instructions and obtain consents from Clients sufficient to legally permit the contact or interaction, including ensuring that each Client gives express consent for calls or text messages to mobile numbers that are provided to CSI or its Third-Party Provider on behalf of Customer or Client’s behalf.
5.8 Changes to Back Office Instructions or Contact Criteria may result in increased fees for IVR Services.
5.9 Customer shall promptly notify CSI in writing of any claims or issues involving the IVR Services of which Customer is or becomes aware.
5.10 Nothing contained in any agreement between CSI and Customer shall grant or shall be deemed to grant to Customer any right, title, or interest in or to trademarks of CSI’s Third Party IVR Provider. Customer’s use of CSI’s Third Party IVR Provider trademarks shall cease immediately upon termination or expiration of CSI’s Agreement with Customer for such services or otherwise upon written notice by CSI if CSI or its Third Party IVR Provider reasonably determines that Customer’s continued use of the CSI Third Party IVR Provider trademarks is adverse to its business reputation. CSI or its Third Party IVR Provider may also use the trademarks of Customer under the same conditions as above.
5.11 CSI retains the right to update, amend, modify, upgrade or change the IVR Services effective upon written notice to Customer, and to Discontinue IVR Services or features upon 60 days’ prior written notice to Customer.
5.12 CSI may terminate the IVR Services and the right to use the IVR products upon 5 days’ notice to Customer if Customer breaches its obligations under the Agreement, CSI Supplemental Agreement, or these Service Terms.
5.13 All intellectual property related to the IVR Services or to any materials provided therewith is proprietary to CSI’s IVR Third-Party Provider or its licensors, and CSI’s IVR Third-Party Provider and its licensors retain all right, title, and interest therein and thereto. All rights not expressly granted are hereby reserved to CSI’s IVR Third-Party Provider and its licensors. CSI’s IVR Third-Party Provider’s licensors are intended third party beneficiaries of the Agreement and have the express right to rely upon and directly enforce the terms set forth herein.
5.14 CSI, ITS IVR SERVICES THIRD-PARTY PROVIDER, AND ITS LICENSORS PROVIDE THE IVR SERVICES “AS IS.” EXCEPT AS EXPRESSLY SET FORTH ABOVE, NO OTHER WARRANTIES OR CONDITIONS, EITHER EXPRESS OR IMPLIED, ARE MADE BY CSI, ITS IVR SERVICES THIRD-PARTY PROVIDER OR ITS LICENSORS WITH RESPECT TO THE IVR SERVICES, AND CSI, ITS IVR THIRD-PARTY PROVIDER AND ITS LICENSORS EXPRESSLY DISCLAIM ALL WARRANTIES NOT EXPRESSLY STATED HEREIN, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE, TO THE EXTENT PERMITTED UNDER APPLICABLE LAW. NEITHER CSI NOR ITS IVR SERVICES THIRD-PARTY PROVIDER OR ITS LICENSORS WARRANT THAT THE FUNCTIONS CONTAINED IN THE IVR SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, BE UNINTERRUPTED OR ERROR FREE, OR THAT ALL DEFECTS IN THE IVR SERVICES WILL BE CORRECTED.
5.15 If the IVR Services are terminated for any reason prior to go-live, Customer will be obligated to pay a reconciliation fee equal to CSI’s standard Set Up Fee for the service.
6 External Transfers, ACH Transactions and Wire Transfers
6.1 Customer shall comply with all laws, regulations, and Network Rules applicable to transfers of funds to other financial institutions, including ACH and wire transfers (collectively External Transfers), including the USA Patriot Act, the federal Bank Secrecy Act, federal and state laws and regulations relating to currency reporting and the prevention of money laundering, and any rule or regulation issued by a regulatory body, including the U.S. Office of Foreign Assets Control. Customer shall prepare and file any necessary compliance forms or reports, including, without limitation, suspicious activity reports or currency transaction reports required to be filed in accordance with applicable law or regulation. Customer will immediately notify CSI of instances of suspected fraud, money laundering, terrorist financing, or other illegal activities involving External Transfers initiated or executed through the Digital Banking Services.
6.2 CSI may modify the systems, processes, and Digital Banking Services enabling External Transfers (External Transfer Services) where required by a change in applicable law, regulation, Network Rules, or payment processing requirements. To the extent Customer is notified by CSI of the need to make corresponding changes to its systems or processes, Customer acknowledges that its failure to promptly and adequately do so constitutes a Dependency.
6.3 Portions of the data provided in connection with External Transfer Services are derived from public sources and will be subject to source availability and content changes implemented by source. Certain content may be summarized, and all information should be considered within the full context available in the third-party sources to which source links are provided. Neither CSI nor its Third-Party Provider is responsible for the content of third-party sources. Customer and its End Clients shall be responsible for its own conclusions based on relationships and categories in the information provided by third-party sources. Due to the nature of public record information, the public records and commercially available data sources used by CSI’s Third-Party Provider may be incomplete. Customer acknowledges that neither CSI nor its Third-Party Provider is a consumer reporting agency and none of the External Transfer Services constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to Customer may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. Customer agrees not to use External Transfer Services (or data derived from such External Transfer Services) in connection with any adverse action relating to a consumer application.
6.5 If and to the extent that CSI’s Third-Party Provider is processing Personal Data on behalf of Customer, the terms of the LexisNexis Risk Solutions Group Data Processing Addendum, as well as any related attendant schedules and addendums, at https://risk.lexisnexis.com/group/dpa will apply.
6.6 Customer acknowledges and agrees that CSI’s Third-Party Provider may use Customer Data in accordance with its Privacy Policy available at this location: https://risk.lexisnexis.com/group/privacy-policy.
6.7 Where applicable, as required of CSI’s Third-Party Provider under the transparency obligations of applicable data protection laws, Customer shall inform Clients, prospects whose Personal Data CSI’s Third-Party Provider receives as a controller, that Customer share their Personal Data with CSI and CSI’s Third-Party Provider as described in the Accuity Processing Notice at https://risk.lexisnexis.co.uk/processing-notices, and Customer shall make available to CSI or CSI’s Third-Party Provider all information necessary to demonstrate such compliance with the foregoing.
6.8 Customer acknowledges that the scores, analysis and other insights supplied by CSI’s Third-Party Provider to Customer in connection with the External Transfer Services are not intended to be used as the sole basis for any decision significantly affecting a data subject and that Customer, not CSI or its Third-Party Provider, is responsible for any and all decisions or actions it takes.
6.9 If required by law, Customer agrees to obtain employee consent prior to providing employee Personal Data to CSI or its Third-Party Provider where such Personal Data will be processed by CSI or its Third-Party Provider.
6.10 External Transfer Services may contain links to third-party external sites, including but not limited to government regulators. CSI, its Third-Party Provider and their respective affiliates are not responsible for and have no control over the content of such sites and, to the extent permissible by law, disclaim all responsibility and liability in relation to information available on such sites or accessible from the products.
7 ACH Fraud Prevention
7.1 ACH Fraud Prevention Services means the Services designed to alert Clients of suspicious transaction activity across multiple payment channels depending on service modules purchased and to support automated pay/return decisions and dispute resolution.
7.2 Customer shall devote adequate resources to support the implementation, testing, training and ongoing maintenance of the ACH Fraud Prevention Services, including without limit, (i) network resources; (ii) hardware; (iii) communications facilities and connectivity; (iv) security resources; and (v) personnel resources. Following implementation, Customer is responsible for supporting the system testing pursuant to new release schedules. Customer will assist CSI and its Third-Party Provider in establishing procedures for the validation of data for the testing, validation of daily or periodic input into the system, and verification of the data and reports that result from processing. Customer shall train its staff in the proper use of the ACH Fraud Prevention Services and shall ensure that its Clients’ access to and use of the ACH Fraud Prevention services are consistent with Legal Requirements in all respects.
7.3 CSI or its Third-Party Provider will retain transaction data submitted by Customer or the Federal Reserve for a period not to exceed 12 months.
7.4 Customer shall maintain a formal program for active monitoring and reporting of potential compliance issues and identification and compliance with applicable law and regulation, including those associated with the ACH Fraud Prevention Services.
7.5 Customer will provide Clients with all required disclosures and obtain all required consents associated with use of or access to the ACH Fraud Prevention Services. Customer is solely responsible for the accuracy, completeness and legal compliance of any disclosures, descriptions, or prompts for consent it provides to Clients. Customer shall be responsible for notifying Clients concerning any material changes to the ACH Fraud Prevention Services arising during the term of the Agreement. Customer shall ensure the accuracy of all Client processing and configuration criteria. Further, Customer shall validate the accuracy of all data entered into and retrieved from the ACH Fraud Prevention Services and promptly notify CSI of any errors.
7.6 To the extent Customer utilizes the SMS text functionality associated with the ACH Fraud Prevention Services, then Client Agreements must include: (i) Client’s consent to receive text messages; (ii) Client’s ability to opt out of receipt of such text messages and the procedure for doing so; and (iii) includes a prominent notice that other charges may apply to Client in connection with the receipt of such text messages. To the extent that CSI or its Third-Party Provider requires or prescribes specific language or terms in a client Agreement, Customer will promptly update such agreements upon CSI’s written request.
7.7 Customer shall ensure the security of all Access Credentials associated with or enabling access to the ACH Fraud Prevention Services and will promptly inform CSI if it becomes aware of any unauthorized or improper use of the ACH Fraud Prevention Services.
7.8 Customer shall indemnify, defend and hold harmless CSI and its Third-Party Provider from and against any and all losses, damages, demands, or costs associated with claims or proceedings asserted by any Client and which are attributable to or aggravated by Customer’s failure to fulfill any of its obligations under this Section 7.
7.9 In the event that all or a portion of the ACH Fraud Prevention Services are terminated for any reason prior to the end of the 36th month following Production Launch of the ACH Fraud Prevention Services, then Customer will be obligated to pay an ACH Fraud Prevention Services reconciliation fee equal to the product of (i) the contracted monthly fees for the ACH Fraud Prevention Services as set out in the CSI Supplemental Agreement and (ii) 36 less the number of months elapsed between Production Launch and the effective date of termination. This ACH Fraud Prevention Services reconciliation fee from CSI shall be in addition to and shall not limit any other termination fees and obligations, Deconversion fees, or other payments due under the Agreement.
8 Web Connect and Direct Connect to Quicken® and QuickBooks®
8.1 Customer may only use its Third-Party Provider’s trademarks in accordance with its Trademark Guidelines posted on www.intuit.com/legal/trademark. QuickBooks® and Quicken® are each registered trademarks of Intuit, Inc.
8.2 Customer must upgrade to each new version of Digital Banking Services enabling Web Connect and Direct Connect to Quicken® and Quickbooks® (Intuit Services) annually or as publicly released.
8.3 Price increases for Intuit Services may be implemented without prior written notice. Annual fees are based on asset size of Customer or holding company, if applicable.
8.4 Intuit Services will be subject to an additional $3,000 fee for conversion from another digital banking provider and also for deconversion from the Digital Banking Services. Customer will be billed annually in advance in the third calendar quarter of each year for Intuit Services in the following calendar year.
8.5 Customer may terminate Intuit Services for the following year version by submitting written notice to CSI no later than June 15th of the current year, provided that any such termination shall be subject to termination fees.
9 User Direct
9.1 User Direct Services shall refer to Services provided by CSI involving or constituting customer call center activities, live agent/operator activities, back office services, or other activities that require or involve direct contact or interaction between CSI and Clients. For the purposes of this Section 9, Back Office Instructions means the expressly documented (whether electronically or otherwise in writing) and agreed processes, procedures, practices, scripts, content, prioritization schema, and other instructions used in connection with customer call center, live agent/operator, back office (including chargeback processing), and other Services that require or involve direct contact or interact between CSI and Customer Clients, including Customer’s customers and prospective customers. Contact Criteria means written criteria for contacting Clients, including Customer instructions prescribing which Clients to contact and when to contact them, as well as the methods for contact (including e-mail, land-line or mobile voice call, voice or text messaging, or any other electronic means).
9.2 User Direct Services provided to and on behalf of Customer are not intended, and will not be construed, to (a) constitute telemarketing, a telephone solicitation, or upselling within the contemplation of the TCPA or the Telemarketing Sales Rule, or (b) trigger the application of any other law, regulation, or guidance relating to the offering of products or services via telephone or facsimile (including any duty to register or obtain a license to make such offers). CSI shall in no event have any obligation or responsibility for undertaking any registration or obtaining any licensure to in order to perform the User Direct Services, and CSI shall have no obligation to perform any Services which might implicate such registrations or licensure. Customer shall at all times be and remain responsible for ensuring that the Back Office Instructions and Contact Criteria are adequate to Customer’s purposes and consistent with applicable law and regulation.
9.3 User Direct Services will be provided during mutually agreed and expressly documented hours. If Customer desires to change the hours of operation, CSI will review the fees for User Direct Services and provide an updated fees proposal (if applicable). Any changes to the hours of operation together with associated new or modified Fees for User Direct Services will be mutually agreed upon in writing by CSI and Customer prior to the effective date of any such changes.
9.4 CSI will provide User Direct Services in the English language only unless otherwise expressly set forth in the CSI Supplemental Agreement. Support for any foreign language calls shall be subject to additional fees.
9.5 CSI personnel performing the User Direct Services will utilize internal CSI administrative systems to provide such Services. Where feasible in CSI’s sole discretion and only as expressly agreed in Back Office Instructions, CSI may access and use Customer Systems to interact with Clients and / or access the Client information.
9.6 Except as expressly stated in the CSI Supplemental Agreement, User Direct Services shall only be performed and enabled through telephonic (voice) channels. The provision of User Direct Services via other channels must be memorialized in writing within the CSI Supplemental Agreement and shall be subject to associated subscriptions for required Digital Banking Services and/or third-party services.
9.7 Calls may be recorded and case information may be documented and furnished for Customer review upon Customer’s written request. Customer will be responsible for payment of fees and costs associated with the development, production, and delivery of such recordings and reports at CSI’s then-current rates.
9.8 Customer agrees to designate particular Customer personnel having overall responsibility for the User Direct program and who shall be responsible for the Contact Criteria and Back Office Instructions and any other servicing requirements. Customer shall provide adequate staff and technical resources to the extent required to resolve technical, business and compliance issues arising in connection with the User Direct Services. In addition, Customer assumes sole responsibility with respect to Client servicing requirements and activities which are outside the documented scope of the Contact Criteria and Back Office Instructions.
9.9 Notwithstanding anything to the contrary in the Back Office Instructions or the Contact Criteria, any tasks, activities, workflows, or other services which involve the exercise of independent business discretion or business judgment are outside the permissible scope of User Direct Services and are not delegable by Customer to CSI. CSI expressly disclaims responsibility and liability for any and all tasks, activities, workflows, or other services involving the exercise of independent business judgment, including, without limit, adjudication or decisioning of Client applications or evaluating the legitimacy of applications or transactions. Notwithstanding anything to the contrary in the Agreement or these Service Terms, Back Office Instructions, or Contact Criteria, Customer releases CSI from any and all liability related to tasks, activities, workflows, or other services which exceed the permissible scope of the User Direct Services. Further, Customer shall indemnify, defend, and hold CSI harmless from and against any third-party claims and related losses alleged to have resulted from tasks, activities, workflows, or other services which exceed the permissible scope of the User Direct Services.
9.10 Back Office Instructions shall set forth prioritization criteria providing clear direction to the CSI personnel performing User Direct Services concerning management of competing issues, requests, or demands. By way of illustration, Customer may instruct User Direct personnel to prioritize account application processing activities ahead of other servicing requests and issues. In the absence of prioritization instructions, CSI will address Client requests, issues, and related tasks in the order in which they are received.
9.11 User Direct Services do not include any rights or licenses to other Digital Banking Services or any other software or tools. The use or engagement of Application Services, Third Party Services, or other software or tools will require and be subject to distinct subscriptions as set out in the CSI Supplemental Agreement, or in applicable cases, third-party agreements. By way of illustration, User Direct Services delivered via video chat will be subject to a current subscription to Digital Customer Support Services and the associated Service Terms.
9.12 Customer acknowledges and agrees that User Direct shall be provided solely in the context of Client inquiries and requests for assistance in connection with Digital Banking Services provided by CSI in support of Customer. Calls received outside the time period identified in the CSI Supplemental Agreement, calls that do not pertain to Digital Banking Services, and calls that implicate activities falling outside the permissible scope of User Direct Services will be referred to Customer.
9.13 Fees for User Direct Services shall be subject to annual increases not to exceed 2x CPI. Notwithstanding anything to the contrary in the Agreement, User Direct Services shall not be subject to any other limitations, restrictions or prohibitions upon CSI’s ability to modify Fees.
9.14 Customer acknowledges that CSI currently provides User Direct Services from locations in the Eastern Time zone.
9.15 CSI shall utilize standardized scripts to assist in the consistent and efficient execution of User Direct Services. Customer will provide opening and closing statements for scripts. Any scripts or comparable materials developed by CSI in connection with the User Direct Services shall constitute CSI IP.
9.16 Customer will provide CSI at least 30 days prior written notice of changes to the Customer’s operations, processes, or procedures (including business hours) which may impact the performance of the User Direct Services.
9.17 CSI agrees to devote adequate personnel and other resources to User Direct Services in light of actual and reasonably anticipated call volumes. The CSI Supplemental Agreement may expressly provide for agreed minimum staffing levels or requirements related to dedicated teams which in each case shall occasion additional fees. In cases where dedicated or specific teams are assigned, CSI shall be under no obligation to provide supplemental personnel resources except to the extent expressly engaged to do so under the CSI Supplemental Agreement or an amendment thereto. In the absence of a written agreement addressing such express requirements and associated fees, CSI shall staff User Direct in accordance with its reasonable business judgement and discretion.
9.18 Customer, is responsible for (i) providing or approving and adopting all Contact Criteria and all Back Office Instructions, (ii) monitoring, interpreting, and complying with applicable law and regulations, Network Rules and agreements with third parties (including Clients), (iii) determining whether the Contact Criteria and Back Office Instructions agreed to by Customer and CSI satisfy Customer’s legal, regulatory, and business requirements, and (iv) deciding which services and settings are needed to satisfy Customer’s legal, regulatory, and business requirements, (v) obtaining consents from Clients sufficient to permit CSI to contact or interact with Clients, including ensuring that each Client gives express consent for calls or text messages to mobile numbers that are provided to CSI on Customer or Client’s behalf. Customer shall indemnify, defend, and hold CSI harmless from and against any third-party claims and related losses alleged to have resulted from a failure of Customer to fulfill the foregoing responsibilities.
9.19 In the event of changes to existing Back Office Instructions or Contact Criteria which occasion a demonstrable increase in CSI’s cost to provide User Direct Services, then CSI may apply a corresponding increase to the fees for User Direct Services after giving Customer advance notice.
9.20 Customer acknowledges that the use of foreign translation services for User Direct may not result in an exact translation and the translation is not verified by CSI. Any reliance on foreign language translations is at the risk of the Customer or Client, as the case may be. CSI does not warrant or make any promises, assurances, or guarantees as to the accuracy of the translations provided by CSI’s Third-Party Provider translation company. CSI shall not be liable for any translation inaccuracies or errors.
9.21 Customer acknowledges that the foreign translation Services provided by CSI’s Third-Party Provider may be provided by their employees or independent contractors who reside in the country of the language that is being translated. Customer acknowledges and permits the performance of foreign translation User Direct Services outside of the United States.
9.22 Foreign translation Services may be subject to resource availability and Customer will be billed according to its User Direct subscription in the CSI Agreement even during periods of call holding or return calls as a result of resource unavailability.
9.23 Clients may provide Personal Data directly to CSI’s Third-Party Provider translation company and Customer is solely responsible for drafting, disseminating, obtaining, or retaining all consents or notices to Clients necessary to ensure that such data is collected, accessed, disclosed and processed in accordance with all laws, statutes, regulations, executive orders, administrative orders, judicial orders, or interpretive guidance which has been, in each case, enacted, promulgated, issued, or published by governmental authorities to which CSI and Customer are subject, including, without limit, applicable state, federal and international privacy laws and regulations.
10 SMS Text Message Alert Service
10.1 SMS Services refer to Services leveraging short message service (SMS) technology and communications protocols to send short text messages to a designated recipient’s (an SMS End User) mobile device in connection with or in support of the Digital Banking Services. SMS Services (i) are not intended for use and will not be used in, or in association with, the operation of any hazardous environments or critical systems (ii) are not a replacement for traditional telephone or mobile phone services, including but not limited to calling, texting, or contacting emergency services, (iii) do not support or carry emergency calling or messaging to any emergency services personnel or public safety answering points. Customer shall inform all Clients using SMS Services of these limitations.
10.2 Customer and its Clients must comply with current technical documentation applicable to the SMS Services (including applicable developer guides) to ensure proper functioning of the SMS Services.
10.3 Customer must first obtain CSI’s written consent before using SMS Services to send SMS messages for charitable programs, sweepstakes or contests, advertisements for commercial products, goods, or services, or location-based services (where an SMS End User receives messages based on the geographical location of the SMS End User’s wireless device).
10.4 Customer will pay fees for any assessments or other charges that are imposed on CSI by a third party, or that CSI incurs on Customer’s behalf, in connection with any SMS Service, including any network fees and assessments (e.g., base access fees, INET/INAS fees, or switch fees). If the network bills Customer directly for any dues, fees, or assessments, Customer will be responsible for paying them. In the event of a wind-down or transition of SMS-related Services, Customer must pay the estimated amount in full (via wire transfer) before conversion tapes will be released.
10.5 Customer must ensure that SMS content, and the collection, access, use, or disclosure of SMS End User information, including but not limited to personally identifiable information by Customer, Clients, or any of their respective agents or service providers, complies with all applicable law and regulation. Customer will provide legally adequate privacy notices and obtain necessary consents for the processing of such data.
10.6 Customer must obtain consent from each Client to receive SMS messages and content from Customer, CSI and/or its Third-Party Provider.
10.7 Customer may not charge SMS End Users for receiving notifications by SMS unless Customer has obtained the SMS End User’s express consent.
10.8 Customer must advise Clients receiving SMS messages through the SMS Services that telecommunication providers may charge the SMS End User to receive notifications by SMS.
10.9 Provide each Client the right to opt in and opt out of receiving SMS messages and content from Customer, CSI and/or its Third-Party Provider.
10.10 Customer will not permit SMS Services to be used to transmit: (i) junk mail, spam, or unsolicited material to anyone who has not agreed to receive it or to whom Customer does not otherwise have a legal right to send the material; (ii) any material that contains viruses, Trojan horses, worms, or any other malicious or harmful programs or code; (iii) any material that: (1) violates any third party’s intellectual property rights or rights of confidentiality, privacy, or publicity; (2) violates the rights or obligations of any wireless service provider or any of the wireless service provider’s customers or subscribers; (3) materially violates or facilitates the material violation of any local or foreign law, rule, regulation, or order, including laws regarding the transmission of data or software; (4) is illegal, harassing, coercive, defamatory, libelous, abusive, threatening, obscene, or otherwise objectionable; (5) is harmful to minors; (6) is sexually explicit, relates to “adult services”, or contains sensitive financial or identifying information (such as social security numbers); (7) is excessive in quantity; (8) relates to alcoholic beverages, tobacco, weapons, illegal drugs, pornography, crime, violence, death, hate, gambling, or funeral services; (9) is false, misleading, or inaccurate; (10) could expose CSI or its Third-Party Provider any a mobile network carrier that, directly or indirectly, performs, enables, or otherwise supports SMS messaging (Network Operator), or any service provider that maintains direct connections to multiple Network Operators and aggregates SMS messages for delivery (SMS Aggregator) to liability; (11) could diminish or harm the reputation of CSI, any Network Operator, or any SMS Aggregator; (12) specifically mentions any Network Operator; or (13) copies or parodies the products or services of any Network Operator; (iv) any other prohibited material or content, as identified by a Network Operator or SMS Aggregator; or (v) any Premium Content (as defined in the Mobile Marketing Association Guidelines).
10.11 If CSI or its Third-Party Provider notifies Customer of any issues with SMS content, and Customer does not promptly remove the SMS content at issue, then CSI has the right to remove or block the SMS content at issue, suspend SMS Services, or terminate SMS Services. Customer is responsible for any and all liability relating to any SMS content originated by Customer.
10.12 The SMS Services are available only in connection with SMS messaging services offered by Network Operators in the United States.
10.13 CSI does not guarantee that the SMS message will be delivered to, received by, or opened by the SMS End User. Third party networks and systems are necessarily involved in the SMS-related Services, and CSI is not responsible for (1) SMS messages, or any data related to SMS messages, once SMS messages have been transmitted outside of the Third-Party Provider’s system or to any Network Operator, or (2) any Network Operator or SMS Aggregator’s compliance with any laws, regulations, guidance, rules (including network rules), standards, or obligations of any kind relating to the protection or use of SMS messages or data related to SMS messages. CSI IS NOT RESPONSIBLE FOR THE SECURITY OF SMS MESSAGES AND THEIR CONTENT INCLUDING ANY DATA TO THE EXTENT THAT SUCH CONTENT OR DATA IS PROVIDED TO A MOBILE NETWORK CARRIER OR OTHER THIRD-PARTY PROVIDER. Fees for SMS will apply regardless of whether delivery of the SMS notifications is prevented, delayed, or blocked due to reasons outside of the control of CSI or its Third-Party Provider.
10.14 The format or content of any SMS message provided to a Network Operator may be changed by the Network Operator to conform to the Network Operator’s requirements and to the requirements of any mobile device.
10.15 CSI may suspend or terminate any or all of the SMS Services without liability if (i) a governmental authority, Network Operator, or SMS Aggregator instructs or requests CSI or its SMS Third-Party Provider to do so, (ii) CSI believes in good faith that Customer has failed to comply with these Service Terms or (iii) a Network Operator, SMS Aggregator, or other service provider suspends services, or ceases providing services, on which the SMS Services depend.
10.16 CSI will only attempt to deliver SMS messages to Clients who (a) give prior consent (Opt-In) to receiving the quantity, frequency and types of messages, as applicable, to be delivered through the SMS Services; and (b) have been informed of the right to opt-out and the process of how to opt-out of receiving messages in the future (Opt-Out). CSI (or its Third-Party Provider) shall promptly honor any such Opt-Out requests. Customer must direct the Client to perform all Opt-In and Opt-Out requests via the Mobile Banking Service in order to be considered a valid request. This provision may be updated by CSI from time to time to include any reasonable additional requirements of the third-party SMS aggregator, wireless network operators, or other providers of third-party services. To the extent reasonably practicable, CSI will attempt to notify Customer of changes to this provision necessitated by additional requirements of SMS Aggregators, Network Operators, or other providers of required third-party services in writing in advance. If Customer delivers SMS alerts messages to Clients via the Mobile Banking Service, Customer shall be responsible for the contents of the alert messages. Such alert messages must be directly associated with the Client’s existing account and cannot include promotion or marketing of additional products or services without the written consent of CSI and its Third-Party Provider and additional Opt-In / Opt-Out terms being agreed to by the Client via the Mobile Banking Service. If CSI is notified or otherwise becomes aware that Customer’s use of the SMS Services violates the requirements of these Service Terms, CSI may remove or request removal of Customer’s SMS content from the SMS Service or upon written notice to Customer suspend or terminate the SMS Services. CSI will not be liable for any damages incurred by Customer because of any action taken pursuant to this Section. In addition to the indemnification obligations set forth in the Agreement, Customer will indemnify, defend and hold CSI (including its Third-Party Providers and any wireless service providers related to the provision of the SMS Services) harmless from and against all claims, liabilities, damages, losses, costs and expenses, including reasonable attorney’s fees, investigation costs, expert witness fees and costs, incurred by CSI as a result of any violation of these Service Terms or any illegal acts, fraud, or misconduct in connection with its use of the SMS Services.
10.17 SMS messaging and short code fees set forth in the CSI Supplemental Agreement are subject to change based on rate changes by Network Operators or the SMS Aggregator at any time.
10.18 All U.S. short codes are subject to U.S. common short code administrator approval. All proposed messaging services are subject to each U.S. Network Operator’s approval, which may be withheld in its sole discretion. Typical approval times are between 60 and 90 days. Short code monthly fees commence upon the date of application and not the date upon which the messaging services commence.
10.19 Customer shall be responsible for any fees or expenses charged by the SMS Aggregator related to messaging services provided to or utilized by Customer, including but not limited to connectivity fees (VPN, SMPP, etc.) and technical support fees.
10.20 CSI’s Third-Party Provider for SMS aggregation may transmit Personal Data consisting of phone number, account number and limited transaction data offshore for aggregation. Support services for Third-Party Provider’s hosting and disaster recovery providers may be conducted offshore and Personal Data may be accessed while these services are performed.
