Last modified: March 22, 2013
Read this document before using our website
This Agreement sets forth the conditions of the use of our online service for registered members of On-Site.com (“OS”) for the purpose of advertising apartment and rental vacancies and processing rental and employment applications. By using our websites, you (the “Member” or “Client”) agree to these terms and conditions. If you do not agree to the terms and conditions of this Agreement, immediately STOP using this website. We reserve the right, at any time, to change or update the terms and conditions of this Agreement without prior notice. Modifications shall become effective immediately upon being posted on this website. If you continue to use the Service after amendments are posted, your continued use is deemed acknowledgment and acceptance of the Agreement and its modifications.
1. User agreement
In order to protect our users, as well as our information and service providers, you are required to comply with all of the rules set forth in this Agreement. By registering as a user or by using this website (the “Service”), you hereby agree to be bound by all of the following terms and conditions (“Terms of Service Agreement” or “TOS”).
2. Termination of service & billing errors
You understand and agree that in OS’s sole discretion, and without prior notice, OS may terminate your access to this website and the service and it may also exercise any other available remedy. OS may also remove any unauthorized user content if OS believes that your use of the website, service and/or any user content you provided violates or conflicts with the Agreement, violates the rights of OS, or another user or the law. Claims for billing errors must be made in writing to OS within fifteen (15) days after date of invoice.
3. Damages & relief against user
You agree that monetary damages may not provide an adequate remedy to OS for violations of these terms and conditions. You therefore consent to injunctive or other equitable relief for such violations. OS is not required to provide any refund to you if you are terminated as a user because you have violated this Agreement.
4. Security for member account & password
You will receive a password and Member account designation once you are registered. You are responsible for maintaining the confidentiality of the password and account. You are solely responsible for all activities that occur under your password or account. You agree to immediately notify OS of any unauthorized use of your password or account or any other breach of security. You agree to make sure that you exit from your account at the end of each session. OS cannot and will not be liable for any loss or damage arising from your failure to comply with this Section.
5. Proprietary materials – restrictions on use
All materials provided on this website, including but not limited to all text, logos, designs, graphics, images, sounds, information, software, documents, products and services, and the onsite selection, arrangement and display thereof, are the copyrighted works of OS and/or its vendors or suppliers. All materials herein and all OS software are the property of OS. Said materials and software are protected by worldwide copyright and other intellectual property laws. Unless provided for in this Agreement, none of said materials may be modified, copied, reproduced, distributed, republished, downloaded, displayed, sold, compiled, posted or transmitted in any form or by any means. This ban includes, but is not limited to, electronic, mechanical, photocopying, recording or other means, without the prior express written permission of OS.
6. Copyright and trademark information
All content included or available on this site, including site design, text, graphics, interfaces, and the onsite selection and arrangements thereof is © by On-Site.com, with all rights reserved, or is the property of On-Site.com and/or third parties protected by intellectual property rights. Any use of materials on the website, including reproduction for purposes other than those noted above, modification, distribution, or replication, any form of data extraction or data mining, or other commercial exploitation of any kind, without prior written permission of an authorized officer of OS is strictly prohibited. Members agree that they will not use any automatic device (such as a “spider” or “robot” and/or any other automatic device) or any manual process to monitor or copy our web pages or the content contained therein without prior written permission of an authorized officer of OS. Rental Express, Apply Now, Point of Lease, Rental Address, Ad Blast, Connect Now, Renting It, On-Site Manager, Inc. and On-Site.com are proprietary marks of OS. OS’s trademarks may not be used in connection with any product or service that is not provided by OS, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits OS. All other trademarks displayed on OS’s website are the trademarks of their respective owners. Their display does not constitute an endorsement or a recommendation of those vendors. In addition, such use of trademarks or links to the websites of vendors is not intended to imply, directly or indirectly, that those vendors endorse or have any affiliation with OS.
7. Third-party sites
8. Ban on resale of service
You agree not to reproduce, duplicate, copy, sell, resell or exploit for any commercial purposes, any portion of the Service, use of the Service, or access to the Service.
9. General disclaimer
Although OS has attempted to provide accurate information on the website, OS assumes no responsibility for the accuracy of the information. You understand and agree that all information provided on this website is provided “as is,” with all faults, without warranty of any kind, either express or implied. OS hereby disclaims all warranties, express or implied, including, and without limitation, those of merchantability, fitness for a particular purpose, title and non-infringement or arising from a course of dealing, and usage or trade practice. This is inapplicable where such a disclaimer has been legally held to be invalid but only to the extent of the specific invalidity.
10. No unlawful or prohibited use
As a condition of your use of this website, you agree and represent to OS that you will comply with all applicable laws, statutes, ordinances and regulations regarding your use of our service and any related activities. In addition, you agree and represent that you will not use this website in any way prohibited by these terms, conditions and notices.
11. Modification of the website
OS reserves the right, in its sole discretion, to improve, modify or remove any information or content appearing on the website. Without prior notice, and in its sole discretion, OS may discontinue or revise any or all aspects of the website.
12. Disclaimer regarding accuracy of vendor information
Product specifications and other information have either been provided by the Vendors or collected from publicly available sources. While OS makes every effort to ensure that the information on this website is accurate, we can make no representations or warranties as to the accuracy or reliability of any information provided on this website.
13. Governing jurisdiction of the courts of California
Our website is operated and provided in the State of California. As such, we are subject to the laws of the state California. California law will govern this Agreement, without giving effect to any choice of law rules. We make no representation that our website or other services are appropriate, legal or available for use in other locations. Accordingly, if you choose to access our site you agree to do so subject to the internal laws of the state of California.
