Contact

Zumigo DeRiskify

Terms of Service

TERMS OF SERVICE

ZUMIGO DERISKIFY FRAUD DETECTION SERVICE

Authority. By accepting these Terms of Service, the undersigned represents and warrants to Zumigo that:  (a) it has the full corporate or other power and authority to enter into these Terms of Service and to carry out the provisions hereof; (b) these Terms of Service is a legal and valid obligation, binding upon you and enforceable in accordance with its terms; and (c) the execution, delivery and performance of these Terms of Service does not conflict with any agreement, instrument or understanding, oral or written, to which you may be a party or by which you may be bound, nor violate any law or regulation of any court, governmental body or administrative or other agency having jurisdiction over you.  These Terms of Service include the additional terms set forth on Exhibit A and Attachment 1 to Exhibit A attached hereto which relate solely to the verification of your consumer’s credit card.  You covenant to retain, for at least one (1) year following the latest access to mobile identify information, records sufficient to demonstrate this consent.

Restrictions. You will not and will not permit any third party to:  (a) distribute, disclose or allow use of the deRiskify Fraud Detection Service in any format, through any timesharing service, service bureau, network or by any other means, to or by any third party; (b) decompile, disassemble, or otherwise reverse-engineer or attempt to reconstruct or discover any source code or underlying ideas or algorithms of the Service by any means whatsoever; (c) modify or create derivative works based on the Service, or alter the Service in any manner whatsoever; or (d) rent, lease, sell or otherwise transfer (except as provided herein), or distribute copies of the Service to any person or entity.  You agree to cooperate with Zumigo, and will render all reasonable assistance requested by Zumigo, to assist in preventing and identifying any use of or access to the Service, by you or otherwise, in violation of the terms and restrictions of these Terms of Service. 

Consent Disclosure to Customers. You are required to present the consent disclosure language as required under various national laws at the appropriate place. All mobile identity verification services using phone numbers require the following language to be present in a Terms of Service page hosted on your page with the following content:

You authorize your wireless carrier to use or disclose information about your account and your wireless device, if available, to us or our service provider for the duration of your business relationship, solely to help them identify you or your wireless device and to prevent fraud. See our Privacy Policy for how to see how we treat your data.

Indemnification. You will indemnify, defend, and hold Zumigo, its shareholders, officers, directors, administrators, managers, employees, agents, successors and assigns harmless from and against any and all damages (whether ordinary, direct, indirect, incidental, special, consequential, or exemplary), judgments, liabilities, fines, penalties, losses, claims, actions, demands, suits, costs, and expenses including, without limitation, reasonable attorneys’ fees, that arise out of or relate to:  (i) your negligence, willful misconduct, or fraud in connection with these Terms of Service; (ii) any use, distribution or sublicense of the Service by you in violation of these Terms of Service; (iii) any breach of your representations, warranties, covenants, or obligations set forth in these Terms of Service; and (iv) any payments, compensation, damages, or other amounts, however characterized or determined, to any third party, which Zumigo has reimbursed or may be obligated to pay as a result of any of the foregoing.

WARRANTY DISCLAIMERS

THE FRAUD DETECTION SERVICE IS PROVIDED “AS IS,” WITH ALL FAULTS, AND WITHOUT WARRANTIES OF ANY KIND. ZUMIGO EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS AND IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, QUIET ENJOYMENT, QUALITY OF INFORMATION, TITLE/NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. ZUMIGO DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE SERVICE WILL BE CORRECTED. ZUMIGO IS NOT RESPONSIBLE FOR ANY PROBLEMS OR TECHNICAL MALFUNCTION OF ANY TELEPHONE NETWORK OR LINES, COMPUTER ONLINE SYSTEMS, SERVERS OR PROVIDERS, COMPUTER EQUIPMENT, OR SOFTWARE ON ACCOUNT OF TECHNICAL PROBLEMS OR TRAFFIC CONGESTION ON THE INTERNET OR ANY MOBILE NETWORK OR COMBINATION THEREOF.  ZUMIGO IS NOT RESPONSIBLE FOR ANY INJURY OR DAMAGE TO ANY COMPUTER EQUIPMENT (INCLUDING ANY MOBILE DEVICE) BELONGING TO YOU OR ANY OTHER PERSON RELATED TO OR RESULTING FROM USE OF THE SERVICE.  NO ORAL OR WRITTEN INFORMATION, MARKETING OR PROMOTIONAL MATERIALS, OR ADVICE GIVEN BY ZUMIGO OR ZUMIGO’S AUTHORIZED REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THE EXPRESS WARRANTIES PROVIDED HEREIN. YOU EXPRESSLY AGREE AND ACKNOWLEDGE THAT USE OF THE SERVICE IS AT YOUR SOLE RISK.