10.21 Notwithstanding anything herein to the contrary, CSI has the right to unilaterally change terms in connection with the SMS-related Services (Change in Terms) in response to and only as necessary to comply with changes in Legal Requirements. Customer will be notified via e-mail or other written method, of any Change in Terms before the Change in Terms take effect. Customer’s use of any SMS-related Service after that advance notice period means that Customer has accepted the Change in Terms for all SMS-related Services and has agreed to be bound by the Change in Terms for all SMS-related Services. If Customer does not wish to receive the SMS-related Services under the modified terms, Customer must give CSI notice of termination of all SMS-related Services no later than 30 days after the date of the Change in Terms notification to Customer.
11 Mobile Banking Services
11.1 Mobile Banking Services refers to the Digital Banking Services made available to Customer and Clients through or in connection with the CSI native mobile digital banking application (the App).
11.2 Customer shall ensure that the Mobile Banking Services are made available only to Clients who have entered into a Client Agreement containing minimum terms which are consistent with Client terms set out in PART II, Section 2 of these Service Terms.
11.3 Customer acknowledges that certain Digital Banking Services and functionality availed within the Mobile Banking Services may be provided or implemented by Third-Party Providers. Mobile Banking Services and functionality may be terminated by such Third-Party Providers at any time, in which case, CSI shall promptly notify Customer and shall use commercially reasonable efforts to implement replacement Third-Party Services as soon as reasonably practicable, however, CSI does not guarantee a workaround or replacement Third-Party Provider.
11.4 Upon request, Customer agrees to ensure its Clients maintain the most recent release of the App on their mobile device to maintain compatibility. CSI will have no liability arising out of or relating to a Client’s use of an unsupported version of the App or an unsupported or incompatible mobile operating system. Certain Mobile Banking Service updates or upgrades may be automatically downloaded.
11.5 Any open source or other software included in the Mobile Banking Service is licensed subject to the additional terms of the applicable open source or other license conditions and/or copyright notices that may be made available to Customer upon written request, or in other documentation or materials accompanying the Mobile Banking Service.
11.6 Customer shall ensure its privacy policy and related Client disclosures satisfy the requirements, policies, practices and procedures required by the Google Play store, the Apple App Store, or other applicable channels through which the App may be distributed and shall comply with the Code of Conduct for Mobile Marketing promulgated by the Mobile Marketing Association, as amended from time to time. The current Code is located at: www.mmaglobal.com/policies/code-of-conduct. Customer acknowledges that its adherence to the requirements of the Google Play Store, the Apple App Store, or other App distribution channel shall constitute a Dependency and that failure to do so may result in the removal of the App from such channel and/or Client mobile devices. CSI shall have no liability or responsibility for and Customer holds CSI harmless from any actions taken by Google Play, the Apple App Store, or other App distribution channels.
11.7 CSI may, upon notice to Customer, suspend any or all of the Mobile Banking Service functionality or features at any time in the event that: (i) CSI is obliged or advised to comply with an order, instruction, directive or request of a mobile network carrier which requires it to do so, in the reasonable judgment of CSI; or (ii) one or more of the mobile network carriers or any other third-party upon which the provision of the Mobile Banking Services hereunder is dependent suspends its provision of those services to CSI.
11.8 CSI may change, discontinue, or deprecate support for a third-party push notification platform at any time.
11.9 In the event Customer subscribes to Mobile Banking Services and it concludes for any reason prior to a 36-month period from the go-live commencement of the Apple Watch Mobile Banking Service supporting Apple Watch and the Apple Watch-related Services are terminated for any reason prior to the end of the 36th month following Production Launch of the Apple Watch-related Services, then Customer will be obligated to pay an Apple Watch reconciliation fee equal to the product of (i) the contracted monthly fees for the Apple Watch-related Services as set out in the CSI Supplemental Agreement and (ii) 36 less the number of months elapsed between Production Launch of the Apple Watch-related Services and the effective date of termination. This reconciliation fee shall be in addition to and shall not limit any other termination fees and obligations, Deconversion fees, or other payments due under the Agreement, the CSI Supplemental Agreement, or these Service Terms.
12 Remote Deposit Capture (RDC) and Mobile Check Deposit (MCD) Services
12.1 Remote Deposit Capture (RDC) Services enable authorized Clients to initiate electronic deposits using a document scanning hardware and related software.
12.2 Mobile Check Deposit (MCD) Services enables Customer’s Clients to initiate electronic deposits using the document scanning capabilities native to certain mobile devices.
12.3 RDC and MCD Services are furnished by CSI in reliance upon Third-Party Providers. Customer may select its preferred Third-Party Provider for RDC and MCD Services which will be confirmed in Attachment 1 to the CSI Supplemental Agreement.
12.4 Customer will ensure that prior to using the RCD or MCD Services all Clients shall enter into a Client Agreement which includes all terms, conditions, and disclosures the Customer deems necessary or advisable under any applicable law and regulations in accordance with Customer’s own independent judgement.
12.5 Customer will be responsible for record retention and for compliance with all applicable statutes and regulations with respect to the retention and reproduction of all documents and records related to the RDC and MCD Services.
12.6 Customer acknowledges that CSI exercises no control whatsoever over the content of the information passing through the RDC or MCD Services and that it is the sole responsibility of Customer to ensure that the information it and its Clients transmit and receive is accurate and complies with applicable law and regulation. Neither CSI nor its Third-Party Provider shall have any responsibility for correcting erroneous or fraudulent information transmitted by Customer or Clients in connection with the RCD or MCD Services.
12.7 All devices, hardware, and third-party software used in connection with RCD or MCD Services must meet minimum standards, specifications, and criteria as prescribed by CSI and its Third-Party Provider and must have access to adequate internet/network connectivity.
12.8 Customer shall be responsible for and manage all Client interactions related to RDC Services. Customer will (i) contact the Client to establish the installation time for RDC hardware and software; (ii) provide telephone based support for installation, questions and issue escalation; (iii) provide Client training; (iv) provide project management resources for initial Client installation; (v) identify primary and back-up contacts for the day-to-day operational process management; and (vi) retrieve files and reports from an SFTP server in accordance with the processing schedule.
12.9 Clients may scan items and submit electronic deposits anytime excluding identified system maintenance periods. Items submitted by Clients will be delivered to the Customer in the next available file delivery as defined by an established processing schedule. Back-end processing of items received by Clients, including MICR line correction, X9.37 or X9.100 (or similar) clearing files, and reports showing deposit totals and transaction information may either be transmitted by CSI to the Customer or retrieved by the Customer.
12.10 NEITHER CSI NOR ITS THIRD-PARTY PROVIDER CAN CONTROL THE FLOW OF DATA TO OR FROM CSI’S THIRD-PARTY PROVIDER’S NETWORK AND OTHER PORTIONS OF THE INTERNET. SUCH FLOW DEPENDS IN LARGE PART ON THE PERFORMANCE OF THE INTERNET SERVICES PROVIDED OR CONTROLLED BY THIRD PARTIES. AT TIMES, ACTIONS OR INACTIONS OF SUCH THIRD PARTIES CAN IMPAIR OR DISRUPT CUSTOMER’S OR CLIENTS’ CONNECTIONS TO THE INTERNET (OR PORTIONS THEREOF). ALTHOUGH CSI WILL USE COMMERCIALLY REASONABLE EFFORTS TO TAKE ALL ACTIONS IT DEEMS APPROPRIATE TO REMEDY AND AVOID SUCH EVENTS, NEITHER CSI NOR ITS THIRD-PARTY PROVIDER CAN GUARANTEE THAT SUCH EVENTS WILL NOT OCCUR. ACCORDINGLY, CSI AND ITS THIRD-PARTY PROVIDER DISCLAIM ANY AND ALL LIABILITY RESULTING FROM OR RELATED TO SUCH EVENTS.
12.11 Customer’s security practices and programs relating to the RCD and MCD Services are subject to review by CSI’s Third-Party Provider at any time. Customer agrees to engage directly with the Third-Party Provider concerning such practices and programs and to make (at its sole expense) such updates to its practices and programs as the Third-Party Provider may reasonably require or prescribe. In the event CSI’s Third-Party Provider and Customer cannot mutually agree to any such updates and any corresponding fees within a 60-day period, CSI may terminate the RDC or MCD Service with the Customer. In the event of such termination, any deconversion fees and other termination fees associated with the RCD and MCD Services shall be due.
12.12 MITEK MiSnap™ is a mobile device software developer kit that allows Customers to integrate MITEK MiSnap™ with mobile device image capture applications in order to provide automatic image capture, document imaging, intelligent character and image recognition and document analysis. The Customer acknowledges the following if purchasing MITEK MiSnap™: The MITEK MiSnap™ Service feature set will be provided as an additional service under the limited license to provide the mobile device software developer kit that allows users to integrate MITEK MiSnap™ with mobile device image capture applications to provide automatic image capture, document imaging, intelligent character and image recognition, and document analysis. New features rendered through the MITEK MiSnap™ platform, such as multiple check capture, drivers’ license capture and other optional services, will be subject to additional fees. As a condition to the implementation and use of the MITEK MiSnap™ Service, Customer shall be required to complete a certification process, which will be conducted at CSI’s Third-Party Provider’s direction, addressing and encompassing the implementation training and use of MITEK MiSnap™. When Customer purchases the MITEK MiSnap™ Service, in addition to the licenses granted in the Agreement, the Customer is granted a limited, non-transferable, non-exclusive, non-sublicensable right to sublicense MlTEK MiSnap™ to Customer subcontractors who provide product integration and support services to Customer; provided, however, that: (i) such sublicense may only be used in connection with accessing and using the SmartPay Ensenta Remote Deposit Capture Service including MITEK MiSnap™ for the Customer in accordance with the license rights conferred under the Agreement ; (ii) the subcontractors must agree to be bound by the terms of these Service Terms and the Agreement, to the extent applicable; and (iii) use of MITEK MiSnap™ as granted herein shall only be in conjunction with the SmartPay Ensenta Remote Deposit Capture Service. Customer shall be responsible for the breach of any terms these Service Terms by its subcontractors.
12.13 If, in connection with the RDC or MCD Services, the Third-Party Provider provides notifications to Customer Vendors supporting fraud monitoring, Customer is solely responsible for all communications, responses, and actions in relation to such notifications. To the extent that Customer’s subscription provides for such reporting, Customer hereby authorizes and directs the Third-Party Provider to provide the fraud analytics data to the applicable Customer Vendor. Neither CSI nor its Third-Party Provider makes or extends any separate product warranties, guarantees, indemnities or liabilities with respect to the fraud monitoring services provided by a Customer Vendor. Without limiting the foregoing, upon transmission by Third-Party Provider of fraud analytics data to the Customer Vendor, the Customer Vendor is solely responsible for the disposition of such data and any resultant actions or inaction.
12.14 If the Customer is a non-bank or otherwise uses a third party as the ‘depository bank’, as such term is defined in the Check for the 21st Century Act, Customer will facilitate, at CSI’s request, a separate cash letter agreement directly between the Third-Party Provider and Customer’s depository bank prior to certain RDC Services being made available to Customer or Clients. Customer additionally authorizes the Third-Party Provider to send the data files generated in connection with the remote deposit capture services on behalf of Customer to the depositary bank.
13 Family Banking
13.1 BaaS Institution means Community Federal Savings Bank or an alternative or successor financial institution which functions as the primary depositary Customer for Greenlight accounts and is the issuer of Greenlight debit cards, and with whom Greenlight maintains a banking-as-a-service relationship.
13.2 Customer means the adult end user member/customer of Customer who is registered for the GL Services.
13.3 Greenlight means CSI’s Third-Party Provider, Greenlight Financial Technology, Inc.
13.4 NPI means any information which constitutes “non-public personal information” under the Graham-Leach-Bliley Act (15 U.S.C § 6801) and its implementing regulations.
13.5 Customer and CSI agree that the Family Banking Services include a limited integration to technologies and related services provided by Greenlight. Greenlight provides direct-to-consumers services which may include, without limit, web and mobile applications which enable adults to originate, fund, and service debit cards and associated accounts for minor children (GL Services). The Family Banking Services consist of (i) a link which directs a Client from the CSI Digital Banking Platform to a Greenlight web application which then enables the Client to register for GL Services; (ii) an API integration to the GL Services which enables Clients to view limited information related to the GL Services within the Mobile Banking Services experience; (iii) a link within the Mobile Banking Services App which transfers the Customer to a Greenlight mobile application for the purposes of accessing additional information and account/card servicing features and functions; and (iv) such other features and functions as CSI may choose to make generally available in iterative releases of the Mobile Banking Services.
13.6 Customer acknowledges and agrees that the GL Services are distinct from and not included within the Family Banking Services or any other Digital Banking Services. Customer and CSI agree that CSI shall have no contractual or other liability and no operational responsibility for the performance of the GL Services and that each individual Customer who uses the GL Services will be required to establish a direct customer relationship with Greenlight which shall be subject to Greenlight’s standard end user terms and conditions. Customers must register for the GL Services, establish and fund a valid Greenlight account, and enter into all required and related agreements in order to utilize the GL Services and, by extension, the Family Banking Services. Greenlight or its designee will provide all direct end-user support required in connection with the GL Services.
13.7 Customer acknowledges and agrees that Greenlight maintains a banking-as-a-service relationship with the BaaS Institution, which functions as the primary depositary Customer for Greenlight accounts and is the issuer of Greenlight debit cards. Customer acknowledges and agrees that its Customers will be required to enter into a cardholder agreement and any required ancillary agreements with the BaaS Customer. Subject to Greenlight’s discretion and in the event that Customer desires to enter into an arrangement whereby it holds deposits associated with Greenlight accounts, then Customer may be required to enter into a further agreement directly with Greenlight and/or a receive agreement, sweep agreement, or similar agreement directly with the BaaS Institution.
13.8 To the extent that Clients furnish data directly to Greenlight through the Greenlight registration web application, the Greenlight mobile application, the GL Services, or any other channel, then as between Greenlight, CSI, and Customer, such data shall belong to Greenlight subject to the provisions of its direct agreement with the Client and its then-current privacy policy. As such, Greenlight shall have no obligations to Customer or CSI in connection with such data. For the avoidance of doubt, the fact that data is provided to Greenlight by Clients will not affect the ownership of data distinctly or separately provided directly to Customer or CSI. Ownership of such data shall be subject to the provisions of the Master Agreement between CSI and Customer. Customer acknowledges and agrees that no NPI or other personal information of Clients will be furnished to Greenlight through the API integration between the Family Banking Services and the GL Services.
13.9 CSI MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, REGARDING THE GL SERVICES, AND SPECIFICALLY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND/OR FITNESS FOR A PARTICULAR PURPOSE. CSI DOES NOT WARRANT THAT THE GL SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE AND EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY AND REPSONSIBILITY FOR THE GL SERVICES.
13.10 Customer shall indemnify, defend, and hold CSI harmless from and against any and all Losses arising in connection with the GL Services, including, without limit, claims by Clients related to the GL Services, except to the extent such losses are proximately caused by the Family Banking Services.
13.11 NOTWITHSTANDING ANYTHING TO THE CONTRARY WITHIN THE MASTER AGREEMENT WITH CSI, CSI’S MAXIMUM AGGREGATE LIABILITY IN CONNECTION WITH THE CSI FAMILY BANKING SHALL BE LIMITED TO THE AMOUNTS PAID BY CUSTOMER FOR THE CSI FAMILY BANKING SERVICES IN THE SIX (6) MONTHS PRECEDING THE CLAIM UNDER WHICH THE LIABILITY ARISES.
13.12 Customer acknowledges and agrees that nothing in the Agreement conveys any right or interest in or any permission to use Greenlight trademarks, tradenames, trade dress, or other Greenlight intellectual property. Any advertising, marketing materials, promotional announcements, press release or other business generating communication to be issued or utilized by Customer related to the GL Services or the Family Banking Services must be approved in advance by both Greenlight and CSI.
13.13 Greenlight may provide Customer with the ability to offer Clients a co-branded Greenlight mobile application which includes Customer’s logo or other theming. In such cases, Customer shall be responsible for providing Greenlight with specification and materials necessary to configure the co-branded application. Any such co-branded application shall constitute GL Services and not CSI Family Banking Services. CSI shall have no liability for Greenlight’s use of Customer logos or branding or other materials.
14 My Credit Score
14.1 Customer shall comply with all applicable law (including all applicable export laws, rules and regulations of the United States) in Customer’s use of the My Credit Score Services and in Customer’s making available the My Credit Score Services to Clients. Customer will not import or export any My Credit Score Services in violation of any applicable law.
14.2 If Customer wishes to implement a single sign-on integration (SSO) whereby registered Users may access some (but not all) of the My Credit Score Services after authenticating via the Application Services or another Customer-specified channel, then Customer agrees that: (i) Customer will (and will require its authorization partner, if any) to cooperate with Third-Party Provider in the implementation of the SSO; (ii) Neither CSI nor its Third-Party Provider will be responsible for any costs incurred by Customer in implementing the SSO; Customer will provide to the Third-Party Provider any and all Client data and other information reasonably required by the Third-Party Provider to permit Clients to access the My Credit Score Services through the TPP Site via SSO including, without limitation: name, user name (or user ID number), home address (at which such Client currently resides), date of birth, social security number, email address and phone number; and (iii) Clients may continue to access the My Credit Score Services directly through the TPP Site, even if SSO has been implemented via other authentication channels.
14.3 Customer represents and warrants that it has obtained all requisite permissions and consents from Clients in compliance with applicable law and Customer’s stated privacy policy in order to provide Client data to CSI and its Third-Party Provider.
14.4 CSI and its Third-Party Provider disclaim any and all warranties of any kind, express, implied, statutory or otherwise, including any warranties of merchantability, fitness for a particular purpose, title, non-infringement, freedom from computer viruses and all warranties arising from a course of dealing course of performance or usage of trade. Customer agrees that Third-Party Provider shall have no direct obligation or liability to Customer.
14.5 Customer Agrees that CSI’s Third-Party Provider is the intended direct third party beneficiary of the terms of this Section 14 of these Service Terms, and that the Third-Party Provider shall have the right to enforce such terms directly against Customer and seek damages and remedies directly from Customer for any breach by Customer of such terms.
14.6 As part of the My Credit Score Services, Customer may (but is not required to) enable the display of offers for financial services, such as an offer to obtain a new or refinanced car loan, credit card, personal loan, mortgage or other type of financing, (Offers) to Clients through the My Credit Score Services based on criteria determined by Customer in its sole discretion. Customer represents and warrants that all criteria used in establishing Offers and evaluating Clients to determine their qualifications for Offers shall comply with applicable law. For each Offer extended through the Branded Website, Customer will provide the following information: (i) type of product, applicable APRs; (ii) credit score or range for each lending product; (iii) applicable demographic eligibility criteria; and (iv) applicable disclaimers or disclosures, if required.
14.7 For each Client who has (a) affirmatively indicated that he/she would like to be contacted about an Offer for which he/she appears to qualify, or (b) otherwise granted unrevoked permission to the Third-Party Provider to provide personal information about such Client to Customer relating to Offers, CSI’s Third-Party Provider may provide the following contact information to Customer: specified offer, name, username (or member ID number), home address, email address, phone number and any other mutually agreed information about such Client (Client Offer Data). Client Offer Data may be transmitted by the Third-Party Provider either immediately through a loan origination services provider and/or via a file which is transmitted to Customer on a daily/weekly/monthly basis, as agreed by the parties. The Third-Party Provider shall not be required, and shall not, provide the credit score, financial account numbers or other financial information about such Clients to Customer. Additionally, neither CSI nor its Third-Party Provider guarantees that Clients who appear to be qualified for Offers made available by Customer do in fact qualify or will in fact be approved for such Offers after having formally applied with Customer for such Offers. Customer hereby agrees that it shall use the Client Offer Data solely for purposes of communicating with Clients about the specified Offer, that it shall not further disclose or distribute such Client Offer Data, and that it shall not contact any Clients who have subsequently requested not to be contacted in connection with Offers.
14.8 For each Client who has affirmatively indicated that he/she would like to be contacted by Customer about programs or promotions, the Third-Party Provider may provide the following contact information to Customer: name, item about which the Client wishes to be contacted, username (or member ID number), home address, email address, phone number and any other mutually agreed information about such Client (Client Follow Up Data). The Third-Party Provider shall not be required, and shall not, provide the credit score, financial account numbers or other financial information about such Clients to Customer. Customer hereby agrees that it shall use the Client Follow Up Data solely for purposes of communicating with the Client about the specific issue for which the Client requested to be contacted, that it shall not further disclose or distribute such Client Follow Up Data, and that it shall not contact any Clients who have subsequently requested not to be contacted.
14.9 In order for the Third-Party Provider to provide the Offer engine portion of the My Credit Score Services, Customer must make available no less than 1 Offer, so that all Clients may be evaluated by the Third-Party Provider based on the criteria for such Offer to determine if they appear to be qualified for such Offer.
14.10 Customer agrees that it may not use Clients’ credit scores provided to Customer through the My Credit Score Services (or any implied credit data of such Clients) for the purpose of extending any credit approval to Clients. However, Customer may use credit scores and other information obtained from the My Credit Score Services to identify Clients who appear to qualify for Offers (Prequalify), provided that final credit approval will be subject to Customer’s underwriting requirements and a hard inquiry of such Clients’ credit reports.
14.11 Customer acknowledges that Customer’s timely provision of assistance, cooperation, and complete and accurate information and data from Customer’s officers, agents and employees as is reasonably requested by CSI and its Third-Party Provider (collectively, Cooperation) is essential to the performance of the My Credit Score Services and constitutes a Dependency. CSI and its Third-Party Provider will not be liable for any deficiency, delay or failure in performing the My Credit Score Services if such deficiency, delay or failure results from Customer’s failure to provide Cooperation as required hereunder. Cooperation includes, but is not limited to, designating a project manager to interface with the Third-Party Provider during the course of the implementation and delivery of the My Credit Score Services as well as conducting reviews and providing feedback as requested by the Third-Party Provider. CSI and its Third-Party Provider shall have the unrestricted right to use or incorporate into the My Credit Score Services any suggestions, enhancement requests, recommendations or other Feedback provided by Customer and/or Clients, without any obligation or liability to Customers and/or Clients.
14.12 Client Analytics means any data provided by the Third-Party Provider as part of the Analytics services portion of the My Credit Score Services and includes Client Offer Data and Client Follow Up Data. Customer may use Client Analytics for the sole purpose of Prequalifying Clients and marketing and following up on Offer(s) made to Clients. Customer may not use Client Analytics (or any implied credit data of such Clients) for the purpose of extending credit approval to Clients. Client Analytics data sets may be used for a maximum period of 30 days after the date on which the Client Analytics data was generated. Thereafter, only new Client Analytics may be used by Customer. Client Analytics may no longer be used by Customer for any individual who ceases to be a Client of Customer.
14.13 The Third-Party Provider may avail Client Analytics on an Analytics services portal (Analytics Portal) associated with the TPP Site. Access to the Analytics Portal will be given solely to current employees of Customer who will be assigned unique Access Credentials by CSI’s Third Party Credit Score Provider. If Customer wishes to provide access to the Analytics Portal to a contractor or any other third party, Customer must obtain CSI’s and its Third Party Provider’s prior written consent and separate Access Credentials for each such approved third party (Approved Third Party). Customer will be fully responsible and liable for all storage, use and disclosure of all the Client Analytics by Customer, its authorized employees and Approved Third Parties and agrees to manage and, where appropriate, revoke access to Client Analytics from such employees and Approved Third Parties. Customer will be responsible for maintaining the confidentiality of all Access Credentials and agrees not to (and to require such employees and Approved Third Parties who are provided with unique Access Credentials not to) transfer, share, disclose or resell such Access Credentials to any third party. Customer will immediately notify CSI and its Third-Party Provider of any unauthorized use of any of Access Credentials, unauthorized access to the Analytics Portal through its account, or any other breach of security related to its account or the Analytics Portal. Customer will be liable and responsible for any loss or damage arising from Customer’s failure to comply with any of the foregoing obligations.
14.14 Upon Customer’s request, and subject to CSI’s approval, Customer may elect to manage authentication of the identity of Clients who are provided access to the My Credit Score Services, provided that: (a) Customer represents and warrants that it is a regulated financial institution and that the protocol used by Customer to verify the identities of Clients (Authentication Protocol) has been accepted or permitted by its regulators and is in compliance with applicable law; (b) within ten (10) business days after request of CSI’s Third Party Credit Score Provider, Customer will provide written verification of Customer’s Authentication Protocol; (c) Customer will comply with any current and future additional requirements of CSI’s Third Party Provider and applicable credit bureaus pertaining to Client authentication; and (d) CSI’s Third Party Provider may reasonably discontinue Customer-managed authentication of Clients by written notice. Customer will indemnify and hold harmless CSI and its Third Party Provider from and against any claims, expenses, costs and liabilities arising from Customer’s management of Client authentication.
14.15 Customer will promptly notify CSI in the event that Customer is involved in a merger, business combination, or other transaction which results in organic growth in Clients or Users. Upon request, Customer will certify the updated number of Clients and Users, if any, resulting therefrom and acknowledges that changes in total Clients or Users may result in a recalculation of fees and costs.
14.16 Customer acknowledges and agrees that CSI’s Third Party Provider may modify the terms and conditions applicable to the My Credit Score Services from time to time, with no less than thirty (30) days’ written notice to Customer, which modified terms will become effective upon the stated effective date of such notice to Customer.
15 Zelle®
15.1 Zelle Services means the person-to-person (P2P) payments Services incorporated into the Digital Banking Service and which enable Users to send and receive money directly between enrolled Accounts using an email address or U.S. mobile number via the Zelle network.
15.2 Account means a checking, savings or money market account from which Zelle person-to-person payment transactions are initiated.
15.3 Subscriber means a Client who has registered to access and use the Zelle Services.
15.4 Payee means a party to whom a Subscriber has initiated and authorized a payment from its Account through the Zelle Services.
15.5 Receiver means a natural, individual person who receives a request for payment through the Zelle Services.
15.6 Recipient a person other than the designated Subscriber to whom a Subscriber transfers funds and provides the required account information to allow such transfer.
15.7 Requestor means a natural, individual person who sends a request for payment to a Receiver through the Zelle Services.
15.8 Transaction Loss means a loss that occurs because the associated transaction was rescinded as unauthorized or has been returned and is uncollectable.
15.9 Zelle Data shall mean: (a) the Subscriber’s, Recipient’s, Receiver’s or Requestor’s name, e-mail address, zip or postal code; and (b) Account information (e.g. financial data, user identification, login and password and personal information including without limitation birth date, IP address and social security number) as well as the ABA Routing and Transit Number that are specific to an Account.
15.10 Zelle TPP(s) shall mean the Third-Party Providers supporting the Zelle Services, including Fiserv, Inc., and Early Warning Services, LLC.
15.11 Customer and its Subscribers shall follow CSI’s and the Zelle TPPs’ standard operating procedures, including without limitation security procedures, with respect to use of the Zelle Services. Customer shall reasonably cooperate with the Zelle TPPs’ risk procedures by, without limitation, (i) promptly responding to reasonable requests to verify account ownership or any fraud investigation with respect to an account held at Customer, regardless of the transaction origin; (ii) promptly sending returns information to the Zelle TPP via an ACH returns file, chargeback process, or daily batch feeds, as mutually agreed; (iii) requesting and obtaining a written statement of unauthorized debit signed and completed by its claimant or Subscriber prior to initiating a debit return pursuant to the ACH Rules. In the event that a Zelle TPP has to provide a letter of indemnity, hold harmless letter or related documentation (each an LOI) to another financial institution to recover Transaction Losses and there is a claim made under the LOI, then Customer shall be responsible for all amounts relating to such claim, including without limitation, the settlement amount and attorneys’ fees.
15.12 Customer shall only make the Zelle Services available to Subscribers for use with U.S.-based Accounts. Account holders are required to have U.S. domestic addresses and U.S. domestic mobile numbers for use with the Zelle Services. Payments via debit card networks are only available in the 50 states of the United States and the District of Columbia.
15.13 Customer acknowledges that with respect to Zelle Services transactions, the Subscriber or Customer is the Originator under the ACH Operating Rules.
15.14 Neither CSI nor the Zelle TPPs shall have liability or further obligations relating to any delays, inaccuracies or incomplete Zelle Services caused by the failure of Customer to properly or timely meet its obligations or requirements.