14. Fair Housing Act
As a Member you agree not to post, email, or otherwise make available content that violates the Fair Housing Act by stating, in any notice or ad for the sale or rental of any dwelling, a discriminatory preference based on race, color, national origin, religion, sex, familial status or handicap (or that otherwise violates any state or local law prohibiting discrimination on the basis of these or other characteristics.)
15. Limitation of liability
OS shall not be liable for any damages whatsoever, and in particular OS shall not be liable for any special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or in any way related to this website or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law, or otherwise, even if OS has been advised of the possibility of such damages.
16. Possible exceptions to limitation of liability
Because some jurisdictions do not allow for the limitation or exclusion of liability for incidental or consequential damages, some of the limitations set forth in the previous paragraph may be inapplicable.
You agree to indemnify and hold OS, its parents, subsidiaries, affiliates, officers and employees, harmless from any claim or demand, including reasonable attorneys’ fees and costs, made by any third party due to or arising out of the Member’s use of the Service, any violation of this Agreement, or infringement by user, or other user of the Service using Member computer, of any intellectual property or any other right of any person or entity.
18. Binding on assigns, successors and divested businesses
Terms and agreements with OS will be binding upon and inure to the benefit of the parties and their assigns, successors and divested businesses. OS’s agreement with Client may not be transferred or assigned by Client without the prior written consent of OS. “Successor” means any entity connected to a merger with Client, sale of all or substantially all of the assets of Client or other form of Client’s corporate reorganization. “Divested business” means any business unit that Client sells, or of which it otherwise ceases to have an interest or render services. “Divested business” shall also include such business unit or the acquirer thereof, as applicable.
19. Other terms
Additional terms and conditions for online marketing services
Client may cancel any contracted subscription upon sixty (60) days notice to OS in the event that Client ceases to own or manage the designated apartment community. At the end of the term of any contracted service agreement, the services shall continue automatically renew for an equal term unless canceled by either party with at least thirty (30) days notice prior to expiration. After automatic renewal, Client may cancel upon sixty (60) days notice. Such notice to OS shall be sent to enroll [at] on-site.com but shall not be deemed to have been received until Client receives a confirming response that acknowledges such notice. In the event Client cancels prior to the end of the subscription term, Client is subject to a cancellation fee equal to the remaining subscription fees due through the end of the term. After cancellation, any domain names or other assets purchased or obtained for Client by OS remain the property of OS. OS may elect to transfer ownership and control of a domain name on a case-by-case basis for a fee of $250 per domain.
All content designed by OS, whether artistic or technical in nature, shall be deemed to be owned by OS. Client shall have a limited use of such content throughout the term of the Agreement for its intended use. Permission of OS is required for Client to use such content other than the use intended by OS. OS may use any such content and usage statistics and testimonials, for its own promotional purposes. OS reserves the right to edit or reject advertising, photographs, artwork and copy provided by Client and Client accepts all liability for all content supplied by it. Client warrants to OS that its copy is true, that it is not libelous or defamatory, that it violates no rights of privacy, that it infringes no trademark, copyright, literary or other rights, nor constitutes unfair competition with any other party, and that it complies with all federal, state and local laws and regulations, including any and all Fair Housing laws. The fact that content submitted to OS shall have been previously approved by it, either in whole or in part, shall not relieve the Client of this warranty. Client agrees to defend, indemnify, and hold harmless OS from any and all claims, demands, liability, suits, costs or expense, arising by reason of the publication of the Client’s consent, or breach of the foregoing warranty, whether such claims are well grounded or not.
2. No warranty
OS and its affiliates, agents and licensors, cannot and do not warrant the accuracy, completeness, currentness, non-infringement, merchantability or fitness for a particular purpose of the content designed by OS, whether artistic or technical, nor does OS guarantee that the content will be error-free, or continuously available, or that the website will be free of viruses or other harmful components. Under no circumstances will OS or its affiliates, agents or licensors be liable to Client or anyone else for any damages, including, without limitation, consequential, special, incidental, indirect, punitive, exemplary, or other damages of any kind (including lost revenues or profits, loss of business or loss of data), even if OS is advised beforehand of the possibility of such damages. Client agrees that the liability of OS and its affiliates, agents and licensors, if any, arising out of any kind of legal claim arising out of or otherwise related to this Agreement will not exceed the amount Client paid, if any, to OS under the terms of this Agreement.
3. Fees imposed by third parties
OS’s service rates and price schedule are independent of any fees imposed by other entities. If Client requests a service of OS that results in the charging of additional fees, Client thereby authorizes OS to contract for such services on Client’s behalf, and Client is solely responsible for their payment.
Additional terms and conditions for CloudFile services
Client is authorized to use OS’s online services to store data on its servers via the CloudFile software application (“CloudFile”). CloudFile may be canceled by either party with at least thirty (30) days’ notice. Such notice to OS must be sent to enroll [at] on-site.com, but will not be deemed to have been received until Client receives written confirmation of receipt by OS.
