February 22, 2019
SUPPLEMENTAL TERMS FOR SPECIFIC MATERIALS
These Supplemental Terms for Specific Materials contain terms applicable to certain Materials. You may not have access to all of the Materials referenced herein.
1. A.M. Best Company, Inc.
Best’s Company Reports are copyrighted by A.M. Best Company, Inc. and are provided for Subscriber’s internal use. Information or materials electronically retrieved and/or printed from Best’s Company Reports may be duplicated for limited purposes such as use in documents or briefs filed with courts, administrative boards, other governmental agencies, and with counsel in such matters. However, you may not publish, broadcast, sell or otherwise redistribute this material for commercial purposes.
Information included in Best’s Company Reports is obtained from each company’s sworn financial statement as filed with the Insurance Commissioner of the state in which the company is domiciled and licensed to conduct business. While the information in Best’s Company Reports was obtained from sources believed to be reliable, its accuracy is not guaranteed.
Best’s Ratings reflect A.M. Best Company’s current and independent opinion of the financial strength and operating performance of an insurer relative to the standards established by A.M. Best Company. Best’s Ratings are not a warranty of an insurer’s current or future ability to meet its obligations to policyholders, nor are they a recommendation of a specific policy form, contract rate or claim practice.
A.M. Best Company makes no warranties, expressed or implied, including those of merchantability or fitness for a particular purpose. In no event shall A.M. Best Company have any liability for lost profits or incidental or consequential damages.
2. Australian Broadcasting Corporation Materials
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes. You may not modify the information found in Australian Broadcasting Corporation materials without the express permission of the Australian Broadcasting Corporation. The “wave” device is a trademark of the Australian Broadcasting Corporation. It may not be used without the prior, specific, written permission of the Australian Broadcasting Corporation.
3. Axel Springer AG/Jüdische Presse gGmbH Materials
- The products are licensed to you for your internal use only. The products shall not be reproduced, revealed or made available in whole or in part to anyone else unless required by law. You acknowledge that the products are subject to the copyright and other proprietary rights of DBL and JA and you will not commit or permit any act or omission that would impair such rights.
- DBL NOR JA GUARANTEES OR WARRANTS THE PRODUCTS OR THE SYSTEM IN ANY WAY. NEITHER DBL NOR JA SHALL BE LIABLE TO YOU FOR ANY LOSS OR INJURY ARISING OUT OF OR CAUSED, IN WHOLE OR IN PART, BY DBL’s OR JA’s NEGLIGENT ACTS OR OMISSIONS IN PREPARING OR DELIVERING THE PRODUCTS OR IN DOING ANYTHING RELATED THERETO. NEITHER DBL NOR JA WILL BE LIABLE FOR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- IF, NOTWITHSTANDING THE ABOVE, EITHER OR BOTH DBL OR JA IS HELD TO BE LIABLE, THE AMOUNT OF SUCH LIABILITY SHALL NOT EXCEED $10,000 (USD).
4. Axel Springer AG Materials
- The materials are made available for your internal use only. The materials shall not be reproduced, revealed or made available in whole or in part to anyone else, unless required by law. You acknowledge that the materials are subject to the copyright and other proprietary rights of Axel Springer AG and you will not commit or permit any act or omission that would impair such rights.
- AXEL SPRINGER AG DOES NOT GUARANTEE OR WARRANT THE MATERIALS OR THE LEXISNEXIS SYSTEM IN ANY WAY. AXEL SPRINGER AG SHALL NOT BE LIABLE TO YOU FOR ANY LOSS OR INJURY ARISING OUT OF OR CAUSED, IN WHOLE OR IN PART, BY AXEL SPRINGER AG’S NEGLIGENT ACTS OR OMISSIONS IN PREPARING OR DELIVERING THE MATERIALS OR IN DOING ANYTHING RELATED THERETO. AXEL SPRINGER AG WILL NOT BE LIABLE FOR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- IF, NOTWITHSTANDING THE ABOVE, AXEL SPRINGER AG IS HELD TO BE LIABLE, THE AMOUNT OF SUCH LIABILITY SHALL NOT EXCEED $10,000 (USD).
5. Barclays Official California Code of Regulations
BARCLAYS MAKES NO WARRANTY OR REPRESENTATION WHATSOEVER, EXPRESS OR IMPLIED, WITH RESPECT TO THE MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE WITH RESPECT TO BARCLAYS OFFICIAL CALIFORNIA CODE OF REGULATIONS; AND
BARCLAYS ASSUMES NO LIABILITY WHATSOEVER WITH RESPECT TO ANY USE OF BARCLAYS OFFICIAL CALIFORNIA CODE OF REGULATIONS OR ANY PORTION THEREOF OR WITH RESPECT TO ANY DAMAGES WHICH MAY RESULT FROM SUCH USE.
6. Berliner Morgenpost (Ullstein GmbH)
- The materials are made available for your internal use only. The materials shall not be reproduced, revealed or made available in whole or in part to anyone else, unless required by law. You acknowledge that the materials are subject to the copyright and other proprietary rights of Ullstein GmbH and you will not commit or permit any act or omission that would impair such rights.
- ULLSTEIN GMBH DOES NOT GUARANTEE OR WARRANT THE MATERIALS OR THE LEXISNEXIS SYSTEM IN ANY WAY. ULLSTEIN GMBH SHALL NOT BE LIABLE TO YOU FOR ANY LOSS OR INJURY ARISING OUT OF OR CAUSED, IN WHOLE OR IN PART, BY ULLSTEIN GMBH’S NEGLIGENT ACTS OR OMISSIONS IN PREPARING OR DELIVERING THE MATERIALS OR IN DOING ANYTHING RELATED THERETO. ULLSTEIN GMBH WILL NOT BE LIABLE FOR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- IF, NOTWITHSTANDING THE ABOVE, ULLSTEIN GMBH IS HELD TO BE LIABLE, THE AMOUNT OF SUCH LIABILITY SHALL NOT EXCEED $10,000 (USD).
7. Bundesanzeiger Verlagsgesellschaft mbH Materials
In the course of collecting, digitizing, formatting and structuring these materials, errors may occur in the edited data record and such data record may deviate from the original source, which errors and deviations are beyond the control and detection of Bundesanzeiger Verlagsgesellschaft mbH. It is not possible to perfectly check the correctness, reliability and completeness of these materials and their error-free correspondence with the entries in the commercial registers. Bundesanzeiger Verlagsgesellschaft mbH does not guarantee the correctness, reliability and completeness of the material or the error-free correspondence between the material and commercial register sources. BUNDESANZEIGER VERLAGSGESELLSCHAFT MBH DOES NOT WARRANT THE COMPLETENESS AND CORRECTNESS OF THESE MATERIALS OR THEIR CORRESPONDENCE TO THE ENTRIES IN THE COMMERCIAL REGISTERS.
Notwithstanding the foregoing, Bundesanzeiger Verlagsgesellschaft mbH does assure that the materials have been drawn up in accordance with the principles of due commercial diligence applicable in Germany.
