Legal, Privacy, Security, and Regulatory

Here you’ll find the legal documents, security standards, and policies that are core to our service. You’ll also find information about how we comply with regulatory guidance. The English version will govern our relationship — translated versions are provided for convenience only and will not be interpreted to modify the English version.

For Requesters of Confirmations

User Agreement – Requesters

THE FOLLOWING DESCRIBES THE TERMS ON WHICH CAPITAL CONFIRMATION INC. OFFERS YOU ACCESS TO OUR SERVICES.

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domain and sub-domains of www.confirmation.com (including www.capitalconfirmation.com, www.myconfirmation.com, www.cashconfirm.com, www.bbaconfirmations.com, and www.bba.confirmation.com) and the general principles for the websites of our subsidiaries. If you do not agree to be bound by the terms and conditions of this Agreement, do not use or access our services. You evidence your acceptance of the terms and conditions of this Agreement by checking the box for the “Yes, I have read and accept the User Agreement.” statement and clicking the “Create New Account” button on Capital Confirmation’s website and through your use of any of the Confirmation.com services (aka “Confirmation” service).

If you have any questions, please email us at customer.support@confirmation.com.

You must read, agree with and accept all of the terms and conditions contained in this User Agreement and the Privacy Statement, which include those terms and conditions expressly set out below and those incorporated by reference, before you may become a member of Capital Confirmation. We strongly recommend that, as you read this User Agreement, you also access and read the information contained in the other pages and websites referred to in this document, as they may contain further terms and conditions that apply to you as a Capital Confirmation user. Please note: underlined words and phrases are links to these pages and websites. By accepting this User Agreement, you also agree that your use of other Capital Confirmation websites will be governed by the terms and conditions posted on those websites.

We may amend this Agreement at any time by posting the amended terms on our site. Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site. You will not be notified in writing or by email of any changes in this Agreement. This Agreement may not be otherwise amended except in writing signed by you and Capital Confirmation Inc. This Agreement is effective starting March 1, 2003.

1. Membership Eligibility.

Our services are available only to individuals who can form legally binding contracts under applicable law. Without limiting the foregoing, our services are not available to minors or to temporarily or indefinitely suspended Capital Confirmation members. If you are a minor, you cannot use this service. If you do not qualify, please do not use our services. Further, your Capital Confirmation account (including feedback) and User Id may not be transferred or sold to another party. If you are registering as a business entity, you represent that you have the authority to bind the entity to this Agreement. If you are registered as an individual, you represent that you are the individual you purport to be.

2. Fees and Service.

Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users (the “Service”).

Joining our service is free. There is a charge for requesting and receiving confirmations. Our Fees and Credits Policy is available (at https://www.confirmation.com/us-FeesCreditPolicy.pdf) and is incorporated by reference. We may change our Fees and Credit Policy and the fees for our services from time to time. Our changes to the policy are effective after we provide you with at least fourteen (14) days’ notice of the changes by posting the changes in this Agreement. However, we may choose to temporarily change our Fee Policy and the fees for our services for promotional events and such changes are effective when we post the temporary promotional event on the www.confirmation.com website. When you purchase a confirmation you have an opportunity to review and accept the fees that you will be charged for the use of our services. We may in our sole discretion change some or all of our services at any time. In the event we introduce a new service, the fees for that service are effective at the launch of the service. Unless otherwise stated, all fees are quoted in U.S. Dollars. You are responsible for paying all fees associated with using our service and our website and all applicable taxes.

3. Capital Confirmation is a Venue.

3.1 Capital Confirmation is not a bank or law firm nor are we an authorized bank or law firm representative. Instead, our site acts as a venue to allow users to request, receive, and buy confirmations at any time, from anywhere. We are not involved in the actual transaction between users of  and providers of the confirmation information. As a result, we have no control over the quality, accuracy, timeliness or legality of the requests and the responses, or the truth or accuracy of the requests and responses. We also cannot ensure that a provider will actually complete a transaction.

3.2 Identity Verification. We use many techniques to identify our users when they register on our site. However, because user verification on the Internet is difficult, Capital Confirmation cannot and does not confirm each user’s purported identity. Thus, we have established a user-initiated communication system to help you evaluate with whom you are dealing. We encourage you to communicate directly with individual parties through the tools available on our site.

3.3 Release. Because we are a venue, in the event that you have a dispute with one or more users, you release Capital Confirmation (and our officers, directors, agents, subsidiaries, joint ventures and employees) from claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with such disputes. If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”

3.4 Information Control. We do not control the information provided by other users that is made available through our system. You may find other user’s information to be inaccurate. Please use caution, common sense, and safe practices when using our site.

3.5 Customer Support. Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M. Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

4. Authorizing, Requesting and Purchasing.

By authorizing, requesting and purchasing a confirmation you agree to be bound by the conditions of this Agreement. Requests are not retractable. If you choose to authorize, request or purchase a confirmation you are certifying that you have the legal right to authorize, request or purchase such confirmations.

5. Address Lookup.

Capital Confirmation pulls Address Lookup information from public and private data sources. The Public Records, private records and commercially available data sources used in this system have errors and are not complete. Data is sometimes entered poorly and processed incorrectly. This system should not be relied upon as definitively accurate. Before relying on any data this system supplies, it should be independently verified.

6. Out-of-Network Confirmations.

The Out-of-Network confirmation service requires the requestor to enter the contact information for the responder and the responder’s company. Because you as the requestor determine who and at which entity an out-of-network confirmation is directed, and therefore which entity and who at that entity is the responder, you agree to accept full and sole responsibility for the verification and validation of the identity of the individual responder and the company they claim to represent. You understand that Capital Confirmation has not and will not validate the identity of the responder or the company they claim to represent. You release and hold harmless Capital Confirmation from any and all claims related to the responder’s identity and/or the identity of the company the responder claims to represent if you request confirmations through www.confirmation.com using the Out-of-Network confirmation service.

7. Fraud.

Without limiting any other remedies, Capital Confirmation may suspend or terminate your account if we suspect that you (by conviction, settlement, insurance investigation, or otherwise) have engaged in fraudulent activity in connection with our site.

8. Your Information.

8.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature. You are solely responsible for Your Information, and we act as a passive conduit for your online distribution and publication of Your Information.

8.2 Restricted Activities. Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers. Furthermore, you may not authorize or request any confirmation on the site (or consummate any transaction that was initiated using our service) that, by authorizing or paying to us the usage fee or the final value fee, could cause us to violate any applicable law, statute, ordinance or regulation.

8.3 License. Solely to enable Capital Confirmation to use the information you supply us with, so that we are not violating any rights you might have in that information, you agree to grant us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable (through multiple tiers) right to exercise the copyright, publicity, and database rights (but no other rights) you have in Your Information, in any media now known or not currently known, with respect to Your Information. Capital Confirmation will only use Your Information in accordance with our Privacy Statement.

9. Ownership of Intellectual Property.

Capital Confirmation shall have and retain all rights, title and interest in all Intellectual Property relating to the Service or arising out of the relationship described in this Agreement. “Intellectual Property” means all ideas, discoveries, inventions, developments, designs, improvements, trademarks, service marks, trade secrets, proprietary information, programs, source code, object code, applications for patents, patents, copyrights (for the duration thereof, including renewals, extensions, and reversions thereof), copyrightable works, and the goodwill associated therewith, including enhancements, improvements, and derivative works, either presently existing or hereinafter arising. You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation’s expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation. While a registered user of our service, and for a period of two (2) years from the date of last login, you agree not to offer services or assist others in offering services that would compete in any way with the services offered by Capital Confirmation. Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

9.1 License. You agree to grant us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable (through multiple tiers) right to use your company name, registered trademark, word mark, service mark, and logo in correspondence with Clients and Users related to the Service.

10. Access and Interference.

You agree that you will not use any robot, spider, other automatic device, or manual process to monitor or copy our web pages or the content contained herein without our prior expressed written permission. You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part. You agree that you will not use any device, software or routine to bypass our security features, or to interfere or attempt to interfere with the proper working of the Capital Confirmation site or any activities conducted on our site. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on our infrastructure. Much of the information on our site is updated on a real time basis and is proprietary or is licensed to Capital Confirmation by our users or third parties. You agree that you will not copy, reproduce, alter, modify, create derivative works, or publicly display any content (except for Your Information) from our website without the prior expressed written permission of Capital Confirmation or the appropriate third party. You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading.  You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service.  You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement.  You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service.  You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs.  You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent.  You shall not infringe on our licensors’ intellectual property rights or those of any third party in relation to your use of our website or Service.

11. Breach.

Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

12. Electronic Communications; Identifiers and Passwords; Binding Effect.

You will receive and transmit information to us over the Internet using SSL technology and 2048-bit encryption. You must use Internet browsers (such as Internet Explorer version 7.0 or higher) that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will select and use an identification code (such as a “log-in ID”) and a password. You shall protect and safeguard its identification code and password, and shall only permit authorized employees to use the identification code and password in connection with the service. We, and all other persons receiving information from you that has been transmitted using the identification code and password selected by you, shall be entitled to rely in all instances that the information so transmitted has been transmitted by you, that such information is true, accurate and complete in all respects, with the same effect and intent as if such information had been transmitted in written form bearing your written signature. If you believe that your identification code and password have been lost, stolen or compromised in any respect, please notify us immediately at 1-888-716-3577. Communications using the identification code and password received after we have had an opportunity to respond to your notice will not be valid or effective.

13. Privacy.

We do not sell or rent your personal information to third parties and we only use your information as described in the Privacy Statement. We view protection of users’ privacy as a very important community principle. We understand clearly that you and your information are one of our most important assets. We store and process your information on computers located in the United States that are protected by physical as well as technological security devices. We use third parties to verify and certify our privacy principles.

All Customer Financial information residing within Confirmation.com’s secure processing controls will be maintained and stored according to our stated security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com’s control (e.g data downloaded by user, or mailed confirmations).

Our current Privacy Statement is available (at https://www.confirmation.com/us-privacypolicy.pdf). If you object to your Information being transferred or used in this way please do not use our services.

13A.    Personal Data transferred outside of the EU / EEA / Switzerland.

This Clause 13A applies where we process ‘personal data’ (as defined in Schedule 1). We are committed to ensuring that safeguards in place to protect such data that we store and process. Our data processing activities will take place in a third country not recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, therefore where you are established in the EU / EEA / Switzerland or our services to you involve the transfer of personal data which originates from the EU / EEA / Switzerland, Schedule 1 will apply and is incorporated into and forms part of this Agreement.

14. Client Authentication.

Subscriber certifies that any and all subject(s) set up as the subscriber’s client(s) on the Confirmation.com service are authorized representatives of the subscriber’s client.

15. Authorization.

Subscriber certifies that any confirmations requested are with the subject(s) prior written permission. Subscriber agrees to keep the authorization on file for a minimum of 5 years. Typically this written permission is in the form of a client engagement letter. The Subscriber warrants that the release of the subjects information will not result in a breach of any applicable data privacy legislation.

16. Audit Rights.

Capital Confirmation may, from time to time, conduct various audits of Subscriber’s practices and procedures to determine Subscriber’s compliance with this Agreement. Subscriber will reasonable cooperate in all those audits. Capital Confirmation may conduct on-site and/or off-site audits of Subscriber’s facilities as Capital Confirmation determines during normal business hours, and upon reasonable notice.

17. No Warranty.

WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES ON AN “AS IS” BASIS WITHOUT ANY WARRANTIES OF ANY KIND. WE, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, INCLUDING THE WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES’ RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. THE PROVIDER MAKES NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN. WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE.  WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES.

18. Liability Limit.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE). THE USER SHALL HAVE NO LIABILITY WITH RESPECT TO THE SERVICE FOR CONSEQUENTIAL, EXEMPLARY, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR.  THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.

OUR LIABILITY, AND THE LIABILITY OF OUR SUBSIDIARIES, EMPLOYEES, AND SUPPLIERS, TO YOU OR ANY THIRD PARTIES IN ANY CIRCUMSTANCE IS LIMITED TO THE LESSOR OF (A) THE AMOUNT OF FEES YOU PAY TO US IN THE 12 MONTHS PRECEDING THE FIRST DATE ON WHICH SUCH LIABILITY AROSE, OR (B) $100.

19. Fair Credit Reporting Disclosure.

The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. (“FCRA”) and therefore, is not subject to the requirements or provisions of the FCRA.  Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA.  CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act.  CCI makes no representations or warranties about such other User’s compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

20. Indemnity.

Subscriber shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) Subscriber’s negligence or intentional conduct; (b) Subscriber’s breach of its obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by Subscriber, Subscriber’s vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable data protection legislation.

21. Confidentiality.

You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service.  You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement.  You acknowledge that details of the Service constitute our confidential information.

22. Legal Compliance.

Subscriber represents and warrants that it has read, understands and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA PATRIOT Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

Subscriber certifies that it will use the service and the information received for no other purpose than is legally permissible. Subscriber understands that if the system is used improperly by company personnel, or if its access codes are made available to any unauthorized personnel due to carelessness on the part of the Subscriber or any other, it may be held responsible for financial losses, fees or monetary charges that may be incurred and that its access privileges may be terminated.

23. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”)

Nothing in this agreement shall limit the BBA’s liability for death or personal injury caused by its negligence or that or its personnel; fraud or fraudulent misrepresentation; or for any other liability which cannot be excluded under English law, even if any other terms of this Agreement would suggest that this might otherwise be the case. You expressly acknowledge and agree that the BBA: (a) is not a part to this Agreement and is not involved in the design, supply or support of Capital Confirmation Inc’s services including the service promoted to UK banks as “BBA Confirmations”; (b) makes no representation or warranty that the services will be adequate or appropriate for you and its requirements and any BBA trademarks or logos present in marketing materials or other documents o not represent and endorsement of the service; (c) shall not be responsible for providing any of the services; and (d) shall have no liability to you whatsoever whether direct or indirect and whether in contact, tort (including negligence), misrepresentation or for any other reason in respect of any of the services provided under this agreement.

24. No Agency.

You and Capital Confirmation are independent contractors, and no agency, partnership, joint venture, employee-employer or franchiser-franchisee relationship is intended or created by this Agreement.

