Effective May 5, 2022
These Terms apply to all of Synerio’s SaaS based products and services.
Client will notify Synerio in a timely manner of any violation of these Terms upon becoming aware of it, and Client shall be liable for any breach of this provision by its Users.
- ACCESS TO THE PLATFORM AND AUTHORIZED USERS
- 1.1 Administrative Users. During the set-up of the Platform, and Client’s initiation to same, Client will designate an Administrative Username and password for its account, subject to the approval of Synerio.
- 1.2 Authorized Users. Client may configure individual accounts for their Authorized Users to access to access the Platform. User accounts may not be used by more than one User for Client but may be reassigned to new Authorized Users replacing former Authorized Users who no longer require such access. Account reassignment is the sole responsibility of the Client.
- 2.1 Prohibited Actions by Users:
- i. Users will not attempt to decompile, disassemble, reverse engineer or otherwise attempt to use any of Synerio’s software, data, ideas, logic and flow, know-how or algorithms.
- ii. Users will not modify, translate or make derivative works of any of Synerio’s works, software or data;
- iii. Users will not use the Platform or any Synerio software for a service bureau purpose or timesharing arrangement or other computer service to a non-authorized third party;
- iv. Users will not compete with or take part in development or marketing or licensing of software or services competitive to those of Synerio. Client agrees to treat all of Synerio’s works including Synerio’s Platform, software, documentation and data as Confidential Information of Synerio.
- 2.2 User’s Compliance. Client will use and will ensure that all of its Users and Authorized Users abide by these Terms and all applicable laws and regulations. For any violation of this provision, Synerio may suspend Client’s account and access to the Platform. Client will also provide commercially reasonable efforts to cooperate and assist Synerio to protect its Intellectual Property.
- 2.3 Training. Client will use commercially reasonable efforts to ensure that all of its Users are properly trained on the Platform and in the Services, and will use same in accordance with applicable instructions, specifications and documentations from Synerio.
- 2.4 Client Systems. Client will assure that the functionality and security of its own equipment, including User systems, and any other services needed to connect to or be used in connection with the Services hereunder are properly maintained, protected and working correctly.
- 2.5 No Exports. Neither Client nor its Users may remove or export from the United States any of the materials accessed hereunder except as expressly authorized by contract.
- 2.6 DEFARS. To the extent applicable, pursuant to Defense Federal Acquisition Regulation Supplement, Chapter 2 of Title 48, USCS, Federal Regulations, any use or access to any of Synerio’s software or documentation by the U.S. Government is governed solely by this Agreement and is prohibited except to the extent expressly permitted by this Agreement.
- 3.1 Disclosure of Confidential Information
All of a Party’s Confidential Information shall be and remain the sole and exclusive property of such Party. Except as otherwise provided herein, each Party shall:
- a) maintain in confidence the Confidential Information of the other Party, using at least the same care as it employs to avoid disclosure, publication, or dissemination of its own information of a similar nature, but in no event less than a reasonable standard of care;
- b) not disclose any such Confidential Information to any person, business, or Entity outside that Party’s business organization;
- c) use the Confidential Information of the other Party solely for the purpose of performing its obligations or exercising or enforcing its rights under this Agreement; and
- d) not acquire any right in or assert any lien against Confidential Information of the other Party.
- 3.2. Exceptions
- a) at the time of disclosure to such Party, a matter of public record or in the public domain;
- b) after disclosure to such Party, published or otherwise entered the public domain through no fault of such Party;
- c) in the lawful possession of such Party at the time of disclosure to it, if such Party was not then under an obligation of confidentiality with respect thereto;
- d) received after disclosure to such Party from a third party who had a lawful right to disclose such Confidential Information to it; or
- e) independently developed by such Party without reference to Confidential Information of the other Party.
- 3.3. Personal Information
- 3.3.1. Supplier shall be responsible under this Agreement for any failure of Supplier or Supplier Personnel to comply with the terms of any applicable Business Associate Addendum (relating to any Protected Health Information [“PHI”]) or any governing laws or regulations regarding Personal Identifiable Information (“PII”) applicable to Supplier in the same manner and to the same extent it would be responsible for any failure to comply with its other obligations under this Agreement. To the extent applicable, Client, as a covered entity, shall be responsible under this Agreement for any failure of Client and its Affiliates and their employees and subcontractors (excluding Supplier and all Supplier Personnel) to comply with the terms of the Business Associate Addendum or the Laws referenced in the Business Associate Addendum applicable to Client in the same manner and to the same extent it would be responsible for any failure to comply with its other obligations under this Agreement.
- 3.3.2. Use of Personal Information. Supplier will, and will cause Supplier Personnel to, keep Client Personal Information strictly confidential. Supplier will use, disclose, receive and maintain Client Personal Information only as necessary for the specific purpose for which the Client Personal Information was disclosed to Supplier and only in accordance with the Agreement and the applicable Law of any jurisdiction relating to disclosure or use of Client Personal Information.
- 3.3.3. Return of Personal Information. Except as necessary to perform (a) any Services that have not been terminated or (b) Disengagement Services, at Client’s direction and in its discretion at any time, and in any event upon any termination or expiration of the Agreement, Supplier will immediately return to Client any and all Client Personal Information and will destroy all records of such Client Personal Information except as set forth herein. Upon termination of any Services under the Agreement or the end of any Disengagement Period, Supplier will return to Client any or all applicable Client Personal Information which is not necessary for the performance of the other remaining Service(s) or Disengagement Services under the Agreement or destroy all records of such Client Personal Information except as set forth herein.
- 3.3.4. Any healthcare data, PHI or any PII that is stored in the database will not be subject to removal from the database, subject to any governing law or regulatory requirements, except by a request from a patient or person whose PHI or PII is involved.
Notwithstanding the foregoing, each Party may disclose Confidential Information of the other Party to its employees, agents, contractors, Affiliates and subcontractors who have: (i) a need to know such Confidential Information in order to perform their duties or to evaluate or exercise such Party’s rights under this Agreement; and (ii) a contractual or other legal duty to protect the Confidential Information of the other Party on terms at least as stringent as those set forth herein. A Party receiving Confidential Information of the other Party assumes full responsibility for the acts or omissions of its Affiliates, subcontractors, contractors, agents and employees with respect to such Confidential Information (e.g., Client assumes full responsibility for the acts or omissions of Permitted Auditors with respect to Supplier’s Confidential Information). Notwithstanding any other provision of the Agreement, in no event will Client disclose any Confidential Information of Supplier to a Direct Supplier Competitor. It is specifically understood and agreed that any breach may result in irreparable injury to the non-breaching Party, that the remedy at law alone may be an inadequate remedy for such breach and that, in addition to any other remedy for such breach, the non-breaching Party is entitled to seek to enforce the specific performance of this Agreement through both temporary and permanent injunctive relief or equivalent protective or preventative relief in any court of competent jurisdiction.
These obligations shall not apply to any Confidential Information that a Party can demonstrate was:
Supplier shall maintain a documented and tested Incident management program and ensure that all Security Events (as defined below) are considered Incidents as pertains to such program. In the event that Supplier learns or has reason to believe that Client Confidential Information has been disclosed in an unauthorized manner or accessed by an unauthorized party (a “Security Event”):
- a) Supplier shall use commercially reasonable efforts to cause its Affiliates and subcontractors to notify representatives of Client within a reasonable time after becoming aware of any Incident or suspected or actual data security breach, including a security breach of Supplier’s systems used by the Synerio Software. Supplier shall not notify law enforcement or federal or state regulatory authorities of any such breach without prior notice to Client unless otherwise required by applicable Law. If Supplier notifies Client of a suspected or actual security breach, Supplier shall, if requested by Client, grant access to Client representatives or a qualified third party agreed to by Client and Supplier to Supplier’s systems and premises to allow such representatives or third party to perform an investigation deemed necessary by Client to locate the source of such breach; provided in no event will such access include access to information of any other customer of Supplier. Each Party shall act reasonably and in good faith in the selection of such third party, such third party shall not be a Direct Supplier Competitor, shall comply with Supplier’s reasonable policies and procedures while on Supplier’s premises and must be subject to a contractual or other legal duty to protect the Confidential Information of Supplier.
- b) Supplier shall, and shall cause its Affiliates and subcontractors to, provide Client with the following information (to the extent reasonably determinable) in writing concerning any suspected or actual data security breach by or involving any person or in any systems, processes, hardware or software under Supplier’s control that are used to store, transmit or otherwise affect Client Confidential Information: (i) the date of the breach; (ii) details concerning the data compromised (e.g., strategic financial information, or customer names and addresses); (iii) the method of the breach; (iv) appropriate Supplier security personnel contacts and security personnel contacts of its Affiliates and subcontractors; (v) the name of any person and/or law enforcement agency assisting Supplier with the investigation of the suspected or actual data security breach; (vi) a list of all parties known to have gained unauthorized access to Client Confidential Information for the limited purpose of assessing Client’s exposure; and (vii) any other information which Client reasonably requests from Supplier and/or its Affiliates or subcontractors concerning such suspected or actual data security breach, including any forensics report(s). Supplier shall provide the information listed in (i)-(vii) as soon as is reasonably practicable and in any event shall provide the information listed in (i)-(vii) to Client within seven (7) days of Supplier’s initial notification of the actual or suspected breach. Supplier and its Affiliates and subcontractors must provide Client with copies of any reports concerning such breach as soon as practicable. Unless otherwise required by applicable Law, Supplier agrees not to notify affected parties or other third parties of or issue any press release or other public announcement concerning, the suspected or actual data security breach without the prior approval of Client.
- c) With respect to matters under this Section, Supplier and Client agree that they shall act reasonably and in good faith and shall not unreasonably withhold, delay or condition their approval, consent or cooperation.
Either Party may disclose Confidential Information to the extent required by Law or by order of a court or governmental agency or to the extent reasonably necessary to bring a claim (or otherwise to enforce its rights) under this Agreement against, or defend a claim (or otherwise enforce its rights) under this Agreement brought by, the other Party; provided, however, that the recipient of such Confidential Information shall give the discloser of such Confidential Information prompt notice, and shall, at the cost and expense of the discloser of such Confidential Information, use commercially reasonable efforts to cooperate with the discloser of such Confidential Information if the discloser wishes to obtain a protective order or otherwise protect the confidentiality of such Confidential Information. The discloser of such Confidential Information reserves the right to obtain a protective order or otherwise protect the confidentiality of such Confidential Information.
In the event of any unauthorized disclosure or loss of Confidential Information by the receiving party, the receiving Party shall immediately notify the disclosing Party.
Unless a Party is expressly authorized by the Agreement to retain the other Party’s Confidential Information or needs access to the other Party’s Confidential Information in order to perform its obligations under this Agreement, such Party shall promptly return or destroy, at the other Party’s option, the other Party’s Confidential Information, and all copies thereof, at the other Party’s request, and shall certify to the other Party that it no longer has in its possession or under its control any such Confidential Information in any form whatsoever, or any copy thereof. If return or destruction of any particular Confidential Information is not feasible, the receiving Party shall continue to extend the protections of such Confidential Information, and limit further use of such Confidential Information to those purposes that make the return or destruction of such Confidential Information infeasible. If the Agreement is terminated by Client pursuant to any act by a Party that puts Confidential Information at heightened risk of loss, the other Party may require the Party compromising such Confidential Information to return or destroy any such Confidential Information of the Party owning same, and all other such Information. The exceptions to the return or destruction of Confidential Information in this section are subject in each case to applicable Laws regarding destruction of Personal Information and return of Personal Information above, and Section 4.3.5 above.
- 8.1. Client Data. Subject to the other express provisions of this Agreement, Client Data shall be and remain, as between the Parties, the property of Client whether or not Client is in possession of the Client Data. At the cost and expense of Client (on a time and materials basis at T&M Rates), Client Data shall be extracted from the Synerio System and made available to Client, upon Client’s request at any time during the Term and any Disengagement Period, in real time by the means and in the form and format as reasonably requested by Client. To the extent agreed in any statement of work, Client will have additional access to Client Data as provided in such statement of work.
- 8.2. Data Security Program. The content and implementation of Supplier’s data security program and associated technical, organizational and security measures shall be fully documented in writing by Supplier. Supplier shall permit Client to review such documentation and/or to inspect Supplier’s compliance with such program at reasonable times and places.
- 8.3. Backups. Client shall have the right to establish backup security for any Client Data located in the Client Operating Environment and to keep backup copies of such Client Data in its possession if it chooses. At Client’s request, cost and expense, Supplier shall within a reasonable time provide Client with downloads of Client Data to enable Client to maintain such backup copies.
- 8.4. Destruction of Client Data. To the extent Supplier removes Client Data from any media under its control that is taken out of service, Supplier shall then destroy or securely erase such media in accordance with applicable standards. Under no circumstances shall Supplier use or re-use media on which Client Data has been stored for any purpose unless such Client Data has been securely erased.
- 8.5. Restoration of Client Data. The restoration of any destroyed, lost or altered Client Data shall be performed by the Party that has operational responsibility for maintaining the system on which such Client Data resides and for creating and maintaining backup copies of such Client Data. To the extent (a) Supplier is operationally responsible for performing such restoration; or (b) such destruction, loss or alteration is attributable to (i) Supplier or Supplier Personnel, (ii) an error in the Synerio Services, or (iii) the failure of Supplier or Supplier Personnel to comply with Supplier’s obligations under this Agreement, Supplier shall bear the cost and expense of restoring such data.
- 8.6. Policy for Document Retention or Destruction. Except as expressly set forth herein, all matters relating to the document retention or destruction are governed under the terms of the Synerio Document Retention Policy which is available to Users here.
- 9.1 Ownership. The Parties acknowledge that Synerio is the owner of all right, title and interest in and to the Platform, its software, and all rights of copyright and rights of patentability in and to same. It is acknowledged that during the course of use of the Services hereunder, Client or others may recommend certain enhancements or modifications to the software or the Services. Any right to use by Synerio of the information in such requests or recommendations shall be granted to Synerio so that any development from same or enhancements relating to same shall be thereafter owned by Synerio to the extent utilized in any of its software or works, and Client hereby assigns all right, title and interest to same to Synerio for such purpose.
- 9.2 Vendor Information and Client Data. Client hereby grants to Synerio a transferable, sublicensable and non-exclusive worldwide and free license to use and otherwise explore in accordance with the provisions hereof, the Client data to provide the Services to Client hereunder and as necessary to monitor and improve the Platform and Synerio Services. Also, a similar license is granted hereunder to Synerio for any lawful purpose to vendor information. “Vendor Information” means any vendor list or contract information provided to Synerio by Client or uploaded to the Platform by or on behalf of Client. Synerio may use, reproduce and disclose all of same to the extent it is made anonymous and de-identified or otherwise rendered not reasonably associated or linked to Client or any other identifiable individual person or entity so that it may be utilized for product improvement or other lawful purposes. All of such information, data and material will be owned in its aggregated form by Synerio.
- 9.3 Data Back-Up. It is acknowledged that upon termination or expiration of this Agreement, Client will not have access to Client data through Synerio or its Platform at that time or thereafter. It is understood that individual information such as patient healthcare information on the Platform may still be accessible by authorized patients and their Authorized healthcare providers in such event to the extent and in accordance with the provisions herein.
- 9.4 Only Express License. No rights or licenses are granted under this Agreement except as expressly forth herein.