LIMITATION OF LIABILITY

IN NO EVENT SHALL ZUMIGO OR ITS LICENSORS, BE LIABLE TO YOU, OR YOUR AUTHORIZED USERS, OR ANY THIRD PARTY FOR ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF DATA) ARISING OUT OF OR CONNECTED IN ANY WAY WITH THE SERVICE, OR THESE TERMS OF SERVICE, EVEN IF ZUMIGO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE TOTAL LIABILITY OF ZUMIGO TO YOU FOR ALL DAMAGES, LOSSES AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE) SHALL NOT EXCEED THE TOTAL FEES RECEIVED BY ZUMIGO FROM YOUR USE OF THE SERVICE DURING THE ONE (1) MONTH IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY. YOU AGREE THAT ANY CAUSE OF ACTION ARISING OUT OF OR RELATED TO THE SERVICE MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES, OR THE CAUSE OF ACTION IS PERMANENTLY BARRED. BECAUSE SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, ALL OR A PORTION OF THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

Assignment. You may not assign these Terms of Service, or any rights, benefits or obligations hereunder, by operation of law or otherwise, without the express written permission of Zumigo. Any attempted assignment that does not comply with these Terms of Service shall be null and void. Zumigo may assign these Terms of Service, in whole or in part, to any third-party in its sole discretion.

Governing Law. The validity, construction and performance of these Terms of Service and the legal relations among the parties to these Terms of Service shall be governed by and construed in accordance with the laws of the State of California, excluding that body of law applicable to choice of law.

Dispute Resolution.  A printed version of these Terms of Service and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to these Terms of Service to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form. You and Zumigo agree that any cause of action arising out of or related to the Service must commence within one (1) year after the cause of action arose; otherwise, such cause of action is permanently barred.

Any dispute arising from or relating to the subject matter of these Terms of Service shall be finally settled by arbitration in San Francisco, California, using the English language in accordance with the Arbitration Rules and Procedures of JAMS then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Arbitration Rules and Procedures of JAMS. The prevailing party in the arbitration shall be entitled to receive reimbursement of its reasonable expenses (including reasonable attorneys’ fees, expert witness fees and all other expenses) incurred in connection therewith. Judgment upon the award so rendered may be entered in a court having jurisdiction or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator. For all purposes of these Terms of Service, the parties consent to exclusive jurisdiction and venue in the United States Federal Courts located in the Northern District of California. Use of the Service is not authorized in any jurisdiction that does not give effect to all provisions of these Terms of Service, including without limitation, this section.

We each agree that we shall bring any dispute against the other in our respective individual capacities and not as a plaintiff or class member in any purported class, representative proceeding or as an association. In addition, we each agree that disputes shall be arbitrated only on an individual basis and not in a class, consolidated or representative action. The arbitrator does not have the power to vary these provisions.

If any part of this provision is ruled to be unenforceable, then the balance of this provision shall remain in full effect and construed and enforced as if the portion ruled unenforceable were not contained herein.

EXHIBIT A

ADDITIONAL TERMS

The Services (as defined below) will be received by Merchant through Zumigo, Inc. subject to the Agreement and the terms described in this Exhibit A.

