Legal, Privacy, Security, and Regulatory

Here you'll find the legal documents, security standards, and policies that are core to our service. You'll also find information about how we comply with regulatory guidance.

私隱政策

Confirmation Privacy Statement

Effective on: August 30, 2019

This privacy policy applies to www.confirmation.com, and learn.confirmation.com ("Confirmation Website(s)") owned and operated by Confirmation. This privacy policy describes how Confirmation collects, shares, secures and uses the personal information you provide on the Confirmation Website(s). It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

  1. What personal data and protected health information (PHI) Confirmation collects.
  2. What personal data third parties collect through the Website(s).
  3. What organization collects the information.
  4. How Confirmation uses the information.
  5. With whom Confirmation may share user information.
  6. What choices are available to users regarding collection, use, and distribution of the information.
  7. What types of security procedures are in place to protect the loss, misuse or alteration of the information under Confirmation’s control.
  8. How users can correct any inaccuracies in the information.

INFORMATION COLLECTION AND USE

Registration

In order to use the Confirmation website(s), a user must first complete the registration form. During registration, a user is required to give professional and personal contact information (such as name and email address). We use this information to validate our users and to, therefore, grant access to our service. We also ask our accounting customers to provide their CPA registration/credentialing information in order to validate his/her status to include employment verification.

Order

We request information from the user on our order form. A user must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date). This information is used for billing purposes and to fill customer's orders. If we have trouble processing an order, the information is used to contact the user.

Third party information is collected on the site (such as client information entered for the purpose of conducting confirmations of accounts) The following are the types of information that are requested for a client: contact information, client's name, client contact name, client address, client contact's email address. This information is used to validate the client users of the service. A welcome email is generated to the clients to notify them that they have been set up on the service by their accountant and to provide them notification of their initial security codes. These emails are only used for the primary purpose of providing the service of the site and are not used for any secondary purposes.

INFORMATION USE

Confirmation, through its online service production website(s), collects three types of information:

  1. General Personal Data
  2. Customer Financial Information
  3. Protected Health Information (PHI)

General Personal Data is used to validate the user, associate transactional confirmation activities including authorization, determine access permissions, and to facilitate communications from the site. The customer is free to modify this information at any time.

Customer Financial Information includes certain bank/company balance information that is stored in our database on a temporary basis, and credit card payment information provided by the customer at the time of the payment for the provision of services.

PHI may be stored on Confirmation’s HIPAA compliant system as a document attachment to a legal confirmation request when/if this information is deemed pertinent to the legal confirmation audit.

All Customer Financial information or legal confirmation attachments containing PHI residing within Confirmation's secure processing controls will be maintained and stored according to our stated security and privacy policies. Confirmation takes no responsibility for Customer Financial Information once this data is no longer within Confirmation's control (e.g., data downloaded by the user, or mailed confirmations). The Confirmation website(s) serve the function of an online provider of balance assurance services for its customers. This service is designed for use by accountants in their conducting of audit procedures as described by Generally Accepted Accounting Standards (GAAS).

We process General Personal Data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to comply with our legal obligations, resolve disputes, and enforce our agreements.

檔案

We store information specifically given to us by our users through the account set up process, and/or the account edit process. In addition, we store the IP address, browser type, Internet Service Provider (ISP) and access times. We do not store the information provided through the use of cookies. A profile has stored information that provides the company with information describing the end user of our service. All such collected information is used only for the conducting of the provision of our service.

Cookies and Other Tracking Technologies

We, Confirmation, and our analytics or service providers use cookies or similar technologies in analyzing trends, administering the site, tracking users' movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies to remember users' settings (e.g. language preference), for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

Online Advertising

We use Google AdWords, Google Analytics, Google Display Network, Adobe Analytics, and HubSpot to track user behavior and manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.

Log Files

Like most standard website(s) servers, we use log files. This includes Internet Protocol (IP) addresses, browser type, and Internet Service Provider (ISP), referring/exit pages, operating system and access time. Confirmation and its production Website(s), use log files only to track errors in the system. Log file information is not tied to a user's personal data.

INFORMATION COLLECTED FOR OUR CLIENTS

Confirmation collects information under the direction of its clients and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Confirmation's Client (the data controller). If requested to remove data we will respond within 30 days. We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Confirmation will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

COMMUNICATIONS FROM THE SITE

Core Communications

These include email, mail, and call communications to facilitate the processing of audit confirmations, announce new enhancements to the service, aid in common user account administration functions, distribute information on upcoming site maintenance, and to provide notice of various updates to our terms of service or policies. These also include communications designed to educate and provide resources to both new and existing users on how to use the application, welcome emails, training sessions, and Responder Network updates.

客戶服務與支持

We communicate with users on a regular basis to provide requested services, and in regard to issues relating to their account, we reply via email or phone in accordance with the user’s wishes.

Marketing Communications

We may from time to time send emails or mail to provide you with information regarding new product and service offerings, product and service notifications, and/or complementary resources.

Generally, you may not opt-out of Customer Support or Core Communications. If you do not wish to receive them, you have the option to deactivate your account. If you do not wish to receive marketing communications you can simply not consent to receive them (if your location requires consent), use the “Manage Your Preferences” and “Unsubscribe” links provided within each marketing email message, or contact Customer Support at Customer.Support@confirmation.com.

SHARING

We will share your personal data or legal confirmation attachments containing PHI with third parties only in the ways that are described in this privacy policy. We do not sell your personal data or legal confirmation attachments containing PHI to third parties.

Legal Disclaimer

In certain situations, Confirmation may be required to disclose personal data or legal confirmation attachments containing PHI in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Though we make every effort to preserve user privacy, we may also need to disclose personal data or legal confirmation attachments containing PHI when required by law such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Aggregate Information (non-personal data)

We do not share aggregated demographic information with our partners and advertisers. These are the instances in which we will share users' personal data or legal confirmation attachments containing PHI:

Third Party Intermediaries

We use PCI-DSS compliant outside credit card processing companies to bill users for services. These companies do not retain, share, store, or use personal data for any secondary purposes.

Business Transitions

In the event Confirmation goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users' personal data or legal confirmation attachments containing PHI will, in most instances, be part of the assets transferred. Users will be notified via prominent notice on our website(s) for 30 days prior to a change of ownership or control of their personal data or legal confirmation attachments containing PHI. If as a result of the business transition, the users' personally identifiable information or legal confirmation attachments containing PHI will be used in a manner different from that stated at the time of collection they will be given choice consistent with our notification of changes section prior to the information being used for the new purposes.

Surveys & Contests

From time to time, our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user, therefore, has a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site. Users' personally identifiable information is not shared with third parties unless we give prior notice and choice. Though we may use an intermediary to conduct these surveys or contests, they may not use users' personal data for any secondary purposes.

安全性

This Website(s) takes every precaution to protect our users' information. When users submit sensitive information via the Website(s), their information is protected both online and offline.

The Confirmation Website(s)s are entirely encrypted and protected using 256-bit encryption with a public RSA 2048-bit key for SSL Extended Validation Certificates with Server Gated Cryptography by DigiCert for internet communications. This means that when our registration/order form asks users to enter sensitive information (such as credit card number), that information is encrypted. While we use SSL encryption to protect sensitive information online, we also use appropriate technical and organizational measures to protect user-information offline. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a Customer Support representative) are granted access to personal data. The servers that store personal data are in a secure environment, in a hardened hosting facility. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

If users have any questions about the security at our Website(s), users can send an email to: Customer.Support@confirmation.com (www.confirmation.com) or learn@confirmation.com (https://learn.confirmation.com/learn).

SUPPLEMENTATION OF INFORMATION

In order for the website(s) to properly fulfill its obligation to users, it is necessary for us to supplement the information we receive with information from 3rd party sources. We use outside sources to verify a user's accounting credentials to validate that user's access to our system. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

Personal Data Management and Inquiries

You have the following rights in relation to personal data relating to you that we process:

  1. Upon request, Confirmation will provide you with information about whether we hold any of your personal information. You may also request a copy or access to the personal data concerned.
  2. If your personal data changes (such as zip code, phone, email or postal address) you can update your data by editing your user profile on the Confirmation.com Website(s) or by contacting Customer Support.
  3. Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned.
  4. If you have a complaint about the processing of your personal data by Confirmation, please contact Customer Support. If we are unable to rectify the issue to your satisfaction, you are always able to lodge a formal complaint with the applicable Supervisory Authority.

Personal data inquiries can be submitted by contacting the Confirmation Data Protection Officer at Customer.Support@confirmation.com (www.confirmation.com) or learn@confirmation.com (learn.confirmation.com/learn). We will respond to your request within 30 days.

Social Media Widgets

Our website(s) includes social media features, such as the Facebook "Like" button, and Widgets, such as the "Share This" button or interactive mini-programs that run on our website(s). These features may collect your Internet Protocol (IP) address, which page you are visiting on our website(s), and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website(s). Your interactions with these features are governed by the privacy statement of the company providing it.

感言

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at Customer.Support@confirmation.com (www.confirmation.com) or learn@confirmation.com (https://learn.confirmation.com/learn).

Links to 3rd Party Sites

Our website includes links to other website(s) whose privacy practices may differ from those of Confirmation. If you submit personal data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy statement of any website(s) you visit.

Notification of Changes

If we decide to change our privacy statement, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy statement under which the information was collected.

If, however, we are going to use a user's personal data in a manner different from that stated at the time of collection we will notify users via email prior to the change becoming effective. Users will have a choice as to whether or not we use their information in this different manner. However, if users have opted out of all communication with the site through deactivating their account, then they will not be contacted, nor will their personal data be used in this new manner. In addition, if we make any material changes in our privacy practices that do not affect user information already stored in our database, we will post a prominent notice on our website(s) prior to the changes taking effect. In some cases where we post a notice, we will also email users, who have opted to receive communications from us, notifying them of the changes in our privacy practices.

REGIONAL PRIVACY REQUIREMENTS

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") and Switzerland, that may not be subject to equivalent data protection law. It may also be processed by staff situated outside these areas who work for us or for one of our suppliers. This includes staff engaged in activities such as the fulfillment of orders, the processing of payment details, and the provision of support services.

Where personal data is transferred in relation to providing our services, we will take all steps reasonably necessary to ensure that it is protected by appropriate safeguards. Confirmation and its subsidiary companies (Confirmation International LLC, and Confirmation Technology Services LLC) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. Confirmation is committed to subjecting all personal data received from the European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List (https://www.privacyshield.gov/list).

Confirmation is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Confirmation complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Confirmation is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Confirmation may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield Website(s) (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

EU General Data Protection Regulation (GDPR)

In providing our services, we act as a data processor on behalf of the users of our services in relation to personal data that is processed using the service, in which case we will process the relevant personal data only for the purpose(s) of providing the service and otherwise in accordance with our agreement with the users and the regulations that apply to us directly as a data processor.

Legal Basis for Personal Data Processing

Collecting, processing, and using personal data by Confirmation occurs under the following legal bases:

  • Legitimate Interest – User validation, transactional confirmation activities including authorization, user access permissions, user account management, core site communications, and customer support.
  • Consent – Marketing communications.

Data Protection Officer

Compliance with Confirmation's privacy policy and applicable data protection laws is verified regularly with internal impact assessments and other controls. The coordination of these activities is the responsibility of the Data Protection Officer, who can be contacted in accordance with the contact information below.

Dan Zangwill
Data Protection Officer
DataInquiries@confirmation.com

Automated Decisions

Personal data processed by Confirmation is never used to make automated decisions that would have negative consequences for its data subjects.

Supervisory Authority

The United Kingdom’s Information Commissioner’s Office is the lead supervisory authority for Confirmation in the EU and can provide further information about your rights and our obligations in relation to personal data, as well as to address any complaints that you have about our processing of your personal data.

聯絡資料

If users have any questions or suggestions regarding our privacy statement, please contact us at:

TRUSTe     

For Requesters of Confirmations

用戶協議

以下內容為用戶使用CAPITAL CONFIRMATION INC.所提供服務的使用條款說明。

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domains and sub-domains of www.confirmation.com, and learn.confirmation.com ("Confirmation Website(s)") owned and operated by Capital Confirmation, and the general principles for the websites of our subsidiaries.如果您不同意遵守本協議的條款及條件,請勿使用或存取我們的服務。 You evidence your acceptance of the terms and conditions of this Agreement by checking the box for the "Yes, I have read and accept the User Agreement." statement and clicking the "Create New Account" button on Capital Confirmation's website and through your use of any of the Confirmation.com services (aka "Confirm" service).

If you have any questions, please email us at customer.support@confirmation.com.

在您成為Capital Confirmation的會員前,您必須先閱讀、同意並且接受本《用戶協議》及《私隱聲明》中的所有條款及條件,其中包括以下所明確陳述的條款及條件以及這些已納入的參考資料。我們極力建議您在閱讀此份《用戶協議》時,也同時閱讀本文件中所參考的其他頁面及網站的資訊,因為這些資訊可包含適用於Capital Confirmation用戶的其他條款及條件。 Please note: underlined words and phrases are links to these pages and websites.透過同意本《用戶協議》,即表示您也同意在使用其他Capital Confirmation網站時,將遵守這些網站的條款及條件。

我們可隨時透過在我們的網站上公佈修改後的條款以示我們對本協議的修改。 Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site.您將不會收到關於本協議中任何變更的書面通知或電郵通知。本協議不得修改,除非經過您及Capital Confirmation Inc.的書面簽署。本協議自1年2003月{[#2]}日起生效。

1. Membership Eligibility.
我們的服務僅提供給根據適用法律可簽署有法律約束力合約的個人。在不限於前述內容的情況下,我們的服務不提供給未成年人或遭到暫時或永久停用的Capital Confirmation會員。如果您未成年,您不得使用本服務。如果您不符合資格,請勿使用我們的服務。此外,Capital Confirmation帳戶(包括反饋)及用戶ID皆不得轉讓或出售給他方。如果您以商業實體身分註冊,即表示您有權代表該實體接受本協議的約束。如果您以個人身分註冊,即表示您是自己所聲稱的本人。

2. Fees and Service.
Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users, (the "Service"). The Service also includes the provision of ancillary services deemed reasonably necessary by Capital Confirmation to run a venue for digital transaction management, including but not limited to customer support, billing, and account management.

加入我們的會員為免費。請求及接收詢證函則必須收取費用。 Our Fees and Credit Policy is available here and is incorporated by reference.我們不時會變更我們的「費用及信貸政策」,以及我們服務的費用。我們政策的變更在我們將變更公佈於本協議,並且在提供您至少14天有關變更的通知後即行生效。然而,我們可因促銷活動而選擇暫時變更我們的費用政策及服務費用,且當我們將暫時性的促銷活動公佈於www.confirmation.com網站時,這類變更即行生效。在您購買詢證函時,您有機會先查看再接受使用我們服務所應付的費用。我們可隨時自行斟酌決定變更我們部分或全部的服務。當我們推出一項新服務時,該項服務的費用於推出時即行生效。除非另行規定,所有費用皆以美元報價。您將負責支付使用我們服務及網站的所有相關費用及適用稅金。

3. Capital Confirmation is a Venue.
3.1 Capital Confirmation並非銀行或律師事務所,我們也不是被授權的銀行或律師事務所代表。 我們的網站是個場所,讓用戶可隨時隨地用來請求、接收及購買詢證函。 We are not involved in the actual transaction between users of and providers of the confirmation information.因此,我們對於請求及回應的品質、正確性、時效性或合法性,或請求及回應的真偽或正確性皆無法掌控。 We also cannot ensure that a provider will actually complete a transaction.

3.2 身分驗證。 當用戶在我們的網站上註冊時,我們使用許多方法來驗證其身分。然而,因為在網上進行用戶驗證不易,Capital Confirmation對每位用戶所聲稱的身分無法也不進行確認。因此,我們建立了一個用戶啟動的溝通系統,以協助您評估您的交易對象。我們鼓勵您透過我們網站上所提供的工具直接與個別方進行溝通。

3.3 免責。 基於我們是個場所,如果您與一位或多位用戶發生爭議時,您將免除Capital Confirmation(和我們的主管、董事、代理人、子公司、合資公司以及員工)對因此而產生或以任何方式與這類爭議相關的每種已知和未知性質、可疑和未料及、已披露和未披露的求償、要求及損失(實際及衍生)的責任。 If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”

3.4 資訊掌控。 我們無法掌控由其他用戶透過我們的系統所提供的資訊。您可能會發現其他用戶的資訊並不正確。使用我們的網站時,請務必謹慎,並且運用判斷力及安全措施。

3.5 客戶服務與支持。 Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M. Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

4. Authorizing, Requesting and Purchasing.
透過授權、請求及購買詢證函,即表示您同意接受本協議的條件約束。請求不得撤銷。如果您選擇授權、請求或購買詢證函,您即證明您擁有合法權利可授權、請求或購買此類詢證函。

5. Address Lookup.
Capital Confirmation自公共及私人資料來源提供地址查找資料。本系統所用的公共記錄、私人記錄及商用提供的資料來源有錯誤且不完整。資料有時輸入有誤且未經正確處理。本系統不該被視為絕對正確。在依賴本系統提供的任何資料前,應個別予以驗證。

6. Out-of-Network Confirmations.
The Out-of-Network confirmation service requires the requestor to enter the contact information for the responder and the responder’s company.因為您作為請求者,您決定網外詢證函要發送給哪個實體的哪位人員,因此也決定回應方是哪個實體的哪位人員,而您同意對於確認及驗證個人回應方身分及其所聲稱代表的公司負唯一全責。您了解Capital Confirmation未曾也將不會驗證回應方或其所聲稱代表的公司的身分。 You release and hold harmless Capital Confirmation from any and all claims related to the responder’s identity and/or the identity of the company the responder claims to represent if you request confirmations through www.confirmation.com using the Out-of-Network confirmation service.

7. Fraud.
如果我們懷疑您(因定罪、和解、保險調查或其他原因)涉及在Capital Confirmation網站上進行欺詐活動,我們得暫停或終止您的帳戶,並且不限任何其他的補救措施。

8. Your Information.
8.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature.對於「您的資料」,您必須承擔全部責任,我們僅是「您的資料」的網上傳播及發佈的被動管道。

8.2 限制活動。 Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers.此外,您不得授權或請求本網站的詢證函(或以使用我們的服務作為開始所完成的任何交易),如果透過授權或支付我們使用費或成交費可造成我們違反任何適用法律、法令、條例或法規。

8.3 許可證。 在僅讓Capital Confirmation使用您提供給我們的資料而避免我們違反任何您在該資料中所擁有的權利之下,您同意授予我們關於「您的資料」在任何已知或目前未知媒體之非專屬、全球性、永久、不可撤銷、免權利金、可再授權(透過多種層級)權利以執行您在「您的資料」中所擁有的版權、宣傳及資料庫權利(但是沒有其他權利)。Capital Confirmation將僅根據我們的私隱聲明來使用「您的資料」。

9. Ownership of Intellectual Property.
Capital Confirmation得擁有和保有關於此項服務或因本協議中所述關係而產生的所有知識產權之權利、所有權及利益。「知識產權」意指所有想法、發現、發明、開發、設計、改進、商標、服務標記、商業機密、專有資訊、計劃、原始代碼、目標代碼、專利申請、專利、版權(在其期間內,包括其延續、展期及繼承)、可有版權的作品以及與之相關的商譽,包括增強、改善及衍生的作品(無論是現存或以後產生者)。 You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation's expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation.身為我們服務的註冊用戶,您同意在您最後登錄日起算的兩(2)年期間,不會提供或協助他人提供與Capital Confirmation所提供服務有任何競爭性質的服務。 Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

9.1 許可證。 You agree to grant us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable (through multiple tiers) right to use your company name, registered trademark, word mark, service mark, and logo in correspondence with Clients and Users related to the Service.

10. Access and Interference.
您同意,在未取得我們的書面許可前,不會使用任何機器人、網絡蜘蛛或其他自動裝置或以人為方式監督或複製我們的網頁或其內容。 You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part.您同意,您不會使用任何裝置、軟件或常規程序來迴避我們的安全功能,或干擾或嘗試干擾Capital Confirmation網站的正常運作或我們網站上所進行的任何活動。您同意,您不會採取任何行動來造成我們基礎結構不合理或不成比例的超負荷。我們網站上的許多資訊皆為實時更新,並且專屬於Capital Confirmation或由我們的用戶或第三方授權使用。您同意,在未取得Capital Confirmation或相關第三方的書面許可前,您不會複製、重製、改變、修改、製作衍生作品或公開展示我們網站上的任何內容(「您的資料」除外)。 You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading. You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service. You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement. You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service. You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs. You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent. You shall not infringe on our licensors' intellectual property rights or those of any third party in relation to your use of our website or Service. We may make available to you certain Application Programming Interfaces (an "API" or "APIs") to achieve additional functionality for users, and provide capabilities or integrations that leverage one or more of our products or services available at www.confirmation.com or provided by our affiliates, which you may use where applicable, subject to our then current fees (if any) for such APIs. Unless previously authorized by us, or our affiliates, you must not automatically connect (whether through APIs or otherwise) any Service to other data, software, services or networks.

11. Breach.
Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

12. Electronic Communications; Identifiers and Passwords; Binding Effect.
您將使用SSL科技及2048-位元加密在互聯網上取得和傳輸資料給我們。 You must use Internet browsers that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will select and use an identification code (such as a "log-in ID") and a password.您應保護並且維護其識別碼及密碼的安全,且僅允許經授權的員工使用與服務有關的識別碼及密碼。我們及所有其他人員接到您以自己所選擇的識別碼及密碼傳輸過來的資料,皆有權在任何情況下皆相信以此方式傳輸過來的資訊為由您所為,且該項資訊在各方面皆為真實、正確及完整,其效力如同該項資料是透過有您書面簽署的書面格式傳輸的一樣有效。如果您認為您的識別碼及密碼已經遺失、遭竊或在任何方面遭到破壞,請立即致電1-866-325-72011通知我們。在我們有機會回應您的通知前,所有使用該識別碼及密碼收到的通訊將無效或無作用。

13. Privacy.
We do not sell or rent your personal information to third parties and only use your information as described in the Privacy Statement available at https://www.confirmation.com/legal-security-privacy/index.html. We take the protection of our users’ privacy seriously. We store and process your information on computers located in Ireland and the United States that are protected with security measures.

Customer Financial information residing within Confirmation.com's processing controls will be maintained and stored according to our security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com's control (e.g., data downloaded by a user or mailed confirmations).

If you object to your information being collected, used, transferred, or otherwise processed in this way, please do not use our services.

13.1 Data Protection Legislation. When using our Services or otherwise providing Personally Identifiable Information to us, you agree to comply with all applicable laws governing or relating to the processing of that Personally Identifiable Information (“Data Protection Laws”). “Personally Identifiable Information” shall mean any information relating to an identified or identifiable natural person whose information you provide to us and that we process as part of the Service or in connection with this Agreement. You confirm that any Personally Identifiable Information that has been provided by you has been collected and disclosed in accordance with Data Protection Laws. When using the Service, you shall not input, upload, maintain or disclose any irrelevant or unnecessary information about individuals.

13.2. Personal Data transferred outside of your home country. Without limiting the foregoing and for clarity, you agree that we may transfer your personal information outside of your home country to another country where the laws may not provide an equivalent level of protection and you confirm that we may so transfer any Personally Identifiable Information that has been provided by you.

Where the provision of Service by us to you involves any transfer of Personally Identifiable Information that has been provided by you outside of the European Economic Area or Switzerland (by way of direct or indirect transfer), the parties agree that the transfers will be done in accordance with Schedule 1 attached hereto. If any other Data Protection Laws require you and us to implement appropriate safeguards to legitimize the transfer of Personally Identifiable Information to a third country, you will let us know and we will negotiate in good faith to implement the required safeguards.

14. Client Authentication.
You certify that any and all subject(s) set up as your client(s) on the Confirmation.com service are authorized representatives of your client.

15. Authorization.
You certify that any confirmations requested are with the subject(s) prior written permission. You agree to keep the authorization on file for a minimum of 5 years.一般而言,此份書面許可即為客戶委任書。 You warrant that the release of the subject information will not result in a breach of any applicable Data Protection Laws.

16. Audit Rights.
Capital Confirmation may, from time to time, conduct various audits of your practices and procedures to determine your compliance with this Agreement. You will reasonably cooperate in all those audits. Capital Confirmation may conduct on-site and/or off-site audits of your facilities as Capital Confirmation determines during normal business hours, and upon reasonable notice.

17. No Warranty.
WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES, INCLUDING BUT NOT LIMITED TO ANY APIS, ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES OF ANY KIND. WE, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, INCLUDING THE WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES' RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. WE MAKE NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN. WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE. WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES. FOR THE AVOIDANACE OF ALL DOUBT, WE DO NOT WARRANT, NOR WILL BE RESPONSIBLE FOR, ANY PRODUCTS, SERVICES, FUNCTIONALITY, OR INTERFACES THAT ARE PROVIDED BY YOU OR ANY THIRD PARTY.

18. Liability Limit.
IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES, INCLUDING WITHOUT LIMITATION USE OF ANY APIS, OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE).用戶對於有關服務的衍生性、懲戒性、特殊性、附帶性或懲罰性損害賠償概不負責,即使已被知會有關此類損害賠償的可能性。

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR. THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.
在任何情況下,我們、我們的子公司、員工及供應商對於您或任何第三方的責任限於以下兩者間較少者:(A) 在發生該責任首日的前12個月期間,您支付給我們的費用金額,或 (B) $100。 NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY FAILURE OR NONPERFORMANCE OF ANY APIS PROVIDED BY CAPITAL CONFIRMATION SHALL BE FOR CAPITAL CONFIRMATION TO USE COMMERCIALLY REASONABLE EFFORTS TO ADJUST OR REPAIR THE NONPERFORMING APIS.

19. Fair Credit Reporting Disclosure.
The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. ("FCRA") and therefore, is not subject to the requirements or provisions of the FCRA. Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA. CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act. CCI makes no representations or warranties about such other User's compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

20. Indemnity.
You shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) your negligence or intentional conduct; (b) your breach of your obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by you, your vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable Data Protection Laws.

21. Confidentiality.
You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service. You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement. You acknowledge that details of the Service constitute our confidential information.

22. Legal Compliance.
You represents and warrants that you have read, understand and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA Freedom Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

You certify that you will use the service and the information received for no other purpose than is legally permissible. You understand that if the system is used improperly by company personnel, or if its access codes are made available to any unauthorized personnel due to carelessness on the part of you or any other, you may be held responsible for financial losses, fees or monetary charges that may be incurred and that its access privileges may be terminated. You will not obtain, retain, use, or provide access to the Service to an affiliate or any third party in a manner that may breach any applicable export control or economic sanctions laws and regulations for any jurisdiction, including the United States of America, the United Kingdom and the European Union and its Member States. You warrant that neither you, nor any affiliate to which you provide access to the Service, is affiliated with a specially designated or sanctioned entity under any of those laws and that, in any transaction relating to Confirmation or the Service, such transactions will not involve sanctioned parties, including without limitation through the use of bank accounts at banks that are sanctioned parties. Further, the parties represent and warrant that they have read, understand and shall comply with all applicable laws, regulations and judicial actions including, but not limited to, anti-bribery laws, anti-corruption laws, anti-slavery laws, anti-human trafficking, tax laws, any applicable law aimed at preventing the facilitation of criminal behavior.

23. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”)
本協議中的任何條款皆不對BBA或其人員因疏忽所造成的死亡或人身傷害的責任設限;欺詐或不實陳述;或根據英國法律,任何其他無法免除的責任,即使本協議的任何其他條款可能有不同的解釋。

You expressly acknowledge and agree that the BBA: (a) is not a part to this Agreement and is not involved in the design, supply or support of Capital Confirmation Inc’s services including the service promoted to UK banks as “BBA Confirmations”; (b) makes no representation or warranty that the services will be adequate or appropriate for you and its requirements and any BBA trademarks or logos present in marketing materials or other documents o not represent and endorsement of the service; (c) shall not be responsible for providing any of the services; and (d) shall have no liability to you whatsoever whether direct or indirect and whether in contact, tort (including negligence), misrepresentation or for any other reason in respect of any of the services provided under this agreement.

24. No Agency.
您與Capital Confirmation為獨立合同方,本協議無意建立也沒有建立代理關係、合夥關係、合資企業、員工-顧主關係或特許經營關係。

25. Notices.
除非另有明白說明,任何通知皆經由郵件寄至Capital Confirmation Inc. Attn: Legal Department 214 Centerview Drive, Suite 100, Brentwood, TN 37027 (如果是Capital Confirmation),或發送至您在註冊過程中提供的電郵地址(在您的情況下)。電郵發出後24小時即視為通知已送達,除非發送方接到通知謂該電郵地址無效。或者,我們可經由掛號信、預付郵資及要求回函收執等方式,將通知郵寄到註冊過程中提供給Capital Confirmation的地址。在這種情況下,在郵寄日期的3天後即視為通知已送達。

26. Arbitration.
任何與本協議或我們的服務有關或因此而產生的法律爭議或法律求償,應根據美國仲裁協會(American Arbitration Association)商業仲裁法規之具有約束力的仲裁予以解決,惟Capital Confirmation為收取費用及/或為了取得與Capital Confirmation網站經營、知識產權及服務相關的賠償或強制令所採取的法律訴訟除外。任何此類爭議或求償皆應以個別案件進行仲裁,不得與其他任何方之任何求償或爭議等仲裁案件合併進行。仲裁將在田納西州納許維爾執行;仲裁判決可由任何具有司法管轄權的法庭作出決定。您或Capital Confirmation皆可向田納西州納許維爾具有司法管轄權的法庭申請臨時或暫時性強制令,以便在仲裁尚未作出決定前保護您或Capital Confirmation的權利或財產。如果任何一方提出違反此條款的訴訟,另一方將可獲得最高達$1000.00的律師費用及花費補償。

27. Additional Terms.
以下政策為納入本協議的參考資料,為我們網站上所提供的具體服務提供額外條款及條件:

私隱聲明:
https://www.confirmation.com/legal-security-privacy/index.html.

Fee and Credit Policy:
https://www.confirmation.com/resources/uncategorized/fees-and-credit-policy/

每項政策皆會不時變更;在我們將變更公佈到我們網站上時即行生效,惟私隱聲明會有{[#0]}天的事前通知。此外,您同意在使用我們網站上的具體服務時,將遵守您透過我們網站所使用服務的任何不時公佈的適用政策或法規。所有這類公佈的政策或法規皆已納入本協議的參考資料。

You acknowledge and agree that: (a) members of Capital Confirmation's Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation's Group respectively may engage third-party sub-processors in connection with the provision of the Services. We do not guarantee and shall not be liable for the performance of any sub-processor or sub-contractor.

28. Governing Law.
This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles. You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

29. Assignment.
如果發生收購或併購,您同意本協議及所有合併協議將由Capital Confirmation自動指定給我們自行斟酌決定之第三方。 You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

30. General.
我們不保證能提供持續、無中斷或可安全存取的服務,且我們網站的經營可能會受到許多在我們掌控之外因素的干擾。如果本協議的任何條款被視為無效或無法執行,則這類條款應被排除,而其餘的條款仍應將繼續執行。標題僅供參考用途,並不定義、限制、詮釋或敘述該章節的範圍或限度。我們處理您或他人違約的失敗並不代表我們放棄處理後續或類似違約的權利。英語是Confirmation.com網站內容的官方語言。Confirmation.com使用第三方供應商讓英語能力有限的用戶可使用網站上的資訊。經過此自動程序所得之譯文不應視為絕對精確,尤其是有關技術和法律術語方面。此外,部分內含圖形、照片及便攜式文件格式(pdf)的檔案,無法透過此程序進行翻譯。對於透過此系統翻譯的任何資訊,Capital Confirmation Inc.不保證其正確性或可靠性,且對於因依賴該項資料之正確性或可靠性而造成之任何損失概不負責。雖然我們盡力維持譯文的準確性,但是部分譯文可能不正確。任何必須依賴本系統取得資訊的個人或實體必須自行承擔風險。本協議闡述貴我雙方就此主題的完整了解及同意。第2部分(費用及服務)關於積欠我們服務費用、3.3(免責)、8.3(許可證)、10(存取及干擾)、18(責任限制)、19(賠償)及23(仲裁)等,於本協議終止或過期後應持續有效。

31. Disclosures.
以下服務由Capital Confirmation Inc.提供,位於214 Centerview Drive, Suite 100, Brentwood, Tennessee 37027。我們服務的費用詳述於上述第2部分(費用及服務)。

32. Disputes.
您及Capital Confirmation之間關於我們服務的爭議可以郵寄方式向「客戶服務與支持」報告,地址:Capital Confirmation, Customer Support, 214 Centerview Drive, Suite 100, Brentwood, TN 37027。關於所有用戶之間的爭議,我們建議您向當地執法機構、郵政管理局局長,或有照的調解人或仲裁機構報告。

33. Your Acceptance of this User Agreement.
You evidence your acceptance of this User Agreement by clicking on "Accept User Agreement and Add Account" button on the Capital Confirmation website or by using the Confirmation.com service.此項接受等同於您在含有本用戶協議條款及條件的書面文件上書面簽署的法律效力。

表1
歐洲的資料傳輸

We process Personally Identifiable Information outside of the European Economic Area (EEA) and Switzerland including in third countries which may not be recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, such as in the United States.

Capital Confirmation will enter into the Standard Contractual Clauses approved by the European Commission to legitimize the transfers of Personally Identifiable Information outside of the EEA and/or Switzerland to an inadequate third country. If we are required to enter into the Standard Contractual Clauses to legitimize the transfer of Personally Identifiable Information outside of the EEA and/or Switzerland, then the parties hereby agree to the Standard Contractual Clauses set forth in Attachment 1 (for those cases where we act as a processor with respect to personal data) below, and you evidence your acceptance of the Standard Contractual Clauses by clicking on "Accept User Agreement and Add Account" button on the Capital Confirmation website or by using the Confirmation.com service.

Notwithstanding the foregoing, if the Standard Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personally Identifiable Information outside of the EEA to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer agreements), then you shall procure the appropriate consent of any data subject whose Personally Identifiable Information is transferred to us to enable us to transfer that Personally Identifiable Information to the United States (or such other third country).

Attachment 1: Standard Contractual Clauses (Processor)

For the transfer of personal data outside of the EEA and/or Switzerland to processors established in third countries which do not ensure an adequate level of data protection, the data exporter and the data importer have agreed on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Notwithstanding the foregoing, if the following Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personal Data outside of the EEA and/or Switzerland to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer Clauses), you shall procure the appropriate consent of any data subject whose Personal Data is transferred to us to enable the Parties to transfer that Personal Data to the United States (or such other third country).

Clause 1
Definitions

For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the party who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2
Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3
Third-party beneficiary clause

(a) The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

(b) The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

(c) The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

(d) The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4
Obligations of the data exporter

The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5
Obligations of the data importer

The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(e) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
i. any accidental or unauthorised access; and
ii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
iii. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority. The data importer has included the security requirements detailed in Appendix 2 at the request of the data exporter, and the data exporter agrees that such security requirements and the audit obligations and rights under the Master Agreement will be deemed to fully satisfy the audit rights granted to the data exporter under Clauses 5(f) and 12.2;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent (whether under or in connection with the Master Agreement or otherwise);

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;

(j) to send promptly, on request, a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6
負債

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
a. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7
Mediation and jurisdiction

(a) The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(b) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(c) to refer the dispute to the courts in the Member State in which the data exporter is established.

(d) The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8
Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9
Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10
Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11
Sub-processing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.

2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12
Obligation after the termination of personal data-processing services

1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data exporter:
Name (written out in full):
Position:
地址:
Other information necessary in order for the contract to be binding (if any): (stamp of organisation)
簽署

On behalf of the data importer:
Capital Confirmation, Inc.
Name (written out in full): Diana Flanders
Position: VP, Business Integrations
Address: Capital Confirmation, Inc. 214 Centerview Drive, Suite 100, Brentwood, TN 37027
Other information necessary in order for the contract to be binding (if any): N/A
簽署

Appendix 1
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

The data exporter will export the personal data contained in the client's documentation to the responders via the Confirmation.com platform. Exported data will concern personal data of data exporter's employees with access given to the online platform handled by the data importer. Also, data exporter's client data for the purposes of forwarding data exporter's audit requests to responders by the data importer.

Data importer

The data importer is (please specify briefly activities relevant to the transfer):
Capital Confirmation Inc.

The data importer provides an online venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users. Processed data will concern data exporter's employees for which accounts in the platform handled by the data importer will be created. Also, data exporter's client data for the purposes of forwarding data exporter's audit requests to responders by the data importer.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Data exporter’s employees and personal data of data exporter’s client’s representatives and other subjects mentioned in the documentation, which is sent to the responder

Categories of data

The personal data transferred concern the following categories of data (please specify):

The categories of data are: names, surnames, addresses, account numbers, financial information, PESEL number and other personal data of the subjects mentioned in the documentation sent to the responder. Employees, partners, principals, directors, former employees, former partners, former principals, former directors, new hires, individual contractors and temporary staff of the data exporter, as well as applicants, dependants, contractors / subcontractors, clients, suppliers/vendors of the data exporter

Special categories of data (if appropriate)

Not applicable

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The platform Confirmation.com is internet-based system, that allows the data exporter to send documentation to auditors for the needs of the audit. The documentation will be encrypted by the data importer while uploading it to the platform, so the data importer should not get access to the contents of the documentation and personal data contained in the documentation beyond the scope necessary to perform the encryption process.

DATA EXPORTER
姓名:
授權的簽名

DATA IMPORTER
Capital Confirmation Inc.
Name: Diana Flanders
授權的簽名

Appendix 2
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Data Importer has implemented the technical and organisation security measures set out in the Agreements and incorporated herein by reference.

DATA EXPORTER
姓名:
授權的簽名
Capital Confirmation Inc.
Name: Diana Flanders
授權的簽名

For Responders of Confirmations

用戶協議

以下內容為用戶使用CAPITAL CONFIRMATION INC.所提供服務的使用條款說明。

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domains and sub-domains of www.confirmation.com, and learn.confirmation.com ("Confirmation Website(s)") owned and operated by Capital Confirmation, and the general principles for the websites of our subsidiaries.如果您不同意遵守本協議的條款及條件,請勿使用或存取我們的服務。 You evidence your acceptance of the terms and conditions of this Agreement through your use of any of the Confirmation.com services (aka "Confirm" service).

如果您有任何疑問,請發送電郵到customer.support@confirmation.com。

在您成為Capital Confirmation的會員前,您必須先閱讀、同意並且接受本《用戶協議》及《私隱聲明》中的所有條款及條件,其中包括以下所明確陳述的條款及條件以及這些已納入的參考資料。我們極力建議您在閱讀此份《用戶協議》時,也同時閱讀本文件中所參考的其他頁面及網站的資訊,因為這些資訊可包含適用於Capital Confirmation用戶的其他條款及條件。 Please note: underlined words and phrases are links to these pages and websites.透過同意本《用戶協議》,即表示您也同意在使用其他Capital Confirmation網站時,將遵守這些網站的條款及條件。

我們可隨時透過在我們的網站上公佈修改後的條款以示我們對本協議的修改。 Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site.您將不會收到關於本協議中任何變更的書面通知或電郵通知。本協議不得修改,除非經過您及Capital Confirmation Inc.的書面簽署。本協議自1年2003月{[#2]}日起生效。

1. Membership Eligibility.
我們的服務僅提供給根據適用法律可簽署有法律約束力合約的個人。在不限於前述內容的情況下,我們的服務不提供給未成年人或遭到暫時或永久停用的Capital Confirmation會員。如果您未成年,您不得使用本服務。如果您不符合資格,請勿使用我們的服務。此外,Capital Confirmation帳戶(包括反饋)及用戶ID皆不得轉讓或出售給他方。如果您以商業實體身分註冊,即表示您有權代表該實體接受本協議的約束。如果您以個人身分註冊,即表示您是自己所聲稱的本人。

2. Fees and Service.
Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users (the "Service").加入並且使用我們的服務以回應審計詢證函為免費。我們政策的變更在我們將變更公佈於本協議,並且在提供您至少14天有關變更的通知後即行生效。當我們推出一項新服務時,該項服務的費用於推出時即行生效。 The Service also includes the provision of ancillary services deemed reasonably necessary by Capital Confirmation to run a venue for digital transaction management, including but not limited to customer support, billing, and account management.

3. Capital Confirmation is a Venue.
3.1 Capital Confirmation並非會計師事務所或客戶用戶,我們也不是被授權的會計師事務所或客戶用戶代表。 我們的網站是個讓用戶可回應審計詢證函的場所。 We are not involved in the actual transaction between users of and providers of the confirmation information.因此,我們對於請求及回應的品質、正確性、時效性或合法性,或請求及回應的真偽或正確性皆無法掌控。

3.2 身分驗證。 當用戶在我們的網站上註冊時,我們使用許多方法來驗證其身分。然而,因為在網上進行用戶驗證不易,Capital Confirmation對每位用戶所聲稱的身分無法也不進行確認。因此,我們建立了一個用戶啟動的溝通系統,以協助您評估您的交易對象。我們鼓勵您透過我們網站上所提供的工具直接與個別方進行溝通。

3.3 免責。 基於我們是個場所,如果您與一位或多位用戶發生爭議時,您將免除Capital Confirmation(和我們的主管、董事、代理人、子公司、合資公司以及員工)對因此而產生或以任何方式與這類爭議相關的每種已知和未知性質、可疑和未料及、已披露和未披露的求償、要求及損失(實際及衍生)的責任。 If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”

3.4 資訊掌控。 我們無法掌控由其他用戶透過我們的系統所提供的資訊。您可能會發現其他用戶的資訊並不正確。使用我們的網站時,請務必謹慎,並且運用判斷力及安全措施。

3.5 客戶服務與支持。 Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M. Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

4. Responding.
透過回應詢證函請求,即表示您同意接受本協議的條件約束。回應不得撤銷。如果您選擇回應詢證函,您即證明您擁有合法權利可代表您聲稱您可代表並為其工作的公司來提出回應;如果您以個人身分回應,您即證明您是自己所聲稱的本人。

5. Fraud.
如果我們懷疑您(因定罪、和解、保險調查或其他原因)涉及在Capital Confirmation網站上進行欺詐活動,我們得暫停或終止您的帳戶,並且不限任何其他的補救措施。

6. Your Information.
6.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature.對於「您的資料」,您必須承擔全部責任,我們僅是「您的資料」的網上傳播及發佈的被動管道。

6.2 Restricted Activities. Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers.此外,您不得授權和回應本網站的任何詢證函(或以使用我們的服務作為開始所完成的任何交易),如果透過授權和支付我們使用費或成交費可造成我們違反任何適用法律、法令、條例或法規。

6.3 許可證。 在僅讓Capital Confirmation使用您提供給我們的資料而避免我們違反任何您在該資料中所擁有的權利之下,您同意授予我們關於「您的資料」在任何已知或目前未知媒體之非專屬、全球性、永久、不可撤銷、免權利金、可再授權(透過多種層級)權利以執行您在「您的資料」中所擁有的版權、宣傳及資料庫權利(但是沒有其他權利)。Capital Confirmation將僅根據我們的私隱聲明來使用「您的資料」。

7. Ownership of Intellectual Property.
Capital Confirmation得擁有和保有關於此項服務或因本協議中所述關係而產生的所有知識產權之權利、所有權及利益。「知識產權」意指所有想法、發現、發明、開發、設計、改進、商標、服務標記、商業機密、專有資訊、計劃、原始代碼、目標代碼、專利申請、專利、版權(在其期間內,包括其延續、展期及繼承)、可有版權的作品以及與之相關的商譽,包括增強、改善及衍生的作品(無論是現存或以後產生者)。 You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation's expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation.身為我們服務的註冊用戶,您同意在您最後登錄日起算的兩(2)年期間,不會提供或協助他人提供與Capital Confirmation所提供服務有任何競爭性質的服務。 Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

8. Access and Interference.
您同意,在未取得我們的書面許可前,不會使用任何機器人、網絡蜘蛛或其他自動裝置或以人為方式監督或複製我們的網頁或其內容。 You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part.您同意,您不會使用任何裝置、軟件或常規程序來迴避我們的安全功能,或干擾或嘗試干擾Capital Confirmation網站的正常運作或我們網站上所進行的任何活動。您同意,您不會採取任何行動來造成我們基礎結構不合理或不成比例的超負荷。我們網站上的許多資訊皆為實時更新,並且專屬於Capital Confirmation或由我們的用戶或第三方授權使用。您同意,在未取得Capital Confirmation或相關第三方的書面許可前,您不會複製、重製、改變、修改、製作衍生作品或公開展示我們網站上的任何內容(「您的資料」除外)。 You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading. You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service. You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement. You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service. You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs. You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent. You shall not infringe on our licensors' intellectual property rights or those of any third party in relation to your use of our website or Service. We may make available to you certain Application Programming Interfaces (an "API" or "APIs") to achieve additional functionality for users, and provide capabilities or integrations that leverage one or more of our products or services available at www.confirmation.com or provided by our affiliates, which you may use where applicable, subject to our then current fees (if any) for such APIs. Unless previously authorized by us, or our affiliates, you must not automatically connect (whether through APIs or otherwise) any Service to other data, software, services or networks.

9. Breach.
Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

10. Electronic Communications; Identifiers and Passwords; Binding Effect.
您將使用SSL科技及2048-位元加密在互聯網上取得和傳輸資料給我們。 You must use Internet browsers that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will either select and use an identification code (such as a "log-in ID") and a password or will be prompted to click a link to log-in. You shall protect and safeguard identification codes, passwords, log-in links/emails, and shall only permit authorized employees or yourself to use the identification code and password, or to click the log-in link, in connection with the service.我們及所有其他人員接到您以自己所選擇的識別碼及密碼,或登錄鏈接/電郵傳輸過來的資料,皆有權在任何情況下皆相信以此方式傳輸過來的資訊為由您所為,且該項資訊在各方面皆為真實、正確及完整,其效力如同該項資料是透過有您書面簽署的書面格式傳輸的一樣有效。如果您認為您的識別碼及密碼已經遺失、遭竊或在任何方面遭到破壞,請立即致電1-866-325-7201通知我們。在我們有機會回應您的通知前,所有使用該識別碼及密碼收到的通訊將無效或無作用。

11. Privacy.
We do not sell or rent your personal information to third parties and only use your information as described in the Privacy Statement available at https://www.confirmation.com/legal-security-privacy/index.html. We take the protection of our users' privacy seriously. We store and process your information on computers located in Ireland and the United States that are protected with security measures.

Customer Financial information residing within Confirmation.com's processing controls will be maintained and stored according to our security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com's control (e.g., data downloaded by a user or mailed confirmations).

If you object to your information being collected, used, transferred, or otherwise processed in this way, please do not use our services.

11.1 Data Protection Legislation. When using our Services or otherwise providing Personally Identifiable Information to us, you agree to comply with all applicable laws governing or relating to the processing of that Personally Identifiable Information (“Data Protection Laws”). “Personally Identifiable Information” shall mean any information relating to an identified or identifiable natural person whose information you provide to us and that we process as part of the Service or in connection with this Agreement. You confirm that any Personally Identifiable Information that has been provided by you has been collected and disclosed in accordance with Data Protection Laws. When using the Service, you shall not input, upload, maintain or disclose any irrelevant or unnecessary information about individuals.

11.2 Personal Data transferred outside of your home country. Without limiting the foregoing and for clarity, you agree that we may transfer your personal information outside of your home country to another country where the laws may not provide an equivalent level of protection and you confirm that we may so transfer any Personally Identifiable Information that has been provided by you.

Where the provision of Service by us to you involves any transfer of Personally Identifiable Information that has been provided by you outside of the European Economic Area or Switzerland (by way of direct or indirect transfer), the parties agree that the transfers will be done in accordance with Schedule 1 attached hereto. If any other Data Protection Laws require you and us to implement appropriate safeguards to legitimize the transfer of Personally Identifiable Information to a third country, you will let us know and we will negotiate in good faith to implement the required safeguards.

12. Supervisor, Secretary, Coordinator and Clerk Authentication.
You certifies that any and all subject(s) set up as your supervisor(s), secretary(s), coordinator(s) and/or clerk(s) on the Confirm service are your authorized and employed representatives of the .

13. Audit Rights.
Capital Confirmation may, from time to time, conduct various audits of your practices and procedures to determine your compliance with this Agreement. You will reasonably cooperate in all those audits. Capital Confirmation may conduct on-site and/or off-site audits of your facilities as Capital Confirmation determines during normal business hours, and upon reasonable notice.

14. No Warranty.
WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES, INCLUDING BUT NOT LIMITED TO ANY APIS, ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES OF ANY KIND. WE, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, INCLUDING THE WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES' RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. WE MAKE NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN. WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE. WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES. FOR THE AVOIDANACE OF ALL DOUBT, WE DO NOT WARRANT, NOR WILL BE RESPONSIBLE FOR, ANY PRODUCTS, SERVICES, FUNCTIONALITY, OR INTERFACES THAT ARE PROVIDED BY YOU OR ANY THIRD PARTY.

15. Liability Limit.
IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES, INCLUDING WITHOUT LIMITATION USE OF ANY APIS, OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE).用戶對於有關服務的衍生性、懲戒性、特殊性、附帶性或懲罰性損害賠償概不負責,即使已被知會有關此類損害賠償的可能性。

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR. THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.

在任何情況下,我們、我們的子公司、員工及供應商對於您或任何第三方的責任限於以下兩者間較高者:(A) 在發生該責任首日的前12個月期間,您支付給我們的費用金額,及 (B) $100。 NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY FAILURE OR NONPERFORMANCE OF ANY APIS PROVIDED BY CAPITAL CONFIRMATION SHALL BE FOR CAPITAL CONFIRMATION TO USE COMMERCIALLY REASONABLE EFFORTS TO ADJUST OR REPAIR THE NONPERFORMING APIS.

16. Fair Credit Reporting Disclosure.
The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. ("FCRA") and therefore, is not subject to the requirements or provisions of the FCRA. Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA. CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act. CCI makes no representations or warranties about such other User's compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

17. Indemnity.
You shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) your negligence or intentional conduct; (b) your breach of its obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by you, your vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable data protection legislation.

18. Confidentiality.
You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service. You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement. You acknowledge that details of the Service constitute our confidential information.

19. Legal Compliance.
You represents and warrants that it has read, understands and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA Freedom Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

You certify that you will use the service and the information received for no other purpose than is legally permissible. You understand that if the system is used improperly by your personnel, or if its access codes are made available to any unauthorized personnel due to carelessness on your part or any other, you may be held responsible for financial losses, fees or monetary charges that may be incurred and that its access privileges may be terminated. You will not obtain, retain, use, or provide access to the Service to an affiliate or any third party in a manner that may breach any applicable export control or economic sanctions laws and regulations for any jurisdiction, including the United States of America, the United Kingdom and the European Union and its Member States. You warrant that neither you, nor any affiliate to which you provide access to the Service, is affiliated with a specially designated or sanctioned entity under any of those laws and that, in any transaction relating to Confirmation or the Service, such transactions will not involve sanctioned parties, including without limitation through the use of bank accounts at banks that are sanctioned parties. Further, the parties represent and warrant that they have read, understand and shall comply with all applicable laws, regulations and judicial actions including, but not limited to, anti-bribery laws, anti-corruption laws, anti-slavery laws, anti-human trafficking, tax laws, any applicable law aimed at preventing the facilitation of criminal behavior.

20. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”)
本協議中的任何條款皆不對BBA或其人員因疏忽所造成的死亡或人身傷害的責任設限;欺詐或不實陳述;或根據英國法律,任何其他無法免除的責任,即使本協議的任何其他條款可能有不同的解釋。

You expressly acknowledge and agree that the BBA: (a) is not a party to this Agreement and is not involved in the design, supply or support of Capital Confirmation Inc’s services including the service promoted to UK banks as “BBA Confirmations”; (b) makes no representation or warranty that the services will be adequate or appropriate for you and its requirements and any BBA trademarks or logos present in marketing materials or other documents do not represent an endorsement of the service; (c) shall not be responsible for providing any of the services; and (d) shall have no liability to you whatsoever whether direct or indirect and whether in contact, tort (including negligence), misrepresentation or for any other reason in respect of any of the services provided under this agreement.

21. No Agency.
您與Capital Confirmation為獨立合同方,本協議無意建立也沒有建立代理關係、合夥關係、合資企業、員工-顧主關係或特許經營關係。

22. Notices.
除非另有明白說明,任何通知皆經由郵件寄至Capital Confirmation Inc. Attn: Legal Department 214 Centerview Drive, Suite 100, Brentwood, TN 37027 (如果是Capital Confirmation),或發送至您在註冊過程中提供的電郵地址(在您的情況下)。電郵發出後24小時即視為通知已送達,除非發送方接到通知謂該電郵地址無效。或者,我們可經由掛號信、預付郵資及要求回函收執等方式,將通知郵寄到註冊過程中提供給Capital Confirmation的地址。在這種情況下,在郵寄日期的3天後即視為通知已送達。

23. Arbitration.
任何與本協議或我們的服務有關或因此而產生的法律爭議或法律求償,應根據美國仲裁協會(American Arbitration Association)商業仲裁法規之具有約束力的仲裁予以解決,惟Capital Confirmation為收取費用及/或為了取得與Capital Confirmation網站經營、知識產權及服務相關的賠償或強制令所採取的法律訴訟除外。任何此類爭議或求償皆應以個別案件進行仲裁,不得與其他任何方之任何求償或爭議等仲裁案件合併進行。仲裁將在田納西州納許維爾執行;仲裁判決可由任何具有司法管轄權的法庭作出決定。您或Capital Confirmation皆可向田納西州納許維爾具有司法管轄權的法庭申請臨時或暫時性強制令,以便在仲裁尚未作出決定前保護您或Capital Confirmation的權利或財產。如果任何一方提出違反此條款的訴訟,另一方將可獲得最高達$1000.00的律師費用及花費補償。

24. Governing Law.
This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles. You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

25. Assignment.
如果發生收購或併購,您同意本協議及所有合併協議將由Capital Confirmation自動指定給我們自行斟酌決定之第三方。 You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

26. Additional Terms.
以下政策為納入本協議的參考資料,為我們網站上所提供的具體服務提供額外條款及條件:

私隱聲明:
https://www.confirmation.com/legal-security-privacy/index.html

每項政策皆會不時變更;在我們將變更公佈到我們網站上時即行生效,惟私隱聲明會有{[#0]}天的事前通知。此外,您同意在使用我們網站上的具體服務時,將遵守您透過我們網站所使用服務的任何不時公佈的適用政策或法規。所有這類公佈的政策或法規皆已納入本協議的參考資料。

You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

27. General.
我們不保證能提供持續、無中斷或可安全存取的服務,且我們網站的經營可能會受到許多在我們掌控之外因素的干擾。如果本協議的任何條款被視為無效或無法執行,則這類條款應被排除,而其餘的條款仍應將繼續執行。標題僅供參考用途,並不定義、限制、詮釋或敘述該章節的範圍或限度。我們處理您或他人違約的失敗並不代表我們放棄處理後續或類似違約的權利。英語是Confirmation.com網站內容的官方語言。Confirmation.com使用第三方供應商讓英語能力有限的用戶可使用網站上的資訊。經過此自動程序所得之譯文不應視為絕對精確,尤其是有關技術和法律術語方面。此外,部分內含圖形、照片及便攜式文件格式(pdf)的檔案,無法透過此程序進行翻譯。對於透過此系統翻譯的任何資訊,Capital Confirmation Inc.不保證其正確性或可靠性,且對於因依賴該項資料之正確性或可靠性而造成之任何損失概不負責。雖然我們盡力維持譯文的準確性,但是部分譯文可能不正確。任何必須依賴本系統取得資訊的個人或實體必須自行承擔風險。本協議闡述貴我雙方就此主題的完整了解及同意。第2部分(費用及服務)關於積欠我們服務費用、3.3(免責)、6.3(許可證)、8(存取及干擾)、15(責任限制)、16(賠償)及20(仲裁)等,於本協議終止或過期後應持續有效。

28. Disclosures.
以下服務由Capital Confirmation Inc.提供,位於214 Centerview Drive, Suite 100, Brentwood, Tennessee 37027。我們服務的費用詳述於上述第2部分(費用及服務)。

29. Disputes.
您及Capital Confirmation之間關於我們服務的爭議可以郵寄方式向「客戶服務與支持」報告,地址:Capital Confirmation, Customer Support, 214 Centerview Drive, Suite 100, Brentwood, TN 37027。關於所有用戶之間的爭議,我們建議您向當地執法機構、郵政管理局局長,或有照的調解人或仲裁機構報告。

30. Your Acceptance of this User Agreement.
透過使用Confirmation.com服務,即證明您接受本《用戶協議》。此項接受等同於您在含有本用戶協議條款及條件的書面文件上書面簽署的法律效力。

表1

EUROPEAN PERSONAL DATA TRANSFERS

We process Personally Identifiable Information outside of the European Economic Area (EEA) and Switzerland including in third countries which may not be recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, such as in the United States.

Capital Confirmation will enter into the Standard Contractual Clauses approved by the European Commission to legitimize the transfers of Personally Identifiable Information outside of the EEA and/or Switzerland to an inadequate third country.

If we are required to enter into the Standard Contractual Clauses to legitimize the transfer of Personally Identifiable Information outside of the EEA and/or Switzerland, then the parties hereby agree to the Standard Contractual Clauses set forth in Attachment 1 (for those cases where we act as a processor with respect to personal data) below, and you evidence your acceptance of the Standard Contractual Clauses by clicking on “Accept User Agreement and Add Account” button on the Capital Confirmation website or by using the Confirmation.com service.

Notwithstanding the foregoing, if the Standard Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personally Identifiable Information outside of the EEA to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer agreements), then you shall procure the appropriate consent of any data subject whose Personally Identifiable Information is transferred to us to enable us to transfer that Personally Identifiable Information to the United States (or such other third country).

Attachment 1: Standard Contractual Clauses (Processor)

For the transfer of personal data outside of the EEA and/or Switzerland to processors established in third countries which do not ensure an adequate level of data protection, the data exporter and the data importer have agreed on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Notwithstanding the foregoing, if the following Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personal Data outside of the EEA and/or Switzerland to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer Clauses), you shall procure the appropriate consent of any data subject whose Personal Data is transferred to us to enable the Parties to transfer that Personal Data to the United States (or such other third country).

Clause 1
Definitions

For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter’ means the party who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2
Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3
Third-party beneficiary clause

(a) The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
(b) The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
(c) The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
(d) The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4
Obligations of the data exporter

The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5
Obligations of the data importer

The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(e) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
i. any accidental or unauthorised access; and
ii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
iii. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority. The data importer has included the security requirements detailed in Appendix 2 at the request of the data exporter, and the data exporter agrees that such security requirements and the audit obligations and rights under the Master Agreement will be deemed to fully satisfy the audit rights granted to the data exporter under Clauses 5(f) and 12.2;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent (whether under or in connection with the Master Agreement or otherwise);
(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;
(j) to send promptly, on request, a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6
負債

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
a. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7
Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
2. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
3. to refer the dispute to the courts in the Member State in which the data exporter is established.
4. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8
Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9
Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10
Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11
Sub-processing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.
2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12
Obligation after the termination of personal data-processing services

1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data exporter:
Name (written out in full): [Insert name of the authorised signatory]
Position: [Insert position of the authorised signatory]
地址:
Other information necessary in order for the contract to be binding (if any): (stamp of organisation)
簽署

On behalf of the data importer:
Capital Confirmation, Inc.
Name (written out in full): Diana Flanders
Position: VP, Business Integrations
Address: Capital Confirmation, Inc. 214 Centerview Drive, Suite 100, Brentwood, TN 37027
Other information necessary in order for the contract to be binding (if any): N/A
簽署

Appendix 1
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

The data exporter will export the personal data contained in the client's documentation to the requestors via the Confirmation.com platform. Exported data will concern personal data of data exporter's employees with access given to the online platform handled by the data importer. Also, data exporter's customers data for the purposes of forwarding data exporter's audits to requestors by the Importer.

Data importer

The data importer is (please specify briefly activities relevant to the transfer):

Capital Confirmation Inc.

The data importer provides an online venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users. Processed data will concern data exporter's employees for which accounts in the platform handled by the data importer will be created. Also, data exporter's customers data for the purposes of forwarding data exporters confirmations to requestors by the data importer.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Data exporter’s employees and personal data of data exporter’s client’s representatives and other subjects mentioned in the documentation, which is sent to the requestor

Categories of data

The personal data transferred concern the following categories of data (please specify):
-names, surnames, names of authorized representatives of the data exporter’s clients
-including but not limited to: names, surnames, addresses, account numbers, financial information, PESEL number and other personal data of the subjects mentioned in the documentation sent to the requestor.

Special categories of data (if appropriate)

Not applicable

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The platform Confirmation.com is internet-based system, that allows the data exporter to send documentation to auditors for the needs of the audit. The documentation will be encrypted by the data importer while uploading it to the platform, so the data importer should not get access to the contents of the documentation and personal data contained in the documentation beyond the scope necessary to perform the encryption process.

DATA EXPORTER
姓名:
授權的簽名

DATA IMPORTER
Capital Confirmation, Inc.
Name: Diana Flanders
授權的簽名

Appendix 2
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Data Importer has implemented the technical and organisation security measures set out in the Agreements and incorporated herein by reference.

DATA EXPORTER
姓名:
授權的簽名
Capital Confirmation Inc.
Name: Diana Flanders
授權的簽名

For Clients

用戶協議

以下內容為用戶使用CAPITAL CONFIRMATION INC.所提供服務的使用條款說明。

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domains and sub-domains of www.confirmation.com, and learn.confirmation.com ("Confirmation Website(s)") owned and operated by Capital Confirmation, and the general principles for the websites of our subsidiaries.如果您不同意遵守本協議的條款及條件,請勿使用或存取我們的服務。 You evidence your acceptance of the terms and conditions of this Agreement through your use of any of the Confirmation.com services (aka "Confirm™" service).

If you have any questions, please email us at customer.support@confirmation.com.

您必須閱讀、同意並且接受本《用戶協議》及《私隱聲明》中的所有條款及條件,其中包括以下所明確陳述的條款及條件以及這些已納入的參考資料,否則請勿使用我們的服務。我們極力建議您在閱讀此份《用戶協議》時,也同時閱讀本文件中所參考的其他頁面及網站的資訊,因為這些資訊可包含適用於Capital Confirmation用戶的其他條款及條件。 Please note: underlined words and phrases are links to these pages and websites.透過同意本《用戶協議》,即表示您也同意在使用其他Capital Confirmation網站時,將遵守這些網站的條款及條件。

我們可隨時透過在我們的網站上公佈修改後的條款以示我們對本協議的修改。 Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site.您將不會收到關於本協議中任何變更的書面通知或電郵通知。本協議不得修改,除非經過您及Capital Confirmation Inc.的書面簽署。本協議自1年2003月{[#2]}日起生效。

1. Membership Eligibility.

我們的服務僅提供給根據適用法律可簽署有法律約束力合約的個人。在不限於前述內容的情況下,我們的服務不提供給未成年人或遭到暫時或永久停用的Capital Confirmation會員。如果您未成年,您不得使用本服務。如果您不符合資格,請勿使用我們的服務。此外,Capital Confirmation帳戶(包括反饋)及用戶ID皆不得轉讓或出售給他方。如果您以商業實體身分註冊,即表示您有權代表該實體接受本協議的約束。如果您以個人身分註冊,即表示您是自己所聲稱的本人。

2. Fees and Service.

Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users (the "Service"). Joining and using our Service to respond to audit confirmations is free.我們可隨時自行斟酌決定變更我們部分或全部的服務。當我們推出一項新服務時,該項服務的費用於推出時即行生效。 The Service also includes the provision of ancillary services deemed reasonably necessary by Capital Confirmation to run a venue for digital transaction management, including but not limited to customer support, billing, and account management.

3. Capital Confirmation is a Venue.

3.1 Capital Confirmation並非銀行或律師事務所,我們也不是被授權的銀行或律師事務所代表。我們的網站是個讓用戶可隨時隨地用來請求和接收詢證函的場所。 We are not involved in the actual transaction between users of and providers of the confirmation information.因此,我們對於請求及回應的品質、正確性、時效性或合法性,或請求及回應的真偽或正確性皆無法掌控。 We also cannot ensure that a provider will actually complete a transaction.

3.2 身分驗證。 當用戶在我們的網站上註冊時,我們使用許多方法來驗證其身分。然而,因為在網上進行用戶驗證不易,Capital Confirmation對每位用戶所聲稱的身分無法也不進行確認。因此,我們建立了一個用戶啟動的溝通系統,以協助您評估您的交易對象。我們鼓勵您透過我們網站上所提供的工具直接與個別方進行溝通。

3.3 免責。 基於我們是個場所,如果您與一位或多位用戶發生爭議時,您將免除Capital Confirmation(和我們的主管、董事、代理人、子公司、合資公司以及員工)對因此而產生或以任何方式與這類爭議相關的每種已知和未知性質、可疑和未料及、已披露和未披露的求償、要求及損失(實際及衍生)的責任。 If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”

3.4 資訊掌控。 我們無法掌控由其他用戶透過我們的系統所提供的資訊。您可能會發現其他用戶的資訊並不正確。使用我們的網站時,請務必謹慎,並且運用判斷力及安全措施。

3.5 客戶服務與支持。Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

4. Authorizing and Requesting.

透過授權及/或請求詢證函,即表示您同意接受本協議的條件約束。授權及請求不得撤銷。如果您選擇授權及/或請求詢證函,您即證明您擁有合法權利可授權及/或請求及/或回應此類詢證函。

5. Address Lookup.

Capital Confirmation自公共及私人資料來源提供地址查找資料。本系統所用的公共記錄、私人記錄及商用提供的資料來源有錯誤且不完整。資料有時輸入有誤且未經正確處理。本系統不該被視為絕對正確。在依賴本系統提供的任何資料前,應個別予以驗證。

6. Fraud.

如果我們懷疑您(因定罪、和解、保險調查或其他原因)涉及在Capital Confirmation網站上進行欺詐活動,我們得暫停或終止您的帳戶,並且不限任何其他的補救措施。

7. Your Information.

 7.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature.對於「您的資料」,您必須承擔全部責任,我們僅是「您的資料」的網上傳播及發佈的被動管道。

7.2 限制活動。 Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers.此外,您不得授權或請求本網站的詢證函(或以使用我們的服務作為開始所完成的任何交易),如果透過授權或請求可造成我們違反任何適用法律、法令、條例或法規。

7.3 許可證。 在僅讓Capital Confirmation使用您提供給我們的資料而避免我們違反任何您在該資料中所擁有的權利之下,您同意授予我們關於「您的資料」在任何已知或目前未知媒體之非專屬、全球性、永久、不可撤銷、免權利金、可再授權(透過多種層級)權利以執行您在「您的資料」中所擁有的版權、宣傳及資料庫權利(但是沒有其他權利)。Capital Confirmation將僅根據我們的私隱聲明來使用「您的資料」。

8. Ownership of Intellectual Property.

Capital Confirmation得擁有和保有關於此項服務或因本協議中所述關係而產生的所有知識產權之權利、所有權及利益。「知識產權」意指所有想法、發現、發明、開發、設計、改進、商標、服務標記、商業機密、專有資訊、計劃、原始代碼、目標代碼、專利申請、專利、版權(在其期間內,包括其延續、展期及繼承)、可有版權的作品以及與之相關的商譽,包括增強、改善及衍生的作品(無論是現存或以後產生者)。 You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation's expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation.身為我們服務的註冊用戶,您同意在您最後登錄日起算的兩(2)年期間,不會提供或協助他人提供與Capital Confirmation所提供服務有任何競爭性質的服務。 Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

9. Access and Interference.

您同意,在未取得我們的書面許可前,不會使用任何機器人、網絡蜘蛛或其他自動裝置或以人為方式監督或複製我們的網頁或其內容。 You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part.您同意,您不會使用任何裝置、軟件或常規程序來迴避我們的安全功能,或干擾或嘗試干擾Capital Confirmation網站的正常運作或我們網站上所進行的任何活動。您同意,您不會採取任何行動來造成我們基礎結構不合理或不成比例的超負荷。我們網站上的許多資訊皆為實時更新,並且專屬於Capital Confirmation或由我們的用戶或第三方授權使用。您同意,在未取得Capital Confirmation或相關第三方的書面許可前,您不會複製、重製、改變、修改、製作衍生作品或公開展示我們網站上的任何內容(「您的資料」除外)。 You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading. You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service. You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement. You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service. You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs. You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent. You shall not infringe on our licensors' intellectual property rights or those of any third party in relation to your use of our website or Service. We may make available to you certain Application Programming Interfaces (an "API" or "APIs") to achieve additional functionality for users, and provide capabilities or integrations that leverage one or more of our products or services available at www.confirmation.com or provided by our affiliates, which you may use where applicable, subject to our then current fees (if any) for such APIs. Unless previously authorized by us, or our affiliates, you must not automatically connect (whether through APIs or otherwise) any Service to other data, software, services or networks.

10. Breach.
Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

11. Electronic Communications; Identifiers and Passwords; Binding Effect.

您將使用SSL科技及2048-位元加密在互聯網上取得和傳輸資料給我們。 You must use Internet browsers that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will select and use an identification code (such as a "log-in ID") and a password.您應保護並且維護其識別碼及密碼的安全,且僅允許經授權的員工使用與服務有關的識別碼及密碼。我們及所有其他人員接到您以自己所選擇的識別碼及密碼傳輸過來的資料,皆有權在任何情況下皆相信以此方式傳輸過來的資訊為由您所為,且該項資訊在各方面皆為真實、正確及完整,其效力如同該項資料是透過有您書面簽署的書面格式傳輸的一樣有效。如果您認為您的識別碼及密碼已經遺失、遭竊或在任何方面遭到破壞,請立即致電1-866-325-7201通知我們。在我們有機會回應您的通知前,所有使用該識別碼及密碼收到的通訊將無效或無作用。

12. Privacy.
We do not sell or rent your personal information to third parties and only use your information as described in the Privacy Statement available at https://www.confirmation.com/legal-security-privacy/index.html. We take the protection of our users’ privacy seriously. We store and process your information on computers located in Ireland and the United States that are protected with security measures.

Customer Financial information residing within Confirmation.com’s processing controls will be maintained and stored according to our security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com’s control (e.g., data downloaded by a user or mailed confirmations).

If you object to your information being collected, used, transferred, or otherwise processed in this way, please do not use our services.

12.1    Data Protection Legislation.  When using our Services or otherwise providing Personally Identifiable Information to us, you agree to comply with all applicable laws governing or relating to the processing of that Personally Identifiable Information (“Data Protection Laws”). “Personally Identifiable Information” shall mean any information relating to an identified or identifiable natural person whose information you provide to us and that we process as part of the Service or in connection with this Agreement. You confirm that any Personally Identifiable Information that has been provided by you has been collected and disclosed in accordance with Data Protection Laws. When using the Service, you shall not input, upload, maintain or disclose any irrelevant or unnecessary information about individuals.

12.2 Personal Data transferred outside of your home country.

Without limiting the foregoing and for clarity, you agree that we may transfer your personal information outside of your home country to another country where the laws may not provide an equivalent level of protection and you confirm that we may so transfer any Personally Identifiable Information that has been provided by you.

Where the provision of Service by the us to you involves any transfer of Personally Identifiable Information that has been provided by you outside of the European Economic Area or Switzerland (by way of direct or indirect transfer), the parties agree that the transfers will be done in accordance with Schedule 1 attached hereto. If any other Data Protection Laws require you and us to implement appropriate safeguards to legitimize the transfer of Personally Identifiable Information to a third country, you will let us know and we will negotiate in good faith to implement the required safeguards.

13. No Warranty.

WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES, INCLUDING BUT NOT LIMITED TO ANY APIS, ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES OF ANY KIND. WE, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIM ALL WARRANTIES, INCLUDING THE WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES' RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. WE MAKE NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN. WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE. WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES. FOR THE AVOIDANACE OF ALL DOUBT, WE DO NOT WARRANT, NOR WILL BE RESPONSIBLE FOR, ANY PRODUCTS, SERVICES, FUNCTIONALITY, OR INTERFACES THAT ARE PROVIDED BY YOU OR ANY THIRD PARTY.

14. Liability Limit.

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES, INCLUDING WITHOUT LIMITATION USE OF ANY APIS, OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE).用戶對於有關服務的衍生性、懲戒性、特殊性、附帶性或懲罰性損害賠償概不負責,即使已被知會有關此類損害賠償的可能性。

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR. THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.

在任何情況下,我們、我們的子公司、員工及供應商對於您或任何第三方的責任限於以下兩者間較高者:(A) 在發生該責任首日的前12個月期間,您支付給我們的費用金額,及 (B) $100。 NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY FAILURE OR NONPERFORMANCE OF ANY APIS PROVIDED BY CAPITAL CONFIRMATION SHALL BE FOR CAPITAL CONFIRMATION TO USE COMMERCIALLY REASONABLE EFFORTS TO ADJUST OR REPAIR THE NONPERFORMING APIS.

15. Fair Credit Reporting Disclosure.

The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. ("FCRA") and therefore, is not subject to the requirements or provisions of the FCRA. Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA. CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act. CCI makes no representations or warranties about such other User's compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

16. Indemnity.

You shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) Your negligence or intentional conduct; (b) Your breach of its obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by You, Your vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable data protection legislation.

