security and compliance

Last Updated: May 18, 2002
 
The Security and Compliance Documents are made part of the Provider Services Agreement as Attachments and governs Provider’s Security and Compliance requirements. These Attachments are effective upon the date that Provider accepts the Security and Compliance Documents (the “Effective Date”).

CONTENTS
Attachment A – Security & Privacy Policy Attachment B – Provider Code of Conduct Attachment C – Anti-Corruption Requirements Attachment D – Sitehands Platform Terms of Use Attachment E – Insurance Requirements  

CLICKING THE BOX TO ACCEPT THE SECURITY AND COMPLIANCE DOCUMENTS INDICATES PROVIDER’S ACCEPTANCE OF THESE DOCUMENTS AND PROVIDERS FULL UNDERSTANDING EACH DOCUEMNST IS MADE PART OF THE PROVIDER SERVICES AGREEMENT AS ATTACHMENTS THERETO. PROVIDER AGREES THAT IT HAS READ AND UNDERSTANDS, AND AGREES TO EACH ATTACHMENT, AND THAT THE PERSON ACCEPTING THESE SECURITY AND COMPLIANCE DOCUMENTS AND EACH ATTACHMENT HAS THE AUTHORITY TO DO SO, EITHER INDIVIDUALLY OR AS AN EMPLOYEE OR AGENT OF PROVIDER.  If Provider does not accept the Security and Compliance Documents and each Attachment, it must click “I DO NOT ACCEPT”.

Sitehands may change, modify, add or remove portions of this Security and Compliance Documents or any Attachment (each, an “Update”) from time to time without prior notice, and such Updates will be effective upon Provider’s accepting any Work Order or entering into any Statement of Work subsequent to such Update.  If Sitehands makes an Update, it will change the “Last Updated” date above.  Provider’s accepting a Work Order or entering into a Statement of Work after an Update confirms Provider’s acceptance of the Update. Sitehands encourages Provider to frequently review the Security and Compliance Documents and each Attachment to ensure it understands the latest terms and conditions associated with its performance of Services.  If Provider does not agree to the Update, it should not accept any new Work Order or enter into a new Statement of Work.

Attachment A – Security & Privacy Policy 
  1. Sitehands Information
  2. Sitehands exclusively owns all information that Provider obtains in any manner from any source under the Agreement, including, without limitation, prospective and existing Customers or employees of (i) Sitehands, (ii) Sitehands’ contracting parties, or (iii) Sitehands’ data suppliers (collectively, “Sitehands Information”).

    Use. Provider (i) may collect, store, access, use, process, maintain, and disclose Sitehands Information only to fulfill its obligations under the Agreement and for no other purpose, and (ii) will, without limiting any other obligations applicable to Sitehands Information, treat all Sitehands Information as Confidential Information of Sitehands.

    Return and Destruction. Provider will return to Sitehands, or at Sitehands’ option, destroy (and certify in writing such destruction) any and all Sitehands Information (i) within thirty (30) days of the termination of the Agreement, (ii) within seven (7) days of a request by Sitehands or an authorized representative of Sitehands, or (iii) when no longer needed by Provider to fulfill its performance obligations under the Agreement, whichever comes first.

    Destruction Standards. At a minimum, destruction of Company Information shall comply with the standards enumerated by the National Institute of Standards, Guidelines for Media Sanitization (available at http://csrc.nist.gov/).

    Provider Responsibility.  Provider is fully responsible for (i) any authorized or unauthorized collection, storage, transmission, disclosure, use of, or access to, Sitehands Information, and (ii) any acts or omissions of anyone with which Provider is associated, including without limitation employees of Provider and its subsidiaries and affiliates, and Provider’s agents, contractors, and subcontractors, and their respective employees (“Provider Affiliates”).
  1. Safeguards
Provider will implement and maintain, for as long as it retains custody of or access to any Sitehands information in any form, administrative, physical, and technical safeguards (“Safeguards”) that prevent any collection, use, disclosure of, or access to, Sitehands Information not specifically authorized by the Agreement, including without limitation:

Information Security Program. Provider agrees to implement and maintain a written information security program that is no less rigorous than accepted industry standards. At a minimum, this information security program will include (i) appropriate access and data integrity controls; (ii) monitoring of systems for unauthorized use of, or access to, information; (iii) scanning for and remediation of vulnerabilities; (iv) logging and recording of security events; and (v) testing and auditing of all controls and appropriate corrective action and incident response plans. Provider will retain such access records, vulnerability scans, security logs, control test reports, incident response plans, and other associated artifacts in accordance with accepted industry best practices.

Physical Security. Provider agrees to provide adequate physical security of all premises in which Sitehands Information will be processed or stored, including reasonable surveillance monitoring and recording, limited access controls, and fire suppression and environmental control systems.

Personnel.  Provider agrees to take reasonable precautions with respect to the employment of, and access given to, Provider personnel, including background checks and security clearances (if applicable) that assign specific access privileges to individuals, training of employees on the proper use of systems and the importance of personal information security, and restricting access to records and files containing Sitehands Information to those who need such information to perform their job duties.

Contractors, Subcontractors, Subsidiaries. Provider will ensure that only approved contractors and subcontractors (including any subsidiary, parent, affiliate, or partner) who have a need to know Sitehands Information may access such information, and only (i) if Provider requires such contractors and subcontractors to comply with obligations with respect to Sitehands Information that are no less stringent than those applicable to Provider, including compliance with the terms and conditions of this  Attachment; and (ii) to the extent that is necessary for Provider to fulfill its obligations under the Agreement. Provider will not disclose any Sitehands Confidential Information to any contractors or subcontractors unless and until (a) Provider provides Sitehands with all information reasonably pertinent to evaluating whether such individuals or entities should be allowed such access; and (b) Sitehands provides express written consent Provider will be fully responsible for all acts and omissions of each contractor and subcontractor and any employees and agents thereof, whether or not Provider itself was negligent or at fault. Any act or omission of any contractor or subcontractor will be deemed an act or omission of Provider.

Encryption. (if applicable) Provider agrees to encrypt Sitehands Information, in transit and at rest, using the best commercially available encryption solutions, including without limitation (i) any and all Sitehands Information that will travel across public networks, be transmitted wirelessly, or be transmitted outside of the Provider’s secure systems; (ii) any and all Sitehands Information that resides on any portable or laptop computing device or any portable storage medium; and (iii) any and all Sitehands Information backed-up by the Provider as part of its designated backup and recovery processes.

Sitehands Policy.  Provider will comply with Sitehands’ applicable written privacy and security policies that have been or will be provided to Provider not less than thirty (30) days prior to the effectiveness of such written policies. Compliance with Sitehands policies will not otherwise relieve Provider of its duties to protect Sitehands Information or other Confidential Information of Sitehands.

Sitehands and Sitehands Client Data. Any Sitehands or Sitehands Client information should not reside on any Providers systems after completion and acceptance of any Work Order.

Data Protection and Privacy Compliance. Provider shall ensure that all such safeguards, including the manner in which Information is collected, accessed, used, stored, processed, disposed of, and disclosed, comply with all applicable data protection and privacy Laws.
 
  1. Security Breach (aka Data Loss)
Notification. Provider will immediately notify Sitehands of any actual, probable or reasonably suspected breach of security or data loss of the Provider systems or of any other actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any Confidential Information of Sitehands, including without limitation any Sitehands Information (each, a “Breach”). Provider agrees to notify Sitehands of any Breach by telephone, mail, and email within 24 hours of discovery.

Unless prohibited by an applicable statute or court order, Provider will also notify Sitehands of any third-party legal process relating to any Breach, including, but not limited to, any legal process initiated by any governmental entity (foreign or domestic).

Except where required by applicable law, Provider agrees that it shall not inform any third party of any Security Breach without first obtaining Sitehands’ prior written consent, other than to inform a complainant that the matter has been forwarded to Sitehands’ legal counsel. Further, Provider agrees that Sitehands shall have the sole right to determine, except to the extent Provider is required by applicable law or contract with another party: (i), whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required by law; and (ii) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation.

Provider agrees to adhere to Sitehands GDPR Policy which can be found at https://www.sitehands.com/privacy-policy/

Designated Contact. In any notification to Sitehands required under this Attachment, Provider will designate representatives employed by Provider who must be available to Sitehands 24-hours per day, 7-days per week as a contact regarding Provider’s obligations under this Section.

Remediation and Assurance. Provider will (i) assist Sitehands in investigating, remedying, and taking any other action Sitehands deems necessary regarding any Breach and any dispute, inquiry, or claim that concerns the Breach; and (ii) provide Sitehands with assurance satisfactory to Sitehands that such Breach or potential Breach will not recur.

Notification Compliance. Provider agrees to comply with all applicable laws that require the notification of individuals in the event of an unauthorized release of personally identifiable information. In addition, Provider shall bear all costs associated with resolving a Breach, including without limitation conducting an investigation, notifying third parties as required by law, or the Payment Card Industry Data Security Standard, providing affected individuals with one year of credit monitoring and responding to third party inquiries.
  1. Representations, Warranties and Agreements
Compliance with Applicable Laws. Provider represents and warrants that it is, and will remain, in compliance with all applicable federal, state, and local laws, rules, regulations, orders, and ordinances (“Applicable Laws”) and that it will not cause Sitehands to be in material violation of any Applicable Laws.
Absence of Material Vulnerabilities. Provider represents and warrants that either (i) the Provider System Audits have not revealed any material vulnerabilities in the Provider Systems or any component thereof; or (ii) to the extent that any such vulnerabilities were found to exist, Provider has fully remedied such vulnerabilities.

Breaches Absent or Disclosed. Provider represents and warrants that the Provider Systems have (i) not suffered any Breaches; or (ii) if the Provider Systems have suffered one or more Breaches, Provider has disclosed each Breach to Sitehands.

Not a Party to Enforcement Actions or Decrees. Provider represents and warrants that Provider is not and has not been a party to any current, pending, threatened, or resolved enforcement action of any government agency, or any consent decree or settlement with any governmental agency or private person or entity regarding any Breach or otherwise regarding data or information security. Unless prohibited by applicable law, Provider agrees during the term of the Agreement to disclose each Breach to Sitehands.

Payment Industry Compliance. If Provider processes, stores, transmits, or has access to Sitehands Information that includes payment information (including without limitation credit card, debit card, or financial account information),Provider represents and warrants that it is presently in compliance with, and will remain in compliance with the data security rules of any applicable payment network or organization, including, but not limited to, (i) the Payment Card Industry Data Security Standard for protecting credit and debit cardholder information, as the same may be amended, updated, replaced, or augmented , and (ii) the NACHA Operating Rules, developed and administered by NACHA—The Electronic Payments Association, for protecting financial account information and the Automated Clearing House network, as they may be amended, updated, replaced, or augmented.

Gramm-Leach-Bliley Act Compliance. In connection with the activities contemplated by this Agreement, Provider agrees to comply with all provisions of the Gramm-Leach-Bliley Act applicable to it, including without limitation applicable provisions regarding (i) the sharing or disclosure of Nonpublic Personal Information (as such term is defined in the Gramm-Leach-Bliley Act); and (ii) the implementation and maintenance of appropriate  security measures designed to protect the security and confidentiality of Nonpublic Personal Information.

Insurance. Provider agrees to obtain and maintain insurance necessary to protect against losses associated with unauthorized access, network intrusion, business interruption, loss of data and data theft. Provider further agrees to add Sitehands as an additional insured and to provide proof of such coverage to Sitehands.
  1. Remedies
  2. The parties agree that a breach of any provision of this Attachment may result in irreparable harm to Sitehands, for which monetary damages may not provide a sufficient remedy, and therefore, Sitehands may seek both monetary damages and equitable relief. Such monetary damages for breach of the obligations in this Attachment are not subject to any limitation on liability provision in the Agreement.

    In the event Provider commits a material breach of any obligation in this Attachment and such breach by its nature is not curable or Provider fails to cure such breach if curable within ten (10) days after Sitehands gives written notice of such breach, then Sitehands may, in addition to any other remedies it may have, terminate the Agreement, in whole or in part, effective immediately and without liability in connection thereto, by giving separate written notice to Provider.

    Provider will defend, indemnify, and hold harmless Sitehands, its parent, subsidiaries, and affiliates, and each of their respective officers, shareholders, directors, and employees from and against any third-party claims, losses, liabilities, and expenses (including without limitation reasonable attorneys’ fees and expenses) that relate to any failure to comply with any obligation relating to Sitehands Information enumerated in this Attachment or the Agreement. Sitehands may participate in the defense and settlement of any claim for which it is entitled to indemnification at Sitehands’ own expense and using attorneys selected by Sitehands. Provider’s indemnification obligations under this section are not subject to any limitation on liability provision in the Agreement.

  1. Order of Precedence 
  In the event of any inconsistency or conflict between this Attachment and the remainder of the Agreement, the terms of this Attachment shall prevail, but only to the extent that the terms of this Attachment are inconsistent or conflicting with the Agreement.

Attachment B – Provider Code of Conduct

The following Code of Conduct applies to all Sitehands (“Company”) vendors, contractors, subcontractors, partners, suppliers, agents, representatives, consultants or any other person or entity that provides services, products or materials to, for or on behalf of Sitehands (collectively, “Providers”). All Providers must be fully committed to these principles and abide by them at all times. Any Provider who ignores these policies and standards of Company will be subject to serious disciplinary action, which may include damages, penalties and termination.

Business Ethics
Honesty and integrity are at the core of the Company’s business practices and Company expects the same from all Providers. In dealings with Company, its clients, suppliers, competitors, the public, regulatory authorities and one another, every Provider is expected to act and operate with honesty and integrity and in strict compliance with all laws and regulations, and in a manner, that avoids the existence and the appearance of improper or questionable conduct.

Provider must never engage in any conduct in violation of any laws or regulations, or participate in any unscrupulous or unethical dealings. Payments or funds may never be used or diverted directly or indirectly for bribery, payoffs, kickbacks, illegal or improper lobbying or political contributions, personal gain or for any other illegal or improper purpose.

Conduct
All Providers must be committed to maintaining the highest professional standards and quality.  Meeting this commitment requires that each Provider’s full attention, resources and skills be devoted to the performance of its responsibilities and to safeguarding the business interests and confidential information of Company and its Customers. Providers must take all measures to avoid conduct or activities that could be detrimental to Company’s reputation or business interests. Providers shall not take any action on or off Company’s or Company’s Customers’ premises that is, or may be construed as, disparaging to Company or its Customers, or any of their respective directors, officers or employees. Providers shall not destroy or misuse any property belonging to Company or its Customers.

Employment Practices
Company is committed to the principle of equal employment opportunity for all qualified employees and job applicants. All Providers must be committed to promoting an environment where talent prevails, and where employees are free to perform at their maximum potential.

Basing employment and advancement on anything other than a person’s ability and performance is inexcusable, against Company’s best interests, and against the law.  Providers must not discriminate against job applicants or employees because of race, religion, color, national or ethnic origin, gender, gender expression or identity, sexual orientation, age, genetic information, citizenship status, veteran status, handicap or disability – nor for any other reason unrelated to how people can and do perform their jobs. Company will not tolerate any behavior that fosters an environment of harassment or “jokes” based on any of these attributes.

Conflicts of Interest
A conflict of interest arises when a Provider’s other business dealings or interests conflict, or appear to conflict, with Company’s interests. Other business interests should not weaken Provider’s commitments to Company by dividing loyalties or diverting resources or energies. All Providers must make every effort to avoid situations that could compromise independent judgment or its commitment to Company.

Accuracy of Provider’s Records
The accuracy of Provider’s financial reporting is a requirement of Company and its Customers and is vital to Company’s reputation and good business health. Therefore, all Providers must ensure that their corporate records are accurate and meet with high standards of professional practice.  Financial data should be complete and current, with all assets, funds and liabilities fully and properly recorded. Matters such as the type and quantity of services or products provided, fees, costs and expenses, hours worked, and all other matters must be recorded honestly and accurately.

All Providers must maintain strict financial accountability and never make false or misleading entries in the Provider’s invoices, books or records. No invoices or requests for reimbursement or payment from or on behalf of Provider should be made without adequate supporting documentation or for any purpose other than that described in the documentation.

Confidentiality
Providers may have access from time to time to confidential proprietary information regarding Company, its Customers and other companies. Providers must secure and protect that information, and ensure and preserve the confidentiality and security of all proprietary information, especially any trade secrets of Company or Company’s Customers. Providers must always keep such information confidential and take all other appropriate actions to safeguard the information.

Environment, Health and Safety
Company is concerned with the environmental, health and safety consequences of its business operations. All Providers must adhere to and continue to be in strict compliance with environmental, health and safety laws and regulations. All Providers must provide a safe work environment, and all applicable and appropriate safety rules and procedures must be followed at all times. Unsafe working conditions or practices should be reported and corrected immediately.

Antitrust Laws
The purpose of the antitrust laws is to promote and preserve free and vigorous competition. All Providers must be committed to these principles and cannot permit any conduct that may violate the antitrust laws.

The antitrust laws apply most clearly and most harshly to arrangements between competitors that restrict competition. The antitrust laws prohibit fixing prices or other terms of sale, allocating Customers, or boycotting Customers or suppliers. In addition, agreements, understandings or exchanges of information that unreasonably restrain trade are also against the law.

Providers must never discuss with competitors any competitive matter, such as prices, discounts, credits, costs, Customers, suppliers, competitive conditions, or any competitive or confidential aspect of their business.

Attachment C – Provider Anti-Corruption Policy
The following Policy applies to all Sitehands’ vendors, contractors, subcontractors, partners, suppliers, agents, representatives, consultants or any other person or entity that provides services, products or materials to, for or on behalf of Sitehands (collectively, “Providers”).

Hospitality or Payments to Government Personnel and Officials
The federal government, most states and many municipalities have laws prohibiting or strictly limiting gifts or payments to government personnel and officials. Even where they are lawful, acts of hospitality toward public officials should be of such a scale and nature as to avoid compromising the integrity or impugning the reputation of the public official or Sitehands. Any such act should be performed with the expectation that it will become a matter of public knowledge.

International Business and Transactions
The Foreign Corrupt Practices Act of 1977, as amended (“FCPA”), prohibits United States business entities from making a payment or promises of payment of any money or gift to a foreign official (basically any government employee), foreign political party, any official thereof, candidate for political office, or relatives of foreign officials or candidates, to influence any act or decision to obtain or retain business.

Policy
In accordance with the FCPS, Sitehands (collectively with all of its subsidiaries and all entities controlled by it, the “Company”) strictly prohibits engaging in or tolerating bribery or any other form of corruption.

The Company strictly prohibits giving or promising, directly or indirectly, anything of value, including money or any financial or other advantage, to any person for improper purposes. Thus, no Provider or other person working for or on behalf of the Company, regardless of nationality, may offer, pay, give, promise, or authorize the payment of anything of value, including money or any financial or other advantage, to any person for the purpose of obtaining or retaining business, inducing that person or any other person to act, rewarding him/her for acting, or securing an advantage, improperly or otherwise.

The Company also prohibits the receipt or solicitation, directly or indirectly, of anything of value, including money or any financial or other advantage, from any person for improper purposes. Thus, no Provider or other person working for or on behalf of the Company, regardless of nationality, may receive or solicit anything of value, including money or any financial or other advantage, from any person for the purpose of assisting that person in improperly obtaining or maintaining a business relationship with the Company.

