Terms of Use

Background Inquiries and Services LLC , (BI&S) (www.criminalbios.com) Terms and Conditions

TERMS OF USE AGREEMENT

 

BI&S provides background screening and other Services (“Services”) to organizations and their authorized users (“Clients”), allowing them to collect information about individual consumers (“Candidates”). Candidates may provide the information directly through the platform.

In using this website, you are deemed to have read and agreed to the following terms and conditions associated with the use of BI&S background screening Services ("Terms"):

Terms applicable to Candidates only:

1.1     Electronic Signatures. Agreeing to these Terms, you are consenting to receive all communications, including any legally required notices, electronically and have agreed to transact electronically. In order to use these products and Services, you must provide at your own expense an Internet connected device that is compatible with the minimum requirements outlined below. You also confirm that your device will meet these specifications and requirements and will permit you to access and retain the Communications electronically each time you access and use the applicable Services.

Exception: Georgia State Police and other entities require a “wet” signature release. Please download the release, complete and upload the release.

1.2   Technology Requirements. To use our website or our Services, you must have an internet connection, an internet browser (i.e. Safari, Google Chrome, Internet Explorer or Fire Fox) issued in the last two years and a computer capable of managing that software and connection. Our site may also operate with other configurations, but we do not guarantee it. In particular, you must have the hardware, software and telecommunications connection necessary to access the electronic records related to your use of our website or Services.

1.3   Access and Use License to the Services. You may access and use the Services to submit your information (“Submissions”) to BI&S so that it may carry out the Services for a Client or for you. The extent to which you can access the Services is determined by BI&S and is further limited as specified in the Services user documentation provided by BI&S. You may not use, distribute, display, transmit, reproduce or otherwise exploit any of the Services, or its contents, for any other purpose. Your use of the Services will include your review and execution of a provided disclosure and authorization as required under the FCRA.

1.4   Submissions. By making Submissions, you warrant that you are the individual who the Submissions relate to and have only disclosed information that is true, accurate and not misleading (including by omission) and nothing submitted is known by you to be false, inaccurate or misdealing.

 

Terms applicable to Clients only

2.1   Electronic Signatures. Agreeing to these Terms, you are consenting to receive all communications, including any legally required notices, electronically and have agreed to transact electronically. In order to use these products and Services, you must provide at your own expense an Internet connected device that is compatible with the minimum requirements outlined below. You also confirm that your device will meet these specifications and requirements and will permit you to access and retain the Communications electronically each time you access and use the applicable Services.

2.2   Technology Requirements. To use our website or our Services, you must have an internet connection, an internet browser (i.e. Safari, Google Chrome, Internet Explorer or Fire Fox) issued in the last two years and a computer capable of managing that software and connection. Our site may also operate with other configurations, but we do not guarantee it. In particular, you must have the hardware, software and telecommunications connection necessary to access the electronic records related to your use of our website or Services.

2.3   Access and Use License to the Services. You may access and use the Services to submit your information (“Submissions”) to BI&S so that it may carry out the Services for a Client or for you. The extent to which you can access the Services is determined by BI&S and is further limited as specified in the Services user documentation provided by BI&S. You may not use, distribute, display, transmit, reproduce or otherwise exploit any of the Services, or its contents, for any other purpose. Your use of the Services will include your review and execution of a provided disclosure and authorization as required under the FCRA.

2.4   Certification of FCRA Permissible Purpose(s). You certify that all of your requests for information products from BI&S shall be made, and the resulting reports shall be used, for the following Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., permissible purposes only:

Section 604(a)(2). As instructed by the consumer in writing.

Section 604(a)(3)(B). For employment purposes including evaluating a consumer for employment, promotion, reassignment or retention as an employee, where the consumer has given prior written permission.

2.5   Certification of Legal Compliance. You certify to BI&S that the information products it receives will not be used in violation of any applicable federal or state laws, including equal employment opportunity laws. You accept full responsibility for using the information products it receives from BI&S in a legally acceptable fashion and the consequences of your use and/or dissemination of those products. You further agrees to put into place reasonable procedures for the fair and equitable use of background information and to secure the confidentiality of private information, keeping it confidential when obtaining, retaining, using and destroying such confidential information. You agree to take precautionary measures to protect the security and dissemination of this information including, for example, securing access to, dissemination of, and destruction of hard copy reports. You agree to abide by the security requirements provided by BI&S. Likewise, as a condition of entering into these Terms, you also certify that you has in place reasonable procedures designed to comply with all applicable state and federal laws, including equal employment opportunity laws. You certify that you will retain any information it receives from BI&S for such period(s) as may be required pursuant to federal and applicable state laws, whichever is longer. You certify that a clear and conspicuous disclosure, in a document consisting solely of the disclosure has been made in writing to the consumer explaining that a consumer report and/or investigative consumer report may be obtained for employment purposes, and that this disclosure satisfied all requirements identified in Section 606(a)(1) of the FCRA, as well as any applicable state or local laws, including equal employment opportunity laws.

You also certify that the consumer has authorized, in writing, the obtaining of the report by you. Receipt and use of information in "investigative consumer reports" imposes significant specific legal obligations upon you. You acknowledge that you are advised by BI&S to consult your own legal counsel regarding your specific legal requirements and responsibilities under federal, state, and local laws and ordinances, including equal employment opportunity laws.

If the consumer is denied employment, or other adverse employment action taken based in whole or in part on the information products provided by BI&S, you will provide to the consumer: (1) a copy of the report; and (2) a description, in writing, of the rights of the consumer entitled: "A Summary of Your Rights Under the Fair Credit Reporting Act" and (3) the pre-adverse and adverse notifications as required by the FCRA. When you are notified that a consumer disputes the findings presented in information products provided by BI&S, your agree that you will not take any adverse employment action regarding that consumer until the dispute has been investigated and the results of the investigation have been reported. You hereby acknowledge that you has received a copy of the Summary of Rights (16 C.F.R. Part 601, Appendix A) and Notice to Users of Consumer Reports: Obligations of Users Under the FCRA (16 C.F.R. Part 601, Appendix C).

