This Privacy Policy describes how your personal information may be collected, used, stored and shared when you visit or make a purchase from Creditcrb.com (the “Site”).

Throughout the site, the terms “we”, “us” and “our” refer to Legal Analysis LLC d/b/a Credit CRB/and or as Creditcrb.com and or as CreditandInvestments, herein after also known as “Credit”. “Credit” Shoppe™ offers this website, including all information, tools and services available from this site to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here.

By visiting our site and/ or purchasing something from us, you engage in our “Service” and agree to be bound by the following terms and conditions (“Terms of Service”, “Terms”), including those additional terms and conditions and policies referenced herein and/or available by hyperlink. These Terms of Service apply to all users of the site, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content.

Please read these Terms of Service carefully before accessing or using our website. By accessing or using any part of the site, you agree to be bound by these Terms of Service. If you do not agree to all the terms and conditions of this agreement, then you may not access the website or use any services. If these Terms of Service are considered an offer, acceptance is expressly limited to these Terms of Service.

Any new features or tools which are added to the current store shall also be subject to the Terms of Service. You can review the most current version of the Terms of Service at any time on this page. We reserve the right to update, change or replace any part of these Terms of Service by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes. Your continued use of or access to the website following the posting of any changes constitutes acceptance of those changes.

Our store is hosted on Woo-Commerce Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Personal information we collect 
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.

We collect Device Information using the following technologies:

• “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
• “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
• “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number. We refer to this information as “Order Information”.

How do we use your personal information? 
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:

• Communicate with you
• Screen our orders for potential risk or fraud
• When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

We use Facebook Ads, Google Ads, Instagram, YouTube, Bing Ads, and Tik Tok Ads to reach potential customers.

Sharing you personal Information 
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use BigCommerce to power our online store–you can read more about how BigCommerce uses your Personal Information here: https://www.Woocommerce.com/privacy/. We also use Google Analytics to help us understand how our customers use the Site — you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful requests for information we receive, or to otherwise protect our rights.

Behavioral advertising 
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt-out of targeted advertising by using the link below:

Visit the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

“Credit” partners with these advertising companies to place our advertising on publisher websites on the Internet. These advertising companies collect anonymous information about your visits to our web site. This technology involves the use of third party cookies that allow them to develop personalized advertising so that it directly relates to offers that may be of interest to you. You may choose to opt-out of this service we have with our third-party advertising partner using the links listed above. We may also use “Credit” cookies to provide similar enhanced online marketing to you based on your interests and preferences. You may also choose to opt out of these enhanced online marketing ads.

Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and your choices regarding having information used by DAA companies at www.aboutads.info.

Opting out from one or more companies listed on the DAA Consumer Choice Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Services or on other websites or applications. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out, your opt out may not be effective.

Please note you must separately opt out in each browser and on each device.

Cookies, web beacons, & how we use them
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

A “web beacon” or “pixel tag” or “clear gif” is typically a one-pixel image, used to pass information from your computer or mobile device to a website.

We and our service providers use cookies and other tracking mechanisms to track personal information about your use of our Services. We or our service providers may combine this personal information with other information, including other personal information, that we collect about you.

We work with third parties that collect information across various channels, including offline and online, for purposes of delivering more relevant advertising to you. These third parties may place or recognize a cookie on your computer, device, or directly in our emails/communications, and we may share personal information with them if you have submitted such information to us, such as your name, postal address, email address, or device ID.

These third parties also may link the nonpersonal information we share with them to the cookie stored on your browser or device, and they may collect information such as your IP address, browser or operating system type and version, and demographic or inferred-interest information. They use this information to recognize you across different channels and platforms over time for advertising, analytics, attribution, and reporting purposes. For example, we or our service providers may place or recognize a cookie on your computer to help us remind you if you have items saved to your cart and you leave our site without completing a transaction.

Opting out of cookies
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. You may also set your browser to send a Do Not Track (DNT) signal. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org and https://allaboutdnt.com/.  We commit to user privacy by honoring “Do Not Track” signals received from web browsers.

Many of the third-party advertising and other tracking services listed above offer you the opportunity to opt-out of their tracking systems. You can read more about the information they collect and how to opt-out through the privacy policy links listed above.

You may also control your online behavioral advertising preferences and opt-out from having your data processed by certain marketing companies by visiting http://www.youronlinechoices.com/ and http://optout.aboutads.info/. Please note that managing these preferences will not turn off internet advertisements in general. You will receive the same number of advertisements, but it will be less reflective of your interests, based on your web browsing habits.

