CLOUD COMPUTING SERVICES AGREEMENT
This Cloud Computing Services Agreement (this “CCSA”) is between ClearDATA Networks, Inc., a Delaware corporation (“ClearDATA”) and the company that signs an Order that incorporates this CCSA by reference (“you”) and is effective as of the date of your signature on the Order.
- DEFINED TERMS.
Capitalized terms have the meanings given in this Section, or in the Section where they are used.
Acceptable Use Policy or AUP means the ClearDATA Acceptable Use Policy published on the Effective Date at https://www.cleardata.com/legal/acceptable-use-policy-032118 as it may be modified from time to time in accordance with Section 15.14.1 (Changes to Online Terms) of this CCSA.
Administrative Contact means an individual who has authority to make changes to your Cloud Environment as further described in Subsection 6.3 (Access Control Lists and Account Information).
Agreement means, collectively, the Order(s), this CCSA, the Service Level Agreement, the Business Associate Agreement or Subcontractor Business Associate Agreement, if applicable, the Acceptable Use Policy, and any document referenced in or attached to any of them, each as they may be amended in accordance with this CCSA.
Business Associate Agreement or BAA is the Business Associate Addendum or Subcontractor Business Associate Addendum, as applicable referenced in Subsection 2.3 (HIPAA BAA).
Business Associate has the meaning given in HIPAA.
Cloud Environment means the hosted configuration of servers and related technology elements provided as part of the Services for your use in operating Your Application, and processing, transmitting and storing Your Data.
Cloud Platform means ClearDATA’s proprietary platform for the deployment and management of healthcare compliant information technology infrastructure and related services.
Customer Portal means the online customer portal at https://portal.cleardata.com.
Confidential Information means information disclosed by one party to the other party, on any media, whether before or after the effective date of the Agreement that: (i) the recipient should reasonably understand to be confidential, such as (A) for you, all information transmitted to or from, or stored on, your Cloud Environment, and (B) for ClearDATA, unpublished prices and other terms of service, audit and security reports, product development plans, network configuration, vendors and other proprietary information or technology, or (ii) is marked or otherwise conspicuously designated as confidential by the disclosing party. Information that is independently developed by a party without reference to the other party’s Confidential Information, or that becomes available to a party, other than through violation of this Agreement or applicable law, is not “Confidential Information” of the other party. Confidential Information includes information disclosed by making tangible objects or premises available for inspection.
Covered Entity has the meaning given in HIPAA.
Documentation means the materials describing the features, functions and approved configurations of the Services that ClearDATA makes generally available to its customers, such as ClearDATA’s architecture guidelines.
HIPAA means the Administrative Simplification Subtitle of the Health Insurance Portability and Accountability Act of 1996, as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, including the Privacy Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160 and 164, subparts A and E (the “Privacy Rule”), the Security Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160, 162 and 164, subpart C (the “Security Rule”), the Breach Notification Standards adopted by the U.S. Department of Health and Human Services , as they may be amended from time to time, 45 C.F.R. part 164, subpart D.
HITRUST means the Health Information Trust Alliance, or its successor.
Infrastructure Provider means the provider of the cloud infrastructure and related services that are identified in your Order, such as Amazon Web Services, Inc. for AWS®, Google, Inc. for GCP®, and the Microsoft Corporation for Azure®.
Security Safeguards has the meaning given in Subsection 2.4 (Security).
Order has the meaning given in Subsection 15.1 (Order Process).
Protected Health Information or PHI has the meaning given in HIPAA.
Managed Services means the healthcare compliant information technology services that ClearDATA provisions and manages pursuant to an Order including your access to the Cloud Environment and Cloud Platform, and any services that you self-provision as permitted by the Agreement.
Personal Data means information about an identified or identifiable natural person, including information that may be used to identify an individual or with respect to which there is a reasonable basis to believe the information can be used to identify an individual. Specifically, but without limitation, Personal Data includes all of the following: (i) “electronic protected health information” as that term is defined in HIPAA, (ii) name, part of a name, initials, (iii) contact information such as phone, email, or physical address, (iv) user names and access codes for online services, (v) health insurance account numbers and access information, (v) financial account numbers and access information, (vii) device numbers, IP addresses or other means of identification to a particular computing or communication device or Internet address, (viii) identification numbers such as social security or driver’s license numbers, (ix) unique identifiers that are intended to associate a record with an individual, (x) photographs, and (xi) biometric information.
Responsibility Matrix or RACI means the chart attached to each Order that designates which party is “responsible,” “accountable,” “consulted,” and “informed” as to each activity or decision involved in the operation of the Cloud Environment and related technology.
Service Description means the detailed description of the ClearDATA Services to be provided under a specific Order that is attached to or otherwise made part of the Order.
Service Level Agreement or SLA means the Service Level Agreement identified in an Order.
Support means human provided technical assistance for Managed Services, access to the Customer Portal, and access to ClearDATA’s online support materials, such as its FAQ and white papers.
Services means Managed Services and Support. “Services” does not include Unsupported Services.
Service Term or Term means the initial service term stated in the Order, and any renewals as described in Section 10 (Term, Termination, Suspension).
Unsupported Services has the meaning given in Section 4 (Unsupported Services).
Your Application means the software application(s) that you operate on the Cloud Environment and any related computer code or information, including any automation tools and third-party components.
Your Data means data and other information, including Personal Data, that you or your authorized users transfer to or from your Cloud Environment, or process or store on your Cloud Environment, including information that you or your authorized users create by using Your Application.