2.6   Guarantee of Information. We do not guarantee that our information is complete or up-to-date. Our information is obtained from public record sources at different times. The information is subject to change as new information becomes available. Additionally, public records may have mistakes in them. We may report to you information that matches your search criteria, but it may not be about you. This is because many government agencies do not provide unique identifying characteristics (like a social security number) for us to search. If you would like to correct any information reported by BI&S about you, see please call our Customer Services Department at (919)377-0917 or send an email to orders@criminalbios.com

 

 

 


 

 

 General Terms (applicable to both Candidates and Clients)

3.1   Delivery Method. Background screening results will be delivered to the customer representative via secure website or through electronic means. The method of delivery is determined by the customer representative when your account is established with BI&S.

3.2   Return/Refund Policy. You agree to pay for all Services that we provide at the agreed upon price when your account is established. Refunds will only be issued for duplicate screenings submitted within an agreed upon time frame. No refunds will be issued for mistakes made in entering your search criteria or if we find no criminal information to report to you.

3.3   Method of Payment. You may pay for our Services using Visa or MasterCard. By providing us with the credit card number, you give us permission to charge that credit card for all purchases you make from us, you confirm you are authorized to make purchases with that credit card and you agree to abide by the credit card issuer's agreement.

3.4   Security of Information Provided to BI&S. You can submit your personal and billing information to www.criminalbios.com with confidence. We have partnered with Authorize.net, a leading payment gateway to accept credit cards payments safely and securely for our registrants and customers. The Authorize.net manages the complex routing of sensitive customer information through the credit card processing networks. The company adheres to strict industry standards for payment processing, including 256-bit Secure Sockets Layer (SSL) technology for secure Internet Protocol (IP) transactions; Industry standard encryption hardware and software methods and security protocols to protect customer information; and compliance with the Payment Card Industry Data Security Standard (PCI DSS).

3.5   Ownership of Intellectual Property. The Services contains confidential trade secret information of BI&S and its suppliers. BI&S and its Suppliers retain all right, title and ownership of the Services, including BI&S Intellectual Property, and any and all proprietary rights (including patent rights, copyrights, trade secrets, trademarks, trade names, Services marks, designs or design marks or proprietary inventions, designs, information, sequence, structure, organization, and functionality) with respect to all of the foregoing. Nothing in these Terms is intended to convey any rights therein to you, other than the right to use the Services in the manner and to the extent permitted in these Terms.

3.6   Passwords. If applicable, upon your registration, BI&S will provide you the registrant with a unique registrant ID to access your information in the future. If you are an authorized client administrator you will select a login ID and unique password to access the Services. You agree to (a) provide true, complete, accurate and current data, as requested in the registration process (and maintain and update such data); (b) prevent unauthorized access or use by you or others by using your unique ID or password; (c) promptly report any unauthorized use or disclosure of your unique ID or password or other breach of any Services security; and (d) not assign or transfer (or attempt to do the same) any rights granted to you under these Terms.

 

If your account password becomes compromised or you believe it may have been compromised, you will immediately change it and promptly notify BI&S. You further agree that you will not discuss your User ID or password by telephone with any unknown caller, even if the caller claims to be an employee of BI&S.

BI&S reserves the right to suspend, or to refuse any further, access or use of the Services if BI&S learns or reasonably suspects that your registration information is false or inaccurate, if you refuse to provide complete and updated registration information, or if you misuse or permit another to use your login ID or password who is not authorized to do so or for any other breach of security. You acknowledge and agree that you (and not BI&S) are responsible for maintaining the confidentiality of the password and that you (and not BI&S) are liable for any harm that may result from disclosing (or allowing the disclosure of) your password or other breach of these Terms.

3.7   Prohibited Actions. As a condition to your authorized use of the Services, you must use the Services in compliance with all applicable federal and state laws and only as expressly permitted in these Terms. You agree to not do any of the following, in any manner whatsoever, alone or through any other person or entity, and your compliance is something that BI&S, in its sole and absolute discretion, will determine:

Transmit to or introduce at the Services any viruses intended to damage, interfere with, disrupt, intercept or expropriate the Services ("Viruses"), or otherwise implement or engage in on-line activities, attacks or actions in a manner that have a disruptive or detrimental effect ("System Attacks");

Use the Services for any purposes that are unlawful or illegal under any law, regulation or legal requirement or that could give rise to civil or criminal liability or actions against BI&S (or its Suppliers), you or any other third party;

Transmit, access or communicate any data that you do not have a right to transmit under any law or under contractual or fiduciary revisions (such as proprietary and confidential information learned or disclosed as part of employment relationships or under non-disclosure agreements); or

Post, submit, upload, e-mail or otherwise transmit any content, material or other thing at, to or through the Services that infringes or violates the rights of others, including without limitation, copyright, trademark, trade secret or other intellectual property and proprietary rights, privacy or publicity rights.

3.8   Confidentiality. The Services is confidential and proprietary to BI&S (and its Suppliers). You agree that, unless you have the express written consent of BI&S, you will not disclose, transfer or otherwise provide to any third party all or any part of such Services except as authorized by these Terms.

3.9   Limitations on Reverse Engineering, Decompilation and Disassembly. You may not reverse engineer, decompile, or disassemble BI&S Intellectual Property, including any other technology utilized to provide the Services.

3.10 No copies or modifications. You may not modify, publish, participate in the transfer or sale of, or create new works from any of the Services, in whole or in part.

3.11 Rental. You may not rent or lease any of the Services.

3.12 Proprietary Notices. You may not remove any copyright, trademark or other proprietary notices from the Services or any content or information generated from it.

3.13 Termination. Your access to and use of the Services may be terminated, limited, denied or disabled at any time, without the necessity of BI&S sending you notice or otherwise advising you of your loss of rights, if you use the Services in a way that is not authorized or if you otherwise violate any of the terms, conditions or restrictions stated in these Terms. Accordingly, you may or may not be able to recover information stored on the Services. Termination or cancellation of these Terms will not affect any right or relief to which BI&S or its Suppliers may be entitled, at law or in equity. Upon termination of these Terms, all rights to use the Services will terminate.

3.14 Disclaimer of Warranty. The Services is provided "AS IS," without warranty of any kind. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, BI&S AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES AND CONDITIONS OF QUALITY, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, WITH REGARD TO THE HOSTED SERVICES, AND ACCESS TO THE HOSTED SERVICES. BI&S DOES NOT WARRANT THAT THE OPERATION OF OR ACCESS TO THE HOSTED SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE. YOUR ACTUAL RIGHTS MAY VARY FROM STATE/JURISDICTION TO STATE/JURISDICTION.