We’ll only store your preferences in this browser. Because some companies may not connect information about this browser with other web browsers or devices you may use (such as a web browser on another computer you may use, or one on a mobile device), you need to update your preferences by accessing our Cookie consent management tool above to set your preferences separately for other browsers or devices you may use.

List of cookies we may collect
The table below lists the cookies we may collect and the information they store, and may add more as time goes on and as we expand.

Name	Function
_ab	Used in connection with access to admin.
_secure_session_id	Used in connection with navigation through a storefront.
Cart	Used in connection with shopping cart.
cart_currency	Used in connection with shopping cart.
cart_sig	Used in connection with checkout.
cart_ts	Used in connection with checkout.
cart_ver	Used in connection with shopping cart.
checkout	Used in connection with checkout.
checkout_token	Used in connection with checkout.
cookietest	Used in connection with navigation through a storefront.
master_device_id	Used in connection with merchant login.
previous_checkout_token	Used in connection with checkout.
dynamic_checkout_shown_on_cart	Used in connection with checkout.
previous_step	Used in connection with checkout.
remember_me	Used in connection with checkout.
Secure_customer_sig	Used in connection with customer login.
storefront_digest	Used in connection with customer login.
_storefront_u	Used to facilitate updating customer account information.
_tracking_consent	Tracking preferences.
tracked_start_checkout	Used in connection with checkout.
keep_alive	Used in connection with buyer localization.

Advertising Cookies

Third Party	Description	Privacy Policy
Bing Ads	We use Bing Ads to deliver targeted advertisements to individuals who visit our websites.	https://privacy.microsoft.com/en-ca/privacystatement
Facebook Custom Audiences	We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites.	https://www.facebook.com/policy.php
Google	We use Google Ads to deliver targeted advertisements to individuals who visit our websites.	https://policies.google.com/privacy

Do not track 
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

Your rights 
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

Data retention 
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.

Changes 
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Minors 
The Site is not intended for individuals under the age of 13.

Text Marketing Notifications
By subscribing to The Impulse Shoppe™ text notifications, you agree to receive automated marketing text messages from us about our products and services at the phone number you provided when you subscribed, and that the messages may be sent via automatic telephone dialing system or other technology. Message frequency is recurring. Consent is not a condition of purchase. Message and data rates may apply. Reply STOP, END, CANCEL, UNSUBSCRIBE or QUIT to opt-out and HELP for customer support. You may receive an additional text message confirming your decision to opt out. You understand and agree that attempting to opt-out by any means other than texting the opt-out commands above is not a reasonable means of opting out.

Acceptance
By using this website, you accept the policies set forth in this Privacy Policy.

Contact us 
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email atoffice@creditcrb.com or by calling 855-291-7557.

“Credit”

All participants in this website, in any capacity, including Users, Affiliates (Eligible Commissionable Sales Lead Providers), and Venders (Lead Buyers), and “Company” shall be transparently informed of these Federal required disclosures. Some purchases may result in commissions to affiliates. Users and Buyers are subject to the agreements as transparent and displayed upon purchase. Any outside contractor, of any sort, must have their own independent agreement with creditandinvestment.com to participate in our lead program or affiliate prograsm

Contents

• Definitions
• Registration and Your Account/Duties and Understandings
• Privacy
• Confidentiality
• Term and Termination
• Exhibit B: DPRA