I. GENERAL AGREEMENT

  1. Scope of Agreement. This Exhibit A consists of the general terms set forth in the body of this Exhibit A, and Attachment 1 to Exhibit A.
  2. Use. Zumigo Services will be requested only for Merchant’s exclusive use.
  3. License of Information. Zumigo grants a non-exclusive license to Merchant to use the Zumigo Information (as defined below) only as described in this Exhibit A. Merchant may reproduce or store the Zumigo Information solely for its own uses in accordance with this Exhibit A, and will hold all Zumigo Information licensed under this Exhibit A in strict confidence and will not reproduce, reveal or make it accessible in whole or in part, in any manner whatsoever, to each other or any others unless required by law, or unless Merchant first obtains Zumigo’s written consent.
  4. Compliance with Laws. Merchant certifies that it will order the Zumigo Services from Zumigo only when Merchant is duly authorized by the Consumer (as defined in Attachment 1 to Exhibit A) in accordance with applicable law and Merchant intends to use the Zumigo Information in accordance with applicable consumer protection, marketing, data security, export and privacy laws including, as applicable and without limitation, Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. Sec. 6801 et seq. (“GLB”), the Telephone Consumer Protection Act, 47 U.S.C. 227, et. seq., as amended (the “TCPA”), all state law counterparts of any applicable Federal law and all applicable regulations promulgated under any of them, including, without limitation, any provisions requiring notification or disclosure to the Consumer. Further Merchant shall not engage in any unfair, deceptive or abusive act or practice with regard to any Consumer. In no event will Merchant disclose the Zumigo Information to any third party other than the subject Consumer. Merchant acknowledges and agrees that the description of the Zumigo Service in Attachment 1 to Exhibit A is intended solely to be descriptive and is not to be, and shall not be, relied upon by Merchant to determine its obligations under any applicable law.
  5. Audits. In order to determine Merchant’s compliance with this Exhibit A, Zumigo or its designated representative shall have the right, from time to time, to: (1) upon reasonable notice to Merchant, enter into Merchant’s facilities during normal business hours, and conduct on-site audits of Merchant’s practices and procedures relating to Merchant’s request for and use of consumer reports; and (2) conduct audits by mail, email or similar electronic means that may require Merchant to provide documentation regarding permissible purposes for particular Zumigo Information ordered by Merchant. Merchant shall promptly provide Zumigo with copies of or access to all requested documents and records and use reasonable efforts to otherwise cooperate with Zumigo in all such audits.
  6. Territory. Merchant may access, use and store the Zumigo Services and all information and data provided or obtained through use of the Zumigo Services (the “Zumigo Information”) only at or from locations within the territorial boundaries of the United States, Canada and the United States territories of Puerto Rico, Guam and the Virgin Islands (the “Permitted Territory”). Merchant may not access, use or store the Zumigo Services at or from, or send the Zumigo Services to, any location outside of the Permitted Territory without first obtaining Zumigo’s prior written approval and entering into such written agreements as Zumigo may require.
  7. Service Providers. Merchant may not allow a third-party service provider (hereafter “Service Provider”) to access, use, or store the Zumigo Services or the Zumigo Information on its behalf without first obtaining Zumigo’s written permission.

II. TERM AND TERMINATION

  1. This Exhibit A will immediately terminate during any current term: (a) by either party, with or without cause, upon thirty (30) days prior written notice; (b) in the event that Zumigo or Merchant ceases to conduct business in a normal course, becomes insolvent, makes a general assignment for the benefit of creditors, suffers or permits the appointment of a receiver for its business or assets, or avails itself of, or becomes subject to, any proceeding under the Federal Bankruptcy Code of 1978, as amended, or any similar state insolvency or bankruptcy statutes, and either party gives the other written termination notice following that event; or (c) as otherwise provided in this Exhibit A. In addition, if either party materially breaches this Exhibit A, the non-breaching party may terminate this Exhibit A after providing written notice of the breach to the breaching party with fifteen (15) calendar days opportunity to cure. Zumigo may, in its own discretion, suspend services during any cure period. Either party, by written notice to the other party, may immediately terminate this Exhibit A or suspend any Zumigo Service if based on a reasonable belief that the other party has failed to comply with applicable laws. Zumigo may, by written notice to Merchant, immediately terminate this Exhibit A or suspend any Information Service(s) if based on a reasonable belief that Merchant has violated Section III of this Exhibit A.
  2. Notwithstanding anything to the contrary in this Exhibit A, if the continued provision of all or any portion of the Zumigo Services becomes impossible, impractical, or undesirable due to a change in applicable federal, state or local laws or regulations, as determined by Zumigo in its reasonable judgment, or due to circumstances imposed by Zumigo’s third party vendors or data sources, Zumigo may either (a) cease to provide the affected services within, or pertaining to persons residing within, the affected jurisdiction, or (b) establish new prices which will apply to the affected services when provided or delivered within, or pertaining to persons residing within, the affected jurisdiction, which prices will be reasonably calculated to cover the costs incurred by Zumigo in complying with the applicable laws or regulations or circumstances imposed by third party vendors and will become effective on the date specified in such notice unless Merchant objects in writing, in which case Zumigo may exercise its rights under clause (a) above. Zumigo will attempt to provide written notice of its actions as far in advance of the effective date as is reasonably possible under the circumstances. Termination or expiration of this Exhibit A shall not preclude either party from pursuing other remedies available to it, including injunctive relief, nor shall such termination or expiration relieve Merchant’s obligation to pay all fees that have accrued or are otherwise owed by Merchant to Zumigo under this Exhibit A.