- COMPLIANT CLOUD SERVICES
2.1 Services. ClearDATA will provide the Services for the Term, on the terms, conditions and restrictions stated in the Agreement. 2.2 Your Data and Applications. Unless otherwise expressly stated in the Order, the Services do not include ClearDATA’s design, development or management of Your Application(s) or Your Data, transactions processing, or maintenance of a “designated record set,” as defined in HIPAA. ClearDATA will interact with Your Application(s) and Your Data only to the limited extent necessary to provide the Services, and comply with applicable law and the BAA. ClearDATA may agree to provide you with these types of services as part of a separate engagement for professional services. 2.3 HIPAA BAA. 2.3.1 Business Associate Addendum. If you are a HIPAA Covered Entity and ClearDATA is your Business Associate, then the HIPAA Business Associate Addendum published at http://www.cleardata.com/legal/business-associates-agreement/ as of the date that ClearDATA becomes your Business Associate is incorporated in this CCSA by this reference. 2.3.2 Business Associate Subcontractor Addendum. If you are a Business Associate of a Covered Entity and ClearDATA is your Business Associate Subcontractor, then the HIPAA Business Associate Subcontractor Addendum published at http://www.cleardata.com/legal/subcontractor-business-associate-agreement/ as of the date that ClearDATA becomes your Business Associate Subcontractor is incorporated in this CCSA by this reference. Unless expressly agreed otherwise in an Order or other agreement between you and ClearDATA, only those services designated in ClearDATA’s Documentation as “in scope” or with like term for the BAA may be used to process Protected Health Information. 2.4 Security Safeguards. 2.4.1 HITRUST. ClearDATA will maintain during the Term a certification of compliance with the HITRUST Common Security Framework. ClearDATA may, at its option, substitute an equivalent security framework for the HITRUST Common Security Framework, such as the AICPA Service Organization Controls or ISO 27017, provided that ClearDATA must give you at least ninety (90) days advance written notice of a substitute standard, and you may terminate the Agreement without liability if you object to the new standard by written notice given at any time prior to the effective date of the new standard. Any substitute equivalent standard adopted by ClearDATA shall be applicable for purposes of this Agreement and all references to HITRUST shall be deemed amended to reference the substitute standard. 2.4.2 Security Safeguards. Except as otherwise expressly stated in the applicable Order, ClearDATA will provide the Services in compliance with the controls and safeguards stated in the Agreement and in its HITRUST certification report (collectively, the “Security Safeguards”). You acknowledge that ClearDATA meets its obligation to provide administrative, physical and technical safeguards as described in the BAA by complying with the Security Safeguards. You agree that ClearDATA is not responsible to you for any harm you may suffer as a result of a security breach unless the breach resulted from ClearDATA’s failure to provide the Cloud Environment in accordance with the Security Safeguards. You acknowledge that ClearDATA’s compliance with the BAA and the Security Safeguards will not, by itself, ensure your compliance with HIPAA. Except as otherwise agreed in an Order, you are responsible for compliance with those parts of HIPAA that apply to Your Application and Your Data. 2.5 Law. ClearDATA will provide the Cloud Environment and other Services in compliance with the laws applicable to the Services. 2.6 GxP. If you wish to use the Services as part of a quality-regulated system, such as a process regulated by the United States Food, Drug and Cosmetic Act, you must sign an Addendum covering that use. ClearDATA will provide the Addendum to you for your review on request.
- OTHER TERMS APPLICABLE TO CLOUD SERVICES
3.1 Implementation. ClearDATA will assign personnel to consult with you and any relevant third parties on the timing, process, and other specifics of your Cloud Environment deployment. You agree to assign personnel to actively participate in the implementation planning and to promptly provide information that ClearDATA may reasonably request to successfully implement your Cloud Environment. Before beginning your implementation ClearDATA personnel will work with you to prepare an agreed implementation document detailing the implementation steps and timeline (a “Build Sheet”). You will have a chance to review the Build Sheet as part of a kick-off call with your support team. ClearDATA may require you to sign the Build Sheet to indicate your acceptance of the detailed implementation plans prior to beginning implementation. The Build Engineer will begin implementing your Cloud Environment promptly after the kick-off call. The agreed Build Sheet will serve as the basis for your acceptance of the Cloud Environment as described in Subsection 3.2 (Sign Off) and your acknowledgement that utility based billing will begin as soon as ClearDATA starts building your Cloud Environment. ClearDATA will use commercially reasonable efforts to deploy your Cloud Environment by the date stated in the Build Sheet, provided that information and participation from your personnel is both timely and accurate.
3.2 Sign Off. You are required to sign off on your Cloud Environment prior to production use and as a condition to the applicability of the SLA. On completion of your implementation (or any applicable milestones as stated in the Order), ClearDATA will give you the opportunity to review the final Build Sheet and your Cloud Environment as part of a hand-off call. During the hand off call, you will be asked to sign the final Build Sheet to accept your Cloud Environment. Your sign off is your representation that you have verified to your satisfaction that the Cloud Environment (or applicable milestone) meets all agreed specifications and functional requirements. To reject the Cloud Environment or milestone you must show a difference between the Build Sheet you agreed as part of the kick-off call and the Build Sheet provided on the hand-off call. Any changes or new requirements from those previously documented in the initial Build Sheet will be treated as a change request subject to the change process described in Subsection 3.3 (Your Changes to Services). ClearDATA will have 3 days from your rejection to cure the items of non-conformance stated in the Build Sheet and request your sign off. If you do not either accept or reject the Cloud Environment during the hand-off call ClearDATA may proceed as if you had signed off on the Build Sheet and treat the Cloud Environment as accepted.
3.3 Your Changes to Services. Your Administrative Contact may use the Cloud Platform to provision new servers in accordance with the existing build and security parameters documented in a Build Sheet and to provision new Services as expressly permitted by the Documentation. Otherwise, you may not unilaterally change the Services or Cloud Environment. Any Services resulting from your unilateral change will be considered an “Unsupported Service” provided AS IS and with the other disclaimers described in Section 4 (Unsupported Services). You may request a change to the Services or Cloud Environment by submitting a ticket to the Customer Portal. ClearDATA will evaluate your request and respond within the response time commitments in the SLA. No change request is a binding commitment by either you or ClearDATA unless it is agreed in a ticket. If the requested change requires a significant reconfiguration of your Cloud Environment, ClearDATA may request a new Order that includes additional fees and will manage the configuration change consistent with the implementation process described in Section 3.1(Implementation”) and Section 3.2 (Sign Off). If, based on an emergency circumstance, ClearDATA implements a requested change prior to completion of the change process, you agree that you will negotiate in good faith with ClearDATA to agree to written terms covering the emergency change.
