Terms Of Service

terms_of_service.knit

Terms of Service Simplified Summary

Resonance deploys its technology platform to amplify health around the world. The General Terms and Conditions of Service below form a contract between Resonance and our software Customers governing the use of our Software. This preamble is only a summary of the terms and conditions below, is not a legal document or agreement, and is not part of our Terms and Conditions. The legal code of the Terms and Conditions can be found below this preamble, which agreement does form a contract between Resonance and the signatory.

Our software is available for free. Our professional services and tailored software configuration services are not always free. If we perform any services for you or provide uniquely configured software for you that is not free, you will be made aware of this before the services are performed. Those services will be governed by a separate service level agreement that will be executed by you and us before the services are performed.
Medical Data that you store on our platform is your Customer Data. We make every commercially reasonable effort to protect Customer Data and prevent unauthorized access; Customer Data is encrypted in transit and at rest and protected by various firewalls, security systems, authorization processes, and other technical safeguards. Data protection and privacy are our top commercial priorities. In addition to the agreement below, please review our privacy policy for further information on how we protect your data.
We will never use your Customer Data for any purpose that you do not authorize. If you collect data for a clinical trial or for sharing in any form, additional clinical trial agreements, ethics approvals as required, and any other relevant authorizations will be documented prior to any such sharing.
We may generate fully anonymous and de-identified summaries of population-level data being stored in our system and use that information for our own purposes, as allowed by applicable law. However, such information will always be fully anonymous and will never contain specific customer names, hospitals, sites, users, patients, or any other customer or patient identifiers. As an example, we may tabulate the number of patients diagnosed with a specific disease in a given country, region, or continent that have data stored in our system and use that summary count for internal or external purposes. Such tabulations will never include any mention of specific sites, users, hospitals, or patients, etc.
Resonance Patient Center and Resonance Networks, our two flagship software products, are separate applications governed by the same master terms and conditions below, but they have different appendices unique to each of their uses. Please review the unique terms and conditions for each app below.
Resonance Patient Center is used in some cases for managing clinical trial data. As mentioned above, that activity is always governed by separate agreements, procedures, and regulations. Resonance Patient Center can be used for patient care and quality improvement without any involvement in any sort of data-sharing or research context. Resonance Patient Center is not itself a medical device and does not contain or provide access to any medical devices. Resonance Patient Center also does not provide any medical advice.
When using Resonance Networks, please be professional and respectful and be careful about sharing private information on public networks.
Please strive to take all appropriate precautions to protect access credentials and any data being stored on the Resonance platform.

If you have any questions about this simplified summary or the legal document below, please contact us at legal@resonancehealth.org.

General Terms and Conditions of Service

Last updated: April 17, 2024

PLEASE READ THESE TERMS AND CONDITIONS OF SERVICE CAREFULLY. BY CLICKING “ACCEPTED AND AGREED TO,” CUSTOMER AGREES TO THESE TERMS AND CONDITIONS.

These Terms and Conditions of Service constitute an agreement (this “Agreement”) by and between: (a) Resonance, Inc., a corporation whose principal place of business is 5239 Jeffrey Keith Dr., Arlington TN, 38002 USA (“Resonance”) and (b) as the context requires or otherwise permits, the healthcare provider, principal investigator, Covered Entity, Provider, User, Participant, member of an Authorized Workforce or other person executing this Agreement (either on their own behalf, or as an authorized agent of a third party) (“Customer”). This Agreement includes Attachment A, the “Business Associate Addendum”, Attachment B, the “Specific Terms of Service”, and Attachment C “GDPR Processor Addendum”, as applicable. This Agreement is effective as of the date Customer clicks “Accepted and Agreed To” (the “Effective Date”). Customer’s use of and Resonance’s provision of Resonance’s Software (as defined below in Section 1.24) are governed by this Agreement.

EACH PARTY ACKNOWLEDGES THAT IT HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS, AND THAT THE PERSON SIGNING ON ITS BEHALF HAS BEEN AUTHORIZED TO DO SO. THE PERSON EXECUTING THIS AGREEMENT ON CUSTOMER’S BEHALF (“YOU”) REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO BIND CUSTOMER TO THESE TERMS AND CONDITIONS.

WHEREAS, Resonance provides access to its software-as-a-service offerings to its customers;

WHEREAS, Customer desires to access certain software-as-a-service offerings described herein, and Resonance desires to provide Customer access to such offerings, subject to the terms and conditions set forth in this Agreement;

NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

1. DEFINITIONS

The following capitalized terms will have the following meanings whenever used in this Agreement.

1.1. “Access Credentials” means any username, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify an individual’s identity and authorization to access and use the Services (as defined below in Section 1.21).

1.2. “Authorized Workforce” means those natural persons who are members of Customer’s workforce or the workforce of the Provider which Customer has authorized to enter into this Agreement who Customer has identified (by their legal names, and the legal names of their employers) in Customer’s account as authorized to access the Software on Customer’s behalf.

1.3. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this Agreement, shall mean Resonance.

1.5. “Consent” means consent or authorization by Customer allowing us to take actions described under this Agreement, which Customer may give in an electronic communication to us or by use of the features of the Software (such as “share,” “transmit,” “refer,” “authorize,” “opt-in,” “agree” or toggling or selecting an action through settings or activation pages located within the Software, and the like). Such Consent may: (a) apply to an individual case or situation or may apply globally or programmatically based on variables that apply to an overall situation or circumstance (whether through a settings or preference page, a global “opt-in,” or otherwise); or (b) be granted by Customer on behalf of its or its clients’ Data Subjects.

1.7. “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103.

1.8. “Customer Data” means all information processed or stored through or by the Software by Customer or on Customer’s behalf, including any patient data, medical record data, or Protected Health Information (as defined below in Section 1.16). Customer Data does not include payment records, credit cards or other information Customer uses to pay Resonance, or other information and records related to Customer’s account, including without limitation identifying information related to Customer’s staff involved in payment or other management of such account. Without prejudice to the foregoing, where indicated or the context requires, “Customer Data” may also include “Personal Data” over which Customer is the “Controller” or the “Processor” (all such terms, including “Data Subjects” having the meaning assigned to them in the GDPR).

1.9. “Customer Systems” means Customer’s information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through its use of third-party services.

1.10. “Documentation” means any documentation disclosed by Resonance which describes the functionality, use, source code, or features of the Software or any similar documentation which is not Confidential Information.

1.11. “GDPR” is a legal framework applicable in the EU, Norway, Iceland, Lichtenstein, the UK and Switzerland that sets principles for the collection and Processing (as defined below in Section 1.15) of Personal Data relating to living individuals by Controllers and Processors.

1.12. “HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule, as amended.

1.13. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.1.14. “Participant” is an individual Customer, or a Customer’s User as the context requires or permits as further defined in the privacy policy.

1.14. “Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, as amended.

1.15. “Process” means to take any action or perform any operation or set of operations that the Services are capable of taking or performing on any data, information, or other content, including to collect, receive, input, upload, download, record, reproduce, store, organize, compile, combine, log, catalog, cross-reference, manage, maintain, copy, adapt, alter, translate, or make other derivative works or improvements, process, retrieve, output, consult, use, perform, display, disseminate, transmit, submit, post, transfer, disclose, or otherwise provide or make available, or block, erase, or destroy. “Processing” and “Processed” have correlative meanings.

1.16. “Protected Health Information” has the meaning assigned to it by HIPAA.

1.17. “Provider” means a Customer which offers healthcare services, e.g. doctors, clinics, hospitals, nursing homes, pharmacies, or any similar entity.

1.18. “Resonance Materials” means the Services, Software, specifications, Documentation, and Resonance systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, that are provided or used by Resonance or any Subcontractor (as defined in Section 2.9) in connection with the Services or otherwise comprise or relate to the Services or Resonance systems. For the avoidance of doubt, Resonance Materials include Resultant Data and any information, data, or other content derived from Resonance’s monitoring of Customer’s access to or use of the Services, but do not include Customer Data.

1.19. “Resultant Data” means data and information related to Customer’s use of the Services that is used by Resonance in an aggregate and de-identified or pseudonymized manner, including to compile statistical and performance information related to the provision and operation of the Services. Resultant Data may also include aggregated and de-identified or pseudonymized tabulations and summaries of general patient populations, characteristics, or treatments. Resultant Data excludes Protected Health Information and excludes any data which directly identifies any specific Customer or other person as described in Section 5.6 and is only generated and otherwise Processed as permitted by applicable law, including the GDPR.

1.20. “Security Rule” means the Security Standards for the Protection of electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C, as amended.

1.21. “Services” means the software-as-a-service offerings described in Attachment B.

1.22. “Site Administrator” means an authorized representative of Customer who may obtain an account on behalf of such Customer and may have administrative privileges on the account.

1.23. “SLA” means a service level agreement offered by Resonance, which may be displayed alongside access points to any features of the Software the use of which requires such a service level agreement.

1.24. “Software” means Resonance’s electronic health record services, including Resonance’s electronic medical record services, practice management services, claim management services, registries, scheduling system, clinical trials management system, other operations workflow solutions, and any software product produced and maintained by Resonance and accessed by Customer, including but not limited to Resonance Patient Center, Resonance Study Manager, Resonance Networks, Resonance Knowledge Management System and Resonance Places.

1.25. “Term” is defined in Section 11.1 below.