III.   WARRANTY, INDEMNIFICATION AND LIMITATION OF LIABILITY

  1. Merchant and Zumigo recognize that every business decision represents an assumption of risk and that neither party, in furnishing Information or the Zumigo Services to the other, underwrites or assumes the other’s risk in any manner. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THIS EXHIBIT A, OR ANY AMENDMENT HERETO, TO THE MAXIMUM EXTENT ALLOWABLE BY APPLICABLE LAW, THE ZUMIGO SERVICES PROVIDED HEREUNDER ARE PROVIDED ON AN “AS IS” BASIS AND EACH PARTY HEREBY DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIVES, GUARANTEES AND WARRANTIES WHETHER EXPRESS OF IMPLIED OR STATUTORY REGARDING THE ACCURACY, CORRECTNESS, COMPLETENESS, CURRENTNESS, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OF THE INFORMATION OR SERVICES PROVIDED TO THE OTHER. NEITHER PARTY, NOR ANY OF ITS DIRECTORS, OFFICERS, AGENTS, EMPLOYEES, CONTRACTORS, LICENSORS, AFFILIATED COMPANIES (“AFFILIATED PERSONS AND ENTITIES”) WILL BE LIABLE TO THE OTHER PARTY FOR ANY LOSS OR INJURY RELATING TO, ARISING OUT OF, OR CAUSED IN WHOLE OR IN PART BY, THEIR ACTS OR OMISSIONS, EVEN IF NEGLIGENT, RELATING TO THE ACCURACY, CORRECTNESS, COMPLETENESS OR CURRENTNESS OF THE ZUMIGO SERVICES OR ANY INFORMATION. Merchant recognizes that accessing the Zumigo Information with additional information or different identification information on a consumer, or at a different time from a prior request for information, may result in file content different from that on the date of the original access.
  2. MERCHANT SHALL INDEMNIFY AND DEFEND ZUMIGO AND ITS AFFILIATED PERSONS AND ENTITIES FROM AND AGAINST ANY LOSS, DAMAGE, COST, LIABILITY AND EXPENSE (INCLUDING REASONABLE ATTORNEYS’ FEES) ARISING FROM OR RELATING TO THE INVESTIGATION, DEFENSE, SETTLEMENT OR SATISFACTION OF CLAIMS OR CAUSES OF ACTION OF A THIRD PARTY AGAINST ANY SUCH INDEMNITEE ARISING OUT OF OR RELATING TO A BREACH (OR ALLEGED BREACH) OF SECTIONS I.3, I.4. I.5., III, IV OR ATTACHMENT 1 TO EXHIBIT A BY MERCHANT OR ITS AFFILIATED PERSONS AND ENTITIES.
  3. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS EXHIBIT A, EXCEPT WITH RESPECT TO THE OBLIGATIONS OF INDEMNITY SET OUT IN SECTION III.2, NEITHER PARTY, NOR ANY OF ITS AFFILIATED PERSONS AND ENTITIES, WILL BE RESPONSIBLE FOR CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY OR SPECIAL DAMAGES, INCLUDING LOST PROFITS (EVEN IF THEY HAVE BEEN ADVISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES).

