Last Modified: April, 2020
Collection of Personal and Business Information
To establish an account with us, and in some cases, to use our Service without establishing an account, we collect your personal and business information including your:
- Full name;
- Business name(s);
- Mailing address;
- Email address;
- Phone number;
- Other types of raw data relating to how you interact with the Website and Service, for example, your browser information and session duration;
- Business logos and trademarks (where you elect to upload them);
- Payment, banking and credit card information (stored via a third party payment provider); and
- All other information you provide or upload to our Website or Service or otherwise.
Please note that third party service providers may have their own privacy policies on the collection and use of your information which either we or you provide them.
Credit Card and Payment Processing Companies
We may also collect credit card and payment information from you via a third party payment provider. Their additional terms of service and privacy policies may apply to the collection and use of your personal information. If you have questions regarding our payment processor, please contact us.
The Use of Your Personal Information
The collection of your personal information, and the personal or health information of third parties you or they upload, may also be used to:
- Facilitate the operation of the Website and Service, We may also send you emails and text messages to facilitate access to our Service;
- Verify your contact information;
- Support and improve the Website and Service we offer;
- Provide user support and communicate with you about your account or services we offer;
- Bill and collect money owed to us;
- Pursue available legal remedies to us and to prosecute or defend a court, arbitration or similar proceeding;
- Meet legal requirements;
- Seek the counsel of professional advisors, including lawyers;
- Enforce compliance with any terms and conditions and applicable law; and
- Enhance our Service offerings to you and offer you related products and services, whether by advertisements, electronic messages or otherwise.
TO THE EXTENT YOU USE OUR SERVICE TO COLLECT, STORE AND USE THE PERSONAL AND HEALTH INFORMATION OF A THIRD PARTY, YOU AGREE, REPRESENT AND WARRANT THAT YOU WILL ONLY COLLECT, STORE AND USE SUCH INFORMATION IF YOU HAVE THAT PERSON’S EXPRESS CONSENT AND TO THE EXTENT IT IS LAWFUL FOR YOU TO DO SO UNDER ANY APPLICABLE LAWS, RULES OR REGULATIONS.
The Disclosure of Your Personal Information and Access to It
WE RESERVE THE RIGHT TO PROVIDE YOUR CONTENT AND INFORMATION (INCLUDING BUT NOT LIMITED TO YOUR PERSONAL, HEALTH AND BUSINESS INFORMATION, AND THE PERSONAL OR HEALTH INFORMATION OF THIRD PARTIES) UPLOADED TO OR COLLECTED BY OUR WEBSITE, SERVICE OR OTHERWISE TO THIRD PARTIES, INCLUDING GOVERNMENTS OR GOVERNMENT AGENCIES, IF REQUIRED BY LAW (SUCH AS IN RESPONSE TO A SUBPOENA, COURT ORDER OR OTHER LEGAL PROCESS IN ANY JURISDICTION), AND TO COOPERATE WITH LAW ENFORCEMENT AUTHORITIES IN THE INVESTIGATION OF ANY CRIMINAL OR CIVIL MATTER.
IF WE ARE REQUIRED BY LAW TO MAKE ANY DISCLOSURE OF SUCH INFORMATION, WE MAY (BUT ARE NOT OBLIGATED TO) PROVIDE YOU WITH WRITTEN NOTICE (TO THE EXTENT PERMITTED BY LAW) PRIOR TO SUCH DISCLOSURE SO THAT YOU MAY TAKE APPROPRIATE ACTION.
We may disclose your personal, health and business information (and the information of your patients and users uploaded to the Service) to our employees and contracted providers to use that information in connection with one or more of the purposes for which that personal information was collected.
We may also disclose your personal information (and the personal or health information of the third parties who upload it) to our successors (if our business or the Service is acquired by another legal entity) or any assignee of our assets relating to the Website and Service.
