User Information & Agreements
Business Associate Agreement
This Business Associate Agreement (“BAA”) is effective, as of the date executed by Counterparty below, by and between ClariFi Health LLC, a Delaware corporation having its principal place of business at 30 Browning Road, Short Hills, NJ 07078 (“Company” or “ClariFi Health LLC”), and Counterparty (defined below).
ClariFi Health LLC provides its proprietary, Software-as-a-Service solution for integrating various types of platforms, such as HR, payroll, recruiting, and accounting systems (“Service(s)”) to Customers and End Customer (each as defined below). The provision of the Services pursuant to ClariFi Health LLC’s Master Services Agreement, available at http://www.ClariFiHealth.ai (“Services Agreement”) may involve the Processing of PHI subject to HIPAA (each as defined further below). The purpose of this BAA is to set forth the terms under which ClariFi Health LLC processes PHI.
THIS BAA APPLIES BETWEEN THE PARTIES WHERE COUNTERPARTY EXECUTES THE BAA BY CLICKING A BOX INDICATING ACCEPTANCE, TRANSFERS PHI TO CLARIFI HEALTH LLC FOR PROCESSING BY MEANS OF THE SERVICE, OR OTHERWISE AFFIRMATIVELY INDICATES ACCEPTANCE OF THIS BAA. BY DOING SO, YOU: (A) AGREE TO THIS BAA ON BEHALF OF THE ORGANIZATION, COMPANY, OR OTHER LEGAL ENTITY FOR WHICH YOU ACT (“COUNTERPARTY”); AND (B) REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND COUNTERPARTY AND ITS AFFILIATES TO THIS BAA. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THIS BAA, YOU MAY NOT DIRECTLY OR INDIRECTLY TRANSFER PHI TO CLARIFI HEALTH LLC. CLARIFI HEALTH LLC RESERVES THE RIGHT TO MODIFY OR UPDATE THE TERMS OF THIS BAA IN ITS DISCRETION, THE EFFECTIVE DATE OF WHICH WILL BE THE EARLIER OF (I) 30 DAYS FROM THE DATE OF SUCH UPDATE OR MODIFICATION AND (II) COUNTERPARTY’S CONTINUED TRANSFER OF PHI.
In the provision of services by ClariFi Health LLC involving Counterparty, the following roles (“Roles”) apply among the parties:
Counterparty
Description
Role / Data Processing Function(s)
Customer
Party that purchases a Subscription to the Service
For Customer PHI processed by ClariFi Health LLC, Customer is the Covered Entity and ClariFi Health LLC is the Business Associate
For End Customer PHI processed by ClariFi Health LLC received from Customer, Customer is the Business Associate and ClariFi Health LLC is the Subcontractor
End Customer
The Customer’s customer that enables integration between the Service and Partner’s platform in order for ClariFi Health LLC to Process the End Customer’s PHI for the benefit of the Customer
For End Customer PHI processed by ClariFi Health LLC, End Customer is the Covered Entity; Customer is the Business Associate; and ClariFi Health LLC is the Subcontractor
Partner
Provider of a SaaS solution used by End Customer (e.g., typically in the HRIS, ATS, accounting, ticketing or CRM space)
End Customer is the Covered Entity; Partner is the Business Associate; ClariFi Health LLC is the Business Associate to End Customer and/or Subcontractor to Partner
A.
Covered Entity is or may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the implementing regulations thereof (“HIPAA Regulations”). “PHI” has the meaning set forth in the HIPAA Regulations and refers to Protected Health Information maintained, transmitted, created or received by Business Associate, or a Subcontractor, for or from a Covered Entity and/or Business Associate, as the case may be. Capitalized terms used in this BAA will have the meanings as defined under applicable law, as set forth herein or in the Services Agreement or DPA between ClariFi Health LLC and the Counterparty.
B.
The parties may maintain, transmit, create or receive data that constitutes PHI to perform tasks on behalf of Covered Entity and/or Business Associate as applicable pursuant to the terms of this BAA;
C.
To the extent required by the HIPAA Regulations and applicable state law, the parties may be directly subject to certain privacy and security obligations and penalty provisions of HIPAA, HITECH, the HIPAA Regulations and state law.
The parties agree as follows:
Use and Disclosure
a.
Each party will comply with the requirements of the HIPAA Regulations and this BAA that apply to its Role.
b.
A party may use and disclose PHI only as permitted or required by this BAA or as required by law.
c.
To the extent a party receives notice of a reasonable restriction from Covered Entity that would limit its use or disclosure of PHI: (i) Business Associate will promptly notify Subcontractor of such restriction; and (ii) each party will use commercially reasonable efforts to comply with the restriction applicable to their Role.
d.
For clarity, if Subcontractor handles PHI on behalf of Business Associate, the terms and conditions of this BAA that apply to Business Associate apply with equal force and effect to Subcontractor.
Appropriate Safeguards. Business Associate and Subcontractor agree to maintain reasonable and appropriate administrative, technical and physical safeguards to protect PHI from uses or disclosures not permitted by this BAA, including maintaining policies and procedures to detect, prevent or mitigate identity theft based on PHI or information derived from PHI. Business Associate and Subcontractor agree to comply with the applicable requirements of the HIPAA Regulations with respect to electronic PHI and any guidance issued by the Secretary of the Department of Health and Human Services (“HHS”).
Incident Notification.
a.
If ClariFi Health LLC becomes aware of or discovers any use or disclosure of PHI in violation of this BAA, any Personal Data Breach (as defined in the DPA) involving PHI, or any Breach of Unsecured Protected Health Information (each as defined in the HIPAA Regulations) related to any individual who is the subject of PHI, ClariFi Health LLC will promptly report such use, disclosure, incident, or breach to Covered Entity and Counterparty and shall include the information specified in the HIPAA Regulations. ClariFi Health LLC will mitigate, to the extent practicable, any harmful effect known to it of a use or disclosure of PHI by ClariFi Health LLC not permitted by this BAA.
b.
If Counterparty becomes aware of any use or disclosure of PHI in violation of this BAA, or any Breach of Unsecured Protected Health Information related to any individual who is the subject of PHI, Counterparty will promptly report such use, disclosure, incident, or breach to Covered Entity and Counterparty and shall include the information specified in the HIPAA Regulations. Counterparty will mitigate, to the extent practicable, any harmful effect known to it of a use or disclosure of PHI by Counterparty not permitted by this BAA.
Access to Designated Record Sets. Within fifteen (15) days of a request by Covered Entity for access to PHI about an individual contained in a Designated Record Set (as defined at the HIPAA Regulations), Business Associate or Subcontractor will make available to Covered Entity such PHI in the form requested by Covered Entity. If the requested PHI is maintained electronically, Business Associate or Subcontractor will provide a copy of the PHI in the electronic form and format requested by the individual, if it is readily producible, or, if not, in a readable electronic form and format as agreed to by Covered Entity and the individual. If any individual requests access to PHI directly from Business Associate or Subcontractor, Business Associate or Subcontractor will within ten (10) days forward such request to Covered Entity. Any denials of access to the PHI requested shall be the responsibility of Covered Entity.
Amendments to Designated Record Sets. Within fifteen (15) days of receipt of a request from Covered Entity for the amendment of an individual’s PHI contained in a Designated Record Set (for so long as the PHI is maintained in the Designated Record Set), Business Associate or Subcontractor will provide such information to Covered Entity for amendment and incorporate any such amendments in the PHI. In the event a request for an amendment is delivered directly to Business Associate or Subcontractor, Business Associate or Subcontractor shall within ten (10) days of receiving such request forward the request to Covered Entity.
Access to Books and Records. Except for disclosures of PHI excluded from the accounting obligation as set forth in the HIPAA Regulations or regulations issued pursuant to HITECH, Business Associate and Subcontractor will record for each disclosure the information required to be recorded by covered entities pursuant to the HIPAA Regulations. Within twenty (20) days of notice by Covered Entity to Business Associate that it has received a request for an accounting of disclosures of PHI, Business Associate and/or Subcontractor will make available to Covered Entity, or the individual (if requested by Covered Entity), the information required to be maintained pursuant to this Section 6. In the event the request for an accounting is delivered directly to Business Associate or Subcontractor, Business Associate or Subcontractor shall within ten (10) days forward such request to Covered Entity.
Accountings. At Covered Entity’s or HHS’ request, Business Associate or Subcontractor shall make its internal practices, books and records relating to the use and disclosure of PHI available to HHS for purposes of determining compliance with the HIPAA Regulations.
Permitted Uses and Disclosures. Neither Business Associate nor Subcontractor are authorized to use or disclose PHI in a manner that would violate the HIPAA Regulations if done by Covered Entity, provided that Business Associate and/or Subcontractor may:
a.
use the PHI for its proper management and administration and to carry out its legal responsibilities;
b.
disclose PHI for its proper management and administration and to carry out its legal responsibilities, provided that disclosures do not violate the HIPAA Regulations;
c.
use and disclose PHI to report violations of law to appropriate Federal and State authorities;
d.
aggregate the PHI in its possession with the PHI of other covered entities that it has in its possession through its Role to other covered entities, provided that such aggregation conforms to the requirements of the HIPAA Regulations; and
e.
use PHI to create de-identified information, and use such de-identified information for its own purposes, provided that the de-identification and use thereof conforms to the requirements of the HIPAA Regulations.
Responsibilities of the Business Associate with Subcontractor. If applicable, for the use and/or disclosure of PHI by Subcontractor, Business Associate agrees:
a.
To inform Subcontractor of any changes in the notice of privacy practices (“Notice”) that Business Associate provides, directly or indirectly, to individuals pursuant to the HIPAA Regulations, that affect Subcontractor’s use or disclosure of PHI, and provide to Subcontractor, upon request, a copy of the Notice currently in use.
b.
To inform Subcontractor of any changes in, or revocation of, the authorization provided to Business Associate by individuals pursuant to HIPAA Regulations, to the extent relevant to the Services being provided under the Services Agreement.
c.
To inform Subcontractor of any opt-outs exercised by any individual from fundraising activities of Business Associate pursuant to HIPAA Regulations, to the extent relevant to the Services being provided under the Services Agreement.
d.
To notify Subcontractor, in writing and in a timely manner, of any arrangements permitted or required of Business Associate under HIPAA Regulations that may impact in any manner the use and/or disclosure of PHI required by Subcontractor under this BAA, including, but not limited to, agreed upon restrictions regarding the use and/or disclosure of PHI as provided for in HIPAA Regulations.
HIPAA Transaction Standards. If Business Associate or Subcontractor conducts standard transactions (as defined in the HIPAA Regulations) for or on behalf of Covered Entity, Business Associate or Subcontractor will comply and will require by written contract each agent or contractor (including any subcontractor) involved with the conduct of such standard transactions to comply, with each applicable requirement of the HIPAA Regulations. Neither Business Associate nor Subcontractor will enter into, or permit its agents or contractors (including subcontractors) to enter into, any trading partner agreement in connection with the conduct of standard transactions for or on behalf of Covered Entity that: (a) changes the definition, data condition, or use of a data element or segment in a standard transaction; (b) adds any data elements or segments to the maximum defined data set; (c) uses any code or data element that is marked “not used” in the standard transaction’s implementation specification or is not in the standard transaction’s implementation specification; or (d) changes the meaning or intent of the standard transaction’s implementation specification. Business Associate and Subcontractor agree to participate in any test modification conducted by Covered Entity in accordance with the HIPAA Regulations.
Term and Termination. This BAA remains in effect until the Services Agreement is terminated or expires. Either party may terminate this BAA and the Services Agreement effective immediately if it determines that the other party has breached a material provision of this BAA and failed to cure such breach within thirty (30) days of being notified by the other party of the breach. If the non-breaching party determines that cure is not possible, such party may terminate this BAA and the Services Agreement effective immediately upon written notice to other party.
Limitation of Liability. This BAA is subject to the limitations on liability set forth in the Services Agreement.
Effect of Termination. Upon termination of this BAA, ClariFi Health LLC agrees to either return or destroy, at no cost to Counterparty, all PHI that ClariFi Health LLC maintains in any form. Notwithstanding the foregoing, to the extent that it is not feasible to return or destroy such PHI, the terms and provisions of this BAA shall survive termination of this BAA, and ClariFi Health LLC will only use or disclose such PHI solely for such purpose or purposes which prevented the return or destruction of such PHI.
Miscellaneous. To the extent Business Associate is acting as a business associate under the HIPAA Regulations, Business Associate shall be subject to the penalty provisions specified in HITECH. Upon the effective date of any final regulation or amendment to final regulations promulgated by HHS with respect to PHI, this BAA will be deemed to be automatically amended such that the obligations imposed on the parties remain in compliance with such regulations. If any term or condition of this BAA conflicts with the Services Agreement or DPA, the terms of this BAA will prevail.
Data Processing Agreement
This Data Processing Agreement, including its Annexes (“DPA”), is entered into by ClariFi, a Delaware corporation having its principal place of business at 30 Browning Road, Short Hills, NJ 07078 (“Company” or “ClariFi Health LLC”), and Counterparty (defined below).
ClariFi Health LLC provides its proprietary, Software-as-a-Service solution for integrating HR, payroll, recruiting, and accounting platforms (“Service(s)”) to Customers and End Customer (each as defined below). The provision of the Service involves the Processing of Personal Data subject to the Data Protection Laws, and the purpose of this DPA is to set forth the terms under which ClariFi Health LLC Processes the Personal Data.
THIS DPA APPLIES BETWEEN THE PARTIES WHERE A REPRESENTATIVE OF COUNTERPARTY CLICKS A BOX INDICATING ACCEPTANCE, TRANSFERS PERSONAL DATA TO CLARIFI HEALTH LLC FOR PROCESSING BY MEANS OF THE SERVICE, OR OTHERWISE AFFIRMATIVELY INDICATES ACCEPTANCE OF THIS DPA. BY DOING SO, YOU: (A) AGREE TO THIS DPA ON BEHALF OF THE ORGANIZATION, COMPANY, OR OTHER LEGAL ENTITY FOR WHICH YOU ACT (“COUNTERPARTY”); AND (B) REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND COUNTERPARTY AND ITS AFFILIATES TO THIS DPA. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THIS DPA, YOU MAY NOT DIRECTLY OR INDIRECTLY TRANSFER PERSONAL DATA TO CLARIFI HEALTH LLC. CLARIFI HEALTH LLC RESERVES THE RIGHT TO MODIFY OR UPDATE THE TERMS OF THIS DPA IN ITS DISCRETION, THE EFFECTIVE DATE OF WHICH WILL BE THE EARLIER OF (I) 30 DAYS FROM THE DATE OF SUCH UPDATE OR MODIFICATION AND (II) COUNTERPARTY’S CONTINUED TRANSFER OF PERSONAL DATA.
