Client Terms
Last Updated: September 26, 2023
THESE TERMS AND CONDITIONS GOVERN THE USE OF AND ACCESS TO THE SOFTWARE-AS-A-SERVICE MADE AVAILABLE BY DAILYPAY AT WWW.DAILYPAY.COM OR VIA THE DAILYPAY MOBILE APPLICATION ON IPHONE OR ANDROID DEVICES (THE “SERVICE”). BY EXECUTING AN ORDER FORM REFERENCING THESE TERMS, YOU AGREE TO BE BOUND BY THESE TERMS AND THE ORDER FORM.
CAPITALIZED TERMS USED BUT NOT DEFINED HEREIN SHALL HAVE THE MEANINGS ASCRIBED TO SUCH TERMS IN EXHIBIT A ATTACHED HERETO.
1. LICENSE
(a) Grant. Subject to the terms and conditions of this Agreement, DailyPay grants Company a non-exclusive, non-transferable, non-sublicensable (except as set forth herein), limited license during the Term (the “License”) to access and use the Service solely for the purpose of providing Company employees access to the Services, including without limitation, access to accrued, unpaid earnings prior to Company’s regularly scheduled payroll processing (“Earnings”) and any other purpose as may be mutually agreed to by the Parties in writing from time to time. Each employee of the Company who elects to use the Service to access Earnings is a “User”. The Service may include (i) the client portal made available by DailyPay to Company Administrators and other Company personnel at www.dailypay.com (the “Client Portal”); and (ii) application program interfaces (“APIs”) provided by DailyPay for Company to access the Service, if applicable. The License includes the right to make, distribute and use a reasonable number of copies of any written or online (x) descriptions of the functionality, technical requirements, or use of the Service (collectively, “Documentation”), and (y) marketing materials provided by DailyPay (“DailyPay Materials”), in each case for Company’s internal business purposes, including promoting the Service to Eligible Employees.
(b) Restrictions. The Service is licensed only for Company’s internal business purposes. Except as explicitly permitted in this Agreement, Company shall not, directly or indirectly: (i) modify or create derivative works of the Service; (ii) decompile, reverse engineer, or otherwise translate any portion of the Service into human-readable form (except to the extent that this subsection (ii) is limited by applicable law); (iii) rent, lease, share, distribute, sell or otherwise make the Service available to any third party, including on a time sharing, service bureau, or similar basis; (iv) remove, alter or deface proprietary notices, labels or marks in the Service, Documentation, or DailyPay Materials; (v) disclose the results of testing or benchmarking of the Service; (vi) circumvent or disable the Service’s copyright protection or license management mechanisms; (vii) use the Service in violation of any applicable law or regulation or to violate the rights of any third party; or (viii) attempt to do any of the foregoing.
(c) Additional Features. DailyPay may make new features or modules for the Service available for an additional fee during the Term (each such offering, an “Add-On”). Add-Ons are not required for the proper functioning of the Service and shall be mutually agreed upon in writing by the Parties.
2. USE OF THE SERVICE
(a) Company Responsibilities.
(i) Company shall use commercially reasonable efforts to ensure that the Service is made available to all Eligible Employees on the Target Launch Date or such other date as may be mutually agreed by the Parties; provided that there shall only be one “launch date.”
(ii) Company shall use commercially reasonable efforts to promote the availability of the Service to Eligible Employees and hiring candidates of the Company. The Company Administrators shall be responsible for collaborating with DailyPay personnel on the most effective communication strategy and plan to make its Eligible Employees and hiring candidates aware of the Service.
(iii) Company shall designate at least two (2) Company Administrators. Company Administrators will participate in training calls/webinars about DailyPay in connection with implementation of the Service. If a Company Administrator ceases to be an employee of the Company, then the Company shall, as soon as reasonably practicable, (A) disable such Company Administrator’s access to the Client Portal, (B) notify DailyPay of such termination, and (C) appoint an individual to replace the terminated Company Administrator.
(iv) Prior to the Target Launch Date, and subsequently not later than December 1st of each year for the following calendar year, Company shall provide DailyPay with a calendar year pay schedule that includes all payday holidays.
(v) Company shall provide DailyPay with current and accurate information about Earnings in the form of the following files, in each case, in accordance with the procedures set forth in this Agreement and as may be otherwise agreed by the Parties from time to time: (A) User Roster Files; (B) Gross Earnings Files; and (C) Net Earnings Files. Earnings information may be made available through a Company API, via SFTP, through the Client Portal or through another method as may be mutually agreed by the Parties. Prior to Company’s delivery of the Files, Company shall not require Eligible Employees to (I) opt-in to the Service or (II) instruct the Company to disclose Eligible Employees’ data to DailyPay.
(vi) Prior to or by the Target Launch Date, Company shall transmit the initial User Roster File to DailyPay through a Company API, SFTP or the Client Portal. Company shall include in the User Roster File personal email addresses of Eligible Employees if such personal email addresses are in Company’s possession. DailyPay may use such personal email addresses to make Eligible Employees aware of the Service; provided that DailyPay’s use of such personal email addresses complies with applicable law, including, without limitation, the CAN-SPAM Act of 2003 (as may be amended or modified from time to time). After the launch of the Service, Company shall transmit an updated User Roster File to DailyPay not less frequently than once on each Business Day. If Company’s transmission of an updated User Roster File fails, Company shall promptly transmit such User Roster File to DailyPay by an alternative means mutually agreed by the Parties.
(vii) Company shall provide DailyPay with the Gross Earnings Files to the extent practicable, on an hourly basis, but in any event, not less frequently than daily (including weekends and holidays), or as may be otherwise agreed by the Parties from time to time.
(viii) Company shall provide DailyPay with updated Net Earnings Files immediately after Company runs each payroll. The applicable updated Net Earnings Files must be received by DailyPay prior to 12 p.m. EST, the Business Day before each Company payday, or as may be otherwise agreed by the Parties from time to time. Company acknowledges that if a Net Earnings File is not received on a timely basis or is inaccurate, it may cause delays in Users receiving their payroll payments or errors in their payroll payments, as the case may be.
(ix) Company shall ensure that payment information for Users in Company records is updated by timely processing the DDU File to reflect the DailyPay User Account in accordance with the procedures set forth in this Section and as may be otherwise agreed by the Parties from time to time. On a daily basis, DailyPay shall make available to the Company each DDU File. Company shall download such DDU File, upload such DDU File into Company’s payroll system, and effect any direct deposit updates set out in such DDU File prior to processing any following Company payroll.
(x) Company shall make all payroll payments (including off-cycle and termination payments where permitted by applicable law) for Users to the DailyPay User Account in accordance with Company’s regular payroll timeline (but in no event less frequently than monthly). If Company fails to make any payroll payments for Users in accordance with this Section 2(a)(x), then Company shall be required to cure such failure within two (2) Business Days.
(xi) If a User is terminated by the Company or voluntarily terminates their employment with the Company, Company shall notify DailyPay as soon as possible and, in any event, no later than prior to such User’s final paycheck, by (A) reflecting such termination in the subsequent User Roster File provided to DailyPay or (B) deactivating the User’s account in the Client Portal. The Company shall pay the terminated User’s final pay to the DailyPay User Account pursuant to Section 2(a)(x), or, if applicable, using the Cycle Payment Service (as further described in the Cycle Addendum). If the Company is required by applicable law or its internal policies and procedures to pay the terminated User sooner via a paper check (or via an alternative method), DailyPay may invoice Company for the amount of any transfers and any associated charges. If so invoiced, Company shall pay the invoice within thirty (30) days of receipt. DailyPay reserves the right to suspend or modify access to the Service if Company does not comply with its obligations under this Section 2(a)(xi) to notify DailyPay of terminations in a timely fashion.
(xii) Company shall use commercially reasonable efforts to prevent unauthorized access to or use of the Service (including, without limitation, by conducting regular security awareness training for Users about the risks of sharing their login credentials for the Service and using reused passwords as their login credentials for the Service) and notify DailyPay immediately of any such unauthorized access or use of which Company becomes aware.
