April 9, 2017
ALL SERVICE PROVIDER DATA IS PROVIDED ON AN AS-IS, WHERE-IS BASIS, WITHOUT WARRANTY, GUARANTEE OR LIABILITY.
1. Use of Wireless Location Information
2. Tier 1 Support for End Users
Client shall provide all necessary Tier 1 support to End Users and supply LSP 24x7 technical support and customer service contact information, as applicable. Such contact information may be shared with Service Providers so that they may direct End Users to contact LSP or Client in event any such End Users contact their Service Provider for assistance with a LSP Service or Client Application.
3. Use of Wireless Service Providers' Names; Publicity
3.1 Client shall not publicly use wireless Service Provider's name, trademarks, trade names, service marks or logos without prior written permission of the applicable wireless Service Provider.
3.2 Client shall not publicize the relationship with wireless Service Providers without the permission of the applicable wireless Service Provider including, without limitation, that a LSP Service or Client Application is compatible with the wireless Service Provider's network or devices.
3.3 The LSP Service supports wireless location for subscribers of AT&T, Boost, Metro PCS, Sprint, T-Mobile, US Cellular, Verizon and Virgin Mobile and text messaging for subscribers of those Service Providers plus most Tier 2 and 3 US wireless Service Providers.
4. Notifications for Use of Client Applications
4.1 Client Applications that utilize Location Information must include consumer disclosure containing clear and conspicuous notice about how Location Information will be accessed, used, copied, stored or disclosed by LSP or its Client which must be presented to End User for acceptance prior to use of Client Application. Client shall make no representation of accuracy, completeness or timeliness of Location Information or the location capabilities of the Service within the End User License Agreement ("EULA") for the Client Application or any other document. All notices, EULAs and privacy policies shall be readily available and easily accessible by End Users and wireless Service Provider customers.
4.2 For applications that utilize Location Information and are resident on an End User's mobile device, Client must notify the user through a pop-up screen or other similar approved solution that alerts the user that use of the application may cause additional data charges from the wireless Service Providers. Such pop-up screen must appear before the launch of the application and provide the user the ability to abort such launch.
4.3 For applications that utilize Location Information and are resident on an End User's mobile device, Client must provide a clear and conspicuous help button for the application, which must include information on how to seek customer support.
4.5 Client shall make any Client Application that utilizes Location Information available to End Users until the later of: (i) ninety (90) days from the End User's initial purchase of a Client Application; (ii) the expiration of the period of time indicated to End Users that the Client Application will be available or supported; and (iii) the date support services stop for all End Users. In the event that Client intends to discontinue the Client Application for any reason whatsoever, Client will (a) provide written notice to LSP that the Client Application will no longer be supported at least ninety (90) days before a cessation in support services to the End Users; and (b) provide written notice to each End User at least thirty (30) days before support stops.
5. Compliance with Law, Policies, Industry Practices and Guidelines
5.1 Client understands and agrees that Client and affiliated third parties may be subject to additional unanticipated obligations and legal requirements as a result of developing, distributing and/or use of location aware applications or services. Client will only access, use, copy, store and disclose Location Information as long as notice, consent and all other requirements have been satisfied and maintained. Client and all Client Applications will at all times comply with applicable laws, rules and regulations, industry practices, third-party guidelines and other relevant policies and requirements, including: (i) all applicable consumer protection, marketing, data security, export and privacy laws; (ii) Federal Trade Commission privacy initiatives; and (iii) the CTIA Best Practices and Guidelines for Location-Based Services. Client will not allow Location Information of an End User to be accessed from outside the country in which the End User is subscribed for wireless service without the prior written consent of the End User's wireless Service Provider.
5.2 Client will comply with all of the following as amended from time to time, as applicable:
a. all applicable privacy, consumer protection, marketing and data security laws and government guidelines;
b. if Client Application utilizes Location Information, the CTIA Best Practices and Guidelines for Location-Based Services currently located at https://www.locationsmart.com/cms/resources/ctia-lbs-best-practices-adopted-03-10.pdf;
c. if Client Application utilizes text messaging services, the CTIA Messaging Principles and Best Practices (as applicable) located at http://www.ctia.org/docs/default-source/default-document-library/170119-ctia-messaging-principles-and-best-practices.pdf;
6. Consent and Privacy Settings
Client will comply with Sections 6.1 through 6.5 below if the Client Application, utilizes Location Information.