3.4 Managed Services Support. ClearDATA will provide live technical assistance for Managed Services 24 x 7, year-round, in accordance with the response times and other commitments described in the SLA. The Support phone, email and other contact details, and other Support terms are stated in your Order and on your Customer Portal. ClearDATA has no obligation to provide Support to any person who is not listed as an administrative or technical contact on your account. You agree not to refer your Cloud Environment users to ClearDATA for Support unless they are an administrative or technical contact on your account.
3.5.1 ClearDATA. ClearDATA will perform scheduled maintenance during the maintenance window defined in the SLA. ClearDATA will notify you at least five (5) business days in advance of the maintenance where the maintenance is expected to result in Service unavailability, and at least 1 business day in advance where the maintenance is not expected to result in Service unavailability. If ClearDATA is required to perform emergency maintenance outside of the maintenance window to address a critical unforeseen issue, ClearDATA will use reasonable efforts to notify you at least one (1) business day in advance of the maintenance. ClearDATA will notify you again if it cancels or reschedules maintenance described in a prior notice. ClearDATA will notify you when each maintenance begins and when it ends.
3.5.2 Infrastructure Provider. ClearDATA will promptly communicate to you information it receives from its Infrastructure Provider regarding its scheduled and unscheduled maintenance.
3.5.3 Notice. ClearDATA’s maintenance notices under this Section will be sent via email to the technical contacts listed on your account.
3.5.4 Customer Specific Maintenance. If ClearDATA plans to perform maintenance that will impact only a few customers, it will use commercially reasonable efforts to schedule the maintenance with those customers.
3.6 ClearDATA Changes to Services. ClearDATA may make changes to the Services as reasonably necessary to conform to changes in the law or industry standards, to interoperate with its Infrastructure Provider, or to resolve an intellectual property infringement claim or threat. ClearDATA will confer with you in advance of any such changes and will cooperate with your reasonable requests in the implementation of the changes.
- UNSUPPORTED SERVICES An “Unsupported Service” is any technology element that is conspicuously designated in an Order as “unsupported,” “one-off” “non-standard” “non-compliant,” “end of life,” “eol,” “custom service.” Except as expressly agreed otherwise in the Order or another written agreement: (i) Unsupported Services are provided AS IS, (ii) ClearDATA has no obligation to provide Support for Unsupported Services, and any Support for Unsupported Services that may be provided is provided AS IS; (ii) ClearDATA is not liable to you for any loss or damage arising from the provision of the Unsupported Services, (iv) SLAs do not apply to Unsupported Services or any other aspect of the Services that are adversely affected by the Unsupported Service, and (v) the Unsupported Service is not covered by the ClearDATA’s indemnification obligations or the BAA. You acknowledge that Unsupported Services may not interoperate successfully with standard Services elements, such as backup and monitoring.
- SERVICES WARRANTIES
5.1 Cloud Environment. ClearDATA warrants that the Cloud Environment will be provided in accordance with the service commitments stated in the applicable SLA. The service commitments and your remedy for ClearDATA’s breach of the service commitments are subject to the terms and conditions stated in the SLA. 5.2 Support. ClearDATA warrants that it will provide Support for Managed Services in accordance with the Support terms attached to your Order or posted on your customer portal, and otherwise in a good and professional manner. ClearDATA warrants that it will meet the response times stated in your SLA. The response time commitments and your credit remedy for ClearDATA’s breach of the response time commitments are subject to the terms and conditions stated in the SLA. 5.3 Intellectual Property. ClearDATA warrants that your use of the Services as permitted by the Agreement will not infringe on the intellectual property rights of any unaffiliated third party, provided, however, that ClearDATA’s sole obligation with respect to a breach of this warranty, and your sole and exclusive remedy, is indemnification for third party claims as provided in Subsection 12.1 (ClearDATA Indemnification of You). 5.4 Additional Services. If you ask ClearDATA to provide assistance that is not part of Support, ClearDATA may accommodate your request, but any such assistance in provided on an AS IS, AS AVAILABLE basis. 5.5 Warranty Disclaimer. Except for the warranties expressly stated in this Section, ClearDATA, its suppliers, licensors and subcontractors make no representations or warranties whatsoever regarding the Services or Unsupported Services. ClearDATA and its suppliers, licensors and subcontractors expressly disclaim any implied warranty of merchantability, fitness for a particular purpose, and any warranty that may arise through a course of dealing. If applicable law requires a warranty notwithstanding this limitation, then the warranty is made for a period of 30 days from the date the warranty is deemed to have been made. Specifically, but without limitation, ClearDATA does not warrant that the Services will be uninterrupted or completely secure.
- RESTRICTIONS 7.1 Medical Devices/High Risk Use. You may not use the Services in any situation where failure or fault of the Services could lead to death or serious bodily injury of any person, or to physical or environmental damage. For example, you may not use, or permit any other person to use, the Services as a component of or to operate any medical device or in connection with any aircraft or other mode of human transportation, or nuclear or chemical facilities. 7.2 Services Management Agent. You may not interfere with any services management software agent(s) that ClearDATA installs on the Cloud Environment. ClearDATA may use the agents to track system information, manage various service issues, and identify security vulnerabilities. Your Services will become “Unsupported Services” as described in Section 4 (Unsupported Services) if you disable or interfere with ClearDATA’s services management agent(s). 7.3 Authorized Users. You may not authorize any individual to use the Services other than your personnel and the personnel of your contractors who are contractually limited to using the Services in support of your business operations. 7.4 Export. In addition to your obligation to comply with the export laws applicable to you, you may not use the Services in a way that causes ClearDATA to be in violation of the export laws of the United States or other jurisdiction from which the Services are provided. For example, you may not authorize any person to use the Services that is on the list of Specially Designated Nationals and Blocked Persons issued by the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) or who is located in or is a national of any country that is embargoed under United States export laws, or use or permit the use of the Services to process or store any data that is subject to the International Traffic in Arms Regulations maintained by the U.S. Department of State.
- RESPONSIBILTY FOR USERS, UNAUTHORIZED USE You are responsible for the use of the Services and compliance with this Agreement by your personnel, the personnel of your customers, any other person to whom you give access to the Services, and any person who gains access to the Services as a result of your failure to use reasonable security precautions, or other violation of this Agreement, even if such use was not authorized by you. ClearDATA may exercise any right or remedy under this Agreement based on a violation of the Agreement by any of those persons to the same extent as if the violation were by you directly. ClearDATA is not responsible to you or any third party for unauthorized access to or use of Your Data, Your Application, or the Services unless the access or use results from ClearDATA’s violation of the Agreement.
- FEES, PAYMENTS 9.1 Fees. You must pay when due the fees stated in the Order. You must pay additional fees resulting from services you add through the Cloud Platform, auto-scaling systems or software defined capacity control mechanisms that increase your consumption or price of services. ClearDATA may pass through to you any fee increases for your Cloud Environment made by the Infrastructure Provider. ClearDATA may increase fees for the Services or UnsupportedServices generally for any renewal term by giving you written notice of the fee increase at least 90 days prior to the beginning of the renewal term. You may not offset any credit or other amount due to you from ClearDATA against fees due under this Agreement. Unless otherwise agreed, fees are stated and must be paid in United States Dollars. 9.2 Expenses. ClearDATA may require you to pay ClearDATA’s reasonable travel expenses for services performed onsite at your location if the Order requires the services to be performed onsite, or if you ask ClearDATA in writing to provide services onsite. Travel expenses include air and ground transportation, lodging and meals. You are not required to pay any other ClearDATA expenses. ClearDATA will not incur any expenses for travel unless you have approved the travel in advance in writing. 9.3 Invoices and Payments. Set up fees, required prepayments, and other one-time fees are due on the Order effective date. Monthly recurring fees are invoiced monthly in arrears on or around the 3rd day of each calendar month, and are due on invoice. Other fees are due on invoice. ClearDATA may require you to pay its invoice for initial one-time fees as a condition to beginning the implementation or the production use of the Services. You must establish payment arrangements via credit card or ACH. ClearDATA may charge your card or account on or after the invoice date. ClearDATA may suspend all Services if the charge to your payment card or ACH is refused, and you do not pay the amount due within 4 business days of our written notice to your billing contact. You agree that if your Services are reinstated after a suspension for non-payment, ClearDATA may charge you $150 per hour for ClearDATA personnel’s time spent to reinstate the Services. ClearDATA may charge interest on overdue amounts at the lesser of 1.5% per month (or the maximum legal rate). If any amount is overdue by more than 30 days and ClearDATA brings a legal action to collect, or engages a collection agency, you must also pay the reasonable costs of collection, including reasonable actual attorneys’ fees and court costs. If your check is returned for insufficient funds, you must pay ClearDATA’s returned check charge up to the maximum amount permitted by law. Invoices that are not disputed within 180 days of invoice date are conclusively deemed accurate. ClearDATA is not obligated to issue any credit under an SLA while any fee is overdue or in dispute. 9.4 Fee Disputes. If you reasonably and in good faith dispute any invoiced fee, and submit a reasonably detailed explanation of the dispute prior to the day the fee is overdue, ClearDATA will not exercise any rights or remedies available to it for non-payment for thirty days from your notice, provided that you cooperate with ClearDATA’s requests to resolve the fee dispute and you pay the undisputed part of the invoice before it is overdue. 9.5 Taxes. All fees are stated exclusive of sales, use, VAT, GST or similar tax (“Sales Tax”) unless expressly stated otherwise in the Order. Unless you have provided an exemption certificate or direct pay permit, you must remit to ClearDATA any applicable Sales Tax. Sales Tax is due on the payment terms applicable to the fees for the related Services. You represent and warrant that your address shown on the Order is the correct address for purposes of determining Sales Tax, and that all other information you have provided to ClearDATA for Sales Tax purposes is accurate and complete. If you are required by law to withhold from ClearDATA’ fees any amounts as a withholding or like tax, then the ClearDATA fees subject to this requirement are increased by an amount that results in ClearDATA’ payment net of the withholding being equal to the fee. For clarity, you are not required to pay any tax that is assessed on the basis of ClearDATA’s net income.
- TERM, TERMINATION, SUSPENSION 10.1 Term. The Agreement is effective on the Order effective date. The initial services term begins on the start of implementation and continues for that number of months stated in the Order. Orders automatically renew at the end of the initial term for consecutive renewal terms of 12 months each unless either party has given a notice of non-renewal at least 90 days prior to the expiration of the initial term or the renewal term, as applicable. If an Order states that it is “coterminous” with an existing Order, then the initial term of the coterminous Order begins on the effective date of the coterminous Order and continues until the expiration of the then current initial term or renewal term, as applicable, of the Order to which it refers. Any Order that is “coterminous” renews on the same terms and for the same periods as the Order to which it refers. 10.2 Termination for Breach. Either party may terminate the Agreement for breach if the other party is in material violation of the Agreement and, if the breach is curable, has not cured the breach within 30 days of the party’s written notice describing the breach in reasonable detail. ClearDATA may terminate the Agreement for breach if you violate the AUP more than once, even if each breach is cured. 10.3 Termination Other than for Breach. ClearDATA may terminate the Agreement on 90 days advance written notice if its Infrastructure Provider materially alters its services in a way that makes the ClearDATA service commercially infeasible, or if there is a patent infringement claim that makes the provision of the Services commercially infeasible, and ClearDATA is not able to resolve the claim through the use of commercially reasonable efforts. You may terminate the Agreement for convenience at any time on 30 days advance written notice. Either party may terminate the Agreement if the other party is insolvent or files for bankruptcy or similar protection. Neither party has any liability with respect to a termination under this Subsection. 10.4 Reserved Services. A “reserved” Service is a Service component that is designated in the Order or other written agreement as “reserved,” “committed,” or with like terminology. You must pay the fees for the entire term of a reserved service even if you do not use it. Services that are not “reserved” may be scaled down or terminated at any time and you are responsible only for the fees for the Services that you used. 10.5 Suspension. ClearDATA may suspend your Services, any Unsupported Services, and access to your Cloud Environment, in whole or in part, during any period that you are in material breach of this Agreement or as reasonably necessary to address any material security vulnerability that it discovers or reasonably suspects. ClearDATA will give you at least two (2) business days’ advance notice of the suspension, unless emergency circumstances require suspension on less notice. ClearDATA will reinstate your access to the Services and Cloud Environment when the grounds for suspension are cured unless ClearDATA has already terminated the Agreement as described in this Section. 10.6 Survival. The following terms survive expiration or termination of the Agreement: Section 1 (Definitions) to the extent the terms defined are used in other surviving sections, Section 8 (Responsibility for Users, Unauthorized Use), Section 9 (Fees, Payments), this Section (Term, Termination, Suspension), Section 11 (Confidential Information), Section 12 (Indemnification), Section 13 (Limits on Liability), Section 14 (Notices), Section 15 (General), any other terms that are expressly stated to survive termination, and any terms that by their nature are intended to survive termination.
- CONFIDENTIAL INFORMATION Neither party may use the other party’s Confidential Information except in connection with the performance or use of the Services, as applicable, the exercise of the party’s legal rights under this Agreement, or as may be otherwise permitted under this Agreement or required by law. Each party agrees not to disclose the other party’s Confidential Information to any third person except as follows: (i) to the party’s respective service providers, agents and representatives, provided that such service providers, agents or representatives are bound by written confidentiality measures that are at least as stringent as these terms; (ii) in response to a subpoena or other compulsory legal process, provided that each of us agrees to give the other advance written notice of at least seven days prior to disclosing Confidential Information under this subparagraph (or prompt notice in advance of disclosure, if seven days advance notice is not reasonably feasible), unless the law or a reasonable interpretation of it, forbids such notice; or (iii) as required by law, such as a requirement under a data privacy regulation that a notice of data breach be given to a supervisory authority or regulatory agency. On expiration or earlier termination of the Agreement, each party will return or destroy the other party’s Confidential Information. ClearDATA’s obligations to for safeguard Your Data and Your Application are stated in Section 2.4 (Security Safeguards). For Confidential Information other than Your Data and Your Application, ClearDATA will use commercially reasonable care to prevent the unauthorized use, disclosure, corruption and deletion of the Confidential Information. You will use commercially reasonable care to protect ClearDATA’s Confidential Information. Each of you and ClearDATA is responsible for a breach of this Section by its service providers, agents and representatives to whom it has disclosed the other party’s Confidential Information.
- INDEMNIFICATION 12.1 ClearDATA Indemnification of You. ClearDATA will defend, at its expense, any claim brought by an unaffiliated third party against you, your officers, directors or personnel (“Your Indemnitees”) to the extent that the claim: (i) arises from or is based on ClearDATA’s violation of law, the applicable BAA, Subsection 2.4 (Security Safeguards), or Section 11 (Confidential Information), or (ii) asserts that your use of the Services as permitted by the Agreement infringes the intellectual property rights of the third party recognized in the United States, the European Economic Area, Japan or Australia; and will pay any resulting final award of damages, costs, and expenses (including court costs and reasonable attorney fees) entered by a court or other tribunal with jurisdiction. Notwithstanding anything in this subsection to the contrary, ClearDATA’s obligations under this subsection do not extend to any claim covered by your indemnification of ClearDATA, or any third party claim of intellectual property infringement to the extent the claim is based on your combination of the Services with technology not provided by ClearDATA, your unauthorized change to the Cloud Environment or Services, or ClearDATA’s compliance with your specific directives (the “Exclusions”). 12.2 Your Indemnification of ClearDATA. You will indemnify and hold harmless ClearDATA, its affiliates, suppliers, and licensors, and each of their officers, directors and personnel (the “ClearDATA Indemnitees”) against Losses arising from : (i) any claim made by your customers, end users, providers of Your Application, or data subjects whose Personal Data is included in Your Data, except to the extent such claim arises from ClearDATA’s breach of its obligations to you under this Agreement, (ii) any claim brought by a third party asserting that Your Application, Your Data or a Unsupported Service, infringes or violates the intellectual property rights or other rights of a third party, and (iii) any claim that is an Exclusion defined in 12.1, and (iv) any claim brought by a third party asserting conduct that is a violation of this Agreement, including your representations and warranties stated in this Agreement. Your obligations under this subparagraph include claims arising out of the acts or omissions of your personnel, agents, and authorized users, any other person to whom you have given access to the Services, and any person who gains access to the Services as a result of your failure to use reasonable security precautions, even if the acts or omissions of such persons were not authorized by you. “Losses” means any costs, expenses, damages, or losses resulting from a claim, including attorney fees and other costs of defending a claim. 12.3 Procedures. The indemnified party must give notice of the indemnified claim to the indemnifying party within 10 days of the date the claim is made, provided that failure to give notice within the 10 day period does not relieve the indemnifying party of its obligations under this Section except to the extent the delay prejudices the defense of the matter. ClearDATA has the right to select counsel to defend any indemnified claim under this Section, and has the right to control the defense of the claim, except that you may participate in the defense of the claim at your option and expense, with counsel of your choice. You must comply with any ClearDATA request for information or cooperation regarding the defense of the claim. ClearDATA may settle any indemnified claim, in its discretion, provided that the settlement fully resolves your liability and does not require you or Your Indemnitees to make an admission of culpability. If you are the indemnifying party, you shall pay indemnified costs, expenses (including reasonable attorney fees), liabilities and other amounts due to ClearDATA under this Section as incurred.