(xiii) In addition to the restrictions set forth in Section 1(b), Company will not (A) interfere with or disrupt the integrity or performance of the Service, (B) attempt to gain unauthorized access to the Service or its related systems or networks, or (C) interfere with or disrupt the Service, or attempt to prove, scan, or test for vulnerabilities in the Service.
(xiv) Company is responsible for any on-site network or internet connectivity required to access the Service over the Internet by Company. Company consents to the processing and storage of Company Data (as defined below) on hardware owned or controlled by third parties, provided that such hardware is located in a Tier 4 data center.
(xv) If there is an unresolved negative balance in a DailyPay User Account after payday that is due to (A) delivery by the Company of Files containing erroneous data or (B) Company’s failure to upload the DDU File in accordance with Section 2(a)(ix) (an “Employer-Caused Negative Balance”), DailyPay may invoice Company for such Employer-Caused Negative Balance which shall be due and payable by Company within thirty (30) days of receipt thereof. Notwithstanding the foregoing, if such invoice for Employer-Caused Negative Balances is equal to or greater than $50,000, then it shall be due and payable by Company within two (2) Business Days.
(xvi) In connection with entering into this Agreement, the Company shall provide DailyPay with a completed Eligibility Questionnaire including all requested supporting documentation. DailyPay’s obligations under this Agreement are subject to the Company’s satisfactory completion of this initial eligibility review, as determined by DailyPay in its sole discretion.
(xvii) During the Term, for so long as the Company is not a Public Company and unless otherwise mutually agreed by the Parties, the Company shall deliver to DailyPay via email to Credit@dailypay.com:
(1) as soon as practicable, but in any event within one hundred fifty (150) days after the end of each fiscal year of the Company (A) a balance sheet as of the end of such year and (B) statements of income and of cash flows for such year, all such financial statements audited and certified by independent public accountants of nationally recognized standing selected by the Company, in each case including any notes related thereto;
(2) as soon as practicable, but in any event within forty-five (45) days after the end of each quarter of each fiscal year of the Company, unaudited statements of income and cash flows for such fiscal quarter, and an unaudited balance sheet as of the end of such fiscal quarter, all prepared in accordance with GAAP (except that such financial statements may (i) be subject to normal year-end audit adjustments; and (ii) not contain all notes thereto that may be required in accordance with GAAP);
(3) upon DailyPay’s request in connection with any renewal of the Term or as may be requested by DailyPay from time to time (including, without limitation, in connection with a Proposed Company Assignment (as defined in Section 11(f)), an updated Eligibility Questionnaire and supporting documentation.
(xviii)
(1) If the Company (A) makes any Payroll System Change, (B) undergoes a Company Restructuring, or (C) makes a Business Unit Sale (each of clauses (A), (B) or (C), a “System Change”), then Company shall provide DailyPay not less than six (6) months’ prior written notice of such event, or if such prior notice would not be not commercially reasonable, as much advanced written notice as would be commercially reasonable under the circumstances.
(2) If DailyPay reasonably expects that such System Change shall cause DailyPay to incur costs and expenses to continue providing the Service (as determined by DailyPay in its sole reasonable discretion), then, DailyPay may invoice Company for the costs of adjusting the Service to the System Change for an amount up to $25,000, depending on the scope of such work. If so invoiced, Company shall pay the invoice within thirty (30) days of receipt. DailyPay may, in its sole reasonable discretion, waive its right to invoice under this Section 2(a)(xviii)(2).
(b) DailyPay Responsibilities.
(I) DailyPay shall provide the Service in accordance with all applicable laws and government regulations.
(ii) DailyPay shall make the Service available as set forth in Exhibit B.
(iii) DailyPay shall, either through the Service or otherwise, provide Company with information regarding Users for whom DailyPay has not received Earnings from Company, and the status of User accounts (including when any User account is terminated).
(iv) DailyPay shall distribute payroll payments received from Company pursuant to Section 2(a)(x) to Users net of any prepaid Earnings and service fees owed to DailyPay by such Users. Any payments received by DailyPay prior to 12 p.m. EST on a Business Day shall be distributed on the same Business Day as received. Any payments received by DailyPay at any other time shall be distributed not later than the next Business Day following receipt.
(v) DailyPay may suspend or modify access to the Service for any User if (A) Company fails to make payroll payments for such User to the DailyPay User Account pursuant to Section 2(a)(x) or (B) in the sole judgment of DailyPay, said User presents a risk of fraud or unauthorized use.
3. OWNERSHIP
(a) Service. Materials and Documentation. Except for the limited rights granted in Section 1(a), DailyPay retains all right, title and interest, including all intellectual property rights, in and to the Service, Documentation, DailyPay Materials, and DailyPay’s API. DAILYPAY EXPRESSLY RESERVES ALL RIGHTS IN AND TO THE SERVICE, DOCUMENTATION AND DAILYPAY MATERIALS NOT EXPRESSLY GRANTED HEREUNDER.
(b) Company API. Company grants DailyPay a non-exclusive, non-transferable (except as set forth herein), worldwide, royalty-free license and right during the Term (as defined below) to access and use the Company API (if applicable) for the limited purposes of performing its obligations under this Agreement.
(c) Company Data. Company grants DailyPay a non-exclusive, non-transferable (except as set forth herein), worldwide, royalty-free license during the Term to use any information provided by or on behalf of Company to DailyPay (in its capacity as a service provider) in connection with this Agreement (collectively, “Company Data”) for the purpose of providing the Service to the Company. Notwithstanding anything to the contrary, Company agrees that DailyPay has the right to collect, use and analyze any de-identified information derived from the Company Data for DailyPay’s lawful business purposes; provided that such de-identified information shall not be identifiable to any individual or the Company. Company represents and warrants that: (i) it owns or has the right to make Company Data available to DailyPay; (ii) the posting and use of Company Data on or through the Service will not (A) violate the intellectual property, privacy, publicity, or other rights of any person or (B) breach any contract between Company and a third party; (iii) the Company Data is accurate; (iv) to the extent Company Data includes information that, alone or in combination with other information, identifies or is reasonably likely to identify an individual person or individual persons (“Personal Data”), Company does and shall comply with all applicable laws and regulations involving the use, protection, and maintenance of such Personal Data; and (v) shall not provide DailyPay with any Personal Data that includes complete nine-digit Social Security Numbers.
(d) Usage Information. DailyPay owns all data (i) regarding installation, registration, and use of the Service; and (ii) related to performance of the Service, including response times, load averages, usage statistics, or activity logs (collectively, “Performance Data”). Performance Data does not include any Personal Data or Company-specific output resulting from the use of the Service (“Company Output”) but may include aggregated or anonymized information derived from Company Output. Performance Data may be used to contribute to analytical models used by DailyPay, to monitor and improve the Service, and to develop additional services and offerings.
(e) Feedback. Company hereby grants DailyPay a worldwide, perpetual, irrevocable, royalty-free right and license to use or incorporate into the Service any ideas, suggestions, comments, recommendations, enhancement requests or other input related to the Service provided by Company, its employees or agents to DailyPay in any form in any way whatsoever, so long as Company has obtained the required legal authorizations, where applicable, from the respective party.
4. FEES
(a) Company Fees. Company shall pay DailyPay any amounts set forth on the Order Form, except to the extent that the Order Form indicates that any such amount has been “waived” (the “Company Fees”). DailyPay may modify the Company Fees (other than implementation-related Company Fees) in connection with any renewal of the Term, provided that DailyPay provides Company with notice of such revised Company Fees at least forty-five (45) days prior to the renewal date. All Company Fees (other than implementation-related Company Fees) are payable in advance (annually, in the case of recurring Company Fees), and due within thirty (30) days of receipt of an invoice. All implementation-related Company Fees are payable 50% upon execution of this Agreement and 50% upon completion of implementation by DailyPay, and due within thirty (30) days of receipt of an invoice. Except as otherwise set forth herein, Company Fees are non-cancelable and non-refundable.
(b) User Fees. As of the Effective Date, DailyPay shall charge Users fees at the rates set forth on the Order Form (the “User Fee”, and collectively with the Company Fees, “Fees”). At any time thereafter during the Term, User Fees shall be set at DailyPay’s then-current rates (which may be changed from time to time).
