Terms of Use

THIS AGREEMENT, effective as of the date of your acceptance of this Agreement by and between Verilogue, a division of Publicis Health, with an address at 111 South Independence Mall East, 5th Floor, Philadelphia, PA 19106, USA ("Agency") and the "Company" referring to you, the person accessing this website and accepting the terms herein.

WITNESSETH

WHEREAS, the Company is engaged in the business, among other things, of providing Redaction, Transcription, Translation, Quality Control and other services to its clients; and

WHEREAS, Agency desires to have the Company provide such services in connection with Agency's business and, if applicable, on behalf of its client(s) (the "Client");

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, it is hereby mutually agreed as follows:

Duties of the Company

The Company hereby agrees to provide applicable Agency's requirements for de-identification, transcription, translation, and quality control checks, including Work Product as defined below, (hereinafter collectively referred to as the "Services"), and perform same to Agency's satisfaction, as determined by Agency in it sole discretion. The Company shall furnish all materials, equipment, personnel and ancillary services, and shall also (except as otherwise directed by Agency) furnish and manage any inventory of supplies necessary to furnish the Services. The Company acknowledges and agrees that time is of the essence.

If at any time during the term of this Agreement, the Company becomes aware of possible problems that could result in a delay in the implementation or delivery of the Services on schedule, the Company shall immediately notify the designated representative of Agency by telephone, with confirmation in writing, giving the cause and probable effect, with recommendations for alternative action. Nothing in this paragraph will be interpreted as relieving the Company of contractual responsibilities; however, failure to notify promptly will be a basis for determining the Company negligent in an otherwise excusable delay.

The Company acknowledges that the period of performance of the Services under this Agreement, may, in part, be determined by the ability to obtain necessary information from Client, if applicable, and neither the Company nor Agency shall be responsible for delays caused by inability to obtain information from Client.

Agency may, from time to time, desire to expand the scope of Services in terms of quantity and/or type of Services under this Agreement. At such time as Agency and the Company agree on the duties of the Company and the price therefore in connection with such expanded Services, such duties and such prices shall be stated in writing on successive Scopes of Work which, when signed by a duly authorized representative of Agency and of the Company, shall be attached to this Agreement, and shall become a part hereof.

Company shall not subcontract any of its obligations hereunder without the prior written approval of Agency.

Acceptance and Delivery

Subject to the following, final delivery and acceptance of Services as identified on the applicable Scope of Work shall not be deemed to have taken place until: (i) the Services have been performed and delivered to Agency's satisfaction, as determined by Agency in its sole discretion, and to the specifications set forth in this Agreement or the applicable Scope of Work or as otherwise communicated to Company by Agency; (ii) Company has corrected any and all defects and/or errors in the Services of which Company has previously been informed; and (iii) Agency has reviewed any resubmitted Work Product and indicated its acceptance or rejection of same. If resubmitted Work Product is not accepted by Agency, Agency may terminate this Agreement or the specific Scope of Work or may specify an additional period for cure by the Company.

Company shall not submit Services as final until it has fully evaluated and corrected all errors and defects that were present in the preliminary version of Work Product, as defined below in "Title to Material".

Within thirty (30) days of the delivery of Services by the Company to Agency, Agency will indicate its acceptance or rejection of such Services. Agency's acceptance shall not alleviate Company of responsibility for errors or defects not discernable by Agency at the time of acceptance.

Failure of the Company to deliver to Agency a deliverable on the date specified in the applicable Scope of Work or otherwise agreed to in writing shall constitute a material breach of this Agreement and shall entitle Agency, in its sole discretion, to either extend the Delivery Date, cancel the work or terminate this Agreement and receive from the Company an immediate refund of all monies paid with respect to the applicable work and all monies expended by Agency and, if applicable, its client(s) to enforce this Agreement, including but not limited to the collection of such monies.

Term and Termination of Agreement

This Agreement shall be effective as of the date set forth above, and shall continue until terminated as hereinafter provided.

Any term specified in a Scope of Work is the term for that Scope of Work only.

Agency may terminate this Agreement and/or any Scope(s) of Work without cause upon thirty (30) days' prior written notice to the Company, in which case Agency agrees to pay the Company for actual Services satisfactorily rendered and any expenses incurred that were authorized in advance, in writing by Agency, through the date of termination.

Agency may terminate this Agreement and/or any Scope(s) of Work immediately upon notice thereof: (1) due to non-performance of the Services or rejection of Services or any other material breach of this Agreement by Company, (2) if so directed by the Client, or if the agreement between the Agency and its Client terminates or expires; (3) in the event that the Client files a petition in bankruptcy or proceedings in bankruptcy are instituted against it, or any court assumes jurisdiction of such party and its assets pursuant to proceedings under any bankruptcy or reorganization act, or a receiver is appointed for the assets of the Client, or if the Client makes an assignment for the benefit of creditors; or (4) if the Agency has a reasonable belief that the Company is insolvent or otherwise financially unstable.

