CHECKR, INC. SERVICES AGREEMENT

This Services Agreement together with any Orders (as defined below) (collectively, the “Agreement”) contains the terms and conditions that govern your access to and use of the Platform (as defined below) and is an agreement between Checkr, Inc. (“Checkr”) and you or the entity you represent (“Customer”, “You” or “Your”). This Agreement takes effect when You click the “Continue” button or check box presented with these terms or, if earlier, when You use any of Checkr’s service offerings (the ”Effective Date”). You represent to us that You are lawfully able to enter into this agreement (e.g., You are not a minor). If You are entering into this Agreement and creating an Account for an entity, such as the company You work for, You represent to us that You have legal authority to bind that entity. 

By entering into this Agreement and/or creating an Account, You are certifying that You have direct knowledge of the facts You are certifying to herein and certify and agree to the following:

  • You certify that You will order and use the Reports only for (i) employment purposes, as defined by the FCRA, including hiring and promotion decisions, or (ii) the permissible purpose You selected when creating Your Account. Prior to ordering any Reports, you must obtain the Consumer’s written authorization, pursuant to Section 3 of the Agreement, and use reasonable steps to verify that all Consumer personal information transferred to Checkr is accurate and belongs to the Consumer for whom a Report is being requested. . You certify that You will notify Checkr immediately if Your permissible purpose change(s) for any reason. You also certify that You are the business type stated in Your Account, have a need for consumer credit information in connection with the evaluation of individuals for employment, promotion, reassignment or retention as an employee, and are in compliance with any additional state and local requirements for obtaining and using consumer credit information. Each time You order or access a Report, you reaffirm the certifications in Section 3 of the Agreement. See Section 3 of the Agreement for further requirements.
  • While You acknowledge sole responsibility for compliance with any state and/or local regulations that require that a copy of the Report be provided to the Consumer upon request, to the extent the Consumer has requested a copy through Checkr’s Hosted Platform or You have communicated the request to Checkr via API, or otherwise configured Your account to do so, You authorize Checkr to provide on your behalf a copy of the Report to each Consumer about whom You have requested a Report, to the email address provided by the Consumer.
  • You acknowledge receipt of and certify that You have reviewed and fully understand the following three statutory notices:

You authorize the use of the documents and links above with Your Consumers via the Platform. Unless You elect to utilize the Checkr Hosted Platform, You agree to give Your Consumers the documents and links above when applicable, as well as any statutory notices required by state or local regulations. 

  • You understand that Your compliance with all applicable Law is solely Your responsibility.  Checkr provides account configuration support (package and product setting suggestions, such as MVR filters and fairness settings), as well as a variety of sample forms (disclosures, notifications, and authorizations), and other support materials in order to assist You with Your compliance obligations, however, none of these materials have been prepared specifically for You or on Your behalf.  Use of Checkr forms and other materials, whether as part of the Checkr Hosted Platform or elsewhere, means that You certify that You have reviewed, fully understand, have received independent legal advice on the contents and effects of any such configurations or materials as they relate to your legal compliance and/or liability, and You are solely responsible for the adoption and use thereof.  Nothing provided to You by Checkr should be construed as legal advice. 

1. DEFINITIONS

Address History Scope” means the Consumer’s address history that is determined by Checkr to be relevant to the Order and Consumer, which will be used for searching records.

“Account” means a Checkr account associated with a valid e-mail address.

Agreement” means collectively, this Agreement and any Order(s) including any Exhibits thereto, entered into between the parties.

API” means the Checkr Platform’s application programming interface(s) used to provide Checkr’s services. 

App” means a software application owned or controlled by You that implements the API.

Approved Affiliates” means Customer’s affiliates, parents, or subsidiaries who Checkr has approved in writing to access the Platform under this Agreement.

Background Check” means the production of a Report.

Background Information” means the personal information required to be submitted to the Platform to conduct a Background Check on that Consumer.

Checkr Forms” means any standard disclosure, authorization, and notification forms made available to You by Checkr.

Checkr Hosted Platform” means the standard Consumer registration flow as presented on Checkr’s Platform. 

Checkr Partner” means a Checkr approved third party service authorized to provide End Users with the access, use or purchase of Checkr’s services.

Consumer” means an individual applicant who is subject to a Background Check in support of their application for employment or engagement as an independent contractor by You.

Credit Report” means a specific type of Report including consumer credit information obtained from a credit bureau. 

Customer Credential Application” means the credentialing application form that You must submit to Checkr in order to seek approval to become a customer of Checkr.

Customer Portal” means the online Checkr portal and related tools that Checkr makes available to You and its other customers, to access the Platform and manage Background Checks.

Documentation” means any technical literature, end user agreements, Customer instructions, and other written materials ordinarily provided by Checkr with the Platform.

Employment Purposes” means the specific permissible purpose of a Report concerning the evaluation of individuals for employment, promotion, reassignment or retention as an employee or independent contractor.

FCRA” means the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.

Fees” means collectively, the Service Fees, Variable Costs, Platform Subscription Fee, and Implementations Fees.

Intellectual Property Rights” means all forms of proprietary rights, titles, interests, and ownership relating to patents, copyrights, trademarks, trade dresses, trade secrets, know-how, mask works, moral rights, and all similar rights that may exist now or later in any jurisdiction, including without limitation any applications and registrations for the foregoing.

Investigative Consumer Report” means a specific type of Report as defined under FCRA Section 603(e).

Law” means all applicable laws, rules and regulations, whether federal, state, local or international.

MVR” means motor vehicle records. 

Order” means the order form or account registration form submitted in connection with, or referencing, this Agreement, and specifies the certain products that You are authorized to purchase.

Platform” means the background check platform offered by Checkr, that allows access to Checkr’s various products, including but not limited to the Customer Portal, the APIs and other technology and tools offered by Checkr.

Privacy Policy” is located at https://checkr.com/privacy-policy/.

Report” means a consumer report or other applicable screening product offered on the Platform (as defined under the FCRA and applicable state Laws), including a Credit Report and an Investigative Consumer Report (if applicable).

Reporting Scope” means the scope of information that may be reported to You by Checkr based on your Order, subject to applicable Law.

“Rules Criteria” means the set of rules defined by Customer that controls how Report content, including, but not limited to criminal records and any applicable motor vehicle records, is filtered, categorized, and/or displayed on a Report, by Checkr on Your behalf.

Service Fees” means the fees specified in Your Order for purchase of Reports. Service Fees do not include Variable Costs.

Term” is defined in each applicable Order.

“You” means the Customer listed on the Order and, if applicable, any Approved Affiliates.

Variable Costs” means the additional variable costs and fees that may be imposed by governmental entities or third parties for the Background Check that You order, including, but not limited to, court fees, county processing fees, multi-state fees, and international fees, etc.. Additional pricing information may be located at https://checkr.com/pricing/additional-pricing-information/, as updated from time-to-time.