17. Confidentiality.

You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service. You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement. You acknowledge that details of the Service constitute our confidential information.

18. Legal Compliance.

You represent and warrant that you have read, understand and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA Freedom Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

You certify that you will use the service and the information received for no other purpose than is legally permissible. You understand that if the system is used improperly by your personnel, or if your access codes are made available to any unauthorized personnel due to carelessness your part or any other, you may be held responsible for financial losses, fees or monetary charges that may be incurred and that your access privileges may be terminated. You will not obtain, retain, use, or provide access to the Service to an affiliate or any third party in a manner that may breach any applicable export control or economic sanctions laws and regulations for any jurisdiction, including the United States of America, the United Kingdom and the European Union and its Member States. You warrant that neither you, nor any affiliate to which you provide access to the Service, is affiliated with a specially designated or sanctioned entity under any of those laws and that, in any transaction relating to Confirmation or the Service, such transactions will not involve sanctioned parties, including without limitation through the use of bank accounts at banks that are sanctioned parties. Further, the parties represent and warrant that they have read, understand and shall comply with all applicable laws, regulations and judicial actions including, but not limited to, anti-bribery laws, anti-corruption laws, anti-slavery laws, anti-human trafficking, tax laws, any applicable law aimed at preventing the facilitation of criminal behavior.

19. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”).
本協議中的任何條款皆不對BBA或其人員因疏忽所造成的死亡或人身傷害的責任設限;欺詐或不實陳述;或根據英國法律,任何其他無法免除的責任,即使本協議的任何其他條款可能有不同的解釋。

You expressly acknowledge and agree that the BBA: (a) is not a part to this   Agreement and is not involved in the design, supply or support of Capital Confirmation Inc.’s services including the service promoted to UK banks as “BBA Confirmations”; (b) makes no representation or warranty that the services will be adequate or appropriate for you and its requirements and any BBA trademarks or    logos present in marketing materials or other documents do not represent an endorsement of the service; (c) shall not be responsible for providing any of the services; and (d) shall have no liability to you whatsoever whether direct or indirect and whether in contact, tort (including negligence), misrepresentation or for any other reason in respect of any of the services provided under this agreement.

20. No Agency.

您與Capital Confirmation為獨立合同方,本協議無意建立也沒有建立代理關係、合夥關係、合資企業、員工-顧主關係或特許經營關係。

21. Notices.
除非另有明白說明,任何通知皆經由郵件寄至Capital Confirmation Inc. Attn: Legal Department 100 Centerview Drive, Suite 37027, Brentwood, TN {[#2]} (如果是Capital Confirmation),或發送至您在註冊過程中提供的電郵地址(在您的情況下)。電郵發出後24小時即視為通知已送達,除非發送方接到通知謂該電郵地址無效。或者,我們可經由掛號信、預付郵資及要求回函收執等方式,將通知郵寄到註冊過程中提供給Capital Confirmation的地址。在這種情況下,在郵寄日期的3天後即視為通知已送達。

22. Arbitration.
任何與本協議或我們的服務有關或因此而產生的法律爭議或法律求償,應根據美國仲裁協會(American Arbitration Association)商業仲裁法規之具有約束力的仲裁予以解決,惟Capital Confirmation為取得與Capital Confirmation網站經營、知識產權及服務相關的賠償或強制令所採取的法律訴訟除外。任何此類爭議或求償皆應以個別案件進行仲裁,不得與其他任何方之任何求償或爭議等仲裁案件合併進行。仲裁將在田納西州納許維爾執行;仲裁判決可由任何具有司法管轄權的法庭作出決定。您或Capital Confirmation皆可向田納西州納許維爾具有司法管轄權的法庭申請臨時或暫時性強制令,以便在仲裁尚未作出決定前保護您或Capital Confirmation的權利或財產。如果任何一方提出違反此條款的訴訟,另一方將可獲得最高達$1000.00的律師費用及花費補償。

23. Additional Terms.
以下政策為納入本協議的參考資料,為我們網站上所提供的具體服務提供額外條款及條件:

私隱聲明:

https://www.confirmation.com/legal-security-privacy/index.html

每項政策皆會不時變更;在我們將變更公佈到我們網站上時即行生效,惟私隱聲明會有{[#0]}天的事前通知。此外,您同意在使用我們網站上的具體服務時,將遵守您透過我們網站所使用服務的任何不時公佈的適用政策或法規。所有這類公佈的政策或法規皆已納入本協議的參考資料。

You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

We do not guarantee and shall not be liable for the performance of any sub-processor or sub-contractor.

24. Governing Law.

This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles. You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

25. Assignment.

如果發生收購或併購,您同意本協議及所有合併協議將由Capital Confirmation自動指定給我們自行斟酌決定之第三方。 You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

26. General.

我們不保證能提供持續、無中斷或可安全存取的服務,且我們網站的經營可能會受到許多在我們掌控之外因素的干擾。如果本協議的任何條款被視為無效或無法執行,則這類條款應被排除,而其餘的條款仍應將繼續執行。標題僅供參考用途,並不定義、限制、詮釋或敘述該章節的範圍或限度。我們處理您或他人違約的失敗並不代表我們放棄處理後續或類似違約的權利。英語是Confirmation.com網站內容的官方語言。Confirmation.com使用第三方供應商讓英語能力有限的用戶可使用網站上的資訊。經過此自動程序所得之譯文不應視為絕對精確,尤其是有關技術和法律術語方面。此外,部分內含圖形、照片及便攜式文件格式(pdf)的檔案,無法透過此程序進行翻譯。對於透過此系統翻譯的任何資訊,Capital Confirmation Inc.不保證其正確性或可靠性,且對於因依賴該項資料之正確性或可靠性而造成之任何損失概不負責。雖然我們盡力維持譯文的準確性,但是部分譯文可能不正確。任何必須依賴本系統取得資訊的個人或實體必須自行承擔風險。本協議闡述貴我雙方就此主題的完整了解及同意。 Sections 2 (Fees and Service) with respect to fees owed for our services, 3.3 (Release), 7.3 (License), 9 (Access and Interference), 14 (Liability Limit), 15 (Indemnity) and 19 (Arbitration) shall survive any termination or expiration of this Agreement.

27. Disclosures.

以下服務由Capital Confirmation Inc.提供,位於214 Centerview Drive, Suite 100, Brentwood, Tennessee 37027。 Fees for our services are described above in Section 2 (Fees and Service).

28. Disputes.

您及Capital Confirmation之間關於我們服務的爭議可以郵寄方式向「客戶服務與支持」報告,地址:Capital Confirmation, Customer Support, Centerview Drive, Suite 100, Brentwood, TN 37027。關於所有用戶之間的爭議,我們建議您向當地執法機構、郵政管理局局長,或有照的調解人或仲裁機構報告。

29. Your Acceptance of this User Agreement.

透過使用Confirmation.com服務,即證明您接受本《用戶協議》。此項接受等同於您在含有本用戶協議條款及條件的書面文件上書面簽署的法律效力。

30. Release.

You have the right to and do certify and agree to the following:

    • I have read and agree to the User’s Agreement and all information provided.
    • I have the right to and do hereby authorize my financial institution, trade creditor, bank, trading partner, debtor and other business partners to use Capital Confirmation’s Confirmation.com service to respond to and release the requested information to my Accountant.
    • 本人也認知這些確認實體可因提供該資料而接受來自Capital Confirmation的財務報酬。

本人有權代表本人的公司,並且在此提出:

致我們的金融機構、交易債權人、銀行、貿易夥伴、債務人及其他商業夥伴:

我們已經將電子詢證函上截至營業日結束的請求日為止關於我們存款及借貸餘額的資料提供給我們的會計師。請確認資料是否準確,如有任何差異請指出。如果餘額欄位為空白,請在此電子表格之適當位置提供該項餘額。雖然我們不要求或期望您將您的記錄進行全面、詳盡搜尋,但是如果在填寫此詢證函的過程中,您注意到我們在您機構中還擁有其他存款及借貸帳戶,亦請您將該項資訊填入此電子表格中。請使用Capital Confirmation的Confirmation.com服務,將該電子詢證函直接送回給我們的會計師。

表1

European Data Transfers

We process Personally Identifiable Information outside of the European Economic Area (EEA) and Switzerland including in third countries which may not be recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, such as in the United States.

Capital Confirmation will enter into the Standard Contractual Clauses approved by the European Commission to legitimize the transfers of Personally Identifiable Information outside of the EEA and/or Switzerland to an inadequate third country.

If we are required to enter into the Standard Contractual Clauses to legitimize the transfer of Personally Identifiable Information outside of the EEA and/or Switzerland, then the parties hereby agree to the Standard Contractual Clauses set forth in Attachment 1 (for those cases where we act as a processor with respect to personal data) below, and you evidence your acceptance of the Standard Contractual Clauses by clicking on “Accept User Agreement and Add Account” button on the Capital Confirmation website or by using the Confirmation.com service.

Notwithstanding the foregoing, if the Standard Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personally Identifiable Information outside of the EEA to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer agreements), then you shall procure the appropriate consent of any data subject whose Personally Identifiable Information is transferred to us to enable us to transfer that Personally Identifiable Information to the United States (or such other third country).

Attachment 1: Standard Contractual Clauses (Processor)

For the transfer of Personal Data outside of the EEA and/or Switzerland to processors established in third countries which do not ensure an adequate level of data protection, the data exporter and the data importer have agreed on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the Personal Data specified in Appendix 1.

Notwithstanding the foregoing, if the following Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personal Data outside of the EEA and/or Switzerland to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer Clauses), you shall procure the appropriate consent of any data subject whose Personal Data is transferred to us to enable the Parties to transfer that Personal Data to the United States (or such other third country).

Clause 1

Definitions

For the purposes of the Clauses:

(a)‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b)‘the data exporter’ means the party who transfers the personal data;

(c)‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d)‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e)‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f)‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause
(a)The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

(b)The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

(c)The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

(d)The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:
(a)that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b)that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c)that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d)that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e)that it will ensure compliance with the security measures;

(f)that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g)to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h)to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i)that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j)that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:
(a)to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b)that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c)that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d)that it will promptly notify the data exporter about:

(e)any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
i. any accidental or unauthorised access; and
ii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
iii. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f)at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority. The data importer has included the security requirements detailed in Appendix 2 at the request of the data exporter, and the data exporter agrees that such security requirements and the audit obligations and rights under the Master Agreement will be deemed to fully satisfy the audit rights granted to the data exporter under Clauses 5(f) and 12.2;

(g)to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h)that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent (whether under or in connection with the Master Agreement or otherwise);

(i)that the processing services by the sub-processor will be carried out in accordance with Clause 11;

(j)to send promptly, on request, a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6

負債

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

a. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

(a) The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(b)to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(c)to refer the dispute to the courts in the Member State in which the data exporter is established.
(d)The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9

Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Sub-processing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.

2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation after the termination of personal data-processing services

1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data exporter:

Name (written out in full):

Position:

Address:………………………………………………………………………………………………………………………

Other information necessary in order for the contract to be binding (if any): (stamp of organisation)

Signature ………………………………………………………………………………………………………………………

On behalf of the data importer:

Capital Confirmation, Inc.

Name (written out in full): Diana Flanders

Position: VP, Business Integrations

Address: Capital Confirmation Inc. Centerview Drive, Suite 100, Brentwood, TN 37027

Other information necessary in order for the contract to be binding (if any): N/A

Signature ………………………………………………………………………………………………………………………

Appendix 1

to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

The data exporter will export the personal data contained in the client's documentation to the requestors via the Confirmation.com platform. Exported data will concern personal data of data exporter's employees with access given to the online platform handled by the data importer. Also, data exporter's customers data for the purposes of forwarding data exporter's audits to requestors by the Importer.

Data importer

The data importer is (please specify briefly activities relevant to the transfer):

Capital Confirmation Inc.

The data importer provides an online venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users. Processed data will concern data exporter's employees for which accounts in the platform handled by the data importer will be created. Also, data exporter's customers data for the purposes of forwarding data exporters confirmations to requestors by the data importer.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Data exporter’s employees and personal data of data exporter’s client’s representatives and other subjects mentioned in the documentation, which is sent to the requestor

Categories of data

The personal data transferred concern the following categories of data (please specify):

-names, surnames, names of authorized representatives of the data exporter’s clients

-including but not limited to: names, surnames, addresses, account numbers, financial information, PESEL number and other personal data of the subjects mentioned in the documentation sent to the requestor.

Special categories of data (if appropriate)

Not applicable

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The platform Confirmation.com is internet-based system, that allows the data exporter to send documentation to auditors for the needs of the audit. The documentation will be encrypted by the data importer while uploading it to the platform, so the data importer should not get access to the contents of the documentation and personal data contained in the documentation beyond the scope necessary to perform the encryption process.

DATA EXPORTER

Name:………………………………………………………………………………………………………………………

Authorised Signature………………………………………………………………………………………………………………………

DATA IMPORTER

Capital Confirmation, Inc.

Name: Diana Flanders

Authorised Signature………………………………………………………………………………………………………………………

Appendix 2

to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Data Importer has implemented the technical and organisation security measures set out in the Agreements and incorporated herein by reference.

DATA EXPORTER

姓名:

授權的簽名

Capital Confirmation Inc.

Name: Diana Flanders

Authorised Signature:

For Law Firms

Confirmation.comSM Service Agreement – Law Firm User*

This Confirmation.com Service Agreement - Law Firm User (this "Agreement") is between Capital Confirmation, Inc., a Delaware corporation (the "Provider"), and the law firm accessing and using the Confirmation.com Service (as defined below) (the "Law Firm"), and sets forth the terms and conditions under which the Law Firm shall have the right to use the Provider's Confirmation.com Service. This Agreement shall be effective as of the date of its electronic acceptance by the Law Firm (the "Effective Date").

1. Confirmation.com Service. During the Term of this Agreement, the Law Firm shall have the right to access and use the Provider’s Confirmation.comSM Service (the “Confirmation.com Service”). For purposes of this Agreement, the Confirmation.com Service shall mean the Provider’s electronic communications platform operated for purposes of delivering communications between the Law Firm and other Confirmation.com Service users, including, but not limited to, accounting firms (“Auditors”) engaged from time to time by the Law Firm’s clients (“Clients”). The Confirmation.com Service shall facilitate the delivery of audit request letters from Clients to the Law Firm and the delivery of audit response letters from the Law Firm to Auditors, in each case in connection with audit services conducted for Clients and for which the relevant Client has duly authorized the use of the Confirmation.com Service. For the avoidance of doubt, (i) the Confirmation.com Service is a communication platform, and the Law Firm’s transmission of information via the Confirmation.com Service shall have the same effect and intent as if such information had been transmitted in written form; and (ii) the Confirmation.com Service shall include the provision of ancillary services deemed reasonably necessary by Provider to run an electronic communications platform as outlined herein, including but not limited to customer support, billing, and account management..

2. APIs. Provider may make available to the Law Firm certain Application Programming Interfaces (an “API” or “APIs”) to achieve additional functionality for users, and provide capabilities or integrations that leverage one or more of our products or services available at www.confirmation.com or provided by our affiliates, which the Law Firm may use where applicable, subject to Provider’s then current fees (if any) for such APIs. Unless previously authorized by Provider, or Provider’s affiliates, the Law Firm must not automatically connect (whether through APIs or otherwise) any Confirmation.com Service to other data, software, services or networks. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, THE LAW FIRM’S SOLE AND EXCLUSIVE REMEDY FOR ANY FAILURE OR NONPERFORMANCE OF ANY APIS PROVIDED, PURSUANT TO THIS AGREEMENT BY THE PROVIDER, SHALL BE FOR THE PROVIDER TO USE COMMERCIALLY REASONABLE EFFORTS TO ADJUST OR REPAIR THE NONPERFORMING APIS. FOR THE AVOIDANCE OF ALL DOUBT, THE PROVIDER DOES NOT WARRANT, NOR WILL THE PROVIDER BE RESPONSIBLE FOR, ANY PRODUCTS, SERVICES, FUNCTIONALITY, OR INTERFACES THAT ARE PROVIDED BY THE LAW FIRM OR ANY THIRD PARTY.

3. Term. This Agreement shall be effective from the Effective Date until it is terminated in accordance with the provisions of this Agreement (the “Term”).

4. Termination. Either party may terminate this Agreement at any time, to be effective immediately upon receipt by the other party of a written notice of termination. Without limiting any other remedies, the Provider may suspend or terminate the Law Firm’s account if the Provider reasonably suspects that the Law Firm (by conviction, settlement, insurance investigation or otherwise) has engaged in fraudulent activity in connection with the Provider’s site.

5. Electronic Communications; Identifiers and Passwords; Binding Effect. In order to initiate a session where information is transmitted, the Law Firm will select and use an identification code (such as a “log-in ID”) and a password. The Law Firm shall protect and safeguard its identification codes and passwords and shall permit only authorized officials, employees or agents of the Law Firm (“Authorized Persons”) to use the identification codes and passwords in connection with the Confirmation.com Service. The Provider and all other persons receiving information from the Law Firm (“Law Firm Information”) that has been transmitted using the Law Firm’s identification codes and passwords selected by the Law Firm shall be entitled to rely (absent a breach of the Provider’s physical and technological security safeguards) that the information so transmitted has been transmitted by Authorized Persons and has been duly authorized by a Client with the same effect and intent as if such information had been transmitted in written form bearing the written signature of an Authorized Person. The Provider shall promptly notify the Law Firm if the Provider has reason to believe that the Provider has suffered any breach of its systems, including without limitation its physical and technological security safeguards. If the Law Firm believes that the Law Firm’s identification codes and passwords have been lost, stolen or compromised in any respect, the Law Firm shall promptly notify the Provider’s Customer Support team at 1-866-325-72011.

6. Ownership of Intellectual Property. The Provider shall have and retain all rights, title and interest in all intellectual property relating to the Confirmation.com Service or arising out of the relationship described in this Agreement, in each case as developed by the Provider. The Provider shall have no right, title or interest in any information transmitted by or on behalf of Clients to the Law Firm or by the Law Firm to Clients or Auditors via the Confirmation.com Service. This Section 5 shall survive the termination of this Agreement. Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

7. Notices. All notices under this Agreement must be in writing and sent by email and will be effective when received by such party at the respective following address or such other address as will have been provided in writing.

For the Provider, such notice shall be sent to:
Capital Confirmation, Inc.
Customer.Support@Confirmation.com

For the Law Firm, such notice shall be sent to the email address(es) provided by the Law Firm to the Provider.

