Statement of Work Additional Terms and Conditions for TRADs Data 

As of March 18, 2024

These Terms and Conditions are incorporated by reference into the Statement of Work. The Statement of Work, Master Service Agreement, attachments thereto and these Terms and Conditions (collectively the “Agreement” as may be amended, supplemented and/or modified from time to time), constitute the entire agreement between Customer and Vendor

1.    Customer accepts that the Data is provided “as-is,” with no warranties of any kind, whether express, implied in fact or by operation of law, or statutory, including without limitation, those as to quality, non-infringement, accuracy, completeness, timeliness, or correctness, and those warranties that might be implied from a course of performance or dealing or trade usage and warranties of merchantability and fitness for a particular purpose. 

2.    Customer understands and agrees that the Data contains sensitive information that is governed by various state and federal laws, including the Gramm-Leach-Bliley Act (15 U.S.C. § 6801-6809) (“GLBA”) and The Driver’s Privacy Protection Act (18 U.S.C. § 2721-2725) (“DPPA”), all of which the Customer certifies to comply. Customer agrees that it will certify its permissible use of the Data. 

2.1    If Customer receives Data subject to GLBA, Customer hereby certifies that the specific purpose(s) for which such Data will be requested, obtained and used by Customer is one or more of the following uses as described in, and as may be interpreted from time to time, by competent legislative, regulatory or judicial authority, and as being encompassed by Section (6802)(e) of the GLBA and the United States Federal Trade Commission rules promulgated thereunder: 

•    As necessary to effect, administer, or enforce a transaction requested or authorized by the consumer; 

•    To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; 

•    For required institutional risk control, or for resolving consumer disputes or inquiries; 

•    For use solely in conjunction with a legal or beneficial interest held by Customer and relating to the consumer; 

•    For use solely in Customer’s fiduciary or representative capacity on behalf of, and with the implied or express consent of, the consumer; 

•    To the extent specifically permitted or required under laws other than the GLBA, and in accordance with the Right to Financial Privacy Act of 1978, to law enforcement agencies, to self-regulatory organizations, or for an investigation on a matter related to public safety; or 

•    To comply with federal, state, or local laws, rules, and other applicable legal requirements. 

2.2    If Customer receives Data subject to DPPA, Customer hereby certifies that it will request, obtain, and use such Data only for one of the following permitted uses under the DPPA: 

•    Use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a federal, state, or local agency in carrying out that agency’s functions. 

•    Use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only to verify the accuracy of personal information submitted by the individual to the business or its agents, employees, or contractors; and, if such information as so submitted is not correct or is no longer correct, to obtain the correct information, but only for the purposes of preventing fraud by, pursuing legal remedies against, or recovering on a debt or security interest against, the individual. 

•    Use in connection with any civil, criminal, administrative, or arbitral proceeding, in any federal, state, or local court or agency, or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a federal, state, or local court. 

•    Use by any insurer or insurance support organization, or by a self-insured entity, or its agents, employees, or contractors, in connection with claims investigation activities, antifraud activities, rating, or underwriting. 

•    Use by an employer or its agent or insurer to obtain or verify information relating to a holder of a commercial driver’s license that is required under chapter 313 of title 49, U.S. Code. 

•    Use by any licensed private investigative agency or licensed security service for any purpose described above. 

3.    Customer agrees not to use the Data, in whole or in part, for consumer credit purposes, consumer insurance underwriting, employment purposes, tenant screening purposes, or for any other purpose(s) covered by the Federal Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.) (“FCRA”) or similar state statute. Customer agrees not to take any adverse action (as such term is used in the FCRA) based, in whole or in part, upon the information. 

4.    In addition to the restrictions otherwise contained herein, Customer shall not use the Vendor Services (each a “Prohibited Use”): 

4.1    for marketing purposes without the prior written consent of Vendor; 

4.2    in connection with or to advertise, sell, or exchange any products or services that involve: medical services, sexual paraphernalia; (ii) drugs or drug paraphernalia; (iii) adult films, recordings or magazines; (iv) weapons; (v) credit repair services; or (vi) any illegal or illicit activities; 

4.3    to underwrite insurance of any kind, including, but not limited to, to determine individual premiums for health insurance, to price individual health insurance benefits, or set copayment amounts; 

4.4    to determine credit or insurance eligibility of any individual consumer;

4.5    for any diagnostic or treatment purposes (such as diagnosing or treating a condition), including, but not limited to, changing, augmenting, or assigning any type of medical care, or determining the efficacy of any medical treatment plan(s) for an individual; 

4.6    to develop any model that would be used to predict the efficacy of any treatment for a condition, or the propensity for a consumer to fulfill or use a prescription drug or to obtain or use a medical device; and/or 

4.7    for purposes that are not within the Customer’s normal course of business.

