​Rules of Use Conditions of Contract Copyright
   

Rules of Use and Confidentiality Agreement

The Rules of Use and Confidentiality Agreement apply by business type/partner type as follows:


 

Business Type: Retail

The following provisions apply to Retail Vendors.

Important: POL (defined below) establishes terms and conditions for doing business with Target. This agreement governs your use of POL and constitutes a legally binding agreement between you and Target.

  1. Definitions

    Capitalized terms used and not defined herein shall have the same meaning as in Target’s Partners Online® website (or any successor website thereto). For purposes of these Rules, the following terms used herein shall have the following definitions:
  • "Indirect Vendors” means businesses that provide not-for-resale (non-retail) goods or services to Target.Indirect Vendors” means businesses that provide not-for-resale (non-retail) goods or services to Target.
  • “POL” means Partners Online®, the private Internet website owned by Target with an address of www.partnersonline.com (or any successor to such website or any other online system of Target or used by Target), including all terms, conditions, specifications, instructions, data and reporting contained on such website(s) and/or system(s).
  • "Retail Vendors" means all business types except for Indirect Vendors and Transportation Vendors.
  • “Rules” means this Rules of Use and Confidentiality Agreement.
  • “Target” means, as applicable, Target Corporation, or any of its subsidiaries or affiliates.
  • “Transportation Vendors” means businesses that provide or arrange transportation services for Target
  • “User” means any Retail Vendor (and any agents, employees and representatives of such Retail Vendor) that is invited to register on POL together with the parent, subsidiaries, and/or affiliates of such Retail Vendor.

  1. Rules are Legally Binding

    Use of POL constitutes your agreement to the Rules. If you do not agree to the Rules, do not use POL.

    POL. If you have any questions regarding the Rules or POL, before using POL, contact the POL Help Desk at (612) 304-3310. Once you are an approved partner, you can also get assistance by clicking on the Request Support Form located under the Help tab.

    User agrees to the Rules as well as all other terms, conditions, specifications, and instructions for doing business with Target as set forth on POL including, without limitation, the Conditions of Contract.

    Neither Target nor User will contest the validity, enforceability or admissibility of hard copy printouts of the Rules, any term, condition, specification or instruction contained on POL or any notice provided in accordance with the Rules and such hard copy printouts, if introduced as evidence in any judicial or administrative proceedings, will be admissible to the same extent and under the same conditions as other business records originated and maintained in documentary form.

    Target recommends that Users print and/or download copies of the Rules as well as copies of all terms, conditions, instructions and specifications set forth on POL.
  2. Changes

    Target may change the Rules or any term, condition, specification or instruction contained on POL at any time by posting notice of any such change in the “Important Updates” section on the home page of POL (following the User login). All changes shall have an effective date of seven (7) days after they have been posted in the “Important Updates” section, unless a later date is specified. With respect to Purchase Orders or agreements for the purchase of Goods, such changes shall apply to such Purchase Orders or agreements issued or entered into after the effective date of the change. It is User's responsibility to review the “Important Updates” section regularly to obtain notice of such changes. Use of POL following any such change, continuing to maintain an active User ID and password following any such change, or continuing to do business with Target following any such change constitutes your agreement to the changed Rules or changed term, condition, specification or instruction of POL.
  3. Copyright

    The entire contents of POL are copyrighted under United States law and are protected by worldwide copyright laws and treaty provisions. Materials from POL may not be copied, distributed or transmitted in any way without Target’s prior written consent, except that Users may download, print and copy any of the materials to which they have been granted access by Target for User's internal use soley to further the business dealings between User and Target, provided the materials are not altered (in particular, copyright and trademark notices and notices of confidentiality may not be deleted) or modified.

    Target reserves the right to revoke any of the foregoing privileges at any time. Target further reserves full right, title, and interest in and to all intellectual property rights in any and all materials on or downloaded from POL.
  4. Confidentiality

    Definition of “Confidential Information.” “Confidential Information” means all information received, handled, processed, accessed, transmitted or stored by User or its Representatives (as such term is defined herein) relating to or used in Target’s business, regardless of whether it is marked “confidential” or otherwise.

    Confidential Information includes, but is not limited to, any information contained in POL, all business processes and procedures, systems, methods of doing business, data, reports, specifications, formulae, proposals, strategies, business plans and analyses, financial information and projections, personnel information, information about merchandising, information about past, present or potential customers, information about past, present or potential vendors, information about existing or future technology, future stores, and proprietary or third-party software. Unless information is about past, present, or potential customers or employees of Target, the term “Confidential Information” does not include information that: (a) is or becomes known to the public through no fault of User; (b) User rightfully possessed before receiving it from or on behalf of Target; (c) is subsequently disclosed to User by a third party who is not under an obligation of confidentiality; or (d) User develops independently without using Confidential Information.

    Obligation of Confidentiality. User shall not disclose Confidential Information to any of its officers, directors, employees, contractors or agents (including manufacturer’s representatives) (collectively, “Representatives”) or to any third-party without Target’s written consent, except that User may disclose Confidential Information to its officers, directors, employees, contractors, and agents whose duties justify their need to know such Confidential Information, who have been clearly informed of their obligation to maintain the confidential status of such Confidential Information, and who are bound by obligations at least as restrictive as those described in the Rules.  User may disclose Confidential Information to the extent required by applicable federal, state or local law, regulation, court order, or other legal process, provided User has given Target prompt written notice of such required disclosure and, to the extent reasonably possible, has given Target an opportunity to contest such required disclosure at Target’s expense.  User shall cause its Representatives to comply with the Rules and shall be responsible for any breach of the Rules by or involving User’s Representatives. Confidential Information shall continue to be subject to the terms of the Rules indefinitely.

    Permitted Use of Confidential Information. User may not use the Confidential Information, or any information that it develops based on the Confidential Information, directly or indirectly for any purpose other than the purpose for which it was originally disclosed, or for any purposes which could be deemed to be adverse to or competitive with Target or its business.

    Disclaimers. User agrees that Confidential Information is disclosed on an “AS IS” basis, without warranties of any kind. Without limiting the foregoing, Target does not represent or warrant that Confidential Information is accurate, complete or current. The disclosure of Confidential Information containing business plans is for planning purposes only. Target may change or cancel its plans at any time at its sole discretion. User agrees that disclosure of Confidential Information is not a representation that any type of business relationship between the parties will be concluded.


    Return of Confidential Information. Upon the request of Target, User shall cease using and, at Target’s option, either promptly return to Target or arrange for the destruction of all copies (whether hard, electronic or otherwise) of any Confidential Information then in or under the possession or control of User or its Representatives. If returning Confidential Information, User shall return such Confidential Information in a time, manner, and format reasonable requested by Target. If Target directs User to destroy Confidential Information, User shall dispose of the Confidential Information in such a manner that the information cannot be read or reconstructed after destruction. Upon Target's request, User shall certify in writing that User and its Representatives have complied with the obligations set forth in this paragraph.

    Ownership of Confidential Information. Target retains all right, title and interest in and to Confidential Information. Neither the Rules nor any disclosure of Confidential Information shall be deemed to grant User any license or other intellectual property right.


    Injunctive Relief. User acknowledges that the unauthorized use or disclosure by User of Confidential Information would be likely to cause immediate and irreparable harm that could not be fully remedied by monetary damages. User therefore agrees that Target may specifically enforce the Rules and may seek such injunctive or other equitable relief to prevent such unauthorized use or disclosure without the necessity of proving actual harm.
  5. Information Security and Privacy
    User agrees to the following security and privacy requirements with respect to Confidential Information.

    Standard of Care. User represents and warrants that it has taken, and will take, appropriate measures to protect the security, confidentiality, and integrity of the Confidential Information. User shall use the same care to prevent the unauthorized use or disclosure of the Confidential Information as User uses with respect to its own confidential information of a similar nature, but no less than the care a reasonable business person would use under similar circumstances.

    Written Acknowledgments & Compliance. User’s employees, or other persons permitted access to Confidential Information, will sign a written document acknowledging their obligation to maintain the confidential status of Confidential Information and the obligation to adhere to the information security requirements as described in the Rules. User shall develop and maintain an acceptable use policy dictating requirements for use and security of User’s network, and User will also ensure its employees have acknowledged receipt of User’s acceptable use policy on an annual basis and that such acknowledgments are maintained by User. In addition, User shall take reasonable action by instruction or otherwise with respect to User’s employees or other persons permitted access to Confidential Information to cause them to comply fully with User’s obligations under the Rules.


    Security and Privacy Policies. User shall have a security program that addresses the management of security and the security controls employed by User. To the extent Confidential Information includes Personally Identifiable Information (“PII”), then User shall also have a privacy program and related policies that address how PII is collected, used and shared as applicable.  PII includes, but is not limited to, information about an identifiable individual, including name, social security number, driver’s license or state identification number, medical information, financial account number (e.g., credit card number), personal identification number (“PIN”), address, email address, or phone number.

    Access Controls. User shall have appropriate access controls in place to maintain the confidentiality of Target’s Confidential Information, including (a) access to Confidential Information shall be restricted to those officers, directors, employees, contractors, agents or other third parties whose duties justify their need to access Confidential Information and whose access Target deems appropriate; (b) User shall immediately remove the access of any employee, contractor, agent, or other third party to Confidential Information or any Target system upon termination of employment or any change in role; (c) User shall ensure that access to any Target system shall be protected by one of the following controls if any such system is unattended by User for 15 minutes of inactivity: (i) password protected screensaver; or (ii) session timeouts (forced logout); and (d) User will have an Access Control policy that has been approved, published and implemented.

    Network Security. User shall have network security devices in place to prevent and detect unauthorized access to Confidential Information and Target systems. Such network devices shall log events completely, clearly and accurately.

    Reviews and Assessments. Target or its designated representative shall have the right to monitor, review and assess User’s security and privacy practices related to User’s handling of Confidential Information (“Target Assessment”). User shall make available audits, summaries of test results, or other evaluations to assist Target in monitoring compliance with the Rules.

    Incident Reporting and Response. User shall immediately notify Target of any unauthorized access to Target systems or if there is an incident involving Target’s Confidential Information. Notice should be provided to the designated Target contact and by sending an email to security@target.com. If unable to provide notice in this manner, notice should be provided by calling 1-800-541-6838. User shall partner with Target to respond to the incident. Response may include: identifying key partners, investigating Incident, providing regular updates, determining notice obligations and identifying and executing remediation plans. Except as required by law, User shall not notify affected parties, regulators or other third parties without prior consultation with Target. User shall indemnify Target, its parent, affiliates and subsidiaries, and their respective directors, officers, shareholders, employees, contractors, and agents (“Target Parties”) for all reasonable costs, charges, and expenses resulting from any unauthorized access to Confidential Information.

    Legal Requirements and Industry Standards. User agrees to comply with applicable laws, regulatory requirements and industry standard information security and privacy practices.

    Cardholder Information. To the extent User handles cardholder information (e.g. credit or debit card information), operates within Target’s cardholder data environment, or could impact the security of Target’s cardholder data environment, User acknowledges its responsibility to secure such cardholder information and agrees to comply with applicable Payment Card Industry Data Security Standard requirements (“PCI DSS”). User understands that the PCI DSS requirements may exceed or be in addition to the requirements herein.
  6. Security of IDs and Passwords and System Protection

    User is responsible for maintaining the security and confidentially of IDs and passwords issued to User. User shall ensure that it uses strong passwords (for example, passwords that are at a minimum strength of 8 characters and use 3 of 4 ASCII character sets). User shall use two-factor authentication (token supplied by Target) for any remote access to Target hosted systems or applications that contain Confidential Information. User shall not permit unauthorized individuals to use User’s IDs and/or passwords to access POL, nor shall User permit any individuals to share User’s IDs and/or passwords with other individuals to access POL. User is responsible for the actions of any individuals using User’s IDs and passwords to access POL. User agrees to defend and indemnify the Target Parties against any claims, losses, damages, costs, expenses, fines and other liabilities arising out of User’s failure to maintain the security and confidentiality of its IDs and/or passwords or arising out of the unlawful use of POL by User or any person who obtains access to POL using User’s ID and password.
  7. Anti-Virus Protection

    User agrees to run anti-virus software before transmitting data to or through POL. User may use any commercially available, industry recognized anti-virus software of the type that detects and disinfects viruses automatically without the need for User to execute virus scanning for each file manually. User must update its anti-virus software on a regular basis and in no event less often than once each quarter. Target strongly recommends updating anti-virus software every month.
  8. Disclaimers

    Target is providing POL and its contents on an “as is”, “as available” basis and makes no representations or warranties of any kind with respect to POL or its contents. Target disclaims all representations and warranties, whether express, implied or statutory, including warranties of merchantability and fitness for a particular purpose.
    Without limiting the foregoing, Target does not warrant that the operation of POL will be uninterrupted or error-free. User is responsible for taking appropriate precautions against damage to its operations that could be caused by defects, interruptions, or malfunctions of POL and assumes the risk of such occurrences.
    Target reserves the right to make changes to or to discontinue operation of POL at any time.
  9. Limitations on Target's Liability

    By accessing POL, User agrees that none of the Target Parties will be liable for any direct or indirect loss or damages arising out of, resulting from, or connected with the operation of POL or User's use of POL whether based on negligence, breach of contract or warranty, or otherwise. This is a comprehensive limitation of liability that applies to all damages of any kind, including general, special, consequential (including, lost profits or savings), incidental and exemplary damages. If any part of this limitation on liability is found to be invalid or unenforceable for any reason, then Target's maximum aggregate liability under such circumstances for liabilities that otherwise would have been limited shall not exceed $1,000.00.
  10. General

    Modifications. No addition to or modifications of the Rules or waiver of any of the Rules shall be binding on Target or User unless made in accordance with Section 3 hereof or in writing and executed on behalf of Target and User.

    Governing Law and Venue. The laws of the State of Minnesota, without regard to Minnesota’s choice of law principles, govern all matters arising out of or related to the Rules. The parties agree that the exclusive forum and venue for any lawsuit arising out of or related to the Rules shall be the United States District Court for the District of Minnesota, and the parties submit to the personal jurisdiction of that court. If neither subject matter nor diversity jurisdiction exists in the United States District Court for the District of Minnesota, then the exclusive forum and venue for any such action shall be the courts of the State of Minnesota located in Hennepin County, and the parties submit to the personal jurisdiction of that court.

    Waivers. No provision of the Rules may be waived, except pursuant to a writing executed by the party against whom the waiver is sought. No failure to exercise, partial exercise of, or delay in exercising any right or remedy or requiring the satisfaction of any condition under the Rules operates as a waiver or estoppel of any right, remedy, or condition.

    Remedies. All remedies provided for in the Rules shall be cumulative and in addition to and not in lieu of any other remedies available at law, in equity or otherwise.

    Severability. If any provision of the Rules is held invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions will not be affected or impaired.

    Survival. Notwithstanding anything to the contrary herein, (i) any duty or obligation that has been incurred under the Rules and that has not been fully observed, performed or discharged, and any right which has been created under the Rules and which has not been fully enjoyed, enforced or satisfied, shall survive the termination or expiration of the Rules until such duty or obligation has been fully observed, performed or discharged and such right has been fully enjoyed, enforced or satisfied, and (ii) all representations, warranties and indemnities shall survive the termination of or expiration of the Rules.

    Entire Agreement. POL, the Rules and the Conditions of Contract, including all exhibits and other attachments thereto, as well as documents and other information specifically referenced on POL, constitute the entire expression of the parties’ agreement with regard to the subject matter herof. All prior and contemporaneous negotiations and agreements between the parties with regard to the subject matter hereof are expressly merged into and superseded by POL, the Rules and the Conditions of Contract.

Business Type: Indirect Vendors and Transportation Vendors 

The following provisions apply to Indirect Vendors and Transportation Vendors. 
Important: POL (defined below) establishes certain terms and conditions for doing business with Target. This agreement governs your use of POL and constitutes a legally binding agreement between you and Target.

