General Policies

Service Provider Privacy Policy

THIS SERVICE PROVIDER PRIVACY POLICY ("PRIVACY POLICY") IS AGREED BETWEEN ZONES, LLC, OR ITS AFFILIATE, WHICHEVER IS THE BUYER OF SERVICES, ("BUYER"), AND THE ENTITY FROM WHICH BUYER IS PURCHASING ("PROVIDER") ONE (1) OR MORE PROFESSIONAL SERVICES ("SERVICES") TO BE PERFORMED FOR THE BENEFIT OF BUYER OR A BUYER CUSTOMER ("CUSTOMER") UNDER BOTH AN "AGREEMENT" (MEANING EITHER A WRITTEN AGREEMENT BETWEEN BUYER AND PROVIDER OR THE WRITTEN GOVERNING TERMS AND CONDITIONS) AND ANY ASSOCIATED "TRANSACTION DOCUMENT" (MEANING A PURCHASE ORDER OR STATEMENT OF WORK), WHICH TOGETHER EXCLUSIVELY GOVERN SUCH SERVICES EFFECTIVE ON THE EARLIER OF THE DATE WHEN SUCH TRANSACTION DOCUMENT IS "EXECUTED" (MEANING, WITH RESPECT TO A PURCHASE ORDER, THE DATE ON WHICH SUCH PURCHASE ORDER IS ACCEPTED BY PROVIDER, AND WITH RESPECT TO A STATEMENT OF WORK, THE DATE THAT IS IDENTIFIED AS THE EFFECTIVE DATE OF SUCH STATEMENT OF WORK, OR IN THE ABSENCE OF SUCH IDENTIFIED EFFECTIVE DATE, WHEN THE STATEMENT OF WORK IS COUNTERSIGNED) AND THE DATE WHEN PROVIDER INITIATES PERFORMANCE UNDER A TRANSACTION DOCUMENT ("POLICY EFFECTIVE DATE"). THIS PRIVACY POLICY IS INCORPORATED BY THIS REFERENCE INTO THE AGREEMENT AND ANY TRANSACTION DOCUMENT EXECUTED AFTER THE DATE WHEN THIS PRIVACY POLICY IS POSTED ON THIS WEBSITE. FROM TIME TO TIME, BUYER MAY AMEND THIS PRIVACY POLICY IN ITS SOLE DISCRETION, POSTING THE AMENDED PRIVACY POLICY ON THIS WEBSITE WITHOUT PRIOR NOTICE, AND ANY SUCH AMENDMENTS OF THE PRIVACY POLICY SHALL BE INCORPORATED INTO THE AGREEMENT AND SHALL BE BINDING ON THE PARTIES TO THE AGREEMENT; PROVIDED THAT THE VERSION OF THIS PRIVACY POLICY THAT APPEARS ON THIS WEBSITE AT THE TIME A TRANSACTION DOCUMENT IS EXECUTED SHALL BE BINDING WITH RESPECT TO THE SERVICES PERFORMED UNDER SUCH TRANSACTION DOCUMENT.

IN THE EVENT OF A CONFLICT BETWEEN THIS PRIVACY POLICY AND THE AGREEMENT, THIS PRIVACY POLICY SHALL PREVAIL. IN THE EVENT OF A CONFLICT BETWEEN THE TRANSACTION DOCUMENT AND THIS PRIVACY POLICY, THIS PRIVACY POLICY SHALL PREVAIL; PROVIDED THAT CONFLICTING TERMS AND CONDITIONS IN A STATEMENT OF WORK THAT EXPRESSLY STATE THAT THEY SUPERSEDE CERTAIN SPECIFIED PROVISIONS OF THIS PRIVACY POLICY SHALL PREVAIL WITH RESPECT TO THE SERVICES UNDER ONLY THAT CERTAIN STATEMENT OF WORK.