3.15 Indemnification. You agree to indemnify, defend, and hold harmless BI&S and its Suppliers from and against all claims, losses, expenses, damages and costs (including, but not limited to, direct, incidental, consequential, exemplary, and indirect damages), and reasonable attorneys' fees, resulting from or arising out of (a) use or misuse of the Services by you or any other person who accesses the Services using your login ID or password; (b) any violation of these Terms; or (c) any violation of any rights of a third party.

3.16 Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL BI&S OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE HOSTED SERVICES, EVEN IF BI&S HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, IN NO EVENT WILL BI&S'S ENTIRE LIABILITY UNDER THIS AGREEMENT, FOR ANY AND ALL CAUSES OF ACTION, REGARDLESS OF LEGAL THEORY, EXCEED $100.00 (ONE HUNDRED DOLLARS).

 

3.17 Claims Regarding Your Use of the Services. These Terms are governed by and are to be construed under the laws of the State of North Carolina and any disputes shall be resolved pursuant to procedures set forth in Section 20 below. The United Nations Convention on Contracts for the International Sale of Goods will not apply. If BI&S brings a lawsuit, claim or other proceeding against you to enforce these Terms or brings you into one in connection with enforcement of these Terms, BI&S will be entitled to recover from you (and you agree to pay), in addition to all damages that may be awarded, reasonable and necessary attorney's fees and any costs of litigation. If any provision of these Terms is found to be unlawful or unenforceable in any respect, the court will reform such provision so as to render it enforceable (or, if it is not possible to reform such provision so as to make it enforceable, then delete such provision) and, as so reformed or modified, fully enforce these Terms.

Mutual Agreement to Arbitrate. Any controversy or claim arising out of, or relating to, these Terms of Use, or breach thereof, shall be settled by binding arbitration in accordance with the governing law as determined by these Terms of Use, the Federal Arbitration Act (insofar as it governs the arbitrability of such controversy or claim), and the Commercial Arbitration Rules (excluding Expedited Procedures) of the American Arbitration Association in the City of New York. Three qualified arbitrators shall be appointed in accordance with the Commercial Arbitration Rules (excluding Expedited Procedures) of the American Arbitration Association and these Terms of Use. Such qualified arbitrators shall be members of the New York bar and shall have at least five years of experience in the law relevant to the dispute in question. Each party shall have the right of discovery as set forth in the Federal Rules of Civil Procedure. A stenographer shall be present at the arbitration proceedings and the stenographic record shall be the official record of the proceeding. The arbitrators shall provide written findings of fact and conclusions of law in justification of any arbitration award. Either party shall have the right of appeal of any decision by the arbitrators by filing a request for reconsideration of any arbitration decision with the American Arbitration Association. Upon receiving such a request, the American Arbitration Association shall reconsider the matter de novo using the foregoing procedures. Should the arbitration award be inconsistent with the governing law as specified by these Terms of Use, either party may immediately appeal the arbitration award to any court of competent jurisdiction over BI&S. Judgment on the award rendered by the arbitrators may be entered in any court having competent jurisdiction over the parties, unless a subsequent request for reconsideration has been filed by a party under this Section, or the award has been appealed to a court of competent jurisdiction under this Section.

The parties waive any right to bring representative claims on behalf of a class of individuals, on behalf of the public, as a private attorney general, or otherwise (the “class action waiver”). Except for this class action waiver, this clause may be severed or modified if necessary to render it enforceable under the Federal Arbitration Act.

Any legal suit, action or proceeding arising out of, or related to, these Terms of Use or the Website, and allowed pursuant to this Section, shall be instituted exclusively in the federal courts of the United States in the Southern District of New York or the courts of the State of New York located in the City of New York. You waive any and all objections to the exercise of jurisdiction over you by such courts and to venue in such courts.

Entire Terms; Changes to these Terms. The terms of these Terms constitute the entire and exclusive agreement between you and BI&S regarding the Services and its use, and supersede all other agreements, understandings and communications regarding the subject matter of these Terms, if any, both oral or written, whether made prior or subsequently to or contemporaneously with your use of the Services. BI&S retains the right to modify the terms or conditions of these Terms at any time without notice or warning. You are bound to all changes BI&S may make to these terms and, therefore, should periodically revisit these terms and review them to make sure you comply with all changes. Otherwise, these Terms may not be superseded or modified except in a writing signed by an authorized representative of BI&S. If at any time you cannot comply with any of the terms and conditions of these Terms, then you should terminate and discontinue all access to and use of the Services.

If you have any questions concerning these Terms, please contact BI&S by writing or emailing: BI&S, PO Box 5804, Cary, NC  orders@criminalbios.com (919) 377-0917.


 

EXHIBIT A

BACKGROUND SCREENING REQUIREMENTS

BACKGROUND INQUIRIES AND SERVICES will furnish Company with Background Reports for the screening of applicants ("Applicant"), conditioned upon Company's compliance with this Exhibit and fulfillment of all of its obligations (including payment) under this Agreement. In utilizing BACKGROUND INQUIRIES  AND SERVICES in regard to Background Reports, Company is considered a user of consumer reports and/or investigative consumer reports under the FCRA and applicable state laws.

Company hereby certifies that all of its orders for Background Reports from BACKGROUND INQUIRIES AND SERVICES   shall be made, and the resulting reports shall be used for employment purposes, as defined in the FCRA, including evaluating a consumer for employment, promotion, reassignment or retention as an employee, where the consumer has given prior written permission.

Employer Certification.

