IMPRIVATA MASTER CLOUD SERVICES AGREEMENT

Publication Date: April 30, 2024

PLEASE READ THESE CUSTOMER TERMS OF SERVICE CAREFULLY: Prior to acknowledging acceptance, please be sure to carefully read and understand all of the terms, rights, and restrictions described in this Imprivata Master Cloud Services Agreement (this “Agreement”). This Agreement is a legal agreement between the entity identified in the applicable Order Form as the customer (“Customer”) and Imprivata, Inc. (“Imprivata”) for the Services (as defined below). Customer and Imprivata may be referred to in this Agreement individually as a “party” or jointly as the “parties”. IMPRIVATA PROVIDES THE SERVICES SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT AND ON THE CONDITION THAT CUSTOMER ACCEPTS AND COMPLIES WITH THEM. BY OPENING, INDICATING ASSENT ELECTRONICALLY, OR DOWNLOADING, INSTALLING, COPYING, OR USING THE SERVICES, THE CUSTOMER AGREES TO ACCEPT THE TERMS AND CONDITIONS OF THIS AGREEMENT AND AGREES THAT THE CUSTOMER IS LEGALLY BOUND BY THESE TERMS. IF CUSTOMER IS A CORPORATION, GOVERNMENTAL ORGANIZATION, OR OTHER LEGAL ENTITY, THEN THE INDIVIDUAL ACCEPTING THESE TERMS HEREBY REPRESENTS AND WARRANTS THAT THEY HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF CUSTOMER AND BIND CUSTOMER TO THESE TERMS. IF CUSTOMER DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, DO NOT CONTINUE DOWNLOADING, INSTALLING, COPYING OR USING THE SERVICES.

This Agreement, together with the applicable appendices referenced below, and the applicable Order Form governs Customer’s use of the Imprivata Services.

AppendicesDescription
Cloud Services
Customer ConnectSubscription purchases of Customer Connect are also subject to the product specific terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/customer-connect
Enterprise AccessSubscription purchases of Enterprise Access are also subject to the product specific terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/enterprise-access
FairWarningSubscription purchases of FairWarning are also subject to the product specific terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/fairwarning
GroundControlSubscription purchases of GroundControl are also subject to the product specific terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/groundcontrol
Biometric Patient IdentitySubscription purchases of Biometric Patient Identity are also subject to the product specific terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/biometric-patient-identity
Access Intelligence PlatformSubscription purchases of Access Intelligence Platform are also subject to the product specific terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/access-intelligence
Managed Services
Managed ServicesManaged Services purchases are also subject to the Managed Services terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/managed-services
Support
Maintenance and SupportSubscription purchases of Imprivata’s Cloud Services include maintenance and support as further described at https://www.imprivata.com/imprivata-master-cloud-services-agreement/maintenance-and-support
HardwareHardware purchases are subject to the terms found at https://www.imprivata.com/imprivata-master-cloud-services-agreement/hardware

DEFINITIONS.

The following terms shall have the following meanings:

“Affiliate" means any entity which directly or indirectly controls, is controlled by, or is under common control with a party to this Agreement. For purposes of this definition, control means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Cloud Service(s)” means the applicable Imprivata web-based applications, tools and platforms purchased by Customer as set forth on an Imprivata Order Form (or its equivalent if purchasing through an authorized reseller) and as further described in the applicable appendices.

“Confidential Information” means information furnished or made available directly or indirectly by the disclosing party to the receiving party which (i) is marked or clearly indicated to be confidential, proprietary, or with a similar designation; or (ii) a reasonable person would understand the information was confidential or proprietary information. Confidential Information shall not include Personal Data, which shall be governed by the Data Processing Appendix as set forth below, or protected health information, which shall be governed by a Business Associate Agreement as set forth below.

“Customer Data” means information that Customer transmitted, or that was transmitted on Customer’s behalf, to or through the Cloud Services, or that Customer stores, or displays within the Cloud Service, or that is otherwise used or processed in connection with Customer’s Cloud Services account. For the avoidance of doubt, Customer Data does not include Usage Data or any other information reflecting the access or use of the Services by or on behalf of Customer.

“Documentation” means Imprivata’s standard online user guides, documentation, product specifications, and training materials related to use of the applicable Cloud Services (excluding marketing materials), as updated from time to time and made available by Imprivata.

“Force Majeure Event” means an act of war, hostility, or sabotage; act of God; electrical, internet, or telecommunication outage that is not caused by the obligated party; government restrictions (including the denial or cancellation of any export or other license); or other event outside the reasonable control of the obligated party.

“Hardware” means Imprivata branded hardware devices purchased by Customer as set forth on an Imprivata Order Form (or its equivalent if purchasing through an authorized reseller) and as further described in the Hardware Appendix.

“Imprivata Order Form” or “Order Form” means the quote or other supplemental document (as applicable) issued by Imprivata, which specifies the Services, and/or Hardware to be purchased by Customer, and the price associated with each.

“Imprivata Materials” means the Services, Documentation, and Imprivata systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, that are provided or used by Imprivata in connection with the Services or otherwise comprise or relate to the Services or Imprivata systems. For the avoidance of doubt, Imprivata Materials include Usage Data and any information, data, or other content derived from Imprivata’s monitoring of Customer's access to or use of the Services, but do not include Customer Data.