25. Notices.

Except as explicitly stated otherwise, any notices shall be given by postal mail to Capital Confirmation Inc. Attn: Legal Department 214 Centerview Drive, Suite 265, Brentwood, TN 37027 (in the case of Capital Confirmation) or to the email address you provide to Capital Confirmation during the registration process (in your case). Notice shall be deemed given 24 hours after email is sent, unless the sending party is notified that the email address is invalid. Alternatively, we may give you notice by certified mail, postage prepaid and return receipt requested, to the address provided to Capital Confirmation during the registration process. In such case, notice shall be deemed given 3 days after the date of mailing.

26. Arbitration.

Any legal controversy or legal claim arising out of or relating to this Agreement or our services, excluding legal action taken by Capital Confirmation to collect our fees and/or recover damages for, or obtain an injunction relating to, the Capital Confirmation site operations, intellectual property, and our services, shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. The arbitration shall be conducted in Nashville, Tennessee, and judgment on the arbitration award may be entered into any court having jurisdiction thereof. Either you or Capital Confirmation may seek any interim or preliminary relief from a court of competent jurisdiction in Nashville, Tennessee necessary to protect the rights or property of you or Capital Confirmation pending the completion of arbitration. Should either party file an action contrary to this provision, the other party may recover attorney’s fees and costs up to $1000.00.

27. Additional Terms.

The following policies are incorporated into this Agreement by reference and provide additional terms and conditions related to specific services offered on our site:

Privacy Statement: https://www.confirmation.com/us-privacypolicy.pdf

Fees and Credit Policy: https://www.confirmation.com/us-FeesCreditPolicy.pdf

Each of these policies may be changed from time to time and are effective immediately after we post the changes on our site, except for the Privacy Statement for which we will provide you with thirty days prior notice. In addition, when using particular services on our site, you agree that you are subject to any posted policies or rules applicable to services you use through our site, which may be posted from time to time. All such posted policies or rules are hereby incorporated by reference into this Agreement.

You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.  We do not guarantee and shall not be liable for the performance of any sub-processor or sub-contractor.

28. Governing Law.

This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles.  You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

29. Assignment.

You agree that this Agreement and all incorporated agreements may be automatically assigned by Capital Confirmation, in our sole discretion, to a third party in the event of a merger or acquisition.  You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

30. General.

We do not guarantee continuous, uninterrupted or secure access to our services, and operation of our site may be interfered with by numerous factors outside of our control. If any provision of this Agreement is held to be invalid or unenforceable, such provision shall be struck and the remaining provisions shall be enforced. Headings are for reference purposes only and in no way define, limit, construe or describe the scope or extent of such section. Our failure to act with respect to a breach by you or others does not waive our right to act with respect to subsequent or similar breaches. English is the official language used for content on the Confirmation.com website. Through the use of a third-party provider Confirmation.com provides its users with limited English proficiency to access information on the site. Translations made through this automated process should not be considered exact particularly in cases of technical and legal terminology. Additionally, some files including graphs, photos and portable document formats (pdfs) cannot be translated through this process. Capital Confirmation Inc. does not warrant the accuracy or reliability of any information translated by this system and shall not be liable for any losses caused by such reliance on the accuracy or reliability of such information. While every effort is made to ensure the accuracy of the translation, portions may be incorrect. Any person or entity who relies on information obtained from the system does so at his or her own risk. This Agreement sets forth the entire understanding and agreement between us with respect to the subject matter hereof. Sections 2 (Fees and Services) with respect to fees owed for our services, 3.3 (Release), 8.3 (License), 10 (Access and Interference), 18 (Liability Limit), 19 (Indemnity) and 23 (Arbitration) shall survive any termination or expiration of this Agreement.

31. Disclosures.

The services hereunder are offered by Capital Confirmation Inc., located at 214 Centerview Drive, Suite 265, Brentwood, Tennessee 37027. Fees for our services are described above in Section 2 (Fees and Services).

32. Disputes.

Disputes between you and Capital Confirmation regarding our services may be reported to Customer Support by mailing us at Capital Confirmation, Customer Support, 214 Centerview Drive, Suite 265, Brentwood, TN 37027. We encourage you to report all user-to-user disputes to your local law enforcement, postmaster general, or a certified mediation or arbitration entity.

33. Your Acceptance of this User Agreement.

You evidence your acceptance of this User Agreement by clicking on “Accept User Agreement and Add Account” button on the Capital Confirmation website or by using the Confirmation.com service. Such acceptance shall have the same legal effect as your written signature set forth on a written document containing the terms and conditions of this User Agreement.

Schedule 1

EUROPEAN DATA TRANSFERS

Capital Confirmation will process personal data outside of the European Economic Area and Switzerland in a third country, the United States, which is not recognized by the European Commission and the Swiss Federal Data Protection and Information Commission respectively as providing an adequate level of privacy protection.

(A) Capital Confirmation is committed to ensuring that adequate safeguards are in place to protect the data that Capital Confirmation store and process.

(B) Capital Confirmation has signed up to the EU-US Privacy Shield Framework, a European Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.

(C) Capital Confirmation has signed up to the Swiss-US Privacy Shield Framework, a Swiss Federal Data Protection and Information Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.

(D) This Schedule 1 reflects that Capital Confirmation is Privacy Shield certified (in relation to the EU and Switzerland, as may be relevant) and that the parties agree to rely on such certification as the chosen adequacy mechanism to provide protection to personal data which is subject to the Directive, and which is transferred by you to Capital Confirmation.

1. Definitions and interpretation.

1.1 The following expressions are used in this Schedule 1:

(a) “Capital Confirmation Group” means Capital Confirmation and any corporate entities which are from time to time under Common Control with Capital Confirmation

(b) “Directive” – Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and any applicable national legislation or regulation implementing that Directive or any subsequent EU or Swiss legislation in respect of privacy or data protection as updated amended or replaced from time to time  including the Regulation (EU) 2017/679 of the European Parliament and of the Council of 27 April 2017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and any related national legislation or regulation;

(c) “personal data” “processing”, “data controller”, “data subject” and “data processor” shall have the meanings ascribed to them in the Directive;

1.2 An entity “Controls” another entity if it (a) holds a majority of the voting rights in it; (b) is a member or shareholder of it and has the right to remove a majority of its board of directors or equivalent managing body; (c) is a member or shareholder of it and controls alone or pursuant to an agreement with other shareholders or members, a majority of the voting rights in it; (d) has the right to exercise a dominant influence over it pursuant to its constitutional documents or pursuant to a contract; and two entities are treated as being in “Common Control” if either controls the other (directly or indirectly) or both are controlled (directly or indirectly) by the same entity.

2. International data transfer outside the European Economic Area or Switzerland

2.1 Where we process ‘personal data’ (as defined in Directive) for the purpose of the provision of the services to you and which is transferred outside of the European Economic Area or Switzerland (either directly or via onward transfer) to us in the United States. we are committed to ensuring that adequate safeguards are in place to protect such data that we store and process. As set out in Clause 13, our data processing activities will take place in the United States, a third country not recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection.  Accordingly, we self-certify to and comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks administered by the US Department of Commerce. We will comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks, as required, for as long as such mechanism is regarded as providing adequate protection to personal data transferred outside the European Economic Area or Switzerland (as the case may be) by the European Commission and the Swiss Federal Data Protection and Information Commission respectively (or other body with such authority).

2.2 Further, we agree to:

(i) act only on instructions from you in connection with the provision of the services (unless otherwise prohibited by applicable law).

(ii) provide appropriate and technical organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration unauthorized disclosure or access. Including maintaining administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the online audit confirmation service, as described in Capital Confirmation’s service organization controls report, accessible via https://www.confirmation.com/security/ or otherwise made reasonably available by us from time to time.

(iii) provide assistance, where applicable, to you in responding to individuals exercising their rights under applicable data protection law (unless otherwise prohibited by applicable law).

2.3 You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

For Responders of Confirmations

User Agreement – Responders

THE FOLLOWING DESCRIBES THE TERMS ON WHICH CAPITAL CONFIRMATION INC. OFFERS YOU ACCESS TO OUR SERVICES.

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domain and sub-domains of www.confirmation.com (including www.capitalconfirmation.com, www.myconfirmation.com, www.cashconfirm.com, www.bbaconfirmations.com, and www.bba.confirmation.com) and the general principles for the websites of our subsidiaries. If you do not agree to be bound by the terms and conditions of this Agreement, do not use or access our services. You evidence your acceptance of the terms and conditions of this Agreement through your use of any of the Confirmation.com services (aka “ConfirmÔ” service).

If you have any questions, please email us at customer.support@confirmation.com.

You must read, agree with and accept all of the terms and conditions contained in this User Agreement and the Privacy Statement, which include those terms and conditions expressly set out below and those incorporated by reference, before you may become a member of Capital Confirmation. We strongly recommend that, as you read this User Agreement, you also access and read the information contained in the other pages and websites referred to in this document, as they may contain further terms and conditions that apply to you as a Capital Confirmation user. Please note: underlined words and phrases are links to these pages and websites. By accepting this User Agreement, you also agree that your use of other Capital Confirmation websites will be governed by the terms and conditions posted on those websites.

We may amend this Agreement at any time by posting the amended terms on our site. Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site. You will not be notified in writing or by email of any changes in this Agreement. This Agreement may not be otherwise amended except in writing signed by you and Capital Confirmation Inc. This Agreement is effective starting March 1, 2003.

1. Membership Eligibility.

Our services are available only to individuals who can form legally binding contracts under applicable law. Without limiting the foregoing, our services are not available to minors or to temporarily or indefinitely suspended Capital Confirmation members. If you are a minor, you cannot use this service. If you do not qualify, please do not use our services. Further, your Capital Confirmation account (including feedback) and User Id may not be transferred or sold to another party. If you are registering as a business entity, you represent that you have the authority to bind the entity to this Agreement. If you are registered as an individual, you represent that you are the individual you purport to be.

2. Fees and Service.

Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users (the “Service”). Joining and using our service to respond to audit confirmations is free. Our changes to the policy are effective after we provide you with at least fourteen (14) days’ notice of the changes by posting the changes in this Agreement. In the event we introduce a new service, the fees for that service are effective at the launch of the service.

3. Capital Confirmation is a Venue.

3.1 Capital Confirmation is not an accounting firm or client user nor are we an authorized accounting firm or client user representative. Instead, our site acts as a venue to allow users to respond to audit confirmations. We are not involved in the actual transaction between users of and providers of the confirmation information. As a result, we have no control over the quality, accuracy, timeliness or legality of the requests and the responses, or the truth or accuracy of the requests and responses.

3.2 Identity Verification. We use many techniques to identify our users when they register on our site. However, because user verification on the Internet is difficult, Capital Confirmation cannot and does not confirm each user’s purported identity. Thus, we have established a user-initiated communication system to help you evaluate with whom you are dealing. We encourage you to communicate directly with individual parties through the tools available on our site.

3.3 Release. Because we are a venue, in the event that you have a dispute with one or more users, you release Capital Confirmation (and our officers, directors, agents, subsidiaries, joint ventures and employees) from claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with such disputes. If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”

3.4 Information Control. We do not control the information provided by other users that is made available through our system. You may find other user’s information to be inaccurate. Please use caution, common sense, and safe practices when using our site.

3.5 Customer Support. Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M. Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

4. Responding.

By responding to a confirmation request you agree to be bound by the conditions of this Agreement. Responses are not retractable. If you choose to respond to a confirmation you are certifying that you have the legal right to respond to such confirmations on behalf of the company you purport to represent and work for, or in the case of an individual who is responding, you are certifying that you are the person you purport to be.

5. Fraud.

Without limiting any other remedies, Capital Confirmation may suspend or terminate your account if we suspect that you (by conviction, settlement, insurance investigation, or otherwise) have engaged in fraudulent activity in connection with our site.

6. Your Information.

6.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature. You are solely responsible for Your Information, and we act as a passive conduit for your online distribution and publication of Your Information.

6.2 Restricted Activities. Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers. Furthermore, you may not authorize and respond to any confirmation on the site (or consummate any transaction that was initiated using our service) that, by authorizing and responding to us the usage fee or the final value fee, could cause us to violate any applicable law, statute, ordinance or regulation.

6.3 License. Solely to enable Capital Confirmation to use the information you supply us with, so that we are not violating any rights you might have in that information, you agree to grant us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable (through multiple tiers) right to exercise the copyright, publicity, and database rights (but no other rights) you have in Your Information, in any media now known or not currently known, with respect to Your Information. Capital Confirmation will only use Your Information in accordance with our Privacy Statement.

7. Ownership of Intellectual Property.

Capital Confirmation shall have and retain all rights, title and interest in all Intellectual Property relating to the Service or arising out of the relationship described in this Agreement. “Intellectual Property” means all ideas, discoveries, inventions, developments, designs, improvements, trademarks, service marks, trade secrets, proprietary information, programs, source code, object code, applications for patents, patents, copyrights (for the duration thereof, including renewals, extensions, and reversions thereof), copyrightable works, and the goodwill associated therewith, including enhancements, improvements, and derivative works, either presently existing or hereinafter arising. You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation’s expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation. While a registered user of our service, and for a period of two (2) years from the date of last login, you agree not to offer services or assist others in offering services that would compete in any way with the services offered by Capital Confirmation. Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

8. Access and Interference.

You agree that you will not use any robot, spider, other automatic device, or manual process to monitor or copy our web pages or the content contained herein without our prior expressed written permission. You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part. You agree that you will not use any device, software or routine to bypass our security features, or to interfere or attempt to interfere with the proper working of the Capital Confirmation site or any activities conducted on our site. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on our infrastructure. Much of the information on our site is updated on a real time basis and is proprietary or is licensed to Capital Confirmation by our users or third parties. You agree that you will not copy, reproduce, alter, modify, create derivative works, or publicly display any content (except for Your Information) from our website without the prior expressed written permission of Capital Confirmation or the appropriate third party. You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading.  You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service.  You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement.  You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service.  You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs.  You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent.  You shall not infringe on our licensors’ intellectual property rights or those of any third party in relation to your use of our website or Service.

9. Breach.

Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

10. Electronic Communications; Identifiers and Passwords; Binding Effect.

You will receive and transmit information to us over the Internet using SSL technology and 2048-bit encryption. You must use Internet browsers (such as Internet Explorer version 7.0 or higher) that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will either select and use an identification code (such as a “log-in ID”) and a password or will be prompted to click a link to log-in. You shall protect and safeguard identification codes, passwords, log-in links/emails, and shall only permit authorized employees or yourself to use the identification code and password, or to click the log-in link, in connection with the service. We, and all other persons receiving information from you that has been transmitted using either the identification code and password selected by you, or the log-in link/email, shall be entitled to rely in all instances that the information so transmitted has been transmitted by you, that such information is true, accurate and complete in all respects, with the same effect and intent as if such information had been transmitted in written form bearing your written signature. If you believe that your identification code and password have been lost, stolen or compromised in any respect, please notify us immediately at 1-888-716-3577. Communications using the identification code and password received after we have had an opportunity to respond to your notice will not be valid or effective.

