SOFTWARE AS A SERVICE TERMS OF SERVICE AGREEMENT PLEASE READ THESE TERMS OF SERVICE CAREFULLY. BY CLICKING “ACCEPTED AND AGREED,” EACH CUSTOMER AGREES TO THESE TERMS OF SERVICE.
These Terms of Service constitute an agreement (this “Agreement”) by and between NuLease Medical Solutions, a limited liability company organized under the laws of the state of Kentucky and having a place of business located at 5722 Outer Loop, Louisville, KY 40219 (“Provider”) and each customer of Provider’s online personal medical data management service (“Recipient”).
Provider will retain all Recipient Data until erased pursuant to the Data Policy set forth in Appendix C. (d) Injunction. Provider agrees that violation of the provisions of this Section 8 might cause Recipient irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Recipient will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security.
Agreement will be governed solely by the internal laws of the State of Ohio, without reference to the principles of conflicts of law. The parties consent to the personal and exclusive jurisdiction of the federal and state courts of the State of Kentucky. (h) Severability. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect. (i) Certain Notices. Provider hereby notifies Recipient that parental control protections (such as computer hardware, software, or filtering services) are commercially available that may assist in limiting access to material that is harmful to minors. Information regarding providers of such protections may be found on the Internet by searching “parental control protection” or similar terms. (j) Conflicts among Attachments. In the event of any conflict between the terms of this main body of this Agreement and those of the Data Policy, the terms of this main body will govern. In the event of any conflict between this Agreement and any Provider policy posted online, including without limitation the AUP and Privacy Policy, the terms of this Agreement will govern. (k) Entire Agreement. This Agreement sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to the subject matter hereof. Neither party has relied upon any such prior or contemporaneous communications.
Authorized Use Policy A. General Provisions Provider requires that all customers and other users of Provider’s Service (the “Service”) conduct themselves with respect for others. In particular, please observe the following rules in your use of the Service: 1) Abusive Behavior: Do not harass, threaten, or defame any person or entity. Do not contact any person who has requested no further contact. Do not use ethnic or religious slurs against any person or group. 2) Privacy: Do not violate the privacy rights of any person. Do not collect or disclose any personal address, social security number, or other personally identifiable information without each holder’s written permission. Do not cooperate in or facilitate identity theft. 3) Intellectual Property: Do not infringe upon the copyrights, trademark rights, trade secret rights, or other intellectual property rights of any person or entity. Do not reproduce, publish, or disseminate software, audio recordings, video recordings, photographs, articles, or other works of authorship without the written permission of the copyright holder. 4) Hacking, Viruses, & Network Attacks: Do not access any computer or communications system without authorization, including the computers used to provide the Service. Do not attempt to penetrate or disable any security system. Do not intentionally distribute a computer virus, launch a denial of service attack, or in any other way attempt to interfere with the functioning of any computer, communications system, or website.
Do not attempt to access or otherwise interfere with the accounts of other users of the Service. 5) Spam: Do not send bulk unsolicited e-mails (“Spam”) or sell or market any product or service advertised by or connected with Spam. Do not facilitate or cooperate in the dissemination of Spam in any way. Do not violate the CAN-Spam Act of 2003. 6) Fraud: Do not issue fraudulent offers to sell or buy products, services, or investments. Do not mislead anyone about the details or nature of a commercial transaction. Do not commit fraud in any other way. 7) Violations of Law: Do not violate any law. B. Consequences of Violation Violation of this Acceptable Use Policy (this “AUP”) may lead to suspension or termination of the user’s account or legal action. In addition, the user may be required to pay for the costs of investigation and remedial action
related to AUP violations. Provider reserves the right to take any other remedial action it sees fit.
C. Reporting Unauthorized Use Provider requests that anyone with information about a violation of this AUP report it via an email to the following address: NuLease Medical Solutions, c/o Shannon Cales, 5722 Outer Loop, Louisville, KY 40219.
Please provide the date and time (with time zone) of the violation and any identifying information regarding the violator, including e-mail or IP (internet protocol) address if available, as well as details of the violation. D. Revision of AUP Provider may change this AUP at any time by posting a new version on this policy to its website and sending the user written notice thereof. The new version will become effective on the date of such notice.
Privacy Policy Effective Date: April 18, 2018 We collect certain information through our website, located at www.nulease.com (our “Website”). This page (this “Privacy Policy”) lays out our policies and procedures surrounding the collection and handling of any such information that identifies an individual user or that could be used to contact or locate him or her (“Personally Identifiable Information” or “PII”). As used herein, Personally Identifiable Information includes Personal Healthcare Information (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy applies only our Website. It does not apply to any third party site or service linked to our Website or recommended or referred by our Website or by our staff. And it does not apply to any other website or online service operated by our company, or to any of our offline activities. A. PII We Collect We collect the following Personally Identifiable Information from users who buy our products and services: name, e-mail address, telephone number, address, and credit card number, personal medical history, pre- existing medical conditions, current medical conditions, insurance providers identity and billing information, prescription medications, diagnostic test results, diagnoses, treatment regimes, doctors and other care givers responsible for treatment, emergency contact information, guardian identity and contact information, and attorney-in-fact identity and contact information. We also use “cookies” to collect certain information from all users, including non-subscribing website visitors. A cookie is a string of data our system sends to your computer and then uses to identify your computer when you return to our Website. Cookies give us usage data, like how often you visit, where you go at the site, and what you do. B. Our Use of PII Except for HIPAA-controlled PHI, we use your Personally Identifiable Information to create your account, to communicate with you about your current subscription, and to offer you additional products and services. We also use that information to the extent necessary to enforce our Website terms of service and to prevent imminent harm to persons or property. HIPAAcontrolled PHI is not used by Provider, its agents, or contractors in any way except as necessary for provision of the Service. We use cookies so that our Website can remember you and provide you with the information you are most likely to need. For instance, when you return to our Website, cookies identify you and prompt the site to provide your username (not your password), so you can sign in more quickly. Finally, we use information gained through cookies to compile statistical information about use of our Website, such as the time users spend at the site and the pages they visit most often. Those statistics do not include PII. C. Protection of PII We employ the following data security tools to protect Personally Identifiable Information: secure server with Secure Socket Layer (SSL).