“Managed Services” means the applicable managed services to implement and operate the Cloud Services on behalf of Customer purchased under an Imprivata Order Form (or its equivalent if purchasing through an authorized reseller) and as described in the Managed Services appendix.

“Personal Data” shall have the meaning as defined in the Data Processing Appendix.

“Professional Services” means any installation, migration or implementation services, and any additional consultancy or professional services purchased under an Imprivata Order Form (or its equivalent if purchasing through an authorized reseller) and as described in a Statement of Work (“SOW”).

“Services” means, collectively, the Cloud Services, Managed Services, and Professional Services.

“Subscription Term” means the duration of Customer’s subscription to the applicable Cloud Services and Managed Services as set forth in the applicable Imprivata Order Form (or its equivalent if purchasing through an authorized reseller).

“Support” means the services that Imprivata provides to maintain and support the Imprivata Cloud Services, which services are further described in the Maintenance and Support Appendix.

“User” means an individual authorized by Customer to use the Cloud Services pursuant to a subscription of the applicable Cloud Services purchased (as indicated in the applicable Imprivata Order Form or its equivalent if purchasing through an authorized reseller).

USE OF THE SERVICES.

  1. Access to Cloud Services. Subject to the terms and conditions of this Agreement and Customer’s payment of the applicable fees, Imprivata will permit Customer, during the Subscription Term, to: (i) access and use the Cloud Services solely for Customer’s internal business purposes; and (ii) provide Users access and use of the Cloud Services solely for the benefit of Customer and the operation of Customer’s business and in compliance with this Agreement. Customer is solely responsible for provisioning Users on the Cloud Services, as applicable, including: (a) methods of authenticating Users; (b) restricting access by User or group; (c) managing administrator privileges; (d) deauthorizing Customer personnel who no longer need access to the Cloud Services; and (e) maintaining security and confidentiality of User credentials. As between Customer and Imprivata, Customer is solely responsible for all activity that occurs under its User accounts. Imprivata reserves the right, in its sole discretion, to make any changes to the Cloud Services and applicable Documentation that it deems necessary or useful to: (a) maintain or enhance: (i) the quality or delivery of Imprivata’s services to its customers; (ii) the competitive strength of or market for Imprivata services; or (iii) the Cloud Services’ cost efficiency or performance; or (b) to comply with applicable law.
  2. Affiliates. Customer may provide access and use of the applicable Cloud Services to Customer’s Affiliate’s Users or allow them to receive such Cloud Services purchased under an applicable Imprivata Order Form (or its equivalent if purchasing through an authorized reseller); provided that, Customer is responsible for ensuring that each Affiliate’s use of such Cloud Services is in full compliance with the terms of the Agreement. Customer and each Affiliate shall be jointly and severally liable for all claims and liabilities arising under this Agreement related to the Cloud Services. Customer acknowledges and agrees that the usage of each Affiliate will be included when measuring usage and subscription compliance (including incremental subscription fees, if applicable). By executing an Imprivata Order Form (or its equivalent if purchasing through an authorized reseller) hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.
  3. Customer Responsibilities. Customer will (a) ensure all Users comply with this Agreement and all Imprivata Order Forms (or its equivalent if purchasing through an authorized reseller), (b) use commercially reasonable efforts to prevent unauthorized access to or use of Cloud Services, and notify Imprivata promptly of any such unauthorized access or use, (c) use Cloud Services only in accordance with the Documentation and applicable laws and government regulations, (d) be responsible for the Customer systems through which the Cloud Services are accessed; (e) be responsible for any security vulnerabilities, and the consequences of such vulnerabilities, arising from Customer Data, including any viruses, Trojan horses, worms or other harmful programming routines contained in Customer Data; (f) be responsible for the accuracy, quality and legality of Customer Data and the means by which Customer acquired Customer Data and provided Customer Data to Imprivata, (g) be responsible for providing all required notices and obtaining all required consent(s) from both individuals and entities for its and its Affiliates’ provision of Customer Data to Imprivata, including for transferring Customer Data from one state, province, country, or locality to another at Customer’s or its Affiliates’ request and any resulting legal effects of such transfers, and (h) comply with terms of service of non-Imprivata applications with which Customer uses Cloud Services. The Cloud Services do not replace the need for Customer to maintain regular back-up procedures with respect to Customer Data. Customer must in a timely manner supply the information, materials, and data Imprivata reasonably requires to provide the Services. Imprivata will have no responsibility for delays that result from the failure of Customer to provide such required information, materials, and data or for Customer’s failure to cooperate in the performance of Services as reasonably requested. Customer is responsible for selecting and configuring the Services it deems necessary to obtain the results desired or comply with laws applicable to Customer as determined by Customer. The Services may include recommendations or guidance which must be evaluated by Customer.
  4. Usage Restrictions. Customer is not granted a license to any intellectual property rights under this Agreement. The Imprivata Materials are protected by intellectual property laws, are the property of Imprivata or its licensors (if any), and Imprivata retains all ownership rights to them. Customer shall access and use the Imprivata Materials solely for its intended purpose as described in the Documentation. Any other use is strictly prohibited. Customer will not (a) make any Cloud Service or the Documentation available to any third party (other than Users in accordance with this Agreement), or use any Cloud Service or the Documentation for the benefit of anyone other than Customer or its Users, (b) sell, resell, sublicense, distribute, rent or lease any Cloud Service or any portion thereof, including the Documentation, or include any Cloud Service in a service bureau, time sharing or outsourcing offering; (c) interfere with or disrupt the integrity or performance of any Cloud Service or third-party data contained therein, (d) attempt to gain unauthorized access to any Cloud Service or its related systems or networks, (e) copy a Cloud Service or any part, feature, function or user interface thereof, (f) access any Cloud Service in order to build a competitive product or service, (g) reverse engineer any Cloud Service, in whole or in part, nor use any methods to gain access to the source code or infrastructure of the Cloud Service, in whole or in part, or (h) perform any benchmarking, security, or penetration testing on any Cloud Service, or any portion thereof, or Imprivata’s performance of the Cloud Service. Customer will use commercially reasonable measures to ensure Customer’s use of the Cloud Services do not store or transmit code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses. Customer shall not provide any competitor of Imprivata (including any employee or contractor of such competitor) with access to or use of the Cloud Services, including by read-only access, direct access through a User identification and password information, or otherwise.
  5. Professional Services. In the event Customer purchases Professional Services to be performed by Imprivata, Customer must sign an SOW detailing the project specifications for such services. Unless otherwise agreed in writing, any unused Professional Services will expire one year from the date of the applicable Imprivata Order Form (or its equivalent if purchasing through an authorized reseller), at which point Imprivata will be under no obligation to perform any additional services under the applicable Imprivata Order Form (or its equivalent if purchasing through an authorized reseller). Notwithstanding the foregoing, no credit/refund will be issued for any unused Professional Services under any circumstances. Imprivata shall retain all intellectual property rights in and to anything developed by Imprivata in connection with the SOW. Customer agrees that no proprietary materials created in connection with this Agreement are “works made for hire” as that term is used in connection with the U.S. Copyright Act. Imprivata grants the Customer a non-exclusive, non-transferable, royalty-free license to use anything expressly identified as a deliverable under the SOW to the extent necessary to enable Customer to make reasonable use of the Services and resulting deliverables. Any agreement made verbally or via any other means outside of the contents of a SOW is not binding and Imprivata is under no obligation to provide those services.
  6. Managed Services. In the event Customer purchases Managed Services to be performed by Imprivata, the specifications for such services shall be as set forth in the Managed Services Appendix or the applicable SOW.
  7. Support. Imprivata shall provide Support as further described in the Maintenance and Support Appendix. Support is included in the Cloud Service subscription cost and shall commence on delivery of the Cloud Service purchased under the applicable Imprivata Order Form (or its equivalent if purchasing through an authorized reseller) and continue for the duration of the Subscription Term. Imprivata will provide support for Hardware as further described in the Hardware Appendix.
  8. Right to Audit. Customer consents to Imprivata auditing it to ascertain Customer’s compliance with this Agreement, including the number of Users, Affiliates and any other applicable metric used in pricing, such audit to be conducted by Imprivata or an independent auditor during Customer’s standard business hours and at Customer’s expense. If the inspection reveals an underpayment of any subscription fees, Customer shall promptly pay to Imprivata the deficit.
  9. High Risk Activities. The Cloud Service is not fault-tolerant and is not developed or intended for use - including evaluation or trial use –in hazardous environments requiring fail-safe performance, including without limitation in the operation of nuclear facilities, aircraft navigation or control systems, air traffic control, direct life support machines or weapons systems, or any other application in which the failure of the Cloud Services could lead to death, personal injury, or severe physical or environmental damages (“High Risk Activities”). Imprivata specifically excludes any express or implied warranty of fitness for High Risk Activities.