11. Privacy.

We do not sell or rent your personal information to third parties and we only use your information as described in the Privacy Statement. We view protection of users’ privacy as a very important community principle. We understand clearly that you and your information are one of our most important assets. We store and process your information on computers located in the United States that are protected by physical as well as technological security devices. We use third parties to verify and certify our privacy principles.

All Customer Financial information residing within Confirmation.com’s secure processing controls will be maintained and stored according to our stated security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com’s control (e.g data downloaded by user, or mailed confirmations).

Our current Privacy Statement is available (at https://www.confirmation.com/us-privacypolicy.pdf). If you object to your Information being transferred or used in this way please do not use our services.

11A.    Personal Data transferred outside of the EU / EEA / Switzerland.

This Clause 11A applies where we process ‘personal data’ (as defined in Schedule 1).  We are committed to ensuring that adequate safeguards are in place to protect such data that we store and process. Our data processing activities will take place in a third country not recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, therefore where you are established in the EU / EEA / Switzerland or our services to you involve the transfer of personal data which originates from the EU / EEA / Switzerland, Schedule 1 will apply and is incorporated into and forms part of this Agreement.

12. Supervisor, Secretary, Coordinator and Clerk Authentication.

Subscriber certifies that any and all subject(s) set up as the subscriber’s supervisor(s), secretary(s), coordinator(s) and/or clerk(s) on the Confirm service are authorized and employed representatives of the subscriber.

13. Audit Rights.

Capital Confirmation may, from time to time, conduct various audits of Subscriber’s practices and procedures to determine Subscriber’s compliance with this Agreement. Subscriber will reasonable cooperate in all those audits. Capital Confirmation may conduct on-site and/or off-site audits of Subscriber’s facilities as Capital Confirmation determines during normal business hours, and upon reasonable notice.

14. No Warranty.

WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES ON AN “AS IS” BASIS WITHOUT ANY WARRANTIES OF ANY KIND. THE PROVIDER, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, INCLUDING THE WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES’ RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. THE PROVIDER MAKES NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN. WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE.  WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES.

15. Liability Limit.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE). THE USER SHALL HAVE NO LIABILITY WITH RESPECT TO THE SERVICE FOR CONSEQUENTIAL, EXEMPLARY, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR.  THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.

OUR LIABILITY, AND THE LIABILITY OF OUR SUBSIDIARIES, EMPLOYEES, AND SUPPLIERS, TO YOU OR ANY THIRD PARTIES IN ANY CIRCUMSTANCE IS LIMITED TO THE GREATER OF (A) THE AMOUNT OF FEES YOU PAY TO US IN THE 12 MONTHS PRECEDING THE FIRST DATE ON WHICH SUCH LIABILITY AROSE, AND (B) $100.

16. Fair Credit Reporting Disclosure.

The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. (“FCRA”) and therefore, is not subject to the requirements or provisions of the FCRA.  Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA.  CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act.  CCI makes no representations or warranties about such other User’s compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

17. Indemnity.

Subscriber shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) Subscriber’s negligence or intentional conduct; (b) Subscriber’s breach of its obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by Subscriber, Subscriber’s vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable data protection legislation.

18. Confidentiality.

You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service.  You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement.  You acknowledge that details of the Service constitute our confidential information.

19. Legal Compliance.

Subscriber represents and warrants that it has read, understands and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA PATRIOT Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

Subscriber certifies that it will use the service and the information received for no other purpose than is legally permissible. Subscriber understands that if the system is used improperly by company personnel, or if its access codes are made available to any unauthorized personnel due to carelessness on the part of the Subscriber or any other, it may be held responsible for financial losses, fees or monetary charges that may be incurred and that its access privileges may be terminated.

20. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”).

Nothing in this agreement shall limit the BBA’s liability for death or personal injury caused by its negligence or that or its personnel; fraud or fraudulent misrepresentation; or for any other liability which cannot be excluded under English law, even if any other terms of this Agreement would suggest that this might otherwise be the case.

You expressly acknowledge and agree that the BBA: (a) is not a party to this Agreement and is not involved in the design, supply or support of Capital Confirmation Inc’s services including the service promoted to UK banks as “BBA Confirmations”; (b) makes no representation or warranty that the services will be adequate or appropriate for you and its requirements and any BBA trademarks or logos present in marketing materials or other documents do not represent an endorsement of the service; (c) shall not be responsible for providing any of the services; and (d) shall have no liability to you whatsoever whether direct or indirect and whether in contact, tort (including negligence), misrepresentation or for any other reason in respect of any of the services provided under this agreement.

21. No Agency.

You and Capital Confirmation are independent contractors, and no agency, partnership, joint venture, employee-employer or franchiser-franchisee relationship is intended or created by this Agreement.

22. Notices.

Except as explicitly stated otherwise, any notices shall be given by postal mail to Capital Confirmation Inc. Attn: Legal Department 214 Centerview Drive, Suite 265, Brentwood, TN 37027 (in the case of Capital Confirmation) or to the email address you provide to Capital Confirmation during the registration process (in your case). Notice shall be deemed given 24 hours after email is sent, unless the sending party is notified that the email address is invalid. Alternatively, we may give you notice by certified mail, postage prepaid and return receipt requested, to the address provided to Capital Confirmation during the registration process. In such case, notice shall be deemed given 3 days after the date of mailing.

23. Arbitration.

Any legal controversy or legal claim arising out of or relating to this Agreement or our services, excluding legal action taken by Capital Confirmation to collect our fees and/or recover damages for, or obtain an injunction relating to, the Capital Confirmation site operations, intellectual property, and our services, shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. The arbitration shall be conducted in Nashville, Tennessee, and judgment on the arbitration award may be entered into any court having jurisdiction thereof. Either you or Capital Confirmation may seek any interim or preliminary relief from a court of competent jurisdiction in Nashville, Tennessee necessary to protect the rights or property of you or Capital Confirmation pending the completion of arbitration. Should either party file an action contrary to this provision, the other party may recover attorney’s fees and costs up to $1000.00.

24. Governing Law.

This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles.  You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

25. Assignment.

You agree that this Agreement and all incorporated agreements may be automatically assigned by Capital Confirmation, in our sole discretion, to a third party in the event of a merger or acquisition.  You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

26. Additional Terms.

The following policies are incorporated into this Agreement by reference and provide additional terms and conditions related to specific services offered on our site:

Privacy Statement: https://www.confirmation.com/us-privacypolicy.pdf

Each of these policies may be changed from time to time and are effective immediately after we post the changes on our site, except for the Privacy Statement for which we will provide you with thirty days prior notice. In addition, when using particular services on our site, you agree that you are subject to any posted policies or rules applicable to services you use through our site, which may be posted from time to time. All such posted policies or rules are hereby incorporated by reference into this Agreement.

You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

27. General.

We do not guarantee continuous, uninterrupted or secure access to our services, and operation of our site may be interfered with by numerous factors outside of our control. If any provision of this Agreement is held to be invalid or unenforceable, such provision shall be struck and the remaining provisions shall be enforced. Headings are for reference purposes only and in no way define, limit, construe or describe the scope or extent of such section. Our failure to act with respect to a breach by you or others does not waive our right to act with respect to subsequent or similar breaches. English is the official language used for content on the Confirmation.com website. Through the use of a third-party provider Confirmation.com provides its users with limited English proficiency to access information on the site. Translations made through this automated process should not be considered exact particularly in cases of technical and legal terminology. Additionally, some files including graphs, photos and portable document formats (pdfs) cannot be translated through this process. Capital Confirmation Inc. does not warrant the accuracy or reliability of any information translated by this system and shall not be liable for any losses caused by such reliance on the accuracy or reliability of such information. While every effort is made to ensure the accuracy of the translation, portions may be incorrect. Any person or entity who relies on information obtained from the system does so at his or her own risk. This Agreement sets forth the entire understanding and agreement between us with respect to the subject matter hereof. Sections 2 (Fees and Services) with respect to fees owed for our services, 3.3 (Release), 6.3 (License), 8 (Access and Interference), 15 (Liability Limit), 16 (Indemnity) and 20 (Arbitration) shall survive any termination or expiration of this Agreement.

28. Disclosures.

The services hereunder are offered by Capital Confirmation Inc., located at 214 Centerview Drive, Suite 265, Brentwood, Tennessee 37027. Fees for our services are described above in Section 2 (Fees and Services).

29. Disputes.

Disputes between you and Capital Confirmation regarding our services may be reported to Customer Support by mailing us at Capital Confirmation, Customer Support, 214 Centerview Drive, Suite 265, Brentwood, TN 37027. We encourage you to report all user-to-user disputes to your local law enforcement, postmaster general, or a certified mediation or arbitration entity.

30. Your Acceptance of this User Agreement.

You evidence your acceptance of this User Agreement by using the Confirmation.com service. Such acceptance shall have the same legal effect as your written signature set forth on a written document containing the terms and conditions of this User Agreement.

Schedule 1

EUROPEAN PERSONAL DATA TRANSFERS

(A) Capital Confirmation will process personal data outside of the European Economic Area and Switzerland in a third country, the United States, which is not recognized by the European Commission and the Swiss Federal Data Protection and Information Commission respectively as providing an adequate level of privacy protection.

(B) Capital Confirmation is committed to ensuring that adequate safeguards are in place to protect the data that Capital Confirmation store and process.

(C) Capital Confirmation has signed up to the EU-US Privacy Shield Framework, a European Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.

(D) Capital Confirmation has signed up to the Swiss-US Privacy Shield Framework, a Swiss Federal Data Protection and Information Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.

(E) This Schedule 1 reflects that Capital Confirmation is Privacy Shield certified (in relation to the EU and Switzerland, as may be relevant) and that the parties agree to rely on such certification as the chosen adequacy mechanism to provide protection to personal data which is subject to the Directive, and which is transferred by you to Capital Confirmation.

1. Definitions and interpretation.

1.1 The following expressions are used in this Schedule 1:

(a) “Capital Confirmation Group” means Capital Confirmation and any corporate entities which are from time to time under Common Control with Capital Confirmation

(b) “Directive” – Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and any applicable national legislation or regulation implementing that Directive or any subsequent EU  or Swiss legislation in respect of privacy or data protection as updated amended or replaced from time to time including the Regulation (EU) 2017/679 of the European Parliament and of the Council of 27 April 2017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and any related national legislation or regulation;

(c) “personal data” “processing”, “data controller”, “data subject and “data processor” shall have the meanings ascribed to them in the Directive;

1.2 An entity “Controls” another entity if it (a) holds a majority of the voting rights in it; (b) is a member or shareholder of it and has the right to remove a majority of its board of directors or equivalent managing body; (c) is a member or shareholder of it and controls alone or pursuant to an agreement with other shareholders or members, a majority of the voting rights in it; (d) has the right to exercise a dominant influence over it pursuant to its constitutional documents or pursuant to a contract; and two entities are treated as being in “Common Control” if either controls the other (directly or indirectly) or both are controlled (directly or indirectly) by the same entity.

2. International data transfer outside the European Economic Area or Switzerland

2.1 Where we process ‘personal data’ (as defined in Directive) for the purpose of the provision of the services to you and which is transferred outside of the European Economic Area or Switzerland (either directly or via onward transfer) to us in the United States. We are committed to ensuring that adequate safeguards are in place to protect such data that we store and process. As set out in Clause 11, our data processing activities will take place in the United States, a third country not recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection.  Accordingly, we self-certify to and comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks administered by the US Department of Commerce. We will comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks, as required, for as long as such mechanism is regarded as providing adequate protection to personal data transferred outside the European Economic Area or Switzerland (as the case may be) by the European Commission and the Swiss Federal Data Protection and Information Commission respectively (or other body with such authority).

2.2 Further, we agree to:

(i) act only on instructions from you in connection with the provision of the services (unless otherwise prohibited by applicable law).

(ii) provide appropriate and technical organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration unauthorized disclosure or access. Including maintaining administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the online audit confirmation service, as described in Capital Confirmation’s service organization controls report, accessible via https://www.confirmation.com/security/   or otherwise made reasonably available by us from time to time.

(iii) provide assistance, where applicable, to you in responding to individuals exercising their rights under applicable data protection law (unless otherwise prohibited by applicable law).

2.3 You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

 

For Clients

User Agreement – Clients

THE FOLLOWING DESCRIBES THE TERMS ON WHICH CAPITAL CONFIRMATION INC. OFFERS YOU ACCESS TO OUR SERVICES.

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domain and sub-domains of www.confirmation.com (including www.capitalconfirmation.com, www.myconfirmation.com, www.bbaconfirmations.com, and www.bba.confirmation.com) and the general principles for the websites of our subsidiaries. If you do not agree to be bound by the terms and conditions of this Agreement, do not use or access our services. You evidence your acceptance of the terms and conditions of this Agreement through your use of any of the Confirmation.com services (aka “Confirm™” service).

If you have any questions, please email us at customer.support@confirmation.com.

You must read, agree with and accept all of the terms and conditions contained in this User Agreement and the Privacy Statement, which include those terms and conditions expressly set out below and those incorporated by reference, or do not use our service. We strongly recommend that, as you read this User Agreement, you also access and read the information contained in the other pages and websites referred to in this document, as they may contain further terms and conditions that apply to you as a Capital Confirmation user. Please note: underlined words and phrases are links to these pages and websites. By accepting this User Agreement, you also agree that your use of other Capital Confirmation websites will be governed by the terms and conditions posted on those websites.

We may amend this Agreement at any time by posting the amended terms on our site. Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site. You will not be notified in writing or by email of any changes in this Agreement. This Agreement may not be otherwise amended except in writing signed by you and Capital Confirmation Inc. This Agreement is effective starting March 1, 2003.

1. Membership Eligibility.

Our services are available only to individuals who can form legally binding contracts under applicable law. Without limiting the foregoing, our services are not available to minors or to temporarily or indefinitely suspended Capital Confirmation members. If you are a minor, you cannot use this service. If you do not qualify, please do not use our services. Further, your Capital Confirmation account (including feedback) and User Id may not be transferred or sold to another party. If you are registering as a business entity, you represent that you have the authority to bind the entity to this Agreement. If you are registered as an individual, you represent that you are the individual you purport to be.

2. Fees and Service.

Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users (the “Service”). Joining and using our Service to respond to audit confirmations is free. We may in our sole discretion change some or all of our services at any time. In the event we introduce a new service, the fees for that service are effective at the launch of the service.

3. Capital Confirmation is a Venue.

3.1 Capital Confirmation is not a bank or law firm nor are we an authorized bank or law firm representative. Instead, our site acts as a venue to allow users to request and receive confirmations at anytime, from anywhere. We are not involved in the actual transaction between users of and providers of the confirmation information. As a result, we have no control over the quality, accuracy, timeliness or legality of the requests and the responses, or the truth or accuracy of the requests and responses. We also cannot ensure that a provider will actually complete a transaction.

3.2 Identity Verification. We use many techniques to identify our users when they register on our site. However, because user verification on the Internet is difficult, Capital Confirmation cannot and does not confirm each user’s purported identity. Thus, we have established a user-initiated communication system to help you evaluate with whom you are dealing. We encourage you to communicate directly with individual parties through the tools available on our site.

3.3 Release. Because we are a venue, in the event that you have a dispute with one or more users, you release Capital Confirmation (and our officers, directors, agents, subsidiaries, joint ventures and employees) from claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with such disputes. If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”

3.4 Information Control. We do not control the information provided by other users that is made available through our system. You may find other user’s information to be inaccurate. Please use caution, common sense, and safe practices when using our site.

3.5 Customer Support. Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

4. Authorizing and Requesting.

By authorizing and/or requesting a confirmation you agree to be bound by the conditions of this Agreement. Authorizations and requests are not retractable. If you choose to authorize and/or request a confirmation you are certifying that you have the legal right to authorize and/or request and/or respond to such confirmations.

5. Address Lookup.

Capital Confirmation pulls Address Lookup information from public and private data sources. The Public Records, private records and commercially available data sources used in this system have errors and are not complete. Data is sometimes entered poorly and processed incorrectly. This system should not be relied upon as definitively accurate. Before relying on any data this system supplies, it should be independently verified.

6. Fraud.

Without limiting any other remedies, Capital Confirmation may suspend or terminate your account if we suspect that you (by conviction, settlement, insurance investigation, or otherwise) have engaged in fraudulent activity in connection with our site.

7. Your Information.

 7.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature. You are solely responsible for Your Information, and we act as a passive conduit for your online distribution and publication of Your Information.

7.2 Restricted Activities. Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers. Furthermore, you may not authorize or request any confirmation on the site (or consummate any transaction that was initiated using our service) that, by authorizing or requesting could cause us to violate any applicable law, statute, ordinance or regulation.

7.3 License. Solely to enable Capital Confirmation to use the information you supply us with, so that we are not violating any rights you might have in that information, you agree to grant us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable (through multiple tiers) right to exercise the copyright, publicity, and database rights (but no other rights) you have in Your Information, in any media now known or not currently known, with respect to Your Information. Capital Confirmation will only use Your Information in accordance with our Privacy Statement.

8. Ownership of Intellectual Property.

Capital Confirmation shall have and retain all rights, title and interest in all Intellectual Property relating to the Service or arising out of the relationship described in this Agreement. “Intellectual Property” means all ideas, discoveries, inventions, developments, designs, improvements, trademarks, service marks, trade secrets, proprietary information, programs, source code, object code, applications for patents, patents, copyrights (for the duration thereof, including renewals, extensions, and reversions thereof), copyrightable works, and the goodwill associated therewith, including enhancements, improvements, and derivative works, either presently existing or hereinafter arising. You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation’s expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation. While a registered user of our service, and for a period of two (2) years from the date of last login, you agree not to offer services or assist others in offering services that would compete in any way with the services offered by Capital Confirmation. Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

9. Access and Interference.

You agree that you will not use any robot, spider, other automatic device, or manual process to monitor or copy our web pages or the content contained herein without our prior expressed written permission. You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part. You agree that you will not use any device, software or routine to bypass our security features, or to interfere or attempt to interfere with the proper working of the Capital Confirmation site or any activities conducted on our site. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on our infrastructure. Much of the information on our site is updated on a real time basis and is proprietary or is licensed to Capital Confirmation by our users or third parties. You agree that you will not copy, reproduce, alter, modify, create derivative works, or publicly display any content (except for Your Information) from our website without the prior expressed written permission of Capital Confirmation or the appropriate third party. You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading.  You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service.  You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement.  You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service.  You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs.  You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent.  You shall not infringe on our licensors’ intellectual property rights or those of any third party in relation to your use of our website or Service.

10. Breach.

Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

11. Electronic Communications; Identifiers and Passwords; Binding Effect.

You will receive and transmit information to us over the Internet using SSL technology and 2048-bit encryption. You must use Internet browsers (such as Internet Explorer version 7.0 or higher) that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will select and use an identification code (such as a “log-in ID”) and a password. You shall protect and safeguard its identification code and password, and shall only permit authorized employees to use the identification code and password in connection with the service. We, and all other persons receiving information from you that has been transmitted using the identification code and password selected by you, shall be entitled to rely in all instances that the information so transmitted has been transmitted by you, that such information is true, accurate and complete in all respects, with the same effect and intent as if such information had been transmitted in written form bearing your written signature. If you believe that your identification code and password have been lost, stolen or compromised in any respect, please notify us immediately at 1-888-716-3577. Communications using the identification code and password received after we have had an opportunity to respond to your notice will not be valid or effective.

12. Privacy.

We do not sell or rent your personal information to third parties and we only use your information as described in the Privacy Statement. We view protection of users’ privacy as a very important community principle. We understand clearly that you and your information are one of our most important assets. We store and process your information on computers located in the United States that are protected by physical as well as technological security devices. We use third parties to verify and certify our privacy principles.

All Customer Financial information residing within Confirmation.com’s secure processing controls will be maintained and stored according to our stated security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com’s control (e.g data downloaded by user, or mailed confirmations).

Our current Privacy Statement is available (at https://www.confirmation.com/us-privacypolicy.pdf). If you object to your Information being transferred or used in this way please do not use our services.

12A.    Personal Data transferred outside of the EU / EEA / Switzerland.

This Clause 12A applies where we process ‘personal data’ (as defined in Schedule 1). We are committed to ensuring that adequate safeguards are in place to protect such data that we store and process. Our data processing activities will take place in a third country not recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, therefore where you are established in the EU / EEA / Switzerland or our services to you involve the transfer of personal data which originates from the EU / EEA / Switzerland, Schedule 1 will apply and is incorporated into and forms part of this Agreement.

13. No Warranty.

WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES ON AN “AS IS” BASIS WITHOUT ANY WARRANTIES OF ANY KIND. THE PROVIDER, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, INCLUDING THE WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES’ RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. THE PROVIDER MAKES NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN. WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE.  WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES.

14. Liability Limit.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE). THE USER SHALL HAVE NO LIABILITY WITH RESPECT TO THE SERVICE FOR CONSEQUENTIAL, EXEMPLARY, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR.  THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.

OUR LIABILITY, AND THE LIABILITY OF OUR SUBSIDIARIES, EMPLOYEES, AND SUPPLIERS, TO YOU OR ANY THIRD PARTIES IN ANY CIRCUMSTANCE IS LIMITED TO THE GREATER OF (A) THE AMOUNT OF FEES YOU PAY TO US IN THE 12 MONTHS PRECEDING THE FIRST DATE ON WHICH SUCH LIABILITY AROSE, AND (B) $100.

15. Fair Credit Reporting Disclosure.

The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. (“FCRA”) and therefore, is not subject to the requirements or provisions of the FCRA.  Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA.  CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act.  CCI makes no representations or warranties about such other User’s compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

16. Indemnity.

Subscriber shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) Subscriber’s negligence or intentional conduct; (b) Subscriber’s breach of its obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by Subscriber, Subscriber’s vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable data protection legislation.

17. Confidentiality.

You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service.  You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement.  You acknowledge that details of the Service constitute our confidential information.

18. Legal Compliance.

Subscriber represents and warrants that it has read, understands and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA PATRIOT Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

Subscriber certifies that it will use the service and the information received for no other purpose than is legally permissible. Subscriber understands that if the system is used improperly by company personnel, or if its access codes are made available to any unauthorized personnel due to carelessness on the part of the Subscriber or any other, it may be held responsible for financial losses, fees or monetary charges that may be incurred and that its access privileges may be terminated.

19. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”).

Nothing in this agreement shall limit the BBA’s liability for death or personal injury caused by its negligence or that or its personnel; fraud or fraudulent misrepresentation; or for any other liability which cannot be excluded under English law, even if any other terms of this Agreement would suggest that this might otherwise be the case.

You expressly acknowledge and agree that the BBA: (a) is not a part to this Agreement and is not involved in the design, supply or support of Capital Confirmation Inc.’s services including the service promoted to UK banks as “BBA Confirmations”; (b) makes no representation or warranty that the services will be adequate or appropriate for you and its requirements and any BBA trademarks or logos present in marketing materials or other documents o not represent and endorsement of the service; (c) shall not be responsible for providing any of the services; and (d) shall have no liability to you whatsoever whether direct or indirect and whether in contact, tort (including negligence), misrepresentation or   for any other reason in respect of any of the services provided under this agreement.

20. No Agency.

You and Capital Confirmation are independent contractors, and no agency, partnership, joint venture, employee-employer or franchiser-franchisee relationship is intended or created by this Agreement.

21. Notices.

Except as explicitly stated otherwise, any notices shall be given by postal mail to Capital Confirmation Inc. Attn: Legal Department Centerview Drive, Suite 265, Brentwood, TN 37027 (in the case of Capital Confirmation) or to the email address you provide to Capital Confirmation during the registration process (in your case). Notice shall be deemed given 24 hours after email is sent, unless the sending party is notified that the email address is invalid. Alternatively, we may give you notice by certified mail, postage prepaid and return receipt requested, to the address provided to Capital Confirmation during the registration process. In such case, notice shall be deemed given 3 days after the date of mailing.

22. Arbitration.

Any legal controversy or legal claim arising out of or relating to this Agreement or our services, excluding legal action taken by Capital Confirmation to recover damages for, or obtain an injunction relating to, the Capital Confirmation site operations, intellectual property, and our services, shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. The arbitration shall be conducted in Nashville, Tennessee, and judgment on the arbitration award may be entered into any court having jurisdiction thereof. Either you or Capital Confirmation may seek any interim or preliminary relief from a court of competent jurisdiction in Nashville, Tennessee necessary to protect the rights or property of you or Capital Confirmation pending the completion of arbitration. Should either party file an action contrary to this provision, the other party may recover attorney’s fees and costs up to $1000.00.

23. Additional Terms.

The following policies are incorporated into this Agreement by reference and provide additional terms and conditions related to specific services offered on our site:

Privacy Statement: https://www.confirmation.com/us-privacypolicy.pdf

Each of these policies may be changed from time to time and are effective immediately after we post the changes on our site, except for the Privacy Statement for which we will provide you with thirty days prior notice. In addition, when using particular services on our site, you agree that you are subject to any posted policies or rules applicable to services you use through our site, which may be posted from time to time. All such posted policies or rules are hereby incorporated by reference into this Agreement.

You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

We do not guarantee and shall not be liable for the performance of any sub-processor or sub-contractor.

24. Governing Law.

This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles.  You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

25. Assignment.

You agree that this Agreement and all incorporated agreements may be automatically assigned by Capital Confirmation, in our sole discretion, to a third party in the event of a merger or acquisition.  You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

26. General.

We do not guarantee continuous, uninterrupted or secure access to our services, and operation of our site may be interfered with by numerous factors outside of our control. If any provision of this Agreement is held to be invalid or unenforceable, such provision shall be struck and the remaining provisions shall be enforced. Headings are for reference purposes only and in no way define, limit, construe or describe the scope or extent of such section. Our failure to act with respect to a breach by you or others does not waive our right to act with respect to subsequent or similar breaches. English is the official language used for content on the Confirmation.com website. Through the use of a third-party provider Confirmation.com provides its users with limited English proficiency to access information on the site. Translations made through this automated process should not be considered exact particularly in cases of technical and legal terminology. Additionally, some files including graphs, photos and portable document formats (pdfs) cannot be translated through this process. Capital Confirmation Inc. does not warrant the accuracy or reliability of any information translated by this system and shall not be liable for any losses caused by such reliance on the accuracy or reliability of such information. While every effort is made to ensure the accuracy of the translation, portions may be incorrect. Any person or entity who relies on information obtained from the system does so at his or her own risk. This Agreement sets forth the entire understanding and agreement between us with respect to the subject matter hereof. Sections 2 (Fees and Service) with respect to fees owed for our services, 3.3 (Release), 7.3 (License), 9 (Access and Interference), 14 (Liability Limit), 15 (Indemnity) and 19 (Arbitration) shall survive any termination or expiration of this Agreement.

27. Disclosures.

The services hereunder are offered by Capital Confirmation Inc., located at 214 Centerview Drive, Suite 265, Brentwood, Tennessee 37027. Fees for our services are described above in Section 2 (Fees and Service).

28. Disputes.

Disputes between you and Capital Confirmation regarding our services may be reported to Customer Support by mailing us at Capital Confirmation, Customer Support, Centerview Drive, Suite 265, Brentwood, TN 37027. We encourage you to report all user-to-user disputes to your local law enforcement, postmaster general, or a certified mediation or arbitration entity.

29. Your Acceptance of this User Agreement.

You evidence your acceptance of this User Agreement by using the Confirmation.com service. Such acceptance shall have the same legal effect as your written signature set forth on a written document containing the terms and conditions of this User Agreement.

30. Subscriber Release.

The Subscriber has the right to and does certify and agree to the following:

  • I have read and agree to the User’s Agreement and all information provided.
  • I have the right to and do hereby authorize my financial institution, trade creditor, bank, trading partner, debtor and other business partners to use Capital Confirmation’s Confirmation.com service to respond to and release the requested information to my Accountant.
  • I also recognize that these confirming entities may receive financial compensation from Capital Confirmation for providing the information.

