Last Updated: March 26, 2025
TERMS AND CONDITIONS
THESE TERMS AND CONDITIONS GOVERN THE USE OF AND ACCESS TO THE SOFTWARE-AS-A-SERVICE MADE AVAILABLE BY DAILYPAY AT WWW.DAILYPAY.CA OR VIA THE DAILYPAY MOBILE APPLICATION ON IPHONE OR ANDROID DEVICES (THE “SERVICE”). BY EXECUTING AN ORDER FORM REFERENCING THESE TERMS, YOU AGREE TO BE BOUND BY THESE TERMS AND THE ORDER FORM. CAPITALIZED TERMS USED BUT NOT DEFINED HEREIN SHALL HAVE THE MEANINGS ASCRIBED TO SUCH TERMS IN EXHIBIT A ATTACHED HERETO.
1. LICENSE
(a) Grant. Subject to the terms and conditions of this Agreement, DailyPay grants Company a non-exclusive, non-transferable, non-sublicensable (except as set forth herein), limited license during the Term (the “License”) to access and use the Service solely for the purpose of providing Company employees access to the Services, including without limitation, access to accrued, unpaid earnings prior to Company’s regularly scheduled payroll processing (“Earnings”) and any other purpose as may be mutually agreed to by the Parties in writing from time to time. Each employee of the Company who elects to use the Service to access Earnings is a “User”. The Service may include (i) the client portal made available by DailyPay to Company Administrators and other Company personnel at www.dailypay.ca (the “Client Portal”); and (ii) application program interfaces (“APIs”) provided by DailyPay for Company to access the Service, if applicable. The License includes the right to make, distribute and use a reasonable number of copies of any written or online (x) descriptions of the functionality, technical requirements, or use of the Service (collectively, “Documentation”), and (y) marketing materials provided by DailyPay (“DailyPay Materials”), in each case for Company’s internal business purposes, including Company promoting the Service to Eligible Employees directly or by DailyPay through a Company issued email address.
(b) Restrictions. The Service is licensed only for Company’s internal business purposes. Except as explicitly permitted in this Agreement, Company shall not, directly or indirectly: (i) modify or create derivative works of the Service; (ii) decompile, reverse engineer, or otherwise translate any portion of the Service into human-readable form (except to the extent that this subsection (ii) is limited by applicable law); (iii) rent, lease, share, distribute, sell or otherwise make the Service available to any third party, including on a time sharing, service bureau, or similar basis; (iv) remove, alter or deface proprietary notices, labels or marks in the Service, Documentation, or DailyPay Materials; (v) disclose the results of testing or benchmarking of the Service; (vi) circumvent or disable the Service’s copyright protection or license management mechanisms; (vii) use the Service in violation of any applicable law or regulation or to violate the rights of any third party; or (viii) attempt to do any of the foregoing.
(c) Additional Features, Products and Services. DailyPay may make new features or modules for the Service available to the Company for an additional fee during the Term (each such offering, an “Company Add-On”). Company Add-Ons are not required for the proper functioning of the Service and shall be mutually agreed upon in writing by the Parties. Company agrees that DailyPay may solicit Users for earned wage access and other related consumer products or services provided or facilitated by DailyPay, provided that DailyPay’s solicitation complies with applicable law, including, without limitation, the Canadian Anti-Spam Law (“CASL”).
2. USE OF THE SERVICE
(a) Company Responsibilities.
(i) Company shall use commercially reasonable efforts to ensure that the Service is made available to Eligible Employees by the Target Launch Date.
(ii) Company shall use commercially reasonable efforts to promote the availability of the Service to Eligible Employees and hiring candidates of the Company. The Company Administrators shall be responsible for collaborating with DailyPay personnel on the most effective communication strategy and plan to make its Eligible Employees and hiring candidates aware of the Service, including DailyPay notification of Eligible Employees at their work emails regarding the availability of the Service.
(iii) Company shall designate at least two (2) Company Administrators. Company Administrators will participate in training calls/webinars about DailyPay in connection with implementation of the Service. If a Company Administrator ceases to be an employee of the Company, then the Company shall, as soon as reasonably practicable, (A) disable such Company Administrator’s access to the Client Portal, (B) notify DailyPay of such termination, and (C) appoint an individual to replace the terminated Company Administrator.
(iv) Prior to the Target Launch Date, and subsequently not later than December 1st of each year for the following calendar year, Company shall provide DailyPay with a calendar year pay schedule that includes all payday holidays.
(v) Company shall provide DailyPay with current and accurate information about Earnings in the form of the following files, in each case, in accordance with the procedures set forth in this Agreement and as may be otherwise agreed by the Parties from time to time: (A) User Roster Files; (B) Gross Earnings Files; and (C) Net Earnings Files. Earnings information may be made available through a Company API, via SFTP, through the Client Portal or through another method as may be mutually agreed by the Parties. Prior to Company’s delivery of the Files, Company shall not require Eligible Employees to (I) opt-in to the Service or (II) instruct the Company to disclose Eligible Employees’ data to DailyPay.
(vi) Prior to or by the Target Launch Date, Company shall transmit the initial User Roster File to DailyPay through a Company API, SFTP or the Client Portal. Company shall include in the User Roster File the email addresses of Eligible Employees. DailyPay may use such email addresses to make Eligible Employees aware of the Service; provided that DailyPay’s use of complies with applicable law, including, without limitation, CASL. After the launch of the Service, Company shall transmit an updated User Roster File to DailyPay not less frequently than once on each Business Day. If Company’s transmission of an updated User Roster File fails, Company shall promptly transmit such User Roster File to DailyPay by an alternative means mutually agreed by the Parties.
(vii) Company shall provide DailyPay with the Gross Earnings Files to the extent practicable, on an hourly basis, but in any event, not less frequently than daily (including weekends and holidays), or as may be otherwise agreed by the Parties from time to time.
(viii) Company shall provide DailyPay with updated Net Earnings Files immediately after Company runs each payroll. The applicable updated Net Earnings Files must be received by DailyPay prior to 12 p.m. EST, the Business Day before each Company payday, or as may be otherwise agreed by the Parties from time to time. Company acknowledges that if a Net Earnings File is not received on a timely basis or is inaccurate, it may cause delays in Users receiving their payroll payments or errors in their payroll payments, as the case may be.
(ix) Company shall ensure that payment information for Users in Company records is updated by timely processing the DDU File to reflect the DailyPay User Account in accordance with the procedures set forth in this Section and as may be otherwise agreed by the Parties from time to time. On a daily basis, DailyPay shall make available to the Company each DDU File. Company shall download such DDU File, upload such DDU File into Company’s payroll system, and effect any direct deposit updates set out in such DDU File prior to processing any following Company payroll.
(x) Company shall make all payroll payments (including off-cycle and termination payments where permitted by applicable law) for Users to the DailyPay User Account in accordance with Company’s regular payroll timeline (but in no event less frequently than monthly). If Company fails to make any payroll payments for Users in accordance with this Section 2(a)(x), then Company shall be required to cure such failure within two (2) Business Days.