7. Custom Development Requests. Custom development requests for the Provider’s applications must be requested in writing, reviewed by the Provider and mutually agreed to by both parties in writing. Custom development fees are charged at the Provider’s standard development rate and paid in accordance with the terms set forth within a Statement of Work (SOW) to be agreed upon by the parties in writing.

8. Confidentiality of Law Firm Information.
a. The Law Firm’s transmittal of Law Firm Information to Auditors through the Confirmation.com Service shall not be deemed to constitute a waiver of any attorney-client privilege, work product doctrine or any other applicable privilege that applies to such Law Firm Information.

b. The Provider represents and warrants to the Law Firm that the Confirmation.com Service is an electronic conduit to facilitate the delivery of requests for information and responses thereto in connection with audit services conducted for the Law Firm's Clients by Auditors. In accordance with the Provider's stated security and privacy policies, the Provider shall maintain physical and technological security safeguards to protect the confidentiality of all Law Firm Information transmitted via the Confirmation.com Service.

c. The Provider agrees that all Law Firm Information is to be treated confidentially and that, except as required by law, the Provider shall not provide any Law Firm Information to any person, other than Auditors within the scope of the relevant Client’s authorization, without the prior written consent of the Law Firm.

d. If the Provider is requested or required (by oral questions, interrogatories, requests for information or documents in legal proceedings, subpoena, civil investigative demand or other similar process) to disclose any of the Law Firm Information, the Provider shall provide the Law Firm with prompt written notice of any such request or requirement so that the Law Firm may seek a protective order or other appropriate remedy and/or waive compliance with the provisions of this Agreement. If, in the absence of a protective order or other appropriate remedy or the receipt of a waiver from the Law Firm, the Provider is nonetheless legally compelled to disclose the Law Firm Information to any tribunal or other entity or else stand liable for contempt or suffer other censure or penalty, the Provider may, without liability hereunder, disclose to such tribunal or other entity only that portion of the Law Firm Information which the Provider is legally required to be disclosed, provided that the Provider exercises its best efforts to preserve the confidentiality of the Law Firm Information, including, without limitation, by cooperating with the Law Firm without expense to the Provider, to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded the Law Firm Information by such tribunal or other entity.

9. Privacy. Provider does not sell or rent your personal information to third parties and only use your information as described in the Privacy Statement available at https://www.confirmation.com/legal-security-privacy/index.html . Provider take the protection of our users’ privacy seriously. Provider stores and processes your information on computers located in Ireland and the United States that are protected with security measures.

If you object to your personal information being collected, used, transferred, or otherwise processed in this way, please do not use our services.

9.1 Data Protection Legislation. When using Provider’s Services or otherwise providing Personally Identifiable Information to Provider, the Law Firm agrees to comply with all applicable laws governing or relating to the processing of that Personally Identifiable Information (“Data Protection Laws”). “Personally Identifiable Information” shall mean any information relating to an identified or identifiable natural person whose information the Law Firm provides to Provider and that Provider process as part of the Service or in connection with this Agreement. The Law Firm confirms that any Personally Identifiable Information that has been provided by the Law Firm has been collected and disclosed in accordance with Data Protection Laws. When using the Service, The Law Firm shall not input, upload, maintain or disclose any irrelevant or unnecessary information about individuals.

9.2 Personal Data Transferred Outside of the Law Firm’s Home Country. Without limiting the foregoing and for clarity, the Firm agrees that Provider may transfer the Law Firm’s personal information outside of Law Firm’s home country to another country where the laws may not provide an equivalent level of protection and the Law Firm confirm that Provider may so transfer any Personally Identifiable Information that has been provided by the Law Firm.
Where the provision of Service by Provider to the Law Firm involves any transfer of Personally Identifiable Information that has been provided by the Law Firm outside of the European Economic Area or Switzerland (by way of direct or indirect transfer), the Law Firm and Provider agree that the transfers will be done in accordance with Exhibit A attached hereto. If any other Data Protection Laws require the Law Firm and Provider to implement appropriate safeguards to legitimize the transfer of Personally Identifiable Information to a third country, you will let the Provider know and the parties will negotiate in good faith to implement the required safeguards.

10. Compliance. The Law Firm will not obtain, retain, use, or provide access to the Confirmation.com Service to an affiliate or any third party in a manner that may breach any applicable export control or economic sanctions laws and regulations for any jurisdiction, including the United States of America, the United Kingdom and the European Union and its Member States. The Law Firm warrants that neither the Law Firm, nor any affiliate to which the Law Firm provides access to the Confirmation.com Service, is affiliated with a specially designated or sanctioned entity under any of those laws and that, in any transaction relating to Provider or the Confirmation.com Service, such transactions will not involve sanctioned parties, including without limitation through the use of bank accounts at banks that are sanctioned parties. Further, the parties represent and warrant that they have read, understand and shall comply with all applicable laws, regulations and judicial actions including, but not limited to, anti-bribery laws, anti-corruption laws, anti-slavery laws, anti-human trafficking, tax laws, any applicable law aimed at preventing the facilitation of criminal behavior.

11. Entire Agreement; Amendment. This Agreement represents the entire agreement between the Law Firm and the Provider with respect to the Confirmation.com Service, and it takes the place of all other agreements, writings and negotiations, including any other user agreement that is either posted on the Provider’s website or deemed to be accepted by the Law Firm upon the Law Firm’s usage of the Confirmation.com Service at any time prior or subsequent to the date of this Agreement.

12. Acceptance. You evidence your acceptance of this Agreement by using the Confirmation.com Service. Such acceptance shall have the same legal effect as your written signature set forth on a written document containing the terms and conditions of this Agreement.

EXHIBIT A

EUROPEAN PERSONAL DATA TRANSFERS

Provider processes Personally Identifiable Information outside of the European Economic Area (EEA) and Switzerland including in third countries which may not be recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, such as in the United States.

Provider will enter into the Standard Contractual Clauses approved by the European Commission to legitimize the transfers of Personally Identifiable Information outside of the EEA and/or Switzerland to an inadequate third country.

If the Provider is required to enter into the Standard Contractual Clauses to legitimize the transfer of Personally Identifiable Information outside of the EEA and/or Switzerland, then the parties hereby agree to the Standard Contractual Clauses set forth in Attachment 1 (for those cases where Provider acts as a processor with respect to personal data) below, and the Firm evidences its acceptance of the Standard Contractual Clauses by clicking on “Accept User Agreement and Add Account” button on the Provider website or by using the Provider’s Service.

Notwithstanding the foregoing, if the Standard Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personally Identifiable Information outside of the EEA to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer agreements), then the Law Firm shall procure the appropriate consent of any data subject whose Personally Identifiable Information is transferred to the Provider to enable the Provider to transfer that Personally Identifiable Information to the United States (or such other third country).

Attachment 1: Standard Contractual Clauses (Processor)

For the transfer of personal data outside of the EEA and/or Switzerland to processors established in third countries which do not ensure an adequate level of data protection, the data exporter and the data importer have agreed on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Notwithstanding the foregoing, if the following Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personal Data outside of the EEA and/or Switzerland to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer Clauses), you shall procure the appropriate consent of any data subject whose Personal Data is transferred to us to enable the Parties to transfer that Personal Data to the United States (or such other third country).

Clause 1
Definitions

For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the party who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2
Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3
Third-party beneficiary clause

(a) The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

(b) The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

(c) The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

(d) The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4
Obligations of the data exporter

The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5
Obligations of the data importer

The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(e) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
i. any accidental or unauthorised access; and
ii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
iii. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority. The data importer has included the security requirements detailed in Appendix 2 at the request of the data exporter, and the data exporter agrees that such security requirements and the audit obligations and rights under the Master Agreement will be deemed to fully satisfy the audit rights granted to the data exporter under Clauses 5(f) and 12.2;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent (whether under or in connection with the Master Agreement or otherwise);

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;

(j) to send promptly, on request, a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6
負債

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
a. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7
Mediation and jurisdiction

(a) The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(b) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(c) to refer the dispute to the courts in the Member State in which the data exporter is established.

(d) The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8
Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9
Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10
Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11
Sub-processing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.

2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12
Obligation after the termination of personal data-processing services

1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data exporter:
Name (written out in full):
Position:
地址:
Other information necessary in order for the contract to be binding (if any): (stamp of organisation)
簽署

On behalf of the data importer:
Capital Confirmation, Inc.
Name (written out in full): Diana Flanders
Position: VP, Business Integrations
Address: Capital Confirmation, Inc. 214 Centerview Drive, Suite 100, Brentwood, TN 37027
Other information necessary in order for the contract to be binding (if any): N/A
簽署

Appendix 1
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

The data exporter will export the personal data contained in the client's documentation to the requestors via the Confirmation.com platform. Exported data will concern personal data of data exporter's employees with access given to the online platform handled by the data importer. Also, data exporter's customers data for the purposes of forwarding data exporter's audits to requestors by the Importer.

Data importer

The data importer is (please specify briefly activities relevant to the transfer):
Capital Confirmation Inc.

The data importer provides an online venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users. Processed data will concern data exporter's employees for which accounts in the platform handled by the data importer will be created. Also, data exporter's customers data for the purposes of forwarding data exporters confirmations to requestors by the data importer.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Data exporter’s employees and personal data of data exporter’s client’s representatives and other subjects mentioned in the documentation, which is sent to the requestor

Categories of data

The personal data transferred concern the following categories of data (please specify):
-names, surnames, names of authorized representatives of the data exporter’s clients
-including but not limited to: names, surnames, addresses, account numbers, financial information, PESEL number and other personal data of the subjects mentioned in the documentation sent to the requestor.

Special categories of data (if appropriate)

Not applicable

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The platform Confirmation.com is internet-based system, that allows the data exporter to send documentation to auditors for the needs of the audit. The documentation will be encrypted by the data importer while uploading it to the platform, so the data importer should not get access to the contents of the documentation and personal data contained in the documentation beyond the scope necessary to perform the encryption process.

DATA EXPORTER
姓名:
授權的簽名

DATA IMPORTER
Capital Confirmation Inc.
Name: Diana Flanders
授權的簽名

Appendix 2
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Data Importer has implemented the technical and organisation security measures set out in the Agreements and incorporated herein by reference.

DATA EXPORTER
姓名:
授權的簽名
Capital Confirmation Inc.
Name: Diana Flanders
授權的簽名

*本協議納入「美國律師協會商業法章節審計回應委員會」(American Bar Association Business Law Section Audit Responses Committee)會員提供的意見,其中對於個別律師事務所是否應使用本協議中所討論的服務或是否該接受其條款及細則等並無意見。

For Asset Verification Users

用戶協議

以下內容為用戶使用CAPITAL CONFIRMATION INC.所提供服務的使用條款說明。

Welcome to the User Agreement for Capital Confirmation Inc. This Agreement describes the terms and conditions applicable to your use of our services available under the domains and sub-domains of www.confirmation.com, and learn.confirmation.com ("Confirmation Website(s)") owned and operated by Capital Confirmation, and the general principles for the websites of our subsidiaries.如果您不同意遵守本協議的條款及條件,請勿使用或存取我們的服務。 You evidence your acceptance of the terms and conditions of this Agreement by checking the box for the "Yes, I have read and accept the User Agreement." statement and clicking the "Create New Account" button on Capital Confirmation's website and through your use of any of the Confirmation.com services (aka "Confirm" service).

If you have any questions, please email us at customer.support@confirmation.com.

在您成為Capital Confirmation的會員前,您必須先閱讀、同意並且接受本《用戶協議》及《私隱聲明》中的所有條款及條件,其中包括以下所明確陳述的條款及條件以及這些已納入的參考資料。我們極力建議您在閱讀此份《用戶協議》時,也同時閱讀本文件中所參考的其他頁面及網站的資訊,因為這些資訊可包含適用於Capital Confirmation用戶的其他條款及條件。 Please note: underlined words and phrases are links to these pages and websites.透過同意本《用戶協議》,即表示您也同意在使用其他Capital Confirmation網站時,將遵守這些網站的條款及條件。

我們可隨時透過在我們的網站上公佈修改後的條款以示我們對本協議的修改。 Except as stated below, all amended terms shall automatically be effective immediately upon posting on our site.您將不會收到關於本協議中任何變更的書面通知或電郵通知。本協議不得修改,除非經過您及Capital Confirmation Inc.的書面簽署。本協議自1年2003月{[#2]}日起生效。

1. Membership Eligibility.
我們的服務僅提供給根據適用法律可簽署有法律約束力合約的個人。在不限於前述內容的情況下,我們的服務不提供給未成年人或遭到暫時或永久停用的Capital Confirmation會員。如果您未成年,您不得使用本服務。如果您不符合資格,請勿使用我們的服務。此外,Capital Confirmation帳戶(包括反饋)及用戶ID皆不得轉讓或出售給他方。如果您以商業實體身分註冊,即表示您有權代表該實體接受本協議的約束。如果您以個人身分註冊,即表示您是自己所聲稱的本人。

2. Fees and Service.
Capital Confirmation provides a venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users (the "Service"). The Service also includes the provision of ancillary services deemed reasonably necessary by Capital Confirmation to run a venue for digital transaction management, including but not limited to customer support, billing, and account management.

Joining and using our service is free.請求及接收詢證函則必須收取費用。 Our Fees and Credit Policy is available here and is incorporated by reference. 我們不時會變更我們的「費用及信貸政策」,以及我們服務的費用。我們政策的變更在我們將變更公佈於本協議,並且在提供您至少14天有關變更的通知後即行生效。然而,我們可因促銷活動而選擇暫時變更我們的費用政策及服務費用,且當我們將暫時性的促銷活動公佈於www.confirmation.com網站時,這類變更即行生效。在您購買詢證函時,您有機會先查看再接受使用我們服務所應付的費用。我們可隨時自行斟酌決定變更我們部分或全部的服務。當我們推出一項新服務時,該項服務的費用於推出時即行生效。除非另行規定,所有費用皆以美元報價。您將負責支付使用我們服務及網站的所有相關費用及適用稅金。

3. Capital Confirmation is a Venue.

3.1 Capital Confirmation並非銀行或律師事務所,我們也不是被授權的銀行或律師事務所代表。 我們的網站是個場所,讓用戶可隨時隨地用來請求、接收及購買詢證函。 We are not involved in the actual transaction between users of and providers of the confirmation information.因此,我們對於請求及回應的品質、正確性、時效性或合法性,或請求及回應的真偽或正確性皆無法掌控。 We also cannot ensure that a provider will actually complete a transaction.
3.2 身分驗證。 當用戶在我們的網站上註冊時,我們使用許多方法來驗證其身分。然而,因為在網上進行用戶驗證不易,Capital Confirmation對每位用戶所聲稱的身分無法也不進行確認。因此,我們建立了一個用戶啟動的溝通系統,以協助您評估您的交易對象。我們鼓勵您透過我們網站上所提供的工具直接與個別方進行溝通。
3.3 免責。 基於我們是個場所,如果您與一位或多位用戶發生爭議時,您將免除Capital Confirmation(和我們的主管、董事、代理人、子公司、合資公司以及員工)對因此而產生或以任何方式與這類爭議相關的每種已知和未知性質、可疑和未料及、已披露和未披露的求償、要求及損失(實際及衍生)的責任。 If you are a California resident, you waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”
3.4 資訊掌控。 我們無法掌控由其他用戶透過我們的系統所提供的資訊。您可能會發現其他用戶的資訊並不正確。使用我們的網站時,請務必謹慎,並且運用判斷力及安全措施。
3.5 客戶服務與支持。 Monday through Friday between the hours of 8:00 A.M. and 5:00 P.M. Central Standard Time, customer support shall be available free of charge by telephone or by email at one or more phone numbers or email addresses to be specified on our website located at www.confirmation.com.

4. Authorizing, Requesting and Purchasing.
透過授權、請求及購買詢證函,即表示您同意接受本協議的條件約束。請求不得撤銷。如果您選擇授權、請求或購買詢證函,您即證明您擁有合法權利可授權、請求或購買此類詢證函。

5. Address Lookup.
Capital Confirmation自公共及私人資料來源提供地址查找資料。本系統所用的公共記錄、私人記錄及商用提供的資料來源有錯誤且不完整。資料有時輸入有誤且未經正確處理。本系統不該被視為絕對正確。在依賴本系統提供的任何資料前,應個別予以驗證。

6. Out-of-Network Confirmations.
The Out-of-Network confirmation service requires the requestor to enter the contact information for the responder and the responder’s company.因為您作為請求者,您決定網外詢證函要發送給哪個實體的哪位人員,因此也決定回應方是哪個實體的哪位人員,而您同意對於確認及驗證個人回應方身分及其所聲稱代表的公司負唯一全責。您了解Capital Confirmation未曾也將不會驗證回應方或其所聲稱代表的公司的身分。 You release and hold harmless Capital Confirmation from any and all claims related to the responder’s identity and/or the identity of the company the responder claims to represent if you request confirmations through www.confirmation.com using the Out-of-Network confirmation service.

7. Fraud.
如果我們懷疑您(因定罪、和解、保險調查或其他原因)涉及在Capital Confirmation網站上進行欺詐活動,我們得暫停或終止您的帳戶,並且不限任何其他的補救措施。

8. Your Information.

8.1 Definition. “Your Information” is defined as any information you provide to us or other users in the registration or confirmation process, in any message area or through any email feature.對於「您的資料」,您必須承擔全部責任,我們僅是「您的資料」的網上傳播及發佈的被動管道。
8.2 限制活動。 Your Information (or any items listed) and your activities on the site shall not: (a) be false, inaccurate or misleading; (b) be fraudulent; (c) infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (d) violate any law, statute, ordinance or regulation (including, but not limited to, those governing consumer protection or antidiscrimination); (e) be defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (f) be obscene or contain child pornography; (g) contain any viruses, Trojan horses, worms, time bombs, cancelbots, easter eggs or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; and (h) create liability for us or cause us to lose (in whole or in part) the services of our ISPs or other suppliers.此外,您不得授權或請求本網站的詢證函(或以使用我們的服務作為開始所完成的任何交易),如果透過授權或支付我們使用費或成交費可造成我們違反任何適用法律、法令、條例或法規。
8.3 許可證。 在僅讓Capital Confirmation使用您提供給我們的資料而避免我們違反任何您在該資料中所擁有的權利之下,您同意授予我們關於「您的資料」在任何已知或目前未知媒體之非專屬、全球性、永久、不可撤銷、免權利金、可再授權(透過多種層級)權利以執行您在「您的資料」中所擁有的版權、宣傳及資料庫權利(但是沒有其他權利)。Capital Confirmation將僅根據我們的私隱聲明來使用「您的資料」。

9. Ownership of Intellectual Property.
Capital Confirmation得擁有和保有關於此項服務或因本協議中所述關係而產生的所有知識產權之權利、所有權及利益。「知識產權」意指所有想法、發現、發明、開發、設計、改進、商標、服務標記、商業機密、專有資訊、計劃、原始代碼、目標代碼、專利申請、專利、版權(在其期間內,包括其延續、展期及繼承)、可有版權的作品以及與之相關的商譽,包括增強、改善及衍生的作品(無論是現存或以後產生者)。 You hereby assign and transfer to Capital Confirmation any and all rights in any such Intellectual Property, either presently existing or hereinafter arising, and agree to take such actions (at Capital Confirmation's expense) as Capital Confirmation may reasonably request to secure such rights for Capital Confirmation.身為我們服務的註冊用戶,您同意在您最後登錄日起算的兩(2)年期間,不會提供或協助他人提供與Capital Confirmation所提供服務有任何競爭性質的服務。 Unsolicited ideas or product feedback will automatically become our property, without any compensation to you and we may use or distribute such submissions and their contents for any purpose and in any way without any obligations of confidentiality or otherwise.