If Customer and ClariFi Health LLC have executed a written data processing agreement governing the processing of personal data by means of the Service, then the terms of such signed data processing agreement between the parties will supersede this DPA.
In the provision of services by ClariFi Health LLC involving Counterparty, the following roles (“Roles”) apply among the parties:
Counterparty
Description
Data Processing Function(s)
Customer
Party that purchases a Subscription to the Service
For Customer Personal Data Processed by ClariFi Health LLC, Customer is the Controller and ClariFi Health LLC is a Processor
For End Customer Personal Data Processed by ClariFi Health LLC, Customer is a Processor and ClariFi Health LLC is a Processor and/or subprocessor
End Customer
The Customer’s customer that enables integration between the Service and Partner’s platform in order for ClariFi Health LLC to Process the End Customer’s Personal Data for the benefit of the Customer
For End Customer Personal Data Processed by ClariFi Health LLC, End Customer is the Controller; Customer is a Processor; and ClariFi Health LLC is a Processor and/or subprocessor
Partner
Provider of a SaaS solution used by End Customer (e.g., typically in the HRIS, ATS, or accounting space)
End Customer is the Controller; Partner is the Processor; ClariFi Health LLC is the Processor to End Customer
Definitions.
All capitalized terms used in this DPA will have the meanings given to them herein, in applicable Data Protection Laws, or as set forth in the applicable Agreement between ClariFi Health LLC and the Counterparty.
“Agreement” means the applicable terms between ClariFi Health LLC and Counterparty regarding use of or integration with the Service.
“Controller” means the entity or Business which solely or jointly with other entities determines the purposes and means of the Processing of Personal Data, and for the purposes of this DPA is as set forth in the Roles table above.
“Data Breach” means a breach of security leading to accidental or unlawful destruction, loss, or alteration, unauthorized disclosure of, or access to, Personal Data Processed by ClariFi Health LLC on behalf of Counterparty.
"Data Protection Laws” means all applicable data protection and privacy laws, their implementing regulations, regulatory guidance, and secondary legislation, each as updated or replaced from time to time, including, as they may apply: (i) the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”) and any applicable national implementing laws; (ii) the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018; (iii) U.S. legislation (e.g., the California Consumer Privacy Act and the California Privacy Rights Act); and (iv) any other laws that may be applicable.
“Data Subject” means the identified or identifiable person to whom the Personal Data relates, as defined in the applicable Data Protection Laws.
“EU Standard Contractual Clauses” or “SCCs” or “Clauses” means the terms available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN and promulgated pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council 4 June.
“Personal Data” means any information relating to a Data Subject that is subject to the Data Protection Laws and that ClariFi Health LLC Processes on behalf of Counterparty as described in Section 4 of this DPA.
“Processing” has the meaning given to it in the Data Protection Laws and “process”, “processes” and “processed” will be construed accordingly.
“Processor” means the entity or Service Provider which Processes Personal Data on behalf of the Controller, as defined in the applicable Data Protection Laws and for the purposes of this DPA is as set forth in the Roles table above.
Compliance With Laws.
Each party will comply with the Data Protection Laws as applicable to it.
Personal Data Obligations.
Counterparty undertakes that all instructions for the Processing of Personal Data under the Agreement or this DPA or as otherwise agreed will comply with the Data Protection Laws, and such instructions will not cause ClariFi Health LLC to be in breach of any Data Protection Laws. Counterparty, to the extent that it provides its Personal Data to ClariFi Health LLC, is responsible for the means by which the Personal Data was acquired.
Data Processing.
ClariFi Health LLC will Process the Personal Data solely for the purposes of providing the Service and in accordance with Counterparty’s instructions as outlined in the Agreement and this DPA, or as otherwise documented by Counterparty, in either event only as permitted by applicable Data Protection Laws.
Unless prohibited by applicable law, ClariFi Health LLC will notify Counterparty if in its opinion, an instruction infringes any Data Protection Laws to which it is subject, in which case ClariFi Health LLC will be entitled to suspend performance of such instruction without liability to ClariFi Health LLC, until Counterparty confirms in writing that such instruction is valid under the Data Protection Laws. Any additional instructions regarding the manner in which ClariFi Health LLC Processes the Personal Data will require prior written agreement between ClariFi Health LLC and Counterparty.
ClariFi Health LLC will not disclose Personal Data to any government, except as necessary to comply with applicable law or a valid and binding order of a law enforcement agency (such as a subpoena or court order). If ClariFi Health LLC receives a binding order from a law enforcement agency for Personal Data, ClariFi Health LLC will notify Counterparty of the request it has received so long as ClariFi Health LLC is not legally prohibited from doing so.
ClariFi Health LLC will ensure that individuals with access to or involved in the Processing of Personal Data are subject to appropriate confidentiality obligations and/or are bound by related obligations under Data Protection Laws or other applicable laws.
Where ClariFi Health LLC acts as Counterparty’s Service Provider, ClariFi Health LLC shall not: (i) sell or share Personal Data; (ii) collect, retain, use, or disclose Personal Data (a) for any purpose other than providing the Service specified in the Agreement and this Addendum or (b) outside of the direct business relationship between ClariFi Health LLC and Counterparty; or (iii) combine this Personal Data with Personal Data that ClariFi Health LLC obtains from other sources except as permitted by applicable Data Protection Laws. ClariFi Health LLC certifies that it understands the prohibitions outlined in this Section and will comply with them.
The duration of the Processing, the nature and specific purposes of the Processing, the types of Personal Data Processed, and categories of Data Subjects under this Addendum are further specified in the Annexes to this Addendum and, on a more general level, in the Agreement.
Transfers of Personal Data.
ClariFi Health LLC shall transfer Personal Data between jurisdictions as a Data Processor in accordance with applicable Data Protection Laws.
Transfers of Personal Data Outside the EEA.
Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from EEA to other jurisdictions where such jurisdictions are deemed to provide an adequate level of data protection under applicable Data Protection Laws.
Transfers to other third countries. If the Processing of Personal Data includes transfers from EEA/EU Member States to countries outside the EEA/EU which have not been deemed adequate under applicable Data Protection Laws, the parties’ EU Standard Contractual Clauses are hereby incorporated into and form part of this Addendum. The Parties agree to include the optional Clause 7 (Docking clause) to the EU SCCs incorporated into this Addendum. With regards to clauses 8 to 18 of the EU SCCs, the different modules and options will apply as follows:
Module Two or Three shall apply, in accordance with the Roles.
The Option within Clause 11(a) of the EU SCCs, providing for the optional use of an independent dispute resolution body, is not selected.
The Options and information required for Clauses 17 and 18 of the EU SCCs, covering governing law and jurisdiction, are outlined in Section 12 of this Addendum.
Option 2 within Clause 9(a) of the EU SCCs, covering authorization for sub-processors, is selected, as discussed within Section 11 of this Addendum.
Transfers of Personal Data Outside Switzerland. If Personal Data is transferred from Switzerland in a manner that would trigger obligations under the Federal Act on Data Protection of Switzerland (“FADP”), the EU SCCs shall apply to such transfers and shall be deemed to be modified in a manner to that incorporates relevant references and definitions that would render such EU SCCs an adequate tool for such transfers under the FADP.
Transfers of Personal Data Outside the UK. If Personal Data is transferred in a manner that would trigger obligations under UK GDPR, the parties agree (i) that Annex IV shall apply.
Annexes. This Addendum and its Annexes, together with the Agreement, including as relevant applicable Clauses, serve as a binding contract that sets out the subject matter, duration, nature, and purpose of the Processing, the type of Personal Data and categories of data subjects as well as the obligations and rights of the Controller. ClariFi Health LLC may execute relevant contractual addenda, including as relevant the EU SCCs (Module 3) with any relevant Subprocessor (as hereinafter defined, including Affiliates). Unless ClariFi Health LLC notifies Customer to the contrary, if the European Commission subsequently amends the EU SCCs at a later date, such amended terms will supersede and replace any EU SCCs executed between the parties.
Alternative Data Export Solution. The parties agree that the data export solutions identified in this Section 5 will not apply if and to the extent that Customer adopts an alternative data export solution for the lawful transfer of Personal Data (as recognized under applicable Data Protection Laws), in which event, Customer shall reasonably cooperate with ClariFiHealth LLC to implement such solution and such alternative data export solution will apply instead (but solely to the extent such alternative data export solution extends to the territories to which Personal Data is transferred under this Addendum).
Technical and Organizational Measures.
ClariFi Health LLC will implement appropriate technical and organisational measures to ensure a level of security of the Personal Data appropriate to the risk, as further described in Annex II hereto. In assessing the appropriate level of security, ClariFi Health LLC will take into account the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.
Data Subject Rights.
ClariFi Health LLC will assist Counterparty in responding to Data Subjects’ requests exercising their rights under the Data Protection Laws. To that effect, ClariFi Health LLC will (a) to the extent permitted by applicable law, promptly notify Counterparty of any request received directly from Data Subjects to access, correct or delete its Personal Data without responding to that request, and (b) upon written request from Counterparty, provide Counterparty with information that ClariFi Health LLC has available to reasonably assist Counterparty in fulfilling its obligations to respond to Data Subjects exercising their rights under the Data Protection Laws.
Data Protection Impact Assessments.
If Counterparty is required under the Data Protection Laws to conduct a Data Protection Impact Assessment, then upon written request from Counterparty, ClariFi Health LLC will assist where reasonably possible in the fulfilment of the Counterparty’s obligation as related to its use of the Service, to the extent Counterparty does not otherwise have access to the relevant information. If required under Data Protection Laws ClariFi Health LLC will provide reasonable assistance to Counterparty in the cooperation or prior consultation with Data Protection Authorities in relation to any applicable Data Protection Impact Assessment.
Audit of Technical and Organizational Measures.
ClariFi Health LLC agrees to make available all information necessary to demonstrate its compliance with data protection policies and procedures implemented as part of the Service. To this end, upon written request (not more than once annually) Counterparty may, at its sole cost and expense, verify ClariFi Health LLC’s compliance with its data protection obligations as specified in this DPA by: (i) submitting a security assessment questionnaire to ClariFi Health LLC; and (ii) if Counterparty is not satisfied with ClariFi Health LLC’s responses to the questionnaire, then Counterparty may conduct an audit in the form of meetings with ClariFi Health LLC’s information security experts upon a mutually agreeable date. Such interviews will be conducted with a minimum of disruption to ClariFi Health LLC’s normal business operations and subject always to ClariFi Health LLC’s agreement on scope and timings. The Counterparty may perform the audit described above either by itself or through a mutually agreed upon third party auditor, provided that Counterparty or its authorized auditor executes a mutually agreed upon non-disclosure agreement. Counterparty will be responsible for any actions taken by its authorized auditor. All information disclosed by ClariFi Health LLC under this Section 9 will be deemed ClariFi Health LLC Confidential Information, and Counterparty will not disclose any audit report to any third party except as obligated by law, court order or administrative order by a government agency. ClariFi Health LLC will remediate any mutually agreed, material deficiencies in its technical and organizational measures identified by the audit procedures described in this Section 9 within a mutually agreeable timeframe.
Breach notification
If ClariFi Health LLC becomes aware of a Data Breach that results in unlawful or unauthorized access to, or loss, disclosure, or alteration of the Personal Data, then ClariFi Health LLC will notify the Counterparty without undue delay and in any event, within seventy-two hours after becoming aware of such Data Breach and will co-operate with the Counterparty and take such reasonable commercial steps as agreed with the Counterparty to assist in the investigation, mitigation and remediation of such Data Breach. ClariFi Health LLC will provide all reasonably required support and cooperation necessary to enable Counterparty to comply with its legal obligations in case of a Data Breach pursuant to applicable Data Protection Laws.
Sub-processing.
Counterparty agrees that ClariFi Health LLC may engage either ClariFi Health LLC affiliated companies or third parties providers as “Subprocessors” and hereby authorizes ClariFi Health LLC to engage such Subprocessors in the provision of the Service. ClariFi Health LLC will restrict the Processing activities performed by Subprocessors to only what is necessary to accomplish the purposes of the Agreement and this DPA. ClariFi Health LLC will impose appropriate contractual obligations in writing upon the Subprocessors that are no less protective than this DPA, and ClariFi Health LLC will remain responsible for the Subprocessors’ compliance with the obligations under this DPA.
ClariFi Health LLC maintains a list of all Subprocessors at www.ClariFiHealth.ai/data-subprocessors (Annex III). ClariFi Health LLC may amend the list of Subprocessors by adding or replacing Subprocessors at any time and will use commercially reasonable efforts to provide Counterparty with fifteen (15) days’ advance notice of any updates so long as Counterparty subscribes to ClariFi Health LLC’s notification list. Controller will be entitled to object to a new Subprocessor by notifying ClariFi Health LLC in writing the reasons of its objection. ClariFi Health LLC will work in good faith to address Controller’s objections. If ClariFi Health LLC is unable or unwilling to adequately address Controller’s objections to its reasonable satisfaction, then Controller may terminate this DPA and the Agreement, as specified in the Agreement.
Governing Law.
This Addendum shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. For the purposes of Clauses 17 and 18 of the EU SCCs, where applicable, to the extent that the governing law and jurisdiction provisions in the Agreement do not meet the requirements of the EU SCCs, the parties select Option 2 of Clause 17, and agree that the EU SCCs shall be governed by the law of the EU Member State in which the data exporter is established; where such law does not allow for third-party beneficiary rights, the EU SCCs shall be governed by the laws of the country of Ireland. Pursuant to Clause 18, any dispute between the Parties arising from the EU SCCs shall be resolved by the courts of Ireland, and the Parties submit themselves to such jurisdiction. For the purposes of Clause 13 of the EU SCCs, the Supervisory Authority shall be the data exporter’s applicable Supervisory Authority. Data exporter shall notify data importer of the applicable Supervisory Authority by email at legal@ClariFiHealth.ai and shall provide any necessary updates without undue delay.
Return or Deletion of Personal Data.
Unless otherwise required by applicable Data Protection Laws, ClariFi Health LLC will delete or return, in Counterparty’s discretion and upon Counterparty’s written request, Personal Data within a reasonable period of time following the termination or expiration of the Agreement.