  1. Definitions.

    Capitalized terms used and not defined herein shall have the same meaning as in Target’s Partners Online® website (or any successor website thereto). For purposes of these Rules, the following terms used herein shall have the following definitions:

    • “Indirect Vendors” means businesses that provide not-for-resale (non-retail) goods or services to Target.
    • “POL" means Partners Online®, the private Internet website owned by Target with an address of www.partnersonline.com (or any successor to such website or any other online system or website of Target or used by Target), including all terms, conditions, specifications, instructions, data and reporting contained on such website(s) and/or system(s).
    • “Rules” means this Rules of Use and Confidentiality Agreement.
    • “Target” means, as applicable, Target Corporation or any of its subsidiaries or affiliates.
    • “Transportation Vendors” means businesses that provide or arrange transportation services for Target.
    • “User” means any Indirect Vendor or Transportation Vendor (and any agents, employees and representatives of such Indrect Vendor or Transportation Vendor) that is invited to register on POL, together with the parent, subsidiaries, and/or affiliates of such Indrect Vendor or Transportation Vendor, as applicable.
  2. Rules are Legally Binding

    Use of POL constitutes your agreement to the Rules. If you do not agree to the Rules, do not use POL.
    If you have any questions regarding the Rules or POL, before using POL, contact your Target representative.

    User agrees to the Rules as well as all other applicable terms, conditions, specifications, and instructions for doing business with Target as set forth on POL. Provided, however, that if a provision of the master agreement signed between User and Target outside of POL conflicts with a provision set forth on POL, the provision of the master agreement shall control.


    Neither Target nor User will contest the validity, enforceability or admissibility of hard copy printouts of the Rules, any term, condition, specification or instruction contained on POL, or any notice provided in accordance with these Rules and such hard copy printouts, if introduced as evidence in any judicial or administrative proceedings, will be admissible to the same extent and under the same conditions as other business records originated and maintained in documentary form.

    Target recommends that Users print and/or download copies of the Rules as well as copies of all applicable terms, conditions, instructions and specifications set forth on POL.
  3. Changes

    Target may change the Rules or any term, condition, specification or instruction contained on POL at any time by posting notice of any such change in the “Important Updates” section on the home page of POL (following the User login). All changes shall have an effective date of seven (7) days after they have been posted in the “Important Updates” section, unless a later date is specified. It is User's responsibility to review the “Important Updates” section regularly to obtain notice of such changes. Use of POL following any such change, continuing to maintain an active User ID and password following any such change, or continuing to do business with Target following any such change constitutes your agreement to the changed Rules or changed term, condition, specification or instruction of POL, as applicable.

    Target reserves the right to revoke any of the foregoing privileges at any time. Target further reserves full right, title, and interest in and to all intellectual property rights in any and all materials on or downloaded from POL.
  4. Copyright

    The entire contents of POL are copyrighted under United States law and are protected by worldwide copyright laws and treaty provisions. Materials from POL may not be copied, distributed or transmitted in any way without Target’s prior written consent, except that Users may download, print and copy any of the materials to which they have been granted access by Target for User's internal use soley to further the business dealings between User and Target, provided the materials are not altered (in particular, copyright and trademark notices and notices of confidentiality may not be deleted) or modified.

    Target reserves the right to revoke any of the foregoing privileges at any time. Target further reserves full right, title, and interest in and to all intellectual property rights in any and all materials on or downloaded from POL.
  5. Confidentiality

    If User is a party to a non-disclosure agreement with Target, (“NDA”) that protects Target’s Confidential Information with respect to the subject matter hereof, the provisions of such NDA shall control and the terms of this Section 5 shall not apply. 

    Definition of “Confidential Information.” “Confidential Information” means all information received, handled, processed, accessed, transmitted or stored by User or its Representatives (as such term is defined herein) relating to or used in Target’s business, regardless of whether it is marked “confidential” or otherwise (collectively, “Confidential Information”).