(c) Outstanding Balances. Any amounts owed by Company to DailyPay pursuant to Sections 2(a)(x), 2(a)(xi), or 2(a)(xv) and not repaid within the timeline prescribed in such Sections shall, in each case, accrue interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, if less, from the date such payment was due until the date paid. DailyPay may also suspend or adjust Company and/or User access to the Service if such amounts remain unpaid more than thirty (30) days after they were due. Notwithstanding the foregoing, if Company fails to comply with its obligations to fund payroll to DailyPay User Accounts in accordance with Section 2(a)(x), DailyPay may immediately suspend or adjust Company or User access to the Service.
(d) Taxes. Company shall be responsible for payment of all sales, use, property, value-added, payroll withholding, or other federal, state or local taxes arising from or related to its payment of Earnings to Users and the Service, except for taxes based solely on DailyPay’s net income. If DailyPay is required to pay any such taxes based on the licenses granted in this Agreement or on Company’s use of the Service, then such taxes will be billed to and paid by Company.
5. CONFIDENTIAL INFORMATION
(a) Definition. “Confidential Information” means all information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”) in connection with this Agreement, whether orally or in writing, that is designated as confidential or the equivalent or that reasonably should be understood to be confidential given the nature of the information and/or the circumstances of disclosure. However, Confidential Information does not include information that (i) is or becomes generally known to the public without Receiving Party’s breach, (ii) was known to the Receiving Party prior to its disclosure, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. The occurrence of a situation described in subsections (i) through (iv) will not reduce or limit the Receiving Party’s obligation to protect Personal Data in compliance with all applicable laws and regulations.
(b) Protection. The Receiving Party shall protect the Disclosing Party’s Confidential Information with the same degree of care that it uses to protect its own information of like kind (but in no event with less than reasonable care). The Receiving Party shall (i) only use Confidential Information as required to fulfill its obligations or as otherwise permitted under this Agreement, and (ii) unless authorized by the Disclosing Party in writing, limit access to Confidential Information to those of its and its affiliates’ employees, contractors, agents and potential financing sources who are bound to confidentiality obligations no less stringent than those in this Section 5. The terms of this Agreement are Confidential Information of the Parties; its existence is not.
(c) Compelled Disclosure. The Receiving Party may disclose the Disclosing Party’s Confidential Information if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest or limit the scope of the disclosure.
6. TERM AND TERMINATION
(a) Term. This Agreement shall become effective on the Effective Date and will continue for the “Initial Term” of two (2) years. Thereafter, the Agreement will automatically renew for successive periods equal to the length of the Initial Term (each, a “Renewal Term,” and, all such Renewal Terms with the Initial Term, the “Term”), unless either Party notifies the other in writing of its intent not to renew at least thirty (30) days prior to the expiration of the then-current Term, or the Agreement is otherwise terminated pursuant to this Agreement.
(b) Termination for Material Breach. If either Party fails to materially comply with any provision of the Agreement, the other Party may terminate the Agreement upon thirty (30) days’ written notice unless the breach is cured within such time. In addition, DailyPay may terminate this Agreement without opportunity for Company to cure if Company (i) fails to timely fund any two (2) payroll payments in accordance with Section 2(a)(x) in a rolling, twelve (12) month period, (ii) fails to (A) provide any information required to be provided pursuant to Sections 2(a)(xvi) or (xvii) or (B) meet DailyPay’s eligibility requirements, as determined by DailyPay in its sole reasonable discretion, or (iii) assigns or attempts to assign this Agreement or delegates or attempts to delegate its rights or obligations hereunder without the prior written consent of DailyPay pursuant to its obligations under Section 11(f).
(c) Termination for Insolvency and Related Events. This Agreement may be terminated immediately by either Party upon written notice to the other Party (i) upon the institution by the other Party of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of such other Party’s debts (or when such proceedings are instituted by a third party and not dismissed within twenty (20) days), (ii) upon the other Party’s making an assignment for the benefit of creditors, or (iii) upon the other Party’s dissolution or ceasing to do business.
(d) Effects of Termination. Upon the expiration or termination of the Agreement, (i) Company shall pay DailyPay for any Earnings paid to Users by DailyPay but not funded to the DailyPay User Account by Company as of the date of termination or expiration of the Agreement (the “Termination Date”): (A) within two (2) Business Days of the Termination Date if such amounts exceed $50,000 in the aggregate; or (B) within thirty (30) days of the Termination Date if such amounts do not exceed $50,000; (ii) all non-perpetual rights and licenses granted by each Party hereunder shall terminate; (iii) Company shall immediately discontinue all use of the Service and remove or destroy any copies of the Documentation and DailyPay Materials in its possession; (iv) DailyPay may retain all Company Data for applicable audit and compliance retention periods, subject to the terms of Section 5; (v) each Party shall return (or destroy, at the Disclosing Party’s option) all other Confidential Information of the other Party in its possession; and (vi) Sections 3, 5, 6(d), 8, 9, 10, and Exhibit B and any rights or obligations of the Parties which, by their express terms, nature or context are intended to survive termination, will survive in accordance with their terms.
7. WARRANTIES, COVENANTS AND DISCLAIMER
(a) Mutual Representations and Warranties. Each Party represents and warrants that it has the right to enter into and perform its obligations under this Agreement, and that such performance does not and will not conflict with any other agreement of such Party or any judgment, order, or decree by which it is bound. Each Party shall comply with all laws applicable to its performance under this Agreement, including those relating to privacy and the protection of Personal Data and credit information.
(b) Company Covenants. Company acknowledges and agrees that the DailyPay on-demand pay service is not compatible with other services that enable employees to access their Earnings prior to payday (such services, “On-Demand Pay Solutions”). In consideration thereof, Company covenants that, during the Term, DailyPay shall be Company’s exclusive provider of On-Demand Pay Solutions available to Eligible Employees.
(c) Disclaimer. EXCEPT AS SPECIFICALLY SET FORTH IN THIS AGREEMENT, NEITHER PARTY MAKES, AND EACH PARTY EXPRESSLY DISCLAIMS, ANY REPRESENTATION OR WARRANTY IN CONNECTION WITH THIS AGREEMENT, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, DAILYPAY MAKES THE SERVICE AVAILABLE ON AN “AS IS” BASIS.
8. INDEMNIFICATION
(a) By DailyPay.
(i) DailyPay will indemnify and hold harmless (including payment of reasonable attorneys’ fees and court costs) Company and its officers, directors and employees against any third-party claim alleging that the Service infringes the intellectual property rights of such third party, except to the extent the alleged infringement arises out of (A) Company’s use of the Service in violation of the Agreement, (B) Company’s use of the Service in combination with other products, equipment, software or data not supplied by DailyPay, (C) any modification of the Service by any person other than DailyPay or its authorized agents, or (D) Company Data.
(ii) If the Service or any element thereof is (or in DailyPay’s judgment) is likely to be found to infringe any third-party intellectual property rights, DailyPay, in its sole discretion and at its cost and expense, will either (A) procure the right for Company to continue to use the Service; or (B) modify the Service to be non-infringing without materially diminishing its functionality. If neither (A) nor (B) is commercially reasonable, DailyPay may terminate the Agreement by giving Company at least thirty (30) days’ prior written notice and, as Company’s sole and exclusive remedy therefor, refund Company any prepaid Company Fees attributable to the terminated portion of the Agreement.
(iii) The remedies in Sections 8(a)(i) and (ii) are Company’s sole remedy, and DailyPay’s entire liability, with respect to any third-party infringement claim.
(iv) DailyPay will indemnify and hold harmless (including payment of reasonable attorneys’ fees and court costs) Company and its officers, directors and employees against any third-party claim arising out of or related to any Security Breach (as defined in Exhibit B) (any such claims, “DailyPay Security Breach Claims”). Notwithstanding the foregoing, (x) any indemnification obligations in this Section 8(a)(iv) shall not apply to that portion of any claim arising from (I) Company’s own negligent act or omission or (II) Company’s breach of any representation or warranty or obligation under this Agreement; and (y) DailyPay’s aggregate liability for all DailyPay Security Breach Claims in each contract year shall not exceed the total amount of Fees (including User Fees) paid to DailyPay under this Agreement during the twelve (12) months prior to the date on which the claim arose.
