This Plait Subscription Terms of Service ("Agreement") is entered into by and between the Plait entity set forth below ("Plait") and the entity or person placing an order for or accessing any Services ("Customer" or "you"). If you are accessing or using the Services on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company, and all references to "you" or "Customer" reference your company.
This Agreement permits Customer to purchase subscriptions to online software-as-a-service products and other services from Plait pursuant to any Plait ordering documents, online registration, order descriptions or order confirmations referencing this Agreement ("Order Form(s)") and sets forth the basic terms and conditions under which those products and services will be delivered. This Agreement includes the Additional Product Terms, incorporated by reference herein, and will govern Customer's initial purchase on the Effective Date as well as any future purchases made by Customer that reference this Agreement.
The "Effective Date" of this Agreement is the date which is the earlier of (a) Customer's initial access to any Service (as defined below) through any online provisioning, registration or order process or (b) the effective date of the first Order Form referencing this Agreement.
As used in this Agreement, "Plait" means Well Revolution Limited, a New Zealand company (7396836) with offices at 42 Airedale Street, Auckland Central, Auckland, New Zealand.
Modifications to this Agreement: From time to time, Plait may modify this Agreement. Unless otherwise specified by Plait, changes become effective for Customer upon renewal of Customer's current Subscription Term (as defined below) or entry into a new Order Form. Plait will use reasonable efforts to notify Customer of the changes through communications via Customer's account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or entering into a new Order Form, and in any event, continued use of the Services after the updated version of this Agreement goes into effect will constitute Customer's acceptance of such updated version. If Plait specifies that changes to the Agreement will take effect prior to Customer's next renewal or order (such as for legal compliance or product change reasons) and Customer objects to such changes, Customer may terminate the applicable Subscription Term and receive as its sole remedy a refund of any fees Customer has pre-paid for use of the applicable Services for the terminated portion of the Subscription Term.
By indicating your acceptance of this agreement or accessing or using any Services, you are agreeing to be bound by all terms, conditions, and notices contained or referenced in this Agreement. If you do not agree to this Agreement, please do not use any Services. For clarity, each party expressly agrees that this Agreement is legally binding upon it. This Agreement contains mandatory mediation and arbitration provisions that require the use of mediation and arbitration to resolve disputes, rather than court action.
"Affiliate" means any entity under the control of Customer where "control" means ownership of or the right to control greater than 50% of the voting securities of such entity.
"AUP" means Plait's Acceptable Use Policy, available here or a successor URL.
“BAA” means Plait’s HIPAA Business Associate Agreement. If Customer is a Covered Entity or a Business Associate and includes PHI in Customer Data, the BAA is incorporated into the terms of this Agreement.
"Beta Offerings" means pre-release services, features, or functions identified as alpha, beta, preview, early access, or words or phrases with similar meanings.
"Contractor" means an independent contractor or consultant who is not a competitor of Plait.
"Customer Data" means any data of any type that is submitted to the Services by or on behalf of Customer, including without limitation: (a) data submitted, uploaded or imported to the Services by Customer (including from Third Party Platforms) and (b) data provided by or about People (including chat and message logs) that are collected from the Customer Properties using the Services.
"Customer Properties" means Customer's websites, apps, or other offerings owned and operated by (or for the benefit of) Customer through which Customer uses the Services to communicate with People.
"Documentation" means the technical user documentation provided with the Services.
"Feedback" means comments, questions, suggestions or other feedback relating to any Plait product or service.
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act and their implementing regulations as amended from time to time.
"Intellectual Property Rights" include all valid patents, trademarks, copyrights, trade secrets, moral rights, and other intellectual property rights, as may exist now or hereafter come into existence, and all renewals and extensions thereof, and all improvements to any of the foregoing, regardless of whether any of such rights arise under the laws of any state, country or other jurisdiction.
"Laws" means all applicable local, state, federal and international laws, regulations and conventions, including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of technical or personal data.
"Order Form" means a written or electronic form to order the Services or an online order completed through Plait’s website. Upon execution by the parties (or, in the case of electronic orders, confirmation and placement of the order), each Order Form will be subject to the terms and conditions of this Agreement.
"People" (in the singular, "Person") means Customer's end user customers, potential end user customers, and other users of and visitors to the Customer Properties.
"Permitted User" means an employee or Contractor of Customer or its Affiliate who is authorized to access the Service.
”PHI” means protected health information as defined by HIPAA’s Privacy Rule found at 45 C.F.R. 160.103.
"Plait App" means any downloadable or non-downloadable mobile application or desktop client software included in the applicable Service that is made available by Plait.
"Plait Code" means certain JavaScript code, software development kits (SDKs) or other code provided by Plait for deployment on Customer Properties.
"Sensitive Personal Information" means any of the following: (i) patient, medical or other protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA) not authorized or covered by a BAA; (ii) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards ("PCI DSS").
"Services" means Plait's proprietary software-as-a-service solution(s), including the Workspace, Plait application programming interfaces (APIs), Plait Code and Plait Apps, as described in the applicable Order Form.
"Taxes" means any sales, use, GST, value-added, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on the income of Plait.
“Third Party Messaging App(s)” means a separate, stand-alone service accessible apart from the generally available Plait Service to which Customer subscribes. A Third Party Messaging App allows Customer to integrate the Plait App provided with Customer's Plait App account(s) (as defined in the “Agreement”) with Customer's Third Party Messaging App services account(s).
"Third-Party Platform(s)" means any software, software-as-a-service, data sources or other products or services not provided by Plait that are integrated with or otherwise accessible through the Services.
"Workspace" means Plait's user interface for accessing and administering the Services that Customer may access via the web or the Plait Apps.
2.1. Services Overview. Plait's Services are a suite of messaging software-as-a-service solutions offered through a single platform. The Services are designed to enable Customer to manage communications with People through the entire lifecycle of their relationship with Customer and to provide a Workspace for accessing and managing Customer Data regarding those People. Customer may import and export Customer Data between the Services and certain Third-Party Platforms through supported integrations. The Services also include Plait Code deployed on Customer Properties to enable live messaging functionality.
2.2. Provision of Services. Each Service is provided on a subscription basis for a set term designated on the Order Form (each a "Subscription Term"). Customer will purchase and Plait will provide the specific Services as specified in the applicable Order Form.
2.3. Access to Services. Customer may access and use the Services solely for its own benefit (and for the benefit of People) and in accordance with the terms and conditions of this Agreement, the Documentation and any scope of use restrictions designated in the applicable Order Form (including without limitation the number of People active or activated). Use of and access to the Services is permitted only by Permitted Users. If Customer is given API keys or passwords to access the Services on Plait's systems, Customer will require that all Permitted Users keep API keys, user ID and password information strictly confidential and not share such information with any unauthorized person. User IDs are granted to individual, named persons and may not be shared. If Customer is accessing the Services using credentials provided by a third party (e.g., Microsoft or Google), then Customer will comply with all applicable terms and conditions of such third party regarding provisioning and use of such credentials. Customer will be responsible for any and all actions taken using Customer's accounts and passwords. If any Permitted User who has access to a user ID is no longer an employee (or Contractor, as set forth below) of Customer, then Customer will promptly delete such user ID and otherwise terminate such Permitted User's access to the Service. The right to use the Services includes the right to deploy Plait Code on Customer Properties in order to enable messaging, chat and other functionality and to collect Customer Data for use with the Services as further described below.
2.4. Plait Apps. To the extent Plait provides Plait Apps for use with the Services, subject to all of the terms and conditions of this Agreement, Plait grants to Customer a limited, non-transferable, non-sublicensable, non-exclusive license during any applicable Subscription Term to use the object code form of the Plait Apps internally, but only in connection with Customer's use of the Service and otherwise in accordance with the Documentation and this Agreement.
2.5. Deployment of Plait Code. Subject to all of the terms and conditions of this Agreement, Plait grants to Customer a limited, non-transferable, non-sublicensable, non-exclusive license during any applicable Subscription Term to copy the Plait Code in the form provided by Plait on Customer Properties solely to support Customer's use of the Service and otherwise in accordance with the Documentation and this Agreement. Customer must implement Plait Code on the Customer Properties in order to enable features of the Services. Customer will implement all Plait Code in strict accordance with the Documentation and other instructions provided by Plait. Customer acknowledges that any changes made to the Customer Properties after initial implementation of Plait Code may cause the Services to cease working or function improperly and that Plait will have no responsibility for the impact of any such Customer changes.
2.6. Contractors and Affiliates. Customer may permit its Contractors and its Affiliates' employees and Contractors to serve as Permitted Users, provided Customer remains responsible for compliance by such individuals with all of the terms and conditions of this Agreement, and any use of the Services by such individuals is for the sole benefit of Customer.
2.7. General Restrictions. Customer will not (and will not permit any third party to): (a) rent, lease, provide access to or sublicense the Services to a third party; (b) use the Services to provide, or incorporate the Services into, any product or service provided to a third party; (c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APIs to the Services, except to the extent expressly permitted by applicable law (and then only upon advance notice to Plait); (d) copy or modify the Services or any Documentation, or create any derivative work from any of the foregoing; (e) remove or obscure any proprietary or other notices contained in the Services (including without limitation (i) the "Powered by Plait" designation that may appear as part of the deployment of the Services on Customer Properties and (ii) notices on any reports or data printed from the Services); or (f) publicly disseminate information regarding the performance of the Services.
2.8. Plait APIs. If Plait makes access to any APIs available as part of the Services, Plait reserves the right to place limits on access to such APIs (e.g., limits on numbers of calls or requests). Further, Plait may monitor Customer's usage of such APIs and limit the number of calls or requests Customer may make if Plait believes that Customer's usage is in breach of this Agreement or may negatively affect the Services (or otherwise impose liability on Plait).
2.9. Trial Subscriptions. If Customer receives free access or a trial or evaluation subscription to the Service (a "Trial Subscription"), then Customer may use the Services in accordance with the terms and conditions of this Agreement for a period of fourteen (14) days or such other period granted by Plait (the "Trial Period"). Trial Subscriptions are permitted solely for Customer's use to determine whether to purchase a paid subscription to the Services. Trial Subscriptions may not include all functionality and features accessible as part of a paid Subscription Term. If Customer does not enter into a paid Subscription Term, this Agreement and Customer's right to access and use the Services will terminate at the end of the Trial Period. Plait has the right to terminate a Trial Subscription at any time for any reason. Notwithstanding anything to the contrary in this agreement, Plait will have no warranty, indemnity, support, or other obligations with respect to Trial Subscriptions.
2.10. Beta Offerings. Customer may choose to use Beta Offerings in its sole discretion. Beta Offerings may not be supported and may be changed at any time without notice. Beta Offerings may not be as reliable or available as the Service. Beta Offerings may not be subject to the same security measures as in the Security Policy. Plait will have no liability arising out of or in connection with Beta Offerings. Customer uses Beta Offerings at its own risk.
3.1. Rights in Customer Data. As between the parties, Customer will retain all right, title and interest (including any and all Intellectual Property Rights) in and to the Customer Data as provided to Plait. Subject to the terms of this Agreement, Customer hereby grants to Plait a non-exclusive, worldwide, royalty-free right to use, copy, store, transmit, modify, create derivative works of and display the Customer Data solely to the extent necessary to provide the Services to Customer.
3.2. Storage of Customer Data. Plait does not provide an archiving service. Plait agrees only that it will not intentionally delete any Customer Data from any Service prior to termination of Customer's applicable Subscription Term. Plait expressly disclaims all other obligations with respect to storage.
3.3. Customer Obligations.
a) In General. Customer is solely responsible for the accuracy, content and legality of all Customer Data. Customer represents and warrants to Plait that Customer has all necessary rights, consents and permissions to collect, share and use all Customer Data as contemplated in this Agreement (including granting Plait the rights in Section 3.1 (Rights in Customer Data)) and that no Customer Data will violate or infringe (i) any third party Intellectual Property Rights, publicity, privacy or other rights, (ii) any Laws, or (iii) any terms of service, privacy policies or other agreements governing the Customer Properties or Customer's accounts with any Third-Party Platforms. Customer further represents and warrants that all Customer Data complies with the AUP. Customer will be fully responsible for any Customer Data submitted to the Services by any Person as if it was submitted by Customer.
b) Sensitive Personal Information. Except as otherwise expressly agreed in the BAA, Customer specifically agrees not to use the Services to collect, store, process or transmit any Sensitive Personal Information. Customer acknowledges that Plait is not (i) a provider of medical or healthcare services, (ii) a payment card processor and that the Services are not PCI DSS compliant. Customer shall be responsible for any Sensitive Personal Information it submits to the Service, and Plait will treat such submissions as Customer Data as defined in this Agreement such that Plait is not subject to any additional obligations that apply to Sensitive Personal Information.
c) Compliance with Laws. Customer agrees to comply with all applicable Laws in its use of the Services. Without limiting the generality of the foregoing, Customer will not engage in any unsolicited advertising, marketing, or other activities using the Services, including without limitation any activities that violate the Telephone Consumer Protection Act of 1991, CAN-SPAM Act of 2003 or any other anti-spam laws and regulations.
d) Disclosures on Customer Properties. Customer acknowledges that the Plait Code causes a unique cookie ID to be associated with each Person who accesses the Customer Properties, which cookie ID enables Plait to provide the Services. Customer will include on each Customer Property a link to its privacy policy that discloses Customer's use of third party tracking technology to collect data about People as described in this Agreement. Customer's privacy policy must disclose how, and for what purposes, the data collected through Plait Code will be used or shared with Plait as part of the Services. Customer must also provide People with clear and comprehensive information about the storing and accessing of cookies or other information on the Peoples' devices where such activity occurs in connection with the Services and as required by applicable Laws. For clarity, as between Customer and Plait, Customer will be solely responsible for obtaining the necessary clearances, consents and approvals from People under all applicable Laws.
3.4. Indemnification by Customer. Customer will indemnify, defend and hold harmless Plait from and against any and all claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys' fees and costs) arising out of or in connection with any claim arising from or relating to any Customer Data, Customer’s use of a Third Party Messaging App, or breach or alleged breach by Customer of Section 3.3 (Customer Obligations). This indemnification obligation is subject to Customer receiving (i) prompt written notice of such claim (but in any event notice in sufficient time for Customer to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense, or settlement of such claim; and (iii) all necessary cooperation of Plait at Customer's expense. Notwithstanding the foregoing sentence, (a) Plait may participate in the defense of any claim by counsel of its own choosing, at its cost and expense and (b) Customer will not settle any claim without Plait's prior written consent, unless the settlement fully and unconditionally releases Plait and does not require Plait to pay any amount, take any action, or admit any liability.
3.5. Aggregated Anonymous Data . Notwithstanding anything to the contrary herein, Customer agrees that Plait may obtain and aggregate technical and other data about Customer's use of the Services that is non-personally identifiable with respect to Customer ("Aggregated Anonymous Data"), and Plait may use the Aggregated Anonymous Data to analyze, improve, support and operate the Services and otherwise for any business purpose during and after the term of this Agreement, including without limitation to generate industry benchmark or best practice guidance, recommendations or similar reports for distribution to and consumption by Customer and other Plait customers. For clarity, this Section 3.5 does not give Plait the right to identify Customer as the source of any Aggregated Anonymous Data.
Plait agrees to use commercially reasonable technical and organizational measures designed to prevent unauthorized access, use, alteration or disclosure of any Service or Customer Data, as further described in Plait’s Security Policy. However, Plait will have no responsibility for errors in transmission, unauthorized third-party access or other causes beyond Plait's control.
5.1 Third Party Platforms. The Services may support integrations with certain Third-Party Platforms. In order for the Services to communicate with such Third-Party Platforms, Customer may be required to input credentials in order for the Services to access and receive relevant information from such Third-Party Platforms. By enabling use of the Services with any Third-Party Platform, Customer authorizes Plait to access Customer's accounts with such Third-Party Platform for the purposes described in this Agreement. Customer is solely responsible for complying with any relevant terms and conditions of the Third-Party Platforms and maintaining appropriate accounts in good standing with the providers of the Third-Party Platforms. Customer acknowledges and agrees that Plait has no responsibility or liability for any Third-Party Platform or any Customer Data exported to a Third-Party Platform. Plait does not guarantee that the Services will maintain integrations with any Third-Party Platform and Plait may disable integrations of the Services with any Third-Party Platform at any time with or without notice to Customer. For clarity, this Agreement governs Customer's use of and access to the Services, even if accessed through an integration with a Third-Party Platform.
5.2 Third Party Messaging Apps. Customer represents and warrants that Customer has agreed to the terms of service associated with any Third Party Messaging App(s) and has created, or has authorized Plait to create on Customer's behalf, a Third Party Messaging App account in accordance with such terms and conditions, which govern Customer's use of such Third Party Messaging App account. Plait will have no liability for and the Third Party Messaging App provider is solely responsible for the Third Party Messaging App’s network, functionality, clients, and APIs.
5.3. Third Party Beta Releases. To the extent a Customer uses features in the Service that integrate with a Third-Party Platform and a Customer requests that Plait integrate with such Third-Party Platform’s beta or pre-release features (“Third Party Beta Releases”), Plait will have no liability arising out of or in connection with Plait’s participation in such Third Party Beta Releases or Customer’s use of such integrated features.
6.1. Plait Technology. This is a subscription agreement for access to and use of the Services. Customer acknowledges that it is obtaining only a limited right to the Services and that irrespective of any use of the words "purchase", "sale" or like terms in this Agreement, no ownership rights are being conveyed to Customer under this Agreement. Customer agrees that Plait or its suppliers retain all right, title and interest (including all Intellectual Property Rights) in and to the Services and all Documentation, integrations with the Services, and any and all related and underlying technology and documentation and any derivative works, modifications or improvements of any of the foregoing, including as may incorporate Feedback (collectively, "Plait Technology"). Except as expressly set forth in this Agreement, no rights in any Plait Technology are granted to Customer. Further, Customer acknowledges that the Services are offered as an on-line, hosted solution, and that Customer has no right to obtain a copy of any of the Services, except for Plait Code and the Plait Apps in the format provided by Plait.
6.2. Feedback. Customer, from time to time, may submit Feedback to Plait. Plait may freely use or exploit Feedback in connection with the Service. To the extent Customer submits Feedback related to Third Party Messaging Apps, Customer hereby grants to Plait, if for any reason it is further needed, a perpetual, non-revocable, royalty-free worldwide license to use and/or incorporate such feedback into any Plait product or service at any time at the sole discretion of Plait.
7.1. Subscription Term and Renewals. Unless otherwise specified on the applicable Order Form, each Subscription Term will automatically renew for additional twelve month periods unless either party gives the other written notice of termination at least thirty (30) days prior to expiration of the then-current Subscription Term.
7.2. Fees and Payment. All fees are as set forth in the applicable Order Form and will be paid by Customer within thirty (30) days of invoice, unless (a) Customer is paying via Credit Card (as defined below) or (b) otherwise specified in the applicable Order Form. Except as expressly set forth in Section 9 (Limited Warranty) and Section 13 (Indemnification), all fees are non-refundable. The rates in the Order Form are valid for the initial twelve (12) month period of each Subscription Term and thereafter may be subject to an automatic adjustment increase of up to ten percent (10%) per year. Customer is responsible for paying all Taxes, and all Taxes are excluded from any fees set forth in the applicable Order Form. If Customer is required by Law to withhold any Taxes from Customer's payment, the fees payable by Customer will be increased as necessary so that after making any required withholdings, Plait receives and retains (free from any liability for payment of Taxes) an amount equal to the amount it would have received had no such withholdings been made. Any late payments will be subject to a service charge equal to 1.5% per month of the amount due or the maximum amount allowed by law, whichever is less.
7.3. Payment via Credit Card. If you are purchasing the Services via credit card, debit card or other payment card ("Credit Card"), the following terms apply:
7.4. Suspension of Service. If Customer's account is thirty (30) days or more overdue, in addition to any of its other rights or remedies (including but not limited to any termination rights set forth herein), Plait reserves the right to suspend Customer's access to the applicable Service (and any related services) without liability to Customer until such amounts are paid in full. Plait also reserves the right to suspend Customer's access to the Services without liability to Customer if Customer's use of the Services is in violation of the AUP.
8.1. Term. This Agreement is effective as of the Effective Date and expires on the date of expiration or termination of all Subscription Terms.
8.2. Termination for Cause. Either party may terminate this Agreement (including all related Order Forms) if the other party (a) fails to cure any material breach of this Agreement (including a failure to pay fees) within thirty (30) days after written notice; (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors' arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against that party (and not dismissed within sixty (60) days thereafter).
8.3. Effect of Termination. Upon any expiration or termination of this Agreement, Customer will immediately cease any and all use of and access to all Services (including any and all related Plait Technology) and delete (or, at Plait's request, return) any and all copies of the Documentation, any Plait passwords or access codes and any other Plait Confidential Information in its possession. Provided this Agreement was not terminated for Customer's breach, Customer may retain and use internally copies of all reports exported from any Service prior to termination. Customer acknowledges that following termination it will have no further access to any Customer Data input into any Service, and that Plait may delete any such data as may have been stored by Plait at any time. Except where an exclusive remedy is specified, the exercise of either party of any remedy under this Agreement, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise.
8.4. Survival. The following Sections will survive any expiration or termination of this Agreement: 2.7 (General Restrictions), 2.9 (Trial Subscriptions), 3.2 (Storage of Customer Data), 3.4 (Indemnification by Customer), 3.5 (Aggregated Anonymous Data), 6 (Ownership), 7.2 (Fees and Payment), 7.3 (Payment via Credit Card), 8 (Term and Termination), 9.2 (Warranty Disclaimer), 12 (Limitation of Remedies and Damages), 13 (Indemnification), 14 (Confidential Information) and 16 (General Terms).
9.1. Limited Warranty . Plait warrants, for Customer's benefit only, that each Service will operate in substantial conformity with the applicable Documentation. Plait's sole liability (and Customer's sole and exclusive remedy) for any breach of this warranty will be, at no charge to Customer, for Plait to use commercially reasonable efforts to correct the reported non-conformity, or if Plait determines such remedy to be impracticable, either party may terminate the applicable Subscription Term and Customer will receive as its sole remedy a refund of any fees Customer has pre-paid for use of such Service for the terminated portion of the applicable Subscription Term. The limited warranty set forth in this Section 9.1 will not apply: (i) unless Customer makes a claim within thirty (30) days of the date on which Customer first noticed the non-conformity, (ii) if the error was caused by misuse, unauthorized modifications or third-party hardware, software or services, or (iii) to use provided on a no-charge, trial or evaluation basis.
9.2. Warranty Disclaimer . Except for the limited warranty in section 9.1, all Services are provided "as is". Neither Plait nor its suppliers makes any other warranties, express or implied, statutory or otherwise, including but not limited to warranties of merchantability, title, fitness for a particular purpose or non-infringement. Plait does not warrant that Customer’s use of the Services will be uninterrupted or error-free, nor does Plait warrant that it will review the Customer Data for accuracy or that it will preserve or maintain the Customer Data without loss or corruption. Plait shall not be liable for the results of any communications sent or any communications that were failed to be sent using the Services. Plait shall not be liable for delays, interruptions, service failures or other problems inherent in use of the Internet and electronic communications, Third-Party Platforms, Third Party Messaging Apps, or other systems outside the reasonable control of Plait. Customer may have other statutory rights, but the duration of statutorily required warranties, if any, shall be limited to the shortest period permitted by law.
The Services are available subject to Plait’s Service Level Agreement ("SLA").
During the Subscription Term of each Service, Plait will provide end user support in accordance with Plait's Support Policy ("Support Policy").
12.1. Consequential Damages Waiver. Except for Excluded Claims (defined below), neither party (nor its suppliers) shall have any liability arising out of or related to this Agreement for any loss of use, lost data, lost profits, failure of security mechanisms, interruption of business, or any indirect, special, incidental, reliance, or consequential damages of any kind, even if informed of the possibility of such damages in advance.
12.2. Liability Cap. Except for Excluded Claims (defined below), each party’s entire liability to the other arising out of or related to this Agreement shall not exceed the amount actually paid or payable by Customer to Plait during the prior twelve (12) months under this Agreement.
12.3. Excluded Claims. "Excluded Claims" means any claim arising (a) from Customer's breach of Section 2.7 (General Restrictions); (b) under Section 3.3 (Customer Obligations) or 3.4 (Indemnification by Customer); or (c) from a party's breach of its obligations in Section 14 (Confidential Information) (but excluding claims arising from operation or non-operation of any Service or relating to Customer Data).
12.4. Nature of Claims and Failure of Essential Purpose. The parties agree that the waivers and limitations specified in this Section 12 apply regardless of the form of action, whether in contact, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose.
Plait will defend Customer from and against any claim by a third party alleging that a Service when used as authorized under this Agreement infringes any Intellectual Property Rights and will indemnify and hold harmless Customer from and against any damages and costs finally awarded against Customer or agreed in settlement by Plait (including reasonable attorneys' fees) resulting from such claim, provided that Plait will have received from Customer: (i) prompt written notice of such claim (but in any event notice in sufficient time for Plait to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense and settlement (if applicable) of such claim; and (iii) all reasonable necessary cooperation of Customer. If Customer's use of a Service is (or in Plait's opinion is likely to be) enjoined, if required by settlement or if Plait determines such actions are reasonably necessary to avoid material liability, Plait may, in its sole discretion: (a) substitute substantially functionally similar products or services; (b) procure for Customer the right to continue using such Service; or if (a) and (b) are not commercially reasonable, (c) terminate this Agreement and refund to Customer the fees paid by Customer for the portion of the Subscription Term that was paid by Customer but not rendered by Plait. The foregoing indemnification obligation of Plait will not apply: (1) if such Service is modified by any party other than Plait, but solely to the extent the alleged infringement is caused by such modification; (2) if such Service is combined with products or processes not provided by Plait, but solely to the extent the alleged infringement is caused by such combination; (3) to any unauthorized use of such Service; (4) to any action arising as a result of Customer Data or any third-party deliverables or components contained within such Service; (5) to the extent the alleged infringement is not caused by the particular technology or implementation of the Service but instead by features common to any similar product or service; (6) to any action arising from Customer’s use of Third Party Messaging Apps; or (7) if Customer settles or makes any admissions with respect to a claim without Plait's prior written consent. This section 13 sets forth Plait's and its suppliers' sole liability and Customer's sole and exclusive remedy with respect to any claim of intellectual property infringement.
Each party (as "Receiving Party") agrees that all code, inventions, know-how, business, technical and financial information it obtains from the disclosing party ("Disclosing Party") constitute the confidential property of the Disclosing Party ("Confidential Information"), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any Plait Technology, performance information relating to any Service, and the terms and conditions of this Agreement will be deemed Confidential Information of Plait without any marking or further designation. Except as expressly authorized herein, the Receiving Party will (1) hold in confidence and not disclose any Confidential Information to third parties and (2) not use Confidential Information for any purpose other than fulfilling its obligations and exercising its rights under this Agreement. The Receiving Party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know (including, for Plait, the subcontractors referenced in Section 16.8 (Subcontractors)), provided that such representatives are bound to confidentiality obligations no less protective of the Disclosing Party than this Section 14 and that the Receiving Party remains responsible for compliance by any such representative with the terms of this Section 14. The Receiving Party's confidentiality obligations will not apply to information that the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of the Receiving Party who had no access to such information. The Receiving Party may make disclosures to the extent required by law or court order, provided the Receiving Party notifies the Disclosing Party in advance and cooperates in any effort to obtain confidential treatment. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.
Plait may, upon Customer’s prior written consent, use Customer’s name to identify Customer as a Plait customer of the Service, including on Plait’s public website. Plait agrees that any such use shall be subject to Plait complying with any written guidelines that Customer may deliver to Plait regarding the use of its name and shall not be deemed Customer’s endorsement of the Service.
16.1. Assignment. This Agreement will bind and inure to the benefit of each party's permitted successors and assigns. Neither party may assign this Agreement without the advance written consent of the other party, except that either party may assign this Agreement in connection with a merger, reorganization, acquisition or other transfer of all or substantially all of such party's assets or voting securities. Any attempt to transfer or assign this Agreement except as expressly authorized under this Section 16.1 will be null and void.
16.2. Severability. If any provision of this Agreement will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement will otherwise remain in effect.
16.3. Governing Law; Dispute Resolution.
a) Direct Dispute Resolution. In the event of any dispute, claim, question, or disagreement arising from or relating to this Agreement, whether arising in contract, tort or otherwise, ("Dispute"), the parties shall first use their best efforts to resolve the Dispute. If a Dispute arises, the complaining party shall provide written notice to the other party in a document specifically entitled "Initial Notice of Dispute," specifically setting forth the precise nature of the dispute ("Initial Notice of Dispute"). If an Initial Notice of Dispute is being sent to Plait it must be emailed to legal@plaithealth.com and sent via mail to:
Plait, PO Box 911411, Victoria St West, Auckland 1142 NZ
Following receipt of the Initial Notice of Dispute, the parties shall consult and negotiate with each other in good faith and, recognising their mutual interest, attempt to reach a just and equitable solution of the Dispute that is satisfactory to both parties ("Direct Dispute Resolution"). If the parties are unable to reach a resolution of the Dispute through Direct Dispute Resolution within thirty (30) days of the receipt of the Initial Notice of Dispute, then the Dispute shall subsequently be resolved as set forth below.
b) Mediation. If the parties are unable to resolve the dispute by Direct Dispute Resolution then either party may by written notice to the other party refer the dispute to an independent mediator to resolve the dispute. If the parties are unable to agree on the mediator within five (5) days from the referral to mediation either party may request the President of the Auckland branch of the New Zealand Law Society or his or her nominee to appoint one. The mediation will be conducted in Auckland.
c) Arbitration. If the parties are unable to resolve the dispute by mediation then either party may refer the dispute to arbitration in accordance with the Arbitration Act 1996. If the parties cannot agree on the appointment of an arbitrator within five (5) days of referral, either party may request the President of the Auckland branch of the New Zealand Law Society or his or her nominee to appoint one.
d) Appeal. A party to arbitration under this Agreement may appeal to the High Court on any question of law arising out of an award, and any matter relating to the construction of this Agreement will be considered a question of law.
f) Governing law. This Agreement will be governed by, and construed in accordance with the laws of New Zealand. The parties irrevocably submit to the exclusive jurisdiction of the Courts of New Zealand with respect to any legal action, suit or proceeding or any other matter arising out of or in connection with this Agreement.
g) Urgent relief. Notwithstanding the above provisions, either party may apply to the Court for urgent equitable relief at any time.