Independent Contractor's Status and Authority

The Company agrees and represents that it is an independent contractor and its personnel or agents are not Agency's agents or employees for Federal and State tax purposes or any other purposes whatsoever, and are not entitled to any Agency employee benefits. The Company assumes sole and full responsibility for its acts and agrees that the Company and its personnel or agents have no authority to make commitments or enter into contracts on behalf of, bind or otherwise obligate Agency in any manner whatsoever. The Company, and not Agency, is solely responsible for the compensation of personnel or agents assigned to perform Services hereunder and payment of worker's compensation, disability or other similar benefits, unemployment and other similar insurance and for withholding income and other taxes and social security. Company shall indemnify Agency for any claims made by third parties related to this Section.

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

Safeguarding Personal Information

In the event the Services to be performed hereunder may involve owning, licensing, storing, accessing or maintaining Personally Identifiable Information of an individual, Company hereby agrees to the Privacy Data and Security terms and conditions set forth in the "PRIVACY AND DATA SECURITY TERMS AND CONDITIONS" section which shall be a part of this Agreement. Personally Identifiable Information means an individual's first name and last name, or first initial and last name, in combination with any one or more of the following data that relate to such individual: (1) Social Security number, (2) Driver's license number or state-issued identification card number; or(3) Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to an individual's financial account. Personal Information shall not include information lawfully obtained from publicly available information.

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

Warranty, Indemnification and Limitation of Liability

Company warrants that it has the right to enter into and perform its obligations under this Agreement. The Company shall at all times conduct itself in a competent and professional manner in accordance with best industry practice. The Company's performance shall conform to the standards, criteria, specifications and procedures described in the applicable Scope of Work, or as otherwise communicated to Company, as determined by Agency in its sole discretion. Company further warrants that Services will meet the specifications in all material respects and will not violate the proprietary rights of any third party, or otherwise violate any other laws, rules or regulations of the United States.

AGENCY PROVIDES ANY AND ALL DATA AND MATERIALS "AS IS" AND DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Company shall secure and maintain in full force and effect through the performance of the Service Agreement (and following termination of the Service agreement to cover any claims arising from the Services) a policy or policies of comprehensive general liability insurance in commercially reasonable amounts customary to the industry.

Company agrees to indemnify, defend and hold harmless Agency, its affiliates, subsidiaries, officers and employees, as well as any Agency Client, Client's affiliates, subsidiaries, officers and employees, from and against any and all claims, damages, liabilities, losses and/or expenses, including reasonable attorney fees, (collectively "Losses") incurred by Agency and/or its Client and arising from a breach of the foregoing warranties, breach of the Privacy and Data Security Terms (if applicable), any other material breach of this Agreement and its negligent acts or omissions.

Agency shall promptly provide Company with proper notice of any claims requiring indemnification under this Section.

EXCEPT FOR DAMAGES WHICH ARISE FROM PERSONAL INJURY, INTELLECTUAL PROPERTY INFRINGEMENT, MATERIAL BREACH, PRIVACY OR DATA SECURITY VIOLATIONS, PROPERTY DAMAGE, COMPANY'S WILLFUL MISCONDUCT OR GROSS NEGLIGENCE, COMPANY SHALL NOT BE LIABLE FOR DAMAGES WHICH EXCEED THE INSURANCE AMOUNTS REQUIRED UNDER THE "CONFIDENTIAL INFORMATION" SECTION OF THIS AGREEMENT. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES.

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

Confidential Information

The Company agrees to regard and preserve as confidential any and all information, material, trade secrets, know-how and technical data, including, but not limited to, products, data, compilations, algorithms, code, software, processes, systems, technology, databases, documents and data related to the business activities of Agency and the respective Client and their respective customers, including but not limited to, customer lists of the Agency and/or Client, that may be received by the Company from Agency or the Client as a result of this Agreement ("Confidential Information"), whether provided orally, on paper, computer discs, tapes, CD, DVD or other media for sorting, storing or displaying information. Such "Confidential Information" shall not include any information which is or becomes known through no fault of the Company part of the public domain; which Company can show was known to the Company prior to disclosure as a result of this Agreement and is not subject to another confidentiality agreement; which is lawfully obtained by the Company from a third party outside of this Agreement; or is required to be disclosed pursuant to law or other legal authority provided that the receiving party gives the disclosing party prior notice of the required disclosure so that the latter has an opportunity to obtain appropriate protective orders. In such an instance, the party compelled to disclose such information must disclose only that portion and kind of the Confidential Information necessary for compliance and use such information only for that purpose. The Company agrees to hold such Confidential Information in trust and confidence for Agency and the Client and not to disclose such Confidential Information to any person, firm or enterprise, or use any such Confidential Information for its own benefit unless previously authorized by Agency in writing, but shall use such Confidential Information solely in performance of its Services under this Agreement, and in such performance, shall limit access to and disclosure of such Confidential Information to the Company's employees or agents on a "need to know" basis only.

The Company shall take all reasonable lawful measures available, including litigation, if necessary, to prevent any employees or agent of the Company, or any other person within the Company's control, from disclosing, furnishing or using any and all such Confidential Information, and shall give Agency or Client such assistance as may be reasonably requested.

If there is any disclosure, furnishing or use of such Confidential Information by any of the Company's employees, agents or persons within its control, the Company will use reasonable efforts to enforce for the benefit of Agency and/or Client, through litigation, if necessary, all rights provided by law and equity to seek damages and protection from additional disclosure.

The Company shall protect and preserve any and all Agency's proprietary information and the Client's proprietary information, including Confidential Information, supplied to it and shall return all such property and information, including all copies thereof, if any, to Agency, upon termination of this Agreement, or sooner at Agency's request.

Adequate security precautions will be taken by the Company at its facilities at which Agency's or the Client's property or information are stored and in connection with the transportation of such property or information to ensure the integrity of any program and the security of the Confidential Information and other property. With prior notice, Agency shall have the right to inspect the Company's facilities and its locations to ensure that security precautions are adequate.

The Company shall obligate each of its employees, agents and subcontractors to whom disclosure of Confidential Information is made to keep such Confidential Information confidential in accordance with foregoing requirements. Such obligations shall be in writing and shall be signed by each of the Company's employees, agents and subcontractors having access to such Confidential Information. The originals of such written agreements as required by the preceding sentence shall be retained by the Company for a period of five (5) years after and termination of this Agreement, or in the alternative, shall be delivered to Agency or the Client at the written request by Agency or the Client.

Upon termination of this Agreement for any reason in accordance with this Agreement, or at the specific written request of either party, each party so requested shall return any Confidential Information of the other party which such party may have in its possession within ten (10) days.

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

Title to Material

All right, title and interest in and to all deliverables, reproductions, derivatives or any elements thereof developed or produced for Agency or, if applicable, on the account of the Client regardless of the form ("Work Product"), including all right, title and interest to the intellectual property in such Work Product is the exclusive property of Agency. Company hereby assigns the foregoing to Agency. All Work Product shall be delivered to Agency as required in the applicable Scope of Work. All such Work Product shall be considered "work made for hire" pursuant to the Copyright Act.

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

Publicity, Advertising

The Company agrees not to advertise, promote or publicize matters relating to the Services performed under this Agreement or to mention or imply any relationship or connection with the Client or Agency in such advertising, promotion or publicity without the prior written consent of the Client and Agency.

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

Force Majeure

If either party is prevented from performing any portion of this Agreement by causes beyond its control, including, but not limited to, labor disputes, civil commotion, war, acts of terrorism, governmental regulations or controls, casualty, inability to obtain materials or services, black-outs, power failures, system failures, or acts of God, such defaulting party will be excused from performance for the period of the delay and for a reasonable time thereafter.

Notice

Any notice given by either Party hereunder will be deemed served, if delivered in person, upon delivery to the office of the representative authorized and designated in writing to act for the respective Party, or if deposited in the mail, properly stamped with the required postage and addressed to the office of such representative at the following address, upon receipt:

Verilogue
Attn: Legal/Finance
111 South Independence Mall East, 5th Floor
Philadelphia, PA 19106 USA

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

No Waiver

A party's failure at any time to enforce any of the provisions of this Agreement, or any right with respect thereto, will not be construed to be a waiver of such provision or rights, nor to affect the validity of this Agreement. The failure by a party to exercise any right under the terms or covenants herein shall not preclude or prejudice the exercising thereafter of the same or other rights under this Agreement.

Right to Audit

The Company shall keep a separate account of the cost of Services based on its customary accounting procedures. This account shall be subject to audit by Agency and the Client during the Company's normal business hours and upon advance notice to the Company, at any time during the progress of and after the completion of all Services. The Company shall keep said account and maintain its records in a manner to facilitate such audit and agrees that such audit may be used as a basis for settlement of disputes which might arise regarding the propriety of charges, if any. For this purpose, the Company agrees to preserve all pertinent ledgers, payroll data (confined to time keeping records for projects billed on an hourly basis), books, vouchers, audit reports and all other relevant documents for the purpose of auditing charges and/or all allocations related to this Agreement for a period of two years from the final payment of invoice.

The provisions of this Section shall survive the completion of the Company's services and the termination of this Agreement.

Affiliate

Any Affiliate of the Agency may avail itself of this Agreement whether or not specifically agreed to in writing or in any Scope of Work. For the purposes of this Agreement, "Affiliate" means any entity, directly or indirectly, Controlling, Controlled by or under common Control with the Agency. "Control" means the power to vote 51% or more of the voting interests of an entity or ownership of 51% or more of the beneficial interests in income or capital of an entity.