1. Definitions
   1. Us/we/Company/Advertiser – Legal Analysis LLC AKA Company/CreditandInvestment/Us/We) that elects to participate in the Network, as specified in the applicable Program Details.
   2. Affiliates – A company or individual entity that participates in the Network to earn compensation for Qualifying Transactions.
   3. Agent – (AKA sub-affiliate, sub-publisher, distribution partner) or other similar third-party relationship through which an Affiliate participates in a Program. Agents are subject to Company’s prior written approval in accordance with Section III.C.
   4. Applicable Law – All national, state, and local (1) laws, ordinances, regulations, and codes and (2) orders, requirements, directives, decrees, decisions, judgments, interpretive letters, guidance and other official releases of any regulatory authority that apply to you or the performance of your obligations hereunder.
   5. Company Data –shall have the same meaning as provided in the Company Data Protection Requirements Addendum, attached hereto as Exhibit B. 
   6. Buy API Program – an approved Company program that permits Affiliates who have entered into an agreement with Company, or an Company approved third party, to display products or services that are listed on an Advertiser’s digital property on a digital property that is owned and operated by the Affiliate and allow end users to purchase such products or services through Company’s API.
   7. Gross Merchandise Bought (“GMB”) – The total purchase price paid by a buyer for a Qualifying Transaction, excluding any shipping fees and taxes.
   8. Link – A hyperlink embedded in a Promotional Method that allows an end user to click to Participating Sites and Content.
   9. Participating Sites and Content – Any Advertiser website or content that is promoted by Affiliates, as described in the applicable Program Details.
   10. Program – A performance-based marketing program to promote Participating Sites and Content as set forth in the applicable Program Details.
   11. Promotional Content – Buttons, banners, widgets, text, Software Applications and other creative content that are used by Affiliates to promote Participating Sites and Content.
   12. Promotional Method – The methods by which Affiliates promote Participating Sites and Content, which may include Promotional Content.
   13. Promotional Tools – Tools or API platforms that may be provided by Company or a third party that Affiliates may use to create their own Promotional Content.
   14. Qualifying Transaction – An activity by an end user (such as a purchase or app download) that qualifies the Affiliate to receive compensation, as described in the Program Details.    
   15. Software Application – A software application developed by an Affiliate to be used in a Promotional Method.
   16. Tracking Code – A tracking code provided by Company that is embedded in Promotional Methods to track the Qualifying Transactions.
   17. Venders – are Lead Buyers who pay for the lead, after it closes, and after they collect the monies.

2. Registration and Your Account/and Duties and Understandings.
3. Account Security. You are responsible for all activity on your Network account and for loss, theft or unauthorized disclosure of your password (other than as a result of Company’s gross negligence or willful misconduct or omission). You must provide Company with prompt written notification of any known or suspected unauthorized use of your account or breach of the security of your account. Privacy and Data.

2. User Information Received from Company. In connection with your participation in the Network and the Programs, Company may make available certain information that relates to an Company or Company user, browser or device (“Company User Data”). Company User Data is Company’s Confidential Information. You may not use Company User Data other than for the purpose for which it was provided to you, and under no circumstances to create or augment audience profiles.
3. Affiliate’s Compliance with Relevant Privacy Regulations.
   1. You must maintain and post a privacy notice in your websites or applications that complies with all Applicable Laws, including full and accurate disclosure of:
      1. your collection, use and disclosure of visitor information,
      2. your use of third-party technology, including Company’s tracking technology,
      3. your use of cookies and options for discontinuing use of such cookies.
4. DPRA Requirements. By participating in the Network, you agree to comply with the terms of the DPRA.
5. Use of Company Data. You acknowledge and agree that you will only use Company Data for the sole purpose of participating in a Program and as otherwise directed or approved by Company in writing.  For the avoidance of doubt, you acknowledge and agree that you have no ownership of, or right to use, sell, rent lease, copy, access, combine, reproduce, display, perform, modify, transfer, or disclose Company Data, or any derivative works thereof, except as expressly provided in this Agreement or as otherwise agreed to by Company in writing.  Additionally, you agree not to disclose any Company Data to any third parties, except as indicated in this Agreement or as otherwise agreed to by Company in writing. 

2. Right to Audit. Company and its service providers have the right to audit your or your Agent’s sites or activities in relation to your and your Agent’s participation in the Network and the Programs. You shall not block or otherwise interfere with such audit, and Company and its service providers may use technical means to overcome any methods you may use to block or interfere with such audit. To the extent not prohibited by Applicable Law, audits may include requests for documents and server logs, and visits to your facilities and those of your Agents. Your failure to reasonably comply with Company’s efforts to audit your or your Agents’ compliance with this Agreement shall constitute a material breach of this Agreement. If Applicable Law does not allow you to share server logs with Company, you must provide Company with other proper proof of traffic that you sent to Participating Sites and Content.
3. Remedy for Breach. If Company in its sole discretion believes that you or your Agents have breached this Agreement or that you or your Agents have engaged in fraudulent activity, it may take any and all steps it deems appropriate.
4. Suspension. – If Company suspends your account from the Network or a Program, you will no longer get paid for any future activity. You are required to immediately remove all Promotional Methods. Company in its sole discretion may reinstate your account in the event you have taken all necessary remedial actions to Company’s satisfaction.

