February 8, 2022

Emptor, Inc. – Reseller

Software as a Service (SaaS) Agreement


This SaaS Agreement, applicable in its entirety, governs all work contracted under, and performed by, Emptor, Inc. as articulated in the applicable Work Order Form(s) and any applicable addendums thereto. Emptor, Inc. (“Company”) and Reseller (identified by name in any applicable Work Order Form) agree to the following:


Terms and Conditions



    1. Subject to the terms of this Terms and Conditions, the API Manual (https://docs.emptor.io/), Data Protection Agreement for Emptor Inc. (Annex I), Data Protection Agreement for services in Brazil (Annex II), Service Level Agreement found in the API manual), External Software Usage Policy (Annex III), and any applicable Work Order Form (collectively referred to as “SaaS Agreement” or “Agreement”), Company will use commercially reasonable efforts to provide Reseller the Services in accordance with the Service Level Agreement(found in the API Manual), as well as any additional Service Level Terms agreed to by the parties, the terms of which are governed by this Agreement.

    2. Subject to the terms hereof, Company will provide Reseller with reasonable technical support services in accordance with the terms set forth in Service Level Agreement, as well as any additional Service Level Terms agreed to by the parties, the terms of which are governed by this Agreement. 


    1. Reseller will not, directly or indirectly (through itself or any third party): reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services or any Software (except to the extent expressly permitted by Company or authorized within the Services); use the Services or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third; or remove any proprietary notices or labels.

    2. Export and Import Control Compliance.  Further, Reseller may not remove or export from the United States or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.  As defined in FAR section 2.101, the Software and documentation are “commercial items” and according to DFAR section 252.2277014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.”  Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.  

    3. OFAC Compliance. Reseller acknowledges that Company is beholden to OFAC regulations, and in particular, the OFAC Cyber-Related Sanctions program, implemented under E.O. 13694 and E.O. 13757.  As such, Company is prohibited from engaging in business with, or furthering the interests of, any individual, group, or entity designated by the U.S. Government as a Specially Designated National.  Reseller warrants that, to the best of its knowledge, Reseller is not identified by the United States Office of Foreign Asset Control (OFAC) as an entity, nor is it owned or controlled by (either controlled by through entity charter, or through 50% or more ownership of the entity), or acting on behalf of, targeted countries, or any entity otherwise designated as a Specially Designated National, nor is Reseller engaging in business with individuals or entities with such classification.  Reseller also warrants that it is not knowingly employing Emptor for the purpose of doing business with, or furthering the interests of, third party companies, entities, groups, or individuals that are identified by OFAC as Specially Designated Nationals.  If Reseller discovers that an individual or entity directly under its employ, or a Reseller it services, or a third party individual or entity for whom Reseller engages in Company’s services to provide business to, is a Specially Designated National, then Reseller is under an affirmative obligation to notify Company.

    4. Compliance with use of Company’s API Manual. Reseller represents, covenants, and warrants that Reseller will use the Services only in compliance with Company’s standard published policies, which are articulated in Company’s API manual (found at https://docs.emptor.io/), the External Software Usage Policy incorporated into this Agreement, as well as all applicable laws and regulations. Reseller hereby agrees to indemnify and hold harmless Company against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation of the foregoing or otherwise from Reseller’s use of Services. Although Company has no obligation to monitor Reseller’s use of the Services, Company may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.

    5. FCRA Compliance.  The parties acknowledge that for purposes of this Agreement, Company and Reseller are operating as a consumer reporting agency, as that term is defined in the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) (FCRA). The parties acknowledge that the Data will be used for consumer reporting purposes pursuant to the FCRA.  Company and Reseller certifies that it has established and implemented written policies and procedures regarding the accuracy and integrity of information furnished, pursuant to any and all applicable provisions in the FCRA.

    6.  FCPA Compliance.   Company does not, and shall not permit any of its subsidiaries and Affiliates or any of its or their respective directors, officers, managers, employees, independent contractors, representatives or agents (collectively, “Representatives”) to, promise, authorize or make any payment to, or otherwise contribute any item of value to, directly or indirectly, any non-U.S. government official, in each case, in violation of the U.S. Foreign Corrupt Practices Act (“FCPA”) or any other applicable anti-bribery or anti-corruption law. The Company shall, and shall cause each of its subsidiaries and Affiliates to, cease all of its or their respective activities, as well as remediate any actions taken by the Company, its subsidiaries or Affiliates or any of its or their respective Representatives in violation of the FCPA or any other applicable anti-bribery or anti-corruption law. The Company shall, and shall cause each of its Affiliates and subsidiaries to, maintain systems or internal controls (including, but not limited to, accounting systems, purchasing systems and billing systems) to ensure compliance with the FCPA or any other applicable anti-bribery or anti-corruption law.

    7. General Data Security and Privacy Law Compliance.  The Parties acknowledge that the data to which they will have access pursuant to this Agreement will contain Personal Identifying Information, the use of and access to which is subject to various privacy and data security laws in various jurisdictions.  The Parties agree to comply with any and all such applicable Privacy and Data Security laws, and to implement appropriate mechanisms to comply therewith as part of their own internal Information Security program.  Furthermore, parties agree to implement and execute any and all supplementary or incidental agreements, notices, consents, and other documents as is required by law or this Agreement to further ensure compliance with such Privacy and Data Security Laws.

    8. Notice of Limited Use of PII.  Company does not use any Personal Identifying Information of the data subject given to it by Reseller, including but not limited to the Reseller Data, any other personal data of the data subjects and any data derived from it, other than for the provision and improvement of the Services rendered, the Services of which are defined by this Agreement.  Reseller, as the direct point of contact with the data subject, is responsible for placing the data subject on notice and receiving requisite consent from the data subject for the processing and use of their information.

    9. Reseller Responsibilities.  Reseller shall maintain marketing and customer service standards that are appropriate in order to maintain high-quality Services and to reflect favorably on Reseller’s and Company’s reputation.  Reseller shall provide customers with prompt, courteous, and efficient service, shall take every reasonable precaution not to disclose any Customer information, other than as permitted or compelled by any applicable legislation, and shall deal with Customers honestly and fairly.  

    10. Mutual Obligations.  Neither party shall by way of statement, act or omission, discredit or reflect adversely upon the reputation of or the quality of the other party or the products or services provided by the other party.

    11. Customer Contracts.  The Reseller shall not enter into contracts with customers on behalf of Company except as explicitly articulated within this Agreement, and in accordance with any applicable regulations.  The terms and conditions of each resale, for the purpose of compliance, safety and security of the data transferred and processed,  must conform to the means of servicing and conditions set forth herein.  Reseller shall not make any representations or warranties on behalf of Company that are not explicitly and affirmatively stated in this agreement, nor shall it in any way bind or attempt to bind Company contractually or otherwise with any Customers.  Reseller shall use good faith to coordinate marketing efforts with the business development component of Company.

    12. Reseller Marketing.  Reseller may, without the prior written consent of Company, market, promote and/or re-sell the Services, provided that Reseller shall continue to be responsible for all of its duties and obligations under this Agreement and for any acts or omissions. Reseller shall be liable to Company for all losses, costs, damages and expenses of whatsoever nature, that Company may sustain or incur as a result or in connection with any act or omission of Reseller in the course of its marketing Company’s Services, provided that Reseller shall be entitled to the benefit of any limitations in this Agreement.  Reseller shall, however, only use marketing materials given to it by Company explicitly for marketing purposes. In addition, Company is allowed to use Reseller’s logo on its website as a “reseller of Company’s services.” Reseller may use Company’s logo on Reseller’s website as a “service provider.”

    13. Launch of the Services with Reseller.  Upon execution of this Agreement, the parties will co-operate and use commercially reasonable efforts to integrate the Services with any Reseller software or infrastructure with which the Services need to interact in order to allow the Services to be marketed by Reseller to Customers. Once the Services have been integrated with Reseller’s software or infrastructure and the parties agree that the integrated Services are of a reasonable quality (measured by the standards enumerated in the Service Level Agreement), the Reseller shall be entitled to begin reselling the Services to Customers.




  1. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party).  Proprietary Information of Company includes, but is not limited to, non-public information regarding features, functionality and performance of the Service.  Proprietary Information of Reseller includes non-public data provided by Reseller to Company to enable the provision of the Services (“Reseller Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information.  The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document (a) is or becomes generally available to the public, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party or (e) is required to be disclosed by law. Such five (5) year term will be extended in the event of renewal of this Agreement for additional periods of the same duration as the renewal term of this agreement. Reseller affirms that it implements information security systems, measures, and protocols both internal, and between Reseller and third party service providers, sufficient to safeguard sensitive and proprietary information from inadvertent disclosure or malicious acquisition.  

  2. Reseller shall own all right, title and interest in and to the Reseller Data. Company owns any data that is based on or derived from the Reseller Data and provided to Reseller as part of the Services.  Company shall own and retain all right, title and interest in and to (a) the Services and Software, all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Implementation Services or support, and (c) all intellectual property rights related to any of the foregoing. 

  3. Notwithstanding anything to the contrary, Company shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Reseller Data and data derived therefrom), and  Company will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business, provided that such use and disclosure shall be in compliance with any applicable laws and regulations and shall not cause any detriment to the Reseller or any of its affiliates. If Reseller wishes to engage in Emptor services regarding data subjects that are residents or citizens of Brazil, Reseller must sign and adhere to Exhibit Annex II, in which Reseller must acknowledge and acquiesce to compliance with Brazil’s data protection regime,  “Lei Geral de Proteção de Dados” (hereafter, LGPD).   

  4. No rights or licenses are granted unless expressly set forth herein. Any use and disclosure of any Proprietary Information and any confidentiality obligation with respect to the Proprietary Information on part of the Disclosing Party shall be governed by and subject to the requirements of the confidentiality requirements of this SaaS Agreement, as well as any additional written and signed Non-Disclosure Agreements between the Parties. In addition, the Company shall not disclose to any other third parties whose primary business competes with that of the Reseller or its affiliates, the existence of this Agreement, the identity of the Reseller, the fact that the parties hereto are considering the transactions contemplated hereunder, including the status thereof and the existence of discussions or agreements between the parties hereto or between the Company and any other person in relation to the transactions contemplated hereunder, or any other fact relating to the transactions or any communications related thereto, without the prior written consent of the Reseller. However, Company may include Reseller in their Reseller references, along with a logo and a description of Reseller’s company for the purposes of fundraising and marketing on Company’s website.

  5.  Reseller shall be responsible for all activities of the subsequent resellers, affiliates, and customers to whom Reseller resells, or otherwise makes available thereto, Company’s services.  No Services will be rendered unless Reseller provides proof of, or legally warrants that Reseller requires or has otherwise received, the necessary consent from its clients or the data subjects that is required under any and all applicable laws and regulations of any jurisdiction in which the Services are to be rendered.  The Consent given by the data subject will be for the sole purpose of rendering Services to Reseller.  In the event that the data is collected by Reseller through its own applications, Reseller must be held responsible for developing and integrating the relevant consent collecting functions into its applications.  If such personal data is collected directly by either Party, then the Party shall be responsible for developing the relevant consent collecting functions and shall ensure the integration of such functions into the automated interface provided by it to Reseller for the purpose of rendering services.  The manner in which Reseller offers and implements Company’s services shall at all times be in compliance with the terms of this Agreement.

  6. It is acknowledged Reseller owns the input data and the result data. Company owns the process and all processed data. 

  7. All data, regardless of how it was shared or made available must be duly and completely destroyed, eliminated, or returned to Reseller upon Reseller’s request. Furthermore, upon termination of this Agreement, or upon the written request of the Reseller, the data must be deleted in its entirety using industry best practices.  Reseller further acknowledges that once Reseller Data is destroyed, Company is no longer liable for destroyed data. 

  8. If applicable, Reseller shall be responsible for complying with any laws pertaining to “ARCO” rights as required by law. In the event that Reseller shall need for Company to provide to any Data Subject the rights of access, cancellation, and/or opposition regarding any Data Subject Personally Identifiable Information (“PII”) in Emptor’s possession, Reseller must submit such request, on Data Subject’s behalf, in writing. Company shall respond as soon as is practicable. Company is not responsible for rectifying information not located within its own data stores. Therefore, to do so, the Reseller should instruct the Data Subject to go directly to the source.

  9. During the term of this Agreement, neither Party shall (either directly or through any third party, affiliates, or agents) use the information exchanged or disclosed during the course of this Agreement to attempt to undermine or solicit from the other, potential Resellers or opportunities which would not have otherwise been identified, if not for the disclosure of such a Reseller or opportunity by the initial party.  Furthermore, neither Party shall solicit or entice or endeavour to solicit or entice any program, Reseller, or opportunity to transfer to it such business that the other party has already undertaken and is an existing program, Reseller or opportunity, by means of breach of Contract or in any other way. This shall not apply in cases where the business contact, or potential relationship or Reseller would not have otherwise engaged in, or considered engaging in, business with the Disclosing Party.  The parties shall assess their capabilities to pursue and bid on programs, Resellers, and opportunities in good faith.


Each Party hereby undertakes and covenants to and for the benefit of the other Party that it shall not, during the term of this Contract, solicit or entice away or endeavour to solicit or entice away from the other Party any person who is an employee or consultant of that Party, whether or not such person would commit a breach of contract by reason of leaving the employment of the other Party.  However, for the avoidance of doubt, the Parties agree that neither Party may hire the employees of the other Party within two (2) years after their labor contract has been terminated.


Each undertaking contained in this Contract shall be read and construed independently of the other covenants contained in this Contract so that if one or more of such covenants should be held to be invalid for any reason whatsoever, then the remaining covenants shall be valid to the extent that they are not held to be so invalid.  Each Party acknowledges that the restrictions contained in this section are reasonable by it, but if any such restriction shall be found to be void or voidable, but would be valid if some part or parts thereof were deleted or the period or area of application reduced, such restriction shall apply with such modification as may be necessary to make it valid, effective, and enforceable.


4.1 Reseller will pay Company the applicable fees described in any applicable Work Order Form agreed to by both parties for the Services outlined therein (the “Fees”). All test data and re-runs processed will be billed at the regular pricing quotes specified in the Work Order Form. Reseller shall be responsible for all taxes associated with Services other than U.S. taxes based on Company’s net income.

4.2 Company may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Company thirty (30) days after receipt date of the invoice by Reseller.  For the avoidance of doubt, if services commence seven (7) business days prior to the end of a given month, Company acknowledges and agrees that the fees for the services provided during the period from the date when the services start to the end of the month shall be billed to the billing of the following month. Unpaid amounts are subject to a finance charge of 2.0% per week on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. In the event that Company chooses to bill through an invoice, Reseller agrees to pay Company through the information explicitly provided in the Work Order Form. Invoices that may be issued by Company must comply with any and all applicable requirements set forth in the laws and regulations of the country of issuance.

4.3 Company shall obtain approval from Reseller prior to incurring travel expenses that Company requests be reimbursed. If approved, Reseller shall reimburse Company for such travel expenses provided that Company provide Reseller with an itemised description of expenses claimed and receipts for such expenses.

4.4 Billing Policy

  1. Definitions

    1. Successful Execution: when all the enabled reports for a given Person (an individual whose data Emptor will use to perform a Background Check) have returned a state COMPLETED.  

    2. Incomplete: when any of the reports enabled for a given Person have returned a state INCOMPLETE.

    3. Error: when any of the reports enabled for a given Person have returned a state or an outcome as ERROR.

  2. Billing Practices

    1. Emptor charges its Resellers (prices outlined in the applicable Work Order Form) for all successful executions of a folder (set of reports), i.e., when all the enabled reports have returned a state COMPLETED.

    2. Emptor charges its Resellers 50% of the prices outlined in the applicable Work Order Form for any INCOMPLETE results. This occurs when  PASSED, FAILED, or BODY could not be reached due to the information provided by the Reseller.

    3. Emptor does not charge its Resellers for  ERROR results. 


4.5 In the event that Reseller believes Reseller has been incorrectly billed by Company, Reseller has two (2) calendar weeks from the date that the Reseller has received the invoice with the balance in question, to dispute the amount by notifying Company (“Billing Dispute”).  Reseller then has two (2) calendar weeks from the date that Reseller notified Company of a potential Billing Dispute to do its due diligence (“Due Diligence Period”) in determining whether Company has in fact billed Reseller incorrectly.  Company shall assist Reseller in providing any documentation as is reasonably necessary to confirm whether or not the amount in question is in error.  Depending on the percentage of the amount that Reseller believes is billed in error, the following shall apply:

  1. For amounts in dispute that are equal to or less than 10% of the total amount of the relevant invoice, the total amount of the invoice shall, regardless of the billing error, be paid by Reseller to Company within the time period specified in section 4.2. This means that payment for the total amount of the invoice must be received by Company within thirty (30) days from the date that Reseller received the invoice.   If error is proven by Reseller, then the amount in error shall be credited to Reseller for the following month.

  2. For amounts in dispute that are in excess of 10% of the total amount of the relevant invoice, then the amount that is not in dispute shall be paid by Reseller to Company within the time period specified in section 4.2.This means that payment for the amount of the invoice that is not in dispute must be received by Company within thirty (30) days from the date that Reseller received the invoice. If Reseller proves and Company agrees that the amount in dispute is in error, Company shall absolve Reseller of payment of the amount in dispute.  If Reseller fails to prove that Company erred in the billing amount, then the amount outstanding shall be paid to Company.  If the outstanding amount is paid within the billing period described in section 4.2, no late fees shall attach.  However, if the outstanding amount is paid after the billing period in section 4.2 has lapsed, then whatever outstanding amount Reseller owes to Company shall be subject to the late fees described herein.

  3. If no such resolution is reached between the Parties with regards to the amount in dispute, then Parties shall proceed with discussions in good faith and with efforts commensurate to the amount in dispute for resolution, within a reasonable time period.  If no resolution can be reached, then external dispute resolution in accordance with the terms of this Agreement may be pursued.


This Agreement shall go into effect on the date that both parties sign the applicable Work Order Form (“Effective Date”). Furthermore, this Agreement shall be valid for a period specified in the applicable Work Order Form. Reseller or Company may terminate the Work Order Form and this Agreement for any reason if a written notice of termination is provided to the other party at least sixty (60) days prior to the intended date of termination. If the term outlined in the applicable Work Order Form is for a period of fewer than sixty (60) days, Reseller or Company can terminate the Work Order Form and this Agreement with seven (7) days’ written notice. In addition to any other remedies it may have, either party may also terminate the Work Order Form and this Agreement immediately if the other party materially breaches any of the terms and/or conditions of the Work Order Form and/or this Agreement. Reseller will pay in full for the Services up to and including the last day on which the Services are provided in accordance with the standards and requirements under the Service Level Agreement. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability. 


Company shall use reasonable and necessary efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services and shall perform the Services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable and necessary efforts to provide advance notice in writing or by e-mail of any scheduled service disruption.  OUTSIDE OF THE REQUIREMENTS AND STANDARDS OUTLINED IN THE SLA, COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES.  EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES AND ARE PROVIDED “AS IS” AND COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.  


Unless otherwise provided for in this Agreement and subject to the remedies available to the Reseller as specified in any applicable Work Order Form agreed to by the parties, Company shall indemnify Reseller for any losses or damages suffered or incurred by Reseller for the Company’s failure in rendering services in accordance with the standards and requirements as specified in the Service Level Agreement agreed to by the parties and a breach of warranties set forth in Section 6. Company shall hold Reseller harmless from liability to third parties resulting from infringement by the Service of any patent or any copyright or misappropriation of any trade secret, provided Company is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Company will not be responsible for any settlement it does not approve in writing.  The foregoing obligations do not apply with respect to portions or components of the Service (i) not supplied by Company, (ii) made in whole or in part in accordance with Reseller specifications and Company has informed Reseller of the potential infringement in connection with such portions of components, (iii) that are modified after delivery by Company, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Reseller continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Reseller’s use of the Service is not strictly in accordance with this Agreement.  If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Company to be infringing, Company may, at its option and expense (a) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Reseller a license to continue using the Service, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Reseller’s rights hereunder and provide Reseller a refund of any prepaid, unused fees for the Service.


Subject to the terms and conditions set forth herein, each Party shall indemnify, hold harmless, and defend the other party, its affiliates and their respective owners, officers, directors, employees, agents, successors and permitted assigns from and against any and all claims, losses, deficiencies, judgments, settlements, interest, awards, fines, causes of action, damages, liabilities, costs, penalties, taxes, assessments, charges, punitive damages and expenses of whatever kind, including reasonable attorney’s fees that are incurred by the indemnified party (collectively, “losses”) as a result of any (i) breach or non-fulfillment of any representation, warranty or covenant under this agreement by the indemnifying party, (ii) acts or omissions of indemnifying party (any reckless or willful misconduct) in performing its obligations under this agreement, or (iii) failure by indemnifying party to comply with any applicable federal, state, or local laws, regulations, or codes in the performance of its obligations under this Agreement.






If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.  This Agreement is not assignable, transferable or sublicensable by Reseller except with Company’s prior written consent.  Company may transfer and assign any of its rights and obligations under this Agreement without consent. This Agreement is the complete and exclusive statement of the mutual understanding of the parties in connection with the provision of the services, and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein.  No agency, partnership, joint venture, or employment is created as a result of this Agreement and Reseller does not have any authority of any kind to bind Company in any respect whatsoever.  In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.  All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of the state of New York without regard to its conflict of laws provisions.  


Any dispute, controversy, or claim (each, a “Dispute”) arising out of or relating to this Agreement, or the interpretation, breach, termination, validity, or invalidity thereof, shall be referred to arbitration upon the demand of either party to the Dispute with notice (the “Arbitration Notice”) to the other. The Dispute shall be settled by arbitration in Mexico City by the International Centre for Dispute Resolution in accordance with the arbitration rules thereof in force when the Arbitration Notice is submitted. The arbitration language is English and the arbitration proceedings shall be conducted in English. The award of the arbitral tribunal shall be in writing, and final and binding upon the parties hereto.  The choice of law by which this contract is governed is New York Law, without regard to its conflict of law provisions.  The parties agree that the terms of the arbitration award, once final, can be implemented and enforced by any court of competent jurisdiction.


The undersigned of this document warrant that they have the requisite authority to bind Company and Reseller as respectively identified in the signature block. If the Work Order Form is signed by a Reseller (Parent, Subsidiary, Affiliate, Subsequent etc.) who is not listed as the beneficiary for whom work is to be performed and/or from whom payment is to be remitted for services rendered by Company, then the signor, by signing these agreements, shall act as guarantor.  As guarantor, the Reseller who has signed the Work Order Form willingly assumes liability for any breach of this Agreement or the Work Order Form by the intended beneficiary identified in the Work Order Form for whom Emptor is providing services, and willingly assumes liability for any billing, fees, or other financial obligations incurred from Emptor, Inc. having provided its services to that beneficiary.  This guarantee is unconditional and absolute.  This guarantee is enforceable against guarantor despite any other circumstance which might otherwise constitute a defense to the guarantee.  The signing Reseller, as guarantor providing this guarantee, is not relying on any explicit or implicit representations by Emptor, Inc. or by the affiliate, subsidiary, etc. on whose behalf the guarantor is signing.  This guarantee is governed by the laws of the state of New York, and any conflict arising from this clause shall be subject to arbitration in Mexico City through the International Center for Dispute Resolution.  NOTE THAT THIS CLAUSE ONLY APPLIES IF THE Reseller SIGNING IS NOT THE INTENDED BENEFICIARY FOR WHOM SERVICES WILL BE RENDERED, OR THE PARTY BY WHOM PAYMENT WILL BE REMITTED.



Where Company possesses Manual Review capabilities, Company operates a manual review component that is included in the background check services that Company provides to Reseller and the Reseller’s Client. The manual review, where applicable, is a means to ensure that Company’s services are performed as fairly and accurately as possible in returning the results of the background checks.  For example, a manual review can ensure that a data subject does not improperly fail a background check due to imperfect or limitations on available  information. However, as Company retrieves its information from public databases, Company cannot guarantee or warrant that such information contained within those databases is accurate. Please see the API Manual (https://docs.emptor.io/) for country-specific information. 


Company utilizes existing internal criteria that determine “pass” or “fail” conditions that vary by Country.  These criteria comprise various searches, coupled with filtering criteria, which may include crimes and fines or other review criteria.  The Reseller’s Client, by way of Reseller, is able to implement its own pass/fail criteria for Company to utilize in performing its background check services. If Reseller does not make such a request, then Reseller accepts the existing criteria as well as the fact that Company does not make any warranty as to completeness or accuracy of information.  In the event that the criteria are accepted, the criteria shall become part of the Agreement between Reseller and Company and shall be integrated into the background check process.  If the existing criteria are used, then the Reseller, as well as the Reseller’s Client, is under the obligation to learn and understand the criteria to ensure that the criteria do not infringe on any relevant labor or employment laws applicable to the client. It should be noted that, due to the sources of information being implemented differently in each market, the pass/fail criteria will differ accordingly.  

Ultimately, the parameters of the background checks and hiring decisions are made by the Reseller’s Client who will be responsible for complying with regulations regarding the conditions of hiring and employment within their respective market.  As such, Company provides its services in a manner that is compliant with, but is not responsible for the Reseller’s Client’s compliance with, any applicable laws of the Country in which Company is providing services, unless the Reseller gives Company parameters for background check pass conditions that are in violation of such laws in which case Company will refuse to perform background checks in such a manner.  Engaging Company’s services is no guarantee of Reseller or Reseller’s Client’s compliance with the laws of the jurisdiction in which Reseller and Reseller’s Client are operating, which is the sole responsibility of Reseller.  Decisions of employment, and the legal compliance of the manner in which such decisions are made, are the responsibility and liability of the Reseller’s Client.



Force Majeure means all events which are beyond the reasonable control of a Party to this Agreement, and which are unforeseen, or if foreseen reasonably unavoidable, which arise after the effective date of this Agreement and which prevent total or partial performance of this Agreement by such Party.  Such events shall include, but not be limited to, natural disasters, war, threat of war, blockade, embargo, act of vandalism or theft that could not have otherwise through the implementation of reasonable security measures have been prevented, prevention of performance by acts of government or public agencies or the implementation of regulations by these institutions that render this contract illegal or invalid or performance impossible, epidemics, strikes, acts of god, and any other events which are recognized as Force Majeure in general international commercial practice.

If a Party is aware of the likelihood of a situation constituting Force Majeure arising, or is claiming Force Majeure, it shall notify the other Party as soon as is practicable in writing forthwith of the same, the cause and extent of non-performance or likely non-performance occasioned thereby, the date or likely date of commencement thereof and the means proposed to be adopted to remedy or abate the Force Majeure; and the Parties shall, without prejudice to the other provisions of this Agreement, consult each other with a view to taking such steps as may be appropriate to prevent and/or mitigate the effects of such Force Majeure.

The Party subject to or claiming Force Majeure shall:

  1. Resume performance as expeditiously as possible after the termination of the Force Majeure or the Force Majeure has abated to an extant which permits resumption of such performance;

  2. Notify the other Party when the Force Majeure has terminated or abated to an extent which permits resumption of performance to occur; and 

  3. Keep the other Party regularly informed during the course of the Force Majeure as to when resumption of performance shall or is likely to occur.


If the Parties are not in agreement that an event of Force Majeure has occurred, the matter shall be handled in accordance with the terms of this Agreement regarding Term and Termination to the extent possible.  If, upon the execution of this Agreement, any Party’s interest is negatively affected by promulgation or abolition of any law, or amendment or change to any law, or any competent authority’s change to, withdrawal of, or refusal to renew, any license, approval, permit or other consent (collectively can be referred to as “Material Change of Law”), the Parties shall negotiate for the necessary adjustment so as to maintain each Party’s benefit under this Agreement to a level no inferior to the status prior to such Material Change of Law. 

Annex I

Data Processing Agreement (DPA)


This Data Processing Agreement (hereafter, “the DPA”) is entered into between Emptor, Inc. (hereafter, “Company”), and Reseller, (hereafter, “Reseller”).  The Reseller’s Client (hereafter, “Client”) acts as a Data Controller, per the definitions listed below, and Reseller wishes to contract data processing services from the Company, each party of which acts as Data Processor or Subprocessor, per the definitions listed below.  Both Parties acquiesce and commit to adhere to the principles, rights, and obligations as listed within the DPA as articulated herein.  




Unless otherwise denied herein, capitalized terms and expressions used in the DPA and corresponding Agreement shall have the following meaning:


  1. “Agreement” means the SaaS Agreement between the Parties, as well as the DPA and any other corresponding agreements or annexes relevant to the agreement between the Parties.

  2. “Client Data” means any Personal Data processed by the Processor on behalf of the Controller, or Subprocessor on behalf of the Controller pursuant to or in connection with the Agreement.

  3. “Data Protection laws” means any relevant and applicable Data Protection Laws within the jurisdictions relevant to the presence, transfer, or processing of data per the terms of the Agreement.

  4. “Data Transfer” means:

    1. A transfer of Client Personal Data from the Client to Company or Contracted Processor, or;

    2. An onward transfer of Client Personal Data from a Contracted Processor to any other Subprocessor;

  5. “Services” means the SaaS services provided in accordance with the Agreement provided by Company.

  6. “Subprocessor” means any person or company appointed as a third party by or on behalf of Processor or subsequently by Controller to process Personal Data on behalf of the Controller in connection with the Agreement.

  7. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

  8. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of such processing are determined by the purposes and means of such processing.

  9. “Data Subject” means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physician, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  10. “Personal Data” means any information relating to an identified or identifiable natural person (see “Data Subject”).

  11. “Personal Data Breach” means a breach of security legend to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  12. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  13. “Supervisory Authority” means an independent public authority which is established as the relevant, recognized, and competent authority for the creation, administration and application of Data Protection Laws and related matters within the jurisdictions relevant to the provisioning of services under the Agreement.



  1. Processing of Client Personal Data

    1. The Processor Shall comply with all applicable Data Protection Laws in the Processing of Client Data.  Furthermore, Processor shall not Process Client Data other than on the relevant Controller’s documented instructions.  The Controller shall instruct the Processor to process its Client Data.

  2. Processor Personnel

    1. Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Client Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Client Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

  3. Security

    1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall, in relation to the Client Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk.  This includes, as appropriate:

      1. The pseudonymisation and encryption of personal data;

      2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

      3. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

      4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

    2. In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

  4. Subprocessing

    1. Processor shall not appoint (or disclose any Client Personal Data to) any Subprocessor unless otherwise required, or authorized by the Controller.

  5. Data Subject Rights

    1. Taking into account the nature of the Processing, Processor shall assist the Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller obligations, as reasonable understood by the Controller, to respond to requests to exercise Data Subject Rights under the relevant Data Protection Laws.

    2. Processor shall:

      1. Promptly notify Controller if it receives a request from a Data Subject under any Data Protection Law in respect of Client Personal Data, and;

      2. Ensure that it does not respond to that request except on the documented instructions of Controller, or as required by the relevant applicable laws to which Processor is subject, in which case Processor shall to the extent permitted by the relevant applicable laws inform Controller of that legal requirement before any Contracted Processor responds to the request.

    3. Reseller and Client acknowledge and agree that the Data Subject has various rights with respect to how their information is processed.  These rights include, but are not limited to, rights of access, rectification, cancellation, and opposition.  For any inquiries regarding the exercise of such rights or information regarding the processing of the Subject’s data, Reseller, as point of contact, shall forward to Company the Data Subject’s inquiries.  Such inquiries shall be submitted to info@www.emptor.io

  6. Personal Data Breach

    1. Processor shall notify Controller without undue delay upon Processor becoming aware of a Personal Data Breach affecting Client Personal Data, providing Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under any and all relevant and applicable Data Protection Laws.

    2. Processor shall cooperate with the Controller and take reasonable commercial steps as directed by Controller to assist in the investigation, mitigation, and remediation of each such Personal Data Breach.

  7. Data Protection Impact Assessment and Prior Consultation

    1. Processor shall provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Controller reasonably considers required or necessary by any relevant and applicable Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

  8. Deletion or return of Client Personal Data

    1. Subject to this section 8, Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Client Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of Client Personal Data.

    2. Processor shall provide written certification to Controller that it has fully complied with this Section 8 within 10 business days of the “Cessation Date”.

  9. Audit Rights

    1. This section 9 and the audit rights pertaining herein shall only apply where necessitated by relevant and applicable Data Protection Laws.  If no such laws are otherwise applicable to the Parties, services, or transaction articulated herein, then this section shall not apply, and no such audit rights shall be granted.

    2. If such Rights are mandated by applicable and relevant data protection laws, subject to this section 9, Processor shall make available to the Company on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the Company or an auditor mandated by the Company in relation to the Processing of the Company Personal Data by the Contracted Processors.

    3. Information and audit rights of the Company only arise under section 9.2 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.

  10. Data Transfer

    1. The processor may not transfer or authorize the transfer of Data to countries or territories not otherwise required for the Processing of its data without the prior written consent of the Controller.  Both Parties commit to ensure that personal data is adequately protected in any given transfer, using industry best practices.

  11. General Terms

    1. Confidentiality.  Each Party must keep this DPA and the corresponding Agreement, and any information received about the ther Party and its business in connection with this DPA and Agreement confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that the disclosure is required by law, or that the relevant information is already in the public domain, in a manner consistent with the terms of the Agreement.

  12. Notices

    1. All notices and communications relating or relevant to this DPA and Agreement must be in writing, as required by the terms of the Agreement.


Brazil LGPD Data Protection 


These Data Protection Clauses are agreed upon between Emptor Inc (“Emptor”) and Reseller  and shall integrate the SaaS Agreement (“SaaS Agreement”) entered into on the Effective Date between the parties, taking effect during the Term set forth in the referred document.


WHEREAS the provision of Services agreed upon by the Parties in the SaaS Agreement may imply in Personal Data treatment over data collected in the brazilian territory or pertaining to an individual located in the brazilian territory, and therefore in the International Transfer of said Personal Data;


WHEREAS Brazil has a data protection law in effect as of september 2020 – Lei Geral de Proteção de Dados (LGPD) [Lei nº 13.709/2018] – which provides that the Personal Data treatment regarding data of individuals located in brazilian territory must abide by certain rules and principles;


WHEREAS the Parties wish to ensure compliance with the rules and principles set forth in LGPD for any data treatment over Personal Data of individuals located in the brazilian territory during the provision of the Services agreed upon in the Saas Agreement and by that also ensure the legality of such data treatment;


WHEREAS both Emptor and Reseller also with to ensure the adequate safeguards and level of security, confidentiality and protection of privacy for the Personal Data of individuals located in the brazilian territory, as well as put in place mechanisms to prevent any data breach or incident;


The Parties agree upon the following:



For the purpose of this Annex, the following definitions shall apply:

  1. Personal Data: means any personal identifiable information (PII) collected in the brazilian territory or pertaining to an individual (natural person) located in brazilian territory used for the provision os the Services;

  2. Data Subject: the individual (natural person) 

  3. Services: the processing of personal data for which the Controller (Reseller) has contractually engaged the Operator (Emptor)

  4. Cooperator: any third party providers used 

  5. Collaborator: any person that works for Emptor at any capacity, contractors, employees

  6. The terms and expressions “Controller’ “Operator” “Data Treatment” “International Data Transfer” shall have the same meaning as assigned to them in LGPD



    1. The Parties hereby undertake to comply with Brazilian Data Protection Regulation during the provision of Services by Emptor on behalf of the Reseller. Both parties shall abide by the LGPD and any other regulations that are set forth by the National Authority (Autoridade Nacional de Proteção de Dados – ANPD) during the provision of the Services.

    2. For the purposes of this Agreement, as it is for the purpose of Resale and the Reseller will not be the end user of the product, nor supply or control the information to be processed using Emptor’s services, both Emptor and Reseller will be considered Operators of the Personal Data.  The end user, or Reseller’s Client, is considered the Controller of the Personal Data. The Operators and the Controller must observe their responsibilities as stated in the data protection regulations from Brazil (Chapter VI, Section III of the LGPD).  As Reseller is the primary point of contact for the Controller, it is Reseller’s responsibility to ensure the Controller understands and is willing to comply with the responsibilities under the LGPD. No responsibilities are transferred by any means from one party to another through these clauses.

    3. The categories of Personal Data used for the provision of Services include name of the Data Subject, parents name, date of birth, ID number (RG), Taxpayer Number (CPF), city and state of residence or signup. The Parties agree that no Sensible Information or personal data regarding underaged persons will be exchanged for the provision of Services, if any such data is added to the Services they will be disregarded by Emptor, sent back to the Reseller and eliminated.

    4. The Controller of the Personal Data shall be responsible for acquiring the necessary consent (free and informed consent) for the provision of the Services or guaranteeing that the treatment fits in any of the other legal possibilities set forth by LGPD (article 7). In the case consent is the legal ground used to justify the Data Treatment it must include, at a minimum, information on the purposes for which the data is collected, the sharing of the data with Emptor and the International Data Transfer. The Controller shall be responsible for keeping record of any consent granted by any Data Subject.

    5. Emptor, as an Operator for the Data Treatment, shall be responsible for  (a) performing the Data Treatment for the sole purpose of rendering Services to the Reseller, within the limits and according to the provisions of the SaaS Agreement; (b) processing only such Personal Data as is strictly necessary for the performance of the Services or to comply with legal requirements; (c) keep the Personal Data confidential, disponible only for the use of the personnel responsible for the provision of Services. The use of Personal Data by Emptor for its own purposes or for purposes other than rendering Services to the Reseller shall represent a breach of this section, in this case Emptor will be considered as liable as the Controller over the damage caused by the treatment of the Personal Data for its own benefit (Article 42, § 1º, I of the LGPD).

    6. Emptor, acting as an Operator, shall refrain from responding to any request made by the Data Subject in regard to the Personal Data treated in the provision of the Services, except to the extent instructed by the Controller or according to LGPD regulations or ANPD decisions. However, Emptor shall inform the Reseller of any such request and cooperate with the Reseller to guarantee that the rights of the Data Subject provided by LGPD (Chapter III) are met in a timely manner and in accordance with the procedures set out by the law.

    7. Emptor shall provide Reseller, at its request, with any reasonably necessary documents to ensure that it is in compliance with the obligations arising from these Data Protection Clauses, including documentation over the use of the Personal Data only for the rightful purpose and over the technical and organisational measures adopted to ensure the protection of the Personal Data. 

    8. Both Parties shall keep record of the treatment activities under their responsibility in electronic form. The record shall contain (a) the categories of Personal Data used in the Data Treatment; (b) the categories of Data Treatment carried out on behalf of the Controller; (c) any International Data Transfer taking place due to the Data Treatment

    9. Both parties shall also inform one another immediately about (a) any auditing, investigation ou apprehension of the Personal Data by any competent authority; (b) any other requests from the competent authorities, including the judiciary or Ministério Público; (c) any incident regarding the Personal Data that may affect the other party businesses or demands its action. If any of the parties is subject to auditing by ANPD regarding the Personal Data used for the provision of the Services, it must inform the result of such audit to the other Party no later than ten (10) days after the results are published.

    10. Both Parties shall cooperate with the competent authorities, especially ANPD, providing all the information required to comply with regulations and/or requests made by said authorities.



    1. Emptor shall adopt administrative and technical measures to ensure the protection of all Personal Data used for the provision of Services (according to article 46 of the LGPD) in order to guarantee an adequate security level and mitigate damages to the data. The security measures put in place by Emptor shall take into consideration the risk of the operation, in particular the risks regarding Security Incidents

    2. Emptor shall keep the Personal Data protected under an Information Security Program that ensures  (a) protection against losses, unlawful disclosure or access; (b) reasonably identifies security risks and unauthorized accesses to its softwares; and (c) minimizes security risks, performing regular performance evaluations and tests. Emptor shall designate one or more employees to coordinate and take into effect the Information Security Program.

    3. If a Security Incident takes place, including, without limitation, unlawful or unauthorized access, data breaches or Personal Data losses, regardless of the reason that occasioned the Incident, Emptor shall communicate the Reseller immediately (a) the date and hour of the incident; (b) the date and hour of the communication; (c) all the Personal Data affected by the incident; (d) the number of Data Subjects affected; (e) the contact information of the person responsible for providing further information on the matter; (f) the measures already taken to mitigate the damage and avoid new incidents. If Emptor is not in possession of all the information listed above at the time of the communication, Emptor shall send them separately as soon as it gets hold of the missing information. The complete report over the Security Incident shall be completed no later than five (5) days after the acknowledgement of the incident.   



    1. The Personal Data exchanged between Parties shall be kept Confidential. Emptor must ensure that any Personal Data received is available only to those employees who effectively need access to it for the correct provision of the Services. The employees that have access to the Personal Data shall (a) only treat the data within the limits and under the terms of this Clauses, the SaaS Agreement and LGPD; (b) receive training over Data Protection and Information Security; and (c) have committed in writing to strictly observe the confidentiality over the Personal Data treated. 

    2. Each Party shall designate a person responsible for the communications regarding the Personal Data protected by these Clauses as well as any questions that may arise from the provisions set forth in this document.



    1. The Reseller acknowledges and agrees that, for the correct provision of Services, Emptor may use third party providers to carry out specific Data Treatment activities, including, without limitation, cloud computing and storage. In this case, Emptor shall only enter into agreements with third party providers that ensure the adequate level of protection required by LGPD for the Personal Data.

    2. After the provision of Services takes place effectively, Emptor shall notify the Reseller about substantial changes in the third party providers, providing a list of any new third party providers contracted by Emptor for the rendition of the Services.



    1. Any International Data Transfer that takes place due to the provision of Services must abide by the rules set forth in Chapter V of LGPD. The Parties, being both companies with its headquarters located outside Brazil, hereupon agree with the International Data Transfer to the United States of America, where the Data Treatment shall take place, including its components of cloud computing and storage through Cooperators. The Reseller, as the Controller of the Personal Data, shall be responsible for informing the Data Subject about the International Data Transfer and collecting, as well as keeping record of, the necessary specific and highlighted consent according to LGPD.  No provision of Services shall happen without the specific consent set forth in this section, considering all services are rendered outside Brazil.

    2. If any other International Data Transfer is set to take place outside the one already agreed upon in this document, the Party responsible for the transfer shall notify the other party in writing prior to its occurrence. Any International Data Transfer intended by Emptor outside the one already agreed upon depends on the agreement of the Reseller, that shall, that can deny the request at its sole discretion. 

    3. Any International Data Transfer that happens in order to ensure the provision of Services – including Clause 6.1. – shall observe the level of Data Protection required by LGPD, as set forth in these Clauses. No company, organisation or entity shall receive access to the Personal Data without ensuring security levels adequate to what is agreed upon in this document.

    4. The Parties hereby undertake to adopt the pertinent mechanisms regarding International Data Transfer whenever they are made available, including amend ANPD future Standard Contractual Clauses as well as clauses provided by the destination countries for the Persona Data.



    1. The Parties agree that on the termination of the provision of the Services, the Data Treatment shall be discontinued. The remaining Personal Data at that time as well as any copies (in digital or physical format) shall, at the choice of the Reseller, be eliminated or returned no later than thirty (30) days after the termination, except in the cases the storage of the Personal Data is required by law or allowed within the terms of LGPD (Chapter II, Section IV).


External Software Usage Policy


This External Software Usage Policy (the “Policy”) pertains to any Reseller that contracts with Emptor to use Emptor’s Services. In addition to any and all obligations stated in any Agreement signed between Reseller and Emptor, this Policy outlines additional terms and conditions with which Reseller must comply in order to use Emptor’s services. Reseller understands that by entering into an Agreement with Emptor and accepting the Emptor API Key to use Emptor’s Services to perform background checks, Reseller agrees to abide by this Policy and that failure to comply with this Policy shall be deemed a breach of the Agreement between Reseller and Emptor. 


  1. Definitions 

    1. Emptor’s Services – Emptor has created software that can perform background checks on individuals in several countries in Latin America 

    2. Emptor API – Emptor’s application programming interface that Reseller uses in order to perform background checks on Data Subject

    3. Emptor API Key – application programming interface key that Emptor will give to its Resellers for the sole purpose of using Emptor’s software to perform background checks

    4. Reseller – Any entity or individual that signs an Agreement with Emptor is a Reseller of Emptor 

    5. Agreement – Any relationship between Emptor and another party (Reseller) will be governed by terms and conditions within an Agreement, which includes any and all relevant Service Level Agreement(s)

    6. Emptor Background Checks API Documentation – this is the documentation provided to Reseller that explains how to access the Emptor API

    7. Termination Date – When Emptor and Reseller terminate any contractual relationship, a Termination and Settlement Agreement will be executed between the parties that will state the Termination Date, which is the date in which Emptor will cease providing any services to Reseller

    8. Reseller Report – This report indicates whether the Data Subject has passed or failed any part of the background check

    9. Data Subject – third party individual whose personal information is being used to perform the background check


  1. Use of the Emptor API and/or G Sheet(s)


  1. Emptor G Sheet(s)

In certain instances, in order for Reseller to be able to use Emptor’s Services, Reseller shall gain access to Emptor’s API via G Sheets whereby Reseller can input a Data Subject’s personally identifiable information (“PII”) in the G Sheets and Emptor’s API will produce a result as outlined in the API documentation that will be indicated on the G Sheets. By using the G Sheet product, Reseller shall not be able to directly access the Emptor API. 


  1. Emptor API Usage via Direct Integration

In certain instances, in order for Reseller to be able to use Emptor’s Services, Reseller shall gain access to Emptor’s API via Direct Integration. In this case, Reseller shall have direct access to the Emptor API whereby Reseller can input a Data Subject’s PII and Emptor’s API will produce a result as outlined in the API documentation that will be indicated in a report sent to Reseller. 


  1. Emptor API key

In order for Reseller to be able to use the Emptor API, Emptor shall send to Reseller an Emptor API key. Emptor shall send the Emptor API Key in plain text in a Google Doc to an email address designated by Reseller. Reseller shall use the Emptor API key in order to be able to access and use the Emptor API. Reseller is responsible for maintaining the security and confidentiality of the Emptor API key using industry-standard security measures. Reseller is prohibited from sharing the Emptor API key with any third party without written consent from Emptor. In the event that the Emptor API key is lost or stolen, Reseller must notify Emptor immediately at which point Emptor shall suspend the Emptor API and change the Emptor API Key. Furthermore, if the API key is stolen, any checks performed as a result of the stolen key shall be paid by Reseller in accordance with the pricing terms outlined in the Agreement between Reseller and Emptor. 


  1. Compliance with all applicable laws and regulations

Reseller agrees to comply with all applicable laws, regulations, and third party rights in any and all relevant jurisdictions while using the Emptor API and/or G Sheet(s). Reseller will not use the Emptor API and/or G Sheet(s) to promote or engage in any illegal activities. Furthermore, Reseller will not use the Emptor API and/or G Sheet(s) to violate any third party rights. As also stated in the Agreement between Reseller and Emptor, Reseller agrees and warrants that it has received the necessary consent from the relevant third party in order to perform the background check using the Emptor API and/or G Sheet(s). Reseller is solely responsible for obtaining the data subject’s consent and recording such consent if necessary in compliance with any and all applicable laws and regulations. 


  1. Permitted Access

Reseller agrees to access (or attempt to access) the Emptor API only through the instructions contained in the Emptor Background Checks API Documentation. Reseller shall not misrepresent or hide its identity when accessing the Emptor API. 


  1. Prohibitions on Use of the Emptor API

In addition to not using the Emptor API and/or G Sheet(s) to break any applicable laws and regulations, Reseller shall refrain from engaging in the following prohibited activities. Reseller shall not access the Emptor API and/or G Sheet(s) in order to introduce to Emptor’s Services any worms, viruses, or any other item of a destructive nature.  Reseller shall not access the Emptor API and/or G Sheet(s) to interfere with or disrupt the Emptor API or the servers or networks providing the Emptor API. Reseller shall not use the Emptor API to defame, abuse, harass, stalk, or threaten others. Reseller shall not use the Emptor API or G Sheet(s) to remove, obscure, or alter any Emptor terms of service or any links to or notices of those terms.


  1. Rate Limits

Reseller agrees to inform the Reseller’s Client not to attempt to exceed or circumvent the limitations (defined below) placed on use of the Emptor API and/or G Sheet(s).  These limitations are set by Emptor in its sole discretion. In order to use the Emptor API and/or G Sheet(s) in excess of the rate limits, Reseller must receive written consent from Emptor. The limits described below also pertain to the G Sheet(s). For country-specific rate limits, please see the API Manual (https://docs.emptor.io/). 


  1. Security

Reseller is responsible for maintaining the security of the Emptor API and/or G Sheet(s) and will not make it available to any third party any login credentials including, but not limited to, any key, password, or token to the Emptor API and/or G Sheet(s). Reseller shall use industry-standard security measures to prevent unauthorized access or use of the Emptor API and/or G Sheet(s) whether by worms, virus, or any other harmful means. In the event that Reseller reasonably believes that there has been any unauthorized access to the Emptor API, Reseller must immediately notify Emptor and cooperate with Emptor in any way necessary. 


  1. Emptor monitoring of Reseller use of Emptor API

Reseller understands and agrees that Emptor may, if it so desires, monitor use of the Emptor API and/or G Sheet(s) in order to ensure quality and improve Emptor’s Services. Monitoring includes, but is not limited to, accessing the Emptor API and/or G Sheet(s). Reseller shall not interfere with Emptor’s monitoring.


  1. Updates to the Emptor API

Emptor may update the Emptor API and/or G Sheet(s)  at any time in its sole discretion, and Reseller is obligated to use the most current version.


  1. Termination of Use of the Emptor API

In the event that the Agreement between Reseller and Emptor is terminated for any reason, Reseller must cease using the API and/or G Sheet(s) on the Termination Date. On this Termination Date, Emptor will cease providing services and access to the Emptor API to Reseller. In addition, Emptor will rotate the relevant Emptor API Key. 


  1. Content

Emptor owns the Emptor API and/or G Sheet(s) and Reseller shall have no ownership interest whatsoever in the Emptor API and/or G Sheet(s). Reseller owns the input data as well as the output data (Reseller Reports). Emptor owns all processed data.