Miscellaneous

This Agreement will be governed under New York law without regard to conflict of law principles and is binding upon the Parties, their subsidiaries and any affiliates, whether current or future. The Parties to this Agreement further consent to the jurisdiction of the courts, whether state or federal, located in New York County, New York. The Company shall comply with all applicable federal, state, county and local laws, ordinances, regulations and codes in the performance of this Agreement. This Agreement cannot be assigned by either Party, in whole or in part, including any intellectual property licenses, without the prior written consent of the other Party and any such assignments are void, provided that Agency may assign this Agreement to its affiliates, parent or subsidiaries. Company acknowledges and agrees that the Client is a third party beneficiary of this Agreement and Agency will not have any obligation to make payments in excess of what Client would otherwise be obligated to make if Client were a party to this Agreement. This Agreement constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous negotiations, proposals, understandings, agreements and other communications, whether oral or written, and any terms and conditions provided in any subsequent purchase order or invoice relating to the subject matter of this Agreement. Agency has no obligations to Company except those expressly stated herein. It cannot be modified except in a writing signed by both Parties. The provisions of this Agreement will survive its termination or expiration. If any provision of this Agreement is determined by a court or other tribunal of proper jurisdiction to be invalid or in any way unenforceable, such provision and all other provisions shall remain enforceable to the maximum extent permitted and shall be interpreted to achieve the original intent of the parties. In the event an exhibit or other attachment hereto conflicts with the terms or any provision of this Agreement, then the terms of this Agreement shall control. Any terms contained in an invoice or similar instrument prepared by or on behalf of the Company shall not be enforceable against Agency or its Client unless an amendment to this Agreement is executed with specific reference to this Section of this Agreement.

Counterparts; Facsimile Signatures

This Agreement may be executed in counterparts, each of which shall be deemed to be an original but all of which taken together shall be deemed one and the same instrument. In the execution of this Agreement and delivery of signatures, facsimile or digitally scanned signatures will be treated in all respects as having the same effect as original signatures.

PRIVACY AND DATA SECURITY TERMS AND CONDITIONS

Definitions

Agency Personal Information means all Personal Identifiable Information of customers, employees or other persons of Agency or Client.
Massachusetts Regulations means the Massachusetts Data Security Regulations set forth at 201 CMR 17.00.
Personal Identifiable Information means an individual's first name and last name, or first initial and last name, in combination with any one or more of the following data that relate to such individual: (1) Social Security number, (2) Driver's license number or state-issued identification card number; or (3) Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to an individual's financial account. Personal Information shall not include information lawfully obtained from publicly available information.
Security Incident is when Company knows or has reason to know that: (i) Company has experienced an incident resulting in the unauthorized acquisition or unauthorized use of unencrypted Agency Personal Information, or encrypted Agency Personal Information and the confidential process or key that is capable of compromising the security, confidentiality or integrity of Agency Personal Information that creates a substantial risk of identity theft or fraud; or (ii) Agency Personal Information was acquired or used by an unauthorized person or used for an unauthorized purpose.
Use means receipt, storage, maintenance, processing or accessing.

General Requirements

In addition to and not in lieu of the confidentiality obligations set forth in the Agreement, such Section shall apply to Agency Personal Information.

Representation and Warranty of Compliance

Company represents and warrants that in connection with its Use of Agency Personal Information, Company will at all times comply with (i) all applicable laws, rules, and/or regulations applicable to the privacy and security of Agency Personal Information, including the Massachusetts Regulations; and (ii) all Agency or Client policies applicable to the privacy of Agency Personal Information (together, the "Privacy and Data Security Requirements").

Company agrees, without further consideration and at Company's expense, to take such actions necessary to protect Agency Personal Information and to execute and deliver such documents as may be necessary to comply with all Privacy and Data Security Requirements.

Privacy Requirements

Without limiting the generality of the "Representation and Warranty of Compliance" section above, Company agrees that:

it shall not disclose or use any Agency Personal Information except to the extent necessary to carry out its obligations under this Agreement; and
it shall not disclose Agency Personal Information to any third party, including, without limitation, its third party advisors, affiliates, agents, or contractors, without Agency's prior written consent (in each instances) and subject to a written agreement with the third party, consistent with the requirements of this Agreement, to use or disclose Agency Personal Information only to the extent necessary to carry out Company's obligations under this Agreement;

Safeguarding Agency Personal Information

Company represents and warrants that it is capable of complying with the Massachusetts Regulations and agrees that it shall comply with the Massachusetts Regulations throughout the Term, including, by maintaining a comprehensive written information security program and maintaining computer system security requirements sufficient to comply with the Massachusetts Regulations and all other applicable state and federal laws ("Company Security Policies and Procedures"). Company shall review the Company Security Policies and Procedures on a regular basis and update them as necessary to comply with legal and regulatory changes and the risk facing Company and the Agency Personal Information in its possession. Company shall provide Agency with such details and information regarding the Company Security Policies and Procedures, as Agency may reasonably request from time to time.

To the extent that Company's advisors, affiliates, agents or contractors have access to the Agency Personal Information, Company shall maintain written agreements with such entities that are consistent with the requirements of this Agreement and that require such entities to (i) protect the security of the Agency Personal Information in a manner that complies with all applicable law (including, without limitation, the Massachusetts Regulations) and (ii) comply with all terms and conditions of this Agreement related to Agency Personal Information.

Company will ensure that no Agency Personal Information is disclosed to or accessed by any third parties except as expressly permitted by this Agreement or expressly authorized by Agency in writing. Company will not, and will ensure that none of its personnel, affiliates, agents or contractors break, bypass, or circumvent, or attempt to break, bypass or circumvent, any security system of Agency, Agency's affiliates, Client, Client's affiliates and/or service providers, or obtain, or attempt to obtain, access to any Agency Personal Information or Agency Confidential Information, except as expressly authorized by this Agreement.

Computer System Security Requirements. Company shall implement and maintain computer system security requirements that comply with Section 17.04 of the Massachusetts Regulations to protect all Agency Personal Information, provided, however, it is expressly agreed that solely for the purposes of subparts (3) and (5) of such Section 17.04 (concerning encryption requirements) Company's obligations shall extend only to those portions of the Agency Personal Information that constitute Personal Information (as defined in the Massachusetts Regulations).

Security Incident Response

Company will notify Agency immediately via telephone, to be followed-up in writing, of any actual, suspected or threatened Security Incident involving Agency Personal Information. The notification provided to Agency shall include, if known, and to Company's knowledge as of the time of notice: (i) the general circumstances and extent of any unauthorized access to Agency Personal Information or intrusion into the computer systems or facilities on or in which Agency Personal Information is maintained; (ii) which categories of Agency Personal Information where involved; (iii) the identities of all individuals whose Agency Personal Information was affected; and (iv) steps taken to secure the data and preserve information for any necessary investigation. The notification required to be delivered to Agency under this Section shall be delivered promptly and in no event later than twenty-four (24) hours after Company should be aware of or learns of any such actual, suspected or threatened Security Incident. Company shall not delay its notification to Agency for any reason, including, without limitation, investigation purposes. Company shall cooperate fully with Agency in investigating and responding to each successful or attempted security breach including allowing immediate access to Company's facility by Agency or Agency's investigator, to investigate, and obtain copies of data as provided herein.

Control, Return and Destruction of Agency Personal Information

As between Agency and Company, all Agency Personal Information is and shall remain the exclusive property of Agency. Upon Agency's request and at Agency's expense and direction, Company shall promptly, within two (2) calendar days of Agency's request, provide copies of all Agency Personal Information (or such portions as may be specified by Agency), in Company's possession or under its control, in an industry standard format, including logs, where such logs can reasonably be redacted to prevent disclosure of information of other Company customers, or other electronically stored information concerning Agency Personal Information or access thereto, and using such media as Agency may request. At any time during the term of this Agreement, Agency may request, in writing, that Company destroy or erase all copies of the Agency Personal Information in Company's possession or under its control and Company shall comply with all such requests. Under no circumstances shall Company withhold any Agency Personal Information. Notwithstanding any other provision in this Agreement, Company shall not possess or assert any lien against or to Agency Personal Information.

INTERNATIONAL DATA PROCESSING AND PROTECTION APPENDIX

This International Data Processing and Protection Appendix ("Appendix") dated as of May 25, 2018 ("Appendix Effective Date") sets forth certain requirements with respect to Personal Data originating from the European Union ("EU") or any other jurisdiction subject to Applicable Data Protection Law (defined below). Upon execution, this Appendix shall be deemed part of the Agreement. In the event of any conflict between the provisions of this Appendix and the provisions of the Agreement, the provisions of this Appendix will apply. Unless otherwise defined in this Appendix, all capitalized terms used in this Appendix shall have the meanings ascribed to them in the Agreement.

Definitions

For the purposes of this Appendix unless the context requires otherwise, the following terms shall have the meanings ascribed to them below:

Agreement means the agreement to which this Appendix is attached, or any other agreement in effect as of the Appendix Effective Date between Service Provider and Verilogue involving the Processing of Personal Data, including any applicable Orders.
Applicable Data Protection Law means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"), (ii) local Member State data protection law made under or pursuant to the GDPR, and (iii) the UK's Data Protection Act 1998; each as updated, amended or replaced from time to time.
Controller, Processor, Data Subject, Personal Data, Personal Data Breach, Processing (and Process) and Supervisory Authority shall have the meanings given to those terms in Applicable Data Protection Law.
Inquiry means any request, correspondence, inquiry or complaint received from a Data Subject, Supervisory Authority, regulator or other third party in connection with the Processing of Personal Data.
Member State means a Member State of the EU and, for the avoidance of doubt and for the purposes of this Appendix, the United Kingdom ("UK");
Order means any statement of work, insertion order, or any other order or instrument approved or executed by Verilogue in connection with the Agreement.
Service Provider means the the person accessing this website and accepting the terms herein.
Services means the services provided by Service Provider as set forth in the Agreement.
Verilogue means Verilogue, a division of Publicis Health, or any of its affiliates.

Data

Relationship of the Parties; Controller and Processor: Verilogue and Service Provider have entered into an Agreement for the provision of Services by Service Provider, and Verilogue may provide or make available to Service Provider certain Personal Data for Processing and use in connection with such Services (the "Data"). Verilogue is the Controller of the Data, and Verilogue has engaged Service Provider to act as a Processor of the Data in connection with the Services. With respect to the Data and the Processing activities described in this paragraph, the provisions of this Section, as well as the "International Transfers", "Unlawful Processing, Complaints and Personal Data Breaches", "Indemnification", and "Termination and Survival" Sections of this Appendix shall apply, and this Appendix shall constitute a data processing agreement for the purposes of Applicable Data Protection Law. Each party shall be individually and separately responsible for complying with the obligations that apply to it under Applicable Data Protection Law.
Purposes and Bases of Processing
- Permitted Processing: The subject-matter and duration of Processing by Service Provider, the nature and purpose of Processing, and the type of Personal Data and categories of Data Subjects shall be as set forth in the Agreement, including any applicable Orders; provided, however, that solely to the extent any of the foregoing is not fully set forth in the Agreement, the following (to the extent relevant) shall apply: (1) the subject-matter of the Processing shall be, as applicable, the Data; (2) the duration of the Processing shall be the duration of the Agreement, unless otherwise agreed upon in writing; (3) the nature and purpose of the Processing shall be for the provision of the Services and the Permitted Purposes (as defined below); and (4) the categories of Data Subjects shall be customers, prospective customers, and research program participants, and the types of Personal Data shall include health information and demographic information, as further specified in the Agreement or any applicable Order. Service Provider will Process the Data described in or provided to Service Provider under the Agreement, solely as necessary to perform its obligations under the Agreement (or as otherwise agreed in writing by the parties) and strictly in accordance with the documented instructions of Verilogue and Applicable Data Protection Law (the "Permitted Purposes") unless required to do so by EU or Member State law in which case Service Provider shall inform Verilogue before Processing, unless such EU or Member State law prohibits such information on important grounds of public interest.
- Restrictions on Processing: Service Provider shall not: (1) disclose Data to any third party without Verilogue's prior written consent, unless such third party has been specifically identified and approved by Verilogue in an applicable Order to receive or Process Data and the disclosure is necessary to perform the Services; or (2) use Data for its own purposes without Verilogue's prior written consent.
Confidentiality Obligations: Service Provider shall ensure that any person that it authorizes to Process the Data (including but not limited to Service Provider's employees, contractors and other individuals engaged to provide the Services) ("Authorized Personnel") shall be subject to a strict duty of confidentiality, including without limitation any obligations of confidentiality that are set forth in the Agreement, and shall not permit any person to Process the Data who is not under such a duty of confidentiality. Service Provider shall ensure that all Authorized Personnel use the Data solely to the extent necessary for the Permitted Purposes.
Record Keeping Obligations: Service Provider shall maintain written records of all categories of Processing activities carried out in connection with the Services containing the information prescribed by Applicable Data Protection Law, and shall make such records available to Verilogue or its designee on request.
Cooperation
- Inquiries/Requests: Service Provider shall, at its sole expense, provide all reasonable and timely assistance to Verilogue to enable Verilogue to respond to: (1) any request from a Data Subject to exercise any of his/her rights under Applicable Data Protection Law (including without limitation rights of access, correction, objection, erasure and data portability, as applicable); and (2) any other Inquiry. In the event that any Inquiry is made directly to Service Provider, Service Provider shall promptly inform Verilogue, providing full details of the Inquiry, and Service Provider shall refrain from responding to such Inquiry unless required by law or authorized by Verilogue.
- Data Protection Impact Assessment: If Service Provider believes or becomes aware that its Processing of the Data is likely to result in a high risk to the data protection rights and freedoms of Data Subjects, it shall promptly inform Verilogue. In such circumstances or if requested by Verilogue, Service Provider shall provide Verilogue with all such reasonable and timely assistance as Verilogue may require in order to conduct a data protection impact assessment and, if necessary, shall provide all reasonable assistance in consultations with the relevant data protection authority.
- Information Requirement: Service Provider shall immediately inform Verilogue if Service Provider believes that any instruction it has received violates Applicable Data Protection Law or any other applicable data protection law.
Security
- Security Measures: Service Provider shall implement and maintain technical and organizational security measures appropriate under Applicable Data Protection Law to protect the Data from: (1) accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access; and (2) unauthorized or unlawful Processing (each, a "Security Incident"). The technical and organizational measures implemented by Service Provider must ensure a level of security commensurate with the risks presented by the collection, Processing and nature of such Data. Such measures should also meet the requirements set forth in the Agreement and meet or exceed industry standards. Service Provider shall also ensure that all Authorized Personnel receive appropriate training on Applicable Data Protection Law, information security and Data protection, and if requested by Verilogue shall promptly confirm in writing that such training has taken place.
- Security Incidents: In addition to any obligations set forth in the Agreement, upon becoming aware of a Security Incident, Service Provider shall inform Verilogue without undue delay, and in any event within twenty-four hours, of any actual or reasonably suspected Security Incident. Service Provider shall provide all such timely information and cooperation as Verilogue may require in order for Verilogue or its designee to investigate such Security Incident and fulfill applicable data breach reporting obligations under (and in accordance with the timelines required by) Applicable Data Protection Law, including but not limited to the obligations under any Member State law and Article 33 of the GDPR. Service Provider shall, at its sole expense, take all measures and actions necessary to remedy or mitigate the effects of the Security Incident and shall keep Verilogue informed of all developments in connection with the Security Incident. Notwithstanding the foregoing, Service Provider shall not issue any notification or other communications to the Data Subjects or applicable regulatory bodies without Verilogue's prior written consent.
Deletion or Return of Data: Upon termination or expiration of the Agreement and/or an applicable Order, Service Provider shall, at Verilogue's election, destroy or return to the party designated by Verilogue all Data (including all copies and backups of the Data, whether in written, electronic or other form or media) in its possession or control (including any Data provided to a third party for Processing). This requirement shall not apply to the extent that any mandatory EU (or any EU Member State) law requires Service Provider to retain some or all of the Data, in which event Service Provider shall isolate and protect such Data from any further Processing except to the extent required by such law and shall destroy or return the Data in accordance with this provision as soon as retention of the Data is no longer required by law.
Audit: Service Provider shall permit Verilogue (or its appointed third party auditors, each an "Auditor") to audit Service Provider's compliance with this Appendix, and shall make available to Verilogue and its Auditors all information, systems and staff necessary to conduct such audit and to demonstrate compliance with Applicable Data Protection Law and this Appendix. Service Provider agrees that Verilogue (or its Auditors) may enter Service Provider's premises for the purpose of conducting this audit, provided that Verilogue (or Auditor) gives reasonable prior notice, conducts the audit during normal business hours, and takes all reasonable measures to prevent unnecessary disruption to Service Provider's operations. Verilogue will not exercise its audit rights more than once in any twelve (12) calendar month period, except (i) if and when required by a competent data protection authority; or (ii) if Verilogue believes a further audit is necessary due to a Security Incident.
Sub-Processors and Authorized Personnel: Service Provider may, subject to Verilogue's prior written approval, appoint a third party processor to Process Data for the Permitted Purposes ("Sub-Processor"), provided that Service Provider contractually imposes on the Sub-Processor data protection obligations that protect the Data to the same standard provided for by this Appendix. Service Provider remains fully liable for any breach of this Appendix that is caused by an act, error or omission of a Sub-Processor or other Authorized Personnel. If Verilogue refuses to consent to Service Provider's appointment of a Sub-Processor on grounds relating to the protection of the Data, then the parties will seek to agree to an alternative arrangement that may allow Service Provider to continue to provide the relevant Services to Verilogue. If the parties are unable to reach agreement on an alternative arrangement within thirty (30) days, Verilogue may terminate the relevant Services (or the Agreement or an Order, as applicable) on no less than thirty (30) days' notice.

International Transfers

Compliance with Applicable Data Protection Law: Service Provider shall, and shall ensure that its Sub-Processors and other Authorized Personnel involved in the provision of the Services shall, comply with (and cooperate with Verilogue to facilitate compliance with) the requirements of Applicable Data Protection Law in relation to cross-border data transfer and/or data localization. Without limiting the foregoing, Service Provider shall not transfer the Data (nor permit the Data to be transferred) outside of the UK, the European Economic Area ("EEA") or Switzerland unless Service Provider (i) has first obtained Verilogue's prior written consent; and (ii) takes all measures necessary to ensure the transfer complies with Applicable Data Protection Law.
Permitted Transfer Mechanisms: To the extent Service Provider is established in or hosts, Processes, or can remotely access ("Transfer") EU Personal Data in a country outside the EEA, or in a jurisdiction not deemed adequate for data protection purposes by way of European Commission Decision (a "third country" - see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu), Service Provider agrees to use one of the following transfer mechanisms:
- EU-U.S. Privacy Shield Framework self-certification; or
- The unchanged European Commission-approved version of the Standard Contractual Clauses (without optional clauses) (as set out at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en) ("SCCs"), which shall be deemed to be incorporated by reference into this Appendix and to apply for the benefit of Verilogue, in accordance with the "Standard Contractual Clauses" Section below.
Standard Contractual Clauses: With respect to Transfers of Data pursuant to "Permitted Transfer Mechanisms" Section above, the unchanged European Commission-approved version of the controller-to-processor form of SCCs shall apply, and unless otherwise agreed by the parties, Schedules 1 and 2 of this Appendix shall apply and be deemed to be Appendices 1 and 2 of the controller-to-processor form of SCCs. Nothing in this Appendix shall be construed to prevail over any conflicting clause of the SCCs. Each party acknowledges that it has had the opportunity to review the SCCs.
Sub-Processor Transfers: To the extent that any Sub-Processor is located in a country outside the UK, EEA or Switzerland which has not been recognized as providing an "adequate level of data protection" by the European Commission, Service Provider will assist Verilogue in ensuring an adequate level of protection for the Personal Data by entering into the SCCs with the Sub-Processor on Verilogue's behalf, unless the Sub-Processor maintains a current self-certification to the EU-U.S. Privacy Shield Framework and the Transfer is to the United States of America. Service Provider shall provide Verilogue with a copy of any SCCs entered into pursuant to this provision on request and shall complete Schedules 1 and 2 and/or 3 (as applicable) attached hereto.
Changes in Law: If, for whatever reason, the transfer of Personal Data under the SCCs or the EU-US Privacy Shield, approved by the European Commission (Decision of 12th July 2016), as applicable, ceases to be lawful, Verilogue may, at its discretion, require Service Provider to: (i) cease transfers of the Personal Data to, or access to such Personal Data from, the relevant jurisdictions; or (ii) promptly cooperate with Verilogue to facilitate use of an alternative lawful data transfer mechanism that will permit Verilogue to continue to benefit from the Services in compliance with Applicable Data Protection Law. If Verilogue and Service Provider are unable to promptly implement such an alternative data transfer mechanism, then Verilogue may (at its option) upon written notice to Service Provider terminate the Agreement or any applicable Order, or reduce the scope of the Services to exclude the Personal Data, at no additional cost to Verilogue.

Unlawful Processing, Complaints and Personal Data Breaches

In the event that the sharing, use, or Processing of Personal Data under this Appendix and the Agreement is considered unlawful by a Supervisory Authority or a court with jurisdiction under Applicable Data Protection Law, Service Provider and Verilogue shall work together in good faith to enable the continuance of such sharing, use, or Processing of Personal Data under this Appendix and the Agreement in compliance with Applicable Data Protection Law. Where a Personal Data Breach occurs affecting the data or where a Data Subject makes a complaint about the processing of his/her Personal Data, Service Provider shall use all reasonable efforts in good faith to mitigate any brand or reputational damage to Verilogue.

Indemnification

Service Provider shall defend, indemnify, and hold harmless Verilogue, its affiliates, and all of their respective licensors, directors, officers, employees, representatives, and agents (collectively "Indemnitees") from and against any and all claims, actions, demands, inquiries, investigations and legal proceedings against any Indemnitee and all resulting liabilities, damages, losses, judgments, authorized settlements, reasonable costs, fines, penalties and expenses (including without limitation reasonable attorneys' fees and the cost of enforcing any right to indemnification hereunder) arising out of or in connection with Service Provider's breach of its representations and warranties herein or failure to comply with any of its obligations under this Appendix, Applicable Data Protection Law or any other applicable data protection law. Service Provider's liability in connection with its indemnification obligations under this Appendix shall not be subject to any limitation of liability that may be set forth in the Agreement.

Termination and Survival

The terms of this Appendix shall survive termination or expiration of the Agreement or any Order.

Schedule 1: Appendix 1 of the Controller-Processor SCCs

Processing Overview and Duration

Verilogue has engaged Service Provider to provide the Services set forth in the underlying Agreement or Order.

Service Provider will process Personal Data for the duration of the term of the Agreement or applicable Order unless Verilogue instructs Service Provider to delete or return the Personal Data at an earlier or later date.

Information for Appendix 1 of the SCCs

Data exporter: Verilogue.

Data importer: Service Provider.

Data subjects: The Personal Data transferred shall concern existing and prospective customers of Verilogue and individuals who have volunteered to participate in Verilogue's research programs.
Categories of data: The types of Personal Data transferred shall include information regarding Data Subjects' health information and demographic information, as further specified in the underlying Agreement or an applicable Order.
Special categories of data/sensitive personal data: Personal data concerning health is transferred.
Processing operations: Processing activities involve recorded conversations between individuals and/or their caregivers and the individuals' healthcare providers ("Recordings") and shall include [removal of identifying information from Recordings or excerpts of Recordings] [transcription of Recordings or excerpts of Recordings from which certain identifying information has been removed] [translation into English of transcribed Recordings or excerpts of Recordings from which certain identifying information has been removed] [OTHER PROCESSING ACTIVITY], as set forth in the Agreement or applicable Order.

Processing Location and Sub-Processors

Service Provider shall maintain a list of the names and locations of all Sub-Processors that provide hosting services, technical support, customer services or other services (including affiliates of Service Provider if they count as sub-processors from a legal/data protection perspective) through a link conspicuously placed on any websites, mobile sites, applications, other properties maintained or operated by Service Provider that Process Personal Data. Service Provider shall also make such list available to Verilogue promptly upon request and regularly review and update such list to ensure it is current.

Schedule 2: Appendix 2 of the Controller-Processor SCCs

Data importer agrees and warrants that it has implemented and will maintain technical and organisational measures appropriate to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. These measures ensure a level of security appropriate to the risks presented by the processing and the nature, scope, context and purposes of the processing, having regard to the state of the art and the cost of their implementation, including as appropriate: (i) the pseudonymization and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.

Last Updated: July 30, 2024