Termination.
This Addendum shall automatically terminate upon the termination or expiration of the Agreement. This Addendum cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this Addendum shall automatically terminate.
Entire Agreement; Conflict.
Except as amended by this DPA, the Agreement will remain in full force and effect. If there is a conflict between the Agreement and this DPA, the terms of this DPA will control.
APPENDIX
ANNEX I
A. LIST OF PARTIES
Data exporters(s):
the Customer as defined above
Role (controller/processor): Controller and/or Processor as specified in the DPA
Data importer(s):
Name: ClariFi Health LLC
Address: 30 Browning Road, Short Hills, NJ 07078
Contact person’s name, position and contact details: legal@ClariFiHealth.ai
Name: Elliot Zibel
Position: Chief Executive Officer
Address: 30 Browning Road, Short Hills, NJ 07078
Role: Processor (or Subprocessor as the case may be)
Activities relevant to the data transferred under these Clauses: Processing of personal data for the Services pursuant to the Agreement.
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Customer and its end users (e.g., account holders, job applicants, end-customers, prospective customers, employees, contractors, suppliers and end-users of the data exporter and the data exporter’s customers, vendors and partners).
Categories of personal data transferred
Categories of personal data chosen by a controller and issued to processor or subprocessor as the case may be, via the Service (e.g., ATS, HRIS and Accounting related personal data): such as name, address, email, phone number, authentication information, work history, transactional and account information, pay rate and tax information, health plan information, gender, marital status, veteran status.
Note: Data Importer does not process sensitive data except to the extent transferred via the Service by Data Exporter’s end users.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).On a continuous basis as determined by a controller or on its behalf as permitted under the Agreement
Nature of the processing
Integration services between joint systems that a controller chooses and made available by processor or subprocessor as the case may be
Purpose(s) of the data transfer and further processing
For processor/subprocessor to provide the specific Services to a controller (or on their behalf) as required under the Agreement.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
For the term of the Agreement and until notified by a controller, or controller deletion (via Service API)
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
For the term of the Agreement.
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13
The competent supervisory authority/ies applicable to Data Exporter as notified to Data Importer in accordance with Section 12 of the Addendum.
ANNEX II
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
ClariFi Health LLC processes all personal data received from Controller, or on its behalf under this DPA in conformity with the following technical and organizational measures:
Information Security Organization
ClariFi Health LLC’s Information Security Policy outlines roles and responsibilities for personnel with responsibility for the security, availability, and confidentiality of the Product and Service.
The Chief Technology Officer is responsible for the design, implementation, and management of the organization’s security policies, which are reviewed at least annually. Annual review includes assessment of internal controls used in the achievement of ClariFi Health LLC’s Service commitments and system requirements. Following review, any deficiencies are resolved in accordance with the Risk Assessment and Management Program.
The Chief Technology Officer also performs an annual formal risk assessment, which includes the identification of relevant internal and external threats related to security, availability, confidentiality, and fraud, and an analysis of risks associated with those threats. The CTO maintains a risk register, which records the risk mitigation strategies for identified risks, and the development or modification of controls consistent with the risk mitigation strategy.
The Security team is responsible for identifying and tracking incidents and creating a ‘lessons learned’ document and sharing it with the engineering team. The Engineering team is responsible for Software development and deployment.
Personnel Security
ClariFi Health LLC has established a Code of Conduct outlining ethical expectations, behavior standards, and ramifications of noncompliance, as well as Acceptable Use, Data Protection, and Information Security Policies. Internal personnel acknowledge all codes and procedures within 30 days of hire.
Background checks are performed on full-time employees within 30 days of the employee’s start date as permitted by local laws. Reference checks are performed on contractors who have access to production data.
Internal personnel complete annual training programs for information security to help them understand their obligations and responsibilities related to security.
Access Controls and Asset Management
Internal users are provisioned access to systems based on role as defined in the access matrix, which is reviewed and approved annually by the Chief Technology Officer. The CTO approves any additional access required outside the access matrix.
The Chief Technology Officer and the Co-founder conduct quarterly user access reviews of production servers, databases, and applications to validate internal user access is commensurate with job responsibilities. Identified access changes are tracked to remediation.
Access to production machines, network devices, and support tools requires a unique ID.
Internal user access to systems and applications with service data requires two-factor authentication in the form of user ID / password, and one-time passcode.
ClariFi Health LLC has formal policies for password strength and use of authentication mechanisms.
Production infrastructure is restricted to users with a valid SSH key; administrative access to production servers and databases is restricted to the Back-end Engineering team.
Upon termination or when internal users no longer require access, infrastructure and application access is removed within one business day.
Internal use of the internal admin tool is logged. These logs are reviewed monthly for appropriateness.
Firewall configurations help ensure available networking ports and protocols are restricted to approved business rules.
The Engineering team maintains a list of the company’s system components, owners, and their business function, and the Chief Technology Officer reviews this list annually.
Incident Management and Business Continuity
ClariFi Health LLC’s Incident Response Plan outlines the process of identifying, prioritizing, communicating, assigning, and tracking incidents through to resolution.
The Security team tracks identified incidents according to the Incident Response Plan and creates a ‘lessons learned’ document after each high or critical incident. This document is shared with the Engineering team to make any required changes.
The Chief Technology Officer maintains a disaster recovery plan, which is tested at least annually. The Engineering team reviews test results and makes changes to the plan accordingly.
Change Controls
ClariFi Health LLC’s Change Management Process and Standard governs the system development life cycle, including documented policies for tracking, testing, approving, and validating changes.
System changes are tested via automated test scripts prior to being deployed into production.
Code merge requests are independently peer reviewed prior to integrating the code change into the master branch.
System users who make changes to the development system are unable to deploy their changes to production without independent approval.
The Engineering team uses a tool to enforce standard production images for production servers.
Configuration changes are tested (if applicable) and approved prior to being deployed into production.
The production and testing environments are segregated; production data is not used in the development and testing environments.
Data and Availability Controls
ClariFi Health LLC’s Data Protection Policy details the security and handling protocols for service data.
Full backups are performed daily and retained in accordance with the Backup Policy. The Engineering team restores backed-up data to a non-production environment at least annually to validate the integrity of backups.
Access to erase or destroy customer data is limited to the Chief Technology Officer and back-end engineers.
The Chief Technology Officer and the Engineering team manually delete data that is no longer needed from databases and other file stores in accordance with agreed-upon customer requirements.
ClariFi Health LLC’s Encryption and Key Management Policy supports the secure encryption and decryption of app secrets, and governs the use of cryptographic controls.
Encryption is used to protect the transmission of data over the internet; service data is encrypted at rest.
The Engineering team encrypts hard drives for portable devices with full disk encryption.
System tools monitor company load balancers and notify appropriate personnel of any events or outages based on predetermined criteria. Any identified issues are tracked through resolution in accordance with the Incident Response Plan.
The Platform is configured to operate across availability zones to support continuous availability.
Vendor and Vulnerability Management
ClariFi Health LLC’s Vendor Risk Management Policy defines a framework for the onboarding and management of the vendor relationship lifecycle. The Chief Technology Officer assesses new vendors according to the Vendor Risk Management Policy prior to engaging with the vendor.
ClariFi Health LLC’s Vulnerability Management and Patch Program outlines the procedures to identify, assess, and remediate identified vulnerabilities.
Vulnerability scans are executed monthly on production systems. The Chief Technology Officer and the Engineering team track critical or high-risk vulnerabilities through resolution. Management has implemented intrusion prevention and detection tools to provide monitoring of network traffic to the production environment.
The Engineering team uses logging and monitoring software to collect data from servers and endpoints, and detect potential security threats and unusual system activity.
Malware detection software is installed on susceptible endpoints that can access the production environment and is configured to perform daily scans.
The Engineering team uses alerting software to notify impacted teams of potential security and availability events.
ANNEX III
LIST OF SUB-PROCESSORS
The controller has authorised the use of the Subprocessors listed at the following website:
https://www.ClariFiHealth.ai/data-subprocessors
ANNEX IV
UK ADDENDUM TO EU STANDARD CONTRACTUAL CLAUSES
PART 1: TABLES
Table 1: Parties
Start date
Effective the date of the execution of the Addendum
The Parties
Exporter (who sends the Restricted Transfer)As listed in Annex I
Importer (who receives the Restricted Transfer)As listed in Annex I
Parties Details
As listed in Annex I
As listed in Annex I
Key Contacts
As listed in Annex I
As listed in Annex I
Table 2: Selected SCCs, Modules and Selected Clauses
Addendum EU SCCs
The version of the approved EU SCCs agreed to in the Addendum to which this UK Addendum is appended to, including the Appendix Information.
Table 3: Appendix Information
"Appendix Information" means the information which must be provided for the selected modules as set out in the Appendix of the Approved SCCs (other than the Parties), and which for this UK Addendum is set out in:
Annex 1A: List of Parties: See Annex I
Annex 1B: Description of Transfer: Annex I
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: Annex II
Annex III: List of Sub processors: Annex III
Table 4: Ending this Addendum when the Approved Addendum Changes
Ending this Addendum when the Approved Addendum changes
Which Parties may end this Addendum:
☒ Importer
☒ Exporter
☐ neither Party
PART 2: MANDATORY CLAUSES
"Mandatory Clauses"
Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses.
Data Sub Processors
Last updated:4/11/2024
ClariFi Health LLC subprocessors are third-party entities authorized to process data to support ClariFi Health LLC services in accordance with our service agreements. ClariFi Health LLC requires the satisfaction of contractual obligations from each subprocessor to ensure the enforcement of security controls and compliance with applicable data protection regulations.
Microsoft Azure - Microsoft Azure Cosmos DB for PostgreSQL
Function
Microsoft Azure Cosmos DB is a PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases.
Location
East US
Microsoft Azure - Microsoft Azure Monitor
Function
Microsoft Azure Monitor collects monitoring and operational data in the form of logs, metrics, and events. Monitor is configured to detect anomalous behavior in the environments and generate alerts for further investigation.
Location
East US
Microsoft Azure - VM
Function
Microsoft Azure VM is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.
Location
East US
Microsoft Azure Defender for Cloud
Function
Microsoft Azure Defender for Cloud is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect Microsoft Azure accounts.
Location
North Virginia, Stockholm, or customer-chosen Microsoft Azure single-tenant region, at customer's election
Microsoft Azure Storage
Function
Microsoft Azure Storage is virtual storage used in conjunction with Microsoft Azure Storage to store object data. Microsoft Azure Storage is also used to automatically replicate data across Microsoft Azure regions.
Location
East US
End User Terms
These End User Terms of Service (“Terms”) govern use of the Service (as defined below) by End User to enable one or more Integrations (each as defined below) that are made available by ClariFi Health LLC (“ClariFi Health LLC”).
“End User” means the entity that accepts and agrees to these Terms either by clicking a button indicating its acceptance of these Terms and/or by using the Service to enable an Integration (as defined below).
ClariFi Health LLC reserves the right to update these Terms in its sole discretion. The effective date of each update will be (i) 30 days from the date of such update, or (ii) End User’s continued use of an Integration, whichever is earlier.
IF YOU DO NOT ACCEPT THESE TERMS, YOU MAY NOT USE THE SERVICE TO ENABLE AN INTEGRATION. THE SERVICE IS INTENDED FOR END USER AND ITS AUTHORIZED USERS ONLY AND IS NOT FOR USE BY CHILDREN UNDER 13 YEARS OF AGE. IF AN INDIVIDUAL IS ENTERING INTO THESE TERMS ON BEHALF OF A LEGAL ENTITY, SUCH PERSON REPRESENTS AND WARRANTS THAT IT HAS THE LEGAL AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS, AND THESE TERMS APPLY TO SUCH ENTITY WHICH IS DEEMED TO BE END USER.
DEFINITIONS
Capitalized terms are as defined below:
“API” means an application programming interface.
“Documentation” means the written or online user manuals, help files, specification sheets, or other documentation regarding the Service made available by ClariFi Health LLC.
“End User Data” means any data transferred to ClariFi Health LLC by End User (directly or indirectly) via an Integration.
“Integration(s)” means any API integration made available by ClariFi Health LLC that enables End User to transfer End User Data between a Partner application and a Vendor application by means of the Service.
“Partner” means a third-party provider of a SaaS solution used by End User (e.g., HRIS, ATS, accounting, etc.).
“Service” means ClariFi Health LLC’s proprietary, Software-as-a-Service integration solution for platforms (such as for HR, payroll, recruiting and accounting), which includes the Integration(s), Software, Documentation, and all modifications, updates, and upgrades as well as derivative works of each of the foregoing.
“Software” means the software that ClariFi Health LLC develops and maintains in order to provide the Service, and all modifications, updates, upgrades thereto and derivative works thereof.
“Term” means the period of time commencing upon acceptance of these Terms by End User and continuing for so long as End User maintains at least one API connection between a Partner’s application and the Service.
“Vendor” means End User’s vendor (ClariFi Health LLC’s customer) that requires access to End User Data in order to deliver its products or service to End User.
ACCESS TO AND USE OF THE SERVICE
1.1
Right to Access and Use Service. ClariFi Health LLC provides the Service to its customer (the Vendor) and processes End User Data on its behalf. In order to do so, ClariFi Health LLC grants End User the right to enable one or more Integrations for the purpose of receiving products or services from the Vendor. Use of the Service requires ClariFi Health LLC to share End User’s company name with the Partners whose applications End User connects to an Integration.
1.2
Data License. By enabling an Integration, End User will transfer End User Data to ClariFi Health LLC so that ClariFi Health LLC can make such data available to the Vendor by means of the Services, and End User grants ClariFi Health LLC a limited license during the Term to do so.
1.3
Restrictions. End User will not: (a) access (or allow a third party to access) the Service in order to benchmark, or monitor the availability, security, performance, or functionality of the Service, for any competitive purposes without ClariFi Health LLC’s express written consent; (b) rent, lease or otherwise permit third parties (or other persons not authorized by these Terms) to use the Service; (c) use the Service to provide services to third parties (e.g., End User cannot use the Service as a service bureau); (d) modify, create derivative works, decompile, reverse engineer, attempt to gain access to the source code, or copy the Service, or any of their components; (e) circumvent or disable any security or other technological features or measures of the Service or use the Service in a manner that ClariFi Health LLC reasonably believes poses a threat to the security of ClariFi Health LLC-controlled computer systems; or (f) use the Service to conduct any fraudulent, malicious, or illegal activities.
OBLIGATIONS
2.1
ClariFi Health LLC Obligations. ClariFi Health LLC is responsible for providing the Service in conformance with these Terms and applicable Documentation.
2.2
End User Obligations. End User will use the Service only in accordance with the Documentation and in compliance with all applicable laws, including procurement and maintenance of any applicable licenses, permits and consents. End User will ensure that the Service is neither directly or indirectly exported, re-exported, or used to provide services in violation of the export laws or regulations of the United States or any other country.
TERMINATION & SURVIVAL
3.1
ClariFi Health LLC Suspension & Termination Rights. Generally, the Integration(s) will continue only for so long as the Vendor maintains an active subscription to the Service. ClariFi Health LLC may immediately suspend these Terms upon notice to End User or to the Vendor (which may take the form of an e-mail in either case) if ClariFi Health LLC reasonably believes that End User has violated these Terms. If such violation remains uncured after 30 days, ClariFi Health LLC may terminate these Terms and disable the Integration(s).
3.2
End User Termination Rights. End User may terminate these Terms at any time, either by instructing a Vendor to do so on End User’s behalf via the Service, or by severing all of its API connections to the Service and notifying ClariFi Health LLC in writing of such termination.
3.3
Effect of Termination. Upon any termination by End User, or by Vendor acting at the direction of End User, ClariFi Health LLC will delete all End User Data from the Service generally within 90 days from the date of such termination.
3.4
Survival. Sections 4 and 5 will survive any expiration or termination of these Terms.
OWNERSHIP
4.1
ClariFi Health LLC Property. As between the parties, ClariFi Health LLC owns and retains all right, title, and interest in and to the Service. Except for the limited license granted to End User in Section 1.1, ClariFi Health LLC does not by means of these Terms or otherwise transfer any rights in the Service to End User. End User will take no action inconsistent with ClariFi Health LLC’s intellectual property rights in the Service.
4.2
End User Property. As between the parties, End User owns and retains all right, title, and interest in and to the End User Data and does not by means of these Terms or otherwise transfer any rights in the End User Data to ClariFi Health LLC, except for the limited license granted to ClariFi Health LLC in Section 1.3.
DISCLAIMER
THE SERVICE AND THE INTEGRATIONS ARE PROVIDED “AS IS” TO THE FULLEST EXTENT PERMITTED BY LAW. CLARIFI HEALTH LLC AND ITS LICENSORS EXPRESSLY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF PERFORMANCE, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSES, AND NON-INFRINGEMENT. CLARIFI HEALTH LLC DOES NOT WARRANT THAT THE SERVICE OR ANY INTEGRATION (A) ARE ERROR-FREE, (B) WILL PERFORM UNINTERRUPTED, OR (C) WILL MEET END USER’S REQUIREMENTS.
Master Services Agreement
This ClariFi Health LLC Master Services Agreement (“Agreement”) is made between ClariFi Health LLC, a Delaware corporation having its principal place of business at 30 Browning Road, Short Hills, NJ 07078 (“Company” or “ClariFi Health LLC”), and Customer and governs the Customer’s use of the Service (each as defined below).
“Customer” means a person or entity that accepts and agrees to the terms of this Agreement as of the earlier date on which such person or entity either clicks a box indicating acceptance of this Agreement or uses the Service.
ClariFi Health LLC reserves the right to modify or update this Agreement in its sole discretion, the effective date of such updates and/or modifications will be the earlier of: (i) 30 days from the date of such update or modification; or (ii) Customer’s continued use of the Service.
IF YOU DO NOT ACCEPT THIS AGREEMENT, YOU MAY NOT ACCESS OR USE THE SERVICE. THE SERVICE IS INTENDED FOR THE CUSTOMER AND ITS AUTHORIZED USERS ONLY AND IS NOT FOR USE BY CHILDREN UNDER 13 YEARS OF AGE. IF AN INDIVIDUAL IS ENTERING INTO THIS AGREEMENT ON BEHALF OF A LEGAL ENTITY, SUCH PERSON REPRESENTS AND WARRANTS THAT IT HAS THE LEGAL AUTHORITY TO BIND SUCH LEGAL ENTITY TO THIS AGREEMENT AND THIS AGREEMENT APPLIES TO SUCH ENTITY WHICH IS DEEMED THE CUSTOMER.
If Customer and ClariFi Health LLC have executed a written agreement governing Customer’s access to and use of the Service as a ClariFi Health LLC customer, then the terms of such signed agreement will govern and will supersede this Agreement.
DEFINITIONS
The definitions of certain capitalized terms used in this Agreement are set forth below. Others are defined in the body of the Agreement, an Order Form, or in ClariFi Health LLC’s DPA or BAA.
“Affiliate” means, with respect to an entity, any entity or person which directly or indirectly controls, is controlled by, or is under common control with that entity.
“Aggregated Statistics” means aggregated and anonymized data derived from Customer Data, End Customer Data and/or use of the Service. Aggregated Statistics are not Customer Data or End Customer Data and do not consist of Personal Data (as defined in the DPA).
“API(s)” means any application programming interface.
“BAA” means the Business Associate Agreement available at: https://www.ClariFiHealth.ai/baa.
"Beta Features" means any Service features, functionality or services which ClariFi Health LLC may make available to Customer to try at no additional cost, and which is designated as beta, trial, non-production or another similar designation.
“Customer Data” means any data transferred to ClariFi Health LLC by Customer which may consist of, but is not limited to, User login information and Personal Data such as names, e-mail addresses and phone numbers.
“Customer Application” means the application owned and operated by Customer which is described in an Order Form or otherwise approved by ClariFi Health LLC in writing.
“Documentation” means the written or online user manuals, help files, specification sheets, or other documentation regarding the Service made available by ClariFi Health LLC.
“DPA” means the Data Processing Agreement available at https://www.ClariFiHealth.ai/legal/data-processing-agreement.
“End Customer(s)” means Customer’s customer that enables at least one API integration between the Service, a Partner Application and the Customer Application.
“End Customer Data” means any data transferred to ClariFi Health LLC by End Customer itself via the Service for the benefit of Customer, and/or by Customer acting on behalf of an End Customer, which may consist of, but is not limited to, End Customer Personal Data (including information received by ClariFi Health LLC from Partner Applications licensed by End Customers), User login information, names, e-mail addresses, phone numbers, physical or mailing addresses, information related to work history, transactional and account information, pay rates and tax information, health plan information, gender, marital status and veteran status.
“Order Form” means each order document executed in writing between the parties for the purchase of a Subscription to the Service. Upon execution, each Order Form is incorporated herein by reference.
“ClariFi Health LLC Integration(s)” means any ClariFi Health LLC API integration that integrates a Partner Application and Customer Application by means of the Service and that is made available by ClariFi Health LLC during the Subscription Term to End Customers and Customer, as further specified in an Order Form.
“Partner” means a third-party provider of a SaaS solution used by End Customer (e.g., typically in the HRIS, ATS, or accounting space).
“Partner Application(s)” means any application owned and operated by a Partner including those described in an Order Form or otherwise approved by ClariFi Health LLC in writing.
“Service” means ClariFi Health LLC’s proprietary Software-as-a-Service integration solution for platforms (such as for HR, payroll, recruiting and accounting), which includes the ClariFi Health LLC Integration(s), Software, Documentation, and all modifications, updates, and upgrades as well as derivative works to each of the foregoing.
“Software” means the software that ClariFi Health LLC develops and maintains in order to provide the Service, and all modifications, updates, upgrades thereto and derivative works thereof.
“Subscription Term” has the meaning set forth in Section 5.1 below.
“Support” has the meaning set forth in Section 2.2 below, unless otherwise stated in the Order Form.
“Users” means individuals or entities that are granted credentials by Customer to use the Service.
ACCESS TO AND USE OF THE SERVICE
1.1
Right to Access and Use the Service. ClariFi Health LLC grants Customer a royalty-free, nonexclusive, nontransferable, worldwide right during each Subscription Term to use the Service with the Customer Application as set forth in each Order Form, solely in accordance with all applicable Documentation and this Agreement (together, the “Subscription”).
1.2
Restrictions. Customer will not: (a) access (or allow a third party to access) the Service in order to benchmark, or monitor the availability, security, performance, or functionality of the Service, for any competitive purposes without ClariFi Health LLC’s express written consent; (b) rent, lease or otherwise permit third parties (or other persons not authorized by this Agreement) to use the Service; (c) use the Service to provide services to third parties other than End Customers as permitted hereunder (e.g., Customer cannot use the Services as a service bureau); (d) modify, create derivative works, decompile, reverse engineer, attempt to gain access to the source code, or copy the Service, or any of their components; (e) circumvent or disable any security or other technological features or measures of the Service or use the Service in a manner that ClariFi Health LLC reasonably believes poses a threat to the security of ClariFi Health LLC-controlled computer systems; or (f) use the Service to conduct any fraudulent, malicious, or illegal activities (each of (a) through (f), a “Prohibited Use”).
1.3
Beta Features. Beta Features made available by ClariFi Health LLC are provided to Customer for testing purposes only. ClariFi Health LLC makes no commitment to provide Beta Features in any future versions of the Service. Customer is not obligated to use Beta Features. ClariFi Health LLC may immediately and without notice remove Beta Features for any reason without liability to Customer. Notwithstanding anything to the contrary in this Agreement, ClariFi Health LLC does not provide Support for Beta Features. For clarity, all Beta Features are provided "AS IS" without warranty of any kind.
CLARIFI HEALTH LLC OBLIGATIONS
2.1
General. The Service connects Partner Applications with the Customer Application via an API to enable the transfer of End Customer Data between the Partner Application, ClariFi Health LLC, the Customer Application, and other third party applications as instructed by Customer. Use of the Service requires ClariFi Health LLC to store and process Customer Data and End Customer Data, and to share with Partners the company names of Customer and End Customers that are using the applicable Partner Application. ClariFi Health LLC is responsible for providing the Service in conformance with and subject to the terms of this Agreement, the Order Form(s) and Documentation.
2.2
Support. If Customer experiences any errors, bugs, or other issues in its use of the Services, ClariFi Health LLC will use commercially reasonable efforts to respond as soon as possible (“Support”) in order to resolve the issue or provide a suitable workaround. The fee for Support is included in the cost of the Subscription set forth on the Order Form. Customer will send any Support requests to ClariFi Health LLC via email (to: support@ClariFiHealth.ai).
2.3
End Customer Data Obligations. If an End Customer notifies ClariFi Health LLC (including pursuant to the DPA) of its intent to terminate, or terminates its use of the Service, or if ClariFi Health LLC suspends an End Customer’s access to the Service or terminates its agreement with an End Customer due to End Customer’s uncured material breach, ClariFi Health LLC may terminate End Customer’s connection to the Service and delete any End Customer Data.
CUSTOMER OBLIGATIONS
3.1
Customer Application Access; API Integrations; Customer/Partner Accounts. No later than the Start Date (as defined in the Order Form), Customer will provide such access to the Customer Application as is necessary to enable the ClariFi Health LLC Integrations via APIs. Customer must create, and maintain during the Subscription Term, its own partnership/account with Partners if required to enable ClariFi Health LLC Integrations.
3.2
Notice to End Customers. Customer will notify the End Customer that ClariFi Health LLC will be processing End Customer Data as part of maintaining the ClariFi Health LLC Integration(s).
3.3
Compliance with Laws. Customer will use the Service only in accordance with the Documentation and with all applicable laws, including procurement and maintenance of any applicable licenses, permits and consents. Customer will ensure that the Service is neither directly or indirectly exported, re-exported, or used to provide services in violation of the export laws and regulations of the United States or any other country. ClariFi Health LLC reserves the right to suspend use of the Service operating in violation of the obligations of this Section 3.3, following written notice to Customer (which may take the form of an email).
DATA LICENSE & PROTECTION
4.1
Data License. In connection with its use of the Service, Customer will transfer Customer Data and enable the transfer of End Customer Data to ClariFi Health LLC. Customer grants ClariFi Health LLC a limited license during the Term to use Customer Data and End Customer Data to provide and maintain the Service and develop the Aggregated Statistics.
4.2
DPA. ClariFi Health LLC will process all Customer Data and End Customer Data for the purposes set forth in this Agreement and in accordance with the DPA.
4.3
BAA. ClariFi Health LLC will process all PHI (as defined in the BAA) for the purposes set forth in this Agreement and in accordance with the BAA.
4.4
Security and Privacy. ClariFi Health LLC maintains industry-standard physical, technical, and administrative safeguards in order to protect End Customer Data in accordance with ClariFi Health LLC’s “Security Protocols” set forth in Annex II (Technical and Organisational Measures) of the DPA.
TERM AND TERMINATION
5.1
Term. The Subscription Term starts on the Start Date set forth on the Order Form and continues for so long as there is an active Subscription. Each Subscription shall renew automatically for succeeding terms of one (1) year each, on the same terms that are in place on the renewal date excluding any discounts, unless either party gives written notice to the other at least thirty (30) days prior to the anniversary date of such Subscription, or unless the Subscription is terminated as provided in Section 5.2 below.
5.2
Termination for Cause. Either party may terminate this Agreement or any active Subscription for cause: (a) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of the 30-day period; or (b) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
5.3
Effect of Termination. If Customer terminates this Agreement or any active Subscription in accordance with Section 5.2, ClariFi Health LLC will reimburse Customer on a pro-rata basis for any pre-paid fees allocable to the remaining Subscription Term as of the date of such termination. Upon termination or expiration of this Agreement for any reason, ClariFi Health LLC will, upon written request, delete all Customer Data and any End Customer Data processed on behalf of Customer during the Subscription Term.
5.4
Survival. The following provisions will survive any expiration or termination of the Agreement: Sections 7; 8; 11; 12 and 13 (as applicable).
FEES AND PAYMENT
6.1
Fees. Customer will pay the fees for the Subscription set forth on the applicable Order Form. Following execution of the Order Form, ClariFi Health LLC will submit an invoice to Customer for the Subscription, and payment will be due within the Payment Terms set forth on the Order Form (“Due Date”).
6.2
Overdue Charges. If any undisputed, invoiced amount is not received by ClariFi Health LLC by the Due Date, then those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower.
6.3
Taxes. The fees payable hereunder are exclusive of any sales taxes (unless included on the invoice), or similar governmental sales tax type assessments, excluding any income or franchise taxes on ClariFi Health LLC (collectively, “Taxes”) with respect to the Service provided to Customer. Customer is solely responsible for paying all Taxes associated with or arising from this Agreement.
CONFIDENTIALITY
7.1
Confidential Information. Except as explicitly excluded below, any information of a confidential or proprietary nature provided by a party (“Disclosing Party”) to the other party (“Receiving Party”) constitutes the Disclosing Party’s confidential and proprietary information (together, “Confidential Information”). All End Customer Data is Confidential Information. ClariFi Health LLC’s Confidential Information includes the Service and any information conveyed to Customer in connection with Support. Customer’s Confidential Information includes Customer Data. Confidential Information does not include information which is (a) already known by the receiving party without an obligation of confidentiality other than pursuant to this Agreement; (b) publicly known or becomes publicly known through no unauthorized act of the Receiving Party; (c) rightfully received from a third party without a confidentiality obligation to the Disclosing Party; or (d) independently developed by the Receiving Party without access to the Disclosing Party’s Confidential Information.
7.2
Confidentiality Obligations. Each party will use the Confidential Information of the other party only as necessary to perform its obligations under this Agreement, will not disclose the Confidential Information to any third party except as otherwise permitted under this Agreement, and will protect the confidentiality of the Disclosing Party’s Confidential Information with the same standard of care as the Receiving Party uses or would use to protect its own Confidential Information, but in no event will the Receiving Party use less than a reasonable standard of care. Notwithstanding the foregoing, the Receiving Party may share Confidential Information with those of its employees, agents and representatives who have a need to know such information and who are bound by confidentiality obligations at least as restrictive as those contained herein (each, a “Representative”). Each party shall be responsible for any breach of confidentiality by any of its Representatives.
7.3
Additional Exclusions. A Receiving Party will not violate its confidentiality obligations if it discloses the Disclosing Party’s Confidential Information if required by applicable laws, including by court subpoena or similar instrument so long as the Receiving Party provides the Disclosing Party with written notice of the required disclosure so as to allow the Disclosing Party to contest or seek to limit the disclosure or obtain a protective order. If no protective order or other remedy is obtained, the Receiving Party will furnish only that portion of the Confidential Information that is legally required, and agrees to exercise reasonable efforts to ensure that confidential treatment will be accorded to the Confidential Information so disclosed.
OWNERSHIP
8.1
ClariFi Health LLC Property. As between the parties, ClariFi Health LLC owns and retains all right, title, and interest in and to the Service, Feedback (as defined below) and Aggregated Statistics. Except for the limited license granted to Customer in Section 1.1, ClariFi Health LLC does not by means of this Agreement or otherwise transfer any other rights to Customer.
8.2
Customer Property. As between the parties, Customer owns and retains all right, title, and interest in and to the Customer Data. Except for the licenses granted to ClariFi Health LLC in Section 4.1, Customer does not by means of this Agreement or otherwise transfer any other rights to ClariFi Health LLC.
8.3
Feedback. Customer may provide comments, suggestions and recommendations to ClariFi Health LLC with respect to the Service (including, without limitation, comments, suggestions and recommendations with respect to modifications, enhancements, improvements and other changes) (collectively, “Feedback”). In such event, ClariFi Health LLC may freely use and exploit any such Feedback without any obligation to Customer, unless otherwise agreed upon by the parties in writing. Customer assigns to ClariFi Health LLC any proprietary right that Customer may have in or to the Feedback.
REPRESENTATIONS AND WARRANTIES; DISCLAIMER
9.1
Mutual Representations and Warranties. Each party represents and warrants it has validly entered into this Agreement and has the legal power to do so.
9.2
Customer Representations and Warranties. Customer represents and warrants it has all rights necessary to (i) grant ClariFi Health LLC the licenses set forth in this Agreement and (ii) enable the ClariFi Health LLC Integrations between the Service, Partner Applications and Customer Application, which includes the transfer and processing of End Customer Data.
9.3
Disclaimer. WITH THE EXCEPTION OF THE LIMITED WARRANTIES SET FORTH IN THIS SECTION 9, THE SERVICE AND BETA FEATURES ARE PROVIDED “AS IS” TO THE FULLEST EXTENT PERMITTED BY LAW. CLARIFI HEALTH LLC AND ITS LICENSORS EXPRESSLY DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF PERFORMANCE, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSES, AND NON-INFRINGEMENT. CLARIFI HEALTH LLC DOES NOT WARRANT THAT THE SERVICE OR BETA FEATURES (A) ARE ERROR-FREE, (B) WILL PERFORM UNINTERRUPTED, OR (C) WILL MEET CUSTOMER’S REQUIREMENTS.
Insurance
ClariFi Health LLC will maintain in full force and effect during the Term:
(a) Commercial general liability insurance on an occurrence basis for bodily injury, death, property damage, and personal injury, with coverage limits of not less than $1,000,000 per occurrence and $2,000,000 general aggregate for bodily injury and property damage;
(b) Auto liability insurance covering non-owned and hired vehicles, with coverage limits of not less than $1,000,000 per occurrence for bodily injury and property damage;
(c) Worker’s compensation insurance as required by applicable law;
(d) Umbrella liability insurance on an occurrence form, for limits of not less than $4,000,000 per occurrence and in the aggregate; and
(e) Technology Errors & Omissions and Cyber-risk on an occurrence or claims-made form, for limits of not less than $2,000,000 annual aggregate covering liabilities for financial loss resulting or arising from acts, errors or omissions in the rendering of the Service, or from data damage, destruction, or corruption, including without limitation, unauthorized access, unauthorized use, virus transmission, denial of service, and violation of privacy from network security failures in connection with the Service.
Insurance carriers will be rated A-VII or better by A.M. Best Provider. ClariFi Health LLC’s coverage will be considered primary without right of contribution of Customer’s insurance policies. In no event will the foregoing coverage limits affect or limit in any manner ClariFi Health LLC’s contractual liability for indemnification or any other liability of ClariFi Health LLC under this Agreement.
INDEMNIFICATION
11.1
By ClariFi Health LLC. ClariFi Health LLC will defend Customer, and its Affiliates, including each of the foregoing’s officers, directors, employees and agents (collectively, “Customer Indemnified Parties”), from any third-party claim, demand, dispute, suit or proceeding, and ClariFi Health LLC will indemnify Customer Indemnified Parties from and against any related losses, liabilities, damages, costs or expenses (including, without limitation, attorneys’ fees), finally awarded against the Customer Indemnified Parties to such third party, by a court of competent jurisdiction or agreed to in settlement, alleging that (i) the Service, including Customer’s permitted use thereof, infringes or misappropriates any patent, trademark or copyright of such third party or (ii) ClariFi Health LLC has violated a law applicable to ClariFi Health LLC’s provision of the Services.
If ClariFi Health LLC becomes, or in ClariFi Health LLC’s opinion is likely to become, the subject of an infringement or misappropriation claim, ClariFi Health LLC may, at its option and expense: (a) procure for Customer the right to continue using the Service; (b) replace the Service (including any component part) with a non-infringing substitute subject to Customer’s prior written approval; or (c) modify the Service so that it becomes non-infringing. If none of the foregoing alternatives are available, ClariFi Health LLC shall notify Customer, and Customer may elect to terminate the license immediately pursuant to Section 5.
ClariFi Health LLC will not be obligated to defend or be liable for costs or damages (a) under Section 11.1(i) solely to the extent the infringement or misappropriation is attributable to (x) any unauthorized use, reproduction, or distribution of the Service or ClariFi Health LLC’s intellectual property rights by the Customer Indemnified Parties which is the subject of the claim; or (y) any unauthorized combination of, or modification to, the Service or ClariFi Health LLC’s intellectual property rights, other than as expressly approved by ClariFi Health LLC that causes the underlying claim where such claim would have not occurred but for such unauthorized act; or (b) under Section 11.1(ii) to the extent the violation of law is attributable to Customer’s breach of the Agreement.
11.2
By Customer. Customer will defend ClariFi Health LLC, and its Affiliates, including each of the foregoing’s officers, directors, employees and agents (collectively, “ClariFi Health LLC Indemnified Parties”), from any third-party claim, demand, dispute, suit or proceeding, and Customer will indemnify the ClariFi Health LLC Indemnified Parties from and against any related losses, liabilities, damages, costs or expenses (including, without limitation, attorneys’ fees), finally awarded against the ClariFi Health LLC related to: (a) Customer or a User engaging in a Prohibited Use; (b) Customer’s breach of Section 9.2 (Customer Representations & Warranties); and (c) any allegation by a governmental body that use of the Service, Customer Data or End Customer Data, by Customer or by ClariFi Health LLC at Customer’s direction and/or as permitted hereunder, has violated an applicable law.
11.3
Indemnification Process. The indemnified parties will: (a) give the indemnifying party prompt written notice of any claim, action or demand for which indemnity is claimed; (b) give the indemnifying party sole control over the defense and settlement of the claim, provided that the indemnifying party will not settle any claim that involves the payment of money or acknowledgement of wrongdoing on the part of the indemnified parties without indemnified parties’ prior written approval such approval not to be unreasonably withheld, conditioned or delayed; and (c) provide the indemnifying party with reasonable cooperation, at the indemnified parties’ expense, in connection with the defense and settlement of the claim.
LIMITATIONS OF LIABILITY
12.1
NEITHER PARTY, NOR ITS AFFILIATES, NOR THE OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, OR REPRESENTATIVES OF ANY OF THEM, WILL BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, THAT MAY ARISE OUT OF THIS AGREEMENT, EVEN IF THE OTHER PARTY HAS BEEN NOTIFIED OF THE POSSIBILITY OR LIKELIHOOD AND WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, SERVICES LIABILITY OR OTHERWISE.
12.2
EXCEPT WITH RESPECT TO EXCLUDED CLAIMS AND UNCAPPED CLAIMS (EACH AS DEFINED BELOW), IN NO EVENT WILL THE COLLECTIVE LIABILITY OF EITHER PARTY, OR THEIR RESPECTIVE AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS AND REPRESENTATIVES, TO THE OTHER PARTY FOR ANY AND ALL DAMAGES, INJURIES, AND LOSSES ARISING FROM ANY AND ALL CLAIMS AND CAUSES OF ACTION ARISING OUT OF, BASED ON, RESULTING FROM, OR IN ANY WAY RELATED TO THIS AGREEMENT, EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO CLARIFI HEALTH LLC FOR USE OF THE SERVICE. THE EXISTENCE OF MULTIPLE CLAIMS OR SUITS UNDER OR RELATED TO THIS AGREEMENT WILL NOT ENLARGE OR EXTEND THE LIMITATION OF MONEY DAMAGES WHICH WILL BE THE CLAIMANT’S SOLE AND EXCLUSIVE REMEDY.
12.3
“Excluded Claims” means any claim and/or liability associated with any breach by ClariFi Health LLC of Sections 4.2 (DPA), 4.3 (BAA), and 4.4 (Security & Privacy), including for clarity with respect to any claim of liability associated with the DPA, BAA or the Security Protocols, and ClariFi Health LLC’s indemnification obligation in Section 11.1(ii). ClariFi Health LLC’s total, cumulative liability for all Excluded Claims will not exceed two (2) times the total amount of fees paid for use of the Service by Customer to ClariFi Health LLC under this Agreement.
12.4
“Uncapped Claims” means any claim or liability associated with: (a) Customer’s breach of Section 9.2 (Customer Representations & Warranties); (b) either party’s breach of confidentiality (but not relating to any liability associated with ClariFi Health LLC’s security obligations with respect to Customer Data or End Customer Data each which remains subject to the Excluded Claims cap); (c) either party’s respective indemnification obligations under Section 11 (except Section 11.1(ii)); or (d) any liability of a party which cannot be limited under applicable law, including gross negligence, recklessness, or intentional misconduct.
MISCELLANEOUS
This Agreement is the entire agreement between Customer and ClariFi Health LLC and supersedes all prior agreements and understandings concerning the subject matter hereof. Customer and ClariFi Health LLC are independent contractors, and this Agreement will not establish any relationship of partnership, joint venture, or agency between Customer and ClariFi Health LLC. Failure to exercise any right under this Agreement will not constitute a waiver. There are no third-party beneficiaries to this Agreement. Any notice provided by one party to the other under this Agreement will be in writing and sent by overnight courier or certified mail (receipt requested) to the address above. If any provision of this Agreement is found unenforceable, this Agreement will be construed as if it had not been included.
This Agreement is governed by the laws of New York without reference to conflicts of law rules. If any dispute, controversy or claim cannot be settled by the parties within 30 days of written notice from either party to the other of such dispute, controversy or claim, then, except as set forth below, any dispute, controversy or claim arising under, out of or relating to this Agreement, will be finally determined by arbitration conducted by the JAMS by a single arbiter who will be fluent in written and spoken English. The place of such arbitration will be in New York, New York, U.S.A. The sole and exclusive language of arbitration will be English. The judgment of the arbitration will be final, non-appealable (to the extent not inconsistent with applicable law) and binding upon the parties, and judgment may be entered upon the arbitral award in any court of competent jurisdiction. The foregoing does not limit or restrict either party from seeking injunctive or other equitable relief with respect to its intellectual property rights hereunder. Subject to the dispute resolution procedures above, any disputes arising out of or related to this Agreement will be subject to the jurisdiction of the state and federal courts of New York County, New York, U.S.A.
Privac
This ClariFi Health LLC “Privacy Policy” applies to our various websites, applications and services located or accessed at https://www.ClariFiHealth.ai/ (“Services”), which is owned and operated by ClariFi Health LLC. (“ClariFi Health LLC,” “Company” or “we” or “us”). We recognize and respect your privacy. This Privacy Policy explains how we collect, use and disclose personally identifying information (“Personal Information”) gathered through the Services.
While this Privacy Policy may reference aspects of our other terms and agreements, use of the Services is subject to our Terms of Use, Subscriber Agreement, End Customer Terms and Master Services Agreement. All such terms are located at: https://www.ClariFiHealth.ai//terms/ and referred to collectively as “Terms.” Capitalized terms used but not defined in this Privacy Policy have their meaning set forth in the various agreements within the Terms.
We reserve the right to change this Privacy Policy from time to time without notice to you. You should check here periodically to review the current Privacy Policy, which is effective as of the revision date listed above. Your use of the Services and submission of any information, including Personal Information, to us constitutes acceptance and understanding of this Privacy Policy.
Types of Information & Personal Information Collected Through the Services
Our Services enable our users to connect applications (i.e., End Customer Applications and Customer Applications) with Partner Applications (e.g., third party services and applications such as for HRIS, ERP, ticketing, accounting services and platforms etc.) via APIs and ClariFi Health LLC Integrations made available by us. We may collect, store and process, on your and/or your organization’s behalf, any data (including Personal Information) transmitted to ClariFi Health LLC from an End Customer Application, Customer Application or Partner Application through a ClariFi Health LLC Integration .
We may also collect data, including Personal Information, directly from you or your organization through the Services such as:
Your contact information (such as name, address, email address and phone number);
Personal information contained in legal agreements (such as invoices and orders);
Information posted by you to the Services (such as comments, suggestions, feedback, opinions, or media);
About third parties, but solely pursuant to their express permission, collected and processed by an End Customer, Customer, or Partner (e.g., job candidate information originally stored within End Customer’s systems, a Customer Application or Partner Application); and
Any other Personal Information you submit to us in the form of an email or via any function within the Services (e.g., requests for demos, contact forms, job postings, etc.).
Types of Uses of Information & Personal Information
We collect, store and use the information as well as Personal Information you provide to us in various ways always in accordance with this Privacy Policy and as follows:
To provide the Services;
To process product orders received through the Services or other ways you communicate them to us (e.g., email, phone);
To evaluate business opportunities;
To effectuate or enforce a transaction or agreement;
To adjust offerings or services provided by us to you;
To provide you with information about our products and services that we believe you may find of interest, including to send you mailing lists, and marketing and promotional e-mails;
To authenticate visitors to the Services;
To generate de-identified and aggregated statistics data for any lawful purpose and as specified in the Terms;
To be able to respond to requests or inquiries, and for similar, customer-service-related purposes;
To respond to job applications. If you decide to apply for a job with us, you may submit your Personal Information and resume online. If you apply for a job with us through a third-party platform (such as Glassdoor or LinkedIn), we will collect certain Personal Information you make available to us through such third-party platform;
We automatically collect through the Services information that is often not personally identifying, such as the website from which visitors came to the Services, Services visitors’ IP address, browser type and other information relating to the device through which they access the Services. We may combine this information with the Personal Information we have collected from you; and
To improve the Services and offerings or services provided by us and to better understand how users access and use the Services and offerings provided by us.
For clarity, we do not make any warranty, express, implied or otherwise, that we will be able to prevent loss, misuse, unauthorized access to, or alteration of personally identifiable information you provide to us. You make any disclosure of personally identifiable information to us at your own risk.
Types of Sharing of or Disclosures of Personal Information
We may share or disclose Personal Information to third parties for the following purposes:
To third parties in aggregated, or non-personally identifying, forms of information about our Services users for marketing, advertising, research or other reasonable business purposes;
To provide you with information relating to products or services that we believe you may find of interest;
In response to a subpoena or other legal process by a governmental entity or third party, or if otherwise required by law;
To protect or enforce our rights including with respect to our assets and properties;
In the event of the sale or dissolution (bankruptcy) of assets, in whole or in part, of our business or any of its affiliates;
To third parties involved in the process of fulfilling orders, providing, or performing functions on our behalf and as aspects necessary to provide our products and the Service (e.g., such as third-party integration partners, service providers, contractors, payment processors, banks, and collection agencies); and
To provide products or services requested.
Cookies, Beacons and Analytics
When you interact with the Services, we strive to make your experience easy and meaningful. Our Services uses technology, or those of third-party service providers, such as cookies, web beacons (clear GIFs, web bugs) and similar technologies to track user activity and collect site data. We may combine this data with the Personal Information we have collected from you.
Cookies
We (including our chosen third-party service providers) use cookies to track visitor activity on the Services. A cookie is a text file that a website transfers to your computer’s hard drive for record-keeping purposes. Our cookies assign a random, unique number to each visitor’s computer. They do not contain information that would personally identify the visitor, although we can associate a cookie with any identifying information that is or has been provided to us while visiting the Services. We use cookies that remain on your computer for a specified period of time or until they are deleted (persistent cookies). We may also use cookies that exist only temporarily during an online session (session cookies) – these cookies allow us to identify you temporarily as you move through the Services. Most browsers allow users to refuse cookies but doing so may impede the functionality of some portions of our Services.
Web Beacons
Web beacons are tiny graphics with a unique identifier, similar in function to cookies, that are used to track the online movements of Web users. In contrast to cookies, which are stored on your computer’s hard drive, Web beacons are embedded invisibly on webpages and may not be disabled or controlled through your browser.
Third Parties
We may also engage third parties to track and analyze Services activity on our behalf. To do so, these third parties may place cookies or web beacons to track user activity on our Services. We use the data collected by such third parties to administer and improve the quality of the Services, analyze usage of the Services, and provide a more enhanced user experience on the Services, such as personalizing and delivering relevant offers and content based on user activity on the Services. We do not provide these third parties with your Personal Information.
We may use third party analytics services (such as Google Analytics and other similar services) to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources.
ClariFi Health LLC’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
User Content
The Services allow users to post information. Any information that you post to the Services becomes public information and may be viewable by other users, as well as visitors to the Services. In addition, your name, as well as other optional information you choose to submit along with the information you post, will be publicly displayed along with your comment or blog. We are not responsible for the privacy of any information that you choose to post to the Services, or for the accuracy of any information contained in those postings. We cannot prevent such information from being used by others in a manner that may violate this Privacy Policy, the law, or your personal privacy. Your posting of any content to any of the Services is subject to our Terms of Use.
Third-Party Links
The Services contain links to other, third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
Email Policy
We may use your email address to communicate with you about orders you have placed, inquiries you have made about our products and services, or information you have shared with us through the Services or email. We may send you emails from time-to-time, about information that we believe may be of interest to you. We may also send you news and offers about our products and services, or those of our chosen partners. Examples include, but are not limited to, our blog, newsletter, information about special offers, or other products or offerings.
If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail. Please note that it may take a few business days for us to process opt-out requests. If you opt-out of receiving emails or promotions, we still may send you e-mails to you in accordance with this Privacy Policy, as requested by you, or in reference to other customer service purposes.
Your Data Protection Rights (California Residents)
If you are a resident of California and interact with us as a consumer, you have certain rights under the California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.), including to request access to and deletion of your Personal Information (as defined in the CCPA). You may exercise these rights by contacting us at support@ClariFiHealth.ai. We do not sell your Personal Information, but we may allow our advertising partners to collect certain device identifiers and electronic network activity that allows them to show ads within their systems that are targeted to your interests. To opt out of having your Personal Information used for targeted advertising purposes, please visit www.aboutads.info/choices.
Children’s Privacy
We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no parts of our Services are directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at support@ClariFiHealth.ai.
International Users
If you are accessing the Services from outside the United States and are providing your information directly to ClariFi Health LLC (i.e. ClariFi Health LLC is serving in a data controller role for your personal data), you are consenting to and authorizing the transfer of your information to the United States for storage, use, processing, maintenance and onward transfer of such information to other entities, regardless of their location, in accordance with this Privacy Policy and the other applicable Terms. For clarity, and as outlined in the Terms, you are also consenting to the application of United States law in all matters concerning the Services.
Personal data collected from the European Economic Area, UK and Switzerland and processed by ClariFi Health LLC as a data controller will, for example, be transferred to and processed by us in the United States or another country outside of the European Economic Area, UK or Switzerland. In such instances, we shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that the transfer is consistent with an approved transfer mechanism, such as the Standard Contractual Clauses approved by the EU Commission.
Data subjects from the European Economic Area and the UK are entitled to certain rights with respect to their personal data, including the right to access, from the data controller, any personal data being processed, and to obtain more information on the purpose of processing, categories of data being processed, sharing with third parties, and other information. ClariFi Health LLC serves as data controller for personal data of ClariFi Health LLC’s personnel, applicants, and business contacts. Data subjects for whom ClariFi Health LLC serves as data controller can limit ClariFi Health LLC’s use and disclosure of their personal data in a variety of ways depending on the circumstances. These choices may include selecting what data to share with ClariFi Health LLC, requesting ClariFi Health LLC delete data, and opting out of marketing correspondence.
Data Privacy Framework
ClariFi Health LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. ClariFi Health LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. ClariFi Health LLC is committed to subject to the DPF Principles all personal data received from the European Union and, as applicable the United Kingdom (and Gibraltar), in reliance on the relevant part(s) of the DPF program. ClariFi Health LLC maintains contracts with third parties with whom we share personal data that restrict their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and ClariFi Health LLC remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
If you have a concern that ClariFi Health LLC has not handled your personal data appropriately under the DPF or UK Extension, please contact ClariFi Health LLC at support@ClariFiHealth.ai. If your issue cannot be resolved directly with ClariFi Health LLC, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, ClariFi Health LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from ClariFi Health LLC, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If neither ClariFi Health LLC nor our dispute resolution provider resolves your complaint, you may be able to pursue binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S.Data Privacy Framework Principles.
ClariFi Health LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Please be aware that ClariFi Health LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
How to Contact Us
While we strive for error free performance, we cannot always catch an unintended privacy issue. As a result, we encourage your questions and comments about any privacy concerns. Please direct them to us by an email to the following: support@ClariFiHealth.ai.
Subscriber Agreement
This ClariFi Health LLC Subscriber Agreement (“Agreement”) is made between ClariFi Health LLC, a Delaware corporation having its principal place of business at ADDRESS (“Company” or “ClariFi Health LLC”), and Customer and governs the Customer’s use of the Service (each as defined below).
“Customer” means a person or entity that accepts and agrees to the terms of this Agreement as of the earlier date (“Start Date”) on which such person or entity either clicks a box indicating acceptance of this Agreement or uses the Service.
ClariFi Health LLC reserves the right to modify or update this Agreement in its sole discretion, the effective date of such updates and/or modifications will be the earlier of: (i) 30 days from the date of such update or modification; or (ii) Customer’s continued use of the Service.
IF YOU DO NOT ACCEPT THIS AGREEMENT, YOU MAY NOT ACCESS OR USE THE SERVICE. THE SERVICE IS INTENDED FOR THE CUSTOMER AND ITS AUTHORIZED USERS ONLY AND IS NOT FOR USE BY CHILDREN UNDER 13 YEARS OF AGE. IF AN INDIVIDUAL IS ENTERING INTO THIS AGREEMENT ON BEHALF OF A LEGAL ENTITY, SUCH PERSON REPRESENTS AND WARRANTS THAT IT HAS THE LEGAL AUTHORITY TO BIND SUCH LEGAL ENTITY TO THIS AGREEMENT AND THIS AGREEMENT APPLIES TO SUCH ENTITY WHICH IS DEEMED THE CUSTOMER.
If Customer and ClariFi Health LLC have executed a written agreement governing Customer’s access to and use of the Service as a ClariFi Health LLC customer, then the terms of such signed agreement will govern and will supersede this Agreement.
DEFINITIONS
The definitions of certain capitalized terms used in this Agreement are set forth below. Others are defined in the body of the Agreement or in ClariFi Health LLC’s DPA.
“Affiliate” means, with respect to an entity, any entity or person which directly or indirectly controls, is controlled by, or is under common control with that entity.
“Aggregated Statistics” means aggregated and anonymized data derived from Customer Data, End Customer Data and/or use of the Service. Aggregated Statistics are not Customer Data or End Customer Data and do not consist of Personal Data (as defined in the DPA).
“API(s)” means any application programming interface.
"Beta Features" means any Service features, functionality or services which ClariFi Health LLC may make available to Customer to try at no additional cost, and which is designated as beta, trial, non-production or another similar designation.
“Customer Data” means any data transferred to ClariFi Health LLC by Customer which may consist of, but is not limited to, User login information and Personal Data such as names, e-mail addresses and phone numbers.
“Customer Application” means an application owned and operated by Customer which Customer chooses to interoperate with the Service or is otherwise approved by ClariFi Health LLC in writing.
“Documentation” means the written or online user manuals, help files, specification sheets, or other documentation regarding the Service made available by ClariFi Health LLC.
“DPA” means the Data Processing Agreement available at https://www.ClariFiHealth.ai/legal/data-processing-agreement.
“End Customer(s)” means Customer’s customer that enables at least one API integration between the Service, a Partner Application and the Customer Application.
“End Customer Data” means any data transferred to ClariFi Health LLC by End Customer itself via the Service for the benefit of Customer, and/or by Customer, acting on behalf of an End Customer, which may consist of, but is not limited to, End Customer Personal Data (including information received by ClariFi Health LLC from Partner Applications licensed by End Customers), User login information, names, e-mail addresses, phone numbers, physical or mailing addresses, information related to work history, transactional and account information, pay rates and tax information, health plan information, gender, marital status and veteran status.
“ClariFi Health LLC Integration(s)” means any ClariFi Health LLC integration that integrates a Partner Application and Customer Application by means of the Service and that is made available by ClariFi Health LLC during the Subscription Term to End Customers and Customer.
“Partner” means a third-party provider of a SaaS solution used by End Customer (e.g., typically in the HRIS, ATS, or accounting space).
“Partner Application(s)” means any application owned and operated by a Partner including those approved by ClariFi Health LLC in writing.
“Service” means ClariFi Health LLC’s proprietary Software-as-a-Service integration solution for platforms (such as for HR, payroll, recruiting and accounting), which includes the ClariFi Health LLC Integrations, Software, Documentation, and all modifications, updates, and upgrades as well as derivative works to each of the foregoing.
“Software” means the software that ClariFi Health LLC develops and maintains in order to provide the Service, and all modifications, updates, upgrades thereto and derivative works thereof.
“Subscription Term” has the meaning set forth in Section 5.1 below.
“Support” has the meaning set forth in Section 2.2 below.
“Users” means individuals or entities that are granted credentials by Customer to use the Service.
ACCESS TO AND USE OF THE SERVICE
1.1
Right to Access and Use the Service. ClariFi Health LLC grants Customer a royalty-free, nonexclusive, nontransferable, worldwide right during each Subscription Term to use the Service with the Customer Application, solely in accordance with all applicable Documentation and this Agreement (together, the “Subscription”).