Except for material that On-Site may at a future date license to Client, OS does not claim ownership of any content that is transmitted, stored, or processed in Client’s account. OS also does not control, verify, or endorse the content that Client and others make available on CloudFile. Client hereby grants OS and its contractors the right, to use, modify, adapt, reproduce, distribute, display and disclose content posted on CloudFile solely to the extent necessary to provide CloudFile or as otherwise permitted by these terms. Client represents and warrants that: (a) Client has all the rights in the content necessary for Client to use CloudFile and to grant the rights in this Section; and, (b) the storage, use or transmission of the content doesn’t violate any law or these terms. Client will: (a) be solely responsible for the nature, quality and accuracy of the content; (b) ensure that the content (including the storage or transmission thereof) complies with these terms and any and all applicable laws, and regulations; (c) promptly handle and resolve any notices and claims relating to the content, including any notices sent to Client by any person claiming that any content violates any person’s rights, such as take-down notices pursuant to the Digital Millennium Copyright Act and any other notices; and (d) maintain appropriate security, protection and backup copies of the content, which may include, Client’s use of additional encryption technology to protect the content from unauthorized access. OS will have no liability of any kind as a result of Client’s deletion of, correction of, destruction of, damage to, loss of or failure to store or encrypt any content. Client must immediately notify OS in writing of any unauthorized use of any (a) content (b) any account or (c) CloudFile that comes to Client’s attention. In the event of any such unauthorized use by any third party that obtained access through Client, Client will take all steps necessary to terminate such unauthorized use. Client will provide OS with such cooperation and assistance related to any such unauthorized use as OS may reasonably request.
OS will not give, sell, rent, share, or trade any of the content that Client stores using CloudFile to any third party except as outlined herein or with your consent. OS may disclose information to a third party to comply with laws or respond to lawful requests and legal process. Unless otherwise authorized, upon termination of Client’s use of CloudFile, OS will promptly return content the client has stored using CloudFile, destroy all such content, and provide certification to Client that the foregoing has been performed.
3. Content Stored in the United States
CloudFile is provided from the United States. By using and accessing CloudFile, Client understands and consents to the storage and processing of the content and any other personal information in the United States. OS reserves the right to store and process personal information outside of the United States, and will provide Client with at least 30 days’ notice of any such changes in the processing location.
4. Updates to CloudFile
OS reserves the right, in its sole discretion, to make necessary unscheduled deployments of changes, updates or enhancements to CloudFile at any time.
5. Third Party Services and Content
All transactions using OS’s services are between the transacting parties only. CloudFile may contain features and functionalities linking Client or providing Client with certain functionality and access to third party content, including Web sites, directories, servers, networks, systems, information and databases, applications, software, programs, products or services, and the Internet as a whole; Client acknowledges that OS is not responsible for such content or services. OS may also provide some content to Client as part of CloudFile. However, OS is not an agent of any transacting party, nor is OS a direct party in any such transaction. Any such activities, and any terms associated with such activities, are solely between Client and the applicable third-party. Similarly, OS is not responsible for any third party content Client access with CloudFile, and Client irrevocably waives any claim against OS with respect to such sites and third-party content. OS shall have no liability, obligation or responsibility for any such correspondence, purchase or promotion between Client and any such third-party. Client should make whatever investigation Client feels necessary or appropriate before proceeding with any online or offline transaction with any of these third parties. Client is solely responsible for Client’s dealings with any third party related to CloudFile, including the delivery of and payment for goods and services. Should Client have any problems resulting from Client’s use of any third party services, or should Client suffer data loss or other losses as a result of problems with any of Client’s other service providers or any third-party services, OS will not be responsible unless the problem was the direct result of OS’s breaches.
6. OS Proprietary Rights
As between OS and Client, OS or its licensors, OS owns and reserves all right, title and interest in and to CloudFile and all hardware, software and other items used to provide CloudFile, other than the rights explicitly granted to Client to use CloudFile in accordance with these terms. No title to or ownership of any proprietary rights related to CloudFile is transferred to Client pursuant to these terms. All rights not explicitly granted to Client are reserved by OS. In the event that Client provides comments, suggestions and recommendations to OS with respect to CloudFile (including, without limitation, with respect to modifications, enhancements, improvements and other changes to CloudFile) (collectively, “Feedback”), Client hereby grant to OS a world-wide, royalty free, irrevocable, perpetual license to use and otherwise incorporate any Feedback in connection with CloudFile.
7. NO WARRANTY
OS PROVIDES CLOUDFILE “AS IS”, “WITH ALL FAULTS” AND “AS AVAILABLE”. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, OS MAKES NO (AND SPECIFICALLY DISCLAIMS ALL) REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY THAT CLOUDFILE WILL BE UNINTERRUPTED, ERROR-FREE OR FREE OF HARMFUL COMPONENTS, THAT THE CONTENT WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED, OR ANY IMPLIED WARRANTY OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, AND ANY WARRANTY ARISING OUT OF ANY COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. SOME JURISDICTIONS DO NOT ALLOW THE FOREGOING EXCLUSIONS. IN SUCH AN EVENT SUCH EXCLUSION WILL NOT APPLY SOLELY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
To the extent permitted by law, Client will defend OS against any cost, loss, damage, or other liability arising from any third party demand or claim that any content provided by Client, or Client’s use of CloudFile, in breach of these Terms: (a) infringes a registered patent, registered trademark, or copyright of a third party, or misappropriates a trade secret (to the extent that such misappropriation is not the result of OS’s actions); or, (b) violates applicable law or these Terms. OS will notify Client within 30 days of any such claim or demand that is subject to Client’s indemnification obligation.
9. LIMITATION OF LIABILITY
TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL OS, ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS OR LICENSORS BE LIABLE FOR (A): ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, COVER OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, REVENUE, GOODWILL, USE OR CONTENT) HOWEVER CAUSED, UNDER ANY THEORY OF LIABILITY, INCLUDING, WITHOUT LIMITATION, CONTRACT, TORT, WARRANTY, NEGLIGENCE OR OTHERWISE, EVEN IF OS HAS BEEN ADVISED AS TO THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE AGGREGATE LIABILITY OF OS AND ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS OR LICENSORS, RELATING TO CLOUDFILES WILL BE LIMITED TO THE GREATER OF AN AMOUNT EQUAL THREE MONTHS OF CLIENT’S SERVICE FEE FOR CLOUDFILE. THE LIMITATIONS AND EXCLUSIONS ALSO APPLY IF THIS REMEDY DOES NOT FULLY COMPENSATE CLIENT FOR ANY LOSSES OR FAILS OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES. IN SUCH AN EVENT THIS LIMITATION WILL NOT APPLY TO CLIENT TO THE EXTENT PROHIBITED BY LAW.
