Terms of Service
These Terms of Service (together with Customer’s applicable Customer Agreement, this “Agreement”) are between Plansight, Inc., with a principal place of business at 2500 Executive Way, Suite 140 Lehi, UT 84043 (“Plansight”) and the customer identified on the applicable Customer Agreement for Plansight’s hosted software services (“Customer”).
This Agreement is effective as the date the parties execute the Customer Agreement (the “Effective Date”).
Plansight may update this Agreement from time to time by posting an amended Agreement on its Website with notice to Customer of this revision by email or in-app notification. The revised version will become effective and binding thirty (30) days after it is posted. If Customer does not agree with such modifications to the Agreement, Customer must notify Plansight in writing of any reasonable objections within thirty (30) days after Plansight sends notice of the revision. If Customer provides such notice, then Customer’s subscription will continue to be governed by the terms and conditions of the prior version of this Agreement until Customer’s next renewal date, after which the updated version of this Agreement will apply.
RECITALS:
- Plansight has developed an online employment benefits software platform for insurance carriers, insurance brokers, benefits agencies, and employers that is available to access on Plansight’s Website as a subscription service, together with other content and materials provided by Plansight on the Website or otherwise.
- Customer desires to subscribe to access the Software, and Plansight desires to provide such access to Customer, subject to the terms and conditions of this Agreement.
In consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Plansight and Customer agree as follows:
AGREEMENTS:
- Definitions.
- “Confidential Information” means the Software, Customer Data, either party’s non-public business and technology information, trade secrets, Plansight’s pricing, any written materials marked as confidential and any other information which is clearly identified as confidential or proprietary at the time of disclosure or that the receiving party reasonably should understand to be confidential. Confidential Information excludes information that the receiving party can document: (i) is or becomes generally available to the public without fault of the receiving party; (ii) was rightfully in the receiving party’s possession prior to its disclosure by the other party; (iii) is independently developed without the use of any Confidential Information of the disclosing party; or (iv) is obtained without obligation of confidentiality from a third party who has the right to disclose it. The receiving party also may disclose Confidential Information to the extent required under a judicial or legislative order or proceeding or as necessary to comply with open records acts or other freedom of information laws or regulations; provided that it gives the disclosing party, if legally permissible, reasonable prior notice and an opportunity to respond or object to the disclosure.
- “Customer Agreement” means the Plansight Customer Agreement(s) for Customer’s purchase of a subscription to the Software, which describes Customer’s location(s) for which it is authorized to use the Software, any additional services of Plansight, the Fees, the Term, and other terms mutually agreed by the parties.
- "Customer Data" means all electronic data and content input by Customer and Users into the Software, including Customer’s data contained in Software reports and any Personal Data. Customer Data does not include Usage Data, Aggregated Data, Feedback, or template forms for reports provided to Customer through the Software.
- "Documentation" means Plansight’s user instructions, help materials, and/or user manual (if applicable) for the Software, whether in electronic, printed or other form, as updated by Plansight from time to time.
- “Feedback” means any suggestions, enhancement requests, complaints or other feedback from Customer or Users relating to the Software or Plansight’s Services.
- "Malicious Code" means any virus, worm, trap door, back door, snoopware, spyware, malicious logic, Trojan horse, time bomb or other malicious software functionality that would intentionally erase or render the Software unusable or intentionally interfere with the use of the Software or a User’s computer system or software.
- “Personal Data” means information that identifies a particular individual, such as name, birthdate, address, telephone number, e-mail address, government-issued identification numbers; passwords, credit and debit card numbers, financial account numbers and security codes; biometric data, and personal health information.
- “Services” means Plansight’s Software hosting and subscription services, Software technical support and maintenance, consulting, training, professional services, and other services offered by Plansight to its customers as part of or in connection with the Software, including services for which Plansight may charge a separate fee, as agreed in a Customer Agreement.
- “Software” means Plansight’s Employee Benefits RFP to Employer Presentation software platform that is provided as a subscription service, as specified in the Customer Agreement, including any associated online software or components, the Documentation and Updates. Except as otherwise provided in this Agreement, “Software” includes Third-Party Software provided by Plansight as part of the Software.
- “Term” means the Initial Term of this Agreement together with any and all Renewal Terms, as those terms are defined in Section 6(a).
- “Third-Party Software” means any third-party applications and software, whether open source or proprietary, that are owned by entities or individuals other than Plansight and that may be incorporated into or interoperate with the Software.
- “Updates” means updates, upgrades, patches, improvements, enhancements, bug fixes, additional features, and other modifications to the Software.
- "Users" means individual employees and personnel of Customer who are authorized by Customer to use the Software. Users may also include consultants or contractors of Customer who are using the Software solely for Customer’s internal business purposes, but shall not include competitors of Plansight.
- “Website” means the applicable Plansight website or web portal for Customer, where the Software will be accessed by Customer and its Users via a Customer login, and/or other web pages designated by Plansight where resources and Services related to the Software are provided by Plansight (excluding third-party websites).
- Grant of Rights. Plansight grants Customer a non-exclusive, non-transferable right to access and use the Software during the Term, and solely for use by Customer’s authorized Users at the authorized location(s) set forth in the Customer Agreement. Plansight will provide Customer and its Users with online access to the Software and any related products and Services offered by Plansight that are made available online as part of the Software on the Website. The Software will be hosted either on Plansight’s servers or the servers of a third party that is in the business of hosting web- or cloud-based software applications. Use of the Software is subject to the following terms and limitations:
- Use of Software. Use of the Software is limited to Customer’s own internal business. Where authorized by Plansight in the applicable Customer Agreement, that business is agreed to include Customer’s use of the Software to perform services for Customer’s third-party clients; however, such clients will not be permitted to themselves access or use the Software. Customer is granted the right to authorize Users to access and use the Software and related materials that Plansight makes available as part of the Software and Website. Customer and Users are authorized to use the Software only as part of the Software, except as otherwise specifically set forth in this Agreement.
- Updates. Customer acknowledges and agrees that the Software, Website, and other materials that may be made available by Plansight may be updated and changed from time to time with Updates, in Plansight’s sole and reasonable discretion.
- Proprietary Rights Notices. Customer shall not remove, alter, cover or obfuscate any copyright notices or other proprietary rights notices placed or embedded by Plansight on or in the Software, Website, or related Documentation.
- Restrictions. Customer will not reverse engineer, disassemble, decompile or otherwise attempt to derive source code, trade secrets, algorithms, programming methods or Confidential Information from the Software. Customer will not modify or create derivative works of the Software or use it in order to build a competitive product or service, or copy any features, functions or graphics of the Software or Website. Customer and its Users will use the Software only as permitted by applicable laws and regulations. If any affiliates of Customer are using the Software pursuant to this Agreement, Customer is responsible for ensuring its affiliates’ compliance with the terms of this Agreement.
- Users. Users will be required to accept Plansight’s end user terms of use (the “End User TOU”) prior to accessing the Software. The current version of the End User TOU is attached as Exhibit A. Plansight reserves the right to modify and update the End User TOU in its business discretion from time to time. Customer is responsible for ensuring that its Users comply with such End User TOU terms and the applicable terms and limitations in this Agreement.
- Third-Party Software and Data. Third-Party Software that is embedded in the Software, or is provided by Plansight as an integrated part of the Software, is provided by Plansight to Customer pursuant to the applicable terms of this Agreement, unless a separate third-party license or subscription agreement for such Third-Party Software is provided to Customer in advance. Third-Party Software is authorized only for use in connection with the Software, unless otherwise permitted under an open source license. The Software also uses integrations with third-party systems in order to provide certain services and functions, including importing Customer Data and obtaining third-party statistical data, such as census data.
- Data Storage Limitations. The Software platform may be subject to other reasonable usage limitations, such as limits on data storage. Plansight will give Customer reasonable prior notice before imposing limitations on any excessive data storage or deleting older Customer Data. If Customer has concerns or objections, the parties will use commercially reasonable efforts to work together to resolve them.
- Geographic Scope. Customer’s use of the Software and Services is limited to the United States, and Customer and its Users will not input or allow to be added any Personal Data of non-U.S. residents into the Software, unless and until otherwise expressly agreed in writing by Plansight. Customer acknowledges that use of the Software for any business operations outside of the U.S. requires additional due diligence to ensure that that the parties are able to comply with data security, privacy, and other applicable laws and regulations.
