Terms and Conditions
Applycheck, LLC provides client access to tenant applicant screening and employment applicant screening services. To access these services, users must agree to all of the following terms and conditions.
Service: The client will be provided with consumer, business, public record and other data through Applycheck, LLC. Applycheck, LLC guarantees the client that we will use the best means and efforts to fulfill each client’s request in the most efficient and expeditious manner. Applycheck, LLC will have no obligation or liability to the client for any delay or failure of its network due to circumstances beyond its control, including, but not limited to computer malfunction, trunk or telephone line failure, weather related problems, supplier performance or acts of god.
No Warranties: I understand the information supplied by Applycheck, LLC is provided “as is” and “where is” and Applycheck, LLC makes no warranties, express or implied, as to the fitness for a particular use or purpose, title, non-infringement or any other warranty, condition, guaranty, or representation, whether oral, in writing, or in electronic form, including but not limited to the accuracy, completeness, or timeliness of any information contained herein or provided by Applycheck, LLC. I understand that all records contained in and re-sold by Applycheck, LLC are compiled from public records obtained from state, local, and federal government offices and may not always be totally complete or 100% accurate.
Refund Policy: “NO RETURN, NO REFUND, ALL SALES FINAL. The cost of reports ordered by a subscriber and delivered to the subscriber is not refundable. The cost of reports ordered by a subscriber in error, or reports returned to a subscriber in error due to erroneous or incomplete input by the subscriber is not refundable. Orders which are not delivered, delivered in error, or delivered incomplete due to Applycheck system failures are subject to full refund or re-run without any additional charge. Requests for refunds under this policy must be made within sixty (60) days of the subject event. As our data is gathered from public records, we cannot guarantee that all information is complete and up to date. Each jurisdiction provides updated information at different intervals (monthly, quarterly, etc.) It is also important to understand other factors may affect what appears in a criminal record search. For example: a) the criminal record may have been expunged or sealed, b) a criminal offense was under a different name or date of birth, c) errors made by the jurisdiction in recording or reporting information. It is also possible to get criminal record information that does not belong to the person being searched.
Indemnification: I agree to indemnity and hold harmless Applycheck, LLC, LLC and its officers, directors and employees for any claim for damages resulting from information derived from searches. I agree that Applycheck, LLC is not liable for any monetary damages resulting from information derived from searches on its website or included in screening services. All notices hereunder shall be given in writing to Applycheck, LLC, certified mail, return receipt requested, postage prepaid, at the address of 57 West Timonium Road Suite 105A, Suite 105A, Lutherville-Timonium, MD 21093. If any action shall be brought on account of any breach of or to enforce any of the terms of this agreement, Applycheck, LLC shall be entitled to receive from client all costs of collection and reasonable attorney’s fees at an annual interest rate of 18%. Any legal action or proceeding with agreement against client shall be brought only in the courts of Baltimore County in the State of Maryland.
General Use of Data: Client agrees the information may not be used for purposes prohibited by Local, State or Federal law and regulations thereof.
FCRA Compliance: I hereby agree to comply with the provisions of the Fair Credit Reporting Act (15 USC 16810) and to only request consumer credit report information for the sole purpose of determining my prospective tenant’s or employee’s credit worthiness and identity. I agree that I will receive from the tenant or employee their signed consent and I understand that I must keep it on file for a period of no shorter than 5 years. I shall hold in the strictest confidence all information received. I certify that I am not using this information for a bail bond company, credit repair company (including credit counseling and credit clinics), investigative company (including private investigators and detective agencies), attorney or paralegal firm, news agency or journalist, law enforcement personnel, dating service, asset location service and I have never been involved in credit fraud or other unethical business practices. I understand that the purpose of requesting information covered by the FAIR CREDIT REPORTING ACT must be identified, that the information received is for my use only and that there are criminal penalties for willful violations of this ACT. I further agree not to resell the information or transmit to any third parties.
FCRA Guidelines: Federal Fair Credit Reporting Act (FCRA – 15 U>S>C> 1681 ET SEQ) – Although the FCRA primarily regulates the operations of consumer credit report agencies, it also affects you as the user of information. We suggest that you and your employees become familiar with the following sections in particular:
- §604. Permissible Purposes of Reports
- §615. Conditions of Disclosures to Consumers
- §616. Requirements on Users of Consumer Reports
- §617. Civil Liability for Willful Noncompliance
- §619. Civil Liability for Negligent Noncompliance
- §620. Obtaining Information Under False Pretenses
- §623. Unauthorized Disclosures by Officer or Employee
Access Security Requirements: We must work together to protect the private information of consumers. These security measures are designed to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, you may employ an outside service provider to assist you. Capitalized terms used have the meaning given in the Glossary section. We reserve the right to change these Security Requirements. This information provides minimum baselines for information security.
In accessing the credit reporting services, the following security requirements apply:
- Implement Strong Access Control Measures
1.1. Do not provide your Subscriber Codes or passwords to anyone. No one from our company will ever contact you and request your Subscriber Code number or password.
1.2. Proprietary or third-party system access software must have the Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel.
1.3. You must request your Subscriber Code password be changed immediately when any system access software is replaced by their system access software or is no longer used; or the hardware on which the software resides is upgraded, changed or disposed of.
1.4. Protect Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s).
1.5. Create a separate, unique user ID for each user to enable individual authentication and accountability for access to our system. Each user of the system access software must also have a unique logon password.
1.6. Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on users’ profiles.
1.7. Keep user passwords Confidential.
1.8. Develop strong passwords that are: not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) and that contain a minimum of eight (8) alpha/numeric characters for standard user accounts.
1.9. Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.
1.10. Active logins to credit information systems must be configured with a 30 minutes inactive session timeout.
1.11. Restrict the number of key personnel who have access to credit information.
1.12. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in your Contract.
1.13. Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose.
1.14. Implement a process to terminate access rights immediately for users who access credit reporting information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information.
1.15. After normal business hours, turn off and lock all devices or systems used to obtain credit information.
1.16. Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.
- Maintain a Vulnerability Management Program
2.1. Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates.
2.2. Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.
2.3. Implement and follow current best security practices for Computer Virus detection scanning services and procedures: • Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks. • If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated. • On a weekly basis at a minimum, keep antivirus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files. • Implement and follow current best security practices for computer anti-Spyware scanning services and procedures: • Use, implement and maintain a current, commercially available computer anti- Spyware scanning product on all computers, systems and networks. • If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. • Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers. • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly.
- Protect Data
3.1. Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.)
3.2. All credit reporting data is classified as Confidential and must be secured to this requirement at a minimum.
3.3. Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information.
3.4. Encrypt all credit reporting data and information when stored on any laptop computer and in the database using AES or 3DES with 128-bit key encryption at a minimum.
3.5. Only open email attachments and links from trusted sources and after verifying legitimacy.
- Maintain an Information Security Policy
4.1. Develop and follow a security plan to protect the Confidentiality and integrity of personal
consumer information as required under the GLB Safeguard Rule.
4.2. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information and to permit identification and prosecution of violators.
4.3. The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.4. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
- Build and Maintain a Secure Network
5.1. Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.
5.2. Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.
5.3. Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.
5.4. Any stand-alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services, and network traffic.
5.5. Encrypt Wireless access points with a minimum of WEP 128-bit encryption, WPA encryption where available.
5.6. Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.
- Regularly Monitor and Test Networks
6.1. Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).
6.2. Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by protecting against intrusions; securing the computer systems and network devices; and protecting against intrusions of operating systems or software.
Record Retention: The Equal Credit Opportunity Act states that a creditor must preserve all written or recorded information connected with an application for 24 months. In keeping with the ECOA, you are required to retain the credit application and, if applicable, a purchase agreement for a period of not less than 24 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, we will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract. Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation.