Software as a Service Terms of Service Agreement


This Software as a Service Terms of Service Agreement (the “Agreement”) is entered into between ActoVoice Inc., a Florida Corporation with its principal place of business located at 1511 E. State Road 434, Suite 2001, Winter Springs, FL 32708 (the “Company”) and the Organization, as described in the Service Plan, incorporated by reference herein, and will be effective from the date specified on the Service Plan (the “Effective Date”). (Company and Organization may be referred to singularly as a “Party” or collectively as the “Parties.”)


1. Definitions

a. “Authorized Users” means the number of identifiable unique persons consisting of Organization’s personnel and outside consultants who are authorized to access and use the Services, as specified in the applicable Service Plan. Authorized Users may include Organization’s third-party consultants, outsourcers, contractors, and other service providers.

b. “End Users” means the Organization’s customers who use the Services to provide feedback to the Organization.

c. “Organization Data” means the Organization’s information or other data processed, stored, or transmitted by, in, or through the Services, including, but not limited to, personal information relating to the Organization’s personnel, End Users, and prospective End Users.

d. “Portal” means the Company’s website or mobile app including the Technology.

e. “Proprietary Rights” means any and all rights, whether registered or unregistered, in and with respect to patents, copyrights, confidential information, know-how, trade secrets, moral rights, contract or licensing rights, confidential and proprietary information protected under contract or otherwise under law, trade names, domain names, trade dress, logos, animated characters, trademarks, service marks, and other similar rights or interests in intellectual or industrial property. 

f. “Service Plan” means a form, incorporating the terms of this Agreement, by which an Organization selects and commences Services. A Service Plan can be either a written form, specified as a “Service Plan”, or an electronic form the Organization configures through the Portal.

g. “Services” means the service plans and features selected by the Organization and specified on the applicable Service Plan and any updates or upgrades to such services that may be generally released by the Company to all customers from time to time. These Services may change by mutual consent of the Parties, as recorded through the Service Plan.

h. “Technology” means the computer hardware, software, and other tangible equipment and intangible computer code necessary to deploy and serve the Services via the Portal.


2. Services; Portal. The Portal is a customer engagement platform that allows the End Users to have continuous communication with the Organization. Depending on your Service Plan, your End Users may have the ability to provide freeform feedback to you, ask for assistance from you, and/or take surveys you have provided.


3. Subscription Fees.

a. Payment for Services. Organization shall pay to the Company the periodic subscription fees for the Services and technical support services provided in this Agreement in accordance with the applicable Service Plan.

b. Subscription Cancellation. If the Company is unable to charge an Organization using the form of payment indicated on the Service Plan, the Company may terminate this Agreement and access to the Services, immediately and without notice to the Organization.

c. No Refunds. If access to the Portal is cancelled or terminated, the Organization is not entitled to any proration or refund of any unused subscriptions.


4. Taxes. All fees exclude tax and duties. If the Company is required to pay or collect any federal, state, local, value added, tax, or duty on any fees charged under this Agreement, or any other similar taxes or duties levied by any governmental authority, excluding taxes levied on the Company’s net income, such taxes and/or duties will be billed to and paid by the Organization immediately upon receipt of the Company’s invoice and supporting documentation for the taxes or duties charged.


5. Storage Provided by the Services.

a. The Company will provide the Organization free storage as provided for in the Service Plan. For additional storage requirements, the Organization must enter into an additional agreement with the Company to cover IT and storage costs.

b. The Company shall store Organization Data for twelve (12) months on a rolling basis. If the Organization requires longer storage of Organization Data, the Organization must either export the Organization Data or enter into an additional agreement with the Company to cover IT and storage costs.

c. If the Organization’s access to the Services is terminated, the Organization may no longer have access to any of the Organization Data. The Company is not responsible for providing the Organization access to the Organization Data after the cancellation or termination of this Agreement.


6. Organization Data.

a. No Commingling of Organization Data. The Services will be operated in an environment where (i) all Organization Data will be stored on files totally separate from those of other customers of the Company or (ii) all files containing Organization Data are partitioned sufficiently to protect the security and privacy of Organization Data.

b. Content Ownership. The Parties acknowledge that all Organization Data used with the Services and all the data derived from such Organization Data is and will remain the property of the Organization.

c. Trial Version. A trial version of the Services gives the Organization access to the Services for a limited amount of time (the “Trial Period”) as described in the Services Plan. At the end of the Trial Period, the Organization will have no access to any Organization Data acquired or created during this Trial Period unless the Organization has upgraded to a paid version of the Services.

d. Use of Organization Data is at the Organization’s Risk. The Company shall have no responsibility for the accuracy, quality, integrity, legality, reliability, or appropriateness of any Organization Data including, but not limited to, End User supplied content. The Organization acknowledges that use of any Organization Data generated, obtained, or acquired through the use of the Services is at the Organization’s sole risk and discretion. The Company is not liable or responsible for any results generated using the Organization Data. THE ORGANIZATION UNDERSTANDS AND AGREES THAT IT IS USING THE SERVICES/PORTAL AT ITS OWN RISK. THE ORGANIZATION ASSUMES ALL RISKS AND RESPONSIBILITY FOR ITS USER OF THE SERVICES AND UNDERSTANDS THAT THE ORGANIZATION DATA IS STORED AT THE ORGANIZATION’S OWN RISK.


7. Use Restrictions.

a. Organization covenants and agrees that its use of the Services will be in a manner consistent with this Agreement and with all applicable laws and regulations, including trade secret, copyright, trademark, and export control laws. Without limiting the generality of the foregoing, Organization shall not, nor shall it permit or assist others, (i) to abuse or fraudulently use the Services; (ii) to process or permit to be processed the data of any third party that is not expressly authorized herein to access and use such Services; and (iii) to attempt to copy, reverse engineer, decompile, disassemble, create a derivative work from, or otherwise attempt to derive the source code of any part of the Technology; or (iv) to access, alter, or destroy any information of any customer of the Company by fraudulent means or device, or attempt to do so.

b. Organization covenants and agrees that it will not use either the trial version or the paid version of the Services for competitive analysis purposes. The Organization’s use of the Services for competitive analysis is a breach of this Agreement and will result in automatic, immediate termination of the Services.


8. Not for Emergency Use. The Organization shall not use the Services for medical emergencies or other mission critical applications. The Organization shall instruct End Users to call 911 or other first responders in case of serious emergencies. THE COMPANY IS NOT LIABLE FOR ANY FAILURES OR COMMUNICATIONS OR RESPONSE ISSUES.


9. Rewards and ActoPoints. The Organization may, in its sole discretion, grant End Users rewards and ActoPoints for using the ActoVoice software in specific ways. These rewards and ActoPoints are subject to the following:

a. If an End User account is deleted, the End User removes the ActoVoice app from its mobile device, or the End User service is terminated by the Company for any reason, the End User rewards and ActoPoints will be forfeited.

b. The End User may not attempt to cheat the system to attain rewards or ActoPoints.

c. The Company and/or the Organization, in their sole discretion, for any reason or no reason, may cancel rewards or ActoPoints at any time.

d. The Company and/or the Organization, in their sole discretion, may terminate an End User account if they suspect fraudulent activity on the End User’s account.

e. The rewards and ActoPoints programs are subject to change at any time.

f. The rewards and ActoPoints programs will vary depending upon the End User’s country of residence.

g. The End User will be required to provide its full name, address, telephone number, country, e-mail address, and any other information requested by the Company or the Organization to redeem rewards.

h. An End User can only claim one reward per unique interaction with an Organization.


10. Security. The Organization will be solely responsible for acquiring and maintaining technology and procedures for maintaining the security of its link to the Internet. As part of the Services, the Company shall implement reasonable security procedures consistent with the prevailing industry standard to protect Organization Data from unauthorized access (the “Security Standard”). The Company will not, any under circumstances, be held responsible or liable for situations (i) where data or transmissions are accessed by third parties through illegal or illicit means, or (ii) where the data or transmissions are accessed through the exploitation of security gaps, weaknesses, or flaws unknown to the Company at the time. The Company will promptly report to the Organization any unauthorized access to Organization Data promptly upon discovery by the Company and the Company shall use diligent efforts to promptly remedy any breach of security that permitted such unauthorized access. In the event notification to persons included in such Organization Data is required, the Organization shall be solely responsible for any and all such notifications, at its expense.


11. Accounts for Services. The Company will permit access to the Services only over the Internet using account information assigned by the Company. Account information will be deemed the Confidential Information of both Parties.


12. Technical Requirements for Services.

a. Capacities. The Services will be rendered in a manner that will support the Authorized User requirements and other requirements provided in the applicable Service Plan.

b. Scalability. The Services will be scalable in a manner that allows the Services to meet any forecasted increase provided in the applicable Service Plan.

c. Internet Data Centers. The Services will be provided through Internet Data Centers that are configured consistent with the prevailing industry standards for fireproofing, power and backup generation, structural integrity, seismic resistance and resistance to other natural and man-made disruptions. In addition, the facility will be secured against physical and electronic intrusion in a manner consistent with prevailing industry standards. The Company may outsource its Internet Data Center operations to subcontractors; provided, however, that the Company shall be responsible for the performance of such subcontractors, and the Company shall be liable for any action or inaction by such subcontractors as if performed by the Company.