(xi) If a User is terminated by the Company or voluntarily terminates their employment with the Company, Company shall notify DailyPay as soon as possible and, in any event, no later than prior to such User’s final paycheck, by (A) reflecting such termination in the subsequent User Roster File provided to DailyPay or (B) deactivating the User’s account in the Client Portal. The Company shall pay the terminated User’s final pay to the DailyPay User Account pursuant to Section 2(a)(x). If the Company is required by applicable law or its internal policies and procedures to pay the terminated User sooner via a paper check (or via an alternative method), DailyPay may invoice Company for the amount of any transfers and any associated charges. If so invoiced, Company shall pay the invoice within thirty (30) days of receipt. DailyPay reserves the right to suspend or modify access to the Service if Company does not comply with its obligations under this Section 2(a)(xi) to notify DailyPay of terminations in a timely fashion.
(xii) Company shall use commercially reasonable efforts to prevent unauthorized access to or use of the Service (including, without limitation, by conducting regular security awareness training for Users about the risks of sharing their login credentials for the Service and using reused passwords as their login credentials for the Service) and notify DailyPay immediately of any such unauthorized access or use of which Company becomes aware.
(xiii) In addition to the restrictions set forth in Section 1(b), Company will not (A) interfere with or disrupt the integrity or performance of the Service, (B) attempt to gain unauthorized access to the Service or its related systems or networks, or (C) interfere with or disrupt the Service, or attempt to prove, scan, or test for vulnerabilities in the Service.
(xiv) Company is responsible for any on-site network or internet connectivity required to access the Service over the Internet by Company. Company consents to the processing and storage of Company Data (as defined below) on hardware owned or controlled by third parties, provided that such hardware is located in a Tier 4 data center.
(xv) If there is an overpayment to a DailyPay User that remains unresolved after the User’s payday and is due to (A) delivery by the Company of Files containing erroneous data or (B) Company’s failure to upload the DDU File in accordance with Section 2(a)(ix) (an “Employer-Caused Overpayment”), DailyPay may invoice Company for such Employer-Caused Overpayment. Such invoice shall be due and payable by Company within thirty (30) days of receipt thereof, unless it is for an amount equal to or greater than $50,000, in which case it shall be due and payable by Company within two (2) Business Days.
(xvi) In connection with entering into this Agreement, the Company shall provide DailyPay with a completed Eligibility Questionnaire including all requested supporting documentation. DailyPay’s obligations under this Agreement are subject to the Company’s satisfactory completion of this initial eligibility review, as determined by DailyPay in its sole discretion.
(xvii) During the Term, for so long as the Company is not a Public Company and unless otherwise mutually agreed by the Parties, the Company shall deliver to DailyPay via email to Credit@dailypay.com:
(1) as soon as practicable, but in any event within one hundred fifty (150) days after the end of each fiscal year of the Company (A) a balance sheet as of the end of such year and (B) statements of income and of cash flows for such year, all such financial statements audited and certified by independent public accountants of nationally recognized standing selected by the Company, in each case including any notes related thereto;
(2) as soon as practicable, but in any event within forty-five (45) days after the end of each quarter of each fiscal year of the Company, unaudited statements of income and cash flows for such fiscal quarter, and an unaudited balance sheet as of the end of such fiscal quarter, all prepared in accordance with GAAP or IFRS (except that such financial statements may (i) be subject to normal year-end audit adjustments; and (ii) not contain all notes thereto that may be required in accordance with GAAP or IFRS, as applicable);
(3) upon DailyPay’s request in connection with any renewal of the Term or as may be requested by DailyPay from time to time (including, without limitation, in connection with a Proposed Company Assignment (as defined in Section 11(f)), an updated Eligibility Questionnaire and supporting documentation.
(xviii)
(1) If the Company (A) makes any Payroll System Change, (B) undergoes a Company Restructuring, or (C) makes a Business Unit Sale (each of clauses (A), (B) or (C), a “System Change”), then Company shall provide DailyPay not less than six (6) months’ prior written notice of such event, or if such prior notice would not be commercially reasonable, as much advanced written notice as would be commercially reasonable under the circumstances.
(2) If DailyPay reasonably expects that such System Change shall cause DailyPay to incur costs and expenses to continue providing the Service (as determined by DailyPay in its sole reasonable discretion), then, DailyPay may invoice Company for the costs of adjusting the Service to the System Change for an amount up to $25,000, depending on the scope of such work. If so invoiced, Company shall pay the invoice within thirty (30) days of receipt. DailyPay may, in its sole reasonable discretion, waive its right to invoice under this Section 2(a)(xviii)(2).
(b) DailyPay Responsibilities.
(i) General.
(1) DailyPay shall provide the Service in accordance with all applicable laws and government regulations.
(2) DailyPay shall, either through the Service or otherwise, provide Company with information regarding Users for whom DailyPay has not received Earnings from Company, and the status of User accounts (including when any User account is terminated).
(3) DailyPay shall distribute payroll payments received from Company pursuant to Section 2(a)(x) to Users net of any prepaid Earnings and service fees owed to DailyPay by such Users. Any payments received by DailyPay prior to 12 p.m. EST on a Business Day shall be distributed on the same Business Day as received. Any payments received by DailyPay at any other time shall be distributed not later than the next Business Day following receipt. DailyPay and the Company agree that this Agreement shall constitute an agreement for services within the meaning of section 37 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations pursuant to which DailyPay provides services referred to in subparagraph 5(h)(ii) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act to the Company.
(4) To the extent permitted by applicable law, DailyPay may suspend or modify access to the Service for any User if (A) Company fails to make payroll payments for such User to the DailyPay User Account pursuant to Section 2(a)(x) or (B) in the sole judgment of DailyPay, said User presents a risk of fraud or unauthorized use.
(ii) Resources to Provide Services. DailyPay shall provide all the facilities, personnel, equipment, communication lines, network equipment and components, bandwidth/connectivity, hardware, software and services necessary to provide the Service on a 24x7x365 basis, except for Scheduled Downtime and any unavailability caused by force majeure events (collectively, the “Service Resources”). As used herein, “Scheduled Downtime” means the downtime required by DailyPay for upgrading or maintaining the Service, provided that such downtime will occur no more frequently than once per week on Sundays between 4 a.m. and 6 a.m. EST and monthly on a Sunday between 12 a.m. and 6 a.m. EST, provided that DailyPay shall provide no less than 24 hours prior written notice of any changes in the downtime schedule. DailyPay shall provide the Service using a primary data center site (the “Primary Site”) as well as a secondary, back-up data center site (the “Back-Up Site”). The Primary Site and Back-Up Site shall (a) have redundant high speed connections to the Internet; and (b) have backup electrical systems, including an uninterruptible power supply and an electrical generator allowing for at least two months of generated power. Data from the Primary Site shall be replicated to the Back-Up Site every evening for disaster recovery purposes.
(iii) Maintenance and Support.