6.1 Unless otherwise expressly approved in writing by the wireless Service Provider of an End User, Client will obtain affirmative, opt-in consent from End Users as appropriate to access, use, copy, store or disclose Location Information via any means that are required for consent to be effective and valid. Client agrees not to access, use, copy, store or disclose any Location Information until the appropriate consent has been obtained. Privacy settings shall be used to allow flexibility to determine the level of acceptable consent. End Users shall have the ability to easily change privacy settings at any time. Each approved Client Application will be named in such a manner to be recognizable by the End User's wireless Service Provider. Client understands that unless otherwise approved by the End User's wireless Service Provider in writing all Client Applications may be listed on the End User's wireless Service Provider's consumer privacy portal and End Users may have the option to change basic privacy settings at such portal.
6.2 Client must:
a. integrate into their registration process a stand-alone clear and conspicuous notice about how an End User's information including Location Information will be accessed, used stored, disclosed or collected;
b. obtain the appropriate consent to the notice from the End User prior to any such access, use, storage, disclosure or collection;
6.3 With the exception of self-service (location is revealed only to the end user) or employer's location-based service applications, Client must provide notice to, and obtain the affirmative consent of, the person to be located (the "locatee") prior to permitting an application or person (the "locator") to view the locatee's geographic location. Such notice must, at the minimum, inform the locatee that the locator is seeking permission to locate the locatee.
6.4 For applications where End Users are able to locate other End Users (e.g. social-networking applications), Client must provide the locatee with the option of being notified each time that the locatee is being located and by whom. If such an application is one in which only adults may participate, Client must verify the End User's age using a reliable method.
6.5 Except for applications using one-time location consent, Client must provide End Users with the ability to easily, conveniently and instantly revoke their consent or permission to locate them on a 24x7 basis and, at a minimum, via the method by which the End User consented. Once revoked, Client must immediately cease accessing and using the End User's Location Information.
7. Consent Record Retention
7.1 7.1 If Client Application utilizes Location Information, Client must clearly and conspicuously document the presentation of the appropriate notices to the End Users. Such record must, at a minimum, include:
a. an identifier which links the End User to the record;
b. a time and date stamp of the End User's acknowledgment;
c. a reference to the version of the notice that was presented;
d. the Client Application identifier;
e. for permissions to locate and revocation records, an identifier which links the permitted/ revoked locator to the record.
7.2 If Client Application utilizes Location Information, Client must maintain records of any notice, consent and revocation for as long as the associated Client Applications are in use, plus an additional five (5) years. LSP or the End User's wireless Service Provider can request this information at any time and it shall be provided within seven (7) business days of request.
8. Revocation of Consent
If Client Application utilizes Location Information, except for applications using one-time location consent, Client will ensure that each End User may immediately revoke consent, through easy to use privacy settings or other readily available mechanisms on interactive devices, to the access, use, storage and/or disclosure of Location Information at any time. If consent is denied or withdrawn, Client Application may not collect, transmit, maintain, process or utilize Location Information or perform any other actions for which End User consent has been denied or withdrawn.
9. Use and Storage of Location Information
Client may only use Location Information for the sole purpose of providing services as intended by End Users. Location Information shall not be accessed, used, copied, stored or disclosed for any other purpose without the explicit prior consent of End Users. Client must delete Location Information immediately when it is no longer needed and provide a readily available means for End Users to delete stored Location Information. Client shall not: (a) collect or store any information delivered via the LSP Service, other than temporary caching on the Client servers or End User devices, for purposes other than to determine the location of an End User device; (b) use automated scripts to access the LSP Service; or (c) otherwise mine or attempt to mine information delivered via the LSP Service.
10. Privacy Safeguards and Considerations
10.1 Client Application must not be used to undermine End User privacy and should not allow unauthorized surveillance. To mitigate the risk of End Users being located without their knowledge and consent, Client must implement security measures and safeguards that protect End User privacy and safety. Depending upon the type, nature and sensitivity of the services provided through Client Applications and the means by which these measures and safeguards can be implemented, it may be necessary for Client to encrypt sensitive data such as Location Information, use private networks to transmit such data, provide periodic notices to End Users, send reminder messages to End Users, and/or utilize audible, visual or other types of notifications as appropriate.
10.2 Client must carefully consider the safety implications of each location-based service and implement the appropriate safeguards to address the foreseeable risks.
10.4 Client must provide a resource for End Users to report abuse of the application and a process that can address that abuse in a timely manner.
11. Intended Recipients' Use of Location Information
Where Location Information is disclosed to anyone other than End User, Client shall ensure that the recipient only receives Location Information when necessary with consent of End User, uses the Location Information only for the purpose for which it was provided, disposes of Location Information after use unless otherwise permitted by End User and takes measures to protect the Location Information against unauthorized access, use, copying, storage and/or disclosure.
12. Prohibited Content
Content available through any Client Application must not: (a) contain any material that is unlawful or defamatory or that infringes upon or violates any copyright, trademark, patent, personality, publicity, or privacy rights or any other intellectual property or other rights of any third party; (b) promote or facilitate any illegal activity, such as illegal gambling; (c) contain any adult themed or sexually explicit content; (d) depict violence, prejudice, discrimination, or racism; (e) contain alcohol, tobacco or death-related content; and (f) contain any information that is false or likely to mislead or deceive.
13. Harmful Code
Client will maintain an appropriate level of security and integrity for End Users in connection with the use of the Services and implement procedures to prevent the transmission of Harmful Code to End Users and unauthorized access to devices and Service Provider networks. "Harmful Code" means (a) viruses, worms or other malicious code; (b) any feature that prevents or interrupts the use of a Service Provider network or any device, including, without limitation, any lock, drop-dead device, Trojan-horse routine, trap door, time bomb; (c) any other code or instruction that is intended to be used to access, modify, delete, damage, or disable the functionality of a Service Provider network or any device; or (d) data or messages that are unsolicited or of a volume that unreasonably burden a Service Provider network or any device. Client will immediately notify LSP if Client knows or has reason to know of any breach of security or known vulnerability of the Client's systems that could lead to a breach of these security obligations and will remedy the breach or such vulnerability within 24 hours.
14. Security Provisions
14.1 Client must implement and maintain administrative, physical and technical safeguards that prevent any collection, use or disclosure of, or access to, End User information that this Agreement does not expressly authorize, including, without limitation, an information security program that meets the highest standards of best industry practice to safeguard End User information. The information security program will include, without limitation, (i) adequate physical security of all premises in which End User information will be processed or stored; (ii) reasonable precautions taken with respect to the employment of and access given to personnel, including background checks and security clearances that assign specific access privileges to individuals; and (iii) an appropriate network security program. The network security program will include, without limitation, (x) appropriate access controls and data integrity controls; (y) testing and auditing of all controls; and (z) appropriate corrective action and incident response plan.
14.2 Client shall implement and maintain administrative, physical and technical security controls to protect Location Information and the availability and integrity of Service Provider networks and services. Client shall design, develop, build, operate and maintain Client Applications to sufficiently mitigate security threats, including: (i) unauthorized access; (ii) unauthorized changes; (iii) disruptions or denial of service; (iv) escalation of user privilege; (v) service fraud; (vi) improper disclosure of sensitive information; and (vii) degradations of service.
14.3 For Client Applications that communicate over an Internet Protocol network, any network traffic shall have security controls to protect from threats, including, but not limited to, eavesdropping, data tampering and data collection.
14.4 No Client Application shall: (i) perform any functions or link to any content or use any robot, spider, site search or other retrieval application or device to scrape, retrieve or index services or to collect, disseminate, use, store or disclose information about End Users for any unauthorized purpose; (ii) disable, override or otherwise interfere with any Service Provider alerts, warnings, display panels, consent panels and the like, including, but not limited to, those that are intended to notify End User that Location Information is being accessed, used, copied, stored or disclosed; (iii) be designed or marketed for automatic or autonomous control of vehicles, aircraft or other mechanical devices or emergency or life- saving purposes; or (iv) be designed, developed, marketed, distributed, offered or otherwise made available for the purpose of harassing, abusing, stalking, threatening or otherwise violating the legal rights (such as the rights of privacy and publicity) of others or any other illegal or unethical purpose.
15. Use of Telephone Number Directory Data Services
15.1 Allowed Uses of Directory Data. Client is granted a license to use telephone directory data (i.e., the caller name and/or address associated with a telephone number) for the following purposes: to update internal records; to complete internal forms; to verify caller name, address, and telephone number information; or to perform any other administrative and operational functions directly related to Client's normal business activities, which functions would typically be performed by calling the traditional directory assistance operator service (which service may be provided by a human operator or through other mechanisms such as speech recognition).
15.2 Limitations on Use of Directory Data. Client agrees to the following limitations on the use of the directory data. Client shall use commercially reasonable efforts to abide any restrictions on use of the directory data as may be imposed by LSP's data suppliers from time to time following receipt of written notice from LSP delineating any such restrictions. Client will not store in retrieval or any other system any part of the directory database or the data contained therein except for purposes necessary to conduct the allowed uses of the directory data. Client covenants not to:
a. use the directory data to publish directories in any form, including on the public Internet;
b. grant any third-party access to the directory data licensed hereunder, unless that third-party is an independent third party contractor providing services to End Users, a subcontractor, employee, or affiliate of Client, and such relationship is evidenced by a written agreement, which is no less restrictive than this Agreement (except that Client shall not be permitted to sublicense the directory data to any third-party); provided that with respect to the independent contractors, no such written agreement is required to the extent directory data is provided by LSP to such third party for the provision of customer support/assistance services, and provided that Client has complied with the terms of this Agreement for obtaining and using such information;
c. use the directory data for any directory assistance purpose including human operator handled directory assistance or directory assistance automated by speech recognition or any other means; and
d. use the directory data other than as specifically licensed pursuant to this Agreement; using the directory data in a manner that knowingly infringes any copyright or other intellectual property of LSP or its third-party data suppliers; or using the directory data in a manner that violates any law or regulation known to Client that is applicable to the use of the directory data.
16. Carrier Identification, IP Geolocation, and Global Site ID Look-up Services
The carrier identity, IP Geolocation and Global Site ID (i.e., Wi-Fi and Cell ID look-up) information accessed via the LSP Services are for use by Clients only, solely for Clients' internal business purposes and not for resale to any third-party, including by way of a service bureau or wholesaler.
17. Information Security Vendor Assessments, Annual Security Audits & Visitation and Inspection Rights
If Client stores Location Information of End Users for any period of time beyond that necessary for the provision or use of Client Application(s), the following terms will apply to Client:
17.1 Information Security Vendor Assessment ("ISVA"). Wireless Service Providers of the associated End Users reserve the right to require Client to complete an ISVA process once per year, as described below. A Service Provider may require that additional security controls or mitigation plans be implemented and maintained by Client based on results of an ISVA.
17.2 Previous Security Audit. Prior to commercial use of the Services, Client Platform shall have been subjected to an information security audit conducted internally or by an independent third party. Client will provide LSP the results of the most recent audit upon request for delivery to any requesting Service Provider. Any third-party or internal audits shall not have revealed any material vulnerabilities in the Client Platform or any component thereof and to the extent that any such vulnerabilities were found to exist, Client shall have fully remedied such vulnerabilities prior to commercial use of the Services.
17.3 Future Security Audits. Client agrees that it will engage an independent third-party to perform no less than annual security audits of the Client Platform, including any third-party data center(s) utilized by Client. Client will provide LSP the results of the latest audit within thirty (30) days of a request, including, without limitation: (i) whether the audit revealed any material vulnerability in the Client Platform; and (ii) if so, the nature of each vulnerability discovered. If the audit reveals one or more material vulnerabilities, Client will correct each such vulnerability at its sole cost and expense and will certify in writing to LSP that it has corrected all such vulnerabilities. Client must complete all vulnerability corrections within sixty (60) days of completion of the audit, unless the vulnerabilities by their nature cannot be corrected within such time in which case the corrections must be completed within a mutually agreed upon time.
17.4 Visitation and Inspection Rights. A Service Provider, or its authorized representatives, may at any time, upon reasonable notice, visit any or all locations of Client Platform to inspect Client Platform and to assess Client's performance of its obligations under this Section. For purposes of such an inspection, Client will grant a requesting Service Provider and its representatives access, during normal business hours, to the Client Platform and to all books, records, procedures and information that relate to Client's performance under this Section, including, without limitation, any information Service Provider deems necessary to ascertain any facts that relate to Client's performance hereunder. If: (i) a Service Provider determines in connection with any such inspection that Client has failed to perform any of its obligations under this Section, and (ii) a Service Provider notifies Client in writing of Client's breach of this Section, then Client will, within ten (10) days, develop a corrective action plan in cooperation with the requesting Service Provider. Such plan will be subject to Service Provider's approval in its reasonable discretion and Client will promptly implement such plan at its sole expense. These inspection and corrective action rights supplement, and in no way limit, LSP's or Service Provider's other rights in this Agreement.
17.5 Should such inspection request be denied, or should the inspection reveal flaws inconsistent with applicable policies, practices or procedures, the requesting Service Provider may terminate access to the Location Information of its subscribers at any time.
18. Incident Support, Response and Resolution
Client agrees to comply with the applicable performance and support obligations established from time to time by wireless Service Providers of End Users with respect to location aware services. In the event of an incident, outage or other occurrence related to the Service, a wireless Service Provider may assess the severity level of the incident and, if appropriate, recommend a support, response and resolution plan. Client understands that the intent of LSP and the wireless Service Providers in resolving any incident is to perform such resolution in a manner that reasonably prioritizes preservation of the integrity of wireless Service Provider facilities, the wireless Service Provider network, the wireless Service Provider services and End User use of Services. LSP and wireless Service Providers may use the contact information submitted by Client, which must be kept up to date, to communicate with Client regarding Client's performance and support obligations. Client's contact information may be shared by wireless Service Providers with their subscribers who are End Users and/or other third parties to provide support, response and resolution services.
April 9, 2017