13. Monitoring of Organization’s and End User’s Use. The Company has no obligation to monitor posts by the Organization or its End Users or to exercise editorial control over such posts; however, the Company reserves the right to review such posts and to remove any material that, in the Company’s judgment, is not appropriate.


14. Confidential Information. For purposes of this Agreement, “Confidential Information” means Organization Data and non-public aspects of Organization technology, computer programs, and business and technical information and data. In addition, Confidential Information includes information which, although not related to the Services or this Agreement, is nevertheless disclosed hereunder, and which, in any case, is disclosed by the Organization to the Company and which Organization has indicated to Company is confidential or proprietary in nature.

a. Restrictions on Use and Disclosure. Company may use Confidential Information of the Organization only for the purposes of this Agreement and shall protect such Confidential Information from disclosure to others, using the same degree of care used to protect its own proprietary information of like importance, but, in any case, using no less that a reasonable degree of care. The Organization may disclose Confidential Information received hereunder only as reasonably required to perform its obligations under this Agreement and only to its employees who have a need to know for such purposes and who are bound by signed, written agreements to protect the received Confidential Information form unauthorized use and disclosure.

b. Exclusions. The restrictions of this Agreement on use and disclosure of Confidential Information will not apply to information that: (i) is in the possession or control of the Company at the time of its disclosure hereunder; (ii) is, or becomes, publicly known, through no wrongful act of the Company; (iii) is received by the Company by a third party free to disclose it without obligation to the Organization; (iv) is independently developed by a party as evidenced by its written and dated records and without any breach of this Agreement; or (v) is the subject of a written permission to disclose provided by the Organization. The Company may disclose Confidential Information of the Organization pursuant to the requirements of a governmental agency or by operation of law, provided that the Company gives the Organization written notice thereof as soon as practicable and reasonably cooperates with Organization to contest such disclosure.

c. HIPAA HITECH Compliance. The Company shall comply with (i) HIPAA as amended by HITECH and (ii) the terms and conditions of the Business Associate Agreement attached as the HIPAA HITECH Exhibit.

d. GLB Compliance. The Company shall comply with the terms and conditions of the attached GLB Exhibit regarding Services to the Organization whereby the Company receives from or creates or receives on behalf of Organization “Nonpublic Personal Information,” as defined under the privacy or security regulations issued under Gramm-Leach-Bliley act also knows as the Financial Service Modernization Act of 1999 (“GLB”).


15. Purchase of Additional Services. Organization may elect to purchase rights for additional Authorized Users and/or additional services by Service Plan from time to time. Such additional purchases will be governed by the terms and conditions in this Agreement. The Organization agrees that, absent the Company’s express written acceptance thereof, the terms and conditions contained in any Service Plan or other document issued by the Organization to the Company for the additional purchases, will not be binding on the Company if such terms and conditions are additional to or inconsistent with those contained in this Agreement.


16. Technical Support, Training, and Consulting Services. During the term of this Agreement, the Company will provide technical support in the form of responses to questions by e-mail or telephone at no additional charge. The support time typically will be 9:00AM-6:00PM EST/EDT Monday – Friday. Consulting Services will be negotiated by the Parties and agreed upon in writing.


17. Technical Contacts. Organization shall designate one of its employees as its principal contact for communicating with the Company regarding technical issues. Organization may change its technical contact by written notice to the Company.


18. Proprietary Rights Ownership. Ownership of the Proprietary Rights embodied in the Portal, Services, and the Technology will remain exclusively vested in and be the sole and exclusive property of the Company and its licensors. In addition, the Organization hereby transfers and assigns to the Company, any rights the Organization may have to any suggestions, ideas, enhancement requests, feedback, recommendations, or other information provided by the Organization relating to the Services. The domain name, product names, and logos associated with the Services are trademarks of the Company or third parties, and no right or license is granted to use them.


19. Organization Representations and Warranties.

a. The Organization represents and warrants that it is not located in a country that is subject to a U.S. Government embargo, or that it has been designated by the U.S. Government as a “terrorist-supporting” country, and it is not listed on any U.S. Government list of prohibited or restricted parties.

b. The Organization represents and warrants that (i) the performance of its obligations and use of the Services (by Organizations and its Authorized Users) will not violate any applicable laws or regulations including, but not limited to, any and all laws and regulations regarding the transfer to personal information of residents of the European Union outside the European Union or (ii) cause a breach of any agreements with any third parties or unreasonably interfere with the use by other customers of the Services.

c. The Organization acknowledges that (i) the Company is not required to monitor the content of information passing through the Services for purposes of verifying accuracy or legal compliance and (ii) the Organization shall use commercially reasonable efforts to ensure that the information it and its Authorized Users transmit thereby complies with all applicable laws and regulations, whether now in existence or hereafter enacted and in force.

d. In the event of breach by the Organization of any of the foregoing representations or warranties, in addition to any other remedies available at law or in equity, the Company will have the right to suspend immediately any Services if the Company deems it reasonably necessary to prevent any harm to the Company and its business. The Company shall provide notice to the Organization and an opportunity to cure, if practicable, depending on the nature of the breach. Once cured, the Company shall promptly restore the Services.


20. Company Representations and Warranties. The Company represents and warrants that (i) it has the legal right to enter into this Agreement and perform its obligations under this Agreement, and (ii) the performance of its obligations and delivery of the Services to the Organization will not violate any applicable laws or regulations of the United States or cause a breach of any agreements between the Company and any third parties. In the event of a breach by the Company of the foregoing warranties, the Organization’s sole remedy is termination of this Agreement upon written notice to the Company.


21. DMCA Notice. The Company respects the intellectual property rights of others and expects the Organization to do the same. The Company will remove all infringing content if properly notified that it infringes third-party copyrights, and may do so at its sole discretion, without prior notice at any time. Under the United States Digital Millennium Copyright Act of 1998 (the “DMCA”), it is the Company’s policy to respond expeditiously to copyright owners who believe content infringes their rights. The Company reserves the right to remove any content without prior notice to the Organization, any End User, or any third party. If the Organization believes that content made available through the Portal infringes its copyright, the Organization may send the Company a notice requesting that it be removed or that the Company block access to it. If the Organization believes that such a notice has been filed wrongfully against it, the DMCA allows the Organization to send the Company a counter notice. Notices and counter notices must meet DMCA’s requirements. The Company recommends that the Organization consult its legal advisor before filing a notice or counter notice. There can be substantial penalties for false claims. Notice and counter notices may be sent to the Company’s copyright agent at It is the Company’s policy, in appropriate circumstances, to terminate the account of any Organization or End User who has committed multiple infringements.


22. Limited Warranty. The Company represents and warrants that the Services will: (i) conform to all material operational features as described in the applicable Service Plan and (ii) be free of errors and defects that materially affect the performance of such features (“Limited Warranty”), provided that the Organization notifies the Company of any such non-conformity, error, or defect. The Organization’s sole and exclusive remedy for breach of this Limited Warranty will be the prompt correction of material, non-conforming Services at the Company’s expense.




24. Disclaimer of Actions of Third Parties. The Company does not and cannot control the flow of data to or from the Company’s Technology and other parts of the Internet. Such flow of data depends on the performance of the Internet services provided or controlled by third parties. At times, actions or inactions of such third parties can impair or disrupt Organization’s connections of the Internet (or portions thereof). Although the Company will use commercially reasonable efforts to take all actions it deems appropriate to remedy and avoid such events, the Company cannot guarantee that such events will not occur. THE COMPANY DISCLAIMS ANY AND ALL LIABILITY RESULTING FROM OR RELATED TO THE PERFORMANCE OR NON-PERFORMANCE OF INTERNET SERVICES, SOFTWARE COMPONENTS, OR OPERATING SYSTEMS PROVIDED OR CONTROLLED BY THIRD PARTIES, INCLUDING, BUT NOT LIMITED TO APPLE AND ANDROID, WHICH ARE NOT THE COMPANY’S SUBCONTRACTORS.


25. Intellectual Property Indemnity. Except for third-party software including, but not limited to, open source software, the Company shall indemnify, defend, and hold harmless the Organization from and against any lawsuit, liabilities, loss, cost, or expense arising out of a third-party claim made against the Organization that the Technology or Services infringe on any U.S. intellectual property right of a third party; provided, however, that the Company is notified in writing of such claim promptly after such claim is made upon the Organization. The Company will have the right to control any defense of the claim. In no event shall the Organization settle any such claim without the Company’s prior written approval. The Company will have no liability or obligation if the claim arises from (i) any alteration or modification to the Technology or Services other than by the Company, (ii) any combination of the Technology or Services by the Organization with other programs or data not furnished by the Company, or (iii) any use by the Organization of the Technology or Services that is prohibited by this Agreement or otherwise outside the scope of use for which the Technology or Services are intended.


26. Options for Infringement Claims. If any party is enjoined from using the Technology, or if the Company believes that the Technology may become the subject of a claim of intellectual property infringement, the Company, at its option and expense, may: (i) procure the right for the Organization to continue to use the Services; (ii) replace or modify the Technology so as to make it non-infringing; provided, however, that the Services continue to conform to the descriptions and/or specifications provided in the applicable Service Plan; or (iii) terminate this Agreement, in which case the Company shall refund to the Organization any and all subscription fees paid in advance by the Organization for those Services not provided by the Company and provide, a the Organization’s request and free of charge, the Organization Data in a database document format. This Section and the preceding Section set forth the entire liability of the Company to the Organization for any infringement by the Technology or Services of any intellectual property of a third party. Despite the foregoing, this Section does not apply to third-party software including, but not limited to, open source software.




28. Liability Cap. Except for the Company’s indemnity expressly provided for by this Agreement and the Company’s confidentiality obligations, in no event will the Company’s aggregate liability, if any, including liability arising out of contract, negligence, strict liability in tort or warranty, or otherwise, exceed one (1) month of a subscription fee.


29. Term and Termination.

a. Term of Agreement. The initial term of this Agreement will commence as of the Effective Date and will continue for a period of one (1) year. The initial term will automatically renew for successive one (1) year terms unless either Party notifies the other in writing, not less than thirty (30) days prior to the expiration of the current term, of its intention not to renew. Both the initial term and any renewal term are subject to earlier termination as otherwise provided for by this Agreement. Either Party may choose not to renew this Agreement without cause for any reason.

b. Term of Service Plan. Any Service Plan created under this Agreement will commence immediately upon execution by both Parties and will continue thereafter as provided in the Service Plan; provided, however, that despite any other provision of this Agreement or in any Service Plan, all existing Service Plans will also terminate upon the expiration or termination of this Agreement.

c. Automatic Termination. Unless the Company promptly upon discovery of the relevant facts notifies the Organization to the contrary, in writing, this Agreement and all Service Plans will terminate immediately, without notice, upon the institution of insolvency, bankruptcy, or similar proceedings by or against the Company, any assignment or attempted assignment by the Company for the benefit of creditors, or any appointment, or application for such appointment, or a receiver for the Company.

d. Termination for Cause. If either Party fails to comply with any of the material terms and conditions of this Agreement or Service Plan including, but not limited to, the payment of any subscription fee or reimbursement due and payable to the Company under this Agreement, the non-defaulting Party may terminate this Agreement and/or all Service Plans upon twenty (20) days’ written notice to the defaulting Party specifying any such breach, unless within the period of such notice, all breaches specified have been remedied.

e. Effect of Termination. Upon any termination of this Agreement, the Organization will be denied access to the Portal. Termination will not relieve the Organization of its obligation to pay any undisputed fees accrued or payable to the Company prior to the effective date of termination. Under no circumstances will the Company refund any fees already paid by the Organization.


30. Termination by the Company for End of Life. The Company intends to continue to provide and support the Services for as long as the Organization renews in accordance with the applicable Service Plan; provided, however, if the Company determines, in its sole discretion, that it is no longer feasible to support the Services, the Company may terminate this Agreement for end-of-life at any time by providing thirty (30) days’ written notice to the Organization. In the event of such termination, the Company shall reimburse, on a prorated basis, any subscription fees paid by the Organization.


31. Transition Services. If the Organization is current in all payments due to the Company at the time of expiration or termination of this Agreement, the Company shall provide to the Organization its Organization Data in a standard database document format readily available to the Company at no additional charge. If the Organization requests the Organization Data in a non-standard format, the Organization shall pay the Company a reasonable fee for technical services as determined by the Company.


32. Designed for Use Only Within Legal Jurisdictions

Access to this Software from locations where its use or contents are illegal is not authorized. The Organization acknowledges and agrees that its access and use of the Services is of its own volition and it is responsible for compliance with local law.


33. User Suggestions to Company

The Company welcomes the Organization’s feedback with regard to the Portal and the Services. However, the Company will not accept any creative ideas, suggestions, inventions, or materials other than those the Company has specifically requested (“Suggestions”). If the Organization submits these Suggestions regardless of this stated policy, the Suggestions will automatically become the property of the Company. None of the Suggestions will be subject to any obligation of confidentiality and the Company shall not be liable for its disclosure or use. The Company will have exclusive ownership of all now known or later discovered rights to the Suggestions and will be entitled to unrestricted use of the Suggestions for any purpose whatsoever, commercial or otherwise, without compensation to the Organization.


34. Severability. If any part of this Agreement is held to be unenforceable for any reason, the remainder of this Agreement will continue in full force and effect. If any provision of this Agreement is deemed invalid or unenforceable by any court of competent jurisdiction, and if limiting such provisions would make the provision valid, then such provision will be deemed to be construed as so limited.


35. Entire Agreement. This Agreement constitutes the entire agreement between the Parties and supersedes any prior understanding or representation of any kind preceding the date of this Agreement. There are no other promises, conditions, understandings, or other agreements, whether oral or written, relating to the subject matter of this Agreement. This Agreement may be modified in writing and must be signed by both Parties.


36. Governing Law. This Agreement and the rights and obligations of the Parties under it are governed by and interpreted in accordance with the laws of the State of Florida without regard to principles of conflicts of law.


37. Dispute Resolution. Except for actions to protect Proprietary Rights and to enforce an arbitrator’s decision hereunder, all disputes, controversies, or claims arising out of or relating to this Agreement or a breach of this Agreement will be submitted to and finally decided by arbitration under the rules of the American Arbitration Association (“AAA”) then in effect. There will be one arbitrator, and the arbitrator will be chosen by mutual agreement of the Parties in accordance with AAA rules. The arbitration will take place in Sanford, Florida. The arbitrator will apply the laws of the State of Florida to all issues in dispute. The findings of the arbitrator will be final and binding on the Parties and may be entered in any court of competent jurisdiction for enforcement. Legal fees will be awarded to the prevailing Party in the arbitration.


38. Venue and Jurisdiction. The Parties are required by the terms of this Agreement to resolve claims through binding arbitration. Nonetheless, if suit is to be entered, the Parties agree to jurisdiction in Florida’s Eighteenth Judicial Circuit sitting in Sanford, Florida, and/or the Seminole County Court as appropriate. Similarly, if jurisdiction lies in the Federal Court, the complaint will be filed in the United States District Court for the Middle District of Florida. Each Party waives the right to institute or maintain any suit, action, or proceeding in any other court or forum. Each Party, by executing this Agreement, consents and submits to the personal jurisdiction of such Court.


39. Attorneys’ Fees. In the event of any suit or action to enforce or interpret any provision of this Agreement (or that is based on this Agreement), the prevailing Party is entitled to recover, in addition to other costs, reasonable attorney fees in connection with the suit, action, or arbitration, and in any appeals. The determination of who is the prevailing party and the amount of reasonable attorneys’ fees to be paid to the prevailing party will be decided by the court or courts, including any appellate court, in which the matter is tried, heard, or decided.


40. Notices. Any notices required or permitted to be given under this Agreement will be given in writing and will be delivered (i) in person, (ii) by certified mail, postage prepaid, return receipt requested, or (iii) by commercial overnight courier that guarantees next day delivery and provides a receipt, and such notices will be addressed to the address of the Party as specified in this Agreement or to such other address as the Party may specify in writing.


41. Assignment. The Organization shall not assign this Agreement or any right or interest under this Agreement, nor delegate any work or obligation to be performed under this Agreement, without the Company’s prior written consent. Any attempted assignment or delegation in contravention of this Section will be void and ineffective.


42. Continuing Obligations. The following obligations will survive the expiration of termination of this Agreement and the distribution grace period provided above: (i) any and all warranty disclaimers, limitations of liability, and indemnities granted by either Party, (ii) any covenant granted in this Agreement for the purpose of determining ownership of, or protecting, the Proprietary Rights including, but not limited to, the Confidential Information of either Party, or any remedy for breach thereof, and (iii) the payment of taxes, duties, or any money to the Company owed under this Agreement.


43. Force Majeure. Neither Party shall be liable for damages or any delay or failure of delivery arising out of causes beyond its reasonable control and without its fault or negligence including, but not limited to, Acts of God, acts of civil or military authority, fires, riots, wars, embargoes, Internet disruptions, hacker attacks, or communications failures. Despite any other provision of this Agreement, if either Party is unable to perform under this Agreement for a period of thirty (30) consecutive days, the other Party may terminate this Agreement immediately, without liability, by ten (10) days’ written notice to the other.


44. U.S. Government End-Users. The Technology and the Company software incorporated therein, this Portal, and the Services all consist of “commercial items,” as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of “commercial computer software” and “commercial computer software documentation,” as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users of this Portal acquire only those rights set forth therein.



The Company, in its capacity as a Business Associate, and Organization, in its capacity as a Covered Entity, shall comply with the following rights, duties, and obligations regarding ePHI transmitted by Organization for processing and/or storage on the Company’s system in connection with the Services.

1. As required by Section 13401(a) of the HITECH Act, the following sections of the HIPAA Regulations will also apply to the Company in its capacity as a Business Associate:

a. 45 CFR 164.308 (Administrative Safeguards);

b. 45 CFR 164.310 (Physical Safeguards);

c. 45 CFR 164.312 (Technical Safeguards); and

d. 45 CFR 164.316 (Policies and Procedures and Documentation Requirements).

