1. Introduction

Our website, https://cliniconex.com (hereinafter: “the website”) uses cookies and other related technologies (for convenience all technologies are referred to as “cookies”). Cookies are also placed by third parties we have engaged. In the document below, we inform you about the use of cookies on our website.

We do not sell or share personal information to third parties for monetary consideration; however, we may disclose certain personal information to third parties under circumstances that might be deemed a “sale” or “sharing” for residents of California (DNSMPI and CPRA). We respect and understand that you may want to be sure that your personal information is not being sold or shared. You may request that we exclude your personal information from such arrangements, or direct us to limit the use and disclosure of possible sensitive personal information, by entering your name and email address below. You may need to provide additional identifying information before we can process your request.

2. Cookies

When you visit our website, it can be necessary to store and/or read certain data from your device by using technologies such as cookies.

3. Placed Cookies

Most of these technologies have a function, a purpose, and an expiration period.

1. A function is a particular task a technology has. So a function can be to “store certain data.”
2. Purpose is “the Why” behind the function. Maybe the data is stored because it is needed for statistics.
3. The expiration period shows the length of the period the used technology can “store or read certain data.”

4. Browser and Device-Based Consent

When you visit our website for the first time, we will show you a pop-up with an explanation about cookies. You do have the right to opt-out and to object against the further use of non-functional cookies.

5. Enabling/Disabling and Deleting Cookies

You can use your internet browser to automatically or manually delete cookies. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser.

Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our websites again.

6. Your Rights with Respect to Personal Data

• You may submit a request for access to the data we process about you.
• You may object to the processing.
• You may request an overview, in a commonly used format, of the data we process about you.
• You may request correction or deletion of the data if it is incorrect or no longer relevant, or ask to restrict its processing.

This Master Subscription Agreement, is made this [NTH DAY OF MONTH, YEAR] by and between Cliniconex Inc. (hereinafter, “ Cliniconex ”) with its principal address at 400 March Road, Kanata, ON, K2K 4H3 and [CUSTOMER] (hereinafter, “ Customer ”) with its principal address at [CUSTOMER ADDRESS].

In consideration of the mutual promises and covenants set forth herein the parties agree as follows:

Definitions

As used in this Agreement, the following terms shall have the following meanings:

“ Agreement ” means this Subscription Agreement terms together with the terms of the applicable Order Form.

“ Cliniconex Technology ” means all of Cliniconex’s proprietary technology used by Cliniconex to provide the Service.

“ Content ” means the audio and visual information, documents, features and functionality made available to Customer in the course of using the Service.

“ Customer Data ” means any data, information, or material provided or submitted by or for Customer or its Users to the Service in the course of using the Service or collected and Processed by or for Customer using the Service.

” Data Controller “ shall mean the natural or legal person who alone or jointly with others determines the purposes and means of the processing of Personal Information.

” Data Processor “ shall mean the natural or legal person who processes Personal Information on behalf of the Data Controller.

“ Data Protection Laws ” means all laws and regulations, including laws and regulations of Canada (including the Personal Information Protection and Electronic Documents Act (Canada) and the Canadian Anti-Spam Legislation), applicable to the Processing of Personal Information under the Agreement.

“ Documentation ” means the written or electronic documentation, including user manuals, reference materials, installation manuals and/or release notes, if any, that Cliniconex generally makes available to subscribers to the Service, as the case may be.

“ Effective Date ” means date of signing.

“ Initial Term ” means the initial period during which Customer is obligated to pay for the Service, as specified in the Order Form.

“ Intellectual Property Rights ” means unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, moral rights, know-how and other trade secret rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world.

“ Order Form ” means (i) an electronic form provided by Cliniconex on its website for ordering Service Subscriptions and/or Support Services, or (ii) a written document executed by Cliniconex and Customer for Customer’s purchases of Service Subscriptions and/or Support Services.

“ Personal Information ” means any information relating to an identified or identifiable natural person as defined under applicable Data Protection Laws, including “Personal Health Information” as defined in Section 2 of the Personal Information Protection and Electronic Documents Act.

“ Processing ” means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“ Privacy Policy ” means Cliniconex’s privacy policy located at https://www.cliniconex.com/privacy_policy.

“ Service ” means the cloud-based automated notification and confirmation solutions for healthcare identified on the applicable Order Form for which Customer is granted rights of access and use in accordance with this Agreement, which reside on a server operated by or on behalf of Cliniconex and which will be remotely accessible over the Internet by Customer and its Users, including any ancillary services available in connection therewith, as such Service may be updated from time to time by Cliniconex in its sole discretion.

“ Subscription ” means the right granted by Cliniconex to Customer to access and use the Service in accordance with this Agreement and the applicable Order Form, for the Subscription Term specified in the applicable Order Form.

“ Subscription Fee ” means the fee payable by Customer for a Subscription as set out in the Order Form.

“ Subscription Term ” means the period of time that Customer is authorized by Cliniconex to access and use the Service (including the Documentation) as specified in the applicable Order Form.

“ Support Services ” means the technical support services for the Service provided by Cliniconex as described in, and in accordance with, the Support Terms.

“ Support Terms ” means the terms on which Cliniconex, or an authorized support partner, provides Support Services to Customer and which are available at https://www.cliniconex.com/Support, attached to an Order Form or otherwise agreed to in writing by Cliniconex and Customer.

“Term” has the meaning given to such term in Section 8.1.

“ User(s) ” means Customer employees, representatives, consultants, contractors, or agents who are authorized to use the Service and have been supplied user identifications and passwords by Customer or Cliniconex.

Usage Rights and Restrictions

Right to Use the Service.

Cliniconex hereby grants Customer a limited, non-exclusive, non-transferable (except in accordance with the terms hereof), revocable right to use the Service in Canada and the United States during the Subscription Term specified in the applicable Order Form, solely for Customer’s own internal business purposes, subject to the terms and conditions of this Agreement.

All rights not expressly granted to Customer are reserved by Cliniconex and its licensors.

Restrictions.

Customer shall not:

1. license, sublicense, sell, resell, transfer, assign, distribute, or otherwise commercially exploit or make available to any third party the Service or the Content in any way;
2. modify or make derivative works based upon the Service or the Content;
3. create Internet “links” to the Service on any other server or wireless or internet-based device;
4. reverse engineer, decompile, decode, decrypt, disassemble, or otherwise attempt to derive source code, techniques, processes, algorithms, know-how or other information from the Service or underlying technology (“ Reverse Engineering ”) for any reason, except to the extent enforcement of the foregoing is prohibited by applicable law in which case Customer may engage in Reverse Engineering solely for purposes of obtaining such information as is necessary to achieve interoperability of independently created software with the Service, or as otherwise and to the limited extent permitted by directly applicable law, or
5. access the Service in order to (a) build a competitive product or service, (b) build a product or service using similar ideas, features, functions or other Content of the Service, or (c) copy any ideas, features, functions or other Content of the Service.

Additional Restrictions.

Customer may use the Service only for Customer’s internal business purposes and shall not:

1. send duplicative or unsolicited messages, or use or disclose Personal Information in violation of applicable law;
2. send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or in violation of applicable privacy laws;
3. send or store material containing software viruses, malware or other harmful computer code;
4. interfere with or or disrupt the integrity or performance of the Service or the data contained therein;
5. attempt to gain unauthorized access to the Service or its related systems or networks.

Support.

During the Term, Cliniconex, or its authorized support partner, will provide Support Services at no additional charge, in accordance with the Support Terms.

Cliniconex may amend the Support Terms by giving Customer at least thirty (30) days’ written notice of any amendments thereto.

Cliniconex shall not be required to provide Support Services if Customer is in default of any of Customer’s obligations under this Agreement.

Customer Responsibilities

Account Activation and Passwords.

Customer is required to open an account with Cliniconex (an “ Account ”) in order to use the Service.

During registration, a User will be asked to provide Personal Information in order to create an Account on behalf of Customer.

Customer shall ensure that such account activation information is accurate and complete and that such information remains current throughout the Term.

Customer is responsible for keeping all Account passwords secure. Cliniconex will not be liable for any loss or damage caused by or arising from a failure by Customer or its Users to maintain the security of the Customer’s Account and password.

User Accounts.

Customer is responsible for all activity occurring in User Accounts and shall abide by all applicable laws in connection with Customer’s use of the Service, including those related to data privacy, private health information, Personal Information, international communications, and the transmission of technical or personal data.

Customer shall:

1. notify Cliniconex immediately of any unauthorized use of any password or account or any other known or suspected breach of security;
2. report to Cliniconex immediately and use reasonable efforts to stop immediately any copying or distribution of Content that is known or suspected by Customer or Users;
3. and (iii) not impersonate another Cliniconex User or provide false identity information to gain access to or use of the Service.

Equipment.

Customer is solely responsible for acquiring, servicing, maintaining and updating all equipment, computers, software and communications services (such as Internet access) that are required to allow Customer to access and use the Service and for all expenses relating thereto.

Customer agrees to access and use, and shall ensure that all Users access and use, the Service in accordance with any and all operating instructions or procedures that may be issued by Cliniconex from time to time.

Customer Data

Ownership Data.

As between Cliniconex and Customer, Customer exclusively owns all rights, title and interest in and to all Customer Data.

Cliniconex does not acquire any rights, title or ownership interest of any kind whatsoever, express or implied, in any of the Customer Data.

Customer, not Cliniconex, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership and right to use of all Customer Data.

Portability and Deletion.

Upon request by Customer made during the Term or within three (3) months after the effective date of termination of this Agreement, Cliniconex will make the Customer Data available to Customer for export or download as provided in the Documentation.

After such three (3) months period, Cliniconex will have no obligation to maintain or provide any Customer Data, and will thereafter delete or destroy all copies of Customer Data in its systems or otherwise in its possession or control as provided in the Documentation, unless legally prohibited.

Protection of Personal Information.

Customer is Data Controller.

In relation to all Personal Information provided by or through Customer to Cliniconex under this Agreement, Customer will at all times remain the Data Controller and will be responsible for compliance with all applicable Data Protection Laws.

To the extent that Cliniconex Processes Personal Information in the course of providing the Service and related services under this Agreement, it will do so only as a Data Processor acting on behalf of the Customer (as Data Controller) and in accordance with the requirements of this Agreement.

Customer’s instructions to Cliniconex for the Processing of Personal Information shall comply with Data Protection Laws.

Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Information and the means by which Customer acquired Personal Information.

Customer hereby represents and warrants to, and covenants with Cliniconex that Customer Data will only contain Personal Information in respect of which Customer has provided all notices and disclosures, obtained all applicable third party consents and permissions and otherwise has all authority, in each case as required by applicable laws, to enable Cliniconex to provide the Service, including with respect to the collection, storage, access, use, disclosure and transmission of Personal Information, including by or to Cliniconex and to or from all applicable third parties.

Cliniconex’s Processing of Personal Information.

Cliniconex shall secure Personal Information with all necessary safeguards appropriate to the level of sensitivity of the Personal Information.

Cliniconex shall only Process Personal Information on behalf of and in accordance with Customer’s documented instructions and Data Protection Laws for the following purposes:

1. Processing in accordance with the Agreement;
2. Processing initiated by Customer’s Users or customers in their use of the Service;
3. and (iii) Processing to comply with other documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.

Technical and Organizational Safeguards.

In connection with the provision of the Service, Cliniconex will maintain commercially reasonable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Information.

Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of Personal Information by Cliniconex personnel except (a) to provide the Service and prevent or address service or technical problems, (b) as compelled by law and upon identification of lawful authority, or (c) as expressly permitted in writing by Customer.

Cliniconex shall, in connection with the provision of the Service, comply with Data Protection Laws, as well as the Cliniconex’s Privacy Policy.

Cliniconex shall ensure that its personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information and have received appropriate training on their responsibilities and Cliniconex shall take commercially reasonable steps to ensure the reliability of any Cliniconex personnel engaged in the Processing of Personal Information.

Data Breach.

Upon becoming aware of any unlawful access to any Personal Information, any unauthorized access to such facilities or equipment resulting in loss, disclosure or alteration of any Personal Information, or any actual loss of or suspected threats to the security of Personal Information (including any physical trespass on a secure facility, computing systems intrusion/hacking, loss/theft of a computing device, storage media or printed materials, or other unauthorized access) (each a “ Security Incident ”), Cliniconex will promptly notify Customer of the Security Incident (and in all circumstances at least as soon as it reports to similarly situated customers of Customer, but in any event as soon as reasonably possible in the circumstances), and will investigate or perform required assistance in the investigation of the Security Incident and provide Customer with detailed information about the Security Incident.

Cliniconex will take all commercially reasonable steps to mitigate the effects of the Security Incident, or assist Customer in doing so;

and will provide prior notice to Customer of, and will not undertake any, proposed communications to third parties related to a Security Incident involving Personal Information without Customer’s prior written approval, not to be unreasonably withheld, conditioned or delayed.

Cliniconex will work with and coordinate with Customer on any such notices in any event.

Cliniconex will comply with this Section 5.4 at Cliniconex’s cost unless the Security Incident arose from Customer’s negligent or willful acts or Cliniconex’s compliance with Customer’s express written instructions.

Subcontracting.

Cliniconex may engage third party subcontractors to assist in the provision of the Service under this Agreement.

Customer authorizes Cliniconex to subcontract the processing of Personal Information under this Agreement provided that (i) Cliniconex shall maintain a list of such subprocessors and will provide a copy of that list to Customer upon request; and (ii) all subprocessors will be contractually required by Cliniconex to abide by substantially the same obligations as Cliniconex under this Agreement to protect Personal Information, such that the data processing terms of the subcontract will be no less onerous than the data processing terms set out in this Agreement.

Intellectual Property Rights

Reservation of Rights.

Cliniconex (and its licensors, where applicable) shall exclusively own all right, title, and interest, including all Intellectual Property Rights, in and to the Cliniconex Technology, the Content and the Service.

This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Cliniconex Technology, the Content, the Service, or the Intellectual Property Rights owned by Cliniconex.

Cliniconex’s name, Cliniconex’s logo, and the product names associated with the Service are trademarks of Cliniconex or third parties, and no right or license is granted to use them.

Derivative Data.

Customer acknowledges and agrees that the Service compiles, stores and uses aggregated data and system usage, analytics and diagnostic information to monitor and improve the Service and for the creation of new products.

Customer hereby grants to Cliniconex a non-exclusive, transferable, assignable, irrevocable, worldwide, perpetual license to collect, process and aggregate Customer Data and other such information and data and create anonymized, aggregated data records and use such anonymized and aggregated data, and all modifications thereto and derivatives thereof (“ Derivative Data ”) to improve the Service, develop new products and services, to understand usage, and for any other business purpose.

Derivative Data is no longer associated with Customer or a User and as such is not Personal Information or Customer Data.

Feedback.

Customer may provide reasonable feedback to Cliniconex including, but not limited to, suitability, problem reports, suggestions and other information with respect to the Service (“ Feedback ”).

Customer hereby grants to Cliniconex a fully paid-up, royalty-free, worldwide, assignable, transferable, sublicenseable, irrevocable, perpetual license to use or incorporate into the Software, Service, Documentation and any other Cliniconex products or services, or for any other purposes, any Feedback provided by Customer or its Users.

Subscription Fees and Payment Terms

Subscription Fees.

Customer shall pay all Subscription Fees specified in each Order Form.

All Subscription Fees are quoted and payable in Canadian dollars. All amounts paid are nonrefundable.

Customer must provide Cliniconex with valid credit card or approved purchase order information as a condition to signing up for the Service.

Cliniconex reserves the right to modify its fees and charges and to introduce new reasonable charges at any time after the Initial Term, upon at least 30 days prior notice to Customer.

All pricing terms are confidential, and Customer shall not disclose them to any third party.

Invoices.

Cliniconex will automatically issue an invoice to Customer each month of the Term, or as otherwise mutually agreed upon in the Order Form.

Taxes.

Subscription Fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and Customer shall be responsible for payment of all such taxes, levies, or duties, excluding only federal or provincial taxes based solely on Cliniconex’s income.

Customer Billing Information.

Customer agrees to provide Cliniconex with complete and accurate billing and contact information.

This information includes Customer’s full and proper legal company name, street address, email address, and name and telephone number of an authorized billing contact.

Customer agrees to update this information within 30 days of any change to it.

If the contact information Customer has provided is false or inaccurate, Cliniconex reserves the right to terminate Customer’s access to the Service in addition to any other legal remedies.

Billing Disputes.

If Customer believes its bill is incorrect, Customer must contact Cliniconex in writing within 60 days of the invoice date of the invoice containing the amount in question to be eligible to receive an adjustment or credit.

Remedies for Late or Non-Payment.

In addition to any other rights granted to Cliniconex herein, Cliniconex reserves the right to suspend or terminate this Agreement if Customer’s account becomes delinquent.

Delinquent invoices and accounts are subject to interest of the lesser of (a) one percent (1%) per month equivalent to twelve percent (12%) per annum (or portion thereof), or (b) the maximum amount permitted by law.

Cliniconex also reserves the right to recover collection costs and expenses from Customer.

Customer will continue to be charged for Service during any period of suspension.

If Customer or Cliniconex initiates termination of this Agreement, Customer will be obligated to pay the balance due on Customer’s account.

Cliniconex reserves the right to impose a reconnection fee in the event Customer is suspended and thereafter requests access to the Service.

Term and Termination

Term.

This Agreement commences on the date of the Effective Date and shall continue for an initial term of ONE (1) year the (“ Initial Term ”) unless terminated earlier in accordance with the terms hereof or applicable law.

The Initial Term shall automatically be renewed for additional one year periods (each a “ Renewal Term ”) provided that neither party has provided a written notice of non-renewal to the other not less than thirty (30) days prior to the end of the Initial Term or any Renewal Term.

If at the time of expiration or termination of this Agreement there exists a Subscription under an Order Form that is not simultaneously being terminated and for which the Subscription Term continues beyond the effective termination date of this Agreement or under which one or both of the parties have unfulfilled obligations, this Agreement shall continue to govern such Order Form until (i) the end of the Subscription Term for the Service ordered under such Order Form, (ii) such Order Form is terminated by the parties in accordance with the terms thereof, or (iii) there has been full performance of the parties’ respective obligations under such Order Form. The Initial Term and any Renewal Terms are hereinafter collectively referred to as the “ Term ”.

Free Trials.

In the case of free trials, notifications provided through the Service indicating the remaining number of days in the free trial shall constitute expiration and serve as a notice of termination.

Cliniconex has no obligation to retain the Customer Data, and may delete any such Customer Data at any time after termination of a trial.

Service Subscriptions.

Service Subscriptions commence on the start date specified in the applicable Order Form and continue for the Subscription Term specified therein.

Unless otherwise agreed upon and specified in the applicable Order Form Service Subscriptions shall automatically renew for additional periods.

Termination.

A party may terminate this Agreement or a Service Subscription for cause (i) upon 30 days’ written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.

Any breach of Customer’s payment obligations or unauthorized use of Cliniconex Technology, the Content or the Service will be deemed a material breach of this Agreement.

For greater certainty, Customer may not cancel its Subscription unilaterally; provided, however, that the parties may terminate this Agreement for convenience solely upon mutual agreement of the parties, where details related to such termination shall be as described in a separate agreement.

Representations and Warranties

Mutual.

Each party represents and warrants that it has the legal power and authority to enter into this Agreement.

Service Warranty.

Cliniconex warrants that: (a) during the Term the Service will perform materially in accordance with the Documentation therefore; and (b) the Support Services will be provided in a manner consistent with accepted industry standards reasonably applicable to the provision thereof.

Customer further represents and warrants that Customer has not falsely identified itself nor provided any false information to gain access to the Service and that Customer’s billing information is correct.

Disclaimer of Warranties.

CLINICONEX AND ITS LICENSORS MAKE NO REPRESENTATION AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, TRUTH, AVAILABILITY, ACCURACY, OR COMPLETENESS OF THE SERVICE OR ANY CONTENT.

CLINICONEX AND ITS LICENSORS DO NOT REPRESENT OR WARRANT THAT (A) THE USE OF THE SERVICE WILL BE SECURE, TIMELY, UNINTERRUPTED, OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA; (B) THE SERVICE WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (C) ANY STORED DATA WILL BE ACCURATE OR RELIABLE; (D) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY CUSTOMER THROUGH THE SERVICE WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (E) ERRORS OR DEFECTS WILL BE CORRECTED; OR (F) THE SERVICE OR THE SERVER(S) THAT MAKE THE SERVICE (THAT THE CLINICONEX SOFTWARE RUNS ON) AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

THE SERVICE AND ALL CONTENT IS PROVIDED TO CUSTOMER STRICTLY ON AN “AS IS” AND “AS AVAILABLE” BASIS.

ALL CONDITIONS, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS, ARE HEREBY DISCLAIMED TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW BY CLINICONEX AND ITS LICENSORS.

Internet Connectivity Disclaimer.

Cliniconex makes the Service available for access via the Internet.

Customer shall provide, at Customer’s own expense, all necessary hardware, applications and Internet connectivity necessary to access the Service over the Internet.

Customer is responsible for and shall ensure that Customer’s computer equipment and an internet connection meets the minimum specifications published by Cliniconex in the Documentation and updated from time to time on Cliniconex’s website, and Customer shall periodically update Customer’s computer equipment and/or Internet connection to meet such minimum specifications.

Customer hereby acknowledges that the Service may be interrupted due to (a) website downtime for scheduled maintenance at Cliniconex’s sole discretion, or (b) interruptions in Internet connectivity or other website downtime caused by circumstances beyond Cliniconex’s control, including, without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems, computer or telecommunications failures, or delays involving hardware of software not within Cliniconex’s control or network intrusions.

Customer hereby acknowledges and agrees that Cliniconex shall not, in any way, be liable for, or have responsibility with respect to, any such service interruptions and releases Cliniconex from any claims relating thereto.

Indemnity.

Cliniconex shall defend and indemnify Customer and Customer’s affiliates, officers, directors, employees and agents harmless from and against any and all claims, costs, damages, losses, liabilities, and expenses (including lawyers’ fees and costs) arising out of or in connection with a claim alleging that the Service directly infringes a copyright, a U.S. or Canadian patent issued as of the Effective Date, or a U.S. or Canadian registered trademark of a third party (an “ Infringement Claim ”); provided that Customer:

1. promptly give written notice of the claim to Cliniconex;
2. gives Cliniconex sole control of the defense and settlement of the claim (provided that Cliniconex may not settle or defend any claim unless it unconditionally releases Customer of all liability);
3. provides to Cliniconex all available information and reasonable assistance; and
4. has not compromised or settled such claim.

Other Remedies.

If (a) Cliniconex becomes aware of an actual or potential Infringement Claim, or (b) Customer provides Cliniconex with notice of an actual or potential Infringement Claim, Cliniconex may (or in the case of an injunction against Customer, shall), at Cliniconex’s sole option and determination: (i) procure for Customer the right to continue to use the Service; or (ii) replace or modify the Service with an equivalent service so that Customer’s use is no longer infringing; or (iii) if (i) and (ii) are not commercially reasonable, as determined by Cliniconex in its sole discretion, terminate the rights granted hereunder to the Customer to access and use the Service and refund to Customer that portion of any prepaid Subscription Fees that is applicable to the period following the termination of the Subscription pursuant to this Section 9.6, less any outstanding fees owed on such affected portion of the Service.

Exclusions.

The indemnity in Section 9.5 does not extend to (1) any Infringement Claim based upon infringement or alleged infringement of any patent, trademark, copyright or other intellectual property right by the combination of the Service with other products, software or services not provided or approved by Cliniconex, if such infringement would have been avoided but for such combination; or (2) any use, distribution, sublicensing or exercise of any other right outside the scope of this Agreement.

Limitation of Liability

SUBJECT TO SECTION 10.3 HEREOF, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY EXCEED THE AMOUNTS ACTUALLY PAID BY AND/OR DUE FROM CUSTOMER IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM.

SUBJECT TO SECTION 10.3 HEREOF, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL DAMAGES OF ANY TYPE OR KIND (INCLUDING LOSS OF DATA, REVENUE, PROFITS, USE, OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICE, OR FOR ANY CONTENT OBTAINED FROM OR THROUGH THE SERVICE, ANY PRIVACY OR DATA BREACH OF CUSTOMER DATA OR PERSONAL HEALTH INFORMATION ANY INTERRUPTION, INACCURACY, ERROR, OR OMISSION, REGARDLESS OF CAUSE.

Certain Damages Not Excluded or Limited.

NOTWITHSTANDING THE FOREGOING, NO LIMITATION OF EITHER PARTY’S LIABILITY SET FORTH IN THIS AGREEMENT SHALL APPLY TO (I) INDEMNIFICATION CLAIMS, (II) DAMAGES ARISING FROM INFRINGEMENT OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS; (III) ANY CLAIMS FOR NON-PAYMENT, (IV) FRAUD OR WILLFUL MISCONDUCT, OR (V) BODILY INJURY OR DEATH.

Application of Exclusions and Limitations.

The foregoing limitations and exclusions of liability shall apply even if a party had been advised of the possibility of any such costs, losses or damages or knew or ought to have known of such costs, losses or damages and shall apply regardless of whether the action arose in contract, including, without limitation, from a fundamental breach, or breach of a condition, fundamental term or warranty, or in tort (including, without limitation negligence) or otherwise.

The foregoing provisions limiting the liability of Cliniconex shall also apply to its officers, directors, employees, and agents as trust provisions for the benefit of such officers, directors, employees, and agents and shall be enforceable by such persons as trust beneficiaries.

Export Control

Legal

The Service shall not be used, and none of the underlying information, software, or technology may be transferred or otherwise exported in violation of applicable export control law.

Customer is solely responsible for compliance with all applicable export laws.

Notices

Cliniconex may give notice by means of a email or by written communication sent by first class mail or pre-paid post to Customer’s address on record in Cliniconex’s Account information.

Such notice shall be deemed to have been given upon the expiration of three business days after mailing or posting (if sent by first class mail or pre-paid post) or twenty four (24) hours after sending (if sent by email).

Customer may give notice to Cliniconex (such notice shall be deemed given when received by Cliniconex) at any time by email to info@cliniconex.com or a letter delivered by nationally recognized overnight delivery service or first class postage prepaid mail to Cliniconex at the following address: 390 March Rd, Ottawa, ON, K2K 0G7.

Assignment/Change of Control

By Customer.

This Agreement may not be assigned by Customer without the prior written approval of Cliniconex which shall not be-unreasonably withheld.

Any purported assignment in violation of this section shall be void.

If the Customer is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of Cliniconex, then Cliniconex may terminate this Agreement upon written notice.

By Cliniconex.

Cliniconex may assign this Agreement in its entirety (including all Order Forms), without consent of the Customer, to an affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.

General

Governing Law.

This Agreement shall be governed by Ontario law, without regard to its choice or conflicts of law provisions, and any disputes, actions, claims, or causes of action arising out of or in connection with this Agreement or the Service shall be subject to the exclusive jurisdiction of the courts located in Ottawa, Ontario.

Unenforceable Provisions.

If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the invalid or unenforceable provision(s), with all other provisions remaining in full force and effect.

Independent Contractors.

No joint venture, partnership, employment, or agency relationship exists between Customer and Cliniconex as a result of this Agreement or use of the Service.

Waivers.

The failure of Cliniconex to enforce any right or provision in this Agreement shall not constitute a waiver of such right or provision unless acknowledged and agreed to by Cliniconex in writing.

Entire Agreement.

This Agreement, together with any applicable Order Form, comprises the entire agreement between Customer and Cliniconex related to the Service and supersedes all prior or contemporaneous negotiations, discussions or agreements, whether written or oral, between the parties regarding the subject matter contained herein, and no text or information set forth on any other purchase order, preprinted form, or document (other than an Order Form, if applicable) shall add to or vary the terms and conditions of this Agreement.

Language of Agreement.

The parties hereto confirm that they have requested that this agreement and all related documents be drafted in English.

Any French translation hereof has been provided for information purposes only and does not have any legal value nor create any contractual relationship between the parties.

Les parties aux présentes ont exigé que la présente entente et tous les documents connexes soient rédigés en anglais.

Toute traduction de celle-ci est non-officielle, est fournie à des fins d’information seulement et ne crée aucun lien contractuel entre les parties.

Survival.

Those provisions that should by their context survive termination of this Agreement will survive termination of this Agreement.

Signature, Counterparts, and Delivery.

This Agreement may be signed electronically, including through DocuSign and similar applications.

This Agreement may be signed in any number of counterparts (including counterparts by scanned or electronic signature) and each counterpart will be deemed an original;

taken together, all counterparts will be deemed to constitute one and the same instrument.

Delivery of a printed counterpart (whether or not the counterpart was signed electronically) or electronic delivery (including by email transmission or transmission over an electronic signature platform) of an executed counterpart of this Agreement are each as valid, enforceable and binding as if the signatures were upon the same instrument and delivered in person.

IN WITNESS WHEREOF , the parties have executed this Agreement on the date set forth above.

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (this “BAA”), supplements and is made a part of any written agreement or any other agreement, understanding or arrangement that involves the use or disclosure of PHI (as defined herein) (the “Agreement(s)”) by [BUSINESS ASSOCIATE] (“Business Associate”) and [COVERED ENTITY] (“Covered Entity”), and is effective [DATE] (the “Effective Date”).

Covered Entity and Business Associate may be hereinafter referred to collectively as the “Parties” and individually as a “Party.”

Applicability and Definitions.

Business Associate and Covered Entity intend to protect the privacy and provide for the security of PHI and ePHI in compliance with the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”) and the federal HIPAA privacy and security regulations promulgated pursuant thereto and codified at 45 C.F.R. parts 160 and 164 (the “Privacy Rule” and “Security Rule”) and the Health Information Technology for Economic and Clinical Health Act provisions of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5), 42 U.S.C. §§300jj et seq. and §§17901 et seq. and its implementing regulations, (“HITECH Act”), and the requirements of the final modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules as issued on January 25, 2013 and effective March 26, 2013 (75 Fed. Reg. 5566 (Jan. 25, 2013)) (“the Omnibus Rule”), all as amended from time to time (collectively referred to herein as the “HIPAA Regulations”).

Terms used, but not otherwise defined, in this BAA shall have the same meanings as those terms in HIPAA and HITECH, except that the terms “Protected Health Information” (“PHI”) and “Electronic Protected Health Information” (“ePHI”) shall have the same meanings as set forth in 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity in connection with the Agreement.

In the event of an inconsistency between the provisions of this BAA and mandatory provisions of the HIPAA Regulations, as amended, the HIPAA Regulations shall control. Where provisions of this BAA are different than those mandated in the HIPAA Regulations, but are nonetheless permitted by the HIPAA Regulations, the provisions of this BAA shall control.

To the extent that any provisions of this BAA conflict with the provisions of the Agreement or any other agreement or understanding between the Parties, this BAA shall control with respect to the subject matter of this BAA.

Scope.

This BAA shall apply to any functions or activities performed by Business Associate on behalf of Covered Entity involving the creation, receipt, maintenance, access, transmission, use and/or disclosure of PHI received from or on behalf of Covered Entity, to the extent that Business Associate meets the definition of a “Business Associate” of Covered Entity under 45 C.F.R. 160.103.

Permitted Uses and Disclosures.

Performance of Services.

Business Associate may access, use and/or disclose Covered Entity’s PHI and/or ePHI in connection with the performance of its obligations under the Agreement and this BAA if such use or disclosure of PHI would not violate the HIPAA Regulations if done by Covered Entity, or such use or disclosure is expressly permitted under Sections 3 and 4 of this BAA. Business Associate shall not use or further disclose PHI except as permitted or required by this BAA, as permitted or required pursuant to the Agreement, or as Required by Law.

Minimum Necessary.

Business Associate agrees to ensure that its internal policies and procedures comply with the minimum necessary requirements of the Privacy Rule for accesses, uses, disclosures, and requests of PHI and/or ePHI.

Use for Management and Administration.

Business Associate may use PHI and/or ePHI for the proper management and administration of Business Associate, if such use is necessary: (i) for the proper management and administration of Business Associate or (ii) to carry out the legal responsibilities of Business Associate.

Disclosure for Management and Administration.

Subject to Section 4(b), Business Associate may disclose PHI and/or ePHI for the proper management and administration of Business Associate if: (i) the disclosure is Required by Law or (ii) Business Associate (a) obtains reasonable assurances in writing from the person to whom the PHI and/or ePHI is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person and (b) the person agrees to notify Business Associate in writing of any instances of which it becomes aware in which the confidentiality of the PHI and/or ePHI has been breached.

Other Permitted Uses.

Business Associate also may: (i) use PHI to provide Data Aggregation services to the Covered Entity, or another party, as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B), (ii) use, analyze and disclose the PHI in its possession for the public health activities and purposes set forth at 45 C.F.R. § 164.512(b), (iii) de-identify any and all PHI provided that Business Associate implements de-identification criteria in accordance with 45 C.F.R. §164.514, and (iv) use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. §164.502(j)(1).

Ownership of PHI.

The Parties agree and Business Associate acknowledges that Business Associate has no ownership rights with respect to PHI; provided that Business Associate retains exclusive ownership and rights to all de-identified PHI and may use such de-identified PHI for any lawful purpose.

Covered Entity Obligations.

Covered Entity shall notify Business Associate of any limitation(s) in Covered Entity’s notice of privacy practices in accordance with 45 C.F.R. § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Such notice shall be provided no less than five (5) business days prior to the future implementation of such limitations.

Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Covered Entity or individual to use or disclose PHI, to the extent such changes may affect Business Associate’s use or disclosure of PHI. Such notice shall be provided no less than five (5) business days prior to the implementation of such changes.

Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. If Covered Entity notifies Business Associate that Covered Entity has agreed to be bound by additional restrictions on the uses or disclosures of PHI pursuant to the HIPAA Regulations, Business Associate shall be bound by such additional restrictions and shall not disclose PHI in violation of such additional restrictions. Such notice shall be provided no less than five (5) days prior to the implementation of such restrictions.

Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Subpart E of 45 C.F.R. Part 164 if done by Covered Entity. This provision does not apply to Business Associate’s use or disclosure of PHI for Data Aggregation or management and administrative activities as is otherwise permitted by this BAA.

Safeguards, Reporting, Mitigation and Enforcement.

Safeguards.

Both Parties shall use appropriate administrative, physical, and technical safeguards, including, among others, policies and procedures regarding the protection of PHI and/or ePHI that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI and/or ePHI that each Party receives, accesses, uses, discloses, creates, maintains or transmits under the terms of this BAA and the Agreement, and to prevent uses or disclosures of PHI not permitted by this BAA. This includes compliance with Subpart C of 45 C.F.R. Part 164 with respect to Electronic Protected Health Information.

Business Associate’s Agents.

Business Associate will ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to restrictions and conditions at least as stringent as those found in this BAA, and agree to implement reasonable and appropriate safeguards to protect PHI.

Reporting.

Business Associate shall report to Covered Entity, promptly after discovery, and in accordance with the notice provisions set forth herein, the occurrence of (i) any Breach of Unsecured Protected Health Information in accordance with 45 C.F.R. § 164.410 of which Business Associate becomes aware; or (ii) any Security Incident involving ePHI of which it becomes aware (provided that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but unsuccessful security incidents, for which no additional notice to Covered Entity shall be required, including but not limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service, malware that is detected and neutralized by Business Associate’s anti-virus and other defensive software and any combination of the above, unless such incident results in unauthorized access, use, destruction, modification or disclosure of ePHI.

Mitigation.

Each Party shall have procedures in place to mitigate, and will mitigate to the extent practicable, any harmful effect that is known to such Party of an access, use or disclosure of PHI in violation of the HIPAA Regulations or this BAA.

Sanctions.

The Parties shall have and apply appropriate sanctions against any employee, subcontractor or agent who uses or discloses PHI in violation of the Agreement, this BAA or applicable law.

HHS Access.

Business Associate shall make its internal practices, books, and records, including policies and procedures relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary for purposes of the Secretary determining compliance with the HIPAA Regulations.

Obligation to Provide Access, Amendment and Accounting of PHI.

Access to PHI.

To the extent Business Associate holds information in a Designated Record Set, within ten (10) business days of receipt of a written request from Covered Entity, Business Associate shall provide Covered Entity access to PHI in a Designated Record Set in order to meet Covered Entity’s obligations under 45 C.F.R. § 164.524.

Amendment of PHI.

To the extent Business Associate holds information in a Designated Record Set, within ten (10) business days of receipt of a written request, Business Associate shall make any amendments to PHI it maintains as requested by Covered Entity pursuant to 45 C.F.R. § 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526.

Accounting of Disclosures of PHI.

Promptly after receipt of a written request for an accounting of disclosures of PHI, Business Associate shall make available to Covered Entity such information to enable Covered Entity to provide an accounting of disclosures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528. Business Associate agrees to maintain a process that allows for such accountings to be collected and maintained by Business Associate.

Forwarding Requests from Individuals.

In the event that any individual requests access to, amendment of, or accounting of PHI, directly from Business Associate, Business Associate shall within ten (10) business days forward such request to Covered Entity. Covered Entity shall have the responsibility of responding to forwarded requests.

Compliance.

To the extent Business Associate will carry out one or more obligations of Covered Entity under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with the requirements of Subpart E that apply to a Covered Entity in the performance of such obligations.

Material Breach, Enforcement and Termination.

Term.

This BAA shall be effective as of the Effective Date and shall continue until this BAA is terminated in accordance with the provisions of Section 8(b) hereof.

Remedies.

If Covered Entity reasonably determines that Business Associate has materially breached any term of this BAA, which breach has not been cured by Business Associate within thirty (30) days of notice of such breach, Covered Entity may pursue any or all of the following remedies:

1. take any reasonable steps that Covered Entity deems necessary to cure such breach or end such violation; and
2. terminate this BAA immediately.

If Business Associate reasonably determines that Covered Entity has materially breached any term of this BAA, which breach has not been cured by Covered Entity within thirty (30) days of notice of such breach, Business Associate may pursue any or all of the following remedies:

1. take any reasonable steps that Business Associate deems necessary to cure such breach or end such violation; and
2. terminate this BAA immediately.

Effects of Termination.

After termination of this BAA and upon written request by the Covered Entity, Business Associate shall use reasonable efforts to return or destroy all PHI that Business Associate received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity. If within three (3) months of termination of this BAA or the Agreement, the Covered Entity has not requested that the PHI be returned, Business Associate or its subcontractors may destroy the PHI unless otherwise prohibited herein or by applicable law. Business Associate shall retain no copies of such PHI, except that this requirement shall not apply to any PHI that has been de-identified or aggregated pursuant to Section 3(e) hereof. If return or destruction is not feasible, including if return is inconsistent with any legal obligation related to the retention of documents, Business Associate may maintain possession of such PHI, and shall continue to extend the protections of this BAA to such information and limit further use and disclosure of such PHI to those purposes that make the return or destruction of such PHI infeasible.

Limitation of Liability.

Neither Party will be liable to the other Party for indirect, incidental, consequential, special or exemplary damages arising from this BAA in any manner, or from the contractual relationship established herein. Either Party’s total liability for any action, claim, or costs (including costs incurred in connection with business associate’s mitigation obligations herein) will not exceed the total amount paid to Business Associate by Covered Entity under the applicable Agreement for the immediately preceding twelve (12) month period within which an action or claim has arisen. The limitations above apply whether an action is in contract or tort and regardless of the theory of liability. Notwithstanding any provision of the Agreement to the contrary, the limitation of each Party’s liability arising out of or in connection with this BAA or the Agreement will be governed solely by this Section 8(e).

Miscellaneous Terms.

Amendment.

Covered Entity and Business Associate agree that amendment of this BAA may be required to ensure that Covered Entity and Business Associate comply with changes in state and federal laws and regulations relating to the privacy, security and confidentiality of PHI, including, but not limited to, changes under the HIPAA Regulations. In no event, however, will an amendment to this BAA be valid unless set forth in a written agreement signed by both Parties.

No Third Party Beneficiaries.

Nothing express or implied in this BAA is intended or shall be deemed to confer any rights, obligations, remedies or liabilities upon any person other than the Parties and their respective successors and assigns.

Interpretation.

The Parties agree that any ambiguity in this BAA shall be resolved in favor of a meaning that complies and is consistent with applicable law protecting the privacy, security and confidentiality of PHI, including, but not limited to, the HIPAA Regulations.

Survival.

The Parties’ respective rights and obligations under Sections 5(f), 6(c)(ii), 8(c), 8(d), 8(e) and 9(a) shall survive termination of this BAA. All provisions of this BAA shall survive the termination or expiration of the Agreement.

Governing Law.

This BAA shall be construed in accordance with the laws of the jurisdiction governing the terms of the underlying Agreement.

Notices.

All notices required or permitted under this BAA shall be in writing and sent to the other Party as directed by such Party, from time to time, by written notice to the other. All such notices shall be deemed validly given upon receipt of such notice by certified mail, postage prepaid, or personal or courier delivery to the address identified in the signature block below.

Counterparts; Signatures.

Entire Agreement.

This BAA, consisting of the signature page, these terms and conditions and any attachments, constitute the entire agreement between Business Associate and Covered Entity with respect to its subject matter and merges, integrates and supersedes all prior and contemporaneous agreements, addenda and understandings between them, whether written or oral, concerning its subject matter.

IN WITNESS WHEREOF the Parties have caused this BAA to be duly executed effective as of the date first written below.