8. CQ-Roll Call, Inc. (including Congressional Quarterly and FDCH Materials)
These materials are not legal transcripts for purposes of litigation
9. Canadian Federal Courts Reports Materials
The decisions and reasons for decision of the Federal Court and of the Federal Court of Appeal as published in the Federal Courts Reports by the Office of the Commissioner for Federal Judicial Affairs fall within the terms of the Reproduction of Federal Law Order, and may be reproduced, in whole or in part and by any means, without further permission. The captions, headnotes, lists of statutes and regulations, and cases judicially considered and authors cited do not fall within the terms of the Reproduction of Federal Law Order. They may be reproduced for personal use only, without further permission. They may not be reproduced for commercial purposes without permission from the Minister of Public Works and Government Services Canada, on behalf of the Office of the Commissioner for Federal Judicial Affairs. Any reproduction or any other use of the decisions, reasons for decision, captions, headnotes, lists of statutes and regulations, or cases judicially considered and authors cited must be properly attributed to the Office of the Commissioner for Federal Judicial Affairs. No such attribution shall indicate that the Office of the Commissioner for Federal Judicial Affairs is in any way responsible for the accuracy or reliability of the reproduction or other use; nor shall any such attribution indicate that the reproduction or other use was made with the endorsement of or in affiliation with the Office of the Commissioner for Federal Judicial Affairs. The Office of the Commissioner for Federal Judicial Affairs assumes no responsibility for the accuracy or the reliability of any reproduction of the materials appearing herein.
Les décisions et les motifs de décision de la Cour fédérale et de la Cour d’appel fédérale tels que publiés dans le Recueil des décisions des Cours fédérales par le Bureau du Commissaire à la magistrature fédérale sont visés par le Décret sur la reproduction de la législation fédérale et peuvent être reproduits en totalité ou en partie par quelque moyen que ce soit sans autre autorisation. Les rubriques, les sommaires, les listes des lois et règlements cités, ainsi que les listes de la jurisprudence citée et la doctrine citée ne sont pas visés par le Décret sur la reproduction de la législation fédérale. Ils peuvent être reproduits à des fins personnelles seulement, sans autre autorisation mais ne peuvent pas l’être à des fins commerciales sans l’autorisation du Ministre des Travaux publics et Services gouvernementaux Canada, au nom du Bureau du Commissaire à la magistrature fédérale. Toute reproduction ou tout usage des décisions, des motifs de décision, des rubriques, des sommaires, des listes des lois et règlements cités, des listes de la jurisprudence citée et de la doctrine citée doit mentionner le Bureau du Commissaire à la magistrature fédérale comme source. Aucune mention ne doit indiquer que le Bureau du Commissaire à la magistrature fédérale répond de quelque manière que ce soit de l’exactitude ou de la fiabilité de cette reproduction ou de cet usage. De plus, aucune mention ne doit indiquer que cette reproduction ou cet usage a été sanctionné par le Bureau du Commissaire à la magistrature fédérale ou réalisée en collaboration avec celui-ci. Le Bureau du Commissaire à la magistrature fédérale décline toute responsabilité quant à l’exactitude ou la fiabilité de toute reproduction ou de tout usage des renseignements contenus en l’espèce.
10. Company Intelligence Database and Gale Company Briefs Database
Gale Group, Inc. (“GALE”) does not guarantee or warrant the accuracy or completeness of the materials identified immediately above and will not be responsible for any claim of any person attributable to errors, omissions or other inaccuracies of any part of such materials.
You must seek written authorization from GALE to use the materials identified immediately above in any way not specified in the General Terms and Conditions.
11. Consumer Reports®
Consumers Union never allows its ratings, name or work, including this material, to be used as an endorsement or commercial tie-in with any product or service or for any commercial, promotional or advertising use. Consumers Union takes all steps open to it to prevent misuse of its work or name.
12. Dun & Bradstreet, Inc.
- The products are licensed to you for your internal use only. They may be used by you solely as one factor in your credit, insurance, marketing or other business decisions. You are expressly prohibited from using the products as a factor in establishing an individual’s eligibility for (i) credit or insurance to be used primarily for personal, family or household purposes, or (ii) employment. You agree not to use the D&B Data to engage in unfair or deceptive practices.
- The products shall not be reproduced, revealed, or made available in whole or in part to anyone (including voluntarily in legal proceedings) else unless required by law. You may retain D&B materials accessed through LexisNexis for up to 12 months, after which you shall immediately delete, destroy or return all originals and copies of such D&B materials, except such materials as you may be required, by applicable law or government regulation for backup purposes - - materials retained for such backup purposes shall not be used for any other purpose and shall be destroyed promptly after the retention period required by such law or regulation expires.
- D&B and its third party information providers make no representations or warranties of any kind with respect to the products, including but not limited to, the accuracy, completeness, timeliness, merchantability or fitness for a particular purpose of the products or of the media on which the product is provided and you agree that D&B and its third party information providers shall not be liable to you for any loss or injury arising out of or caused, in whole or in part, by negligent acts or omissions in procuring, compiling, collecting, interpreting, reporting, communicating or delivering the products.
- You agree that D&B and its third party information providers will not be liable for consequential, incidental, special, punitive or other indirect damages, even if advised of the possibility of such damages. You also agree that D&B’s and its third party information providers’ aggregate liability, if any, for any and all losses or injuries to you arising out of any acts or omissions of D&B and its third party information providers in connection with a particular order or service, regardless of the cause of the loss or injury (including negligence) and regardless of the nature of the legal or equitable right claimed to have been violated, shall never exceed the amount paid by you for the products or $5000, whichever is greater, and you covenant and promise not to sue D&B and its third party information providers for an amount greater than such sum.
- D&B does not guarantee that certain marketing information collected on individual business contacts meets the requirements of any applicable local, state, federal or international law, rule or regulation related to its usage including, but not limited to, wireless suppression lists, wireless domain lists, commercial e-mail laws, telemarketing laws and “Do-Not-Call” lists. Certain marketing information collected on individual business contacts has not been obtained directly from the data subjects and the data subjects have not opted in or otherwise expressly consented to having their information sold for marketing purposes.
- You acknowledge and agree that the products are proprietary to D&B and comprise: (a) works of original authorship, including compiled information containing D&B’s selection, arrangement and coordination and expression of such information or pre-existing material it has created, gathered or assembled; (b) confidential and trade secret information; and (c) information that has been created, developed and maintained by D&B at great expense of time and money, such that misappropriation or unauthorized use by others for commercial gain would unfairly or irreparably harm D&B. You agree that you will not commit or permit any act or omission by your agents, employees, or any third party that would impair D&B’s copyright or other proprietary and intellectual rights in the products. You will not use any D&B trade names, trademarks, service marks or copyrighted materials in listings or advertising in any manner without the prior written approval of D&B.
13. Dun & Bradstreet Limited (formerly ICC Databases)
- You may use the Dun & Bradstreet Limited supplied data, information and services for research purposes only, and may not publish, reproduce, reprint, broadcast or otherwise make available or sell any material contained in said data, information or services whether in hardcopy, electronically transmitted or any other form, and whether for commercial, educational or other purpose, other than your own internal purposes.
- Dun & Bradstreet Limited uses extensive procedures to ensure that its data, information and services contain a fair representation or interpretation of the original material from which the data, information and services were drawn, but Dun & Bradstreet Limited shall not for any reason whatsoever be held responsible for any damage, loss, cost, claim or expense incurred by you as a result of your use or reliance upon, or interpretation of, any material contained in the data, information or services.
14. Experian Data – Applicable Only To Those Subscribers Who Have Access to GLBA Regulated Credit Header Data
VIN Gateway Services Direct Auto Market Restrictions
In no event may you or any of your Authorized Users sell, license or otherwise provide any VIN Gateway Services or LN products or services using the VIN Gateway Data to any entity that is engaged in any of the following business activities: (i) vehicle dealers; (ii) vehicle original equipment manufacturers; (iii) vehicle auction companies; (iv) automotive portals, or (vii) automotive aftermarket suppliers, including the sales and marketing functions of such companies (“Direct Auto Market”), except to the following departments of such entities: (i) the legal, collections, human resources or other corporate support departments/functions of such Direct Auto Market companies, (ii) financial institutions, or (iii) automobile finance companies. Additionally, use of the VIN Gateway Data for any of the following purposes is prohibited:
- Recall/Advisory Activities: Using VIN Gateway Data to identify specific vehicle owners’ names and addresses (typically all owners linked to a range of VIN numbers) for the purpose of notifying them of a product recall or safety advisory issued by an auto manufacturer, supplier or agent.