     IV. CONFIDENTIALITY

    Merchant agrees to hold in confidence all Zumigo Information received through the Zumigo Services provided by Zumigo, except as provided in Section I.3. Each party acknowledges that all other materials and information disclosed by a party (“Discloser”) to the other party (“Recipient“) in connection with the performance of this Exhibit A, consist of confidential and proprietary data (collectively, the “Confidential Information”). Each Recipient will hold the Confidential Information in strict confidence, and will restrict its use of Confidential Information to the purposes anticipated in this Exhibit A. If the law or legal process requires Recipient to disclose Confidential Information, Recipient will notify the Discloser of the request. Thereafter, the Discloser may seek a protective order or waive the confidentiality requirements of this Exhibit A, provided that Recipient may only disclose the minimum amount of information necessary to comply with the requirement. Recipient will not be obligated to hold confidential any information from the Discloser which (a) is or becomes publicly known, (b) is received from any person or entity who, to the best of Recipient’s knowledge, has no duty of confidentiality to the Discloser, (c) was already known to Recipient prior to the disclosure, and that knowledge was evidenced in writing prior to the date of the other party’s disclosure, or (d) is developed by the Recipient without using any of the Disclosers information. The rights and obligations of this Section IV (i) with respect to confidential and proprietary data that constitutes a “trade secret” (as defined by applicable law), which includes without limitation all consumer report information received through the Zumigo Services, will survive the termination of this Exhibit A for so long as such Confidential Information remains a trade secret under applicable law; and (ii) with respect to all other Confidential Information, will survive the termination of this Exhibit A for the longer of two (2) years from termination, or the confidentiality period required by applicable law. Each party acknowledges that unauthorized disclosure or use of the Confidential Information by a party may irreparably damage the other party in such a way that adequate compensation could not be obtained from damages in an action at law. Accordingly, the actual or threatened unauthorized disclosure or use of any Confidential Information shall give the Discloser the right to seek injunctive relief restraining such unauthorized disclosure or use, in addition to any other remedy otherwise available (including reasonable attorneys’ fees). Each party hereby waives the posting of a bond with respect to any action for injunctive relief.

    Merchant understands that Zumigo will keep the Consumer Information (as defined below) provided by Merchants or otherwise collected from Merchant’s use of the Zumigo Services for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with Merchant.  Zumigo may store some information indefinitely for operational purposes, such as technical support and abuse prevention. Other data such as web server logs or store sales reports are only kept as long as space is available for them. Please note that if a Merchant or ecommerce platform requests that Zumigo delete its Consumer Information, Zumigo will use its best efforts to so; however, it may not be possible to completely delete all of it due to technological and legal constraints.

    The retention period is determined by various criteria such as the type of user, the services to which you subscribe, and the nature of our relationship. The retention period can also be modified based on internal changes in auditing requirements and/or mandatory retention periods provided by law and statute of limitations.

    V. DATA SECURITY

    1. This Section applies to any means through which Merchant orders or accesses the Services including, without limitation, system-to-system, personal computer or the Internet. For the purposes of this Section, the term “Authorized User” means a Merchant employee that Merchant has authorized to order or access the Services and who is trained on Merchant’s obligations under this Agreement with respect to the ordering and use of the Services and all data obtained through the use of such services (“Zumigo Information”), including Merchant’s FCRA and other obligations with respect to the access and use of consumer reports.

    Merchant will, with respect to handling the Zumigo Information:

    1. ensure that only Authorized Users can order or have access to the Services,
    2. ensure that Authorized Users do not order consumer reports for personal reasons or provide them to any third party except as permitted by this Agreement,
    3. inform Authorized Users that unauthorized access to consumer reports may subject them to civil and criminal liability under the FCRA punishable by fines and imprisonment,
    4. take all necessary measures to prevent unauthorized ordering of or access to the Services by any person other than an Authorized User for permissible purposes, including, without limitation, limiting the knowledge of the Merchant security codes, member numbers, User IDs, and any passwords Merchant may use (collectively, “Security Information”), to those individuals with a need to know. In addition, the User IDs must be unique to each person, and the sharing of User IDs or passwords is prohibited,
    5. adhere to all security features in the software and hardware Merchant uses to order or access the Services, including the use of IP restriction,
    6. implement secure authentication practices when providing User ID and passwords to Authorized Users, including but not limited to using individually assigned email addresses and not shared email accounts,
    7. in no event access the Services via any unregistered hand-held wireless communication device, that have not gone through Merchant’s device enrollment, access, and authentication process. Such process shall be reviewed and approved by Zumigo prior to allowing access to Services via any hand-held wireless communication device,
    8. not use non-company owned assets such as personal computer hard drives or portable and/or removable data storage equipment or media (including but not limited to laptops, zip drives, tapes, disks, CDs and DVDs) to store the Services. In addition, Zumigo Information must be encrypted when not in use and all printed Zumigo Information must be stored in a secure, locked container when not in use and must be completely destroyed when no longer needed by cross-cut shredding machines (or other equally effective destruction method) such that the results are not readable or useable for any purpose,
    9. if Merchant sends, transfers or ships any Zumigo Information, encrypt the Zumigo Information using minimum standards of Advanced Encryption Standard (AES), minimum 128-bit key, or Triple Data Encryption Standard (3DES), minimum 168- bit key, encrypted algorithms, which standards may be modified from time to time by Zumigo,
    10. not ship hardware or software between Merchant’s locations or to third parties without deleting all Zumigo Merchant number(s), security codes, User IDs, passwords, Merchant user passwords, and any consumer information,
    11. monitor compliance with the obligations of this Section VII, and immediately notify Zumigo if Merchant suspects or knows of any unauthorized access or attempt to access the Services, including, without limitation, a review of Zumigo invoices for the purpose of detecting any unauthorized activity,
    12. if Merchant uses a Service Provider to establish access to the Services, be responsible for the Service Provider’s use of Security Information, and ensure the Service Provider safeguards such Security Information through the use of security requirements that are no less stringent than those applicable to Merchant under this Section,
    13. use commercially reasonable efforts to assure data security when disposing of any consumer report information or record obtained from Zumigo. Such efforts must include the use of those procedures issued by the federal regulatory agency charged with oversight of Merchant’s activities (e.g. the Federal Trade Commission, the applicable banking or credit union regulator) applicable to the disposal of consumer report information or records.
    14. use commercially reasonable efforts to secure Zumigo Information when stored on servers, subject to the following requirements: (i) servers storing Zumigo Information must be separated from the Internet or other public networks by firewalls which are managed and configured to meet industry accepted best practices, (ii) protect Zumigo Information through multiple layers of network security, including but not limited to, industry-recognized firewalls, routers, and intrusion detection/prevention devices (IDS/IPS), (iii) secure access (both physical and network) to systems storing Zumigo Information, which must include authentication and passwords that are changed at least every 90 days; and (iv) all servers must be kept current and patched on a timely basis with appropriate security-specific system patches, as they are available,
    15. not allow Zumigo Information to be displayed via the Internet unless utilizing, at a minimum, a three-tier architecture configured in accordance with industry best practices,
    16. use commercially reasonable efforts to establish procedures and logging mechanisms for systems and networks that will allow tracking and analysis in the event there is a compromise, and maintain an audit trail history for at least three (3) months for review by Zumigo,
    17. provide prompt notification to Zumigo of any change in address or office location and is subject to an onsite visit of the new location by Zumigo or its designated representative and
    18. in the event Merchant has a security incident involving Zumigo Information, Merchant will fully cooperate with Zumigo in a security assessment process and promptly remediate any finding.
    1. If Zumigo reasonably believes that Merchant has violated this Section V, Zumigo may, in addition to any other remedy authorized by this Exhibit A, with reasonable advance written notice to Merchant and at Zumigo’s sole expense, conduct, or have a third party conduct on its behalf, an audit of Merchant’s network security systems, facilities, practices and procedures to the extent Zumigo reasonably deems necessary, including an on-site inspection, to evaluate Merchant’s compliance with the data security requirements of this Section V.

