1. Definitions. Capitalized terms have the meanings set out below. Other capitalized terms are defined in context:
1.1. Customer Data. The term “Customer Data” means information and data that Customer provides to Onyx via the Platform.
1.2. Documentation. The term “Documentation” means all written, printed, or electronically provided user manuals, OnyxOS descriptions, technical manuals, and other specifications.
1.3. Intellectual Property Rights. The term “Intellectual Property Rights” means any rights (whether owned or licensed) existing now or in the future under patent law, copyright law, trademark law, data and database protection law, trade secret law, and any and all similar proprietary rights. The term “Intellectual Property Rights” means those rights as they exist as of the Effective Date, and all such rights subsequently acquired.
1.4. Online Terms. The term “Online Terms” means Onyx’s then-current applicable standard online terms of use and privacy policy for the OnyxOS Portal.
1.5. OnyxOS. The term “OnyxOS” means the software offering further described in the Scope of Work.
1.6. OnyxOS Portal. The term “OnyxOS Portal” means the web portal maintained by Onyx that Customer uses to access OnyxOS.
1.7. Platform. The term “Platform” means, collectively: (i) the OnyxOS; (ii) the Documentation; (iii) the Services; and (iv) the OnyxOS Portal, as they each exist on the Effective Date and may be modified by or on behalf of Onyx after the Effective Date.
1.8. Protected Health Information or PHI. The term “Protected Health Information” or “PHI” has the meaning set out in the BAA.
1.9. Scope of Work. The term “Scope of Work” means the description of OnyxOS and the Services that Onyx is to provide pursuant to the Agreement. The Scope of Work is attached hereto as Attachment A (Scope of Work).
1.10. Services. The term “Services” means those services that Onyx provides, or causes to be provided, to Customer pursuant to the Scope of Work.
1.11. Updates. The term “Updates” means those additions, enhancements, security patches, and other updates that Onyx develops for a OnyxOS and provides to its Customer base without additional fees.
2. OnyxOS Support Services; Custom Services.
2.1. Support Services. During the Term, Onyx shall use commercially reasonable efforts to correct material errors in the functionality of the OnyxOS reported by Customer, and to otherwise provide technical support for the OnyxOS, in accordance with this Section 2.1 (Support Services) and any requirements set out in the Scope of Work (collectively, the “Support Services“); provided, however, that Customer shall first review the Documentation before submitting a request for technical support (each, a “Support Request“). Onyx is entitled to charge Customer, in accordance with its (or its service providers’) then-current pricing and other applicable policies, for the provision of Support Services required due to problems, errors, or inquiries caused by Customer’s actions or omissions, Customer Data, or Customer Systems
2.2. Custom Services. If Customer desires any services other than the Support Services including, for example, customization of OnyxOS , custom support and maintenance, new OnyxOS functionality, Customer Data backup (other than as expressly set out in Section 3.2 (Data Backup; Retention)), or other similar services (collectively, the “Custom Services“), then Customer shall present a written request to Onyx outlining the requested Custom Services. The Parties shall then negotiate in good faith a written statement of work, which shall include a detailed description of the Custom Services to be provided, an estimated delivery schedule, and fees associated with the Custom Services. Any agreed-upon statement of work shall be memorialized in an amendment to the Agreement and deemed incorporated into and made a part of the Agreement for all purposes when executed by both Parties.
3.2. Data Backup; Retention. Customer shall retain copies of Customer Data submitted to Onyx or otherwise associated with the Platform. Customer shall be solely responsible for backing up all Customer Data and retaining such Customer Data in accordance with its applicable retention requirements. Onyx has no obligation to backup Customer Data. ONYX HAS NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION, OR RECOVERY OF CUSTOMER DATA.
3.3. Protecting Passwords. Customer shall maintain, and cause to be maintained, all usernames, passwords, or other security credentials used to verify Customer’s (or its authorized users’) identity and to permit access to the OnyxOS (collectively, “Access Credentials“) in confidence, and not disclose Access Credentials to unauthorized persons. Onyx shall provide individuals using Access Credentials issued to or by Customer with all of the rights and privileges provided to Customer, and Customer shall be liable for all activities of any individual using such Access Credentials.
3.4. Securing Rights in Customer Data. Customer shall be solely responsible for securing all rights in the Customer Data necessary to permit the access, use, and processing of such Customer Data contemplated herein.
3.5. Additional Customer Obligations. During the Term, Customer shall be responsible and liable for its failure to provide (i) all necessary rights in and access to all Customer Systems necessary for Onyx to implement the Platform and otherwise as necessary to provide the Platform, and (ii) all cooperation and assistance as Onyx may reasonably request to enable Onyx to perform its obligations under this Agreement. If Customer uses the OnyxOS Portal, Customer shall also be required to comply with all Onyx Online Terms applicable to the OnyxOS as defined in the OnyxOS Portal.
4. Grant of Rights; Ownership.
4.1. License Grant to Customer to OnyxOS. Onyx, under its Intellectual Property Rights, hereby grants Customer during the Term a non-exclusive, non-sublicenseable, non-transferable, non-resell able subscription license to access and use the OnyxOS for Customer’s business purposes, as permitted pursuant to the Documentation.
4.2. License Grant to Documentation. Onyx, under its Intellectual Property Rights, hereby grants to Customer during the Term a non-exclusive, non-sublicensable, non-transferrable license to access and use (but not modify) the Documentation solely in connection with Customer’s use of the OnyxOS.
4.3. Customer License Grant to Onyx. Customer hereby grants to Onyx during the Term a non-exclusive license to access and use (and to permit its subcontractors to access and use) Customer Data, Customer Systems, and other Customer resources in order to provide the Platform to Customer and as otherwise contemplated herein.
4.4. Customer Restrictions. Customer shall be responsible for all of Customer’s and its authorized users’ use of the Platform. Customer shall not: (i) copy, rent, sell, lease, distribute, pledge, assign, or otherwise transfer, or encumber rights in the Platform, or any part thereof; (ii) use the Platform for the benefit of any third party; (iii) authorize, assist, enable, or encourage any person except Customer’s authorized users to access or use the Platform; (iv) send or store infringing or unlawful material via the Platform; (v) alter or remove any copyright, patent, trademark, or other protective notices included with the Platform; (vi) reverse engineer, decompile, or disassemble the Platform or otherwise attempt to derive any related source code; (vii) modify, copy, or create derivative works based on the Platform; (viii) access the Platform for the purpose of building a competitive OnyxOS or service or copying its features or user interface; (ix) attempt to gain unauthorized access to, or use of, the Platform or otherwise disrupt the integrity or performance of the Platform; (x) distribute spam or malware via the Platform; (xi) use the Platform in any way prohibited by applicable law; or (xii) use the Platform to, or in a manner that, violates the legal rights of others. Onyx reserves the right to immediately suspend Customer’s access to the Platform without liability to Onyx if, in Onyx’s reasonable judgment, Customer is violating any obligation under this Section 4.4 (Customer Restrictions); provided, however, that Onyx may reinstate Customer’s access to the Platform once Onyx determines that such violation ceases.
4.5. Ownership. As between the Parties, Onyx is and shall remain sole owner of all right, title, and interest in and to: (i) the Platform and its components, including all Intellectual Property Rights embodied therein; (ii) other Onyx Confidential Information; (iii) except for Customer Data, any data input, output, processed using, or generated by the Platform; (iv) Custom Work; and (v) any improvements or modifications thereto. As between the Parties, Customer is and shall remain sole owner of all right, title, and interest in and to Customer Data and other Customer Confidential Information.
4.6. Feedback. The term “Feedback” means suggestions, ideas, feature requests, and recommendations made by Customer relating to the Platform or other elements of Onyx’s business. Onyx neither seeks nor requests Feedback, and this Agreement places no obligations on Customer to provide Feedback. If Customer provides Feedback to Onyx, then Customer hereby transfers to Onyx Customer’s rights in Feedback (including all associated Intellectual Property Rights).
4.7. No Implied Rights. Nothing in the Agreement (including this Agreement) shall be construed to grant either Party any rights other than those expressly provided herein. Any rights granted to a Party under this Agreement must be expressly provided herein, and there shall be no implied rights pursuant to this Agreement, based on any course of conduct or other construction or interpretation thereof. All rights and licenses not expressly granted herein are reserved.
5. Recordkeeping; Audit. Customer shall keep complete and accurate accounting, transaction, and other applicable records to support and document all access to and use of the Platform, including all information necessary for Onyx to verify Customer’s compliance with this Agreement. Upon Onyx’s request and with reasonable prior written notice, Customer shall permit technical, financial, and operational audits related to the subject matter of this Agreement by Onyx personnel or its designated third parties (collectively, the “Auditors“). Customer shall grant the Auditors access, to the minimum extent necessary to complete such audits to the reasonable satisfaction of the parties, to Customer’s books, records, third party audit and examination reports, systems, facilities, controls, processes, and procedures related to Customer’s performance of its obligations under this Agreement. Customer shall timely cooperate with the Auditors and provide them assistance as they reasonably request in connection with any audit. Onyx’s right to audit, inspect, and make copies or extracts of Customer’s records and processes shall continue for a period of one (1) year following the termination or expiration of the Agreement.
6. Business Associate Agreement. If the Parties performance under this Agreement is subject to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, codified at 42 U.S.C. §1320d through d-9, as amended, (“HIPAA“), the Health Information Technology for Economic and Clinical Health Act (“HITECH Act“), and their implementing regulations, and applicable privacy laws, then the Parties shall comply with the business associate agreement (the “BAA“) previously entered into by the Parties and incorporated into this Agreement for all purposes.
7. Privacy and Security. Onyx shall use commercially reasonable efforts to comply with the following privacy and security requirements set out in this Section 7(Privacy and Security) with respect to Customer Confidential Information. By way of clarification, Onyx’s obligations set out in this Section 7 (Privacy and Security) shall not apply to any Covered Data. Such obligations with respect to Covered Data shall be set out in the BAA.
7.1. Protection of Customer Data. Onyx shall implement and maintain reasonable and appropriate administrative, technical, and physical safeguards that are designed to: (i) ensure the security and confidentiality of Customer Confidential Information in Onyx’s possession or control; (ii) protect against anticipated threats or hazards to the security or integrity of Customer Confidential Information in Onyx’s possession or control; and (iii) protect Customer Confidential Information in Onyx’s possession or control from loss, misuse, or unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of such Customer Confidential Information.
7.2. Security Incident. Onyx shall notify Customer promptly after Onyx becomes aware of an actual: (i) accidental or unlawful destruction, loss, or alteration of Customer Confidential Information caused by Onyx; or (ii) unauthorized disclosure or use of, or access to, Customer Confidential Information in Onyx’s possession or control (each, a “Security Incident“). Onyx shall promptly investigate each Security Incident and assist Customer in connection with any investigation that Customer may desire to conduct with respect to such Security Incident. Onyx will take all steps reasonable requested by Customer to limit, stop, or otherwise remedy any Security Incident. Except to the extent required by applicable law, Onyx shall not communicate with any third party about a Security Incident without prior written consent of Customer.
8. Development of Statistical Data. Onyx shall be entitled to create, collect, compile, analyze, and otherwise use: (i) statistical data related to the use of the Platform; (ii) other data that constitutes De-Identified Data (collectively, the “Statistical Data“). The term “De-identified Data” means information that meets each of the following criteria: the information (a) does not identify a particular natural person; (b) is not reasonably linkable to a particular natural person due to technical, legal, or other controls; and (c) the de-identification is accomplished in accordance with applicable laws and regulations. By way of clarifying example, and not limitation, Onyx shall have the right to modify Customer Data so that it constitutes De-identified Data, and to use such De-identified Data for Onyx’s business operations including, but not limited to, improving the Platform. No compensation shall be paid by Onyx to Customer in connection with the creation or use of Statistical Data.
9. Representations and Warranties.
9.1. Mutual Representations and Warranties. Each Party represents and warrants that: (i) it is duly organized, validly existing and in good standing, and is qualified and/or licensed to do business in all jurisdictions to the extent necessary to carry out its obligations under this Agreement; (ii) its execution, delivery, and performance of this Agreement shall not violate or constitute a default under any agreement of such Party; and (iii) it has the full right, power, and authority to enter into and be bound by the terms of this Agreement and to perform its obligations under this Agreement.
9.2. Customer Representations and Warranties. Customer represents and warrants that: (i) it owns all right, title, and interest in and to (a) the Customer Data or that it has otherwise secured rights in the Customer Data necessary to permit the access, use, and processing of such Customer Data in accordance with this Agreement, and (b) other resources, including the Customer Systems, used in accordance with this Agreement, and (ii) it will avoid deceptive, misleading, illegal, or unethical practices that may be detrimental to Onyx or to its subcontractors.
9.3. Onyx Representations and Warranties. Onyx represents and warrants to Customer that Onyx will perform the Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services.
9.4. Disclaimers. EXCEPT AS SPECIFICALLY PROVIDED IN THIS SECTION 9 (Representations and Warranties), THE PLATFORM AND ALL ONYX PERFORMANCE OBLIGATIONS (INCLUDING THE PROVISION OF SERVICES) ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ONYX DOES NOT WARRANT (i) THAT THE PLATFORM OR ONYX’S PERFORMANCE OBLIGATIONS WILL MEET CUSTOMER’S REQUIREMENTS OR RESULT IN ANY DESIRED OUTCOME, OR (ii) THAT THE PLATFORM’S OPERATION OR THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, ONYX HEREBY DISCLAIMS (FOR ITSELF, ITS AFFILIATES, SUBCONTRACTORS, AND LICENSORS) ALL OTHER REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, ORAL OR WRITTEN, WITH RESPECT TO THE PLATFORM, AND ITS OTHER PERFORMANCE OBLIGATIONS UNDER THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, ACCURACY, INTEGRATION, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE, AND ALL WARRANTIES ARISING FROM ANY COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE.
10. Limitation on Remedies.
10.1. Consequential Damages Waiver. EXCEPT FOR CLAIMS OF WILLFUL MISCONDUCT OR FRAUD, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, PUNITIVE, SPECIAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE WHATSOEVER, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS, LOSS OF DATA, LOSS OR INTERRUPTION OF USE, COST TO PROCURE SUBSTITUTE TECHNOLOGIES, GOODS OR SERVICES, OR OTHER ECONOMIC LOSS, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10.2. Limitation of Liability. EXCEPT FOR CLAIMS OF WILLFUL MISCONDUCT OR FRAUD, THE MAXIMUM AGGREGATE LIABILITY OF ONYX AND ITS AFFILIATES TO CUSTOMER FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS SCHEDULE [TBD] SHALL NOT EXCEED THE TOTAL AMOUNTS PAID BY CUSTOMER TO ONYX UNDER THE AGREEMENT. THESE LIMITATIONS ARE INDEPENDENT FROM ALL OTHER PROVISIONS OF THIS AGREEMENT AND SHALL APPLY NOTWITHSTANDING THE FAILURE OF ANY REMEDY PROVIDED HEREIN.