WHILE WE TAKE REASONABLE MEASURES TO PROTECT PERSONAL AND HEALTH INFORMATION, YOU AGREE THAT, TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL WE, OUR AFFILIATES, OFFICERS, DIRECTORS, SHAREHOLDERS, EMPLOYEES, CONTRACTORS, AGENTS, SUPPLIERS, OR LICENSORS BE LIABLE, HOWSOEVER CAUSED, FOR THE LOSS OR THEFT OF YOUR PERSONAL OR HEALTH INFORMATION OR ANY DAMAGES CAUSED AS A RESULT THEREOF, SO LONG AS WE WERE NOT GROSSLY NEGLIGENT IN THE PROTECTION OF SAID INFORMATION.
Retention of Your Personal Information
We keep your personal information for as long as it is required for the purpose for which it was collected. There is no single retention period applicable to the various types of personal information collected. If you would like us to delete your personal information, please contact us at firstname.lastname@example.org.
As a service provider, to the extent you are legally obligated to retain personal or health records of your patients, prospects or customers, you agree to comply with those obligations without the reliance of our Service or us. You further agree that you are responsible for keeping your personal information, and the personal information of your users, clients, customers, patients, prospects and the like up to date and in conformity with all applicable laws, rules or regulations which govern you and us.
Our Website and Service may place a "cookie" in the browser files of your computer. Disabling cookies on your web browser may interrupt the proper use of the Website and Service.
Your Responsibilities and Acknowledgement
Last Modified: April, 2020
WE ACCEPT NO RESPONSIBILITY FOR YOUR ACTIONS OR THE ACTIONS OF OTHER USERS OF THE WEBSITE AND SERVICE (WHETHER ONLINE OR OFFLINE).
You agree to use our Website and Service in accordance with the following acceptable use and code of conduct guidelines. In particular, you agree that you:
- Will not upload, copy, distribute, share, sell, create derivative works of, or otherwise alter or use any content, in whole or in part, for any purpose whatsoever except as expressly authorized in this acceptable use policy and the Terms;
- Will not upload, copy, distribute, share, or otherwise use content that is unlawful, obscene, defamatory, libelous, harmful, hateful, harassing, bullying, pornographic, threatening, racially or ethnically offensive or abusive, that would violate another person's rights (including their intellectual property rights), constitute or encourage a criminal offense, give rise to civil liability, or violate any local, state, provincial, national or international law or regulation, or that is otherwise inappropriate;
- Will not exploit the images of children or disclose personally identifiable information belonging to others;
- Will not upload, copy, distribute, share or otherwise use unsolicited or unauthorized advertising, promotional materials, or any junk mail;
- Will not upload, copy, distribute, share or otherwise use content that contains or embodies software viruses or any other malicious computer code that is designed to interrupt, undermine, destroy or limit the functionality of any computer software, hardware or communications equipment, or that is designed to perform functions on any software, hardware or equipment without the owner's express consent;
- Will not disclose your password or transfer your account to any third party, or allow any third party to access your account;
- Will not impersonate any person or entity;
- Will not access the Website and Service by any means other than through the interface provided by us for use in accessing the Website and Service. This includes not using or launching any automated system including, without limitation, any spider, robot (or "bot"), scraper or offline reader that accesses the Service in a way that sends more request messages to our servers in a given time period than a human reasonably can produce in the same time period.
- Will not interfere with or disrupt the Website, Service or servers or networks connected thereto, make the Service available over a network (other than our network) where it could be used by others or disobey any requirements, procedures, policies or regulations of networks connected to the Service;
- Will not use the Website or Service to artificially generate traffic or page links to a Website or for any other purpose not intended;
- Will not collect, harvest or store any personally identifiable information, including user account information, from us;
- Will not use the Website or Service in a way that has any unlawful or fraudulent purpose or effect;
- Will not translate, reverse engineer, decompile, disassemble, modify or create derivative works based on the Website or Service, in whole or in part;
- Will not circumvent, disable, violate or otherwise interfere with any security related feature of the Website or Service;
- Will not rent, lease, sublicense, transfer, sell, trade, resell or exploit for any commercial purposes any portion of the Website or Service (including, without limitation, your account information, use of the Service or access to the Service;
- Will not use your account for your own commercial purposes by sub-licensing any rights granted by the Terms or, in any way, sharing the benefit of your account with others. Your account is non-transferrable and may only be used by you;
- Will not use the Website or Service in any way that violates the Terms, or that aids, encourages, or purports to authorize anyone else to violate the terms of this policy;
- Will not use the Website or Service in any way that intentionally or unintentionally violates any applicable local, state, provincial, national or international law, rule or regulation;
- Will not employ misleading e-mail addresses or falsify information in any part of any communication;
- Will not upload, transmit, disseminate, post, store or post links to any content that:
- prohibits from transmitting or posting by law, or by contractual or fiduciary relationship;
- facilitates hacking or unauthorized access or use of data, systems, servers or networks including any attempt to probe, scan or test for vulnerabilities, or to breach security or authentication measures;
- interferes with service to any user, system or network by using flooding techniques, overloading a system or a network, staging or broadcasting an attack or any other means resulting in a crash of a host either deliberately or by negligence;
- infringes on, or contributes to any infringement of, any intellectual property, material protected by copyright, trademark, patent, trade secret or proprietary right of any party.
We reserve the right in our sole discretion to revise this policy, which shall be posted on the Website and Service.
Last Modified: April, 2022
This "Attachment A – Business Associate Agreement" (the "Agreement") is incorporated into and a part of Zentake's – "Terms of Service" This Business Associate Agreement ("Agreement") is entered between ("Covered Entity") and Zentake ("Business Associate"). In the event that you are a Business Associate and we are your subcontractor Business Associate under HIPAA, "Covered Entity" shall refer to you in your capacity as a Business Associate of one or more Covered Entities, and "Business Associate" shall refer to us as your subcontractor Business Associate. In the event that you are neither a Covered Entity nor a Business Associate under HIPAA, this Agreement shall not apply.
Pursuant to the parties' separate services agreement ('Services Agreement'), Business Associate has agreed to perform certain services for or on behalf of Covered Entity that may involve the creation, maintenance, use, transmission or disclosure of protected health information within the meaning of the Health Insurance Portability and Accountability Act of 1996 ('HIPAA'), and its implementing regulations, 45 CFR Parts 160 and 164 ("HIPAA Rules").
This Agreement supplements the Services Agreement and is intended to and shall be interpreted to satisfy the requirements for business associate agreements as set forth in the HIPAA Rules as they shall be amended.
- General Definitions. The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information and Use.
- Specific Definitions
a. Business Associate shall generally have the same meaning as the term 'business associate' at 45 CFR § 160.103, and in reference to the party to this Agreement, shall mean Business Associate.
b. Covered Entity shall generally have the same meaning as the term 'covered entity' at 45 CFR § 160.103, and in reference to the party to this Agreement, shall mean Covered Entity.
c. Protected Health Information shall generally have the same meaning as the term "protected health information" at 45 CFR § 160.103, and shall include any individually identifiable information that is created, received, maintained, or transmitted by Business Associate on behalf of Covered Entity that relates to an individual's past, present, or future physical or mental health, health care, or payment for health care, whether such information is in oral, hard copy, electronic, or any other form or medium.
- Business Associate Responsibilities. Business Associate agrees to:
a. Not use or disclose protected health information except as permitted by Section 2, below, or as otherwise required by law.
b. Use appropriate safeguards to prevent the use or disclosure of protected health information other than as permitted by this Agreement. To the extent applicable to business associates, Business Associate shall comply with the requirements in 45 CFR Part 164, Subpart C, including the use of administrative, physical and technical safeguards to protect electronic Protected health information.
c. Report to Covered Entity any use or disclosure of protected health information not permitted by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required by 45 CFR § 164.410, and any security incident as required by 45 CFR § 164.314(a)(2)(i)(C).
d. Ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information as required by 45 CFR §§ 164.502(e)(1)(ii) and (2) and 164.308(b)(2)(i)-(iii). Business Associate may fulfill this requirement by having the subcontractors execute an agreement that incorporates the terms of this Agreement.
e. Within fifteen (15) days after Covered Entity's request, make available to Covered Entity any protected health information in Business Associate's control as necessary to enable Covered Entity to satisfy its obligations to provide an individual with access to certain protected health information under 45 CFR § 164.524.
f. Within thirty (30) days after Covered Entity's request, make available to Covered Entity any protected health information for amendment and incorporate any amendments to protected health information as necessary to enable Covered Entity to satisfy its obligations under 45 CFR § 164.526.
g. Within thirty (30) days after Covered Entity's request, make available to Covered Entity the information required to provide an accounting of disclosures as necessary to enable Covered Entity to satisfy its obligations under 45 CFR § 164.528.
h. To the extent Business Associate is to carry out Covered Entity's obligations under 45 CFR Part 164, Subpart E, comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligations.
i. Make Business Associate's internal practices, books, and records relating to the use and disclosure protected heath information received from, or created or received by Business Associate on behalf of Covered Entity, available to the Secretary for purposes of determining Covered Entity's compliance with the HIPAA Rules.
- Uses and Disclosures by Business Associate.
2.1 Permissible Uses and Disclosures. Business Associate may use or disclose protected health information only as follows:
a. As necessary to perform the services set forth in the Service Agreement.
b. To de-identify protected health information in accordance with 45 CFR § 164.514(a)-(c).
c. As required by law.
d. For the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that:
(i) any disclosures for these purposes are required by law, or
(ii)(a) Business Associate obtains reasonable assurances from the entity to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the entity, and (b) the entity notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
e. To provide data aggregation services relating to the health care operations of Covered Entity as defined in 45 CFR § 164.501.
2.2 Impermissible Uses or Disclosures. Business Associate may not use or disclose protected health information in a manner that would violate 45 CFR Part 164, Subpart E, if done by Covered Entity except for the specific uses and disclosures set forth in Sections 2.1(d)-(e), above.
2.3 Minimum Necessary. Business Associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity's minimum necessary policies and procedures as disclosed by Covered Entity to Business Associate in advance.
- Covered Entity Responsibilities.
3.1 Representations and Warranties. Covered Entity represents and warrants that, prior to execution of this Agreement and at all times during this Agreement, (i) Covered Entity has obtained or will obtain any consent or authorization required by the HIPAA Rules or other law necessary for Business Associate to perform its duties pursuant to this Agreement; and (ii) Covered Entity has notified Business Associate of:
a. Any limitation(s) in Covered Entity's notice of privacy practices, policies, or agreements, or any order or other limitation imposed on Covered Entity, to the extent that such limitation may affect Business Associate's use or disclosure of protected health information.
b. Any agreement by Covered Entity with an individual concerning the use or disclose the individual's protected health information, to the extent that such agreements may affect Business Associate's use or disclosure of protected health information.
c. Any restriction on the use or disclosure of protected health information to which Covered Entity has agreed or with which Covered Entity is required to abide under 45 CFR § 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of protected health information.
3.2 Notice of Change by Covered Entity. Covered Entity agrees to immediately notify Business associate of any noncompliance with the representations and warranties identified in Section 3.1, including any change in the limitations, agreements, or restrictions identified in Section 3.1. Covered Entity understands and agrees that Business Associate entered this Agreement in reliance on Covered Entity's representations and warranties in Section 3.1, and that any non-compliance or change in limitations, agreements or restrictions may affect Business Associate's performance under this Agreement and shall entitle Business Associate to immediately terminate this Agreement and/or the Services Agreement at Business Associate's election.
3.3 Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose protected health information in any manner that would not be permitted under 45 CFR Part 164, Subpart E, if done by Covered Entity, except that Business Associate may use or disclose protected health information for Business Associate's data aggregation, management, administration, and legal responsibilities as set forth in Section 2.1(d)-(e).
