Terms and Conditions for Kroll Compliance Portal Access (Subject)

Kroll has been retained by its client (“Client”) to assist with the collection and review of certain information in connection with Client’s third party due diligence program (the “Purpose”).  Client’s use of the online portal services (the “Kroll Compliance Portal”) is subject to the following terms and conditions (“Agreement”) and our Privacy Policy:

  1.  Access. Client will be responsible for obtaining the necessary internet connectivity required to access the Kroll Compliance Portal.
  2. Kroll Compliance Portal.  The Kroll Compliance Portal is made available to Client for the purpose of assisting Client with the management of its vendors, partners and other third parties (each, a “Subject”) in connection with the Purpose.  Use of the Kroll Compliance Portal by a Subject shall be governed by a separate written agreement between Kroll and each such Subject.  In the event Client discloses to Kroll any information and/or documentation, Client represents and warrants that it has the necessary license, authority, permission and/or consent to do so. Client agrees that Kroll shall have no liability to Client for the non-performance of any services arising from a Subject’s inability or unwillingness to use the Kroll Compliance Portal, or otherwise provide the requested information and/or documentation.  Moreover, Kroll shall not be required to accept information from a Subject, nor provide any related services to Client, if such information is not provided via the Kroll Compliance Portal.  Notwithstanding anything to the contrary in the Agreement or any other agreement that governs the relationship between Kroll and Client, Client acknowledges and agrees that the Kroll Compliance Portal is built on a platform/system provided by a third party and that the use of this third party and the provision of any information or documentation thereto in furtherance of the services provided by Kroll is hereby permitted.  
  3. Security.  Client agrees that it will: (a) not share usernames and/or passwords; (b) restrict access to the Kroll Compliance Portal to those employees who have a legitimate business need and who have received training on the use of the Kroll Compliance Portal; (c) inform its employees with access to the Kroll Compliance Portal of Client’s obligations hereunder; (d) ensure that the Kroll Compliance Portal is only used for the Purpose permitted under Section 2 above; (e) take commercially reasonable measures to prevent unauthorized use of the Kroll Compliance Portal, which measures shall include i) restricting access to usernames and passwords; ii) changing passwords on a routine basis (or sooner if an authorized user departs Client’s organization or if Client suspects an unauthorized person has learned the password); and iii) using all security features made available by Kroll relative to Kroll Compliance Portal access; and, (f) take and maintain commercially reasonable and appropriate technical, physical, administrative and other organizational precautions, safeguards and security measures to protect against unauthorized access to and/or misuse of the Kroll Compliance Portal. Each username and password may only be used by the user to which such user name and password was initially assigned and may not be shared, unless otherwise agreed in writing by Kroll.  Client shall promptly notify Kroll in writing if Client suspects or knows of any unauthorized access to the Kroll Compliance Portal. Kroll may without liability or penalty suspend provision of the Kroll Compliance Portal and/or terminate the master terms and conditions or such other agreement that governs the relationship between Client and Kroll, and any exhibit, at any time Kroll reasonably believes Client has violated this Section.  Kroll will provide written notice of any such suspension and/or termination.  
  4. Account Administration.  Client shall provide to Kroll the name of a designated individual(s) who will be responsible for the administration and control of Client’s account. The designated individual(s) shall identify and authorize Client’s account users and their respective access privileges, and promptly notify Kroll if any user names and/or passwords become invalid, inactive or compromised in any manner. Client accepts responsibility for any acts or omissions of any person that accesses the Kroll Compliance Portal through any usernames and/or passwords associated with Client’s account. 
  5. Restrictions.  Client shall use the Kroll Compliance Portal solely as an end user, and shall not (i) modify, copy or create derivative works based on the Kroll Compliance Portal or any associated technology; (ii)  create internet “links” to or from the Kroll Compliance Portal, or “frame” or “mirror” any content forming part of the Kroll Compliance Portal; (iii) resell, sublicense, disassemble, reverse engineer or decompile the Kroll Compliance Portal or related technology, or access it in order to (A) build a competitive product or service; (B) build a product or service using similar ideas, feature, functions or graphics of the Kroll Compliance Portal; or, (C) copy any ideas, features, functions or graphics of the Kroll Compliance Portal; (iv) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Kroll Compliance Portal available to any third party (other than Client’s designated Subjects); (v) send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or that violates third party privacy rights; (vi) knowingly or intentionally send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (vii) knowingly or intentionally interfere with or disrupt the integrity or performance of the Kroll Compliance Portal or the data contained therein; or (viii) knowingly or intentionally attempt to gain unauthorized access to the Kroll Compliance Portal or its related systems or networks.  Client shall hold harmless and indemnify Kroll from and against any and all claims, damages and costs (including reasonable attorneys’ fees and disbursements) arising out of Client’s breach of its obligations under this Agreement.
  6. Right to Use License.  Client is granted hereunder a non-exclusive, non-transferable, non-sub licensable, worldwide right to access and use the Kroll Compliance Portal only as permitted herein.  Client is not permitted to transfer, resale, redistribute, relicense or otherwise use the Kroll Compliance Portal in any way that is inconsistent with this limited use license.
  7. Data Protection.  To the extent applicable and in the event not previously agreed by Client in its services agreement with Kroll, Client shall comply with relevant national, international, state and/or regional data protection legislation or regulations, including with respect to information disclosed in connection with the services that is personal data (as defined under the relevant legislation or regulation) including that it has obtained all necessary consents or permissions from and/or made all legally required notifications to any individual data subject whose personal data are disclosed through the Kroll Compliance Portal.