(1) DailyPay shall provide Company, at no additional charge, with all support and maintenance necessary to ensure the Service is Available on a 24x7x365 basis (except for Scheduled Downtime and any unavailability caused by (i) force majeure events or (ii) third-party payment networks) and as more particularly set out in DailyPay’s Product Support Policy (the “Product Support Policy” and such support, the “Support”).
(2) In addition to the items set out in the Product Support Policy, DailyPay shall make available by telephone and email qualified technicians to respond to Company’s Support requests as set out in the Product Support Policy.
(3) DailyPay shall respond to and resolve Service issues as set out in the Product Support Policy.
(iv) Service Level Agreements.
(1) Uptime SLA. DailyPay agrees that the Service shall be Available (as defined below) to Company 99% of time during each month (the “Uptime SLA”). As used herein, “Available” means Company is able to access and use the Service, and the Service is not experiencing an urgent priority level issue, as more particularly set out in the Product Support Policy.
(2) Termination Rights. If (i) the Uptime SLA is not met more than three times during any 12-month period, or (ii) the Service is Available less than 95% of the time during any month, then Company shall have the right to terminate the Agreement.
3. OWNERSHIP
(a) Service, Materials and Documentation. Except for the limited rights granted in Section 1(a), DailyPay retains all right, title and interest, including all intellectual property rights, in and to the Service, Documentation, DailyPay Materials, and DailyPay’s API (collectively, the “DailyPay Intellectual Property”). DAILYPAY EXPRESSLY RESERVES ALL RIGHTS IN AND TO THE DAILYPAY INTELLECTUAL PROPERTY NOT EXPRESSLY GRANTED HEREUNDER.
(b) Company API. Company grants DailyPay a non-exclusive, non-transferable (except as set forth herein), worldwide, royalty-free license and right during the Term (as defined below) to access and use the Company API (if applicable) for the limited purposes of performing its obligations under this Agreement.
(c) Company Data. Company grants DailyPay a non-exclusive, non-transferable (except as set forth herein), worldwide, royalty-free license during the Term to use any information provided by or on behalf of Company to DailyPay (in its capacity as a service provider) in connection with this Agreement (collectively, “Company Data”) for the purpose of providing the Service to the Company. Notwithstanding anything to the contrary, Company agrees that DailyPay has the right to collect, use and analyze any de-identified information derived from the Company Data for DailyPay’s lawful business purposes; provided that such de-identified information shall not be identifiable to any individual or the Company. Company represents and warrants that: (i) it owns or has the right to make Company Data available to DailyPay; (ii) the posting and use of Company Data on or through the Service will not (A) violate the intellectual property, privacy, publicity, or other rights of any person or (B) breach any contract between Company and a third party; (iii) the Company Data is accurate; (iv) Company does and shall comply with all applicable laws and regulations involving the use, protection, and maintenance of Personal Data; and (v) shall not provide DailyPay with any Personal Data that includes complete nine-digit Social Insurance Numbers.
(d) Usage Information. DailyPay Intellectual Property includes all data (i) regarding installation, registration, and use of the Service; and (ii) related to performance of the Service, including response times, load averages, usage statistics, or activity logs (collectively, “Performance Data”). Performance Data does not include any Personal Data or Company-specific output resulting from the use of the Service (“Company Output”) but may include aggregated or anonymized information derived from Company Output. Performance Data may be used to contribute to analytical models used by DailyPay, to monitor and improve the Service, and to develop additional services and offerings.
(e) Feedback. Company hereby grants DailyPay a worldwide, perpetual, irrevocable, royalty-free right and license to use or incorporate into the Service any ideas, suggestions, comments, recommendations, enhancement requests or other input related to the Service provided by Company, its employees or agents to DailyPay in any form in any way whatsoever.
4. FEES
(a) Company Fees. Company shall pay DailyPay any amounts set forth on the Order Form, except to the extent that the Order Form indicates that any such amount has been “waived” (the “Company Fees”). DailyPay may modify the Company Fees in connection with any renewal of the Term, provided that DailyPay provides Company with notice of such revised Company Fees at least forty-five (45) days prior to the renewal date. All Company Fees are payable in advance and due within thirty (30) days of receipt of an invoice. Pursuant to the Order Form, DailyPay agrees to waive implementation-related Company Fees in connection with this Agreement. Notwithstanding the foregoing, if Company (i) does not launch the Service to its Eligible Employees due to some act or omission on the part of Company, or (ii) materially fails to perform any of its obligations under Section 2(a), Company agrees that DailyPay may invoice Company for, and Company shall pay, the amount of the waived implementation-related Company Fees within thirty (30) days of receipt of such invoice. Except as otherwise set forth herein, Company Fees are non-cancelable and non-refundable.
(b) User Fees. As of the Effective Date, DailyPay shall charge Users fees at the rates set forth on the Order Form (the “User Fee”, and collectively with the Company Fees, “Fees”). Company acknowledges that at any time thereafter during the Term, User Fees shall be set at DailyPay’s then-current rates (which may be changed from time to time in accordance with the DailyPay terms of service with the Users).
(c) Outstanding Balances. Any amounts owed by Company to DailyPay pursuant to Sections 2(a)(x), 2(a)(xi), or 2(a)(xv) and not repaid within the timeline prescribed in such Sections shall, in each case, accrue interest at the rate of 1.5% of the outstanding balance per month (18% annually), or the maximum rate permitted by law, if less, from the date such payment was due until the date paid. DailyPay may also suspend or adjust Company and/or User access to the Service if such amounts remain unpaid more than thirty (30) days after they were due. Notwithstanding the foregoing, if Company fails to comply with its obligations to fund payroll to DailyPay User Accounts in accordance with Section 2(a)(x), DailyPay may immediately suspend or adjust Company or User access to the Service.
(d) Taxes. Company shall be responsible for payment of all sales, property, value-added, payroll withholding, or other federal, provincial or local taxes arising from or related to its payment of Earnings to Users and the Service, except for taxes based solely on DailyPay’s net income. If DailyPay is required to pay any such taxes based on the licenses granted in this Agreement or on Company’s use of the Service, then such taxes will be billed to and paid by Company.
5. CONFIDENTIAL INFORMATION
(a) Definition. “Confidential Information” means all information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”) in connection with this Agreement, whether orally or in writing, that is designated as confidential or the equivalent or that reasonably should be understood to be confidential given the nature of the information and/or the circumstances of disclosure. However, Confidential Information does not include information (apart from Personal Data) that (i) is or becomes generally known to the public without Receiving Party’s breach, (ii) was known to the Receiving Party prior to its disclosure, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. The occurrence of a situation described in subsections (i) through (iv) will not reduce or limit the Receiving Party’s obligation to protect Personal Data in compliance with all applicable laws and regulations.
(b) Protection. The Receiving Party shall protect the Disclosing Party’s Confidential Information with the same degree of care that it uses to protect its own information of like kind (but in no event with less than reasonable care). The Receiving Party shall (i) only use Confidential Information as required to fulfill its obligations or as otherwise permitted under this Agreement, and (ii) unless authorized by the Disclosing Party in writing, limit access to Confidential Information to those of its and its affiliates’ employees, contractors, agents and potential financing sources who are bound to confidentiality obligations no less stringent than those in this Section 5. The terms of this Agreement are Confidential Information of the Parties; its existence is not.
(c) Compelled Disclosure. The Receiving Party may disclose the Disclosing Party’s Confidential Information if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest or limit the scope of the disclosure.
6. TERM AND TERMINATION
(a) Term. This Agreement shall become effective on the Effective Date and will continue for the “Initial Term” of two (2) years. Thereafter, the Agreement will automatically renew for successive periods equal to the length of the Initial Term (each, a “Renewal Term,” and, all such Renewal Terms with the Initial Term, the “Term”), unless either Party notifies the other in writing of its intent not to renew at least thirty (30) days prior to the expiration of the then-current Term, or the Agreement is otherwise terminated pursuant to this Agreement.
(b) Termination for Material Breach. If either Party fails to materially comply with any provision of the Agreement, the other Party may terminate the Agreement upon thirty (30) days’ written notice unless the breach is cured within such time. In addition, DailyPay may terminate this Agreement without opportunity for Company to cure if Company (i) fails to timely fund any two (2) payroll payments in accordance with Section 2(a)(x) in a rolling, twelve (12) month period, (ii) fails to (A) provide any information required to be provided pursuant to Sections 2(a)(xvi) or (xvii) or (B) meet DailyPay’s eligibility requirements, as determined by DailyPay in its sole reasonable discretion, or (iii) assigns or attempts to assign this Agreement or delegates or attempts to delegate its rights or obligations hereunder without the prior written consent of DailyPay pursuant to its obligations under Section 11(f).
(c) Termination for Insolvency and Related Events. This Agreement may be terminated immediately by either Party upon written notice to the other Party (i) upon the institution by the other Party of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of such other Party’s debts (or when such proceedings are instituted by a third party and not dismissed within twenty (20) days), (ii) upon the other Party’s making an assignment for the benefit of creditors, or (iii) upon the other Party’s dissolution or ceasing to do business.
(d) Effects of Termination. Upon the expiration or termination of the Agreement, (i) Company shall pay DailyPay for any Earnings paid to Users by DailyPay but not funded to the DailyPay User Account by Company as of the date of termination or expiration of the Agreement (the “Termination Date”): (A) within two (2) Business Days of the Termination Date if such amounts exceed $50,000 in the aggregate; or (B) within thirty (30) days of the Termination Date if such amounts do not exceed $50,000; (ii) all non-perpetual rights and licenses granted by each Party hereunder shall terminate; (iii) Company shall immediately discontinue all use of the Service and remove or destroy any copies of the Documentation and DailyPay Materials in its possession; (iv) DailyPay may retain all Company Data for applicable audit and compliance retention periods, subject to the terms of Section 5; (v) each Party shall return (or destroy, at the Disclosing Party’s option) all other Confidential Information of the other Party in its possession; and (vi) Sections 2(b)(iv) (payroll distribution) 3 (Ownership), 5 (Confidential Information), 6(d) (Effects of Termination), 7 (Warranties, Covenants, and Disclaimer), 8 (Indemnification), 9 (Limitation of Liability), 10 (Governing Law, Dispute Resolution), 11 (Miscellaneous), and Exhibit A (Defined Terms) and any rights or obligations of the Parties which, by their express terms, nature or context are intended to survive termination, will survive in accordance with their terms.
7. WARRANTIES, COVENANTS AND DISCLAIMER
(a) Mutual Representations and Warranties. Each Party represents and warrants that it has the right to enter into and perform its obligations under this Agreement, and that such performance does not and will not conflict with any other agreement of such Party or any judgment, order, or decree by which it is bound. Each Party shall comply with all laws applicable to its performance under this Agreement, including those relating to privacy and the protection of Personal Data and credit information.
(b) Company Covenants.
(i) Company acknowledges and agrees that the DailyPay On-Demand Pay service is not compatible with other services that enable employees to access their Earnings prior to payday (such services, “On-Demand Pay Solutions”). In consideration thereof, Company covenants that, during the Term, DailyPay shall be Company’s exclusive provider of On-Demand Pay Solutions available to Eligible Employees.
(ii) Company represents and warrants that there is no collective bargaining agreement or other agreement applicable to any of its Eligible Employees that would restrict or limit Company from deducting from Users’ Earnings, and assigning and remitting such Earnings to DailyPay for purposes of facilitating the Services.
(c) Disclaimer. EXCEPT AS SPECIFICALLY SET FORTH IN THIS AGREEMENT, DAILYPAY DOES NOT MAKE AND EXPRESSLY DISCLAIMS, ANY REPRESENTATION, CONDITION, OR WARRANTY IN CONNECTION WITH THIS AGREEMENT, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, CONDITIONS OR WARRANTIES OF MERCHANTABLE QUALITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, DAILYPAY MAKES THE SERVICE AVAILABLE ON AN “AS IS” BASIS AND DOES NOT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICE, OR THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR FREE.
8. INDEMNIFICATION
(a) By DailyPay.
(i) DailyPay will indemnify and hold harmless (including payment of reasonable legal fees) Company and its officers, directors and employees against any third-party claim alleging that the Service infringes the intellectual property rights of such third party, except to the extent the alleged infringement arises out of (A) Company’s use of the Service in violation of the Agreement, (B) Company’s use of the Service in combination with other products, equipment, software or data not supplied by DailyPay, (C) any modification of the Service by any person other than DailyPay or its authorized agents, or (D) Company Data.
(ii) If the Service or any element thereof is (or in DailyPay’s judgment) is likely to be found to infringe any third-party intellectual property rights, DailyPay, in its sole discretion and at its cost and expense, will either (A) procure the right for Company to continue to use the Service; or (B) modify the Service to be non-infringing without materially diminishing its functionality. If neither (A) nor (B) is commercially reasonable, DailyPay may terminate the Agreement by giving Company at least thirty (30) days’ prior written notice and, as Company’s sole and exclusive remedy therefor, refund Company any prepaid Company Fees attributable to the terminated portion of the Agreement.
(iii) The remedies in Sections 8(a)(i) and (ii) are Company’s sole remedy, and DailyPay’s entire liability, with respect to any third-party infringement claim.
(iv) DailyPay will indemnify and hold harmless (including payment of reasonable attorneys’ fees and court costs) Company and its officers, directors and employees against any third-party claim arising out of or related to any Security Breach (as defined in Exhibit B) (any such claims, “DailyPay Security Breach Claims”). Notwithstanding the foregoing, (x) any indemnification obligations in this Section 8(a)(iv) shall not apply to that portion of any claim arising from (I) Company’s own negligent act or omission or (II) Company’s breach of any representation or warranty or obligation under this Agreement; and (y) DailyPay’s aggregate liability for all DailyPay Security Breach Claims in each contract year shall not exceed the total amount of Fees (including User Fees) paid to DailyPay under this Agreement during the twelve (12) months prior to the date on which the claim arose.
(b) By Company. Company will indemnify and hold harmless (including payment of reasonable attorneys’ fees and court costs) DailyPay and its officers, directors and employees against any third party (including a User) claim arising out of or related to (i) Company’s failure to comply with applicable law or (ii) DailyPay’s use of any Company Data (including allegations of late or erroneous payments of Earnings or Company’s failure to provide Company Data necessary for DailyPay to make payments of Earnings to Users).
(c) Procedures. The obligations in this Section 8 are contingent on the indemnified Party (i) promptly notifying the indemnifying Party of any indemnifiable claim (except that any failure to so notify the indemnifying party will not relieve indemnifying party of its obligations under this section unless such failure materially prejudices indemnifying party’s ability to defend the claim); (ii) granting the indemnifying Party sole control over the defense and/or settlement of the claim (provided that a settlement may not impose costs or liability on the indemnified Party without its consent); and (iii) providing reasonable assistance to the indemnifying Party at the indemnifying Party’s expense.
9. LIMITATION OF LIABILITY.
(a) SUBJECT TO SECTION 9(C), IN NO EVENT WILL EITHER PARTY BE LIABLE FOR LOST PROFITS, LOSS OF DATA, OR ANY CONSEQUENTIAL, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE, OR INDIRECT DAMAGES, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
(b) SUBJECT TO SECTION 9(C), IN NO EVENT WILL EITHER PARTY BE LIABLE FOR DAMAGES EXCEEDING, IN THE AGGREGATE, THE GREATER OF (I) $5,000 OR (II) THE TOTAL AMOUNT OF FEES PAID TO DAILYPAY UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRIOR TO THE DATE ON WHICH THE CLAIM AROSE.
(c) SECTIONS 9(A) AND 9(B) WILL NOT APPLY TO LIMIT:
(i) EITHER PARTY’S LIABILITY ARISING OUT OF ITS FRAUD OR WILFUL MISCONDUCT;
(ii) EITHER PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 8 (WHICH SHALL BE SUBJECT TO THE LIMITATIONS SET FORTH THEREIN, IF ANY);
(iii) COMPANY’S LIABILITY FOR ANY FAILURE TO FULLY FUND THE DAILYPAY USER ACCOUNTS IN ACCORDANCE WITH THIS AGREEMENT; AND
(iv) COMPANY’S LIABILITY FOR ANY ERRONEOUS COMPANY DATA.
This Section 9 will apply irrespective of the nature of the cause of action, demand or Claim, including but not limited to, breach of contract (including fundamental breach), negligence, tort or any other legal theory, and will survive a fundamental breach or breaches of this Agreement or of any remedy contained herein. THIS LIMITATION IS CUMULATIVE AND THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIABILITY LIMITATION. THE PARTIES ACKNOWLEDGE THAT THE FOREGOING LIMITATIONS ARE AN ESSENTIAL ELEMENT OF THE AGREEMENT.
10. GOVERNING LAW, DISPUTE RESOLUTION
(a) Governing Law. This Agreement is governed by and will be construed in accordance with the laws of the Province of Ontario and the laws of Canada applicable therein. For the purposes of all legal proceedings, this Agreement will be deemed to have been made and performed in the Province of Ontario and the courts of the Province of Ontario will have exclusive jurisdiction to entertain any action arising under this Agreement. The Parties each hereby attorns to the jurisdiction of the courts sitting in the City of Toronto, Province of Ontario. To the extent permitted by applicable law, each Party hereby waives the right to trial by jury of any such suit, action or proceeding. This choice of jurisdiction does not prevent either Party from seeking injunctive relief with respect to a violation of intellectual property rights or confidentiality obligations in any appropriate jurisdiction.
(b) Dispute Resolution. The Parties will use reasonable efforts to resolve any dispute regarding this Agreement (including any breaches of the Agreement or the interpretation of this Agreement) through the informal escalation process agreed by the Parties, provided that this Section 10(b) will not prevent the Parties from obtaining specific performance and injunctive or other equitable relief or initiating proceedings pursuant to Section 10(a).
11. MISCELLANEOUS
(a) Insurance. During the Term of this Agreement, DailyPay shall maintain a policy of (i) commercial general liability insurance, covering liability arising from premises, operations, independent contractors, completed operations, personal injury, advertising injury and liability assumed under an insured contract, with limits of at least $1,000,000 per occurrence, and $2,000,000 aggregate; (ii) Umbrella Liability of at least $10,000,000 per occurrence and $10,000,000 aggregate; (iii) Third-Party Crime Liability of at least $3,000,000 per occurrence and $3,000,000 aggregate; (iv) Professional Liability/Errors and Omissions Coverage of at least $10,000,000 per occurrence; and (v) Privacy and Network Liability of at least $15,000,000 per claim, and $15,000,000 aggregate, including Data Breach Fund and Regulatory Proceeding.
(b) Notices. Any notice, consent, or other communication intended to have legal effect hereunder will be in writing and given personally, sent via overnight delivery requiring signature upon receipt to the relevant Party at the address for such Party indicated on the Order Form (or such other address as provided by that Party in writing), or sent via email to the email address for such Party indicated on the Order Form (or such other email address as provided by that Party in writing). Notices will be deemed given when delivered or refused.
(c) Attribution, Publicity and Marks.
(i) Company may utilize DailyPay’s trademarks and service marks (collectively, the “DailyPay Marks”) that are provided by DailyPay to Company for the sole purpose of promoting the Service to Eligible Employees and hiring candidates. Any such utilization of DailyPay Marks shall be consistent with DailyPay’s style guidelines or requirements as communicated to Company by DailyPay. Company shall not use the DailyPay Marks for any other purpose without the prior written consent of DailyPay. Company acknowledges DailyPay’s sole ownership of and exclusive right, title and interest in and to the use of the DailyPay Marks, and no ownership interest in the DailyPay Marks by Company has been created by this Agreement. All use of DailyPay Marks contemplated by this Agreement shall inure solely to the benefit of DailyPay.
(ii) DailyPay may utilize Company’s trademarks and service marks (collectively, the “Company Marks”) in order to indicate that Company is a customer of DailyPay (1) for the purpose of validating for Users that the Company maintains a contractual relationship with DailyPay pursuant to which DailyPay provides the Service to the Company; and (2) as part of DailyPay’s on and offline sales and marketing materials (including, without limitation, press releases and other public announcements of the launch of the Service with the Company). Any such utilization of Company Marks will be consistent with Company’s style guidelines or requirements as communicated to DailyPay by Company. DailyPay acknowledges Company’s sole ownership of and exclusive right, title and interest in and to the use of the Company Marks, and no ownership interest in the Company Marks by DailyPay has been created by this Agreement.
(iii) The Parties may collaborate on additional marketing efforts (including, without limitation, case studies, events and whitepapers), in which case, a Company Administrator shall be responsible for such collaboration on behalf of the Company.
(d) Relationship of the Parties. The Parties are independent contractors and nothing in this Agreement will be construed as creating a partnership or joint venture of any kind between the parties. Neither Party will have the authority nor power to bind the other Party or represent that it has such right.
(e) Joint and Several Liability. Each of the Company entities identified in this Agreement, including its/their subsidiaries and affiliates, is a Party to this Agreement and is jointly and severally liable for the obligations of Company set forth in this Agreement.
(f) Assignment. Company may not assign this Agreement or delegate any rights or obligations hereunder, directly or indirectly, by Change of Control (as defined below), merger (whether or not the Company is the surviving entity), operation of law or otherwise, without DailyPay’s prior written consent. If Company desires to assign any of its rights, or delegate any of its obligations (any such proposed assignment or delegation, a “Proposed Company Assignment”), then Company shall first provide fourteen (14) days’ prior written notice to DailyPay. After receipt of such notice, DailyPay may, in connection with such Proposed Company Assignment, request an updated Eligibility Questionnaire pursuant to Section 2(a)(xvii)(3) and any such Proposed Company Assignment shall be subject to DailyPay’s prior written consent (not to be unreasonably withheld). Subject to the foregoing, this Agreement will inure to the benefit of and be binding upon the Parties and their respective successors and permitted assigns. DailyPay may freely assign this Agreement. Any attempted assignment in violation of this Section 11(f) will be null and void. For purposes hereof, “Change of Control” means any transaction or series of related transactions which results in equityholders which were not equityholders of the Company or any of the Company’s subsidiaries party hereto on the Effective Date owning more than fifty percent (50%) of the outstanding equity of the surviving entity.
(g) Waiver; Amendment. DailyPay reserves the right, in its sole discretion, to modify this Agreement. DailyPay will post the modifications on this page or otherwise make available to Company any modifications, and will indicate at the top of this page the date this Agreement was last revised. Company's continued use of the Service will constitute its acceptance of any modifications. A Party’s failure to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.
(h) Force Majeure. Nonperformance of either Party will be excused to the extent that performance is rendered impossible by events beyond its reasonable control, provided that the affected Party takes commercially reasonable steps to mitigate the effect of such event
(i) Titles; Headings; Interpretations. Titles and headings used in this Agreement are intended solely for convenience of reference and do not affect its meaning. If any provision of this Agreement will be held by a court of competent jurisdiction to be contrary to law, the remaining provisions of this Agreement will be unaffected. Except as expressly set forth herein, nothing in this Agreement grants any rights to any entity other than the parties to this Agreement. As used herein, “including” and its derivatives means “including, without limitation,” “may” means “has the right, but not the obligation to,” and “employees” means “employees or independent contractors.”
(j) Entire Agreement. This Agreement, including any exhibits attached hereto, is the entire agreement between the Parties with respect to the Service and supersedes any prior agreements, proposals and understandings about the same subject.
(k) Further Assurances. Each Party will from time to time execute and deliver all such further documents and instruments and do all acts and things as the other party may reasonably require to effectively carry out or better evidence or perfect the full intent and meaning of this Agreement.
(l) Currency. Except for Section 11(a), all references to currency in this Agreement, including “dollars” or “$” shall be to the Canadian Dollar. References to currency in Section 11(a) shall be to the United States Dollar.
(m) Language. The parties have required that this Agreement and all documents and notices relating to this Agreement shall be drawn up in the English language. Les parties aux présentes ont exigé que le présent contrat et tous autres documents ou avis afférents aux présentes soient rédigés en langue anglaise.
(n) Counterparts. This Agreement may be signed in counterparts and delivered in person or by email, each of which when delivered shall be deemed to be an original and all of which together shall constitute one original document.
EXHIBIT A
DEFINED TERMS
1. Definitions.
(a) “Business Day” means a day of the year other than a Saturday or a Sunday or any other day on which banks are authorized or required to close in Toronto, Ontario, Canada.
(b) “Business Unit Sale” means any sale or divestment by the Company to a third party of a business unit or part of its business that, at the time of such sale, has Eligible Employees using the Service.
(c) “Company Administrators” means at least two (2) employees of the Company responsible for the administration of the Service for the Company that will have access to all related functions of the Service. One of the Company Administrators shall be the Company employee who is responsible for overseeing privacy and compliance for the Company. Company Administrators shall be required to participate in trainings and webinars by DailyPay to enable them to (A) have knowledge of all related functions of the Service, and the internal systems, tools, policies, and practices in use by the Company and (B) be proficient users of the Service. The initial Company Administrators shall be the individuals listed on the Order Form. `
(d) “Company API” means an application program interface owned by or licensed to the Company for the purpose of connecting the Company to the Service.
(e) “Company Restructuring” means any restructuring of the Company’s business organization (including, without limitation, by adding additional divisions or business categories) in a manner that could reasonably be expected to materially affect the Company’s payroll procedures.
(f) “DailyPay User Account” means the unique routing and account number pairing established for each User in connection with this Agreement.
(g) “DDU File(s)” means the direct deposit update files provided by DailyPay to Company from time to time in order to reflect the DailyPay User Account, in the format set forth in the File Specifications.
(h) “Eligible Employees” means all of the Company’s (w) current employees and (x) newly hired employees during the Term working and residing in Canada, other than any current employee or newly hired employee of the Company that, in DailyPay’s sole discretion, is not a suitable candidate to use the Service, including, without limitation, (y) any salaried employee that earns an annual salary of more than $200,000 per year or (z) any hourly employee that earns more than $100 per hour.
(i) “Eligibility Questionnaire” means the Canada-specific eligibility questionnaire made available to the Company.
(j) “File Specifications” means the file specifications distributed to the Company.
(k) “Files” means, collectively, the DDU File(s), the Gross Earnings File(s), the Net Earnings File(s), and the User Roster File.
(l) “Gross Earnings File(s)” means files listing the hours worked for each shift and the gross earnings data for each individual listed in the then-current User Roster File, and, in each case, sourced directly from Company’s systems, in the format set forth in the File Specifications.
(m) “Net Earnings File(s)” means files containing the net and gross pay amounts for each individual listed in the User Roster File in the format set forth in the File Specifications.
(n) “Payroll System Change” means any change to the Company’s payroll, time, or human resource management systems in a manner that could reasonably be expected to materially affect the Company’s payroll procedures.
"Personal Data” means any information that constitutes “personal information” under Privacy Laws, that is transferred by Company or its permitted agents to DailyPay in performance of or pursuant to the Agreement, but excludes “personal information” for which DailyPay has obtained its own consent in compliance with applicable Privacy Laws to collect, use or disclose personal information initially transferred by Company or its permitted agents to DailyPay in performance of or pursuant to the Agreement.
(p) “PIPEDA” means the Personal Data Protection and Electronic Documents Act, SC 2000, c.5.
(q) “Privacy Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, theft, or unauthorized access to, use or disclosure of Personal Data.