15.15 Customer shall comply with all laws, rules, regulations, statutes, regulations (and any interpretations thereof and rules promulgated thereunder) and industry requirements applicable to receiving and using the Zelle Services, including without limitation the USA Patriot Act, Regulation E of the Electronic Fund Transfer Act, the federal Bank Secrecy Act, the NACHA rules, the ACH rules, federal and state laws and regulations and industry requirements relating to electronic funds transfers, federal and state laws and regulations relating to money transmission, currency reporting and the prevention of money laundering and any applicable rule or regulation issued by a regulatory body, including the U.S. Office of Foreign Assets Control and the bylaws and operating regulations of any payment network or organization through which transactions are being processed, to enable it to offer and provide any payment or money transfer-related services to Subscribers, and to otherwise register and activate Subscribers to make use of any such services, including, but not limited to, any necessary pre-registrations, consents and authorizations from and notices to its Subscribers. Customer shall maintain all records and prepare and file any necessary forms, reports or other documentation, including without limitation, suspicious activity reports or currency transaction reports required to be filed in accordance with laws applicable to Customer. Customer will immediately notify CSI and the Zelle TPPs of instances of suspected fraud, money laundering, terrorist financing, or other illegal activities determined within Customer’s reasonable discretion and involving the Zelle Services.
15.16 Customer shall obtain any necessary consents or provide any necessary notices and disclosures to Subscribers in accordance with such laws, rules, regulations and requirements, including consents with respect to the use of any data regarding Subscribers including without limitation a Subscriber’s name, e-mail address, zip or postal code, account information (e.g. financial data, user identification, password and/or personal information number, as well as the ABA Routing and Transit Number that are specific to a Subscriber’s account) and usage statistics. As part of the Zelle Services, neither CSI nor the Zelle TPPs shall be responsible for authenticating Subscriber credentials for access to the Zelle Services.
15.17 Customer will enter into a written agreement regarding the Zelle Services with Subscribers (Terms of Service) which may be incorporated into a Client Agreement. Customer acknowledges that the Terms of Service are between Customer and its Subscribers. Terms of Service must include (i) disclaimers of incidental, indirect, consequential, special, punitive, and exemplary damages; and (ii) quantified limitations on direct damages that, with respect to both (i) and (ii), may be claimed or alleged by such Subscribers arising out of or relating to the Zelle Services. Such disclaimers and limitations must extend to Customer’s third-party suppliers or providers (but do not need to specifically reference CSI or its Third-Party Providers by name). Customer will enforce such disclaimers and limitations in claims, lawsuits and proceedings brought by its Subscribers. Customer shall disclose in the Terms of Service that (i) Customer is the sole party liable to Subscribers for transfers conducted using the Zelle Services; and (ii) as between the Customer and the Subscribers, Customer is solely liable to Subscribers, Recipients and Receivers to the extent any liability attaches in connection with the Zelle Services.
15.18 Customer shall not make any representation, warranty, or other legally binding commitments on behalf of CSI, the Zelle TPPs, or any of their respective affiliates or suppliers.
15.19 Customer shall obtain the right for the Zelle TPPs to conduct standard credit screening as permitted under applicable law and regulations on Subscribers for purposes of authentication, conducting risk assessments, and setting risk parameters and transaction limitations in connection with a Subscriber’s use of the applicable Zelle Services.
15.20 CSI and the Zelle TPPs may use any Customer trademarks, internet domain names, web addresses, telephone numbers, trade dress, service marks and/or trade names (including, without limitation, logos and slogans) for the purposes of providing the applicable Zelle Services. CSI and the Zelle TPPs may display Customer’s name and any logos or similar brand features in a list of customers for the Zelle Services on the Zelle website or any successor personal payments service website.
15.21 Customer and/or any Subscriber shall not: (a) transfer or otherwise sublicense the right to use the Zelle Services; (b) attempt to copy or otherwise reproduce the Zelle Services; (c) attempt to access, decompile, reverse engineer or otherwise derive the source code for the Zelle Services; (d) resell or use the Zelle Services for the benefit of any other financial institution or other entity; or (e) alter, remove or fail to include any copyright notice or other proprietary rights notices that appear on any user interfaces related to the Zelle Services or authorized reproductions thereof.
15.22 For any Access Credentials provided to Customer to enable Customer to access data within the Zelle TPPs’ systems, Customer agrees to, (a) take reasonable steps to safeguard the confidentiality and security of the Access Credentials; (b) limit access to credentials to persons who have a need to know such information; (c) establish and monitor internal procedures which limit one (1) user ID to an authorized Customer representative and otherwise prevent the sharing of credentials; (d) notify CSI immediately if Customer has any reason to believe the security or confidentiality required by this provision has been or may be breached; and (e) change any passwords that are part of the Access Credentials immediately if Customer knows or suspects that the confidentiality of the Access Credentials has been compromised in any way.
15.23 Subject to Customer’s compliance with the obligations in this Section 15, CSI may provide Customer with access to an online database containing Recipient information (e.g., name and bank name) in connection with the Zelle Services. Customer agrees to access the database only: (a) to effect, administer, or enforce transactions that result from the Zelle Services; (b) to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability related to the Zelle Services; (c) for internal audit and regulatory examination purposes; (d) to resolve consumer disputes or inquiries involving transactions that result from the Zelle Services, or (e) as permitted to access certain Subscriber and transaction information in CSI’s possession and shall only use the Recipient information of non-Subscriber users within such database to complete Zelle Services transactions and for regulatory purposes. Customer will limit access to such database to its trusted employees and shall closely and regularly monitor such employees’ use of such database to ensure compliance with this provision. Customer will protect the database from security breaches at Customer by establishing, maintaining and updating policies, procedures, equipment and software that are designed to safeguard the security and integrity of the Customer computer systems used to access the database.
15.24 Customer shall not sue or initiate any other proceeding against or naming CSI or the Zelle TPPs in connection with the Zelle Services. If a Zelle TPP is named in a proceeding, Customer shall cooperate in the dismissal or other removal of the Zelle TPP from such proceeding, including without limitation through motion, petition, or other application to the arbitrator or applicable court. In the event of any dispute arising between Customer and CSI relating to Customer’s use of the Zelle Services or any related Services, Customer hereby (i) agrees and covenants that its only recourse shall be a claim against CSI; and (ii) releases and holds the Zelle TPPs harmless from any claims, losses and damages of any kind (including, without limitation, actual, special, indirect, exemplary, incidental and consequential), known and unknown, disclosed and undisclosed, arising out of or in any way connected with such dispute regardless of whether such Zelle TPP was advised of the possibility or likelihood of such damages or costs occurring, and whether such liability is based on contract, tort, warranty, negligence, strict liability, products liability or otherwise (provided that the preceding release in no way limits or diminishes Customer’s right to recover losses and damages from CSI; which shall be subject to any limitations of liability in Customer’s agreement with CSI and in no way limits or diminishes CSI’s right to recover losses and damages from the Zelle TPP arising out of or in any way connected to such dispute (such losses and damages are subject to the liability limitations in the agreements between CSI and the Zelle TPP). Customer further agrees to waive, release and relinquish all rights, benefits and protections under the provisions of any state law limiting or prohibiting a general release under the law governing its Agreement, or in the event a court does not enforce the governing law clause in its Agreement with CSI, under applicable state law, including without limitation California Civil Code § 1542 and any similar statutes.
15.25 Customer shall determine and be responsible for the completeness, authenticity and accuracy of all information submitted to the Zelle TPPs’ systems.
15.26 Customer is required to access, use, and avail the then-current commercially-available release of the Zelle Services. Customer shall take such action as may be required by CSI or the Zelle TPP to transition to successive releases of the Zelle Services.
15.27 The Zelle TPPs and their service providers may use Zelle Data for the performance of the Zelle Services, as permitted by the Gramm-Leach-Bliley Act (GLBA), its implementing regulations and other applicable laws, including (without limitation) any use to effect, administer or enforce a transaction or to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability. If Recipients, Receivers or Requestors enter into direct contractual relationships with the Zelle TPPs, then the Zelle TPPs shall also have the right to use the Zelle Data associated with such parties pursuant to such relationships. Provided that the source of the information is not disclosed and the information is used in conjunction with other independent information, the Zelle TPPs may use Zelle Data for the performance of the Zelle Services and may use, store and disclose Zelle Data and other such information acquired in connection with the Zelle Services in statistical form in aggregate form for pattern recognition, modeling, enhancement and improvement, system analysis and to analyze the performance of the Zelle Services. The Zelle TPPs may supply Zelle Data to any law enforcement agency if the Zelle TPPs or their clients have suffered or may reasonably be expected to suffer a loss as a result of fraudulent or suspicious activity performed by the Subscriber, Recipient, Receiver or Requestor. Customer will identify a representative as a point of contact or a subject matter expert if such law enforcement agency requires supplementary information on such Subscriber, Recipient, Receiver or Requestor. In accordance with applicable law, the Zelle TPPs may also retain all Zelle Data during and after termination of the Zelle Services for audit, regulatory compliance, risk management purposes or as otherwise permitted by applicable law and regulations and/or to the extent it is required to do so in connection with payment network or organization rules and regulations or similar applicable industry requirements. Customer will obtain sufficient authority and consent from Subscribers to transmit and disclose their Zelle Data to the Zelle TPPs for the purposes set forth herein. Without limiting anything herein or any provisions of the Agreement, for the avoidance of doubt, the parties hereby agree that the Zelle Data is Customer information for purposes of the GLBA and its implementing regulations and guidance.
15.28 Customer consents to the Zelle TPP’s disclosure of the Zelle Data to its supplier(s) in connection with the verification and authentication of Subscribers. Customer acknowledges that such verification and authentication services are proprietary and confidential and shall be treated as Confidential Information under the Agreement. Customer grants to the Zelle TPPs and their applicable supplier(s) a non-exclusive, non-transferable, except as provided herein, right to use, copy, store, modify and display the Zelle Data to the extent necessary to provide the Zelle Services pursuant to its Agreement. Customer will obtain all necessary Subscriber agreements or consents as may be reasonably required to grant such license rights to the Zelle TPPs and its suppliers.
15.29 Customer shall at all times remain responsible for making any consumer whole in connection with any failure to transmit money through the Zelle Services, subject to any rights of recovery Customer may have against Subscriber or CSI, CSI’s Third-Party Provider, or any other party. As between the Customer and Subscribers, Customer will be solely liable to Subscribers for completion of Zelle Services transfers by payment of good funds in the correct amount and in a timely manner to the Recipient’s bank account (regardless of whether the bank account information was provided by Subscriber or collected from the Recipient). Customer is the “financial institution” for purposes of compliance with the Electronic Fund Transfer Act (EFTA), as implemented by Regulation E, including with respect to obligations under Section 910 of the EFTA.
15.30 Customer will promptly work with CSI to analyze the cause of any Transaction Losses and to take appropriate measures to remedy their cause. If CSI or the Zelle TPPs (a) identify a sudden unanticipated increase in Transaction Losses and believes it prudent to take immediate action to reduce limits; or (b) identify an unanticipated risk increase as to an individual Subscriber, then as to each of the preceding cases, CSI or the Zelle TPPs shall have the right at any time but not the obligation to (x) reduce limits in an amount and for a duration determined by the Zelle TPPs in their sole discretion, (y) process transactions using a “good funds only” model, and/or (z) suspend the Zelle Services.
15.31 Customer shall promptly cooperate with CSI and provide all reasonable assistance to CSI regarding recovery of any Transaction Loss or any other investigation related to the Zelle Services.
15.32 Neither CSI nor the Zelle TPPs shall be liable for any Transaction Losses incurred by Customer or its Subscribers for the Zelle Services, including but not limited to fraud losses or risk of loss, arising out of the use of the Zelle Services. Liability for Transaction Losses is addressed in the Zelle Network® Participation Rules (Participation Rules). Notwithstanding anything to the contrary in the Agreement, the CSI Supplemental Agreement, these Service Terms, or the Participation Rules, CSI shall be liable to Customer for Transaction Losses only to the extent caused by CSI’s gross negligence, fraud, or willful misconduct.
15.33 If pursuant to the Zelle Services a credit is released and the debit or a portion of any such debit has failed, the Zelle TPPs reserve the right to resubmit for the uncollected portion of such debit. If following resubmission, the debit side remains in a failed status (or is returned for any reason), and the credit side cannot be reversed, the Zelle TPPs shall issue a new debit transaction in the amount of the uncollected portion of such debit. If the Zelle TPPs are unable to recover the uncollected portion of the debit, then the Zelle TPPs may additionally debit any of the Subscriber’s other accounts that are accessible via the Zelle Services to the extent necessary to offset the uncollected portion.
15.34 Customer acknowledges and agrees that the Zelle TPPs have the right to collect the applicable amount from the Subscriber underlying a Transaction Loss and agrees that the Zelle TPPs may (a) collect or attempt to collect directly from the applicable Subscriber any Transaction Loss, and (b) report the circumstances and amounts associated with such Transaction Losses to any credit bureau in accordance with applicable law. If the Zelle TPPs are unable to recover the Transaction Loss from the Subscriber, then Customer shall pay the pass-through cost from the Zelle TPPs for such loss, including chargebacks, upon receiving notice from the Zelle TPPs or CSI, as the case may be.
15.35 Customer will at all times be solely liable to Subscribers for completion of the Zelle Services transactions by payment of good funds in the correct amount and in a timely manner to the Recipient’s bank account (regardless of whether the bank account information was provided by Subscriber or collected from the Recipient) and is the “financial institution” for purposes of Zelle transactions and compliance with applicable laws. Without limiting the preceding sentence, Customer will at all times remain responsible for making any consumer whole in connection with any failure to transmit money through the Zelle Services. Customer will indemnify, defend, and hold harmless and release CSI and the Zelle TPPs and their officers, directors, and employees from and against any claims, actions and other proceedings by a Subscriber to the extent arising out of Customer’s breach of its obligation to make any consumer whole as set forth in this Section. The foregoing indemnification obligation shall not be subject to any limitations on Customer’s liability otherwise set forth in the Agreement.
15.36 Customer understands that all Payee contact is the Zelle TPPs responsibility, and Customer will not contact Payees at any time on behalf of Subscribers.
15.37 Customer shall obtain the right for the Zelle TPPs to use data gathered from confirmed cases of fraud to detect fraud for its other customers.
15.38 Zelle TPP Marks means any and all trademarks, service marks, tradenames, insignias, symbols and logos that are owned or exclusively licensed by the Zelle TPPs and that are designated for use in (or in relation to) the Zelle Services and/or the documentation provided for the Zelle Services. CSI grants to Customer a limited, non-exclusive, nontransferable license during the term to reproduce, use and display the Zelle TPP Marks only in connection with Customer’s promotion, marketing and distribution of the Zelle Services under the Agreement. Customer will adhere to any guidelines regarding the Zelle TPP Marks that CSI provides, the most recent copy of which CSI will provide promptly to Customer upon request. Customer will publish any notices, including any notice of ownership of the Zelle TPP Marks, proprietary notice, copyright notice or restricted rights legend as directed by CSI. The Zelle TPP Marks and all goodwill associated with the Zelle TPP Marks are and shall remain the exclusive property of the Zelle TPPs and these Service Terms give Customer no rights therein except for a limited license as described in this Section. Customer’s reproduction and use of the Zelle TPP Marks inures to the benefit of the Zelle TPPs. The Zelle TPPs may review Customer’s use and display of the Zelle TPP Marks and its marketing and promotional materials for the Zelle Services, and Customer shall comply forthwith upon receipt of any request from the Zelle TPP for such review. In the event that the Zelle TPP or CSI (1) in its reasonable discretion, determines that Customer’s marketing or promotional material or use of the Zelle TPP Marks dilutes or diminishes the Zelle TPP Marks or the goodwill, quality or services associated with Zelle TPPs or with any of the Zelle TPP Marks or is not in accordance with the Zelle TPPs’ direction or guidelines; and (2) notifies Customer of such determination; then (3) CSI or the Zelle TPPs may revoke the license in this Section, unless Customer has satisfactorily resolved the concerns identified in a manner satisfactory to the Zelle TPP within 5 business days after Customer’s receipt of such notice. Customer shall cease to use the Zelle TPP Marks or any other marks or names of the Zelle TPPs upon the termination or expiration of the Zelle Services. Customer shall use the appropriate registered or common law trademark symbols in connection with the Zelle TPP Marks. Customer must not during the term of its Agreement or after its termination, apply for any registration as a trademark, service mark, domain name, business or company name, any word or logo that is the same as or substantially identical with or deceptively similar to any of the Zelle TPP Marks, domain names or business or company names.
15.39 Customer must, at all times, comply with the NOW Network Rules and the Zelle Network Rules, as well as any other applicable Network Rules (e.g., debit card Network Rules). NOW Network Services means the Zelle Services that utilize the NOW Network, which include without limitation Zelle Real-Time Payments. Use of the NOW Network Services is subject to Customer’s participation in the NOW Network. Customer will execute a Real-Time Participation Agreement in connection with Customer’s use of the NOW Network Services, prior to commencement of the Zelle Services. If Customer holds more than $8 Billion in assets in its depository accounts, Customer will also execute a Reseller Participant Agreement – Person to Person (P2P) Payments Service (or the equivalent successor document required by Early Warning) with Early Warning prior to utilizing the Zelle Services. In all cases, Customer will comply with the bylaws and operating rules of the applicable payment networks that Customer utilizes with the NOW Network, which may include without limitation the NOW Network and Debit Card Networks. Neither CSI nor its Zelle TPPs are responsible for the performance, speed, or other acts or omissions of third parties that use the NOW Network or interoperate with the NOW Network.
15.40 NOW Network and Debit Card Network settlements are final except as set forth in the applicable NOW Network and Debit Card Network rules and recovery may not be possible; however, if such applicable rules allow for reversal of funds, the Zelle TPPs will attempt to recover such funds from the destination account. The Zelle TPPs shall not be obligated to comply with the ACH Rules in such recovery efforts or otherwise in connection with NOW Network Services. The Zelle TPPs will choose the method of delivery of NOW Network Service payment via the NOW Network in its sole discretion based on available end points for delivery of such payment. Third party operators of networks that connect to the NOW Network shall not be considered to be subcontractors of CSI or the Zelle TPPs for purposes of the Zelle Services. The Zelle TPPs will choose the Debit Card Networks in which they will participate in their sole discretion.
15.41 For purposes of the Network Rules, Customer agrees that the Zelle TPPs are Customer’s agent as to the Zelle Services. The Zelle TPPs may suspend or terminate the Zelle Services if Customer is in breach of these Service Terms or its Agreement or if the Zelle TPPs determine that Customer does not meet the on-going vetting or due diligence requirements of the Network Rules.
15.42 CSI and the Zelle TPPs shall not be held responsible for any outcome or decision that is rendered in accordance with the Rules. Rules means the business requirements and scoring thresholds provided by Customer in accordance with the Zelle TPPs’ Global Risk Administration System (currently accessible through the Compass Support Tool). For the avoidance of doubt, all services indicated as provided by the Zelle TPPs’ on behalf of Customer to Subscribers (including the collection of required account information of a Receiver or Recipient, whether from the Subscriber, Receiver or Recipient) are provided by the Zelle TPPs solely in their capacity as a service provider for, and on behalf of, Customer. The Zelle TPPs are authorized to rely on data provided by third parties and is not responsible for the accuracy of such data in connection with its performance of the Zelle Services, including without limitation application of the Rules. Customer acknowledges and agrees that: (a) third party data is obtained from databases whose accuracy, timelines and coverage are not guaranteed; (b) the data used to verify an Subscriber is obtained from third parties; (c) the Zelle TPPs do not warrant or guarantee the identity of the Subscriber, but merely receives a result from a supplier (Result) which is derived, in part, from information entered by the Subscriber; (d) the Zelle TPPs will use the Result together with the Customer’s Rules to attempt to verify the identity of the Subscriber; and (e) the Result and related verification and authentication services will be only used for the purpose of verifying the identity of the Subscriber and will not be used, in whole or in part, as a basis for determining the eligibility of an Subscriber for credit, insurance or employment or to take ‘adverse action,’ as defined in the Fair Credit Reporting Act or similar laws. Customer agrees not to copy or retain any authentication questions or the Subscribers’ answers to such questions or use such questions for purposes other than identity verification and Subscriber authentication, except (i) as required by law and (ii) that Customer shall be permitted to use and retain the pass/fail indication returned by the Zelle Services along with any related explanatory information/codes for risk management or other internal purposes permitted by law. Customer agrees not to reverse engineer or create derivative works based on the identity verification and authentication elements of the Zelle Services or the technology used to provide such Zelle Services.
15.43 CSI or the Zelle TPPs may suspend or deny access to Subscribers, Requestors (if applicable), Receivers (if applicable) and/or accounts associated with such Subscribers, Requestors, Receivers and/or any counterparties if it receives any returns from an account associated with them whether with Customer or another financial institution, if CSI or the Zelle TPPs is owed Transaction Losses in connection with the applicable Subscriber, or if CSI or its Third-Party Provider anticipates any potential losses arising from any such account(s), including without limitation due to concerns regarding fraud.
15.44 If CSI or the Zelle TPPs reasonably believe that any Zelle Services, or a Customer’s or any Subscriber’s conduct in using the Zelle Services (including without limitation an Subscriber intentionally initiating fraudulent or unauthorized transfers, account access or violating any agreement under which it has been provided access to the Zelle Services) violates these Service Terms or any applicable laws, rules, regulations or industry standards, or otherwise poses a threat to CSI’s or the Zelle TPPs’ system, security, equipment, processes, intellectual property or reputation (Threatening Condition) and if, in the reasonable and good faith determination of CSI or the Zelle TPPs, the Threatening Condition poses an imminent or actual threat (including without limitation regulatory investigation, inquiry or penalty), CSI may suspend any and all of Customer’s use of the applicable Zelle Services until such Threatening Condition is cured. CSI will promptly notify Customer of such suspension, including the identity of the affected Subscriber(s) as needed, and both parties will use reasonable efforts to cure or cause the correction of the Threatening Condition following such notice. CSI may terminate Customer’s and/or Subscriber’s use of the Zelle Services without further requirement of notice if the Threatening Condition remains uncured more than 30 calendar days after the Zelle TTP notifies CSI and Customer the Threatening Condition.
15.45 If CSI’s agreement with the Zelle TPPs terminates or expires, then provision of the Zelle Services to Customer and Subscribers will automatically terminate without penalty, liability, or further obligation on the part of CSI. CSI will use commercially reasonable efforts to provide Customer with at least 60 days prior written notice of cessation of service. In the event of termination or non-renewal of the Zelle Services with Customer, Customer shall (a) comply with all applicable laws, including laws governing notification of Subscribers prior to discontinuation of the use of the Zelle Services; and (b) remain financially responsible for any transactions returned on any of its Subscribers’ Accounts after the termination date, whether or not the returns are proper and timely. Following receipt of Customer’s written certification of compliance with the foregoing, CSI and the Zelle TPPs will, for a period not to exceed 60 days, continue to process transactions on behalf of Customer that were initiated prior to the effective date of termination (e.g., returns).
15.46 Customer’s use of the Zelle Services is subject to approval of Customer by the Zelle TPPs.
15.47 Customer will include the following provision in its Subscriber Terms of Service for the Zelle Services: “Subscriber authorizes Subscriber’s wireless carrier to disclose information about Subscriber’s account, such as name, billing address, email, phone number, location information, subscriber status, payment method and device details, if available, to Customer and Customer’s service providers to support identity verification, fraud avoidance and other uses in support of transactions for the duration of Subscriber’s business relationship with Customer. This information may also be shared with other companies to support Subscriber’s transactions with Customer and for identity verification and fraud avoidance purposes.” If mobile telephone carriers require that the preceding provision in this Section be revised, then Customer will update such provision and require Customer’s Subscribers to agree to such updated provision within a commercially reasonable period of time.
15.48 Customer will include the following provision in its Subscriber terms of service for the Zelle Services: “Customer may share certain personal information and device-identifying technical data about Subscriber and Subscriber’s devices with third party service providers, who will compare and add device data and fraud data from and about Subscriber to a database of similar device and fraud information in order to provide fraud management and prevention services, and identify and block access to the applicable service or website by devices associated with fraudulent or abusive activity. Such information may be used by Customer and its third party service providers to provide similar fraud management and prevention services for services or websites not provided by Customer. Customer will not share with service providers any information that personally identifies the user of the applicable device.”
15.49 Notwithstanding any fee increase restrictions in the Agreement, CSI shall have the right to pass through all payment network-associated fees (including without limitation from the Debit Card Network and the sponsoring Customer) to Customer for payment. Further, if Early Warning increases its fees or otherwise requires the payment of additional fees in connection with the Zelle Services, then CSI will have the right to pass through such fee increases or additional fees to Customer. If NACHA increases its fees or otherwise requires the payment of additional fees for the use of the Automated Clearing House, then CSI will have the right to pass through such fee increases or additional fees to Customer for payment, without notice or mark-up.
15.50 Receipts for applicable Zelle Services provided to Subscribers by Customer will be provided by Customer and contain contact information for each Customer and no details regarding the Zelle TPPs.
15.51 If Customer provides any content or materials in a format other than the format(s) approved by the Zelle TPPs, CSI reserves the right to charge for any conversion necessary for such content or materials at the Zelle TPPs’ then-current rates; provided, however, the Zelle TPPs are not obligated to make any such conversion.
15.52 Any tiered pricing shall be segmented based on designated thresholds, with pricing applied to transactions or other fee events occurring within each applicable tier.
15.53 CSI shall invoice Customer monthly for fees and expenses incurred during the previous month for the Zelle Services. Customer shall be responsible for all invoicing and collection of fees from its Subscribers, as applicable.
15.54 Deconversion, conversion or termination (in whole or in part) of the Zelle Services shall be subject to and occasion CSI’s and the Zelle TPPs’ then-current termination, deconversion and file fees.
16 Digital Customer Support
16.1 Digital Customer Support Services means the customer interaction and contact center services provided by CSI’s Third-Party Provider, Glia, and integrated into the Digital Banking Services.
16.2 Subject to the terms and conditions of the Agreement, the CSI Supplemental Agreement, and these Service Terms, CSI hereby grants Customer a limited, nonexclusive, nontransferable, non-sublicensable right and license to access and use the Digital Customer Support Services during the term of the Agreement between Customer and CSI. Digital Customer Support Services may only be accessed by authorized Clients in accordance with these Service Terms. Access Credentials shall be specific to individual users and the sharing of Access Credentials and associated “seats” is not permitted. If a User is added by Customer, Customer’s obligation to pay fees for such User shall commence on the day the User is added.
16.3 If Customer is a Credit Union, the total number of members for the purpose of the billing tiers shall be based on current data published by the NCUA.
16.4 In the event that Customer exceeds allotted SMS usage thresholds in connection with the Digital Customer Support Services, CSI reserves the right to begin to charge the Customer for the additional SMS bundle upon written notice.
16.5 Unlimited usage enables each licensed User to receive an unlimited number of inbound phone calls. Part-time usage enables each licensed User to receive 1,000 inbound minutes of inbound phone calls per month, on average.
16.6 Support for Messaging Short Codes is an additional fee on top of the Standard SMS & WhatsApp Module fee.
16.7 Prices for existing Digital Customer Support Services shall be subject to revision once per calendar year. CSI may increase the fees in connection with upgrades to Digital Customer Support Services at any time upon 30 days’ advance written notice to Customer.
16.8 Subscriptions to Digital Customer Support Services are subject to a 36-month minimum term. If the Digital Customer Support Services are terminated for any reason prior to the end of the 36th month following Production Launch of the Digital Customer Support Services, then Customer will be obligated to pay a Digital Customer Support Services reconciliation fee equal to the product of (i) the contracted monthly fees for the Digital Customer Support Services as set out in the CSI Supplemental Agreement and (ii) 36 less the number of months elapsed between Production Launch of the Digital Customer Support Services and the effective date of termination. This reconciliation fee shall be in addition to and shall not limit any other termination fees and obligations, Deconversion fees, or other payments due under the Agreement, the CSI Supplemental Agreement, or these Service Terms.
16.9 Customer will not and will ensure its Users and Clients do not, directly or indirectly: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, or algorithms of the Digital Customer Support Services; (b) modify, translate or create derivative works based on any of the Digital Customer Support Services; (c) copy (except for archival purposes), rent, lease, distribute, pledge, assign or otherwise transfer or allow any lien, security interest or other encumbrance on any of the Digital Customer Support Services; (d) hack, manipulate, interfere with or disrupt the integrity or performance of or otherwise attempt to gain unauthorized access to any of the Digital Customer Support Services or their related systems, hardware or networks or any content or technology incorporated in any of the foregoing; or (e) remove or obscure any proprietary notices or labels of CSI, its Third-Party Provider or suppliers of the Digital Customer Support Services. As among Customer, CSI and its Third-Party Provider, CSI’s Third-Party Provider owns and retains all right, title and interest in and to the Digital Customer Support Services and all improvements, enhancements or modifications thereto. Further, Customer will use the Digital Customer Support Services in compliance with all applicable laws, rules and regulations and is responsible for its Users’ and Clients’ compliance with the same. CSI or its Third-Party Provider may suspend or prohibit any use of the Digital Customer Support Services if it reasonably believes Customer, or its Users or Clients may be (or alleged to be) in violation of these Service Terms or applicable law.