On behalf of my company, who I have the right to and do represent:

     To our financial institutions, trade creditors, banks, trading partners, debtors and other business partners:

          We have provided to our accountants the information on the electronic confirmation as of the close of business on the date requested on the electronic confirmation regarding our deposit and loan balances. Please confirm the accuracy of the information, noting any exceptions to the information provided. If the balances have been left blank, please complete this form by furnishing the balance in the appropriate space on the electronic form. Although we do not request or expect you to conduct a comprehensive, detailed search of your records, if during the process of completing this confirmation additional information about other deposit and loan accounts we may have with you comes to your attention, please include such information on the electronic form. Please use Capital Confirmation’s Confirmation.com service to return the electronic confirmation directly to our accountants.

Schedule 1

(A) Capital Confirmation will process personal data outside of the European Economic Area and Switzerland in a third country, the United States, which is not recognized by the European Commission and the Swiss Federal Data Protection and Information Commission respectively as providing an adequate level of privacy protection.

(B) Capital Confirmation is committed to ensuring that adequate safeguards are in place to protect the data that Capital Confirmation store and process.

(C) Capital Confirmation has signed up to the EU-US Privacy Shield Framework, a European Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.

(D) Capital Confirmation has signed up to the Swiss-US Privacy Shield Framework, a Swiss Federal Data Protection and Information Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.

(E) This Schedule 1 reflects that Capital Confirmation is Privacy Shield certified (in relation to the EU and Switzerland, as may be relevant) and that the parties agree rely on such certification as the chosen adequacy mechanism to provide protection to personal data which is subject to the Directive, and which is transferred by you to Capital Confirmation.

1. Definitions and interpretation.

1.1 The following expressions are used in this Schedule 1:

     (a) “Capital Confirmation Group” means Capital Confirmation and any corporate entities which are from time to time under Common Control with Capital Confirmation

     (b) “Directive” – Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and any applicable national legislation or regulation implementing that Directive or any subsequent EU or Swiss legislation in respect of privacy or data protection as updated amended or replaced from time to time including the Regulation (EU) 2017/679 of the European Parliament and of the Council of 27 April 2017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and any related or equivalent national legislation or regulation;

     (c) “personal data” “processing”, “data controller”, “data subject” and “data processor” shall have the meanings ascribed to them in the Directive;

1.2 An entity “Controls” another entity if it (a) holds a majority of the voting rights in it; (b) is a member or shareholder of it and has the right to remove a majority of its board of directors or equivalent managing body; (c) is a member or shareholder of it and controls alone or pursuant to an agreement with other shareholders or members, a majority of the voting rights in it; (d) has the right to exercise a dominant influence over it pursuant to its constitutional documents or pursuant to a contract; and two entities are treated as being in “Common Control” if either controls the other (directly or indirectly) or both are controlled (directly or indirectly) by the same entity.

2. International data transfer outside the European Economic Area or Switzerland.

2.1 Where we process ‘personal data’ (as defined in Directive) for the purpose of the provision of the services to you and which is transferred outside of the European Economic Area or Switzerland (either directly or via onward transfer) to us in the United States. We are committed to ensuring that adequate safeguards are in place to protect such data that we store and process. As set out in Clause 12, our data processing activities will take place in the United States, a third country not recognized by the European Commission  or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection.  Accordingly, we self-certify to and comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks administered by the US Department of Commerce. We will comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks, as required, for as long as such mechanism is regarded as providing adequate protection to personal data transferred outside the European Economic Area or Switzerland (as the case may be) by the European Commission and the Swiss Federal Data Protection and Information Commission respectively (or other body with such authority).

2.2 Further, we agree to:

  • act only on instructions from you in connection with the provision of the services (unless otherwise prohibited by applicable law).
  • provide appropriate and technical organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration unauthorized disclosure or access. Including maintaining administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the online audit confirmation service, as described in Capital Confirmation’s service organization controls report, accessible via https://www.confirmation.com/security/  or otherwise made reasonably available by us from time to time.
  • provide assistance, where applicable, to you in responding to individuals exercising their rights under applicable data protection law (unless otherwise prohibited by applicable law).

2.3 You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

For Law Firms

Confirmation.comSM Service Agreement – Law Firm User1

This Confirmation.com Service Agreement – Law Firm User (this “Agreement”) is between Capital Confirmation, Inc., a Delaware corporation (the “Provider”), and the law firm accessing and using the Confirmation.com Service (as defined below) (the “Law Firm”), and sets forth the terms and conditions under which the Law Firm shall have the right to use the Provider’s Confirmation.com Service.  This Agreement shall be effective as of the date of its electronic acceptance by the Law Firm (the “Effective Date”).

1. Confirmation.com Service.  During the Term of this Agreement, the Law Firm shall have the right to access and use the Provider’s Confirmation.comSM Service (the “Confirmation.com Service”). For purposes of this Agreement, the Confirmation.com Service shall mean the Provider’s electronic communications platform operated for purposes of delivering communications between the Law Firm and other Confirmation.com Service users, including, but not limited to, accounting firms (“Auditors”) engaged from time to time by the Law Firm’s clients (“Clients”).  The Confirmation.com Service shall facilitate the delivery of audit request letters from Clients to the Law Firm and the delivery of audit response letters from the Law Firm to Auditors, in each case in connection with audit services conducted for Clients and for which the relevant Client has duly authorized the use of the Confirmation.com Service.  For the avoidance of doubt, the Confirmation.com Service is a communication platform, and the Law Firm’s transmission of information via the Confirmation.com Service shall have the same effect and intent as if such information had been transmitted in written form.

2. Term.  This Agreement shall be effective from the Effective Date until it is terminated in accordance with the provisions of this Agreement (the “Term”).

3. Termination Either party may terminate this Agreement at any time, to be effective immediately upon receipt by the other party of a written notice of termination.  Without limiting any other remedies, the Provider may suspend or terminate the Law Firm’s account if the Provider reasonably suspects that the Law Firm (by conviction, settlement, insurance investigation or otherwise) has engaged in fraudulent activity in connection with the Provider’s site.

4. Electronic Communications; Identifiers and Passwords; Binding Effect.  In order to initiate a session where information is transmitted, the Law Firm will select and use an identification code (such as a “log-in ID”) and a password.  The Law Firm shall protect and safeguard its identification codes and passwords and shall permit only authorized officials, employees or agents of the Law Firm (“Authorized Persons”) to use the identification codes and passwords in connection with the Confirmation.com Service.  The Provider and all other persons receiving information from the Law Firm (“Law Firm Information”) that has been transmitted using the Law Firm’s identification codes and passwords selected by the Law Firm shall be entitled to rely (absent a breach of the Provider’s physical and technological security safeguards) that the information so transmitted has been transmitted by Authorized Persons and has been duly authorized by a Client with the same effect and intent as if such information had been transmitted in written form bearing the written signature of an Authorized Person.  The Provider shall promptly notify the Law Firm if the Provider has reason to believe that the Provider has suffered any breach of its systems, including without limitation its physical and technological security safeguards.  If the Law Firm believes that the Law Firm’s identification codes and passwords have been lost, stolen or compromised in any respect, the Law Firm shall promptly notify the Provider’s Customer Support team at (615) 844-6222.

5. Ownership of Intellectual Property The Provider shall have and retain all rights, title and interest in all intellectual property relating to the Confirmation.com Service or arising out of the relationship described in this Agreement, in each case as developed by the Provider.  The Provider shall have no right, title or interest in any information transmitted by or on behalf of Clients to the Law Firm or by the Law Firm to Clients or Auditors via the Confirmation.com Service.  This Section 5 shall survive the termination of this Agreement. Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

6. Notices All notices under this Agreement must be in writing and sent by email and will be effective when received by such party at the respective following address or such other address as will have been provided in writing.

For the Provider, such notice shall be sent to: Capital Confirmation, Inc., Customer.Support@Confirmation.com.

For the Law Firm, such notice shall be sent to the email address(es) provided by the Law Firm to the Provider.

7. Custom Development Requests.  Custom development requests for the Provider’s applications must be requested in writing, reviewed by the Provider and mutually agreed to by both parties in writing.  Custom development fees are charged at the Provider’s standard development rate and paid in accordance with the terms set forth within a Statement of Work (SOW) to be agreed upon by the parties in writing.

8. Confidentiality of Law Firm Information.

(a) The Law Firm’s transmittal of Law Firm Information to Auditors through the Confirmation.com Service shall not be deemed to constitute a waiver of any attorney-client privilege, work product doctrine or any other applicable privilege that applies to such Law Firm Information.

(b) The Provider represents and warrants to the Law Firm that the Confirmation.com Service is an electronic conduit to facilitate the delivery of requests for information and responses thereto in connection with audit services conducted for the Law Firm’s Clients by Auditors. In accordance with the Provider’s stated security and privacy policies, the Provider shall maintain physical and technological security safeguards to protect the confidentiality of all Law Firm Information transmitted via the Confirmation.com Service.

(c) The Provider agrees that all Law Firm Information is to be treated confidentially and that, except as required by law, the Provider shall not provide any Law Firm Information to any person, other than Auditors within the scope of the relevant Client’s authorization, without the prior written consent of the Law Firm.

(d) If the Provider is requested or required (by oral questions, interrogatories, requests for information or documents in legal proceedings, subpoena, civil investigative demand or other similar process) to disclose any of the Law Firm Information, the Provider shall provide the Law Firm with prompt written notice of any such request or requirement so that the Law Firm may seek a protective order or other appropriate remedy and/or waive compliance with the provisions of this Agreement. If, in the absence of a protective order or other appropriate remedy or the receipt of a waiver from the Law Firm, the Provider is nonetheless legally compelled to disclose the Law Firm Information to any tribunal or other entity or else stand liable for contempt or suffer other censure or penalty, the Provider may, without liability hereunder, disclose to such tribunal or other entity only that portion of the Law Firm Information which the Provider is legally required to be disclosed, provided that the Provider exercises its best efforts to preserve the confidentiality of the Law Firm Information, including, without limitation, by cooperating with the Law Firm without expense to the Provider, to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded the Law Firm Information by such tribunal or other entity.

9. Entire Agreement; Amendment.  This Agreement represents the entire agreement between the Law Firm and the Provider with respect to the Confirmation.com Service, and it takes the place of all other agreements, writings and negotiations, including any other user agreement that is either posted on the Provider’s website or deemed to be accepted by the Law Firm upon the Law Firm’s usage of the Confirmation.com Service at any time prior or subsequent to the date of this Agreement.Custom Development Requests.  Custom development requests for the Provider’s applications must be requested in writing, reviewed by the Provider and mutually agreed to by both parties in writing.  Custom development fees are charged at the Provider’s standard development rate and paid in accordance with the terms set forth within a Statement of Work (SOW) to be agreed upon by the parties in writing.

10. Acceptance.  You evidence your acceptance of this Agreement by using the Confirmation.com Service.  Such acceptance shall have the same legal effect as your written signature set forth on a written document containing the terms and conditions of this Agreement.

11. Data Transfer Outside of the European Economic Area. Where the provision of Confirmation.com Services by the Provider to the Law Firm involves any transfer of personal data (as defined in Exhibit A) outside of the European Economic Area (by way of direct or indirect transfer), Exhibit A shall apply and is incorporated into and forms part of this Agreement.

EXHIBIT A

EUROPEAN PERSONAL DATA TRANSFERS

(A) In accordance with the provision of the Confirmation.com Service, Provider will process personal data outside of the European Economic Area in a third country, the United States, which is not recognized by the European Commission as providing an adequate level of privacy protection.

(B) Provider is committed to ensuring that adequate safeguards are in place to protect the data that Provider store and process. Accordingly, this Exhibit A provides that adequate safeguards are in place with respect to the protection of such Personal Data as required by the Directive (as defined below).

(C) Provider has signed up to the EU-US Privacy Shield Framework, a European Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.

(D) This Exhibit A reflects that the Provider is Privacy Shield certified and that the parties agree to rely on such certification as the chosen adequacy mechanism to provide protection to personal data which is subject to the Directive, and which is transferred by the Law Firm or a Law Firm Affiliate (as defined below) to Provider.

1. Definitions and interpretation.

1.1 The following expressions are used in this Exhibit A:

(a) “Directive” – Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and any applicable national legislation or regulation implementing that Directive or any subsequent EU legislation in respect of privacy or data protection  as updated amended or replaced from time to time including the Regulation (EU) 2017/679 of the European Parliament and of the Council of 27 April 2017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and any equivalent or related national legislation or regulation;

(b) “Law Firm Affiliate” means any corporate entities which are from time to time under Common Control with the Law Firm.

(c) “personal data” “processing“, “data controller“, “data subject“, “supervisory authority” and “data processor” shall have the meanings ascribed to them in the Directive;

(d) “Provider Group” means Provider and any corporate entities which are from time to time under Common Control with Provider

1.2 An entity “Controls” another entity if it (a) holds a majority of the voting rights in it; (b) is a member or shareholder of it and has the right to remove a majority of its board of directors or equivalent managing body; (c) is a member or shareholder of it and controls alone or pursuant to an agreement with other shareholders or members, a majority of the voting rights in it; (d) has the right to exercise a dominant influence over it pursuant to its constitutional documents or pursuant to a contract; and two entities are treated as being in “Common Control” if either controls the other (directly or indirectly) or both are controlled (directly or indirectly) by the same entity.

2. International data transfer outside the European Economic Area

2.1 The parties agree that where the Provider processes ‘personal data’ (as defined in Directive) for the purpose of the provision of the services to Law Firm and/or a Law Firm Affiliate and which is transferred outside of the European Economic Area (either directly or via onward transfer) to Provider in the United States. Provider is committed to ensuring that adequate safeguards are in place to protect such data that we store and process. Provider’s data processing activities will take place in the United States, a third country not recognized by the European Commission as providing an adequate level of privacy protection.  Accordingly, Provider self-certifies to and complies with the EU-US Privacy Shield Framework administered by the US Department of Commerce. Provider will comply with the EU-US Privacy Shield Framework, as required, for as long as such mechanism is regarded as providing adequate protection to personal data transferred outside the European Economic Area by the European Commission (or other body with such authority).

2.2 Further, Provider agrees to:

(a) act only on instructions from the Law Firm or a Law Firm Affiliate in connection with the provision of the services (unless otherwise prohibited by applicable law).

(b) provide appropriate and technical organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration unauthorized disclosure or access. Examples of such measures include those made available on  https://www.confirmation.com/security/ or otherwise made reasonably available by us from time to time.

(c) provide assistance, where applicable, to the Law Firm and / or a Law Firm Affiliate in responding to individuals exercising their rights under applicable data protection law (unless otherwise prohibited by applicable law).

2.3 The Law Firm acknowledges and agrees that: (a) members of Provider’s Group may be retained as sub-processors; and (b) Provider and members of Provider’s Group respectively may engage third-party sub-processors in connection with the provision of the services.

3. General

3.1 Each Law Firm Affiliate shall have the right to enforce the provisions of this Exhibit B but shall not otherwise have any right to enforce any other rights of the Agreement, whether with regard to the delivery of Confirmation.com Services or otherwise. Under no circumstances shall the Law Firm or any Law Firm Affiliate be entitled to recover more than once for the same loss or damage.

3.2 The Law Firm’s remedies, including those of any Law Firm Affiliate, arising out of or related to this Exhibit A will be subject to those exclusions and limitations of liability which apply to the Law Firm under the Agreement.

3.3 Except as expressly provided in clause 3.1 above, a person who is not a party to this Exhibit A shall not have any rights to enforce any term of this Exhibit A.

1 This Agreement incorporates the input of members of the American Bar Association Business Law Section Audit Responses Committee, which takes no position regarding whether individual law firms should employ the services contemplated by this Agreement or should accept its terms and conditions.

For Creditors

User Agreement

THE FOLLOWING DESCRIBES THE TERMS ON WHICH CAPITAL CONFIRMATION INC. OFFERS YOU ACCESS TO OUR SERVICES. 

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domain and sub-domains of www.confirmation.com (including www.capitalconfirmation.com, www.myconfirmation.com, www.cashconfirm.com, www.bbaconfirmations.com, and www.bba.confirmation.com) and the general principles for the websites of our subsidiaries. If you do not agree to be bound by the terms and conditions of this Agreement, do not use or access our services. You evidence your acceptance of the terms and conditions of this Agreement by checking the box for the “Yes, I have read and accept the User Agreement.” statement and clicking the “Create New Account” button on Capital Confirmation’s website and through your use of any of the Confirmation.com services (aka “Confirm” service).

If you have any questions, please email us at customer.support@confirmation.com.

You must read, agree with and accept all of the terms and conditions contained in this User Agreement and the Privacy Statement, which include those terms and conditions expressly set out below and those incorporated by reference, before you may become a member of Capital Confirmation. We strongly recommend that, as you read this User Agreement, you also access and read the information contained in the other pages and websites referred to in this document, as they may contain further terms and conditions that apply to you as a Capital Confirmation user. Please note: underlined words and phrases are links to these pages and websites. By accepting this User Agreement, you also agree that your use of other Capital Confirmation websites will be governed by the terms and conditions posted on those websites.

We may amend this Agreement at any time by posting the amended terms on our site. Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site. You will not be notified in writing or by email of any changes in this Agreement. This Agreement may not be otherwise amended except in writing signed by you and Capital Confirmation Inc. This Agreement is effective starting March 1, 2003.

  1. Membership Eligibility.

Our services are available only to individuals who can form legally binding contracts under applicable law. Without limiting the foregoing, our services are not available to minors or to temporarily or indefinitely suspended Capital Confirmation members. If you are a minor, you cannot use this service. If you do not qualify, please do not use our services. Further, your Capital Confirmation account (including feedback) and User Id may not be transferred or sold to another party. If you are registering as a business entity, you represent that you have the authority to bind the entity to this Agreement. If you are registered as an individual, you represent that you are the individual you purport to be.

  1. Fees and Service.

Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users (the “Service”).

Joining and using our service is free. There is a charge for requesting and receiving confirmations. Our Fees and Credits Policy is available here and is incorporated by reference. We may change our Fees and Credit Policy and the fees for our services from time to time. Our changes to the policy are effective after we provide you with at least fourteen (14) days’ notice of the changes by posting the changes in this Agreement. However, we may choose to temporarily change our Fee Policy and the fees for our services for promotional events and such changes are effective when we post the temporary promotional event on the www.confirmation.com website. When you purchase a confirmation you have an opportunity to review and accept the fees that you will be charged for the use of our services. We may in our sole discretion change some or all of our services at any time. In the event we introduce a new service, the fees for that service are effective at the launch of the service. Unless otherwise stated, all fees are quoted in U.S. Dollars. You are responsible for paying all fees associated with using our service and our website and all applicable taxes.

  1. Capital Confirmation is a Venue.

3.1 Capital Confirmation is not a bank or law firm nor are we an authorized bank or law firm representative. Instead, our site acts as a venue to allow users to request, receive, and buy confirmations at any time, from anywhere. We are not involved in the actual transaction between users of and providers of the confirmation information. As a result, we have no control over the quality, accuracy, timeliness or legality of the requests and the responses, or the truth or accuracy of the requests and responses. We also cannot ensure that a provider will actually complete a transaction.

3.2 Identity Verification. We use many techniques to identify our users when they register on our site. However, because user verification on the Internet is difficult, Capital Confirmation cannot and does not confirm each user’s purported identity. Thus, we have established a user-initiated communication system to help you evaluate with whom you are dealing. We encourage you to communicate directly with individual parties through the tools available on our site.

3.3 Release. Because we are a venue, in the event that you have a dispute with one or more users, you release Capital Confirmation (and our officers, directors, agents, subsidiaries, joint ventures and employees) from claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with such disputes. If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”

3.4 Information Control. We do not control the information provided by other users that is made available through our system. You may find other user’s information to be inaccurate. Please use caution, common sense, and safe practices when using our site.

3.5 Customer Support. Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M. Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

  1. Authorizing, Requesting and Purchasing.

By authorizing, requesting and purchasing a confirmation you agree to be bound by the conditions of this Agreement. Requests are not retractable. If you choose to authorize, request or purchase a confirmation you are certifying that you have the legal right to authorize, request or purchase such confirmations.

  1. Address Lookup. 

Capital Confirmation pulls Address Lookup information from public and private data sources. The Public Records, private records and commercially available data sources used in this system have errors and are not complete. Data is sometimes entered poorly and processed incorrectly. This system should not be relied upon as definitively accurate. Before relying on any data this system supplies, it should be independently verified.

  1. Out-of-Network Confirmations. 

The Out-of-Network confirmation service requires the requestor to enter the contact information for the responder and the responder’s company. Because you as the requestor determine who and at which entity an out-of-network confirmation is directed, and therefore which entity and who at that entity is the responder, you agree to accept full and sole responsibility for the verification and validation of the identity of the individual responder and the company they claim to represent. You understand that Capital Confirmation has not and will not validate the identity of the responder or the company they claim to represent. You release and hold harmless Capital Confirmation from any and all claims related to the responder’s identity and/or the identity of the company the responder claims to represent if you request confirmations through www.confirmation.com using the Out-of-Network confirmation service.

  1. Fraud. 

Without limiting any other remedies, Capital Confirmation may suspend or terminate your account if we suspect that you (by conviction, settlement, insurance investigation, or otherwise) have engaged in fraudulent activity in connection with our site.

  1. Your Information.

8.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature. You are solely responsible for Your Information, and we act as a passive conduit for your online distribution and publication of Your Information.

8.2 Restricted Activities. Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers. Furthermore, you may not authorize or request any confirmation on the site (or consummate any transaction that was initiated using our service) that, by authorizing or paying to us the usage fee or the final value fee, could cause us to violate any applicable law, statute, ordinance or regulation.

8.3 License. Solely to enable Capital Confirmation to use the information you supply us with, so that we are not violating any rights you might have in that information, you agree to grant us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable (through multiple tiers) right to exercise the copyright, publicity, and database rights (but no other rights) you have in Your Information, in any media now known or not currently known, with respect to Your Information. Capital Confirmation will only use Your Information in accordance with our Privacy Statement.

  1. Ownership of Intellectual Property. 

Capital Confirmation shall have and retain all rights, title and interest in all Intellectual Property relating to the Service or arising out of the relationship described in this Agreement. “Intellectual Property” means all ideas, discoveries, inventions, developments, designs, improvements, trademarks, service marks, trade secrets, proprietary information, programs, source code, object code, applications for patents, patents, copyrights (for the duration thereof, including renewals, extensions, and reversions thereof), copyrightable works, and the goodwill associated therewith, including enhancements, improvements, and derivative works, either presently existing or hereinafter arising. You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation’s expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation. While a registered user of our service, and for a period of two (2) years from the date of last login, you agree not to offer services or assist others in offering services that would compete in any way with the services offered by Capital Confirmation. Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

  1. Access and Interference.

You agree that you will not use any robot, spider, other automatic device, or manual process to monitor or copy our web pages or the content contained herein without our prior expressed written permission. You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part. You agree that you will not use any device, software or routine to bypass our security features, or to interfere or attempt to interfere with the proper working of the Capital Confirmation site or any activities conducted on our site. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on our infrastructure. Much of the information on our site is updated on a real time basis and is proprietary or is licensed to Capital Confirmation by our users or third parties. You agree that you will not copy, reproduce, alter, modify, create derivative works, or publicly display any content (except for Your Information) from our website without the prior expressed written permission of Capital Confirmation or the appropriate third party.  You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading.  You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service.  You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement.  You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service.  You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs.  You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent.  You shall not infringe on our licensors’ intellectual property rights or those of any third party in relation to your use of our website or Service.

  1. Breach.

Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

  1. Electronic Communications; Identifiers and Passwords; Binding Effect.

You will receive and transmit information to us over the Internet using SSL technology and 2048-bit encryption. You must use Internet browsers (such as Internet Explorer version 7.0 or higher) that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will select and use an identification code (such as a “log-in ID”) and a password. You shall protect and safeguard its identification code and password, and shall only permit authorized employees to use the identification code and password in connection with the service. We, and all other persons receiving information from you that has been transmitted using the identification code and password selected by you, shall be entitled to rely in all instances that the information so transmitted has been transmitted by you, that such information is true, accurate and complete in all respects, with the same effect and intent as if such information had been transmitted in written form bearing your written signature. If you believe that your identification code and password have been lost, stolen or compromised in any respect, please notify us immediately at 1-888-716-3577. Communications using the identification code and password received after we have had an opportunity to respond to your notice will not be valid or effective.

  1. Privacy.

We do not sell or rent your personal information to third parties and we only use your information as described in the Privacy Statement. We view protection of users’ privacy as a very important community principle. We understand clearly that you and your information are one of our most important assets. We store and process your information on computers located in the United States that are protected by physical as well as technological security devices. We use third parties to verify and certify our privacy principles.

All Customer Financial information residing within Confirmation.com’s secure processing controls will be maintained and stored according to our stated security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com’s control (e.g data downloaded by user, or mailed confirmations).

Our current Privacy Statement is available (at https://www.confirmation.com/Modals/PrivacyPolicy.aspx). If you object to your Information being transferred or used in this way please do not use our services.

13A. Personal Data transferred outside of the EU / EEA / Switzerland.

This Clause 13A applies where we process ‘personal data’ (as defined in Schedule 1).

We are committed to ensuring that safeguards in place to protect such data that we store and process. Our data processing activities will take place in a third country not recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, therefore where you are established in the EU / EEA / Switzerland or our services to you involve the transfer of personal data which originates from the EU / EEA / Switzerland, Schedule 1 will apply and is incorporated into and forms part of this Agreement.

  1. Client Authentication. 

You certify that any and all subject(s) set up as your client(s) on the Confirmation.com service are authorized representatives of your client(s).

  1. Authorization. 

You certify that any confirmations requested are with the subject(s)’ prior written permission. You agree to keep the authorization on file for a minimum of 5 years. Typically this written permission is in the form of a client engagement letter. You warrant that the release of the subject(s)’ information will not result in a breach of any applicable data privacy legislation.

  1. Audit Rights. 

Capital Confirmation may, from time to time, conduct various audits of your practices and procedures to determine your compliance with this Agreement. You agree to reasonably cooperate in all those audits. Capital Confirmation may conduct on-site and/or off-site audits of your facilities as Capital Confirmation determines during normal business hours, and upon reasonable notice.

  1. No Warranty.

WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES ON AN “AS IS” BASIS WITHOUT ANY WARRANTIES OF ANY KIND. WE, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, INCLUDING THE WARRANTY OF

MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES’ RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. THE PROVIDER MAKES NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN.  WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE.  WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES.

  1. Liability Limit.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE). THE USER SHALL HAVE NO LIABILITY WITH RESPECT TO THE SERVICE FOR CONSEQUENTIAL, EXEMPLARY, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR.  THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.

OUR LIABILITY, AND THE LIABILITY OF OUR SUBSIDIARIES, EMPLOYEES, AND SUPPLIERS, TO YOU OR ANY THIRD PARTIES IN ANY CIRCUMSTANCE IS LIMITED TO THE LESSOR OF (A) THE AMOUNT OF FEES YOU PAY TO US

IN THE 12 MONTHS PRECEDING THE FIRST DATE ON WHICH SUCH

LIABILITY AROSE, OR (B) $100.

  1. Fair Credit Reporting Disclosure.

The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. (“FCRA”) and therefore, is not subject to the requirements or provisions of the FCRA.  Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA.  CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act.  CCI makes no representations or warranties about such other User’s compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements.  CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

  1. Indemnity.

You shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) your negligence or intentional conduct; and/or (b) your breach of your obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by you, your vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable data protection legislation.

  1. Confidentiality.

You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service.  You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement.  You acknowledge that details of the Service constitute our confidential information.

  1. Legal Compliance.

You represent and warrant that you have read, understand, and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA PATRIOT Act, the Health Insurance Portability and Accountability Act of 1998 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

You certify that you will use the service and the information received for no other purpose than is legally permissible. You understand that if the system is used improperly by company personnel, or if its access codes are made available to any unauthorized personnel due to carelessness on your part or any other, you may be held responsible for financial losses, fees or monetary charges that may be incurred and that its access privileges may be terminated.

  1. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”)

Nothing in this agreement shall limit the BBA’s liability for death or personal injury caused by its negligence or that or its personnel; fraud or fraudulent misrepresentation; or for any other liability which cannot be excluded under English law, even if any other terms of this Agreement would suggest that this might otherwise be the case.

You expressly acknowledge and agree that the BBA: (a) is not a part to this  Agreement and is not involved in the design, supply or support of Capital  Confirmation Inc’s services including the service promoted to UK banks as “BBA  Confirmations”; (b) makes no representation or warranty that the services will be  adequate or appropriate for you and its requirements and any BBA trademarks or  logos present in marketing materials or other documents o not represent and  endorsement of the service; (c) shall not be responsible for providing any of the  services; and (d) shall have no liability to you whatsoever whether direct or  indirect and whether in contact, tort (including negligence), misrepresentation or  for any other reason in respect of any of the services provided under this  agreement.

