Provider Terms - Compliance

PROVIDER TERMS MASTER AGREEMENT

 

These providers terms master agreement (the “Agreement”) is made by and between StoneEagle F&I, Inc. (“StoneEagle”), a Delaware corporation with offices at 3400 N Central Expressway, Suite #110, Richardson, TX  75081 and the administrator (“Provider”) by any order or agreement which references this Agreement.

​

1. Function. StoneEagle’s compliance application and APIs support product cancellation and contract forms management for Vehicle Protection Product (“VPP”) compliance capabilities through the StoneEagleCOMPLIANCE set of API’s (the “StoneEagle APIs”). Through Provider consent on the Consent Form, Provider explicitly consents to sharing data related to VPP contracts (the “Data”) as described in the Consent Form with the compliance partners and auto finance companies (the “Compliance Partners”). Provider warrants they have the right to allow StoneEagle to share the Data with the Compliance Partners and for such Compliance Partners to use the Data to support their VPP compliance requirements including verifying products based on a specific VIN/last name combination, cancellation refund quote, product cancellation request, refund payment details, claim summary and contract documents.

2. Security Standards.

a. Security Framework. StoneEagle shall maintain a comprehensive written security policy or policies in compliance with applicable law (“Security Policy”) consistent with up-to-date best practices and standards such that StoneEagle protects the privacy, confidentiality, integrity and availability of the Providers Data and guards against the unauthorized, unauthenticated or unlawful access, copying, use, processing, disclosure, alteration, transfer, loss or destruction of any such Data including, but not limited to, identity theft.

b. Risk Assessments. StoneEagle shall perform regular, at least annual, comprehensive risk assessments which identify the threats (external and internal) against Confidential Information, the external and/or internal threats against such Confidential Information (including against any facilities, equipment, devices, media or other physical assets containing such Confidential Information), the likelihood of such threats occurring, and the impact upon StoneEagle to determine the appropriate level of data security safeguards (“Risk Assessment”).StoneEagle shall manage, control, and have a plan to remediate any deficiencies or threats identified in such Risk Assessment and shall provide Provider with (high-level summary) written results of the Risk Assessment upon request.

c. Data Security Measures. StoneEagle shall establish, implement and maintain data security measures that include, at a minimum, the appropriate technical, administrative, procedural, physical and organizational security measures and controls, and other safeguards to ensure against the accidental, unauthorized, unauthenticated or unlawful processing, transfer, destruction, loss, alteration, disclosure, unavailability, copying, use of or access to Provider Data (including during the electronic transmission, storage and shipping thereof) and any and all software, hardware, printouts, devices, media and other business assets containing Licensee’s Confidential Information (collectively “Safeguards”). Such Safeguards shall be consistent SOC2 standards) (“Standards”). StoneEagle shall engage an independent external auditor to conduct periodic, at least annual, reviews of the Safeguards and Standards .

d. Management. StoneEagle shall regularly monitor, evaluate and adjust, as appropriate, its Security Policy and data security measures in light of any risk assessment findings, relevant changes in applicable law, technology advances, changes to StoneEagle’s systems, internal or external threats to Providers Data including  StoneEagle’s own changing business arrangements, such as mergers and acquisitions, outsourcing and changes to systems in order to ensure that the Security Policy, and StoneEagle data security program and controls remain accurate, comprehensive and up to date.

e. Data Center StoneEagle uses US based cloud services such as AWS and Azure and if StoneEagle materially changes the infrastructure to store such cloud data outside the United States, StoneEagle shall notify Provider.

 

1. Termination and Handling of Data. Either party may terminate the Consent Form upon thirty (30) days' prior written notice (email sufficient) to the other party. Upon such termination, StoneEagle shall cease making the Data available to its Compliance Partners. However, for the avoidance of doubt, Compliance Partners shall not be obligated to delete the Data, due to the necessity for compliance and regulatory requirements. Additionally, StoneEagle may terminate or suspend Provider's sharing of Data s where StoneEagle reasonably believes that the systems or data may be subject to an attack or the system is materially degraded or under Provider's material breach of this Agreement, where immediate termination may be warranted. 

2. Disclaimer of Warranties and Conditions.   STONEEAGLE WARRANTS THAT THE STONEEAGLE APIS WILL BE CREATED IN A PROFESSIONAL AND WORKMANLIKE MANNDER CONSISTENT WITH GENERALLY ACCEPTED INDUSTRY STANDARDS.. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, STONEEAGLE MAKES NO OTHER WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW. STONEEAGLE DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGE CAUSED BY ANY THIRD-PARTY COMPLIANCE PARTNER. ALL DISCLAIMERS OF ANY KIND (INCLUDING IN THIS SECTION AND ELSEWHERE IN THE AGREEMENT) ARE MADE FOR THE BENEFIT OF STONEEAGLE, AND ITS AND THEIR RESPECTIVE PARENT COMPANIES, DIRECTORS, OFFICERS, EMPLOYEES, AFFILIATES, AGENTS, REPRESENTATIVES, LICENSORS, AND SUPPLIERS (COLLECTIVELY, TOGETHER WITH STONEEAGLE, AND ITS AND THEIR RESPECTIVE SUCCESSORS AND ASSIGNS, THE “STONEEAGLE AFFILIATED PARTIES”). WHILE STONEEAGLE TRIES TO MAINTAIN THE TIMELINESS, INTEGRITY AND SECURITY OF THE STONEEAGLE APIS AND REVIEWS THE FUNCTION AND COMPLIANCE PARTNERS, IT DOES NOT GUARANTEE THAT THE STONEEAGLE API WILL REMAIN UPDATED, COMPLETE, CORRECT OR SECURE.

3. Limitation of Liability.  EXCEPT FOR STONEEAGLE’S BREACH OF ITS SECURITY STANDARDS IN SECTION 2, IN NO EVENT WILL THE MAXIMUM AGGREGATE LIABILITY OF ALL STONEEAGLE AFFILIATED PARTIES, ARISING OUT OF OR RELATED TO THIS AGREEMENT, EXCEED TWENTY-FIVE THOUSAND U.S. DOLLARS ($25,000). THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. IN NO EVENT WILL ANY STONEEAGLE AFFILIATED PARTY HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THE AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.  WITHOUT LIMITING THE FOREGOING, TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, (A) NO  STONEEAGLE AFFILIATED PARTY WILL BE LIABLE FOR DAMAGES OF ANY KIND RESULTING FROM THE OPERATION OR  PROVISION OF, OR PROVIDERS USE OF OR INABILITY TO USE, ANY APP, THE MARKETPLACE OR ANY THIRD PARTY MATERIALS, INCLUDING  FROM ANY VIRUS, WORM, TROJAN HORSE, EASTER EGG, TIME BOMB, SPYWARE OR OTHER SIMILAR COMPUTER CODE, FILE OR PROGRAM THAT MAY BE TRANSMITTED IN CONNECTION THEREWITH; AND (B) PROVIDERS SOLE AND EXCLUSIVE  REMEDY FOR DISSATISFACTION WITH ANY APP, THE MARKETPLACE OR ANY THIRD PARTY MATERIALS IS TO STOP USING THE  APPLICABLE APP, MARKETPLACE OR THIRD PARTY MATERIALS. ALL LIMITATIONS OF LIABILITY OF ANY KIND (INCLUDING IN THIS SECTION AND ELSEWHERE IN THE AGREEMENT) ARE MADE FOR THE BENEFIT OF EACH STONEEAGLE AFFILIATED PARTY. 

4. Mutual Indemnification. To the maximum extent permitted under applicable law, (a) Provider will defend each StoneEagle Affiliated Party against any claim, demand, suit or proceeding made or brought against any StoneEagle Affiliated Party by a third party arising out of or relating to any violation or alleged violation of the Agreement by Provider (each, a “Claim Against StoneEagle”), and (b) StoneEagle will defend Provider against any claim, demand, suit or proceeding made or brought against Provider by a third party arising out of or relating to any violation or alleged violation of the Agreement by StoneEagle (each, a "Claim Against Provider"). Each party will indemnify the other party from any damages, attorney fees and costs finally awarded against such party as a result of, or for any amounts paid under a settlement approved by the indemnifying party in writing, provided the indemnified party (i) promptly gives written notice of the claim, (ii) gives control of the defense and settlement of the claim to the indemnifying party, subject to the indemnified party's prior written consent to any settlement, and (iii) gives reasonable assistance at the indemnifying party's expense. 

5. Miscellaneous.

a. The parties are independent contractors and will so represent themselves in all regards. Neither party is the agent of the other, and neither may make commitments on the other’s behalf.

b. StoneEagle may send notices pursuant to this Agreement to Provider’s email contact points provided by Provider, and such notices will be deemed received 96 hours after they are sent. Provider may send notices pursuant to this Agreement via email to legal@se-fi.com and shall copy mcurylo@se-fi.com and such notices will be deemed received 96 hours after they are sent.

c. No delay, failure, or default, other than a failure to pay fees when due, will constitute a breach of this Agreement to the extent caused by acts of war, terrorism, hurricanes, earthquakes, other acts of God or of nature, strikes or other labor disputes, riots or other acts of civil disorder, embargoes, or other causes beyond the performing party’s reasonable control.

d. Assignment & Successors. Provider may not assign this Agreement or any of its rights or obligations hereunder without StoneEagle’s express written consent. Except to the extent forbidden in this Section, this Agreement will be binding upon and inure to the benefit of the parties’ respective successors and assigns.

e. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect.

f. Neither party will be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than by an authorized representative in an explicit written waiver. No waiver of a breach of this Agreement will constitute a waiver of any other breach of this Agreement.

g. This Agreement, the rights and obligations of the parties hereto, and any claims or disputes thereto, shall be governed by and construed in accordance with the laws of the State of Texas without reference to conflict of law principles.  Each party agrees to the exclusive jurisdiction of the applicable courts of Collin County, Texas and waives any defense based on venue or inconvenience. The prevailing party in any action under this Agreement shall be entitled to recover the costs and expenses including reasonable attorneys’ fees.

h. This Agreement sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to its subject matter. Neither party has relied upon any such prior or contemporaneous communications

i. This Agreement may not be amended in any other way except through a written agreement by authorized representatives of each party.

j. Counterparts. The Parties expressly acknowledge and agree that this Agreement may be validly executed by the signature on the agreement referencing this online document. 

 

 

*END OF THE AGREEMENT