- Term and Termination.
Unless otherwise agreed in writing by the parties, this Agreement shall be effective as of the date executed by the parties and shall continue until terminated as provided below.
4.1 Termination. This Agreement may be terminated as follows:
a. Either party may terminate this Agreement upon thirty (15) days prior written notice to the other party due to a material breach of this Agreement by the other party. The breaching party shall have the opportunity to cure the breach during the 30-day notice period. If the breaching party fails to cure the breach within the 30-day notice period, the non-breaching party may declare the Agreement terminated by providing written notice at the end of the 30-day period.
b. Either party may terminate this Agreement if either party determines that the other party has violated any law or regulation and/or that continued performance under this Agreement may subject the party to adverse action by any governmental agency.
c. Business Associate may terminate this Agreement pursuant to Section 3.2.
4.2 Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, Business Associate, with respect to protected health information received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:
a. Retain only that protected health information which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities as described in Section 2.1(d).
b. If feasible, return or destroy all other protected health information in Business Associate's control.
c. For any protected health information that is retained, continue to extend the protections of this Agreement to such information and limit further uses and disclosures to those purposes permitted by this Agreement.
4.3 Survival. Business Associate's obligations under this Section shall survive the termination of this Agreement.
- Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.
- Amendment. The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary to comply with the requirements of the HIPAA Rules and any other applicable law.
- Governing Law. This Agreement shall be construed to comply with the requirements of the HIPAA Rules, and any ambiguity in this Agreement shall be interpreted to permit compliance with the HIPAA Rules. All other aspects of this Agreement shall be governed under the laws of the State of Utah.
- Assignment/Subcontracting. This Agreement shall inure to the benefit of and be binding upon the parties and their respective legal representatives, successors and assigns. Business Associate may assign or subcontract rights or obligations under this Agreement to subcontractors or third parties without the express written consent of Covered Entity. Covered Entity may assign its rights and obligations under this Agreement to any successor or affiliated entity.
- Cooperation. The parties agree to cooperate with each other's efforts to comply with the requirements of the HIPAA Rules and other applicable laws; to assist each other in responding to and mitigating the effects of any breach of protected health information in violation of HIPAA Rules or this Agreement; and to assist the other party in responding to any investigation, complaint, or action by any government agency or third party relating to the performance of this Agreement.
- Relation to Services Agreement. This Agreement supplements the Services Agreement. The terms and conditions of the Services Agreement shall continue to apply to the extent not inconsistent with this Agreement. If there is a conflict between this Agreement and the Services Agreement, this Agreement shall control.
- No Third Party Beneficiaries. Nothing in this Agreement is intended to nor shall it confer any rights on any other persons except Covered Entity and Business Associate and their respective successors and assigns.
- Entire Agreement. This Agreement contains the entire agreement between the parties as it relates to the use or disclosure of protected health information, and supersedes all prior discussions, negotiations and services relating to the same to the extent such other prior communications are inconsistent with this Agreement.
- Indemnification. If a party to this Agreement breaches any provision of this Agreement or violates any requirement of the HIPAA Rules applicable to the that party, that party shall indemnify, hold harmless and defend the other party from and against any and all claims, losses, liabilities, costs and other expenses incurred by the other party as a result of such breach or violation.
- Limitation on Liability. In no event shall Business Associate or any of its directors, officers, agents, parents, affiliates or subsidiaries (collectively "Business Associate') be liable to Covered Entity or any third party for any special, consequential, incidental, or indirect loss or damages arising out Business Associate's acts or omissions relating to this Agreement or theHIPAA Rules whether or not Business Associate has been advised of the possibility of such loss or damages. In all cases, Business Associate's aggregate liability under any legal theory, including contract, tort, or other bases, shall not exceed the fees paid by Covered Entity to Business Associate pursuant to the Services Agreement during the six (6) month period prior to the first occurrence upon which liability is based.