1.1. Company shall be responsible for identifying and complying with all federal (including, without limitation, the FCRA), state and local laws and regulations applicable to Company in connection with its procurement and use of Background Reports furnished by BACKGROUND INQUIRIES AND SERVICES  . Company accepts full responsibility for any and all consequences of use or dissemination of those Background Reports. Company further agrees that each Screening Report will only be used for a one-time use. Company certifies to BACKGROUND INQUIRIES AND SERVICES   that Company will comply with all applicable provisions of the attached Exhibit A-1 ("Notice to Users of Consumer Reports: Obligations of Users Under the FCRA"), which explains Company's obligations under the FCRA as a user of consumer information and acknowledges receipt of such Notice. Without limitation Company agrees that (i) prior to procurement of a consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer, in a document that consists of only the disclosure, that a consumer report will be obtained for employment purposes; and (b) The consumer has authorized in writing the procurement of the report by Company; (ii) prior to procurement of an investigative consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer in a document that consists of only the disclosure that an investigative consumer report including information as to the consumer's character, general reputation, personal characteristics and/or mode of living will be obtained for employment purposes; and (b) Such disclosure contains a statement advising the consumer of his/her right to request a complete and accurate statement regarding the nature and scope of the requested investigative consumer report and his/her right to request a copy of the rights of the consumer under the FCRA, a copy of which is attached hereto as Exhibit A-2 ("A Summary of Your Rights Under the Fair Credit Reporting Act"); and (iii) in using a Screening Report for employment purposes, before taking any adverse action based in whole or in part on the Screening Report, the Company shall provide to the consumer to whom the Screening Report relates: (a) A copy of the Screening Report; (b) A copy of the notice titled "A Summary of Your Rights Under the Fair Credit Reporting Act" attached hereto as Exhibit A-2, and any applicable state summary of rights; and (c) A reasonable opportunity of time to correct any erroneous information contained in the Screening Report. Company further certifies that information from any consumer report or Screening Report will not be used in violation of any applicable federal or state equal opportunity law or regulation.

California Certification.

2.1.Company hereby certifies that, under the Investigative Consumer Reporting Agencies Act ("ICRA"), California Civil Code Sections 1786 et seq., and the Consumer Credit Reporting Agencies Act ("CCRAA"), California Civil Code Sections 1785.1 et seq., if Company is located in the State of California, and/or Company's request for and/or use of Background Reports pertains to a California resident or worker, Company will do the following:

2.1.1.Request and use Background Reports solely for permissible purpose(s) identified under California Civil Code Sections 1785.11 and 1786.12.

2.1.2.When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, provide a clear and conspicuous disclosure in writing to the consumer, which solely discloses: (i) that an investigative Screening Report may be obtained; (ii) the permissible purpose of the investigative Screening Report; (iii) that information on the consumer's character, general reputation, personal characteristics and mode of living may be disclosed; and (iv) the name, address, and telephone number of BACKGROUND INQUIRIES AND SERVICES  ; and (v) the nature and scope of the investigation requested, including a summary of the provisions of California Civil Code Section 1786.22.

2.1.3. When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, only request a Screening Report if the applicable consumer has authorized in writing the procurement of the Screening Report.

2.1.4. When a Screening Report is sought in connection with the hiring of a dwelling unit, notify the consumer in writing that a Screening Report will be made regarding the consumer's character, general reputation, personal characteristics, and mode of living. The notification shall include the name and address of BACKGROUND INQUIRIES AND SERVICES   as well as a summary of the provisions of California Civil Code Section 1786.22. The consumer shall be notified not later than three days after the date on which the Screening Report was first requested.

2.1.5.When a Screening Report is sought in connection with the underwriting of insurance, clearly and accurately disclose in writing at the time the application form, medical form, binder, or similar document is signed by the consumer that a Screening Report regarding the consumer's character, general reputation, personal characteristics, and mode of living may be made, or, if no signed application form, medical form, binder, or similar document is involved in the underwriting transaction, the disclosure shall be made to the consumer in writing and mailed or otherwise delivered to the consumer not later than three days after the Screening Report was first requested. The disclosure shall include the name and address of BACKGROUND INQUIRIES AND SERVICES  , the nature and scope of the investigation requested, and a summary of the provisions of California Civil Code Section 1786.22.

2.1.6. Provide the consumer a means by which he/she may indicate on a written form, by means of a box to check, that the consumer wishes to receive a copy of any Screening Report that is prepared.

2.1.7.If the consumer wishes to receive a copy of the Screening Report, send (or contract with another entity to send) a copy of the Screening Report to the consumer within three business days of the date that the Screening Report is provided to Company. The copy of the Screening Report shall contain the name, address, and telephone number of the person who issued the report and how to contact him/her.

2.1.8.Under all applicable circumstances, comply with California Civil Code Sections 1785.20 and 1786.40 if the taking of adverse action is a consideration, which shall include, but may not be limited to, advising the consumer against whom an adverse action has been taken that the adverse action was based in whole or in part upon information contained in the Screening Report, informing the consumer in writing of BACKGROUND INQUIRIES  AND SERVICES name, address, and telephone number, and provide the consumer with a written notice of his/her rights under the ICRA and the CCRAA.

2.1.9. Comply with all other requirements under applicable California law, including, but not limited to any statutes, regulations and rules governing the procurement, use and/or disclosure of any Background Reports, including, but not limited to, the ICRA and the CCRAA.

Consumer Requests for Additional Disclosures. In addition to the disclosure requirements identified above, if the consumer makes a written request within a reasonable amount of time, Company will provide: (1) information about whether an investigative consumer report has been requested; (2) written disclosure of the nature and scope of the investigation requested, if an investigative consumer report has been requested; and (3) BACKGROUND INQUIRIES  AND SERVICES contact information, including complete address and toll-free telephone number. This information will be provided to the consumer no later than five (5) days after the request for such disclosure was received from the consumer or such report was first requested, whichever is the latter.

In addition to the requirements above, Company:

4.1.Shall comply with, without limitation, the Americans with Disabilities Act, the Drivers Privacy Protection Act ("DPPA") and any applicable state laws if Company is obtaining Motor Vehicle Reports ("MVRs"), the Gramm-Leach-Bliley Act and federal and state employment laws.

4.2.If Background Reports include MVRs:

4.2.1.Shall be responsible for understanding and for staying current with all specific state forms, certificates of use or other documents or agreements including any changes, supplements or amendments thereto imposed by the states (collectively referred to as "Specific State Forms") from which it will order MVRs. Company certifies that it will file all applicable Specific State Forms required by individual states.

4.2.2.Certifies that no MVRs shall be ordered without first obtaining the written consent of the consumer to obtain "driving records," evidence of which shall be transmitted to BACKGROUND INQUIRIES AND SERVICES   in the form of the consumer's signed release authorization form. Company also certifies that it will use this information only in the normal course of business to obtain lawful information relating to the holder of a commercial driver's license or to verify information provided by an applicant or employee. Company shall not transmit any data contained in the resulting MVR via the public internet, electronic mail or any other unsecured means.

4.2.3.Shall execute and deliver to BACKGROUND INQUIRIES AND SERVICES   upon execution of this Agreement and annually thereafter for as long as Company receives MVRs, an Affidavit of Intended Use, attached hereto as Attachment A.