1. Confidentiality. In connection with your participation in the Network and the Programs you may be provided with data and information that is confidential and proprietary to Company or the Advertiser(s), as is designated by the disclosing party or that is reasonably understood to be proprietary or confidential (“Confidential Information”). Confidential Information does not include information: (a) that is or becomes publicly available through no act or omission of the receiving party; (b) disclosed to the receiving party by a third party not bound by any confidentiality obligation with respect to such information; (c) developed by the receiving party independent of the disclosing party’s Confidential Information; or (d) that is in the possession of the receiving party and not subject to any duty of confidentiality as of the date you accept the terms of this Agreement. You agree to use the same degree of care, but no less than a reasonable degree of care, to maintain the confidentiality of and to protect any proprietary interests of Company or the affiliate. You may deliver a copy of such Confidential Information (i) pursuant to a subpoena issued by any court or administrative agency, (ii) to your accountants, attorneys or other agents (“Representatives”) solely on a need-to-know basis in connection with the performance of your obligations or rights under this Agreement and the applicable Program Details; provided that (x) you are responsible for the compliance of your Representatives hereunder and (y) such Representatives shall be subject to a written confidentiality agreement or otherwise subject to fiduciary obligations of confidentiality covering the confidential treatment of Confidential Information, with confidentiality restrictions no less protective than those provided in this Agreement and (iii) otherwise as required by Applicable Law, upon written notification to Company. Upon termination of this Agreement or your participation in a Program, you must destroy or return any Confidential Information provided to you under this Agreement and, if requested by Company, provide a certification of destruction.
2. Term and Termination.
3. Terms and assignments are outlined in independent agreements.

Social Media. You may use Links on social media sites that allow posting of affiliate marketing links. It is permitted to use URL shortening services offered by Bitly (Bit.ly), Google (Goo.gl and FDL), Hootsuite (Ow.ly), Buffer (Buff.ly) and Geniuslink (geni.us) to promote through your social media accounts.

1. Disclosure about Relationship with Company. Note that the Federal Trade Commission requires disclosure of any material connection or relationship when you endorse or promote a product or service to your readers, unless the connection is already clear from the context of the communication containing the endorsement/promotion. Affiliate links can be considered such a material connection. If the connection is not already clear from the context of the communication containing the endorsement/promotion of a product or service, then you must insert a statement such as the below on your website. “When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the Company Partner Network.” Additionally, any posts on your social media channels (including, but not limited to Facebook, Twitter, and Instagram) must include #ad, #advertisement, #sponsored, or something similar at the beginning of the post to clearly and conspicuously disclose the material connection (unless the connection is already clear).   
2. Unacceptable Placements.
   1. Your Promotional Methods may not incorporate any topics that Company in its sole discretion considers to fall in any of the following categories:
      1. sexually explicit materials
      2. violence/illegal goods, services or activities
      3. discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age
      4. libel or defamation
      5. content that is aimed at children specifically, content that otherwise is misleading, obscene or hate-oriented

Exhibit B: Data Protection Requirements Addendum

DPRA Requirements

 By participating in the Network, you (as defined in the Company Partner Network Agreement, to which this is attached) agree to comply with the terms of this DPRA, as the same may be updated from time to time.

1. Purpose and Scope:

This Data Protection Requirements Addendum (the “DPRA”) reflects your commitment to abide by Applicable Law concerning the Processing of the eBay Data (defined below). This DPRA prescribes the minimum data protection and information security standards that you, your agents and assigns must meet and maintain in order to protect Company Data from unauthorized use, access, disclosure, theft, manipulation, reproduction, a Security Breach (defined below) or otherwise during the term of the Company Network Agreement (“Terms”) and for any period thereafter during which you, your agents, or assigns has possession of or access to any Company Data.

Capitalized terms used but not defined herein shall have the meaning set forth in the Terms.

2. Definitions:  

a. “Applicable Law” means any applicable data protection, privacy, or information security laws, codes, and regulations or other binding restrictions governing Processing of eBay Data.

b. “Data Centers” means locations at which you provide data Processing or transmission functions in support of your Application. Data Centers can be owned by you or by a third party.

c. “Data Controller” means the party that determines the purposes of the Processing of Personal Data.

d. “Data Processor” means the party that Processes Personal Data on behalf of, and under the instruction of, the Data Controller.

e. “Data Subject” means the identified or identifiable person who is the subject of Personal Data. 

f. “Company Data” means data or information (regardless of form, e.g., electronic, paper copy, etc.) transmitted through the Company feeds, Company dashboard, Company API(s), Promotion Tools or otherwise provided by or on behalf Corporate Family Member (as that term is defined in the Terms) to you.  

g. “Confidential Data”: Information that is intended only for a limited audience within eBay or whose release would likely have an adverse financial or reputational effect on Company, Company customers, or Company clients. Examples include, but are not limited to: customer or client customer individual names, email addresses, physical addresses and any other information that correlates to a person, software source code, customer personal contact information, customer email addresses, etc.; or

ii. “Personal Data”: data or information that makes a natural person identified or identifiable or is a numerical, physical, physiological, cultural, economic, mental or other factor of identity relating to an identified or identifiable person.