(b) By Company. Company will indemnify and hold harmless (including payment of reasonable attorneys’ fees and court costs) DailyPay and its officers, directors and employees against any third party (including a User) claim arising out of or related to (i) Company’s failure to comply with applicable law or (ii) DailyPay’s use of any Company Data (including allegations of late or erroneous payments of Earnings or Company’s failure to provide Company Data necessary for DailyPay to make payments of Earnings to Users).
(c) Procedures. The obligations in this Section 8 are contingent on the indemnified Party (i) promptly notifying the indemnifying Party of any indemnifiable claim (except that any failure to so notify the indemnifying party will not relieve indemnifying party of its obligations under this section unless such failure materially prejudices indemnifying party’s ability to defend the claim); (ii) granting the indemnifying Party sole control over the defense and/or settlement of the claim (provided that a settlement may not impose costs or liability on the indemnified Party without its consent); and (iii) providing reasonable assistance to the indemnifying Party at the indemnifying Party’s expense.
9. LIMITATION OF LIABILITY.
EXCEPT FOR A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, AND A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 8 (WHICH SHALL BE SUBJECT TO THE LIMITATIONS SET FORTH THEREIN, IF ANY), IN NO EVENT WILL EITHER PARTY BE LIABLE FOR (A) LOST PROFITS, LOSS OF DATA OR ANY OTHER CONSEQUENTIAL, SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ASSERTED, ARISING OUT OF THIS AGREEMENT, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) DAMAGES EXCEEDING, IN THE AGGREGATE, THE TOTAL AMOUNT OF FEES PAID TO DAILYPAY UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRIOR TO THE DATE ON WHICH THE CLAIM AROSE. THIS LIMITATION SHALL NOT APPLY TO ANY CLAIMS BY DAILYPAY AGAINST THE COMPANY ARISING OUT OF (I) THE COMPANY’S FAILURE TO FULLY FUND THE DAILYPAY USER ACCOUNTS IN ACCORDANCE WITH THIS AGREEMENT OR (II) ERRONEOUS COMPANY DATA. THIS LIMITATION IS CUMULATIVE AND THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIABILITY LIMITATION. THE PARTIES ACKNOWLEDGE THAT THE FOREGOING LIMITATIONS ARE AN ESSENTIAL ELEMENT OF THE AGREEMENT.
10. GOVERNING LAW, DISPUTE RESOLUTION
(a) Governing Law. This Agreement, including its formation, and the rights of the Parties thereunder shall be governed by the laws of the State of New York, without giving effect to conflicts of laws principles that would require a different result. The Parties acknowledge that this Agreement evidences interstate commerce. Notwithstanding the preceding provision with respect to the applicable substantive law, any arbitration conducted pursuant to this Agreement shall be governed by the Federal Arbitration Act, 9 U.S.C. § 1, et. seq.
(b) Arbitration. Any dispute, controversy or claim arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope, applicability and enforceability of this agreement to arbitrate, shall be finally settled by arbitration before a sole arbitrator. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures. The seat, or legal place, of arbitration shall be New York City, New York. Judgment on the award may be entered in any court of competent jurisdiction.
(i) Within fifteen (15) days after the commencement of arbitration, the Parties shall jointly select the sole arbitrator. If the Parties are unable or fail to select the arbitrator within the allotted time, that arbitrator shall be appointed by JAMS in accordance with its rules. The arbitrator shall serve as a neutral, independent and impartial arbitrator.
(ii) The arbitrator shall award to the prevailing Party, if any, the costs, expenses and attorneys’ fees reasonably incurred in connection with the arbitration.
(iii) The Parties shall maintain the confidential nature of the arbitration hearing and proceedings, including all rulings and awards, unless: (1) otherwise required by law or judicial decision, (2) as may be necessary to prepare for or conduct the arbitration, (3) as may be necessary in connection with a court application for a preliminary remedy, a judicial challenge to an award, or its enforcement, or (4) as the Parties otherwise consent.
(c) Waiver: Class and Collective Actions. The Parties agree to bring any dispute in arbitration on an individual basis only, and not on a class or collective action basis. There shall be no right or any authority for any dispute to be brought, heard or arbitrated as a class or collective action. The class and collective action waiver shall not be severable from this arbitration agreement in any case in which (1) the dispute is filed as a class or collective action and (2) there is a final judicial determination that the class and collective action waiver is invalid, unenforceable, unconscionable, void or voidable. In such instances, the class action shall be brought exclusively in the state or federal courts located in New York County, the State of New York.
(d) Waiver: Jury Trial. The Parties agree to waive any Constitutional and statutory rights to sue in court and have a trial in front of a jury.
(e) Remedies; Injunctive Relief. All rights and remedies of the Parties under this Agreement are cumulative and the exercise of one remedy will not exclude election of other remedies. A Party’s breach or threatened breach of any of Sections 1(b), 2(a)(x), 3, or 5 of this Agreement may cause irreparable injury that may not be compensated by monetary damages. Accordingly, notwithstanding this section and in addition to any other remedies available to it, a Party may seek interim injunctive or other interim equitable relief in any court of competent jurisdiction for such breach or threatened breach.
(f) Arbitration of Claims with Users. Company acknowledges that the Terms of Service located at https://www.dailypay.com/legal/site-terms/, as modified from time to time (“TOS”) between DailyPay and the employees of the Company who use the Service (“Participating Users”) includes an Arbitration Agreement (as defined in the TOS). Company agrees to be bound by the Arbitration Agreement and to arbitrate any claims between Company and a Participating User in accordance with the Arbitration Agreement in the TOS.
11. MISCELLANEOUS
(a) Insurance. During the Term of this Agreement, DailyPay shall maintain a policy of (i) commercial general liability insurance, covering liability arising from premises, operations, independent contractors, completed operations, personal injury, advertising injury and liability assumed under an insured contract, with limits of at least $1,000,000 per occurrence, and $2,000,000 aggregate; (ii) Umbrella Liability of at least $10,000,000 per occurrence and $10,000,000 aggregate; (iii) Third-Party Crime Liability of at least $3,000,000 per occurrence and $3,000,000 aggregate; (iv) Professional Liability/Errors and Omissions Coverage of at least $10,000,000 per occurrence; and (v) Privacy and Network Liability of at least $15,000,000 per claim, and $15,000,000 aggregate, including Data Breach Fund and Regulatory Proceeding. Self-insurance is not acceptable. Such policies shall be underwritten by an insurance carrier authorized to do business in the United States and having a rating of “A-” or better by A.M. Best Company and a Financial Size Category rating of at least Class VIII.
(b) Notices. Any notice, consent, or other communication intended to have legal effect hereunder will be in writing and given personally, sent via overnight delivery requiring signature upon receipt to the relevant Party at the address for such Party indicated on the Order Form (or such other address as provided by that Party in writing), or sent via email to the email address for such Party indicated on the Order Form (or such other email address as provided by that Party in writing). Notices will be deemed given when delivered or refused.
(c) Attribution, Publicity and Marks.
(i) Company may utilize DailyPay’s trademarks and service marks (collectively, the “DailyPay Marks”) that are provided by DailyPay to Company for the sole purpose of promoting the Service to Eligible Employees and hiring candidates. Any such utilization of DailyPay Marks shall be consistent with DailyPay’s style guidelines or requirements as communicated to Company by DailyPay. Company shall not use the DailyPay Marks for any other purpose without the prior written consent of DailyPay. Company acknowledges DailyPay’s sole ownership of and exclusive right, title and interest in and to the use of the DailyPay Marks, and no ownership interest in the DailyPay Marks by Company has been created by this Agreement. All use of DailyPay Marks contemplated by this Agreement shall inure solely to the benefit of DailyPay.
(ii) DailyPay may utilize Company’s trademarks and service marks (collectively, the “Company Marks”) in order to indicate that Company is a customer of DailyPay (1) for the purpose of validating for Users that the Company maintains a contractual relationship with DailyPay pursuant to which DailyPay provides the Service to the Company; and (2) as part of DailyPay’s on and offline sales and marketing materials (including, without limitation, press releases and other public announcements of the launch of the Service with the Company). Any such utilization of Company Marks will be consistent with Company’s style guidelines or requirements as communicated to DailyPay by Company. DailyPay acknowledges Company’s sole ownership of and exclusive right, title and interest in and to the use of the Company Marks, and no ownership interest in the Company Marks by DailyPay has been created by this Agreement.
(iii) The Parties may collaborate on additional marketing efforts (including, without limitation, case studies, events and whitepapers), in which case, a Company Administrator shall be responsible for such collaboration on behalf of the Company.
(d) Relationship of the Parties. The Parties are independent contractors and nothing in this Agreement will be construed as creating a partnership or joint venture of any kind between the parties. Neither Party will have the authority nor power to bind the other Party or represent that it has such right.
(e) Joint and Several Liability. Each of the Company entities identified in this Agreement, including its/their subsidiaries and affiliates, is a Party to this Agreement and is jointly and severally liable for the obligations of Company set forth in this Agreement.
(f) Assignment. Company may not assign this Agreement or delegate any rights or obligations hereunder, directly or indirectly, by Change of Control (as defined below), merger (whether or not the Company is the surviving entity), operation of law or otherwise, without DailyPay’s prior written consent. If Company desires to assign any of its rights, or delegate any of its obligations (any such proposed assignment or delegation, a “Proposed Company Assignment”), then Company shall first provide fourteen (14) days’ prior written notice to DailyPay. After receipt of such notice, DailyPay may, in connection with such Proposed Company Assignment, request an updated Eligibility Questionnaire pursuant to Section 2(a)(xvii)(3), and any such Proposed Company Assignment shall be subject to DailyPay’s prior written consent (not to be unreasonably withheld). Subject to the foregoing, this Agreement will inure to the benefit of and be binding upon the Parties and their respective successors and permitted assigns. DailyPay may freely assign this agreement. Any attempted assignment in violation of this Section 11(f) will be null and void. For purposes hereof, “Change of Control” means any transaction or series of related transactions which results in equityholders which were not equityholders of the Company or any of the Company’s subsidiaries party hereto on the Effective Date owning more than fifty percent (50%) of the outstanding equity of the surviving entity.
(g) Waiver; Amendment. This Agreement may not be modified except by a written instrument signed by both Parties. A Party’s failure to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.
(h) Force Majeure. Nonperformance of either Party will be excused to the extent that performance is rendered impossible by events beyond its reasonable control, provided that the affected Party takes commercially reasonable steps to mitigate the effect of such event.
(i) Titles; Headings; Interpretations. Titles and headings used in this Agreement are intended solely for convenience of reference and do not affect its meaning. If any provision of this Agreement will be held by a court of competent jurisdiction to be contrary to law, the remaining provisions of this Agreement will be unaffected. Except as expressly set forth herein, nothing in this Agreement grants any rights to any entity other than the parties to this Agreement. As used herein, “including” and its derivatives means “including, without limitation,” “may” means “has the right, but not the obligation to,” and “employees” means “employees or independent contractors.”
(j) Entire Agreement. This Agreement, including any exhibits attached hereto, is the entire agreement between the Parties with respect to the Service and supersedes any prior agreements, proposals and understandings about the same subject.
EXHIBIT A
DEFINED TERMS
1. Definitions.
(a) “Business Day” means a day of the year other than a Saturday or a Sunday or any other day on which banks are authorized or required to close in New York, New York or Wilmington, Delaware.
(b) “Business Unit Sale” means any sale or divestment by the Company to a third party of a business unit or part of its business that, at the time of such sale, has Eligible Employees using the Service.
(c) “Company Administrators” means at least two (2) employees of the Company responsible for the administration of the Service for the Company that will have access to all related functions of the Service. Company Administrators shall be required to participate in trainings and webinars by DailyPay to enable them to (A) have knowledge of all related functions of the Service, and the internal systems, tools, policies, and practices in use by the Company and (B) be proficient users of the Service. The initial Company Administrators shall be the individuals listed on the Order Form.
(d) “Company API” means an application program interface owned by or licensed to the Company for the purpose of connecting the Company to the Service.
(e) “Company Restructuring” means any restructuring of the Company’s business organization (including, without limitation, by adding additional divisions or business categories) in a manner that could reasonably be expected to materially affect the Company’s payroll procedures.
(f) “DailyPay User Account” means the unique routing and account number pairing established for each User in connection with this Agreement.
(g) “DDU File(s)” means the direct deposit update files provided by DailyPay to Company from time to time in order to reflect the DailyPay User Account, in the format set forth in the File Specifications.
(h) “Eligible Employees” means all of the Company’s (w) current employees and (x) newly hired employees during the Term, other than any employee of the Company that, in DailyPay’s sole discretion, is not a suitable candidate to use the Service, including, without limitation, (y) any salaried employee that earns an annual salary of more than $200,000 per year or (z) any hourly employee that earns more than $100 per hour.
(i) “Eligibility Questionnaire” means the eligibility questionnaire made available to the Company and located at https://dailypay.tfaforms.net/17?did=.
(j) “File Specifications” means the file specifications distributed to the Company.
(k) “Files” means, collectively, the DDU File(s), the Gross Earnings File(s), the Net Earnings File(s), and the User Roster File.
(l) “Gross Earnings File(s)” means files listing the hours worked for each shift and the gross earnings data for each individual listed in the then-current User Roster File, and, in each case, sourced directly from Company’s systems, in the format set forth in the File Specifications.
(m) “Net Earnings File(s)” means files containing the net and gross pay amounts for each individual listed in the User Roster File in the format set forth in the File Specifications.
(n) “Payroll System Change” means any change to the Company’s payroll, time, or human resource management systems in a manner that could reasonably be expected to materially affect the Company’s payroll procedures.
(o) “Public Company” means (A) a company whose stock is publicly traded on the New York Stock Exchange or the NASDAQ or (B) a company that is subject to the periodic reporting requirements of Section 12(g) or 15(d) of the Securities Exchange Act of 1934, as amended, and the rules and regulations promulgated thereunder.
(p) “Target Launch Date” means the Target Launch Date set forth on the Order Form.
(q) “User Roster File” means a file containing information on Eligible Employees as set forth in the File Specifications.
EXHIBIT B
DATA PROTECTION ADDENDUM
1. Resources to Provide Services. DailyPay shall provide all the facilities, personnel, equipment, communication lines, network equipment and components, bandwidth/connectivity, hardware, software and services necessary to provide the Service on a 24x7x365 basis, except for Scheduled Downtime and any unavailability caused by force majeure events (collectively, the “Service Resources”). As used herein, “Scheduled Downtime” means the downtime required by DailyPay for upgrading or maintaining the Service, provided that such downtime will occur no more frequently than once per week on Sundays between 4 a.m. and 6 a.m. EST and monthly on a Sunday between 12 a.m. and 6 a.m. EST, provided that DailyPay shall provide no less than 24 hours prior written notice of any changes in the downtime schedule. DailyPay shall provide the Service using a primary data center site (the “Primary Site”) as well as a secondary, back-up data center site (the “Back-Up Site”). The Primary Site and Back-Up Site shall (a) have redundant high speed connections to the Internet; and (b) have backup electrical systems, including an uninterruptible power supply and an electrical generator allowing for at least two months of generated power. Data from the Primary Site shall be replicated to the Back-Up Site every evening for disaster recovery purposes.
2. Maintenance and Support
(a) DailyPay shall provide Company, at no additional charge, with all support and maintenance necessary to ensure the Service is Available on a 24x7x365 basis (except for Scheduled Downtime and any unavailability caused by (i) force majeure events or (ii) third-party payment networks) and as more particularly set out in DailyPay’s Product Support Policy.
(b) DailyPay shall make available by telephone and email qualified technicians to respond to Company’s Support requests as set out in the Product Support Policy.