- Warranty Activities: Using VIN Gateway Data to identify specific records, (e.g. odometer readings, transfer of ownership) associated with a VIN number to identify whether or not a vehicle is still under warranty and providing this determination to, or in connection with, motor vehicle manufacturers, independent warranty or service contract providers.
- Customer Surveys: Using VIN Gateway Data to identify owners of a specific make, model and/or category of vehicles for the purpose of conducting primary consumer research (e.g. telephone interviews, mail surveys) to determine consumer automobile preferences and /or vehicle purchasing trends.
- Vehicle Statistics: Using VIN Gateway Data to compile periodic new and/or used vehicle statistics (e.g. recent sales, vehicles in operation) by geography, vehicle classification, dealer, lender, and/or make/model for the purpose of automobile market share reporting for manufacturers and dealer, indirect lending market share reporting for automotive lenders, retail site planning, promoting automotive brands or dealerships to consumers, and/or dispute resolution between retailers and manufacturers.
- Share of Garage Analysis: Using VIN Gateway Data to determine the current vehicles owned by an individual, household or group for the purposes of market research or direct marketing, or determining vehicle purchasing patterns over time (e.g. frequency of purchases, loyalty to specific brands).
- Vehicle Ownership Profiles/Modeling: Using VIN Gateway Data to build direct marketing models for the purpose of promoting vehicles and auto financing products to consumers.
- Vehicle History Reports: Augmenting VIN Gateway Data with accident data, odometer readings, emission readings or state issued vehicle brand data for the purpose of developing a ‘Vehicle History Report’ competing against AutoCheck and CARFAX by providing vehicle valuations to potential buyers, seller, dealers, Original Equipment Manufacturers, auction houses or financers of automobiles. This in no way limits use of the VIN Gateway Data to verify the vehicles owned by a consumer or business or to assess the value of vehicles during the process of underwriting, policy auditing, adjusting, examining or settling of a property claim. Furthermore, Subscriber shall not provide, sell or license the branded title indicator or lease/lienholder information to any End User/Distributor outside of the insurance industry.
- Fleet Marketing: Using VIN Gateway Data for the purpose of direct marketing to identify and target businesses who own vehicle fleets.
- Direct Marketing: Using the Licensed Data for direct marketing activities such as direct mail or telemarketing.
- OEM/AOT: Using VIN Gateway Data for removal of nonowner records of original equipment manufacturers or in connection with providing services to motor vehicle manufacturers.
- Dealer Audit: Using VIN Gateway Data in connection with original equipment manufacturer performance monitoring of auto vehicles or dealers.
- Modeling: VIN Gateway Data shall not be resold or sublicensed for modeling purposes. Resale of any result derived from a model is not prohibited.
Access Security Requirements for GLB 5A Data (Fully Displayed or Truncated Social Security Number Information Retrieved from Credit Header Data)
The following information security controls are required to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, it is your responsibility to get an outside service provider to assist you.Experian reserves the right to make changes to these Access Security Requirements without prior notification. The information provided herewith provides minimum baselines for information security.
In accessing GLBA 5A Data, you agree to follow these Experian security requirements. These requirements are applicable to all systems and devices used to access, transmit, process, or store Experian data.
1. Implement Strong Access Control Measures
- If using third party or proprietary systems to access the LexisNexis Online Services, ensure that the access must be preceded by authenticating users to the application and/or system (e.g. application based authentication, Active Directory, etc.) utilized for accessing LexisNexis data/systems.
- If the third party or third party software or proprietary system or software, used to access the LexisNexis Online Services, is replaced or no longer in use, the passwords should be changed immediately.
- Create a unique user ID for each user to enable individual authentication and accountability for access to the Online Services. Each user must also have a unique logon password.
- Develop strong passwords that are:
- Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)’
- Contain a minimum of eight (8) alphabetic and numeric characters for standard user accounts
- For interactive sessions (i.e. non system-to-system) ensure that passwords/passwords are changed periodically or that enhancements such as multi-factor authentication are implemented (every 90 days is recommended)
- Passwords (e.g. user/account password) must be changed immediately when:
- Any system access software is replaced by another system access software or is no longer used
- The hardware on which the software resides is upgraded, changed or disposed without being purged of sensitive information
- Any suspicion of password being disclosed to an unauthorized party (see section D.3 for reporting requirements)
- It is understood that the practice of encryption of sensitive data at rest will be implemented in the year 2017 for you, it being understood that in the meantime you shall implement other compensating controls when the data is at rest, including physical security, access controls, or vulnerability assessments
- Ensure that passwords are not transmitted, displayed or stored in clear text; protect all end user (e.g. internal and external) passwords using, for example, encryption or a cryptographic hashing algorithm also known as “one-way” encryption. When using encryption, ensure that strong encryption algorithms are utilized (e.g. AES 256 or above).
- Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. Systems should be manually locked before being left unattended.
- Active logins to credit information systems must be configured with a 30 minute inactive session timeout.
- You must NOT install Peer-to-Peer file sharing software on systems used to access, transmit or store Experian data
- Ensure that Subscriber’s employees do not access their own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose
- Implement physical security controls to prevent unauthorized entry to Subscriber’s facility and access to systems used to obtain credit information. Ensure that access is controlled with badge readers, other systems, or devices including authorized lock and key.
2. Maintain a Vulnerability Management Program Implement Strong Access Control Measures
- Keep operating system(s), firewalls, routers, servers, personal computers (laptops and desktops) and all other systems current with appropriate system patches and updates.
- Configure infrastructure such as firewalls, routers, servers, tablets, smart phones, personal computers (laptops and desktops), and similar components to industry standard security practices, including disabling unnecessary services or features, and removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.
- Implement and follow current best security practices for computer virus detection scanning services and procedures:
- Use, implement and maintain a current, commercially available anti-virus software on all systems, if applicable anti-virus technology exists. Anti-virus software deployed must be capable to detect, remove, and protect against all known types malicious software such as viruses, worms, spyware, adware, Trojans, and root-kits.
- Ensure that all anti-virus software is current, actively running, and generating audit logs; ensure that anti-virus software is enabled for automatic updates and performs scans on a regular basis.
- If you suspect an actual or potential virus infecting a system, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.
3. Protect Data
- Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.).
- Experian data is classified Confidential and must be secured to in accordance with the requirements mentioned in this document at a minimum.
- Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information.
- Encrypt all Experian data and information when stored electronically on any system including but not limited to laptops, tablets, personal computers, servers, databases using strong encryption such as AES 256 or above. An alternative to encryption at rest is compensating controls designed to mitigate the risk of data exposure.
- Experian data must not be stored locally and permanently on smart tablets and smart phones such as iPads, iPhones, Android based devices, etc.
- When using smart tablets or smart phones to access Experian data, ensure that such devices are protected via device pass-code
- Applications utilized to access Experian data via smart tablets or smart phones must protect data while in transmission using an industry-recognized, strong, encryption method.
- Only open email attachments and links from trusted sources and after verifying legitimacy.
- When no longer in use, ensure that hard-copy materials containing Experian data are crosscut shredded, incinerated, or pulped such that there is reasonable assurance the hard-copy materials cannot be reconstructed.
- When no longer in use, electronic media containing Experian data is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media (for example, degaussing).
4. Maintain an Information Security Policy
- Suitable to complexity and size of the organization, establish and publish information security and acceptable user policies identifying user responsibilities and addressing requirements in line with this document and applicable laws and regulations.
- The FACTA Disposal Rules requires that Subscriber implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
- Implement and maintain ongoing mandatory security training for those who have access to Experian information and awareness sessions for all staff to underscore the importance of security in the organization.
- When using third party service providers (e.g. application service providers) to access, transmit, store or process Experian data, ensure that service provider is compliant with the Experian Independent Third Party Assessment (EI3PA) program, and registered in Experian’s list of compliant service providers. If the service provider is in the process of becoming compliant, it is Subscriber’s responsibility to ensure the service provider is engaged with Experian and an exception is granted in writing. Approved certifications in lieu of EI3PA can be found in the Glossary section.
5. Build and Maintain a Secure Network
- Protect Internet connections with dedicated, industry-recognized firewalls that are configured and managed using industry best security practices.
- Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.
- Administrative access to firewalls and servers must be performed through a secure internal wired connection or over a secured private network only.
- Any stand-alone computers that directly access the Internet must have a desktop firewall deployed that is installed and configured to block unnecessary/unused ports, services, and network traffic.
- Change vendor defaults including but not limited to passwords, encryption keys, SNMP strings, and any other vendor defaults.
- For wireless networks connected to or used for accessing or transmission of Experian data, ensure that networks are configured and firmware on wireless devices updated to support strong encryption (for example, IEEE 802.11i) for authentication and transmission over wireless networks.
- When using service providers (e.g. software providers) to access LexisNexis systems, access to third party tools/services must require multi-factor authentication.
6. Regularly Monitor and Test Networks
- Perform regular tests on information systems that serve Experian data and are exposed to the Internet (port scanning, virus scanning, internal/external vulnerability scanning). Ensure that issues identified via testing are remediated according to the issue severity (e.g. fix critical issues immediately, high severity in 15 days, etc.)
- Ensure that audit trails are enabled and active for systems and applications used to access, store, process, or transmit Experian data; establish a process for linking all access to such systems and applications. Ensure that security policies and procedures are in place to review security logs on daily or weekly a periodic basis and that follow-up to exceptions is required.
- Use current best practices to protect telecommunications systems and any computer system or network device(s) used to provide Services hereunder to access LexisNexis systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by:
- protecting against intrusions;
- securing the computer systems and network devices;
- and protecting against intrusions of operating systems or software.
7. Mobile and Cloud Technology
- Storing Experian data permanently on mobile devices is prohibited. Any exceptions must be obtained from Experian in writing; additional security requirements will apply.
- Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
- Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
- Mobility solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other.
- Mobile applications and data shall be hosted on devices through a secure container separate from any personal applications and data. See details below. Under no circumstances is Experian data to be exchanged between secured and non-secured applications on the mobile device.
- In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Experian data via mobile applications (internally developed or using a third party application), ensure that multi-factor authentication and/or adaptive/risk-based authentication mechanisms are utilized to authenticate users to application.
- When using cloud providers to access, transmit, store, or process Experian data ensure that:
- Appropriate due diligence is conducted to maintain compliance with applicable laws and regulations and contractual obligations
- Cloud providers must have gone through independent audits and are compliant with one or more of the following standards, or a current equivalent as approved/recognized by Experian:
- ISO 27001
- PCI DSS
- SSAE 16 – SOC 2 or SOC3
- CAI / CCM assessment
- No more than once per year, at Experian’s expense, Experian will have the right to audit the security mechanisms Subscriber maintains to safeguard access to Experian information, systems and electronic communications. Audits may include examination of systems security and associated administrative practices. Audits shall be reasonable in scope and duration.
- In cases where Subscriber is accessing Experian information and systems via third party software, Subscriber agrees to make available to LN upon request, audit trail information and management reports generated by the vendor software, regarding Subscriber individual authorized users.
- Subscriber shall be responsible for and ensure that third party software, which accesses the LexisNexis Online Services, is secure, and protects this vendor software against unauthorized modification, copy and placement on systems which have not been authorized for its use.
- Subscriber shall conduct software development (for software which accesses LexisNexis information systems; this applies to both in-house or outsourced software development) based on the following requirements:
- Software development must follow industry known secure software development standard practices such as OWASP adhering to common controls and addressing top risks.
- Software development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
- Software solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other
- Under Section H.1 above, reasonable access to audit trail reports of systems utilized to access the Online Services shall be made available to LexisNexis upon request, for example during breach investigation or while performing audits.
- Data requests must include the IP address of the device from which the request originated (i.e., the requesting client’s IP address), where applicable.
- Subscriber shall report actual security violations or incidents that impact Experian data to LexisNexis within twenty-four (24) hours or per agreed contractual notification timeline. Subscriber agrees to provide notice to LexisNexis of any confirmed security breach that may involve data related to the contractual relationship, to the extent required under and in compliance with applicable law. Telephone notification is preferred at 888-872-5375, Email notification will be sent to Security.email@example.com.
- Subscriber acknowledges and agrees that Subscriber (a) has received a copy of these requirements, (b) has read and understands its obligations described in the requirements, (c) will communicate the contents of the applicable requirements contained herein, and any subsequent updates hereto, to all employees that shall have access to the Experian data through the Online Services, and (d) will abide by the provisions of these requirements when accessing Experian data.
- Subscriber understands that its use of the Online Services and computing resources may be monitored and audited by LexisNexis, without further notice.
- Subscriber acknowledges and agrees that it is responsible for all activities of its employees/Authorized Users, and for assuring that mechanisms to access the Online Services and data are secure and in compliance with its LexisNexis agreement.
- When using third party service providers to access, transmit, or store Experian data, additional documentation may be required by LexisNexis.
- Subscriber shall designate an employee to be its Head Security Designate, to act as the primary interface with LexisNexis on systems access related matters. Subscriber’s Head Security Designate will be responsible for establishing, administering and monitoring all Authorized User’s access to the Online Services which are delivered over the Internet (“Internet access”), or approving and establishing Security Designates to perform such functions.
- Subscriber’s Head Security Designate or other Security Designates shall in turn review all employee requests for Internet access approval. The Head Security Designate or its Security Designate shall determine the appropriate access to each LexisNexis product based upon the legitimate business needs of each employee. LexisNexis reserves the right to terminate any accounts it deems a security threat to its systems and/or consumer data.
- Unless automated means become available, Subscriber shall request employee’s (Internet) access via the Head Security Designate/Security Designate. Those employees approved by the Head Security Designate or Security Designate for Internet access (“Authorized Users”) will be individually assigned unique access identification accounts (“User ID”) and passwords/passphrases (this also applies to the unique Server-to-Server access IDs and passwords/passphrases). LexisNexis’ approval of requests for (Internet) access may be granted or withheld in its sole discretion. LexisNexis may add to or change its requirements for granting (Internet) access to the services at any time (including, without limitation, the imposition of fees relating to (Internet) access upon reasonable notice to Subscriber), and reserves the right to change passwords/passphrases and to revoke any authorizations previously granted. Note: Partially completed forms and verbal requests will not be accepted.
- An officer of Subscriber agrees to notify LexisNexis in writing immediately if it wishes to change or delete any employee as a Head Security Designate, Security Designate, or Authorized User; or if the identified Head Security Designate, Security Designate or Authorized User is terminated or otherwise loses his or her status as an Authorized User.
Roles and Responsibilities
- Subscriber agrees to identify an employee it has designated to act on its behalf as a primary interface with LexisNexis on systems access related matters. This individual shall be identified as the “Head Security Designate.” The Head Security Designate can further identify a Security Designate(s) to provide the day to day administration of the Authorized Users. Security Designate(s) must be an employee and a duly appointed representative of the Subscriber and shall be available to interact with LexisNexis on information and product access, in accordance with these Experian Access Security Requirements for LexisNexis End-Users. Subscriber’s duly authorized representative (e.g. contracting officer, security manager, etc.) must authorize changes to Subscriber’s Head Security Designate. The Head Security Designate will submit all requests to create, change or lock Security Designate and/or Authorized User access accounts and permissions to LexisNexis’ systems and information. Changes in Head Security Designate status (e.g. transfer or termination) are to be reported to LexisNexis immediately or the Head Security Designate’s access terminated.
- The Head Security Designate is acting as the duly authorized representative of Subscriber.
- The Security Designate may be appointed by the Head Security Designate as the individual that Subscriber authorizes to act on behalf of the business in regards to LexisNexis product access control (e.g. request to add/change/remove access). Subscriber can opt to appoint more than one Security Designate (e.g. for backup purposes).Subscriber understands that the Security Designate(s) it appoints shall be someone who will generally be available during normal business hours and can liaise with LexisNexis’ Security Administration group on information and product access matters.
- The Head Designate shall be responsible for notifying their corresponding LexisNexis representative in a timely fashion of any Authorized User accounts (with their corresponding privileges and access to application and data) that are required to be terminated due to suspicion (or actual) threat of system compromise, unauthorized access to data and/or applications, or account inactivity.
- Must be an employee and duly appointed representative of Subscriber, identified as an approval point for Subscriber’s Authorized Users.
- Is responsible for the initial and on-going authentication and validation of Subscriber’s Authorized Users and must maintain current information about each (phone number, valid email address, etc.).
- Is responsible for ensuring that proper privileges and permissions have been granted in alignment with Authorized User’s job responsibilities.
- Is responsible for ensuring that Subscriber’s Authorized Users are authorized to access LexisNexis products and services.
- Must disable Authorized User ID if it becomes compromised or if the Authorized User’s employment is terminated by Subscriber.
- Must immediately report any suspicious or questionable activity to LexisNexis regarding access to LexisNexis’ products and services
- Shall immediately report changes in their Head Security Designate’s status (e.g. transfer or termination) to LexisNexis.
- Will provide first level support for inquiries about passwords/passphrases or IDs requested by your Authorized Users.
- Shall be available to interact with LexisNexis when needed on any system or user related matters.
||A Computer Virus is a self-replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying.
||Very sensitive information. Disclosure could adversely impact your company.
||Encryption is the process of obscuring information to make it unreadable without special knowledge.
||In computer science, a Firewall is a piece of hardware and/or software which functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.
||(Or Data Lifecycle) is a management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained.
||A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices - including routers, computers, time-servers, printers, Internet fax machines, and some telephones - must have its own unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices.
||A type of communication found in a system that uses layered protocols. Peer-to-Peer networking is the protocol often used for reproducing and distributing music without permission.
||A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data packets.
||Spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer’s operation without the consent of that machine’s owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet.
|Experian Independent Third Party Assessment Program
||The Experian Independent 3rd Party Assessment is an annual assessment of an Experian LexisNexis’ ability to protect the information they purchase from Experian. EI3PA℠ requires an evaluation of a LexisNexis’ information security by an independent assessor, based on requirements provided by Experian. EI3PA℠ also establishes quarterly scans of networks for vulnerabilities.
|ISO 27001 /27002
||IS 27001 is the specification for an ISMS, an Information Security Management System (it replaced the old BS7799-2 standard) The ISO 27002 standard is the rename of the ISO 17799 standard, and is a code of practice for information security. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented, in theory, subject to the guidance provided within ISO 27001.
||The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
|SSAE 16 SOC 2, SOC3
||Statement on Standards for Attestation Engagements (SSAE) No. 1 SOC 2 Report on Controls Related to Security, Availability, Processing Integrity, Confidentiality, and Privacy. The SOC 3 Report , just like SOC 2, is based upon the same controls as SOC 2, the difference being that a SOC 3 Report does not detail the testing performed (it is meant to be used as marketing material).
||The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was signed into law part of the Electronic Government Act of 2002.
||Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
15. Frankfurter Allgemeine Zeitung GmbH Materials (Frankfurter Allgemeine Zeitung; Frankfurter Allgemeine Sonntagszeitung; Rhein-Main-Zeitung)
Frankfurter Allegemeine Zeitung GmbH (“FAZ”) does not guarantee or warrant these materials in any way. FAZ shall not be liable to you for any loss or injury arising out of or caused, in whole or in part, by negligent acts or omissions of FAZ in preparing or delivering these materials through the Online Services or in doing anything related thereto. FAZ shall not be liable for consequential damages, even if advised of the possibility of such damages. If, notwithstanding the foregoing, FAZ is held to be liable to you, the amount of such liability shall not exceed $10,000 (USD).
16. Gale Research Inc. Databases
No part of these databases may be transmitted without the written permission of Gale Research Inc. (“Gale”). Any portion of this database which is downloaded from the Online Services and stored in machine‑readable form may be retained only for a temporary period of time. Use in electronic databases or for mailing lists is prohibited. GALE AND ITS INFORMATION PROVIDERS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT WILL GALE OR ITS INFORMATION PROVIDERS BE LIABLE FOR INDIRECT OR CONSEQUENTIAL DAMAGES FROM USE OF THESE DATABASES.
17. Het Financieele Dagblad B.V. Materials
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
18. IDD Information Services Database
Database copyrighted by IDD Information Services, Inc. (IDD). The IDD database is provided for use only within your organization. Information or materials electronically retrieved and/or printed from the database may not be duplicated or redistributed in any form without the prior written permission of IDD. Information included in the database is obtained from sources considered reliable, but there is no guarantee with respect to the accuracy or completeness of the database or any information contained therein. You are responsible for implementing sufficient procedures and checkpoints to satisfy your requirements to make the final judgment and evaluation as to the usefulness in your own environment. IDD MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING THOSE OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. In no event shall IDD have any liability for lost profits or incidental or consequential damages.
19. Le Figaro
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
20. London Stock Exchange Plc (Dow Jones UK Disclosure Wire)
LIMITATION OF LIABILITY
DOW JONES AND ITS SUBSIDIARIES, AFFILIATES, SHAREHOLDERS, DIRECTORS, OFFICERS, EMPLOYEES AND LICENSORS (“THE DOW JONES PARTIES”) WILL NOT BE LIABLE (JOINTLY OR SEVERALLY) TO YOU, OR ANY THIRD PARTY, FOR INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS (DIRECT OF INDIRECT), LOSS OF ANTICIPATED SAVINGS (DIRECT OR INDIRECT) AND LOST REVENUES (COLLECTIVELY, THE “EXCLUDED DAMAGES”) HOWSOEVER ARISING, WHETHER OR NOT CHARACTERIZED IN NEGLIGENCE, TORT, CONTRACT, OR OTHER THEORY OF LIABILITY, EVEN IF ANY OF THE DOW JONES PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORSEEN ANY OF THE EXCLUDED DAMAGES. EXCEPT AS PROVIDED HEREIN IN NO EVENT WILL THE LIABILITY OF THE DOW JONES PARTIES ARISING OUT OF ANY CLAIM RELATED TO THIS AGREEMENT OR THE SUBJECT MATTER HEREOF EXCEED THE AGGREGATE AMOUNT PAID BY YOU HEREUNDER IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. WHERE REQUIRED BY APPLICABLE LAW, NOTHING IN THIS AGREEMENT WILL BE EFFECTIVE TO LIMIT OR RESTRICT THE LIABILITY OF THE DOW JONES PARTIES FOR DEATH OR PERSONAL INJURY RESULTING DIRECTLY FROM USE OF THE DOW JONES CONTENT, CAUSED IN WHOLE OR PART BY THE NEGLIGENCE OR CONTINGENCIES BEYOND THE CONTROL OF THE DOW JONES PARTIES IN PROCURING, COMPILING, INTERPRETING, REPORTING OR DELIVERING THE DOW JONES CONTENT. IF ANY APPLICABLE AUTHORITY HOLDS ANY PORTION OF THIS SECTION TO BE UNENFORCEABLE, THEN THE DOW JONES PARTIES’ LIABILITY WILL BE LIMITED TO THE FULLEST POSSIBLE EXTENT PERMITTED BY APPLICABLE LAW.
THE DOW JONES CONTENT, THE CONTENTS THEREIN, AND ANY ACCOMPANYING DOCUMENTATION ARE PROVIDED ON AN “AS IS” “AS AVAILABLE” BASIS. DOW JONES DOES NOT MAKE ANY AND HEREBY DISCLAIMS ANY REPFESENTATIONS, ENDORESEMENTS, GUARANTEES, OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR TITLE.
21. McGill Law Journal
McGill Law Journal (“MLJ”) reserves all rights, including copyright, in relation to materials provided by it. MLJ’s materials are supplied to subscribers solely for their use. Retransmission, dissemination or publication other than in accordance with the General Terms and Conditions, whether in print, electronic or other means, is expressly forbidden without written authorization from MLJ.
22. The McGraw‑Hill Companies, Inc. (“M-H”) Materials
The above Materials are valuable intellectual property exclusively owned by M-H and provided for your internal use. No proprietary rights are transferred to you in the Materials or in any information therein. While you may utilize limited excerpts from the Materials in the ordinary course of business provided a credit to M-H is included, you may not externally redistribute or disseminate the Materials in any manner which competes with or substitutes for distribution by M-H. Except as may be expressly permitted by LexisNexis in its agreement with you, you may not: (i) republish, broadcast or distribute the Materials over any internal network, or (ii) reproduce information contained in the Materials, except that individual end-users may make a single printout of limited portions of the Materials on an ad hoc basis for personal use, provided they do not constitute a substantial portion of any issue of any title/publication included in the Materials. You may not store the Materials in machine-readable form for more than 90 days and may only download excerpts on an ad hoc (not a systematic) basis. You shall reproduce M-H’s copyright notice on any downloaded Materials. In the event of misappropriation or misuse of the Materials M-H shall be entitled to obtain injunctive relief.
You are prohibited from using the Materials for subsequent commercial purposes such as resale or preparing databases of such material.
NEITHER M-H NOR ITS SOURCES MAKE ANY WARRANTY, EXPRESS OR IMPLIED, AS TO ACCURACY, ADEQUACY, OR COMPLETENESS OF INFORMATION CONTAINED IN THE MATERIALS, WHICH ARE PROVIDED “AS-IS”, WITHOUT WARRANTY AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, OR RESULTS. NEITHER M-H NOR ANY SOURCES SHALL BE LIABLE FOR ANY ERRORS OR OMISSIONS NOR SHALL THEY BE LIABLE FOR ANY DAMAGES, WHETHER DIRECT OR INDIRECT, SPECIAL OR CONSEQUENTIAL, INCLUDING LOSS OF PROFITS, EVEN IF ADVISED OF THE POSSIBILITY. IN NO EVENT SHALL THE CUMULATIVE LIABILITY OF M-H FOR ALL ACTIONS EXCEED THE AVERAGE MONTHLY FEE PAID BY SUBSCRIBER FOR ACCESS TO THE MATERIALS.
The foregoing terms shall survive any termination of your right of access to the Materials.
23. Medline® Database
National Library of Medicine ("NLM") represents that the materials provided in the Medline Database were formulated with a reasonable standard of care. Except for this representation, NLM MAKES NO REPRESENTATION OR WARRANTIES, EXPRESSED OR IMPLIED. THIS INCLUDES, BUT IS NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NLM SPECIFICALLY DISCLAIMS ALL SUCH WARRANTIES AND REPRESENTATIONS.
You may download NLM-produced citations and reuse these records within your organization or institution. NLM suggests that organizations limit the number of records to 1,000 per month. Since NLM makes corrections and enhancements to and performs maintenance on these records at least annually, you should plan to replace or correct the records once a year to ensure that they are still correct and searchable as a group.
NLM databases are produced by a U.S. government agency and as such the contents are not covered by copyright domestically. They may be copyrighted outside the U.S. Some NLM produced data is from copyrighted publications of the respective copyright claimants. Users of the NLM databases are solely responsible for compliance with any copyright restrictions and are referred to the publication data appearing in the bibliographic citations, as well as to the copyright notices appearing in the original publications, all of which are incorporated by reference. Users should consult legal counsel before using NLM-produced records to be certain that their plans are in compliance with appropriate laws.
All records must be identified as being derived from NLM databases.
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
24. News International Associated Services Limited Materials (Times Newspapers Limited, News Group Newspapers, TSL Education Limited)
You and your authorized users may not, without the prior written permission of LexisNexis, host or store portions of The Times, The Sunday Times, The Sun, News of the World, The Times Educational Supplement or The Times Higher Educational Supplement (which are accessed through the LexisNexis Services) on your Intranet in any library or archive of information intended to be accessed by another party.
25. Newsweek Magazine
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
26. New York State Unified Court System Materials
The New York State Unified Court System ("UCS") does not warrant the comprehensiveness, completeness, accuracy or adequacy for any particular use or purpose of the information contained in its databases and expressly disclaims all other warranties, express or implied, as to any matter whatsoever. Neither the UCS, its courts, court‑related agencies or its officers or employees shall be responsible for any loss or damage caused by the use of the information contained in any of its databases.
27. PDQ Database
NATIONAL CANCER INSTITUTE ("NCI") represents that the PDQ Database was formulated with a reasonable standard of care. EXCEPT FOR THE FOREGOING, NCI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PDQ DATABASE.
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
28. RUSSICA DiaLine
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes. You may only retain insubstantial portions of these materials in machine-readable form for a temporary period of time.
Information in RUSSICA DiaLine is provided by RUSSICA-Izvestia Information, Inc. ("RUSSICA") and is derived from sources which RUSSICA considers to be sufficiently reliable to justify inclusion. RUSSICA MAKES NO WARRANTIES, EXPRESS OR IMPLIED, RELATING TO INFORMATION IN RUSSICA DIALINE, INCLUDING WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR REPRESENTATIONS ABOUT THE ACCURACY OR COMPLETENESS OF THE INFORMATION. THE ENTIRE RISK OF USING THE INFORMATION IN RUSSICA DIALINE LIES WITH THE USER. RUSSICA shall not be liable in any way to you or any third party who may use the information in or from RUSSICA DiaLine or to any other person whatsoever for any damages arising in any way out of delays, inaccuracies, errors or omissions in RUSSICA DiaLine or information therein.
UNDER NO CIRCUMSTANCES WILL RUSSICA BE LIABLE TO USERS FOR ANY DAMAGES FOR ANY REASON WHATSOEVER, WHETHER CONSEQUENTIAL, DIRECT, INDIRECT OR INCIDENTAL, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOSS OF USE, EVEN IF RUSSICA HAS BEEN APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES OCCURRING
29. SunGard Reference Data Solutions Inc. Materials (including Tradeline® Securities Database)
All information provided by SunGard Reference Data Solutions Inc. and its licensors ("Information") is the property of the respective owners. Except for viewing by you for personal, internal use as expressly authorized by the respective owners, the Information may not be reproduced, modified, transmitted, or distributed without such owner’s prior written consent. No changes or deletions may be made to any attribution, trademark, legend or proprietary rights notice associated with the Information. You acknowledge that the Information is intended for use as an aid to institutional investors, registered brokers or professionals of similar sophistication in making informed judgments concerning securities. You accept responsibility for, and acknowledge that you exercise your own independent judgment in, its selection of the Information, your selection of the use or intended use of such, and any results obtained. Nothing contained herein shall be deemed to be a waiver of any rights existing under applicable law for the protection of investors. SUNGARD REFERENCE DATA SOLUTIONS INC. AND ITS LICENSORS PROVIDE THE INFORMATION "AS IS", WITHOUT ANY WARRANTIES, EXPRESS OR IMPLIED OR ARISING UNDER CUSTOM OR USAGE OR TRADE OR BY OPERATION OF LAW. SUNGARD REFERENCE DATA SOLUTIONS INC. AND ITS LICENSORS DO NOT WARRANT THE ACCURACY, TIMELINESS, COMPLETENESS, ADEQUACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OF THE INFORMATION OR PROVIDE A WARRANTY AGAINST NONINFRINGEMENT AND NEITHER SUNGARD REFERENCE DATA SOLUTIONS INC. NOR ITS LICENSORS SHALL BE LIABLE TO YOU OR TO ANY THIRD PARTY WITH RESPECT TO ANY ACTUAL OR ALLEGED INACCURACY, UNTIMELINESS, INCOMPLETENESS, INADEQUACY, UNMERCHANTABILITY OR UNFITNESS ARISING FROM USE OF THE INFORMATION. FT Interactive Data is a third party supplier of data to SunGard Reference Data Solutions Inc.
30. Tax Analysts’ Databases
“Tax Analysts’ materials are made available to assist members of the bar, accountants, and members of the public, but not to provide legal advice to any person. Although Tax Analysts believes that the information in the Licensed Materials is accurate, necessarily each user must exercise professional judgment or involve a professional to provide such judgment when using these materials and take responsibility for their use. Tax Analysts does not make, and no user receives, any warranty with respect to them, AND PARTICULARLY NO WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE AND NO WARRANTY OF MERCHANTABILITY. NO EMPLOYEE OR AGENT OF TAX ANALYSTS IS AUTHORIZED TO PROVIDE, AND THE USER MAY NOT RELY ON, ANY REPRESENTATIONS OR WARRANTIES, WHETHER ORAL OR WRITTEN, WITH RESPECT TO THE LICENSED MATERIALS BEYOND THOSE CONTAINED IN THIS PARAGRAPH. Tax Analysts will defend against good faith, reasonable claims that use of the Licensed Materials infringes the copyright or other rights of any person.”
31. Uniform Commercial Code Filing Records
Uniform commercial code filing records are provided for informational purposes only. Accuracy and completeness of these materials are not warranted. Verification of these materials can be obtained through the appropriate public offices.
32. Voxant, Inc. Materials
- Fair Disclosure Wire Materials (Event Transcripts and Event Briefs) only:
Voxant, Inc. and/or CCBN, Inc. reserve the right to make changes to documents, content, or other information in these materials without obligation to notify any person of such changes.
In the conference calls upon which Event Transcripts and Event Briefs are based, companies may make projections or other forward-looking statements regarding a variety of items. Such forward-looking statements are based upon current expectations and involve risks and uncertainties. Actual results may differ materially from those stated in any forward-looking statement based on a number of important factors and risks, which are more specifically identified in the companies’ most recent SEC filings. Although the companies may indicate and believe that the assumptions underlying the forward-looking statements are reasonable, any of the assumptions could prove inaccurate or incorrect and, therefore, there can be no assurance that the results contemplated in the forward-looking statements will be realized.
THE INFORMATION CONTAINED IN EVENT TRANSCRIPTS IS A TEXTUAL REPRESENTATION OF THE APPLICABLE COMPANY’S CONFERENCE CALL AND WHILE EFFORTS ARE MADE TO PROVIDE AN ACCURATE TRANSCRIPTION, THERE MAY BE MATERIAL ERRORS, OMISSIONS, OR INACCURACIES IN THE REPORTING OF THE SUBSTANCE OF THE CONFERENCE CALLS. IN NO WAY DO VOXANT, INC. OR CCBN, INC. ASSUME ANY RESPONSIBILITY FOR ANY INVESTMENT OR OTHER DECISIONS MADE BASED UPON THE INFORMATION PROVIDED IN ANY EVENT TRANSCRIPT. USERS ARE ADVISED TO REVIEW THE APPLICABLE COMPANY CONFERENCE CALL ITSELF AND THE APPLICABLE COMPANY’S SEC FILINGS BEFORE MAKING ANY INVESTMENT OR OTHER DECISIONS.
THE INFORMATION CONTAINED IN EVENT BRIEFS REFLECTS CCBN, INC.’S SUBJECTIVE CONDENSED PARAPHRASE OF THE APPLICABLE COMPANY’S CONFERENCE CALL AND THERE MAY BE MATERIAL ERRORS, OMISSIONS, OR INACCURACIES IN THE REPORTING OF THE SUBSTANCE OF THE CONFERENCE CALLS. IN NO WAY DO VOXANT, INC. OR CCBN, INC. ASSUME ANY REPONSIBILITY FOR ANY INVESTMENT OR OTHER DECISIONS MADE BASED UPON THE INFORMATION PROVIDED IN ANY EVENT BRIEF. USERS ARE ADVISED TO REVIEW THE APPLICABLE COMPANY’S SEC FILINGS BEFORE MAKING ANY INVESTMENT OR OTHER DECISIONS.
- Charlie Rose materials only:
THE MATERIALS ARE PROVIDED ON AN “AS IS” BASIS. NEITHER VOXANT, INC. NOR CHARLIE ROSE INC. MAKES ANY WARRANTY OF ANY KIND CONCERNING THE ACCURACY OF THE MATERIALS OR THEIR FITNESS FOR ANY PARTICULAR PURPOSE.
- All Materials:
These materials are not legal transcripts for purposes of litigation.
33. Washington Post
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
34. West Publishing Company Materials
You may use materials provided by West Publishing Company for research purposes only, and may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
35. Ziff Davis Media Inc. Materials
You may not publish, broadcast, sell or otherwise redistribute these materials for commercial purposes.
36. LexisNexis Nexis® Solutions Materials
Your use of the LexisNexis Nexis® Solutions Materials (“Nexis Materials”) is subject to the following additional terms and conditions:
- Permissible Purposes. You shall use the Nexis Materials only in accordance with the license granted in your Agreement and in any event for no purposes other than due diligence and compliance, media monitoring, reputation and brand management, market and competitive intelligence, governance risk management, or news gathering and dissemination. Your use of any risk and diligence services contained in the Nexis Materials shall be solely for your own internal legitimate business purposes and limited to the purposes of:
- Identity verification;
- Detection, investigation, assessment, monitoring and prevention of fraud or other crime;
- Assessment, mitigation and management of financial and business risk;
- Compliance with anti-money laundering (AML), counter-terrorism financing (CTF), anti-bribery and corruption (ABC), know your client (KYC), modern slavery, or similar legal obligations;
- Assessment of the risk of default and provision of a risk-based score and/or credit risk attributes of an organization;
- Reconnecting assets with an individual or organization on their behalf;
- Finding prospective donors;
- Data cleaning or appending against your own database for general communication; or
- Production of analytical models, evaluation of a service, or product research and development.
- Data Protection. If and to the extent that any Data Laws of the European Union or its member states, the European Economic Area, the United Kingdom or Switzerland (“EU Data Laws”) apply to your use, then the following additional terms apply:
- Definitions. The lowercase terms “controller,” “personal data” and “processing” shall have the meanings set forth in EU Data Laws.
- Transparency. If required of LN under the transparency obligations of EU Data Laws, you shall inform your clients, prospects and suppliers whose personal data LN receives as a controller that you share their personal data with LN as described in the LexisNexis Nexis® Solutions Processing Notice at https://www.lexisnexis.com/global/privacy/en/article-14-bis.page, and you shall make available to LN all information necessary to demonstrate your compliance with the foregoing.
- Legal Basis. You shall collect, use, share and otherwise process personal data that you obtain from the Nexis Materials only where you have a lawful ground to do so under EU Data Laws.
- Sensitive Data. You shall not use the personal data in or derived from the Nexis Materials in a manner which involves targeting or making decisions about individuals on the basis of their racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric characteristics, health, sex life, sexual orientation, or criminal convictions and offences or related security measures, except as authorized by EU Data Laws.
- Decision making. You shall not make any decisions about individuals which have a legal or similarly significant effect on them and are based solely on automated processing of their personal data in or derived from the Nexis Materials or based on their personal data in or derived from the Nexis Materials that is sourced from social media platforms.
- You shall make available to LN all information necessary to demonstrate your compliance with clauses (a) and (b) above.
- Prior to using any Materials to conduct vendor and supplier screening activities, you shall confirm to LN (via the mechanism provided within the Online Service) that you have provided all necessary notices to and obtained all necessary consents from individuals to enable it to conduct such screening activities in compliance with applicable Data Laws.
- You shall only process Materials where you have a lawful ground to do so under applicable Data Laws.
- You shall only use Materials in accordance with the license granted in your Agreement and in any event for no purposes other than media monitoring, due diligence, governance risk management, reputation management, information gathering, or compliance with your Know Your Client, anti-bribery & corruption, financial crime, anti-money laundering, counter terrorist financing, modern slavery, or other legal obligations. Your use of any LN risk and diligence products and services shall be limited to the following purposes:
- (a) In the prevention of Financial Crime, including Anti-Money Laundering ("AML") and Counter Terrorism Financing.
- (b) In the prevention of Financial Crime, including Anti-Bribery and Corruption ("ABC").
- (c) In assessing general business risks, including but not limited to AML, ABC, Fraud and commercial financial risks relevant to the business or its controlling persons.
- (d) In the process of reconnecting assets with a person.
- (e) In locating an individual not for asset reunification or debtor tracing purposes.
- (f) Data cleaning or appending against your own database for general communication.
- (g) In assessing the risk of default and provision of a risk based score and/or credit risk attributes of an individual.
- (h) In the investigation into a known or suspected fraud case to gain further information about an individual.
- (i) In fraud prevention or to aid with the discovery of fraud.
- (j) In the identity assurance process for any of your new or existing clients.
- (k) For internal production of analytical models, evaluation of a service or research.
- (l) For development and testing purposes.
- You shall not make any decisions about individuals which have a legal or similarly significant effect on them and which are based solely on automated processing of their LN Materials and/or information derived from Materials.
- You shall not make decisions about individuals based solely on Materials derived from any third-party social-media websites (such as Twitter, Facebook, etc.) ("Third Party Platforms") and/or information derived from such Materials.
- Where you are licensed to use the Materials for media monitoring or reputation management purposes, you shall not use the Materials and/or information derived from such Materials for such media monitoring or reputation management purposes in a manner which involves targeting or making decisions about individuals on the basis of their racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric characteristics, health, sex life, sexual orientation, or criminal convictions and offences or related security measures.
Online Services, Materials or Content that makes use of any EXARI® document automation software
- APPLICABILITY. These Supplemental Terms apply whenever you access or use any Online Services, Materials or Content that makes use of any EXARI® document automation software (the “Software”). These Supplemental Terms supplement and form a part of the LexisNexis Order Form, the General Terms and Conditions, and, where applicable, Site Terms and Conditions. To the extent of any conflict between these Supplemental Terms and any other applicable agreement, terms or form, these Supplemental Terms shall control.
- SUPPLIER STATUS. Exari Systems, Inc. and its affiliates, as the suppliers of the Software, are collectively deemed a “supplier” and a “supplier of Materials” under, and a third party beneficiary of, the General Terms and Conditions and under certain provisions specified in the Site Terms and Conditions. Such supplier, on its own behalf and without LexisNexis, may assert and enforce such provisions directly against you. However, nothing in the General Terms and Conditions, the Site Terms and Conditions, or these Supplemental Terms (or any Order Form related thereto) creates, or shall be construed to create, any obligation on the part of such supplier to you or to give you any rights against such supplier.
- RESTRICTION. You may not access or use, or allow anyone to access or use, any Online Services, Materials, or Content that makes use of any Software if you develop, sell or promote any document automation or assembly product or plan to do so.
- 4.1. In addition to all provisions relating in any way to confidentiality in the General Terms and Conditions and in the Site Terms and Conditions, you and the Authorised Users may not disclose, publish, publicly display, or distribute all or any part of any Software.
- 4.2. For purpose of enforcing these Supplemental Terms (and no other), the Order Form and the Agreement may be disclosed to Exari Systems, Inc and its affiliates or its professional advisors
- ADDITIONAL DISCLAIMER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXARI SYSTEMS, INC AND ITS SUPPLIERS EXCLUDE AND DISCLAIM ANY AND ALL WARRANTIES, REPRESENTATIONS AND CONDITIONS RELATING TO THE ONLINE SERVICES, MATERIALS OR CONTENT, WHETHER EXPRESS, IMPLIED OR STATUTORY, OR ARISING BY CUSTOM OR TRADE USAGE.
- NOT LEGAL ADVICE. IT IS YOUR AND EACH AUTHORISED USER’S RESPONSIBILITY TO REVIEW AND DETERMINE THE SUITABILITY OF ANY DOCUMENT GENERATED FROM THE ONLINE SERVICES, MATERIALS, OR CONTENT, AND TO CONSULT THEIR OWN INDEPENDENT LEGAL ADVISER BEFORE USING ANY SUCH DOCUMENT. NEITHER EXARI SYSTEMS, INC NOR ITS SUPPLIERS WARRANT OR GUARANTEE THAT ANY SOURCE DOCUMENT, AUTOMATED TEMPLATE, RESULTING DOCUMENT OR OTHER DOCUMENT INCLUDED WITH OR GENERATED FROM THE ONLINE SERVICES, MATERIALS, OR CONTENT IS ACCURATE, COMPLETE, UP TO DATE, LEGAL, LEGALLY EFFECTIVE, VALID UNDER THE LAWS OF ANY JURISDICTION OR FIT FOR ANY PURPOSE WHATSOEVER. BY MAKING THE ONLINE SERVICES, MATERIALS, AND CONTENT AVAILABLE, NEITHER EXARI SYSTEMS, INC NOR OUR SUPPLIERS IS PROVIDING LEGAL ADVICE, AND YOU AND THE AUTHORISED USERS SHALL NOT USE THE ONLINE SERVICES, MATERIALS, OR CONTENT AS A SUBSTITUTE FOR LEGAL ADVICE.
- 7.1. ALL LIMITATIONS OF LIABILITY AND DISCLAIMERS CONTAINED IN THIS AGREEMENT APPLY EVEN IF ANY PERSON IS INFORMED IN ADVANCE OF THE POSSIBILITY OF ANY DAMAGES.
- 7.2. You acknowledge that a breach by you or by Authorised Users of this agreement relating to confidentiality or the intellectual property of Exari Systems, Inc or its suppliers may cause irreparable harm to Exari Systems, Inc or its suppliers, as the case may be. In order to prevent or limit the harm of any such breach or anticipated breach, you agreed that we Exari Systems, Inc or its supplier, as the case may be, will be entitled to apply for immediate injunctive or other equitable relief (including ex parte relief) from a court of competent jurisdiction, without any additional findings of irreparable injury or the posting of any bond or security. No provision in the General Terms and Conditions or the Site Terms and Conditions, or in any Order Form relating thereto, that apply solely to a book or CD product shall not apply to the Software.