1.2
Restrictions. Customer will not: (a) access (or allow a third party to access) the Service in order to benchmark, or monitor the availability, security, performance, or functionality of the Service, for any competitive purposes without ClariFi Health LLC’s express written consent; (b) rent, lease or otherwise permit third parties (or other persons not authorized by this Agreement) to use the Service; (c) use the Service to provide services to third parties other than End Customers as permitted hereunder (e.g., Customer cannot use the Services as a service bureau); (d) modify, create derivative works, decompile, reverse engineer, attempt to gain access to the source code, or copy the Service, or any of their components; (e) circumvent or disable any security or other technological features or measures of the Service or use the Service in a manner that ClariFi Health LLC reasonably believes poses a threat to the security of ClariFi Health LLC-controlled computer systems; or (f) use the Service to conduct any fraudulent, malicious, or illegal activities (each of (i) through (vii), a “Prohibited Use”).
1.3
Beta Features. Beta Features made available by ClariFi Health LLC are provided to Customer for testing purposes only. ClariFi Health LLC makes no commitment to provide Beta Features in any future versions of the Service. Customer is not obligated to use Beta Features. ClariFi Health LLC may immediately and without notice remove Beta Features for any reason without liability to Customer. Notwithstanding anything to the contrary in this Agreement, ClariFi Health LLC does not provide Support for Beta Features. For clarity, all Beta Features are provided "AS IS" without warranty of any kind.
CLARIFI HEALTH LLC OBLIGATIONS
2.1
General. The Service connects Partner Applications with the Customer Application via an API to enable the transfer of End Customer Data between the Partner Application, ClariFi Health LLC, the Customer Application, and other third party applications as instructed by Customer. Use of the Service requires ClariFi Health LLC to store and process Customer Data and End Customer Data. ClariFi Health LLC is responsible for providing the Service in conformance with and subject to the terms of this Agreement and the Documentation.
2.2
Support. ClariFi Health LLC will use commercially reasonable efforts to respond to Customer’s support requests as soon as possible if Customer experiences any errors, bugs, or other issues in its use of the Service (“Support”). The fee for Support is included in the cost of the Subscription. Customer will send any Support requests to ClariFi Health LLC via email (to: support@ClariFiHealth.ai).
2.3
End Customer Data Obligations. If an End Customer notifies ClariFi Health LLC (including pursuant to the DPA) of its intent to terminate, or terminates its use of the Service, or if ClariFi Health LLC suspends an End Customer’s access to the Service or terminates its agreement with an End Customer due to End Customer’s uncured material breach, ClariFi Health LLC may terminate End Customer’s connection to the Service and delete any End Customer Data.
CUSTOMER OBLIGATIONS
3.1
Customer Application Access; API Integrations; Customer/Partner Accounts. No later than the Start Date, Customer will provide such access to the Customer Application as is necessary to enable the ClariFi Health LLC Integrations via APIs. Customer must create, and maintain during the Subscription Term, its own partnership/account with Partners if required to enable ClariFi Health LLC Integrations.
3.2
Notice to End Customers. Customer will notify the End Customer that ClariFi Health LLC will be processing End Customer Data as part of maintaining the ClariFi Health LLC Integration(s).
3.3
Compliance with Laws. Customer will use the Service only in accordance with the Documentation and all applicable laws, including procurement and maintenance of any applicable licenses, permits and consents. Customer will ensure that the Service is neither directly or indirectly exported, re-exported, or used to provide services in violation of the export laws and regulations of the United States or any other country. ClariFi Health LLC reserves the right to suspend use of the Service operating in violation of the obligations of this Section 3.3, following written notice to Customer (which may take the form of an email).
DATA LICENSE & PROTECTION
4.1
Data License. In connection with its use of the Service, Customer will transfer Customer Data and enable the transfer of End Customer Data to ClariFi Health LLC. Customer grants ClariFi Health LLC a limited license during the Term to use Customer Data and End Customer Data to provide and maintain the Service and develop the Aggregated Statistics.
4.2
DPA. ClariFi Health LLC will process all Customer Data and End Customer Data for the purposes set forth in this Agreement and in accordance with the DPA.
4.3
Security and Privacy. ClariFi Health LLC maintains industry-standard physical, technical, and administrative safeguards in order to protect End Customer Data in accordance with ClariFi Health LLC’s “Security Protocols” set forth in Annex II (Technical and Organisational Measures) of the DPA.
4.4
Marketplace Information. ClariFi Health LLC may share names and contact information of Customers and End Customers with Partners for the development of ClariFi Health LLC’s Partner ecosystem.
TERM; SUSPENSION AND TERMINATION
5.1
Term. The “Subscription Term” of this Agreement starts on the Start Date and continues for so long as there is an active Subscription as set forth in the Service dashboard, unless otherwise terminated: (a) by Customer at any time following notice of deactivation to support@ClariFiHealth.ai; or (b) by ClariFi Health LLC at any time and for any reason.
5.2
ClariFi Health LLC Suspension Rights. Without limiting any other provision of this Section 5, if Customer fails to timely pay any applicable fees, or is otherwise in breach of this Agreement, ClariFi Health LLC may suspend access to the Services until it receives all amounts due.
5.3
Effect of Termination. Within thirty (30) days of termination or expiration of this Agreement for any reason, ClariFi Health LLC will, upon written request, delete all Customer Data and any End Customer Data processed on behalf of Customer during the Subscription Term.
5.4
Survival. The following provisions will survive any expiration or termination of the Agreement: Sections 7; 8; 10; 11; and 12(as applicable).
FEES AND PAYMENT
6.1
Fees. Customer will pay the fees for the Subscription set forth in the Service dashboard. ClariFi Health LLC will submit an invoice to Customer for the Subscription, and payment will be due on the terms set forth in the Service dashboard (“Due Date”).
6.2
Overdue Charges. If any undisputed, invoiced amount is not received by ClariFi Health LLC by the Due Date, then those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower.
6.3
Taxes. The fees payable hereunder are exclusive of any sales taxes (unless included on the invoice), or similar governmental sales tax type assessments, excluding any income or franchise taxes on ClariFi Health LLC (collectively, “Taxes”) with respect to the Service provided to Customer. Customer is solely responsible for paying all Taxes associated with or arising from this Agreement.
CONFIDENTIALITY
7.1
Confidential Information. Except as explicitly excluded below, any information of a confidential or proprietary nature provided by a party (“Disclosing Party”) to the other party (“Receiving Party”) constitutes the Disclosing Party’s confidential and proprietary information (together, “Confidential Information”). All End Customer Data is Confidential Information. ClariFi Health LLC’s Confidential Information includes the Service and any information conveyed to Customer in connection with Support. Customer’s Confidential Information includes Customer Data. Confidential Information does not include information which is: (a) already known by the receiving party without an obligation of confidentiality other than pursuant to this Agreement; (b) publicly known or becomes publicly known through no unauthorized act of the Receiving Party; (c) rightfully received from a third party without a confidentiality obligation to the Disclosing Party; or (d) independently developed by the Receiving Party without access to the Disclosing Party’s Confidential Information.
7.2
Confidentiality Obligations. Each party will use the Confidential Information of the other party only as necessary to perform its obligations under this Agreement, will not disclose the Confidential Information to any third party except as otherwise permitted under this Agreement, and will protect the confidentiality of the Disclosing Party’s Confidential Information with the same standard of care as the Receiving Party uses or would use to protect its own Confidential Information, but in no event will the Receiving Party use less than a reasonable standard of care. Notwithstanding the foregoing, the Receiving Party may share Confidential Information with those of its employees, agents and representatives who have a need to know such information and who are bound by confidentiality obligations at least as restrictive as those contained herein (each, a “Representative”). Each party shall be responsible for any breach of confidentiality by any of its Representatives.
7.3
Additional Exclusions. A Receiving Party will not violate its confidentiality obligations if it discloses the Disclosing Party’s Confidential Information if required by applicable laws, including by court subpoena or similar instrument so long as the Receiving Party provides the Disclosing Party with written notice of the required disclosure so as to allow the Disclosing Party to contest or seek to limit the disclosure or obtain a protective order. If no protective order or other remedy is obtained, the Receiving Party will furnish only that portion of the Confidential Information that is legally required, and agrees to exercise reasonable efforts to ensure that confidential treatment will be accorded to the Confidential Information so disclosed.
OWNERSHIP
8.1
ClariFi Health LLC Property. As between the parties, ClariFi Health LLC owns and retains all right, title, and interest in and to the Service, Feedback and Aggregated Statistics. Except for the limited license granted to Customer in Section 1.1, ClariFi Health LLC does not by means of this Agreement or otherwise transfer any other rights to Customer.
8.2
Customer Property. As between the parties, Customer owns and retains all right, title, and interest in and to the Customer Data. Except for the licenses granted to ClariFi Health LLC in Section 4.1, Customer does not by means of this Agreement or otherwise transfer any other rights to ClariFi Health LLC.
8.3
Feedback. Customer may provide comments, suggestions and recommendations to ClariFi Health LLC with respect to the Service or Service (including, without limitation, comments, suggestions and recommendations with respect to modifications, enhancements, improvements and other changes) (collectively, “Feedback”). In such event, ClariFi Health LLC may freely use and exploit any such Feedback without any obligation to Customer, unless otherwise agreed upon by the parties in writing. Customer assigns to ClariFi Health LLC any proprietary right that Customer may have in or to the Feedback.
REPRESENTATION AND WARRANTIES
9.1
Mutual Representations and Warranties. Each party represents and warrants it has validly entered into this Agreement and has the legal power to do so.
9.2
Customer Representations and Warranties. Customer represents and warrants it has all rights necessary to (i) grant ClariFi Health LLC the licenses set forth in this Agreement and (ii) enable the ClariFi Health LLC Integrations between the Service, Partner Applications and Customer Application, which includes the transfer and processing of End Customer Data.
9.3
Disclaimer. WITH THE EXCEPTION OF THE LIMITED WARRANTIES SET FORTH IN THIS SECTION 9, THE SERVICE AND BETA FEATURES ARE PROVIDED “AS IS” TO THE FULLEST EXTENT PERMITTED BY LAW. CLARIFI HEALTH LLC AND ITS LICENSORS EXPRESSLY DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF PERFORMANCE, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSES, AND NON-INFRINGEMENT. CLARIFI HEALTH LLC DOES NOT WARRANT THAT THE SERVICE OR BETA FEATURES (I) ARE ERROR-FREE, (II) WILL PERFORM UNINTERRUPTED, OR (III) WILL MEET CUSTOMER’S REQUIREMENTS.
INDEMNIFICATION
10.1
By ClariFi Health LLC. ClariFi Health LLC will defend Customer, and its Affiliates, including each of the foregoing’s officers, directors, employees and agents (collectively, “Customer Indemnified Parties”), from any third-party claim, demand, dispute, suit or proceeding, and ClariFi Health LLC will indemnify Customer Indemnified Parties from and against any related losses, liabilities, damages, costs or expenses (including, without limitation, attorneys’ fees), finally awarded against the Customer Indemnified Parties to such third party, by a court of competent jurisdiction or agreed to in settlement, alleging that the Service, including Customer’s permitted use thereof, infringes or misappropriates any patent, trademark or copyright of such third party.
If ClariFi Health LLC becomes, or in ClariFi Health LLC’s opinion is likely to become, the subject of an infringement or misappropriation claim, ClariFi Health LLC may, at its option and expense: (a) procure for Customer the right to continue using the Service; (b) replace the Service (including any component part) with a non-infringing substitute subject to Customer’s prior written approval; or (c) modify the Service so that it becomes non-infringing. If none of the foregoing alternatives are available, ClariFi Health LLC shall notify Customer, and Customer may elect to terminate the license immediately pursuant to Section 5.
ClariFi Health LLC will not be obligated to defend or be liable for costs or damages solely to the extent the infringement or misappropriation is attributable to: (x) any unauthorized use, reproduction, or distribution of the Service or ClariFi Health LLC’s intellectual property rights by the Customer Indemnified Parties which is the subject of the claim; or (y) any unauthorized combination of, or modification to, the Service or ClariFi Health LLC’s intellectual property rights, other than as expressly approved by ClariFi Health LLC that causes the underlying claim where such claim would have not occurred but for such unauthorized act.
10.2
By Customer. Customer will defend ClariFi Health LLC, and its Affiliates, including each of the foregoing’s officers, directors, employees and agents (collectively, “ClariFi Health LLC Indemnified Parties”), from any third-party claim, demand, dispute, suit or proceeding, and Customer will indemnify the ClariFi Health LLC Indemnified Parties from and against any related losses, liabilities, damages, costs or expenses (including, without limitation, attorneys’ fees), finally awarded against the ClariFi Health LLC related to: (a) Customer or a User engaging in a Prohibited Use; (b) Customer’s breach of Section 9.2 (Customer Representations & Warranties); and (c) any allegation by a governmental body that use of the Service, Customer Data or End Customer Data, by Customer or by ClariFi Health LLC at Customer’s direction and/or as permitted hereunder, has violated an applicable law.
10.3
Indemnification Process. The indemnified parties will: (a) give the indemnifying party prompt written notice of any claim, action or demand for which indemnity is claimed; (b) give the indemnifying party sole control over the defense and settlement of the claim, provided that the indemnifying party will not settle any claim that involves the payment of money or acknowledgement of wrongdoing on the part of the indemnified parties without indemnified parties’ prior written approval such approval not to be unreasonably withheld, conditioned or delayed; and (c) provide the indemnifying party with reasonable cooperation, at the indemnified parties’ expense, in connection with the defense and settlement of the claim.
LIMITATIONS OF LIABILITY
11.1
NEITHER PARTY, NOR ITS AFFILIATES, NOR THE OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, OR REPRESENTATIVES OF ANY OF THEM, WILL BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, THAT MAY ARISE OUT OF THIS AGREEMENT, EVEN IF THE OTHER PARTY HAS BEEN NOTIFIED OF THE POSSIBILITY OR LIKELIHOOD AND WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, PRODUCTS LIABILITY OR OTHERWISE.
11.2
EXCEPT WITH RESPECT TO EXCLUDED CLAIMS AND UNCAPPED CLAIMS (AS DEFINED BELOW), IN NO EVENT WILL THE COLLECTIVE LIABILITY OF EITHER PARTY, OR THEIR RESPECTIVE AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS AND REPRESENTATIVES, TO THE OTHER PARTY FOR ANY AND ALL DAMAGES, INJURIES, AND LOSSES ARISING FROM ANY AND ALL CLAIMS AND CAUSES OF ACTION ARISING OUT OF, BASED ON, RESULTING FROM, OR IN ANY WAY RELATED TO THIS AGREEMENT, EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO CLARIFI HEALTH LLC FOR USE OF THE SERVICE DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM.
