TERMS OF SERVICE
These Terms of Service (this “Agreement”) is entered into by and between GrindFoundry, Inc. d/b/a Archy (“Archy”) and the entity or person placing an order for or accessing the Archy Services (“Customer” or “you”). This Agreement consists of the terms and conditions set forth below, any exhibits or addenda identified below and any Order Forms. If you are accessing or using the Archy Services on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company, and all references to “you” or “Customer” reference your company.
Please note that Archy may modify the terms and conditions of this Agreement in accordance with Section 12.9 (Amendments; Waivers).
BY INDICATING YOUR ACCEPTANCE OF THIS AGREEMENT OR ACCESSING OR USING THE ARCHY SERVICES, YOU ARE AGREEING TO BE BOUND BY ALL TERMS, CONDITIONS AND NOTICES CONTAINED OR REFERENCED IN THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT, PLEASE DO NOT USE THE ARCHY SERVICES. FOR CLARITY, EACH PARTY EXPRESSLY AGREES THAT THIS AGREEMENT IS LEGALLY BINDING UPON IT.
1.1 “Archy Service” means Archy’s software-as-a-service platform for dental practice management, including the Payment Processing Services.
1.2 “Archy Technology” means the Archy Service, any other Archy products and services, and all related or underlying documentation, technology, code, Aggregate/Anonymous Data, logs, product usage data, know-how, logos, materials, and templates (including anything delivered as part of support or other services), and any updates, modifications or derivative works of any of the foregoing (including as may incorporate any Feedback).
1.3 “Confidential Information” means code, inventions, know-how, product plans, and technical and financial information exchanged under this Agreement, that is identified as confidential at the time of disclosure or should reasonably be considered confidential based on the circumstances surrounding the disclosure and the nature of the information disclosed.
1.4 “Customer Data” means any data collected from or by the Archy Service on behalf of Customer and any data or content that Customer provides to the Archy Service.
1.5 “Customer Office” means the specific Customer offices that are authorized in the corresponding Order Form to use the Archy Services.
1.6 “Order Form” means any Archy ordering documentation, online sign-up, or subscription flow that references this Agreement.
1.7 “Payment Processing Services” means certain payment processing services included in the Archy Service for credit and debit card, automated clearinghouse, and other similar transactions, including without limitation related software platforms and/or hardware and equipment.
1.8 “Term” means the initial term for the applicable Archy Service specified on an Order Form, and each subsequent renewal term (if any).
2. ACCOUNT REGISTRATION AND USE.
Customer will need to register for an Archy account in order to use the Archy Service. Account information must be accurate, current, and complete. Customer agrees to keep this information up-to-date so that Archy may send notices, statements, and other information by email or through Customer’s account. Customer must ensure that any user IDs, passwords, and other access credentials for the Archy Service (collectively, “Access Credentials”) are kept strictly confidential and may only share Access Credentials with its employees and contractors to use the Archy Service on Customer’s behalf. Customer will be responsible for any and all actions taken using its and its users’ accounts and Access Credentials. Customer must notify Archy promptly of any breach of security or unauthorized use of its account or Access Credentials.
3. USE RIGHTS.
3.1 Use of Archy Services. Subject to the terms and conditions of this Agreement, Archy grants Customer a non-exclusive, non-transferable, non-sublicensable right during the applicable Term to access and use the Archy Services set forth in the corresponding Order Form solely at Customer Offices and for Customer’s internal business purposes.
3.2 Payment Processing Services. In the event Customer has purchased Payment Processing Services from Archy, Customer shall be required to first enter into a separate agreement with Finix Payments, Inc. (“Finix”) to enable Customer’s use of Finix’s payment processing products and services (“Finix Services”). Archy shall not be responsible or liable to Customer with respect to Customer’s use of any Finix Services, including any bugs, defects, or issues relating thereto. Customer may not charge any convenience fee or otherwise pass-through any transaction fees for the Payment Processing Services unless otherwise approved by Archy in writing.
3.3 General Restrictions. Customer must not (and must not allow any third party to): (i) rent, lease, copy, transfer, resell, sublicense, lease, time-share, distribute, or otherwise provide access to any portion of the Archy Service to a third party; (ii) modify or create a derivative work of the Archy Service or any portion of it; (iii) reverse engineer, disassemble, decompile, translate, or otherwise seek to obtain or derive the source code, underlying ideas, algorithms, file formats, or non-public APIs to any Archy Service, except to the extent expressly permitted by applicable law and then only with advance notice to Archy; (iv) break or circumvent any security measures, rate limits, or usage tracking (such as event tracking) of the Archy Service; (v) access the Archy Service for the purpose of building a competitive product or service or copying its features or user interface; (vi) use the Archy Service for purposes of product evaluation, benchmarking, performance testing, or comparative analysis intended for publication; (vii) remove or obscure any proprietary or other notices contained in the Archy Service, including in any reports or output obtained from the Archy Service; or (viii) use the Archy Service in any manner which could damage, disable, overburden, or impair the Archy Service or interfere with any third party’s authorized use of the Archy Service.
Compliance with Laws. Customer represents, warrants and covenants that it will fully comply with all applicable laws, rules, and regulations (“Laws”), including but not limited to any Laws that govern intellectual property, data privacy and protection (including the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HIPAA”), and any VISA, MasterCard, Discover, and/or other credit card or payment processing networks (“Payment Networks”) rules, policies, terms, conditions, and standards (including but not limited to Payment Card Industry Data Security Standards, the VISA Cardholder Information Security Program, the MasterCard Site Data Protection Program, and any other program or requirement that may be published and/or mandated by the Payment Networks).
Customer Communications. To the extent Customer uses the Archy Services to send any electronic marketing messages or SMS and/or MMS messages (collectively, “Messages”), Customer represents, warrants and covenants that it (a) will comply with all applicable Laws, including but not limited to the CAN-SPAM Act, Telephone Consumer Protection Act (“TCPA”), and Federal Trade Commission and Federal Communications Commission rules; (b) is solely responsible for the content of its Messages; (c) it has obtained all rights, permissions and consents necessary to send Messages and will do so in compliance with all applicable Laws; and (d) Messages processed by the Archy Services on Customer’s behalf shall not violate the rights of any third party or any Laws. Customer acknowledges and agrees that Archy does not control or monitor any Messages. For purpose of TCPA, Archy and its third party service providers shall be a provider but not a maker or initiator with respect any text message communications sent on Customer’s behalf, and Customer shall be deemed the maker or initiator of such messages. Client agrees to only the Archy Services to send marketing Messages to recipients who have opted-in to receive such Messages from Customer.
Beta Releases and Free Access Subscriptions. Archy may provide Customer with the Archy Service for free or on a trial basis (a “Free Access Subscriptions”) or with “alpha”, “beta”, or other early-stage Archy Services, integrations, or features (“Beta Releases”), which are optional for Customer to use. Archy makes no promises that future versions of Beta Releases or Free Access Subscriptions will be released or will be made available under the same commercial or other terms. Archy may terminate Customer’s right to use any Free Access Subscriptions or Beta Releases at any time in Archy’s sole discretion, without liability. WITH RESPECT TO BETA RELEASES, CUSTOMER ACKNOWLEDGES AND AGREES THAT BETA RELEASES MAY NOT BE COMPLETE OR FULLY FUNCTIONAL AND MAY CONTAIN BUGS, ERRORS, OMISSIONS, AND OTHER PROBLEMS FOR WHICH ARCHY WILL NOT BE RESPONSIBLE. ACCORDINGLY, ANY USE OF BETA RELEASES ARE AT CUSTOMER’S SOLE RISK NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN.
4. CUSTOMER DATA.
Rights in Customer Data. Customer represents and warrants that it has obtained all required consents, permissions, and authorizations to permit the disclosure to Archy of Customer Data (including any patient data) and use by Archy of such patient data to operate the Archy Service. As between the parties, Customer retains all right, title, and interest (including any intellectual property rights) in and to the Customer Data. Customer grants Archy a non-exclusive, worldwide, royalty-free right to collect, use, modify and process Customer Data solely: (i) to provide the Archy Service and related services to Customer and (ii) to generate separate anonymous data sets about product usage that do not identify Customer or its employees, patients or other personnel and that are stripped of all persistent identifiers (such as name, email address, etc.) (“Aggregate/Anonymous Data”).
Data Security. Archy will implement appropriate technical and organizational security measures designed to protect Customer Data in the Archy Service against unauthorized or unlawful processing, accidental or unlawful destruction, accidental loss or alteration, and unauthorized disclosure or access. The Business Associate Agreement included herein as Exhibit A shall apply with respect to Archy’s processing of any “protected health information” as defined under HIPAA.
5. FEES AND PAYMENT.
Fees. To the extent the Archy Services are made available for a fee, Customer agrees to pay all fees in the currency and payment period specified in the applicable Order Form. Archy’s fees are exclusive of all taxes, and Customer must pay any applicable sales, use, VAT, GST, excise, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on the income of Archy. Except as expressly provided in this Agreement, payments are non-refundable and non-creditable and payment obligations non-cancellable. All undisputed fees due are payable in United States dollars, unless otherwise agreed to between the parties in writing. Archy reserves the right to change the fees or applicable charges and to institute new charges and fees at the end of the initial term of an Order Form, as specified in such Order Form, or then-current renewal term, upon thirty (30) days prior notice to Customer (which may be sent by email).
Payment. Unless Archy chooses to bill through an invoice (in its sole discretion), Customer will be required to provide Archy (or its payment processor) with information regarding its credit card or other payment instrument. Customer (a) represents and warrants to Archy that such information is true and that Customer is authorized to use the payment instrument, (b) will promptly update its account information with any changes to its payment instrument information, (c) hereby authorizes Archy (including through its payment processor, in which case Customer hereby agrees to the applicable terms and policies of such payment processor) to bill Customer’s payment instrument in advance in accordance with the terms of the applicable payment plan, and (d) is responsible for either (i) enabling auto-recharge on Customer’s payment instrument or (ii) ensuring that Customer’s payment instrument has a sufficient positive balance to cover all fees due. If, for any reason, Customer has a negative balance on its account(s), then Archy reserves the right to suspend access to the Archy Services. [If Company chooses to bill through an invoice, full payment for invoices issued in any given month must be received by Company thirty (30) days after the mailing date of the invoice.] Unpaid Fees are subject to a finance charge of 1.5% per month, or the maximum permitted by law, whichever is lower.
Disputes. Customer must notify Archy in writing of any good-faith payment dispute within twenty (20) days of the applicable payment date and reasonably cooperate with Archy in resolving any dispute. If the parties are unable to resolve a dispute within ten (10) days of Customer’s notice, each party will have the right to seek any remedies it may have under this Agreement, at law or in equity, irrespective of any provision in this Agreement that would limit seeking these remedies on account of a payment dispute. For clarity, any undisputed amounts must be paid in full in accordance with this Section.
6. TERM AND TERMINATION.
Term. This Agreement is effective as of the Effective Date and continues until terminated. Either party may terminate this Agreement with thirty (30) days’ advance written notice if all Order Forms for the Archy Service(s) have expired or are terminated as expressly permitted in this Agreement.
Renewals. By executing an Order Form for purchase of an Archy Service, Customer is agreeing to pay applicable fees for the entire Term. Customer cannot cancel or terminate this Agreement except as expressly permitted by Section 6.4 (Termination for Cause). If no start date is specified on the applicable Order Form, the Term starts when Customer first obtains access to the Archy Service. Each Term will automatically renew for additional successive twelve-month periods unless: (i) otherwise stated on the applicable Order Form; or (ii) either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current Term.
Suspension of Service. Archy may suspend Customer’s access to the Archy Service(s) if Customer’s account is overdue and Customer fails to pay amounts due within ten (10) days of notice by Archy, subject to Section 5.4 (Disputes). Archy may also suspend Customer’s access to the Archy Service(s) if it determines that suspension is necessary to prevent harm or liability to other customers or third parties, or to preserve the security, stability, availability or integrity of the Archy Service.
Termination for Cause. Either party may terminate this Agreement, including any related Order Form, if the other party: (i) fails to cure any material breach of this Agreement (including a failure to pay undisputed fees) within thirty (30) days after written notice detailing the breach; (ii) ceases operation without a successor; or (iii) if permitted by applicable law, seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition, or comparable proceeding, or if any of these proceedings are instituted against that party (and not dismissed within sixty (60) days thereafter).
Effect of Termination. Upon any expiration or termination of this Agreement or an Order Form, Customer’s license rights terminate and it must promptly: (a) stop using the applicable Archy Service(s) (including any related Archy Technology); (b) delete (or, at Archy’s request, return) any Archy Confidential Information in Customer’s possession, custody, or control. Archy will use commercially reasonable efforts to assist Customer in transitioning the services provided by Archy to a third party provider, including using commercially reasonable efforts to provide an export of Customer Data that constitute a “designated record set” under HIPAA through the method and means set forth in Archy’s documentation. If Archy terminates this Agreement for cause as provided in Section 6.4 (Termination for Cause), any payments for the remaining portion of the Term will become due and must be paid immediately by Customer. If Customer terminates this Agreement for cause as provided in Section 6.4 (Termination for Cause), Customer will receive a refund of any fees it has pre-paid for the terminated portion of the applicable Term. Except where this Agreement specifies an exclusive remedy, all remedies under this Agreement, including termination or suspension, are cumulative and not exclusive of any other rights or remedies that may be available to a party.
Survival. The following Sections survive any expiration or termination of this Agreement: 1 (Definitions); 2 (Account Registration and Use); 3.2 (General Restrictions); 3.4 (Compliance with Laws); 3.5 (Customer Communications); 3.6 (Beta Releases and Free Access Subscriptions); 4.1 (Rights in Customer Data); 5 (Fees and Payment); 6 (Term and Termination); 7 (Confidential Information); 8 (Archy Technology); 9 (Indemnification); 10 (Disclaimers); 11 (Limitations of Liability); and 12 (General).
Confidentiality Obligation. Each party (as the receiving party) must: (i) hold in confidence and not disclose the other party’s Confidential Information to third parties except as permitted by this Agreement; and (ii) only use the other party’s Confidential Information to fulfill its obligations and exercise its rights under this Agreement. Each party may share the other party’s Confidential Information with its employees, agents or contractors having a legitimate need to know (which, for Archy, includes the subcontractors referenced in Section 12.4), provided that the party remains responsible for any recipient’s compliance with the terms of this Section 7 and that these recipients are bound to confidentiality obligations no less protective than this Section.
Exclusions. These confidentiality obligations do not apply to (and Confidential Information does not include) information that: (i) is or becomes public knowledge through no fault of the receiving party; (ii) was known by the receiving party before it received the Confidential Information; (iii) is rightfully obtained by the receiving party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by the receiving party without using the disclosing party’s Confidential Information. A party may also disclose the other party’s Confidential Information to the extent required by law or court order, provided it gives advanced notice (if permitted by law) and cooperates in any effort by the other party to obtain confidential treatment for the information.
Remedies. The parties acknowledge that disclosing Confidential Information may cause substantial harm for which damages alone may be an insufficient remedy, and so on breach of this Section, each party is entitled to seek appropriate equitable relief in addition to any other remedies it may have at law.
Ownership and Updates. This is a term-limited agreement for access to and use of the Archy Service. Customer acknowledges that it is only obtaining a limited right to use the Archy Service and no ownership rights are transferred to Customer under this Agreement. As between the parties, Archy retains all rights, title and interest (including all intellectual property rights) in and to all Archy Technology, which is deemed Archy’s Confidential Information, and reserves any licenses not specifically granted in this Agreement. The Archy Service is offered as an online, hosted product. Accordingly, Customer acknowledges and agrees that it has no right to obtain a copy of the software behind any Archy Service, that Archy may collect learnings, logs, and data regarding the performance and use of the Archy Service, and that Archy may make updates, bug fixes, modifications or improvements to the Archy Service from time-to-time.
Feedback. If Customer elects to provide any suggestions, comments, improvements, information, ideas or other feedback or related materials to Archy (collectively, “Feedback”), Customer hereby grants Archy a worldwide, perpetual, non-revocable, sublicensable, royalty-free right and license to use, copy, disclose, license, distribute, and exploit any Feedback in any format and in any manner without any obligation, payment, or restriction based on intellectual property rights or otherwise, however Archy will not identify Customer as the source of the Feedback. Nothing in this Agreement limits Archy’s right to independently use, develop, evaluate, or market products, whether incorporating Feedback or otherwise.
INDEMNIFICATION. Customer agrees to defend Archy from and against any third-party claim to the extent resulting from its use of the Archy Services or breach of this Agreement. Customer will indemnify and hold Archy harmless from and against any damages and costs awarded against Archy or agreed in settlement by Customer (including reasonable attorney’s fees) that result from these third-party claims. Customer must not settle any claim without Archy’s prior written consent if the settlement would require Archy to admit fault, pay amounts that Customer must pay under this Agreement, or take or refrain from taking any action. Archy may participate in a claim through counsel of its own choosing at its own expense and Customer and Archy will reasonably cooperate on the defense.
WARRANTY; DISCLAIMERS. Archy shall use commercially reasonable efforts to ensure that the Archy Services are available for use. HOWEVER, ALL ARCHY TECHNOLOGY AND RELATED SERVICES ARE OTHERWISE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. NEITHER ARCHY (NOR ITS SUPPLIERS) MAKES ANY WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, ARCHY MAKES NO REPRESENTATION, WARRANTY OR GUARANTEE THAT ARCHY TECHNOLOGY WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS, OR THAT ARCHY TECHNOLOGY WILL BE TIMELY, UNINTERRUPTED OR ERROR-FREE. THE DISCLAIMERS IN THIS SECTION WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT. TO THE EXTENT THE DISCLAIMERS IN THIS SECTION CONFLICT WITH APPLICABLE LAW, THE SCOPE AND DURATION OF ANY APPLICABLE WARRANTY WILL BE THE MINIMUM PERMITTED UNDER THAT LAW.
LIMITATIONS OF LIABILITY.
Consequential Damages Waiver; Liability Cap. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL (A) EITHER PARTY (OR ITS SUPPLIERS) BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST CONTENT OR DATA, OR FOR ANY AND ALL OTHER DAMAGES OR LOSSES, EVEN IF A REPRESENTATIVE OF SUCH OTHER PARTY HAS BEEN ADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) ARCHY (AND ITS SUPPLIER’S) BE LIABLE FOR ANY AGGREGATE DAMAGES, COSTS OR LIABILITIES IN EXCESS OF THE AMOUNTS PAID BY CUSTOMER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12) MONTHS PRECEDING THE INCIDENT OR CLAIM, OR IN THE CASE OF FREE ACCESS SUBSCRIPTIONS OR BETA RELEASES, FIFTY U.S. DOLLARS ($50 US).
Failure of Essential Purpose. EACH PARTY ACKNOWLEDGES AND AGREES THAT THIS SECTION 11 IS A FUNDAMENTAL BASIS OF THE BARGAIN AND A REASONABLE ALLOCATION OF RISK BETWEEN THE PARTIES AND WILL SURVIVE AND APPLY TO ANY CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT, ANY ARCHY TECHNOLOGY OR ANY RELATED SERVICES, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE), EVEN IF ANY LIMITED REMEDY IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
Governing Law; Jurisdiction and Venue. This Agreement is governed by the laws of the State of California and the United States, without regard to choice or conflict of law rules thereof. The exclusive jurisdiction and venue for actions related to the subject matter of this Agreement are the state courts located in San Jose, CA or the United States District Court for the Northern District of California, and both parties submit to the personal jurisdiction of these courts.
Assignment. This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns. Neither party may assign this Agreement without the other party’s advanced written consent, except that each party may assign this Agreement without consent in connection with a merger, reorganization, acquisition, or other transfer of all or substantially all of its assets or voting securities. Any attempt to transfer or assign this Agreement except as expressly authorized under this Section will be void.
Notices. Any notice or communication under this Agreement must be in writing. Customer must send any notices under this Agreement (including breach notices and warranty and indemnity claims) to Archy, in English to [EMAIL]. Archy may send notices to the email addresses on Customer’s account or, at Archy’s option, to Customer’s last-known postal address. Archy may also provide operational notices regarding the Archy Service or other business-related notices through conspicuous posting of the notice on Archy’s website or the Archy Service. Each party consents to receiving electronic notices. Archy is not responsible for any automatic filtering Customer or its network provider may apply to email notifications.
Subcontractors. Archy may use subcontractors (“Subcontractors”) and permit them to exercise the rights granted to Archy in order to provide the Archy Service and related services under this Agreement. These Subcontractors may include, for example, Archy’s hosting providers. However, subject to all terms and conditions of this Agreement, Archy will remain responsible for: (i) compliance of its Subcontractors with the terms of this Agreement; and (ii) the overall performance of the Archy Services if and as required under this Agreement. Subcontractors are third-party beneficiaries to this Agreement and are entitled to the rights and benefits hereunder and may enforce the provisions hereof as if they were parties hereto.
Independent Contractors. The parties to this Agreement are independent contractors, and this Agreement does not create a partnership, joint venture, employment, franchise, or agency relationship. Neither party has the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.
Force Majeure. Neither party will be liable for any delay or failure to perform its obligation under this Agreement if the delay or failure is due to causes beyond its reasonable control, such as a strike, blockade, war, act of terrorism, riot, natural disaster, failure or reduction of power or telecommunications or data networks or services, or government act.
Export Control. Each party will comply with all applicable export control laws. Customer represents and warrants that it is not on any government list of prohibited or restricted parties or located in (or a national of) a country subject to a government embargo or that has been designated by the government as a “terrorist supporting” country.
Publicity. Customer agrees that Archy may refer to Customer’s name and trademarks in Archy’s marketing materials and website, including but not limited to displaying the Customer’s logo, solely for the purpose of identifying Customer as a customer of Archy.
Amendments; Waivers. Archy may update the terms and conditions of this Agreement (which may include changes pricing and plans) from time to time with prior notice to Customer in accordance with Section 12.3. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement. Waivers must be made in writing and executed by an authorized representative of the waiving party.
Severability. If any provision of this Agreement is found by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement may otherwise remain in effect.
No Third-Party Rights. Nothing in this Agreement confers on any third party the right to enforce any provision of this Agreement.
Entire Agreement. This Agreement represents the parties’ complete and exclusive understanding relating to the Agreement’s subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals and representations with respect to the Archy Technology or any other subject matter covered by this Agreement. The terms of the United Nations Convention on Contracts for the Sale of Goods do not apply to this Agreement. Any terms provided by Customer (including as part of any purchase order or other business form used by Customer) are for administrative purposes only, and have no legal effect.
Business Associate Agreement
This Business Associate Agreement (this “BAA”) is by and between Customer (“Covered Entity”), and GrindFoundry d/b/a Archy (“Business Associate”). This BAA supplements Archy’s Terms of Service (the “Agreement”) and is effective as of the date you electronically indicate your acceptance of this BAA by accepting the Terms of Service (the “BAA Effective Date”).
BY ACCEPTING THIS BAA OR USING THE ARCHY SERVICES, YOU AGREE TO THESE TERMS AND CONDITIONS. YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY ON WHOSE BEHALF YOU HAVE SIGNED UP TO USE THE ARCHY SERVICES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS BAA AND MAY NOT USE THE ARCHY SERVICES FOR THE STORAGE OR TRANSMISSION OF PROTECTED HEALTH INFORMATION.
The following terms shall have the following meaning when used in this BAA:
a. “Breach” shall have the same meaning as the term “breach” in 45 C.F.R. § 164.402.
b. “Designated Record Set” shall have the same meaning as the term “designated record set” in 45 C.F.R. § 164.501.
c. “Electronic Protected Health Information” shall mean Protected Health Information that is “electronic protected health information” as defined in 45 C.F.R. § 160.103.
d. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, and the regulations promulgated under these statutes.
e. “Individual” shall have the same meaning as the term “individual” in 45 C.F.R. §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. §164.502(g).
e. “Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, except limited to the information received from Covered Entity, or created, maintained or received on behalf of Covered Entity.
f. “Unsecured Protected Health Information” shall mean Protected Health Information that is “unsecured protected health information” as defined in 45 C.F.R. § 164.402.
g. “Required By Law” shall have the same meaning as the term “required by law” in 45 C.F.R. § 164.103.
h. “Secretary” shall mean the Secretary of HHS or the designee of the Secretary of HHS.
i. “Subcontractor” shall have the same meaning as the term “subcontractor” in 45 C.F.R. §160.103, except limited to any such individual or entity who creates, receives, maintains, or transmits Protected Health Information on behalf of Business Associate.
Any capitalized term not specifically defined herein shall have the same meaning as is set forth in 45 C.F.R. Parts 160 and 164 or the Agreement, where applicable. The terms “use,” “disclose” and “discovery,” or derivations thereof, although not capitalized, shall also have the same meanings set forth in HIPAA.
2. Obligations and Activities of Business Associate:
a. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement, HIPAA or as Required By Law.
b. Business Associate agrees use appropriate safeguards and comply, where applicable, with Subpart C of 45 C.F.R. Part 164 with respect to Electronic Protected Health Information, to prevent use or disclosure of the Protected Health Information other than as provided for by this BAA.
c. Business Associate agrees to report to the Covered Entity any use or disclosure of Protected Health Information not provided for by this BAA, including, without limitation, Breaches of Unsecured Protected Health Information as required at 45 C.F.R. 164.410, and any Security Incident of which it becomes aware. The parties acknowledge and agree that this Section 2(c) constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but unsuccessful Security Incidents for which no additional notice to Covered Entity shall be required. Unsuccessful Security Incidents shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as such incidents do not result, to the extent Business Associate is aware, in unauthorized access, use or disclosure of Electronic Protected Health Information.
d. In accordance with 45 C.F.R. 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, Business Associate agrees to ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Business Associate agree in writing to the same restrictions, conditions, and requirements that apply to Business Associate under this BAA with respect to such Protected Health Information.
e. Business Associate agrees to make available Protected Health Information in a Designated Record Set to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524.
f. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. § 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526.
g. Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528.
h. To the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligations.
i. Business Associate agrees to make its internal practices, books, and records available to the Secretary for purposes of determining compliance with HIPAA.
3. Permitted Uses and Disclosures by Business Associate:
a. Business Associate may only use or disclose Protected Health Information as necessary to perform the Agreement. In addition, Business Associate is authorized to use Protected Health Information to de-identify the Protected Health Information in accordance with 45 C.F.R. 164.502(d) and 164.514(a)-(c).
b. Business Associate may use or disclose Protected Health Information as permitted or Required By Law.
c. Business Associate agrees to make uses and disclosures and requests for Protected Health Information consistent with Covered Entity’s minimum necessary policies and procedures.
d. Business Associate may not use or disclose Protected Health Information in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth in subsections (e), (f) and (g), below.
e. Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
f. Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as Required By Law or for the purposes for which it was disclosed to the person, and the person notified Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
g. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity.
4. Obligations of Covered Entity:
a. Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 C.F.R. 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of Protected Health Information.
b. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information.
c. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of Protected Health Information that Covered Entity has agreed to or is required to abide by under 45 C.F.R. 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of Protected Health Information.
d. Except with respect to uses and disclosures by Business Associate of Protected Health Information under Sections 3(e), 3(f) and 3(g), above, Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under Subpart E of 45 C.F.R. Part 164 if done by Covered Entity
5. Term and Termination:
a. Term. The Term of this BAA shall commence as of the BAA Effective Date and shall terminate upon the termination of the Agreement or on the date Covered Entity terminates this BAA for cause as authorized in subsection (b) of this Section 5, whichever is sooner.
b. Termination for Cause. Business Associate authorizes termination of this BAA by Covered Entity upon written notice to Business Associate if Covered Entity determines Business Associate has violated a material term of this BAA and Business Associate has not cured the breach or ended the violation within thirty (30) days of Covered Entity providing written notice thereof to Business Associate.
c. Obligations of Business Associate Upon Termination. Upon termination of this BAA for any reason, Business Associate shall:
(i) Retain only that Protected Health Information which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;
(ii) Return to Covered Entity or Covered Entity’s designee (to the extent permitted by HIPAA), or, if agreed to by Covered Entity, destroy the remaining Protected Health Information that the Business Associate still maintains in any form;
(iii) Continue to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to Electronic Protected Health Information to prevent use or disclosure of the Protected Health Information, other than as provided for in this Section, for as long as Business Associate retains Protected Health Information;
(iv) Not use or disclose Protected Health Information retained by Business Associate other than for the purposes for which such Protected Health Information was retained and subject to the same conditions set out at Section 3 (e) and (f), above, which applied prior to termination; and
(v) Return to Covered Entity, or, if agreed to by Covered Entity, destroy Protected Health Information retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.
d. Survival. The obligations of Business Associate under this Section 5 shall survive the termination of this BAA.
a. Regulatory References. A reference in this BAA to a section in the Privacy Rule, the Security Rule, or to another provision of HIPAA means the provision as in effect or as amended.
b. Amendment. The parties agree to take such action as is necessary to amend this BAA from time to time as is necessary for the Covered Entity to comply with the requirements of the HIPAA and any other applicable law.
c. Interpretation. Any ambiguity in this BAA shall be resolved to permit compliance with HIPAA.
d. Governing Law and Disputes. The construction, interpretation and performance of this BAA and all transactions under this BAA shall be governed and enforced pursuant to the laws of the State of California, without giving effect to its conflicts of laws provisions, except to the extent California law is preempted by any provision of federal law, including HIPAA. The Parties agree that all disputes arising out of or relating to this BAA will be subject to mandatory binding arbitration under the rules of Judicial Administration and Arbitration Services (“JAMS”) in effect at the time of submission, as modified by this Section 6(d). The arbitration will be heard and determined by a single arbitrator selected by mutual agreement of the Parties, or, failing agreement within thirty (30) days following the date of receipt by the respondent of the claim, by JAMS. Such arbitration will take place in [city, state] . The arbitration award so given will be a final and binding determination of the dispute, and will be fully enforceable in any court of competent jurisdiction. Except in a proceeding to enforce the results of the arbitration or as otherwise required by law, neither Party nor any arbitrator may disclose the existence, content or results of any arbitration hereunder without the prior written agreement of both Parties.
e. No Third Party Beneficiary. Nothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever, regarding this BAA only.
f. Controlling Provisions. In the event that it is impossible to comply with both the Agreement and this BAA, the provisions of this BAA shall control with respect to those provisions of each agreement that expressly conflict. This BAA shall supersede and replace any prior business associate agreements between the parties, with respect to any actions of Business Associate after the BAA Effective Date.
g. Effect. This BAA shall be binding upon, and shall inure to the benefit of, the parties hereto and their respective successors, assigns, heirs, executors, administrators and other legal representatives.
h. Severability. In the event any provision of this BAA is rendered invalid or unenforceable under any new or existing law or regulation, or declared null and void by any court of competent jurisdiction, the remainder of the provisions of this BAA shall remain in full force and effect if it reasonably can be given effect.
i. Counterparts. This BAA may be executed in any number of counterparts, each of which shall be deemed an original.
j. Notices. Any notice, consent, request or other communication required or permitted under this BAA shall be in writing and delivered personally by hand delivery or overnight delivery by a nationally recognized service. Notice that is sent by overnight courier shall be deemed given one (1) business day after it is dispatched, provided that receipt is acknowledged. All notices shall be at the addresses set forth in the Order Form executed by the parties.