16.4. Notice. Any notice or communication required or permitted under this Agreement will be in writing to the parties at the addresses set forth on the Order Form or at such other address as may be given in writing by either party to the other in accordance with this Section and will be deemed to have been received by the addressee (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch or (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail.
16.5. Amendments; Waivers. Except as otherwise provided herein, no supplement, modification, or amendment of this Agreement will be binding, unless executed in writing by a duly authorized representative of each party to this Agreement. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. No provision of any purchase order or other business form employed by Customer will supersede the terms and conditions of this Agreement, and any such document relating to this Agreement will be for administrative purposes only and will have no legal effect.
16.6. Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this Agreement. Customer acknowledges that the Services are online, subscription-based products, and that in order to provide improved customer experience Plait may make changes to the Services, and Plait will update the applicable Documentation accordingly. The support and service level availability terms described in the Support Policy and the SLA may be updated from time to time upon reasonable notice to Customer to reflect process improvements or changing practices (but the modifications will not materially decrease Plait's obligations as compared to those reflected in such terms as of the Effective Date).
16.7. Force Majeure. Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events that occur after the signing of this Agreement and that are beyond the reasonable control of such party, such as a strike, blockade, war, act of terrorism, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.
16.8. Subcontractors. Plait may use the services of subcontractors and permit them to exercise the rights granted to Plait in order to provide the Services under this Agreement, provided that Plait remains responsible for (i) compliance of any such subcontractor with the terms of this Agreement and (ii) for the overall performance of the Services as required under this Agreement, and (iii) compliance with the terms of the BAA.
16.9. Disclosure. Nothing in this Agreement prevents Plait from disclosing Customer Data to the extent required by law or court orders, but Plait will use commercially reasonable efforts to notify Customer where permitted to do so.
16.10. Independent Contractors. The parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the parties. Neither party will have the power to bind the other or incur obligations on the other party's behalf without the other party's prior written consent.
16.11. Export Control and Economic Sanctions. In its use of the Services, Customer agrees to comply with all export control and economic sanctions and any relevant import laws and regulations of the United States and other applicable jurisdictions. Without limiting the foregoing, (i) Customer represents and warrants that it is not listed on any U.S. government list of prohibited or restricted parties or located in (or a national of) a country that is subject to a U.S. government export control embargo or economic sanctions, (ii) Customer will not (and will not permit any of its users to) access or use the Services in violation of any U.S. export control or economic sanction, prohibition or restriction, and (iii) Customer will not submit to the Services any information that is controlled under the U.S. International Traffic in Arms Regulations or that is controlled under any Export Control Classification Number (other than EAR99) on the Commerce Control List of the Export Administration Regulations.
16.12. Government End-Users. Elements of the Services are commercial computer software. If the user or licensee of the Services is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. All Services were developed fully at private expense. All other use is prohibited
16.13. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will be considered one and the same agreement.
This Plait Service Level Agreement ("SLA") accompanies the Plait Subscription Terms of Service (the "Agreement") entered into between you ("Customer") and Plait. Capitalized terms used in this SLA that are not defined herein have the meanings given to them in the Agreement.
1.1 At Plait, we respect your privacy and data protection rights and recognise the importance of protecting the personal data we collect and process. This Privacy Policy is designed to help you to understand what personal data we collect about you and how we use and share it.
1.2 When we refer to Plait, we mean Well Revolution Limited, a New Zealand company (7396836) with offices at 42 Airedale Street, Auckland Central, Auckland, New Zealand; and Plait's group companies ("Plait", "we", "us", "our").
1.3 This Privacy Policy applies to you if you:
1.4 For certain information provided to us through some of our Services, we have entered into agreements with our Customers (health care providers or their firms, “Providers”) that govern our use of such information (the “Agreements”). This Privacy Policy supplements the Agreements. To be clear, if you are a patient of a Provider, a visitor to one of our Sites, or otherwise accessing or interacting with any of the Services but are not doing so as a customer of ours under an Agreement, you are a user but not a customer of the Services (i.e. not a Provider), and some of the terms of this Privacy Policy won’t apply to you. Additionally, if you are a patient of a Provider, this Privacy Policy does not govern our use of Protected Health Information (as defined in 2.3) provided to us through the Services. Our use of such information is governed by the Agreements with your Provider and applicable law, including without limitation HIPAA (as defined in 2.3). Your Provider’s collection, use, disclosure, and transfer of such information is governed, in turn, by your Provider’s terms and conditions and privacy practices between you and your Provider. Please submit all requests and questions related to your Protected Health Information directly to your Provider.
The personal data that we collect about you broadly falls into the categories set out in the following table. Some of this information you provide voluntarily when you interact with the Plait Services and Sites, or when you attend an event. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third-party sources.
Some device data, service data and third party source data is collected through the use of first or third party cookies and similar technologies. The Plait Care Messenger service does not collect, retain, or share data regarding a particular user's activity across multiple websites or applications that are not owned by Plait. Plait does assign each user a unique user ID within the scope of an individual website, but does not collect or retain IP or any information that would allow Plait to identify the same particular user on more than one website.
Do Not Track. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
Protected Health Information is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). This notice does not apply to Protected Health Information and related information that is transmitted between patients and healthcare providers through our Services. The communication between patients and healthcare providers is subject to the healthcare provider’s Notice of Privacy Practices.
3.1 We collect and process your personal data for the following purposes:
3.2 In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section, we mean the legal grounds on which organizations can rely when processing personal data.
3.3 If you have any questions about how we process your personal data, please contact us privacy@plaithealth.com
4.1 We may disclose some or all of the personal data we collect to the following third parties:
Third party advertising companies may use cookies and similar technologies to collect information about your activity on the Plait Services and other online services over time to serve you online targeted advertisements.
Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.
4.2 Aggregated or anonymised information. We may also share aggregated or anonymised information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the websites you generally use, the configuration of your computer, and performance metrics related to the use of websites which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such information for any reason.
4.3 Third party websites. The Sites may also contain links to third party websites. This Privacy Policy applies solely to information processed by us. You should contact the relevant third party websites for more information about how your personal data is processed by them.
5.1 We retain your personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy.
5.2 Note that content you post may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.
6.1 The Plait Services and Sites, and our messenger domains are provided and hosted in the United States. If you are located outside the United States, we may transfer, and process, your personal data outside of the country in which you are resident to other Plait Group Companies and our service providers to other such countries as we deem appropriate from time to time. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). We will protect your personal data in accordance with this Privacy Policy wherever it is processed.
6.2 Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data.