  1. No Agency.

You and Capital Confirmation are independent contractors, and no agency, partnership, joint venture, employee-employer or franchiser-franchisee relationship is intended or created by this Agreement.

  1. Notices.

Except as explicitly stated otherwise, any notices shall be given by postal mail to

Capital Confirmation Inc. Attn: Legal Department 214 Centerview Drive, Suite 265, Brentwood, TN 37027 (in the case of Capital Confirmation) or to the email address you provide to Capital Confirmation during the registration process (in your case). Notice shall be deemed given 24 hours after email is sent, unless the sending party is notified that the email address is invalid. Alternatively, we may give you notice by certified mail, postage prepaid and return receipt requested, to the address provided to Capital Confirmation during the registration process. In such case, notice shall be deemed given 3 days after the date of mailing.

  1. Arbitration.

Any legal controversy or legal claim arising out of or relating to this Agreement or our services, excluding legal action taken by Capital Confirmation to collect our fees and/or recover damages for, or obtain an injunction relating to, the Capital Confirmation site operations, intellectual property, and our services, shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. The arbitration shall be conducted in Nashville, Tennessee, and judgment on the arbitration award may be entered into any court having jurisdiction thereof. Either you or Capital Confirmation may seek any interim or preliminary relief from a court of competent jurisdiction in Nashville, Tennessee necessary to protect the rights or property of you or Capital Confirmation pending the completion of arbitration. Should either party file an action contrary to this provision, the other party may recover attorney’s fees and costs up to $1000.00.

  1. Additional Terms.

The following policies are incorporated into this Agreement by reference and provide additional terms and conditions related to specific services offered on our site:

Privacy Statement: https://www.confirmation.com/Modals/PrivacyPolicy.aspx

Fees and Credit Policy: https://www.confirmation.com/usFeesCreditPolicy.pdf

Each of these policies may be changed from time to time and are effective immediately after we post the changes on our site, except for the Privacy Statement for which we will provide you with thirty days prior notice. In addition, when using particular services on our site, you agree that you are subject to any posted policies or rules applicable to services you use through our site, which may be posted from time to time. All such posted policies or rules are hereby incorporated by reference into this Agreement.

You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

We do not guarantee and shall not be liable for the performance of any sub-processor or sub-contractor.

  1. Governing Law.

This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles.  You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

  1. Assignment.

You agree that this Agreement and all incorporated agreements may be automatically assigned by Capital Confirmation, in our sole discretion, to a third party in the event of a merger or acquisition.  You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

  1. General.

We do not guarantee continuous, uninterrupted or secure access to our services, and operation of our site may be interfered with by numerous factors outside of our control. If any provision of this Agreement is held to be invalid or unenforceable, such provision shall be struck and the remaining provisions shall be enforced. Headings are for reference purposes only and in no way define, limit, construe or describe the scope or extent of such section. Our failure to act with respect to a breach by you or others does not waive our right to act with respect to subsequent or similar breaches. English is the official language used for content on the Confirmation.com website. Through the use of a third-party provider Confirmation.com provides its users with limited English proficiency to access information on the site. Translations made through this automated process should not be considered exact particularly in cases of technical and legal terminology. Additionally, some files including graphs, photos and portable document formats (pdfs) cannot be translated through this process. Capital Confirmation Inc. does not warrant the accuracy or reliability of any information translated by this system and shall not be liable for any losses caused by such reliance on the accuracy or reliability of such information. While every effort is made to ensure the accuracy of the translation, portions may be incorrect. Any person or entity who relies on information obtained from the system does so at his or her own risk. This Agreement sets forth the entire understanding and agreement between us with respect to the subject matter hereof. Sections 2 (Fees and Service) with respect to fees owed for our services, 3.3 (Release), 8.3 (License), 10 (Access and Interference), 18 (Liability Limit), 19 (Indemnity) and 26 (Arbitration) shall survive any termination or expiration of this Agreement.

  1. Disclosures.

The services hereunder are offered by Capital Confirmation Inc., located at 214 Centerview Drive, Suite 265, Brentwood, Tennessee 37027. Fees for our services are described above in Section 2 (Fees and Service).

  1. Disputes. 

Disputes between you and Capital Confirmation regarding our services may be reported to Customer Support by mailing us at Capital Confirmation, Customer Support, 214 Centerview Drive, Suite 265, Brentwood, TN 37027. We encourage you to report all user-to-user disputes to your local law enforcement, postmaster general, or a certified mediation or arbitration entity.

  1. Your Acceptance of this User Agreement. 

You evidence your acceptance of this User Agreement by clicking on “Accept User

Agreement and Add Account” button on the Capital Confirmation website or by using the Confirmation.com service. Such acceptance shall have the same legal effect as your written signature set forth on a written document containing the terms and conditions of this User Agreement.

Schedule 1

EUROPEAN DATA TRANSFERS

Capital Confirmation will process personal data outside of the European Economic Area and Switzerland in a third country, the United States, which is not recognized by the European Commission and the Swiss Federal Data Protection and Information Commission respectively as providing an adequate level of privacy protection.

  1. (A) Capital Confirmation is committed to ensuring that adequate safeguards are in place to protect the data that Capital Confirmation store and process.
  2. (B) Capital Confirmation has signed up to the EU-US Privacy Shield Framework, a European Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.
  3. (C) Capital Confirmation has signed up to the Swiss-US Privacy Shield Framework, a Swiss Federal Data Protection and Information Commission approved adequacy mechanism for providing protection to personal data transferred to a third country.
  4. (D) This Schedule 1 reflects that Capital Confirmation is Privacy Shield certified (in relation to the EU and Switzerland, as may be relevant) and that the parties agree to rely on such certification as the chosen adequacy mechanism to provide protection to personal data which is subject to the Directive, and which is transferred by you to Capital Confirmation.
  5. Definitions and interpretation.
  6. 1 The following expressions are used in this Schedule 1:
    1. (a) “Capital Confirmation Group” means Capital Confirmation and any corporate entities which are from time to time under Common Control with Capital Confirmation
    2. (b) “Directive” – Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and any applicable national legislation or regulation implementing that Directive or any subsequent EU or Swiss legislation in respect of privacy or data protection as updated amended or replaced from time to time including the Regulation (EU) 2017/679 of the European Parliament and of the Council of 27 April 2017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and any related national legislation or regulation;
    3. (c) “personal data” “processing”, “data controller”, “data subject” and “data processor” shall have the meanings ascribed to them in the Directive;
  7. 2 An entity “Controls” another entity if it (a) holds a majority of the voting rights in it; (b) is a member or shareholder of it and has the right to remove a majority of its board of directors or equivalent managing body; (c) is a member or shareholder of it and controls alone or pursuant to an agreement with other shareholders or members, a majority of the voting rights in it; (d) has the right to exercise a dominant influence over it pursuant to its constitutional documents or pursuant to a contract; and two entities are treated as being in “Common Control” if either controls the other (directly or indirectly) or both are controlled (directly or indirectly) by the same entity.
  8. International data transfer outside the European Economic Area or Switzerland
  9. 1 Where we process ‘personal data’ (as defined in Directive) for the purpose of the provision of the services to you and which is transferred outside of the European Economic Area or Switzerland (either directly or via onward transfer) to us in the United States. we are committed to ensuring that adequate safeguards are in place to protect such data that we store and process. As set out in Clause 13, our data processing activities will take place in the United States, a third country not recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection. Accordingly, we self-certify to and comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks administered by the US Department of Commerce. We will comply with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks, as required, for as long as such mechanism is regarded as providing adequate protection to personal data transferred outside the European Economic Area or Switzerland (as the case may be) by the European Commission and the Swiss Federal Data Protection and Information Commission respectively (or other body with such authority).
  10. 2 Further, we agree to:
    1. (i) act only on instructions from you in connection with the provision of the services (unless otherwise prohibited by applicable law).
    2. (ii) provide appropriate and technical organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration unauthorized disclosure or access. Including maintaining administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the online audit confirmation service, as described in Capital Confirmation’s service organization controls report, accessible via https://www.confirmation.com/security/ or otherwise made reasonably available by us from time to time.
    3. (iii) provide assistance, where applicable, to you in responding to individuals exercising their rights under applicable data protection law (unless otherwise prohibited by applicable law).
  11. 3 You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

Privacy Policy

Confirmation Privacy Statement

Effective on: April 16, 2018

This privacy policy applies to www.confirmation.com, bba.confirmation.com, edu.confirmation.com, and www.creditconfirm.com (“Confirmation Website(s)”) owned and operated by Capital Confirmation, Inc. (“Capital Confirmation”). This privacy policy describes how Capital Confirmation collects and uses the personal information you provide on the Confirmation Website(s). It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

  1. What personal data and protected health information (PHI) Capital Confirmation collects.
  2. What personal data third parties collect through the Website(s).
  3. What organization collects the information.
  4. How Capital Confirmation uses the information.
  5. With whom Capital Confirmation may share user information.
  6. What choices are available to users regarding collection, use and distribution of the information.
  7. What types of security procedures are in place to protect the loss, misuse or alteration of information under Capital Confirmation’s control.
  8. How users can correct any inaccuracies in the information.

INFORMATION COLLECTION AND USE

Registration

In order to use the Confirmation website(s), a user must first complete the registration form. During registration a user is required to give professional and personal contact information (such as name and email address). We use this information to validate our users, and to therefore grant access to our service. We also ask our accounting customers to provide their CPA registration/credentialing information in order to validate his/her status to include employment verification.

Order

We request information from the user on our order form. A user must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date). This information is used for billing purposes and to fill customer’s orders. If we have trouble processing an order, the information is used to contact the user.

Third party information is collected on the site (such as client information entered for the purpose of conducting confirmations of accounts) The following are the types of information that are requested for a client: contact information, client’s name, client contact name, client address, client contact’s email address. This information is used to validate the client users of the service. A welcome email is generated to the clients to notify them that they have been set up on the service by their accountant and to provide them notification of their initial security codes. These emails are only used for the primary purpose of providing the service of the site and are not used for any secondary purposes.

INFORMATION USE

Capital Confirmation, through its online service production Confirmation website(s), collects three types of information:

  1. General Personal Data
  2. Customer Financial Information
  3. Protected Health Information (PHI)

General Personal Data is used to validate the user, associate transactional confirmation activities including authorization, determine access permissions, and to facilitate communications from the site. The customer is free to modify this information at any time.

Customer Financial Information includes certain bank/company balance information that is stored in our database on a temporary basis, and credit card payment information provided by the customer at the time of the payment for the provision of services.

PHI may be stored on Capital Confirmation’s HIPAA compliant system as a document attachment to a legal confirmation request when/if this information is deemed pertinent to the legal confirmation audit.

All Customer Financial information or legal confirmation attachments containing PHI residing within Capital Confirmation’s secure processing controls will be maintained and stored according to our stated security and privacy policies. Capital Confirmation takes no responsibility for Customer Financial Information once this data is no longer within Capital Confirmation’s control (e.g., data downloaded by user, or mailed confirmations). The Confirmation website(s) serve the function of an on-line provider of balance assurance services for its customers. This service is designed for use by accountants in their conducting of audit procedures as described by Generally Accepted Accounting Standards (GAAS).

We process General Personal Data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to comply with our legal obligations, resolve disputes, and enforce our agreements.

Profile

We store information specifically given to us by our users through the account set up process, and/or the account edit process. In addition, we store IP address, browser type, Internet Service Provider (ISP) and access times. We do not store information provided through the use of cookies. A profile has stored information that provides the company with information describing the end user of our service. All such collected information is used only for the conducting of the provision of our service.

Cookies and Other Tracking Technologies

We Capital Confirmation and our analytics or service providers use cookies or similar technologies in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies for to remember users’ settings (e.g. language preference), for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

Online Advertising

We use Google AdWords, Google Analytics, Google Display Network, Adobe Analytics, and HubSpot to track user behavior and manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interestbased ads, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.

Log Files

Like most standard website(s) servers we use log files. This includes Internet Protocol (IP) addresses, browser type and Internet Service Provider (ISP), referring/exit pages, operating system and access time. Capital Confirmation and its production Confirmation Website(s), use log files only to track errors in the system. Log file information is not tied to a user’s personal data.

INFORMATION COLLECTED FOR OUR CLIENTS

Capital Confirmation collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Capital Confirmation’s Client (the data controller). If requested to remove data we will respond within 30 days. We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Capital Confirmation will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

COMMUNICATIONS FROM THE SITE

Core Communications

These include email, mail, and call communications to facilitate the processing of audit confirmations, announce new enhancements to the service, aid in common user account administration functions, distribute information on upcoming site maintenance, and to provide notice of various updates to our terms of service or polices. These also include communications designed to educate and provide resources to both new and existing users on how to use the application, welcome emails, training sessions, and Responder Network updates.

Customer Support

We communicate with users on a regular basis to provide requested services, and in regard to issues relating to their account we reply via email or phone in accordance with the user’s wishes.

Marketing Communications

We may from time to time send emails or mail to provide you with information regarding new product and service offerings, product and service notifications, and/or complimentary resources.

Generally, you may not opt-out of Customer Support or Core Communications. If you do not wish to receive them, you have the option to deactivate your account. If you do not wish to receive marketing communications you can simply not consent to receiving them (if your location requires consent), use the “Manage Your Preferences” and “Unsubscribe” links provided within each marketing email message, or contact Customer Support at Customer.Support@confirmation.com.

SHARING

We will share your personal data or legal confirmation attachments containing PHI with third parties only in the ways that are described in this privacy policy. We do not sell your personal data or legal confirmation attachments containing PHI to third parties.

Legal Disclaimer

In certain situations, Capital Confirmation may be required to disclose personal data or legal confirmation attachments containing PHI in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Though we make every effort to preserve user privacy, we may also need to disclose personal data or legal confirmation attachments containing PHI when required by law such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Aggregate Information (non-personal data)

We do not share aggregated demographic information with our partners and advertisers. These are the instances in which we will share users’ personal data or legal confirmation attachments containing PHI:

Third Party Intermediaries

We use PCI-DSS compliant outside credit card processing companies to bill users for services. These companies do not retain, share, store, or use personal data for any secondary purposes.