- LIMITS ON LIABILITY 13.1 SLA Credits. The credits, stated in the SLA and your termination rights under Section 10 (Term and Termination), are your sole and exclusive remedy for ClearDATA’s failure to meet its service level commitments stated in the SLA. 13.2 No Consequential, Indirect Damages. Except for claims arising from a party’s breach of Section 11(Confidential Information), or claims based on the party’s intentional breach of the other party’s intellectual property rights, neither party nor its affiliates, licensors, suppliers or subcontractors is liable to the other for any lost profits, lost revenue, lost business opportunity, or any indirect, special, incidental, punitive, or consequential loss or damage of any kind arising in connection with this Agreement, or any loss or damage that could have been avoided by the claiming party’s reasonable mitigation, even if the party has been advised of or should be aware of the possibility of such damages. For avoidance of doubt, damages of the type described in this subsection that are awarded by a court or other tribunal to a third party and are covered under Section 12 (Indemnification) are not excluded by this Subsection. 13.3 Maximum Liability. Notwithstanding anything to the contrary in this Agreement, excluding: (i) claims arising from a party’s gross negligence, recklessness, or intentional tort, (ii) claims arising from a party’s breach of Section 11 (Confidential Information), (iii) claims based on the party’s intentional infringement or misappropriation of the other party’s intellectual property rights, and (v) payment obligations under Section 9(Fees, Payments), the maximum aggregate liability of a party and its affiliates, licensors, suppliers and subcontractors under or in connection with this Agreement for any type of damages shall not exceed the greater of One Hundred Thousand Dollars ($100,000.00) or the amount of fees paid or payable by you under the Order giving rise to the claim for the 12 months preceding the event giving rise to the claim. For clarity, the maximum aggregate monetary limit stated in this subsection is not “per incident” but is an aggregate limitation applicable to all claims arising under or regarding this Agreement. 13.4 Other. The parties acknowledge that ClearDATA has set its prices and entered into this Agreement on reliance on the limitations of remedies and liability stated in the Agreement, and that these limitations reflect an agreed allocation of risk between the parties. The limitations stated in this Section shall apply to any liability arising from any cause of action whatsoever, whether in contract, tort, commercial code, strict liability or otherwise, even if a limited remedy fails of its essential purpose. Nothing in this Subsection precludes a party from seeking specific enforcement, injunctive relief or other non-monetary equitable remedy that is available by law. If these limitations as written are not permitted by applicable law, they shall apply to the extent permitted by applicable law.
- NOTICES Unless another method of notice is expressly required by this Agreement, notices must be given by electronic mail. ClearDATA’s notice to you must be given to your primary account contact. Your notices to ClearDATA must be given to email@example.com. Your notice of breach of this Agreement, request for indemnification or other legal matter must be copied to firstname.lastname@example.org with a copy mailed via 1st class United States mail to ClearDATA Networks, Inc., ATTN LEGAL NOTICES, 101 West 6th Street, Suite 310, Austin, Texas 78701.
- GENERAL 15.1 Order Process. You may offer to purchase ClearDATA services by signing and submitting a service description, statement of work, service order or other sales form prepared by ClearDATA for your signature. Your offer is legally binding on ClearDATA and becomes an “Order” if ClearDATA accepts the offer, either by signing and returning the form to you, or beginning to provide the services described in the form you signed. You may not modify the form prepared by ClearDATA. If you do not wish to purchase the ClearDATA services on the terms stated in the form, you may contact ClearDATA to discuss different terms. If ClearDATA agrees to your request, it will send you a new form for your signature. No change to a ClearDATA order form is binding on ClearDATA unless it has been made by ClearDATA prior to your signature. 15.2 Non-Solicitation. Neither party shall directly or indirectly, employ any personnel of the other party, or induce or attempt to influence any personnel, customer, or supplier of the other party to terminate employment or any other relationship with the other party. This restriction shall survive expiration or termination of the Agreement for a period of 12 months. 15.3 General Warranty. Each party represents and warrants to the other that: (i) it has the right, power, and authority to enter into the Agreement and to fully perform its obligations under the Agreement; and (ii) the making of the Agreement does not violate any agreement existing between it and any third party. You represent to ClearDATA that the information you have provided to ClearDATA to establish your account is accurate and complete. The individual signing the Order represents that he or she has the authority to bind the entity that is named in the Order to this Agreement. 15.4 Intellectual Property and Rights in Data. 15.4.1 Ownership. As between you and ClearDATA, (i) you retain ownership of Your Data, Your Application, and any other technology, information or materials that you transmit to or from, or store or process using the Services and all related intellectual property, including derivative works (your “IP”), and (ii) ClearDATA retains ownership of its Cloud Environment, Cloud Platform and any other technology, information or materials provided as part of the Services and all related intellectual property, including derivative works, and including any deliverables created for you as part of the Services or professional services (the ClearDATA “IP”). Except as expressly stated otherwise in this Subsection, each party licenses its IP to the other party on a limited, revocable basis solely for the purpose of providing or using the Services, as applicable, or otherwise as necessary to perform its obligations or exercise its rights under the Agreement. 15.4.2 Suggestions. If you provide any feedback, comments, or suggestions for the improvement of the Services (“Suggestions”), you hereby license the Suggestions and all related intellectual property to ClearDATA on a non-exclusive, worldwide, fully paid, perpetual, irrevocable basis for ClearDATA to use, disclose, modify, reproduce, license, distribute, commercialize and otherwise freely exploit without restriction of any kind, without obligation to account for or share revenue or profits. 15.4.3 Use of De-Identified Data. You agree that on your prior written consent ClearDATA may use your Personal Data to provide data aggregation services, as permitted by the HIPAA Privacy Rule provided that it de-identifies the Personal Data in a manner that meets the HIPAA Privacy Rule de-identification requirements, and otherwise complies with the requirements for data aggregation services stated in the BAA. 15.4.4 Reservation of Rights. Except for the rights expressly granted in the Agreement, each party retains all right, title and interest in and to its intellectual property, and the parties agree that no rights in intellectual property are conferred by implication or estoppel. Neither party may reverse engineer, disassemble or decompile the other party’s intellectual property except to the extent necessary to use or provide the Services, or as permitted by applicable law notwithstanding this restriction. Neither party may remove any proprietary rights notices included by the other party on its licensed intellectual property. 15.5 Publicity. You agree that ClearDATA may publicly disclose that it is providing Services to you and may use your name and logo in its online, printed and other marketing and publicity materials to identify you as a ClearDATA customer, subject to your reasonable trademark usage guidelines. ClearDATA may use any quotation provided or approved by you for marketing purposes in a press release or other publicity. 