Search results

×

Data Sharing Addendum

These terms are inapplicable to customers who signed contracts starting on or after March 1, 2024 and that incorporate by reference the terms at https://www.nmi.com/legal/platform-terms-conditions/. Please refer to your order form and reach out to your customer account manager for questions.

IRIS Data Sharing Addendum

This IRIS data sharing addendum (the Addendum) is entered into between ______________________ (Sender),___________________________ (Recipient) and Integrated Reporting is Simple, LLC (IRIS) and it forms an addendum to each of (i) the user terms and conditions executed between Sender and IRIS (Sender IRIS Agreement) and (ii) the user terms and conditions executed between Recipient and IRIS (Recipient IRIS Agreement). Sender IRIS Agreement and Recipient IRIS Agreement are each referred to herein as the Agreement. Unless otherwise defined herein, capitalized terms appearing in this Addendum have the meanings set out in the
Agreement.

WHEREAS pursuant to the Sender IRIS Agreement, IRIS is in possession of Sender ISO Data;

WHEREAS Sender wishes to instruct IRIS to grant Recipient access to certain data and information relevant to ISO’s business operations such as merchant portfolio reporting, merchant pricing, agent information, and other reporting data from its ISO Data, subject to the terms of this Addendum (such ISO Data to be shared being, the Shared Data);

WHEREAS Recipient agrees to receive the Shared Data in accordance with the terms hereof and any other agreement to which Sender and Recipient are parties (collectively, the Shared Data Terms);

The parties hereby agree as follows:

  1. ISO as Sender or Recipient
    Each ISO accepting this Addendum is either the Sender or the Recipient. is the ISO disclosing the Shared Data is the Sender and the ISO receiving the Shared Data is the Recipient, and vice versa. The final arbiter of who is the Sender or Recipient with respect to any given ISO Data shall be the records within IRIS in the Account Portal of the ISO from which ISO Data was first shared hereunder.
  2. Term

    1. This Addendum commences on the latest date in the signature block (the Effective Date) and continues until the earlier of: (i) termination of an Agreement; or (ii) notice, via an Account Portal, that any party hereto wishes to terminate this Addendum (such period being the Addendum Term).
    2. Upon termination of this Addendum or the Agreement, the right to use Shared Data under Section 3 will also terminate.
  3. ISO Data Sharing
    1. Sender hereby grants IRIS a revocable, non-exclusive, non-sublicensable, and non-transferable right during the Addendum Term to use the Shared Data solely for the purpose of providing supplemental reporting under the Services in accordance with the Agreement and for the benefit of Sender in the ordinary course of its business operation.
    2. As and when instructed by Sender, IRIS shall make Shared Data available to Recipient in a form and format reasonably acceptable to IRIS. Recipient acknowledges that IRIS can provide the Shared Data only if Recipient uses IRIS’s Account Portal to access the same. Recipient authorizes and instructs IRIS to act on Recipient’s behalf and as its representative to obtain the Shared Data directly from the Sender Account Portal and IRIS agrees to engage hereunder on that basis. For the avoidance of doubt, Recipient will not itself have the ability to access the Sender Account Portal. IRIS reserves the right to determine which ISO Data can become Shared Data and by what means, which parameters IRIS may amend at any time and at its sole discretion.
  4. Sender Covenants
    Sender represents, warrants and covenants to Recipient and IRIS that all of the following are true as of the Effective Date and shall remain true for the Addendum Term:

    1. Whether required by contract or applicable law, Sender has obtained all consents and delivered all notices necessary from or to Processors, Merchants, Users and other third parties whose information is included in or the subject of Shared Data (collectively, the Data Subjects) to complete the Shared Data disclosure contemplated in this Addendum.;
    2. If asked by a Processor to confirm whether ISO Data originating from the Processor is subject to a data sharing addendum, Sender hereby instructs IRIS to reply truthfully to such query provided that IRIS includes Sender on such correspondence;
    3. Shared Data is a true and accurate representation of the information it represents;
    4. Shared Data has not been selected for sharing hereunder with a view to misleading or deceiving Recipient; and
    5. Sender shall notify Recipient of errors in Shared Data and shall use Account Portal to correct them.
  5. Recipient Covenants
    Recipient represents, warrants and covenants to Sender and IRIS that all of the following are true as of the Effective Date and shall remain true for the Addendum Term, unless otherwise agreed in writing between Sender and Recipient (each such writing, a Side Agreement):