4.3.If requesting verification of current employment status or a reference check with respect to any Applicant, certifies that it will not request verification of current employment status from Applicant's current employer without first obtaining permission from the Applicant to contact Applicant's current employer.

4.4. Shall base all of its hiring decisions and related actions on its policies and procedures and not rely on BACKGROUND INQUIRIES AND SERVICES   for (nor shall BACKGROUND INQUIRIES AND SERVICES   render) legal advice regarding employment decisions.

4.5. Shall keep strictly confidential any information and identification numbers and passwords it receives from or gains access to through BACKGROUND INQUIRIES AND SERVICES, bear responsibility for all account activity within Company's scope of use, use Company's account only for the purposes authorized under this Agreement, and not sublicense, license, rent, sell, loan, give or perform marketing activities to make available all or any part of Company's account to a third party.

4.6. Shall provide access to Background Reports provided by BACKGROUND INQUIRIES AND SERVICES   only to Company employees, agents and representatives of Company who fully review and understand Company's obligations under the FCRA and this Agreement and who agree to comply with those obligations.

4.7. Shall ensure that Users do not request and/or obtain Background Reports on themselves, coworkers, employees, family members or friends unless it is in connection with a legitimate business transaction or for a valid FCRA permissible purpose.

4.8. Shall provide BACKGROUND INQUIRIES AND SERVICES   with accurate employee identification, address, or other information, and when available, e-mail contact information.

4.9. Understands and acknowledges that, in the course of completing background checks, BACKGROUND INQUIRIES AND SERVICES may uncover active arrest warrants which are outstanding against the Applicant. In these cases, BACKGROUND INQUIRIES AND SERVICES may be contacted by the law enforcement agency seeking the Applicant. Company understands that BACKGROUND INQUIRIES AND SERVICES   will furnish to law enforcement any information contained within the subject's file to assist in the apprehension of the Applicant. Additionally, BACKGROUND INQUIRIES AND SERVICES   may contact Company, and Company agrees to release to BACKGROUND INQUIRIES AND SERVICES  , any and all information Company may have which will further the apprehension of the wanted individual.

4.10. Shall not resell, sublicense, deliver, display or otherwise distribute any Background Reports provided by BACKGROUND INQUIRIES AND SERVICES   to any third party. ANY PERSON WHO WILLFULLY AND KNOWINGLY OBTAINS, RESELLS, TRANSFERS, OR USES INFORMATION IN VIOLATION OF LAW MAY BE SUBJECT TO CRIMINAL CHARGES AND/OR LIABLE TO ANY INJURED PARTY FOR TREBLE DAMAGES, REASONABLE ATTORNEY'S FEES AND COSTS. OTHER CIVIL AND CRIMINAL LAWS MAY ALSO APPLY.

BACKGROUND INQUIRIES AND SERVICES   shall:

5.1.Take reasonable procedures to comply with all applicable federal, state and local laws in the preparation and transmission of Background Reports including, without limitation, responding appropriately to any assertions by an Applicant that a Screening Report contains inaccurate information.

5.2.Maintain reports and other records as required by applicable law.

5.3. Comply with all credentialing requirements imposed by any third parties or BACKGROUND INQUIRIES  AND SERVICES internal protocols so BACKGROUND INQUIRIES AND SERVICES can confirm that Background Reports are only provided to legitimate business entities. Such credentialing may include an on-site visit by BACKGROUND INQUIRIES AND SERVICES  .

Disclaimer of Warranties (Background Reports).

6.1.Background Reports and other information in the BACKGROUND INQUIRIES AND SERVICES   databases have been compiled from public records and other proprietary sources for the specific purposes of providing background information and therefore such information is obtained by BACKGROUND INQUIRIES AND SERVICES  , and reported to Company, "AS IS". Neither BACKGROUND INQUIRIES AND SERVICES   nor any of its suppliers represents or warrants that the information from such records is complete or accurate; however, BACKGROUND INQUIRIES AND SERVICES   warrants and represents that it will have reasonable procedures in place to report the information as provided by such sources. Except for the limited warranty above, BACKGROUND INQUIRIES AND SERVICES   HEREBY DISCLAIMS ALL OTHER REPRESENTATIONS AND WARRANTIES REGARDING THE PERFORMANCE OF THE SERVICE AND THE ACCURACY, CURRENCY, OR COMPLETENESS OF ANY DATA, INFORMATION OR SCREENING REPORT, INCLUDING (WITHOUT LIMITATION) ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT, AND ANY IMPLIED INDEMNITIES.

6.2 .Company understands that searches of international background screening will be conducted through the services of a third-party independent contractor. Because of differences in foreign laws, language, and the manner in which foreign records are maintained and reported, BACKGROUND INQUIRIES AND SERVICES   cannot be either an insurer or a guarantor of the accuracy of the information reported. Company therefore releases BACKGROUND INQUIRIES AND SERVICES   and its affiliated companies, officers, agents, employees, and independent contractors from any liability whatsoever in connection with erroneous information received as a result of an international background screening report.

6.3. BACKGROUND INQUIRIES AND SERVICES recommends that Company screen its applicants or employees at the county court-house or online system, federal, and multi-state/nationwide database levels. Company understands that if it chooses not to conduct searches at these levels, BACKGROUND INQUIRIES AND SERVICES cannot be held responsible for any records that exist that are not included in the coverage requested by Company. Company further understands that the multi-state/nationwide database report will only be offered in conjunction with a county-level verification of any records found and that Company will bear any additional costs associated with this verification.

Note on Credit Reports and Credit Bureaus.

7.1. Credit bureaus require specific documents and certifications, which may be in the form of addendums to this Agreement, in connection with providing credit reports. Executing this Agreement is only one of the steps necessary to complete an application process with a credit bureau. BACKGROUND INQUIRIES AND SERVICES   retains the right to request additional documentation and certifications from Company, as well as a physical inspection of Company's business location, from time to time in order to comply with credit bureau requirements, and Company understands that it shall not be entitled to receive credit reports unless and until it honors all requests for information and delivers such certifications.

7.2. Company certifies, if receiving credit reports through BACKGROUND INQUIRIES AND SERVICES  , that it will promptly notify BACKGROUND INQUIRIES AND SERVICES   of any change in Company location, structure, ownership or control, including but not limited to the addition of any branch(es) that will be requesting and/or accessing credit reports. Company understands that any such change may require Company to re-submit to BACKGROUND INQUIRIES AND SERVICES   certain documentation and certifications described in section 7.1 above, as well as submit to a new physical inspection.