We care about protecting personal data. That is why we put in place appropriate measures that are designed to secure your personal data. You can find out more about our technical and organizational safeguards in our Security Policy
8.1 Depending on your location and subject to applicable laws, you may have certain data protection rights.
8.2 You can exercise any of these rights by submitting a request to privacy@plaithealth.com
8.3 You can also exercise control over the following uses of your information:
Our Services and Sites are not intended for use by anyone under the age of 16. Plait does not knowingly collect personal data from anyone under the age of 16. If you are under 16, you may not attempt to register for our Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal data from someone under the age of 16 without verification of parental consent, we will delete that information promptly.
10.1 We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. If we make material updates to this Privacy Policy we will update the effective date at the top of the Privacy Policy.
10.2 If you have any questions, comments or concerns about this Privacy Policy or the way your personal data is being used or processed by Plait, please submit any questions, comments or concerns by email to privacy@plaithealth.com
The sources from which we collect these categories of Personal Data are described in Section 2 entitled Personal Data Collected by Plait. The business/commercial purposes for which we use these categories of Personal Data are described in Section 3 entitled How and Why We Use Your Personal Data. The categories of third parties with which we share these categories of Personal Data, including for business purposes, are described in Section 4 entitled Sharing Your Personal Data.
The above summary of how we collect, use and share Personal Data describes our practices currently and for the 12 months preceding the effective date of this Notice.
At Plait we take the protection of customer data extremely seriously. This Plait Security Policy describes the organizational and technical measures Plait implements platform-wide designed to prevent unauthorized access, use, alteration or disclosure of customer data. The Plait services operate on Microsoft Azure (“Azure”); this policy describes the activities of Plait within its instance on Azure unless otherwise specified.
Our engineering team includes people who’ve played lead roles in designing, building, and operating highly secure Internet-facing systems at companies ranging from startups to large public companies and government agencies.
Incident Response Plan
Build Process Automation
This Acceptable Use Policy applies to Plait’s (a) websites (including without limitation www.plaithealth.com, app.plaithealth.com and any successor URLs, mobile or localized versions and related domains and subdomains and mobile applications) and (b) communications and messaging products and services ((a) and (b) collectively, “Services”). To keep the Services running safely and smoothly, we need our users to agree not to misuse them. Specifically, you agree not to:
Without affecting any other remedies available to us, Plait may permanently or temporarily terminate or suspend a user’s account or access to the Services without notice or liability if Plait (in its sole discretion) determines that a user has violated this Acceptable Use Policy.
This Plait Support Policy ("Support Policy") accompanies the Plait Subscription Terms of Service (the "Agreement") entered into between you ("Customer") and Plait. Capitalized terms used in this Support Policy that are not defined herein have the meanings given to them in the Agreement.
Plait offers support services for the Service ("Support ") in accordance with the following terms:
A. Support Hours. Support is provided 7 days per week from 7 am - 10 pm.
B. Incident Submission and Customer Cooperation. Customer may report errors or abnormal behavior of the Service ("Incidents") by contacting Plait in the Service via the Plait App or via email at support@plaithealth.com Customer will provide information and cooperation to Plait as reasonably required for Plait to provide Support. This includes, without limitation, providing the following information to Plait regarding the Incident:
C. Incident Response. Plait's Support personnel will assign a priority level ("Priority Level") to each Incident and seek to provide responses in accordance with the table below.
D. Exclusions. Plait will have no obligation to provide Support to the extent an Incident arises from: (a) use of the Service by Customer in a manner not authorized in the Agreement or the applicable Documentation; (b) general Internet problems, force majeure events or other factors outside of Plait's reasonable control; (c) Customer's equipment, software, network connections or other infrastructure; or (d) third party systems, acts or omissions.
THESE PLAIT ADDITIONAL PRODUCT TERMS (“ADDITIONAL PRODUCT TERMS”) DESCRIBE THE SPECIFIC TERMS FOR CERTAIN PLAIT SERVICES OR FEATURES THEREOF OFFERED BY PLAIT (“ADDITIONAL PRODUCTS”). BY USING THE ADDITIONAL PRODUCTS, YOU AGREE THAT THE PLAIT TERMS OF SERVICE (“TOS”) OR PLAIT MASTER SERVICE SUBSCRIPTION AGREEMENT (“MSSA”) RESPECTIVELY, THE “AGREEMENT”, AS APPLICABLE, BETWEEN PLAIT AND THE ENTITY THAT ENTERED INTO THE AGREEMENT WITH PLAIT (“CUSTOMER” OR “YOU”) IS HEREBY INCORPORATED AND THE APPLICABLE ADDITIONAL PRODUCT TERMS DESCRIBED BELOW FORM A PART OF THE AGREEMENT.
In the event of a conflict with the Agreement and the Additional Product Terms, the Applicable Product Terms will control to the extent of the conflict. A violation of these Additional Product Terms is a violation of the Agreement. Capitalized terms not defined herein have the meaning given to them in the Agreement.
The services covered by these Additional Product Terms are:
SMS is a separate, stand-alone service accessible apart from the generally available service you subscribe to. SMS is a service provided for the purpose of sending and receiving SMS messages through the Plait Service. Plait reserves the right to suspend your access to SMS if, in its sole discretion, Plait determines you have exceeded the usage you’ve purchased and/or your usage violates the Plait Acceptable Use Policies and/or negatively impacts the operability, integrity, or security of the Service. You are responsible for ensuring that your use of SMS is in compliance with any applicable telecommunications regulatory requirements and laws controlling the use of Sensitive Personal Information. You further acknowledge and agree that SMS messages sent may be charged regardless of whether they have been filtered by your carrier and that you are responsible for payment of such charges if and when incurred.
If Customer is a Covered Entity or a Business Associate and includes Protected Health Information in Customer Data, this HIPAA Business Associate Agreement (“BAA”) is incorporated upon execution of an agreement (“Agreement”) that incorporates the Plait Subscription Terms of Service. If there is any conflict between a provision in this BAA and a provision in the Agreement, this BAA will control.
1. Definitions
Except as otherwise defined in this BAA, capitalized terms shall have the definitions set forth in HIPAA, and if not defined by HIPAA, such terms shall have the definitions set forth in the Agreement.
“Breach” means the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI, as defined in 45 CFR §164.402.
“Breach Notification Rule” means the Breach Notification for Unsecured Protected Health Information Final Rule.
“Business Associate” shall have the same meaning as the term “business associate” in 45 CFR § 160.103 of HIPAA.
“Covered Entity” shall have the same meaning as the term “covered entity” in 45 CFR § 160.103 of HIPAA.
“Data Aggregation” means, with respect to PHI created or received by Business Associate in its capacity as the “business associate” under HIPAA of Covered Entity, the combining of such PHI by Business Associate with the PHI received by Business Associate in its capacity as a business associate of one or more other “covered entity” under HIPAA, to permit data analyses that relate to the Health Care Operations of the respective covered entities. The meaning of “data aggregation” in this BAA shall be consistent with the meaning given to that term in the Privacy Rule.
“Designated Record Set” has the meaning given to such term under the Privacy Rule, including 45 CFR §164.501
“De-Identify” means to alter the PHI such that the resulting information meets the requirements described in 45 CFR §§164.514(a) and (b).
“Electronic PHI” means any PHI maintained in or transmitted by electronic media as defined in 45 CFR §160.103.
“Health Care Operations” has the meaning given to that term in 45 CFR §164.501.
“HHS” means the U.S. Department of Health and Human Services.
“HIPAA” collectively means the administrative simplification provision of the Health Insurance Portability and Accountability Act enacted by the United States Congress, and its implementing regulations, including the Privacy Rule, the Breach Notification Rule, and the Security Rule, as amended from time to time, including by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act and by the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule.