Additional Guidance Concerning Policy
This policy applies to the Company and to all directors, officers, employees, Providers, agents, contractors, consultants, joint venture partners, and other persons acting for or on behalf of the Company. Anyone who ignores this policy will be subject to serious disciplinary action, which may include dismissal.

This policy applies to dealings with government and non-government business partners or Customers. In many cases, local prohibitions and requirements regarding government and other public officials will be more rigorous than those applicable to non-government business partners and Customers.

This policy strictly prohibits the Company and its directors, officers, employees, Providers and other persons acting for or on behalf of the Company from giving or offering to give money or anything of value to government officials, a political party, a  party official, or a candidate for political office to secure any improper advantage, to obtain or retain business, or to improperly induce the recipient to take (or to refrain from taking) action that would bestow a commercial benefit or advantage on the Company, its affiliates or any other party. Employees and Providers who are dealing with these types of officials must be aware of any requirements and prohibitions applicable to such officials under applicable local law and/or the rules and regulations of the official’s organization.

This policy also strictly prohibits giving or offering money, gifts, or other things of value to private persons to secure any improper advantage.  This policy prohibits conveying anything of value either directly or indirectly. Thus, the policy prohibits corruptly conveying a thing of value through Providers, agents, contractors, intermediaries, or other third parties. Benefits to family members are similarly prohibited.

This policy applies even if a person, including a government official, demands or suggests the payment. If you receive a demand or suggestion, you should immediately report it to the local Managing Director or Compliance Officer, and no payment should be made.

Directors, officers, employees and Providers may not avoid liability by “turning a blind eye” when circumstances indicate a potential violation of the policy. If you have any doubts or questions as to whether conduct is permissible under this policy, or if you believe a violation of the policy has occurred, is occurring, or will occur, you should report the conduct immediately to the local Managing Director or Compliance Officer.

Definitions
As used in this policy, the terms “improper” or “improperly” mean, in relation to any person, in breach of a reasonable expectation that that person will act in good faith or impartially or, where that person is in a position of trust, in breach of that trust.

Whether or not there is a reasonable expectation that a person will act in good faith shall be determined by reference to standards applicable in the United States and the United Kingdom, not by reference to the local law or customs applicable to that person.

As used in this policy, the phrase “anything of value” is not limited to money or cash.  It includes travel, meals, gifts, entertainment, golf outings, favors, services, loans and loan guarantees, investment or business opportunities, the use of property or equipment, job offers (including to a person’s relative), transportation, the payment or reimbursement of debts, and other tangible and intangible payments.

As used in this policy, “government official” is defined broadly and includes:
  1. Any officer or employee of a government-owned or government-controlled Company. This includes companies that operate in the commercial sector but are owned by a government or government agency;
  2. Any person engaged in public duty in a government agency. This includes any elected or appointed official or employee of a government, at any level including national or local government entities. This includes members of legislative, administrative, and judicial bodies, as well as low-level employees of government agencies, such as office workers;
  3. Any officer or employee of a public international organization (such as the United Nations, the World Bank or the International Monetary Fund); Any person acting in an official capacity for a government, government agency, or state-owned enterprise (for example, someone who has been given authority by a government entity to carry out official responsibilities); and
  4. Any political party, official of a political party, and any candidate for political office.

Gifts
No Provider or other person working for or on behalf of the Company, regardless of nationality, may give or receive gifts in the context of the Company’s business except in accordance with this policy and other applicable guidelines in force in relation to the relevant country or business unit.  Providing or receiving gifts with the intention or appearance of improperly influencing a government official or private person, or being improperly influenced by another, in order to obtain or convey a business advantage, or for any other corrupt purpose, is strictly prohibited. It is important to recognize that even when there is no intent to convey a bribe, such intent may be inferred from the surrounding circumstances.

While it may be common practice to provide, or receive gifts in certain areas on special occasions, gifts may not be given or received if they are prohibited by local law or regulations, or by internal policies or rules applicable to the intended recipient. Additionally, even when it is permissible to give or receive a gift, the gift should not be excessive, lavish, or otherwise inappropriate. The following restrictions apply to gifts:
  1. A gift shall not be given or received if the intended recipient is in a position to influence a pending business or regulatory decision.
  2. Cash gifts, or cash equivalents such as gift cards, phone cards, meal vouchers or cards, shall not be given or received.
  3. No gifts in the form of stock or other similar consideration shall be given or received.
  4. Gifts must not be given with such frequency that it appears that an effort is being made to avoid restrictions under local law or this policy regarding excessive, lavish, or otherwise inappropriate gifts.
A gift may be given or received without prior approval from the local Managing Director or Compliance Officer only if all of the following circumstances are met:
  1. The gift is appropriate under legitimate and generally accepted local law and custom.
  2. The gift is permitted by the rules of the recipient’s employer.
  3. The item is (i) of nominal value (examples include logo cups, hats, shirts, USB drives, calendars and notebooks which- bears a Company or other official logo) or (ii) is generally distributed by the giver to its Customers and Providers as a token of goodwill during festivals, holidays, or other special occasions; and
  4. The gift is appropriate under legitimate and generally accepted local customs;
  5. The expenses related to a gift from Company personnel must be supported by receipts, approved in accordance with Company policies, and accurately recorded on the Company’s books and records. In the event that a cash advance is obtained to pay for a permissible gift, appropriate documentation of the expense be maintained and submitted pursuant to the Company’s reimbursement procedures.
  6. All other gifts must be approved by the local Managing Director or Compliance Officer.

