SOFTWARE AS A SERVICE TERMS OF SERVICE AGREEMENT PLEASE READ THESE TERMS OF SERVICE CAREFULLY. BY CLICKING “ACCEPTED AND AGREED,” EACH CUSTOMER AGREES TO THESE TERMS OF SERVICE.
These Terms of Service constitute an agreement (this “Agreement”) by and between NuLease Medical Solutions, a limited liability company organized under the laws of the state of Kentucky and having a place of business located at 5722 Outer Loop, Louisville, KY 40219 (“Provider”) and each customer of Provider’s online personal medical data management service (“Recipient”).
Provider will retain all Recipient Data until erased pursuant to the Data Policy set forth in Appendix C. (d) Injunction. Provider agrees that violation of the provisions of this Section 8 might cause Recipient irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Recipient will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security.
Authorized Use Policy A. General Provisions Provider requires that all customers and other users of Provider’s Service (the “Service”) conduct themselves with respect for others. In particular, please observe the following rules in your use of the Service: 1) Abusive Behavior: Do not harass, threaten, or defame any person or entity. Do not contact any person who has requested no further contact. Do not use ethnic or religious slurs against any person or group. 2) Privacy: Do not violate the privacy rights of any person. Do not collect or disclose any personal address, social security number, or other personally identifiable information without each holder’s written permission. Do not cooperate in or facilitate identity theft. 3) Intellectual Property: Do not infringe upon the copyrights, trademark rights, trade secret rights, or other intellectual property rights of any person or entity. Do not reproduce, publish, or disseminate software, audio recordings, video recordings, photographs, articles, or other works of authorship without the written permission of the copyright holder. 4) Hacking, Viruses, & Network Attacks: Do not access any computer or communications system without authorization, including the computers used to provide the Service. Do not attempt to penetrate or disable any security system. Do not intentionally distribute a computer virus, launch a denial of service attack, or in any other way attempt to interfere with the functioning of any computer, communications system, or website.
Do not attempt to access or otherwise interfere with the accounts of other users of the Service. 5) Spam: Do not send bulk unsolicited e-mails (“Spam”) or sell or market any product or service advertised by or connected with Spam. Do not facilitate or cooperate in the dissemination of Spam in any way. Do not violate the CAN-Spam Act of 2003. 6) Fraud: Do not issue fraudulent offers to sell or buy products, services, or investments. Do not mislead anyone about the details or nature of a commercial transaction. Do not commit fraud in any other way. 7) Violations of Law: Do not violate any law. B. Consequences of Violation Violation of this Acceptable Use Policy (this “AUP”) may lead to suspension or termination of the user’s account or legal action. In addition, the user may be required to pay for the costs of investigation and remedial action
related to AUP violations. Provider reserves the right to take any other remedial action it sees fit.
C. Reporting Unauthorized Use Provider requests that anyone with information about a violation of this AUP report it via an email to the following address: NuLease Medical Solutions, c/o Shannon Cales, 5722 Outer Loop, Louisville, KY 40219.
Please provide the date and time (with time zone) of the violation and any identifying information regarding the violator, including e-mail or IP (internet protocol) address if available, as well as details of the violation. D. Revision of AUP Provider may change this AUP at any time by posting a new version on this policy to its website and sending the user written notice thereof. The new version will become effective on the date of such notice.
Unfortunately, even with these measures, we cannot guarantee the security of PII. By using our Website, you acknowledge and agree that we make no such guarantee, and that you use our
Data Policy 1. Access, Use, & Legal Compulsion. Unless it receives Recipient’s prior written consent, Provider: (i) will not access or use data in electronic form collected through the Services from Recipient, or accessible directly from Recipient, (collectively, “Recipient Data”) other than as necessary to facilitate the provision of Service; and (ii) will not give any third party access to Recipient Data that is regulated under HIPAA. Notwithstanding the foregoing, Provider may disclose Recipient Data as required by applicable law or by proper legal or governmental authority. Provider will give Recipient prompt notice of any such legal or governmental demand and reasonably cooperate with Recipient in any effort to seek a protective order or otherwise to contest such required disclosure, at Recipient’s expense. 2. Recipient’s Rights. Recipient possesses and retains all right, title, and interest in and to Recipient Data, and Provider’s use and possession thereof is solely as Recipient’s agent. Recipient may access and copy any Recipient Data in Provider’s possession at any time using tools provided to Recipient as part of the Service. 3. Retention & Deletion. Provider will retain any Recipient Data in its possession until Erased (as defined below) pursuant to this Subsection (3), or until 90 days following termination or expiration of the Recipient’s subscription to the Service. After termination or expiration of the Recipient’s subscription to the Service, the Provider shall Erase the Recipient Data within thirty
(30) days. Notwithstanding the foregoing, Recipient may at any time instruct Provider to retain and not to Erase or otherwise delete Recipient Data, provided Recipient may not require retention of Recipient Data for more than 120 days after termination or expiration of this Agreement. Promptly after Erasure pursuant to this Subsection (3), Provider will certify such Erasure in writing to Recipient which may be provided via email. As used herein, “Erase” and “Erasure” refer to the destruction of data so that no copy of the data remains or can be accessed or restored in any way. 4. Individuals’ Access. Provider will not allow any of its employees to access Recipient Data, except to the extent that an employee needs access in order to facilitate
the Services and executes a written agreement with Provider agreeing to comply with Provider’s obligations set forth in this Appendix C. Provider will perform a background check on any individual it gives access to Recipient Data. Such background check will include, without limitation, a review of the individual’s criminal history, if any. Provider will not grant access to Recipient Data if the background check or other information in Provider’s possession would lead a reasonable person to suspect that the individual has committed identity theft or otherwise misused third party data or that the individual presents a threat to the security of Recipient Data.
5. Compliance with Law & Policy. Provider will comply with all applicable federal and state laws and regulations governing the handling of Recipient Data including requirements for special handling of HIPAA-controlled PHI. 6. Leaks. Provider will promptly notify Recipient of any actual or potential exposure or misappropriation of Recipient Data (any “Leak”) that comes to Provider’s attention. Provider will cooperate with Recipient and with law enforcement authorities in investigating any such Leak, at Provider’s expense. Provider will likewise cooperate with Recipient and with law enforcement agencies in any effort to notify injured or potentially injured parties, and such cooperation will be at Provider’s expense, except to the extent that the Leak was caused by Recipient. The remedies and obligations set forth in this Subsection (6) are in addition to any others Recipient may have. 7. Injunction. Provider agrees that violation of the provisions of this Appendix C might cause Recipient irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Recipient will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security