EXPORT CONTROLS AND ECONOMIC SANCTIONS.

Customer agrees to comply with all applicable export laws and regulations, including but not limited to: (1) the Export Administration Regulations administered by the U.S. Department of Commerce’s Bureau of Industry and Security; and (2) the trade and economic sanctions maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control. Customer shall be responsible for compliance with such laws and regulations and will obtain any required licenses and other permissions for Hardware and Services ordered pursuant to this Agreement or otherwise received from Imprivata. Without limitation of the foregoing, Customer shall not export, re-export, release, or transfer, whether directly or indirectly, the Services, Hardware, or any part thereof (1) to any country or region subject to comprehensive economic sanctions (i.e., currently Cuba, Iran, North Korea, Syria, and the Crimea Region of Ukraine), including any person or entity in any such country or region and government or government instrumentalities, wherever located, of any such country or region; or (2) to individuals or organizations, including Customer, listed on: the U.S. Department of Commerce’s Denied Persons List, Entity List, or Unverified List; the U.S. Department of the Treasury’s list of Specially Designated Nationals and Blocked Persons or Consolidated Sanctions List; or any other list of parties proscribed by the U.S. Government. Customer shall not export, re-export, release, or transfer the Services, Hardware, or any part thereof, including technical data and services, to any party, if Customer knows or has reason to know that the products, data, or services (1) are intended, entirely or in part, for a “military-intelligence end use” or a “military-intelligence end user” (as those terms are defined under 15 C.F.R. § 744.22) in Burma, Cambodia, China (including Hong Kong), Russia, or Venezuela; or (2) will be used for activities related to: (i) nuclear proliferation; (ii) chemical or biological weapons; or (iii) missile proliferation (including drone/unmanned aerial vehicles capable of 300 km or longer range). Upon request from Imprivata, Customer agrees to certify compliance with these terms and provide information sufficient to verify such compliance. Customer shall indemnify and defend Imprivata from and against any loss, cost, damages, or expenses of any kind resulting from any third-party claim (including any government investigation) alleging any failure by Customer, its employees, or agents to act in accordance with this section.