Facilitating, “Speed” or “Grease” Payments
Although some anti-bribery laws permit payments to government officials in limited circumstances for the purpose of facilitating or expediting the administrative performance of routine governmental actions, it is the Company’s policy that no such payments may be made.

Training
All Company directors, officers and employees as well as Providers, agents, consultants and other business partners, are required to undertake appropriate training on this policy and the related legal issues on an annual basis.

Reporting Potential Violations
Potential violations of this policy should be reported to local Managing Director and, if warranted, will be investigated by the Compliance Officer, the Company’s internal auditors, or outside advisers as appropriate.

Attachment D – Sitehands Platform Terms of Use
  1. SITEHANDS PLATFORM 
    • Limited Rights.  Subject to the terms of this TOU, Sitehands shall provide you with the right to access and use the Sitehands Platform for purposes of performing and monitoring the Services that you provide to Customers pursuant to each Statement of Work and Work Order, and (ii) the right to allow your authorized employees and agents (“End Users”) to access and use the Sitehands Platform for the foregoing purposes.

    • Platform Restrictions.  The Sitehands Platform is provided pursuant to this TOU subject to the following restrictions: (a) you shall not reverse engineer, disassemble, decompile, otherwise attempt to derive the source code of the Sitehands Platform, or separate the contents of any Sitehands Platform or permit others to do any of the foregoing; (b) you shall not sublicense the use of the Sitehands Platform (except that you may grant access to the Sitehands Platform to End Users), and (c) you may not use the Sitehands Platform for time-sharing, rental, outsourcing, or service bureau use.  In addition, you may not: (i) use the Sitehands Platform to send or store material containing software viruses, worms, Trojan horses or other harmful computer code; (ii) interfere with or disrupt the integrity or performance of the Sitehands Platform or the data contained therein; (iii) attempt to gain unauthorized access to the Sitehands Platform or related systems or networks; (iv) use the Sitehands Platform for any  benchmarking or competitive purposes; (v) use the Sitehands Platform to build a competitive product or service, build a product using similar ideas, features, functions or graphics of the Sitehands Platform, or copy any ideas, features, functions or graphics of the Sitehands Platform; (vi) access or use (or attempt to access or use) the  Sitehands Platform user’s account without permission, or solicit another user’s login information; (vii) “frame” or “mirror” any portion of the Sitehands Platform; (viii) use any robot, spider, site search/retrieval application or other manual or automatic device or process to retrieve, index, “data mine” or in any way reproduce or circumvent the navigational structure or presentation of the Sitehands Platform; or (ix) probe, scan or test the vulnerability of the Sitehands Platform, breach the security or authentication measures on the Sitehands Platform, or take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Sitehands Platform, such as a denial of service attack.  You shall not aid or permit others to do any of the foregoing.  You will not, and will not attempt to, interfere with, modify or disable any features, functionality or security controls of the Sitehands Platform or defeat, avoid, bypass, remove, deactivate or otherwise circumvent any protection mechanisms for the Sitehands Platform.

    • Provider Content.  Subject to the terms and conditions of this TOU, you grant Sitehands a nonexclusive, nontransferable, non-sublicensable, worldwide, license to use, copy and display data transmitted, uploaded and/or generated to or through the Sitehands Platform by you, or delivered by you to Sitehands in connection with the Services (“Provider Content”) solely to provide the Sitehands Platform to you, in furtherance of your relationship with Sitehands, and for Sitehands’ internal business purposes.

    • Ownership.  Sitehands reserves all rights not expressly granted to you in this TOU, and no licenses are granted by implication or estoppel.  As between the parties, Sitehands and its licensors, suppliers and customers retain all worldwide right, title and interest in and to the Sitehands Platform, including all worldwide intellectual property rights therein, and Sitehands solely and exclusively owns all right, title and interest therein and thereto, and to all derivative works or enhancements thereof, including but not limited to all worldwide intellectual property rights therein, but excluding in all cases Provider Content (“Sitehands Technology”).  If you suggest any new features, functionality, or improvement to the Services or the Sitehands Platform (“Feedback”), you acknowledge that all Feedback and products or services incorporating such Feedback are the sole and exclusive property of Sitehands, and you hereby irrevocably assigns to Sitehands all intellectual property rights and all other rights and title to Feedback.