2. USE OF PLATFORM

2.1 Credentialing Required. YOU ACKNOWLEDGE AND AGREE THAT THIS AGREEMENT IS CONTINGENT ON CHECKR RECEIVING AND APPROVING YOUR CUSTOMER CREDENTIAL APPLICATION. YOU WILL NOT HAVE AN ACCOUNT WITH CHECKR OR ACCESS TO THE PLATFORM OR REPORTS UNTIL CHECKR APPROVES YOUR CUSTOMER CREDENTIAL APPLICATION AND PROVIDES YOU WITH A USERNAME AND PASSWORD PROMPT. You must submit a complete and accurate Customer Credential Application and provide all reasonably requested information about You as part of Checkr’s credentialing process. Any information that You provide via the Customer Credential Application or to the Platform will be handled in accordance with our Privacy Policy. Checkr, in its sole discretion, may accept or reject Your Customer Credential Application. Only the entity that enters into this Agreement may use and access the Platform under this Agreement. Any Approved Affiliates must submit their own Customer Credential Application and be separately credentialed.  

2.2 Account Creation. In addition to this Agreement, You must create an Account and enter into an Order with Checkr before You can use the Platform. The Order will specify the Service Fees and Report(s) that apply. If You wish to add other Report types later, please contact Your sales representative.

2.3. Use of Platform. During the Term and subject to the terms of the Agreement, You may access and use the Platform solely:

(a) for Your own use of the specific Report(s) in the Order; and

(b) via the Checkr API in compliance with its accompanying Documentation, and any reasonable rules or guidelines that Checkr may provide.

2.4. Restrictions. You represent and warrant that You shall:

(a) not use, or attempt to use, the Platform for unauthorized purposes (e.g., tenant screening);

(b) not use the Platform for the benefit of any third party without Checkr’s prior written permission; 

(c) not do any of the following, or allow any third party to do any of the following: (i) copy, distribute, rent, lease, lend, sublicense or transfer the Platform, or make the Platform available to any third party, including Your affiliates, parents or subsidiaries, other than Approved Affiliates, without Checkr’s express prior written consent, (ii) modify, decompile, reverse engineer, or disassemble the Platform or otherwise attempt to discover any underlying source code, ideas, algorithms, file formats or programming interfaces, (iii) create derivative works based on the Platform; (iv) modify, remove, or obscure any copyright, trademark, patent or other notices or legends that appear on the Platform; or (v) use the Platform to develop a competitive product offering;

(d) not use any agents, robots, scripts, spiders, or other automated means to access or manage the Platform; and

(e) not allow Your personnel to access the Platform or order Reports for improper, illegal or unauthorized purposes, including on themselves, associates, or any other person except in the exercise of their official duties.  

2.5 API Keys. Checkr will make API keys available to You to access the Checkr Platform. You are responsible for securing your API keys, and you agree not to publish or share them with any unauthorized persons, including Your service providers, except as approved by Checkr in writing.  You will contact Checkr immediately if you become aware of any unauthorized use of your API keys. 

3. USE OF REPORTS

3.1 Your Certifications. When requesting and using Reports, You must comply with all Laws, including but not limited to the FCRA, anti-discrimination Laws, and state Laws. You are solely liable for Your failure to do so. You certify and agree:

(a) To request and use each Report only for the permissible purpose(s) to which You certified in each applicable Order and for which You are permitted by Law to use such Report;

(b) To use each Report for only a one-time use (e.g., You may use a Report to determine eligibility for employment, but You may not later use that same Report to determine eligibility for promotion);, and to use each Report within 30 days of completion date;

(c) To develop and follow reasonable procedures to comply with Laws and for the fair and equitable use of Background Information and Reports, as required by applicable equal opportunity and fair chance hiring Laws;

(d) To make adverse action decisions only in compliance with applicable Law;

(e) To strictly comply with the Security Obligations in Section 5 with respect to Reports and related information; 

(f) To hold the Reports in strict confidence and not disclose the Reports, unless required by Law, to any third parties; 

(g) To comply with and provide all statutorily required notices in FCRA and other state laws when using the Background Information and Reports;

(h) To maintain up-to-date compliance locations with each Report request, based on your applicable package configuration and account segmentation, and ensure such information is correctly reflected in the Platform;

(i) To maintain complete and accurate records of all required consents, authorizations and disclosure forms of each Consumer You requested a Report for, as required by Law, and make these records available to Checkr upon request, including any Checkr Forms that You have adopted and approved for Your own use; and

(j) To obtain the Consumer’s consent to receive from You and from Checkr, as applicable, any legal or other notices and communications electronically, including by SMS message, and to obtain such consent in compliance with U.S. Electronic Signatures in Global and National Commerce Act of 2000. 

3.2 California Certification. As applicable to You or the Report that You request, You hereby certify that, under the Investigative Consumer Reporting Agencies Act (“ICRAA”), California Civil Code Sections 1786 et seq., and the Consumer Credit Reporting Agencies Act (“CCRAA”), California Civil Code Sections 1785.1 et seq., if You are located in the State of California, and/or Your request for and/or use of Reports pertains to a California resident or worker, You certify to all of the following:

(a) When, at any time, Reports are sought for Employment Purposes, unless a legal exception otherwise applies, You have provided a clear and conspicuous disclosure in writing to the Consumer, which solely discloses: (1) that an Investigative Consumer Report may be obtained; (2) the permissible purpose of the Investigative Consumer Report; (3) that information on the Consumer’s character, general reputation, personal characteristics and mode of living may be disclosed; and (4) the name, address, telephone number, and website of the Consumer Reporting Agency conducting the investigation; and (5) the nature and scope of the investigation requested, including a summary of the provisions of California Civil Code Section 1786.22.

(b) When, at any time, Reports are sought for Employment Purposes, unless a legal exception otherwise applies, You agree to  only request a Report if the applicable Consumer has authorized in writing the procurement of the Report.

(c) In accordance with California Civil Code Sections 1786.16(a)(5) and (b), You agree to provide a means by which the Consumer may indicate on a written form, by means of a box to check, that he/she wishes to receive a copy of any Reports that are prepared.  If the Consumer wishes to receive a copy of the Report, You shall send (or contract with another entity to send) a copy of the Report to the Consumer within three business days of the date that the Report is provided to You. The copy of the Report shall contain the name, address, and telephone number of Checkr, who issued the report, and how to contact Checkr.

(d) Under all applicable circumstances, comply with California Civil Code Sections 1785.20 and 1786.40 in the taking of adverse action, which shall include, but may not be limited to, advising the Consumer against whom an adverse action has been taken that the adverse action was based in whole or in part upon information contained in the Report, informing the consumer in writing of Your name, address, and telephone number, and provide the Consumer of a written notice of his/her rights under the ICRA and the CCRAA.