1.26. “User” means any individual who uses the Software on Customer’s behalf or through Customer’s account or using Customer’s passwords.

2. THE SOFTWARE

2.1. Access and Use of the Software. During the Term, Customer may access and use the Software under the condition that the Customer accepts the terms and conditions of this Agreement, including all attachments hereto, and pursuant to the terms and conditions of any SLA, including such features and functions as the SLA requires. Subject to and conditioned on Customer’s compliance with the terms and conditions of this Agreement, Resonance hereby grants Customer a non-exclusive, non-transferable license to access and use the Services during the Term, solely for use by Customer in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use. Resonance shall provide Customer with the Access Credentials within a reasonable time following the Effective Date.

2.2. Service Levels. Certain features or components of the Software or additional professional services offered by Resonance may require Customer to enter into an SLA in addition to this Agreement. If an accompanying SLA is offered by Resonance, Customer will be presented with the SLA and asked to accept the terms and conditions of the SLA before being granted access to the feature or the professional services. Resonance shall provide the remedies listed in the accepted SLA for any failure of the features or components of the Software or lack of performance of any professional services listed in the SLA. Such remedies are Customer’s sole remedy for any failure of the features or components of the Software or lack of performance of the professional services, and Customer recognizes and agrees that if the SLA does not list a remedy for a given failure, it has no remedy. If applicable, credits issued pursuant to the SLA apply to outstanding or future invoices only and are forfeited upon termination of this Agreement or the SLA. Resonance is not required to issue refunds or to make payments against such credits under any circumstances, including without limitation after termination of this Agreement or the SLA.

2.3. Restrictions on Software Rights. Customer receives no title to, or ownership of any copy of, the Software itself. Furthermore, Customer receives no ownership or right to sub-license the Software. Without limiting the generality of the foregoing, Customer shall not: (a) modify, create derivative works from, distribute, publicly display, or publicly perform the Software; (b) use the Software for service bureau or time-sharing purposes or in any other way allow third parties to exploit the Software; or (c) reverse engineer, decompile, disassemble, or otherwise attempt to derive any of the Software’s source code, unless authorized in writing by Resonance.

2.4. Documentation. Customer may reproduce and use the Documentation solely as necessary to support Customer’s use of the Software or benefit from any professional services.

2.5. Software Revisions. Resonance may, upon giving Customer thirty (30) days prior notice, revise the Software, any features and/or functions at any time, including without limitation by removing such features and/or functions or reducing service levels. If any such revision to the Software materially reduces features and/or functionality provided pursuant to an existing SLA, Customer’s sole remedy is, within forty-five (45) days of its receipt of notice of the revision, to terminate such SLA, without cause, or terminate this Agreement without cause if such SLA is the only one outstanding.

2.6. Third-Party Software. The Software may include certain third-party software, services, data or applications that may require that Customer enters into separate agreements with third parties. We may also make available optional services, either directly or through integrations with the Software, provided by us or third parties, such as billing, electronic prescribing, and clinical laboratory reporting services. You shall comply with and, upon request, execute, any agreements or acknowledgments that may be required for the use of such software or services, and hereby agree to comply with the terms and conditions of any license or other agreement relating to third-party products included in the Software or made accessible to you through the Software. Additionally, any use by the Customer of the Software or of such third-party products or services will constitute Customer’s agreement to be bound by the provisions of all licensing, subscription and similar agreements relating to such use, including those third-party terms and conditions, which in the case of conflict or ambiguity with this Agreement, shall supersede this Agreement.

2.7. Service and System Control. Except as otherwise expressly provided in this Agreement, as between the parties: (a) Resonance has and will retain sole control over the operation, provision, maintenance, and management of the Resonance Materials; and (b) Customer has and will retain sole control over the operation, maintenance, and management of, and all access to and use of, the Customer Systems, and sole responsibility for all access to and use of the Resonance Materials by any person by or through the Customer Systems or any other means controlled by Customer, including any: (i) information, instructions, or materials provided by any of them to the Services or Resonance; (ii) results obtained from any use of the Services or Resonance Materials; and (iii) conclusions, decisions, or actions based on such use.

2.8. Changes. Resonance reserves the right, in its sole discretion, to make any changes to the Services and Resonance Materials that it deems necessary or useful to: (a) maintain or enhance: (i) the quality or delivery of the Services; (ii) the competitive strength of or market for Resonance’s offerings, including the Services; or (iii) the Services’ cost efficiency or performance; or (b) comply with applicable law.

2.9 Subcontractors. Subject to Attachment C (as applicable), Resonance may from time to time in its sole discretion engage third parties to perform the Services or elements thereof (each, a “Subcontractor”). The term “Subcontractor” shall include “Processor” and/or “sub-Processor” as the context demands or permits.

2.10. Suspension or Termination of Services. Resonance may, directly or indirectly, and by use of any lawful means, suspend, terminate, or otherwise deny Customer’s, or any other person’s access to or use of all or any part of the Services or Resonance Materials, without incurring any resulting obligation or liability, if: (a) Resonance receives a judicial or other governmental demand or order, subpoena, or law enforcement request that expressly or by reasonable implication requires Resonance to do so; or (b) Resonance believes, in its sole discretion, that: (i) Customer has failed to comply with any provision of this Agreement, or accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement or in any manner that does not comply with any instruction or requirement of the Resonance Materials (including specifications); (ii) Customer is, has been, or is likely to be involved in any fraudulent, misleading, or unlawful activities; or (iii) this Agreement expires or is terminated. This Section 2.10 does not limit any of Resonance’s other rights or remedies, whether at law, in equity, or otherwise under this Agreement.

3. PAYMENT

3.1. Paid Features. For the Term of this Agreement and unless Customer is otherwise notified by Resonance, the Software is provided free of charge and without financial obligation on Customer’s part, except for any paid features or services which are governed by a subsequent SLA (“Paid Features”). Such Paid Features will be optional and will require Customer’s acceptance of the provisions of an appropriate SLA in addition to this Agreement.

3.2. Other Charges. Customer is responsible for any charges from third parties Customer incurs to use the Software, such as telephone, equipment charges, or fees for internet access, etc., and fees charged by third-party vendors of products and software.

4. CUSTOMER DATA & PRIVACY

4.1. Ownership of Customer Data. The Customer owns all right, title, and interest in all Customer Data.

4.2. Use of Customer Data. Unless otherwise stated herein, Resonance shall: (a) not access, Process, or otherwise use Customer Data other than as necessary to facilitate the Customer’s use of the Software or to generate Resultant Data; (b) not give access to Customer Data to any third party, except Resonance’s employees and/or Subcontractors that have a need for such access to facilitate the Software and are subject to a Business Associate Agreement or other reasonable written agreement governing the use and security of Customer Data; (c) exercise reasonable efforts to prevent unauthorized disclosure or exposure of Customer Data; and (d) comply with all privacy/security laws (including where applicable the GDPR) which apply both specifically to Resonance and generally to Processors in the jurisdictions in which Resonance does business and operates physical facilities, particularly the Security Rule.

4.3. Grant of Customer License. Customer hereby irrevocably grants all such rights and permissions, including licenses as applicable, in or relating to Customer Data as are necessary or useful to Resonance and/or its Subcontractors to enforce this Agreement and exercise Resonance’s and its Subcontractors’ rights and perform Resonance’s and its Subcontractors’ obligations hereunder.

4.5. Privacy Policy. Customer acknowledges Resonance’s privacy policy, and Customer recognizes and agrees that nothing in this Agreement restricts Resonance’s right to alter such privacy policy in so far as permitted by applicable law and regulations. Any Consent sought under the Resonance privacy policy is granted by Customer herein when Customer clicks “Accepted and Agreed To”.

4.6. Erasure. Resonance reserves the right to permanently erase Customer Data if Customer’s account is delinquent, suspended, or terminated for thirty (30) days or more, or if Customer breaches any of the terms or conditions of this Agreement, without limiting Resonance’s other rights or remedies. Customer will be given thirty (30) days’ notice by Resonance before such deletion, and Resonance will make reasonable efforts to provide Customer with a secure export of Customer Data before deletion.

4.7. Required Disclosure. Notwithstanding the provisions above of this Section 4, Resonance may disclose Customer Data as required by judicial or other government demand or order, subpoena or law enforcement request. Where legally permissible, Resonance shall give Customer prompt notice of any such legal or governmental demand and reasonably cooperate with Customer in any effort to seek a protective order or otherwise to contest such required disclosure, at Customer’s sole cost and expense.

4.8. Risk of Exposure. Customer recognizes and agrees that hosting data online involves risks of unauthorized disclosure or exposure and that, in accessing and using the Software, Customer assumes such risks. Resonance offers no representation, warranty, or guarantee that Customer Data will not be exposed or disclosed through errors or the actions of third parties. However, Resonance makes all reasonable and commercial efforts to protect and secure Customer Data according to HIPAA and all other applicable laws and regulations (including the GDPR).

4.9. Data Accuracy. Resonance shall have no responsibility or liability for the accuracy of data uploaded to the Software by Customer, including without limitation Customer Data and any other data uploaded by Customer.