“Individual” has the same meaning given to that term i in 45 CFR §§164.501 and 160.130 and includes a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).
“Party” means the Covered Entity or Business Associate and collectively, the “Parties”.
“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information.
“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103 of HIPAA, provided that it is limited to such protected health information that is received by Business Associate from, or created, received, maintained, or transmitted by Business Associate on behalf of, Covered Entity.
“Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
“Security Rule” means the Security Standards for the Protection of Electronic Protected Health Information.
“Unsecured Protected Health Information” or “Unsecured PHI” means any “protected health information” as defined in 45 CFR §§164.501 and 160.103 that is not rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the HHS Secretary in the guidance issued pursuant to the HITECH Act and codified at 42 USC §17932(h).
2. Use and Disclosure of PHI
a. Except as otherwise provided in this BAA, Business Associate may use or disclose PHI as reasonably necessary to provide the services described in the Agreement to Covered Entity, and to undertake other activities of Business Associate permitted or required of Business Associate by this BAA or as required by law.
b. Except as otherwise limited by this BAA or federal or state law or other applicable law, Covered Entity authorizes Business Associate to use the PHI in its possession for the proper management and administration of Business Associate’s business and to carry out its legal responsibilities. Business Associate may disclose PHI for its proper management and administration, provided that (i) the disclosures are required by law; or (ii) Business Associate obtains, in writing, prior to making any disclosure to a third party (a) reasonable assurances from this third party that the PHI will be held confidential as provided under this BAA and used or further disclosed only as required by law or for the purpose for which it was disclosed to this third party and (b) an agreement from this third party to notify Business Associate immediately of any breaches of the confidentiality of the PHI, to the extent it has knowledge of the breach.
c. Business Associate will not use or disclose PHI in a manner other than as provided in this BAA, as permitted under the Privacy Rule, or as required by law. Business Associate will use or disclose PHI, to the extent practicable, as a limited data set or limited to the minimum necessary amount of PHI to carry out the intended purpose of the use or disclosure, in accordance with Section 13405(b) of the HITECH Act (codified at 42 USC §17935(b)) and any of the act’s implementing regulations adopted by HHS, for each use or disclosure of PHI.
However, due to substantial financial, material and human investments made by Business Associate within the framework of the Agreement for the development and updating of the Services as defined in the Agreement, Covered Entity authorizes Business Associate to reuse the PHI as long as the latter undertakes to comply with Privacy Rule and other applicable law, for all these PHI, for the uses listed below:
without Covered Entity being able to claim any intellectual property right relating to these elements.
Covered Entity declares that he/she has assessed and validated the compatibility of the said uses within the meaning of the Privacy Rule with the initial purposes of the data processing carried out within the scope of the Agreement.
d. Upon request, Business Associate will make available to Covered Entity any of Covered Entity’s PHI that Business Associate or any of its agents or subcontractors have in their possession.
e. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).
3. Safeguards Against Misuse of PHI
Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as provided by the Agreement or this BAA and Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate agrees to take reasonable steps, including providing adequate training to its employees to ensure compliance with this BAA and to ensure that the actions or omissions of its employees or agents do not cause Business Associate to breach the terms of this BAA.
4. Reporting Disclosures of PHI and Security Incidents
Business Associate will report to Covered Entity in writing any use or disclosure of PHI not provided for by this BAA of which it becomes aware and Business Associate agrees to report to Covered Entity any Security Incident affecting Electronic PHI of Covered Entity of which it becomes aware. Business Associate agrees to report any such event within five business days of becoming aware of the event.
5. Reporting Breaches of Unsecured PHI
Business Associate will notify Covered Entity in writing promptly upon the discovery of any Breach of Unsecured PHI in accordance with the requirements set forth in 45 CFR §164.410, but in no case later than 30 calendar days after discovery of a Breach.
6. Mitigation of Disclosures of PHI
Business Associate will take reasonable measures to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of any use or disclosure of PHI by Business Associate or its agents or subcontractors in violation of the requirements of this BAA.
7. Agreements with Agents or Subcontractors
Business Associate will ensure that any of its agents or subcontractors that have access to, or to which Business Associate provides PHI, agree in writing to the restrictions and conditions concerning uses and disclosures of PHI contained in this BAA and agree to implement reasonable and appropriate safeguards to protect any Electronic PHI that it creates, receives, maintains or transmits on behalf of Business Associate or, through the Business Associate, Covered Entity. Business Associate shall notify Covered Entity, or upstream Business Associate, of all subcontracts and agreements relating to the Agreement, where the subcontractor or agent receives PHI as described in section 1 of this BAA. Such notification shall occur within 30 (thirty) calendar days of the execution of the subcontract by placement of such notice on the Business Associate’s primary website at https://www.plaithealth.com/terms#SPL. Business Associate shall ensure that all subcontracts and agreements provide the same level of privacy and security as this BAA.
8. Audit Report
Upon request, Business Associate will provide Covered Entity, or upstream Business Associate, with a copy of its most recent HIPAA attestation report or other mutually agreed upon independent standards-based third-party audit report. Covered entity agrees not to re-disclose Business Associate’s audit report.
9. Access to PHI by Individuals
a. Upon request, Business Associate agrees to furnish Covered Entity with copies of the PHI maintained by Business Associate in a Designated Record Set in the time and manner designated by Covered Entity to enable Covered Entity to respond to an Individual’s request for access to PHI under 45 CFR §164.524.
b. In the event any Individual or personal representative requests access to the Individual’s PHI directly from Business Associate, Business Associate within ten business days, will forward that request to Covered Entity. Any disclosure of, or decision not to disclose, the PHI requested by an Individual or a personal representative and compliance with the requirements applicable to an Individual’s right to obtain access to PHI shall be the sole responsibility of Covered Entity.
10. Amendment of PHI
a. Upon request and instruction from Covered Entity, Business Associate will amend PHI or a record about an Individual in a Designated Record Set that is maintained by, or otherwise within the possession of, Business Associate as directed by Covered Entity in accordance with procedures established by 45 CFR §164.526. Any request by Covered Entity to amend such information will be completed by Business Associate within 15 business days of Covered Entity’s request.
b. In the event that any Individual requests that Business Associate amend such Individual’s PHI or record in a Designated Record Set, Business Associate within ten business days will forward this request to Covered Entity. Any amendment of, or decision not to amend, the PHI or record as requested by an Individual and compliance with the requirements applicable to an Individual’s right to request an amendment of PHI will be the sole responsibility of Covered Entity.
11. Accounting of Disclosures
a. Business Associate will document any disclosures of PHI made by it to account for such disclosures as required by 45 CFR §164.528(a). Business Associate also will make available information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosures in accordance with 45 CFR §164.528. At a minimum, Business Associate will furnish Covered Entity the following with respect to any covered disclosures by Business Associate: (i) the date of disclosure of PHI; (ii) the name of the entity or person who received PHI, and, if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure which includes the basis for such disclosure.
b. Business Associate will furnish to Covered Entity information collected in accordance with this Section 11, within ten business days after written request by Covered Entity, to permit Covered Entity to make an accounting of disclosures as required by 45 CFR §164.528, or in the event that Covered Entity elects to provide an Individual with a list of its business associates, Business Associate will provide an accounting of its disclosures of PHI upon request of the Individual, if and to the extent that such accounting is required under the HITECH Act or under HHS regulations adopted in connection with the HITECH Act.
c. In the event an Individual delivers the initial request for an accounting directly to Business Associate, Business Associate will within ten business days forward such request to Covered Entity.
12. Availability of Books and Records
Business Associate will make available its internal practices, books, agreements, records, and policies and procedures relating to the use and disclosure of PHI, upon request, to the Secretary of HHS for purposes of determining Covered Entity’s and Business Associate’s compliance with HIPAA, and this BAA.
13. Responsibilities of Covered Entity
With regard to the use and/or disclosure of Protected Health Information by Business Associate, Covered Entity agrees to:
a. Notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.
b. Notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.
c. Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.
d. Except for data aggregation or management and administrative activities of Business Associate, Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA if done by Covered Entity.
14. Data Ownership
Business Associate’s data stewardship does not confer data ownership rights on Business Associate with respect to any data shared with it under the Agreement, including any and all forms thereof.
15. Term and Termination
a. This BAA will become effective from the Effective Date of the Agreement, and will continue in effect until all obligations of the Parties have been met under the Agreement and under this BAA.
b. Covered Entity may immediately terminate this BAA, the Agreement, and any other related agreements if Covered Entity makes a determination that Business Associate has breached a material term of this BAA and Business Associate has failed to cure that material breach, to Covered Entity’s reasonable satisfaction, within 30 days after written notice from Covered Entity. Covered Entity may report the problem to the Secretary of HHS if termination is not feasible.
c. If Business Associate determines that Covered Entity has breached a material term of this BAA, then Business Associate will provide Covered Entity with written notice of the existence of the breach and shall provide Covered Entity with 30 days to cure the breach. Covered Entity’s failure to cure the breach within the 30-day period will be grounds for immediate termination of the Agreement and this BAA by Business Associate. Business Associate may report the breach to HHS.
d. Upon termination of the Agreement or this BAA for any reason, all PHI maintained by Business Associate will be returned to Covered Entity or destroyed by Business Associate. Business Associate will not retain any copies of such information. This provision will apply to PHI in the possession of Business Associate’s agents and subcontractors but will not include the PHI produced by Business Associate within the framework of article 2.c.. If return or destruction of the PHI is not feasible, in Business Associate’s reasonable judgment, Business Associate will furnish Covered Entity with notification, in writing, of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of the PHI is infeasible, Business Associate will extend the protections of this BAA to such information for as long as Business Associate retains such information and will limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible. The Parties understand that this Section 14.d will survive any termination of this BAA.
16. Effect of BAA
a. This BAA is a part of and subject to the terms of the Agreement and as such is governed by New Zealand law. In case of contradiction between the terms of this BAA and any term of the Agreement, the terms of this BAA will prevail if it will not conflict with applicable laws.
b. Nothing express or implied in this BAA is intended to confer, nor shall anything in this BAA confer, upon any person other than the Parties, and the respective successors or assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.
17. Regulatory References
A reference in this BAA to a section in HIPAA means the section as in effect or as amended at the time.
18. Severability
In the event that any provision of this BAA is found to be invalid or unenforceable, the remainder of this BAA shall not be affected thereby, but rather the remainder of this BAA shall be enforced to the greatest extent permitted by law.
19. No Agency Relationship
It is not intended that an agency relationship (as defined under the Federal common law of agency) be established hereby expressly or by implication between the Parties under HIPAA or the Privacy Rule, Security Rule, or Breach Notification Rule. No terms or conditions contained in this BAA shall be construed to make or render a Party an agent of the other Party.
20. Notices
All notices, requests and demands or other communications to be given under this BAA
to a Party will be made via electronic mail to the Party’s address given below:
a. If to Covered Entity, to the e-mail address given in the Agreement
b. If to Business Associate, to: legal@plaithealth.com
21. Amendments and Waiver
This BAA may not be modified, nor will any provision be waived or amended, except in writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.
22. Interpretation
The Parties intend that this BAA be interpreted consistently with their intent to comply with HIPAA and other applicable federal and state law. Except where this BAA conflicts with the Agreement, all other terms and conditions of the Agreement remain unchanged. Any captions or headings in this BAA are for the convenience of the Parties and shall not affect the interpretation of this BAA.
23. HITECH Act Compliance
The Parties acknowledge that the HITECH Act includes significant changes to the Privacy Rule and the Security Rule. The privacy subtitle of the HITECH Act sets forth provisions that significantly change the requirements for business associates and the agreements between business associates and covered entities under HIPAA and these changes may be further clarified in forthcoming regulations and guidance. Each Party agrees to comply with the applicable provisions of the HITECH Act and any HHS regulations issued with respect to the HITECH Act. The Parties also agree to negotiate in good faith to modify this BAA as reasonably necessary to comply with the HITECH Act and its regulations as they become effective but, in the event that the Parties are unable to reach agreement on such a modification, either Party will have the right to terminate this BAA upon 30- days’ prior written notice to the other Party.
Plait is a data processor and engages certain onward subprocessors that may process personal data submitted to Plait’s services by the controller. These subprocessors are listed below, with a description of the service and the location where data is hosted. The below is for Plait’s default offering, where hosting occurs in the United States. This list may be updated by Plait from time to time.
This Plait Payments Policy ("Payments Policy") accompanies the Plait Subscription Terms of Service (the "Agreement") entered into between you ("Customer") and Plait. Capitalized terms used in this Payments Policy that are not defined herein have the meanings given to them in the Agreement.
People (your patients) pay for your services using their payment card in the Plait App. They are charged a fee to their payment card whenever there is a Billing Event. Billing Events are based on a set of Billing rules.
A Billing Event is created when an instruction is given by a Permitted User (your providers) to complete a service for a patient in the Plait App (for example, a consultation or a prescription).
A Billing Event creates a charge to the patient based on the fees you set for your services.
A patient’s service request is completed by a provider when it is satisfied (for example, closing a consultation or completing a prescription request).
You are responsible for setting the fees you charge for the services you make available to your patients via the Plait App.
Fees are provided in tiers based on the rates you make available in the Plait App from time to time. You can also set a separate rate based on the Billing Hours.
Plait recognises rates for services provided within normal hours of business for a Customer (“Business Hours”) and services provided outside of normal hours of business (“After Hours”) such as evenings and weekends. You can set your rates for Business Hours and After Hours where available.
The rate billed and charged to a patient is based on a combination of the following event times.
Special billing events may be made available from time to time based on the needs of providers. For example, closing a consultation with an instruction to bill at a special category rate; or zero-rating the bill in cases where a request could not be satisfied. Any such special billing events will be notified to you as they become available.
Plait operates a merchant account into which all patient payments are deposited (“Merchant Account”).
Payments made by patients in the Plait App are collected on your behalf into the Merchant Account. We transfer all payments to you less a Transaction Fee.
Payments from patients for your services are deposited to your nominated bank account weekly on Mondays. Weekly payment cycles run from Monday 6 AM – Monday 5:59 AM.
The Transaction Fee due to us under the terms of the Agreement, together with any other amounts due by you to us, will be deducted from the weekly payments due by us to you. We also reserve the right to invoice you for payment of any amounts due if we consider that there may not be sufficient funds available from the Merchant Account to meet the payments due.
We may recover from you any fees or other amounts charged back by a credit card company to us concerning any transactions which have not been deducted from the funds received by us and remitted to you by deducting them from any amount subsequently payable to you or require you to otherwise reimburse us for such fees or other amounts.
Where a credit card company reverses payment due to fraudulent credit card use and we cannot obtain such payment, we shall each be responsible for the losses associated with our respective transaction components.
The following Transaction Fee applies on a per-transaction basis calculated as a percentage of the total transaction value. The Transaction Fee is charged by Plait to your account.
(1) Plait Transaction Fee: 3.5%