  1. THIRD PARTY PRODUCTS AND SERVICES  
The Sitehands Platform may contain features designed to interoperate with third party products and services (e.g., email, text messaging, or customer relationship management applications). To use such features, you may be required to obtain access to such third party products or services from their providers or to grant Sitehands access to your account(s) on such third party products or services.  Sitehands cannot guarantee the continued availability of such features, and may cease providing them without entitling you to any refund, credit, or other compensation, if for example and without limitation, the provider of a third party product or service ceases to make the third party product or service available for interoperation with the corresponding Service features in a manner acceptable to Sitehands.  Certain components of the Sitehands Platform may be provided by third parties and are subject to separate terms and conditions. You must agree to those terms and conditions before accessing or using such third party products, and you must comply with such terms and conditions.  Sitehands may modify, remove or replace such third party products or components from time to time.

  1. TERM AND TERMINATION
The term of this TOU is concurrent with the term of the PSA, and this TOU shall automatically terminate upon termination of the PSA. In addition, Sitehands or you may terminate this TOU for any reason (including for cause) or no reason upon notice to the other.  Except as may be set forth otherwise in this TOU, all rights and obligations that expressly or by their nature survive the expiration or termination of this TOU shall continue in full force and effect subsequent to and notwithstanding the expiration or termination of this TOU until they are satisfied or by their nature expire and shall bind the parties and their successors and permitted assigns, and the provisions of Sections 1.4, 3, 4, 5, 6, 7 and 8.

  1. DISCLAIMERS
THE SITEHANDS PLATFORM IS MADE AVAILABLE TO YOU “AS IS” AND WITHOUT WARRANTIES.  SITEHANDS MAKES NO OTHER WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR TRADE USAGE, ALL OF WHICH ARE HEREBY DISCLAIMED.  SITEHANDS DOES NOT WARRANT THAT THE SITEHANDS PLATFORM WILL BE ERROR OR DEFECT-FREE, UNINTERRUPTED, COMPLETELY SECURE, OR THAT ERRORS, DEFECTS OR BUGS CAN OR WILL BE CORRECTED.

  1. INDEMNIFICATION
You shall indemnify and hold Sitehands, Customers, and their respective officers, directors, employees and agents harmless from any losses, damages, costs and expenses (including attorneys’ fees) directly or indirectly arising out of or relating to any claim from any party arising out of or relating to (i) your or your End Users’ use of the Sitehands Platform, unless such claims are caused by Sitehands’ gross negligence or willful misconduct; (ii) your noncompliance with applicable laws or breach of this TOU, and (iii) Provider Content. You will also defend Sitehands and Customer and their respective officers, directors, employees and agents from such claims if instructed by Sitehands, at your own expense.

  1. INFRINGEMENT
    • Third Party Claims.  If a third party makes a claim against you alleging the Sitehands Platform (excluding Provider Content) directly infringes any U.S. patent, U.S. copyright, or trademark or misappropriates any trade secret (“IP Claim”), then Sitehands will defend you against the IP Claim and pay all costs, damages and expenses (including reasonable legal fees and costs) finally awarded against you by a court of competent jurisdiction or agreed to in a written settlement agreement signed by Sitehands arising out of such IP Claim.  You must:(a)  promptly notify Sitehands in writing no later than thirty (30) days after receipt of notification of a potential claim; (b)  permit Sitehands to assume sole control of the defense of such claim and all related settlement negotiations; and (c)  provide Sitehands, at Sitehands’ request and expense, with the reasonable assistance, information and authority necessary to perform Sitehands’ obligations under this Section 6.1.  You may not make any admissions or consent to any judgment or settlement in respect of an IP Claim without Sitehands’ prior written consent.
    • Exceptions.  Sitehands shall have no liability for any claim of infringement based on (i) the unauthorized modification of the Sitehands Platform, (ii) the use of the Sitehands Platform other than in accordance with the provided documentation and this TOU, or (iii) Provider Content.  If, due to an IP Claim or the threat of an IP Claim, (a) the Sitehands Platform is held by a court of competent jurisdiction to be infringing, or in Sitehands’ reasonable judgment may be held to infringe by such a court, or (b) you receive a valid court order enjoining you from using the  Sitehands Platform, or in Sitehands’ reasonable judgment you may receive such an order, Sitehands may, at its option, (1) replace or modify the Sitehands Platform to be non-infringing; (2) obtain for you a license to continue using the Sitehands Platform; or (3) terminate this TOU upon notice.  THIS SECTION 6 STATES THE ENTIRE LIABILITY OF SITEHANDS AND ITS LICENSORS TO YOU and ANY THIRD PARTY WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF ANY PATENT, COPYRIGHT, TRADE SECRET OR OTHER PROPRIETARY RIGHTS.