5. CUSTOMER’S RESPONSIBILITIES & RESTRICTIONS

5.1. Provider of Record. Resonance offers the Software and any Paid Features to independent individuals and Providers, and when offered to Providers, to natural persons who are members of the Authorized Workforce of such Providers. When the Software is offered to a Provider or to an individual acting in his capacity as a member of the Authorized Workforce of the Provider, the following terms and conditions apply: (a) we treat the Provider in whose name the account is established as the owner of all Customer’s accounts associated with such Provider, and we call this Provider the “Provider of Record”; (b) the Provider of Record is a party to this Agreement for all purposes and shall be subject to all of the provisions that are applicable to the person addressed as “Customer” in this Agreement; (c) where the GDPR applies, Resonance shall be the Provider of Record’s sub-Processor; (d) although a member of a Provider of Record’s Authorized Workforce may have signed-up for an account or electronically entered into this Agreement, or may continue to administer administrative rights on the Provider of Record’s behalf, only the Provider of Record is entitled to any of the rights, remedies or benefits under this Agreement and control over such administrative rights. The Provider of Record is likewise subject to, and Resonance may enforce against it, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, waivers and releases included in this Agreement; (e) the Provider of Record may delegate administrative rights to one or more members of the Provider of Record’s Authorized Workforce, but the Provider of Record remains responsible for all activity occurring thereunder. If an individual Customer of the account is not associated with a Provider, then he or she receives all the benefits and accepts the burdens of the Customer in this Agreement.

5.2 Customer Systems and Cooperation. Customer shall at all times during the Term: (a) set up, maintain, and operate in good repair and in accordance with the Resonance specifications all Customer Systems on or through which the Services are accessed or used; (b) provide Resonance with such access to Customer’s premises and Customer Systems as is necessary for Resonance to perform the Services; and (c) provide all cooperation and assistance as Resonance may reasonably request to enable Resonance to exercise its rights and perform its obligations under and in connection with this Agreement.

5.3 Effect of Customer Failure or Delay. Resonance is not responsible or liable for any delay or failure of performance caused in whole or in part by Customer’s delay in performing, or failure to perform, any of its obligations under this Agreement.

5.5 Data Backup. The Services do not replace the need for Customer to maintain regular data backups or redundant data archives. RESONANCE HAS NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION, OR RECOVERY OF CUSTOMER DATA.

5.6 Customer Control and Responsibility. Customer has and will retain sole responsibility for: (a) all Customer Data, including its content and use; (b) all information, instructions, and materials provided by or on behalf of Customer in connection with the Services; (c) Customer’s information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services; (d) the security and use of Customer’s Access Credentials; and (e) all access to and use of the Services and Resonance Materials directly or indirectly by or through Customer Systems or its or its Users’ Access Credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.

5.7 Access and Security. Customer shall employ all physical, administrative, and technical controls, screening, and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Software; and (b) control the content and use of Customer Data, including the uploading or other provision of Customer Data for Processing by the Services.

5.8. Site Administrator. If you are establishing an account or taking any action with respect to a Provider’s account, you represent, warrant and undertake that: (a) you have the authority to act on such Provider’s behalf either as owner/principal or as a member of such Provider’s Authorized Workforce; (b) the information you submit is complete and accurate; and (c) you have the authority to enter into this Agreement on behalf of such Provider and its customers and bind such Provider to the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, grants, waivers and releases contained in this Agreement. If you are a Site Administrator working on behalf of a Provider, you recognize that you have no personal rights with respect to such Provider’s account, and that such Provider may change the Site Administrator at any time, for any or no reason, with or without notice. The Provider, User, and/or Site Administrator may be the same person.

5.9. Authorized Workforce. If you are a member of a Provider’s Authorized Workforce, and such Provider has authorized you to access the Software on its behalf by authorizing an account for you, then you are authorized under this Agreement to access the Software solely on behalf and at the direction of such Provider. As such, you may sign in and use the functionality of the Software solely on behalf of and at the direction of such Provider. You Consent to and authorize the disclosure to such Provider of any content related to, or otherwise generated by your use of the Software, including secure messages. You hereby agree and acknowledge that you are subject to, and Resonance may enforce against you, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations and warranties set forth in this Agreement that are applicable to the person addressed as “you” in this Agreement, and you hereby grant and make all rights, waivers and releases set forth in this Agreement that are granted and made by the person addressed as “you” in this Agreement, but you are entitled to none of, and hereby waive and agree not to exercise or assert any of, the rights, remedies or benefits under this Agreement other than the limited, non-exclusive, non-transferable, personal right under this Agreement to sign in and use the functionality of the Software solely on behalf and direction of such Provider. You acknowledge that your access to the Software may be terminated by the Provider or us at any time, for any reason or no reason at all, with or without notice. By: (a) accessing any of the Software under a Provider’s account(s); or (b) contacting us by any means and requesting or directing us to take any action with respect to any Provider’s account(s) or data Processed in relation to such account(s); or (c) asserting any right or authority with respect to such account(s) or data, you represent and warrant that you have the authority to act on such Provider’s behalf and that you are not using the Software, or otherwise engaging in the activities described in clauses (a) through (c) above, for the benefit or at the direction of any person or entity other than such Provider or its customer, including yourself.

5.10. Access and Acceptable Use. Customer shall not: (a) provide Software passwords or other log-in information to any third-party; (b) share non-public Software features or content with any third-party; or (c) engage in web scraping or data scraping on or related to the Software, including without limitation collection of information through any software that simulates human activity or any bot or web crawler. If Resonance suspects any breach of the requirements of this Section 5.10 by Customer, including without limitation by Users, Resonance may suspend Customer’s access to the Software without advanced notice, in addition to such other remedies as Resonance may have. This Agreement does not require that Resonance take any action against Customer (including without limitation any User) or other third-party for violating this Agreement, or this Section 5.10, but Resonance is free to take any such action in its sole discretion.

5.11. Unauthorized Access. Customer shall notify Resonance immediately of any known or suspected unauthorized use of the Software or breach of its security and shall use its best efforts to stop said breach. Customer acknowledges that, while the Software will contain certain technical safeguards against misuse of the Software, the Software will rely to a substantial extent on the representations and undertakings of Customer. You agree that Resonance will not be responsible for any unlawful access to or use of Customer Data by any User resulting from the User’s misrepresentation to us, or breach by the User of this Agreement.

5.12. Other Access. You authorize Resonance, as your Business Associate (and where applicable yourSubcontractor), to provide the following: (a) unrestricted access to Customer Data to you and your Users; and (b) access to Customer Data by your patients to whom you have enabled access through the Software, including Resonance Patient Center, Resonance Patient Portal, or related products. Resonance will also permit access to Customer Data by health care providers, Covered Entities and their Business Associates to whom you have Consented to provide access to the Software and Customer Data and who have otherwise agreed to integrate with Resonance’s systems. We will obtain your Consent before we make Customer Data available to other Providers, Covered Entities, and their respective Business Associates. Customer acknowledges that once Resonance has granted access rights to another Provider or Covered Entity (or their respective Business Associates) with your Consent, Resonance has no control over the uses and disclosures that such person or entity makes of Customer Data, and the recipient may be subject to its own legal or regulatory obligations (including HIPAA or GDPR) to retain such information and make such information available to patients, judicial, law enforcement or governmental authorities and others as required by applicable law or regulation. Resonance may use and you give us your Consent to use and/or warrant, represent and undertake that you have your customers’ and/or your or their Data Subjects’ Consent to Resonance’s use of Resultant Data to prepare analyses and reports, such as activity or quality-metrics reports, or any other reports the Software makes available, in order to render these reports to you and/or other customers or for any of the purposes described in our privacy policy. Preparation of such an¬alyses and reports may include the use of data aggregation software relating to your treatment and health care operations, which we may perform using Customer Data. Such analyses and reporting will be done in a manner that does not make any disclosure of directly identifiable Customer Data to which you have not agreed and in any case makes no disclosure of Protected Health Information or Personal Data contrary to the GDPR.

5.13. Administrative Access. You authorize Resonance to use Customer Data for the proper management and administration of the Software and our business, and to carry out our legal responsibilities or responsibilities to which you have already agreed in a separate agreement or SLA. Without limiting the foregoing, Resonance may permit access to the Resonance systems by our contracted approved Subcontractors, system developers or employed system developers under appropriate confidentiality and Business Associate agreements. You acknowledge that in granting access to the Software for the proper management and administration of the Software and our business we will rely on the assurances of the recipients of the information as to: (a) their identity and credentials; (b) the purposes for which they are accessing the system; and (c) the nature and extent of the information to which they will have access.

5.14. Clinical Decision-making Tools and Other Information Provided by the Software. Resonance may provide information to assist you in clinical decision-making. This may include information and reminders concerning drug interactions, allergies, dosages, as well as general health-care related information and resources. Resonance may also provide forums for our customers to exchange information. You agree that the information and materials available through the Software are for informational and educational purposes only and are not intended to constitute professional or medical advice, diagnosis or treatment, or to substitute for your professional judgment. You assume full risk and responsibility for the use of information you obtain from or through the Software, and neither we nor any of our licensors or data providers are responsible or liable for any claim, loss, or liability arising from use of the information. Resonance does not recommend or endorse any such provider of health care or health-related products, items or other software, and the appearance of materials in the Software relating to any such products, items or other software is not an endorsement or recommendation of them. You shall review the definitions, functionality, and limitations of the Software, products, items or other software and make an independent determination of their suitability for your use. Resonance and our suppliers and licensors disclaim all warranties, whether expressed or implied, including any warranty as to the quality, accuracy, and suitability of the information provided by the Software, products, items or other software for any purpose.

5.16. Non-permitted Uses. You shall not: (a) reproduce, publish, or distribute content in connection with the Software that infringes any third-party’s trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right; (b) use the Software to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material. In addition, to further safeguard the confidentiality, integrity and availability of the information and other elements housed in the Software, as well as the stability of the Software, you agree you shall not, nor attempt to, or authorize anyone to, or attempt to: (c) (i) abuse or misuse the Software, including gaining or attempting to gain unauthorized access to the Software, or altering or destroying information housed in the Software; (ii) use the Software in a manner that interferes with other customers’ use of the Software; (iii) use the Software in any manner that violates this Agreement; or (iv) violate any local, national, or international law or regulation; (d) circumvent any technical measures we have put in place to safeguard the Software or the confidentiality, integrity or accessibility of any information (including Personal Data and Protected Health Information) housed thereon, or any technical measures we have put in place to restrict access to the Software solely to the class of persons expressly so authorized pursuant to this Agreement; and (e) access any portion of the Software other than with a commercial browser (such as Internet Explorer, Mozilla Firefox or Chrome) or mobile applications developed and operated by us.

5.17. Compliance with Laws. In its use of the Software, Customer shall comply with all applicable laws and regulations, including without limitation privacy/security laws including where applicable HIPAA and/or the GDPR.

5.18. Users & Software Access. Customer is responsible and liable for: (a) its Users’ use of the Software, including without limitation unauthorized User conduct and any User conduct that would violate the requirements of this Agreement applicable to Customer; (b) any use of the Software through Customer’s account, whether authorized or unauthorized; and (c) any instructions it issues to Resonance.

6. IP & FEEDBACK

6.1. IP Rights to the Software. Resonance retains all right, title, and interest in and to the Resonance Materials, including without limitation all software used to provide the Software and all graphics, user interfaces, logos, and trademarks reproduced through the Software. This Agreement does not grant Customer any intellectual property license or rights in or to the Software or any of its components, except to the limited extent that such rights are necessary for Customer’s use of the Resonance Materials as specifically authorized by this Agreement in Section 2.1. Customer recognizes that the Software and its components and the Resonance Materials are protected by copyright and other laws.

6.2. Feedback. Resonance has not agreed to and does not agree to treat as confidential any Feedback (as defined below) that Customer, Customer’s clients, or Users give Resonance (“Respondent”), and nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Resonance’s right to use, profit from, disclose, publish, keep secret, or otherwise exploit Feedback, without compensating or crediting the Respondent. Feedback will not be considered Respondent’s trade secret. “Feedback” refers to any suggestion or idea for improving or otherwise modifying any of Resonance’s products or services but does not include testimonials as described in the privacy policy.

7. CONFIDENTIAL INFORMATION

7.1. Confidential Information. From time to time during the Term of this Agreement, either party (as the “Discloser”) may disclose or make available to the other party (as the “Recipient”) information about its business affairs, products, services, confidential intellectual property, trade secrets, third-party confidential information and other sensitive or proprietary information (such as patient information or Personal Data), whether orally or in visual, written, electronic, or other form or media, and whether or not marked, designated, or otherwise identified as “confidential” (collectively, “Confidential Information”). Confidential Information shall not include information that, at the time of disclosure: (a) is or becomes generally available to the public other than as a result of any breach of this Section 7 by the Recipient or any of its Representatives (as defined in Section 7.2 below); (b) is obtained by the Recipient or its Representatives on a non-confidential basis from a third-party that, to the Recipient’s knowledge, was not legally or contractually restricted from disclosing such information; (c) the Recipient establishes by documentary evidence, was in the Recipient’s or its Representatives’ possession prior to disclosure by the Discloser hereunder; (d) the Recipient establishes by documentary evidence, was or is independently developed by the Recipient or its Representatives without using of any of the Discloser’s Confidential Information; or (e) is required to be disclosed under applicable federal, state, or local law, regulation, or a valid order issued by a court or governmental agency of competent jurisdiction. The Recipient shall protect and safeguard the confidentiality of the Discloser’s Confidential Information with at least the same degree of care as the Recipient would protect its own Confidential Information, but in no event with less than a commercially reasonable degree of care. The Recipient shall be responsible for any breach of this Section 7 caused by any of its Representatives. In addition to all other remedies available at law, the Discloser shall be entitled to seek specific performance and injunctive and other equitable relief as a remedy for any breach or threatened breach of this Section 7.

7.2. Nondisclosure. Neither party shall use Confidential Information for any purpose other than to facilitate the arrangements contemplated by this Agreement (the “Purpose”). Neither party: (a) shall disclose Confidential Information to any employee, contractor or Subcontractor of the Recipient (“Representative”) unless such person needs access in order to facilitate the Purpose and executes a nondisclosure agreement with the Discloser with terms no less restrictive than those of this Section 7; and (b) shall disclose Confidential Information to any other third-party without Discloser’s prior written consent. Recipient shall promptly notify Discloser of any misuse or misappropriation of Confidential Information that comes to Recipient’s attention. Notwithstanding the foregoing, Recipient may disclose Confidential Information as required by applicable law or by proper legal or governmental authority. Recipient shall give Discloser prompt notice of any such legal or governmental demand and reasonably cooperate with Discloser in any effort to seek a protective order or otherwise to contest such required disclosure, at Discloser’s sole cost and expense.

7.3. Compelled Disclosures. If the Recipient or any of its Representatives is compelled by applicable law to disclose any Confidential Information then, to the extent permitted by applicable law, the Recipient shall: (a) promptly, and prior to such disclosure, notify the Discloser in writing of such requirement so that the Discloser can seek a protective order or other remedy or waive its rights under this Section 7; and (b) provide reasonable assistance to the Discloser, at Discloser’s sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Discloser waives compliance or, after providing the notice and assistance required under this Section 7.3, the Recipient remains required by law to disclose any Confidential Information, the Recipient shall disclose only that portion of the Confidential Information that Recipient is legally required to disclose and, on the Discloser’s request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Confidential Information will be afforded confidential treatment.

7.4. Termination & Return. With respect to each item of Confidential Information, the obligations of Section 7.2 above will not terminate. Upon termination of this Agreement (howsoever occasioned), Recipient shall return all copies of Confidential Information to the Discloser or certify, in writing, the destruction thereof.

7.5. Injunction. Each party agrees that: (a) no adequate remedy exists at law if it breaches any of its obligations in this Section 7; (b) it would be difficult to determine the damages resulting from its breach of this Section 7, and such breach would cause irreparable harm to the other party; and (c) a grant of injunctive relief provides the best remedy for any such breach, without any requirement that Discloser prove actual damage or post a bond or other security. Both parties waive any opposition to such injunctive relief or any right to such proof, bond, or other security. Discloser’s remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise. This Section 7.5 does not limit either party’s right to injunctive relief for breaches not listed.

7.6. Retention of Rights. This Agreement does not transfer ownership of Confidential Information or grant a license thereto. Each Discloser will retain all right, title, and interest in and to all Confidential Information.

8. REPRESENTATIONS & WARRANTIES

8.1. From Resonance. Resonance represents and warrants that it is the owner of the Software and of each and every component thereof, or the recipient of a valid license thereto, and that it has and will maintain the full power and authority to grant the rights to use the Software set forth in this Agreement without the further consent of any third-party. Resonance’s representations and warranties in the preceding sentence do not apply to use of the Software in combination with hardware or software not provided by Resonance. In case of breach of the warranty above in this Section 8.1, Resonance, at its sole cost and expense, shall promptly: (a) secure for Customer the right to continue using the Software; (b) replace or modify the Software to make it non-infringing; or if such remedies are not commercially practical in Resonance’s reasonable opinion; (c) refund the fees paid for the Software for every month remaining in the then-current Term following the date after which the Customer’s access to the Software ceases as a result of such breach of warranty. If Resonance exercises its rights pursuant to Subsection 8.1(c), Customer shall promptly cease all use of the Software and all reproduction and use of the Resonance Materials and erase all copies in its possession or control. This Section 8.1, in conjunction with Customer’s right to terminate this Agreement where applicable, states Customer’s sole remedy and Resonance’s entire liability for breach of the representation and warranty in this Section 8.1.

8.2. From Customer. Customer represents, warrants and undertakes that: (a) it has the full right and authority to enter into, execute, and perform its obligations under this Agreement and that no pending or threatened claim or litigation known to it would have a material adverse impact on its ability to perform as required by this Agreement; (b) it has the full right and authority to grant the Consents given in this Agreement or the privacy policy and/or otherwise appoint Resonance as its Processor or sub-Processor where applicable pursuant to the GDPR; (c) it has accurately identified itself and it has not provided any inaccurate information about itself to or through the Software; (d) Customer owns or otherwise has and shall have the necessary rights and Consents in and relating to the Customer Data so that, as received by Resonance and Processed in accordance with this Agreement (including the generation of Resultant Data), the Customer Data do not and shall not infringe, misappropriate, or otherwise violate any intellectual property rights, or any privacy, data protection, confidentiality or other rights of any third-party or violate any applicable law or regulation; and (e) it is a corporation, the sole proprietorship of an individual 18 years or older, or another entity authorized to do business pursuant to applicable law.

8.3. Warranty Disclaimers. Except to the extent set forth in any SLA and in Section 8.1, CUSTOMER ACCEPTS THE SOFTWARE “AS IS,” WITH NO REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING: (A) RESONANCE HAS NO OBLIGATION TO INDEMNIFY OR DEFEND CUSTOMER OR USERS AGAINST CLAIMS RELATED TO INFRINGEMENT OF INTELLECTUAL PROPERTY; (B) RESONANCE DOES NOT REPRESENT OR WARRANT THAT THE SOFTWARE WILL PERFORM WITHOUT INTERRUPTION OR ERROR; AND (C) RESONANCE DOES NOT REPRESENT, WARRANT OR UNDERTAKE THAT THE SOFTWARE IS SECURE FROM HACKING OR OTHER UNAUTHORIZED INTRUSION OR THAT CUSTOMER DATA WILL REMAIN PRIVATE OR SECURE.

9. INDEMNIFICATION

9.1 Indemnification. Customer shall defend, indemnify, and hold harmless Resonance, its Subcontractors and the Resonance Associates (as defined below) against any “Indemnified Claim,” meaning any third-party claim, suit, or proceeding arising out of or related to Customer’s alleged or actual use of, misuse of, or failure to use the Software, including without limitation, claims: (a) by Users or by Customer’s employees, as well as by Customer’s own customers or patients; (b) related to Data Incidents (as defined below); (c) related to infringement or violation of a copyright, trademark, trade secret, or privacy, data protection or confidentiality right by written material, images, logos or other content uploaded to the Software through Customer’s account, including without limitation by Customer Data; (d) that use of the Software through Customer’s account, including by Users, harasses, defames, or defrauds a third-party or violates the CAN-Spam Act of 2003 or any other law or restriction on electronic advertising; (e) that arise out of or result from, or are alleged to arise out of or result from Customer Data, including any Processing of Customer Data by or on behalf of Resonance in accordance with this Agreement (including the generation of Resultant Data); (f) that arise out of or result from, or are alleged to arise out of or result from any other materials or information (including any documents, data, specifications, software, content, or technology) provided by or on behalf of Customer, including Resonance’s compliance with any specifications or directions provided by or on behalf of Customer or any User to the extent prepared without any contribution by Resonance; (g) that arise out of or result from, or are alleged to arise out of or result from allegation of facts that, if true, would constitute Customer’s breach of any of its representations, warranties, covenants, undertakings or obligations under this Agreement; and (h) that arise out of or result from, or are alleged to arise out of or result from negligence or more culpable act or omission (including recklessness or willful misconduct) by Customer, any User, or any third-party on behalf of Customer or any User, in connection with this Agreement. Customer’s obligations set forth in this Section 9 include, without limitation: (a) settlement at Customer’s sole cost and expense and payment of judgments finally awarded by a court of competent jurisdiction, as well as payment of court costs and other reasonable expenses; and (b) reimbursement of reasonable attorneys’ fees incurred before Customer’s assumption of the defense (but not attorneys’ fees incurred thereafter). If Customer fails to assume the defense on time to avoid prejudicing the defense, Resonance may defend the Indemnified Claim, without loss of rights pursuant to this Section 9. Resonance shall have the right, not to be exercised unreasonably, to reject any settlement or compromise that requires that it or a Resonance Associate to admit wrongdoing or liability or subjects either of them to any ongoing affirmative obligation. (“Resonance Associates” are Resonance’s officers, directors, shareholders, parents, subsidiaries, agents, successors, and assigns. A “Data Incident” is any: (a) unauthorized disclosure of, access to, or use of Customer Data; or (b) violation of data protection, confidentiality, Privacy/Security Rule (including where applicable the GDPR) through Customer’s account. Data Incidents include, without limitation, such events caused by Customer, by Resonance, by Customer’s clients or other users, by hackers, and by any other third-party.)

9.2 Indemnification Procedure. Resonance (the “Indemnitee”) will notify Customer (the “Indemnitor”) in writing of any Indemnified Claim for which Resonance believes it is entitled to be indemnified pursuant to Section 9.1. Indemnitee shall cooperate with the Indemnitor at the Indemnitor’s sole cost and expense. The Indemnitor shall promptly assume control of the defense and shall employ counsel reasonably acceptable to the Indemnitee to handle and defend the same, at the Indemnitor’s sole cost and expense. The Indemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. The Indemnitor shall not settle any Indemnified Claim on any terms or in any manner that adversely affects the rights of the Indemnitee without the Indemnitee’s prior written consent. If the Indemnitor fails or refuses to assume control of the defense of such Indemnified Claim, the Indemnitee shall have the right, but no obligation, to defend against such Indemnified Claim, including settling such Indemnified Claim after giving notice to the Indemnitor, in each case in such manner and on such terms as the Indemnitee acting in its sole discretion may deem appropriate. The Indemnitee’s failure to perform any obligations under this Section 9.2 shall not relieve the Indemnitor of its obligations under this Section 9, except to the extent that the Indemnitor can demonstrate that it has been materially prejudiced as a result of such failure.

10. LIMITATION OF LIABILITY

10.1. General Limitation. IN NO EVENT SHALL RESONANCE OR ANY OF ITS LICENSORS, SERVICE PROVIDERS, SUBCONTRACTORS OR SUPPLIERS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (A) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (B) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION, OR DELAY OF THE SERVICES; (C) LOSS, DAMAGE, CORRUPTION, OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (D) COST OF REPLACEMENT GOODS OR SERVICES; (E) LOSS OF GOODWILL OR REPUTATION; OR (F) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE. Customer is solely responsible for any and all acts or omissions taken or made in reliance on the Services or the information in the Services, including inaccurate or incomplete information. Resonance disclaims any and all liability for erroneous transmissions and loss of service resulting from communication failures by telecommunication service providers or the Services.

10.2. Excluded Damages. Except with regard to breaches of Section 7, IN NO EVENT SHALL RESONANCE BE LIABLE FOR LOST PROFITS OR LOSS OF BUSINESS OR FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT.

10.3. Clarifications & Disclaimers. THE LIABILITIES LIMITED BY THIS SECTION 10 APPLY TO THE BENEFIT OF RESONANCE’S ASSOCIATES, AND SUBSONTRACTORS AS WELL AS: (A) TO LIABILITY FOR NEGLIGENCE; (B) REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT PRODUCT LIABILITY, OR OTHERWISE; (C) EVEN IF RESONANCE IS ADVISED IN ADVANCE OF THE POSSIBILITY OF THE DAMAGES IN QUESTION AND EVEN IF SUCH DAMAGES WERE FORESEEABLE; AND (D) EVEN IF CUSTOMER’S REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE. Customer acknowledges and agrees that Resonance has based its pricing (or absence thereof) on and entered into this Agreement in reliance upon the limitations of liability and disclaimers of warranties and damages in this Section 10 and that such provisions form an essential basis of the bargain between the parties. If applicable law limits the application of the provisions of this Section 10, Resonance’s liability shall be limited to the maximum extent permissible. For the avoidance of doubt, Resonance’s liability limits and other rights set forth in this Section 10 apply likewise to Resonance’s Associates, affiliates, licensors, suppliers, advertisers, sponsors, consultants, Subcontractors and other Representatives.

11. TERM & TERMINATION

11.1. Term. The initial term of this Agreement shall commence on the date Customer “signs up” for or accesses the Software and continues automatically until terminated as provided in this Section 11.

11.2. Termination for Cause. Either party may terminate this Agreement for the other’s material breach by written notice specifying in detail the nature of the breach, effective in thirty (30) days unless the other party first cures such breach, or effective immediately if the breach is not subject to cure.

11.3. Effects of Termination. Upon termination of this Agreement, Customer shall cease all use of the Software and delete, destroy, or return all copies of the Resonance Materials in its possession or control. The following provisions will survive termination or expiration of this Agreement: (a) any obligation of Customer to pay fees incurred before termination; (b) Sections 6 (IP & Feedback), 7 (Confidential Information), 8.3 (Warranty Disclaimers), 9 (Indemnification), and 10 (Limitation of Liability); and (c) any other provision of this Agreement that must survive to fulfill its essential purpose.

12. MISCELLANEOUS

12.1. Relationship of the Parties. The parties are independent contractors and shall so represent themselves in all regards. Neither party is the agent of the other, and neither may make commitments on the other’s behalf.

12.2. Public Announcements. Neither party shall issue or release any announcement, statement, press release, or other publicity or marketing materials relating to this Agreement or, unless expressly permitted under this Agreement, otherwise use the other party’s trademarks, service marks, trade names, logos, domain names, or other indicia of source, association, or sponsorship, in each case, without the prior written consent of the other party, which consent shall not be unreasonably withheld, provided, however, that Resonance may, without Customer’s consent, include Customer’s name and other indicia in its lists of Resonance’s current or former customers of Resonance in promotional and marketing materials.

12.3. Interpretation. The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted. The attachments, and addenda referred to herein are an integral part of this Agreement (as appropriate) to the same extent as if they were set forth verbatim herein.

12.4. Headings. The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.

12.5. No Third-Party Beneficiaries. This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other person any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.

12.6. Attorneys’ Fees. In the event that any action, suit, or other legal or administrative proceeding is instituted or commenced by either party against the other party arising out of or related to this Agreement, the prevailing party is entitled to recover its reasonable attorneys’ fees and court costs from the non-prevailing party.