3.3 Massachusetts Criminal Record Information Policy. As applicable to You or the Report that You request, You hereby certify that, under the Commonwealth’s Criminal Offender Record Information (“CORI”) law, if You are located in the State of Massachusetts, and/or Your request for and/or use of Reports pertains to a Massachusetts resident or worker, You certify to all of the following:

(a) Before asking a Consumer about their criminal records, You will provide a Consumer with copies of these records if You are in possession of such records;

(b) That before taking adverse action based, in whole or in part, on criminal history records, You will notify the Consumer of the potential adverse employment decision by sending required pre-adverse and adverse action notices and any other applicable notices.  The pre-adverse action notice will include the criminal history records, the sources of the records, a copy of Your CORI policy, and a copy of information from the state agency about the process for correcting a criminal record; and

(c) That You will also provide the Consumer with an opportunity to dispute the accuracy of the criminal history records by waiting at least five business days before taking final adverse action.

3.4 International Background Screenings. As applicable to You and Your Report requests, You certify that You comply with all international Laws, including but not limited to the GDPR and any regulation belonging to the country in which the Consumer currently resides or will be employed within. In addition to all other applicable certifications in this Section 3, You certify and agree:

(a) To take into consideration the nature, scope and context of the purpose to which You certify in each applicable Order, and to only request screenings that are directly relevant and necessary to the certified purpose;

(b) To only request screenings when a lawful basis of processing can be relied upon; and

(c) To limit use of Background Information to the purpose to which You certify in each applicable Order.

3.5 Employment Purposes. If You use or request a Report for Employment Purposes, You certify and agree:

(a) You will not request a Report for Employment Purposes unless:

i. A clear and conspicuous disclosure has been made in writing to the Consumer by You before the Report is obtained, in a document that consists solely of the disclosure that a consumer report may be obtained for Employment Purposes;

ii. The Consumer has authorized in writing the procurement of the Report; and

iii. Information from the Report will not be used in violation of any employment opportunity Laws. 

(b) You further certify that before taking adverse action in whole or in part based on a Report for Employment Purposes, you will provide the Consumer with:

i. A copy of the Report for Employment Purposes, as applicable; 

ii. A copy of the Consumer’s rights, in the format approved by the Consumer Financial Protection Bureau; and

iii. The required pre-adverse action notice and any other assessment forms or notices required by applicable Law. 

(c) That each time You order or access a Report for Employment Purposes, You are reaffirming the certifications in 3.1, 3.2, 3.4(a), 3.4(b), and 3.6 below. 

(d) That You understand that Checkr will not initiate a Report for Employment Purposes in the absence of a written authorization.

(e) You shall request a Report for Employment Purposes pursuant to procedures prescribed by Checkr from time to time only when You are considering the individual inquired upon for employment, promotion, reassignment or retention as an employee or contractor, and for no other purpose

(f) That, if and only if you request credit bureau data, You are not any of the following types of persons, entities and/or businesses: bail bondsmen, credit counseling firms, members of the media, resellers, financial counseling firms, credit repair clinics, pawn shops (except companies that do only title pawn), check cashing companies (except companies that do only loans, no check cashing), genealogical or heir research firms, massage or tattoo services, businesses that operate out of an apartment, individuals seeking information for their own private use, adult entertainment services of any kind, companies that locate missing children, companies that handle third party repossession, companies seeking information in connection with time shares, subscriptions companies, individuals involved in spiritual counseling or persons or entities that are not an end-user or decision maker.

(g) That while Checkr shall make commercially reasonable efforts to notify You of a failure to deliver any notices, authorizations, disclosures, pre-adverse or adverse action letters, You understand that the use of Checkr’s Platform, including without limitation, the adverse action features, does not relieve You of Your responsibilities under Section 3.5. In the event Checkr notifies You of a delivery failure for any notice or adverse action letter, You understand that it is Your responsibility as an end user to monitor and complete deliverability or take any other appropriate action necessary to complete Your required obligations. 

3.6 MVR Purposes. This Section shall apply if and only if You elect, in Your sole discretion, to receive MVRs and/or driving records.  If You request MVRs and/or driving records, You certify and agree:

(a) That You are ordering the MVRs and/or driving records in strict compliance with the Driver Privacy Protection Act (“DPPA”, at 18 U.S.C. § 2721 et seq.), if it applies, and any applicable state Laws.

(b) You have the Consumer’s written consent to obtain “driving records” and MVRs, and have stored original copies of such consents for audit by MVR regulators if they so request, or have otherwise satisfied this obligation (e.g., Consumer consent secured via the Platform).

(c) You will only use this MVR in the normal course of business to obtain lawful information relating to the holder of a commercial driver’s license or to verify information provided by the Consumer.

(d) You will not transmit any data contained in the MVR via the public internet, email or any other unsecured means.

(e) That default MVR filters are made available as a reference solely for Your efficiency, and Your use of such MVR filters means that You have reviewed and approved such categories.

3.7 Investigative Reports. If You request an Investigative Consumer Report, You certify and agree:

(a) That You have clearly and accurately disclosed to the Consumer, not later than three days after the date on which the Investigative Consumer Report was first requested, that 

i. an Investigative Consumer Report including information as to his or her character, general reputation, personal characteristics and mode of living may be made; and 

ii. the Consumer has the right to request a complete and accurate disclosure of the nature and scope of the investigation requested (“Investigative Report Disclosure”). 

(b) The Investigative Report Disclosure shall include a copy of the Consumer’s rights, in the format approved by the Consumer Financial Protection Bureau. 

(c) If the Consumer makes a written request within a reasonable amount of time after receipt of the Investigative Report Disclosure, You will make a complete and accurate written disclosure of the nature and scope of the investigation requested. This information will be provided to the Consumer no later than five (5) days after the request for such disclosure was received from the Consumer or such Report was first requested, whichever is the later.

3.8 Customer Rules Criteria. This Section shall apply if and only if You elect, in Your sole discretion, to implement and/or customize Rules Criteria

(a) To the extent You elect to implement and/or customize Rules Criteria and to the extent permitted by Law, You authorize Checkr to apply such Rules Criteria to the information contained in a Report in order to facilitate Your adjudication process provided that, You acknowledge and agree that You are solely responsible for: (1) Your Rules Criteria and for any decisions taken based on Your Rules Criteria; (2) determining when and whether to apply the outcomes from the application of Your Rules Criteria to Your evaluation of a Report; (3) reviewing the content of the Reports in the manner and method prescribed by applicable Law, including, but not limited to, conducting and/or documenting individualized assessments and performing final adjudications on all Reports; and (4) ensuring that Your utilization of the Rules Criteria in evaluating the Reports and in Your final adjudication is in compliance with all applicable Laws. You acknowledge and agree that Checkr shall not be liable for any application of Your Rules Criteria, and that application of Your Rules Criteria is deemed to be purely clerical in nature and shall be performed by Checkr on Your behalf. You further acknowledge and agree that: Checkr is not authorized to make any decision regarding employment, or any other decision on Your behalf, based on the information contained in a Report. 

(b) You certify that You have reviewed Your Rules Criteria to ensure that it complies with applicable Law, and that You will regularly update such criteria in order to ensure Your ongoing and continued compliance with applicable Law.