THE EXISTENCE OF MULTIPLE CLAIMS OR SUITS UNDER OR RELATED TO THIS AGREEMENT WILL NOT ENLARGE OR EXTEND THE LIMITATION OF MONEY DAMAGES WHICH WILL BE THE CLAIMANT’S SOLE AND EXCLUSIVE REMEDY.
11.3
“Excluded Claims” means any claim and/or liability associated with any breach by ClariFi Health LLC of Sections 4.2 (DPA) and 4.3 (Security & Privacy), including with respect to any claim of liability associated with the DPA or the Security Protocols. ClariFi Health LLC’s total, cumulative liability for all Excluded Claims will not exceed two (2) times the total amount of fees paid for use of the Service by Customer to ClariFi Health LLC during the twelve (12) months immediately preceding the claim.
11.4
“Uncapped Claims” means any claim or liability associated with: (a) Customer’s breach of Section 9.2 (Customer Representations & Warranties); (b) either party’s breach of confidentiality (but not relating to any liability associated with ClariFi Health LLC’s security obligations with respect to Customer Data or End Customer Data each which remains subject to the Excluded Claims cap); (c) either party’s respective indemnification obligations under Section 10; or (d) any liability of a party which cannot be limited under applicable law, including gross negligence, recklessness, or intentional misconduct.
MISCELLANEOUS
This Agreement is the entire agreement between Customer and ClariFi Health LLC and supersede all prior agreements and understandings concerning the subject matter hereof. Customer and ClariFi Health LLC are independent contractors, and this Agreement will not establish any relationship of partnership, joint venture, or agency between Customer and ClariFi Health LLC. Failure to exercise any right under this Agreement will not constitute a waiver. There are no third-party beneficiaries to this Agreement. Any notice provided by one party to the other under this Agreement will be in writing and sent by overnight courier or certified mail (receipt requested) to the address above. If any provision of this Agreement is found unenforceable, this Agreement will be construed as if it had not been included.
This Agreement is governed by the laws of New York without reference to conflicts of law rules. If any dispute, controversy or claim cannot be settled by the parties within 30 days of written notice from either party to the other of such dispute, controversy or claim, then, except as set forth below, any dispute, controversy or claim arising under, out of or relating to this Agreement, will be finally determined by arbitration conducted by the JAMS by a single arbiter who will be fluent in written and spoken English. The place of such arbitration will be in New York, New York, U.S.A. The sole and exclusive language of arbitration will be English. The judgment of the arbitration will be final, non-appealable (to the extent not inconsistent with applicable law) and binding upon the parties, and judgment may be entered upon the arbitral award in any court of competent jurisdiction. The foregoing does not limit or restrict either party from seeking injunctive or other equitable relief with respect to its intellectual property rights hereunder. Subject to the dispute resolution procedures above, any disputes arising out of or related to this Agreement will be subject to the jurisdiction of the state and federal courts of New York County, New York, U.S.A.
Terms of Use
The ClariFi Health LLC website, and all of its related web pages and locations (collectively referred to and taken together as the “Site”), provides information with respect to ClariFi Health LLC’s business, products and services (together, the “Services”). The following “Terms of Use” between ClariFi Health LLC (also referred to as “ClariFi Health LLC,” “Company” or “us”) and “you” govern your use of the Site, Materials (defined below) and the Services.
BY USING THIS SITE, YOU AGREE TO THESE TERMS OF USE AND THE ClariFi Health PRIVACY POLICY https://www.ClariFiHealth.ai/privacy-policy/. IF YOU DO NOT ACCEPT THESE TERMS OF USE, YOU MAY NOT ACCESS OR USE THE SITE. MATERIALS, SERVICES AND INFORMATION INTENDED FOR USERS OF THE SITE ARE NOT FOR USE BY CHILDREN UNDER 13 YEARS OF AGE.
If you and ClariFi Health LLC have executed a written agreement governing your access to and use of the Services, then the terms of such signed agreement will control to the extent that services agreement conflicts with these Terms.
Accounts and Registration. To access some features of the Services, you may be required to register for an account. When you register for an account, you may be required to provide us with some information about yourself, such as your name, email address, or other contact information. You agree that the information you provide to us is accurate and that you will keep it accurate and up-to-date at all times. When you register, you will be asked to provide a password. You are solely responsible for maintaining the confidentiality of your account and password, and you accept responsibility for all activities that occur under your account. If you believe that your account is no longer secure, then you must immediately notify us at support@ClariFiHealth.ai
Copyright. The content of the Site, including all text, images, software, audio and video, links, as well as any such combination and/or compilation of the same (collectively referred to herein as “Materials”), is the property of ClariFi Health LLC and is protected by U.S. and international copyright laws. Neither the Site nor the Materials may be modified, reproduced, distributed, transmitted, publicly displayed, performed, or otherwise used, in whole or in part, without the prior written consent of ClariFi Health LLC. No use of Materials on this Site is allowed except as expressly stated herein. Some Materials may be copyrighted by ClariFi Health LLC’s suppliers, licensees and affiliates. Copyright law also applies to other companies’ advertisements or information presented on this Site.
Trademarks. “ClariFi Health LLC,” “ClariFi Health LLC.dev” and “ClariFi Health LLC API” (including the ClariFi Health LLC’s name, logos and Site name) are the trademarks of ClariFi Health LLC (collectively, the “Trademarks”), within the United States as well as in other countries. You may not display, make reference to or use the Trademarks, in any manner without prior written permission by ClariFi Health LLC. All other trademarks, service marks, product and service names and company names or logos that appear on the Site are the property of their respective owners. The use of ClariFi Health LLC Trademarks on any other website is not allowed. ClariFi Health LLC prohibits the use of ClariFi Health LLC Trademarks as a "hot" link on or to any other website unless establishment of such a link is approved in advance by ClariFi Health LLC.
Age of Users. Services and information intended for users of the Site are not for use by children under 13 years of age. Parents and legal guardians may not agree to these Terms of Use on their children’s behalf. If ClariFi Health LLC becomes aware that a child under 13 has provided or attempted to provide ClariFi Health LLC with personal information, ClariFi Health LLC will use best efforts to remove the information permanently from our files. If you are between the age of 13 and 18 years old, you may use this Site but only under the supervision of a parent or legal guardian who agrees to be bound by these Terms of Use. If you are a parent or legal guardian agreeing to these Terms of Use for the benefit of a child between 13 and 18 years old, be advised that you are fully responsible for his or her use of this Site and any and all legal liability that he or she may incur.
Privacy. By using this Site, you signify your ongoing and continuing consent to the ClariFi Health LLC Privacy Policy, available at (“Privacy Policy”). The Privacy Policy is incorporated into and forms part of the Agreement. In the event of any inconsistency between the Terms of Use and the Privacy Policy, the Terms of Use shall prevail. Personal information that you supply to ClariFi Health LLC, and any information about your use of the Site that ClariFi Health LLC obtains from you will be subject to the Privacy Policy. In addition, ClariFi Health LLC email addresses are provided solely for user queries relating to the Site. The capture of ClariFi Health LLC emails for use with unsolicited email is not permitted.
Illegal & Unpermitted Activities. This Site and its contents are solely for your own personal non-commercial use. You may not:
i.
Copy, transmit, publish, distribute, display or in any other way exploit the Site, Trademarks, Services and/or Materials at any time in any manner;
ii.
Use the Site for any illegal, unauthorized or improper purpose;
iii.
Use the Site in a way that violates any applicable law or these Terms of Use;
iv.
Use the Site to modify or create derivative works of the Trademarks, Materials or Services, or any of each of their respective components;
v.
Aggregate or collect any Materials to construct any kind of database;
vi.
Use any robot, spider, scraper or other automated means to access the Site for any purpose without our express written permission;
vii.
Take any action that imposes, or may impose in ClariFi Health LLC’s sole discretion, an unreasonable or disproportionately large load on our infrastructure;
viii.
Use any device, software or routine to interfere or attempt to interfere with the proper working of the Site or with any other person’s use of the Site; or
ix.
Bypass any measures ClariFi Health LLC may use to prevent or restrict access to the Site, or otherwise attempt to gain unauthorized access to any portion or feature of the Site, by hacking, password “mining” or any other illegitimate means.
Links. For your convenience only, ClariFi Health LLC has provided links within the Site to other websites operated by third parties. ClariFi Health LLC exhibits no control over such third-party websites and ClariFi Health LLC is not responsible for their content or the privacy practices thereof. ClariFi Health LLC makes no representations or warranties and accepts no responsibility for the quality, content, nature or reliability of any third-party web site or service accessible by hyperlink from the Site. Your correspondence or business dealings with, or participation in promotions of, advertisers found on or through this Site, are solely between you and such advertiser. This includes payment and delivery of related goods or services, and any other terms, conditions, warranties or representations associated with such dealings. You agree that ClariFi Health LLC will not be responsible or liable for any loss or damage incurred as the result of any such dealings.
Indemnification. You agree to defend, indemnify, and hold harmless ClariFi Health LLC from all liabilities, claims, and expenses, including attorney’s fees, that arise from any claim or demand, made by any third party due to or arising out of your use of the Site and for any violation of these Terms of Use. ClariFi Health LLC reserves the right, at ClariFi Health LLC’s expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will cooperate with ClariFi Health LLC in asserting any available defenses.
Disclaimer of Warranties. THE SITE, MATERIALS AND SERVICES (TOGETHER, THE “ClariFi Health ASSETS”) ARE PROVIDED BY ClariFi Health ON AN “AS IS” AND “AS AVAILABLE” BASIS. ClariFi Health MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, AS TO THE ClariFi Health ASSETS OR THE OPERATION OF THIS SITE. YOU EXPRESSLY AGREE THAT YOUR USE OF THE ClariFi Health ASSETS AND THE SITE ARE AT YOUR SOLE RISK AND RESPONSIBILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, ClariFi Health DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. ClariFi Health DOES NOT REPRESENT OR WARRANT THAT THE ClariFi Health ASSETS ARE ACCURATE, COMPLETE, RELIABLE, CURRENT, SUBJECT TO CORRECTION, OR ERROR-FREE OR THAT THE ClariFi Health ASSETS, INCLUDING ITS SERVERS, ARE FREE OF ANY HARMFUL COMPONENTS. BECAUSE SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.
Limitation of Liability. IN NO EVENT WILL ClariFi Health BE LIABLE TO YOU, OR TO ANY PARTY CLAIMING THROUGH YOU, FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THE FURNISHING, PERFORMANCE, OR USE OF THE ClariFi Health ASSETS. ClariFi Health's MAXIMUM AGGREGATE LIABILITY FOR DAMAGES OR LOSS, HOWSOEVER ARISING OR CAUSED, SHALL IN NO EVENT BE GREATER THAN TWENTY-FIVE UNITED STATES DOLLARS ($25.00). BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
Changes to Site. ClariFi Health LLC reserves the right, in its sole discretion, of which ClariFi Health LLC may choose to do at any time and from time to time, to modify or discontinue, whether temporarily or permanently, the Site, or the content thereof, with or without notice. ClariFi Health LLC reserves the right to interrupt the operation of the Site, or any portion of the Site, as necessary to perform routine or non-routine maintenance, error correction, or other changes. You agree that ClariFi Health LLC will not be liable to you or to any third party for any modification, suspension, or discontinuance of the Site.
Changes to Terms of Use. ClariFi Health LLC reserves the right, in its sole discretion, to change or modify these Terms of Use, whether in whole or in part, without notice. If ClariFi Health LLC changes the Terms of Use, ClariFi Health LLC will post such new terms on the Site and any such changes or modifications will become effective upon posting. Your access to and use of the Site, following the posting of any such changes or modifications, will constitute your acceptance of the Terms of Use as revised.
Applicable Law, Jurisdiction and Claims. THIS TERMS OF USE IS MADE UNDER, AND WILL BE CONSTRUED ACCORDING TO, THE LAWS OF THE STATE OF NEW YORK, U.S.A. The parties agree that the Uniform Computer Information Transaction Act (or any statutory implementation of it) and the United Nations Convention on the International Sale of Goods will not apply with respect to this Agreement or the parties’ relationship. Subject to the last sentence of this section, any claim, dispute or controversy arising out of or relating to this Agreement shall be resolved by arbitration in accordance with the provisions of the commercial or business rules of the American Arbitration Association. The arbitration shall be held in New York, NY. Notwithstanding the foregoing, a party may seek preliminary judicial relief (such as a preliminary injunction) from the state and federal courts located in New York, NY, if in its judgment, such action is necessary to avoid irreparable damage, and such courts shall have exclusive jurisdiction and venue over all matters relating to such preliminary relief.
Termination. ClariFi Health LLC reserves the right to terminate your use of this Site, including the right to remove any information provided to ClariFi Health LLC by you or posted to the Site, in the event that you violate the Terms of Use, any rules or guidelines posted on this Site, any applicable federal, state or local laws, or for any other reason that ClariFi Health LLC shall determine in its sole discretion. You understand that any termination of your account, by you or ClariFi Health LLC, may involve the permanent deletion of your data and/or information.
Force Majeure. ClariFi Health LLC is not responsible for damages, delays, or failures in performance resulting from acts or occurrences beyond its reasonable control, including, without limitation: fire, lightning, explosion, power surge or failure, water, acts of God, war, revolution, civil commotion or acts of civil or military authorities or public enemies; any law, order, regulation, ordinance, or requirement of any government or legal body or any representative of any such government or legal body; any labor unrest, including without limitation, strikes, slowdowns, picketing, or boycotts; or inability to secure raw materials, transportation facilities, fuel or energy shortages, or acts or omissions of other common carriers.
Copyright Complaints. ClariFi Health LLC respects your intellectual property rights as well as the rights of other third parties. If you believe that your work has been copied in a way that constitutes copyright infringement, please e-mail ClariFi Health LLC at legal@ClariFiHealth.ai.
Notice. You agree that ClariFi Health LLC may provide notice to you and other information concerning this Site electronically, including any notice to any email address supplied by you.
General Provisions. You agree to comply with all applicable laws and regulations. The terms and conditions set forth herein constitute the entire agreement between you and ClariFi Health LLC with respect to the use of the Site. The waiver by one party of any default of the other party shall not waive subsequent defaults of the same or different kind. If for any reason a court of competent jurisdiction finds any provision of this Terms of Use, or portion thereof, to be unenforceable, that provision of the agreement will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remainder of this Terms of Use will continue in full force and effect.