Additional terms and conditions for background check services
Use of OS services is at Client’s sole risk. Client acknowledges and agrees that while OS and its third-party data suppliers make every reasonable effort to assure that the data and information contained therein are an accurate reflection of the information received from their governmental and other sources, neither OS nor its third-party data suppliers can or does represent or warrant that the data and information contained therein or obtained therefrom will be complete and accurate. Client understands and agrees that its use of OS services is entirely at its sole risk. Neither OS nor its third-party data suppliers shall be responsible or liable for any inaccuracy of the data and information contained therein, or for interruption in service caused by the failure of the Internet or the World Wide Web, by any Act of God, or by any other force majeure. UNDER NO CIRCUMSTANCES SHALL OS OR ITS THIRD-PARTY DATA SUPPLIERS BE LIABLE FOR CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY OR SPECIAL DAMAGES, INCLUDING LOST PROFITS, EVEN IF THEY HAVE BEEN MADE AWARE OF THE POTENTIAL FOR SUCH DAMAGES. ADDITIONALLY, OS AND ITS THIRD-PARTY DATA SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF CORRECTNESS, COMPLETENESS, ACCURACY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OF THE DATABASES AND DATA AND INFORMATION CONTAINED THEREIN OR OBTAINED THEREFROM, OR SERVICES PROVIDED HEREUNDER.
1. Parties will protect confidential information
Both Client and OS agree that they will, to the extent and in accordance with the policies used to protect its own information of similar importance, use their best efforts to refrain from and prevent the use of or disclosure of any confidential information as defined below (“Confidential Information”) of the other party, disclosed or obtained by such party while performing its obligations under this Agreement, provided, however, that OS may disclose any information reasonably necessary to be disclosed in order for OS to provide the services and perform its obligations under this Agreement. Notwithstanding anything to the contrary, neither party shall use any Confidential Information in a manner which is detrimental to the other party. The phrase “Confidential Information” includes, without limitation, all materials and information supplied by one party to the other in the course of each party’s performance under this Agreement, including but not limited to each party’s business objectives and plans, marketing plans, customer lists, and financial information. Client’s Confidential Information does not include property locations and aggregate rental rate figures, which may be used by OS for market trend reporting and similar uses as long as OS conceals information that identifies Client’s identity. Confidential Information of OS includes, in addition to the information described above, OS’s reports, recommendations, any forms or agreements provided by OS to Client, and any information available on OS’s websites. Neither party will have an obligation of confidentiality with regard to any information insofar as such information: (1) was known to such party prior to obtaining it from the other party; (2) is at the time of disclosure publicly available or becomes publicly available other than as a result of a breach of this Agreement; or (3) is disclosed to such Party by a third party not under a duty not to disclose such information. In addition, the confidentiality obligations set forth above shall not apply to any Confidential Information which is disclosed pursuant to: (a) any law of the United States or any state thereof; or (b) the order, rules or regulations of any court or governmental agency. Prior to any disclosure required by law or order of any court or government agency, the disclosing party agrees to notify the other party of the required disclosure, so that the other party may attempt to seek a protective order or other appropriate remedy and/or waive compliance with this provision. If, in the absence of a protective order or other remedy, or the receipt of a waiver, the disclosing party concludes, after consultation with legal counsel, that it is nonetheless legally compelled to disclose Confidential Information, then the disclosing Party may, without liability hereunder, disclose only that portion of the Confidential Information which such counsel advises is legally required to be disclosed, provided that such party agrees to exercise its reasonable best efforts to preserve the confidentiality of the Confidential Information, and reasonably cooperate with the other party’s efforts to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded the Confidential Information.
2. Transactions with third parties
In the event that Client elects to enable direct transactions by applicants, whether through OS or an integrated third-party provider, you agree that these transactions will be charged using the same pricing model as the screening initiated by Client via the OS interface. In the event Client elects to integrate third-party providers for related services, Client grants OS permission to provide appropriate information for the purpose of generating such services, including but not limited to tenant data, applicant data, consumer reports and lease data. Client agrees to notify OS in writing as soon as is practical upon termination of its relationship with any third-party to prevent unauthorized access of Client’s information.
3. Limitations on document generation
OS shall maintain an online catalog of documents for Client. Client is solely responsible for the accuracy of its documents, will review documents produced by OS and will provide OS with any changes or updates. ALL DOCUMENTS AND FORMS ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS.
FCRA requirements for clients
Although the Federal Fair Credit Reporting Act (as amended by the Consumer Credit Reporting Reform Act of 1996) primarily regulates the operations of consumer credit reporting agencies, it also affects you as a user of information. We include a copy of the Obligations of Users Under the FCRA. We suggest that you and your employees become familiar with the following sections in particular:
§ 604. Permissible Purposes of Reports
§ 607. Compliance Procedures
§ 615. Requirement on users of consumer reports
§ 616. Civil liability for willful noncompliance
§ 617. Civil liability for negligent noncompliance
§ 619. Obtaining information under false pretenses
§ 621. Administrative Enforcement
§ 623. Responsibilities of Furnishers of Information to Consumer Reporting Agencies
§ 628. Disposal of Records
Each of these sections is of direct consequence to users who obtain reports on consumers.
As directed by the law, credit reports may be issued only if they are to be used for extending credit, review or collection of an account, employment purposes, underwriting insurance or in connection with some other legitimate business transaction such as in investment, partnership, etc. It is imperative that you identify each request for a report to be used for employment purposes when such report is ordered. Additional state laws may also impact your usage of reports for employment purposes.
We strongly endorse the letter and spirit of the Federal Fair Credit Reporting Act. We believe that this law and similar state laws recognize and preserve the delicate balance between the rights of the consumer and the legitimate needs of commerce.
In addition to the Federal Fair Credit Reporting Act, other federal and state laws addressing such topics as computer crime and unauthorized access to protected databases have also been enacted. As a prospective user of consumer reports, we expect that you and your staff will comply with all relevant federal statutes and the statutes and regulations of the states in which you operate.
Access security requirements for clients
We must work together to protect the privacy and information of consumers. The following information security guidelines are designed to reduce unauthorized access to consumer information. It is your responsibility to implement appropriate controls.
If you do not understand these requirements or need assistance, we ask that you employ an outside computer systems provider to assist you.
The credit-reporting agency reserves the right to make changes to Access Security Requirements without notification.
The information provided herewith provides guidelines for information security. In accessing the credit-reporting agency’s services, you agree to implement appropriate security procedures:
1. Implement strong access control measures
1.1 Do not share your On-Site.com
access/user passwords with anyone. No one from the credit-reporting agency or from On-Site.com
will ever contact you and request your password.
1.2 Access to the On-Site.com website has all user password(s) encrypted hidden or embedded. User ID’s and passwords should be known only by the appropriate authorized individual personnel.
1.3 You must request your User password be changed immediately when:
- any system access software is replaced by another system access software or is no longer used;
- the hardware on which the software resides is upgraded, changed or disposed of
1.4 Protect access/user password(s) to the On-Site.com website, so that only key personnel know their own access/user password. Unauthorized personnel should not have knowledge of your password(s).
1.5 Each authorized client employee has their own separate, unique user ID for each user to enable individual authentication and accountability for access to the On-Site.com infrastructure. Each authorized client employee who accesses the On-Site.com website must also have their own unique logon password.
1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles.
1.7 Keep user passwords Confidential.
1.8 Develop strong passwords that are:
- Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)
- Contain a minimum of seven (7) alpha/numeric characters for all user accounts
1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.
1.10 It is understood that all active On-Site.com user logins to credit information systems are automatically configured with a 30-minute inactive session, timeout feature.
1.11 Restrict the number of key personnel who have access to credit information.
1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application.
1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose.
1.14 Implement a process to terminate access rights immediately for users who access On-Site.com for credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information.
1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information.
1.16 Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.
2. Maintain a vulnerability management program
2.1 Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates.
2.2 Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.
2.3 Implement and follow current best security practices for Computer Virus detection scanning services and procedures:
- Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks.
- If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.
- On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files.
2.4 Implement and follow current best security practices for computer anti-Spyware scanning services and procedures:
- Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks.
- If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated.
- Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers.
- Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly.
3. Protect data
3.1 Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, hard drive, paper, etc.)
3.2 All credit reporting agency data is classified as Confidential and must be secured to this requirement at a minimum.
3.3 Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information.
3.4 Encrypt all credit reporting agency data and information when stored on any laptop computer and in the database using AES or 3DES with 128-bit key encryption at a minimum.
3.5 Only open email attachments and links from trusted sources and after verifying legitimacy.
4. Maintain an information security policy
4.1 Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.
4.2 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.
4.3 The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.4 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
5. Build and maintain a secure network
5.1 Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.
5.2 Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.
5.3 Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.
5.4 Any stand-alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services, and network traffic.
5.5 Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available.
5.6 Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.
6. Regularly monitor and test networks
6.1 Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).
6.2 Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by:
- protecting against intrusions;
- securing the computer systems and network devices;
- and protecting against intrusions of operating systems or software.
Record Retention: The Federal Equal Opportunities Act states that a creditor must preserve all written or recorded information connected with an application for 60 months. In keeping with the ECOA, the credit reporting agency requires that you retain the credit application and, if applicable, a purchase agreement for a period of not less than 60 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, the credit reporting agency will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract.
Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation.
Additional terms and conditions for employee screening
Client hereby certifies that it will ensure that prior to procurement or causing the procurement of a consumer report for purposes of employment, promotion, reassignment or retention of an employee that: (1) a clear and conspicuous disclosure has been made in writing to the consumer at any time before the report is procured or caused to be procured, in a document that consists solely of the disclosure, that a consumer report may be obtained for employment purposes; and (2) the consumer has authorized in writing the procurement of the report by Client. In using a consumer report for employment purposes, before taking any adverse action based in whole or in part on the report, Client shall provide to the consumer to whom the report relates: (1) a copy of the report; and (2) a description in writing of the rights of the consumer under FCRA in a format approved by the Federal Trade Commission. Client requests for employment screening reports are pursuant to procedures prescribed by OS, are for a one-time use, and shall be held in strict confidence and not disclosed to any third parties not involved in the employment decision. The information from the consumer report will not be used in violation of any applicable federal or state equal employment opportunity law or regulation. OS shall provide to Client employment screening reports for employment purposes, and shall not provide general consumer reports or other services to any subscriber for such purpose. Client shall provide to the consumer to whom the report relates a Summary of Consumer Rights as required by Section 609(c)(3) of FCRA with each report. By virtue of this certification, neither OS nor its data suppliers are providing legal advice to Client regarding FCRA. These disclosures to the consumer include:
- Consumer must be told if information in your file has been used against him or her.
- Consumer has a right to know what is in his or her file, and this disclosure may be free. If an employer relies on a consumer credit report and takes adverse action against consumer, consumer is entitled to receive a copy of that report from the employer.