16.10 Each Customer owns the data or information it submits while using the Digital Customer Support Services. Notwithstanding the foregoing, Customer hereby grants to CSI (and its Third-Party Provider as a third-party beneficiary) the right and license to use such data for the limited purpose of enabling CSI and its Third-Party Provider to perform their respective obligations under the Agreement between Customer and CSI. Additionally, Customer consents to CSI’s Third-Party Provider using such data generated by Customer’s use of the Digital Customer Support Services for internal purposes, provided that such data shall be anonymized with no personally identifiable information or identification of the specific source of such data or that could reasonably be linked with a particular Customer, person or household. Customer Data shall not be sold to any third parties.
17 Orbipay
17.1 Legal Requirements means all federal, state, local, administrative laws, rules, regulations and interpretations applicable to the provision or receipt of Orbipay Services (including Privacy Laws) and further includes Network Rules, Payment Brands, and the Payment Card Industry Data Security Standard, as any or all of the foregoing may be amended, revised, or replaced from time-to-time.
17.2 Customer Materials means information Customer furnishes to CSI and the Orbipay TPP in connection with its Agreement as it relates to Orbipay.
17.3 Merchant Processing Services Terms and Conditions means the terms and conditions posted at http://www.alacriti.com/legal/merchant-terms (and any successor or related locations designated by the Third-Party Provider), as may be updated from time to time. The Merchant Processing Services Terms and Conditions are incorporated by reference into these Service Terms.
17.4 Networks means Pulse, Star, NYCE, and/or any other electronic payment network authorization, routing, processing or funds transfer system for transmitting Transactions and settlement thereof.
17.5 Orbipay Services means Services provided by the Orbipay TPP that enable Customers and Clients to present bills electronically and accept digital payments across channels (web/mobile, text/SMS, IVR/agent, etc.) and payment methods.
17.6 Orbipay TPP means Alacriti Payments LLC, together with its affiliates, and its and their successors and assigns, and its and their vendors, service providers, and suppliers.
17.7 Payment Brand means any payment method provider whose payment method is used by the Orbipay Services, including Visa U.S.A., Inc., Visa International, MasterCard International Incorporated, Discover Financial Services, Inc., American Express Travel Related Services Company Inc., and other credit and debit card providers, debit network providers, gift card, and other stored value and loyalty program providers. Payment Brand also includes the Payment Card Industry Security Standards Council.
17.8 Privacy Laws means applicable privacy laws, rules, and regulations, including industry self-regulations and the General Data Protection Regulation (if applicable).
17.9 Prohibited Categories List means the list posted at http://www.alacriti.com/legal/prohibited (and any successor or related locations designated by the Orbipay TPP), as may be updated by the Third-Party Provider from time to time. The Prohibited Categories List is incorporated by reference into these Service Terms.
17.10 Refund Policy means the terms and conditions posted at http://www.alacriti.com/legal/refund-policy (and any successor or related locations designated by the Orbipay TPP), as may be updated by the Third-Party Provider from time to time. The Refund Policy is incorporated by reference into these Service Terms.
17.11 Settlement Terms means the terms and conditions posted at http://www.alacriti.com/legal/settlement (and any successor or related locations designated by the Orbipay TPP), as may be updated by the Third-Party Provider. The Settlement Terms are incorporated by reference into these Service Terms.
17.12 Transaction means a credit, debit, ACH, or other electronic transaction processed by the Orbipay TPP on behalf of Customer or a Client, including purchases, disbursements, cash withdrawals, disputes, chargebacks, and refunds.
17.13 Transaction Data means the written or electronic record of a Transaction, including, without limitation, an authorization code or settlement record, which is submitted to the Orbipay TPP.
17.14 Customer owns all Customer Materials. Customer warrants that it has obtained all right, consent, and authority necessary for the Orbipay TPP to use the Customer Materials as set forth in this Section of the Service Terms. Customer grants the Orbipay TPP and its service providers a worldwide, royalty-free, non-exclusive, nontransferable (except as part of a permitted transfer of these Service Terms) license during the term of the Agreement to use, copy, and create derivative works of the Customer Materials to provide the Orbipay Services.
17.15 Customer represents and warrants that all information it provides in connection with the Orbipay Services shall be accurate and complete, and Customer will provide CSI and the Orbipay TPP with timely written notice of any changes to such information.
17.16 Customer will ensure that it delivers its products and services to Clients in accordance with applicable Privacy Laws. To the extent that Customer provides the Orbipay TPP with any information about Clients or Users, Customer shall obtain all consents necessary from such Clients and Users to provide such information to the Orbipay TPP and for the Orbipay TPP to process such information to provide Orbipay Services.
17.17 Customer acknowledges that the Orbipay TPP will continuously monitor Customer’s use of the Orbipay Services for the purpose of identifying suspicious activity, to prevent, detect and deter fraud and abuse of the Orbipay Services, and to protect the integrity of its systems and business. Customer further acknowledges that as a result of such monitoring the Orbipay TPP may require additional due diligence (including information on the Customer’s products and services, Customer financial statements, and additional information on Clients and Users) with respect to Customer to ensure Customer continues to be eligible for the Orbipay Services. The Orbipay TPP may suspend or terminate the Orbipay Services immediately and may withhold amounts owed to Customer in the event that: (a) Customer becomes ineligible for the Orbipay Services, (b) CSI’s Orbipay Third-Party Provider reasonably suspects Customer has violated Legal Requirements, or (c) Customer does not furnish the requested information in a timely manner.
17.18 Customer authorizes the Orbipay TPP (or its affiliate or agent) to request a credit report on Customer or Clients from a credit reporting agency. In accordance with the U.S. Fair Credit Reporting Act, any consumer report(s) will be used to review the Client’s account to determine whether Client continues to meet the terms and conditions related to the Orbipay Services. The Orbipay TPP reserves the right to terminate, suspend, or limit access to the Orbipay Services based upon the Orbipay TPP’s review of such consumer report(s), and/or in the event the Orbipay TPP is unable to obtain or verify any of a Client’s information. In the event that Customer’s access to the Orbipay Services are so terminated, suspended, or limited based upon information contained in a consumer report, CSI’s Orbipay Third-Party Provider will notify Customer in accordance with Legal Requirements.
17.19 CSI or the Orbipay TPP may terminate the Orbipay Services immediately upon written notice if: (a) it reasonably appears to CSI or the Orbipay TPP that the Orbipay Services are being used by Customer or Users for inappropriate, illegal, or improper purposes or that to continue to provide the Orbipay Services to Customer or Users would present an unacceptable business risk to CSI or the Orbipay TPP; or (b) if information supplied by Customer or a User is false, inaccurate or incomplete.
17.20 UNDER NO CIRCUMSTANCES WILL ONE OR MORE OF CSI OR THE ORBIPAY TPP BE LIABLE TO CUSTOMER, A CLIENT, A USER, OR ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING PERSONAL INJURY, PROPERTY DAMAGE, DAMAGE TO OR LOSS OF EQUIPMENT, LOST PROFITS OR REVENUE, ARISING FROM OR RELATED TO THE ORBIPAY SERVICES OR THE SUBJECT MATTER OF THESE SERVICE TERMS, EVEN IF ONE OR MORE OF THE PARTIES HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ANY FINES, FEES, PENALTIES OR ASSESSMENTS IMPOSED BY A THIRD PARTY RELATED TO ACCEPTANCE OF PAYMENT INSTRUMENTS ARE CONSEQUENTIAL DAMAGES.
17.21 SUBJECT TO THE EXCEPTIONS SET FORTH IN THE REMAINDER OF THIS SECTION, THE CUMULATIVE LIABILITY OF CSI AND THE ORBIPAY TPP, IN THE AGGREGATE, ARISING FROM OR RELATED TO THE ORBIPAY SERVICES AND THE SUBJECT MATTER OF THESE SERVICE TERMS FOR ANY CAUSE WHATSOEVER, REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION, WHETHER BASED IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, SHALL NOT EXCEED THE AGGREGATE FEES PAID BY CUSTOMER TO CSI UNDER THE AGREEMENT IN THE 6 MONTHS IMMEDIATELY PRECEDING THE OCCURRENCE OF THE EVENT GIVING RISE TO THE CLAIM. Neither CSI nor the Orbipay TPP will be liable for the acts or omissions of the Customer, Client, or User or any other person or entity, including any clearing house association or processor, any funds transfer system, the Federal Reserve Bank, any other financial institution or any supplier, and no such person or entity will be deemed an agent of any of CSI or the Orbipay TPP. Neither CSI nor the Orbipay TPP are responsible for detecting any errors in the information provided by Customer, Client, or User. Customer understands and agrees that any form of Client or User documentation or disclosures provided to Customer by CSI or the Orbipay TPP in connection with the Orbipay Services are provided solely as a courtesy and neither CSI nor the Orbipay TPPs make any representation or warranty regarding the sufficiency or accuracy of such documentation or disclosures, including whether or not such documentation or disclosures comply with Legal Requirements. The limitations on liability, waivers, indemnities, and other terms and conditions in these Service Terms are business understandings between the parties and apply to all legal theories of recovery, including breach of contract or warranty, breach of fiduciary duty, tort (including negligence), strict or statutory liability, or any other cause of action, provided that these limitations on liability, waivers and indemnities, and other terms and conditions will not apply to any losses or damages that are found by a trier of fact to have been caused by the Orbipay TPP’s gross negligence or willful misconduct.
17.22 Customer shall indemnify and defend the Orbipay TPP from and against any and all third-party claims, demands, or actions against any of the foregoing arising from: (a) Customer’s breach of the Agreement, the CSI Supplemental Agreement, these Service Terms, or Legal Requirements; (b) claims by Clients or Users relating to the Orbipay Services unless and except to the extent caused by the Orbipay TPP’s gross negligence or willful misconduct; (c) information, instructions or data provided by Customer, Client, or User or potential User to the Orbipay TPP; (d) claims by Customer’s third-party service providers, including gateways, systems, banks, issuers, and card processors, other than claims related to the Orbipay TPP’s gross negligence or willful misconduct; (e) Customer failure to comply with all the Orbipay TPP’s guidelines, directives, policies, practices, rules and procedures made available to Customer, Client, or User; or (f) chargebacks and other processing losses, including any returns, such as those caused by Customer’s or a Client’s or User’s error or incorrect information supplied by Customer, Client, or User, insufficient funds in Customer’s or a Client’s account, a closed Client account, and/or failure timely to notify the Orbipay TPP of changes in Customer’s, Client’s, or User’s account (collectively, (a) through (f), Claims). In addition, Customer shall indemnify and hold harmless the Orbipay TPP from and against all liabilities, losses, fines, costs, expenses (including reasonable attorneys’ fees), damages, awards, settlements, and penalties relating to those Claims. Sections 17.20, 17.21, and 17.22 shall survive termination or expiration of the Agreement.
17.23 Customer acknowledges that settlement of Transactions will occur as set forth in the Settlement Terms. Customer and Clients shall not use the Orbipay Services to send or receive payments relating to any of the prohibited categories set forth on the Prohibited Categories List. CSI or the Orbipay TPP may terminate the Orbipay Services upon five (5) days prior written notice if Customer has failed to maintain the Minimum Balance required by the Settlement Terms.
17.24 The Orbipay TPP may send documents to Customer and tax authorities for Transactions processed using the Orbipay Services. Specifically, pursuant to Legal Requirements (including the Internal Revenue Code), the Orbipay TPP may be required to file periodic informational returns with taxing authorities in relation to Customer’s and its Clients’ use of the Orbipay Services.
17.25 Termination of the Orbipay Services does not affect the parties’ respective rights and obligations under these Service Terms as to Transaction Data submitted before termination or expiration. If Customer submits Transaction Data to Orbipay TPP after the date of termination or expiration, the Orbipay TPP may, at its sole discretion and without waiving any of its rights or remedies under these Service Terms, process such Transaction Data in accordance with and subject to these Service Terms.
17.26 CSI or the Orbipay TPP may provide Customer with third-party hardware, software, or systems, such as “point of sale” systems, that facilitate the transmission of Transactions (POS Systems). Customer acknowledges and agrees that the provision of POS Systems is only as a convenience, and neither CSI nor the Orbipay TPPs will be liable for any POS System or the acts or omissions of the third-party provider of any POS System.
17.27 Upon notice of termination of the Orbipay Services, the Orbipay TPP may estimate the aggregate dollar amount of chargebacks, ACH returns and other obligations, liabilities and expenses that the Orbipay TPP reasonably anticipates subsequent to termination, and Customer agrees to immediately deposit such amount in Customer’s Settlement Account. Where possible, the Orbipay TPP will first attempt to collect or set-off amounts owed to it and to its affiliates from the Settlement Account or from funds that Customer holds in reserve. Customer shall maintain an active business bank account (“Account”) and ensure such Account has, throughout the term of Orbipay Services, sufficient cleared funds to meet its obligations under these Service Terms. Customer irrevocably authorizes Orbipay TPP to debit and/or credit the Account via ACH to settle any and all fees and other amounts due to Orbipay TPP under these Service Terms. In addition, the Orbipay TPP may collect any amounts Customer owes under the Agreement with CSI by deducting or setting-off amounts that are owed to the Customer. Customer grants CSI and the Orbipay TPP a lien and security interest in all funds for Transactions that the Orbipay TPP processes for Customer, including funds that CSI’s Orbipay Third-Party Provider deposits into the Settlement Account and Customer-Funding Account, as well as funds held in any other bank accounts to which such Transaction funds are deposited or transferred. This means that if Customer has not paid funds that Customer owes to CSI, the Orbipay TPP, or Users, then CSI and the Orbipay TPP have a right superior to the rights of any of Customer’s other creditors to seize or withhold funds owed for Transactions processed through the Orbipay Services, and to debit or withdraw funds from any bank account associated with Customer’s Orbipay Services account (including the Settlement Account and Customer-Funding Account). Upon CSI’s or the Orbipay TPP’s request, Customer will execute and deliver any documents and pay any associated fees the Orbipay TPP considers necessary to create, perfect, and maintain a security interest in such funds (such as the filing of a form UCC-1).
17.28 Customer acknowledges that CSI or the Orbipay TPP may also charge Users fees in order to use the Orbipay Services. CSI or the Orbipay TPP is responsible for disclosing any such fees to the User.
17.29 Customer will maintain books and records relating to its compliance with these Service Terms and Legal Requirements (Records) during the term of its subscription to the Orbipay Services and for a period of 6 years thereafter. Customer shall ensure that its Records contain all Transaction Data processed through the Orbipay Services. Customer agrees to allow the Orbipay TPP (or its designee) reasonable access to Customer’s facilities and Records, and will use commercially reasonable efforts to obtain for Orbipay TPP the right of access for such Records which are not in Customer’s possession, as the case may be, as is reasonably necessary for the Orbipay TPP to audit Customer’s compliance with Legal Requirements and these Service Terms. Except where the Orbipay TPP or its designee discovered a deficiency or violation during an immediately preceding audit or have a reasonable and good faith belief of a material change to Customer’s business or operations, the Orbipay TPP may not perform an audit of Customer more than once in any calendar year. If any audit results in a conclusion that Customer is not in compliance with Legal Requirements or these Service Terms, or results in the identification of any control deficiency or other error or deficiency that could reasonably be expected to have an adverse impact on the Orbipay Services, then Customer shall take immediate steps consistent with reasonable commercial practices to correct the noncompliance, error, or deficiency.
17.30 In order for the Orbipay TPP to comply with anti-terrorism, financial services, and other Legal Requirements and regulations, Know Your End User (KYC) obligations, and requirements imposed by the Payment Brands, Customer must provide the Orbipay TPP with information about itself, its shareholders, its activities, and its products and services. Customer warrants that all information it provides the Orbipay TPP is true, correct and up to date, and Customer acknowledges that the Orbipay TPP is relying upon such information in establishing these Service Terms and in providing the Orbipay Services. Customer authorizes the Orbipay TPP to verify the information provided by Customer. CSI’s Orbipay Third-Party Provider may use this information to perform User due diligence, identity verification, and various underwriting, fraud and risk reviews.
17.31 Prior to using the Orbipay Services to process Transactions via Payment Cards, Customer must execute an acknowledgement of the processing instructions and guidelines required by the Orbipay TPP payment processor, in the form set forth at https://www.alacriti.com/legal/Fiserv-Sub-Merchant-Processing-Agreement (Processor Agreement) and also comply with the Merchant Processing Services Terms and Conditions. Customer agrees that: (i) the Orbipay TPP is an intended third-party beneficiary of the Processor Agreement and entitled to all of its benefits; and (ii) the Orbipay TPP payment processor is an intended third-party beneficiary to this Section 17 of the Service Terms and entitled to all of its benefits.
17.32 The Orbipay TPP reserves the right to refuse to process any Transaction made subject to a refund policy of which the Orbipay TPP has not been notified in advance. Customer’s refund policy must comply with the Refund Policy.
17.32 The Orbipay TPP may terminate the Orbipay Services immediately upon written notice if: (i) Customer or any person owning or controlling Customer’s business is or becomes listed in the MATCH file (Member Alert to Control High-Risk Merchants) maintained by Visa and MasterCard; (ii) any Payment Brand notifies the Orbipay TPP that it is no longer willing to accept Customer’s Transaction Data; or (iii) there exists any circumstances that create or could tend to create harm or loss to the goodwill to any Payment Brand or the Orbipay TPP.
17.33 Customer’s use of the Orbipay Services must comply with the Payment Card Industry Data Security Standards (PCI-DSS) and, if applicable to Customer’s business, the Payment Application Data Security Standards (PA-DSS) (collectively, the PCI Standards). The PCI Standards include requirements to maintain materials or records that contains payment card or Transaction data in a safe and secure manner with access limited to authorized personnel. The specific steps Customer will need to take to comply with the PCI Standards will depend on Customer’s implementation of the Orbipay Services. Customer will promptly provide CSI, or any applicable third party, with documentation demonstrating Customer’s compliance with the PCI Standards, upon request. If Customer does not provide documentation sufficient to satisfy CSI or the Orbipay TPP or the relevant third party, that Customer is compliant with the PCI Standards, then CSI, the Orbipay TPP, and any applicable third party, may access Customer’s business premises on reasonable notice to verify Customer’s compliance with the PCI Standards. If Customer does not comply with the PCI Standards, or if CSI, the Orbipay TPP or any applicable third party is unable to verify Customer’s compliance with the PCI Standards, CSI or the Orbipay TPP may suspend access to the Orbipay Services or terminate the Orbipay Services. If Customer intends to use a third-party service provider to store or transmit Transaction Data, then Customer must not share any data with the service provider until Customer verifies that the third party holds sufficient certifications under the PCI Standards, and notify CSI and the Orbipay TPP of Customer’s intention to share Transaction Data with the service provider. Further, Customer agrees to never store or hold any “Sensitive Authentication Data”, as defined by the PCI Standards (including CVC or CVV2), at any time. Customer will reimburse CSI and the Orbipay TPP, as the case may be, for all fines, penalties, fees, and other costs associated with Customer’s failure to comply with this clause, promptly after request. Such request will include reasonable detail regarding the amounts owed.
17.34 CSI may increase the fees related to processing card Transactions, to take into account increases in the underlying costs associated with processing such Transactions (for example, an increase in the fees charged to CSI or the Orbipay TPP by the Networks). CSI will use commercially reasonable efforts to give Customer notice of such increase promptly after becoming aware of the corresponding increase in underlying costs.
17.35 The Orbipay Services are on minimum recurring subscriptions of 12-months commencing on the date of the Customer’s Production launch of Orbipay Services (or Deemed Accepted date, as applicable). In the event that the Orbipay Services conclude for any reason prior to the Subscription Term specified in the CSI Supplemental Agreement or prior to completion of the applicable 12-month renewal cycle, then Customer will be obligated to pay the monthly equivalent of the Orbipay Services for the remainder of the then-current term or 12-month renewal cycle. This Orbipay Services reconciliation fee from CSI shall be in addition to and shall not limit any other termination obligations, deconversion fees or other payments due under the Agreement or the CSI Supplemental Agreement.
18 Digital Account Opening
18.1 Applicant means an individual User who uses the DAO Services to apply to open a banking account with Customer or otherwise apply for the purchase of a product or service from Customer.
18.2 Consumer Data means identifying information pertaining to an individual, such as name, address, date of birth, or social security number, and KBAs, provided directly or indirectly by CSI, its Third-Party Provider or its data providers in connection with Verification Services.
18.3 DAO Services means the subset of Digital Banking Services which enable origination of deposit accounts and the administration of deposit account applications.
18.4 Mobile Applicant Data means any information about persons or entities that CSI and/or its Third-Party Providers and their data providers receive or derive in any manner from a Mobile Network Operator. Mobile Applicant Data includes, without limitation, names, addresses, telephone numbers, electronic addresses, social security numbers, customer proprietary network information, location information, handset identifiers, account information, and any other information that either alone, or in combination with other data could provide information specific to a particular person.
18.5 Mobile Network Operator means a provider of wireless communications services that owns or controls all the elements necessary to sell and deliver wireless communication services to a Subscriber.
18.6 Mobile Services means Verification Services that utilize Mobile Applicant Data.
18.7 Verification Services means those features and functions of the DAO Services through which Customer may verify the age or identity of an Applicant.
18.8 Customer may use the DAO Services solely for Customer’s legitimate internal business purposes. Customer shall not use the DAO Services, the associated APIs, or data received from CSI or its Third-Party Providers for any marketing purposes, personal purposes, or to provide data processing services for third parties. Further, Customer shall not resell the DAO Services, the associated APIs, or data received from CSI or its Third-Party Providers to any third parties. The DAO Services may not be used from IP addresses outside of the United States. If CSI reasonably determines that Customer’s or an Applicant’s use of or access to the DAO Services presents a security risk or is in violation of the Agreement, the CSI Supplemental Agreement, or the Service Terms, then CSI may suspend, restrict, or terminate provision of the DAO Services.
18.9 The standard consumer/retail deployment of the DAO Services includes: (i) white-label user interface themed for Customer; (ii) Verification Services leveraging CSI’s standard third-party integration; (iii) account funding and ACH generation functionality leveraging CSI’s third-party integrations; and (iv) standard Applicant consent and document capture functionality and workflows.
18.10 Customer agrees that the Verification Services may only be used for the following use cases: (a) verifying the identity or age of an Applicant, via identity verification requests that are authorized by the Applicant and occur in the normal course of business; and (b) if verification information submitted to CSI using the Verification Services is incorrect, the Verification Services may only be used to obtain correct information provided by the Verification Services and such information may only be used for the purpose of preventing fraud by, or pursuing legal remedies against, or recovering on a debt or security interest against, the Applicant.
18.11 Customer agrees that it will not use Verification Services (a) for any “permissible purpose” under the Fair Credit Reporting Act (FCRA) (15 U.S.C. Sec. 1681 et seq) or use any of the information it receives via the Verification Services to take any “adverse action”, as that term is defined in the FCRA; (b) in violation of the provisions of and regulations pursuant to the Driver’s Privacy Protection Act (18 U.S.C. Section 2721 et seq.); (c) other than pursuant to an exception of the privacy provisions of and regulations issued pursuant to the Gramm-Leach-Bliley Act (15 U.S.C. Sec. 6801 et seq); or (d) in violation of such other future legislation that CSI reasonably determines limits the use of the Verification Services.
18.12 Customer’s collection of information from Applicants in connection with use of the Verification Services shall be subject to authorization by the Applicant for the use in the normal course of business submitted by the individual to the business and, if the submitted information is incorrect, to obtain correct information, but only for the purpose of preventing fraud by, or pursuing legal remedies against, or recovering on a debt or security interest against, the individual. 18 U.S.C. § 2721 (b)(3).
18.13 Customer agrees that Mobile Services may only be used for the following use cases: (a) login and access management authentication; (b) performing identity and age verifications; and/or (c) performing step-up decisioning. Customer agrees that it will not use the Mobile Services to access a mobile phone number provided by the Mobile Services for the purpose of marketing for telecom services (per the 2007 FCC CPNI Order), or for any other marketing purpose unrelated to the banking relationship established through the DAO Services. Applications involving Mobile Services will require and be subject to the Applicant’s agreement and consent to the special conditions set out in Part II of these Service Terms.
18.14 Customer will take reasonable steps to ensure that access to administrative features and functions of the Verification Services will be restricted to those of Customer’s employees or agents who are engaged in the verification process and to ensure that its employees and agents will not utilize such access for personal reasons. Those steps will include limiting access to Access Credentials or other confidential information to employees a need-to-know in connection with the verification process. Access Credentials must be changed at least every 90 days or sooner if an employee or agent who has utilized a password is no longer responsible for obtaining such access, or if Customer suspects an unauthorized person or entity has compromised the Access Credentials. Customer immediately will notify CSI if Customer knows of or suspects unauthorized access to the Verification Services or IDology Services.
18.15 During the term of Customer’s subscription for DAO Services and for a reasonable period after expiration thereof, CSI an its Third-Party Providers shall have the right at its expense to reasonably audit, directly and through its independent auditors, Customer’s compliance with these Service Terms. Upon written request, CSI or its Third-Party Providers may audit Customer once per year as described below, provided that additional audits may be required upon reasonable suspicion or evidence of Customer’s violation of these Service Terms. Such audits may be conducted during normal business hours upon at least 10 business days prior written notice of intent to audit and in a manner that is not materially disruptive to Customer’s business operations. Additionally, Customer may be asked to provide a written attestation that its use of the Verification Services and IDology Services comply with these Service Terms. The parties will reasonably cooperate to remedy the root cause of the non-compliance, which remedy may include suspension of the IDology Services. In the event non-compliance with these Service Terms is discovered, subsequent audits may be required to confirm remediation and Customer’s ongoing compliance.
18.16 Customer shall comply with any CSI or other third-party data provider requests to verify compliance with these Service Terms. Customer will promptly notify CSI if Customer learns of confirmed unauthorized access to or use of the DAO Services in violation of these Service Terms.
18.17 Customer acknowledges that, in connection with the DAO Services, CSI obtains consumer and other data from third party sources, whose data is not necessarily accurate or complete. Customer accepts all data “AS IS” and “WITH ALL FAULTS” and neither CSI nor its Third-Party Providers will be responsible for data accuracy, integrity or completeness or errors contained in data obtained from third party sources.
18.18 IDology Services
18.18.1 IDology, Inc., is CSI’s Third-Party Provider for certain aspects of Verification Services, including the ExpectID® Services and other IDology products and services (IDology Services). IDology retains all right, title, and in interest in the IDology Services, including all updates, and upgrades to the IDology Services, documentation, databases, including all physical copies of them, and IDology systems and processes. Customer acquires no intellectual property rights or interests in connection with the IDology Services pursuant to the Agreement, the CSI Supplemental Agreement, or the Service Terms. Customer will not, directly or indirectly, reproduce, retransmit, republish, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code or other trade secrets from any of the intellectual property associated with the IDology Services. The IDology Services are provided on an AS IS basis without warranty of any kind. CSI and IDology expressly disclaim any and all implied warranties in connection with the IDology Services.
18.18.2 With respect to IDology Services that include use of knowledge-based authentication prompts (KBAs), CSI and Customer are authorized to transmit (a) KBAs and “result codes” to Customer; and (b) KBAs to Customer’s Applicant in connection with verification of the Applicant. Customer may not use the information gathered through the IDology Services for marketing purposes. Customer shall not transmit or disclose any Consumer Data received via the IDology Services other than KBAs. The IDology System permits configuration of question and answer sets based on available IDology settings and availability of information from (a) IDology’s third party data providers (e.g. information based on driver records, credit report headers, relationship, or geography/location), or (b) information provided by CSI (e.g. an individual’s maiden name or account information).
18.19 Middesk Services
18.19.1 CSI’s Third-Party Provider Middesk, Inc., (Middesk) provides Verification Services supporting DAO Services which enable origination of commercial/business deposit accounts (Middesk Services).
18.19.2 Customer will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Middesk Services or any software, documentation or data related to the Middesk Services (MDSoftware); modify, translate, or create derivative works based on the Middesk Services or any MDSoftware; use the Middesk Services or any MDSoftware for timesharing or service bureau purposes or otherwise for the benefit of a third party; or remove any proprietary notices or labels.
18.19.3 Customer may not remove or export from the United States or allow the export or re-export of the Middesk Services, MDSoftware or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the MDSoftware and documentation are “commercial items” and according to DFAR section 252.2277014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by Section 18 of the Service Terms and is prohibited.