    1. Shared Data shall be and remain the sole and exclusive confidential property of Sender;
    2. Recipient shall not use Shared Data for any purpose other than Merchant customer support services supplied by Recipient (Recipient Services)
    3. For the term of this Addendum and for two (2) years thereafter, Recipient shall not use Shared Data to itself, nor permit any third party to use Shared Data to solicit any Merchant or other customer or Sender or any User to (i) cease doing business with or through Sender; or (ii) enter into any new processing, business or other relationship with Recipient or any third party
    4. Recipient shall not alter Shared Data;
    5. On request by Sender or IRIS, Recipient shall return to Sender or destroy any and all copies of Shared Data in its possession;
    6. Recipient shall not access or seek to access Sender ISO Data that Sender has not deemed Shared Data hereunder;
  6. Confidentiality and Data Security
    1. Shared Data is Sender Confidential Information. Recipient acknowledges that the Shared Data is confidential information of Sender. Recipient shall: (i) maintain it in confidence and use Shared Data only to the extent necessary and expressly permitted hereunder; (ii) use at least the same degree of care in maintaining its secrecy as it uses in maintaining the secrecy of its own ISO Data, but in no event less than a reasonable degree of care; and (iii) return or destroy all materials containing any of the Shared Data upon request of Sender or IRIS. Recipient further agrees that it will not provide, furnish, or make available any Shared Data to any other party, including any affiliate or third party subcontractor unless Sender has provided its prior written consent to such disclosure in a Side Agreement. Sender provision of Shared Data under this Addendum does not create or convey any ownership rights of Recipient in such Shared Data.
    2. Disclosure of Shared Data. Recipient may only disclose Shared Data provided under this Addendum: (1) to such party’s personnel and representatives that need to know it in connection with the provision of Recipient Services, and such personnel and representatives shall be bound by confidentiality obligations materially similar to those required under this Addendum; and (2) in response to a subpoena, court order, request from a regulator, or as required under applicable laws or card association rules.
  7. Data Security
    Recipient is responsible for any unauthorized access to any Shared Data. Recipient shall comply with applicable Payment Card Industry Data Security Standards (PCI DSS) and obtain timely certification of its systems and processes as required under applicable Rules. Recipient will allow Payment Networks, IRIS, and Processor (whose data is included in Shared Data) (Shared Data Interested Parties) to audit its PCI DSS compliance and information technology systems related to the subject matters of this Addendum. If Recipient becomes aware that there has been unauthorized access to Shared Data or Shared Data provided under this Addendum (a Security Incident), it will promptly notify Sender and IRIS. If requested by Sender or IRIS, Recipient will retain a reputable firm that is certified and approved by the card organizations that provides forensic information security services and risk assessments in order to: (1) assess the nature and scope of the Security Incident; and (2) identify the access controls or data involved in the Security Incident. Recipient will take appropriate steps to contain, control, stop, and remediate any Security Incident. Recipient will provide reasonable details regarding any Security Incident to, and cooperate with, Shared Data Interested Parties, and the forensics firms that are involved in the investigation and remediation of a Security Incident. Recipient will take all actions that any Shared Data Interested Party requires in connection with the investigation and remediation of a Security Incident. Recipient will reimburse Shared Data Interested Parties for all fines, fees, penalties, assessments, or other obligations of any kind imposed by a Payment Network or a regulator on a Shared Data Interested Party due to a Security Incident.
  8. Indemnification