(c) With each order for a Report, You reaffirm the statements in 3.5(a) and certification in 3.5(b) above. 

(D) You certify and agree that the application and/or customization of a Rules Criteria is made available as a reference solely to facilitate Your adjudication obligations and Your use of such Rules Criteria means that You have reviewed and approved Checkr’s classification of record categories and that You adopt the Rules Criteria as Your own.

3.9 Drug Tests. This Section shall apply if and only if You elect, in your sole discretion, to order drug tests.Checkr will arrange for drug tests as You may request and will include the results of those tests received from drug test providers in Reports. You understand and represent that any drug test You may request or require is requested in accordance with any applicable federal, state, or local law, including the FCRA, if applicable. Drug tests will be performed by third-party vendors in accordance with directions received by You.

3.10 Continuous Check Service. This Section shall apply if and only if You elect, in Your sole discretion, to use the Continuous Check Service.

(a) General. At Your election and for the price(s) set forth on the applicable Order Form, Checkr will provide criminal record monitoring services and products to identify other criminal activity of subscribed Consumers after their initial onboarding and Report by Checkr and monitor for subsequent court-related activity as an extension of Checkr’s existing background screening process (the “Continuous Check Service”). Checkr will provide a new Report whenever any component of the Continuous Check Service returns pointers to reportable information on a Consumer to the extent permitted by law. Checkr must have completed a Report with a criminal search on the Consumer on Your behalf in order to enroll the Consumer in the Continuous Check Service.

(b) Consent. You shall be responsible for obtaining and maintaining all required disclosures, notices, and consents from the Consumer prior to his or her inclusion in the Continuous Check Service as required by applicable law, and certify as such to Checkr upon request. When requesting and using the Continuous Check Service, You must comply with all Laws, including but not limited to any applicable disclosure and authorization certification requirements and state-specific consent requirements. You reaffirm the certifications in Sections 3.1, 3.2, 3.5(a), 3.5(b), and 3.7 above with Your ongoing use of the Continuous Check Services. You are solely responsible for maintaining an up-to-date list of Consumers to be included in the Continuous Check Service in accordance with applicable Laws and re-obtaining consent if a Consumer is removed and later re-subscribed in the Continuous Check Service.

(c) Subscription Billing and Payment. You shall pay Checkr a monthly fee per each unique Consumer subscribed to the Continuous Check Service at any time within a calendar month, as set forth on Exhibit A of the applicable Order (“Subscription Fee”). You are solely responsible for maintaining an up-to-date list of Consumers to be included in the Continuous Check Service for invoicing purposes. SubscriptionFees will be billed on a monthly basis in arrears. All invoices must be paid within thirty (30) days from the date of invoice.

3.11 Third Party Services. At Your sole discretion, You may choose to take advantage of certain services offered through the Platform that are created, offered, supported and maintained by third parties (“Third Party Developers”) unaffiliated with Checkr or its affiliates (collectively, “Third Party Services”). Notwithstanding anything to the contrary in this Agreement, You acknowledge and agree that: (a) You access or deploy Third Party Services through the Platform at Your sole discretion; (b) You should read the terms and conditions and privacy policies associated with any Third Party Services which govern Your use of such Third Party Services; and (c) Checkr does not own or control any of these Third Party Developers or the Third Party Services. You further acknowledge and agree that Checkr is not responsible or liable for any such Third Party Services or acts or omissions of Third Party Developers, under any circumstances. Checkr does not in any way warrant the accuracy, reliability, security, completeness, usefulness, non-infringement, or quality of any Third Party Services (including without limitation the content contained therein). You agree that You bear all risks associated with using or relying on Third Party Services. If You have any questions about Third Party Services or the terms that govern the use of such Third Party Services, You should contact the applicable Third Party Developer directly.  

3.12 Not Legal Advice. Checkr does not, and cannot, provide legal advice or other compliance related services to You or guarantee Your compliance with Laws in your use of the Platform or Reports. You understand that any documents, information, conversations or communication with Checkr’s representatives regarding searches, verifications or other services offered by Checkr are not to be considered a legal opinion regarding such use.  You agree to consult with your own legal counsel (1) about the use of Rules Criteria and background screening information, including but not limited to, the legality of using or relying on reported information, and (2) to review any forms as well as the content of prescribed notices, adverse or pre-adverse action letters and any attachments to this Agreement for compliance with all Laws. You agree that the provision of such notices, pre-adverse or adverse action letters and the contents thereof is Your sole responsibility.  You acknowledge and agree that You have no obligation to use, and are solely responsible for independently vetting the contents of, any sample forms that Checkr has provided to You. 

3.13 Notice of Penalty Under the FCRA.  THE FCRA PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES SHALL BE FINED UNDER TITLE 18 OF THE UNITED STATES CODE OR IMPRISONED NOT MORE THAN TWO YEARS, OR BOTH.

4. DELIVERY TERMS AND LIMITATIONS

4.1 International Criminal Records. Checkr may use third party contractors to perform international background screenings. Because of differences in foreign laws, language, and the manner in which foreign records are maintained and reported, Checkr cannot insure or guarantee the accuracy of the information reported. You acknowledge and agree that You are solely responsible for complying with all applicable obligations under foreign Laws related to the ordering, use and evaluation of Background Checks.

4.2 National/Multi-State/County Database; Additional Costs. Checkr recommends that You screen applicants at the county courthouse or online system, federal, and multi-state/nationwide database levels. If You choose not to conduct certain searches or searches at these levels, Checkr is not liable for any records that exist that are not included in the Report. Checkr will include any Variable Costs associated with this verification in Your invoice. 

4.3 Support. You can request Platform support during Checkr’s normal business hours via email sent to clients@checkr.com. While Checkr makes commercially reasonable efforts to ensure continuous availability of the Platform, Checkr makes no representation, warranty or guarantee regarding the continuous availability or performance of the Platform.

4.4 Updates.  Checkr may change the Platform features, and the production, support, delivery, layout or maintenance of the Reports from time to time, or discontinue the provision of a Report, in its sole discretion, provided that no such change will result in any material reduction in the utility, functionality, or integrity of Checkr’s services to You. For any material and adverse changes to Report features and details, Checkr will use commercially reasonable efforts to provide at least 30 days advance notice to You. You also acknowledge that within thirty (30) days of a Report completion date, Checkr may update the Report as part of our quality assurance purposes. In such cases, Checkr will provide You and the Consumer a copy of the updated Report.

4.5 Platform AnalyticsYou understand and agree that the Platform offers a number of analytics (e.g., estimated Report completion date, geography, etc.) that are strictly for informational purposes and should not be used as a factor for Consumer assessment or adverse action purposes. 

5. YOUR SECURITY OBLIGATIONS

You represent and warrant that:

(a) You will establish a robust security policy, system, and facility to protect the security and dissemination of Background Information and Reports, including but not limited to maintaining a privacy policy that is clearly and accurately disclosed to Consumers and complies with applicable Laws, and maintain strict procedures to ensure that Your personnel are not able to use the Platform or Reports for improper, illegal or unauthorized purposes, pursuant to requirements similar to the requirements of Section 6103(p)(4) of the Internal Revenue Code of 1986.

(b) You are solely responsible for any Background Information You collect on behalf of Consumers.

(c) You will designate a limited number of key personnel who have a need to know about Background Information and Reports and inform them of Your obligations under this Agreement.

(d) Neither You nor Your personnel will give Your account credentials (login or password) to any unknown caller, even if the caller claims to be an employee of Checkr.

(e) You agree that any system access software that You use, whether developed by Your company or purchased from a third-party vendor, will keep your account number and password “hidden” or embedded and be known only by supervisory personnel.  You will assign a unique logon password to each user of the system access software. You will strictly prohibit the sharing of passwords. If such system access software is replaced by different access software and therefore no longer is in use or, alternatively, the hardware upon which such system access software resides is no longer being used or is being disposed of, or if the password has been compromised or believed to be compromised in any way, You will change Your password immediately. 

(f) You and Your personnel will secure all hard or electronic copies of Background Information and Reports within Your offices and facilities so that unauthorized persons cannot easily access them.  

(g) You will place all terminal devices used to obtain Background Information and Reports in a secure location within Your facility so that unauthorized persons cannot easily access them. 

(h) You will shred or destroy all hard copy Reports, and delete or render unreadable any electronic files containing Reports, after it is no longer needed and when Laws permit destruction.

(i) You are solely responsible for the activities of any person accessing the Platform using any credentials issued to You.

(j) You and Your personnel must use reasonable and industry standard means to secure account credentials, Reports, and Background Information, and promptly notify Checkr if you suspect that any of the foregoing have been compromised.

(k) You will abide by all applicable obligations set forth in the Data Protection Addendum attached hereto as Addendum 1. 

Checkr may review Your records that are reasonably required to demonstrate compliance with the terms of this Agreement at any time upon reasonable prior notice during the Term, and for 5 years thereafter, to confirm Your compliance with this Agreement. Your breach of this Agreement or violation of Law discovered by Checkr may result in immediate suspension and/or termination of Your account, under Section 12 of this Agreement, legal action and referral to regulatory agencies. 

6. DATA

6.1 Background Information. You authorize Checkr and its contractors/providers to use Background Information provided to the Platform in accordance with Checkr’s Privacy Policy. You agree that Checkr has no obligation to monitor or edit the Background Information, and that as between You and Checkr, You are solely responsible for the completeness and accuracy thereof. You acknowledge that: (i) the Platform uses the internet for data transfer and internet-connected servers to store Background Information, sometimes with third party providers, all using industry standard security measures; and (ii) no security measures are 100% effective. As such, Checkr makes no representations or warranties regarding the security of the Background Information.

6.2 Public Records. The data collected on Your behalf with respect to running Background Checks on Consumers, include without limitation, DMV records, criminal records, and other publicly available information is deemed to be “Public Records” that Checkr may retain, use, disclose, and delete in its sole discretion and as required or permitted by Law, provided that Checkr retains the Public Records in a manner that does not identify You.

6.3 Usage Data. Checkr owns all right, title and interest in and to all data collected by Checkr related to the operation of the Platform and Your use thereof (“Usage Data”). Usage Data may include Platform performance metrics and analysis, but does not include any Background Information or Public Records. Checkr will not disclose Usage Data to any third party in a manner that identifies You without Your consent other than (i) to Checkr’s third party service providers who use it for the sole benefit of Checkr or as required to provide You the Platform; or (ii) as may be required by Law or legal process. 

7. FEES AND PAYMENT

7.1 Fees. During the Term, You are authorized to order the Reports specified in Your Order. You will pay Checkr the Fees specified in each Order, in consideration for Reports ordered and Your use of the Platform. Checkr will automatically debit the ACH debit account You provide each month. Notwithstanding the foregoing, You shall not be required to pay any Fees reasonably in dispute, provided that You promptly notify Checkr in writing of the amount in dispute and the reasonable basis therefore within thirty (30) days following the end of month during which such Fees were earned. Any dispute not raised by You during the foregoing time period shall be deemed waived.  The parties will investigate and resolve any dispute in a timely and reasonable manner.  Checkr reserves the right to adjust fees on sixty (60) days’ written notice to you in the event of a ten percent (10%) or greater increase in Variable Costs or international currency fluctuations that are outside of Checkr’s reasonable control. 

7.2 Accepted Payment Methods. You must provide valid ACH debit information to Checkr for Your account in the Customer Portal before You can order any Background Checks. You are solely responsible for ensuring that Your payment information is complete and accurate at all times

7.3 Automatic Payment Terms. After the close of each calendar month, You will receive an invoice for the Fees that You incurred that month. Immediately thereafter, Checkr will automatically charge or withdraw funds via Checkr’s accepted payment methods for the Fees on each invoice. All payments must be made in the currency reflected in Your invoice. Any undisputed amounts due to Checkr under this Agreement not received by the date due will be subject to a late fee of 1.5% per month, or the maximum charge permitted by law, whichever is less. You are responsible for paying any withholding, sales, value added or other taxes, duties or charges applicable to this Agreement. You agree to pay any reasonable attorneys’ fees required for collection of late payment.

7.4 For Customers of Checkr Partners Only: Sections 7.1, 7.2 and 7.3 do not apply. You will pay Checkr Partner the Fees specified in each invoice sent by Your Checkr Partner, in consideration for Reports ordered and in accordance with such Checkr Partner’s terms of service. You must provide valid ACH debit information to such Checkr Partner for Your account before You can order any Reports.You will be required to reach out to Your Checkr Partner for any billing and payment related matters or disputes. 

8. OWNERSHIP; CONFIDENTIALITY

8.1 Checkr Ownership.  Checkr owns all right, title, interest, and Intellectual Property Rights, in and to the Platform and any software, technology, materials and information related to the Platform, whether currently existing or later developed. 

8.2 Your Ownership.  You own all right, title, interest, and Intellectual Property Rights, in and to the Apps (excluding any APIs or Checkr trademarks incorporated therein).

8.3 Feedback.  You are not required to provide any ideas, feedback or suggestions regarding any of Checkr’s products or services (“Feedback”) to Checkr. If You do provide any Feedback to Checkr, You agree to assign all right, title and interest in and to such Feedback to Checkr and agree that Checkr may freely use and exploit such Feedback without compensation to You.