12.7. Notices. Resonance may send notices pursuant to this Agreement to Customer’s email contact points provided by Customer, and such notices will be deemed received twenty-four (24) hours after they are sent. Customer may send notices pursuant to this Agreement to legal@resonancehealth.org, and such notices will be deemed received seventy-two (72) hours after they are sent.

12.8. Force Majeure. No delay, failure, or default, other than a failure to pay any fees when due, will constitute a breach of this Agreement to the extent caused by acts of war, terrorism, hurricanes, earthquakes, epidemics, other acts of God or of nature, strikes or other labor disputes, riots or other acts of civil disorder, embargoes, government orders responding to any of the foregoing, or other causes beyond the performing party’s reasonable control (a “Force Majeure event”). In the event of any failure or delay caused by a Force Majeure event, the affected party shall give prompt written notice to the other party stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure event.

12.9. Assignment & Successors. Customer may not assign this Agreement or any of its rights or obligations hereunder without Resonance’s express written consent. Except to the extent forbidden in this Section 12.9, this Agreement shall be binding upon and inure to the benefit of the parties’ respective successors and assigns.

12.10. Severability. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision shall be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement shall continue in full force and effect.

12.11. No Waiver. Neither party shall be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than by an authorized representative in an explicit written waiver. No waiver of a breach of this Agreement shall constitute a waiver of any other breach of this Agreement.

12.12. Choice of Law & Jurisdiction. This Agreement and all claims arising out of or related to this Agreement shall be governed solely by the internal laws of the State of Tennessee, including without limitation applicable federal law, without reference to: (a) any conflicts of law principle that would apply the substantive laws of another jurisdiction to the parties’ rights or duties; (b) the 1980 United Nations Convention on Contracts for the International Sale of Goods; or (c) other international laws. The parties consent to the personal and exclusive jurisdiction of the federal and state courts of Shelby County, Tennessee. This Section 12.12 governs all claims arising out of or related to this Agreement, including without limitation tort claims.

12.13. Conflicts. In the event of any conflict between this Agreement Sections 1-12 (inclusive) and any: (a) Resonance policy posted online, including without limitation the Cookie Policy and privacy policy, subject to Section 4.5, the provisions of this Agreement shall govern; and (b) Attachment or Addendum, the provisions of the Attachment shall govern.

12.14. Technology Export. Customer shall not: (a) permit any third-party to access or use the Software in violation of any U.S. law or regulation; or (b) export any software provided by Resonance or otherwise remove it from the United States except in compliance with all applicable U.S. laws and regulations. Without limiting the generality of the foregoing, Customer shall not permit any third-party to access or use the Software in, or export such Software to, a country subject to a United States embargo (as of the Effective Date including, Cuba, Iran, North Korea, Sudan, and Syria).

12.15. Entire Agreement. This Agreement, together with any Attachments, Addenda or any other documents incorporated herein by reference, sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to its subject matter. Neither party has relied upon any such prior or contemporaneous communications.

12.16. Amendment. Resonance may amend this Agreement from time to time by posting an amended version at its website and sending Customer written notice thereof. Such amendment shall be deemed accepted and become effective thirty (30) days after such notice (the “Proposed Amendment Date”) unless Customer first gives Resonance written notice of rejection of the amendment. In the event of such rejection, this Agreement shall continue under its original provisions, and the amendment shall become effective at the start of Customer’s next Term following the Proposed Amendment Date (unless Customer first terminates this Agreement pursuant to Section 11). Customer’s continued use of the Software following the effective date of an amendment shall confirm Customer’s Consent thereto. This Agreement may not be amended in any other way except through a written agreement by authorized representatives of each party. Resonance may revise the Cookie Policy and privacy policy at any time by posting a new version of either at the website, and such new version shall become effective on the date it is posted; provided if such amendment materially reduces Customer’s rights or protections, notice and consent shall be subject to the requirements above in this Section 12.16.

Attachment A: Business Associate Addendum

A.1. PREAMBLE AND DEFINITIONS.

This addendum is relevant for Customers who are subject to the jurisdiction of HIPAA and defined as a Covered Entity in HIPAA.

A.1.1. Pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), Customer (“Covered Entity”) and Resonance, or any of its corporate affiliates (“Business Associate”), a Tennessee corporation, enter into this Business Associate Agreement (“BAA”) as of the Effective Date as defined in the General Terms and Conditions of Service, that addresses the HIPAA requirements with respect to “business associates,” as defined under the privacy, security, breach notification, and enforcement rules at 45 C.F.R. Part 160 and Part 164 (“HIPAA Rules”). A reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended.

A.1.2. This BAA is intended to ensure that Business Associate will establish and implement appropriate safeguards for the Protected Health Information (“PHI”) (as defined under the HIPAA Rules) that Business Associate may receive, create, maintain, use, or disclose in connection with the functions, activities, and services that Business Associate performs for Covered Entity. The functions, activities, and services that Business Associate performs for Covered Entity are defined in the General Terms and Conditions of Service (the “Underlying Agreement”).

A.1.3. Pursuant to changes required under the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”) and under the American Recovery and Reinvestment Act of 2009 (“ARRA”), this BAA also reflects federal breach notification requirements imposed on Business Associate when “Unsecured PHI” (as defined under the HIPAA Rules) is acquired by an unauthorized party, and the expanded privacy and security provisions imposed on business associates.

A.1.4. Unless the context clearly indicates otherwise, the following terms in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, disclosure, Electronic Media, Electronic Protected Health Information (ePHI), Health Care Operations, individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured PHI, and use.

A.1.5. A reference in this BAA to the Privacy Rule means the Privacy Rule, in conformity with the regulations at 45 C.F.R. Parts 160-164 (the “Privacy Rule”) as interpreted under applicable regulations and guidance of general application published by HHS, including all amendments thereto for which compliance is required, as amended by the HITECH Act, ARRA, and the HIPAA Rules.

A.2. GENERAL OBLIGATIONS OF BUSINESS ASSOCIATE.

A.2.1. Business Associate agrees not to use or disclose PHI, other than as permitted or required by this BAA or as Required By Law, or if such use or disclosure does not otherwise cause a Breach of Unsecured PHI.

A.2.2. Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI, to prevent the use or disclosure of PHI other than as provided for by the BAA.

A.2.3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result of a use or disclosure of PHI by Business Associate in violation of this BAA’s requirements or that would otherwise cause a Breach of Unsecured PHI.

A.2.4. The Business Associate agrees to the following breach notification requirements:

Business Associate agrees to report to Covered Entity any Breach of Unsecured PHI not provided for by the BAA of which it becomes aware within 90 calendar days of “discovery” within the meaning of the HITECH Act. Such notice shall include the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed in connection with such Breach. Business Associate also shall provide any additional information reasonably requested by Covered Entity for purposes of investigating the Breach and any other available information that Covered Entity is required to include to the individual under 45 C.F.R. § 164.404(c) at the time of notification or promptly thereafter as information becomes available. Business Associate’s notification of a Breach of Unsecured PHI under this Section shall comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of ARRA, the HIPAA Rules, and related guidance issued by the Secretary or the delegate of the Secretary from time to time.
In the event of Business Associate’s use or disclosure of Unsecured PHI in violation of HIPAA, the HITECH Act, or ARRA, Business Associate bears the burden of demonstrating that notice as required under this Section 2.4 was made, including evidence demonstrating the necessity of any delay, or that the use or disclosure did not constitute a Breach of Unsecured PHI.

A.2.5. Business Associate agrees, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.

A.2.6. Business Associate agrees to make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524.

Business Associate agrees to comply with an individual’s request to restrict the disclosure of their personal PHI in a manner consistent with 45 C.F.R. § 164.522, except where such use, disclosure, or request is required or permitted under applicable law.
Business Associate agrees to charge fees related to providing individuals access to their PHI in accordance with 45 C.F.R. § 164.524(c)(4).
Business Associate agrees that when requesting, using, or disclosing PHI in accordance with 45 C.F.R. § 164.502(b)(1) that such request, use, or disclosure shall be to the minimum extent necessary, including the use of a “limited data set” as defined in 45 C.F.R. § 164.514(e)(2), to accomplish the intended purpose of such request, use, or disclosure, as interpreted under related guidance issued by the Secretary from time to time.

A.2.7. Business Associate agrees to make any amendments to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. § 164.526, or to take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526.

A.2.8. Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528.

A.2.9. Business Associate agrees to make its internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and Breach of any Unsecured PHI received from Covered Entity, or created or received by the Business Associate on behalf of Covered Entity, available to Covered Entity (or the Secretary) for the purpose of Covered Entity or the Secretary determining compliance with the Privacy Rule (as defined in Section 1.5).

A.2.10. To the extent that Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).

A.2.11. Business Associate agrees to account for the following disclosures:

Business Associate agrees to maintain and document disclosures of PHI and Breaches of Unsecured PHI and any information relating to the disclosure of PHI and Breach of Unsecured PHI in a manner as would be required for Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
Business Associate agrees to provide to Covered Entity, or to an individual at Covered Entity’s request, information collected in accordance with this Section 2.11, to permit Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
Business Associate agrees to account for any disclosure of PHI used or maintained as an Electronic Health Record (as defined in Section 5) (“EHR”) in a manner consistent with 45 C.F.R. § 164.528 and related guidance issued by the Secretary from time to time; provided that an individual shall have the right to receive an accounting of disclosures of EHR by the Business Associate made on behalf of the Covered Entity only during the three years prior to the date on which the accounting is requested from the Covered Entity.
In the case of an EHR that the Business Associate acquired on behalf of the Covered Entity as of January 1, 2009, paragraph (c) above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after January 1, 2014. In the case of an EHR that the Business Associate acquires on behalf of the Covered Entity after January 1, 2009, paragraph (c) above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after the later of January 1, 2011, or the date that it acquires the EHR.

A.2.12. Business Associate agrees to comply with the “Prohibition on Sale of Electronic Health Records or Protected Health Information,” as provided in Section 13405(d) of Subtitle D (Privacy) of ARRA, and the “Conditions on Certain Contacts as Part of Health Care Operations,” as provided in Section 13406 of Subtitle D (Privacy) of ARRA and related guidance issued by the Secretary from time to time.

A.2.13. Business Associate acknowledges that, effective on the Effective Date of this BAA, it shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended, for failure to comply with any of the use and disclosure requirements of this BAA and any guidance issued by the Secretary from time to time with respect to such use and disclosure requirements.

A.3. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE.

A.3.1. General Uses and Disclosures. Business Associate agrees to receive, create, use, or disclose PHI only in a manner that is consistent with this BAA, the Privacy Rule, or Security Rule (as defined in Section 5), and only in connection with providing services to Covered Entity; provided that the use or disclosure would not violate the Privacy Rule, including 45 C.F.R. § 164.504(e), if the use or disclosure would be done by Covered Entity. For example, the use and disclosure of PHI will be permitted for “treatment, payment, and health care operations,” in accordance with the Privacy Rule.

A.3.2. Business Associate may use or disclose PHI as Required By Law.

A.3.3. Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity’s Minimum Necessary policies and procedures.

A.3.4. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by the Covered Entity.

A.4. OBLIGATIONS OF COVERED ENTITY.

A.4.1 Covered Entity shall:

Provide Business Associate with the Notice of Privacy Practices that Covered Entity produces in accordance with the Privacy Rule, and any changes or limitations to such notice under 45 C.F.R. § 164.520, to the extent that such changes or limitations may affect Business Associate’s use or disclosure of PHI.
Notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to comply with under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI under this BAA.
Notify Business Associate of any changes in or revocation of permission by an individual to use or disclose PHI, if such change or revocation may affect Business Associate’s permitted or required uses and disclosures of PHI under this BAA.

A.4.2 Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy and Security Rule if done by Covered Entity, except as provided under Section 3 of this BAA.

A.5. COMPLIANCE WITH SECURITY RULE.

A.5.1 Business Associate shall comply with the HIPAA Security Rule, which shall mean the Standards for Security of Electronic Protected Health Information at 45 C.F.R. Part 160 and Subparts A and C of Part 164, as amended by ARRA and the HITECH Act. The term “Electronic Health Record” or “EHR” as used in this BAA shall mean an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff.

A.5.2 In accordance with the Security Rule, Business Associate agrees to:

Implement the administrative safeguards set forth at 45 C.F.R. § 164.308, the physical safeguards set forth at 45 C.F.R. § 164.310, the technical safeguards set forth at 45 C.F.R. § 164.312, and the policies and procedures set forth at 45 C.F.R. § 164.316, to reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that it creates, receives, maintains, or transmits on behalf of Covered Entity as required by the Security Rule. Business Associate acknowledges that, effective on the Effective Date of this BAA, (a) the foregoing safeguards, policies, and procedures requirements shall apply to Business Associate in the same manner that such requirements apply to Covered Entity, and (b) Business Associate shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended from time to time, for failure to comply with the safeguards, policies, and procedures requirements and any guidance issued by the Secretary from time to time with respect to such requirements;
Require that any agent, including a Subcontractor, to whom it provides such PHI agrees to implement reasonable and appropriate safeguards to protect the PHI; and
Report to the Covered Entity any Security Incident of which it becomes aware.

A.6. INDEMNIFICATION.

The parties agree and acknowledge that except as set forth herein, the indemnification obligations contained under the Underlying Agreement shall govern each party’s performance under this BAA.

A.7. TERM AND TERMINATION.

A.7.1. This BAA shall be in effect as of the Effective Date, as defined in the Underlying Agreement, and shall terminate on the earlier of the date that: (a) Either party terminates for cause as authorized under Section 7.2.

All of the PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity. If it is not feasible to return or destroy PHI, protections are extended in accordance with Section 7.3.

A.7.2. Upon either party’s knowledge of material breach by the other party, the non-breaching party shall provide an opportunity for the breaching party to cure the breach or end the violation; or terminate the BAA. If the breaching party does not cure the breach or end the violation within a reasonable timeframe not to exceed 90 days from the notification of the breach, or if a material term of the BAA has been breached and a cure is not possible, the non-breaching party may terminate this BAA and the Underlying Agreement upon written notice to the other party.

A.7.3. Upon termination of this BAA for any reason, the parties agree that: Upon termination of this BAA for any reason, Business Associate, with respect to PHI received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:

Retain only that PHI that is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities.
Return to Covered Entity the remaining PHI that the Business Associate still maintains in any form.
Continue to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI to prevent use or disclosure of the PHI, other than as provided for in this Section 7, for as long as Business Associate retains the PHI.
Not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set out at paragraphs (2) and (3) above [under “Specific Other Uses and Disclosures”] which applied prior to termination.
Return to Covered Entity the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.

A.7.4. The obligations of Business Associate under this Section 7 shall survive the termination of this BAA.

A.8. MISCELLANEOUS.

A.8.1. The parties agree to take such action as is necessary to amend this BAA to comply with the requirements of the Privacy Rule, the Security Rule, HIPAA, ARRA, the HITECH Act, the Consolidated Appropriations Act, 2021 (CAA-21), the HIPAA Rules, and any other applicable law.

A.8.2. The respective rights and obligations of Business Associate under Section 6 and Section 7 of this BAA shall survive the termination of this BAA.

A.8.3. This BAA shall be interpreted in the following manner:

Any ambiguity shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.
Any inconsistency between the BAA’s provisions and the HIPAA Rules, including all amendments, as interpreted by the HHS, a court, or another regulatory agency with authority over the Parties, shall be interpreted according to the interpretation of the HHS, the court, or the regulatory agency.
Any provision of this BAA that differs from those required by the HIPAA Rules, but is nonetheless permitted by the HIPAA Rules, shall be adhered to as stated in this BAA.

A.8.4. This BAA constitutes the entire agreement between the parties related to the subject matter of this BAA, except to the extent that the Underlying Agreement imposes more stringent requirements related to the use and protection of PHI upon Business Associate. This BAA supersedes all prior negotiations, discussions, representations, or proposals, whether oral or written. This BAA may not be modified unless done so in writing and signed by a duly authorized representative of both parties. If any provision of this BAA, or part thereof, is found to be invalid, the remaining provisions shall remain in effect.

A.8.5. This BAA will be binding on the successors and assigns of the Covered Entity and the Business Associate. However, this BAA may not be assigned, in whole or in part, without the written consent of the other party. Any attempted assignment in violation of this provision shall be null and void.

A.8.6. This BAA may be executed in two or more counterparts, each of which shall be deemed an original.

A.8.7. Except to the extent preempted by federal law, this BAA shall be governed by and construed in accordance with the same internal laws as that of the Underlying Agreement.

Attachment B1: RESONANCE PATIENT CENTER Specific Terms of Service

B1.1. Compliance with Law and Good Clinical Practices. Customer agrees to use Patient Center and its content in strict compliance with all applicable laws, rulings and regulations and in a fashion that does not, in the sole judgment of Resonance, negatively reflect on the goodwill or reputation of Resonance. Customer further agrees not to transmit any material that encourages conduct that could constitute a criminal offense, give rise to civil liability or otherwise violate any applicable local, state, national, or international law or regulation. While Resonance has designed its software and services to adhere to International Conference on Harmonization (ICH) Good Clinical Practices (GCP) and similar international regulations and guidelines (such as those issued by EMA and FDA) applicable to electronic clinical research data, each Customer and their Authorized Users are responsible for ensuring that their use of the Software and Services complies with all such regulations and practices.

B1.2. Study Data and Clinical Trials. Customer may, at its sole discretion, use Patient Center to collect data for specific clinical trials or other research studies or projects (“Regulated Purposes”). Resonance may or may not serve as a contract research organization, sponsor, study coordinator, or perform another role in related to Regulated Purposes (including that of Processor) provided Resonance’s role in the Regulated Purposes shall not go beyond activities governed by this Agreement unless Resonance is party to an additional agreement related to such additional role. Any use or additional Processing of Customer Data for Regulated Purposes shall be governed by a clinical trials agreement, data sharing agreement, study agreement, or similar agreement or contract between Customer and any entity which may be permissioned by Customer to gain access to Customer Data. In the case of any conflict or ambiguity with this Agreement, the terms and conditions of such subsequent agreement between the parties, the subsequent agreement’s terms and conditions will supersede the provisions of this Agreement, except to the extent that any provisions of this Agreement requires Resonance or Customer to comply with HIPAA Rules, GDPR, or any other relevant laws and regulations. Any such subsequent agreement will not nullify Resonance’s commitment and obligation to protect Customer Data according to all applicable laws and regulations. Customer agrees that if it chooses to use Patient Center or other Resonance Software for Regulated Purposes, Customer shall ensure that all necessary legal agreements are in place to govern such activities.