Regarding implementation specifications, the Company may use its discretion regarding compliance with the addressable specifications. For clarification and not in limitation of the foregoing, the Company shall implement appropriate safeguards to prevent unauthorized use or disclosure of ePHI, including implementing requirements of the HIPAA Security Rule with regard to ePHI.

2. As required by Section 13404 of the HITECH Act:

a. The Company may use and disclose ePHI that it obtains or creates under this Agreement only if such use or disclosure, respectively, is in strict compliance with, and limited to, used and disclosures permitted by the Services Agreement and otherwise in compliance with each applicable provision of 42 CFR 164.512(e); and

b. If the Company knows of any use or disclosure of ePHI not provided for in the Services Agreement or knows of a pattern of activity or practice that constitutes a material breach of this Agreement by Organization in its capacity as a Covered Entity or violation by Organization in its capacity as a Covered Entity of the standards of 45 CFR 164.502(e) or 45 CFR 164.504(e) with respect to this Agreement, the Company shall notify Organization of such material breach or violation by Organization and unless Organization takes reasonable steps to cure the breach or end the violation, and if such steps are unsuccessful, the Company shall either:

i. Terminate this Agreement; or

ii. If termination is not feasible, report the problem to the Secretary.

3. The Company shall report to the Organization any Breach of Unsecured ePHI that it becomes aware of as required under the HITECH Act. The report will include the name of each individual whose unsecured ePHI has been, or is reasonably believed by the Company to have been, accessed, acquired, or disclosed as a result of such Breach. The Company shall submit such reports within five (5) business days of when the Company becomes aware of such Breach. The reports will contain such information as the Company reasonably believes is required for the Organization to further investigate. The Company shall also provide such assistance and further information as reasonably requested by Organization.

4. As required by Section 13405(d)(1) of the HITECH Act, and unless approved by the Organization consistent with the exceptions set forth in Section 13405(d)(2) of the HITECH Act, the Company shall not directly or indirectly receive remuneration in exchange for any ePHI of an individual unless the Organization has obtained from the individual a valid authorization that includes a specification of whether the ePHI can be further exchanged for remuneration by the entity receiving the ePHI of that individual.

5. As defined by Section 13406(a) of the HITECH Act and 45 CFR 164.508, and unless approved by the Organization, the Company shall not directly or indirectly perform marketing to Organization’s patients using ePHI that was either provided by the Organization, or created or otherwise acquired by the Company on behalf of the Organization.

6. As provided for in Section 13411 of the HITECH Act, the Company shall be subject to audits by the Secretary to ensure the Company’s compliance with the HITECH Act as well as 45 CFR 164 subparts C and E. For clarification and not in limitation of the foregoing, the Company shall make available to the Secretary its internal practices, books, and records relating to the use and disclosure of ePHI received from, or created or received by the Company on behalf of the Organization for purposes of the Secretary’s determination regarding whether the Organization is in compliance with the HIPAA Privacy Rule.

7. The Company agrees to document such disclosures of ePHI and information related to such disclosures as would be required for the Organization to respond to a request by an individual for an accounting of disclosures of ePHI in accordance with 45 CFR 164.528 and Section 13405(c) of the HITECH Act. The Company further agrees to provide the Organization or an individual, as applicable, in a time and manner as prescribed by the HIPAA Regulations and the HITECH Act, such information collected in accordance with this subsection in response to a request for an accounting of disclosures of ePHI in accordance with 45 CFR Section 164.528 of the HITECH Act. Such time and manner will comply with the obligations under the HIPAA Regulations or the HITECH Act.

8. The Company will limit its requests for and use and disclosure of ePHI to the minimum necessary to accomplish the intended purpose of the applicable request, use or disclosure.

9. The Company shall required that any subcontractors the Company may engage on its behalf that will have access to ePHI agree to the same restrictions and conditions that apply to the Company with respect to ePHI.

10. Unless otherwise specified in this Agreement, all capitalized terms in this exhibit not otherwise defined have the meaning established for purposes of HIPAA and HITECH and regulations promulgated under HIPAA and HITECH, as amended from time to time.



GLB Exhibit

1. Applicability. This exhibit will apply in the event that the Company creates, receives, maintains, or transmits on behalf of Organization nonpublic personal information (“Personal Information”), as defined under the Gramm-Leach-Bliley Act and implementing regulations (“GLB”), during the performance of its obligations under this Agreement. Except as otherwise specified herein, the Company may use or disclose any Personal Information to perform Services for, or on behalf of, the Organization as specified in this Agreement, provided that such usage or disclosure would not violate the privacy or security regulations issued under GLB.