AS USED HEREIN, "PARTY" MEANS BUYER OR PROVIDER INDIVIDUALLY, AND "PARTIES" MEANS BUYER AND PROVIDER COLLECTIVELY. "AFFILIATE" MEANS AN ENTITY THAT OWNS, IS OWNED BY, OR IS UNDER COMMON OWNERSHIP WITH, A PARTY. "PURCHASE ORDER" OR "PO" MEANS A WRITTEN ORDER FOR SERVICES SUBMITTED BY BUYER TO PROVIDER EITHER IN HARD COPY OR ELECTRONIC FORM IN ACCORDANCE WITH THE TERMS OF THE AGREEMENT. "STATEMENT OF WORK" MEANS A WRITTEN AND EXECUTED CONTRACT THAT IS BETWEEN BUYER OR BUYER'S AFFILIATE AND PROVIDER, AND THAT SPECIFIES THE TERMS AND CONDITIONS UNDER WHICH PROVIDER WILL PROVIDE SERVICES AND WORK PRODUCT TO BUYER FOR THE BENEFIT OF A CUSTOMER.

PROVIDER SHALL ENSURE THAT PROVIDER PERSONNEL HAVE READ AND UNDERSTOOD THE CONTENTS OF, AND SHALL WARRANT PROVIDER PERSONNEL'S CONTINUOUS COMPLIANCE WITH, THIS PRIVACY POLICY.

PROVIDER OBLIGATIONS

Compliance with Laws. Provider shall comply with this Privacy Policy and with all applicable United States federal, state, and local government laws, rules, regulations, and judicial and agency rulings and requirements (each, a "Governmental Requirement") relating to the collection, use, and disclosure of "Customer Data" (meaning any data that is disclosed by Buyer or Buyer's Affiliate to Provider or Provider's Affiliate or otherwise acquired by Provider by means of its relationship with Buyer or its performance under the Agreement or a Transaction Document and that relates in any way to one (1) or more Customers or prospective Customers of Buyer) or "Personally Identifiable Information" (or "PII") (meaning, as set forth in Office of Management and Budget Memorandum M-07-16, information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc.). In Provider's performance under the Agreement and any Transaction Document, Provider shall regard at least the following information as Personally Identifiable Information: (a) information that identifies or can be used to identify, contact, or locate the person to whom such information pertains; or (b) information from which identification, contact, or location information of an individual can be derived–including, but not limited to: first and last name; home or other physical address; email address; credit card number; bank account or other financial account number; telephone or fax number; medical records; individual medical data; social security number; social media identifiers (such as screen names or profile addresses); any other identifier that permits physical or online contacting of an individual; unique identifiers; biometric information; and IP addresses).

Access to Data. Provider shall ensure that access to Customer Data and PII is limited to only its "Personnel" (meaning a Party's and its agents' and subcontractors' owners, directors, officers, and employees) who: (a) have a need to know such information to carry out obligations under the Agreement and one (1) or more Transaction Documents; and (b) are aware of the requirements of this Privacy Policy and are bound to follow those requirements and all Governmental Requirements related to the handling of Customer Data and PII. In the event that Customer Data or PII is required be disclosed to a third-party other than the applicable individual owner of such information, Provider shall first ensure that such third-party has agreed, in writing, to be bound by the terms of this Privacy Policy.

Use of Data. Provider shall not collect, access, use, reproduce, or disclose Customer Data or PII, except as expressly authorized by this Privacy Policy and applicable Governmental Requirements and as necessary in order to perform Services under this Agreement.

Compelled Disclosures. If Provider is compelled to disclose Customer Data or PII by any Governmental Requirement, then, except to the extent prohibited by law, Provider shall: (a) provide Buyer with prompt notice of such compulsion; (b) provide the maximum allowable opportunity for Buyer to seek a protective order or other measure to bar or limit such disclosure; (c) disclose only the minimum amount of Customer Data or PII required; and (d) make reasonable efforts to ensure that the disclosed Customer Data or PII is disclosed in a manner that preserves its confidentiality to the extent reasonably and legally possible.