10. Access and Interference.
您同意,在未取得我們的書面許可前,不會使用任何機器人、網絡蜘蛛或其他自動裝置或以人為方式監督或複製我們的網頁或其內容。 You agree that you will not reverse engineer, disassemble, decompile, decode, adapt, develop, or modify the website or Service, or otherwise attempt to derive or gain access to the source code of the website or Service, in whole or in part.您同意,您不會使用任何裝置、軟件或常規程序來迴避我們的安全功能,或干擾或嘗試干擾Capital Confirmation網站的正常運作或我們網站上所進行的任何活動。您同意,您不會採取任何行動來造成我們基礎結構不合理或不成比例的超負荷。我們網站上的許多資訊皆為實時更新,並且專屬於Capital Confirmation或由我們的用戶或第三方授權使用。您同意,在未取得Capital Confirmation或相關第三方的書面許可前,您不會複製、重製、改變、修改、製作衍生作品或公開展示我們網站上的任何內容(「您的資料」除外)。 You must ensure that all information you supply to us through our website or Service, or in relation to our website or Service, is true, accurate, complete and not misleading. You shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of this information. You shall not access all or any part of our website or Service to build a product or service which competes with the Service. You shall not attempt to obtain, or assist third parties in obtaining, access to our website or Service, other than as provided under this Agreement. You shall not make, nor permit any party to make, any use of our website or Service other than to avail of the Service. You shall not make alterations to, or permit our website or Service or any part of it to be combined with, or become incorporated into, any other programs. You shall not provide or otherwise make available our website or the Service in whole or in part (including object and source code), in any form, to any person without our prior written consent. You shall not infringe on our licensors' intellectual property rights or those of any third party in relation to your use of our website or Service. We may make available to you certain Application Programming Interfaces (an "API" or "APIs") to achieve additional functionality for users, and provide capabilities or integrations that leverage one or more of our products or services available at www.confirmation.com or provided by our affiliates, which you may use where applicable, subject to our then current fees (if any) for such APIs. Unless previously authorized by us, or our affiliates, you must not automatically connect (whether through APIs or otherwise) any Service to other data, software, services or networks

11. Breach.
Without limiting other remedies, we may immediately remove you, warn our community of your actions, issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if: (a) you breach this Agreement or the documents it incorporates by reference; (b) we are unable to verify or authenticate any information you provide to us; or (c) we believe that your actions may cause financial loss or legal liability for you, our users or us.

12. Electronic Communications; Identifiers and Passwords; Binding Effect.
您將使用SSL科技及2048-位元加密在互聯網上取得和傳輸資料給我們。 You must use Internet browsers that will support the use of 2048-bit encryption. In order to initiate a session where information is transmitted, you will select and use an identification code (such as a "log-in ID") and a password.您應保護並且維護其識別碼及密碼的安全,且僅允許經授權的員工使用與服務有關的識別碼及密碼。我們及所有其他人員接到您以自己所選擇的識別碼及密碼傳輸過來的資料,皆有權在任何情況下皆相信以此方式傳輸過來的資訊為由您所為,且該項資訊在各方面皆為真實、正確及完整,其效力如同該項資料是透過有您書面簽署的書面格式傳輸的一樣有效。如果您認為您的識別碼及密碼已經遺失、遭竊或在任何方面遭到破壞,請立即致電1-866-325-72011通知我們。在我們有機會回應您的通知前,所有使用該識別碼及密碼收到的通訊將無效或無作用。

13. Privacy.
我們不會將您的個人資料出售或出租給第三方,並且僅會根據私隱聲明中所述的方式使用您的資料。 我們視保護用戶私隱為一項非常重要的社區原則。 We take the protection of our users’ privacy seriously. We store and process your information on computers located in Ireland and the United States that are protected with security measures.

Customer Financial information residing within Confirmation.com's processing controls will be maintained and stored according to our security and privacy policies. Confirmation.com takes no responsibility for Customer Financial information once this data is no longer within Confirmation.com's control (e.g., data downloaded by a user or mailed confirmations).

If you object to your Information being collected, used, transferred, or otherwise processed in this way, please do not use our services.

13.1 Data Protection Legislation. When using our Services or otherwise providing Personally Identifiable Information to us, you agree to comply with all applicable laws governing or relating to the processing of that Personally Identifiable Information (“Data Protection Laws”). “Personally Identifiable Information” shall mean any information relating to an identified or identifiable natural person whose information you provide to us and that we process as part of the Service or in connection with this Agreement. You confirm that any Personally Identifiable Information that has been provided by you has been collected and disclosed in accordance with Data Protection Laws. When using the Service, you shall not input, upload, maintain or disclose any irrelevant or unnecessary information about individuals.
13.2 Personal Data transferred outside of your home country. Without limiting the foregoing and for clarity, you agree that we may transfer your personal information outside of your home country to another country where the laws may not provide an equivalent level of protection and you confirm that we may so transfer any Personally Identifiable Information that has been provided by you.
Where the provision of Service by us to the you involves any transfer of Personally Identifiable Information that has been provided by you outside of the European Economic Area or Switzerland (by way of direct or indirect transfer), the parties agree that the transfers will be done in accordance with Schedule 1 attached hereto. If any other Data Protection Laws require you and us to implement appropriate safeguards to legitimize the transfer of Personally Identifiable Information to a third country, you will let us know and we will negotiate in good faith to implement the required safeguards.

14. Client Authentication.
You certify that any and all subject(s) set up as your client(s) on the Confirmation.com service are authorized representatives of your client(s).

15. Authorization.
You certify that any confirmations requested are with the subject(s)' prior written permission. You agree to keep the authorization on file for a minimum of 5 years.一般而言,此份書面許可即為客戶委任書。 You warrant that the release of the subject(s)' information will not result in a breach of any applicable data privacy legislation.

16. Audit Rights.
Capital Confirmation may, from time to time, conduct various audits of your practices and procedures to determine your compliance with this Agreement. You agree to reasonably cooperate in all those audits. Capital Confirmation may conduct on-site and/or off-site audits of your facilities as Capital Confirmation determines during normal business hours, and upon reasonable notice.

17. No Warranty.
WE, OUR SUBSIDIARIES, EMPLOYEES AND OUR SUPPLIERS PROVIDE OUR WEB SITE AND SERVICES, INCLUDING BUT NOT LIMITED TO ANY APIS, ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES OF ANY KIND. WE, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, INCLUDING THE WARRANTY OF
MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTIES' RIGHTS, AND THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. THE WE MAKE NO WARRANTIES ABOUT THE ACCURACY, RELIABILITY, COMPLETENESS, OR TIMELINESS OF THE SERVICES OR ANY CONTENT THEREIN. WE MAKE NO WARRANTIES THAT THE WEBSITE OR SERVICE WILL REMAIN AVAILABLE. WE RESERVE THE RIGHT TO DISCONTINUE OR ALTER ANY OR ALL OF THE WEBSITE OR SERVICE, AND TO STOP PUBLISHING OUR WEBSITE OR SERVICE AT ANY TIME AND IN OUR SOLE DISCRETION WITHOUT NOTICE OR EXPLANATION, AND YOU WILL NOT BE ENTITLED TO ANY COMPENSATION OR OTHER PAYMENT UPON THE DISCONTINUANCE OR ALTERATION OF OUR WEBSITE OR SERVICES. FOR THE AVOIDANACE OF ALL DOUBT, WE DO NOT WARRANT, NOR WILL BE RESPONSIBLE FOR, ANY PRODUCTS, SERVICES, FUNCTIONALITY, OR INTERFACES THAT ARE PROVIDED BY YOU OR ANY THIRD PARTY.

18. Liability Limit.
IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR SITE, OUR SERVICES, INCLUDING WITHOUT LIMITATION USE OF ANY APIS, OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE).用戶對於有關服務的衍生性、懲戒性、特殊性、附帶性或懲罰性損害賠償概不負責,即使已被知會有關此類損害賠償的可能性。

IN NO EVENT SHALL WE, OUR SUBSIDIARIES, EMPLOYEES OR OUR SUPPLIERS BE LIABLE WITH RESPECT TO THE ACCURACY OR RELIABILITY OF INFORMATION PROVIDED BY THE AUDITOR, WHETHER INPUTTED INTO THE CAPITAL CONFIRMATION WEBSITE OR ANY ASSOCIATED PLATFORMS BY US CAPITAL CONFIRMATION OR BY THE AUDITOR. THE AUDITOR MAINTAINS THE SOLE RESPONSIBILITY AND LIABILITY FOR REVIEWING AND APPROVING THE INFORMATION POPULATED INTO THE CAPITAL CONFIRMATION WEBSITE AND ASSOCIATED PLATFORMS.

OUR LIABILITY, AND THE LIABILITY OF OUR SUBSIDIARIES, EMPLOYEES, AND SUPPLIERS, TO YOU OR ANY THIRD PARTIES IN ANY CIRCUMSTANCE IS LIMITED TO THE LESSOR OF (A) THE AMOUNT OF FEES YOU PAY TO US
IN THE 12 MONTHS PRECEDING THE FIRST DATE ON WHICH SUCH
LIABILITY AROSE, OR (B) $100. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY FAILURE OR NONPERFORMANCE OF ANY APIS PROVIDED BY CAPITAL CONFIRMATION SHALL BE FOR CAPITAL CONFIRMATION TO USE COMMERCIALLY REASONABLE EFFORTS TO ADJUST OR REPAIR THE NONPERFORMING APIS.

19. Fair Credit Reporting Disclosure.
The parties acknowledge that CCI is not a consumer reporting agency as such term is defined in the federal Fair Credit Reporting Act, 15 U.S.C. 1581 et seq. ("FCRA") and therefore, is not subject to the requirements or provisions of the FCRA. Any reports accessed through the Services or Sites do not constitute consumer reports as such term is defined in the FCRA, and accordingly, such reports may not be used to determine eligibility for credit, employment, insurance underwriting, tenant screening or for any other purpose provided for in the FCRA. CCI makes no representations or warranties as to its compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. However, other Users, including banking institutions, financial organizations, credit reporting agencies, and other entities with which the User may interact through the Services or Sites may be subject to the Fair Credit Reporting Act. CCI makes no representations or warranties about such other User's compliance or certifications with respect to the Fair Credit Reporting Act or its regulatory requirements. CCI shall not be deemed a guarantor of the accuracy or completeness of information provided by other Users.

20. Indemnity.
You shall indemnify and hold Capital Confirmation and (as applicable) our parent, subsidiaries, affiliates, officers, directors, agents, and employees and the financial institutions harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, Capital Confirmation to the extent such claims, damages, liability and costs result directly or indirectly from: (a) your negligence or intentional conduct; and/or (b) your breach of your obligations under this Agreement including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via Capital Confirmation’s Confirmation.com service or any other such service under this Agreement; (c) any claim that our website or Service or the use thereof infringes upon, misappropriates, or violates any intellectual property rights of any third party, provided that such claim results from or is related to (i) an unauthorized modification of our website or Service; (ii) the combination of the website or Service with software, hardware, or equipment not provided by us if our website or Service alone would not be the subject of such claim; or (iii) your unauthorized use of the website or Service; (d) any data breach suffered by you, your vendor or processor, or by a vendor or processor for Capital Confirmation; or (e) any claim, action, audit, investigation, regulatory action, inquiry, or other proceeding that arises out of or relates to your failure to comply with any applicable laws and regulations in connection with the transfer of personal data to or outside the EU/EEA including any applicable data protection legislation.

21. Confidentiality.
You may be given access to our confidential information or confidential information from other authorized Users in relation to your use of our website or Service. Information and knowledge related to the operation and processes of the website and Service are also considered confidential information. You shall hold confidential information in confidence and, unless required by law, not make confidential information available to any third party, or use confidential information for any purpose other than as provided for in using our website or Service. You shall take all reasonable steps to ensure that confidential information to which you have access is not disclosed or distributed by any person in violation of this Agreement. You acknowledge that details of the Service constitute our confidential information.

22. Legal Compliance.
You represent and warrant that you have read, understand, and shall comply with all laws, regulations and judicial actions including, but not limited to, the Identity Theft and Assumption Deterrence Act, the Fraud and False Statements Act, the USA Freedom Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), including without limitation, all amendments thereto, and all other applicable federal or state legislation, regulations and judicial actions, as now or as may become effective.

You certify that you will use the service and the information received for no other purpose than is legally permissible. You understand that if the system is used improperly by company personnel, or if its access codes are made available to any unauthorized personnel due to carelessness on your part or any other, you may be held responsible for financial losses, fees or monetary charges that may be incurred and that its access privileges may be terminated. You will not obtain, retain, use, or provide access to the Service to an affiliate or any third party in a manner that may breach any applicable export control or economic sanctions laws and regulations for any jurisdiction, including the United States of America, the United Kingdom and the European Union and its Member States. You warrant that neither you, nor any affiliate to which you provide access to the Service, is affiliated with a specially designated or sanctioned entity under any of those laws and that, in any transaction relating to Confirmation or the Service, such transactions will not involve sanctioned parties, including without limitation through the use of bank accounts at banks that are sanctioned parties. Further, the parties represent and warrant that they have read, understand and shall comply with all applicable laws, regulations and judicial actions including, but not limited to, anti-bribery laws, anti-corruption laws, anti-slavery laws, anti-human trafficking, tax laws, any applicable law aimed at preventing the facilitation of criminal behavior.

23. British Banker’s Association, BBA Enterprises Limited plus any other group company of the British Banker’s Association (Together the “BBA”)
本協議中的任何條款皆不對BBA或其人員因疏忽所造成的死亡或人身傷害的責任設限;欺詐或不實陳述;或根據英國法律,任何其他無法免除的責任,即使本協議的任何其他條款可能有不同的解釋。
You expressly acknowledge and agree that the BBA: (a) is not a part to this Agreement and is not involved in the design, supply or support of Capital Confirmation Inc’s services including the service promoted to UK banks as “BBA Confirmations”; (b) makes no representation or warranty that the services will be adequate or appropriate for you and its requirements and any BBA trademarks or logos present in marketing materials or other documents o not represent and endorsement of the service; (c) shall not be responsible for providing any of the services; and (d) shall have no liability to you whatsoever whether direct or indirect and whether in contact, tort (including negligence), misrepresentation or for any other reason in respect of any of the services provided under this agreement.

24. No Agency.
您與Capital Confirmation為獨立合同方,本協議無意建立也沒有建立代理關係、合夥關係、合資企業、員工-顧主關係或特許經營關係。

25. Notices.
Except as explicitly stated otherwise, any notices shall be given by postal mail to
Capital Confirmation Inc. Attn: Legal Department 214 Centerview Drive, Suite 100, Brentwood, TN 37027 (in the case of Capital Confirmation) or to the email address you provide to Capital Confirmation during the registration process (in your case).電郵發出後24小時即視為通知已送達,除非發送方接到通知謂該電郵地址無效。或者,我們可經由掛號信、預付郵資及要求回函收執等方式,將通知郵寄到註冊過程中提供給Capital Confirmation的地址。在這種情況下,在郵寄日期的3天後即視為通知已送達。

26. Arbitration.
任何與本協議或我們的服務有關或因此而產生的法律爭議或法律求償,應根據美國仲裁協會(American Arbitration Association)商業仲裁法規之具有約束力的仲裁予以解決,惟Capital Confirmation為收取費用及/或為了取得與Capital Confirmation網站經營、知識產權及服務相關的賠償或強制令所採取的法律訴訟除外。任何此類爭議或求償皆應以個別案件進行仲裁,不得與其他任何方之任何求償或爭議等仲裁案件合併進行。仲裁將在田納西州納許維爾執行;仲裁判決可由任何具有司法管轄權的法庭作出決定。您或Capital Confirmation皆可向田納西州納許維爾具有司法管轄權的法庭申請臨時或暫時性強制令,以便在仲裁尚未作出決定前保護您或Capital Confirmation的權利或財產。如果任何一方提出違反此條款的訴訟,另一方將可獲得最高達$1000.00的律師費用及花費補償。

27. Additional Terms.
以下政策為納入本協議的參考資料,為我們網站上所提供的具體服務提供額外條款及條件:

Privacy Statement: https://www.confirmation.com/legal-security-privacy/index.html
Fee and Credit Policy: https://www.confirmation.com/resources/uncategorized/fees-and-credit-policy/

每項政策皆會不時變更;在我們將變更公佈到我們網站上時即行生效,惟私隱聲明會有{[#0]}天的事前通知。此外,您同意在使用我們網站上的具體服務時,將遵守您透過我們網站所使用服務的任何不時公佈的適用政策或法規。所有這類公佈的政策或法規皆已納入本協議的參考資料。

You acknowledge and agree that: (a) members of Capital Confirmation’s Group may be retained as sub-processors; and (b) Capital Confirmation and members of Capital Confirmation’s Group respectively may engage third-party sub-processors in connection with the provision of the Services.

We do not guarantee and shall not be liable for the performance of any sub-processor or sub-contractor.

28. Governing Law.
This Agreement shall be governed in all respects by the laws of the State of Tennessee, without reference to conflict of laws principles. You further consent to exclusive jurisdiction by the United States District Court for the Middle District of Tennessee.

29. Assignment.
如果發生收購或併購,您同意本協議及所有合併協議將由Capital Confirmation自動指定給我們自行斟酌決定之第三方。 You may not, without our prior written consent, assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under this Agreement.