U.S. GOVERNMENT RESTRICTED RIGHTS.

The Cloud Services and any firmware installed on Hardware is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting in part of "commercial computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12,212 and 48C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire the Cloud Services with only those rights set forth herein. Contractor/Manufacturer is: Imprivata, Inc., 20 CityPoint, 6th floor, 480 Totten Pond Rd., Waltham, MA 02451 U.S.A.

PAYMENT AND SHIPPING.

  1. Payment. Imprivata will invoice Customer for the fees set forth on the applicable Imprivata Order Form. Customer will pay invoices within 30 days of each invoice date. All purchases of the Services and Hardware are non-cancellable and non-refundable except as explicitly set forth otherwise in this Agreement.
  2. Payment Dispute. If there is a reasonable, good-faith dispute as to any of the fees owed to Imprivata by Customer in any invoice, then Customer may withhold disputed fees provided that Customer: (i) pay any undisputed fees contained in said invoice; (ii) deliver written notice of fees disputed to Imprivata within thirty (30) days of the invoice date, and (iii) enter into good faith negotiations to resolve the remaining dispute. In the event the parties are unable to resolve such dispute within ninety (90) days of entering into negotiations, then Imprivata may suspend the Services or terminate this Agreement upon fifteen (15) days advanced written notice thereafter. This paragraph shall not apply to any other dispute between the parties.
  3. Suspension of Service. If any undisputed fees owed by Customer under this Agreement are thirty (30) or more days overdue, Imprivata may, without limiting its other rights and remedies, (a) make late payments subject to a charge of the lesser of 1.5% per month or the maximum allowed by law during such time as any payment is late as well as collection costs, including reasonable collection and attorney’s fees; and/or (b) suspend the Services to Customer until such fees are paid in full.
  4. Taxes. Imprivata’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, hosting, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with Customer’s purchases hereunder. If Imprivata has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Imprivata will invoice Customer and Customer will pay that fee unless Customer provides Imprivata with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Imprivata is solely responsible for taxes assessable against Imprivata based on its income, property and employees.
  5. Shipping. All shipments are Incoterms 2010: FCA, Seller's Factory. Third party authentication devices are Non-Cancelable/Non-Returnable. Customer shall bear all costs of transportation, shipping, and insurance. Risk of loss and title (except for software) passes to you upon delivery to the carrier. Customer represents and warrants to Imprivata that it will not export or import the Services or any portion thereof or any Imprivata confidential information or related technical data in violation of applicable laws or regulations, including without limitation US export restriction laws and regulations relating to sales to nationals or residents of foreign nations, and Customer agrees to indemnify and hold Imprivata harmless from and against claims, losses, costs, or liability due to its breach of this warranty.

TERM AND TERMINATION.

  1. Term. This Agreement commences on the execution or acceptance by Customer of the first Order Form (or its equivalent if purchasing through an authorized reseller) and, unless terminated as set forth below, shall continue until the expiration or termination of the last existing Subscription Term. The length of Subscription Terms shall be specified in the applicable Imprivata Order Form (or its equivalent if purchasing through an authorized reseller).
  2. Termination for Cause. Either party may terminate this Agreement, applicable SOW and/or applicable Imprivata Order Form by written notice if the other party: (i) commits a material breach of this Agreement and fails to cure such breach within thirty (30) days after receiving written notice specifying such breach in reasonable detail; or (ii) becomes insolvent, commences dissolution proceedings or ceases to operate in the ordinary course of business. In addition, Imprivata may terminate this Agreement or any Imprivata Order Form immediately if Customer breaches Section 2.4 (Usage Restrictions).
  3. Effect of Expiration or Termination. Upon expiration or termination of this Agreement, SOW or Imprivata Order Form, by either party, all Services obtained by Customer, under this Agreement, SOW and/or Imprivata Order Form (as applicable) shall terminate, and Customer shall cease using the applicable Cloud Services and Imprivata will cease providing Managed Services and Professional Services. Upon any such expiration or termination, Customer shall promptly remit to Imprivata all unpaid fees due, or to become due, under this Agreement, SOW and/or Imprivata Order Form (as applicable). In addition to those provisions which by their nature are intended to survive any expiration or termination of this Agreement or any individual Imprivata Order Form, Section 8 (Confidentiality) and Section 11 (Limitation of Liability) shall specifically survive such expiration or termination.

DATA.