8.4 Confidential Information.  Each party will keep confidential, all information and materials provided or made available, directly or indirectly, by the other party that is marked as confidential or proprietary, or is identified as confidential or proprietary at the time of disclosure, or the nature of the information and the manner of disclosure are such that a reasonable person would understand it to be confidential (collectively, “Confidential Information”). Checkr’s Confidential Information includes but is not limited to, the features, functionality and content of the Platform and any planned modifications or updates thereto, Fees and pricing information. Each party will maintain all Confidential Information in strict confidence by using at least the same level of care that is uses for its own confidential information, but in no case less than a prudent and reasonable standard of care. Each party may use Confidential Information solely for the purposes of performing its obligations or exercising its rights hereunder. Information that either party can establish: (a) was lawfully in a party’s possession before receipt from the other party; or (b) is or becomes a matter of public knowledge through no fault of the receiving party; or (c) was independently developed or discovered by a party without the benefit of any Confidential Information of the other party, shall not be considered Confidential Information under this Agreement. Each party may disclose Confidential Information solely to its employees and representatives that have a need to know to accomplish the purposes of this Agreement and each of whom are bound to protect the Confidential Information from unauthorized use and disclosure under the terms of a written agreement with terms as protective of the Confidential Information as those set forth in this Agreement. Each party may also disclose Confidential Information in response to a valid order of a court or other governmental body or as otherwise required by law to be disclosed; provided that, the responding party gives sufficient notice to the disclosing party to enable the disclosing party to take protective measures, and/or in any event only disclose the exact Confidential Information, or portion thereof, specifically requested. Except as otherwise expressly set forth in this Agreement, no rights or licenses to intellectual property in Confidential Information is granted by either party under this Agreement, whether express, implied or otherwise, to the other party. The obligations imposed on a receiving party shall survive until such time as the Confidential Information of the disclosing party becomes publicly available and/or made generally known through no action of the receiving party. All Confidential Information will be returned immediately to the disclosing party, or destroyed, after the receiving party’s need for it has expired or upon request of the disclosing party or termination of this Agreement. Each party agrees that any violation of these confidentiality provisions will cause irreparable injury to the other party entitling the other party to injunctive relief or other equitable relief, in addition to, and not in lieu of, any other remedies such party may be entitled to. The disclosure of Confidential Information will be governed by this Agreement, which supersedes any previous confidentiality or nondisclosure agreement executed by or on behalf of the parties. Any such Confidential Information will be treated as if it were disclosed under this Agreement (and this Agreement were in effect) as of the date of such exchange.

9. WARRANTIES; DISCLAIMERS

9.1 Warranties. Each party represents and warrants to the other party that: (i) it has the full corporate power and authority to enter into the Agreement; and (ii) the Agreement constitutes a legal, valid and binding obligation when executed and delivered.  You represent and warrant that your use of the Reports and Checkr Hosted Platform will comply with applicable Law. 

9.2 DISCLAIMER. YOU ACKNOWLEDGE THAT CHECKR OBTAINS THE INFORMATION IN ITS REPORTS FROM THIRD PARTY SOURCES “AS IS”, AND THEREFORE PROVIDES THE INFORMATION TO YOU ON AN “AS IS” AND “AS AVAILABLE” BASIS. CHECKR MAKES NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE, OR IMPLIED WARRANTIES ARISING FROM THE COURSE OF DEALING OR A COURSE OF PERFORMANCE WITH RESPECT TO THE ACCURACY, VALIDITY, OR COMPLETENESS OF ANY REPORTS THAT THE REPORTS WILL MEET YOUR NEEDS, OR WILL BE PROVIDED ON AN UNINTERRUPTED BASIS; CHECKR EXPRESSLY DISCLAIMS ANY AND ALL SUCH REPRESENTATIONS AND WARRANTIES. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, CHECKR EXPRESSLY DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR PERFORMANCE. CHECKR AND ITS SUPPLIERS, LICENSORS, PARTNERS AND SERVICE PROVIDERS DO NOT WARRANT THAT THE FUNCTIONALITY AND INFORMATION PROVIDED BY THE PLATFORM WILL BE CORRECT, UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS WILL BE CORRECTED.

10. INDEMNIFICATION  

You agree to defend and indemnify Checkr, and its directors, officers and employees from and against any third party liabilities, damages, losses, judgments, costs, expenses (including reasonable attorneys’ fees), claims, actions, demands and suits (collectively “Claims”) arising out of or relating to: (a) Your breach of any covenants, representations or warranties of this Agreement, including but not limited to Your failure to comply with the requirement set forth under Section 13.3; (b) Your violation of any Law, including but not limited to Your failure to comply with Your obligations under the FCRA; (c) the willful or malicious conduct by You or Your employees; or (d) the content, compliance, method of delivery or effectiveness of any notices, authorizations, disclosures, pre-adverse or adverse action letters. 

11. LIMITATION OF LIABILITY 

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CHECKR WILL NOT BE LIABLE FOR ANY INDIRECT, PUNITIVE, SPECIAL, RELIANCE, INCIDENTAL, CONSEQUENTIAL OR SIMILAR DAMAGES (INCLUDING LOSS OF REVENUE OR PROFITS) ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING THE USE OR INABILITY TO USE THE SERVICE, OR FOR ANY INFORMATION OBTAINED FROM OR THROUGH THE SERVICE, ANY INTERRUPTION, INACCURACY OR ERROR IN THE CONTENT, EVEN IF CHECKR HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CHECKR’S CUMULATIVE AND AGGREGATE LIABILITY ARISING OUT OF THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNTS YOU ACTUALLY PAID DURING THE SIX (6) MONTH PERIOD PRECEDING THE DATE OF THE CLAIM, UP TO A MAXIMUM OF $1,000 USD. RECOVERY OF THIS AMOUNT IS YOUR SOLE AND EXCLUSIVE REMEDY HEREUNDER AND THE PARTIES AGREE THAT THE LIMITATIONS AND DISCLAIMERS OF LIABILITY SET FORTH IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE AND REGARDLESS OF THE THEORY OF LIABILITY. THE PARTIES AGREE THAT THE LIMITATIONS AND DISCLAIMERS OF LIABILITY UNDER THIS SECTION CONSTITUTE A FUNDAMENTAL BASIS OF THEIR BARGAIN.

12. TERM; TERMINATION

12.2 Term. This Agreement is effective for one year from the Effective Date unless terminated earlier in accordance with this Agreement (the “Initial Term”).After the Initial Term, this Agreement automatically renews for additional one (1) year periods (each, a “Renewal Term”) until either party terminates with at least 30 days’ notice prior to the expiration of the Initial Term or Renewal Term, or until otherwise terminated per the Agreement. The Initial Term and any applicable Renewal Terms are collectively referred to as the “Term.” 

12.2 Suspension. Checkr may suspend or limit Your access to or use of the Platform at any time if: (i) You do not timely pay all Fees due; (ii) in the sole discretion of Checkr such action is necessary to prevent material errors or harm, or to limit Checkr’s liability; or (iii) You attempt to access or use the Platform or Reports in an unauthorized or unlawful manner. 

12.3 Termination for Cause. Checkr may terminate this Agreement or any Order at any time upon 30 days’ notice to You, or immediately with or without notice if: (i) Checkr believes that You have breached this Agreement or any Order or violated any Law; (ii) requested to do so by a third party data provider; or, (iii) a material change in existing legal requirements adversely affects this Agreement or any Order. Checkr may (but is not obligated to) terminate this Agreement and Your account if You are inactive on the Platform for six or more months. 

12.4 Termination for Convenience. Either party may terminate this Agreement or any Order for any reason upon thirty (30) days written notice to the other party; provided that, You shall remain liable for all Fees incurred up to the termination date.

12.5 Outstanding Orders. If applicable, any outstanding Reports pursuant to any Order and Your obligations under this Agreement will survive any termination of this Agreement.

13. GENERAL

13.1 Governing Law. This Agreement is governed by California Law, excluding its choice of law rules. Each party submits to jurisdiction of the state and federal courts in San Francisco, California.

13.2 Assignment. You may not assign any of Your rights or obligations under this Agreement without the prior written consent of Checkr. Subject to the foregoing, this Agreement inures to the benefit of and is binding on the parties’ permitted assignees, transferees and successors. Any attempted assignment in violation of this clause is void.

13.3 Consumer Arbitration Provisions. To the extent You have a Terms of Service, Terms of Use or similar document or agreement applicable to Consumers that includes an arbitration provision, You agree to add the following language (or language that is substantively the same) to that arbitration provision:  ‘Our rights and obligations under this arbitration provision shall inure to the benefit of the consumer reporting agency regardless of whether the consumer reporting agency is named as a co-defendant with us or named individually in a claim that would otherwise be subject to this arbitration provision if brought against us. 

13.4 Insurance. You represent and warrant that, during the Term of this Agreement, You will maintain, in full force and effect, appropriate insurance coverage in accordance with the best industry standards applicable to You, which shall include, at minimum, (a) at least $1,000,000 in broad form commercial general liability coverage; (b) statutorily required workers compensation insurance, and (c) employment practices liability insurance. You shall endeavor to provide Checkr thirty (30) days’ written notice in the event any of the policies required hereunder are reduced or cancelled.  Should You at any time fail to maintain the required insurance, such failure shall be considered a breach of this Agreement entitling Checkr to terminate for cause.

13.5 Publicity. You grant to Checkr the right to (i) use Your name, trademark and logo on Checkr’s website and in Checkr’s customer lists; and (ii) issue a press release regarding the relationship created by Your use of Checkr’s services.

13.6 Integration. This Agreement reflects the parties’ entire agreement relating to its subject and supersedes any prior or contemporaneous agreements on that subject. Checkr may modify this Agreement in its sole discretion. Checkr will make good faith efforts to give You at least 30 days’ notice of any material and/or detrimental changes to this Agreement, which notice may be provided via email or the Customer Portal.

13.7 Force Majeure. Checkr will not be responsible for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, internet or telecommunications failures; shortages of or inability to obtain labor, energy, or supplies; war, terrorism, riot, acts of God or governmental action; acts by hackers or other malicious third parties and problems with the Internet generally, and such performance shall be excused to the extent that it is prevented or delayed by reason of any of the foregoing.

13.8 Miscellaneous. The parties are independent contractors, and this Agreement does not create an agency, partnership or joint venture, or authority to bind the other party. There are no third-party beneficiaries to this Agreement. If any provision is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provisions essential purpose. Any waiver of a provision of this Agreement will only be valid if provided in writing and applies only to the specific occurrence so waived. Failure to enforce any provision will not constitute a waiver. Nothing in this Agreement will limit a party’s ability to seek equitable relief. Section headings are not to be used in the interpretation hereof. The following Sections survive any expiration or termination of the Agreement: 2.4, 3, 4.1 and 5 to 13.

13.9 Notices. To give compliant notice under this Agreement: 

From You to Checkr: Send the written notice via email to legal@checkr.com and simultaneously via postal mail to One Montgomery Street, Suite 2400 San Francisco, CA 94104. Checkr will notify You via the Platform, email or postal mail if it updates either.

From Checkr to You: Checkr will notify You via the Platform, or to the postal or email address You provide in the Customer Portal. You can update that information in the Customer Portal at any time. 

ADDENDUM 1
DATA PROTECTION ADDENDUM

This Data Protection Addendum (“DPA”) supplements the Agreement by and between You and any of Your Approved Affiliates (collectively, “Customer”) and Checkr.  In the event of any conflict between the Agreement and the terms of this DPA, this DPA shall govern.  

1) Definitions. For purposes of this DPA:

(a) “CCPA” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq.

(b) “Customer Data” means Personal Data provided by Customer for purposes of obtaining Services under the Agreement.

(c) “Data Controller” means the entity that determines the purposes and means of the Processing of Personal Data.      

(d) “Data Privacy Laws” means all applicable laws, regulations, and other legal or self-regulatory requirements in any jurisdiction relating to privacy, data protection, data security, communications secrecy, breach notification, or the Processing of Personal Data, including without limitation, to the extent applicable, the CCPA and GDPR. For the avoidance of doubt, if the parties’ processing activities involving Personal Data are not within the scope of a given Data Privacy Law, such law is not applicable for purposes of this DPA.

(e) “Data Subject” means an identified or identifiable natural person about whom Personal Data relates. Specifically, this refers to Consumers whom Checkr has been engaged by Customer to compile Reports.

(f) “GDPR” means the General Data Protection Regulation, Regulation (EU) 2016/679.

(g) “Personal Data” includes “personal data” as defined by the GDPR, “personal information” as defined by the CCPA, and “personally identifiable information” as defined by other applicable Data Privacy Laws. Personal Data does not include publicly available information from the definition of “Personal Data” under applicable Data Privacy Laws. Further Personal Data does not include data exempted under CCPA §1798.145(d).

(h) “Process”, “Processed” and/or “Processing” mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

(i) “Security Breach” means any accidental or unlawful acquisition, destruction, loss, alteration, disclosure of, or access to, Customer Data.

(j) “Sell” shall have the meaning set forth in the CCPA and its implementing regulations.

(k) “Services” mean the services provided by Checkr to Customer, as provided in the Agreement.

(l) “Standard Contractual Clauses” means the annex found in EU Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (available as of September 13, 2019 at data.europa.eu/eli/dec/2010/87/oj), completed as described in the “Data Transfers” section below.

(m) “Subprocessor” means any Checkr affiliate or subcontractor engaged by Checkr for the Processing of Customer Data.

2. Scope and Purposes of Processing.

a. Checkr will Process Customer Data, including Personal Data contained therein, solely for the purposes set forth in the Agreement, including for the purpose of generating a consumer report as defined by 15 U.S.C 1681a(d), and in compliance with applicable law. Customer will not instruct Checkr to Process Customer Data in violation of applicable law. Checkr will inform Customer if, Checkr discovers, in its opinion, an instruction from Customer infringes applicable law.. 

b. Neither party shall Sell to a third party any Personal Data made available to it by the other party except to the extent such Personal Data or sale thereof is exempted from Data Privacy Laws.