7.3.Credit reports are only accessible through screening records

7.4.Credit bureaus may prohibit the following persons, entities and/or businesses from obtaining credit reports: bail bond enforcement or bounty hunters, internet people locator services, diet centers, adoption search firms, credit repair companies or credit clinics, for profit credit counseling, loan modification companies, attorneys, law firms, investigative companies (including private investigators and detective agencies except those licensed for and exclusively practicing, investigative work for employment purposes), media agencies, news agencies, journalists, non-governmental agencies or businesses associated with the collected of child support, dating services, asset location services (does not include collection agencies), condominium/homeowners associations, future services including but not limited to continuity and health clubs (except health club/spas human resources departments), timeshare, companies involved and/or associated with inappropriate adult content web sites and/or adult-type telephone services, businesses that operate out of an apartment, companies or individuals who are known to have been involved in credit fraud or other unethical business practices, any person or entity known or suspected to be engaged in fraudulent or illegal activity such as identity theft, harassment or stalking, any company or individual listed as a Specially Designated National on the Office of Foreign Asset Control (OFAC) website, or persons or entities that are not an end-user or decision maker.

 


 

EXHIBIT A-1

All users of consumer reports must comply with all applicable regulations. Information about applicable regulations currently in effect can be found at the Consumer Financial Protection Bureau's website, www.consumerfinance.gov/learnmore.

 

NOTICE TO USERS OF CONSUMER REPORTS:

OBLIGATIONS OF USERS UNDER THE FCRA

The Fair Credit Reporting Act (FCRA), 15 U.S.C. §1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Consumer Financial Protection Bureau's (CFPB) website at www.consumerfinance.gov/learnmore. At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at CFPB's website. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA.

The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher.

OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS

Users Must Have a Permissible Purpose

Congress has limited the use of consumer reports to protect consumers' privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are:

As ordered by a court or a federal grand jury subpoena. Section 604(a)(1)

As instructed by the consumer in writing. Section 604(a)(2)

For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer's account. Section 604(a)(3)(A)

For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b)

For the underwriting of insurance as a result of an application from a consumer. Section 604(a)(3)(C)

When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a)(3)(F)(i)

To review a consumer's account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii)

To determine a consumer's eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant's financial responsibility or status. Section 604(a)(3)(D)

For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a)(3)(E)

For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a)(4) and 604(a)(5)

In addition, creditors and insurers may obtain certain consumer report information for the purpose of making "prescreened" unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of "prescreened" information are described in Section VII below.

Users Must Provide Certifications

Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose.

Users Must Notify Consumers When Adverse Actions Are Taken

The term "adverse action" is defined very broadly by Section 603. "Adverse actions" include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA — such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer.

Adverse Actions Based on Information Obtained From a CRA

If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following:

The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report.

A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made.

A statement setting forth the consumer's right to obtain a free disclosure of the consumer's file from the CRA if the consumer makes a request within 60 days.

A statement setting forth the consumer's right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA.

Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies

If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1) requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer's written request.

Adverse Actions Based on Information Obtained From Affiliates

If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above.

Users Have Obligations When Fraud and Active Duty Military Alerts are in Files

When a consumer has placed a fraud alert, including one relating to identify theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer's alert.

Users Have Obligations When Notified of an Address Discrepancy

Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer's file. When this occurs, users must comply with regulations specifying the procedures to be followed. Federal regulations are available at www.consumerfinance.gov/learnmore.

Users Have Obligations When Disposing of Records

Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. Federal regulations have been issued that cover disposal.

CREDITORS MUST MAKE ADDITIONAL DISCLOSURES

If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations prescribed by the CFPB.

Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) ("Notice to the Home Loan Applicant").

OBLIGATIONS OF USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES

Employment Other Than in the Trucking Industry

If the information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must:

Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained.

Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment.

Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer's rights will be provided to the consumer.

Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer's rights (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken.

An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment. Section 615(b)(2).

The procedures for investigative consumer reports and employee misconduct investigations are set forth below.

Employment in the Trucking Industry

Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company.

OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED

Investigative consumer reports are a special type of consumer report in which information about a consumer's character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a user intends to obtain an investigative consumer report, Section 606 requires the following:

The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.)

The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below.

Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time.

SPECIAL PROCEDURES FOR EMPLOYMEE INVESTIGATIONS

Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation.

 

OBLIGATIONS OF USERS OF MEDICAL INFORMATION

Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes — or in connection with a credit transaction (except as provided in federal regulations) — the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or a permitted by statute, regulation, or order).

 

OBLIGATIONS OF USERS OF "PRESCREENED" LISTS

The FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with unsolicited offers of credit or insurance under certain circumstances. Sections 603(1), 604(c), 604(e), and 615(d). This practice is known as "prescreening" and typically involves obtaining from a CRA a list of consumers who meet certain preestablished criteria. If any person intends to use prescreened lists, that person must (1) before the offer is made, establish the criteria that will be relied upon to make the offer and grant credit or insurance, and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer. In addition, any user must provide with each written solicitation a clear and conspicuous statement that:

Information contained in a consumer's CRA file was used in connection with the transaction.

The consumer received the offer because he or she satisfied the criteria for credit worthiness or insurability used to screen for the offer.

Credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on credit worthiness or insurability, or the consumer does not furnish required collateral.

The consumer may prohibit the use of information in his or her file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report. The statement must include the address and toll-free telephone number of the appropriate notification system.

In addition, the CFPB has established the format, type size, and manner of the disclosure required by Section 615(d), with which users must comply. The relevant regulation is 12 CFR 1022.54.

 

OBLIGATIONS OF RESELLERS

Disclosure and Certification Requirements

Section 607(e) requires any person who obtains a consumer report for resale to take the following steps:

·         Disclose the identity of the end-user to the source CRA.

·         Identify to the source CRA each permissible purpose for which the report will be furnished to the end-user.

Establish and follow reasonable procedures to ensure that reports are resold only for permissible purposes, including procedures to obtain:

(1) the identify of all end-users;

(2) certifications from all users of each purpose for which reports will be used; and

(3) certifications that reports will not be used for any purpose other than the purpose(s) specified to the reseller. Resellers must make reasonable efforts to verify this information before selling the report.