  1. Usage Data. Imprivata shall own all rights, title, and interests in and to the aggregated de-identified and/or anonymized data derived from or generated from Customer’s and its Users’ use of the Services that do not specifically identify Customer or an individual, including all usage statistics, analytic data, benchmarking data and data that relates to the performance or functionality of the Services (“Usage Data”). For greater certainty, the parties acknowledge that Usage Data shall not be considered part of Customer Data and that Imprivata shall own all rights, title, and interests in and to products and services, including modifications or improvements to existing products and services, derived from Usage Data. Imprivata agrees that all uses of Usage Data shall be in accordance with applicable law.
  2. Customer Data. Customer grants Imprivata and its Affiliates a license to use, host, copy, transmit, and display Customer Data during the term of this Agreement solely as necessary or useful for Imprivata to provide, update, and enable functionality of the Services. Imprivata agrees that all uses of Customer Data shall be in accordance with applicable law and is for Imprivata’s internal business purposes only, subject to the confidentiality obligations set forth herein. Imprivata does not sell, as such is defined in certain applicable laws, Customer Data to any third party. Subject to the limited licenses granted herein, Imprivata acquires no right, title or interest from Customer or its licensors under this Agreement in or to Customer Data.
  3. Biometric Information. Customer agrees that as between Customer and Imprivata, Customer is the party that captures, enrolls, or otherwise collects the biometric information processed in connection with the Agreement, and Customer represents and warrants that it complies, and will comply, with all laws, rules, regulations, and orders applicable to the processing of such information under the Agreement, including all applicable biometric and privacy laws and regulations. Customer represents and warrants that it will provide all required notices and obtain all required consent(s) and/or written release(s) from any individuals from whom biometric information is collected in connection with Customer’s use of the Cloud Services. Applicable Cloud Services may have consent workflows enabled to fulfill any separate and distinct duty Imprivata may have. Such prompts and collection of consent shall not be understood, interpreted, or construed to relieve Customer of its own duties. Customer agrees to indemnify and hold Imprivata harmless from and against any and all third-party claims, demands, actions, threatened actions, governmental enforcement proceedings, costs (including reasonable attorneys’ fees) liabilities, fines, penalties, and other loss arising or resulting from Customer’s breach or alleged breach of the warranties in this Section 7.3. Any such indemnification obligations shall be in accordance with the procedures set forth in Section 10. For the purpose of this Section 7.3, “biometric information” means information defined as biometric information under applicable laws, including without limitation, a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.
  4. Protection of Personal Data. To the extent that Imprivata processes Personal Data in connection with the Services, the parties agree to comply with the Data Processing Addendum (“DPA”) found at https://www.imprivata.com/data-processing-addendum, which is incorporated herein by reference, unless the parties have executed a DPA, in which case such agreement shall govern. The DPA describes how Imprivata will handle Personal Data on Customer’s behalf in connection with the Services provided under this Agreement. For the sake of clarity, the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF (collectively, the “DPF”) shall govern third country data transfers. In the event that the DPF does not apply, reliance shall shift to the DPA, inclusive of the Standard Contractual Clauses.
  5. Regional Data Hosting. Imprivata can store Customer Data in a specific location or geographical region where Imprivata does business (e.g., North America or Europe) as part of Customer’s subscription subject to the terms of this Agreement.
  6. Transfers of Customer Data for Support. Imprivata and its Affiliates may utilize personnel (including subcontractors) to meet its obligations under this Agreement related to the Services. Examples include, but are not limited to, troubleshooting, support, engineering resources, etc. Customer acknowledges that Confidential Information (if provided by the Customer in screenshots and/or log files) could be accessed and viewed by offshore personnel in the provision of the aforementioned support. Imprivata shall ensure that any such personnel abide by the terms of this Agreement. Notwithstanding the foregoing, Customer shall not share with or transfer to Imprivata (e.g., via use of the Services, or through screen-sharing or transmitting screenshots in the course of support and maintenance) Special Categories of Data or Sensitive Data (as such are defined in the DPA) or other data that imposes specific data security or data protection obligations on Imprivata in addition to or different from those specified in the Documentation or which are not already provided as part of the Services without Imprivata’s prior written consent.
  7. Business Associate Agreement. To the extent applicable to the Services provided to Customer, Imprivata agrees to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (PL 104-91), the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009 (PL 111-5) and regulations enacted by the United States Department of Health and Human Services at 45 C.F.R. Parts 160 – 164 solely as it relates to the performance of Imprivata’s obligations hereunder. The parties agree to comply with the provisions of the Business Associate Agreement found at https://www.imprivata.com/business-associate-agreement, which is incorporated herein by reference, unless the parties have executed a Business Associate Agreement, in which case such agreement shall govern. In the event of conflict between the Business Associate Agreement and any provision of this Agreement, the terms of the Business Associate Agreement shall control.

CONFIDENTIALITY.

Each party agrees that it will take reasonable steps, at least substantially equivalent to the steps it takes to protect its own proprietary information, to (i) prevent use of the other party’s Confidential Information for any purpose other than to carry out its rights and obligations hereunder, and (ii) prevent the disclosure of the other party’s Confidential Information other than to its employees or contractors who must have access to such Confidential Information for such party to exercise its rights and perform its obligations hereunder and who each agree to be bound by agreements with a duty of confidentiality no less protective of confidential information than provided herein, and each party shall be responsible to ensure that its employees and consultants comply with the restrictions set forth herein. The parties’ obligations set forth in this section shall not apply with respect to any portion of the Confidential Information that: (i) was in the public domain at the time it was communicated to the receiving party; (ii) entered the public domain through no fault of the receiving party; (iii) is rightfully received by the receiving party from a third party without a duty of confidentiality; (iv) is independently developed by the receiving party without use of the Confidential Information; or (v) consists of generalized ideas, concepts, know-how or techniques in intangible form that is incidentally retained in the unaided memories of persons who have had authorized access to Confidential Information (provided that this exception shall not be construed to grant to either party a license to the other party’s copyrights or patents beyond those otherwise granted in this Agreement). If the receiving party is legally required to disclose any of the disclosing party’s Confidential Information, then it may do so provided that the receiving party (i) provides prompt written notice to the disclosing party (to the extent permitted by law), (ii) provides all reasonably requested assistance in attempting to limit the scope of the disclosure, and (iii) only discloses Confidential Information to the extent actually required by law.