5.    Customer acknowledges that Vendor retains all right, title, and interest under applicable contractual, copyright and related laws in the Data.  Customer shall use the Data consistent with such right, title and interest, subject to the license and use restrictions contained in these terms and conditions, and shall notify Vendor of any threatened or actual infringement thereof. 

6.    Vendor grants Customer a restricted personal, nonexclusive, non-transferable, non-sublicenseable, revocable license to obtain and use the Data solely for Permitted Uses as permitted by these terms and conditions and all Applicable Laws.  The license granted hereby is conditioned upon the Data not being accessed, used and/or distributed for any FCRA Purposes or for any Prohibited Uses.  Customer shall obtain and use the Data for Customer’s own internal business purposes consistent with these terms and conditions. The Data obtained by Customer shall be used for Customer’s exclusive one (1) time use in connection with the permissible use for which it was requested. 

7.    Customer agrees to take appropriate measures so as to protect against the misuse and/or unauthorized access of the Data.  Such misuse or unauthorized access shall include any unauthorized disclosure, release, viewing or other unauthorized access to the Data. 

8.    The Data may only be accessed from within the United States.  Customer will (i) limit access to Data to only those employees who have a need to access in connection with the duties and obligations under this Vendor Addendum; (ii) advise its employees having access to Data of the proprietary and confidential nature thereof and of the obligations set forth in these terms and conditions; (iii) track and monitor its access to Data; (iv) prevent any use not in conformance with these terms and conditions, and (v) maintain records sufficient to demonstrate compliance with its obligations under these terms and conditions. 

9.    Customer agrees to maintain appropriate administrative, technical and physical safeguards for the Data.  These safeguards shall (i) ensure the confidentiality of the Data; (ii) protect the Data against any anticipated threats or hazards to its security or integrity; and (iii) protect the Data against unauthorized access or use.  In the event that Customer learns or has reason to believe that the Data has been disclosed or accessed by an unauthorized party, Customer shall immediately give notice of such event to Vendor and shall comply with all Applicable Laws. 

10.    NEITHER VENDOR NOR ANY THIRD PARTY FROM WHOM VENDOR OBTAINS THE DATA SHALL BE LIABLE TO CUSTOMER OR TO ANY PERSON CLAIMING THROUGH CUSTOMER OR TO WHOM CUSTOMER MAY HAVE PROVIDED DATA FOR ANY LOSS OR INJURY ARISING OUT OF OR RELATED TO VENDOR’S OR THIRD PARTY’S ACTS OR OMISSIONS IN PROCURING, COMPILING, COLLECTING, INTERPRETING, REPORTING, COMMUNICATING, OR DELIVERING THE DATA.  IN NO EVENT SHALL VENDOR NOR ANY THIRD PARTY FROM WHOM VENDOR OBTAINS THE DATA BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES INCURRED BY THE OTHER PARTY AND ARISING OUT OF THE PERFORMANCE OF THIS VENDOR ADDENDUM, INCLUDING BUT NOT LIMITED TO LOSS OF GOOD WILL AND LOST PROFITS OR REVENUE, WHETHER OR NOT SUCH LOSS OR DAMAGE IS BASED IN CONTRACT, WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY, INDEMNITY, OR OTHERWISE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. IF, NOTWITHSTANDING THE FOREGOING, LIABILITY CAN BE IMPOSED ON VENDOR AND/OR ANY THIRD PARTY FROM WHOM VENDOR OBTAINS THE DATA, VENDOR AND ANY SUCH THIRD PARTY’S ENTIRE AGGREGATE LIABILITY SHALL BE LIMITED TO DIRECT DAMAGES NOT EXCEEDING THE AMOUNT OF FEES PAID BY CUSTOMER DURING THE SIX (6) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT WHICH GAVE RISE TO THE LIABILITY.

11.    Customer acknowledges that Vendor will permit Customer to access the Vendor Services and/or Vendor Technology only if Customer meets, and continues to meet, the credentialing standards reasonably established by Vendor from time to time.  Customer shall cooperate with Vendor’s credentialing procedures as may be reasonably required by Vendor. Vendor shall immediately notify Customer of any change in the information provided by Customer in its Vendor membership materials, including any change in control or ownership or control. If Vendor determines, in its sole discretion, that Customer does not meet or continue to meet Vendor’s credentialing standards, Vendor may immediately suspend and/or terminate Customer’s access to the Vendor Services and/or Vendor Technology or this SOW.

12.    If Customer is purchasing Predictive Attributes via Batch from Vendor, then the Predictive Attributes may only be used for social determinates of health use cases related to 

12.1    institutional risk control (such as, compliance with law and regulations, cost management in line with Medicare/Medicaid requirements, fraud prevention, and the like), 

12.2    to improve and/or enhance the provision healthcare (such as, identifying resource needs at population level (for instance, transportation and/or new facilities in certain areas)), and 

12.3    with patient consent.