  1. LIMITATION OF LIABILITY
IN NO EVENT SHALL SITEHANDS AND/OR ITS LICENSORS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THIS TOU, INCLUDING WITHOUT LIMITATION LOSS OF OR DAMAGE TO DATA, LOSS OF PROFITS, OR OTHER ECONOMIC LOSS, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF OR IN CONNECTION WITH THIS TOU, EVEN IF SITEHANDS HAS BEEN ADVISED OF SUCH CLAIM.  The aggregate and cumulative liability of Sitehands to you for all damages arising out of or relating to this TOU shall in no event exceed one thousand dollars ($1,000).

  1. GENERAL TERMS
    • Nondisclosure.  The Sitehands Platform constitutes Sitehands’ Confidential Information as that term is defined in the Sitehands Nondisclosure Agreement entered into by and between you and Sitehands (“Nondisclosure Agreement”), and you will treat the Sitehands Platform in accordance with the Nondisclosure Agreement.

    • Interpretation. All headings in this TOU are included solely for convenient reference, and shall not affect its interpretation.  If any provision of this TOU is determined by a court to be invalid or unenforceable as drafted, that provision shall be severed and the enforceability of other provisions shall not be affected.  This TOU may be modified or amended only by a written agreement signed by both parties.  The failure by a party to exercise any right or remedy hereunder will not operate as further waiver of such right or remedy in the future or any other right or remedy. No waiver of any default, condition or breach of this TOU shall be deemed to imply or constitute a waiver of any other default, condition or breach of this TOU, whether of a similar nature or otherwise.  This TOU, including the PSA and the Nondisclosure Agreement, constitutes the entire agreement between the parties concerning its subject matter and supersedes any prior or separate agreements between the parties concerning the subject matter of this TOU.

    • Notices.  All notices and consents sent under this TOU shall be in writing and: (a) hand delivered; (b) transmitted by fax; or (c) delivered by prepaid overnight courier.  Notices shall be sent to the parties’ respective addresses as indicated in the PSA.

    • Relationship of the Parties.  The parties are independent contractors and nothing in this TOU shall be construed as creating a partnership, joint venture or agency relationship between the parties, or as authorizing either party to act as agent for the other or to enter into contracts on behalf of the other.

    • Force Majeure.  Sitehands will be excused from performance and liability for any period during which and to the extent that it or its subcontractor(s) is prevented from performing any obligation or service, in whole or in part, as a result of causes beyond its reasonable control and without its fault or negligence.

    • Governing Law.  The interpretation of this TOU shall be governed by the laws of the State of North Carolina without regard to (i) choice of law principles; (ii) the United Nations Convention on Contracts for the International Sale of Goods; and (iii) the Uniform Computer Information Transactions Act.  The exclusive jurisdiction and venue for any dispute between the parties in connection with this TOU is Mecklenburg County, North Carolina, and each party consents to the exclusive jurisdiction and venue in Mecklenburg County, North Carolina and agrees that all proceedings and actions, including all discovery matters, shall take place solely and exclusively within Mecklenburg County, North Carolina.

    • Assignment.  Neither this TOU, nor any rights granted hereunder, may be sold, leased, assigned, or otherwise transferred, in whole or in part, by you, and any such attempted assignment shall be void and of no effect without the advance written consent of Sitehands.  This TOU will inure to the benefit of and be binding upon any successors and permitted assigns of the parties.


Attachment E – Provider Insurance Requirements
As an independent contractor, Provider is not covered by any insurance that may be provided by the Sitehands, and/or Sitehands Clients, to their respective employees, including, without limitation, health insurance, workers’ compensation insurance, general liability insurance, and automobile liability insurance. Instead, Provider is solely and exclusively responsible for Provider’s own insurance. Specifically, in the event that Provider is injured while working in the course and scope of a Work Order, Provider acknowledges and understands that Provider will not be covered by any workers’ compensation insurance coverage that Sitehands, and/or Sitehands Clients,  may provide to its employees. Further, in the event that Provider’s actions cause an injury to a third party while Provider is working in the course and scope of providing services under a Work Order or other activities covered by this Agreement, Provider acknowledges and understands that Provider will not be covered by any general liability or automobile liability insurance coverage that the Sitehands, and/or Sitehands Clients,   may have, and that the Sitehands, and/or Sitehands Clients,  is not making any commitment to defend and/or indemnify you in such circumstances, and specifically denies any such obligation.

Where required by state or Country law, Providers Agreement to Maintain Workers’ Compensation and other Insurance. As such, Provider agrees that before entering into this Agreement and at all times during the term of this Agreement, Provider will maintain proper workers’ compensation insurance coverage and any other insurance coverage required in each jurisdiction in which Provider performs any services. If required by the applicable jurisdiction, Provider also agrees to maintain any other required insurance.

If allowed by state or Country law, Provider is eligible to opt out of the workers’ compensation requirements.

Providers also agrees to maintain commercial general liability insurance coverage with combined policy limits of at least $1,000,000, and automobile liability insurance coverage with combined limits of at least $1,000,000, or such higher amounts or additional coverage as may be set forth in a Work Order.

Revisions:  
  • May 18, 2020