2. Privacy and Security Safeguards. During the term of this Agreement, the Company shall implement and maintain the following privacy and security safeguards.

3. Administrative Safeguards.

a. Security Management Process.

i. Implement policies and procedures to prevent, detect, contain and correct security violations.

ii. Perform periodic audits of the Company’s security controls (i.e., physical and logical security, network configuration, change/problem and vulnerability management and recovery services), and provide to the Organization written reports regarding such audits. Such reports will be considered the Company’s Confidential Information under the Agreement.

b. Assigned Security Responsibility. Provide to the Organization, upon request, the name of the Company’s security official with whom the Organization may interact regarding security issues.

c. Workforce Security. Implement policies and procedures to ensure that the Company’s workforce members have appropriate access to Personal Information, and to prevent those workforce members without authorized access from obtaining it.

d. Information Access Management. Implement access authorization policies and procedures to ensure access to Personal Information is appropriate.

e. Security Awareness and Training. Implement security awareness, training, and updates for all the Company workforce members, and implement procedures to (i) guard, detect, and report viruses and other malicious software, as appropriate, and to (ii) create, change, and safeguard passwords.

f. Security Incident Procedures.

i. Implement policies and procedures to address security incidents.

ii. Identify and respond to security incidents, mitigate their harmful effects, to the extent possible, and to document the incidents and the outcomes.

g. Contingency Plan. Establish and implement appropriate policies and procedures for responding to occurrences that could damage systems that contain Personal Information.

h. Evaluation. Periodically evaluate policies and procedures in light of the requirements contained in this exhibit, and make changes to such policies and procedures ,as appropriate.

4. Physical Safeguards. The Company shall provide for the following physical safeguards or secure the services of a third-party service provider to provide for the following physical safeguards:

a. Facility Access Controls. Implement policies and procedures to limit physical access to electronic information systems and the facilities in which they are housed only to those workforce members whose access is authorized by the Company and is appropriate.

b. Workstation Use. Implement policies and procedures regarding the protections for workstations that access Personal Information to minimize risks of disclosure of Personal Information.

c. Workstation Security. Implement physical safeguards to reduce the risk that unauthorized users will access workstations that access Personal Information.

d. Device and Media Controls. Implement policies and procedures regarding the physical movement of hardware and media that contains Personal Information.

5. Technical Safeguards.

a. Access Control. Implement technical policies and procedures to (i) allow access to Personal Information only to those persons or software programs that have been granted appropriate access rights, and (ii) use encryption technology with respect to Personal Information transmissions over public networks.

b. Audit Controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use Personal Information.

c. Integrity. Implement policies and procedures to protect Personal Information form improper alteration or destruction.

d. Person or Entity Authentication. Implement procedures to verify the person or entity accessing Personal Information is the one claimed.

e. Transmission Security. Implement technical measures to protect the Personal Information against unauthorized access when being transmitted.

6. Each term and condition of this exhibit required by GLB will be effective on the compliance date applicable to the Organization or the Effective Date of this Agreement.

7. Upon the termination or expiration of this Agreement, for any reason, the Company shall return all Personal Information to the Organization or destroy all Personal Information and retain no copies in any form whatsoever. This provision will also apply to Personal Information that is in the possession of subcontractors, vendors, or agents of the Company.

8. The Company agrees that this Agreement may be terminated by the Organization upon written notice to the Company in the event that the Organization determines that the Company has violated any material term of this exhibit. Alternatively, the Organization may choose to provide the Company with written notice of the existence of an alleged material breach of this exhibit and allow the Company an opportunity to cure the breach upon mutually agreeable terms. Failure to cure, or a determination by the Organization that a cure is not practicable or possible, will be grounds for the immediate termination of this Agreement.

9. Unless otherwise specified in this Agreement, all capitalized terms in this exhibit not otherwise defined have the meaning established for purposes of GLB and regulations promulgated under GLB, as amended from time to time.

10. The Parties agree to take such action as is necessary to amend this Agreement from time to time for the Organization to comply with the requirements of GLB and the GLB privacy and security regulations applicable to the Organization. The Company agrees to cooperate with and assist the Organization in order for the Organization to meet its obligations under applicable privacy and security laws and regulations.

11. This exhibit will survive any termination of this Agreement.

12. The terms and conditions of this exhibit required by GLB will be construed in light of any applicable interpretation of and/or guidance on the GLB privacy and security requirements that may be issued by the appropriate authorities from time to time.