WARRANTIES.

  1. Imprivata warrants that the Cloud Services will conform substantially to Imprivata’s Documentation during the Subscription Term. This warranty is a limited warranty. It does not apply to (a) Cloud Services and other products identified in their product description as being sold or licensed "as-is" or (b) Cloud Services and other products identified as "beta" or "pre-release" or the like; all of which are supplied on an "as-is" basis without any warranty of any kind. Imprivata will have no obligation hereunder if the alleged defect is due to (x) causes not within Imprivata’s reasonable control, including accident, alteration, abuse, or misuse or (y) use of the Cloud Services other than in accordance with the Documentation. IMPRIVATA’S SOLE LIABILITY, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY, FOR ANY BREACH OF THE FOREGOING CLOUD SERVICES WARRANTY IS THAT IMPRIVATA SHALL, AT ITS OPTION, REPAIR OR REPLACE THE CLOUD SERVICES SO THAT IT CONFORMS TO THE LIMITED WARRANTY SET FORTH ABOVE OR TERMINATE THIS AGREEMENT AND, REFUND TO CUSTOMER THE PRICE PAID FOR THE REMAINDER OF THE THEN-CURRENT SUBSCRIPTION TERM.
  2. Imprivata warrants that it will provide any Professional Services and Managed Services in a good and workmanlike manner consistent with industry standards. THIS WARRANTY IS A LIMITED WARRANTY. FOR ANY BREACH OF THE FOREGOING WARRANTY, IMPRIVATA’S SOLE LIABILITY, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY SHALL BE FOR IMPRIVATA TO RE-PERFORM SUCH SERVICES. Customer must notify Imprivata in writing of any such breach within thirty (30) days after the performance of the applicable Services.
  3. IMPRIVATA MAKES NO REPRESENTATIONS OR WARRANTIES OTHER THAN THOSE SPECIFIED IN THIS SECTION 9 AND ALL OTHER REPRESENTATIONS OR WARRANTIES (EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE) ARE EXPRESSLY DISCLAIMED, INCLUDING THOSE WARRANTIES AS TO QUALITY, CONDITION, ACCURACY OR COMPLETENESS OF RESPONSES, RESULTS, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. WITHOUT LIMITING THE FOREGOING, IMPRIVATA DOES NOT WARRANT (I) THAT THE SERVICES OR THE DOCUMENTATION WILL BE FREE FROM ANY INTERRUPTIONS, DELAYS, INACCURACIES, SERVER DOWN-TIME, ERRORS, OR OMISSIONS, (II) THE PERFORMANCE OR RESULTS CUSTOMER MAY OBTAIN BY RECEIVING THE SERVICES OR USING THE DOCUMENTATION, (III) THE SERVICES OR DOCUMENTATION WILL MEET CUSTOMER’S REQUIREMENTS, OR (IV) USE OF THE SERVICES OTHER THAN AS PERMITTED IN THIS AGREEMENT OR THE DOCUMENTATION. THE CLOUD SERVICES ARE A MONITORING AND/OR ADMINISTRATIVE TOOL DESIGNED TO ENABLE CUSTOMER IN THE MANAGEMENT OF CUSTOMER’S BUSINESS OPERATIONS. IMPRIVATA DOES NOT PROVIDE LEGAL OR SECURITY ADVICE AND DISCLAIMS RESPONSIBILITY FOR ANY SERVICES CUSTOMER INTERPRETS AS SUCH. NO REPRESENTATION OR OTHER AFFIRMATION OF FACT, INCLUDING STATEMENTS REGARDING CAPACITY, SUITABILITY FOR USE, OR PERFORMANCE OF THE SERVICES OR DOCUMENTATION NOT CONTAINED IN THIS AGREEMENT, OR RECOMMENDATIONS MADE AS PART OF OR IN CONNECTION WITH THE SERVICES, SHALL BE DEEMED TO BE A WARRANTY, CONDITION, REPRESENTATION, OR GUARANTEE BY IMPRIVATA. Customer will have sole responsibility for the adequate protection and backup of Customer’s data and/or equipment. Imprivata is not responsible for restoring lost data or damage to Customer Data that results from Customer’s actions. THIS LIMITED WARRANTY GIVES CUSTOMER SPECIFIC RIGHTS. CUSTOMER MAY HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE, AND COUNTRY TO COUNTRY.

INDEMNIFICATION.