     VI. MISCELLANEOUS

    1. Assignment. Zumigo may assign this Exhibit A or any rights or obligations under this Exhibit A to an entity that is controlled by, controls or is under common control with Zumigo. Otherwise, neither this Exhibit A, nor any rights or obligations under it may be assigned or transferred, by operation of law or otherwise by either party without the written consent of the other party, which consent shall not be unreasonably withheld.
    2. Force Majeure. Neither party will be liable to the other by reason of any failure or delay of performance, whether foreseen or unforeseen, hereunder (except failure to pay any amount when due) if such failure arises out of causes beyond the non- performing party’s reasonable control, including, but not limited to, governmental action, emergency regulations, sabotage, riots, vandalism, labor strikes or disputes, acts of God (e.g., fire, flood inclement weather, epidemic, or earthquake), war or act of terrorism, electrical failure, mechanical failure, major computer hardware or software failures, equipment delivery delays, or acts of third parties.
    3. Entire Agreement. This Exhibit A constitutes the entire agreement of the parties and supersedes all prior understandings between the parties (whether written or oral) relating to the subject matter of this Exhibit A. No modification of this Exhibit A, shall be valid unless in writing and signed by an authorized representative of each of the parties.
    4. Independent Contractor. The relationship of the parties established by this Exhibit A is solely that of independent contractors. Neither party is the representative or agent of the other for any purpose, and neither has power or authority to act as agent for or to represent, act for, bind, or otherwise create or assume any obligation on behalf of the other.
    5. Subcontractors. Zumigo may subcontract any of the work, services, or other performance required of Zumigo under this contract without the consent of Merchant. Zumigo will be responsible for all work performed by its subcontractors and agents as if it were performing the work itself.

    ATTACHMENT 1 TO EXHIBIT A   

    This Attachment 1 contains additional Terms and Conditions that apply to the Zumigo Services. Merchant agrees to abide by the additional Terms and Conditions that applyto those Information Services.

    1. DEFINITIONS. For the purposes of this Attachment 1, all capitalized terms used in this Attachment 1 and not otherwise defined herein will have the followingmeanings:

    “Consumer” means an individual who resides in the United States and who is the subject of the Zumigo Services.

    “Consumer Information” means any personally identifiable information or data about a Consumer (i) provided by Merchant to Zumigo or (ii) otherwisecollected from Merchant’s use of the Zumigo Services. Notwithstanding the foregoing, Merchant’s Consumer Information does not include information regarding theConsumer already in the possession of Zumigo prior to the provision of Services.

    “Zumigo Information” means the information returned to Merchant through the Zumigo Services regarding a given Consumer.

    “Zumigo Services” or “Services” means the credit card verification service.  The credit card verification service is an account number verification service which indicates whether the account numbers presented by a Consumer to Merchant are found on the credit file associated with the identification information provided by the Merchant.

    1. SCOPE OF ATTACHMENT 1.

    2.1           Zumigo will provide the Zumigo Services, as available, to Merchant during the Term of this Attachment 1.  

    2.2           Use of Services. Merchant certifies that it will order the Zumigo Services from Zumigo only when Merchant is duly authorized by the Consumer inaccordance with applicable law and Merchant intends to use the Zumigo Information in accordance with applicable consumer protection, marketing, data security,export and privacy laws including, as applicable and without limitation, the Federal Fair Credit Reporting Act, 15 U.S.C. 1681 et. seq., as amended and all state lawcounterparts thereto, Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. Sec. 6801 et seq. (“GLB”), the Telephone Consumer Protection Act, 47 U.S.C. 227, et. seq., asamended (the “TCPA”), all state law counterparts of any applicable Federal law and all applicable regulations promulgated under any of them, including, withoutlimitation, any provisions requiring notification or disclosure to the Consumer. Further Merchant shall not engage in any unfair, deceptive or abusive act or practice withregard to any Consumer. In no event will Merchant disclose the Zumigo Information to any third party other than the subject Consumer.  

    3. IMPLEMENTATION AND OPERATION.

    3.1             Merchant represents and warrants that (i) it has the right under applicable law to provide the Consumer Information to Zumigo as described herein;(ii) that Merchant’s privacy policies clearly disclose to Consumers that the Consumer Information may be shared with third party service providers for the purpose ofcompleting the relevant transaction, and (iii) Merchant will obtain any and all required consents from the subject Consumer, in a format and with content reviewed byZumigo, and will provide any required disclosures as stated in applicable law.