(c) DailyPay shall respond to and resolve Service issues as set out in the Product Support Policy.
3. Service Level Agreements.
(a) Uptime SLA. DailyPay agrees that the Service shall be Available (as defined below) to Company 99% of time during each month (the “Uptime SLA”). As used herein, “Available” means Company is able to access and use the Service, and the Service is not experiencing a Priority Level 1 Issue, in each case, as more particularly set out in the Product Support Policy.
(b) Termination Rights. If (i) the Uptime SLA is not met more than three times during any 12-month period, or (ii) the Service is Available less than 95% of the time during any month, then Company shall have the right to terminate the Agreement.
4. Data Security
(a) Representations and Warranties.
(i) DailyPay represents and warrants to Company that its collection, access, use, storage, processing, disposal and disclosure of Personal Data does and shall at all times comply with all applicable laws, including without limitation all privacy and data protection laws and regulations such as the California Consumer Privacy Act of 2018 (as may be amended from time to time, the “CCPA”) to the extent it applies to the Service. In each case, such laws, regulations and requirements shall govern DailyPay’s processing of Personal Data and apply to the Service (collectively, “Privacy Laws”). DailyPay further represents and warrants that nothing in applicable Privacy Laws prevent it from performing its obligations as described in this Agreement. DailyPay further represents and warrants that any DailyPay subprocessors that process Personal Data are subject to obligations to keep any such data confidential and maintain data security and privacy measures in accordance with industry best practices and applicable Privacy Laws.
(ii) DailyPay represents and warrants that as of the date hereof, it is compliant, and shall ensure at all times during the Term that it will remain compliant, with the Payment Card Industry Data Security Standard requirements (“PCI-DSS”), in each case, to the extent PCI-DSS applies to the Service. Furthermore, DailyPay represents and warrants that as of the date hereof, it maintains, and shall ensure that at all times during the Term that it will continue to maintain, SOC 2 Type 2 and
ISO 27001:2013 certifications and security controls consistent with such certifications.
(b) Security Measures. Without limiting DailyPay’s obligations under the Agreement, DailyPay shall implement administrative, physical and technical safeguards to protect Personal Data that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which Personal Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with Privacy Laws, as well as the terms and conditions of the Agreement. At a minimum, DailyPay’s safeguards for the protection of Personal Data shall include: (i) limiting access of Personal Data to authorized persons; (ii) implementing network, device application, database and platform security; (iii) securing information transmission, storage and disposal; (iv) implementing authentication and access controls within media, applications, operating systems and equipment; (v) encrypting and pseudonymizing Personal Data stored on any DailyPay-supplied mobile media; (vi) encrypting and pseudonymizing Personal Data transmitted over public or wireless networks; (vii) logically segregating Personal Data from information of DailyPay or its other customers so that Personal Data is not commingled with any other customer’s information; (viii) validating security of software and websites through static and dynamic security testing processes; (ix) implementing appropriate personnel security and integrity procedures and practices; (x) providing appropriate privacy and information security training to DailyPay’s employees; (xi) ensuring all software developed by DailyPay is tested for security flaws and meets at a minimum OWASP top 10 security standards; (xii) ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (xiii) ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (xiv) maintaining a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing Personal Data.
(c) Breach Notification. If required by applicable law(s), DailyPay shall notify Company of a Security Breach as soon as practicable in accordance with the timeline(s) prescribed in such applicable law(s). Where possible, the notice to Company shall describe the nature of incident, the number of individuals impacted, the type of records impacted, and any other information that may be relevant. Following DailyPay’s notification to Company of a Security Breach, the parties shall coordinate with each other to investigate the Security Breach. DailyPay shall take all reasonable steps to investigate, mitigate, and remediate any Security Breach and prevent any further Security Breach at DailyPay’s expense in accordance with applicable laws. DailyPay shall provide Company with all such timely information and cooperation as Company may require so that it may fulfil its data breach reporting obligations under (and in accordance with the timescales required by) applicable Privacy Laws. The Parties agree to coordinate in good faith on developing the content of any related public statements. As used herein, “Security Breach” means any unauthorized access to or use, disclosure, alteration, or destruction of Personal Data known to DailyPay that materially compromises the privacy or security of Personal Data.
(d) Regulator Requests. DailyPay shall use commercially reasonable efforts to assist the Company in addressing any communications and abiding by any advice or orders from government authorities relating to the Personal Data within the timeframe specified by the government authorities.
(e) Assistance and Cooperation. If requested and upon reasonable prior written notice from Company, DailyPay shall provide commercially reasonable assistance to Company in completing any privacy impact assessments and/or data protection impact assessment, and any prior consultations with government authorities, that Company considers necessary to comply with applicable Privacy Law. Company shall be responsible for reasonable costs and expenses incurred by DailyPay related to any such assistance. Upon Company’s request, DailyPay shall provide Company all information reasonably necessary to demonstrate compliance with applicable Privacy Laws.
(f) Audit.
(i) Upon Company’s written request DailyPay will provide Company with all information reasonably necessary to demonstrate DailyPay’s compliance with applicable Privacy Laws, including of the measures DailyPay has taken to comply with its obligations under this Agreement. At its own cost, DailyPay will implement any further steps that are reasonably necessary to ensure compliance.
(ii) In addition, upon Company’s written request, DailyPay shall provide Company with the results of any audit performed by or on behalf of DailyPay that assesses the effectiveness of DailyPay’s information security program as relevant to the security and confidentiality of Personal Data shared during the Term of the Agreement.
(iii) Upon Company’s request, DailyPay agrees to provide to Company from DailyPay’s independent auditor, at DailyPay’s expense, a Type 2 SOC 2 report that includes a description of the “system” as well as a written assertion by management issued based on the criteria for a description of a service organization’s system in DC section 200, 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report (AICPA, Description Criteria) in addition to or replacement of any other applicable auditing and attestation standard(s) approved by the AICPA that are in effect during the time period in which the DailyPay’s independent auditor performs work related to the Type 2 SOC 2 report referred to herein (the “Report and Opinion”). DailyPay agrees to provide this Report and Opinion to Company for reasonable assurance that DailyPay’s service commitments and system requirements were achieved based on the trust services criteria relevant to Security, Availability, and Confidentiality (applicable trust services criteria) set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
(g) Return or Deletion of Personal Data. Upon termination of the Agreement, DailyPay shall upon Company’s request either return all Personal Data and copies of such data to Company or delete, and provide a certificate of destruction, (i) unless otherwise required to store such Personal Data (x) pursuant to applicable law or (y) DailyPay’s document retention policy or (ii) such Personal Data is necessary solely for the purpose of DailyPay recouping any amounts owed due to a negative remaining balance in any User’s or former User’s DailyPay Account. If required to store Personal Data pursuant to the preceding sentence, then the DailyPay shall notify Company and continue to safeguard such data in accordance with this Agreement.
CPRA ADDENDUM
Company and DailyPay (“Vendor”) have one or more written contracts, pursuant to which Vendor provides services on behalf of Company (collectively, the “Services”) that involve or may involve the processing of Personal Information of the Company.
The California Privacy Rights Act of 2020, Civil Code Sections 1798.100 et seq. together with any amendments, rules, regulations, and decisions (the “CPRA”) impose specific obligations on the Company as a Business and Vendor as a Service Provider with regard to the processing of Personal Information of Consumers.
This CPRA Service Provider Agreement Addendum (the “CPRA Addendum”) sets forth the data privacy requirements imposed by the CPRA and is incorporated by reference into the Agreement. In the event of a conflict between the terms of this CPRA Addendum and any part of the Agreement, the terms of the CPRA Addendum will apply.
1. Definitions
For purposes of this CPRA Addendum, the following terms are defined as follows:
(a) “Business purpose” means the use of Personal Information for the Company’s operational purposes, or other notified purposes, or for the Service Provider’s operational purposes, that is reasonably necessary and proportionate to achieve the purpose for which the Personal Information was collected or processed or for another purpose that is compatible with the context in which the personal information was collected. Business purposes include:
(i) auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
(ii) ensuring security and integrity to the extent the use of the Consumer’s personal information is reasonably necessary and proportionate for these purposes;
(iii) debugging to identify and repair errors that impair existing intended functionality;
(iv) short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a Consumer’s current interaction with the Company, provided that the Consumer’s personal information is not disclosed to another third party and is not used to build a profile about the Consumer or otherwise alter the Consumer’s experience outside the current interaction with the Company;
(v) performing services on behalf of the Company, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business;
(vi) providing advertising and marketing services, except for cross-context behavioral advertising;
(vii) undertaking internal research for technological development and demonstration; and
(viii) undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the Company.