  1. Indemnification by Imprivata. Imprivata will defend Customer from and against third party claims (and will pay any resulting judgements awarded by a court of final jurisdiction or settlements entered into in accordance with Section 10.3 below) arising solely from a claim that the Cloud Services as provided by Imprivata infringe any United States or European Union patent or any copyright rights (in or of countries that are signatories to the Berne Convention) of a third party. Imprivata's obligation is subject to Customer’s compliance with the procedures set forth in Section 10.3. Notwithstanding anything to the contrary herein, Imprivata shall have no obligation to indemnify Customer for infringement claims arising in whole or in part from: (1) designs, processes, specifications or modifications originated or requested by Customer; (2) the combination of the Cloud Services or any part thereof with other equipment, software, process, or products not supplied by Imprivata if such infringement or misappropriation would not have occurred but for such combination; (3) Customer’s failure to install an update, where same would have avoided such claim or (4) Customer’s use of the Imprivata Materials in violation of Section 2.4. Customer will indemnify and hold Imprivata harmless from and against claims that are the subject of clauses (1)-(3). In the event that the use or sale of any of the Cloud Services is enjoined or, in Imprivata’s judgment may become subject to a claim of infringement, Imprivata may: (i) procure for Customer the right to continue to use the Cloud Services, (ii) replace the infringing portion of the Cloud Services with a materially functionally equivalent product or modify it to address any potential infringement, or (iii) remove Customer’s access to the Cloud Services and reimburse Customer for any prepaid fees for the remainder of the applicable Cloud Services Subscription Term on a pro-rata basis. THIS SECTION STATES IMPRIVATA'S ENTIRE LIABILITY TO CUSTOMER AND CUSTOMER’S SOLE REMEDY FOR ANY INFRINGEMENT CLAIMS CONCERNING THE CLOUD SERVICES.
  2. Indemnification by Customer. Customer will defend Imprivata against any claim, demand, suit or proceeding made or brought against Imprivata by a third party (a) alleging Customer’s unauthorized use of the Cloud Services infringes or misappropriates such third party’s intellectual property rights, or (b) alleging that Customer Data or Customer’s use of Customer Data with the Cloud Services violates applicable law or regulation (each a “Claim Against Imprivata”), and will indemnify Imprivata from any damages, attorney fees and costs finally awarded against Imprivata as a result of, or for any fees paid by Imprivata under a court-approved settlement of, a Claim Against Imprivata. Customer’s obligation is subject to Imprivata’s compliance with the procedures set forth in Section 10.3.
  3. Indemnification Procedure. If a party (the “Indemnified Party”) becomes aware of any matter for which it has a right to indemnity under this Agreement (each an “Action”), the Indemnified Party will promptly notify the other Party (the “Indemnifying Party”) in writing of such Action, provided however, that the failure to promptly notify shall not affect the obligations of the Indemnifying Party except to the extent that such failure actually prejudiced the Indemnifying Party. The Indemnified party will grant sole control over the defense and settlement of the Action to the Indemnifying Party (and its insurer, if applicable), and cooperate in the defense of such Action at the Indemnifying Party’s expense as reasonably requested. The Indemnifying Party has no obligation to indemnify the Indemnified Party in connection with any settlement made without the Indemnifying Party’s prior written consent. The Indemnified Party shall be permitted to monitor the defense of any such Action with counsel of its choosing at its sole cost and expense.

LIMITATION OF LIABILITY.

IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, CONSEQUENTIAL, EXEMPLARY, SPECIAL, LOSS OF DATA, OR LOST PROFITS DAMAGES OF ANY KIND (INCLUDING ANY LOST REVENUE, PROFITS, SAVINGS, BUSINESS OPPORTUNITIES, USE, OR GOODWILL) HOWEVER ARISING, REGARDLESS OF WHETHER SUCH DAMAGES ARE FORESEEABLE AND WHETHER EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF IMPRIVATA EXCEED THE FEES PAID AND PAYABLE BY CUSTOMER UNDER THE AGREEMENT DURING THE PRECEDING TWELVE-MONTH PERIOD FOR THE APPLICABLE CLOUD SERVICE GIVING RISE TO THE LIABILITY CLAIM(S). MONETARY DAMAGES AS LIMITED BY THIS SECTION SHALL SERVE AS CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY CLAIM ARISING UNDER OR RELATING TO THIS AGREEMENT OR THE SUBJECT MATTER OF THIS AGREEMENT FOR WHICH AN EXCLUSIVE REMEDY IS NOT PROVIDED, AND AS CUSTOMER’S SOLE AND EXCLUSIVE ALTERNATIVE REMEDY SHOULD ANY EXCLUSIVE REMEDY HEREUNDER BE FOUND TO FAIL OF ITS ESSENTIAL PURPOSE.

CUSTOMER LIST.

Customer agrees that Imprivata may include Customer’s name and logo on its customer lists, including in on-line and printed forms.

FORCE MAJEURE.

Neither party is responsible for any delays or failure in performance (except for payment of fees owed) to the extent that such failure is due to a Force Majeure Event. Both parties will use reasonable efforts to mitigate the effect of a Force Majeure Event. This section does not excuse either party’s obligation to take reasonable steps to follow its normal disaster recovery procedures.

GOVERNING LAW.

THIS AGREEMENT SHALL BE GOVERNED BY AND CONSTRUED IN ACCORDANCE WITH THE LAWS OF THE COMMONWEALTH OF MASSACHUSETTS, WITHOUT REGARD FOR PRINCIPLES OF CONFLICT OF LAWS. EACH PARTY HEREBY CONSENTS AND SUBMITS TO THE JURISDICTION AND FORUM OF THE STATE AND FEDERAL COURTS IN THE COMMONWEALTH OF MASSACHUSETTS IN ALL QUESTIONS AND CONTROVERSIES ARISING OUT OF OR RELATING TO THIS AGREEMENT OR ITS SUBJECT MATTER. THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS AND THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT (UCITA) AS ADOPTED BY ANY STATE ARE SPECIFICALLY EXCLUDED FROM APPLICATION HEREUNDER.