- Consumer has the right to ask for a credit score (there may be a fee for this service).
- Consumer has the right to dispute incomplete or inaccurate information. Consumer reporting agencies must correct or delete inaccurate, incomplete or unverifiable information.
- Access to your file is limited. Consumer must get permission for reports to be furnished to employers.
- A summary of consumer rights under the Fair Credit Reporting Act are available by visiting or writing: (Para informacion en espanol, visite o escribe:) https://www.ftc.gov/credit or Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Avenue N.W., Washington, D.C. 20580
Additional terms and conditions for users of FICO scores
Additional rules governing FICO scores from TransUnion
Based on an agreement with TransUnion and Fair Isaac Corporation (Fair Isaac), OS has access to a unique and proprietary statistical credit scoring service jointly offered by TransUnion and Fair Isaac which evaluates certain information in the credit reports of individual consumers from TransUnion’s database (Classic) and provides a score (the Classic Score). Client may desire to obtain Classic Scores from TransUnion in connection with consumer credit reports. Client will request Scores only for Client’s exclusive use and may store Scores solely for Client’s own use in furtherance of Client’s original purpose for obtaining the Scores. Client has a permissible purpose for obtaining consumer reports, as defined by Section 604 of FCRA. Client shall not use the Score for model development or model calibration and shall not reverse-engineer the Score. All Scores provided hereunder will be held in strict confidence and may never be sold, licensed, copied, reused, disclosed, reproduced, revealed or made accessible, in whole or in part to any Person except (i) to those employees of Client with a need to know and in the course of their employment; (ii) to those third party processing agents of Client who have executed an agreement that limits the use of the Scores by the third party to the use permitted to Client and contains the prohibitions set forth herein regarding model development, model calibration and reverse engineering; (iii) when accompanied by the corresponding reason codes, to the consumer who is the subject of the Score; or (iv) as required by law. Client recognizes that factors other than the Classic Score may be considered in making a credit decision. Such other factors include, but are not limited to, the credit report, the individual account history, and economic factors. TransUnion and Fair Isaac shall be deemed third party beneficiaries under this clause. Up to five score reason codes, or if applicable, exclusion reasons, are provided to Client with Classic Scores. These score reason codes are designed to indicate the reasons why the individual did not have a higher Classic Score, and may be disclosed to consumers as the reasons for taking adverse action, as required by the Equal Credit Opportunity Act (ECOA) and its implementing Regulation (Reg. B). However, the Classic Score itself is proprietary to Fair Isaac, may not be used as the reason for adverse action under Reg. B and, accordingly, shall not be disclosed to credit applicants or any other third party, except: (1) to credit applicants in connection with approval/disapproval decisions in the context of bona fide credit extension transactions when accompanied with its corresponding score reason codes; or (2) as clearly required by law. Client will not publicly disseminate any results of the validations or other reports derived from the Classic Scores without Fair Isaac and TransUnion’s prior written consent. In the event Client intends to provide Classic Scores to any agent, Client may do so provided, however, that Client first enters into a written agreement with such agent that is consistent with Client’s obligations under this agreement.
Moreover, such agreement between Client and such agent shall contain the following obligations and acknowledgments of the agent: (1) Such agent shall utilize the Classic Scores for the sole benefit of Client and shall not utilize the Classic Scores for any other purpose including for such agent’s own purposes or benefit; (2) That the Classic Score is proprietary to Fair Isaac and, accordingly, shall not be disclosed to the credit applicant or any third party without TransUnion and Fair Isaac’s prior written consent except (a) to credit applicants in connection with approval/disapproval decisions in the context of bona fide credit extension transactions when accompanied with its corresponding score reason codes; or (b) as clearly required by law; (3) Such Agent shall not use the Classic Scores for model development, model validation, model benchmarking, reverse engineering, or model calibration; (4) Such agent shall not resell the Classic Scores; and (5) Such agent shall not use the Classic Scores to create or maintain a database for itself or otherwise. Client acknowledges that the Classic Scores provided under this Agreement which utilize an individual’s consumer credit information will result in an inquiry being added to the consumer’s credit file. Client shall be responsible for compliance with all applicable federal or state legislation, regulations and judicial actions, as now or as may become effective including, but not limited to, the FCRA, the ECOA, and Reg. B, to which it is subject. Fair Isaac, the developer of Classic, warrants that the scoring algorithms as delivered to TransUnion and used in the computation of the Classic Score (Models) are empirically derived from TransUnion’s credit data and are a demonstrably and statistically sound method of rank-ordering candidate records with respect to the relative likelihood that United States consumers will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring when applied to the population for which they were developed, and that no scoring algorithm used by Classic uses a “prohibited basis” as that term is defined in the ECOA) and Reg. B promulgated thereunder. Classic provides a statistical evaluation of certain information in TransUnion’s files on a particular individual, and the Classic Score indicates the relative likelihood that the consumer will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring relative to other individuals in TransUnion’s database. The score may appear on a credit report for convenience only, but is not a part of the credit report nor does it add to the information in the report on which it is based.
THE WARRANTIES SET FORTH ARE THE SOLE WARRANTIES MADE UNDER THIS CLAUSE CONCERNING THE CLASSIC SCORES AND ANY OTHER DOCUMENTATION OR OTHER DELIVERABLES AND SERVICES PROVIDED UNDER THIS AGREEMENT; AND NEITHER FAIR ISAAC NOR TRANSUNION MAKE ANY OTHER REPRESENTATIONS OR WARRANTIES CONCERNING THE PRODUCTS AND SERVICES TO BE PROVIDED UNDER THIS AGREEMENT OTHER THAN AS SET FORTH HERE. THE WARRANTIES AND REMEDIES SET FORTH ABOVE ARE IN LIEU OF ALL OTHERS, WHETHER WRITTEN OR ORAL, EXPRESS OR IMPLIED (INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT MIGHT BE IMPLIED FROM A COURSE OF PERFORMANCE OR DEALING OR TRADE USAGE). THERE ARE NO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL ANY PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES INCURRED BY THE OTHER PARTIES AND ARISING OUT OF THE PERFORMANCE OF THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOSS OF GOOD WILL AND LOST PROFITS OR REVENUE, WHETHER OR NOT SUCH LOSS OR DAMAGE IS BASED IN CONTRACT, WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY, INDEMNITY, OR OTHERWISE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. THE FOREGOING NOTWITHSTANDING, WITH RESPECT TO CLIENT, IN NO EVENT SHALL THE AFORESTATED LIMITATIONS OF LIABILITY, SET FORTH ABOVE IN SECTION 16, APPLY TO DAMAGES INCURRED BY TRANSUNION AND/OR FAIR ISAAC AS A RESULT OF: (A) GOVERNMENTAL, REGULATORY OR JUDICIAL ACTION(S) PERTAINING TO VIOLATIONS OF THE FCRA AND/OR OTHER LAWS, REGULATIONS AND/OR JUDICIAL ACTIONS TO THE EXTENT SUCH DAMAGES RESULT FROM CLIENT’S BREACH, DIRECTLY OR THROUGH CLIENT’S AGENT(S), OF ITS OBLIGATIONS UNDER THIS AGREEMENT. ADDITIONALLY, NEITHER TRANSUNION NOR FAIR ISAAC SHALL BE LIABLE FOR ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THIS ADDENDUM BROUGHT MORE THAN ONE (1) YEAR AFTER THE CAUSE OF ACTION HAS ACCRUED. IN NO EVENT SHALL TRANSUNION’S AND FAIR ISAAC’S AGGREGATE TOTAL LIABILITY, IF ANY, UNDER THIS AGREEMENT, EXCEED THE AGGREGATE AMOUNT PAID, UNDER THIS ADDENDUM, BY CLIENT DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING ANY SUCH CLAIM, OR TEN THOUSAND DOLLARS ($10,000.00), WHICHEVER AMOUNT IS LESS.
This Agreement may be terminated automatically and without notice: (1) in the event of a breach of the provisions of this supplement by Client; (2) in the event the agreement(s) related to Classic between TransUnion, Fair Isaac and OS are terminated or expire; (3) in the event the requirements of any law, regulation or judicial action are not met, (4) as a result of changes in laws, regulations or regulatory or judicial action, that the requirements of any law, regulation or judicial action will not be met; and/or (5) the use of the Classic Service is the subject of litigation or threatened litigation by any governmental entity.
Additional rules governing FICO scores from Experian
Client may access scores utilizing a statistical scoring model furnished by Experian and Fair, Isaac (Experian FICO score). Client shall limit its use of Experian FICO scores and reason codes solely to use in its own business with no right to transfer, sell, license, sublicense or distribute said Scores or reason codes to third parties. Notwithstanding any contrary provision of this Agreement, Client may disclose the Experian FICO score to credit applicants, when accompanied by the corresponding reason codes, in the context of bona fide lending transactions and decisions only. Client, its employees, agents or subcontractors, are prohibited from using the trademarks, service marks, logos, names, or any other proprietary designations, whether registered or unregistered, of Experian or Fair Isaac, or the affiliates of either of them, or of any other party involved in the provision of the Experian FICO score without such entity’s prior written consent. Client may not attempt, in any manner, directly or indirectly, to discover or reverse engineer any confidential and proprietary criteria developed or used by Experian/Fair, Isaac in performing the Experian FICO score. The aggregate liability of Experian/Fair, Isaac to Client is limited to the lesser of the fees paid by OS to Experian/Fair, Isaac pursuant for the Experian FICO score resold to the pertinent Client during the six (6) month period immediately preceding the Client’s claim, or the fees paid by Client to OS under this Agreement during said six (6) month period, and excluding any liability of Experian/Fair, Isaac for incidental, indirect, special or consequential damages of any kind. Client warrants that it has a “permissible purpose” under the Fair Credit Reporting Act, as it may be amended from time to time, to obtain the information derived from the Experian/Fair, Isaac Model. Client agrees to maintain internal procedures to minimize the risk of unauthorized disclosure and agrees that such Scores and reason codes will be held in strict confidence and disclosed only to those of its employees that “need to know” and to no other person. Client shall comply with all applicable laws and regulations in using the Scores and reason codes purchased. Experian/Fair, Isaac warrants that the Experian/Fair, Isaac Model is empirically derived and demonstrably and statistically sound and that to the extent the population to which the Experian/Fair, Isaac Model is applied is similar to the population sample on which the Experian/Fair, Isaac Model was developed, the Experian/Fair, Isaac Model score may be relied upon by Client to rank consumers in the order of the risk of unsatisfactory payment such consumers might present to Client. Experian/Fair, Isaac further warrants that so long as it provides the Experian/Fair, Isaac Model, it will comply with the regulations promulgated from time to time pursuant to the Equal Credit Opportunity Act, 15 USC Section 1691 et seq. THE FOREGOING WARRANTIES ARE THE ONLY WARRANTIES EXPERIAN/FAIR, ISSAC HAV GIVEN OS AND/OR CLIENT WITH RESPECT TO THE EXPERIAN/FAIR, ISAAC MODEL AND SUCH WARRANTIES ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, EXPERIAN/FAIR, ISAAC MIGHT HAVE GIVEN OS AND/OR CLIENT, FOR EXAMPLE, WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. OS and each respective Client’s rights under the foregoing Warranty are expressly conditioned upon each respective Client’s periodic revalidation of the Experian/Fair, Isaac Model in compliance with the requirements of Regulation B as it may be amended from time to time (12 CFR Section 202 et seq.)