    Confidential Information includes, but is not limited to, any information contained in POL, all business processes and procedures, systems, methods of doing business, data, reports, specifications, formulae, proposals, strategies, business plans and analyses, financial information and projections, personnel information, information about merchandising, information about past, present or potential customers, information about past, present or potential vendors, information about existing or future technology, future stores, and proprietary or third-party software. Unless information is about past, present or potential customers or employees of Target, the term “Confidential Information” does not include information that: (a) is or becomes known to the public through no fault of User; (b) User rightfully possessed before receiving it from or on behalf of Target; (c) is subsequently disclosed to User by a third party who is not under an obligation of confidentiality; or (d) User develops independently without using Confidential Information.

    Obligation of Confidentiality. User shall not disclose Confidential Information to any of its officers, directors, employees, contractors or agents (including manufacturer’s representatives) (collectively, “Representatives”) or to any third- party without Target’s written consent, except that User may disclose Confidential Information to its officers, directors, employees, contractors, and agents whose duties justify their need to know such Confidential Information, who have been clearly informed of their obligation to maintain the confidential status of such Confidential Information, and who are bound by obligations at least as restrictive as those described in the Rules.  User may disclose Confidential Information to the extent required by applicable federal, state or local law, regulation, court order, or other legal process, provided User has given Target prompt written notice of such required disclosure and, to the extent reasonably possible, has given Target an opportunity to contest such required disclosure at Target’s expense.

    User shall cause its Representatives to comply with the Rules and shall be responsible for any breach of the Rules by or involving User’s Representatives. Confidential Information shall continue to be subject to the terms of the Rules indefinitely.

    Permitted Use of Confidential Information. User may not use the Confidential Information, or any information that it develops based on the Confidential Information, directly or indirectly, for any purpose other than the purpose for which it was originally disclosed, or for any purposes which could be deemed to be adverse to or competitive with Target or its business.

    Disclaimers. User agrees that Confidential Information is disclosed on an “AS IS” basis, without warranties of any kind. Without limiting the foregoing, Target does not represent or warrant that Confidential Information is accurate, complete or current. The disclosure of Confidential Information containing business plans is for planning purposes only. Target may change or cancel its plans at any time at its sole discretion. DisclosureUser agrees that disclosure of Confidential Information is not a representation that any type of business relationship between the parties will be concluded.

    Return of Confidential Information. Upon the request of Target, User shall cease using and, at Target’s option, either promptly return to Target or arrange for the destruction of all copies (whether hard, electronic or otherwise) of any Confidential Information then in User’sor under the possession or under User’s control of User or its Representatives. If returning Confidential Information, User shall return such Confidential Information in a time, manner, and format reasonably requested by Target. If Target directs User to destroy Confidential Information, User shall dispose of the Confidential Information in such a manner that the information cannot be read or reconstructed after destruction. Upon Target’s request, User shall certify in writing that User and its Representatives have complied with the obligations set forth in this paragraph.

    Ownership of Confidential Information. Target retains all right, title and interest in and to Confidential Information. Neither the Rules nor any disclosure of Confidential Information shall be deemed to grant User any license or other intellectual property right.


    Injunctive Relief. User acknowledges that the unauthorized use or disclosure by User of Confidential Information would be likely to cause immediate and irreparable harm that could not be fully remedied by monetary damages. User therefore agrees that Target may specifically enforce the Rules and may seek such injunctive or other equitable relief to prevent such unauthorized use or disclosure without the necessity of proving actual harm.
  6. Information Security and Privacy
    If User is a party to an Information Security Addendum or other agreement with Target that includes information security provisions (either, an “ISA”), and any provision set forth in the section below conflicts with a provision in the ISA, the stricter provision shall control.

    User agrees to the following security and privacy requirements with respect to Confidential Information.

    Standard of Care. User represents and warrants that it has taken, and will take, appropriate measures to protect the security, confidentiality, and integrity of the Confidential Information. User shall use the same care to prevent the unauthorized use or disclosure of the Confidential Information as User uses with respect to its own confidential information of a similar nature, but no less than the care a reasonable business person would use under similar circumstances.
    Reviews and Assessments. Target or its designated representative shall have the right to monitor, review and assess User’s security and privacy practices related to User’s handling of Target’s Confidential Information (“Target Assessment”). User shall make available audits, summaries of test results, or other evaluations to assist Target in monitoring compliance with the Rules.

    Written Acknowledgments & Compliance. User’s employees, or other persons permitted access to Confidential Information, will sign a written document acknowledging their obligation to maintain the confidential status of Confidential Information and the obligation to adhere to the information security requirements as described in the Rules. User shall develop and maintain an acceptable use policy dictating requirements for use and security of User’s network, and User will also ensure its employees have acknowledged receipt of User’s acceptable use policy on an annual basis and that such acknowledgments are maintained by User. In addition, User shall take reasonable action by instruction or otherwise with respect to User’s employees or other persons permitted access to
    Confidential Information to cause them to comply fully with User’s obligations under the Rules.

    Security and Privacy Policies. User shall have a security program that addresses the management of security and the security controls employed by the User. To the extent Confidential Information includes Personally Identifiable Information (“PII”), then User shall also have a privacy program and related policies that address how PII is collected, used and shared as applicable.  PII includes, but is not limited to, information about an identifiable individual, including name, social security number, driver’s license or state identification number, medical information, financial account number (e.g., credit card number), personal identification number (“PIN”), address, email address, or phone number.

    Access Controls. User shall have appropriate access controls in place to maintain the confidentiality of Target’s Confidential Information, including (a) access to Confidential Information shall be restricted to those officers, directors, employees, contractors, agents or other third parties whose duties justify their need to access Confidential Information and whose access Target deems appropriate; (b) User shall immediately remove the access of any employee, contractor, agent, or other third party to Confidential Information or any Target system upon termination of employment or any change in role; (c) User shall ensure that access to any Target system shall be protected by one of the following controls if any such system is unattended by User for 15 minutes of inactivity: (i) password protected screensaver; or (ii) session timeouts (forced logout); and (d) User will have an Access Control policy that has been approved, published and implemented.

    Network Security. User shall have network security devices in place to prevent and detect unauthorized access to Confidential Information and Target systems. Such network devices shall log events completely, clearly and accurately.

    Reviews and Assessments. Target or its designated representative shall have the right to monitor, review and assess User’s security and privacy practices related to User’s handling of Confidential Information (“Target Assessment”). User shall make available audits, summaries of test results, or other evaluations to assist Target in monitoring compliance with the Rules.

    Incident Reporting and Response. User shall immediately notify Target of any unauthorized access to Target systems or if there is an incident involving Target’s Confidential Information.  Notice should be provided to the designated Target contact and by sending an email to security@target.com. If unable to provide notice in this manner, notice should be provided by calling 1-800-541-6838. User shall partner with Target to respond to the incident. Response may include: identifying key partners, investigating Incident, providing regular updates, determining notice obligations and identifying and executing remediation plans. Except as required by law, User shall not notify affected parties, regulators or other third parties without prior consultation with Target. User shall indemnify Target, its parent, affiliates and subsidiaries, and their respective directors, officers, shareholders, employees, contractors, and agents (“Target Parties”) for all reasonable costs, charges, and expenses resulting from any unauthorized access to Confidential Information.


    Legal Requirements and Industry Standards. User agrees to comply with applicable laws, regulatory requirements and industry standard information security and privacy practices.


    Cardholder Information. To the extent User handles cardholder information (e.g. credit or debit card information), operates within Target’s cardholder data environment, or could impact the security of Target’s cardholder data environment, User acknowledges its responsibility to secure such cardholder information and agrees to comply with applicable Payment Card Industry Data Security Standard requirements (“PCI DSS”). User understands that the PCI DSS requirements may exceed or be in addition to the requirements herein.

  7. Security of IDs and Passwords and System Protection

    User is responsible for maintaining the security and confidentially of IDs and passwords issued to User. User shall ensure that it uses strong passwords (for example, passwords that are at a minimum strength of 8 characters and use 3 of 4 ASCII character sets). User shall use two-factor authentication (token supplied by Target) for any remote access to Target hosted systems or applications that contain Target Confidential Information. User shall not permit unauthorized individuals to use User’s IDs and/or passwords to access POL, nor shall User permit any individuals to share User’s IDs and/or passwords with other individuals to access POL. User is responsible for the actions of any individuals using User’s IDs and passwords to access POL. User agrees to defend and indemnify the Target Parties against any claims, losses, damages, costs, expenses, fines and other liabilities arising out of User’s failure to maintain the security and confidentiality of its IDs and/or passwords or arising out of the unlawful use of POL by User or any person who obtains access to POL using User’s ID and password.
  8. Anti-Virus Protection

    User agrees to run anti-virus software before transmitting data to or through POL. User may use any commercially available, industry recognized anti-virus software of the type that detects and disinfects viruses automatically without the need for User to execute virus scanning for each file manually. User must update its anti-virus software on a regular basis and in no event less often than once each quarter. Target strongly recommends updating anti-virus software every month.
  9. Disclaimers

    Target is providing POL and its contents on an “as is”, “as available” basis and makes no representations or warranties of any kind with respect to POL or its contents. Target disclaims all representations and warranties, whether express, implied or statutory, including warranties of merchantability and fitness for a particular purpose.

    Without limiting the foregoing, Target does not warrant that the operation of POL will be uninterrupted or error-free. User is responsible for taking appropriate precautions against damage to its operations that could be caused by defects, interruptions, or malfunctions of POL and assumes the risk of such occurrences.

    Target reserves the right to make changes to or to discontinue operation of POL at any time.

  10. Limitations on Target's Liability

    By accessing POL, User agrees that none of the Target Parties will be liable for any direct or indirect loss or damages arising out of, resulting from, or connected with the operation of POL or User's use of POL, whether based on negligence, breach of contract or warranty, or otherwise. This is a comprehensive limitation of liability that applies to all damages of any kind, including general, special, consequential (including, lost profits or savings), incidental and exemplary damages. If any part of this limitation on liability is found to be invalid or unenforceable for any reason, then Target’s maximum aggregate liability under such circumstances for liabilities that otherwise would have been limited shall not exceed $1,000.00.
  11. General

    Modifications. No addition to or modifications of the Rules or waiver of any of the Rules shall be binding on Target or User unless made in accordance with Section 3 hereof or in writing and executed on behalf of Target and User.

    Governing Law and Venue. The laws of the State of Minnesota, without regard to Minnesota’s choice of law principles, govern all matters arising out of or related to the Rules. The parties agree that the exclusive forum and venue for any lawsuit arising out of or related to the Rules shall be the United States District Court for the District of Minnesota, and the parties submit to the personal jurisdiction of that court. If neither subject matter nor diversity jurisdiction exists in the United States District Court for the District of Minnesota, then the exclusive forum and venue for any such action shall be the courts of the State of Minnesota located in Hennepin County, and the parties submit to the personal jurisdiction of that court.

    Waivers. No provision of the Rules may be waived, except pursuant to a writing executed by the party against whom the waiver is sought. No failure to exercise, partial exercise of, or delay in exercising any right or remedy or requiring the satisfaction of any condition under the Rules operates as a waiver or estoppel of any right, remedy, or condition.

    Remedies. All remedies provided for in the Rules shall be cumulative and in addition to and not in lieu of any other remedies available at law, in equity or otherwise.

    Severability. If any provision of the Rules is held invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions will not be affected or impaired.

    Survival. Notwithstanding anything to the contrary herein, (i) any duty or obligation that has been incurred under the Rules and that has not been fully observed, performed or discharged, and any right which has been created under the Rules and which has not been fully enjoyed, enforced or satisfied, shall survive the termination or expiration of the Rules until such duty or obligation has been fully observed, performed or discharged and such right has been fully enjoyed, enforced or satisfied, and (ii) all representations, warranties and indemnities shall survive the termination of or expiration of the Rules.

    Entire Agreement. POL and the Rules constitute the entire expression of the parties’ agreement with regard to the use of POL.  All prior and contemporaneous negotiations and agreements between the parties with regard to the use of POL are expressly merged into and superseded by POL and the Rules. 

  

Modified: 9/25/2018 9:34 AM