Company Data specifically excludes data classified by us as “Restricted Data,” which includes highly sensitive or regulated information that is intended only for a limited audience within eBay or whose release would likely have a material adverse financial or reputational effect on eBay or any Data Subject. Examples include but are not limited to: (i) Government issued identification numbers for specific countries (e.g., USA Social Security number; Germany Shufa ID, Canada Social Insurance number, driver’s license number; state identification number); (ii) Bank account numbers and related bank wire transfer financial information; and (iii) customer date of birth.

You agree that you will not attempt to access, receive, transmit, process or store any “Restricted Data”

h. “Processing” or “Processes” means any operation or set of operations which is performed upon eBay Personal Data, whether by automatic means or not, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

i. “Security Breach” means a compromise of the systems in which eBay Data has been accessed or acquired by one or more unauthorized parties, or you or eBay reasonably suspects that such a breach of security may have occurred, or any act that violates any Applicable Law. For the avoidance of doubt, “a compromise of the systems” includes, but is not limited to: misuse, loss, destruction, unauthorized access, collection, retention, storage, or transfer.

j. “Sub-Processor” or Sub-Affiliate” means any of your Affiliates, agents or assigns that Processes Company Personal Data subject to the Terms, and any unaffiliated Data Processor engaged by you or by your Affiliates.

3. REASONABLE SECURITY: 

You represent, warrant, and agree to use Security Measures (as defined below) (i) to ensure the protection of the rights and freedoms of the Data Subjects in accordance with Applicable Laws and Regulations. You agree that “Security Measures” shall mean commercially reasonable security-related policies, standards, and practices commensurate with the size and complexity of your business, the level of sensitivity of the data collected, handled and stored, and the nature of your business activities, provided that all such policies, standards, and practices shall, at a minimum, comply with any Applicable Laws and Regulations and shall give due consideration to information security management systems, physical security, physical access control, access control to systems, access control to data, disclosure control, input control, security and privacy enhancing technologies, awareness, training and security checks in relation to your Personnel (job control), availability control, segregation control, incident response management/business continuity and audit controls/due diligence. You further represent, warrant and agree to (v) implement industry standard security controls to detect malware on any ads served by you or your partners to a person and take appropriate actions to remove identified malware in a timely manner. You shall provide a detailed description of the Security Measures if needed, as required by law.  

4. Logical Security:

a. Access Controls.  You certify that you employ access control mechanisms that in accordance with your business size as required by law:

5. Security Vulnerability Management:

a. Vulnerability Management and Application Security Assessments. If Federal Law mandates by your business size that you must run internal and external network vulnerability scans at least annually and after any material change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades), then you agree that you will do such. Vulnerabilities identified and rated as high risk by you will be remediated within ninety (90) days of discovery.

b. For all Internet-facing applications that collect, transmit or display Company Data, if your company size is required and mandated to conduct an application security assessment review to identify common security vulnerabilities as identified by any and all Federal requirements, you agree to do such.

c. Patch Management. If your company size is required and mandated to, then you will patch all workstations and servers with all current operating system, database and application patches deployed in your computing environment according to a schedule predicated on the criticality of the patch. You must perform appropriate steps to help ensure patches do not compromise the security of the information resources being patched. All emergency or critical rated patches must be applied as soon as possible but at no time will exceed thirty (30) days from the date of release, then you agree that you will do such. 

7.  Security Breach:

If your company size is required and mandated to have certain protections and safeguards implemented, then you will maintain an industry standard incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put Company Data at risk (“Breach”), you shall take commercially reasonable measures to mitigate the harmful effects of the Incident. You shall also notify Company of the Breach as soon as practicable, but in no event later than 24 hours after the Breach and in any case before notifying any relevant authority. You must ensure that affected third parties are notified of the Breach, at Company’s sole discretion, either by notifying such third parties after Company has reviewed and approved the language and method of notice. You agree to cover the costs of any such notification, including reimbursing Company for any reasonable costs such as to provide credit monitoring to affected Data Subjects.