Business Transitions

In the event Capital Confirmation goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users’ personal data or legal confirmation attachments containing PHI will, in most instances, be part of the assets transferred. Users will be notified via prominent notice on our website(s) for 30 days prior to a change of ownership or control of their personal data or legal confirmation attachments containing PHI. If as a result of the business transition, the users’ personally identifiable information or legal confirmation attachments containing PHI will be used in a manner different from that stated at the time of collection they will be given choice consistent with our notification of changes section prior to the information being used for the new purposes.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site. Users’ personally identifiable information is not shared with third parties unless we give prior notice and choice. Though we may use an intermediary to conduct these surveys or contests, they may not use users’ personal datafor any secondary purposes.

SECURITY

This Website(s) takes every precaution to protect our users’ information. When users submit sensitive information via the Website(s), their information is protected both online and offline.

The Confirmation Website(s)s are entirely encrypted and protected using 256 bit encryption with a public RSA 2048 bit key for SSL Extended Validation Certificates with Server Gated Cryptography by DigiCert for internet communications. This means that when our registration/order form asks users to enter sensitive information (such as credit card number), that information is encrypted. While we use SSL encryption to protect sensitive information online, we also use appropriate technical and organisational measures to protect user-information offline. All of our users’ information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a Customer Support representative) are granted access to personal data. The servers that store personal data are in a secure environment, in a hardened hosting facility. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

If users have any questions about the security at our Website(s), users can send an email to: Customer.Support@confirmation.com (www.confirmation.com, bba.confirmation.com, www.creditconfirm.com) or EDCustomer.Support@confirmation.com (edu.confirmation.com).

SUPPLEMENTATION OF INFORMATION

In order for the website(s) to properly fulfill its obligation to users it is necessary for us to supplement the information we receive with information from 3rd party sources.We use outside sources to verify a user’s accounting credentials to validate that user’s access to our system.If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

Personal Data Management and Inquiries

You have the following rights in relation to personal data relating to you that we process:

  1. Upon request Capital Confirmation will provide you with information about whether we hold any of your personal information. You may also request a copy or access to the personal data concerned.
  2. If your personal data changes (such as zip code, phone, email or postal address) you can update your data by editing your user profile on the Confirmation.com Website(s) or by contacting Customer Support.
  3. Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned.
  4. If you have a complaint about the processing of your personal data by Capital Confirmation, please contact Customer Support. If we are unable to rectify the issue to your satisfaction, you are always able to lodge a formal complaint with the applicable Supervisory Authority.

Personal data inquiries can be submitted by contacting the Capital Confirmation Data Protection Officer at Customer.Support@confirmation.com(www.confirmation.com, bba.confirmation.com, www.creditconfirm.com) or EDCustomer.Support@confirmation.com (edu.confirmation.com). We will respond to your request within 30 days.

Social Media Widgets

Our website(s) includes social media features, such as the Facebook “Like” button, and Widgets, such as the “Share This” button or interactive mini-programs that run on our website(s). These features may collect your Internet Protocol (IP) address, which page you are visiting on our website(s), and may set a cookie to enable the feature to function properly. social media features and widgets are either hosted by a third party or hosted directly on our website(s). Your interactions with these features are governed by the privacy statement of the company providing it.

Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at Customer.Support@confirmation.com (www.confirmation.com, bba.confirmation.com, www.creditconfirm.com) or EDCustomer.Support@confirmation.com(edu.confirmation.com).

Links to 3rd Party Sites

Our website includes links to other website(s) whose privacy practices may differ from those of Capital Confirmation. If you submit personal data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy statement of any website(s) you visit.

Notification of Changes

If we decide to change our privacy statement, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy statement under which the information was collected.

If, however, we are going to use a user’s personal data in a manner different from that stated at the time of collection we will notify users via email prior to the change becoming effective. Users will have a choice as to whether or not we use their information in this different manner. However, if users have opted out of all communication with the site through deactivating their account, then they will not be contacted, nor will their personal data be used in this new manner. In addition, if we make any material changes in our privacy practices that do not affect user information already stored in our database, we will post a prominent notice on our website(s) prior to the changes taking effect. In some cases where we post a notice we will also email users, who have opted to receive communications from us, notifying them of the changes in our privacy practices.

REGIONAL PRIVACY REQUIREMENTS

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and Switzerland, that may not be subject to equivalent data protection law. It may also be processed by staff situated outside these areas who work for us or for one of our suppliers. This includes staff engaged in activities such as the fulfilment of orders, the processing of payment details, and the provision of support services.

Where personal data is transferred in relation to providing our services, we will take all steps reasonably necessary to ensure that it is protected by appropriate safeguards. Capital Confirmation and its subsidiary companies (Capital Confirmation International LLC, Confirmation Technology Services LLC, Confirmation.com UK Pvt. Ltd., Confirmation.com India Pvt. Ltd., Confirmation.com Japan Kabushiki Kaisha) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. Capital Confirmation is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List (https://www.privacyshield.gov/list).

Capital Confirmation is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Capital Confirmation complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Capital Confirmation is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Capital Confirmation may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield Website(s (https://www.privacyshield.gov/article?id=How-toSubmit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

EU General Data Protection Regulation (GDPR)

In providing our services, we act as a data processor on behalf of the users of our services in relation to personal data that is processed using the service, in which case we will process the relevant personal data only for the purpose(s) of providing the service and otherwise in accordance with our agreement with the users and the regulations that apply to us directly as a data processor.

Legal Basis for Personal Data Processing

Collecting, processing, and using personal data by Capital Confirmation occurs under the following legal bases:

  • Legitimate Interest – User validation, transactional confirmation activities including authorization, user access permissions, user account management, core site communications, and customer support.
  • Consent – Marketing communications.

Data Protection Officer

Compliance with Capital Confirmation’s privacy policy, and applicable data protection laws, is verified regularly with internal impact assessments and other controls. The coordination of these activities is the responsibility of the Data Protection Officer, who can be contacted in accordance with the contact information below.

Dan Zangwill
Data Protection Officer
DataInquiries@confirmation.com

Automated Decisions

Personal data processed by Capital Confirmation is never used to make automated decisions that would have negative consequences for its data subjects.

Supervisory Authority

The United Kingdom’s Information Commissioner’s Office is the lead supervisory authority for Capital Confirmation, Inc. in the EU and can provide further information about your rights and our obligations in relation to personal data, as well as to address any complaints that you have about our processing of your personal data.

Contact Information

If users have any questions or suggestions regarding our privacy statement, please contact us at:

 

TRUSTe Privacy Certification                    

Setting the Standard for Security

To illustrate Confirmation’s commitment to effective operational controls and privacy and security best practices, we undergo all three Service Organization Control (SOC) examinations every six months, have received an ISO 27001 certification for the service, TRUSTe Privacy Policy certified, and EU Privacy Shield certified. Collectively, these provide assurance about the controls we implement to protect privacy and confidentiality of our users’ data and the security, availability, and processing integrity of our system.

TRUSTe Privacy Certification
                   

                    

 

SOC 1, SOC 2, and SOC 3 Examinations

SOC reports examine controls over the services provided by service organizations. There are three types of SOC reports, and to address our customers varying needs, we complete all three SOC examinations.

  • Type 2 SOC 1—prepared in accordance with SSAE 16 reports on the design and operating effectiveness of controls relevant to user entities’ internal control over financial reporting.
  • Type 2 SOC 2—reports on the design and operating effectiveness of controls that affect the security, availability and processing integrity of the system used to process users’ data and the confidentiality and privacy of the information processed by the system.
  • SOC 3—reports on whether a system complies with specified Trust Services Principles and criteria.

View our SOC 3 Report.

          

ISO 27001 Certification

ISO 27001 Certification on the Confirmation.com services—Represents globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, maintaining and improving a documented ISMS within the context of an organization’s overall business risks.

Confirmation.com’s ISMS covers its online audit confirmation service and infrastructure including data and data environments, servers, source code, and internal networks related to its Brentwood, Tennessee and Delray Beach, Florida offices.

View our ISO27001 Certificate

TRUSTe Certification

Confirmation.com adheres to the Internet’s most trusted third-party Privacy Certification Standards issued by TRUSTe. The TRUSTe Web Privacy seal marks companies that adhere to TRUSTe’s strict privacy principles, and who strive to treat customer information with the utmost respect.

View our TRUSTe Privacy Seal

TRUSTe Privacy Certification

EU Privacy Shield

Confirmation.com complies with the EU-US Privacy Shield Framework designed by the US Department of Commerce and European Commission. This provides companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

View our Privacy Shield

General Data Protection Regulation (GDPR)

The GDPR aims primarily to give control back to EU residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation across the member states. Confirmation.com is committed to protecting its information and that of its customers. To achieve this goal, the company has implemented many controls to ensure compliance with GDPR. Please read below for more information.

What is GDPR?

On May 25, 2018, the European Union (EU) began enforcing a new data protection regulation, the General Data Protection Regulation, or GDPR. The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.

Who does the GDPR impact?

The GDPR applies to organizations located within the EU, and to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU natural persons or ‘data subjects.’ It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.

What steps is Confirmation.com taking to comply with GDPR?

Confirmation.com welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU, and as an opportunity for our organization to strengthen our commitment to data protection.

The following steps have been taken to ensure compliance with the GDPR:

  • Implemented a Security Management System
  • Appointed a Data Protection Officer
  • Appointed a EU-Based Data Protection Representative
  • Updated Data Privacy Policies
  • All Data Classified as “Most Sensitive” is Encrypted At-Rest
  • Annual Data Protection Impact Assessments Performed
  • Implemented Data Protection by Design Into All Business Projects
  • Created a GDPR Compliant Data Breach Incident Response Plan
  • Personal Data Processing Inventory (Article 30 Report) Created and Maintained.
  • Implemented Personal Data Loss Prevention Controls
  • Enhanced Data Privacy and Security Awareness Training implemented
  • Enhanced Encryption For Personal Data in Transit via TLS 1.2
  • Created GDPR Compliant Procedures for EU Data Subject Inquiries
  • Streamlined Explicit Consent and Withdrawal Procedures Implemented
  • Fair Personal Data Processing Notices Created and Sent to Data Subjects
  • Implemented GDPR Compliant Third Party Risk Management System
  • Registered with the ICO (UK Information Commissioner’s Office) To Provide EU Data Subject Inquiry Recourse
  • Certified EU-US Privacy Shield
  • Certified Swiss-US Privacy Shield

For more information about Confirmation.com and GDPR, email DataInquiries@confirmation.com. Further information on GDPR specifically can be found at eugdpr.org.

AICPA - AU-C Section 500: Audit Evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

External Confirmations

Guidance

.A18  An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party) in paper form or by electronic or other medium.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Reliability

Guidance

.A32  While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:

  • Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference.
  • Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

AICPA - AU-C Section 505: External Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

Selecting the Appropriate Confirming Party 

Guidance

.A3  Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Reliability of Responses to Confirmation Requests 

Guidance

.A15  An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation.    

How Confirmation Complies

Uses the highest level of security to ensure privacy and data integrity.  Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation service.    

AICPA - Practice Alert 03-1: Audit Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

Guidance

.19  If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.

How Confirmation Complies

Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation service. Uses the highest level of security to ensure privacy and data integrity. Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

PCAOB - AU Section 330: The Confirmation Process

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

Respondent

Guidance

.27  The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. 

How Confirmation Complies

Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Performing Confirmation Procedures 

Guidance

.29  During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses.  Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.

How Confirmation Complies

Uses the highest level of security to ensure privacy and data integrity.  Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

PCAOB - AU Section 326: Audit Evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

Sufficient Appropriate Audit Evidence

Guidance

.08  Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.

How Confirmation Complies

Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

ISA - ISA 505: External Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the ISA.

Para 6(a) Definition: External Confirmation 

Guidance

Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium. 

How Confirmation Complies

Confirmation.com enables auditors to receive audit confirmations electronically. Responses are prepared by authorized bank officials based on the auditor’s request. Use of Confirmation.com meets the requirements of an ‘External Confirmation’.

Para 7 Maintaining control 

Guidance

When using external confirmation procedures, the auditor shall maintain control over external confirmation requests. 

How Confirmation Complies

Auditors keep complete control over the process, including client and accounts setup, requesting client authorization and the sending and receipt of confirmations.

A2 Selecting the appropriate confirming party 

Guidance

Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party the auditor believes is knowledgeable about the information to be confirmed. For example, a financial institution official who is knowledgeable about the transactions or arrangements for which confirmation is requested may be the most appropriate person at the financial institution from whom to request confirmation. 

How Confirmation Complies

Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.com.

A6 Validating addresses 

Guidance

Determining that requests are properly addressed includes testing the validity of some or all of the addresses on confirmation requests before they are sent out.

How Confirmation Complies

We validate all entities participating in the Confirmation.com network. The controls surrounding this process are included in our SOC 1 report that is issued every six months as part of our controls audit. By relying on our validation procedures, you avoid the need to perform your own validation procedures.

A12 Electronic responses 

Guidance

Responses received electronically, for example by facsimile or electronic mail, involve risks as to reliability because proof of origin and authority of the respondent may be difficult to establish, and alterations may be difficult to detect. A process used by the auditor and the respondent that creates a secure environment for responses received electronically may mitigate these risks. If the auditor is satisfied that such a process is secure and properly controlled, the reliability of the related responses is enhanced. An electronic confirmation process might incorporate various techniques for validating the identity of a sender of information in electronic form, for example, through the use of encryption, electronic digital signatures, and procedures to verify web site authenticity.

How Confirmation Complies

Confirmation.com’s operates industry-leading information security and data privacy practices. We have procedures and controls in place to ensure the integrity, confidentiality and accessibility of data. We undergo third-party audits to demonstrate the effectiveness of our controls: 

  • SOC 1, SOC 2 and SOC 3 examinations every six months.
  • Received an ISO27001 certification of the Confirmation.com service.
  • TRUSTe data privacy and EU Safe Harbor certification.

A13 Involvement of third parties 

Guidance

If a confirming party uses a third party to coordinate and provide responses to confirmation requests, the auditor may perform procedures to address the risks that: (a) The response may not be from the proper source; (b) A respondent may not be authorized to respond; and (c) The integrity of the transmission may have been compromised.

How Confirmation Complies

Confirmation.com’s control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity. Our controls reports outlined above demonstrate the effectiveness of these procedures.

Para 12 Non-responses 

Guidance

In the case of each non-response, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence.

How Confirmation Complies

Confirmation.com guarantees responses for In-Network confirmations, avoiding the need for alternative procedures.