Unfortunately, even with these measures, we cannot guarantee the security of PII. By using our Website, you acknowledge and agree that we make no such guarantee, and that you use our
Website at your own risk. D. Contractor and Other Third Party Access to PII We give certain independent contractors access to Personally Identifiable Information. All contractors are required to sign contracts in which they promise to protect PII using procedures reasonably equivalent to ours. Users are not third party beneficiaries of those contracts. We also may disclose PII to attorneys, collection agencies, or law enforcement authorities to address potential AUP violations, other contract violations, or illegal behavior. And we disclose any information demanded in a court order or otherwise required by law or to prevent imminent harm to persons or property. As noted above, we compile Website usage statistics from data collected through cookies. We may publish those statistics or share them with third parties, but they don’t include PII. E. Accessing and Correcting Your PII You can access and change any Personally Identifiable Information we store through your “My Account” page. F. DNT Policy Disclosure This section outlines how we apply Do Not Track ‘DNT’ regulatory requirements per California’s Online Privacy Protection Act’s (CalOPPA) effective January 1, 2014. We do not recognize DNT mechanisms that have been designed to prevent tracking of Personal Identifying Information (PII). Please read your rights carefully. We will track unique identifiers, and passively collected information such as device identifiers and geolocation data about California residents’ online activities over time and across third-party websites or services, including via mobile apps. G. Amendment of this Privacy Policy We may change this Privacy Policy at any time by posting a new version on this page or on a successor page. The new version will become effective on the date it’s posted, which will be listed at the top of the page as the new Effective Date.
Data Policy 1. Access, Use, & Legal Compulsion. Unless it receives Recipient’s prior written consent, Provider: (i) will not access or use data in electronic form collected through the Services from Recipient, or accessible directly from Recipient, (collectively, “Recipient Data”) other than as necessary to facilitate the provision of Service; and (ii) will not give any third party access to Recipient Data that is regulated under HIPAA. Notwithstanding the foregoing, Provider may disclose Recipient Data as required by applicable law or by proper legal or governmental authority. Provider will give Recipient prompt notice of any such legal or governmental demand and reasonably cooperate with Recipient in any effort to seek a protective order or otherwise to contest such required disclosure, at Recipient’s expense. 2. Recipient’s Rights. Recipient possesses and retains all right, title, and interest in and to Recipient Data, and Provider’s use and possession thereof is solely as Recipient’s agent. Recipient may access and copy any Recipient Data in Provider’s possession at any time using tools provided to Recipient as part of the Service. 3. Retention & Deletion. Provider will retain any Recipient Data in its possession until Erased (as defined below) pursuant to this Subsection (3), or until 90 days following termination or expiration of the Recipient’s subscription to the Service. After termination or expiration of the Recipient’s subscription to the Service, the Provider shall Erase the Recipient Data within thirty
(30) days. Notwithstanding the foregoing, Recipient may at any time instruct Provider to retain and not to Erase or otherwise delete Recipient Data, provided Recipient may not require retention of Recipient Data for more than 120 days after termination or expiration of this Agreement. Promptly after Erasure pursuant to this Subsection (3), Provider will certify such Erasure in writing to Recipient which may be provided via email. As used herein, “Erase” and “Erasure” refer to the destruction of data so that no copy of the data remains or can be accessed or restored in any way. 4. Individuals’ Access. Provider will not allow any of its employees to access Recipient Data, except to the extent that an employee needs access in order to facilitate
the Services and executes a written agreement with Provider agreeing to comply with Provider’s obligations set forth in this Appendix C. Provider will perform a background check on any individual it gives access to Recipient Data. Such background check will include, without limitation, a review of the individual’s criminal history, if any. Provider will not grant access to Recipient Data if the background check or other information in Provider’s possession would lead a reasonable person to suspect that the individual has committed identity theft or otherwise misused third party data or that the individual presents a threat to the security of Recipient Data.
5. Compliance with Law & Policy. Provider will comply with all applicable federal and state laws and regulations governing the handling of Recipient Data including requirements for special handling of HIPAA-controlled PHI. 6. Leaks. Provider will promptly notify Recipient of any actual or potential exposure or misappropriation of Recipient Data (any “Leak”) that comes to Provider’s attention. Provider will cooperate with Recipient and with law enforcement authorities in investigating any such Leak, at Provider’s expense. Provider will likewise cooperate with Recipient and with law enforcement agencies in any effort to notify injured or potentially injured parties, and such cooperation will be at Provider’s expense, except to the extent that the Leak was caused by Recipient. The remedies and obligations set forth in this Subsection (6) are in addition to any others Recipient may have. 7. Injunction. Provider agrees that violation of the provisions of this Appendix C might cause Recipient irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Recipient will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security