- Free Trial Software. If a free evaluation or trial of the Software is specified in the Customer Agreement or otherwise agreed by the parties (“Free Software”), then such Free Software is provided “AS IS” WITHOUT ANY WARRANTIES OR INDEMNITIES OF ANY KIND, NOTWITHSTANDING SECTIONS 10 AND 11, AND PLANSIGHT WILL NOT BE LIABLE FOR ANY DAMAGES, DIRECT, CONSEQUENTIAL, OR OTHERWISE, ARISING OUT OF CUSTOMER’S USE OF THE FREE SOFTWARE. If Customer purchases a subscription to the Free Software at the end of the trial period, the standard terms of this Agreement will apply to such Software thereafter. ANY DATA THAT CUSTOMER ENTERS INTO FREE SOFTWARE DURING THE FREE TRIAL PERIOD MAY BE TEMPORARY ONLY. If Customer does not purchase a paid subscription to the Free Software upon completion of the trial period, Plansight may purge and delete the Customer Data entered into the Free Software any time after expiration of the trial period. Plansight may use Customer’s trial period data for the purposes specified in Section 4(c). Plansight will make the Free Software available to Customer on a trial basis, free of charge, until the earlier of (a) the end of the agreed free trial period, or (b) the start date of any purchased subscription to such Software by Customer. Customer may not transfer Free Software to or share it with anyone else.
- Other Services.
- Technical Support and Maintenance. Plansight will provide Customer with email- and/or telephone-based technical support and maintenance Services to assist Customer in utilizing the Software, together with access to materials in Plansight’s online knowledge base. Support Services will be available during Plansight’s regular business hours. Plansight technicians will use reasonable, good faith efforts to resolve Customer’s problems. Plansight will respond to support requests based on: (a) the order that such requests are received; and (b) the relative importance of such requests as reasonably determined by Plansight. Plansight may update its support and maintenance policies from time to time, upon notice to Customer.
- Professional Services. Upon Customer’s request and subject to the terms of a Customer Agreement, Customer may purchase or obtain training, consulting services, or other professional Services from Plansight.
- Customer Responsibilities.
- Account Security and Limitations. Customer acknowledges and agrees that it is responsible for managing its organization’s security environment and security profile, including without limitation security configurations, system access, and security privileges. Customer will maintain commercially reasonable administrative, physical, and technical safeguards and standards for its Users’ use of the Software and the security of the Software and Users’ passwords. Customer is responsible for proper firewall maintenance allowing data to move from Customer’s on-premises data-contributing system to the Software. Customer will promptly notify Plansight if it becomes aware of any unauthorized access or use of the Software or any unauthorized use or disclosure of Users’ passwords or accounts. A single username and password may not be used by more than one User. Users may log in and use the Software only from a single location at any given time.
- Customer Administrators. If requested by Plansight or specified in a SOW, Customer will designate one system administrator for each authorized Customer location (each a “Customer Administrator”) to manage the Software system for Customer, provide first-line support to Users, and act as Customer’s primary technical contact and liaison with Plansight. The Customer Administrator must attend training and be certified as reasonably required by Plansight, and be qualified to operate the Software on Customer’s equipment. Customer may replace its Customer Administrators upon written notice to Plansight, provided that the new Customer Administrator must receive the required Plansight training. Customer will be charged additional fees for any training for Customer's Users beyond the initial training provided as part of Plansight’s implementation Services.
- Hardware and Additional System Components. Customer is responsible for providing computer hardware (PCs, laptops, workstations) that are reasonably sufficient for use with the Software and that are set up to use Google Chrome with the Software. Customer will also maintain a stable, high-speed Internet connection and remote connectivity.
- Customer Data. Customer is solely responsible for the accuracy, completeness, and integrity of all Customer Data input into the Software or otherwise provided to Plansight, and for obtaining any necessary consents or authorizations for use of such Customer Data as contemplated by this Agreement. Customer Data to be imported into the Software by Plansight must be provided by Customer in a digital form that complies with Plansight’s written requirements. It is solely Customer's responsibility to assure and confirm that the initial importing of the Customer Data into the Software’s database by Plansight has been properly performed. After the initial setup, it is Customer’s sole responsibility to add further input and modifications to the Customer Data in Customer’s database in the Software. Customer is also solely responsible for the accuracy of any and all reports, displays and/or uses of Customer Data, whether or not Plansight assisted Customer with the development or construction of such reports and displays and other uses of the Customer Data.
- Consent to Communications and Services.
- Communications from Plansight. By registering with Plansight, Customer understands and agrees that Plansight may email or otherwise communicate with Customer regarding the Software and its Services, including but not limited to (i) notices about Customer’s use of the Software, including any notices concerning violations of use, (ii) updates and modifications to the Software, and (iii) promotional information and materials regarding Plansight's products and services. Plansight enables recipients to opt out of receiving marketing e-mails by following the opt-out instructions provided in the message.
- Log-off of Inactive Accounts; Etc. Plansight reserves the right to log off accounts that are inactive for a period of time and to quarantine suspect messages within the Software platform. Plansight also may modify domain and user settings with or without notice, including for security, system performance, and legal reasons. Customer must add Plansight and the Software to the “allowed” list of contacts and programs and ensure that Customer’s firewall and anti-virus software programs do not block Plansight.
- Ownership.
- Plansight Ownership. Plansight owns and retains all right, title and interest in and to the Software, including the Software and Documentation, text, graphics, logos and images, Plansight’s trademarks and service marks, the Website and its contents, any custom developments, Updates, training and other written or electronic documents and materials produced by Plansight that relate to the Software, and all intellectual property rights in the foregoing. The Software and all other materials made available to Customer by Plansight may be used by Customer and Users only for the purposes described in this Agreement. Any rights not expressly granted herein are reserved to Plansight. Neither this Agreement nor any other agreement between the parties changes ownership of any pre-existing software or other materials.
- Customer Ownership. As between the parties, Customer owns and shall retain all right, title and interest in and to all Customer Data, as well as the contents of any reports or forms generated by the Software that are specific to Customer. Plansight has the right to use, process and disclose Customer Data as necessary to provide the Services to Customer, to create Aggregated Data as set forth below, to comply with legal obligations, and exercise its legal rights.
- Usage Data and Aggregated Data. The Software tracks metadata and other statistical and usage data related to Customer’s and Users’ use of the Software (“Usage Data”) and provides such data to Plansight. Plansight shall also have the right to aggregate and anonymize Customer Data (“Aggregated Data”). Any Customer Data used in creating the Usage Data and Aggregated Data must be in aggregated and/or anonymized form so that it is not identifiable as to Customer or any individual person. Plansight shall own such Usage Data and Aggregated Data. Plansight may collect, aggregate, use, distribute and sell such Usage Data and Aggregated Data for any legal purpose, including without limitation for the purposes of providing services and improving the Software and Plansight’s products and services generally.
- Feedback. Plansight will own all Feedback provided to it and may, without limitation, incorporate it into Plansight’s software, products and services. Plansight shall exclusively own all right, title and interest in and to any software and intellectual property developed or delivered to Customer in the performance of this Agreement, regardless of whether it is based on or incorporates any Feedback, subject to the rights granted herein to Customer.
- Fees.
- Fees. Customer’s fees for its Software subscription and for other Plansight services are set forth in the Customer Agreement(s) (collectively, the “Fees”). Standard support and maintenance services for the Software, as described in Section 2(j)(i), are included as part of such Fees at no additional charge.
- Payment Terms.
- Payment of Fees for all accounts are required to be registered to pay via ACH, credit or debit card. Unless otherwise specified in the applicable Customer Agreement, SaaS Fees are due in advance and Fees for other Services are due net thirty (30) days from date of invoice. Customer must be authorized to use the payment method that is entered when a User creates a billing account. Customer authorizes Plansight to charge the Fees for the Software subscription Service, and any other products or services ordered by Customer or its Users, using Customer’s designated payment method, including for any paid feature of the Software that is elected or used by Customer and its Users, including all recurring fees. Plansight may charge Customer up to the amount Customer has approved plus applicable taxes, and Plansight will notify Customer in advance of the difference for recurring Fees.