EQUITABLE RELIEF.

The parties agree that, because of the proprietary nature of their respective Confidential Information (including the Cloud Services in Imprivata’s case), legal remedies due to a party’s breach of its obligations under this Agreement may be inadequate and that in the event of a breach or threatened breach, a party may be entitled to seek equitable relief, including injunctive relief, without the posting of any bond, in addition to all other remedies provided under this Agreement or available at law.

ASSIGNMENT.

This Agreement is binding upon and inures to the benefit of the parties, their successors and permitted assigns. Neither party may assign or transfer its rights hereunder without the other party’s prior written consent, provided that Imprivata may assign this Agreement in connection with a merger, corporate reorganization, consolidation, or the sale of all or substantially all of its assets or equity.

ENTIRE AGREEMENT.

This Agreement and the appendices attached hereto (and any Imprivata Order Forms) contains the entire agreement of the parties with respect to the subject matter contemplated by this Agreement and supersedes all prior and contemporaneous agreements, representations and understandings, whether written or oral with respect to such subject matter. No modification or waiver of any provision hereof is effective unless in writing and signed by each party. Imprivata shall not be subject to any provisions of any pre-printed purchase order, or any of Customer’s policies, regulations, rules, or the like, including those set forth in any of Customer’s sponsored registration system (collectively, “Policies”), even if such Policies require affirmative acknowledgement from a Imprivata representative.

SEVERABILITY.

If any provision of this Agreement or the application thereof to any party or circumstances shall, to any extent, now or hereafter be or become invalid or unenforceable, the remainder of this Agreement shall not be affected thereby, and every other provision of this Agreement shall be valid and enforceable to the fullest extent permitted by law. Section headings used in this Agreement are intended for convenience only and shall not affect the interpretation or construction of this Agreement.

INDEPENDENT CONTRACTORS.

The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. There are no third-party beneficiaries under this Agreement.

FUTURE PRODUCTS.

Imprivata may from time to time, prior to or during the term of this Agreement, disclose to Customer information related to planned future products, features or enhancements. Imprivata’s development efforts and plans are subject to change at any time, without notice; Imprivata provides no assurances that Imprivata will introduce any such future products, features or enhancements and assumes no responsibility to introduce such products, features or enhancements. Customer acknowledges that its current purchasing decisions are not made based on the reliance on any such future timeframes or specifics described to Customer.

EVALUATION, TRIAL OR BETA CLOUD SERVICES.

Imprivata may offer certain Cloud Services to Customer for evaluation, trial or beta purposes (“Trial Services”). In such event, Imprivata grants to Customer a nonexclusive, limited, royalty-free, nontransferable right to use the Trial Services solely for Customer’s internal evaluation purposes during the period designated by Imprivata on the Order Form (or if not designated, 30 days). Notwithstanding any other provision contained herein, such Trial Services are provided to Customer “as is” without indemnification, support, service level agreement, or warranty of any kind, express or implied. Imprivata assumes no liability arising out of or in connection with Customer’s use of such Trial Services and shall not be liable for any direct, indirect, special, incidental, consequential, or punitive damages of any kind, except with respect to losses that cannot be legally limited or excluded under law, related to Customer’s use of the Trial Services. Except to the extent the terms in this Section conflict with the terms set forth in this Agreement, all other terms of this Agreement shall apply to the Trial Services.

APPLICABLE LAWS.

Imprivata shall comply with all applicable laws to the extent that such laws by their terms are expressly applicable to Imprivata’s delivery of the Services under this Agreement and impose obligations upon Imprivata in its role as a software and services provider with respect to the Services provided under this Agreement. Customer shall comply with all applicable laws to the extent that such laws by their terms, are expressly applicable to Customer’s use and receipt of the Services under this Agreement and impose obligations upon Customer with respect to the Services provided under this Agreement. Customer is solely responsible for determining whether the Services enable Customer to comply with laws applicable to Customer.

NO WAIVER.

The failure of either party at any time to require performance by the other party of any provision of this Agreement shall in no way affect that party’s right to enforce such provisions, nor shall the waiver by either party of any breach of any provision of this Agreement be taken or held to be a waiver of any further breach of the same provision.

COUNTERPARTS.

This Agreement may be executed in one or more counterparts, each of which shall be deemed to be a duplicate original, but all of which, taken together, shall be deemed to constitute a single instrument. This Agreement may be executed by facsimile or by electronic transmission of a pdf file.

NOTICE.

Except as may be otherwise set forth herein, all notices, requests, demands and other communications hereunder will be in writing (email acceptable) and will be deemed to have been duly given: (i) on the next day if delivered personally or electronically to such party; (ii) on the date three (3) days after mailing if mailed by registered or certified mail; or (iii) on the next day if delivered by courier. All notices to Imprivata shall be sent to the following address: Imprivata, Inc., Attn: Legal Department, 20 CityPoint 480 Totten Pond Road, 6th Floor, Waltham, MA 02451 or dept.legal@IMPRIVATA.com. Customer may designate in writing the relevant contact to which all notices shall be addressed.