Frame
REQUEST A DEMO
SIGN UP
Frame
Frame

Terms of Use

Posted on March 18, 2025

Terms of Use

Last Updated September 15, 2025

THE TERMS AND CONDITIONS SET FORTH HEREIN (THE “TERMS”) ARE A LEGAL CONTRACT BETWEEN YOU AND FIRM PROSPECTS, LLC (“FIRM PROSPECTS”, “WE” OR “US”). THE TERMS GOVERN YOUR USE OF THE WEBSITE LOCATED AT WWW.FIRMPROSPECTS.COM, HTTPS://ENGAGE.FIRMPROSPECTS.COM, AND ANY OTHER WEB PAGES OR SUBPAGES HOSTED UNDER THESE DOMAINS OR OTHERWISE LINKED TO THESE DOMAINS BY FIRM PROSPECTS, ITS SUBSIDIARIES, OR AFFILIATED COMPANIES (COLLECTIVELY, THE “SITE”), AS WELL AS ALL SOFTWARE, SERVICES, OR CONTENT PROVIDED THROUGH OR ASSOCIATED WITH THE SITE (COLLECTIVELY, THE “SERVICES”). UNLESS OTHERWISE SPECIFIED, ALL REFERENCES TO “SITE” INCLUDE THE SERVICES AVAILABLE THROUGH THE SITE. BY USING THIS SITE OR THE SERVICES, YOU ARE AGREEING TO ALL OF THESE TERMS; IF YOU DO NOT AGREE WITH ANY OF THESE TERMS, DO NOT ACCESS OR OTHERWISE USE THE SITE AND ANY OF THE SERVICES, OR ANY INFORMATION OR MATERIALS CONTAINED WITHIN THE SITE.

The words “you,” “your,” or “user,” whether or not capitalized, as used herein, refer to all individuals and/or entities accessing or using the Site or any Services, for any reason.

Use of the Site

All materials available on or through the Site, including text, data, designs, graphics, logos, icons, images, audio clips, downloads, interfaces, code, software, and their selection and arrangement (“Content”), are proprietary to Firm Prospects or its licensors and protected by copyright, trademark, and other laws.
These Terms apply generally to your access and use of the Services. However, if you have a Subscription Agreement or other written agreement with Firm Prospects, the terms of that Subscription Agreement or written agreement will control in the event of any conflict with these Terms.
Unless explicitly permitted by Firm Prospects in writing, you may not copy, reproduce, distribute, transfer, publish, broadcast, create derivative works from, or otherwise exploit the Content.
Resale, transfer, or use of the Content for any third-party benefit is prohibited. You shall not use or distribute the Content in any way that competes with Firm Prospects’ business. You may not construct any database from the Content, store it (in whole or part) in any database accessible by third parties, or use it to enhance data sold or offered for sale. Systematic retrieval of data from the Site is strictly prohibited.

You shall not use, post, distribute, or disseminate any Content from the Site: (a) in violation of intellectual property, privacy, publicity, or personal rights; (b) in connection with defamatory, libelous, obscene, threatening, abusive, harassing, hateful, racially or ethnically objectionable, or otherwise unlawful materials; (c) for promotional communications, solicitations, spam, junk mail, chain letters, pyramid schemes, or framing, embedding, or deep linking within other websites.

You shall not disrupt or attempt to interfere with the proper functioning of the Site or related servers and networks, nor attempt unauthorized access to restricted Content or systems. You shall not take actions placing an unreasonable or disproportionate load on the Site, its infrastructure, or Firm Prospects’ Services.
The use of automated means, including scrapers, bots, spiders, crawlers, data mining tools, software, or code to access, copy, or monitor any portion of the Site, Content, Services, or Firm Prospects’ databases is prohibited.
You shall not use software or hardware designed to damage, disrupt, or intercept any data, systems, or personal information associated with the Site or Firm Prospects’ Services. Transmission of viruses, worms, Trojan horses, or other harmful software or code to the Site is strictly prohibited.

Security

You shall not violate or attempt to violate the security of the Site or Services, including, without limitation, attempting unauthorized access, probing, scanning, or testing vulnerabilities of systems or networks, interfering with services, or engaging in other activities intended to disrupt, harm, or gain unauthorized access to Firm Prospects’ systems, data, or infrastructure.

Data Privacy

You agree to abide by the terms of the Data Access Addendum (“DAA”) set forth in Schedule I with respect to the Processing of Personal Data (as defined in Schedule I) made available to you via the Services. In the event of an inconsistency between the DAA and any other provision of the Terms, the DAA shall prevail.

Your use of the Site and Services is also subject to Firm Prospects’ Privacy Policy, which is incorporated into these Terms by reference. Please review our Privacy Policy carefully to understand our practices regarding your personal information: http://www.firmprospects.com/privacy.

Accuracy and Completeness of Information

Firm Prospects makes commercially reasonable efforts to ensure the accuracy and completeness of the Site and Content; however, Firm Prospects does not guarantee that all information provided will always be accurate, complete, or current, and Firm Prospects expressly disclaims liability for errors, omissions, or inaccuracies on the Site.

Changes

Firm Prospects may make changes to the content and features of the Site and any Services at any time, with or without notice to you. Firm Prospects can change, update, or add or remove provisions of these Terms, at any time by posting updated Terms at http://www.FirmProspects.com/ terms-of-use. If we make a material modification to these Terms or the Privacy Policy (as defined below), we will notify you by (1) sending an email to the email address you have provided in your account (if any) or, (2) displaying an announcement on the Site, above the text of the Terms or the Privacy Policy, as appropriate, for thirty (30) days, after which the notice will be removed. Except as otherwise provided in this paragraph, these Terms may not be amended. By using this Site and/or the Services after Firm Prospects has updated the Terms or Privacy Policy, you are agreeing to the updated terms; if you do not agree with any of the updated terms, you must stop using the Site and the Services.

Eligibility

Age. Users must be at least eighteen (18) years old or the age of majority in the jurisdiction in which you reside in order to use the Site and the Services. By using the Site or the Services, you represent, acknowledge and agree that you are at least 18 years of age and have the right, authority and capacity to agree to and abide by these Terms.

Compliance with Law. You also represent that you will use the Site and Services in a manner consistent with any and all applicable laws and regulations.

Termination. Firm Prospects may terminate these Terms and your use of the Site and Services without notice if we, in our sole discretion, believe that you are less than 18 years old, or have otherwise violated the Terms.

Subscription

Firm Prospects grants to you, for the duration of your subscription to the Firm Prospects Site, a non- exclusive, non-transferable, limited right to access the Services solely for use by you and the persons authorized to access such Services (“Authorized Users”). No person may access or use the Services or access the Content unless they are Authorized Users consisting of employees, temporary employees, or owners within your organization.

Assignment

You may not assign or transfer your rights or obligations under these Terms without Firm Prospects’ prior written consent. Firm Prospects may assign or transfer these Terms freely without restriction.

Resale Prohibition

Resale, uploading to any service (unless explicitly agreed to in writing by Firm Prospects), or sharing of or otherwise providing Firm Prospects’ Services or Content for any purpose is strictly prohibited. Any violation of this prohibition of data resale allows Firm Prospects the right to immediately terminate your license without refund. You are responsible for reimbursing Firm Prospects for loss or damages resulting from violation of this prohibition, including legal fees.

Entire Agreement

These Terms, along with the Privacy Policy and any applicable Subscription Agreement or other written agreement between you and Firm Prospects, constitute the entire agreement between you and Firm Prospects regarding the use of the Site and Services and supersede all prior agreements or understandings.

Title

You hereby acknowledge and agree that all right, title and interest in and to the Site are, and shall remain, vested solely in Firm Prospects, and you shall not hold yourself out as having any ownership or other rights with respect thereto, except as specifically granted hereunder. Unless otherwise noted, the Content that is part of the Site consists of copyrights, trademarks, service marks, trade dress, domain names, and/or other intellectual property owned, controlled, or licensed by Firm Prospects, its affiliates, or the organizations with which Firm Prospects has arranged to post materials on the Site.

Payment and Billing

If payment is being made by credit card, you hereby authorize Firm Prospects’ billing company to charge your credit card for the amounts due and payable for access to the Firm Prospects’ Sites (the “Subscription Fees”). Subscription Fees are exclusive of applicable sales, use, value added tax (VAT) or equivalent, and other taxes, which are Subscriber’s responsibility, unless otherwise required by law.

Electronic Communications

By using the Site and/or the Services, you consent to receiving electronic communications from Firm Prospects. These electronic communications may include information about Firm Prospects’ Services and features of the Site, notices about applicable fees and charges, transactional information and other information concerning or related to the Site and/or Services. These electronic communications are part of your relationship with Firm Prospects. You agree that any notices, agreements, disclosures or other communications that we send you electronically will satisfy any legal communication requirements, including that such communications be in writing.

Links to Third Party Sites

The Site may be linked to or may link to third party websites and applications that are not operated by Firm Prospects, including, without limitation, the law firms or other employers from whom we gather our data, social networking, and similar websites through which you may be able to connect using the Site (collectively, “Third Party Sites”). Third Party Sites may have different privacy policies and terms and conditions and/or user guides and business practices than Firm Prospects, and you further acknowledge and agree that your use of such Third Party Sites is governed by the respective Third Party Site privacy policy, terms and conditions, and/or user guides. You hereby agree to comply with any and all terms and conditions, users’ guides and privacy policies of any of Third Party Sites. Firm Prospects provides links to the Third Party Sites to you as a convenience. Firm Prospects does not verify, make any representations or take responsibility for such Third Party Sites, including, without limitation, the truthfulness, accuracy, quality or completeness of the content, services, links displayed and/or any other activities conducted on or through such Third Party Sites. YOU AGREE THAT FIRM PROSPECTS WILL NOT, UNDER ANY CIRCUMSTANCES, BE RESPONSIBLE OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY GOODS, SERVICES, INFORMATION, RESOURCES AND/OR CONTENT AVAILABLE ON OR THROUGH ANY THIRD PARTY SITES AND/OR THIRD-PARTY DEALINGS OR COMMUNICATIONS, OR FOR ANY HARM RELATED THERETO, OR FOR ANY DAMAGES OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH YOUR USE OR RELIANCE ON THE CONTENT OR BUSINESS PRACTICES OF ANY THIRD PARTY. Any reference on the Site to any product, service, publication, institution, organization of any third party entity or individual does not constitute or imply Firm Prospects’ endorsement or recommendation.

Indemnification

You agree to indemnify, defend, and hold harmless Firm Prospects, its affiliates, officers, employees, contractors, and agents from and against all claims, damages, losses, liabilities, costs, and expenses, including reasonable attorneys’ fees, arising from or related to (i) your use or misuse of the Site or Services, (ii) violation of these Terms, or (iii) violation of any third-party rights through your use of the Site or Services.

Disclaimer of Warranties

Your use of the Site and/or the Services is at your own risk. The Materials have not been verified or authenticated in whole or in part by Firm Prospects, and they may include inaccuracies or typographical or other errors. Firm Prospects does not warrant the accuracy or timeliness of the Materials contained on the Site. Firm Prospects has no liability for any errors or omissions in the Materials, whether provided by Firm Prospects, our licensors or suppliers.
FIRM PROSPECTS, FOR ITSELF AND ITS LICENSORS, MAKES NO EXPRESS, IMPLIED OR STATUTORY REPRESENTATIONS, WARRANTIES, OR GUARANTEES IN CONNECTION WITH THE SITE, THE SERVICES, OR ANY MATERIALS, RELATING TO THE QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF ANY INFORMATION OR MATERIAL CONTAINED OR PRESENTED ON THE SITE, INCLUDING WITHOUT LIMITATION THE MATERIALS. UNLESS OTHERWISE EXPLICITLY STATED, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SITE, THE SERVICES, AND MATERIALS, AND ANY INFORMATION CONTAINED OR PRESENTED ON THE SITE IS PROVIDED TO YOU ON AN “AS IS,” “AS AVAILABLE” AND “WHERE-IS” BASIS WITH NO WARRANTY OF IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. FIRM PROSPECTS DOES NOT PROVIDE ANY WARRANTIES AGAINST VIRUSES, SPYWARE OR MALWARE THAT MAY BE INSTALLED ON YOUR COMPUTER.

Limitation of Liability

Except as permitted below, your sole and exclusive remedies against Firm Prospects with respect to the Services, Materials and/or data or information provided therein, including any errors, inaccuracies, omissions or delays therein or thereof, shall be limited to our issuing corrected information as soon as reasonably practicable following receipt of written notice of such problem from you.
If Firm Prospects fails to provide the remedies set forth immediately above, or if Firm Prospects otherwise fails to perform its duties and obligations under these Terms, and you can establish that as a direct result thereof you have incurred any damages, liabilities, losses, fees, costs or expenses, then Firm Prospects’ liability to you for actual damages for any cause whatsoever, during the term of your subscription, whether in contract, tort (including negligence), strict liability or otherwise, shall not exceed in the aggregate the fees that you have paid for the Services in question during the subscription period in question. IN NO EVENT SHALL FIRM PROPSECTS, ANY INFORMATION PROVIDER OR ANY OTHER PROVIDER OF SERVICES, DATA AND/OR INFORMATION FOR FIRM PROSPECTS BE LIABLE FOR ANY LOSS OF PROFIT OR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, MULTIPLE, PUNITIVE OR CONSEQUENTIAL DAMAGES SUSTAINED OR INCURRED IN CONNECTION WITH THE SERVICES OR CONTENT, REGARDLESS OF THE FORM OF THE ACTION AND WHETHER SUCH DAMAGES WERE FORESEEN OR UNFORESEEN AND EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Jurisdiction and Governing Law

These Terms and any action related hereto will be governed by Massachusetts law. No choice of law rules of any jurisdiction will apply. This Site has been designed to comply with the laws of the Commonwealth of Massachusetts and of the United States. If any Content on the Site, or your use of the Site, is contrary to the laws of the place where you are when you access it, the Site is not intended for you, and we ask you not to use the Site. You are responsible for informing yourself of the laws of your jurisdiction and complying with them.

Reservation of Rights

Firm Prospects reserves the right, in its sole discretion, to limit or terminate your access to or use of the Site or the Services at any time without notice. Termination of your access or use will not waive or affect any other right or relief to which Firm Prospects may be entitled at law or equity.

Severability

If any one or more of the provisions of the Terms shall be held to be invalid, illegal or unenforceable for any reason, then the validity, legally or enforceability of the remaining provisions of the Terms shall not be affected thereby. To the extent permitted by applicable law, the parties waive any provisions of law that render any provision of the Terms invalid, illegal or unenforceable in any respect.

Dispute Resolution

You agree that all disputes or claims arising from or related to your use of the Site or Services shall be resolved exclusively through binding arbitration under the rules of the American Arbitration Association, in Massachusetts. You agree to waive any right to jury trial or participation in class actions.

No Waiver

Firm Prospects’ failure to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.

Force Majeure

Firm Prospects shall not be liable for failure to perform obligations under these Terms due to events beyond its reasonable control, including but not limited to natural disasters, governmental actions, technical failures, acts of terrorism, or interruptions to telecommunications or internet services.

Copyright Infringement (DMCA)

If you believe your copyright-protected work has been infringed on the Site, you may send a DMCA notice to Firm Prospects’ designated agent at support@FirmProspects.com, with detailed information supporting your claim.

Feedback

If you send or transmit any communications, comments, questions, suggestions, or related materials to Firm Prospects, whether by letter, email, telephone, or otherwise (collectively, “Feedback”), suggesting or recommending changes to the Site, any Services or Materials, including, without limitation, new features or functionality relating thereto, all such Feedback is, and will be treated as, non-confidential and non-proprietary. You hereby assign all right, title, and interest in, and Firm Prospects is free to use, without any attribution or compensation to you, any ideas, know-how, concepts, techniques, or other intellectual property and proprietary rights contained in the Feedback, whether or not patentable, for any purpose whatsoever, including but not limited to, developing, manufacturing, having manufactured, licensing, marketing, and selling, directly or indirectly, products and services using such Feedback. You understand and agree that Firm Prospects is not obligated to use, display, reproduce, or distribute any such ideas, know-how, concepts, or techniques contained in the Feedback, and you have no right to compel such use, display, reproduction, or distribution.

Contact Us

If you have any questions about these Terms or otherwise need to contact Firm Prospects for any reason, you can reach us at support@FirmProspects.com.

SCHEDULE I - DATA ACCESS ADDENDUM

This terms of this Data Access Addendum (“DAA”) apply to your access to the Services offered by Firm Prospects in accordance with the Terms.  By using the Services, you agree (on your own behalf and on behalf of any person for whom you act) as follows:

Capitalized terms not otherwise defined herein shall have the meaning ascribed to them in the Terms.  For purposes of the DAA, you and Firm Prospects are each referred to as a “Party” and collectively as the “Parties.” In the event of any conflict between certain provisions of this DAA and the provisions of the Terms, the provisions of the DAA shall prevail.

1. DEFINITIONS

1.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

1.2 The terms, “Controller”, “Member State”, “Processor”, “Sub-processor”, “Processing” and “Supervisory Authority” “Personal Data Breach” shall have the same meaning as in the GDPR. 

1.3 “Data Protection Laws” means all applicable and binding privacy and data protection laws and regulations, including such laws and regulations as applicable to the Processing of the Shared Personal Data under the Terms including (without limitation) the GDPR and the UK GDPR, as applicable to the Parties in relation to the Shared Personal Data hereunder and in effect at the time of the Parties’ performance hereunder.

1.4 “Data Subject” means the identified or identifiable person to whom the Personal Data relates who is not a resident of the United States.

1.5 “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.6 “Personal Data” or “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable natural person who is not a resident of the United States, which is processed by a Party, under this DAA and the Terms.

1.7 “Shared Personal Data” means the Personal Data shared by Firm Prospects with you under the Terms and this DAA as further detailed in Schedule II attached hereto.

1.8 “Standard Contractual Clauses” shall mean the Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

1.9 “UK GDPR” means the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).

2. PROCESSING OF PERSONAL DATA

2.1 Roles of the Parties. The Parties acknowledge and agree that with regard to the Shared Personal Data, each of Firm Prospects and you are separate and independent Data Controllers. The Parties acknowledge and agree that they will not be joint or ‘co’ controllers (as defined in the GDPR) with respect to the Shared Personal Data.

2.2 Notice and Legal Basis. Firm Prospects shall ensure that it has legitimate grounds under the Data Protection Legislation for the Processing of Shared Personal Data. Firm Prospects undertakes to inform the Data Subjects, in accordance with the Data Protection Law, of the purposes for which it will process their Personal Data, the legal basis for such purposes and such other information as is required by the Data Protection Law including (i) if Shared Personal Data will be transferred to a third party, that fact and sufficient information about such transfer and the purpose of such transfer to enable the Data Subject to understand the purpose and risks of such transfer; and (ii) if Shared Personal Data will be transferred outside the UK or EEA, that fact and sufficient information about such transfer, the purpose of such transfer and the safeguards put in place to enable the Data Subject to understand the purpose and risks of such transfer.

2.3 The Parties’ Processing of Shared Personal Data. When Processing the Shared Personal Data under the Terms and this DAA, each Party shall Process the Shared Personal Data solely for applicable business purposes only.

3. COMPLIANCE WITH DATA PROTECTION LAWS

Without derogating from the foregoing, each Party shall be responsible independently and separately for complying with the obligations that apply to it as a Data Controller under Data Protection Laws, including with regards to the Shared Personal Data.

4. DATA SUBJECT RIGHTS

Taking into account the nature of the Processing, the Parties each agree to provide such assistance as is reasonably required and requested by the other Party to enable it to comply with requests received from Data Subjects to exercise their rights under Data Protection Laws with respect to the Shared Personal Data, within the time limits imposed by the Data Protection Law pursuant to which the Data Subject Request was made. Each Party is responsible for maintaining records of Data Subject Requests it receives and the decisions made with respect thereto, as required under Data Protection Laws. 

5. SECURITY

5.1 Each Party shall have implemented and will maintain, appropriate technical and organizational measures for the protection of the Shared Personal Data Processed hereunder as required by Data Protection Laws (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to Shared Personal Data, confidentiality and integrity of the Shared Personal Data). As the data importer, you shall implement technical and organizational measures (‘TOMs’) substantially similar to those set forth in Schedule IV.


5.2 Without derogating from the foregoing, each Party shall be responsible to comply with security requirements that apply to it as a Data Controller under Data Protection laws, including with regards to the Shared Personal Data.

6. CONFIDENTIALITY

The Parties shall ensure that Personal Data is kept confidential and their personnel, advisors, and sub-processors engaged in the Processing of Shared Personal Data have committed themselves to confidentiality.

7. PERSONNEL

7.1 Each Party shall take reasonable steps to ensure the reliability of staff and advisors who may have access to Shared Personal Data, prior to allowing them such access. If an individual is not suited to access Shared Personal Data, then the Party shall not provide such individual with access to Shared Personal Data.


7.2 Each Party shall ensure that its staff with managerial oversight over the Shared Personal Data: (i) has such access only as necessary for the purposes as determined herein and by each Party separately; (ii) are contractually bound to confidentiality requirements no less onerous than in this DPA and the Terms; (iii) are provided with appropriate privacy and security training, at least annually; (iv) are informed of the confidential nature of the Shared Personal Data, and required to keep it confidential; and (v) are aware of their Party’s duties and obligations under this DPA and the Terms.

8. DATA INCIDENT MANAGEMENT AND NOTIFICATION

8.1 Each Party shall:

 

    8.1.1 without undue delay (and within 72 hours), notify the other party of the existence, nature and scope of any Personal Data Breach affecting Shared Personal Data; in any case within a sufficient timeframe to enable the other Party to comply with their respective obligations (if any) to make notification(s) of the Personal Data Breach under Data Protection Laws;

 

    8.1.2 comply with its obligations under applicable Data Protection Laws in respect of all Personal Data Breaches affecting Shared Personal Data;

 

    8.1.3 without undue delay, notify the other party of the existence of any requests for disclosure of the Shared Personal Data by a Supervisory Authority and/or any other law enforcement authority or court unless prohibited under criminal law specifically requiring the disclosing Party to preserve the confidentiality of a law enforcement investigation against the other Party.

 

    8.1.4 not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Personal Data Breach or disclosure request which directly or indirectly identifies the other Party (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without the other Party’s prior written approval, unless, and solely to the extent that, the disclosing Party is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, the disclosing Party shall provide the other Party with reasonable prior written notice to provide the other Party with the opportunity to object to such disclosure and in any case the disclosing Party shall limit the disclosure to the minimum scope required.

9. CROSS BORDER TRANSFERS

9.1 Transfers from the EEA, Switzerland and the United Kingdom to countries that offer adequate level of data protection. Personal Data may be transferred from EU Member States, the three EEA member countries (Norway, Liechtenstein and Iceland) (collectively, “EEA”), Switzerland and the United Kingdom (“UK”) to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the European Union, the Member States or the European Commission, Switzerland, and/or the UK as relevant (“Adequacy Decisions”), as applicable, without any further safeguards being necessary.


9.2 Transfers from the EEA, Switzerland and the United Kingdom to other countries. If the Parties’ processing of the Shared Personal Data under this DAA includes a transfer (either directly or via an onward transfer):


9.2.1 From the EEA or Switzerland to other countries which have not been subject to a relevant Adequacy Decision, and such transfers are not performed through an alternative recognized compliance mechanism for the lawful transfer of personal data (as defined in the GDPR) outside the EEA or Switzerland (“EEA Transfer”), the terms set forth in Part 1 of Schedule III (EEA Cross Border Transfers) shall apply;


9.2.2 From the UK to other countries which have not been subject to a relevant Adequacy Decision, and such transfers are not performed through an alternative recognized compliance mechanism for the lawful transfer of personal data (as defined in the UK GDPR) outside the UK (“UK Transfer”), the terms set forth in Part 2 of Schedule III (UK Cross Border Transfers) shall apply;


9.2.3 the terms set forth in Part 3 of Schedule III (Additional Safeguards) shall apply to an EEA Transfer and a UK Transfer.

10. OTHER PROVISIONS

10.1 Governing Law. To the maximum extent permitted by law, this DAA shall be governed by the laws governing the Terms, except for those provisions of clauses which dictate the application of another law for particular purposes.


10.2 Modifications. Each Party may by at least forty-five (45) calendar days’ prior written notice to the other Party, request in writing any variations to this DAA if they are required as a result of any change in, or decision of a competent authority under Data Protection Laws, to allow Processing of the Shared Personal Data to be made (or continue to be made) in accordance with the Terms or this DAA without breach of those Data Protection Laws. The Parties shall make commercially reasonable efforts to accommodate such modification requested by a Party. The Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in the notice as soon as is reasonably practicable. In the event that the Parties are unable to reach such an Terms within 30 days of such notice, then each Party may, by written notice to the other Party, with immediate effect, terminate this DAA and the Terms.


10.3 Point of Contact. Each Party shall appoint a single point of contact or contact person who will be responsible for any issue arising under this DAA, including ensuring that such Party complies with this DAA.


10.4 Notice. In accordance with the provision in the Terms.


10.5 Order of Precedence. In the event of any inconsistency between this DAA and Data Protection Laws, the Data Protection Laws shall prevail. In the event of any inconsistency between clauses or sections of this DAA and clauses or sections of the Standard Contractual Clauses (where applicable), the clauses or sections of the Standard Contractual Clauses most favorable to the affected Data Subject shall prevail.

SCHEDULE II - DETAILS OF THE SHARED PERSONAL DATA

Categories of Data Subjects: Attorney profile data gathered from publicly available websites.


Type of Personal Data to be shared: Names, title, employment addresses, telephone numbers, email addresses, and such other personal data as may be available via the Services in accordance with the Firm Prospects Privacy Policy.


Special/ Sensitive category data: N/A


Purpose: To allow for the lawful provision of the Services, under the Terms, and in addition:
• manage information security, including debugging to identify and repair errors that impair existing intended functionality;
• prevent fraud and detect security incidents, protecting against malicious, deceptive, or illegal activity, and prosecuting those responsible for that activity;
• demonstrate compliance with Data Protection Legislation;
• performing services including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, engage in advertising or marketing including by way of e-marketing, providing analytic services, or providing similar services.
And all such other purposes described in each Party’s Privacy Policy and in the Terms.


Recipients. The personal data transferred may be disclosed only to the following recipients or categories of recipients: Firm Prospects affiliates or external subcontractors (as necessary to manage the provision of the Services and ensure the cross-border delivery of Services), Firm Prospect clients, screening providers and competent public authorities or bodies (where required to lawfully provide the Services).

SCHEDULE III – CROSS BORDER TRANSFERS

1. PART 1 – EEA Transfers

1.1. The Parties agree that the terms of the Standard Contractual Clauses are hereby incorporated by reference and shall apply to an EEA Transfer.

 

1.2. Module One (Controller to Controller) of the Standard Contractual Clauses shall apply where the EEA Transfer is effectuated by Firm Prospects as an independent and separate data controller of the Shared Personal Data to you as an independent and separate data controller of the Shared Personal Data.

 

1.3. Clause 7 of the Standard Contractual Clauses (Docking Clause) shall not apply.

 

1.4. In Clause 11 of the Standard Contractual Clauses, the optional language will not apply.

 

1.5. With respect to Clause 17 of the Standard Contractual Clauses the Parties agree that the Standard Contractual Clauses shall be governed by the laws of the Republic of Ireland.

 

1.6. In Clause 18(b) of the Standard Contractual Clauses, disputes will be resolved before the courts of the Republic of Ireland.

 

1.7. Annex I.A of the Standard Contractual Clauses shall be completed as follows:

 

Data Exporter: Firm Prospects

 

Contact details: As detailed in the Terms.

 

Data Exporter Role:

 

Module One: The Data Exporter is an independent and separate data controller.

 

Signature and Date: By entering into the Terms and DAA, Data Exporter is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the Terms.

 

Data Importer: You

 

Contact details: As detailed in the Terms.

Data Importer Role:

 

Module One: The Data Importer is an independent and separate data controller.

 

Signature and Date: By entering into the Terms and DAA, Data Importer is deemed to have signed these Standard Contractual Clauses, incorporated herein, including their Annexes, as of the Effective Date of the Terms.

 

1.8. Annex I.B of the Standard Contractual Clauses shall be completed as follows:

 

    1.8.1. The categories of data subjects are described in Schedule II (Details of Processing) of this DAA.

 

    1.8.2. The categories of personal data are described in Schedule II (Details of Processing) of this DAA.

 

    1.8.3. The frequency of the transfer is a continuous basis for the duration of the Terms.

 

    1.8.4. The nature of the processing is described in Schedule II (Details of Processing) of this DAA.

 

    1.8.5. The purpose of the processing is described in Schedule II (Details of Processing) of this DAA.

 

    1.8.6. The period for which the personal data will be retained is for the duration of the Terms, unless agreed otherwise between the Parties.

 

    1.8.7. To the extent applicable, the subject matter, nature, and duration of the processing of transfers to Sub-processors, shall be set forth in Schedule II (Details of Processing) of this DAA.

 

1.9. Annex I.C of the Standard Contractual Clauses shall be completed as follows:

 

     1.9.1. The competent supervisory authority in accordance with Clause 13 is the supervisory authority in the Republic of Ireland (for Data Subjects in the European Economic Area) and the United Kingdom (for Data Subjects residing in the United Kingdom).

 

1.10. The security measures set forth in Schedule IV shall serve as Annex II of the Standard Contractual Clauses.

 

1.11. To the extent there is any conflict between the Standard Contractual Clauses and any other terms in this DAA or the Terms, the provisions of the Standard Contractual Clauses will prevail.

2. PART 2 – UK Transfers

2.1. The Parties have agreed that the Standard Data Protection Clauses issued by the Information Commissioners Office under S119A(1) Data Protection Act 2018 (“UK Addendum”) (found here) are hereby incorporated by reference and shall apply to a UK Transfer.

2.2. The UK Addendum is hereby incorporated by reference:

    a. Table 1: The Parties: as detailed in the Terms.

    b. Table 2: Selected SCCs, Modules and Selected Clauses: as detailed in Part 1, except that the laws of the United Kingdom shall govern with respect to disputes involving data subjects residing in the United Kingdom, and the disputes shall be resolved in the courts of the United Kingdom.

    c. Table 3: Appendix Information: as set out in the Annexes to Part 1.

    d. Table 4: Importer and Exporter are selected.

3. PART 3 – Additional Safeguards

3.1. In the event of an EEA Transfer or a UK Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:


    3.1.1. The Data Importer shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the Data Exporter to the Data Importer and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.


    3.1.2. The Data Importer will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, including under section 702 of the United States Foreign Intelligence Surveillance Act (“FISA”);


    3.1.3. If the Data Importer becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:


    i. The Data Importer shall inform Data Exporter in writing;


    ii. The Data Importer will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under the Data Importer’s control and notify the Data Exporter, immediately after first becoming aware of such demand for access and provide the Data Exporter with all relevant details of the same, unless and to the extent legally prohibited to do so.


3.2. Not more than once in every 12-month period, the Data Importer will inform the Data Exporter, at the Data Exporter’s written request and to the extent permitted by law, of the categories of binding legal demands for Personal Data processed subject to this DAA it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA. In the event of an EEA Transfer or a UK Transfer, the Parties agree to have in place and maintain in accordance with good industry practice measures to protect the Shared Personal Data from interception (including in transit from Data Exporter to Data Importer and between different systems and services).

Schedule IV - Technical and Organizational Security Measures

Considering the nature, scope, context and purposes of the processing activities and the risk for the rights and freedoms of natural persons, the following is a description of the elements that are essential to the level of security applied to such processing.


1. Policies and Procedures. Data Importer shall maintain written security management policies and procedures (“Importer Policies”) to protect the confidentiality, integrity, or availability of Data Importer information systems that store, process, transfer or access the Personal Data (“Importer Systems”).


2. Security Evaluations. Data Importer shall periodically conduct and document technical security assessment(s) of its Importer Policies and Importer Systems to ensure compliance with the obligations set forth in applicable law.


3. Audits. Upon written request, Data Importer shall allow Data Exporter to perform audits that assess the effectiveness of Data Importer’s information security program as relevant to the security and confidentiality of Personal Data shared in accordance with the Terms.


4. Physical Security. Data Importer shall maintain appropriate physical security controls (including facility and environmental controls) to prevent unauthorized physical access to Importer Systems.


5. Access Limitation. Data Importer shall implement appropriate access controls restricting access to Personal Data to only such employees, agents, subcontractors, and sub-processors as need to know the information in order to perform their obligations described in any agreement of the parties.


6. Perimeter Controls. Data Importer shall maintain reasonable network perimeter controls such as firewalls or Web Application Firewalls (WAF) at all perimeter connections to the Data Importer’s Systems.


7. Vulnerability Management and Testing. Data Importer shall employ reasonable vulnerability management processes to mitigate data security risks, including, without limitation, mitigation steps to resolve issues identified by Data Importer or as required by law. Data Importer shall permit security vulnerability testing by another Data Importer and their approved third parties for the purpose of identifying security vulnerabilities in Data Importer’s systems hosting Personal Data, provided such testing shall be subject to other Data Importer providing reasonable prior notice and Data Importer obtaining any necessary consents from its hosting platform provider.


8. System Hardening. Data Importer’s configuration parameters for Importer Systems shall include procedures to disable all unnecessary services on devices and servers and shall be applied to all Importer Systems that access, transmit or store Personal Data.


9. Patch Management. Data Importer shall establish and adhere to Importer Policies for patching Importer Systems.


10. Virus Detection. Data Importer shall install commercially reasonable malicious code detection software, to include virus detection and malware detectors, on all systems vulnerable to malware that are used to access, process or store Personal Data, and Data Importer shall keep antimalware virus signatures up to date.


11. System Logs. Data Importer shall maintain system logs that uniquely identify individual users and their access to associated systems and identify the attempted or executed activities of such users. Data Importer shall identify, investigate and respond to any suspicious or malicious activity identified in such Importer System log. Data Importer shall preserve a security log audit trail for Importer System.


12. Training. Data Importer shall further ensure that its personnel have received appropriate training on their responsibilities pursuant to the Terms with respect to the handling of Personal Data.


13. Change Control Process. Data Importer shall maintain reasonable change control processes to approve and track changes within Data Importer’s computing environment.


14. Protection of Storage Media. Data Importer shall ensure that storage media containing Personal Data is properly sanitized of all Data Importer’s Personal Data or is destroyed prior to disposal. All media on which Personal Data is stored shall be protected against unauthorized access or modification. Data Importer shall maintain reasonable and appropriate processes and mechanisms to maintain accountability and tracking of the receipt, removal and transfer of storage media used for Data Importer information systems on which Data Importer’s Personal Data is stored.


15. System Accounts. Data Importer shall maintain appropriate Importer Policies for requesting, approving, auditing, and administering accounts and access privileges for Data Importer information systems hosting Personal Data.


16. Passwords. Data Importer shall implement appropriate password parameters for systems that access, transmit or store Personal Data (“Related Systems”). Data Importer shall implement strong two factor authentication and complex passwords (“Passwords”) for all network and systems access to Related Systems. Data Importer shall adhere to industry standard password practices. Default manufacturer passwords used in Data Importer’s products shall be changed upon installation.


17. Data Destruction. All Personal Data shall be securely destroyed once it is no longer needed via commercially reasonable processes. Data Importer’s strategy for data destruction must be documented and include logs for all Personal Data destroyed, which shall be available for other Data Exporter’s review.

Ready to get started?

Sign up for your free account or contact us to learn more.

CREATE FREE ACCOUNT
CREATE FREE ACCOUNT
CONTACT US
Image
© 2026 Firm Prospects. All Rights Reserved