- Customer must keep all information in its billing account current. Customer may access and modify its billing account information within the Software at any time, including changing its credit/debit card and contact information. If either Customer’s original or new card does not work or has insufficient funds, Plansight may suspend or terminate Services subject to the terms of Section 6 below, including the applicable notice and cure periods; however, Customer is still responsible and liable to Plansight for the full contracted payment amounts. Customer’s notice to Plansight of any billing changes will not affect charges that Plansight has submitted to Customer’s billing account before Plansight is reasonably able to act on Customer’s requested changes.
- By submitting Customer’s credit/debit card data to Plansight, Customer authorizes Plansight to submit a financial transaction(s) to Customer’s issuing bank for settlement. Customer will contact Plansight at least thirty (30) days prior to the next billing cycle if Customer desires to cancel any recurring charge; however, Customer may only cancel payments at the end of its then-current annual contract term.
- If Customer believes there is an error on its account, including an incorrect amount or unauthorized transaction, Customer agrees to contact Plansight prior to the next billing cycle. Upon proper notification, Plansight in its reasonable discretion may issue a credit to your bank card.
- Plansight will notify Customer in advance, either through the Software or to Customer’s email address most recently provided to Plansight, if Plansight changes the Fees for the Software subscription Service. The subscription Fee specified in the Customer Agreement will remain in force for the Initial Term. The same Fees will apply to Renewal Terms unless Plansight gives Customer at least ninety (90) days’ prior written notice of an increase to the Fees, which will be effective at the beginning of the next Renewal Term. If Customer does not agree to these fee changes, Customer must cancel and cease using the Software and Services by notification to Plansight no later than sixty (60) days prior to the conclusion of Customer’s current annual term.
- Past Due Amounts. If any Fees owed by Customer are thirty (30) or more days overdue, Plansight may, without limiting its other rights and remedies and upon providing five (5) days prior written notice to afford Customer a cure period: (i) charge interest at the rate of 1% per month or the highest rate permitted by law, whichever is less, on the past due amounts; (ii) terminate this Agreement under Section 6(b) and accelerate Customer’s unpaid Fee obligations so that all such obligations become immediately due and payable, and/or (iii) suspend Customer’s and its Users’ access to the Software until such amounts are paid in full, as set forth in Section 6(d). Customer shall also be liable for all costs of collection, including reasonable attorney's fees, whether or not a suit is instituted.
- Disputed Amounts. Customer will not withhold any undisputed portion of any amounts payable hereunder but may withhold disputed amounts upon written notice of a reasonable dispute. Customer shall deliver such notice, including the basis for such dispute, to Plansight within sixty (60) days after the date of the initial invoice on which the disputed amounts appear; otherwise the right to dispute the amounts invoiced will be deemed waived. If such dispute is not resolved within 120 days of the date of the invoice that is subject to dispute, Plansight reserves the right to suspend Services or terminate this Agreement.
- Taxes. Customer is responsible for any applicable sales, use or other taxes or duties associated with this Agreement, other than taxes on Plansight’s net income. If Customer is a tax-exempt entity, Customer must provide a tax-exemption certificate to Plansight. To determine taxes and fees, Plansight uses the address for the Customer’s location(s) specified in the Customer Agreement, which Plansight assumes to be the Place of Primary Use (“PPU”). This PPU location may be different from Customer’s billing address that Plansight has on record. It is Customer’s responsibility to provide the address of the correct PPU to Plansight.
- Integrated Plan Additional Policies and Cancellation. If Customer purchases the Services from a reseller or another third party, then Customer acknowledges and agrees that (i) such third party is responsible for keeping Customers’ account payments current; (ii) any failure to do so may result in suspension or termination of Customer’s access to the Software and Services; and (iii) such third party has the authority and ability to cancel Customer’s account with Plansight.
- Other. All amounts paid under this Agreement are payable in U.S. dollars. All payments are non-refundable, other than as expressly set forth in this Agreement.
- Term and Termination; Suspension.
- Term. This Agreement will commence on the Effective Date and will continue for the initial term specified in the Customer Agreement (the “Initial Term”), subject to prior termination as set forth below. At the end of the Initial Term, this Agreement will automatically renew for additional twelve (12) month renewal terms (each a “Renewal Term”) at Plansight’s then-current rates or as otherwise agreed in writing by the parties, subject to termination as set forth below. Either party may give the other party written notice of non-renewal of this Agreement at least thirty (30) days prior to the expiration of the then-current Initial Term or Renewal Term.
- Termination for Cause. Either party will have the right to terminate this Agreement for cause at any time, upon written notice, in the event of (i) any material breach of this Agreement by the other party, subject to thirty (30) days prior written notice and opportunity to cure such breach; or (ii) the other party’s dissolution, distribution of a substantial portion of its assets, or cessation of all or substantially all of its normal business affairs.
- Effect of Termination. Upon termination of this Agreement, Customer will no longer have access to the Software. Customer is responsible for extracting and copying its Customer Data from the Software prior to termination of this Agreement; if Customer requires a longer period to do so, Customer may notify Plansight that it requires an extension to its subscription Term for data extraction purposes. Customer will promptly pay all outstanding amounts owed to Plansight. If Customer terminated this Agreement under Section 6(b), Plansight will promptly refund to Customer any prepaid and unearned Fees. Each party will promptly return to the other party all Confidential Information of the other party and delete any copies of such information or materials from its systems and files. Notwithstanding the foregoing, the receiving party may retain Confidential Information on its back-up servers that are not generally accessible, in the ordinary course of business, as well as one copy in a secure location for archival purposes, provided that such Confidential Information shall remain subject to the provisions of this Agreement. Sections 2(c), 2(d), 4, 5, 6(c), 7, 8, 9, 10, 11, 12, and 15 will survive termination of this Agreement, together with such other terms as by their intent or meaning should so survive.
- Suspension of Software Access. Plansight may suspend Customer’s and its Users’ access to the Software if Customer is in material breach of this Agreement, including any non-payment of fees, subject to fifteen (15) days’ prior written notice and opportunity to cure such breach. Plansight may also immediately suspend Customer’s or a User’s access to the Software, without prior notice, if continued use creates a substantial risk to the security or integrity of the Software system or may result in material harm to the Software, Plansight, or other customers of Plansight. Plansight will promptly notify Customer of the suspension. Plansight will limit the suspension in time and scope as reasonably necessary under the circumstances. Plansight shall have the right to monitor use of the Software to verify compliance with the Agreement.
- Confidential Information. The receiving party of Confidential Information (i) shall not disclose Confidential Information or any information derived therefrom to any person, other than employees and independent contractors with a need to know such information and who are obligated to keep such information confidential; or (ii) use the Confidential Information for any purpose, except as expressly permitted by this Agreement. The receiving party shall give Confidential Information at least the same level of protection as it gives its own information of similar sensitivity, but not less than a reasonable level of protection. Confidentiality obligations shall survive any termination of this Agreement.
- Data Security and Privacy.
- Reasonable Safeguards. Each party will collect and maintain all Personal Data and protected health information (“PHI”) of individuals contained in the Customer Data in compliance with applicable data privacy and protection laws, statutes, and regulations. Plansight agrees to maintain commercially reasonable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, including Personal Data, and will comply with its obligations under the Data Security Addendum attached as Exhibit B. Customer will also maintain commercially reasonable administrative, physical, and technical safeguards and standards for its Users’ use of the Software and the security of the Software and Users’ passwords. Please refer to Plansight’s privacy policy, which informs users of Plansight’s policies and practices related to collection, storage, processing, destruction, and other use of Personal Data.
- Business Associate Agreement. If Customer is a covered entity or a business associate of a third-party covered entity under HIPAA and includes PHI in the Customer Data provided to Plansight (as a business associate or sub-business associate), this Agreement will automatically incorporate the terms of the Business Associate Agreement (“BAA”) attached as Exhibit C, as part of the overall agreement between the parties. The BAA shall supersede the terms of this Section 8 with respect to any issues related to PHI.
- Customer’s Warranties. Customer represents and warrants to Plansight that:
- Customer has full power and authority to enter into this Agreement and make the agreements specified herein.
- Customer shall not have any right or authority (i) to make any representations or warranties on Plansight’s behalf, except as expressly approved in writing by Plansight; (i) to assume or create any obligations or responsibilities, express or implied, on behalf of Plansight; or (iii) to bind Plansight in any way; except as expressly set forth in these Terms. Plansight shall not be liable for any unauthorized representations or warranties made by Customer.
- Customer Data will not violate any person’s right of privacy or copyright, trademark, or other intellectual property rights, and Customer and its Users will not transmit any such materials to Plansight. Customer warrants that it has all necessary rights and consents required to upload all Customer Data, including Personal Data and PHI, into the Software or otherwise provide such Customer Data to Plansight; and that Plansight’s storage, use or transmission of the Customer Data pursuant to the terms of this Agreement does not violate any laws or regulations or Customer’s contracts with any third party.
- Where Customer or its Users use the Software to download, export, and/or email or otherwise send documents or files to third parties, including files containing any PHI, Personal Data, Customer Data or Confidential Information, Customer warrants that it shall do so in compliance with all applicable laws and regulations and acknowledges that it is solely responsible for such legal compliance.
- Customer will use commercially reasonable, industry-standard efforts and means to keep Malicious Code out of all materials uploaded by it and its Users into the Software.
- Plansight Warranties and Disclaimers.
- Plansight Warranties. Plansight warrants to Customer as follows:
- Plansight has full power and authority to enter into this Agreement and make the agreements specified herein.
- Plansight warrants, during the Term, that the Software, when used properly and in accordance with its Documentation and this Agreement, will comply in all material respects with its Documentation.
- Plansight will use commercially reasonable, industry-standard efforts and means to keep Malicious Code out of the Software.
- Exclusions. Plansight’s warranties exclude non-performance issues that result from (i) modification of the Software by Customer or any person or entity other than Plansight; (ii) defects or problems that are outside the reasonable control of Plansight, including defects or damage resulting from use of the Software in other than its normal and authorized manner; or (iii) Customer’s or its Users’ failure to comply with due standards of care. Customer will reimburse Plansight for its reasonable time and expenses for any services provided at Customer’s request to remedy excluded non-performance issues.
- Remedies. In the event of a breach of any of the above warranties, Customer shall contact Plansight’s designated support personnel within thirty (30) days of Customer’s discovery of the breach or defect in the Software. Customer’s sole and exclusive remedies and Plansight’s entire liability for breach of this warranty will be: (i) at Plansight’s option, to repair any material, reproducible deficient functionality of the Software, or to replace such defective functionality with reasonably equivalent functionality; or (b) if Plansight is unable or fails to cure the warranty breach within a reasonable time, Plansight or Customer may terminate this Agreement upon fifteen (15) days’ prior written notice. Any such termination by Customer must occur within three months of the initial occurrence of the warranty breach.
- Limitation of Warranties. Except as expressly set forth in this Section 10, the Software, its Documentation, data provided through the Software, the Website, and all Services are provided “AS IS”. Open source copyright holders have no liability to Customer for any reason. PLANSIGHT AND ITS THIRD-PARTY LICENSORS AND SERVICE PROVIDERS MAKE NO OTHER WARRANTIES, EXPRESS OR IMPLIED, AND DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT OR FITNESS FOR ANY PARTICULAR PURPOSE OR USE, whether arising by law, by reason of custom or usage of trade, or by course of dealing. Plansight and its third-party providers make no express or implied representations or warranties with respect to any third-party data supplied by them or the Software, such as census and statistical data, including with respect to the data’s accuracy, completeness, condition, merchantability, fitness for any particular purpose or use by Customer or any permitted third party. Plansight is not in any way responsible or liable for Customer’s and its Users’ use of the Software to export, email and distribute any Customer Data, documents or information or data of any kind. Plansight does not warrant that the Software or its Services are error-free. Plansight is not responsible or liable for any problems or interruptions in the Software due to issues with third-party hosting services or Internet service providers. Hardware, Third-Party Software, and hosting services are covered only by the manufacturer's or third-party software or service provider's warranty or service level agreement (SLA). Warranties are not transferable to a third party, other than in connection with assignment of this entire Agreement under Section 14.
- Customer’s Services and Third-Party Agreements. Plansight expressly disclaims any and all responsibility and liability with respect to separate agreements and dealings that Customer may have with its third-party customers, clients, employers, consumers or website users. Customer is solely responsible for the products and services that it provides to third parties.
- Indemnification.
- Mutual Indemnity. Each party (as the “Indemnifying Party”) shall defend or settle at its expense any third party claim or action (a “Claim”) brought against the other party (the “Indemnified Party”) arising out of: (i) the Indemnifying Party’s breach of this Agreement; or (ii) any grossly negligent acts or willful misconduct of the Indemnifying Party or its personnel. If both parties are at fault, each party will pay its proportional share of the resulting expenses or damages.
- Plansight Indemnity. Plansight shall defend or settle at its option and expense any Claim brought against Customer alleging that the Software infringes a U.S. registered patent, copyright, or trademark or misappropriates a trade secret. Plansight shall have no liability for any infringement claim to the extent such Claim is based on: (1) modification of the Software other than by Plansight; (2) any open source or other third-party software or component; or (3) the combination, operation or use of the Software with any software, hardware or other materials not furnished by Plansight. In the event of an infringement Claim, Plansight may at its option and expense: (a) replace or modify the Software so that it becomes non-infringing; or (b) procure for Customer the right to continue using the Software. If neither of these alternatives is reasonably available, Plansight may terminate this Agreement and refund to Customer any prepaid fees for the period after termination. This Section 11(b) states the entire extent of the liability and obligations of Plansight with respect to any alleged infringement or misappropriation of intellectual property rights.
- Customer Indemnity. Customer shall defend or settle at its option and expense any Claim brought against Plansight arising out of (i) any infringement claims or privacy breaches based upon the Customer Data, other than a security breach for which Plansight is responsible; (ii) Customer’s use of incorrect or fraudulent Customer Data; (iii) Customer’s provision of services to its third-party clients; or (iii) Customer’s use of the Software in a manner that violates this Agreement or applicable law.
- Indemnification Procedure. When an indemnifiable Claim is made by a User or other third party, the Indemnified Party shall promptly notify the Indemnifying Party of such Claim, grant the Indemnifying Party sole control of the defense and all related settlement negotiations, and provide the Indemnifying Party with the assistance, information and authority reasonably necessary to defend the Claim, at the Indemnifying Party’s expense. The Indemnifying Party will pay any costs or damages finally awarded against the Indemnified Party that are attributable to an indemnifiable Claim, or any amounts agreed by the Indemnifying Party in settlement of the Claim. The Indemnified Party may not settle a Claim without prior written consent of the Indemnifying Party, which shall not be unreasonably withheld. The Indemnified Party may, at its option and expense, be represented by separate counsel in any such Claim.
- Limitations of Liability.
- IN NO EVENT SHALL CUSTOMER, OR PLANSIGHT OR ITS THIRD-PARTY LICENSORS OR SERVICE PROVIDERS, BE LIABLE FOR LOST PROFITS, LOSS OF DATA (EXCEPT AS PROVIDED IN THE BAA), INTERRUPTIONS OF BUSINESS, OR ANY INDIRECT, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT OR USE OF THE SOFTWARE, INCLUDING WHERE SUCH TYPES OF DAMAGES RELATE TO THE ACCIDENTAL OR UNLAWFUL DESTRUCTION, LOSS, ALTERATION, UNAUTHORIZED DISCLOSURE OF, OR ACCESS TO PERSONAL DATA TRANSMITTED, STORED OR OTHERWISE PROCESSED, REGARDLESS OF WHETHER SUCH PARTY HAS NOTICE OF THE POTENTIAL FOR SUCH LOSS OR DAMAGE, AND REGARDLESS OF THE THEORY OF LIABILITY (INCLUDING NEGLIGENCE AND STRICT LIABILITY). PLANSIGHT'S AND ITS CUSTOMERS AND LICENSORS AND SERVICE PROVIDERS’ TOTAL AGGREGATE LIABILITY FOR ANY CLAIM OR DAMAGE ARISING OUT OF THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID BY CUSTOMER TO PLANSIGHT DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE EVENT GIVING RISE TO THE CLAIM.
- The fees for the Software reflect this allocation of risk and limitations of liability. These limitations form an essential basis of the bargain between the parties, and shall apply notwithstanding the failure of the essential purpose of any limited remedy. The above limitations may be superseded by law in some jurisdictions.
- Publicity. Any press releases or other public statement regarding this Agreement may be made only with the other party’s consent, which shall not be unreasonably withheld, except that a party may make public disclosures to the extent required by law, and Plansight is permitted to include Customer’s name on customer lists that may be posted on Plansight’s Website or provided to potential customers and other third parties.
- Assignment. Customer may not assign or transfer this Agreement, its account with Plansight, or any of Customer’s rights or duties hereunder to any third party without prior written consent of Plansight, which shall not be unreasonably withheld. Plansight may assign, subcontract, transfer, or otherwise dispose our rights and obligations under this Agreement, in whole or in part, at any time. Plansight shall remain primarily liable for the performance of all of its subcontracted obligations, to the same extent as if Plansight itself had performed such obligations.
- General.
- Entire Agreement; Amendment. This Agreement, including the attached exhibits and the related Customer Agreement(s), constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes all prior or oral agreements or understandings with respect thereto. Any preprinted terms in a purchase order submitted by Customer to Plansight are expressly agreed to be of no force or effect. This Agreement may not be amended except by a writing signed by authorized representatives of both parties.
- No Waiver. Any waiver by either party of a default or obligation under this Agreement will be effective only if in writing. Such a waiver does not constitute a waiver of any subsequent breach or default. No failure to exercise any right or power under this Agreement or to insist on strict compliance by the other party will constitute a waiver of the right in the future to exercise such right or power or to insist on strict compliance.
- Choice of Law and Jurisdiction. This Agreement shall be construed in accordance with the laws of the State of Utah, excluding conflicts of laws provisions. If any dispute arises concerning this Agreement and/or Plansight’s products or services, venue shall be laid in Salt Lake County, Utah. Utah state and federal courts shall have exclusive jurisdiction over any such dispute, and the parties hereby consent to the jurisdiction and venue of such courts. Notwithstanding the foregoing, if Plansight has entered into a Master Services Agreement (“MSA”) with Customer or its affiliate, the MSA’s choice of law, venue and jurisdiction terms shall supersede this section if there is a conflict.
- Attorneys’ Fees. In the event of any breach with respect to this Agreement, the breaching party, in addition to all other obligations and liabilities hereunder, shall pay all attorneys’ fees, expert witness fees, court costs, investigation expenses, and all other costs and expenses incurred by the non-defaulting party in connection with such breach and enforcement of this Agreement.
- Severability. If any provision of this Agreement is deemed invalid or unenforceable by a court or governmental authority, that provision shall be modified, if possible, to the minimum extent necessary to make it valid and enforceable, or if it cannot be so modified, then severed, and the remainder of this Agreement shall remain in full force and effect.
- Export Compliance. Customer may not use, export or re-export any of the Software’s data, software code, content or materials in any form in connection with this Agreement in violation of U.S. export laws and regulations, or without first obtaining the appropriate United States and foreign government authorizations.
- Notices. All notices required under this Agreement will be in writing and will be delivered personally, mailed by registered or certified mail with a return receipt requested, sent by commercial overnight delivery service with provisions for a receipt, or sent by e-mail, to the address of the receiving party set forth in the Customer Agreement or such other address a party may specify by written notice. Notices shall be presumed to have been received by the other party (i) upon receipt if sent by hand delivery, registered or certified mail, or delivery service; or (ii) if sent by email, upon confirmation of receipt by non-automated means. Plansight may also send notices to Customer by posting such information on the Software portal, and such notices will be deemed received one (1) day after being posted. Customer hereby consents to receiving legal notices electronically in this manner. If Customer refuses or withdraw its consent to receive notices electronically, Plansight may terminate this Agreement upon notice to Customer.
- Independent Contractors. The parties are independent contractors. Customer is not an agent of Plansight and will not represent to any third party that it is an employee or agent of Plansight. Customer shall have no authority to enter into any contract on behalf of Plansight.
- Injunctive Relief. Each party acknowledges that the other party's intellectual property and Confidential Information is highly valuable to the other party, that any breach of such party’s obligations with respect to confidentiality and/or use of the other party’s intellectual property, including any breach by Customer of any restrictions on use of the Software or the scope of the rights granted by Plansight herein, may severely damage the other party, the extent of which damage would be difficult to ascertain and, therefore, that the other party is entitled to seek, among other remedies, temporary and permanent injunctive relief and other equitable relief for any such breach, without the necessity of posting bond or other security, to the extent permitted by law.
- Force Majeure. A party shall be excused from delays or failure to perform its duties (other than payment obligations) to the extent such delays or failures result from acts of nature, riots, war, acts of public enemies, fires, epidemics, labor disputes, or any other causes beyond its reasonable control. The parties will promptly inform and consult with each other as to any of the above causes that in their judgment may or could be the cause of a substantial delay in the performance of this Agreement. The affected party shall resume performance as soon as is reasonably feasible.
- Electronic Signatures and Delivery; Signature Authority. The Customer Agreement and any other documents to be delivered in connection therewith may be electronically signed and delivered. Any electronic signatures appearing on the Customer Agreement or such other documents are the same as handwritten signatures for the purposes of validity, enforceability, and admissibility. The person accepting this Agreement and the related Customer Agreement(s) on behalf of Customer represents that he or she has the authority to bind Customer to this Agreement.
Updated 10/03/2024
EXHIBIT A
END USER TERMS OF USE
PLEASE READ THESE TERMS OF USE (THE “TERMS”) CAREFULLY BEFORE ACCEPTING THESE TERMS, UNDER WHICH YOU WILL BE AUTHORIZED TO USE THE EMPLOYEE BENEFITS RFP TO EMPLOYER PRESENTATION SOFTWARE (THE “SOFTWARE”) OF PLANSIGHT, INC. (“PLANSIGHT” OR “WE”). BY CLICKING TO ACCEPT THESE TERMS OR BY USING THE SYSTEM, YOU INDICATE YOUR ACCEPTANCE OF THESE TERMS IN THEIR ENTIRETY. THESE TERMS SET FORTH YOUR LEGAL RIGHTS AND OBLIGATIONS RELATED TO PLANSIGHT’S SOFTWARE. IF YOU DO NOT ACCEPT THESE TERMS, DO NOT USE THE SOFTWARE.
These Terms are a legal agreement between you and Plansight and govern your use of the Software as an authorized user of a customer of Plansight (the “Customer”), which has entered into a separate Terms of Service agreement with us. We make the Software available to Customer and its authorized users, subject to the following terms and conditions. Any rights not expressly granted herein are reserved by Plansight.
Changes to Terms: Plansight may update these Terms from time to time. You may be notified of such changes by email and/or we may require you to accept the new version of the Terms in order to continue accessing the Software. If you object to any changes in these Terms, you may discontinue your use of the Software.
In consideration of Plansight’s provision of the Software and related services to you, you agree with us as follows:
- ACCESS TO SOFTWARE AND MATERIALS. You will have access to the Software under the terms of our contract with Customer, including the ability to upload content to the Software and modify and update that content. You acknowledge and agree that the Software, Plansight’s web portal, text, graphics, logos, images, content and other materials made available through the Software (“Plansight Materials”), may be modified and updated from time to time, in Plansight’s sole discretion.
- USER OBLIGATIONS. You warrant to us that you will use the Software and Plansight Materials solely for Customer’s internal business purposes, and you will not use them for any purpose that is unlawful or that is prohibited by these Terms. Without limiting this warranty, you specifically agree:
- You will not share your password or access to your Software account with any other person or entity, including without limitation any competitor of Plansight, other than other authorized users employed by Customer. You are responsible for any misuse of the Software under your account or password.
- You will not use the Software in any manner which could damage, disable, overburden, or impair the Software or interfere with any other party's use and enjoyment of the Software.
- You will not obtain or attempt to obtain any materials or information on or through the Software through circumventing any access or use restrictions or by any other unauthorized methods, such as hacking or password mining.
- You may not use any bots, spiders, page-scraping or other automated or manual processes or methods to copy or monitor the Software or any of its contents.
- You will not upload to the Software any libelous or unlawful content or any materials or instructions that may cause harm or injury, or that violate any person’s right of privacy or any copyright, trademark, or other intellectual property rights.
- You will not modify, publish, transmit, reverse engineer, participate in the transfer or sale, create derivative works, or in any other way use or exploit any of the content of the Software or other Plansight Materials other than for their authorized purposes.
- You will not delete or alter any proprietary rights or attribution notices in any content or Plansight Materials obtained through the Software.
- You agree that you do not acquire any ownership rights in any content posted by Plansight, its licensors, or other third parties, or in any Plansight Materials. We do not grant you any licenses, express or implied, to any Plansight Materials except as expressly provided in these Terms, in connection with such content or materials, or as contained in a binding contract between you or your organization and Plansight.
- OWNERSHIP, PRIVACY POLICY, AND DATA USAGE RIGHTS.
- The Plansight Materials are the property of Plansight or its suppliers or licensors, and are protected by copyright and/or other laws protecting intellectual property and proprietary rights. You agree to comply with all copyright and other notices, legends or restrictions applicable to any Plansight Materials.
- Please refer to Plansight’s Privacy Policy, which informs users of Plansight’s policies and practices related to collection, storage, processing, destruction, and other use of your personal data.
- The Software tracks metadata and other statistical and usage data related to your use of the Software and other portions of the Software (“Usage Data”) and provides such data to us. We will own and have the right to distribute and use Usage Data for any legal purpose.
- If you provide any suggestions, ideas or feedback to us (“Feedback”), we will have a royalty-free, worldwide, irrevocable, perpetual license to use such Feedback and incorporate it into or use it to improve our software, products and services.
- LINKS TO THIRD PARTY SITES. If you decide to access or use any third party websites linked to the Software, you do this entirely at your own risk.
- TRADEMARKS. Plansight’s name and its trademarks, service marks and logos, as well as any other Plansight product names or logos displayed on our website or Software, are registered or unregistered trademarks of Plansight, LLC. The names and marks of any third parties on our website are the property of their respective owners and may also be trademarks. Our trademarks may be used publicly only with our prior written permission.
- TERM AND TERMINATION. These Terms shall remain in force until terminated by either you or us for any or no cause, by giving notice to the other party. These Terms and your right to access to the Software will automatically terminate, without notice to you, if our contract with the Customer terminates or if your employment or engagement with the Customer terminates. Without limiting the foregoing, if you breach any of these Terms, we have the right, at our sole discretion and without prior notice, to suspend, modify, disable, or terminate your use of the Software. Upon termination, you will no longer have authorized access to the Software.
- NO ASSIGNMENT. These Terms and your Software account may not be assigned by you.
- WARRANTIES AND DISCLAIMERS. THE SOFTWARE AND OTHER PLANSIGHT MATERIALS ARE PROVIDED TO YOU “AS IS.” PLANSIGHT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AND DISCLAIM ANY IMPLIED WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE. OUR TOTAL LIABILITY FOR ANY CLAIM OR DAMAGE ARISING OUT OF THESE TERMS, INCLUDING ANY USE OF OR INABILITY TO USE THE SOFTWARE OR OTHER PLANSIGHT MATERIALS, SHALL BE LIMITED TO DIRECT DAMAGES, WHICH SHALL NOT EXCEED THE TOTAL AGGREGATE AMOUNT OF $50.00. IN NO EVENT SHALL PLANSIGHT BE LIABLE FOR ANY LOST PROFITS, LOST DATA, INTERRUPTIONS OF BUSINESS, OR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE OR OTHER PLANSIGHT MATERIALS, REGARDLESS OF WHETHER WE HAVE NOTICE OF THE POTENTIAL FOR SUCH LOSS OR DAMAGE. Some jurisdictions prohibit certain limitations of damages in consumer contracts, so the above limitations may be superseded by law in some jurisdictions.
- APPLICABLE LAWS.
- We control the Software from our offices in the United States of America. We make no representation that the Plansight Materials are appropriate or available for use in other locations, and access to them from territories where their content is illegal is prohibited.
- You may not use or export the Plansight Materials in violation of U.S. export laws and regulations.
- These Terms shall be governed by the laws of the state of Utah, excluding conflicts of laws rules. You consent to the exclusive jurisdiction and venue of courts in Utah in all disputes arising out of or relating to these Terms.
- Our provision of the Software and other Plansight Materials and services is subject to existing laws and legal process, and nothing contained in these Terms limits our right to comply with governmental, court and law enforcement requests or requirements.
- NOTICES. All notices, consents and other communications permitted or required to be given hereunder shall be delivered by email to Plansight at support@plansight.com and to you at the email address assigned to your Software account.
- MISCELLANEOUS. Unless otherwise specified herein, these Terms constitute the entire agreement between you and Plansight with respect to the Software. These Terms supersede all other prior or contemporaneous communications and understandings, whether electronic, oral or written, between you and us with respect to the Software. If any provision of these Terms is found void or unenforceable, all other provisions will remain in full force and effect. The failure to enforce any right or provision of these Terms will not constitute a waiver of future enforcement of that right or provision.
EXHIBIT B
DATA SECURITY ADDENDUM
In the course of Plansight’s engagement with Customer under the Plansight Terms of Service and/or other applicable agreement between the parties (the “Agreement”), Plansight will receive and have access to Personal Data (as defined below) and other confidential or proprietary data of Customer (collectively with Personal Data, the “Customer Data”). This Data Security Addendum is subject to the terms and limitations of the Agreement.
“Personal Data” means Customer Data that consists of information identifying a particular individual, such as name, birthdate, address, telephone number, e-mail address, government-issued identification numbers, passwords, credit and debit card numbers, and bank or other financial account numbers and security codes.
- Plansight shall comply with the terms and conditions set forth in this Data Security Addendum (the “Data Security Requirements”) and with all applicable federal and state laws and regulations in its collection, receipt, transmission, storage, disposal, use, disclosure and other processing of Customer Data. Plansight will safeguard the security of its data and information technology systems and all Personal Data and other confidential and sensitive data held by Plansight, including processes of encryption of data, incident management policies, data backup policies and other procedures, to ensure the safety, security and integrity of the Customer Data held by Plansight. Without limiting the foregoing, Plansight will:
- keep and maintain all Customer Data in confidence, using such degree of care as is appropriate to avoid unauthorized access, use, disclosure or other processing;
- only use and process Customer Data (i) for the benefit of Customer or to provide services to Customer; (ii) as permitted under the Agreement; and (iii) to create anonymized and aggregated data for Plansight’s internal use for product and service improvement purposes. Plansight shall not process the Personal Data in any manner that would cause its access to same to be defined as a “sale” within the meaning of California’s CCPA or other applicable laws or regulations;
- transfer Customer Data to or share Customer Data with third parties only as necessary or appropriate in connection with providing services Customer and/or Plansight, and who have agreed to comply with data security requirements equivalent to these Data Security Requirements in all material respects. If the transfer of Customer Data to a third party is required to comply with applicable laws, Plansight shall, to the extent permitted by such laws, first inform Customer in advance of that legal requirement and of the scope of the intended processing.
- Plansight shall be responsible for the proper use, disclosure, storage, deletion, and other processing of Customer Data under the control of or in the possession of Plansight or its employees, agents or contractors (“Authorized Persons”), as required by applicable laws and regulations. Plansight shall put in place reasonable measures to ensure the reliability of any Authorized Persons with access to Customer Data, and Plansight shall be responsible for, and remain liable to, Customer for the actions and omissions of all Authorized Persons relating to Customer Data as if they were Plansight’s own actions and omissions.
- Plansight shall maintain and comply with its current data security policies and procedures (“Data Security Policies”) that are designed to prevent unauthorized access to, and the destruction, loss, misuse or improper alteration of, Customer Data. Such Data Security Policies shall include, without limitation: (i) at least industry standard security systems, computers and technologies, including firewalls and encryption; (ii) physical security procedures; (iii) background checks on Authorized Personnel; (iv) restriction of use and copying of customer data on a “need-to-know” basis; and (v) adequate walls and internal procedures when providing services to any third party to prevent breach of confidentiality and to avoid any conflict of interest. Plansight will review and update its Data Security Policies to comply with applicable laws and industry standards on a regular basis. Additional details regarding Plansight’s Data Security Policies and practices may be disclosed pursuant to a non-disclosure agreement between the parties.
- If Plansight becomes aware of any loss of or unauthorized access to Customer Data or other security incident that may materially adversely affect the security or privacy of Customer Data that was in Plansight’s possession or control (“Security Breach”), it shall report such Security Breach to Customer in accordance with applicable reporting guidelines and timelines under law and Plansight’s Data Security Policies. Plansight agrees to keep Customer informed and cooperate with Customer and any regulatory authorities in the handling of any Security Breach. Plansight shall take commercially reasonable, industry-standard steps to remedy any Security Breach and prevent any further Security Breach.
- Plansight shall make available to Customer on request all information Customer reasonably requests to demonstrate compliance with these Data Security Requirements. During the term of this Agreement Plansight will have third parties perform annual SOC or other appropriate security audits and penetration testing. Upon Customer’s request, Plansight will provide Customer with copies of its most recent security audit reports. If at any time during the term of the Agreement, (i) a governmental or regulatory authority raises concerns or questions to Customer with respect to data security, or (ii) Customer identifies potential issues regarding Plansight’s handling of, or access to, Customer Data or data security generally, then Plansight shall cooperate reasonably and in good faith with Customer and with any such governmental or regulatory authorities, as applicable, to identify and resolve such concerns or issues.
- At any time at Customer’s request or upon the termination or expiration of the Agreement, unless otherwise set forth in the Agreement, Plansight shall promptly return to Customer all copies, whether in written, electronic or other form or media, of Customer Data in its possession or the possession of such Authorized Persons, or securely dispose of all such copies. Notwithstanding the foregoing, Plansight may retain Customer Data on its back-up servers that are not generally accessible, in the ordinary course of business, as well as one copy in a secure location for archival purposes, provided that such Customer Data shall remain subject to the provisions of this Data Security Addendum.
EXHIBIT C
BUSINESS ASSOCIATE AGREEMENT
This BAA applies only if Customer is a covered entity (or a business associate of a third-party covered entity) under HIPAA and is sharing PHI with Plansight. In this BAA, Customer is referred to as “Covered Entity” and Plansight is referred to as “Business Associate.”
THIS BUSINESS ASSOCIATE AGREEMENT (the “BAA”) is entered into by and between Plansight, Inc. (“Business Associate”) and the Customer specified in the Terms of Service and Customer Agreement associated with this BAA (“Covered Entity”). Unless otherwise defined in this BAA, all capitalized words, like PHI, have the meanings set forth in the HIPAA Privacy and Security Rules, 45 C.F.R. Parts 160, 162 and 164, as modified from time to time.
WHEREAS, Business Associate has been engaged by Covered Entity to perform certain services under the Terms of Service between the parties (the “Services Agreement”), wherein Business Associate may need to access, use and/or disclose PHI received from Covered Entity as a business associate; and
WHEREAS, the parties desire to ensure that their respective rights and responsibilities under the Services Agreement are in accordance with applicable federal statutory and regulatory requirements relating to the access, use and disclosure of Protected Health Information (or “PHI”), including, without limitation, the Standards for Privacy of Individually Identifiable Health Information, and the Security Standards, collectively codified at 45 C.F.R. Parts 160, 162 and 164 (respectively the “Privacy Standards” and “Security Standards” ) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act, as set forth in Subtitle D of the American Recovery and Reinvestment Act of 2009 (“HITECH”); and
WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of HIPAA, HITECH, the Privacy Standards, and the Security Standards, and regulations thereunder;
NOW, THEREFORE, in consideration of the foregoing recitals and the mutual covenants and agreements set forth herein, Business Associate and Covered Entity agree as follows:
1. Definitions.
a. "Electronic Health Record" shall have the same meaning as the term "electronic health record" in the American Recovery and Reinvestment Act of 2009, § 13400(5).
b. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164 and regulations issued thereunder, as may be expanded by HITECH.
c. “Protected Health Information” or “PHI” has the meaning given to Protected Health Information in the HIPAA Rules. For purposes of this BAA, “PHI” is limited to PHI that is provided, created, exchanged or received by or between Business Associate and Covered Entity.
d. Other Terms. The following terms used in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Electronic Protected Health Information (or “Electronic PHI”), Electronic Transactions Rule, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Required by Law, Secretary, Security Incident, Subcontractor, Transaction, Unsecured Protected Health Information, and Use.
e. Regulatory References. A reference in this BAA to a section in the HIPAA Rules means the section as then in effect or as amended.
2. Scope. This BAA sets forth the terms and conditions pursuant to which any and all PHI will be handled. Business Associate and Covered Entity will comply with all applicable laws, including those governing the creation, use, disclosure, access, storage, and maintenance of PHI.
3. Duties and Responsibilities of Business Associate: Business Associate agrees to:
- Use and Disclosure of PHI. Not Use or Disclose PHI other than as permitted or required by this BAA, as set forth in Section 4.a below, or as required by applicable law;
- Safeguards. Use reasonable and appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 and HITECH with respect to electronic PHI, to protect the security of all PHI against Security Incidents, prohibited Uses or Disclosures of PHI or other misuse of PHI, as required by the HIPAA Rules;
- Required Reporting. Report to Covered Entity, within thirty (30) days, any prohibited Use or Disclosure of PHI of which Business Associate becomes aware, by Business Associate, any of its employees, Subcontractors or agents, or any third party receiving or obtaining such PHI from or through Business Associate, including Breaches of Unsecured Protected Health Information, in addition to any other reporting obligations of Business Associate under the HIPAA Rules, as well as any Security Incident of which it becomes aware; provided, however, that the parties acknowledge and agree that from time to time Unsuccessful Security Incidents may occur, that this section constitutes notice to Covered Entity with respect to such incidents, and that no additional notice to Covered Entity is required for such incidents. “Unsuccessful Security Incidents” means any pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and/or comparable attacks or attempts, as long as no such incident results in unauthorized access, Use or Disclosure of PHI. Such reports will include a description of the PHI used or disclosed and the nature of the Use or Disclosure, to the extent such information is known by Business Associate;
- Subcontractors. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit PHI or Electronic PHI on behalf of Business Associate agree to same restrictions, conditions, and requirements that apply to Business Associate with respect to such PHI or Electronic PHI; including the obligation to report to Business Associate any instances of which it is aware of violation of their agreement with respect to PHI or Electronic PHI;
- Individual and Third Party Requests. If Business Associate receives a request from an Individual or any third party to inspect, obtain a copy of, or amend PHI, Business Associate will forward such request in writing to Covered Entity within five (5) business days of receiving the request. Covered Entity will be responsible for making all determinations regarding the third party request for PHI; Business Associate will neither make such determinations nor release PHI to a third party pursuant to such a request, except if and to the extent required by the HIPAA Rules;
- Designated Record Sets. If Business Associate’s services under the Services Agreement require it to maintain a Designated Record Set, then:
- within ten (10) business days of Covered Entity’s request to Business Associate for a copy of PHI, Business Associate will provide the requested PHI to Covered Entity, as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; and
- Business Associate will make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
- Accounting of Disclosures. Maintain and, within thirty (30) days of receiving a request, or sooner if Required by Law, make available the information required to provide an accounting of disclosures to either Covered Entity or the Individual as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528, for a period of at least six (6) years following the date of termination of this BAA;
- Comply with Applicable Obligations of Covered Entity. To the extent Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligation(s);
- Books and Records. Make its internal practices, books, and records relating to the Use and Disclosure of PHI available to the Secretary for purposes of determining compliance with the HIPAA Rules. Neither Business Associate nor Covered Entity waives any attorney-client, accountant-client, or other legal privilege or confidentiality as a result of this Section 3.i; and
- Training. Business Associate will require each employee who will have access to PHI of Covered Entity, to comply with the restrictions and conditions applicable to Business Associate herein. Business Associate will train its employees who may have access to PHI regarding the terms and conditions of this BAA and their obligations under the HIPAA Rules.
- Electronic PHI. Business Associate will comply with the Security Standards and will use appropriate administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic PHI that Business Associate creates, receives, maintains, or transmits on Covered Entity's behalf, as required by the Security Standards. Business Associate shall review and modify the security measures implemented in accordance with the above as needed to continue provision of reasonable and appropriate protection of Electronic PHI. Business Associate shall update documentation of such security measures in accordance with 45 C.F.R. § 164.316(b)(2)(iii) and shall designate a security officer and undertake appropriate training of its personnel in accordance with the Security Standards.
