General Terms of Service – Website Use
(Updated July 20, 2023)
- General
The websites of Trusaic.com, firstcapitolconsulting.com, humanefits.com , taxadvantage.us.com, acatimes.com, payparitypost.com, and any portals connected there to (each, the “Website,” and collectively the “Websites”) are operated by First Capitol Consulting, Inc. dba Trusaic (“Trusaic”, “we”, “our”, or “us”). By registering for and/or using the Website, including any service, software and/or content through or in the Website, you agree to be bound by all terms and conditions contained herein, and by reference (collectively, the “Terms”). If you use the Website on behalf of an entity, company or organization (collectively, “organization”) you agree to the Terms on behalf of yourself and the organization that you represent (collectively, “users”, “you”, or “your”).
Review these Terms thoroughly. The Terms is a legal agreement between you and Trusaic. If you do not agree to these Terms, then you may not use the services, software, and/or content provided through or in the Website (“collectively, the Services”).Trusaic reserves the right, in its sole discretion, to modify the Terms at any time by posting an updated version of the Terms on trusaic.com or by sending notification to the email address associated with your account. The most current version of the Terms will supersede all previous versions. Your continued access or use of the Website constitutes your acceptance to the Terms, as modified. Trusaic encourages you to periodically review the Terms to stay informed of our updates.
This Terms herein governing your use of the Services and incorporate by reference the following, as applicable:
- Trusaic’s Privacy Policy governing the use of the Website and the information you provide to Trusaic through the Website, which is available at https://trusaic.com/privacy-policy/.
- Additional Terms and Conditions, which may include those from third parties.
- Any terms provided separately to you for the Services under a separate written agreement (“Separate Written Agreement”).
- The Data Processing Addendum for Pay Parity® Services (“DPA”) to the extent such Services are subject to data protection laws, including but not limited to, EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the means EU General Data Protection Regulation 2016/679 (“GDPR”) and laws implementing or supplementing the GDPR (collectively, “Data Protection Laws”), as applicable ,which is available at https://trusaic.com/data-processing-addendum/.
- Electronic Communications.
When you visit the Website or send an email to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by email or by posting notices on this Website. You agree that all agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing.
- Eligibility.
Any use of or access to the Website by anyone under 13 is strictly prohibited and in violation of the Terms. Any use of or access to the Website by anyone under 18 is permitted only with the express written permission of such individual’s legal guardian, and by using the Website, you represent and warrant that you have received such permission. Individuals under 18 may use the Website solely for themselves and may not make use of the Website on behalf of any third party. The Website is not designed for use by or in connection with anyone under the age of 18, and you accept all responsibility that may arise from your use of the Website in connection with any minors. If you are over the age of legal majority and are using the Website on behalf of an organization, you represent and warrant that you have the authority to bind said organization by your use of the Website.
- Your Account.
If you use the Website, you are responsible for maintaining the confidentiality of your account (“Trusaic Account”) on the Website, username, password, and other sensitive information. You are responsible for all activities that occur in your Trusaic Account and you agree to accept responsibility for all activities that occur under your Trusaic Account. You acknowledge that Trusaic is not responsible for any loss or damage to you or to any third party incurred as a result of any unauthorized access and/or use of your Trusaic Account. You agree to inform us immediately of any unauthorized use of your Trusaic Account by email to [email protected].
- Organization Accounts and Administrators.
When you register for an account on the Website for your organization you may specify one or more administrators. The administrators will have the right to manage end users in your organization account. You are responsible for ensuring confidentiality of your organization account password, appointing administrators for managing your organization account, and ensuring that all activities that occur in connection with your organization account comply with the Terms. You are responsible for taking necessary steps to ensure that your organization does not lose control of the administrator accounts. In the event of a loss of control of the administrator accounts, you agree to inform us immediately by contacting us at [email protected]. Trusaic will provide control of the administrator accounts to an individual providing proof satisfactory to Trusaic demonstrating authorization to act on behalf of your organization. You agree not to hold Trusaic liable for the consequences of any action taken by Trusaic in good faith in this regard. You acknowledge that Trusaic is not responsible for any loss or damage to your organization or to any third party incurred resulting from the loss of control of your organization’s administrator accounts.
- Single Sign On.
Trusaic may make available access the Website via single sign on, which allows a user to use one set of login credentials (e.g., name and password) to access multiple applications through or within the Website (“SSO”). Trusaic provides SSO for the convenience of its users. However, SSO adds a risk to security in that an attacker who gains control over a user’s SSO credentials will automatically be granted access to every application to which the user has rights through the SSO.
- Third-Party Websites/Third-Party Services Links.
The Website may contain hyperlinks to third-party websites (“Linked Sites”), either to make their content available to you or to enable you to communicate directly with those third parties. The Linked Sites are not under the control of Trusaic and Trusaic is not responsible for the availability of such external sites and does not endorse and is not responsible or liable for any content, advertising, products, services, or other materials on or available from such sites. If you access a third-party website from the Website, you do so at your own risk, and the Terms and Privacy Policy of our Website do not apply to your use of such third-party sites. You agree to relieve Trusaic from any and all liability arising from your use of any third-party website, service, or content.
If you would like us to remove a link to your website that is included on the Websites, please contact us. See Contact Us (Section 29). Note that unless you have a legal right to demand removal, such removal will be at our discretion.
When linking to the Website, appropriate link text should always be used. From time to time, we may update the URL structure of the Website, and unless we agree in writing otherwise, you are responsible for updating said links. You must not use our logo to link to the Website without our express written permission. You must not frame the content of the Website or use any similar technology in relation to the content of the Website.Should we request the deletion of a link to any of the Websites that is within your control, you will delete the link promptly.
- Permissible and Prohibited Uses.
You are granted a non-exclusive, non-transferable, revocable license to access and use the Website strictly in accordance with these Terms and so long as you are in compliance with any applicable payment obligations. You warrant to Trusaic that you will not use the Website for any purpose that is unlawful or prohibited by these Terms. You may not use the Website in any manner which could damage, disable, overburden, or impair the Website or interfere with any other party’s use and enjoyment of the Website. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available or provided through the Website. Examples of prohibited uses of the Website include, but are limited to, the following: (a) deceptive and unfair trade practices; (b) placement on the site of any untrue, malicious, fraudulent, harassing, offensive or defamatory material, or any material that is irrelevant to a legitimate use of the Website; (c) introduction of viruses, worms or other programming routines that are intended to disrupt or interfere with the intended operation of the Website; (d) promotion of an unlawful activity or purpose, including any activity that could give rise to criminal or civil liability; (e) any activity that infringes on the copyright, patent, trademark or other rights of any person or entity; and (f) any manner that violates any applicable law, regulation or these Terms. If you engage in a prohibited use of the Website, you will be barred from any future use of the Website. Trusaic reserves the right to remove any content posted by any user that we determine in our sole discretion constitutes an impermissible use or a violation of these Terms.
- Copyright and Other Proprietary Rights.
You acknowledge and agree that the Website and all information, data and content included therein, including, but not limited to, texts, graphics, logos, icons and images, as well as the compilation thereof, and any software used on the Website, is the property of Trusaic or its licensors and is protected by copyright law and other laws that protect intellectual property and other proprietary rights. You agree to observe and abide by all copyright and other proprietary notices, legends or other restrictions contained in any such content and will not make any changes thereto. You agree not to modify, publish, transmit, reverse engineer, participate in the transfer or sale of, create derivative works, or in any way exploit any content, in whole or in part, contained on the Website. Trusaic content is not for resale. Your use of the Website does not entitle you to make any unauthorized use of any protected content, and in particular, you will not delete or alter any proprietary rights or attribution notices in any content. You will use protected content solely for your personal use and will make no other use of the content without the express written permission of Trusaic and/or otherwise the copyright owner. You agree that you do not acquire any ownership rights in any protected content. We do not grant you any licenses, express or implied, to the intellectual property of Trusaic or its licensors except as expressly authorized by these Terms.
The information contained in our newsletters, blogs, and articles on the Website (“Articles”) is intended for informational purposes only. You may not copy or disseminate any of the Articles unless you provide a statement of attribution to Trusaic. While Trusaic may make updates or other changes to the Articles from time to time, Trusaic makes no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the Articles. Any reliance you place on the Articles is therefore strictly at your own risk.
- Copyright Infringement Notification.
We respect the intellectual property rights of others just as we expect others to respect our rights. Pursuant to Digital Millennium Copyright Act, Title 17, United States Code, Section 512(c)(3) and any amendments and corresponding regulations (collectively, “Section 512"), a copyright owner or their agent may submit a takedown notice to our designated agent: Trusaic, attention: Legal, 520 South Grand Avenue, Suite 200, Los Angeles CA 90071, (877) 807-1055 or email at [email protected].
Such notice must comply with the requirements of Section 512(c)(3). Failure to do so will result in the notice not being processed.
- Information or Materials Provided by You.
Trusaic does not claim ownership of the information or materials you provide to Trusaic, or you provide on the Website (collectively “User Content”). However, by uploading or otherwise inputting your User Content on the Website, you are granting Trusaic permission to use your User Content in connection with any service that Trusaic may be providing to you. You represent and warrant that you own or otherwise control all of the rights to your User Content including, without limitation, all the rights necessary for you to upload or otherwise input the User Content.
We use Hotjar in order to better understand our users’ needs and to optimize the services we provide the user experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on which pages, which links they choose to click, what users do and do not like, etc.) and this enables us to build and maintain our services with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
- Your Personal Information.
You can view Trusaic’s Privacy Policy at https://trusaic.com/privacy-policy/. You agree to the Privacy Policy, and any subsequent amendments posted by Trusaic. You agree that Trusaic may use and maintain your data according to the Privacy Policy, as part of any Service.You give Trusaic permission to combine identifiable and non-identifiable information you enter or upload to the Website with that of other users. For example, this means that Trusaic may use your and other users’ non-identifiable, aggregated data to improve the Services or to design promotions and provide ways for you to compare business practices with other users to the extent permitted by applicable law.
- Accuracy of Information.
You acknowledge and agree that all information and materials contained in your User Content are true, accurate, current, and complete. You understand and agree that Trusaic must and will rely on the accuracy of your User Content in connection with any service that Trusaic may be providing to you. You further acknowledge and agree that if you provide Trusaic with incorrect or incomplete information or there is any error or omission in your User Content, Trusaic will not be liable for such incorrect or incomplete information, error or omission.
- No Professional Advice.
You acknowledge and agree that the Website and the Services are not intended as tax, accountancy, or legal advice of any nature. Although the Website and/or Services provide(s) access to various information and recommendations pertaining to tax, health benefits and coverage, employment and related issues, such content is provided for informational purposes only and should not be construed as tax, accountancy, or legal advice. You acknowledge and agree that you are solely responsible for determining the nature, potential value, and suitability, for yourself or your organization, of any information or recommendation obtained through the Services and/or contained on the Website. You acknowledge that, if any tax, accountancy, or legal advice is needed, you will take no action based upon such information or recommendation without first seeking independent tax, accountancy, or legal advice.
- International Usage.
The Website is controlled, operated and administered by Trusaic solely in our offices within the United States. You agree to comply with all local rules where you reside or your organization is located regarding online activities, email, and the Website. More specifically, but without limitation, you agree to comply with all applicable laws regarding the transmission of technical and personal data exported to or from the United States or the country in which you reside.
- Export Control/Economic Sanctions Compliance/Anti-Corruption.
The Website and the Services are subject to export control and economic sanctions laws, regulations, and orders issued by the United States and other countries with jurisdiction over transactions involving the Website and Services (“Export and Sanctions Laws”). Each party represents that it is not subject to any restrictions under Export and Sanctions Laws arising from the identification of any person or organization on a list that imposes comprehensive restrictions on exports or financial transactions. You will not require, encourage, or solicit the attendance to or use of the Website or any Services by individuals located in any destination subject to comprehensive export control or economic sanctions restrictions under applicable Export and Sanctions Laws, or otherwise use the Website or the Services in violation of Export and Sanctions Laws.
On behalf of your organization and yourself, you affirm that you have not and agree that you will not, in connection with the purchase of any of the Services or in connection with any other business transaction involving Trusaic, make or promise to make any payment or transfer anything of value, directly or indirectly: (i) to any governmental official or employee (including employees of government corporations or instrumentalities); (ii) to any political party, official of a political party or candidate (or to an intermediary for payment to any of the foregoing); (iii) to any officer, director or employee of Trusaic; or (iv) to any other person or entity if such payment or transfer would violate the laws of the country in which made or jurisdiction in which you operate or conduct commerce, or the laws of the United States, including but not limited to the U.S. Foreign Corrupt Practice Act (“FCPA”).
- Third-Party Beneficiaries.
The Website’s underlying service provider(s), Trusaic, its business partners, third-party suppliers and providers, account providers, licensors, officers, directors, employees, distributors and agents are expressly made third party beneficiaries of these Terms. Except as set forth in the immediately preceding sentence, nothing expressed or implied in these Terms are intended to confer, nor shall anything herein confer, upon any person other than the foregoing parties and the respective permitted successors or assigns of such parties, any rights, remedies, obligations or liabilities whatsoever.
- Orders.
You may order certain Services using the then-current ordering process(es) to secure such certain Services. All orders are subject to acceptance by Trusaic in its discretion. All of the information provided by or on your behalf must be current, complete, and accurate, and you are responsible for keeping such information updated. Order information may be subject to automatic processing by Trusaic for the purposes of managing your account.
- Payment and Late Payments
All payments for all Services are to be paid pursuant an invoice issued by Trusaic and/or under the terms of a Separate Written Agreement. To the extent that a Separate Written Agreement applies and there is a conflict with these Terms, such Separate Written Agreement governs and controls.
Trusaic reserves the right, in its discretion, to (i) suspend or terminate any Service or any portion thereof for non-payment of fees, and (ii) impose a charge to restore archived data from delinquent accounts.
- Term.
Unless stated otherwise in an applicable separate written agreement, Trusaic may, in its sole discretion and without notice, restrict, deny, or terminate your use of the Website, effective immediately, in whole or in part, if Trusaic determines that your use of the Website, is improper or substantially exceeds or differs from normal use by other users, raises suspicion of fraud, misuse, security concern, illegal activity or unauthorized access issues, to protect the integrity or availability of the Website and comply with applicable Trusaic policy, or if your use of the Website conflicts with Trusaic’s interests or those of another user of the Website and/or otherwise violates the Terms. Upon Trusaic’s notice that your use of the Website has been terminated you must immediately stop using the Website. Any such termination shall not affect Trusaic’s rights to any payments due to it. Trusaic may terminate a free account at any time. Sections 9 through 40 of these Terms, as applicable, will survive and remain in effect even if your use of the Website is terminated.
- Indemnification.
You agree to indemnify, defend and hold harmless Trusaic, its officers, directors, employees, agents and authorized representatives (“Trusaic Parties”), and any affiliates, licensors and any other potentially relevant third parties (collectively, “Trusaic Affiliates”), for any losses, costs, liabilities and expenses (including reasonable attorneys’ fees) relating to or arising out of your use of or inability to use the Website, your violation of any of the Terms, any rights of a third party, or any applicable laws, rules or regulations. Trusaic reserves the rightto assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you agree to fully cooperate with Trusaic Parties and/or Trusaic Affiliates, as applicable.
- Disclaimer of Warranties.
TRUSAIC MAKES NO EXPRESS, IMPLIED OR STATUTORY REPRESENTATIONS, WARRANTIES OR GUARANTEES IN CONNECTION WITH THE WEBSITE. UNLESS OTHERWISE EXPLICITLY STATED, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE WEBSITE IS PROVIDED TO YOU ON AN “AS-IS,” BASIS WITHOUT WARRANTY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS. TRUSAIC DOES NOT WARRANT THAT THE FUNCTIONS OR CONTENT CONTAINED ON THE WEBSITE WILL BE (I) UNINTERRUPTED, (II) IMPERVIOUS TO HACKERS, (III) ERROR FREE, (IV) THAT DEFECTS WILL BE CORRECTED, OR (IV) THAT THE SITE OR THE SERVER THAT MAKES SUCH SERVICES AVAILABLE ARE FREE OF VIRUS OR OTHER HARMFUL COMPONENTS. IF YOUR USE OF THE WEBSITE IS IN NEED FOR SERVING OR REPLACING EQUIPMENT OR DATA, TRUSAIC IS NOT RESPONSIBLE FOR ANY SUCH COSTS. TRUSAIC MAKES NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS OR TIMELINESS OF THE MATERIALS, CONTENT, SOFTWARE, AND/OR LINKS IN THE WEBSITE.
- Limitation of Liability.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL TRUSAIC BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OR PERFORMANCE OF THE WEBSITE, WITH THE DELAY OR INABILITY TO USE THE WEBSITE, THE PROVISION OF OR FAILURE TO PROVIDE SERVICES THROUGH THE WEBSITE, OR FOR ANY INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND RELATED GRAPHICS OBTAINED THROUGH THE WEBSITE, OR OTHERWISE ARISING OUT OF THE USE OF THE WEBSITE, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF TRUSAIC HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IF YOU ARE DISSATISFIED WITH ANY PORTION OF THE WEBSITE, OR WITH ANY OF THESE TERMS OF USE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING THE WEBSITE.
- Class Action/Jury Trial Waiver.
WITH RESPECT TO ALL PERSONS AND ENTITIES, REGARDLESS OF WHETHER THEY HAVE OBTAINED OR USED THE WEBSITE FOR PERSONAL, COMMERCIAL OR OTHER PURPOSES, ALL CLAIMS MUST BE BROUGHT IN THE PARTIES’ INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION OR OTHER REPRESENTATIVE PROCEEDING. THIS WAIVER APPLIES TO CLASS ARBITRATION, AND, UNLESS TRUSAIC AGREES OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIMS. YOU AGREE THAT, BY USING THE WEBSITE, YOU AND TRUSAIC ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING OF ANY KIND. NOTWITHSTANDING THE FOREGOING, THE RIGHT TO TRIAL BY JURY SHALL NOT BE WAIVED FOR ANY DISPUTE ARISING OUT OF OR RELATING TO ANY SERVICE PROVIDED BY TRUSAIC.
- Governing Law.
To the maximum extent permitted by law, these Terms are governed by the laws of the State of California, and you hereby consent to the exclusive jurisdiction and venue of the courts in Los Angeles, California in all disputes arising out of or relating to the use of the Website. Use of the Website is unauthorized in any jurisdiction that does not give effect to all provisions of these Terms, including, without limitation, this section.
- Modification of Terms and Conditions of Use.
Trusaic reserves the right, in its sole discretion, to modify the Terms at any time by posting an updated version of the Terms on trusaic.com or by sending notification to the email address associated with your account. The most current version of the Terms will supersede all previous versions. Your continued access or use of the Website constitutes your acceptance to the modified terms. Trusaic encourages you to periodically review the Terms to stay informed of our updates.
- Assignment/Entire Agreement.
Any rights and licenses granted hereunder may not be transferred or assigned by you, but may be assigned by Trusaic without restriction. Any attempted transfer or assignment in violation hereof shall be null and void.
Unless otherwise specified herein, these Terms constitutes the entire agreement between you and Trusaic with respect to the Website and it supersedes all prior or contemporaneous communications and proposals, whether electronic, oral or written, between you and Trusaic with respect to the Website, except as to any separate written agreement for Services with Trusaic. A printed version of these Terms and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to these Terms to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form. It is the express wish to the parties that these Terms and all related documents be written in English.
- No Formation of Joint Venture/Partnership/Employment/Agency Relationship.
You agree that no joint venture, partnership, employment, or agency relationship exists between you and Trusaicas a result of these Terms or use of the Website. Trusaic’s performance under these Terms are subject to existing laws and legal process, and nothing contained in these Terms is in derogation of Trusaic’s right to comply with governmental, court and law enforcement requests or requirements relating to your use of the Website or information provided to or gathered by Trusaic with respect to such use. If any part of these Terms is determined to be invalid or unenforceable pursuant to applicable law including, but not limited to, the warranty disclaimers and liability limitations set forth above, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of the Terms shall continue in effect.
- Contact Us.
The Website is provided by Trusaic. If you have any questions regarding the Terms, please contact us by phone or email at:
Trusaic
Attn: Legal Department
520 South Grand Avenue, Suite 200
Los Angeles, CA 90071
(213) 382-1115
[email protected]
If you are a California resident, in accordance with Cal. Civ. Code §1789.3, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the Department of Consumer Affairs by contacting them at:
Department of Consumer Affairs
Attn: Complaint Assistance Unit
1625 North Market Blvd., Suite N 112
Sacramento, CA 95824
(800) 952-5210
(916) 445-1254
- Some features, functionality and services on our Website may be explicitly governed by additional terms and conditions, including by third parties (“Additional Terms and Conditions”). You agree to review all such Additional Terms and Conditions relating to Trusaic’s products and services, as applicable to you. In the event of any conflict between these Terms and the Additional Terms and Conditions, the Third-Party Additional Terms and Conditions shall govern and control, unless they expressly state that these Terms will control.
- Written Service Agreements.With respect to Services provided under a Separate Written Service Agreement, the General Terms of Service for written services agreements expressly override any contradictory Terms contained herein.
General Terms of Service – Written Service Agreements
(Updated July 20, 2023)
1.1 General
1.1.1 To the extent that these General Terms of Serviceconflict with or are inconsistent with any provision in a Master Services Agreement or other service agreement and/or Order Schedule (if applicable) with the Client, the Order Schedule (if applicable) shall take precedence, followed by the Master Service Agreement or other service agreement, followed by these General Terms of Service, and then, as applicable, the General Terms of Service – Website Use (collectively referred to as “Agreement” in this Section1).
1.1.2 Trusaic is authorized to begin performing the services identified in the Agreement (referred to as “Services” in this Section 1) immediately upon execution of the Agreement. Trusaic reserves the right to withhold commencement of any Service until after receipt of the applicable payment and documentation as set forth in the Agreement.
1.1.3 Trusaic reserves the right, in its sole discretion, to modify the General Terms of Service at any time by posting an updated version of the Terms on trusaic.com or by sending notification to the email address associated with your account. The most current version of the Terms will supersede all previous versions. Your continued access or use of the Website constitutes your acceptance to the Terms, as modified. Trusaic encourages you to periodically review the Terms to stay informed of our updates
1.1.4 CLIENT RESPONSIBILITIES - DUTY TO COOPERATE AND PROVIDE ACCURATE, COMPLETE, AND TIMELY INFORMATION: Client acknowledges Client’s obligation to cooperate with Trusaic in performing the Services. Client agrees to timely provide Trusaic with any and all information, as applicable and required by Trusaic to perform the Services and carry out its obligations under the Agreement (collectively, “Client Data”). Client shall be responsible for, and Trusaic may rely upon, the accuracy and completeness of all Client Data and the timely furnishing of such Client Data. Failure to timely provide accurate and complete Client Data may result in inaccurate and/or incomplete analysis(es), report(s), result(s) and/or form(s) prepared or generated by Trusaic under this Agreement and/or noncompliance with any applicable deadlines, none of which Trusaic shall not be liable.
1.2. COMPENSATION
1.2.1 FEES: Client shall compensate Trusaic for Services performed pursuant to the terms set forth in the Agreement. All other services not specified in the Agreement shall be considered “Additional Services,” and, unless otherwise set forth in the Agreement, shall entitle Trusaic to additional compensation pursuant to a mutual written agreement. Fees are non-refundable.
1.2.2 INVOICES: Invoices shall be prepared in accordance with Trusaic’s standard practices and be submitted to Client by Trusaic. Invoices shall be paid within twenty (20) days of date of invoice, except as to services related to Employee Retention Credit, in which case payment is due within ten (10) days of date of invoice (the “Due Date”). Trusaic will charge interest at the rate of 1.5% on the unpaid balance for each month period from the Due Date. For any electronic payment, payment will be considered to have been by Trusaic in the bank account designated by Trusaic for such payments. As applicable, Client agrees to pay a charge of $50 for each returned check for Non-Sufficient Funds (NSF). In addition, Trusaic may, after giving ten (10) days written notice to Client, suspend the Services until Trusaic has been paid in full all amounts due. Trusaic has the option to credit payments first to interest, if any, and then to principal. Within seven (7) days of receipt of each invoice, Client shall give written notice to Trusaic of any amount shown in such invoice that Client disputes in good faith, which notice shall include a reasonably detailed explanation of the disputed amount and the ground(s) for the dispute. Client’s failure to dispute any portion of an invoice within the seven days shall be deemed acceptance by Client of such invoice and no further objections to the invoice will be permitted or accepted. In the event of a disputed invoice, only that portion so disputed may be withheld from payment, and the undisputed portion shall be paid without delay.
1.2.3 PAYMENTS UPON TERMINATION: In the event of any termination of the Agreement, Trusaic shall be entitled to invoice Client, which may be in the form of a demand letter, and Client agrees to pay Trusaic for Services performed through the effective date of termination. Additionally, in the event of an early termination of the Agreement through no material fault of Trusaic, any and all fees under the Agreement for the balance of the Initial Term and any applicable Additional Term shall be accelerated and the full amount of such fees shall become immediately due to Trusaic.
1.2.4 TAXES: All fees under the Agreement are exclusive of all taxes, including, but not limited to, as applicable, VAT, and General Excise Tax under Hawaiian law. Client is responsible for all taxes. Trusaic may be required to charge sales tax under the Agreement pursuant to certain state and local tax laws. Any applicable sales tax charges will appear on Client’s annual invoice. If exempted, Client must provide documentation to Trusaic of such exemption. For Clients located in states requiring imposition of sales tax, Client’s state and/or local government may require Client to report Client’s purchase and pay appropriate sales/use tax amounts to them directly.
1.3. TERMINATION
1.3.1 TERMINATION FOR CAUSE: The Agreement may be terminated for cause by either party upon fifteen (15) days’ written notice to the other party in the event of substantial and material failure by the other party to perform in accordance with the terms of the Agreement through no fault of the terminating party. However, the Agreement shall not terminate as a result of such failure if the party receiving such notice begins, within two (2) days of receipt of such notice, to correct its failure to perform and proceeds diligently to cure such failure within fifteen (15) days of receipt of such notice; provided, however, that if and to the extent such failure cannot be reasonably cured within such fifteen (15) day period, and if such party has diligently attempted to cure the same and thereafter continues diligently to cure the same, then the cure period provided for herein shall be extended up to, but shall not exceed, in total, thirty (30) days after the date of receipt of notice. Reserving all other rights, Trusaic shall have the option to deem a failure to provide Client Data and/or make payment of an outstanding invoice or invoices for more than 60 days as a substantial and material failure by the Client. The termination of the Agreement pursuant to this Section 1.3.1 shall not affect any rights or remedies of either party against the other then existing or which may thereafter accrue.
1.3.2 TERMINATION BY TRUSAIC: In addition to the rights set forth in Section 1.3.1 above, the obligation to provide the Services may be terminated by Trusaic upon ten (10) days’ written notice if (a) Client files a voluntary petition seeking relief under the United States Bankruptcy Code or there is an involuntary bankruptcy petition filed against Client in the United States Bankruptcy Court or (b) Trusaic’s Services are delayed or suspended for more than sixty (60) days for reasons beyond Trusaic’s control. Trusaic shall have no liability to Client arising from a termination pursuant to this Section 1.3.2.
1.4 CONFIDENTIALITY AND DATA SECURITY
1.4.1 CLIENT USE OF TRUSAIC DOCUMENTS: Except as to the underlying content consisting of Client Data, Trusaic shall retain ownership and a property interest (including the right of reuse at the discretion of Trusaic) in any report and other work product, and any other deliverables (whether in printed or electronic format) provided by Trusaic in connection with its Services (the “Trusaic Documents”) whether or not the Services have been completed. Notwithstanding the foregoing, Trusaic hereby grants to Client a royalty-free, non-exclusive unlimited license to utilize the Trusaic Documents (excepting Trusaic Templates, defined below) provided to Client as part of the Services and Client may also make and retain copies of the Trusaic Documents (other than Trusaic Templates) for information and reference. Any reuse or modification of Trusaic Documents by Client without written verification by Trusaic will be at Client’s sole risk and without any liability to Trusaic. Further, Client agrees not to use or permit any third party to use any drafts of Trusaic Documents. Client agrees it shall be solely responsible and liable for any such use of draft Trusaic Documents and waives liability against Trusaic for its use. Client shall indemnify and hold harmless Trusaic, from all claims, causes of action, damages, losses, and costs, including attorneys’ fees, arising out of or resulting from the use of draft Trusaic Documents or any reuse or modification of draft Trusaic Documents without verification by Trusaic.
1.4.2 CONFIDENTIALITY OF TRUSAIC TEMPLATES: Trusaic may provide one or more confidential templates to Client as part of the Client Data collection process (“Trusaic Templates”). Such Trusaic Templates are confidential and proprietary to Trusaic and may be used solely for the purpose of providing Client Data to Trusaic.
1.4.3 CONFIDENTIALITY OF CLIENT DATA: To the extent that Client provides any designated proprietary or confidential Client Data (including but not limited to, Client Data as described in the Agreement, which itself includes but is not limited to “Employee Information” defined below) to Trusaic, Trusaic will not use or disclose such Client Data to any third party (including employees who do not have a need to know in performing the Services) without Client’s written consent except as (1) required by law or regulation, (2) in connection with a dispute arising out of the Agreement and only to the extent necessary, or (3) to the extent that such Client Data (a) has become publicly available through no fault of Trusaic, (b) available from a third party without restriction as to use or disclosure, (c) is known by Trusaic prior to its receipt from Client, or (d) is developed by Trusaic independent of any disclosure made by Client to Trusaic of such Client Data.
1.4.4 PRIVACY OF EMPLOYEE INFORMATION: The personal information of Client’s employees within the Client Data (“Employee Information”) shall only be used by Trusaic as necessary to perform the Services and/or as required by law and pursuant to Trusaic’s Privacy Policy, https://trusaic.com/privacy-policy/ and, the Data Processing Addendum to the extent such Services are subject to data protection laws, including but not limited to, EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the means EU General Data Protection Regulation 2016/679 (“GDPR”) and laws implementing or supplementing the GDPR (collectively, “Data Protection Laws”), as applicable ,which is available at https://trusaic.com/data-processing-addendum/.
1.4.4.1 ACA Services
For an Agreement providing for ACA Complete,®ACA Essential,®ACA Basic®or other ACA related services, Trusaic shall (a) use appropriate safeguards to prevent the misuse or unauthorized disclosure of Employee Information, including any protected health information, (b) report to Client promptly (except as to any electronic protected health information, which requires prompt reporting but no later than five (5) business days) following discovery of any such misuse or unauthorized disclosure or any related pertinent security incident of which Trusaic becomes aware, and (c) if applicable, ensure that any Trusaic subcontractors that create, receive, maintain, or transmit information on behalf of Trusaic agree to the same restrictions that apply to Trusaic with respect to such information. Additionally, to the extent applicable, Trusaic shall (d) make available an employee’s protected health information in a designated record set, if any, to such employee, (e) make any amendment(s) to protected health information in a designated record set, if any, as directed or agreed to by Client, (f) maintain and make available employee’s protected health information, if any, required to provide an accounting of disclosures to employee, and (g) make Trusaic’s internal records relating to employee’s protected health information, if any, available to the Secretary of Department of Health and Human Services as required by law.
Upon termination of the Agreement, with respect to any employee protected health information received from Client, or created, maintained, or received by Trusaic on behalf of Client, Trusaic shall (h) retain only that information which is necessary for Trusaic to continue proper management and administration and/or to carry out its legal responsibilities while continuing the use of safeguards to prevent any misuse or unauthorized disclosure, and (i) return to Client or destroy the remaining employee protected health information, if any, that Trusaic still maintains. The obligations of Trusaic under this Section 31.4.4.1 shall survive the termination of the Agreement.
1.4.4.2 Pay Parity®, WOTC and Employee Retention Credits Services
For an Agreement for Pay Parity, Work Opportunity Tax Credit, Federal Empowerment Zones or related tax credit (collectively, “WOTC”), or Employee Retention Credits related services, Trusaic shall (a) use appropriate safeguards to prevent the misuse or unauthorized disclosure of Employee Information, (b) report to Client promptly following discovery of any misuse or unauthorized disclosure or any related pertinent security incident of which Trusaic becomes aware, and (c) if applicable, ensure that any Trusaic subcontractors that create, receive, maintain, or transmit information on behalf of Trusaic agree to the substantially the same restrictions that apply to Trusaic with respect to such information.
1.4.5 DATA SECURITY. Trusaic will maintain and enforce an information security program for the protection of Employee Information, including commercially reasonable administrative, physical, and technical measures designed to (i) protect the confidentiality, availability and integrity of Employee Information, (ii) restore the availability of Employee Information in a timely manner in the event of a security incident, and (iii) ensure the proper disposal and destruction of Employee Information pursuant to Trusaic’s document retention policies. Trusaic will notify Client, as required by applicable law, of any actual or reasonably suspected breach of security known to Trusaic that has resulted in, or creates a reasonable risk of, unauthorized access to Employee Information without undue delay, consistent with the legitimate needs of law enforcement and with any measures necessary to determine the scope of the breach.
1.4.6 DATA PROCESSING: As applicable, Trusaic shall comply with the documented instructions from the Client pursuant to a “Data Processing” or similar agreement unless Trusaic believes that it cannot do so because such instructions conflict with applicable law and so notifies the Client. For Pay Parity Services, where applicable, the DPA, shall apply.
1.4.7 AGGREGATED AND/OR DE-IDENTIFIED INFORMATION: To improve Trusaic’s current services and develop additional features and other services, Trusaic (i) may create aggregate and/or anonymized Client Data, which may include Client Data as described in the Agreement (“Aggregated Data”), (ii) combine such Aggregated Data with that of other clients; and, (iii) has the exclusive ownership of any Aggregated Data and the exclusive right to use Aggregated Data for any purpose provided that Trusaic does not use or distribute any AggregatedData in a manner which identifies Client (including Client employees).
1.5. LIMITATIONS AND INDEMNITY
1.5.1 TRUSAIC’S LIABILITY LIMITED TO THE AMOUNT OF ITS FEES: To the fullest extent permitted by law, the total liability, in the aggregate, of Trusaic, to Client and to anyone claiming by, through, or under Client for any and all claims, causes of action, losses, costs (including attorneys’ fees and costs), or damages arising out of, resulting from, or in any way related to the Services (“Claims”) shall not exceed the total compensation received by Trusaic from Client under the Agreement for a period of six months of services under the Agreement prior to the date of the applicable Claim.
1.5.2 INDEMNIFICATION AGAINST THIRD PARTY CLAIMS: Client agrees to indemnify and hold harmless Trusaic of and from any and all third party (including employee) claims, causes of action, damages, losses, lawsuits, judgments, and costs (including any claim for attorneys’ fees by such third party and any defense costs and legal fees incurred by Trusaic), arising out of or relating to the Services.
1.5.3 DISCLAIMER OF LEGAL OR ACCOUNTANCY ADVICE/DISCLAIMER OF FIDUCIARY DUTY: The Services under the Agreement do not constitute legal or accountancy advice. Trusaic recommends that Client retain legal counsel or an accountant for such advice. The Agreement is not intended to, and does not, create or impose any fiduciary duty on Trusaic.
1.5.4 WORK OPPORTUNITY TAX CREDITS AND RELATED CREDITS (WOTC): In connection with any Services pertaining to the Work Opportunity Tax Credit, Federal Empowerment Zones or related tax credit (“WOTC Services”), unless the Agreement for WOTC Services specifies otherwise, if you fail to pay such any applicable government fees, and to the extent that Trusaic, at its option, selects to advance those government fees to secure the tax credits, you agree to reimburse Trusaic for any such government fees, and indemnify and hold Trusaic harmless against any other claim, liability and/or penalties resulting therefrom.
1.6. PAY PARITY SOFTWARE (“PPS”)
1.6.1 Access to PPS Software. Subject to the terms of the Agreement and payment of all applicable fees, Trusaic grants Client a limited-term, non-exclusive, non-sublicensable, non-transferable (except as expressly permitted herein) and revocable right to access and use PPS Software only for the Term and as specified in the Agreement solely for Client’s internal business purposes.
1.6.2 Responsibilities using PPS Software. In using the PPSSoftware, Client is responsible for: (i) the confidentiality of user access credentials that are in Client’s possession or control; (ii) setting up appropriate internal roles, permissions, policies and procedures for the safe and secure use of the PPSSoftware, (iii) the activity of Client’s users in the PPSSoftware; and (iv) Client’s users’ compliance with this Agreement. Client must notify Trusaic promptly if Client becomes aware, or reasonably suspect, that Client’s account’s security has been compromised.
1.6.3 Restrictions. Except as expressly permitted in writing by Trusaic prior to each instance, Client shall not: (i) provide the PPS Software to any third party other than Client’s users or otherwise violate or circumvent any use limitations or restrictions under the Agreement; (ii) derive the source code or use tools to observe the internal operation of, or scan, probe or penetrate, the PPS Software; (iii) copy, modify or make derivative works of the PPS Software; (iv) remove any proprietary markings or notices from any materials provided to Client by Trusaic; (v) frame or mirror the PPS Software or any part thereof; or (vi) use the PPS Software to send or store material containing viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs, for any other illegal or unlawful purpose and/or to knowingly facilitate or aid a third party in any of the foregoing activities.
1.6.4 AVAILABILITY. Trusaic will use commercially reasonable efforts to maintain availability of the PPS Software 24 hours a day, 7 days per week, subject to planned maintenance, Force Majeure (defined below), and the terms of this Agreement. Trusaic will endeavor to schedule planned maintenance affecting the availability of the PPS Software at non-peak times, and Client will receive reasonable advance notice (which may be posted within the PPS Software or otherwise) of such planned maintenance. Trusaic will use commercially reasonable efforts to notify Client as soon as reasonably practical of any unplanned downtime of the PPS Software and resolve the issue as soon as practical. In the event that Client’s use of the PPS Software interferes with or disrupts the integrity, security, availability or performance of the PPS Software, Trusaic may modify or temporarily restrict or suspend Client’s use of the PPS Software. The parties will cooperate in good faith to resolve the issue as soon as reasonably possible.
1.6.5 Technical Support. Software technical support may, at Trusaic’s discretion, include on-line help, FAQs, training guides, and templates and the use of email or telephone call. Trusaic is not obligated to maintain or support any customization to the PPS Software or any third party service except under a separate, additional written agreement by the parties.
1.7.0 ADP MARKETPLACE CLIENT
In the event that Trusaic accesses Client Data for a Client obtained through the ADP Marketplace (“ADP Client”) whereby such access is through an API of ADP, LLC and/or any of its affiliates (collectively, “ADP”), Trusaic will pay ADP the applicable connector fee(s) on behalf of ADP Client provided that the ADP Client is a new client and enters the applicable promotional code onto the ACA Complete Application, which can currently be found at https://marketplace.adp.com/aca-complete. Additional provisions that apply to the ADP Client include the Terms of Service, including the provision set for in Section 40 below. For the avoidance of doubt, ADP disclaims any liability for any Claims arising from such API access and Trusaic’s liability is strictly limited to the remedy provided in Section 31.5.1.
1.8. GENERAL
1.8.1 ENTIRE AGREEMENT, AMENDMENT, SEVERABILITY AND WAIVER: The Agreement including these Additional Terms and Conditions, constitutes the entire agreement between Client and Trusaic and supersedes all prior written or oral understandings. The Agreement may only be amended, supplemented, modified, or canceled by a written instrument signed by the parties. The provisions of the Agreement are severable, and if any provision or part thereof is declared invalid or unenforceable, the remaining portions shall remain fully valid and enforceable. The non-enforcement of any provision by either party shall not constitute a waiver of that provision, nor shall it affect the validity or enforceability of that provision or of the remainder of the Agreement.
1.8.2 INDEPENDENT CONTRACTOR: The parties are independent contractors to each other. Nothing in the Agreement shall be construed to create a partnership, joint venture,employee, or agency relationship between the parties.
1.8.3 DISPUTE RESOLUTION; CONTROLLING LAW AND ATTORNEY’S FEES: Except as to nonpayment or inadequate payment under the Agreement, the parties agree that any lawsuit arising out of or relating to the Agreement shall be commenced no later than one year from time the Service(s) at issue is (are) provided. The parties agree to submit all disputes to mediation before a retired judicial officer prior to filing any lawsuit arising out of or relating to the Agreement. A failure by a party to respond to a mediation request or otherwise cooperate in the mediation process will be deemed to be a waiver of the mediation requirement by such party. The Agreement shall be governed by California law. The venue for any such mediation or lawsuit shall be in a court of competent jurisdiction in Los Angeles, California. If any legal action or proceeding is brought by either party to enforce the Agreement, the prevailing party shall be entitled to recover reasonable attorneys’ fees and other costs incurred in that action or proceeding (including, without limitation, expert witness fees), in addition to any other relief to which such party may be entitled.
1.8.4 NOTICES: All notices shall be made in writing, given personally, by registered or certified mail, by commercial courier service or by email. Any notice to Trusaic shall be to Trusaic, attention: Legal, 520 South Grand Avenue, Suite 200, Los Angeles California 90071, [email protected]. All notices shall be effective upon the date of receipt.
1.8.5 ASSIGNMENT: Client may not assign or transfer any rights or interest under the Agreement without Trusaic’s written consent.
1.8.6 SURVIVAL: All express representations, indemnifications, or limitations of liability set forth in the Agreement shall survive termination of the Agreement for any reason.
1.8.7 THIRD PARTY OBLIGATIONS: Nothing contained herein shall create any obligation or contractual relationship with any third party.
1.8.8 FORCE MAJEURE: Any delay or failure in the performance by either party to the Agreement except for the obligation to pay fees under the Agreement shall be excused if and to the extent caused by the occurrence of a Force Majeure. Force Majeure shall mean a cause or event that is not reasonably foreseeable or otherwise caused by or under the control of the party claiming Force Majeure, including acts of God, fires, floods, explosions, riots, wars, hurricane, terrorism, vandalism, governmental act, injunctions, strikes, pandemics and other like events that are beyond the reasonable anticipation and control of the party affected thereby, despite such party’s reasonable efforts to prevent, avoid, delay, or mitigate the effect of such acts, events or occurrences, and which events or the effects thereof are not attributable to a party’s failure to perform its obligations under the Agreement.
- Intentionally left blank.
- Intentionally left blank.
- Intentionally left blank.
- Intentionally left blank.
- Intentionally left blank.
- Partner Portal.
If you are using Trusaic’s Partner Portal, which is currently accessible through partners.trusaic.com, (“Partner Portal”), to the extent applicable to you, you agree to the following additional terms.
7.1 If you become a Trusaic “partner” through the Partner Portal, and furnish any personally identifying information of any individual who is an employee or otherwise associated with your client or other third party (“Individual PII”), you agree to the following additional terms:
7.1.1 You agree to furnish any Individual PII to Trusaic exclusively through a secured file transfer site.
7.1.2 You represent and warrant that you are authorized to furnish the Individual PII by the individuals for whom the Individual PII applies. You agree to indemnify, defend and hold harmless Trusaic from any and all losses, liabilities, fines, compensation, damages, costs and expenses arising from or in connection with any allegation that you did not have authorization to furnish Individual PII to Trusaic (“PII Claim”). You agree that, at your sole expense, you will conduct the defense of any such PII Claim and all negotiations for its settlement or compromise; provided, however, that: (a) no settlement or compromise of such a PII Claim shall be entered into or agreed to without Trusaic’s prior approval (not to be unreasonably withheld or delayed): and (b) Trusaic shall have the right to participate, at its own expense, in the defense and/or settlement of any such PII Claim to the extent necessary to protect its own interests.
- Humanefits.
If you are using Humanefits, to the extent applicable to you, you agree to the following additional terms:
8.1 If Trusaic is providing you Humanefits at no charge, the payment provisions in paragraphs 18 and 19 are not applicable. All other provisions apply.
- Penalty Risk Assessment and Pay Gap Analysis
If you are using Trusaic’s Penalty Risk Assessment (“PRA”) and/or Pay Gap Analysis (“PGA”) services, to the extent applicable to you, you agree to the following additional terms.
9.1 These services are provided at no charge. The payment provisions in paragraphs 18 and 19 are not applicable. All other provisions apply.
- Trusaic’s ACA Complete Application on the ADP Marketplace Terms of Service.
If you are using Trusaic’s ACA Complete Application on the ADP Marketplace, to the extent applicable to you, you agree to the following additional terms.
10.1 The ACA Complete Application can be found at https://marketplace.adp.com/aca-complete.
10.2 This Agreement for Trusaic’s ACA Complete Application is between Trusaic and the Client.
10.3 Trusaic, and not ADP or its vendors, is solely responsible for providing, maintaining, supporting and updating the Application and its associated services. Trusaic shall provide product support for the Application. Client may access support via contacting Trusaic at [email protected] or [213-382-1115].
10.4 TRUSAIC HEREBY DISCLAIMS ON BEHALF OF ADP AND APPDIRECT ANY EXPRESS, IMPLIED OR STATUTORY REPRESENTATIONS OR WARRANTIES, AND ALL OTHER WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
10.5 Client’s and End Users’ sole and exclusive remedies shall be against Trusaic. ADP and AppDirect shall have no liability or obligation to Clients or End Users.
10.6 Clients and End Users will not (i) decompile or reverse engineer the ADP Marketplace or take any other action to discover the source code or underlying ideas or algorithm of any components thereof, (ii) copy the ADP Marketplace, (iii) post, publish or create derivative works based on the ADP Marketplace, or (iv) remove any copyright notice, trade or service marks, brand names and the like from the ADP Marketplace or related documentation.
10.7 ADP and AppDirect are third party beneficiaries of the above-described terms and each are entitled to enforce such terms as if they each were a party to this agreement.
10.8 Subject to the remainder of this Section 10.8, Trusaic shall indemnify, defend and hold harmless Client and its employees from and against any and all suits, actions, damages, costs, losses, expenses (including reasonable outside attorneys’ fees) and other liabilities (each, a “Claim”) arising from or in connection with allegations that the Application or any related services violates or infringes any intellectual property right of a third party, invades or infringes any right of privacy, or right of publicity, of any person or entity. Trusaic shall, at its sole expense, conduct the defense of any such Claim and all negotiations for its settlement or compromise; provided, however, that: (a) no settlement or compromise of such a Claim shall be entered into or agreed to without Client’s prior approval (not to be unreasonably withheld or delayed): and (b) Client shall have the right to participate, at its own expense, in the defense and/or settlement of any such Claim to the extent necessary to protect its own interests.
Data Processing Addendum
(Updated August 25, 2023)
This Data Processing Addendum ("DPA") amends the terms and conditions set forth in the Pay Parity® Master Services Agreement and any riders or amendments thereto and the Terms of Service (collectively, “Agreement”) between First Capitol Consulting, Inc. dba Trusaic (“Trusaic”) and the client (“Client”), and shall be effective on the Effective Date of the AGREEMENT and terminate with the term of the Agreement. In the event of a conflict between the DPA and the Agreement, the DPA shall control. All capitalized terms not defined in this DPA shall have the meanings set forth in the AGREEMENT.
Unless otherwise agreed to in writing under the AGREEMENT, Trusaic will periodically update this DPA, located at {LINK}.
- Definitions and Interpretation
1.1 Unless otherwise defined herein, capitalized terms and expressions used in this DPA shall have the following meaning:
1.1.1 “Client Personal Data" means any Personal Data Processed by the Processor on Controller's behalf pursuant to or in connection with an AGREEMENT;
1.1.2 "Controller” means Client with Client Personal Data for Data Processing;
1.1.3 "Processor” means Trusaic pursuant to an Agreement to Process Client Personal Data;
1.1.4 "GDPR" means EU General Data Protection Regulation 2016/679;
1.1.5 “Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR and to the extent applicable, the data protection or privacy laws of any other country;
1.1.6 "EEA" means the European Economic Area;
1.1.7 "Data Transfer" means:
1.1.7.1 a transfer of Client Personal Data from Controller to a Processor; or
1.1.7.2 an onward transfer of Client Personal Data from a Processor to a Subcontracted Processor, if any, or between two establishments of a Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or otherwise restricted under the AGREEMENT);
1.1.8 "Services" means the services identified in the Agreement.
1.1.9 "Subprocessor" means any person appointed by or on behalf of Processor to process Client Personal Data on behalf of Controller in connection with the Agreement.
1.1.10 “"Standard Contractual Clauses” or “SCC" means the European Commission's standard contractual clauses for the transfer of personal data from the European Union to third countries (Module One/Two/Three/Four), as set out in the Annex to Commission Decision (EU) 2021/914.
1.2 The terms, "Commission", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR, and their related terms shall be construed accordingly.
- Processing of Client Personal Data
2.1 Processor shall:
2.1.1 comply with all applicable Data Protection Laws in the Processing of Client Personal Data on behalf of Client; and
2.1.2 not process Client Personal Data other than on Controller's documented instructions.
2.2 Controller instructs Processor to process Client Personal Data to provide the services set forth in the AGREEMENT.
- Processor Personnel
Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Processor who may have access to Client Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know/access the relevant Client Personal Data, as strictly necessary for the purposes of the AGREEMENT, and to comply with all applicable Data Protection Laws in the context of that individual's duties to the Processor, ensuring that all such individuals are subject to confidentiality obligations.
- Data Processing and Security
4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall, in relation to the Client Personal Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR and in Annex B.
4.2 In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
4.3 The Processing performed by the Processor on behalf of the Controller relates to the services under the AGREEMENT. Further details on International Transfers of Personal Data are located at Trusaic’s Privacy Policy at https://trusaic.com/privacy-policy/.
- Subprocessing
Processor shall not appoint (or disclose any Client Personal Data to) any Subprocessor unless required or authorized by Controller.
- Data Subject Rights
6.1 Taking into account the nature of the Processing, Processor shall assist Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Controller obligations, as reasonably understood by Controller, to respond to requests by Data Subject to Processor to exercise Data Subject rights under the Data Protection Laws.
6.2 Processor shall:
6.2.1 promptly notify Controller if it receives a request from a Data Subject under the Data Protection Laws in respect of Client Personal Data; and
6.2.2 ensure that Processor respond to that request only pursuant to the documented instructions of Controller or as required by the Data Protection Laws to which the Processor is subject, in which case Processor shall to the extent permitted by the Data Protection Laws inform Controller of that legal requirement before the Processor responds to the request.
- Personal Data Breach
7.1 Upon becoming aware of a Personal Data Breach affecting Client Personal Data and without undue delay, Processor shall notify Controller with sufficient information to allow Controller to meet an obligation to inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2 Processor shall cooperate with Controller and take reasonable commercial steps as are directed by Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
- Data Protection Impact Assessment and Prior Consultation
Processor shall provide reasonable assistance to Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Controller reasonably considers to be required by Article 35 or 36 of the GDPR, in each case solely in relation to Processing of Client Personal Data by, and taking into account the nature of the Processing and information reasonably available to, the Processors.
- Deletion or return of Client Personal Data
9.1 Subject to this section 9, Processor shall promptly and in any event within ten (10) business days of the date of termination of the AGREEMENT (the "Termination Date"), delete and procure the deletion of all copies of those Client Personal Data that is not subject to the Processors legal document retention obligations.
9.2 Upon written request by Controller, Processor shall provide written certification of compliance to Controller.
- Audit rights
10.1 Subject to this section 10, Processor shall make available to Controller on request all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by Controller or an auditor mandated by Controller in relation to the Processing of the Client Personal Data by the Contracted Processors.
10.2 Information and audit rights of Controller only arise under section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Laws.
- Data Transfer
11.1 The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of Controller. Processor and Controller agree that the Personal Data Processed under the AGREEMENT, while physically located in the EU, maybe accessed by Processor from its headquarters in Los Angeles. To the extent that the GDPR categorizes such access as an international data transfer, and to ensure that the Personal Data is adequately protected, the parties incorporate the Standard Contract Clauses into the DPA.
11.2 The SCC published on June 4, 2021, can be found here. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Should the EU regulatory authority update the language of the standard contract clauses after the execution of the DPA, the parties agree that the new contract clauses shall be deemed incorporated into the DPA to the extent necessary to continue to comply with the EU rules regarding data transfers.
- Governing Law and Jurisdiction
12.1 This DPA is governed by the law of the state of residence of the Controller. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights. The Parties agree that this shall be the law of Ireland.
12.2 Any dispute arising in connection with this DPA, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of Ireland.
12.3 A data subject may also bring legal proceedings against the Processor and/or Controller before the courts of the EU Member State in which he/she has his/her habitual residence.
ANNEX A:
Personal Data Processing Purposes and Details
- Personal Data Categories:
First & Last Name; Alias; Postal Address; Telephone number; Unique personal identifier; Social Security number (or equivalent); Financial information; Geolocation data; Professional or employment-related data; Compensation; Date of Birth; Race; Gender
- Data Subject Types:
Client’s global employees
- Countries where Processer may receive, access, transfer or store Personal Data:
Store, transfer or receive: United States, EU Member States
Access: United States, EU Member States
- Approved Subcontractors:
Not Applicable
Annex B:
Security Measures: Technical and Organizational Data Security Measures:
- PHYSICAL ACCESS CONTROLS.
- Monthly risk assessment meetings are held by the SPO and Legal team to discuss risk and mitigation strategies. For any risks or other control deficiencies identified that require attention or remediation, action plans are implemented to remediate such deficiencies and documented in meeting minutes.
- Physical access to the Client facilities, which house the servers in a room that is only accessible by the President, his Executive Assistant, and the Office Manager, is controlled through the use of physical keys and locks, in a 24/7 security building.
- The Client is located in one office suite with only two points of entry. The back entrance is only accessible with a key. The front entrance is secured during business hours by the receptionist, who is required to check in all visitors using a visitor’s log, and is secured during non-business hours with key access.
- Physical access to the data center is restricted to authorized Advanced Networks personnel.
- A termination checklist is used and completed when revoking the physical access of terminated employees.
- The Client maintains a written agreement with a third-party vendor to dispose of equipment (PCs and other computing devices) containing confidential information using corporate grade data destruction technology (HIPAA and DoD compliant, NIST 800-88 one-pass random wipe or equivalent).
- Secure shred bins are provided throughout the facility for collection and disposal of confidential information.
- SYSTEM ACCESS CONTROLS.
- The Client maintains security, confidentiality, and privacy policies (SCP policies), which are available to all employees on the Company’s intranet (Asana). The SCP policies address controls over significant aspects of operations, including:
- Security requirements for authorized users.
- Data classification and associated protection, access rights, retention, and destruction requirements.
- Responsibility and accountability for security.
- Security and other incidents identification response and mitigation.
- Security training.
- Information sharing and disclosure.
- New employees must review and complete security, confidentiality, and privacy training, which occurs during the first week of employment.
- Monthly risk assessment meetings are held by the SPO and Legal team to discuss risk and mitigation strategies. For any risks or other control deficiencies identified that require attention or remediation, action plans are implemented to remediate such deficiencies and documented in meeting minutes.
- Advanced Networks, Trusaic’s Managed Services IT Provider, assesses and responds to security risks on an ongoing basis and advises Trusaic management of those risks, reviewing and acting upon security event logs.
- System changes that may potentially impact Trusaic’s service commitments and system requirements are communicated to all employees through the Company’s intranet (Asana).
- The Client maintains a Change Management Policy to address material changes to its system. The policy requires oversight by SPO to determine the potential effect of system changes on its service commitments and system requirements, including those related to internal controls.
- Access to the network is restricted to authorized personnel and requires a unique user ID and password.
- Remote access to the network is restricted to authorized personnel, requires a unique user ID and password, and users are authenticated using MFA with remote access over an encrypted VPN connection.
- The Trusaic Platform infrastructure, which resides on the cloud infrastructure provided by the cloud service provider, is segregated from the Company’s network.
- User and user entity access to the Trusaic Platform requires a unique user ID, password, and MFA.
- Passwords for user access to the network are configured according to the Active Directory policies, which requires minimum password length, password changes after a specified period of days, and password is complexity enabled.
- Passwords for user access to the Trusaic Platform require minimum password length, and password complexity is enabled.
- Logical access to the Azure IT environment is restricted to the Engineering Administrators and the SPO.
- Access modification to the network is reviewed monthly by the SPO.
- Requests for user access to the system and network must be approved by authorized personnel and are documented in a new hire checklist and sent to Advanced Networks for provision of user access.
- Administrator access to the domain, which provides the user with the ability to create or modify user access privileges to the network, is restricted to authorized personnel who require such access to perform their job responsibilities.
- The access of terminated employees or contractors is removed or disabled by Advanced Networks after receipt of notification from Trusaic. Access is then removed or disabled by Advanced Networks.
- Access to the Trusaic Platform’s internal supporting application, WAM, is restricted to the Data Operations team.