Additional terms and conditions for retail sellers
California Civil Code – Section 1785.14(a)
Section 1785.14(a), as amended, states that a consumer credit reporting agency does not have reasonable grounds for believing that a consumer credit report will only be used for a permissible purpose unless all of the following requirements are met:
Section 1785.14(a)(1) states: “If a prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the consumer credit reporting agency shall, with a reasonable degree of certainty, match at least three categories of identifying information within the file maintained by the consumer credit reporting agency on the consumer with the information provided to the consumer credit reporting agency by the retail seller. The categories of identifying information may include, but are not limited to, first and last name, month and date of birth, driver’s license number, place of employment, current residence address, previous residence address, or social security number. The categories of information shall not include mother’s maiden name.”
Section 1785.14(a)(2) states: “If the prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the retail seller must certify, in writing, to the consumer credit reporting agency that it instructs its employees and agents to inspect a photo identification of the consumer at the time the application was submitted in person. This paragraph does not apply to an application for credit submitted by mail.”
Section 1785.14(a)(3) states: “If the prospective user intends to extend credit by mail pursuant to a solicitation by mail, the extension of credit shall be mailed to the same address as on the solicitation unless the prospective user verifies any address change by, among other methods, contacting the person to whom the extension of credit will be mailed.”
In compliance with Section 1785.14(a) of the California Civil Code, Member hereby certifies to OS Member is NOT a retail seller, as defined in Section 1802.3 of the California Civil Code (“Retail Seller”) and issues credit to consumers who appear in person on the basis of applications for credit submitted in person (“Point of Sale”).
End User also certifies that if End User is a Retail Seller who conducts Point of Sale transactions, End User will, beginning on or before July 1, 1998, instruct its employees and agents to inspect a photo identification of the consumer at the time an application is submitted in person.
End User also certifies that it will only use the appropriate End User code number designated by Consumer Reporting Agency for accessing consumer reports for California Point of Sale transactions conducted by Retail Seller.
If End User is not a Retail Seller who issues credit in Point of Sale transactions, End User agrees that if it, at any time hereafter, becomes a Retail Seller who extends credit in Point of Sale transactions, End User shall provide written notice of such to Consumer Reporting Agency prior to using credit reports with Point of Sale transactions as a Retail Seller, and shall comply with the requirements of a Retail Seller conducting Point of Sale transactions, as provided in this certification.
Additional terms and conditions for Vermont clients
Member acknowledges that it subscribes to receive various information services in accordance with the Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999), as amended (the “VFCRA”) and the Federal Fair Credit Reporting Act, 15, U.S.C. 1681 et. Seq., as amended (the “FCRA”) and its other state law counterparts. In connection with Member’s continued use of OS services in relation to Vermont consumers, Member hereby certifies as follows:
Vermont Certification. Member certifies that it will comply with applicable provisions under Vermont law. In particular, Member certifies that it will order information services relating to Vermont residents that are credit reports as defined by the Vermont Fair Credit Reporting Act (“VFCRA”), only after Member has received prior consumer consent in accordance with VFCRA Section 2480e and applicable Vermont Rules. Member further certifies that the below copy of Section 2480e of the Vermont Fair Credit Reporting Statute was received.
Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999) § 2480e. Consumer consent
(a) A person shall not obtain the credit report of a consumer unless:
1. the report is obtained in response to the order of a court having jurisdiction to issue such an order; or
2. the person has secured the consent of the consumer, and the report is used for the purpose consented to by the consumer.
(b) Credit reporting agencies shall adopt reasonable procedures to assure maximum possible compliance with subsection (a) of this section.
(c) Nothing in this section shall be construed to affect:
1. the ability of a person who has secured the consent of the consumer pursuant to subdivision (a)(2) of this section to include in his or her request to the consumer permission to also obtain credit reports, in connection with the same transaction or extension of credit, for the purpose of reviewing the account, increasing the credit line on the account, for the purpose of taking collection action on the account, or for other legitimate purposes associated with the account; and
2. the use of credit information for the purpose of prescreening, as defined and permitted from time to time by the Federal Trade Commission.
VERMONT RULES *** CURRENT THROUGH JUNE 1999 ***
AGENCY 06. OFFICE OF THE ATTORNEY GENERAL SUB-AGENCY 031. CONSUMER PROTECTION DIVISION
CHAPTER 012. Consumer Fraud–Fair Credit Reporting RULE CF 112 FAIR CREDIT REPORTING
CVR 06-031-012, CF 112.03 (1999) CF 112.03 CONSUMER CONSENT
(a) A person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing if the consumer has made a written application or written request for credit, insurance, employment, housing or governmental benefit. If the consumer has applied for or requested credit, insurance, employment, housing or governmental benefit in a manner other than in writing, then the person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing or in the same manner in which the consumer made the application or request. The terms of this rule apply whether the consumer or the person required to obtain consumer consent initiates the transaction.
(b) Consumer consent required pursuant to 9 V.S.A. §§ 2480e and 2480g shall be deemed to have been obtained in writing if, after a clear and adequate written disclosure of the circumstances under which a credit report or credit reports may be obtained and the purposes for which the credit report or credit reports may be obtained, the consumer indicates his or her consent by providing his or her signature.
(c) The fact that a clear and adequate written consent form is signed by the consumer after the consumer’s credit report has been obtained pursuant to some other form of consent shall not affect the validity of the earlier consent.