3. Obligations of the Parties. 

a. Compliance with Laws. Each party shall comply with all laws, whether state, federal, local or international, including Data Privacy Laws. Each party shall promptly notify the other party in writing if it is no longer able to meet its obligations under Data Privacy Laws applicable to this DPA.

b. Compliance with Data Controller Obligations. To the extent such party is acting as a Data Controller or Business, each party shall independently fulfill all duties required of Data Controllers or Businesses under Data Privacy Laws.  Checkr is a Data Controller with respect to Personal Data, other than Customer Data, that it Processes in connection with the Services.

d. c. Data Subject Requests. For the avoidance of doubt, to the extent the party is a Data Controller, each party shall have an independent obligation to respond to requests received from Data Subjects seeking to exercise their rights under applicable Data Privacy Laws, including, but not limited to, access and deletion requests made pursuant to the GDPR and CCPA. The recipient of the Data Subject request shall be responsible for responding to the Data Subject. If applicable, and to the extent legally permitted, each party shall provide the other party with reasonable cooperation and assistance in relation to the handling of a Data Subject’s request. 

Disclosures and Consent. Each party shall comply with applicable Laws, including, but not limited to, the FCRA (as applicable) and Data Privacy Laws, to provide legally required notices to Data Subjects regarding the purpose and nature of the Processing of Personal Data in connection with the Services.  Customer shall ensure that Data Subjects have provided legally sufficient consent (including under the GDPR and all other applicable Data Privacy Laws), wherever such consent is necessary to enable Checkr to perform the Services.

4. Customer Data Processing Requirements. Checkr will: 

a. Ensure that the persons it authorizes to Process Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. 

b. Upon written request of Customer, assist Customer in the fulfilment of Customer’s obligations to respond to verifiable requests by Data Subjects (or their representatives) for exercising their rights with respect to Customer Data under Data Privacy Laws. 

c. Promptly, and in any event within ten days, notify Customer of (i) any third-party or Data Subject requests or complaints regarding the Processing of Customer Data; 

d. Provide reasonable assistance to and cooperation with Customer for Customer’s performance of a data protection impact assessment of Processing or proposed Processing of Customer Data.

e. Provide reasonable assistance to and cooperation with Customer for Customer’s consultation with regulatory authorities in relation to the Processing or proposed Processing of Customer Data, including complying with any obligation applicable to Vendor under Data Privacy Laws to consult with a regulatory authority in relation to Vendor’s Processing or proposed Processing of Customer Data.

6. Security.

a. Taking into account the nature of Processing and the information available to Checkr, Checkr shall implement technical and organizational measures without prejudice to Checkr’s right to make future replacements or updates to the measures that do not lower the level of protection of Customer Data.  

b. Security Breach. Checkr shall notify Customer promptly of any Security Breach of Customer Data and provide related information to Customer as set forth by Data Privacy Laws.  Customer shall notify Checkr promptly of any actual or suspected unauthorized access to Customer’s systems or compromise of Customer’s credentials used to access the Services. Taking into account the nature of Processing and the information available to Checkr, the parties reasonably shall work together to address any such compromise, including taking steps to mitigate the effects of the Security Breach or system compromise and reduce the risk to Data Subjects whose Personal Data in the Customer Data was involved.  Customer is solely responsible for complying with legal requirements for incident notification applicable to Customer and fulfilling any third-party notification obligations. Nothing shall be construed to require Checkr to violate, or delay compliance with, any legal obligation it may have with respect to a Security Breach or other security incidents generally.

7. Data Transfers. If applicable, the parties agree to be bound by Standard Contractual Clauses to the extent that Checkr Processes Customer Data of Data Subjects located in the European Economic Area. In case of conflict between the Standard Contractual Clauses and this DPA, the Standard Contractual Clauses will prevail. Following Brexit, the relevant terms shall be deemed amended as necessary to legitimize transfers of Customer Data of Data Subjects located in the United Kingdom to and from the United Kingdom and subsequent onward transfers. The Standard Contractual Clauses shall not apply with respect to Customer Data that Checkr Processes in a country that the European Commission has decided provides adequate protection for Personal Data or where a derogation applies. 

For purposes of the Standard Clauses:

  1. The clauses shall be governed by the laws of the jurisdiction from which the data is exported.
  2. The “Data Exporter” is Customer and the “Data Importer” is Checkr. 
  3. The data subjects include individuals who are the subject of background checks.
  4. The purpose of the transfer is to allow Checkr to provide Services outlined in this Agreement.
  5. The categories of Customer Data include contact information (e.g., name, address), date of birth, and background information (e.g., employment history, criminal history) about such data subjects.
  6. The recipients of the Customer Data include employees of Checkr with a need to Process the Customer Data.

8. Audits.

a. Reasonable Audits. If GDPR is applicable to the Services, Checkr shall allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer subject to the following conditions: so long as the Agreement remains in effect and at Customer’s sole expense, Customer may request that Checkr provide it with documentation, data, and records (“Records”) no more than once annually relating to Checkr’s compliance with this DPA with respect to Customer Data (an “Audit”). To the extent Customer uses a third-party representative to conduct the Audit, Customer shall ensure that such third-party representative is bound by obligations of confidentiality no less protective than those contained in this Agreement. Customer shall provide Checkr with fourteen (14) days prior written notice of its intention to conduct an Audit. Customer shall conduct its Audit in a manner that will result in minimal disruption to Checkr’s business operations and shall not be entitled to receive data or information of other clients of Checkr or any other confidential information of Checkr that is not directly relevant for the authorized purposes of the Audit. If any material non-compliance is identified by an Audit, Checkr shall take prompt action to correct such non-compliance. Any information that Customer receives under this Section is Confidential Information of Checkr.

b. Limitations. For the avoidance of doubt, this provision does not grant Customer any right to conduct an on-site audit of Checkr’s premises. Customer shall reimburse Checkr for any time expended for an Audit at the Checkr’s then-current reasonable rates, which shall be made available to Customer upon request. Nothing herein will require Checkr to disclose or make available: (a) any data of any other customer of Checkr; (b) access to systems; (c) Checkr’s internal accounting or financial information; (d) any trade secret of Checkr; (e) any information or access that, in Checkr’s reasonable opinion, could (i) compromise the security of Checkr systems or premises; or (ii) cause Checkr to breach its obligations under applicable law or applicable contracts; or (f) any information sought for any reason other than the good faith fulfilment of Customer’s obligations under Applicable Law to audit compliance under this DPA. 

9. Return or Destruction. Upon written request from Customer’s authorized representative Checkr shall delete or anonymize such Customer Data in accordance with its requirements under applicable Data Privacy Law and applicable law. Notwithstanding the foregoing, this provision will not require Checkr to delete Customer Data from archival and back-up files except as provided by Checkr’s internal data deletion practices or as required by applicable law.

10. Miscellaneous.

a. Nothing in this DPA shall confer any benefits or rights on any person or entity other than the parties to this DPA.

b. The provisions of this DPA shall survive the termination or expiration of the Agreement as long as either party continues to Process Personal Data in connection with the Agreement.