 

Reinvestigations by Resellers

Under Section 611(f), if a consumer disputes the accuracy or completeness of information in a report prepared by a reseller, the reseller must determine whether this is a result of an action or omission on its part and, if so, correct or delete the information. If not, the reseller must send the dispute to the source CRA for reinvestigation. When any CRA notifies the reseller of the results of an investigation, the reseller must immediately convey the information to the consumer.

Fraud Alerts and Resellers

Section 605A(f) requires resellers who receive fraud alerts or active duty alerts from another consumer reporting agency to include these in their reports.

LIABILITY FOR VIOLATIONS OF THE FCRA

Failure to comply with the FCRA can result in state government or federal government enforcement actions, as well as private lawsuits. Sections 616, 617, and 621. In addition, any person who knowingly and willfully obtains a consumer report under false pretenses may face criminal prosecution. Section 619.

The CFPB's website, www.consumerfinance.gov/learnmore, has more information about the FCRA, including publications for businesses and the full text of the FCRA.

Citations for FCRA sections in the U.S. Code, 15 U.S.C. § 1618 et seq.:

Section 602                        15 U.S.C. 1681

Section 603                        15 U.S.C. 1681a

Section 604                        15 U.S.C. 1681b

Section 605                        15 U.S.C. 1681c

Section 605A                     15 U.S.C. 1681cA

Section 605B                      15 U.S.C. 1681cB

Section 606                        15 U.S.C. 1681d

Section 607                        15 U.S.C. 1681e

Section 608                        15 U.S.C. 1681f

Section 609                        15 U.S.C. 1681g

Section 610                        15 U.S.C. 1681h

Section 611                        15 U.S.C. 1681i

Section 612                        15 U.S.C. 1681j

Section 613                        15 U.S.C. 1681k

Section 614                        15 U.S.C. 1681l

Section 615                        15 U.S.C. 1681m

Section 616                        15 U.S.C. 1681n

Section 617                        15 U.S.C. 1681o

Section 618                        15 U.S.C. 1681p

Section 619                        15 U.S.C. 1681q

Section 620                        15 U.S.C. 1681r

Section 621                        15 U.S.C. 1681s

Section 622                        15 U.S.C. 1681s-1

Section 623                        15 U.S.C. 1681s-2

Section 624                        15 U.S.C. 1681t

Section 625                        15 U.S.C. 1681u

Section 626                        15 U.S.C. 1681v

Section 627                        15 U.S.C. 1681w

Section 628                        15 U.S.C. 1681x

Section 629                        15 U.S.C. 1681y

 

 

EXHIBIT A-2

Para informacion en espanol, visite www.consumerfinance.gov/learnmore o escribe a la Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.


 

A Summary of Your Rights Under the Fair Credit Reporting Act

The federal Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. There are many types of consumer reporting agencies, including credit bureaus and specialty agencies (such as agencies that sell information about check writing histories, medical records, and rental history records). Here is a summary of your major rights under the FCRA. For more information, including information about additional rights, go to www.consumerfinance.gov/learnmore or write to: Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.

You must be told if information in your file has been used against you. Anyone who uses a credit report or another type of consumer report to deny your application for credit, insurance, or employment — or to take another adverse action against you — must tell you, and must give you the name, address, and phone number of the agency that provided the information.

You have the right to know what is in your file. You may request and obtain all the information about you in the files of a consumer reporting agency (your "file disclosure"). You will be required to provide proper identification, which may include your Social Security number. In many cases, the disclosure will be free. You are entitled to a free file disclosure if:

·         a person has taken adverse action against you because of information in your credit report;

·         you are the victim of identity theft and place a fraud alert in your file;

·         your file contains inaccurate information as a result of fraud;

·         you are on public assistance;

·         you are unemployed but expect to apply for employment within 60 days.

In addition, all consumers are entitled to one free disclosure every 12 months upon request from each nationwide credit bureau and from nationwide specialty consumer reporting agencies. See www.consumerfinance.gov/learnmore for additional information.

You have the right to ask for a credit score. Credit scores are numerical summaries of your credit-worthiness based on information from credit bureaus. You may request a credit score from consumer reporting agencies that create scores or distribute scores used in residential real property loans, but you will have to pay for it. In some mortgage transactions, you will receive credit score information for free from the mortgage lender.

You have the right to dispute incomplete or inaccurate information. If you identify information in your file that is incomplete or inaccurate, and report it to the consumer reporting agency, the agency must investigate unless your dispute is frivolous. See www.consumerfinance.gov/learnmore for an explanation of dispute procedures.

Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Inaccurate, incomplete or unverifiable information must be removed or corrected, usually within 30 days. However, a consumer reporting agency may continue to report information it has verified as accurate.

Consumer reporting agencies may not report outdated negative information. In most cases, a consumer reporting agency may not report negative information that is more than seven years old, or bankruptcies that are more than 10 years old.

Access to your file is limited. A consumer reporting agency may provide information about you only to people with a valid need — usually to consider an application with a creditor, insurer, employer, landlord, or other business. The FCRA specifies those with a valid need for access.

You must give your consent for reports to be provided to employers. A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer. Written consent generally is not required in the trucking industry. For more information, go to www.consumerfinance.gov/learnmore.

You may limit "prescreened" offers of credit and insurance you get based on information in your credit report. Unsolicited "prescreened" offers for credit and insurance must include a toll-free phone number you can call if you choose to remove your name and address from the lists these offers are based on. You may opt-out with the nationwide credit bureaus at 1-888-567-8688.

You may seek damages from violators. If a consumer reporting agency, or, in some cases, a user of consumer reports or a furnisher of information to a consumer reporting agency violates the FCRA, you may be able to sue in state or federal court.

Identity theft victims and active duty military personnel have additional rights. For more information, visit www.consumerfinance.gov/learnmore.

States may enforce the FCRA, and many states have their own consumer reporting laws. In some cases, you may have more rights under state law. For more information, contact your state or local consumer protection agency or your state Attorney General. For information about your federal rights, contact:

 

TYPE OF BUSINESS           CONTACT

1.a. Banks, savings associations, and credit unions with total assets of over $10 billion and their affiliates.