- Events triggering an alert by the firewall or IDS are automatically emailed to the Advanced Networks ticketing system and the event is assessed by Advanced Networks IT personnel. Any significant alerts or events warranting the attention of Trusaic management are communicated to the Trusaic SPO.
- The Client uses industry standard encryption to provide for the security of data transmitted over public networks.
- Antivirus software and the latest operating system updates are installed on all Client desktop and laptop computers.
- The Client maintains security, confidentiality, and privacy policies (SCP policies), which are available to all employees on the Company’s intranet (Asana). The SCP policies address controls over significant aspects of operations, including:
- DATA ACCESS CONTROLS.
- Monthly risk assessment meetings are held by the SPO and Legal team to discuss risk and mitigation strategies. For any risks or other control deficiencies identified that require attention or remediation, action plans are implemented to remediate such deficiencies and documented in meeting minutes.
- The Client maintains a Data Breach Detection and Notification Policy, under which the SPO is notified of a potential security event within one business day. Pursuant to this Policy, events are reviewed and responded to by the SPO in accordance with a CIR Process. Results are documented in forms and referenced in the risk assessment minutes maintained by the SPO.
- Access to the network is restricted to authorized personnel and requires a unique user ID and password.
- Remote access to the network is restricted to authorized personnel, requires a unique user ID and password, and users are authenticated using MFA with remote access over an encrypted VPN connection.
- The Trusaic Platform infrastructure, which resides on the cloud infrastructure provided by the cloud service provider, is segregated from the Company’s network.
- User and user entity access to the Trusaic Platform requires a unique user ID, password, and MFA.
- Passwords for user access to the network are configured according to the Active Directory policies, which requires minimum password length, password changes after a specified period of days, and password is complexity enabled.
- Passwords for user access to the Trusaic Platform require minimum password length, and password complexity is enabled.
- Logical access to the Azure IT environment is restricted to the Engineering Administrators and the SPO.
- External connections to the Trusaic Platform use restricted ports and is covered by secure sockets layer (SSL) certification and Transport Layer Security (TLS) 1.2 or later protocols.
- All data held in the Trusaic Platform that is publicly accessible is encrypted.
- Access to encryption keys is restricted to Engineering Administrators and the SPO.
- Requests for user access to the system and network must be approved by authorized personnel and are documented in a new hire checklist and sent to Advanced Networks for provision of user access.
- Administrator access to the domain, which provides the user with the ability to create or modify user access privileges to the network, is restricted to authorized personnel who require such access to perform their job responsibilities.
- The access of terminated employees or contractors is removed or disabled by Advanced Networks after receipt of notification from Trusaic. Access is then removed or disabled by Advanced Networks.
- The Trusaic Platform that is accessible to the public is configured to enable user entity administrators to manage user entity user accounts and set access levels to help ensure segregation of duties and user entity data.
- A firewall has been implemented and is managed by Advanced Networks to control access to the Trusaic network from outside of the service organization and is configured to detect threats and block unauthorized access attempts.
- Events triggering an alert by the firewall or IDS are automatically emailed to the Advanced Networks ticketing system and the event is assessed by Advanced Networks IT personnel. Any significant alerts or events warranting the attention of Trusaic management are communicated to the Trusaic SPO.
- The Client uses industry standard encryption to provide for the security of data transmitted over public networks.
- External connections to the Trusaic Platform use restricted ports and are covered by SSL certification and TLS 1.2 or later protocols.
- The Client allows user entity data files to be transferred using SFTP if approved by the DE, who will obtain and configure IP restrictions and strong passwords for each user entity group (client).
- The Client has implemented a Security Information and Event Management (SIEM) tool to continuously monitor the Trusaic Platform. Detection filters have been implemented to aggregate and analyze potential security events.
- Secure shred bins are provided throughout the facility for collection and disposal of confidential information.
- The Client collects individual personal information of enterprise client employees only from the client or its authorized agents.
- Formal data retention and disposal procedures are defined in the Employee Handbook and are in place to guide the secure disposal of the Client and customer data. Specific data retention and disposal requirements have been established for each type of record and data.
- Personal information is deleted during the enterprise client off-boarding process in accordance with the Privacy Policy and the Company’s Document Retention Policy.
- Any requests by employees of enterprise clients to access their personal information maintained by the Client are reviewed and authorized by the SPO. Access requests are subject to a three-point identity verification and supporting declaration prior to access being provided.
- Denial of correction requests to personal information follows the Privacy Policy.
- The Client maintains a record of all disclosures of enterprise client employee personal information provided to federal and state tax authorities.
- TRANSMISSION CONTROLS.
- Access to the network is restricted to authorized personnel and requires a unique user ID and password.
- Remote access to the network is restricted to authorized personnel, requires a unique user ID and password, and users are authenticated using MFA with remote access over an encrypted VPN connection.
- Logical access to the Azure IT environment is restricted to the Engineering Administrators and the SPO.
- External connections to the Trusaic Platform use restricted ports and is covered by secure sockets layer (SSL) certification and Transport Layer Security (TLS) 1.2 or later protocols.
- All data held in the Trusaic Platform that is publicly accessible is encrypted.
- Access to encryption keys is restricted to Engineering Administrators and the SPO.
- Access to the Trusaic Platform’s internal supporting application, WAM, is restricted to the Data Operations team.
- A firewall has been implemented and is managed by Advanced Networks to control access to the Trusaic network from outside of the service organization and is configured to detect threats and block unauthorized access attempts.
- An IPS is used to provide continuous monitoring of the Company’s network and prevention of potential security incidents or intrusion.
- The Client uses industry standard encryption to provide for the security of data transmitted over public networks.
- External connections to the Trusaic Platform use restricted ports and are covered by SSL certification and TLS 1.2 or later protocols.
- The Client allows user entity data files to be transferred using SFTP if approved by the DE, who will obtain and configure IP restrictions and strong passwords for each user entity group (client).
- all files uploaded by user entities to the Trusaic Platform are scanned for malware and are rejected if malware is detected.
- The Client has implemented a Security Information and Event Management (SIEM) tool to continuously monitor the Trusaic Platform. Detection filters have been implemented to aggregate and analyze potential security events.
- INPUT CONTROLS.
- External connections to the Trusaic Platform use restricted ports and is covered by secure sockets layer (SSL) certification and Transport Layer Security (TLS) 1.2 or later protocols.
- The Trusaic Platform that is accessible to the public is configured to enable user entity administrators to manage user entity user accounts and set access levels to help ensure segregation of duties and user entity data.
- External connections to the Trusaic Platform use restricted ports and are covered by SSL certification and TLS 1.2 or later protocols.
- The Client allows user entity data files to be transferred using SFTP if approved by the DE, who will obtain and configure IP restrictions and strong passwords for each user entity group (client).
- All files uploaded by user entities to the Trusaic Platform are scanned for malware and are rejected if malware is detected.
- The Client has implemented a Security Information and Event Management (SIEM) tool to continuously monitor the Trusaic Platform. Detection filters have been implemented to aggregate and analyze potential security events.
- DATA BACKUPS.
- Hourly backups are scheduled for the network during the Company’s normal business hours using an automated system.
- Backups are replicated to a secondary server daily.
- Backup verification is configured to be performed on all backups. Failed verification test notification is sent to Advanced Networks for monitoring.
- Data stored on the Trusaic Platform is configured to be geo-redundant backup storage.
- The Client maintains a Business Continuity Assurance Plan to guide employees on the recovery strategy for mission- critical operations during an extended interruption or outage. The Plan is reviewed annually.
- DATA SEGREGATION.
- The Trusaic Platform infrastructure, which resides on the cloud infrastructure provided by the cloud service provider, is segregated from the Company’s network.
- User and user entity access to the Trusaic Platform requires a unique user ID, password, and MFA.
- Logical access to the Azure IT environment is restricted to the Engineering Administrators and the SPO.
- The Trusaic Platform that is accessible to the public is configured to enable user entity administrators to manage user entity user accounts and set access levels to help ensure segregation of duties and user entity data.
- All data held in the Trusaic Platform that is publicly accessible is encrypted.
- The Client uses industry standard encryption to provide for the security of data transmitted over public networks.
- External connections to the Trusaic Platform use restricted ports and are covered by SSL certification and TLS 1.2 or later protocols.