- Compliance with Electronic Transactions Rule. If Business Associate conducts in whole or part electronic Transactions on behalf of Covered Entity for which the Department of Health and Human Services has established standards, Business Associate shall comply, and will require any Subcontractor it involves with the conduct of such Transactions to comply, with each applicable requirement of the Electronic Transactions Rule.
4. Permitted Uses and Disclosures by Business Associate.
- Permitted Uses and Disclosures. Business Associate may only Use or Disclose PHI:
(i) as required to perform services for Covered Entity as specified under the Services Agreement or other agreement between the parties;
(ii) for Business Associate’s proper management and administration (including improving its services), or to carry out the legal responsibilities of Business Associate, provided the disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and Used or further Disclosed only as Required by Law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached;
(iii) to provide Data Aggregation services relating to the Health Care Operations of Covered Entity, if so provided under the Services Agreement or otherwise agreed in writing by the parties; and/or
(iv) to create de-identified information, in accordance with the standards set forth in 45 CFR 164.514(a)-(c), and to use and disclose such de-identified information for any purpose permitted by law.
- Required Uses and Disclosures. Business Associate shall disclose PHI (i) when required by the Secretary of HHS under 45 C.F.R. Part 160, Subpart C to investigate or determine Business Associate’ compliance with Subchapter C of 45 C.F.R., Subtitle A, and (ii) to Covered Entity, the individual or the individual's designee, as necessary to satisfy Covered Entity's obligations under 45 C.F.R. § 164.524(c)(2)(ii) and (3)(ii) with respect to the individual's request for an electronic copy of his or her PHI.
- Access. Business Associate will make available PHI in accordance with 45 C.F.R. § 164.524, upon request from Covered Entity, so that Covered Entity may meet its access obligations under 45 C.F.R. § 164.524.
- Minimum Necessary. Business Associate will, in its performance of the functions, activities, services, and operations specified above, make reasonable efforts to use, to disclose, and to request only the minimum amount of the PHI reasonably necessary to accomplish the intended purpose of the use, disclosure or request, except that Business Associate will not be obligated to comply with this minimum-necessary limitation of 45 C.F.R. § 164.502(b) if neither Business Associate nor Covered Entity is required to limit its use, disclosure or request to the minimum necessary. Business Associate and Covered Entity acknowledge that the phrase "minimum necessary" shall be interpreted in accordance with 45 C.F.R. § 164.502(b).
- Subpart E. Business Associate may not Use or Disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific Uses and Disclosures set forth in Section 4.a.
5. Obligations of Covered Entity.
- Notice of Privacy Practices. Covered Entity shall notify Business Associate of any limitation(s) in the Notice of Privacy Practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s Use or Disclosure of PHI.
- Notice of Changes in Consent. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to Use or Disclose his or her PHI, to the extent that such changes may affect Business Associate’s Use or Disclosure of PHI.
- Notice of Restrictions. Covered Entity shall notify Business Associate of any restriction on the Use or Disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s Use or Disclosure of PHI.
- Permitted Requests. Covered Entity will not request or require Business Associate to Use or Disclose PHI in any manner that would not be permissible under the HIPAA Rules if done by Covered Entity.
6. Term and Termination.
- Term. The term of this BAA shall begin upon the Effective Date of the Services Agreement and shall continue in effect until terminated as provided herein and until Business Associate returns or destroys all PHI of Covered Entity.
- Termination at End of Business Association. This BAA will automatically terminate without further action of the parties upon the termination or expiration of the business association between Business Associate and Covered Entity.
- Termination for Cause. If either party materially breaches this BAA, the other party may terminate this BAA and, at its election, the underlying Services Agreement, subject to thirty (30) days prior written notice and opportunity to cure the breach.
- Effect of Termination. Within thirty (30) days of the termination of this BAA, Business Associate will either return to Covered Entity or, if agreed to by Covered Entity, destroy all PHI that Business Associate still maintains in any form (including any information in the possession of any employee, Subcontractor or other agent of Business Associate). Upon request of Covered Entity, Business Associate will provide a certificate to Covered Entity acknowledging such destruction. Business Associate will thereafter retain no written, digital, back-up or other copies of any PHI of Covered Entity. Notwithstanding the foregoing, if the return or destruction of PHI upon termination is not feasible, Business Associate shall so inform Covered Entity and will continue to maintain the security and privacy of such Protected Health Information in a manner consistent with the obligations of this BAA and as required by applicable law, for so long as Business Associate is in possession of such information. Business Associate will return or destroy such retained PHI as soon as is reasonably feasible. Business Associate may retain all de-identified information created prior to the date of termination of this BAA. The obligations of Business Associate under this Section 6 shall survive the termination of this BAA.
7. Ownership. As between the parties, all PHI is and will remain the property of Covered Entity.
8. Limitation of Liability. NOTWITHSTANDING ANY OTHER PROVISION IN THIS BAA, UNDER NO CIRCUMSTANCES WILL BUSINESS ASSOCIATE HAVE ANY OBLIGATION OR LIABILITY HEREUNDER FOR ANY INCIDENTAL, INDIRECT, CONSEQUENTIAL, COLLATERAL, EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES INCURRED BY COVERED ENTITY (INCLUDING DAMAGES FOR LOST BUSINESS, LOST PROFITS, COSTS OF COVER, COSTS OF DELAY, OR DAMAGES TO BUSINESS REPUTATION), REGARDLESS OF HOW SUCH DAMAGES ARISE, WHETHER OR NOT BUSINESS ASSOCIATE WAS ADVISED SUCH DAMAGES MIGHT ARISE, OR THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. IN NO EVENT SHALL BUSINESS ASSOCIATE HAVE ANY OBLIGATION OR BE LIABLE FOR ANY DAMAGES UNDER THIS BAA IN EXCESS OF THE TOTAL AMOUNTS PAID BY COVERED ENTITY TO BUSINESS ASSOCIATE DURING THE PRIOR TWELVE (12) MONTHS PURSUANT TO THE SERVICES AGREEMENT. These limitations are cumulative; the sum of multiple claims may not exceed such limit.
9. Miscellaneous.
- Assignment; Binding Effect. This BAA is personal to Business Associate and Covered Entity and may not be assigned or delegated by either party without the prior written consent of the other party in each instance; provided, however, that in the event of a permitted assignment of the Services Agreement, this BAA may be assigned together with the Services Agreement. This BAA shall be binding upon and shall inure to the benefit of the parties hereto and their respective representatives, successors, and permitted assigns.
b. Entire Agreement; Amendment. This BAA contains the entire agreement between the parties, and supersedes all prior or contemporaneous agreements, understandings, or representations with respect to the subject matter hereof. This BAA may be amended only by written agreement of the parties. Business Associate and Covered Entity agree to amend this BAA to the extent necessary to allow both parties to comply with the HIPAA Rules as they may be amended or recodified from time to time, or to comply with other applicable regulations or statutes for the protection of PHI.
c. Severability. If any term or provision of this BAA shall to any extent be invalid or unenforceable, the remainder of this BAA shall not be affected thereby and each term and provision of this BAA shall be valid and enforced to the fullest extent permitted by law.
d. Conflict. The terms and provisions of this BAA shall supersede any other conflicting or inconsistent terms and provisions in the Services Agreement, including all exhibits or other attachments thereto and all documents incorporated therein by reference.
e. Choice of Law and Venue. This BAA shall be construed in accordance with the laws of the State of Utah, without giving effect to the choice of law provisions thereof. Venue for any action or proceeding related to this BAA shall be in the state or federal courts of the state of Utah, as appropriate. The parties agree to the personal jurisdiction and venue of such courts.
f. Notices. Any notice or report hereunder shall be deemed given if delivered or sent by first class mail, postage prepaid, addressed to the other party at the address first set forth above, or at such other address as designated by the party by written notice, or by commercial delivery service, or by confirmed email or facsimile. If notice is given by mail and the notice affects the other parties' rights hereunder, the effective date of the notice shall be seven (7) days after the date of mailing or the date the notice is received, whichever is earlier.
g. Interpretation. Any ambiguity in this BAA shall be interpreted to permit compliance with the HIPAA Rules.
SL_6209476.20