    3.2       Merchant will request the Zumigo Information from Zumigo by electronic means or other means as may be agreed to from time to time by Zumigo andMerchant. Each request will contain sufficient identifying information concerning the Consumer about whom the information is requested to enable Zumigo to providethe Zumigo Information, and will identify in the manner specified by Zumigo, the fact that the request is being made by Merchant.

    3.3       Merchant will not maintain, copy, capture or otherwise retain in any manner any Zumigo Information except as necessary to complete its transaction withthe Consumer.

    1. LICENSES.

    4.1           Zumigo grants a limited, non-exclusive, non-transferrable, revocable license to Merchant to use the Zumigo Information provided through the Zumigo Services within the Permitted Territory only as described in Exhibit A. Merchant will hold all Zumigo Information licensed under this Attachment 1 in strict confidenceand will not reproduce, reveal or make it accessible in whole or in part, in any manner whatsoever, to any person other than the Consumer unless required by law.Merchant is prohibited from using the Zumigo Information or any component of the Zumigo Services to reverse engineer or recreate any data element or other variable contained within the Services. Merchant may not use the Zumigo Information for any purpose other than as expressly set forth herein.

    4.2           Merchant grants to Zumigo a non-exclusive license to: (1) use Consumer Information as required to respond to Merchant’s inquiries for ZumigoInformation; (2) disclose the items of Consumer Information to Zumigo’s suppliers (including its Affiliates) for the sole purpose of responding to Merchant’s inquiriesfor Zumigo Information and assisting Zumigo in its performance of its obligations under Exhibit A; and (3) disclose Consumer Information as required by law. Zumigowill not, and will not allow its suppliers (including its Affiliates) to use or disclose Consumer Information in any way other than as expressly permitted under Exhibit A.

    4.3           Unless otherwise specified in writing between Merchant and Zumigo, Zumigo and its suppliers retain all right, title and interest in and to all intellectualproperty rights embodied in or associated with the Zumigo Services. There are no implied licenses under this Attachment 1, and any rights not expressly granted toMerchant under this Attachment 1 are reserved by Zumigo or its suppliers. Neither party will exceed the scope of the licenses granted under this Attachment 1.

    1. ADDITIONAL TERMS
    1. The Zumigo Services provide an account number verification function which indicates whether the credit card account numbers presented by a Consumer to Merchant are found on the credit file associated with the identification information provided by the Consumer. The information returned from the Zumigo Services constitutes a consumer report as defined by the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq. (the “FCRA”). Merchant certifies that it will order the Zumigo Services only when Merchant intends to use the consumer report in accordance with the FCRA and all state law FCRA counterparts, and for one of the FCRA permissible purposes and no other purpose
    2. Prior to submitting a request for information from the Zumigo Services, Merchant shall first obtain the subject Consumer’s written consent to have their identity authenticated by comparing the financial information provided by the subject Consumer to the financial account information maintained in the subject Consumer’s consumer file. A soft inquiry will be place on the subject Consumer’s consumer file indicating that such file was accessed in connection with a request by Merchant (including the date of access), which was at the subject Consumer’s request.
    3. Merchant will not interpret the failure of Zumigo to verify an account number as an indication of fraud or a statement regarding that consumer’s credit worthiness, because the inability to verify may result from one or more factors unrelated to attempted fraud or credit worthiness, including, without limitation, the inability to verify debit cards or account numbers that are truncated or encrypted in the credit file. Merchant will not take adverse action, as defined in the ECOA and Regulation B thereunder, with respect to any consumer on the basis of the Zumigo Services. Merchant acknowledges that verification of an account number communicates no information regarding the payment status of that account.
    4. Merchant will further verify that each Consumer regarding whom Merchant accesses the Zumigo Services is the subject consumer of the Zumigo Information requested by Merchant through the use of authentication procedures which are reasonably acceptable to Zumigo. Zumigo may also independently verify that any Consumer for whom Zumigo Information is requested is the subject of the Zumigo Information requested by Merchant. In the event the Consumer initiating the transaction does not successfully complete the authentication process, Merchant shall have additional procedures in place to ensure the Consumer which is the subject of the Zumigo Information is the subject Consumer.