B1.3. Electronic Medical Record. Customer may, at its sole discretion, use the Software to store, manage, and retrieve Protected Health Information for any medical purpose, if Customer exercises the highest level of professional care and judgment in handling such data. Customer agrees to access Protected Health Information only for the purpose of providing healthcare or for providing healthcare services or for authorized and legal non-treatment purposes or research. Users will access the minimum amount of information needed as authorized by any relevant regulation and agreements. Customer agrees to not use or disclose Protected Health Information other than as permitted or as required by law. Customer agrees that if documents or reports are printed or downloaded for patient care, they should be kept secure while in use and shredded or deleted when no longer needed.

B1.4. Personal Data Processed on Behalf of Customer.

Subject matter of Processing: as described in the Agreement, including Attachment C: the GDPR Processor Addendum and as determined by Customer’s use of the Software and Resonance Materials;
Duration of the Processing: as described in the Agreement, including Attachment C: the GDPR Processor Addendum.
Nature of the Processing: Personal Data hosting.
Purpose of the Processing: the exercise of the parties’ rights and obligations under the Agreement, including Attachment C: the GDPR Processor Addendum.

Personal Data Categories:
1. Email (Required to sign up)
2. Name (Required to sign up)
3. Date of Birth
4. Gender
5. Phone Number
6. Professional role (Required to sign up)
7. Address
8. Image
9. Medical data
10. Special category data/“sensitive” data

Data Subject Types:
1. Employees
2. Patients
3. Clinical Trial Participants
4. Health Care Providers
5. Users
6. Participants

Attachment B2: RESONANCE NETWORKS Specific Terms of Service

By clicking “Accepted and Agreed to” Customer further accepts, where applicable, these additional terms and conditions (“Additional Terms”) and where appropriate Attachment C: the GDPR Processor Addendum, which govern its and any of its Users’ participation in the Resonance Networks platform (“Resonance Networks”), which contains numerous individual groups (“Networks”). We offer Resonance Networks as a platform for collaboration and sharing scientific, medical, educational, research and other types of non-personal information. Networks may contain message boards, profiles, forums, bulletin boards, collections of documents, video and audio recordings, and other interactive features (collectively, “Interactive Services”). Networks may also host, record and store, using Vimeo as a third-party service provider, videoconferencing sessions (“Networks Meetings”). As part of the Interactive Services or Networks Meetings, Users may post, submit, publish, display, or transmit to other users or other persons (hereinafter, “Post” or “Posts”) content or materials (collectively, “User Contributions”) on or through Resonance Networks.

B2.1. Public and Private Networks Membership. A User may join zero or many Private or Public Networks. Some Public Networks are moderated and some are not. Moderated Networks can only be joined by submitting a request that is approved by the moderator of the Network. Non-Moderated Public Networks can be joined by any registered User. A Private Network can be joined by invitation only. If you join and participate in a Private Network or Moderated Network, your name, job title, workplace, credentials, User Contributions, and other professional information may be available to other Users or Participants (as defined in the privacy policy) in that Network. No Network content, public, private, moderated or otherwise, can be viewed by a User who is not registered and logged into the Resonance Networks platform. Messages may be distributed to members of any Network by other members of that Network, but such distribution is made possible by a feature of the platform which does not require the sender of the communication to know the contact information of any individual in the Network. The communications are distributed by the Network itself securely using the information in the User’s Resonance profile.

B2.2. Messaging. Resonance Networks contains a direct messaging service through which Resonance Networks Users can message each other one-on-one. These messages are private to the Users and not visible to any other Network Participants.

B2.3. User Contributions. By providing any User Contributions to a Network, you grant Resonance and our affiliates, and each of their and our respective licensees, successors, and assigns the right to use, reproduce, modify, perform, display, distribute, and otherwise disclose to third parties any such material for any lawful purpose. You acknowledge that any User Contributions Posted in a Private or Moderated Network may result in Your receiving communications from others inside that Network through the Resonance Networks platform.

B2.4. Interactive Services and Networks Meetings. You agree to comply with all applicable Interactive Services or Networks Meetings rules, as described here or as expressed in a live or recorded instance of a Network Meeting. You are responsible for safeguarding the privacy of Your and Your patients’ personal information (including Protected Health Information and Personal Data) when You participate in Interactive Services or Networks Meetings. You agree not to disclose individually Protected Health Information and/or Personal Data through such Interactive Services or Networks Meetings. All Participants Taking Part in a Networks Meeting or using Interactive Services acknowledge and accept that: (i) the content they Post (or otherwise make available); (ii) the other communications/messages they Post; and (iii) their conduct on the Resonance Networks platform may create liability for themselves as individuals and/or their employer. Irrespective of whether a Participant is Posting on their own account (as an individual Customer), on their employer’s behalf, or in a private capacity, Participants hereby warrant and undertake to abide by the following standards (“Content Standards”):

B2.4.1. Speak knowledgeably. Participants shall ensure that their Posts reflect their level of expertise, and that they limit their comments to their area of knowledge. Before Posting, Participants should take the time to review the context and what other Participants have said, to be sure they are contributing in an appropriate way. Consider linking to other Participants’ Posts to build on and maximize the usefulness and relevance of the Interactive Services and Networks Meeting topics.

B2.4.2. Be engaging and interactive. Participants should usually write in the first person and, to the extent they feel comfortable in doing so, share information about themselves and their experience that other Participants would find interesting and helpful. If Participants are Posting on behalf of an employer, they should identify their connection with their employer and their role. Participants should try to stimulate interest in the work that they are doing or the ideas they have and invite a dialogue with other Participants so that everyone can learn from others doing similar or related things.

B2.4.3. Respond to your mistakes quickly. If Participants Post something in error, they should act quickly to correct it. A Participant’s credibility is judged by their accuracy and their willingness to recognize and fix mistakes. If Participants modify an earlier Post, they should be upfront about doing so.

B2.4.4. Don’t be argumentative. Engaging in arguments and inflammatory debates can tarnish a Participant’s (and where relevant their employer’s) credibility and reputation. If Participants choose to disagree with others in the Interactive Services or in a Networks Meeting, do so respectfully and objectively. If Participants speak negatively about a competitor’s business in any way, do not disparage the competitor beyond stating the facts to make your point. Participants must be respectful to all others in the Interactive Services or the Networks Meeting.

B2.4.5. Be respectful. Participants must never post anything that might be offensive to others, such as sexual comments or racial slurs.

B2.4.6. Comply with applicable policies. If a Participant is Posting on behalf of their employer and the Post would contravene any of their employer’s policies, it also contravenes these Additional Terms. Participants must not disclose confidential or proprietary information, harass or discriminate against fellow employees, other Participants or others, defame or disparage fellow employees, other Participants or others. Participants must not use the Interactive Services in a false or misleading way, for example, by claiming to be someone other than themselves or by creating an artificial “buzz” around their (or Resonance’s) business, products or equities. All Posts must comply with applicable confidentiality, data protection and privacy laws (including, without limitation, the GDPR). Participants understand and acknowledge that all Posts may be disseminated to and available in and from all countries in the world from where the Interactive Services or Networks Meeting may be accessed.

B2.4.7. Protect customers, suppliers, business associates and investors. Participants must not cite or refer to their or Resonance’s customers, vendors, business associates or investors, identify them by name or reveal any confidential information related to them. Further, Resonance Networks and Interactive Services must not be used to discuss or conduct business with a customer, supplier, business associate or investor.

B2.4.8. Do not comment on your business performance or plans. Participants must not disclose or comment on their, their employer’s or Resonance’s confidential business information, whether in relation to sales, customer lists, financials, business or marketing plans, performance, or prospects.

B2.5. Use of Voice Image and Likeness. If provided as part of any User Contributions, You give Resonance permission to use any and all of your voice, image and likeness, with or without using Your name, in connection with the products and/or services of Resonance, for the purposes of advertising and promoting Resonance Networks or Resonance services, except to the extent expressly prohibited by law, including the GDPR.

B2.6. Personal Data Processed on Behalf of Customer.

Subject matter of Processing: as described in the Agreement, including Attachment C: the GDPR Processor Addendum and as determined by Customer’s use of the Software and Resonance Materials;
Duration of the Processing: as described in the Agreement, including Attachment C: the GDPR Processor Addendum
Nature of the Processing: Personal Data hosting
Purpose of the Processing: the exercise of the parties’ rights and obligations under the Agreement, including Attachment C: the GDPR Processor Addendum

Personal Data Categories:
1. Email (Required to sign up)
2. Name (Required to sign up)
3. Date of Birth
4. Gender
5. Phone Number
6. Professional role (Required to sign up)
7. Address
8. Image

Data Subject Types:
1. Employees
2. Patients
3. Clinical Trial Participants
4. Health Care Providers
5. Users

B2.7 Consequences of failure to observe these Additional Terms. Failure to follow these Additional Terms, particularly in a way that could expose your employer or Resonance to liability or adverse publicity, may be subject to appropriate disciplinary procedures, recourse to law and may result in termination of your employment. If Participants are unsure whether their planned Posts might breach these Additional Terms they should consult with an expert before Posting.