15.6 Assignment, Subcontractors. Either party may assign this Agreement without the other party’s prior written consent: (a) in connection with the sale of all or substantially all of its assets; (b) to the surviving entity in any merger or consolidation; (c) to an affiliate; or (d) to satisfy a regulatory requirement imposed upon a party by a governmental body with appropriate authority, provided, however, that in each case your assignee must have a financial standing and creditworthiness equal to or better than yours, as reasonably determined by ClearDATA, through a generally accepted, third party credit rating index (i.e. D&B, S&P, etc). Any other assignment requires the prior written consent of the other party. ClearDATA may use subcontractors to perform all or any part of the Services, but remains responsible to you under this Agreement for Services performed by its subcontractors to the same extent as if ClearDATA performed the Services itself. Certain ClearDATA subcontractors require ClearDATA to include the following clauses: (i) none of ClearDATA’s subcontractors make any representations or warranties to you under this Agreement, and none of them has any liability directly to you in connection with the Services or any direct indirect, incidental or consequential damages arising from your use of the Services; (ii) you acknowledge that ClearDATA is not an agent for Amazon Web Services, Inc., Google, Inc., Microsoft Corporation, or its other subcontractors, and that ClearDATA and its subcontractors are independent contractors and not partners or joint venturers. 15.7 Infrastructure Subcontractors. 15.7.1 AWS. If the infrastructure part of your Services are provided by AWS, you agree that ClearDATA may disclose to AWS the name and contact information associated with your AWS account ID, and that AWS may further disclose your name and geographic location to third parties who provide technology for your use as part of the AWS Services. If you authorize ClearDATA to access your accounts with AWS that you have established under your agreement with AWS, then the AWS terms at https://s3-us-west-2.amazonaws.com/solution-provider-program-legal-documents/AWS+Solution+Provider+Program+-+Program+Guide+for+End+Customers.pdf apply. 15.7.2 Google. If the infrastructure part of your Services is provided by Google, you agree that ClearDATA may disclose to Google your name and geographic location and other general information about your environment and company that Google may reasonably require under the terms of its agreement with ClearDATA. The Google Service Specific Terms at https://cloud.google.com/terms/service-terms are incorporated into the Agreement as applicable. 15.7.3 Microsoft. If the infrastructure part of your Services is provided by Microsoft (Azure or otherwise), you agree that ClearDATA may disclose to Microsoft information about you and your use of the Microsoft services that Microsoft may reasonably require under the terms of its agreement with ClearDATA. If and to the extent ClearDATA resells Microsoft online services to you under this Agreement, then your use of the Microsoft online services is governed exclusively by the Microsoft Cloud Agreement, English version, a separate agreement between you and Microsoft Corporation, a current version of which is available at https://msdn.microsoft.com/en-us/partner-center/agreements. You agree that you will cooperate with any process required by Microsoft that is designed to ensure that you have agreed to these terms. 15.8 Third Party Services. As a convenience to you, ClearDATA may enable you to use data analytics or other third party services in connection with your ClearDATA services, or may identify third parties who perform services that are useful to you such as database management or data migration. ClearDATA does not endorse any third party services, and makes no representation or warranty whatsoever regarding third parties or third party services. You are responsible for investigating the third party’s qualifications and skills. Your use of the third party’s services is governed by your separate agreement with the third party. For third party services you purchase through ClearDATA you agree that ClearDATA may disclose to the third party information about you and your use of their services in accordance with the agreement between you and the third party to the same extent as if the third party collected information directly from you. 15.9 Governing Law. This Agreement is governed by and interpreted under the laws of the State of Texas and the United States of America, as applicable, without giving effect to any conflicts of law principles that would require the application of the law of a different jurisdiction. The parties expressly and irrevocably disclaim and waive the application of the United Nations Convention on Contracts for the International Sale of Good and the Uniform Computer Information Transactions Act. The parties agree that neither the Services nor the Cloud Environment are considered “goods” covered by any State version of the Uniform Commercial Code. 15.10 Disputes. 15.10.1 Mediation. Except for a request for temporary injunctive or other equitable relief, each party agrees that it shall not file a lawsuit or other legal action in connection with this Agreement unless it has first given the other party written notice of the dispute, and attempted to resolve the dispute through good faith negotiation. At the request of either party, the dispute will be submitted for non-binding mediation conducted by a mutually acceptable mediator in Travis County, Texas. The mediator will be chosen by mutual agreement of the parties within twenty-one (21) days after written notice by either party demanding mediation. Neither party shall unreasonably withhold or delay consent to the selection of a mediator. The parties will share equally the costs of the mediation, exclusive of any fees paid by a party to its internal or external legal advisors, accountants and experts in connection with the dispute. The use of any mediation procedures will not be construed under the doctrines of laches, waiver or estoppel to affect adversely the rights of either party. If the dispute is not resolved through negotiation or mediation within forty-five (45) days of the date of the initial demand for mediation, the parties are free to file a lawsuit or other action. 15.10.2 Jurisdiction, Venue. Each party agrees that it shall bring any lawsuit or other legal action related to this Agreement in the State or Federal courts sitting in Travis County, Texas. Neither party shall dispute the personal jurisdiction of such courts, and each party waives any objection it may have as to the venue of such court. 15.10.3 Waiver of Jury Trial. To the extent permitted by applicable law, each party waives the right to a trial by jury in respect of any litigation arising out of this Agreement and the parties’ activities regarding this Agreement. 15.10.4 Time Bar. A party may not bring an action in relation to this Agreement more than two (2) years after the date that the cause of action accrued. 15.10.5 Prevailing Party Entitled to Fees and Costs. The prevailing party in any action to enforce this Agreement, including an action for equitable relief, may recover its costs and expenses of the action from the other party, including reasonable attorney fees. 15.10.6 Expenses Arising from Legal Disputes, Subpoenas Regarding Your Account. In addition to your indemnification obligations, you must also pay or reimburse ClearDATA’s reasonable actual attorneys’ fees and other expenses incurred in connection with any dispute between persons having a conflicting claim to control of your account, or to comply with any third-party subpoena, warrant or other mandated disclosure that is unrelated to any claim between you and ClearDATA. 