(b) “Commercial purpose” means to advance a person’s or entity’s commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.
(c) “Consumer” means a natural person who is a California resident as defined under the CPRA including, but not limited to, job applicants, employees and their emergency contacts and beneficiaries, independent contractors, directors, officers, and medical staff.
(d) “Contractor” means a person or entity to whom the Company makes available a Consumer’s Personal Information for a business purpose, pursuant to a written agreement with the business, provided that the agreement complies with the CPRA.
(e) “Cross-context behavioral advertising” means the targeting of advertising to a Consumer based on the Consumer’s personal information obtained from the Consumer’s activity across businesses, distinctly- branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the Consumer intentionally interacts.
(f) “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household received by Vendor in connection with the Services including, but not limited to, the examples of Personal Information identified in the CPRA.
(g) “Personal Information Breach” means any breach of security leading to the unauthorized access and exfiltration, theft, or disclosure of nonencrypted or nonredacted Personal Information resulting from the failure to implement and maintain reasonable security procedures and practices as set forth in the CPRA.
(h) “Reasonable Security Procedures and Practices” means security measures appropriate to the nature of the Personal Information that are implemented and maintained to prevent the unauthorized access and exfiltration, theft, or disclosure of nonencrypted or nonredacted Personal Information and which comply with the applicable Center for Internet Security (“CIS”) Controls.
(i) “Sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Information by the Vendor to a third party for monetary or other valuable consideration.
(j) “Sensitive Personal Information” means and includes:
(i) Personal information that reveals a Consumer’s:
(1) social security, driver’s license, state identification card, or passport number;
(2) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
(3) precise geolocation;
(4) racial or ethnic origin;
(5) religious or philosophical beliefs;
(6) union membership; or
(7) genetic data.
(ii) The contents of a Consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
(iii) The processing of biometric information for the purpose of uniquely identifying a Consumer;
(iv) Personal information collected and analyzed concerning a Consumer’s health, sex life, or sexual orientation.
(k) “Service Provider” means an entity that collects, processes, or maintains information on behalf of the Company and to which the Company discloses a Consumer’s Personal Information for a business purpose pursuant to a written agreement as set forth in the CPRA.
(l) “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Information by the Company to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
2. Service Provider Relationship.
The Company and Vendor agree that Vendor is acting as a Service Provider to provide Services to Company for the business purposes set forth in the Agreement. The Company may direct Vendor to collect Personal Information directly from a Consumer on the Company’s behalf. In such event, Vendor shall be deemed a Service Provider under this CPRA Addendum and the CPRA.
3. Obligations of Vendor
(a) Vendor shall comply with all applicable sections of the CPRA including providing the same level of privacy protection as required by the Company including implementing reasonable security procedures and practices appropriate to the nature of the personal information received from, or on behalf of, the business to protect the personal information from unauthorized or illegal access, destruction, use, modification, or disclosure in accordance with the CPRA, the California data breach notification law, and other applicable laws.
(b) Vendor shall notify the Company immediately upon becoming aware of a Personal Information Breach involving the Personal Information.
(c) Vendor shall grant the Company the right to take reasonable and appropriate steps to ensure that Vendor uses the Personal Information that it received from, or on behalf of, the Company in a manner consistent with the Company’s obligations under the CPRA. Reasonable and appropriate steps may include ongoing manual reviews and automated scans of Vendor’s system and regular assessments, audits, or other technical and operational testing at least once every twelve (12) months.
(d) Vendor shall assist the Company in responding to any Consumer request involving Personal Information held by Vendor. If Vendor receives a request to know, to delete, or to correct from a Consumer regarding the Personal Information, Vendor shall:
(i) notify the Company; or
(ii) act on behalf of the Company in accordance with statutory requirements for responding to the request.
The Company will inform Vendor of any Consumer request made pursuant to the CPRA that it must comply with and provide the information necessary to Vendor so that Vendor can comply with the request.
(e) Vendor, as a Service Provider, agrees that it will not retain, use, disclose, sell or share the Personal Information obtained in the course of providing services to the Company (i) outside the direct business relationship between the service provider, (ii) for commercial purposes, or (iii) for any other reason except:
(i) To process or maintain personal information on behalf of the Company that provided the personal information or directly authorized Vendor to collect the Personal Information;
(ii) For the specific business purposes and services set forth in, and in compliance with the written agreement for Services;
(iii) To retain and employ another Service Provider or Contractor as a subcontractor, where the subcontractor meets the requirements for a Service Provider or Contractor under the CPRA and these regulations;
(iv) For internal use by Vendor to build or improve the quality of its services, provided that Vendor use does not use the personal information to perform services on behalf of another person include building or modifying household or Consumer profiles to use in providing services to another business, or correcting or augmenting data acquired from another source;
(v) To detect data security incidents or protect against malicious, deceptive, fraudulent or illegal activity;
(vi) To comply with federal, state, or local laws;
(vii) To comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
(viii) To cooperate with law enforcement agencies concerning conduct or activity that the Company and Vendor reasonably and in good faith believes may violate federal, state, or local law;
(ix) To exercise or defend legal claims;
(x) To collect, use, retain, sell, or disclose Consumer information that is deidentified or in the aggregate Consumer information; or
(xi) To collect or sell a Consumer’s Personal Information if every aspect of that commercial conduct takes place wholly outside of California. For purposes of this section, commercial conduct takes place wholly outside of California if the Company collected that Personal Information while the Consumer was outside of California, no part of the sale of the Consumer’s Personal Information occurred in California, and no Personal Information collected while the Consumer was in California is sold. This paragraph shall not permit a Vendor to store, including on a device, Personal Information about a Consumer when the Consumer is in California for the purpose of later accessing that Personal Information when the Consumer and stored personal information is outside of California.
Vendor hereby certifies that it understands the restrictions set forth in (e) above.
(f) Vendor shall not engage in cross-contextual behavioral advertising by combining the personal information of Consumers who have opted-out of the sale/sharing that the Vendor receives from the Company with Personal Information that Vendor receives from, or on behalf of, another person or from its own interaction with Consumers.
(g) If Vendor subcontracts with another person or entity in providing services to the Company, Vendor shall have an agreement with the subcontractor that complies with the CPRA.
(h) Vendor shall notify the Company no later than three (3) business days after it makes a determination that it can no longer meet its obligations under the CPRA.
4. Deletion.
Upon Company’s written request, and subject to and in accordance with all applicable laws, Vendor, as a Service Provider, agrees to promptly delete any and all Personal Information.
5. Termination.
The Company shall have the right to terminate the Agreement and/or CPRA Addendum in the event that Vendor is or becomes non-compliant with this CPRA Addendum or the CPRA regarding the Personal Information.
EXHIBIT C
DailyPay Cycle Payment Addendum
1. Incorporating the Terms.
For purposes here of:
(a) references in the Terms to the “Service” shall include the Cycle Payment feature of the Service and any other portion of the Service that is required in order for DailyPay to provide, or Company to access and use the Cycle Payment feature of the Service;
(b) references in the Terms to “Agreement” shall include this Addendum together with the Terms, as supplemented and modified by the provisions of this Addendum; and
(c) the Technology Charge under this Addendum shall constitute a “Company Fee” under the Terms.
2. Definitions.
The following capitalized terms used in this Addendum have the meanings provided below.
“Cycle Payment” means a payment made to an employee by DailyPay on behalf of Company, for amounts owed to the employee, including, for example, pay termination payments, bonus or other incentive payments, and travel and entertainment expenses, in exchange for all right, title, and interest to such amounts owed to the employee, which is referred to herein as the “Cycle Amount”.
“Cycle Amount Payment” means payment of the full amount of each Cycle Amount equal to the corresponding Cycle Payment made by DailyPay to an employee of Company, plus the corresponding Technology Charge.
“Technology Charge” is defined in Section 7 of this Addendum.
Other capitalized terms used but not defined in this Addendum have the meanings provided in the Agreement.
3. Cycle Payment Feature.
DailyPay grants Company a non-exclusive, non-transferable, non-sublicensable, limited license during the Term to access and use the Cycle Payment feature of the Service as provided in the Terms and this Addendum to facilitate DailyPay making Cycle Payments to its employees. Section 7 of the Terms applies to this Addendum. Without limiting the preceding sentence, DailyPay makes the Service available to Company under this Addendum on an “AS IS” basis.
4. Cycle Payment Instructions.
Company will forward instructions to DailyPay to make Cycle Payments to employees. Company will include any information needed by DailyPay to execute payment instructions, including (i) identifying the employee receiving a Cycle Payment, (ii) the amount of the Cycle Payment, (iii) Cycle Payment disbursement date and (iv) the employee’s bank account or pay card information for crediting the Cycle Payment. The Company may, at its sole election, direct DailyPay to make a Cycle Payment to an employee’s DailyPay User Account (such election, a “DPA Opt-In”). Company is responsible for calculating any applicable withholding, payroll taxes and other deductions to local, state and federal tax authorities and other persons; creating and providing any required paystub to employees; and ensuring that any information provided to DailyPay related to Cycle Payments is accurate and complete. DailyPay will not be liable for any Cycle Payment made to an employee of Company that is consistent with payment instructions.
5. Cycle Payment Funding.
DailyPay will use its own funds to make Cycle Payments to employees of Company. DailyPay will provide Company notice of each Cycle Payment made to employees of Company, and Company will pay DailyPay the corresponding Cycle Amount Payment at its election either by (a) wire transfer or automated clearing house (ACH) to the bank account designated by DailyPay, within seven (7) business days of Company’s receipt of such notice; or (b) authorizing DailyPay to initiate debit entries to Company’s designated bank account beginning the day after receipt of such notice. Overdue Cycle Amount Payments shall accrue interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, if less, from the date such Cycle Amount Payment was due until the date paid.
6. Additional Responsibilities.
(a) Additional Company Responsibilities. In addition to its applicable responsibilities under Section 2(a) of the Terms with respect to the Cycle Payments, Company shall have the following responsibilities with respect to the Cycle Payments:
(i) Required Tax Deposits. Company will make all required tax deposits of withheld federal and state income taxes and the employer and employee share of Social Security and Medicare taxes with respect to each Cycle Payment not later than the first business day following the payment date of such Cycle Payment. Company will use reasonable methods to ensure compliance with this requirement, which may include Company making on or about the first day of any quarter, or carrying over from the preceding quarter, excess federal tax deposits in an amount not less than the projected federal income tax withholding and employer and employee share of Social Security and Medicare taxes attributable to the projected Cycle Payments for that quarter.
(ii) Notice and Information. If any taxing authority notifies Company of tax underwithholding with respect to a Cycle Payment, or that the required deposit or payment of such withholding taxes was not paid to the applicable federal, state, local or other government (or applicable depository) by the applicable deadline, Company will promptly notify DailyPay, of such notice. Company will also notify DailyPay promptly after Company pays such underwithheld taxes, or short or late deposits, and any resulting interest, penalties and other costs. Upon DailyPay’s request, Company will promptly give DailyPay such information as reasonably required by DailyPay to show Company’s compliance with this Section 6(a).
(iii) Sole Responsibility for Tax Underwithholding. If any taxing authority determines that the taxes withheld from any Cycle Payment were less than the required amount, Company will have sole responsibility to pay the underwithheld amount and any resulting interest, penalties and other costs.
(iv) Sole Responsibility for Deposits and other Tax Payments. If any taxing authority determines that the applicable withholding taxes for any Cycle Payment were not deposited or paid to the applicable federal, state, local or other government, or applicable depository, by the applicable deadline, Company will have sole responsibility to make any additional required payments or deposits, and to pay any interest, penalties and other costs arising from the failure to make timely deposits.
(v) Sole Responsibility for Information Returns. If any taxing authority determines that the Form W-2, the Form 1099 or other required information return is incorrect with respect to a Cycle Payment, Company will have sole responsibility to correct such information return and pay any resulting fines, penalties and other costs.
(vi) Further Assurances. Company will cooperate with DailyPay to obtain employee consent and instructions to receive Cycle Payments.
(b) Additional DailyPay Responsibilities. In addition to its applicable responsibilities under Section 2(b) of the Terms with respect to the Cycle Payments, DailyPay will timely confirm to Company that each Cycle Payment was made on the date instructed by the Company, to the account and in the amount instructed by the Company.
7. Technology Charge.
Company will pay the technology charge set forth on Attachment 1 to DailyPay to facilitate payment of each Cycle Payment through the Service to an employee (“Technology Charge”); provided that Company will not be responsible for paying any Technology Charges solely with respect to Cycle Payments made to employees pursuant to the DPA Opt-In. Company will pay the Technology Charge at the same time it pays the corresponding Cycle Amount Payment or at another time mutually agreed upon by Company and DailyPay.
8. Cycle Payment Disputes.
Company will solely be responsible for addressing any employee dispute relating to any Cycle Amount, including a dispute about the amount the Cycle Amount. DailyPay will not be responsible for correcting any erroneous payment instructions forwarded by Company, including not being required to debit from employee’s bank accounts any erroneous payment.
9. Incomplete Cycle Payment.
Company must forward complete and accurate payment instructions and information for DailyPay to initiate any Cycle Payment. DailyPay is not required to make any Cycle Payment it believes would violate applicable law, is based on incomplete or inaccurate instructions or information, or presents safety, soundness or reputational concerns.
10. Indemnification.
In addition to its indemnification obligations under Section 8(b) of the Terms, Company will indemnify, defend and hold harmless DailyPay, DailyPay and their respective officers, directors and employees from and against any third party (including any employee of Company or any taxing or other governmental authority) claim, action or demand, and all associated losses, liabilities, damages, costs and expenses (including reasonable legal fees and disbursements and costs and expenses of investigation and litigation, and costs of settlement, judgment, interest and penalties), arising out of or related to Company’s failure to perform any of its deposit, payment or other obligations set forth in Section 6(a) of this Addendum in a full and timely manner. The aforesaid obligations of Company shall be deemed to be indemnification obligations of Company under Section 8 of the Terms for, without limitation, the procedural requirements set forth in Section 8(c) of the Terms, the exception set forth in the lead-in to the limitations on liability in the first sentence of Section 9 of the Terms, and the survival provision set forth in clause (vi) of Section 6(d) of the Terms.
11. Term and Termination.
(a) As part of the Agreement, the term of this Addendum will be co-terminous with the “Term” of the Agreement. The term of this Addendum will renew, expire and terminate at the same time that the Term of the Agreement renews, expires or is terminated, without the need for any notice or action of either DailyPay or Company.
(b) Without limiting the termination rights of DailyPay and Company set forth in Section 6(b) of the Terms, DailyPay may terminate this Addendum without an opportunity for Company to cure if Company fails to make in a timely manner any of the deposits or payments to be made by Company pursuant to Section 6(a) of this Addendum two or more times in any rolling twelve (12) month period.
(c) Section 6(d) of the Terms will apply to the expiration or any termination of this Addendum and, without limiting the provisions of clause (vi) of Section 6(d) of the Terms, Company’s deposit, payment and other obligations under Section 6(a) of this Addendum will survive the expiration or termination of this Addendum.
Technology Charge
Method of Payment of Cycle Amount Payment | Technology Charge For Each Cycle Amount Payment |
Wire transfer or automated clearing house (ACH) by Company to DailyPay pursuant to Section 5(a) of the Addendum | $10 |
Debit of Company’s designated bank account by DailyPay beginning the day after receipt of a notice from DailyPay pursuant to Section 5(b) of the Addendum | $5 |
DPA Opt-In | $0 |