18.19.4 Customer represents, covenants, and warrants that Customer will use the Middesk Services only in compliance with the Service Terms and, as applicable, the Terms of Service and Privacy Policy which can be found at www.middesk.com (collectively, the Middesk Policies) and applicable law and regulations. Customer hereby agrees to indemnify and hold harmless Middesk against any damages, losses, liabilities, settlements, and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation of the foregoing or otherwise from Customer’s use of Middesk Services or MDSoftware. Although Middesk has no obligation to monitor Customer’s use of the Middesk Services, Middesk may do so and may prohibit any use of the Middesk Services it believes may be (or alleged to be) in violation of the foregoing.
18.19.5 Proprietary Information of Middesk includes non-public information regarding features, functionality and performance of the Middesk Services. Customer agrees: (i) to take reasonable strict precautions to protect such Proprietary Information, and (ii) not to use (except for its own internal business purposes) or divulge to any third person any such Proprietary Information. Customer may disclose Proprietary Information in response to a valid order of a court or other governmental body or as otherwise required by law to be disclosed; provided that, Customer gives Middesk sufficient notice to enable the Middesk to take protective measures, and/or in any event only discloses the exact Proprietary Information, or portion thereof, specifically requested. Middesk shall own and retain all right, title and interest in and to (a) the Middesk Services and MDSoftware, all improvements, enhancements or modifications thereto, Proprietary Information, and (b) all intellectual property rights related to any of the foregoing.
18.19.6 Notwithstanding anything to the contrary, Middesk shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Middesk Services and related systems and technologies (including, without limitation, search input data, information concerning Customer’s use of the Middesk Services, and data derived therefrom), and Middesk will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Middesk Services and for other development, diagnostic and corrective purposes in connection with the Middesk Services and other Middesk offerings, and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein.
18.19.7 Middesk Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Middesk or by its third-party providers, or because of other causes beyond Middesk’s reasonable control. NEITHER CSI NOR MIDDESK WARRANT THAT THE MIDDESK SERVICES OR MDSOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE MIDDESK SERVICES OR MDSOFTWARE. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE MIDDESK SERVICES AND MDSOFTWARE ARE PROVIDED “AS IS” AND MIDDESK DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
18.19.8 IN NO EVENT WILL MIDDESK’S AGGREGATE LIABILITY AND DAMAGES ARISING IN CONNECTION WITH THE MIDDESK EXCEED THE AMOUNTS CUSTOMER ACTUALLY PAID TO MIDDESK (THROUGH CSI) DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE DATE OF THE CLAIM. THE LIMITATIONS AND DISCLAIMERS OF LIABILITY SET FORTH IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS SECTION 18.19 IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE AND REGARDLESS OF THE THEORY OF LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR BODILY INJURY OF A PERSON, MIDDESK AND ITS SUPPLIERS (INCLUDING BUT NOT LIMITED TO ALL EQUIPMENT AND TECHNOLOGY SUPPLIERS), OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL NOT BE RESPONSIBLE OR LIABLE TO CUSTOMER WITH RESPECT TO ANY SUBJECT MATTER OF THIS SECTION 18.19 OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: (A) FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OR CORRUPTION OF DATA OR INFORMATION OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY OR LOSS OF BUSINESS; (B) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, PUNITIVE, RELIANCE, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (C) FOR ANY MATTER BEYOND MIDDESK’S REASONABLE CONTROL; OR (D) FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES PAID BY CUSTOMER TO CSI FOR THE MIDDESK SERVICES IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY, IN EACH CASE, WHETHER OR NOT MIDDESK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
18.19.9 Middesk, Inc. is an intended third-party beneficiary of Section 18.19 of the Service Terms.
18.19.10 If any provision of this Section 18.19 is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Section 18.19 will otherwise remain in full force and effect and enforceable. These Service Terms are not assignable, transferable or sublicensable by Customer except with Middesk’s prior written consent. Middesk may transfer and assign any of its rights and obligations under these Service Terms without Customer’s consent. This Section 18.19 is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of MDSoftware or Middesk Services. No agency, partnership, joint venture, or employment is created as a result of this Section 18.19 and Customer does not have any authority of any kind to bind Middesk in any respect whatsoever. In any action or proceeding to enforce rights under these Service Terms, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under these Service Terms will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Section 18.19 shall be governed by the laws of the State of New York without regard to its conflict of laws provisions.
18.20 Footprint Verification Services
18.20.1 One Footprint, Inc. (Footprint) is an optional Third-Party Provider for certain Verification Services associated with the DAO Services (Footprint Services). Customer agrees that its access to and use of the Footprint Services are subject to the Footprint Terms of Service available at https://www.onefootprint.com/terms-ofservice and the Footprint Privacy Policy available at https://www.onefootprint.com/privacy-policy as well as the applicable downstream vendor’s Service Terms for Experian, LexisNexis and Incode. From time to time, the Footprint downstream vendors may require changes to their respective downstream Service Terms. After receiving notification of a change to the applicable downstream vendor Service Terms, Customer will be notified of such changes in writing, including by notification on or through the Footprint Service. Customer is solely responsible for complying with all applicable Footprint downstream vendor Service Terms.
18.20.2 Experian Downstream Vendor Terms
(i) For purposes of this sub-Section, Customer Information means highly sensitive information whether property of Customer or a consumer reporting agency (e.g., Experian) and provided to a customer of Customer, which includes, by way of example and not limitation, data, databases, application software, software documentation, supporting process documents, operation process and procedures documentation, test plans, test cases, test scenarios, cyber incident reports, consumer information, financial records, employee records, and information about potential acquisitions, and such other information that is similar in nature or as mutually agreed in writing, the disclosure, alteration or destruction of which would cause serious damage to Experian’s reputation, valuation, and / or provide a competitive disadvantage to Experian or upstream consumer reporting agencies. Resource means all Customer devices, including but not limited to laptops, PCs, routers, servers, and other computer systems that store, process, transfer, transmit, deliver, or otherwise access the Customer Information.
(ii) Customer hereby certifies that it implements and maintains a comprehensive information security program written in one or more readily accessible parts that contains administrative, technical, and physical safeguards that are appropriate to the Customer’s size and complexity, the nature and scope of its activities, and the sensitivity of the information provided to the Customer by Footprint; and that such safeguards shall include the elements set forth in 16 C.F.R. § 314.4 and shall be reasonably designed to:
(a) ensure the security and confidentiality of the information provided by Customer;
(b) protect against any anticipated threats or hazards to the security or integrity of such information, and
(c) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer.
(iii) Customer shall have Information Security policies and procedures in place that are consistent with the practices described in an industry standard, such as ISO 27002 and / or this Security Requirements document.
(iv) Firewalls, routers, servers, PCs, and all other resources managed by Customer (including physical, on-premise or cloud hosted infrastructure) will be kept current with appropriate security specific system patches. Customer will perform regular penetration tests to further assess the security of systems and resources. Customer will use end-point computer malware detection / scanning services and procedures.
(v) Logging mechanisms will be in place sufficient to identify security incidents, establish individual accountability, and reconstruct events. Audit logs will be retained in a protected state (i.e., encrypted, or locked) with a process for periodic review.
(vi) Customer will use security measures, including anti-virus software, to protect communications systems and networks device to reduce the risk of infiltration, hacking, access penetration by, or exposure to, an unauthorized third-party.
(vii) Customer will use security measures, including encryption, to protect Footprint provided data in storage and in transit to reduce the risk of exposure to unauthorized parties.
(viii) All remote access connections to Customer internal networks and / or computer systems will require authorization with access control at the point of entry using multifactor authentication. Such access will use secure channels, such as a Virtual Private Network (VPN).
(ix) Processes and procedures will be established for responding to security violations and unusual or suspicious events and incidents. Customer will report actual or suspected security violations or incidents that may affect Customer to CSI and Experian within twenty-four (24) hours of Customer’s confirmation of such violation or incident.
(x) Each user of any Resource will have a uniquely assigned user ID to enable individual authentication and accountability. Access to privileged accounts will be restricted to those people who administer the Resource and individual accountability will be maintained. All default passwords (such as those from hardware or software vendors) will be changed immediately upon receipt.
(xi) All passwords will remain confidential and use ‘strong’ passwords that expire after a maximum of 90 calendar days. Accounts will automatically lockout after five (5) consecutive failed login attempts.
(xii) Customer shall require all Customer personnel to participate in information security training and awareness sessions at least annually and establish proof of learning for all personnel.
(xiii) Customer shall be subject to remote and / or onsite assessments of its information security controls and compliance with these Security Requirements.
(xiv) The security requirements included in this sub-Section represent the minimum security requirements acceptable to Experian and are intended to ensure that Customer has appropriate controls in place to protect information and systems, including any information that it receives, processes, transfers, transmits, stores, delivers, and/or otherwise accesses on behalf of Footprint. Customer certifies that they have read and understand the “GLB Exception Requirements” notice and “Experian Security Requirements” and will take all reasonable measures to enforce them within their facility. They also certify that they will not resell the report to any third party. Customer shall explain their information-sharing practices to their customers and to safeguard sensitive data.
(xv) Customer shall acknowledge that many services containing Experian information also contain information from the Death Master File as issued by the Social Security Administration; certify pursuant to Section 203 of the Bipartisan Budget Act of 2013 and 15 C.F.R. § 1110.102 that, consistent with its applicable FCRA or GLB use of Experian information, the client’s use of deceased flags or other indicia within the Experian information is restricted to legitimate fraud prevention or business purposes in Indirect Sales Channel Page 4 of 10 Copyright © 2022 Experian. All rights reserved. July 1, 2022 ENA2000E-A05 Policy Attachment 5 Rev. 1.8 compliance with applicable laws, rules regulations, or fiduciary duty, as such business purposes are interpreted under 15 C.F.R. § 1110.102(a)(1); and certify that the client will not take any adverse action against any consumer without further investigation to verify the information from the deceased flags or other indicia within the Experian information.
18.20.3 LexisNexis Downstream Vendor Terms
(i) Authorized User shall mean an employee or contractor whom Customer has authorized to use the Footprint Services. Use means use of and/or access to the Footprint Services in accordance with the Agreement, the CSI Supplemental Agreement, and the Service Terms and the Documentation. Documentation means the operator and user manuals, marketing, technical documentation, training materials, guides, functional and technical specifications, minimum system configuration requirements, compatible device and hardware list and other similar materials in hard copy or electronic form if and as provided by Footprint to CSI or Customer (including any revised versions thereof) relating to the Footprint Services, Footprint API or the Footprint SDK, as may be updated from time to time.
(ii) Footprint hereby grants to Customer a restricted license to use the Footprint Services solely for Customer’s own internal business purposes. Customer represents and warrants that all of Customer’s use of the Footprint Services shall be for only legitimate business purposes, including those specified by Customer in connection with a specific information request, relating to its business and as otherwise governed by the Agreement. Customer shall not use the Footprint Services for marketing purposes or resell or broker the Footprint Services to any third party and shall not use the Footprint Services for personal (non-business) purposes. Customer shall not use the Footprint Services to provide data processing services to third-parties or evaluate the data of or for third-parties. Customer agrees that if Footprint determines or reasonably suspects that continued provision of Footprint Services to Customer entails a potential security risk, or that Customer is engaging in marketing activities, reselling, brokering or processing or evaluating the data of or for third-parties, or using the Footprint Services for personal (non-business) purposes or using the Footprint Services’ information, programs, computer applications, or data, or is otherwise violating any provision of this Agreement, or any of the laws, regulations, or rules described herein, Footprint may take immediate action, including, without limitation, terminating the delivery of, and the license to use, the Footprint Services. Customer shall not access the Footprint Services from Internet Protocol addresses located outside of the United States and its territories without Footprint’s prior written approval. Customer may not use the Footprint Services to create a competing product. Customer shall comply with all laws, regulations and rules which govern the use of the Footprint Services and information provided therein. Footprint may at any time mask or cease to provide Customer access to any Footprint Services or portions thereof which Footprint may deem, in Footprint’s sole discretion, to be sensitive or restricted information.
(iii) Some of the information contained in the Footprint Services is “nonpublic personal information,” as defined in the Gramm-Leach-Bliley Act (15 U.S.C. § 6801, et seq.) and related state laws, (collectively, the GLBA), and is regulated by the GLBA (GLBA Data). Customer shall not obtain and/or use GLBA Data through the Footprint Services, in any manner that would violate the GLBA, or any similar state or local laws, regulations and rules. Customer acknowledges and agrees that it may be required to certify its permissible use of GLBA Data falling within an exception set forth in the GLBA at the time it requests information in connection with certain One Footprint Inc. Services and will recertify upon request by One Footprint Inc.. Customer certifies with respect to GLBA Data received through the One Footprint Inc. Services that it complies with the Interagency Standards for Safeguarding Customer Information issued pursuant to the GLBA.
(iv) Some of the information contained in the Footprint Services is “personal information,” as defined in the Drivers Privacy Protection Act (18 U.S.C. § 2721, et seq.) and related state laws, (collectively, the DPPA), and is regulated by the DPPA (DPPA Data). Customer shall not obtain and/or use DPPA Data through the Footprint Services in any manner that would violate the DPPA. Customer acknowledges and agrees that it may be required to certify its permissible use of DPPA Data at the time it requests information in connection with certain Footprint Services and will recertify upon request by Footprint.
(v) Footprint may in its sole discretion permit Customer to access sensitive personal identifiers such as full Social Security numbers or drivers license numbers (QA Data). If Customer is authorized by Footprint to receive QA Data, and Customer obtains QA Data through the Footprint Services, Customer certifies it will not use the QA Data for any purpose other than as expressly authorized by Footprint policies, the terms and conditions herein, and applicable laws and regulations. In addition to the restrictions on distribution otherwise set forth these Service Terms, Customer agrees that it will not permit QA Data obtained through the Footprint Services to be used by an employee or contractor that is not an Authorized User with an authorized Use. Customer agrees it will certify, in writing, its uses for QA Data and recertify upon request by Footprint. Customer may not, to the extent permitted by the terms of this Agreement, transfer QA Data via email or ftp without Footprint prior written consent. However, Customer shall be permitted to transfer such information so long as: 1) a secured method (for example, sftp) is used, 2) transfer is not to any third-party, and 3) such transfer is limited to such use as permitted under this Agreement. Footprint may at any time and for any or no reason cease to provide or limit the provision of QA Data to Customer.
(vi) Customer shall not remove or obscure any trademarks, copyright notices or other notices contained on materials accessed through the Footprint Services.
(vii) Footprint is a licensee of the United States Postal Service’s NCOALINK database (NCOA Database). The information contained in the NCOA Database is regulated by the Privacy Act of 1974 and may be used only to provide a mailing list correction service for lists that will be used for preparation of mailings. If Customer receives all or a portion of the NCOA Database through the Footprint Services, Customer hereby certifies to Footprint that it will not use such information for any other purpose. Prior to obtaining or using information from the NCOA Database, Customer agrees to complete, execute and submit to Footprint the NCOA Processing Acknowledgement Form.
(viii) Certain materials contained within the Footprint Services are subject to additional obligations and restrictions. Without limitation, these services include news, business information (e.g., Dun & Bradstreet reports), and federal legislative and regulatory materials. To the extent that Customer receives such materials through the Footprint Services, Customer agrees to comply with the General Terms and Conditions for Use of Footprint Services contained at the following website: www.lexisnexis.com/terms/general (the General Terms). The General Terms are hereby incorporated into these Service Terms by reference.
(ix) The Footprint Services provided via LexisNexis pursuant to this Agreement are not provided by “consumer reporting agencies,” as that term is defined in the Fair Credit Reporting Act, (15 U.S.C. §1681, et seq.), (the FCRA), and do not constitute “consumer reports” as that term is defined in the FCRA. Accordingly, the Footprint Services provided by LexisNexis may not be used in whole or in part as a factor in determining eligibility for credit, insurance, employment or another purpose in connection with which a consumer report may be used under the FCRA. Further, (A) Customer certifies that it will not use any of the information it receives through the Footprint Services via LexisNexis to determine, in whole or in part an individual’s eligibility for any of the following products, services or transactions: (1) credit or insurance to be used primarily for personal, family or household purposes; (2) employment purposes; (3) a license or other benefit granted by a government agency; or (4) any other product, service or transaction in connection with which a consumer report may be used under the FCRA or any similar state statute, including without limitation apartment rental, check-cashing, or the opening of a deposit or transaction account; (B) by way of clarification, without limiting the foregoing, Customer may use, except as otherwise prohibited or limited by this Agreement, information received through the Footprint Services for the following purposes: (1) to verify or authenticate an individual’s identity; (2) to prevent or detect fraud or other unlawful activity; (3) to locate an individual; (4) to review the status of a legal proceeding; (5) to collect a debt, provided that such debt collection does not constitute in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; or (6) to determine whether to buy or sell consumer debt or a portfolio of consumer debt in a commercial secondary market transaction, provided that such determination does not constitute in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; (C) specifically, if Customer is using the Footprint Services in connection with collection of a consumer debt on its own behalf, or on behalf of a third-party, Customer shall not use the Footprint Services: (1) to revoke consumer credit; (2) to accelerate, set or change repayment terms; or (3) for the purpose of determining a consumer’s eligibility for any repayment plan; provided, however, that Customer may, consistent with the certification and limitations set forth in this section (viii), use the Footprint Services for identifying, locating, or contacting a consumer in connection with the collection of a consumer’s debt or for prioritizing collection activities; and (D) Customer shall not use any of the information it receives through the Footprint Services to take any “adverse action,” as that term is defined in the FCRA.
(x) If Customer is permitted to access Motor Vehicle Records (MVR Data) from Footprint, without in any way limiting Customer’s obligations to comply with all state and federal laws governing use of MVR Data, the following specific restrictions apply and are subject to change: 1) Customer shall not use any MVR Data provided by Footprint, or portions of information contained therein, to create or update a file that Customer uses to develop its own source of driving history information; 2) as requested by Footprint, Customer shall complete any state forms that Footprint is legally or contractually bound to obtain from Customer before providing Customer with MVR Data; and 3) Footprint (and certain Third-Party vendors) may conduct reasonable and periodic audits of Customer’s use of MVR Data. Further, in response to any audit, Customer must be able to substantiate the reason for each MVR Data order.
(xi) If Customer is permitted to access American Board of Medical Specialties data (ABMS Data) from Footprint, Customer shall not use, nor permit others to use, ABMS Data for purposes of determining, monitoring, tracking, profiling or evaluating in any manner the patterns or frequency of physicians’ prescriptions or medications, pharmaceuticals, controlled substances, or medical devices for use by their patients.
(xii) Customer represents and warrants that Customer will not provide Footprint with any Protected Health Information (as that term is defined in 45 C.F.R. Sec. 160.103) or with Electronic Health Records or Patient Health Records (as those terms are defined in 42 U.S.C. Sec. 17921(5), and 42 U.S.C. Sec. 17921(11), respectively) or with information from such records without the execution of a separate agreement between the parties.
(xiii) For uses of GLBA Data, DPPA Data and MVR Data, Customer shall maintain for a period of five (5) years a complete and accurate record (including consumer identity, purpose and, if applicable, consumer authorization) pertaining to every access to such data.
(xiv) Accordingly, Customer shall (a) restrict access to Footprint Services to those employees who have a need to know as part of their official duties; (b) ensure that none of its employees shall (i) obtain and/or use any information from the Footprint Services for personal reasons, or (ii) transfer any information received through the Footprint Services to any party except as permitted hereunder; (c) keep all user Access Credentials confidential and prohibit the sharing of Access Credentials; (d) immediately deactivate the Access Credentials of any employee who no longer has a need to know, or for terminated employees on or prior to the date of termination.
(xv) Customer acknowledges and agrees that Footprint obtains its data from third-party sources, which may or may not be completely thorough and accurate, and that Customer shall not rely on Footprint for the accuracy or completeness of information supplied through the Footprint Services.
(xvi) Not withstanding anything in this Agreement to the contrary, Footprint or Footprint’s data provider shall own Customer’s search inquiry data used to access the Footprint Services (in the past or future) and may use such data for any purpose consistent with applicable federal, state and local laws, rules and regulations.
(xvii) Customer understands and agrees that, in order to ensure compliance with the FCRA, GLBA, DPPA, other similar state or federal laws, regulations or rules, regulatory agency requirements, this Agreement, and Footprint’s obligations under its contracts with its data providers and Footprint’s internal policies, Footprint may conduct periodic reviews of Customer’s use of the Footprint Services and may, upon reasonable notice, audit Customer’s records, processes and procedures related to Customer’s use, storage and disposal of Footprint Services and information received therefrom. Customer agrees to cooperate fully with any and all audits and to respond to any such audit inquiry within ten (10) business days, unless an expedited response is required. Violations discovered in any review and/or audit by Footprint will be subject to immediate action including, but not limited to, suspension or termination of the license to use the Footprint Services, reactivation fees, legal action, and/or referral to federal or state regulatory agencies.
(xviii) Provisions hereof related to release of claims; indemnification; use and protection of information, data and Footprint Services; payment for the Footprint Services; audit; Footprint’s use and ownership of Customer’s search inquiry data; disclaimer of warranties; security; Customer Data and governing law shall survive any termination of the license to use the Footprint Services or the Agreement, the CSI Supplemental Agreement, or these Service Terms.
(xix) Customer shall train new employees prior to allowing access to Footprint Services on Customer’s obligations under this Agreement, including, but not limited to, the licensing requirements and restrictions under Paragraph 1 and the security requirements of Paragraph 2. Customer shall conduct a similar review of its obligations under this Agreement with existing employees who have access to Footprint Services no less than annually. Customer shall keep records of such training.
(xx) Customer acknowledges and understands that Footprint will only allow Customer access to the Footprint Services if Customer’s credentials can be verified in accordance with Customer’s internal credentialing procedures. Customer shall notify Footprint immediately of any changes to the information on Customer’s Application for the Footprint Services, and, if at any time Customer no longer meets the criteria for providing such service, Footprint may terminate this Agreement. Customer is required to promptly notify Footprint of a change in ownership of Customer’s company, any change in the name of Customer’s company, and/or any change in the physical address of Customer’s company.
(xxi) By receipt of the Footprint Services, Customer agrees to, and shall comply with, changes to the licenses granted Customer under these Service Terms, changes in pricing, and changes to other provisions of this Agreement as Footprint shall make from time to time by notice to Customer via e-mail, online “click wrap” amendments, facsimile, mail, invoice announcements, or other written notification. All e-mail notifications shall be sent to the individual named in the Customer administrator contact information section, unless stated otherwise in this Agreement. Footprint may, at any time, impose restrictions and/or prohibitions on the Customer’s use of the Footprint Services or certain data. Customer understands that such restrictions or changes in access may be the result of a modification in Footprint policy, a modification of third-party agreements, a modification in industry standards, a Security Event or a change in law or regulation, or the interpretation thereof. Upon written notification by Footprint of such restrictions, Customer agrees to comply with such restrictions.
(xxii) With respect to personally identifiable information regarding consumers, the parties further agree as follows: `Footprint has adopted the “One Footprint Inc. Data Privacy Principles” (Principles), which may be modified from time to time, recognizing the importance of appropriate privacy protections for consumer data, and Customer agrees that Customer (including its directors, officers, employees or agents) will comply with both LexisNexis and Footprint privacy policies. The Principles are available at: https://www.onefootprint.com/privacy-policy and http://www.lexisnexis.com/privacy/data-privacy-principles.aspx.
18.20.3 Incode Downstream Vendor Terms
(i) During the Term, Incode hereby grants Customer a nonexclusive, limited, personal, non-sublicensable, nontransferable right and license to use and access the Footprint Services, only for the internal business purposes of Customer and only in accordance with Incode Documentation (as defined herein below). No other rights or licenses are granted except as expressly and unambiguously set forth herein. Incode Documentation means Incode’s usage guidelines and standard technical documentation for the Software, the current version of which is available at API: https://docs.incode.com/docs/omni-api/integration-guide/ and Web SDK: https://docs.incode.com/docs/web/overview.
(ii) Customer shall not (and shall not permit any third party to),yyyy directly or indirectly: (a) reverse engineer, decompile, disassemble, or otherwise attempt to discover the underlying structure of the Footprint Service (except to the extent applicable laws specifically prohibit such restriction); (b) modify, translate, or create derivative works based on the Footprint Service; (c) transfer or encumber rights to the Footprint Service; (c) use the Footprint Service for the benefit of a third party; (d) remove or otherwise alter any proprietary notices from the Footprint Service or any portion thereof; (e) use the Footprint Service to build an application or product that is competitive with any Incode product or service; (f) interfere or attempt to interfere with the proper working of the Footprint Service or any activities conducted on the Footprint Service; (g) bypass any measures Incode may use to prevent or restrict access to the Footprint Service (or other accounts, computer systems or networks connected to the Footprint Service); (h) use the Footprint Service for the design or development of nuclear, chemical or biological weapons or missile technology, or for terrorist activity, without the prior permission of the United States government; or (i) allow any third party to remove or export from the United States or allow the export or re-export of any part of the Software or any direct product thereof (i) into (or to a national or resident of) any embargoed or terrorist-supporting country, (ii) to anyone on the U.S. Commerce Department’s Table of Denial Orders or U.S. Treasury Department’s list of Specially Designated Nationals, (iii) to any country to which such export or re-export is restricted or prohibited, or as to which the United States government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval or (iv) otherwise in violation of any export or import restrictions, laws or regulations of any United States or foreign agency or authority. The Software may incorporate third-party open source software (OSS). To the extent required by the OSS license, that license will apply to the OSS on a stand-alone basis. Customer is responsible for all of Customer’s activity in connection with the Footprint Service, including but not limited to uploading Customer Data onto the Footprint Service. Customer shall warrant that it is not located in, under the control of or a national or resident of any such prohibited country or on any such prohibited party list. Customer: (A) shall use the Footprint Service in compliance with all applicable laws, treaties and regulations in connection with Customer’s use of the Footprint Service, and (B) shall not use the Footprint Service in a manner that violates any third party rights. This provision shall survive any expiration or termination of the Agreement.
(iii) The parties agree that Incode will process Customer Data in connection with the Footprint Services solely to perform its obligations under this Agreement. Notwithstanding the foregoing, Customer acknowledges and agrees that Incode may use the Customer Data to (i) provide the Footprint Services and (ii) generate Aggregated Anonymous Data for Incode’s business purposes (including without limitation, for purposes of improving, testing and operating Incode’s products and services). Aggregated Anonymous Data means data submitted directly to, collected directly by, or generated by Incode in connection with Customer’s use of the Footprint Service that is aggregated and anonymized such that it cannot be reasonably linked to, or reasonably capable of being associated with, directly or indirectly, any individual person. Customer shall acknowledge and agree that Customer shall be solely responsible for requesting individuals the end-users’ consent for the afore purposes.
(iv) Customer acknowledges and agrees that the Footprint Service may use services provided by third parties. Any exchange of data or other interaction between Customer and a Third-Party Provider is solely between Customer and such Third-Party Provider and is governed by such third party’s terms and conditions.
(v) Incode may suspend or limit Customer’s access to or use of the Footprint Service if Customer’s use of the Footprint Service results in (or is reasonably likely to result in) damage to or material degradation of the Footprint Service which interferes with Incode’s ability to provide access to the Footprint Service to other Incode customers. Upon expiration or earlier termination of the Agreement, all license granted to Customer will cease, and Customer must immediately cease using the software and delete (or, upon request, return) all copies of the software. At Incode’s request, Customer will ensure that Customer deletes all of Incode’s Confidential Information. Confidential Information may be retained in the Incode’s standard backups after deletion but will remain subject to the Agreement’s confidentiality and non-use restrictions. This provision shall survive any expiration or termination of the Agreement.
(vi) THE FOOTPRINT SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” AND ARE WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. INCODE DOES NOT WARRANT ANY THIRD PARTY SERVICES OR THAT CUSTOMER’S (AS THE CASE MAY BE), USE OF THE FOOTPRINT SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT ANY SECURITY MECHANISMS IMPLEMENTED BY THE FOOTPRINT SERVICE WILL NOT HAVE INHERENT LIMITATIONS. This provision shall survive any expiration or termination of the Agreement, the CSI Supplemental Agreement, or the Service Terms.
(vii) EXCEPT FOR CUSTOMER’S BREACH OF THE LICENSE RESTRICTIONS OF THE AGREEMENT, IN NO EVENT SHALL INCODE, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THE AGREEMENT (A) FOR ANY LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, SUBSTITUTE GOODS OR SERVICES (HOWEVER ARISING), (B) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (C) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) TO INCODE WITH RESPECT TO THE LICENSE GRANTED HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER. This provision shall survive any expiration or termination of the Agreement.
(viii) Incode will not be liable for any delay or failure to perform the Service due to events beyond its reasonable control, such as a strike, blockade, war, act of terrorism, riot, infrastructure services provided by Third-Party Providers, Internet or utility failures, refusal of government license or natural disaster. (ix) The Footprint Services are “commercial products” (as defined at Federal Acquisition Regulation (FAR) 2.101) and are “commercial computer software” (as defined at FAR 2.101). If the Customer or end user of the Footprint Services is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, Software or any related Documentation of any kind, including technical data and manuals, is restricted by the terms of Federal End User Agreement in accordance with FAR 12.212 for civilian agency use and Defense Federal Acquisition Regulation Supplement (DFARS) 227.7202 for agencies within the Department of Defense. All other use is prohibited.
19 reCAPTCHA
19.1 By accessing or using the reCAPTCHA services, Customer agrees to the Google terms published at https://policies.google.com/terms and https://developers.google.com/terms/ which are hereby incorporated by reference into these Service Terms.
19.2 Customer acknowledges and understands that the reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending these data to Google for analysis. The information collected in connection with Customer’s use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google. Customer agrees that if it uses the APIs it is Customer’s responsibility to provide any necessary notices or consents for the collection and sharing of this data with Google. For users in the European Union, Customer must comply with the user consent policy published at https://www.google.com/about/company/user-consent-policy/. Customer’s use of reCAPTCHA is subject to call limits as described in the documentation published at https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-recaptcha. Google may in its sole discretion enforce these limits through any of the means described in the documentation.
20 Google Maps
20.1 Customer acknowledges and will (A) notify Users that the Digital Banking Services include Google Maps features and content; and (B) state that use of Google Maps features, and content is subject to the then-current versions of the: (1) Google Maps/Google Earth Additional Terms of Service at https://maps.google.com/help/terms_maps.html (//maps.google.com/help/terms_maps/); and (2) Google Privacy Policy at https://www.google.com/policies/privacy/(//www.google.com/policies/privacy/).
20.2 If Users of the Digital Banking Services (and downstream products, if any) fail to comply with the applicable terms of the Google Maps/Google Earth Additional Terms of Service, then CSI will take appropriate enforcement action, including suspending or terminating those Users’ use of Google Maps features and content in the Digital Banking Services or downstream products.
20.3 To provide the Google Map services through the Digital Banking Services Google collects and receives data from Customer and Users, including search terms, IP addresses, and latitude/longitude coordinates. Customer acknowledges and agrees that Google and its affiliates may use and retain this data to provide and improve Google products and services, subject to the Google Privacy Policy currently available at https://www.google.com/policies/privacy/.
20.4 Customer’s use of Digital Banking Services which utilize Google Maps will comply with applicable privacy laws, including laws regarding services that store and access cookies on Users’ devices. Customer will comply with the then-current Consent Policy currently available at https://www.google.com/about/company/user-consentpolicy.html.
20.5 Through the normal functioning of Google Maps, Users provide personally identifiable information and personal data directly to Google, subject to the then-current Google Privacy Policy currently available at https://www.google.com/policies/privacy/.
20.6 Customer will not provide to Google (i) any User’s personally identifiable information; or (ii) any European User’s personal data (where “European” means “European Economic Area, Switzerland, or the UK”).
20.7 To safeguard Users’ location privacy, Customer will ensure to (i) notify Users in advance of (1) the type(s) of data that Customer intends to collect from the Users or the Users’ devices, and (2) the combination and use of User’s location with any other data provider’s data; and (ii) will not obtain or cache any User’s location except with the User’s express, prior, revocable consent.
21 Business Insights
21.1 Business Insights Services means the financial intelligence services for business owners (e.g. cash flow forecasting, benchmarking, business insights) and related marketing analytics integrated into the Digital Banking Services and provided by Signal Financial Technologies, Inc. d/b/a Monit (or its successor) (Monit).
21.2 All right, title and interest in and to all subject ideas and inventions with respect to Monit intellectual property, whether or not registered or registrable, patented or patentable shall be held and owned solely by Monit. In the event that Customer should otherwise, by operation of law, be deemed to retain any rights (whether moral rights or otherwise) to any Monit intellectual property, Customer hereby assigns and otherwise transfers and agrees to assign and otherwise transfer to Monit, without further consideration, the right, title and interest in and to such intellectual property. Customer hereby waives any so-called “droit moral” rights, “moral rights of authors” and all other similar rights Customer may have in any subject ideas and inventions, however denominated, throughout the world. These Service Terms do not transfer to Customer any Monit intellectual property, and all rights, title and interest in and to Monit intellectual property, including derivatives thereof regardless of the creator, will remain the sole property of Monit. Customer agrees that it will not, directly or indirectly, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code from, any Monit intellectual property. No products or services delivered by Monit or CSI for use by Customer or Clients are works made for hire.
21.3 Customer shall use the Business Insights Services only for lawful purposes and in accordance with the Agreement, the CSI Supplemental Agreement, and these Service Terms. Customer will comply at all times with all applicable laws or regulations. In the event of a failure to comply, Customer will be subject to immediate suspension or termination of the use of the Business Insights Services.
21.4 Customer will not, and will not allow other third parties, either directly or indirectly, to: (i) take any action that may interfere with any of Monits’ rights in or to any intellectual property rights; (ii) challenge any right, title or interest of Monit in or to any of its intellectual property rights; (iii) make any claim or take any action adverse to Monit’s ownership of any intellectual property rights; (iv) register or apply for registrations, anywhere in the world, for Monit’s trademarks or any other trademark that is similar to Monit’s trademarks or that incorporates Monit’s trademarks in whole or in confusingly similar part; (v) use any mark, anywhere, that is confusingly similar to Monit’s trademarks; (vi) engage in any action that tends to disparage, dilute the value of, or reflect negatively on the Business Insights Services or any Monit trademark; (vii) misappropriate any Monit trademarks for use as a domain name without prior written consent from Monit; (viii) alter, obscure or remove any Monit trademarks or trademark or copyright notices or any other proprietary rights notices placed on marketing materials or other materials that CSI or Monit may provide; (ix) reverse assemble, reverse compile, or otherwise reverse engineer or attempt to derive the source code of the Business Insights Services or any other Monit intellectual property; (x) create derivative works of the Business Insights Services or any other Monit Intellectual Property; or (xi) access or use, or allow any person to access or use, the Business Insights Services for any purpose other than the purposes identified in the Agreement, the CSI Supplemental Agreement, or the Service Terms.
21.5 Customer shall be solely responsible for (i) ensuring that its and its Users’ use of the Business Insights Services complies with those laws, statutes, regulations, executive orders, administrative orders, judicial orders, or interpretive guidance which has been, in each case, enacted, promulgated, issued, or published by governmental authorities to which CSI and Customer are subject, and (ii) any and all actions taken by Customer, its Users, or third parties as a result of, in connection with, or based on information provided by the Business Insights Services. Under no circumstances shall Customer or its Users use or access the Business Insights Services for any “permissible purpose” under the fair credit reporting act (FCRA) (15 u.s.c. sec. 1681 et seq) or use any of the information it receives via the Business Insights Services to take any “adverse action”, as that term is defined in the FCRA. CSI shall have no liability or responsibility whatsoever for actions taken by Customer or third parties as a result of, in connection with, or based on information provided by the Business Insights Services, and Customer hereby waives and releases CSI from any such liability or related claims.
21.6 Customer shall indemnify, defend and hold CSI and Monit harmless from and against any third-party (including Clients or Users) claims and related losses arising from the (i) breach of the Agreement, the CSI Supplemental Agreement, or these Services Terms, negligence, or willful misconduct of Customer or Users in connection with the Business Insights Services, (ii) any decisions or actions taken by Customer or Users on the basis of the Business Insights, or (iii) data and information provided by Customer or Users.
21.7 Customer acknowledges that the use of the Business Insights Services by Customer pursuant to these Service Terms is subject to the terms of a Reseller Agreement dated as of 11-AUG-2022 by and between Apiture, Inc. and Signal Financial Technologies, Inc. (Reseller Agreement). Upon expiration or earlier termination of the Reseller Agreement, all of Customer’s right to use the Business Insights Services under these Service Terms shall automatically terminate and Customer’s continued use of the Business Insights Services shall be conditioned upon Customer and CSI’s Third-Party Provider for Business Insights entering into Monit’s then standard agreement with respect to the use of the Business Insights Services.
21.8 Monit shall be a third-party beneficiary to the CSI’s agreement with Customer solely as it relates to Section 21 of these Service Terms.
22 Data Intelligence Universal Terms
A. Data Intelligence Services shall refer to and include the Data Engage Services, Data Direct Services, and Data Portal Services described in this Section 22. The Data Intelligence Universal Terms set out below shall apply to all Data Intelligence Services in addition to the service-specific terms set forth in successive subsections of this Section 22. For the avoidance of doubt, Customer is entitled to use and access only those Data Intelligence Services specifically and expressly recited within an executed Agreement with CSI.
B. Customer shall be solely responsible for ensuring (i) that its use of the Data Intelligence Services complies with applicable law and regulations, and (ii) any and all actions taken by Customer or third parties as a result of, in connection with, or based on information provided by the Data Intelligence Services complies with applicable law and regulation. Under no circumstances shall Customer or its Users use or access the Data Intelligence Services for any “permissible purpose” under the Fair Credit Reporting Act (FCRA) (15 U.S.C. Sec. 1681 et seq) or use any of the information it receives via the Data Intelligence Services to take any “adverse action”, as that term is defined in the FCRA. CSI SHALL HAVE NO LIABILITY OR RESPONSIBILITY WHATSOEVER FOR ACTIONS TAKEN BY CUSTOMER OR THIRD PARTIES AS A RESULT OF, IN CONNECTION WITH, OR BASED ON INFORMATION PROVIDED BY THE DATA INTELLIGENCE SERVICES, AND CUSTOMER HEREBY WAIVES, RELEASES, HOLDS CSI HARMLESS FROM ANY SUCH LIABILITY OR RELATED CLAIMS.
C. Customer shall indemnify, defend and hold CSI and its Third-Party Providers harmless from and against any third-party claims (including claims made by Clients and other Users) and related losses arising from the (i) breach of the Agreement, the CSI Supplemental Agreement, or these Service Terms, negligence, or willful misconduct of the Customer in connection with the Data Intelligence Services, (ii) any decisions or actions taken by Customer or Clients on the basis of the Data Intelligence Services, or (iii) Customer Data provided by Customer, Clients, other Users, or third-parties.
D. As between CSI and Customer, Customer is responsible for the accuracy and integrity of Customer Data provided by Customer, Clients, or other Users in connection with Data Intelligence Services.
E. Customer represents and warrants that it has all necessary power and authorization to grant to CSI and its Third-Party Providers all rights and licenses required for CSI and its Third-Party Providers to use Customer Data in accordance with the Agreement, the CSI Supplemental Agreement, and these Service Terms. Customer grants CSI and Third-Party Providers the right to use such Customer Data during the term of the Agreement for the purpose providing the Data Intelligence Services and other purposes expressly recited in the Agreement, the CSI Supplemental Agreement, and the Service Terms. Customer is solely responsible for drafting, disseminating, obtaining, or retaining all consents or notices necessary to ensure that Customer Data is collected and used in accordance with applicable law and regulations, including, without limit, applicable state and federal privacy laws and regulations.
22.1 Data Engage Services
22.1.1 Data Engage Services means the software as a service provided by Pendo.io Inc., or its successor, (Pendo), that enables Customer Users to build customized, in-application User guidance and gather analytics about User behavior in connection with the Digital Banking Services.
22.1.2 CSI and Pendo (and/or its licensors) are the sole and exclusive owners of all rights, title and interest in and to the Data Engage Services, related documentation, and proprietary property (including intellectual property rights) and reserve all rights, title and interest in the foregoing unless otherwise expressly granted under these Service Terms. No ownership or other rights in or to the Data Engage Platform, related documentation, or Pendo systems conveyed or granted to Customer or Users.
22.1.3 Pendo may, in its sole discretion, enhance, modify, and/or expand the features of the Data Engage Services from time to time. Customer shall ensure the Customer Systems are configured and updated to accommodate periodic modifications, upgrades, or updates to the Data Engage Services, otherwise, certain features or functionality associated with the Data Engage Platform may not be accessible or otherwise perform.
22.1.4 Customer may submit Feedback to CSI or Pendo. Pendo may use and incorporate Feedback in its sole discretion.
22.1.5 Customer acknowledges and agrees that it shall not advance any direct claim or proceeding against Pendo in connection with the Data Engage Services and does hereby expressly waive any and all rights to do so. The foregoing agreement and waiver is a fundamental condition of CSI’s and Pendo’s provision of the Data Engage Services.
22.1.6 Pendo may use statistical and performance information derived aggregated and anonymized Customer Data for purposes of improving its products and services, and developing, displaying, and distributing benchmarks and similar reports.
22.1.7 CSI and its Third-Party Providers shall use commercially reasonable efforts to avail and maintain APIs enabling access to the Data Engage Services (Data Engage APIs) in a manner which enables Customer to export data in accordance with industry standard processes. Data Engage APIs are subject to a timeout limit of 5 minutes and a file size limit of 4GB per API query response. The Data Engage API response will automatically cease. Neither CSI nor Pendo shall have any liability associated with Customer’s use of any data derived from Data Engage APIs.
22.2 Data Direct Services
22.2.1 Data Direct Services means the CSI subscription services offering that involves the preparation and delivery of curated delimited text data files containing Customer Data for independent analysis by Customer of its Users’ information, behavior, characteristics, transactions, and related trends. Text data files prepared in connection with the Data Direct Services are referred to as Dataset Files.
22.2.2 CSI will deliver Dataset Files by SFTP at the frequency specified in the CSI Supplemental Agreement or the Documentation. Customer shall be responsible for the procurement, maintenance, security, and adequacy of all Customer Systems, including any SFTP client or other automated systems employed by Customer or otherwise required for the receipt of the Data Direct Services. Customer shall be responsible for ensuring the security of any and all Access Credentials furnished by CSI in connection with the Data Direct Services or otherwise utilized to access Dataset Files. CSI shall bear no responsibility nor liability in connection with the security or disposition of Dataset Files or constituent data after such Dataset Files are retrieved from CSI Systems by Customer or its designee.
22.2.3 Data Direct Services do not include any processing, analysis, visualization, or other rendering of Dataset Files or any related tools or systems. Customer shall be responsible for the procurement, maintenance, security, and adequacy of any and all applications, tools, or services it deems necessary for the use or analysis of Dataset Files. Data Direct Services are expressly limited to the provision of Dataset Files only.
22.2.4 Dataset Files may exclude or segregate personal information in CSI’s discretion.
22.2.5 CSI will only be obligated to retain Dataset Files for 7 calendar days following attempted delivery to Customer. After the elapse of such period, CSI may delete the Dataset Files and will have no obligation to recreate deleted Dataset Files.
22.3 Data Portal Services
22.3.1 Data Portal Services means the CSI subscription services offering whereby Customer Users may access, query, and action insights, visualizations, and campaigns based upon curated Customer Data.
22.3.2 Subject to the terms and conditions of the Agreement, and these Service Terms, CSI grants to Customer a limited, worldwide, non-exclusive, non-transferable right during the Subscription Term to use the Data Portal Services solely for Customer’s internal business operations. Customer’s rights to use the Data Portal Services are subject to any scope and usage limitations set forth in the CSI Supplemental Agreement, which may include, without limitation, limits on the number of Users. If Customer exceeds any scope limitations set forth in the Agreement, CSI may suspend or limit access to the Data Portal service and/or invoice Customer for the excess usage at CSI’s then-current rates.
22.3.3 Customer shall not: (a) sell, rent, lease, or, except as expressly permitted in the Agreement, license, sublicense, distribute, or otherwise permit third parties to access or use the Data Portal Services; (b) except as expressly permitted in the Agreement, use the Data Portal Services to provide services to third parties as a service bureau or for time sharing or service provider purposes; (c) circumvent or disable any security or other technological features or measures of the Data Portal Services, or attempt to probe, scan or test the vulnerability of a network or system, breach security or authentication measures, or gain unauthorized access to any service, system or network; (d) upload or provide for processing, or use the Data Portal Services to store, display or transmit, any information or material that is illegal, defamatory, offensive, abusive, obscene, or tortious, or that violates applicable statutory privacy or intellectual property rights; (e) use the Data Portal Services to harm, threaten, or harass another person or organization or in any way that violates applicable laws or regulations; (f) use the Data Portal Services to create, send, store, run, or distribute any viruses, worms, Trojan horses, or other disabling code, malware component, or code or program harmful to a network or system; (g) copy, reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, or create derivative works of the Data Portal Services or any feature or function thereof; (h) access the Data Portal Services for the purpose of any benchmarking or other competitive purpose; (i) alter nor remove any trademark, copyright notice, or other proprietary rights notice that may appear in any part of the Data Portal Services; or (j) use the Data Portal Services in excess of stated scope limitations. Customer is solely responsible for the conduct of its personnel and other users in connection with the use of the Data Portal Services.
22.3.4 Except as otherwise provided in the Agreement, only the number of Customer Users specified in the Agreement may access the Data Portal Services and user licenses or accounts may not be shared among Users. Except as otherwise provided in the Agreement, access to the Data Portal Services shall be ‘view-only’ and Customer personnel shall not have direct access to upload data to the Data Portal Services or access CSI Systems or Third-Party Providers Systems supporting the Data Portal Services. As part of the registration process, Customer may be asked to identify Users who should be associated with its account. Customer will not misrepresent the identity or nature of the Users who should be associated with its account. Customer shall be responsible for maintaining the confidentiality of Access Credentials associated with the Data Portal Services and for all activities that occur in connection with Customer Access Credentials and accounts, including the activities and operations of Customer Users.
22.3.5 Customer shall use reasonable efforts to prevent any unauthorized use of the Data Portal Services and will promptly notify CSI in writing of any unauthorized use. Customer will take all steps reasonably necessary to terminate unauthorized use of the Data Portal Services. CSI may remotely monitor Customer’s use of the Data Portal Services to verify that Customer’s use complies with scope limitations and other terms of the Agreement.
22.3.6 The Data Portal Services will be materially operational and functional 99.9% of the time during the hours of 9:00 am to 8:00 pm, EST, Monday through Friday during any 30-day period. The foregoing availability commitment supersedes any and all services levels or availability targets set forth in the Agreement, the CSI Supplemental Agreement, or otherwise.
23 Embedded Banking Services
23.1 EB Services means those Embedded Banking Services that enable Customer and its EB Partners to avail or extend digital banking features, functions, and services within a Host Application.
23.2 Host Application refers to digital experiences or channels which are owned, managed, or controlled by Customer or an EB Partner that enable Customer and EB Partners to avail or extend digital banking features, functions, and services.
23.4 EB Partner means those third-party partners designated by Customer to participate in the Embedded Banking Services.
23.5 EB Partner Agreement” means a written agreement governing the relationship between Customer and the EB Partner with respect to the EB Services.
23.5 Use of and access to EB Services requires and is subject to the execution of a CSI Supplemental Agreement which explicitly provides for and describes the particular EB Services and associated features, functions, capabilities, and integrations engaged by Customer. In the absence of a current subscription to EB Services memorialized in an executed CSI Supplemental Agreement and except as expressly provided in the Agreement neither Customer nor its EB Partners shall have any right or license to use or access the EB Services or any CSI APIs, SDKs, or CSI Systems.
23.6 EB Services and the associated licenses are limited to the particular features, functions, capabilities, integrations, components, services, and associated APIs specifically and expressly identified in an executed CSI Supplemental Agreement. EB Services shall at all times remain subject to (i) the provisions of the Agreement (ii) these Service Terms, and (iii) any and all Service Terms applicable to the Software-as-a-Service Services and functionality associated with subscribed EB Services. By way of illustration, EB Services which enable Account Origination within a Host Application are also subject to Digital Account Opening Service Terms.
23.7 Any and all EB Partners must be approved by CSI, in its sole discretion, and expressly identified within the CSI Supplemental Agreement. New or additional EB Partners, features, functions, capabilities, integrations, components, or other EB Services will necessitate and be subject to an amendment to the CSI Supplemental Agreement detailing any and all changes and the associated Fees. Further, the introduction and maintenance of new or additional EB Partners, Host Applications, or other third-party rights, licenses, or relationships which implicate use of, access to, or which may otherwise affect the EB Services shall be subject to an amendment to the CSI Supplemental Agreement detailing any and all changes and the associated Fees.
23.8 All Host Applications, other applications, databases, software, APIs, scripts, IdP components or platforms, infrastructure, systems, processes, hardware, information security tools and measures, and any other technologies (i) which are owned or managed by either Customer, Customer third-party service providers, EB Partners, or EB Partner service providers, and (ii) which use, access, incorporate, impact, or enable the EB Services shall, in all such cases and permutations, constitute Customer Systems. As set out in the Agreement, Customer shall be solely responsible for the operation and performance of Customer Systems. Any outage, deficiency, or degradation of Embedded Banking Services attributable to Customer Systems shall constitute a Dependency. Errors or issues resulting from or associated with the improper functioning of Customer Systems shall not give rise to Service Level Credits, adversely affect CSI Service Level calculations, or otherwise constitute a breach or failure of performance on the part of CSI.
23.9 Customer shall be responsible for providing all documentation, specifications, or other information necessary to establish and maintain CSI’s integration with a Host Application or other Customer Systems to enable functioning of the EB Services, including ensuring an SFTP file set-up. Further, Customer shall be responsible for costs and expenses associated with CSI’s efforts to establish or maintain integrations to Customer Systems which support or enable EB Services. Additionally, Customer and EB Partners shall be responsible for ensuring that Customer Systems maintain ongoing compatibility with and are updated as necessary in the event of updates to the EB Services and associated APIs and integrations. Customer and EB Partners are responsible for costs associated with any maintenance of or updates to Customer Systems.
23.10 In addition to the types and categories of Users identified within the Agreement, EB Partners, EB Partner personnel, and EB Partner customers and users shall also constitute Users in the context of the EB Services subject to the rights and obligations concerning Users set out in the Agreement and the applicable Service Terms.
23.11 Subject to CSI’s prior approval of an EB Partner and prior to permitting an EB Partner to imbed the EB Services within its Host Application or otherwise access, or use the EB Services, Customer will enter into an EB Partner Agreement. EB Partner Agreements will include restrictions and requirements concerning access to and use of the EB Services and CSI Systems which are consistent with the restrictions and requirements set out in the Agreement and these Service Terms. Upon CSI’s written request, Customer will furnish evidence of the EB Partner Agreement to CSI in the form of an executed electronic copy thereof (which may be redacted to obscure sensitive commercial information). Further, CSI may, from time to time, prescribe certain provisions or clauses for inclusion in EB Partner Agreements as a condition of the access to and use of certain EB Services. To the extent that CSI requires specific or revised language or terms in EB Partner Agreements, Customer will promptly update such agreements upon CSI’s written request. Customer will ensure that any access to or use of EB Services by Customer, EB Partners, and Users is in accordance with the provisions of the Agreement and the applicable Service Terms and shall bear responsibility and liability for any misuse of the EB Services or CSI Systems. EB Partner Agreements shall address and allocate responsibility for securing the Client Agreements required by the Agreement and delivery of all consents or notices necessary under Legal Requirements; provided, however, that as between CSI and Customer, Customer shall be solely responsible for such Client Agreements, notices, consents, as well as the delivery of accurate and complete information by or about a User. Except as expressly agreed in a CSI Supplemental Agreement as an explicit component of EB Services, Customer shall also be solely responsible for direct support of its customer (and prospective customer) Users. For the avoidance of doubt, Customer bears all responsibility for support of, relationships with, and communications with Users as particularly set out in the Agreement. Additionally, EB Partner Agreements shall include an express restriction prohibiting EB Partners from asserting claims or pursuing legal action directly against CSI in connection with the EB Services. Customer shall indemnify, defend, and hold CSI harmless from and against any third-party claims (including EB Partner claims) arising by virtue of Customer’s breach of an EB Partner Agreement or failure to implement or enforce EB Partner Agreements as contemplated herein. For the avoidance of doubt, Customer shall be solely responsible for its EB Partner Agreements, including the drafting, dissemination, updating, and content thereof.
23.12 Customer will promptly report any claims or complaints concerning the EB Services received by Customer or the EB Partner. Additionally, Customer will promptly provide CSI with information related to any Users or activity which Customer or its EB Partners have identified as suspicious or inconsistent with the requirements of a Client Agreement or a Customer or EB Partner’s acceptable use policy.
23.13 As between CSI and Customer, Customer shall be solely responsible for the security and integrity of all Host Applications and other Customer Systems (including EB Partner systems). Customer shall maintain a written information security program and controls environment which is consistent with industry best practices and which is designed to ensure the security of all its Host Applications and related environments. Customer shall ensure that its EB Partners likewise maintain a written information security program and controls environment which is consistent with industry best practices and which is designed to ensure the security of all the EB Partner Host Applications and related environments. Upon CSI’s written request, Customer shall provide suitable evidence of the information security program applicable to a Host Application. Customer shall require its EB Partners to procure third-party SSAE-18 testing of the controls environment applicable to the Host Application and furnish a SOC 2, Type 2 report evidencing such testing on at least an annual basis. Customer will provide CSI with a copy of the current SOC 2, Type 2 report covering an EB Partner (or prospective EB Partner) upon CSI’s written request together with such other third-party oversight materials as CSI may reasonably request (e.g. financial reporting, information security or business continuity management questionnaires). Customer shall be responsible for security of all names, passwords, identification numbers or codes, security tokens, multi-factor authentication mechanisms, API keys, or other credentials provided to EB Partners or Users in order to enable implementation of, use of, or access to the EB Services.
23.14 As between CSI and Customer, Customer shall be solely responsible for any Security Incidents arising in connection with a Host Application or other use of EB Services, except to the extent such Security Incident is caused by the gross negligence or willful misconduct of CSI. Customer shall indemnify, defend, and hold CSI harmless from and against any and all third-party claims and associated losses resulting from a Security Incident arising in connection with a Host Application or other use of EB Services, except to the extent such Security Incident is caused by the negligence or breach of the Agreement by CSI.
23.15 As between CSI and Customer, Customer shall be solely responsible for monitoring and logging activity associated with the Host Application and other Customer Systems. To the extent that CSI requires forensic or other data or information contained within logs or records derived from the Hosted Application or other Customer Systems, then Customer shall promptly procure and provide such information to CSI upon its reasonable request and without cost.
23.16 Customer shall be responsible for procuring and ensuring the prompt and complete cooperation of EB Partners or Customer stakeholders with CSI. Such cooperation shall include, without limit, the provision of resources or materials necessary to implement or maintain the EB Services and the provision of requested specifications, requirements, configuration information, or data. Customer shall ensure that either Customer or EB Partners provide CSI with accurate and prompt information related to usage and performance of the Host Application, including overall user counts and volumes.
23.17 Upon CSI’s request, Customer shall facilitate the establishment of an acceptable form of mutual confidentiality agreement between CSI and an EB Partner. CSI shall have no obligation to share data or other information with an EB Partner in the absence of a fully executed agreement between CSI and the EB Partner which satisfactorily ensures the confidential treatment and protection of CSI IP.
23.18 Customer and any EB Partners’ implementation, configuration, display, or use of the EB Services must comply with all applicable laws. Customer shall indemnify, defend, and hold CSI harmless from and against any third-party claims and associated losses alleged to result from violation of law associated with Customer or an EB Partners’ implementation, configuration, display, or use of the EB Services.
23.19 Customer is responsible for ensuring that the EB Services are suitable to its and its EB Partners business and operational requirements and processes. Customer is solely responsible for the establishment and maintenance of any and all internal or outsourced systems and processes necessitated by its use of the EB Services together with all associated costs.
23.20 As between CSI and Customer, Customer shall be solely responsible for (i) Customer Systems and processes (including EB Partner systems and process) employed in connection with authentication of Users and enabling access to Digital Banking Services or other financial services and systems or (ii) other non-standard methods or processes associated with authentication and access (including, by way of illustration, persisted digital banking sessions which reduce the frequency of authentication challenges within a Host Application). Customer shall, in either of the foregoing cases, select configurations, tools, and processes which are consistent with Legal Requirements and published regulatory guidance. Customer shall indemnify, defend, and hold CSI harmless from and against any third-party claims associated with Customer or EB Partner authentication processes or with non-standard authentication processes requested by Customer. For the avoidance of doubt, standard authentication processes within the CSI System contemplate the provision of names, passwords, identification numbers or codes, security tokens, multi-factor authentication mechanisms, API keys, or other credentials whenever a User attempts to access digital banking or initiates a new digital banking session.
23.21 The Host Application and other Customer Systems must be architected, developed, and configured so not to compromise or unreasonably burden the EB Services or other CSI Systems. In the event that CSI reasonably determines that the Host Application or Customer Systems are (i) compromising the security, integrity, or availability of the EB Services or CSI Systems, (ii) unreasonably burdening the EB Services or CSI Systems, or (iii) are obscuring or degrading EB Services or components, then, in any such case and in addition CSI’s other rights under the Agreement and these Service Terms, CSI reserves the right to suspend provision of or access to the EB Services without liability pending resolution of the issue giving rise to the suspension.
23.22 Customer agrees that Customer’s and its EB Partners’ applications or interfaces which incorporate CSI embedded components shall at all times maintain and enforce suitable content security policies which appropriately (i) restrict inline scripts from untrusted or unknown sources, (ii) restrict remote scripts from unknown or untrusted resources, (iii) restrict other JavaScript functions known to create vulnerabilities or security concerns (e.g. the eval function or other function that can evaluate string as JavaScript on the fly), (iv) restrict form submissions to ensure inputs cannot be submitted to unknown or untrusted servers, and (v) restricts objects which might facilitate injection type attacks. Customer shall indemnify, defend, and hold CSI harmless from and against any and all Claims and Losses arising in conjunction with Customer’s or its EB Partners’ failure to maintain and enforce a suitable and adequate content security policy.
23.23 CSI reserves the right to withdraw approval of an EB Partner in the event that CSI determines in its sole discretion that the provision of EB Services in conjunction with such EB Partner gives rise to unacceptable reputational or security risks to CSI. In such case, CSI may immediately terminate provision of EB Services in conjunction with such EB Partner upon written notice to Customer without liability; provided, however, CSI will cooperate in good faith with Customer to enable a suitable successor EB Partner.
24 Hosted Website Services
24.1 If CSI does not currently manage any portion of Customer’s domain name portfolio, CSI agrees to waive its then current fee for any transfer of registrar to CSI, provided that Customer maintains its domain name portfolio with CSI for at least 3 years following the effective date of such transfer. If within 3 years of a domain name portfolio transfer to CSI, Customer (i) transfers more than half of its domain name portfolio to another registrar or registrant, or (ii) terminates or is in default under its Agreement, a transfer fee will be due.
24.2 Customer warrants that, to the best of its knowledge, neither the registration of a domain name nor the manner in which it is used infringes on the legal rights of any third party. Neither CSI nor its domain Third-Party Provider guarantees the successful registration or renewal of a domain name, nor how long any such registration or renewal will take, because CSI cannot (i) know whether a requested domain name is simultaneously sought by a third party; (ii) ascertain whether applicable WHOIS databases contain inaccuracies or errors; or (iii) control the processing of such registrations or renewals at any applicable registry.
24.3 EXCEPT FOR CSI’S OR ITS DOMAIN THIRD-PARTY PROVIDER’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT WITH THE CUSTOMER’S DOMAIN, NEITHER CSI NOR ITS DOMAIN THIRD-PARTY PROVIDER SHALL BE LIABLE UNDER ANY CIRCUMSTANCES FOR THE FOLLOWING: (i) SUSPENSION, LOSS, OR MODIFICATION OF CUSTOMER’S DOMAIN NAME REGISTRATION(S); (ii) INTERRUPTION OF CUSTOMER BUSINESS; (iii) DELAYS OR ACCESS INTERRUPTIONS TO ANY DOMAIN MANAGEMENT PORTAL; (iv) THE TRANSFER OF CUSTOMER’S DOMAIN NAME(S) TO CSI OR ANOTHER SERVICE PROVIDER; OR (v) ANY ACTS OR OMISSIONS OF THIRD PARTIES IN CONNECTION WITH THE SERVICES, INCLUDING BUT NOT LIMITED TO APPLICATION OF ANY RELEVANT DISPUTE POLICY OR ANY OTHER ICANN ADOPTED POLICIES.
24.4 If upon registration of a domain name Customer elects to use the Basic DNS or Slaved DNS in connection with such domain name, or if CSI is required to use Basic DNS in order to register such domain name on behalf of Customer due to registry requirements, Customer agrees that the standard terms and conditions for Basic DNS or Slaved DNS (as applicable) shall apply, with such terms available upon written request.
24.5 CSI’s domain Third-Party Provider’s policy is to auto-renew Customer’s domain name at the registrar level unless a change in service is communicated by the Customer in writing in advance or during the termination and deconversion process. Such notice to CSI must be provided at least 30 days prior to the domain name’s expiration date for gTLDs, and at least 60 days prior to the expiration date for ccTLDs.
24.6 CSI will include the “ClientTransferProhibited” lock on all Customer gTLD domain names and those ccTLD domain names where the registry allows for such locks.
24.7 Privacy protection, also referred to as “masking,” conceals ownership for those domain name(s) to which it has been applied, preventing Customer’s contact information from appearing in the WHOIS record for these domain name(s). Where required by a registry, or upon Customer request, CSI, its domain Third-Party Provider, or one of its affiliates may appear as the registrant in the WHOIS record for applicable Customer domain name(s) (Masked Domains). For any such Masked Domains, the interest and ownership in the domain name(s) is not affected. Customer agrees and acknowledges that CSI or its domain Third-Party Provider may unilaterally unmask Customer’s Masked Domains without any liability for having done so (i) in order to comply with third-party obligations (including, without limitation, any ICANN or registry obligation or requirement, or court order or legal action); (ii) to facilitate a renewal or transfer of such domain name(s); or (iii) if such action is required in CSI’s or its domain Third-Party Provider’s reasonable, good faith estimation. Nothing in the Agreement or these Service Terms shall be construed as granting Customer permission or the right to provide masking services to third parties.
24.8 Customer acknowledges that the domain name system and practice of registering and administering domain names are evolving, and Customer therefore agrees that CSI or its domain Third-Party Provider may modify or amend these Service Terms, as well as apply any additional rules or policies that are or may be published by CSI’s domain Third-Party Provider, as may be necessary to comply with its ICANN agreement, or any other relevant agreement(s) under which CSI or its domain Third-Party Provider is bound or will be bound.
24.9 CSI, its domain Third-Party Provider and Customer shall be bound by the applicable regulations, policies, and standards required by (i) ICANN, including those set forth in Clauses 3.7.7.1 through 3.7.7.12 of the 2013 ICANN Registrar Accreditation Agreement (2013 ICANN RAA); and (ii) the Registry administrators for each individual gTLD, sTLD, and/or ccTLD (Registry Specific Terms and Conditions); as applicable, as amended from time to time. Full content of ICANN’s 2013 ICANN RAA and any related policies can be found at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#privacy-proxy.
24.10 Customer agrees and acknowledges that for each domain name that it registers, CSI and/or its domain Third-Party Provider is required by ICANN to collect and maintain certain information, including the following: (i) the registered domain name; (ii) CSI’s or its domain Third-Party Provider’s name as the registrar of the domain name, plus related details; (iii) the status of the domain name; (iv) the full name, postal address, voice telephone number, fax number, and email address of Customer and the administrative, technical, and billing contacts assigned to the domain name by Customer; (v) the names of the primary and, if applicable, secondary name servers for the domain name; and (vi) the date of the domain name’s last update in the WHOIS database, its registration/creation date, and its expiration date. Customer further agrees and acknowledges that, for the purpose of providing the Hosted Website domain Services to Customer, and in accordance with the terms set forth herein, the above information may be made available to ICANN, an ICANN-authorized escrow service, registry operators, and/or other required third parties for their use, copying, distribution, publication, modification, and/or other processing, as ICANN, Registry Operators and applicable laws may require, during or after the term of Customer’s domain name management services for its domain names. Customer agrees and acknowledges that the WHOIS service provider will make the above information publicly available. Customer hereby consents to and gives permission for all such disclosures.
24.11 Customer acknowledges that, pursuant to any ICANN specification or policy, or any of CSI’s domain Third-Party Provider’s or registry procedure not inconsistent with any such ICANN specification or policy, its domain name registration(s) is subject to suspension, cancellation, or transfer (i) to correct mistakes by CSI’s domain Third-Party Provider or a registry, or (ii) for the resolution of disputes concerning Customer’s domain name registration(s).
24.12 In accordance with the requirements of the 2013 ICANN RAA, and as required by applicable registries, Customer acknowledges that CSI may terminate, suspend, or place on ‘client Hold’ any Customer domain name registration(s) for which Customer has (i) willfully provided inaccurate or unreliable WHOIS information as set forth herein, either in the initial registration or subsequent communications or updates; (ii) willfully failed to update any information provided to CSI within seven (7) days of any such change, with Customer responsible for providing such updates on an ongoing basis; (iii) failed to respond for over fifteen (15) calendar days to inquiries by CSI concerning the accuracy of details associated with the domain name registration; or (iv) engaged in a use of a domain name that violates any applicable laws, regulations, or policies.
24.13 Customer agrees not to grant any domain name registered under the Hosted Website Service to any third party.
24.14 Customer represents and warrants that if providing information about a third party under this Hosted Website Service, Customer has (i) provided notice to that third party of such disclosure and use of their information. Customer acknowledges that notwithstanding the registration of a domain name, CSI or its domain Third-Party Provider may comply with and perform all of its obligations under the regulations, policies, and standards referenced in this Section24 of the Service Terms.
24.15 Customer acknowledges and agrees that it is bound by ICANN’s Uniform Domain Name Dispute Resolution Policy and Rules (the UDRP), as amended from time to time, which is hereby incorporated and made a part these Service Terms by reference for all Customer gTLD domain name registrations and/or renewals.
24.16Customer agrees and acknowledges that for all Customer ccTLD domain name registrations and/or renewals, Customer will be bound by the terms and conditions of applicable ccTLD registries. CUSTOMER FURTHER AGREES THAT ANY APPLICABLE REGISTRY OPERATOR WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF SUCH REGISTRY OPERATOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
24.16 Customer shall indemnify and hold harmless all registry operators for applicable TLDs, and their directors, officers, employees and agents, from and against any and all claims, damages, liabilities, and expenses (including reasonable legal fees and expenses) arising out of or related to Customer’s domain name registrations or renewals.
24.17 Upon written request, CSI will make changes or direct its service providers to make changes including, but not limited to, planned maintenance changes, emergency maintenance changes, and DNS name server delegation changes and related set up changes to enable its domain Third-Party Provider to provide the Hosted Website Services. Customer will be responsible for obtaining all necessary authorizations and permissions to effect such changes, and Customer will also be responsible for all fees or charges (if any) for making such changes.
24.18 Customer shall not use, nor shall it permit others to use the Hosted Website Services for (i) any unlawful, invasive, infringing, defamatory, or fraudulent purpose; (ii) to transmit obscene, harassing or otherwise objectionable material, whether or not such material is constitutionally protected (iii) to send any virus, worm, trojan horse or harmful code or attachment; (iv) to alter, steal, corrupt, disable, destroy, trespass or violate any security or encryption of any computer file, database or network; (v) so as to materially interfere with or disrupt CSI’s network or third party networks connected to CSI’s network; and (vi) in a manner that is inconsistent with the Agreement, these Service Terms, any applicable laws, or any reasonable testing procedures and/or usage guidelines which may be provided or posted by CSI or its domain Third-Party Provider in writing from time to time. For purposes of this section, Customer acknowledges that neither CSI nor its domain Third-Party Provider monitors nor controls Customer’s content. Notwithstanding the forgoing, nothing contained herein shall limit CSI’s or its domain Third-Party Provider to suspend or terminate the Hosted Website Service as outlined herein.
24.19 If CSI or its domain Third-Party Provider determines, in its sole but reasonable discretion, that Customer has failed to comply with any provision of Section 24 of these Service Terms, or undertakes or attempts to undertake any of the prohibited activities described herein, it shall either a) use reasonable efforts to notify Customer prior to suspension of the affected service at the Customer domain name level or b) provide three (3) days advanced written notice of an opportunity to cure a breach of these Service Terms prior to termination of the affected Hosted Website Service. Customer agrees that CSI or its domain Third-Party Provider may immediately take reasonable corrective action which includes, but is not limited to, (i) restricting transmission of material; (ii) suspending the Hosted Website Services; and/or (iii) terminating the Agreement or any part thereof. Such corrective action is in addition to any other rights CSI may have under the Agreement or under law, and neither CSI nor its domain Third-Party Provider shall have any liability with respect to any action taken, or inaction, in connection with Customer’s terms of use as set forth herein. CSI may provide Customer with notice that CSI intends to take action under these Service Terms but is not required to do so. Where practical, upon receipt of CSI’s notice to suspend or terminate pursuant to a breach this Section, the parties will work in good faith to resolve such breaches.
24.20 Customer acknowledges that CSI shall not be responsible for any failure to deliver the Hosted Website Services resulting from either a) failure on the part of Customer to comply with this Section 24 of the Service Terms; or b) any non-performance or improper performance by Customer, its end users; or c) failure of the Customer website.
24.21 In case of any event (i) not within CSI’s reasonable control, (ii) at a query rate in excess of 350,000 queries per minute or (iii) which causes material interruption of the Hosted Website Services, degrades the performance of the Hosted Website Services, or in any other way materially interferes with the use of the Hosted Website Services by CSI’s other customers or the provision of such service by CSI to its customers (Disrupting Event), CSI may immediately and without prior notice suspend the Hosted Website Services to Customer where CSI has a reasonable belief that the Disrupting Event involves or is directed at Customer. Within 48 hours of any such suspension (or sooner if reasonably practicable), CSI will notify Customer of the suspension and of the Disrupting Event. Customer agrees that, if notified of such a suspension, it will cooperate with CSI and its domain Third-Party Provider in good faith to determine the cause of, and resolve, the Disrupting Event if possible.
24.22 Customer will promptly ensure that it has all hardware and software necessary to display the Hosted Website Service to its end users and to transmit content and e-mail to CSI for the Hosted Website Service.
24.23 Customer is responsible for ensuring that the Hosted Website Service meets current and future regulatory and data privacy requirements, including applicable disclosures and consents associated with the collection, use, tracking, analytics and privacy rights applicable to the Customer and its end users.
24.24 Customer will provide CSI with suitable logos and other content for inclusion on the Hosted Website Service and will complete all design aids required by CSI in a timely manner. Customer’s failure to provide necessary material when required may delay the launch date of or requested changes to the Hosted Website Service. Customer shall provide its disclosures and account fee schedule for inclusion in such disclosures.
24.25 Customer hereby appoints CSI and its designated employees as its authorized agent with express authority to act in any lawful manner for Customer as a Certificate Requester in the completion of Customer’s Application for Extended Validation Certificates for Secure Socket Layer authentication for its websites, to the extent Customer has subscribed to such service. Capitalized terms appearing in this section not contained in these Service Terms shall have the same meaning as those defined in the “Guidelines for Issuance and Management of Extended Validation Certificates” Version 1.0 dated June 7, 2007, prepared by the CA/Browser Forum.
24.26 The Hosted Website Services will be terminated for the Customer on the date on which the term expires or the date on which the Hosted Website Services are terminated in accordance with the Agreement or these Service Terms, as applicable. Customer is solely responsible for (i) removing the data provided by Customer to CSI which contains information that defines how CSI or its domain Third-Party Provider should respond to DNS Queries (Customer Zone), (ii) contacting its registrar-of-record for Customer’s domain name(s) (Registrar(s)) to redirect DNS name server delegation; (iii) any Registrar modification fees incurred for changing DNS name server delegation; and (iv) procuring any new or replacement services upon termination or expiration. By not taking any action with respect to the above before the date on which the Hosted Website Services conclude, Customer hereby acknowledges and agrees that CSI may, in its reasonable discretion and at Customer’s cost and expense, take any number of actions which include, but are not limited to, not resolving DNS Queries to such Customer Zone(s) which will likely result in interruption of its DNS resolution on and after the date on which the Hosted Website Services terminate, as applicable, redirect DNS Queries, respond to such DNS Queries in a manner deemed suitable to CSI.
24.28 In addition to any indemnity obligations contained in the Agreement, Customer shall indemnify, defend and hold harmless CSI and its domain Third-Party Provider and their respective officers, directors, agents, employees, contractors, successors and assigns (Service Provider Parties) from and against any and all third party claims, damages, losses, liabilities, suits, actions, demands, proceedings (whether legal or administrative), judgments, and costs and expenses (including reasonable attorneys’ fees and expenses) incurred by any Service Provider Parties arising out of, or directly or indirectly relating to (a) Customer’s breach or alleged breach of Section 24 of these Service Terms or action taken, or in action, by CSI or its domain Third-Party Provider in connection with these Service Terms; (b) Customer’s breach or alleged breach of its representation and warranty that it is not engaged in any illegal activity and that it will comply with all applicable rules, regulations and laws; (c) claims made by end users or other third parties related to the accessibility of Customer’s website or such site’s compliance with applicable laws, and (d) failure of the Hosted Website Services resulting from either Customer’s and/or its end users misuse and/or failure of Customer’s website(s).
25 Centrix
25.1 Centrix Products means any of Centrix Exact/TMSTM Positive Pay, Centrix DTSTM, and Centrix PIQsTM and related modules thereto provided by Q2 Software , Inc. and its affiliates (Q2).
25.2 Subject to Customer’s compliance with all of the terms and conditions of the Agreement, the CSI Supplemental Agreement, and this Section 25 of the Service Terms, CSI grants Customer a limited, non-exclusive, revocable, non-sublicensable, non-transferable right and license, during the applicable term, to access and use any of the Centrix Products subscribed under the CSI Supplemental Agreement.
25.3 CSI will provide the Centrix Products on the basis of Customer Data or other input provided by Users. CSI and Q2 are not responsible for correcting any errors in the input or the output of the Centrix Products that result from incorrect or fraudulent Customer Data supplied by a User, including an unauthorized or fraudulent User. Customer shall promptly notify CSI in the event it becomes aware of, or reasonably suspects the occurrence of, any incorrect or fraudulent Customer Data submission, unauthorized transactions, unauthorized accounts, or fraud. In the event that a User submits incorrect Customer Data to CSI, Customer acknowledges that neither CSI nor Q2 shall be obligated to correct any Customer Data nor to re-process any Customer Data until the User has re-submitted the Customer Data with necessary corrections. Customer agrees to hold CSI and Q2 harmless from any cost, claim, damage, or liability (including attorneys’ fees) whatsoever arising out of such inaccurate of fraudulent Customer Data, information or instructions, or any inadequacy therein supplied by a User.
25.4 Customer agrees to use the Centrix Product solely for its internal business purposes and shall not: (i) copy, modify, or create derivative works of the Centrix Products; (ii) license, sublicense, sell, resell, market, reproduce, transfer, assign, or distribute the Centrix Products (or any part thereof) in any way; (iii) reverse engineer, decompile, disassemble, or translate the Centrix Products; (iv) attempt to, interfere with, modify or disable any features, functionality, or security controls; (v) defeat, avoid, bypass, remove, deactivate, or otherwise circumvent any protection mechanisms; (vi) use the Centrix Product in any manner that does or could potentially undermine the security of any data or information stored or transmitted using the Centrix Products; or (vi) access the Centrix Products in order to build a competitive product or service.
25.5 Customer shall not modify, translate, or distribute any documentation associated with Centrix Products except as is deemed necessary by Customer and CSI for purposes of supporting or promoting the Centrix Products. Any modifications made to documentation by Customer are at Customer’s sole risk.
25.6 Customer shall not make any representation, warranty, or other legally binding commitments on behalf of CSI or Q2, or any of their respective affiliates or third-party suppliers.
25.7 Customer shall comply with all laws, rules, regulations, and industry requirements applicable to receiving, accessing, and using the Centrix Products.
25.8 Customer shall obtain any necessary consents or provide any necessary notices and disclosures to Users in accordance with applicable laws, rules, regulations, and requirements, including consents with respect to the use of any Customer Data and warrants that it has full authority to possess and share the Customer Data as contemplated herein without violation of any third party’s intellectual property rights.
25.9 Customer shall determine and be responsible for the completeness, authenticity and accuracy of all such information submitted to the Centrix Products and shall update such information promptly, as applicable.
25.10 Users will have no contractual relationship with CSI, Q2, or their suppliers. Customer shall be responsible for all direct communications with Users, including with respect to notifying Users of any privacy policy or user terms and conditions with respect to their use of the Centrix Products.
25.11 Customer may provide written or electronic materials describing, promoting, marketing or otherwise relating to the Centrix Products, only if such materials are approved in advance in writing by Q2. Customer shall not modify or alter in any way any marketing materials provided by Q2, unless approved in advance in writing by Q2.
25.12 Q2 will provide maintenance and technical support directly to Customer, including receiving maintenance and support requests, conducting general troubleshooting, delivering updates as they are released generally to other licensees of the Centrix Products. Support shall be available Monday through Friday 7:00 a.m. to 7:00 p.m. CST and 24 hours per day, 7 days per week, 365 days per year for Severity 1 and Severity 2 Incidents. For Centrix Products, a “Severity 1” incident is when a Centrix Product production system is down; the Centrix Products are unavailable to a substantial amount of Users resulting in total disruption. A “Severity 2” incident is when a major feature or function has failed; operation of the Centrix Products is severely restricted. The Q2 Support Team can be reached online at https://customerportal.q2.com or by phone at 833-444-3469.
25.13 Issues caused or contributed to by any of the following are outside the scope of the Technical Support Service Level and Q2 may elect in its sole discretion whether to provide such additional services at Q2’s hourly rate: (i) software or other systems not originally provided by Q2, (ii) failure by Customer to maintain backups; or (iii) failure by Customer to fulfill Customer responsibilities as set forth in the Agreement between Customer and CSI. The standard Technical Support Service does not include customizations or development of new interfaces or purging of inactive Users. However, at Customer’s request and agreement to pay the applicable fees, Q2 may provide the additional services on a time and materials basis.
25.14 Q2 stores, processes, and maintains Customer confidential information and Customer Data in a co-location facility in the United States and with various cloud providers with whom Q2 has selected United States based regions. Except as set forth herein, Q2 shall not move Customer Data outside the United States designated locations without prior written notice to CSI. Q2 has service control policies in place designed to prevent Customer and its subcontractors with access to Customer Data from storing or downloading Customer Data outside the United States. Customer acknowledges that Q2 employees and subcontractors may access Customer Data from locations outside the United States, provided that such Q2 employees and subcontractors are only permitted access to Customer Data subject to security controls that are no less protective of Customer than the security controls set forth in the Agreement. Notwithstanding the foregoing commitment to store, process, and maintain Customer confidential information and Customer Data as stated above, the following exceptions shall apply:
25.14.1 Q2 and its downstream suppliers may store, process and/or maintain Customer confidential information and Customer Data on servers located outside the United States.
25.14.2 Q2’s cloud services provider, Amazon Web Services, reserves the right, without notice to Q2, to move Customer Data outside of the Q2’s selected United States based region in order to comply with applicable law or a binding order of a governmental body; and
25.14.3 Q2 and its subcontractors that have access to Customer Data may, through the Centrix Products, provide a User who has been properly authenticated by the Centrix Products access to the User’s data from outside the United States, and transmit the User’s data outside the United States, pursuant to the User’s requests through the Centrix Products.
25.15 TO THE MAXIMUM EXTENT PERMITTED BY LAW, CSI AND Q2 EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, AND ANY WARRANTIES THAT MAY ARISE OUT OF COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. NEITHER CSI NOR Q2 REPRESENTS THAT THE CENTRIX PRODUCTS MEET CUSTOMER’S OR A USER’S REQUIREMENTS AND DOES NOT REPRESENT THAT THE OPERATION OF THE CENTRIX PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE.
25.16 IN NO EVENT SHALL CSI OR Q2 HAVE ANY LIABILITY TO CUSTOMER OR ANY USER FOR ANY DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, SPECIAL, INCIDENTIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING DAMAGES FOR LOST PROFITS, REVENUE, BUSINESS, SAVINGS, DATA OR USE, OR THE COST OF SUBSTITUTE PROCUREMENT, HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT CUSTOMER OR A CTXEND USER HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
25.17 Notwithstanding anything to the contrary in the Agreement or the CSI Supplemental Agreement, CSI or Q2 may discontinue the provision of the Centrix Products through CSI upon 30 days prior written notice. Customer may elect to contract with Q2 directly for the continued provision of the Centrix Products or cease use of the Centrix Products.
25.18 Notwithstanding anything to the contrary in the Agreement or the CSI Supplemental Agreement, recurring fee billing for Centrix Products shall commence when: (i) Q2 has installed the Centrix Products; and (ii) Customer has been provided with functioning Access Credentials to access said Centrix Products in a Production environment.
25.19 In the event that undisputed fees are not paid within 15 days after the due date thereof (or alternative timeframe, if mutually agreed by the parties in writing), CSI shall have the right to suspend provision of the Centrix Products until all such undisputed amounts due are paid.
25.20 CSI’s Centrix Third-Party Provider shall be a third-party beneficiary to Section 25 these Service Terms or solely as they may relate to the Centrix Products.
25.21 Nothing in the Agreement or the CSI Supplemental Agreement shall modify, conflict with, abridge or abrogate any of this Section 25 of these Service Terms as it relates to the Centrix Products, and Customer shall not enter into any other agreement, understanding or commitment that modifies, conflicts with, abridges or abrogates any of the terms of this Section 25.
26 DefenseStorm Fraud Detection
26.1 DefenseStorm Fraud Detection Services (DSFD Services) enable Customer to define and view alert triggers, investigate alerts and events, manage watch lists and safe exception lists, collect and export evidence of fraud, and generate reports by leveraging the DefenseStorm, Inc. (DefenseStorm) GRID Active platform.
26.2 Customer acknowledges and agrees that the DSFD Services require and are subject to an active companion subscription to CSI Data Direct Services.
26.3 Customer acknowledges and agrees that the DSFD Services do not include the full suite of services offered by DefenseStorm but are limited to a fraud detection module included within the GRID Active platform as specifically integrated to the CSI Systems. CSI does not resell DefenseStorm services on a standalone basis shall have no contractual or other liability and no operational responsibility for the performance of any DefenseStorm services performed pursuant to a direct customer relationship between Customer and DefenseStorm.
26.4 Notwithstanding anything to the contrary in the Agreement, the initial term of the DSFD Services shall not exceed 5 years nor shall any renewal term exceed 1 year unless the CSI Supplemental Agreement expressly recites the intention to supersede this specific provision.
26.4 Customer will pay fees for the DSFD Services on a monthly basis in advance. Fees for the DSFD Services are subject to modification based upon changes in Customer’s asset size during the term of Customer’s subscription to the DSFD Services, including changes occasioned by mergers, acquisitions, or other business combinations.
26.5 The DSFD Services receive certain elements of Customer Data from Customer Systems related to detection and investigation of cyberfraud-related incidents. Customer Data provided by Customer to the DSFD Services will not include any information which constitutes “non-public personal information” under the Graham-Leach-Bliley Act (15 U.S.C § 6801) and its implementing regulations except as is strictly necessary to enable the provision of the DSFD Services (and in appropriate cases Customer is responsible for ensuring all in scope Customer Data is deidentified or anonymized).
26.6 Customer Data processed by the DSFD Services is generally retained in DefenseStorm systems for a rolling 13-month period. DefenseStorm will permanently destroy all records constituting Customer Data after such information is longer necessary for performance or compliance under the relevant Agreement between Customer and CSI unless otherwise required to be maintained to satisfy applicable laws, statutes, regulations, executive orders, administrative orders, judicial orders, or interpretive guidance which has been, in each case, enacted, promulgated, issued, or published by governmental authorities.
26.7 Customer shall indemnify, defend, and hold CSI and DefenseStorm harmless from and against any and all Losses arising in connection with actions or decisions taken or not taken on the basis of the DSFD Services, including, without limit, claims by customers related to the DSFD Services.
26.8 NOTWITHSTANDING ANYTHING TO THE CONTRARY WITHIN THE AGREEMENT OR THE CSI SUPPLEMENTAL AGREEMENT, CSI’S MAXIMUM AGGREGATE LIABILITY IN CONNECTION WITH THE DSFD SERVICES SHALL BE LIMITED TO THE AMOUNTS PAID BY CUSTOMER FOR THE DSFD SERVICES IN THE 6 MONTHS PRECEDING THE CLAIM UNDER WHICH THE LIABILITY ARISES.
26.9 Customer acknowledges and agrees that nothing in its Agreement with CSI conveys any right or interest in or any permission to use DefenseStorm trademarks, tradenames, trade dress, or other DefenseStorm intellectual property.
26.11 The parties agree that DefenseStorm is the intended direct third-party beneficiary of this Section 26 of these Service Terms.
27 Skip-A-Pay
27.1 Skip-A-Pay Services enable Customer Clients and personnel to defer loan payments and pay associated fees through the Digital Banking Services and are furnished by CSI Third-Party Provider Tyfone, Inc. (Tyfone).
27.2 Skip-A-Pay Services are subject to Customer providing Clients with access to certain digital payment options to pay fees associated with Skip-A-Pay Services including:
27.2.1 Customer shall provide members with the ability to pay the skip fee with a debit or credit card. Customer must establish an account directly with Authorize.net to offer this payment option. Heartland Payment Systems is Tyfone’s preferred reseller for Authorize.net setup and to provide merchant services. If Customer does not utilize Heartland Payment Systems, additional implementation fees will apply.
27.2.2 Skip-A-Pay Services use the PayPal Express SSO interface for processing PayPal payments. Customer must maintain a PayPal Business Account, create an API Signature and create an Application ID.
27.3 Customer may import Client skip history by providing data in the Tyfone-prescribed format.
27.4 Skip-A-Pay Services solutions are currently certified within the following core processing platforms: Corelation KeyStone, Fiserv DNA, JHA Symitar Episys, and Finastra UltraData. The onboarding fees per Customer are based upon the existing certified core processors.
PART II: Client Agreement Terms
Prior to accessing and using the Digital Banking Services, Customer’s Users must register to use the Digital Banking Services and accept end user terms and conditions consistent with and required by applicable law, the Agreement, and as provided in Part I of these Service Terms.
Certain Digital Banking Services require specific Client Agreement terms, which must meet the below minimum requirements or otherwise obtain advance written approval from CSI or its respective Third-Party Provider.
Customer shall enforce the terms of Customer’s Client Agreements against Users and shall notify CSI of any known breach of such terms. Customer will defend, indemnify and hold CSI and the relevant Third-Party Provider harmless against all claims and damages to CSI or the Third-Party Provider caused by Customer’s failure to include any required contractual terms in Customer’s Client Agreement.
These sample forms are for Customer’s reference only and should be revised or amended by Customer to fit Customer’s specific business needs and legal and regulatory requirements. Customer understands and agrees that CSI makes no representation, warranty, or guarantee of any kind, express or implied, including fitness for a particular purpose, with respect to any term or condition this Part II of the Service Terms and CSI will have no liability for Customer’s use of any such term or condition, with or without modification.
Mandatory Provisions – Regardless of whether Customer chooses to utilize a sample form set forth in this Part II of the Service Terms, for legal compliance, Customer will incorporate in its Client Agreements terms and conditions that include the substance of the relevant provisions of Part I and Part II of these Service Terms, as applicable.
1. My Spending, CSI IQ, PULSE, IAV & ID (Instant Account Verification) and MX Wealth Management
“you” “your” means the User
“us” “we” “our” or “Financial institution” refers to Customer.
1.1. We reserve the right to immediately suspend or terminate your use of the [Digital Banking Services] without notice if we believe that (i) you are using the [Digital Banking Services] for any unlawful purpose, or (ii) you have breached these [Terms of Use].
1.2. Aggregated Data. Anonymous, aggregate information, comprised of financial account balances, other financial account data, or other available data that is collected through your use of the Digital Banking Services, may be used by us and our service providers to conduct certain analytical research, performance tracking and benchmarking. Our service providers may publish summary or aggregate results relating to metrics comprised of research data, from time to time, and distribute or license such anonymous, aggregated research data for any purpose, including but not limited to, helping to improve products and services and assisting in troubleshooting and technical support. Your personally identifiable information will not be shared with or sold to third parties.
1.3. Indemnification. You agree to defend, indemnify and hold harmless Financial institution, its third party service providers and their officers, directors, employees and agents from and against any and all third party claims, liabilities, damages, losses or expenses, including settlement amounts and reasonable attorneys’ fees and costs, arising out of or in any way connected with your access to or use of the Digital Banking Services, your violation of these terms or your infringement, or infringement by any other user of your account, of any intellectual property or other right of anyone.
1.4. DISCLAIMER OF WARRANTIES. YOU AGREE YOUR USE OF THE DIGITAL BANKING SERVICES AND ALL INFORMATION AND CONTENT (INCLUDING THAT OF THIRD PARTIES) IS AT YOUR RISK AND IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WE, AND OUR SERVICE PROVIDERS, DISCLAIM ALL WARRANTIES OF ANY KIND AS TO THE USE OF THE DIGITAL BANKING SERVICES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. WE, AND OUR SERVICE PROVIDERS, MAKE NO WARRANTY THAT THE DIGITAL BANKING SERVICES (i) WILL MEET YOUR REQUIREMENTS, (ii) WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE DIGITAL BANKING SERVICES WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL OBTAINED BY YOU THROUGH THE DIGITAL BANKING SERVICES WILL MEET YOUR EXPECTATIONS, OR (v) ANY ERRORS IN THE DIGITAL BANKING SERVICES OR TECHNOLOGY WILL BE CORRECTED. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE DIGITAL BANKING SERVICES IS DONE AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF SUCH MATERIAL. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM FINANCIAL INSTITUTION OR ITS SERVICE PROVIDERS THROUGH OR FROM THE DIGITAL BANKING SERVICES WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS.
1.5. LIMITATION OF LIABILITY. YOU AGREE THAT FINANCIAL INSTITUTION AND ITS THIRD PARTY SERVICE PROVIDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER LOSSES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, RESULTING FROM (i) THE USE OR THE INABILITY TO USE THE DIGITAL BANKING SERVICES AT OUR WEBSITE/MOBILE APPLICATION OR OF ANY THIRD PARTY ACCOUNT PROVIDER’S WEBSITE/MOBILE APPLICATION; (ii) THE COST OF GETTING SUBSTITUTE GOODS AND SERVICES, (iii) ANY PRODUCTS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO, THROUGH OR FROM THE DIGITAL BANKING SERVICES, (iv) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSION OR DATA, (v) STATEMENTS OR CONDUCT OF ANYONE ON THE DIGITAL BANKING SERVICES, (vi) THE USE, INABILITY TO USE, UNAUTHORIZED USE, PERFORMANCE OR NON-PERFORMANCE OF ANY THIRD PARTY ACCOUNT PROVIDER SITE, EVEN IF THE PROVIDER HAS BEEN ADVISED PREVIOUSLY OF THE POSSIBILITY OF SUCH DAMAGES, OR (vii) ANY OTHER MATTER RELATING TO THE DIGITAL BANKING SERVICES.
2. Mobile Banking
THESE ILLUSTRATIVE MOBILE BANKING USER TERMS SET FORTH MANDATORY CONCEPTS FOR INCLUSION IN CUSTOMER-GENERATED AGREEMENTS BETWEEN CUSTOMER AND ITS USERS. CUSTOMER ACKNOWLEDGES THAT CSI DOES NOT PROVIDE LEGAL OR COMPLIANCE ADVICE AND HAS NOT RELIED AND WILL NOT RELY UPON CSI TO PROVIDE LEGAL OR COMPLIANCE ADVICE. CUSTOMER IS SOLELY AND AT ALL TIMES REPONSIBLE FOR ITS RELATIONSHIP WITH USERS AS WELL AS THE CONTENT AND LEGAL AND REGULATORY COMPLIANCE OF ITS AGREEMENTS WITH ITS USERS. CUSTOMER ACKNOWLEDGES THAT IT MUST AND WILL DEVELOP AND FURNISH SUITABLE MOBILE BANKING USER TERMS USING ITS OWN INDEPENDENT JUDGMENT. FURTHER, CUSTOMER SHALL BE SOLELY RESPONSIBLE FOR ITS USERS’ COMPLIANCE WITH SUCH TERMS AND CONDITIONS. IN THE EVENT THAT CUSTOMER USES ANY OF THE LANGUAGE SET OUT HEREIN (VERBATIM OR OTHERWISE), CUSTOMER WARRANTS AND AGREES THAT IT HAS ADOPTED SUCH LANGUAGE BASED ON ITS INDEPENDENT LEGAL JUDGMENT AND ASSUMES SOLE LIABILITY AND RESPONSIBILITY IN CONNECTION THEREWITH. CUSTOMER MAY OMIT FROM ITS USER TERMS AND CONDITIONS ANY OF THE CONCEPTS PRESCRIBED IN THESE ILLUSTRATIVE MOBILE BANKING USER TERMS, PROVIDED THAT, SUCH CONCEPTS ARE INCONSISTENT WITH CUSTOMER’S LEGAL AND REGULATORY OBLIGATIONS. CUSTOMER SHALL PROMPTLY NOTIFY CSI IN WRITING CONCERNING THE BASIS FOR SUCH OMISSION. IN ANY EVENT, CUSTOMER SHALL NOTIFY CSI PRIOR TO PUBLISHING OR USING ANY MOBILE BANKING USER TERMS AND CONDITIONS IN PRODUCTION. CUSTOMER IS RESPONSIBLE FOR MAKING UPDATES TO THE CONTENT OF ITS USER TERMS AND CONDITIONS IN CONTINUED COMPLIANCE WITH APPLICABLE LAWS, RULES AND REGULATIONS. ANY POST-PRODUCTION CHANGES TO SUCH TERMS AND CONDITIONS SHALL BE SUBJECT TO ADDITIONAL FEES AT CSI’S THEN-CURRENT PROFESSIONAL FEES RATES.
2.1. Eligible Enrollees. The mobile banking services (the “Services”) are only available to you as an enrolled and approved digital banking customer of [Customer Name]. By accepting and using the Services, you agree to comply with these Mobile Banking User Terms as well as all other user and account agreements between you and [Customer Name] applicable to your use of the Services.
2.2 General. Access to [Customer Name’s] digital banking services via your mobile device is powered by the mobile technology solution owned by CSI, Inc. and its third-party providers (collectively the “Provider”). The Provider is not the provider of any of the financial services available to you through the Software (defined below), and Provider is not responsible for any of the materials, information, products or services made available to you through the Software.
2.3. Ownership. You acknowledge and agree that the Provider is the owner of all right, title and interest in and to the mobile technology solution made available to you hereunder, including but not limited to any mobile applications or other downloaded software and the computer code, scripts, interfaces and other programs contained therein, as well as any accompanying user documentation, and all subsequent copies, updates or versions thereof, regardless of the media or form in which they may exist (all of which is collectively referred to herein as the “Software”). You may not use the Software unless you have first accepted the Mobile Banking User Terms.
2.4. License. During the term of your account agreement with [Customer Name] and subject to the terms and conditions of these Mobile Banking User Terms, you are hereby granted a personal, nonexclusive, nontransferable license to use the Software (in machine readable object code form only) in accordance with these Mobile Banking User Terms and for the sole purpose of enabling you to use and enjoy the benefits of your financial institution’s services made available via the Software. This is not a sale of the Software. All rights not expressly granted to you by these Mobile Banking User Terms are hereby reserved by the Provider. Nothing in this license will entitle you to receive hard-copy documentation, technical support, telephone or web assistance, or updates to the Software. This license may be terminated at any time, for any reason or no reason, by you, the Provider or [Customer Name]. Upon termination, you agree to cease using the Software and immediately destroy all copies of any Software which had been downloaded to your mobile device or otherwise in your possession or control.
2.5. Restrictions. You shall not: (i) modify, revise or create any derivative works of the Software; (ii) decompile, reverse engineer or otherwise attempt to derive the source code for the Software or architecture of the Services; (iii) redistribute, sell, rent, lease, sublicense, or otherwise transfer rights to the Software; (iv) remove or alter any proprietary notices, legends, symbols or labels in the Software, including, but not limited to, any trademark, logo or copyright of Provider or [Customer Name]; or (v) use the Services or Software for any improper or illegal purpose.
[Customer Name] reserves the right, in its reasonable discretion, to terminate or suspend your access to the Services or Software, with or without advance notice, if it has reason to believe, in its sole and reasonable discretion, that you are in breach of applicable law or these Mobile Banking User Terms or your use of the Services and/or Software jeopardizes the integrity or security of the Services, the Software or any supporting security network infrastructure.
2.6. Updates and Upgrades. These Mobile Banking User Terms govern any updates that replace and/or supplement the original Software, unless such update is accompanied by a separate license in which case the terms of that license will govern. Provider may, in its sole discretion, make updates, upgrades or other changes to the Software. Upon request, you agree to upgrade or update your mobile device to the supported release of the Software to maintain compatibility. Provider will have no liability arising out of or relating to your use of an unsupported release. Certain Software updates or upgrades may be automatically downloaded.
2.7. Mobile Check Deposit. To the extent the Services include functionality enabling you to present an image of a legal representation, as defined by federal law, of a check to be deposited into your [Customer Name] checking or savings account electronically (“MCD Services”), the following supplemental terms and conditions shall also apply:
a. You must only use current Software made available by [Customer Name] through designated channels.
b. You are responsible for all the data submitted through the MCD Services which must accurately represent the information on the original check(s).
c. You agree that the electronic image of the item submitted to the [Customer Name], as defined by federal law, is a legal representation of the check for all purposes, including return check processing.
d. You may experience technical or other difficulties when using the MCD Services and neither [Customer Name] nor Provider assume any liability for any technical or other difficulties you experience.
e. [Customer Name] or Provider reserves the right to change, suspend or revoke services, immediately and at any time without prior notice to you. In the event this Service is not available to you, you acknowledge that you can attempt to deposit my check at a branch office location, through a participating ATM, or by mail.
f. Only [Customer Name] checking and savings accounts are eligible for the MCD Services.
g. [Customer Name] may charge a usage fee for MCD Services and reserve the right to start charging for MCD Services at any time.
h. If an item you transmit for deposit is dishonored, rejected or otherwise returned unpaid, you agree that [Customer Name] may charge back the amount of the return to the account the check was originally deposited to and assess a fee in the amount shown on [Customer Name’s] current Schedule of Fees and Charges for a returned check. If there are not sufficient funds in my account to cover the amount of the returned check, the account will be overdrawn, and you will be responsible for payment. [Customer Name] may debit any account maintained by you in order to obtain payment of my obligations under these Mobile Banking User Terms.
i. You acknowledge that wireless providers may assess or impose fees, limitations, or restrictions. You agree that you are solely responsible for all such fees, limitations, and restrictions, and that [Customer Name] may contact you via your wireless device for any purpose concerning my business relationship with the [Customer Name], including but not limited to account servicing and collection purposes.
j. You agree to scan and deposit only “checks” as that term is defined in Federal Reserve Regulation CC, Availability of Funds and Collection of Checks.
k. You agree that you will not use the MCD Service to scan and deposit any ineligible items.
l. You agree to endorse all items with your signature and account number and print “For Mobile Deposit Only” on all items. [Customer Name] reserves the right to reject all items that are not endorsed as specified.
m. When using the MCD Service to deposit funds, such deposits are limited to the [Customer Name] defined deposit segments and associated limits.
n. [Customer Name] reserves the right to reject any item transmitted through the MCD Service, at its discretion. [Customer Name] is not liable for items you do not receive or for images that are not transmitted completely. An image is considered received when you receive a confirmation screen after submitting a check for deposit. You acknowledge and agree that such notification does not mean that the transmission was without error. Once an item is reviewed and approved, your account will be credited at the end of the business day (excluding Federal Reserve holidays).
o. You agree to retain each item submitted for deposit through the MCD Services for 60 days after your funds have been posted to your account. After 60 days, you agree to dispose of the item(s) in a way that prevents representing for payment (i.e. shredding). Upon receipt of these funds, you agree to mark the item prominently as “Void”, and you agree to store each retained item in a secured locked container until such proper disposal is performed. You will promptly provide any retained item to [Customer Name] as requested to aid in the clearing and collection process or to resolve claims by third parties with respect to any item.
2.8. Text Messages and Notifications. You and your financial institution are solely responsible for the content transmitted through text messages sent between you and your Financial institution. You must provide source indication in any text messages you send (e.g. mobile telephone number, “From” field in text message, etc.) You hereby consent to receipt of text messages and other notifications (including ‘in-app’ or ‘push’ notifications from [Customer Name] or Provider in connection with the Services or your business relationship with [Customer Name], provided that you may opt out of text messages by replying STOP or as otherwise advised. Text messaging fees may apply and be assessed by your wireless carrier. You are responsible for any such text message fees.
2.9. Consent to Use of Data. During and after the term of your account agreement with [Customer Name] you agree that the Provider may collect, store and use technical data and related information, including but not limited to technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services (if any) related to the Software. The Provider may use this information to improve its products, for diagnostic purposes or to provide other services or technologies; provided that Provider may not share information or data in a form that personally identifies you except as necessary to provide the Services and related services to you or [Customer Name]. Provider may combine aggregated data with the data of other customers or other publicly available information.
2.10. Legal Restrictions. You may not use the Software except as authorized by United States law and the laws of the jurisdiction in which the Software was obtained. In particular, but without limitation, the Software may not be used or transferred (a) in or into any U.S. embargoed countries or (b) by or to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. By using the Software, you represent and warrant that you are not located in any such country or on any such list. You also agree that you will not use the Software for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons.
2.11. U.S. Government Restricted Rights. The Software is commercial computer software subject to RESTRICTED RIGHTS. In accordance with 48 CFR 12.212 (Computer software) or DFARS 227.7202 (Commercial computer software and commercial computer software documentation), as applicable, the use, duplication, and disclosure of the Software by the United States of America, its agencies or instrumentalities is subject to the restrictions set forth in these Mobile Banking User Terms.
2.12. Disclaimer of Warranty. THE SOFTWARE IS PROVIDED ON AN ‘AS IS’ AND ‘AS AVAILABLE’ BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. NO WARRANTY IS PROVIDED THAT THE SOFTWARE WILL BE FREE FROM DEFECTS OR VIRUSES OR THAT OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED. YOUR USE OF THE SOFTWARE AND ANY MATERIAL OR SERVICES OBTAINED OR ACCESSED VIA THE SOFTWARE IS AT YOUR OWN DISCRETION AND RISK, AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE RESULTING FROM THEIR USE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
2.13. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL PROVIDER OR ITS AFFILIATES BE LIABLE FOR ANY DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY THEREOF, AND REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH ANY CLAIM IS BASED. IN ANY CASE, THE PROVIDER’S LIABILITY ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE SHALL NOT EXCEED IN THE AGGREGATE THE SUM OF THE FEES PAID BY YOU FOR THIS LICENSE. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR CERTAIN TYPES OF DAMAGES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. IN NO EVENT SHALL PROVIDER HAVE ANY LIABILITY TO YOU OR [CUSTOMER NAME] FOR SERVICE UNAVAILABILITY OR FOR THE LOSS OF DATA OR FEES IN CONNECTION WITH THE FRAUDULENT USE OF THE SERVICES OR SOFTWARE.
2.14. Miscellaneous. These Mobile Banking User Terms constitute the entire agreement between you and the [Customer Name] concerning the subject matter hereof. These Mobile Banking User Terms will be governed by and construed in accordance with the laws of the state of [Customer Jurisdiction], excluding that body of laws pertaining to conflict of laws. If any provision of these Mobile Banking User Terms is determined by a court of law to be illegal or unenforceable, such provision will be enforced to the maximum extent possible and the other provisions will remain effective and enforceable. All disputes relating to these Mobile Banking User Terms are subject to the exclusive jurisdiction of the courts of [Customer Jurisdiction] and you expressly consent to jurisdiction and venue thereof and therein. These Mobile Banking User Terms and all related documentation is and will be in the English language. The application of the United Nations Convention on Contracts for the International Sale of Goods is hereby expressly waived and excluded.
3. Digital Account Opening
3.1 Privacy Policy. Customer must have and abide by a written privacy policy and disclose to Applicant the data that will be collected from such Applicant and how Customer will use, protect, and disclose the Mobile Applicant Data. Customer shall provide a link to the Customer’s privacy policy, a URL containing the address of the privacy policy or a copy of the privacy policy at the point where the Subscriber’s consent is collected. Customer’s privacy policy must always be readily available for an Applicant’s access.
3.2 Certification. Customer will cooperate with reasonable requests by CSI and/or its Third-Party Providers related to the provision of Customer’s privacy policy, data flows, a sample of the notice, and consent language as applicable and as required to preserve CSI certification to resell and provide the DAO Services. CSI or its Third-Party Provider may terminate access to the Mobile DAO Services at any time if Customer is no longer certified to use the Mobile Services.
3.3 Consents. Customer and CSI will cooperate in good faith to ensure that all necessary consents for the use of or access to Mobile Applicant Data are included in the DAO Services workflow. Customer acknowledges that such workflows must include Applicant consent notices or agreements which are substantially consistent with the following: “you allow us and our service providers to access information on file with your mobile operator, specifically, name, address and email, to auto populate this form. See our Privacy Policy (hyperlink required) for how we treat your data.” Customer acknowledges that the CSI mobile app must prominently display such consent language on-screen to the Applicant who must accept consent language by clicking on an “Accept” (or confirmation) button separate from Customer’s general consumer terms and conditions and that this consent will be for one-time use valid solely for the life of the interaction.
3.4 The Client Agreement for mobile use must also include consent language which is substantially consistent with the following: “You authorize your wireless operator to disclose your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber details, if available, to [Customer name] and its service providers for the duration of the business relationship, solely for identity verification and fraud avoidance. See our Privacy Policy (hyperlink required) for how we treat your data.”
3.5 Customer may only store the following response data received from or made available by CSI or its Third-Party Providers: (a) the transaction ID; and (b) name, address, email address, mobile number (as a hashed value).
3.6 CSI reserves the right to change the consent language and consent methods at any time after notification from Mobile Network Operators or its Third-Party Providers that changes are required. CSI will provide no less than ninety (90) days’ notice to Customer of any such change, but Customer must immediately begin to use the new prescribed consent language or consent method in order to receive the impacted Mobile Service.
4. Out-of-Band Security Authentication
4.1 The Client Agreement for Out-of-Band Tokens will address the following minimum requirements:
4.1.1 Define who are eligible enrollees for using the Out-of-Band Authentication Service (the “Service”). (Eligibility should be limited to customers who have executed Customer’s Internet Banking and Bill Payment Agreement and agreed to a Client Agreement consistent with these Requirements for User Terms and Conditions.)
4.1.2 Obligate the User to use the Service and any related service subject to, and in compliance with, the Client Agreement and the Third-Party Provider’s Policy (available at www.verisign.com/repository) and all applicable laws and regulations.
4.1.3 Obligate the User to acknowledge and agree that; (i) Service is intended to assist with authentication of the User and increase the level of security of User’s web transactions, and may be used solely for this purpose; (ii) the Service is not fail proof nor can it be used as a substitute official proof of User’s identity; (iii) there are inherent security risks with use of the Internet; and, (iv) User is solely responsible for the degree to which rely on the Service.
4.1.4 Require the User to provide accurate and complete information as reasonably requested by Customer or the Third-Party Provider.
4.1.5 Require the User to maintain secure possession of information related to the Service or any tokens and promptly notify the Customer if User loses possession of any token or compromises any information related to the Service (for example, loss of a mobile phone containing a credential or loss of a token or hardware device that stores a credential).
4.1.6 Prohibit the User from transferring the Service to any other party or permitting use a credential or token by any other party.
4.1.7 Permit CSI and its Third-Party Provider to revoke any User’s credential or token upon breach of the Client Agreement, the Third-Party Provider’s Policy or if a Client compromises the security or integrity of the Service.
4.1.8 Customer will disclaim, to the extent permitted by applicable law: (a) all warranties, indemnification and representations relating to the Service and any related services; and, (b) Customer’s, CSI’s and the Third-Party Provider’s liability for any damages, whether direct, indirect, incidental or consequential, arising from use of the Service or any related services. User’s sole and exclusive remedy for any malfunction, deficiency or other dissatisfaction related to the service or any related services is a claim for a replacement credential or token.
4.2 The Customer’s User for Out-of-Band Tokens must accept the following minimum terms:
4.2.1 By checking here, I am choosing to receive voice messages for Security Code delivery to my [%PHONE_TYPE% %PHONE_NUMBER%] and I understand that incoming call minutes and rates may apply.
4.2.2 By enrolling for voice messages, I certify that I am the account holder or have the account holder’s permission to do so. Clicking “Submit” will send a voice message with a Security Code to the phone number indicated above.
4.2.3 By enrolling, I acknowledge and agree that:
(i) This Service is intended to assist with authentication of myself as a User and increase the level of security of my Online Banking transactions and may be used solely for this purpose.
(ii) This Service is not fail proof nor can it be used as a substitute official proof of my Online Banking User identity.
(iii) There are inherent security risks with use of the Internet.
(iv) I, the Online Banking User, am solely responsible for the degree to which rely on the Service.
(v) I, the Online Banking User, will provide accurate and complete information as reasonably requested by my financial institution or the Third-Party Provider.
(vi) I, the Online Banking User, am required to maintain secure possession of information related to the Service or any devices and promptly notify the Customer – by contacting them or disabling the device from the Online Banking system – if I lose possession of any registered device or compromise any information related to the Service (for example, loss of a mobile phone used as a credential).
(vii) I, the Online Banking User, am prohibited from transferring the Service to any other party or permitting use of my credential by any other party.
(viii) I, the Online Banking User, permit my financial institution’s vendor(s) to revoke any credential upon breach of this User Agreement, the Third-Party Provider’s Policy or if I, the Online Banking User, compromise the security or integrity of the Service.
4.2.4. I understand and acknowledge that my financial institution disclaims, to the extent permitted by applicable law: (a) all warranties, indemnification and representations relating to the Service and any related services; and, (b) liability for any damages, whether direct, indirect, incidental or consequential, arising from use of the Service or any related services for the Customer and any of its providers.
4.2.5 I understand and acknowledge that my sole and exclusive remedy for any malfunction, deficiency or other dissatisfaction related to the service or any related services is to request the service be disabled if allowed or obtain a new functioning device (mobile phone or landline phone) at my own expense.
5. Payrailz Bill Payment and P2P Services
5.1 Customer shall require that all PR Users enter into an End User License Agreement that includes, at a minimum, contractual provisions that:
5.1.1 Limit the PR User’s right to use the Payrailz Services only for PR Users’ own use and not for further resale, relicense or other use by third parties.
5.1.2 Prohibit PR Users from copying, reproducing, modifying, altering, bridging, enhancing, customizing or making derivative works of or improvements or enhancements to the Payrailz Services.
5.1.3 Prohibit PR Users from impairing or altering the functionality of the Payrailz Services.
5.1.4 Prohibit causing or permitting the reverse engineering, disassembly, translation, adaptation, or de-compilation of the Payrailz Services, or any attempts to derive source code or algorithms of the Payrailz Services and prohibits using the results of such processes.
5.1.5 Require PR Users to be bound by confidentiality obligations with respect to any information furnished or disclosed by Customer to PR Users that are at least as protective as those undertaken by Customer in its CSI Agreement.
5.1.6 Prohibit assignment and sublicensing of the license to use the Payrailz Services.
5.1.7 Prohibit any right, title and interest (including all intellectual property rights) in or to the Payrailz Services from passing to any PR Users.
5.1.8 Require that individual PR Users will use the Payrailz Services solely for personal, family or household purposes and not for any business or commercial purpose and require that businesses PR Users may only use the Payrailz Services solely for business or commercial purposes and not for any personal, family or household purpose.
5.2 PR Users must agree that Customer and its Third-Party Providers may obtain information regarding their Payee Accounts to facilitate proper handling and crediting of their payments.
5.3 In connection with the electronic bill services (the “eBill Service”), require PR User(s) to:
(a) agree to provide true, accurate, current and complete information about PR User and PR User accounts maintained at other web sites including without limitation access number(s), password(s), security question(s) and answer(s), account number(s), login information, and any other security or access information, used by PR User, or anyone PR User authorizes on his or her behalf, to access the eBill Service and PR User’s provider accounts (collectively, “Licensee Access Information”), and agree to not misrepresent PR User’s identity or PR User’s account information in connection with PR User’s use of the eBill Service;
(b) agree to keep the Licensee Access Information up to date and accurate. PR User hereby grants to Customer and its third party vendors permission to use Licensee Access Information to enable the provision of the eBill Service to PR User, including updating and maintaining information, files or data that PR User stores or uses in, with, or in conjunction with the eBill Service (collectively, “Account Data”), addressing errors or service interruptions, and to enhance the types of data and services that may be provided in the future.
(c) acknowledge and agree that (i) the content of PR User’s electronic bill (the “Electronic Bill”) may not contain all of PR User’s bill details, (ii) that the eBill Service communicates information as provided by PR User’s third party biller, which may not be up to date, and (iii) the eBill Service is not able to retrieve all Electronic Bills.
(d) the eBill Service is offered for PR User’s convenience only and is provided “as is” and “as available.” PR User will be solely responsible for contacting PR User’s third-party biller directly if PR User do not receive an Electronic Bill through the eBill Service.
5.4 Customer through its third party Payrailz provider uses Plaid Inc. (“Plaid”) to gather your data from financial institutions. By using this service, you grant Customer and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy. [Plaid Privacy Policy must link to https://plaid.com/legal].