 

b. Such affiliates that are not banks, savings associations, or credit unions also should list, in addition to the CFPB:                a. Consumer Financial Protection Bureau

1700 G Street NW

Washington, DC 20552

 

b. Federal Trade Commission: Consumer Response Center-FCRA

Washington, DC 20580

(877) 382-4357

2. To the extent not included in item 1 above:

 

a. National banks, federal savings associations, and federal branches and federal agencies of foreign banks

 

b. State member banks, branches and agencies of foreign banks (other than federal branches, federal agencies, and Insured State Branches of Foreign Banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act

 

c. Nonmember Insured Banks, Insured State Branches of Foreign Banks, and insured state savings associations

 

d. Federal Credit Unions                a. Office of the Comptroller of the Currency

Customer Assistance Group

1301 McKinney Street, Suite 3450

Houston, TX 77010-9050

 

b. Federal Reserve Consumer Help Center

P.O. Box 1200

Minneapolis, MN 55480

 

c. FDIC Consumer Response Center

1100 Walnut Street, Box #11

Kansas City, MO 64106

 

d. National Credit Union Administration

Office of Consumer Protection (OCP)

Division of Consumer Compliance and Outreach (DCCO)

1775 Duke Street

Alexandria, VA 22314

 

3. Air Carriers     Asst. General Counsel for Aviation Enforcement & Proceedings

1200 New Jersey Avenue, SE

Washington, DC 20590

 

4. Creditors Subject to Surface Transportation Board Office of Proceedings, Surface Transportation Board                Department of Transportation

395 E Street S.W.

Washington, DC 20423

 

5. Creditors Subject to Packers and Stockyards Act, 1921 Nearest Packers and Stockyards Administration area supervisor

 

6. Small Business Investment Companies              Associate Deputy Administrator for Capital Access

United States Small Business Administration

409 Third Street, SW, 8th Floor

Washington, DC 20416

7. Brokers and Dealers   Securities and Exchange Commission

100 F St NE

Washington, DC 20549

 

8. Federal Land Banks, Federal Land Bank Associations, Federal Intermediate Credit Banks, and Production Credit Associations       

Farm Credit Administration

1501 Farm Credit Drive

McLean, VA 22102-5090

 

9. Retailers, Finance Companies, and All Other Creditors Not Listed Above             FTC Regional Office for region in which the creditor operates

or Federal Trade Commission: Consumer Response Center- FCRA

Washington, DC 20580

(877) 382-4357

 


 

EXHIBIT B

ACCESS SECURITY REQUIREMENTS

The following information security measures are designed to reduce unauthorized access to consumer information. It is Company's responsibility to implement these controls. If Company does not understand these requirements or needs assistance, it is Company's responsibility to employ an outside service provider to assist it. Capitalized terms used herein have the meaning given in the Glossary attached hereto. These Access Security Requirements may change without notification. The information provided herewith provides minimum baselines for information security.

In accessing BACKGROUND INQUIRIES AND SERVICES Software Service and/or Experian's credit reporting services, where applicable, Company agrees to follow these security requirements:

Implement Strong Access Control Measures

1.1. Each user shall maintain a unique user ID and password to enable individual authentication and accountability for access to credit information.

1.2. User ID(s) and passwords are to be kept Confidential and not shared or given to others. Account numbers and passwords should be known only by supervisory personnel. System access software which utilizes user ID(s) or passwords must have these components hidden or embedded.

1.3. Develop strong passwords that are:

Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)

Contain a minimum of seven (7) alphanumeric characters for standard user accounts

1.4. Restrict the number of key personnel who have access to credit information. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand the requirements to access such information are only for the permissible purpose for which you have been granted access to credit reports by BACKGROUND INQUIRIES AND SERVICES  . Ensure that employees do not access credit reports on themselves or any family member(s) or friend(s) unless it is in connection with a legitimate business transaction or for another permissible purpose.

1.5. Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.

1.6. Implement a process to terminate access rights immediately for users who are terminated or when they have a change in their job tasks and no longer require access to credit information.

1.7.After normal business hours, turn off and lock all devices or systems used to obtain credit information.

1.8.Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Maintain a Vulnerability Management Program

2.1.Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates.

2.2.Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.

2.3.Implement and follow current best security practices for Computer Virus detection scanning services and procedures:

Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks.

If an actual or potential virus is suspected, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.

On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files.

2.4.Implement and follow current best security practices for computer anti-Spyware scanning services and procedures:

Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks.

If actual or potential Spyware is suspected, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers.

Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If company's computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), it is recommended that anti-Spyware scans be completed more frequently than weekly.

 

Protect Data

3.1.Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc).

3.2.All credit information is classified as Confidential and must be secured to this requirement at a minimum.

3.3.Encrypt all credit reporting agency data and information when stored on any company laptop computer and in company's database using AES or 3DES with 128-bit key encryption at a minimum.

3.4.Only open email attachments and links from trusted sources and after verifying legitimacy.

Maintain an Information Security Policy

4.1.Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.

4.2. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.

4.3. Per the FACTA Disposal Rules, implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.

4.4.Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.

Build and Maintain a Secure Network

5.1.Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.

5.2.Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.

5.3.Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.

5.4.Any stand-alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services and network traffic.

5.5.Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available.

5.6.Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.

 

Regularly Monitor and Test Networks

6.1.Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).

6.2.Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit information systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by:

·         protecting against intrusions;

·         securing the computer systems and network devices;

·         and protecting against intrusions of operating systems or software.

"Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation."

 

Glossary to Access Security Requirements

Term     Definition

Computer Virus  A Computer Virus is a self-replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying.

Confidential       Very sensitive information. Disclosure could adversely impact your company.

Encryption          Encryption is the process of obscuring information to make it unreadable without special knowledge.

Firewall In computer science, a Firewall is a piece of hardware and/or software which functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.

Information Lifecycle or Data Lifecycle    Management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained.

IP Address          A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices - including routers, computers, time-servers, printers, Internet fax machines, and some telephones - must have its own unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices.

Router  A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data packets.

Spyware              Spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the consent of that machine's owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet.

SSID       Part of the Wi-Fi Wireless LAN, a service set identifier (SSID) is a code that identifies each packet as part of that network. Wireless devices that communicate with each other share the same SSID.

WEP Encryption (Wired Equivalent Privacy) A part of the wireless networking standard intended to provide secure communication. The longer the key used, the stronger the encryption will be. Older technology reaching its end of life.

WPA      (Wi-Fi Protected Access) A part of the wireless networking standard that provides stronger authentication and more secure communications. Replaces WEP. Uses dynamic key encryption verses static as in WEP (key is constantly changing and thus more difficult to break than WEP).