    Recipient and Sender will, jointly and severally, indemnify and hold harmless IRIS from and against any and all losses, liabilities, damages, and/or expenses, including reasonable attorneys’ fees, arising out of any third party claim or action related to: (i) acts or omissions of either Sender or Recipient in respect of or related to Shared Data; (ii) the provision of Shared Data under this Addendum; (iii) any breach of this Addendum; (iv) the misuse or unauthorized disclosure of any Shared Data by Sender or Recipient; (v) the gross negligence, willful misconduct, or omission of Sender, Recipient or its employees in connection with the subject matters of this Addendum; or (vi) any claim by another party hereto versus IRIS relating to this Addendum or an act or omission of the other under an Agreement.
  9. Acknowledgements and Releases
    Sender and Recipient, jointly and severally, shall be fully responsible for, and release IRIS from, any and all liability, damage, loss, cost, claim, or expense, including without limitation, any Payment Network fines, fees, penalties, assessments, or other obligations, related to, or occurring in connection with respect to the Shared Data provided under this Addendum.
  10. Shared Data Fees
    In connection with IRIS’s efforts necessary to prepare and make available the Shared Data under this Addendum, Sender and Recipient shall pay such Fees as are indicated in the Account Portal. For clarity, any Account included in the Shared Data is an Active Account of the Recipient and the Sender, under their respective Agreement.
  11. Limitation of Liability; Waiver of Consequential Damages
    1. Allocation of Certain Liabilities. Nothing in this Addendum shall: (i) serve to diminish ISO liability under the Agreement; (ii) cause one party to be liable for the acts or omissions of another, except under the indemnification provision above where each of Sender and Recipient are liable for the acts and omissions of the other; (iii) render Sender or Recipient party to the others’ Agreement; they are, however, both parties to this Addendum; or (iv) be interpreted to give Sender or Recipient any claim versus IRIS for any act or omission of the other. No interruption in IRIS Services shall relieve Sender or Recipient of their respective obligations hereunder.
    2. Limitation of Liability. IRIS shall not be liable for any acts or omissions of a Processor, Sender, Recipient or any of their respective Users. In the event of a breach of the terms hereof by Sender or Recipient, no party shall make any claim versus IRIS in that regard. IRIS has no duty to enforce the terms hereof versus any party hereto. IRIS’s aggregate liability to any other party for losses arising from any cause (regardless of the form of action or
      legal theory) in connection with this Addendum will be limited to $100.00 (Liability Cap).
    3. Exclusion of Damages. IRIS will not have any liability to any other party for lost profits, revenues, or business opportunities, nor any exemplary, punitive, special, indirect, incidental, or consequential damages (whether direct or indirect) under this Addendum; regardless of whether these damages were foreseeable or a party was advised they were possible.
    4. Disclaimer of Warranty. IRIS does not make, and expressly disclaims, any representation or warranty: (i)
      that the Shared Data will be current, complete, accurate or error free; (ii) that access to the Shared Data will be uninterrupted or error free; (iii) that security breaches will not occur with respect to transmission or transfer of the Shared Data as provided herein; and (iv) that the parties will be able to achieve the results that may or may not be intended in connection with the use of the Shared Data (including the Recipient Services).
  12. Agreement
    This Addendum forms part of each of the respective Agreements of Sender and Recipient and is the entire
    agreement between the parties and replaces any prior agreements or understanding (written or oral) with respect to
    its subject matter. All changes to this Addendum shall be made in writing and signed by all parties. In the event of a
    conflict between this Addendum and the Agreement as it relates to the subject matter hereof, the terms of this
    Addendum will control. This Addendum may be executed electronically and in counterparts, each of which
    constitutes one agreement when taken together. Electronic and other copies of the executed Addendum are valid.

 

 

[The remainder of this page is intentionally left blank.]

 

 

The parties have signed this Addendum as of the Effective Date:

 

ISO (1) (Sender/Recipient): ______________________________

____________________________________

Name:

Title:

Date:

 

ISO (2) (Sender/Recipient): ______________________________

____________________________________

Name:

Title:

Date:

 

Integrated Reporting is Simple, LLC (IRIS)

____________________________________
Name:
Title:
Date: