ORDER FORM: VOIE SERVICES
Order Form Effective Date: [Month Day, Year]
PARTIES
Provider: Proxhr, Inc., a California corporation 330 Crane Ave, Suite A, Turlock, CA 95380 Contact: [Name, Email]
Customer: [Client Company Name], a [State] [corporation / LLC] [Customer Address] Contact: [Name, Email, Title]
GOVERNING TERMS
By executing this Order Form, Customer acknowledges that it has read, understands, and agrees to be bound by:
(a) The Master Services Agreement available at https://proxhr.com/policies/msa (the “Agreement”); and
(b) The Data Processing Agreement available at https://proxhr.com/policies/dpa (the “DPA”),
each as in effect on the date of execution of this Order Form and as may be updated from time to time in accordance with the change notification provisions therein. This Order Form, the Agreement, and the DPA together constitute the entire agreement between the Parties with respect to the Services described herein.
1. SERVICE DESCRIPTION
1.1 Verification of Income and Employment (VOIE)
Provider grants Customer access to the VOIE module of the Platform. Provider’s proprietary application will automate the fulfillment of all permitted third-party requests for employment and/or income verifications regarding Customer’s active and terminated employees.
1.2 Commercial Distribution Channels and Consent
Provider shall require all commercial third-party requesters (e.g., credentialed verifiers, financial institutions, background screeners) to (a) hold valid credentials to access the platform and (b) obtain recent, verifiable, and legally sufficient employee consent prior to retrieving or accessing any verification report through the Provider system. The sole exception to the consent requirement is where a request is compelled by a valid court order or lawfully issued subpoena, in which case Provider shall fulfill the request as required by law and, to the extent permitted, notify the affected employee.
The Parties acknowledge that this consent-first standard exceeds the minimum requirements of the FCRA and reflects Provider’s commitment to employee data privacy as a core platform principle. Customer agrees not to direct or authorize Provider to fulfill verification requests outside this framework.
1.3 Employee Self-Service Channel
Provider’s application may be made available directly to Customer’s current employees, allowing them to: (a) securely view historical third-party verification transactions; and (b) generate official employment letters in real-time for non-commercial needs (e.g., immigration, visa applications, social services).
1.4 Integrations
Provider may enable third-party data integrations for other HR service providers (e.g., benefits administrators, applicant tracking systems, payroll systems) upon Customer’s explicit written or electronic request, subject to the Agreement.
2. HRIS DATA INTEGRATION REQUIREMENTS
2.1 Connection
Customer shall grant Provider secure technical access to its HRIS via API (or alternative secure method where API is not feasible). Customer agrees to provision and maintain unique Provider service account credentials with appropriate permissions.
2.2 Data Scope
Customer shall ensure Provider has continuous, automated access to the employment and income data elements necessary to fulfill the VOIE Services for all covered current and former employees, including but not limited to: employee name, dates of employment, job title, employment status, and compensation details (base salary, pay frequency, year-to-date earnings).
2.3 Data Accuracy Warranty
Customer represents and warrants that all data furnished through the HRIS connection is accurate, complete, current, and lawfully maintained. Customer acknowledges that Provider, as a Consumer Reporting Agency, relies on Customer (as the data furnisher) to supply accurate information, and that inaccuracies in source data may result in inaccurate consumer reports for which Customer bears responsibility.
3. COMMERCIAL TERMS
3.1 Core VOIE Pricing
Automated fulfillment of verifications of income and employment, alongside the associated API and system integrations required to establish and power these core capabilities, shall be provided at no cost to Customer.
3.2 Standard Partner Integrations
Standard HR service integrations within Provider’s established partner catalog (e.g., unemployment claims management, WOTC/hiring tax credit, benefits administration) shall be provided at no cost to Customer.
3.3 Custom Work
Standalone integrations, custom integrations, specialized data engineering, or projects outside the scope of Sections 3.1 and 3.2 require a separate SOW with pricing based on size, complexity, and scope.
3.4 Term
This Order Form commences on the Order Form Effective Date and continues for an initial term of twelve (12) months, automatically renewing for successive twelve (12) month terms unless either Party provides written notice of non-renewal at least thirty (30) days prior to expiration of the then-current term.
3.5 Termination
Either Party may terminate this Order Form in accordance with the termination provisions of the Agreement (Sections 11.3 and 11.4).
3.6 Payment Terms
Net 30 days from invoice date, to the extent any fees become applicable under a SOW or amendment to this Order Form.
4. REGULATORY ADDENDUM — FCRA AND STATE PRIVACY LAW
Because the VOIE Services involve the assembly and evaluation of consumer information for third parties, the following terms apply specifically to this Order Form and supersede any conflicting terms in the Agreement or DPA with respect to data processed through the VOIE Services.
4.1 FCRA Applicability and Provider’s Role
Customer acknowledges that Provider acts as a Consumer Reporting Agency (“CRA”) under the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq. (“FCRA”), when providing the VOIE Services. All Customer Data processed via the VOIE module constitutes information used in the preparation of consumer reports and is governed by the FCRA.
4.2 State Privacy Law Exemption
Because VOIE data is governed by the FCRA, the Parties acknowledge that such data is expressly exempt from the CCPA pursuant to Cal. Civ. Code § 1798.145(d)(1), and from equivalent exemptions under other applicable state privacy laws. Provider is not obligated to honor general data deletion, correction, or “right to know” requests under state privacy law for VOIE records, as Provider must maintain accurate and complete records and audit trails as required by the FCRA.
4.3 Permissible Purpose Certification
Provider shall require all third-party verifiers and requesters to certify a permissible purpose under FCRA § 604 (15 U.S.C. § 1681b) before accessing any consumer report through the VOIE platform. Provider shall maintain records of all certifications for the period required by law.
4.4 Customer Obligations as Data Furnisher
Customer acknowledges that it acts as a data furnisher under FCRA § 623 (15 U.S.C. § 1681s-2). As a furnisher, Customer shall:
(a) Accuracy Duty. Furnish accurate and complete data to Provider and promptly update or correct data upon becoming aware of inaccuracies.
(b) Dispute Response. Manage and respond to all FCRA consumer disputes routed through Provider’s HR Admin Dashboard. Customer shall investigate each dispute and provide corrected data (or verify existing data) within fourteen (14) calendar days of receiving a dispute notification, to ensure Provider can meet its thirty (30) day federal resolution mandate under FCRA § 611.
(c) Consequences of Non-Response. If Customer fails to respond within the fourteen (14) day window, Provider may: (i) delete or modify the disputed information based on available evidence to comply with FCRA requirements; and (ii) suspend VOIE Services for the affected record(s) until Customer provides a verified response. Repeated failure to respond may be treated as a material breach of this Order Form.
4.5 Employee Portal and Consumer Dispute Resolution
Provider shall maintain a consumer-facing Employee Portal allowing employees to: (a) view their VOIE data as it appears in consumer reports; (b) initiate disputes regarding accuracy or completeness per FCRA § 611; and (c) place a security freeze or fraud alert on their verification record as applicable.
4.6 Provider’s CRA Obligations
Provider shall comply with its FCRA obligations, including:
(a) Maintaining reasonable procedures to ensure maximum possible accuracy of consumer reports (§ 607(b)).
(b) Investigating consumer disputes within thirty (30) days (or forty-five (45) days if the consumer provides additional information) and providing written notice of results (§ 611).
(c) Providing required disclosures to consumers upon request (§ 609).
(d) Maintaining records as required by FCRA regulations and CFPB guidance.
4.7 Adverse Action Notices
If Customer or any third-party requester takes adverse action based in whole or in part on a consumer report obtained through VOIE, the party taking the action (not Provider) is responsible for all required adverse action notices under FCRA § 615.
5. RECORD RETENTION — VOIE
5.1 FCRA Retention
Provider shall retain VOIE records — including consumer reports, dispute records, permissible purpose certifications, and audit logs — for a minimum of five (5) years (or longer if required by applicable FCRA regulations, CFPB guidance, or state law), regardless of termination of this Order Form or the Agreement.
5.2 No Deletion of FCRA Records
VOIE records subject to FCRA retention requirements cannot be deleted upon termination or upon consumer request under state privacy law. This Section supersedes contrary deletion or return obligations in the Agreement or DPA with respect to FCRA-governed data.
6. INDEMNIFICATION — VOIE SPECIFIC
These provisions supplement (and do not replace) Section 8 of the Agreement:
6.1 By Customer (Data Accuracy). Customer shall defend, indemnify, and hold harmless Provider from third-party claims, regulatory actions, fines, liabilities, damages, or costs (including reasonable attorneys’ fees) arising from the inaccuracy, incompleteness, or untimeliness of data furnished by Customer to the VOIE platform, including claims under FCRA § 623.
6.2 By Provider (CRA Obligations). Provider shall defend, indemnify, and hold harmless Customer from third-party claims, regulatory actions, fines, liabilities, damages, or costs (including reasonable attorneys’ fees) arising from Provider’s failure to comply with its CRA obligations under the FCRA, including failures in dispute investigation, permissible purpose verification, or consumer disclosures.
7. ORDER OF PRECEDENCE
In the event of conflict between this Order Form and the Agreement or DPA, the terms of this Order Form control with respect to the VOIE Services. For all matters not addressed here, the Agreement and DPA apply.
8. NOTICES
All notices under this Order Form shall be sent to the contacts specified in the Parties section above, or as updated in writing.
SIGNATURE
By executing this Order Form, each Party confirms that its signatory has the authority to bind the organization, and that Customer agrees to the terms of the Agreement and DPA referenced in the Governing Terms section above.
AGREED AND ACCEPTED:
| PROVIDER: Proxhr, Inc. | CUSTOMER: [Client Company Name] | |
|---|---|---|
| Signature | _________________________ | _________________________ |
| Printed Name | _________________________ | _________________________ |
| Title | _________________________ | _________________________ |
| Date | _________________________ | _________________________ |