(r) “Privacy Impact Assessment” means an assessment of the impact of the envisaged Processing operations on the protection of Personal Data as required by applicable Privacy Laws.
(s) “Privacy Laws” means any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction governing the Processing of Personal Data, including for example, and without limitation, PIPEDA, Alberta’s Personal Data Protection Act, British Columbia’s Personal Data Protection Act, and Quebec’s Act Respecting the Protection of Personal Data in the Private Sector.
(t) “Processing”, “Processed” or “Process” means collection, use, modification, retrieval, disclosure, retention, storage, and/or deletion.
(u) “Public Company” means one of the following: (A) a corporation resident in Canada the shares of which are listed on a designated stock exchange in Canada; (B) a public corporation as defined in section 89(1) of the Income Tax Act; (C) a company whose stock is publicly traded on the New York Stock Exchange or the NASDAQ or (D) a company that is subject to the periodic reporting requirements of Section 12(g) or 15(d) of the Securities Exchange Act of 1934, as amended, and the rules and regulations promulgated thereunder
(v) "Security Breach” means: (i) Privacy Breach; or (ii) any unauthorized access to or use, disclosure, alteration, or destruction of Company Data known to DailyPay that materially compromises the security of Company Data.
(w) “Supervisory Authority” means an independent public authority tasked with the regulation, oversight and enforcement of applicable Privacy Laws, including regulatory authorities established in Canada.
(x) “TargetLaunch Date” means the Target Launch Date set forth on the Order Form.
(y) “User Roster File” means a file containing information on Eligible Employees as set forth in the File Specifications.
EXHIBIT B
DATA PROCESSING ADDENDUM
In the event of any conflict between the Agreement and this Data Processing Addendum (the “Addendum”), the terms and conditions of this Addendum shall control. Except to the extent expressly superseded or modified in this Addendum, the terms and conditions of the Agreement will apply to this Addendum and remain in full force and effect. Capitalized terms used but not defined in this Addendum have the meanings provided in the Agreement.
1. Data Security and Compliance with Privacy Laws
(a) Mutual Representations and Warranties. Company and DailyPay shall each comply with all Privacy Laws that apply to them in relation to Company Data Processed under the Agreement (including this Addendum).
(b) DailyPay Obligations
(i) DailyPay represents and warrants that nothing in applicable Privacy Laws prevent it from performing its obligations as described in this Agreement. DailyPay further represents and warrants that any DailyPay subprocessors that process Company Data are subject to a written contract with each such subprocessor that imposes obligations on the subprocessor that are substantially similar to those imposed on DailyPay under this Addendum. DailyPay shall only retain subprocessors that DailyPay can reasonably expect to appropriately protect the privacy, confidentiality and security of the Personal Data. DailyPay shall post subprocessors to https://www.dailypay.com/legal/subprocessors/, to which Company shall subscribe for updates. Posting to the website shall constitute notice to Company. Prior to appointing any new subprocessor, DailyPay shall notify Company of such appointment, whereupon Company shall have thirty (30) days to object to such appointment by providing detailed reasons in writing to DailyPay, at which point Company will be deemed to have given written consent to the appointment of the subprocessor if DailyPay has not received an objection from Company. If Company objects in writing to the proposed appointment, the Parties shall work together in good faith to resolve Company’s reasonable concerns.
(ii) DailyPay represents and warrants that as of the date hereof, it is compliant, and shall ensure at all times during the Term that it will remain compliant, with the Payment Card Industry Data Security Standard requirements (“PCI-DSS”), in each case, to the extent PCI-DSS applies to the Service. Furthermore, DailyPay represents and warrants that as of the date hereof, it maintains, and shall ensure that at all times during the Term that it will continue to maintain, SOC 2 Type 2 and ISO 27001:2013 certifications and security controls consistent with such certifications.
(iii) Without limiting DailyPay’s obligations under the Agreement, DailyPay shall implement administrative, physical and technical safeguards to protect Company Data (and appropriate to the sensitivity of Personal Data), that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which Company Data is collected, accessed, used, stored, processed, disposed of and disclosed by DailyPay complies with Privacy Laws, as well as the terms and conditions of the Agreement (the “Security Measures”). Such Security Measures are designed to protect Company Data against Security Breaches. The parties acknowledge and agree that the Security Measures as of the Effective Date are set out herein. At a minimum, DailyPay’s Security Measures shall include: (1) limiting access of Company Data to authorized persons; (2) implementing network, device application, database and platform security; (3) securing information transmission, storage and disposal; (4) implementing authentication and access controls within media, applications, operating systems and equipment; (5) encrypting and pseudonymizing Company Data stored on any DailyPay-supplied mobile media; (6) encrypting and pseudonymizing Company Data transmitted over public or wireless networks; (7) logically segregating Company Data from information of DailyPay or its other customers so that Company Data is not commingled with any other customer’s information; (8) validating security of software and websites through static and dynamic security testing processes; (9) implementing appropriate personnel security and integrity procedures and practices; (10) providing appropriate privacy and information security training to DailyPay’s employees; (11) ensuring all software developed by DailyPay is tested for security flaws and meets at a minimum OWASP top 10 security standards; (12) ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (13) ensuring the ability to restore the availability and access to Company Data in a timely manner in the event of a physical or technical incident; and (14) maintaining a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing Company Data.
(iv) In the course of Processing Company Data, DailyPay shall:
(1) except as otherwise permitted herein, only Process Company Data as reasonably necessary for the purposes of rendering the Service and as otherwise instructed by Company in writing from time to time or as required or permitted by applicable law, and not Process any Company Data in any other manner without the express prior written authorization of Company;
(2) not disclose (and not allow any of its employees, or permitted agents or representatives to disclose) any Company Data to any third party without the prior written authorization of Company (under the Agreement (including as contemplated by Subclause 4 below) or otherwise) unless required to do so under applicable law (in which case Subclause (4) below shall apply);
(3) where any disclosure, transfer or other Processing of Company Data is required by applicable law, promptly notify Company in writing before complying with any such requirement (unless prohibited by applicable law, such as on important grounds of public interest);
(4) except to the extent legally prohibited, promptly notify Company in writing of any (A) communication received by DailyPay from a Supervisory Authority relating to the Processing of Company Data, and (B) order, demand, warrant or any other document purporting to compel the production of any Company Data, and provide reasonable assistance at Company’s cost to enable Company to comply with its obligations under applicable Privacy Laws in responding to (A) or (B);
(5) in the event of an enquiry or complaint received from an individual relating to the individual’s rights under Privacy Laws, provide prompt reasonable assistance to Company with respect to any obligations Company has to respond to such requests, such as an obligation to provide access to Company Data, or to correct, rectify, erase or restrict the Processing of Company Data;
(6) ensure that each employee of DailyPay involved in rendering the Service is appropriately screened to confirm the suitability of the performance of their duties in connection with the Service, including the access to and Processing of Company Data;
(7) at Company’s cost and request, and taking into account the nature of the Processing and the Company Data available to it, provide reasonable assistance to Company as necessary for Company to meet its obligations under Privacy Laws in connection with:
(a) obligations relating to ensuring the security and integrity of Company Data;
(b) obligations relating to notifications and communication of Privacy Breaches as required by Privacy Laws to the Supervisory Authority and/or any affected individuals; and
(c) undertaking any Privacy Impact Assessments that are required by Privacy Laws.
2. Breach Notification. DailyPay shall notify Company of a Security Breachby notifying the Company Administrator responsible for overseeing privacy and compliance as soon as practicable, but no later than seventy-two (72) hours after DailyPay becomes aware of it. Where possible, the notice to Company shall describe the nature of incident, the number of individuals impacted, the type of records impacted, and any other information that may be relevant. Following DailyPay’s notification to Company of a Security Breach, the parties shall coordinate with each other to investigate the Security Breach. DailyPay shall take all reasonable steps to investigate, mitigate, and remediate any Security Breach and prevent any further Security Breach at DailyPay’s expense in accordance with applicable laws. DailyPay shall provide Company with all such timely information and cooperation as Company may require so that it may fulfil its data breach reporting obligations under (and in accordance with the timescales required by) applicable Privacy Laws. The Parties agree to coordinate in good faith on developing the content of any related public statements.
3. Regulator Requests and Compelled Production. DailyPay shall use commercially reasonable efforts to assist the Company in addressing (at the Company’s cost): (a) any communications and abiding by any advice or orders from Supervisory Authority relating to the Company Data within the timeframe specified by the government authorities; and (b) any order, demand, warrant or any other document purporting to compel the production of any Company Data.
4. Company Obligations. Company agrees that it:
(a) has all necessary registrations and notifications as required in order to permit DailyPay to perform its obligations and exercise its rights under this Addendum;
(b) has obtained and provided, and shall continue to obtain and provide, all necessary consents and notices, including with respect to transfers of Company Data outside of the jurisdiction in which an individual resides or performs services, and otherwise has and continues to have all necessary authority, to permit DailyPay to perform its obligations and exercise its rights in connection with the Processing of Company Data under the Agreement (including this Addendum), and shall inform DailyPay immediately if any such consents or authority are withdrawn or can no longer be relied upon;
(c) has ensured and shall continue to ensure that all Company Data Processed by DailyPay is adequate, relevant, accurate and up-to-date, and limited to what is necessary to permit DailyPay to perform its obligations and exercise its rights under the Agreement (including this Addendum);
(d) has ensured and shall continue to ensure that there are valid legal bases to enable DailyPay to Process Company Data in the manner and for the purposes contemplated under the Agreement (including this Addendum);
(e) has Processed and will continue to Process the Company Data in accordance with all applicable Privacy Laws;
(f) shall use commercially reasonable efforts to prevent unauthorized access to or use of the Service (including, without limitation, by conducting regular security awareness training for Users about the risks of sharing their login credentials for the Service and using reused passwords as their login credentials for the Service) and notify DailyPay immediately of any such unauthorized access or use of which Company becomes aware;
(g) will not: (i) interfere with or disrupt the integrity or performance of the Service, (ii) attempt to gain unauthorized access to the Service or its related systems or networks, or (iii) interfere with or disrupt the Service, or attempt to prove, scan, or test for vulnerabilities in the Service; and
(h) is responsible for any on-site network or internet connectivity required to access the Service over the Internet by Company. Company consents to the Processing and storage of Company Data on hardware owned or controlled by third parties, provided that such hardware is located in a Tier 4 data center.
5. Assistance and Cooperation. If requested and upon reasonable prior written notice from Company, DailyPay shall provide commercially reasonable assistance to Company in completing any Privacy Impact Assessments and/or data protection impact assessment, and any prior consultations with government authorities, necessary to comply with applicable Privacy Law. Company shall be responsible for reasonable costs and expenses incurred by DailyPay related to any such assistance. Upon Company’s request, DailyPay shall provide Company all information reasonably necessary to demonstrate compliance with applicable Privacy Laws.
6. Audit.
(a) Upon Company’s written request DailyPay will provide Company with all information and access to records of Company Data during business hours and upon at least 30 days’ advance notice in writing, at most once per year, for the purpose of demonstrating DailyPay’s compliance with applicable Privacy Laws, including of the measures DailyPay has taken to comply with its obligations under this Agreement.
(b) DailyPay shall provide, and Company agrees to accept, DailyPay’s most current third-party certifications as may be relevant and available in respect of the Service. In addition, upon Company’s written request, DailyPay shall provide Company (or its representatives) with the results of any audit performed by or on behalf of DailyPay that assesses the effectiveness of DailyPay’s information security program as relevant to the security and confidentiality of Company Data shared during the Term of the Agreement.
(c) Upon Company’s request, DailyPay agrees to provide to Company from DailyPay’s independent auditor, at DailyPay’s expense, a Type 2 SOC 2 report that includes a description of the “system” as well as a written assertion by management issued based on the criteria for a description of a service organization’s system in DC section 200, 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report (AICPA, Description Criteria) in addition to or replacement of any other applicable auditing and attestation standard(s) approved by the AICPA that are in effect during the time period in which the DailyPay’s independent auditor performs work related to the Type 2 SOC 2 report referred to herein (the “Report and Opinion”). DailyPay agrees to provide this Report and Opinion to Company for reasonable assurance that DailyPay’s service commitments and system requirements were achieved based on the trust services criteria relevant to Security, Availability, and Confidentiality (applicable trust services criteria) set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
7. Return or Deletion of Company Data. Upon termination of the Agreement, DailyPay shall upon Company’s request either return all Company Data and copies of such data to Company or delete, and provide a certificate of destruction, unless (i) storing such Company Data pursuant to applicable law or (ii) such Company Data is necessary solely for the purpose of DailyPay recouping any amounts owed due to a negative remaining balance in any User’s or former User’s DailyPay Account. If required to store Company Data pursuant to the preceding sentence, then the DailyPay shall notify Company and continue to safeguard such data in accordance with this Agreement. DailyPay may aggregate and/or anonymize the Company Data in order to use such aggregated and/or anonymized information for its own purposes, provided that such aggregated or anonymized information, as the case may be, is non-identifiable as to Company and otherwise no longer constitutes Personal Data under applicable Privacy Laws.
8. Termination. This Addendum shall come into force on the Effective Date and shall remain in force until the termination or expiry of the Agreement.
9. Changes to Addendum. In the event of material changes to applicable Privacy Laws, including, but not limited to, the amendment, revision or introduction of new laws, regulations, or other legally binding requirements to which either party is subject, the Parties agree to revisit the terms of this Addendum, and negotiate any appropriate or necessary updates in good faith, including the addition, amendment, or replacement of any schedules.
If you would like to consult these terms in French, ask your DailyPay representative for the French version. Si vous souhaitez consulterces modalités en français, demandez à votre représentant DailyPay la version française.