30. General.
我們不保證能提供持續、無中斷或可安全存取的服務,且我們網站的經營可能會受到許多在我們掌控之外因素的干擾。如果本協議的任何條款被視為無效或無法執行,則這類條款應被排除,而其餘的條款仍應將繼續執行。標題僅供參考用途,並不定義、限制、詮釋或敘述該章節的範圍或限度。我們處理您或他人違約的失敗並不代表我們放棄處理後續或類似違約的權利。英語是Confirmation.com網站內容的官方語言。Confirmation.com使用第三方供應商讓英語能力有限的用戶可使用網站上的資訊。經過此自動程序所得之譯文不應視為絕對精確,尤其是有關技術和法律術語方面。此外,部分內含圖形、照片及便攜式文件格式(pdf)的檔案,無法透過此程序進行翻譯。對於透過此系統翻譯的任何資訊,Capital Confirmation Inc.不保證其正確性或可靠性,且對於因依賴該項資料之正確性或可靠性而造成之任何損失概不負責。雖然我們盡力維持譯文的準確性,但是部分譯文可能不正確。任何必須依賴本系統取得資訊的個人或實體必須自行承擔風險。本協議闡述貴我雙方就此主題的完整了解及同意。 Sections 2 (Fees and Service) with respect to fees owed for our services, 3.3 (Release), 8.3 (License), 10 (Access and Interference), 18 (Liability Limit), 19 (Indemnity) and 26 (Arbitration) shall survive any termination or expiration of this Agreement.

31. Disclosures.
以下服務由Capital Confirmation Inc.提供,位於214 Centerview Drive, Suite 100, Brentwood, Tennessee 37027。 Fees for our services are described above in Section 2 (Fees and Service).

32. Disputes.
您及Capital Confirmation之間關於我們服務的爭議可以郵寄方式向「客戶服務與支持」報告,地址:Capital Confirmation, Customer Support, 214 Centerview Drive, Suite 100, Brentwood, TN 37027。關於所有用戶之間的爭議,我們建議您向當地執法機構、郵政管理局局長,或有照的調解人或仲裁機構報告。

33. Your Acceptance of this User Agreement.
You evidence your acceptance of this User Agreement by clicking on “Accept User
Agreement and Add Account" button on the Capital Confirmation website or by using the Confirmation.com service.此項接受等同於您在含有本用戶協議條款及條件的書面文件上書面簽署的法律效力。

表1
歐洲的資料傳輸

We process Personally Identifiable Information outside of the European Economic Area (EEA) and Switzerland including in third countries which may not be recognized by the European Commission or the Swiss Federal Data Protection and Information Commission as providing an adequate level of privacy protection, such as in the United States.

Capital Confirmation will enter into the Standard Contractual Clauses approved by the European Commission to legitimize the transfers of Personally Identifiable Information outside of the EEA and/or Switzerland to an inadequate third country.

If we are required to enter into the Standard Contractual Clauses to legitimize the transfer of Personally Identifiable Information outside of the EEA and/or Switzerland, then the parties hereby agree to the Standard Contractual Clauses set forth in Attachment 1 (for those cases where we act as a processor with respect to personal data) below, and you evidence your acceptance of the Standard Contractual Clauses by clicking on “Accept User Agreement and Add Account” button on the Capital Confirmation website or by using the Confirmation.com Service.

Notwithstanding the foregoing, if the Standard Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personally Identifiable Information outside of the EEA to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer agreements), then you shall procure the appropriate consent of any data subject whose Personally Identifiable Information is transferred to us to enable us to transfer that Personally Identifiable Information to the United States (or such other third country).

Attachment 1: Standard Contractual Clauses (Processor)

For the transfer of personal data outside of the EEA and/or Switzerland to processors established in third countries which do not ensure an adequate level of data protection, the data exporter and the data importer have agreed on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Notwithstanding the foregoing, if the following Contractual Clauses are not a valid transfer mechanism to legitimize the transfers of Personal Data outside of the EEA and/or Switzerland to the United States (or another third country that does not provide an equivalent level of protection even with the use of such data transfer Clauses), you shall procure the appropriate consent of any data subject whose Personal Data is transferred to us to enable the Parties to transfer that Personal Data to the United States (or such other third country).

Clause 1
Definitions
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter’ means the party who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3
Third-party beneficiary clause

(a) The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
(b) The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
(c) The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
(d) The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(e) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
i. any accidental or unauthorised access; and
ii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
iii. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority. The data importer has included the security requirements detailed in Appendix 2 at the request of the data exporter, and the data exporter agrees that such security requirements and the audit obligations and rights under the Master Agreement will be deemed to fully satisfy the audit rights granted to the data exporter under Clauses 5(f) and 12.2;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent (whether under or in connection with the Master Agreement or otherwise);
(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;
(j) to send promptly, on request, a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6
負債
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
3. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
4. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7
Mediation and jurisdiction
(a) The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(b) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(c) to refer the dispute to the courts in the Member State in which the data exporter is established.
(d) The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9
Governing law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11
Sub-processing
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.
2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12
Obligation after the termination of personal data-processing services
1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data exporter:
Name (written out in full):
Position:
地址:

Other information necessary in order for the contract to be binding (if any): (stamp of organisation)
簽署

On behalf of the data importer:
Capital Confirmation, Inc.
Name (written out in full): Diana Flanders
Position: VP, Business Integrations
Address: Capital Confirmation, Inc. 214 Centerview Drive, Suite 100, Brentwood, TN 37027

Other information necessary in order for the contract to be binding (if any): N/A
簽署

Appendix 1
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

The data exporter will export the personal data contained in the client's documentation to the responders via the Confirmation.com platform. Exported data will concern personal data of data exporter's employees with access given to the online platform handled by the data importer. Also, data exporter's client data for the purposes of forwarding data exporter's audit requests to responders by the data importer.

Data importer
The data importer is (please specify briefly activities relevant to the transfer):
Capital Confirmation Inc.

The data importer provides an online venue for digital transaction management, including but not limited to, audit confirmations, accounts receivable/accounts payable confirmations, credit inquiries, employee benefit plan audits and confirmations, and legal confirmations for accounting firms, law firms, banks, and other users. Processed data will concern data exporter's employees for which accounts in the platform handled by the data importer will be created. Also, data exporter's client data for the purposes of forwarding data exporter's audit requests to responders by the data importer.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Data exporter’s employees and personal data of data exporter’s client’s representatives and other subjects mentioned in the documentation, which is sent to the responder

Categories of data

The personal data transferred concern the following categories of data (please specify):

The categories of data are: names, surnames, addresses, account numbers, financial information, PESEL number and other personal data of the subjects mentioned in the documentation sent to the responder. Employees, partners, principals, directors, former employees, former partners, former principals, former directors, new hires, individual contractors and temporary staff of the data exporter, as well as applicants, dependants, contractors / subcontractors, clients, suppliers/vendors of the data exporter

Special categories of data (if appropriate)
Not applicable

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The platform Confirmation.com is internet-based system, that allows the data exporter to send documentation to auditors for the needs of the audit. The documentation will be encrypted by the data importer while uploading it to the platform, so the data importer should not get access to the contents of the documentation and personal data contained in the documentation beyond the scope necessary to perform the encryption process.

DATA EXPORTER
姓名:
授權的簽名

DATA IMPORTER
Capital Confirmation, Inc.
Name: Diana Flanders
授權的簽名

Appendix 2
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Data Importer has implemented the technical and organisation security measures set out in the Agreements and incorporated herein by reference.

DATA EXPORTER
姓名:
授權的簽名
Capital Confirmation Inc.
Name: Diana Flanders
授權的簽名

設置安全標準

To illustrate Confirmation's commitment to effective operational controls and privacy and security best practices, we undergo all three Service Organization Control (SOC) examinations annually, have received an ISO 27001 certification for the service, and TRUSTe Privacy Policy certified. 這些認證集中起來有效地保證了我們執行的控制,可保護我們用戶數據的私隱和機密性,以及系統的安全性、可用性和過程完整性。

TRUSTe                    

           

 

SOC 1、SOC 2和SOC 3 測試

SOC報告能檢測對服務機構所提供的服務的控制。SOC報告有三種類型,為了應對我們客戶不斷變化的需求,我們需要完成全部三個SOC測試。

  • 第2類 SOC 1- 根據SSAE 18標準編制的報告,涉及用戶實體內部財務報告控制相關的控制設計和操作有效性。
  • 第2類 SOC 2-此報告涉及對於影響到用戶數據處理系統的安全性、可用性、處理完整性,以及影響到系統處理資訊的保密性和私隱性的控制設計和操作有效性。
  • SOC 3—reports on whether a system complies with specified Trust Services Criteria.

View our SOC 3 Report.

          

ISO27001認證

Confirmation.com服務獲得ISO27001認證-代表資訊安全管理系統(ISMS)的建立和認證符合全球公認標準。此標準規定了在一個機構的整體商業風險背景之下,建立、實施、操作、監控、維護並改善一個記錄在案的ISMS所需的要求。

Confirmation.com的ISMS涵蓋其網上審計詢證函服務以及與其位於田納西州Brentwood和佛羅里達州Delray Beach的辦事處相關的基礎設施,包括數據和數據環境、伺服器、源代碼和內部網絡。

查看我們的ISO27001認證

TRUSTe 認證

Confirmation.com嚴格遵守由TRUSTe發佈網上最可信的第三方私隱政策認證準則。獲得TRUSTe網路隱私權標章印記的公司;恪遵TRUSTe的嚴格隱私原則,並且竭力保護客戶的資訊。

View our TRUSTe Privacy Seal

TRUSTe

Privacy Shield Frameworks

Capital Confirmation has certified under the guidelines set forth in the EU-US Privacy Shield and Swiss-US Privacy Shield frameworks and has undergone successful review by the U.S. Department of Commerce.

The Privacy Shield Frameworks provide a set of robust and enforceable protections for the personal data of EU and Swiss individuals transferred to third parties. The Frameworks provide strong U.S. government oversight, increased cooperation with EU and Swiss data protection authorities (DPAs), and transparency regarding how participating companies use personal data. The Privacy Shield Frameworks also offer EU and Swiss individuals multiple avenues to address any concerns regarding participants' compliance with the Frameworks including free dispute resolution.

View our Privacy Shield

一般資料保護法規(簡稱GDPR)

GDPR主要目的為藉由統一所有歐盟成員國的法規以便歐盟居民能重新掌握其個人資料,並且簡化跨國企業的監管環境。Confirmation.com致力於保護本公司的資料以及客戶的資料。為了達到此一目標,我們已經實施多種監控措施以確保符合GDPR的規定。 Please read below for more information.

What is GDPR?

On May 25, 2018, the European Union (EU) began enforcing a new data protection regulation, the General Data Protection Regulation, or GDPR. The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy.

Who does the GDPR impact?

The GDPR applies to organizations located within the EU, and to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU natural persons or 'data subjects.' It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company's location.

What steps is Confirmation.com taking to comply with GDPR?

Confirmation.com welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU, and as an opportunity for our organization to strengthen our commitment to data protection.

The following steps have been taken to ensure compliance with the GDPR:

  • Implemented a Security Management System
  • Appointed a Data Protection Officer
  • Appointed a EU-Based Data Protection Representative
  • Updated Data Privacy Policies
  • All Data Classified as “Most Sensitive” is Encrypted At-Rest
  • Annual Data Protection Impact Assessments Performed
  • Implemented Data Protection by Design Into All Business Projects
  • Created a GDPR Compliant Data Breach Incident Response Plan
  • Personal Data Processing Inventory (Article 30 Report) Created and Maintained.
  • Implemented Personal Data Loss Prevention Controls
  • Enhanced Data Privacy and Security Awareness Training implemented
  • Enhanced Encryption For Personal Data in Transit via TLS 1.2
  • Created GDPR Compliant Procedures for EU Data Subject Inquiries
  • Streamlined Explicit Consent and Withdrawal Procedures Implemented
  • Fair Personal Data Processing Notices Created and Sent to Data Subjects
  • Implemented GDPR Compliant Third Party Risk Management System
  • Registered with the ICO (UK Information Commissioner’s Office) To Provide EU Data Subject Inquiry Recourse
  • Certified EU-US Privacy Shield
  • Certified Swiss-US Privacy Shield

For more information about Confirmation.com and GDPR, email DataInquiries@confirmation.com. Further information on GDPR specifically can be found at eugdpr.eu.

HIPAA/HITECH

The federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), includes laws and regulations governing health insurance coverage protection and health information security for Americans and their families. The intent of HIPAA is to assure the portability of health insurance, decrease health care fraud and abuse, improve efficiency and effectiveness of healthcare, enforce standards, and guarantee security and privacy of patient identifiable information.

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

HIPAA and HITECH compliance certification is the formal way to assure individuals that a provider is committed to protect their medical information.

We are committed to respect the privacy of all health care information and to follow industry standard guidelines for securing patient information.

PCI-DSS Level 2 Compliance

Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These standards detail the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

AICPA - AU-C Section 500: Audit Evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

外部詢證函

指引

.A18外部詢證函是指第三方(確認方)透過書面形式或電子形式或其他媒介發送給核數師的直接書面回覆的審計證據。

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user.透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

可靠性

指引

.A32  While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:

  • 直接從核數師獲得的審計證據比間接或推斷獲得的審計證據更為可靠。
  • 文件格式的審計證據,不論是紙質、電子或其他媒介形式都比口頭獲得的更為可靠。

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.Undergoes SOC 1, SOC 2 and SOC 3 examinations annually, and has received an ISO 27001 certification of its Confirmation.com service.

AICPA - AU-C Section 505: External Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

選擇適合的確認方

指引

.A3  Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. 透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

回應詢證函請求的可靠性

指引

.A15  An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. 要創建一個安全的詢證環境,取決於核數師和回應方為減少由於攔截或變更詢證函而使結果受到損害的可能性所使用的過程或機制。

How Confirmation Complies

使用最高安全性級別以確保私隱和數據完整性。 Undergoes SOC 1, SOC 2 and SOC 3 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

AICPA - Practice Alert 03-1: Audit Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

指引

.19 如果核數師已確知電子詢證函過程是安全而且合理控制的,並且詢證函是從第三方直接獲得的,此第三方是獲得了真正授權的回應方,那麼電子詢證函可以被視為充分有效的詢證函回應。

How Confirmation Complies

Undergoes SOC 1, SOC 2 and SOC 3 examinations annually, and has received an ISO 27001 certification of its Confirmation service.使用最高安全性級別以確保私隱和數據完整性。 Confirmation uses a unique authentication and authorization process to verify the authenticity of each user.透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

PCAOB - AU Section 330: The Confirmation Process

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

回應方

指引

.27  The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. 

How Confirmation Complies

Confirmation.com採用獨特的身份驗證和授權過程來證明每個用戶的真實性。透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

履行詢證函程序

指引

.29  During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. 維持控制表示建立預期接受者和核數師之間的直接交流,以減小由於攔截或變更詢證函的請求或回應而導致結果產生偏頗的可能性。

How Confirmation Complies

使用最高安全性級別以確保私隱和數據完整性。允許核數師直接向預期回應方發送審計詢證函請求。 Undergoes SOC 1, SOC 2 and SOC 3 examinations annually, and has received an ISO 27001 certification of its Confirmation.com service.

PCAOB - AU Section 326: Audit Evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

充足適當的審計證據

指引

.08 如果審計證據自實體以外知識豐富的獨立來源獲得,該審計證據更為可靠。

How Confirmation Complies

Undergoes SOC 1, SOC 2 and SOC 3 examinations annually, and has received an ISO 27001 certification of its Confirmation.com service.

ISA - ISA 505:外部詢證函

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the ISA.

第6段定義:外部詢證函 

指引

核數師自第三方(確認方)獲得作為直接書面回覆的審計證據,可以為紙質、電子或其他媒介形式。

How Confirmation Complies

Confirmation.com可以讓核數師獲得電子審計證據。獲授權銀行官員會根據核數師的請求準備回應。使用Confirmation.com可滿足「外部詢證函」要求。

第7段 維持控制 

指引

在使用外部詢證函程序時,核數師應對外部詢證函請求維持控制。

How Confirmation Complies

核數師對整個過程維持完全控制,包括客戶與帳戶設置、請求客戶授權和發送與接收詢證函。

A2 選擇適當的確認方 

指引

如核數師把詢證函請求發送至確認方,並確信其對於需確認的資料具備充分知識,此詢證函回應將提供更相關和可靠的審計證據。例如,一個對於發送詢證函請求一方的交易和安排具備充分知識的金融機構人員,可能是發送詢證函請求最適合的對象。

How Confirmation Complies

參與銀行實施嚴格的用戶權限控制及監控程序,以確保只有獲授權的銀行官員能透過Confirmation.com回應審計請求。

A6 確認地址 

指引

確保所有請求都發送妥當,包括在發送出去前,測試詢證函請求上某些或全部地址的有效性。

How Confirmation Complies

我們驗證所有參與Confirmation.com網絡的實體的有效性。 The controls surrounding this process are included in our SOC 1 report that is issued annually as part of our controls audit.依靠我們的驗證程序,您就不用再執行您自己的驗證程序。

A12 電子回應 

指引

電子接收的回應,例如通過傳真或電郵,由於證據來源和回應方的身份可能難以確認,而且亦難以發現任何修改,因此涉及較高的可靠性風險。建立一個核數師和回應方以電子形式接收回應的安全環境過程,可能降低這些風險。如果核數師已確知此過程為安全而且合理控制,相關回應的可靠性亦會隨之提升。一個電子詢證函過程可能包含各種技術以驗證以電子形式發送資料人的身份,例如透過使用密碼、電子數字簽名以及核實網站真實性的程序。

How Confirmation Complies

Confirmation.com擁有業內領先的資料安全操作和數據私隱做法。我們透過適當的程序和監控,以確保數據完整、保密和可用。我們接受第三方審計,以證明我們控制的有效性:

  • SOC 1, SOC 2 and SOC 3 examinations annually.
  • Confirmation.com服務獲得了ISO27001認證。
  • TRUSTe data privacy and EU-US Privacy Shield and Swiss-US Privacy Shield frameworks certification.

A13 第三方的參與 

指引

如果一個確認方使用第三方協調並提供詢證函請求回應,核數師可執行程序處理風險:(a) 回應的來源不恰當; (b) 回應者未獲得回應授權,及 (c) 傳輸的完整性受到質疑。

How Confirmation Complies

Confirmation.com跟從銀行的控制和監管標準,確保其控制環境下用戶存取的安全,以及數據傳輸的安全性並保持其完整性。我們以上概述的控制報告證明了這些程序的有效性。

第12段 無回應 

指引

如沒有接獲回應,核數師應執行替代審計程序以獲得相關及可靠的審計證據。

How Confirmation Complies

Confirmation.com 保證網內回應方的詢證函回應,避免出現需要替代性程序的情況。