Marketing. Under no circumstances, and notwithstanding anything to the contrary in this Privacy Policy or in the Agreement or any Transaction Document, will Provider: (a) sell Customer Data or PII; or (b) use Customer Data or PII for any marketing purposes, except to the extent expressly authorized under and specified in the applicable Transaction Document under which Provider is hired by Buyer to perform marketing-related Services on behalf of Buyer or a Customer. Provider shall at all times comply with the Telemarketing Sales Rule of the Federal Trade Commission ("FTC"), the Telephone Consumer Protection Act, and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, as each may be amended from time to time ("Marketing Regulations"). Provider shall at all times honor the registration lists maintained by the Direct Marketing Association's Telephone Preference Service and Mail Preference Service and any other similar lists that are maintained for the purpose of ensuring the unavailability and non-use for marketing purposes of certain contact information (including, but not limited to, postal and email addresses and telephone numbers) and that either generally are recognized in the industry or by the FTC or are maintained by Buyer (each, an "Opt Out List").

Prior to performing any marketing-related Services, Provider shall, in coordination with Buyer, perform a "Suppression" (meaning a purge or other suppression from intended marketing lists of all Customer Data and PII that is not available for marketing use, according to the Opt Out Lists and Marketing Regulations); such obligation shall be in addition to performing any other legally required Suppressions, including legally-mandated do not mail or do not call procedures.

Provider shall employ measures to ensure that applicable PII and Customer Data is Suppressed from its own records in response to any request by an entity to "Opt Out" (meaning not have his/her/its Customer Data or PII used for marketing purposes). Provider shall employ measures to ensure that Buyer is promptly provided any Opt Out requests. Any Opt Out List or Opt Out request provided by Buyer to Provider shall be used by Buyer solely for the purpose of performing Suppression and shall be returned or destroyed when no longer needed for such purpose.

Audit of Records. Provider shall maintain practices and records that are necessary to ensure and demonstrate its compliance with this Privacy Policy, including records of all use and transmission of Customer Data and PII. Buyer, or any Buyer-authorized inspector or auditor bound by appropriate confidentiality obligations, shall have the right to inspect and audit such practices and records for the purpose of verifying Provider's compliance with this Privacy Policy. Such inspection and/or audit shall be performed at Buyer's expense, upon reasonable notice, during regular business hours, and at the locations where such practices are followed or records are maintained.

Breach of Security. Provider shall immediately report to Buyer any loss of, failure to protect, or potential breach of obligations related to, Customer Data or PII, including any unauthorized use or disclosure, or any breach of Provider's systems that results in or is reasonably likely to result in improper access to PII or Customer Data. Provider shall, at its own expense, comply with all data breach notification laws in responding to any data breach and shall, to the extent permissible, notify Buyer of all actions taken in response to any data breach.

Subcontractors. If Provider employs any third-party service provider(s)/subcontractor(s) (each, a "Subcontractor") in connection with Provider's performance of Services, Provider shall require that each such Subcontractor agrees to abide by and comply with the terms and conditions of this Privacy Policy to the same extent of Provider's obligations hereunder.

Indemnification. Provider shall be fully responsible for, and shall indemnify, defend and hold harmless Buyer and Buyer's Affiliates from and against any and all claims, including liabilities, actions, judgments, costs, expenses and reasonable attorneys' fees, arising from, any Provider or Subcontractor breach of, or failure to comply with, the terms and conditions of this Privacy Policy, any Governmental Requirements, any Marketing Regulations, or any other applicable laws, rules, regulations, or judicial and agency rulings and requirements.

OTHER AGREEMENTS

If Buyer and Provider or applicable Affiliates have entered into one (1) or more of the following: a Business Associate Agreement, a non-disclosure/confidentiality agreement, and/or any other similar agreement that governs protection and confidentiality of data or information, whether subject to the Health Insurance Portability and Accountability Act of 1996, as amended, other similar laws or regulations, or otherwise, then the terms and conditions of this Privacy Policy are in addition to, and shall not supersede or replace, the terms and conditions of any such agreement(s).

COPYRIGHT © 2019 BY ZONES, LLC. THIS WEBSITE CONTAINS THE PROPRIETARY INFORMATION OF ZONES, LLC. IT IS PROTECTED BY STATE AND FEDERAL COPYRIGHT AND OTHER LAWS. ZONES, LLC, EXPRESSLY RESERVES ALL RIGHTS TO DISCLOSE REPRODUCE OR UTILIZE ITS CONTENT IN ANY MANNER, EXCEPT AS OTHERWISE AGREED IN WRITING BY ZONES, LLC. Posted 01/21/2019