15.11 Force Majeure. Except for your payment obligations, neither party is in violation of the Agreement if the failure to perform is due to an event beyond that party’s reasonable control, such as a significant failure of the power grid or Internet, denial of service attacks, natural disaster, war, riot, insurrection, epidemic, strikes or other organized labor action, terrorism, or other acts or events for which precautions are not generally taken in the industry. 15.12 Interpretations of Certain Words. The term “person” refers to any legal person, and may mean a natural person (individual), a legally created person (such as an entity, trustee, or executor), or an entity (such as a corporation, partnership, or limited liability company). The term “law” refers to statutes, regulations, executive orders, and other legally binding rules issued by a government agency having jurisdiction. The word “including” means “including, without limitation.” The words “will” and “shall” are words of obligation, not expressions of intent or expectation. All references to monetary amounts mean United States Dollars unless otherwise indicated. The term “parties,” either in lower- or upper-case form, refers to the signatories to this Agreement. Unless otherwise defined, the words “business day,” “business hours,” or the like mean Monday – Friday, 9:00 a.m. – 5:00 p.m., United States Central Time, excluding federal public holidays in the United States. A reference to “day” means a calendar day, unless expressly designated as a “business” day. The term “personnel” refers to employees of the person referred to and individual contractors of the person referred to if the individuals are under the direct supervision of the person referred to. The word “affiliate” refers to an individual or entity that controls, is controlled by, or is under common control with the person referred to, where control means ownership of the majority of voting interests of an entity or the right to control the policies of the entity by means of a controlling number of seats on the entity’s governing body. All technology provided under this Agreement is licensed and not sold; any use of the term “sale” or like word means a sale of a license. Any requirement in this Agreement that a statement be written, in writing, or a like requirement is satisfied by an email or other digital form of writing unless expressly stated otherwise. Nouns stated in the singular may imply the plural as indicated by the context, and pronouns that are gender specific should be read to refer to either gender. The Section captions in this Agreement are for convenience only; they are not part of this Agreement and may not be used to interpret the terms of this Agreement. References to sections in any of the documents that comprise the Agreement are references to the sections of the document in which the references appear unless otherwise indicated. 15.13 Relationship Between the Parties. The parties are independent contractors, and neither party is the agent of the other or has the right to bind the other on any contract with a third party. The use of the words “partner” or “partnership” in this Agreement or otherwise refers only to a business relationship, and does not create or reflect any legal partnership, joint venture, or other fiduciary or other special relationship between the persons described as partners. Nothing in this Agreement creates an obligation of exclusivity or non-competition. Each party is free to purchase and sell services of the type described in the Agreement to any person, including competitors of the other party. 15.14 Modifications. 15.14.1 Changes to Online Terms. ClearDATA may modify its Web-published CCSA, AUP, the SLA, and any other online document that is part of the Agreement. Modifications are effective as to any Order that is signed after the date the modified version is published, and are effective as to existing Orders as of the first renewal term that begins at least thirty (30) days after the modification is published. If you execute a new Order that modifies an existing Cloud Environment, then the version of the CCSA, AUP, and SLA published on the date of that new Order controls as to all Orders for that Cloud Environment and related Services. 15.14.2 Changes to Customer Specific Documents. A customer specific document that is part of the Agreement may be modified only by an amendment that specifically references that document and that is signed by the parties. Customer specific documents are documents that state transactions terms for your particular Cloud Environment or other terms that supplement or deviate from ClearDATA’s Web-published legal terms, such as Order(s), a Customer-specific Business Associate Agreement, or other legal terms applicable only to those customers or end user identified in the document. 15.15 Order of Precedence. If there is a conflict between the documents that comprise the “Agreement,” the documents control in the following order of precedence: this CCSA, the AUP, the SLA, the Order, and any other document that is part of the Agreement, except that, any Business Associate Agreement that is incorporated into the Agreement by means of the Order shall apply in lieu of the BAA referenced in this CCSA. 15.16 Federal Agency Users. The Services were developed solely at private expense and are commercial computer software and related documentation within the meaning the Federal Acquisition Regulations and applicable agency supplements. 15.17 Third Party Beneficiaries. Unless and to the extent specifically stated otherwise in some other section of this Agreement, there are no third-party beneficiaries to this Agreement. Neither party’s customers, end users, suppliers, or other person shall have the right to enforce this Agreement. 15.18 Severability. In the event one or more of the terms of this Agreement are adjudicated invalid, illegal, or unenforceable, the adjudicating body may either interpret this Agreement as if such terms had not been included, or may reform such terms to the limited extent necessary to make them valid, legal or enforceable, consistent with the economic and legal incentives underlying the Agreement. 15.19 Waiver. No right or remedy arising regarding this Agreement shall be waived by a course of dealing between the parties, or a party’s delay in exercising the right or remedy. A party may waive a right or remedy only by signing a written document that expressly identifies the right or remedy waived. Unless expressly stated in the waiver, a waiver of any right or remedy on one occasion will not be deemed a waiver of that right or remedy on any other occasion, or a waiver of any other right or remedy. 15.20 Counterparts, Signatures. This Agreement may be signed in multiple counterparts, which taken together shall be read as one Agreement. A signed agreement transmitted by facsimile, email attachment, or other electronic means shall be considered an original. The parties agree that electronic or digital signatures shall be given the same effect as a manual signature.
This CCSA is the complete and exclusive agreement between the parties regarding its subject matter and supersedes and replaces in its entirety any prior or contemporaneous agreement or understanding, written or oral. The parties represent to each other that they have not entered into the Agreement in reliance on any statement other than those included in the Agreement.
© ClearDATA Networks, Inc. 2018
CCSA Revision Date November 1, 2018
In the news
10 Tips to Shrink Attack Surface by Prioritizing Digital Hygiene
ClearDATA’s founder and Chief Privacy & Security Officer Chris Bowen gives his take on digital threats associated with the pandemic and the risks and mitigation efforts.
5 ways IT vendors put customers’ PHI at risk
Warning to technology vendors that service the healthcare industry: nearly half of serious data breaches occur in the healthcare sector and the majority are caused by a third party. There are five common ways technology vendors set themselves up – and their healthcare customers – for a data breach that could be catastrophic to patients’ privacy and the vendor’s reputation.