Terms of Service & Business Associates Agreement
TERMS OF SERVICE
Last updated: August 15, 2023
AGREEMENT TO OUR LEGAL TERMS
We are Hona AI Inc. (“Hona,” "Company," "we," "us," "our").
We offer a software solution that processes and helps make sense of medical records, as well as any other related products and services that refer or link to these legal terms (the "Legal Terms") (collectively, the "Services").
You can contact us by email at firstname.lastname@example.org or by mail to 447 Sutter Street, Suite 405 PMB 449, San Francisco, CA 94108.
These Legal Terms constitute a legally binding agreement made between you, whether personally or on behalf of an entity ("you"), and Hona, concerning your access to and use of the Services. You agree that by accessing the Services, you have read, understood, and agreed to be bound by all of these Legal Terms. IF YOU DO NOT AGREE WITH ALL OF THESE LEGAL TERMS, THEN YOU ARE EXPRESSLY PROHIBITED FROM USING THE SERVICES AND YOU MUST DISCONTINUE USE IMMEDIATELY.
Supplemental terms and conditions or documents that may be posted on the Services from time to time are hereby expressly incorporated herein by reference. We reserve the right, in our sole discretion, to make changes or modifications to these Legal Terms at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of these Legal Terms, and you waive any right to receive specific notice of each such change. It is your responsibility to periodically review these Legal Terms to stay informed of updates. You will be subject to, and will be deemed to have been made aware of and to have accepted, the changes in any revised Legal Terms by your continued use of the Services after the date such revised Legal Terms are posted.
We recommend that you print a copy of these Legal Terms for your records.
TABLE OF CONTENTS
1. OUR SERVICES
2. INTELLECTUAL PROPERTY RIGHTS
3. USER REPRESENTATIONS
4. PROHIBITED ACTIVITIES
5. USER GENERATED CONTRIBUTIONS
6. CONTRIBUTION LICENSE
7. SERVICES MANAGEMENT
8. TERM AND TERMINATION
9. MODIFICATIONS AND INTERRUPTIONS
10. GOVERNING LAW
11. DISPUTE RESOLUTION
14. LIMITATIONS OF LIABILITY
16. USER DATA
17. ELECTRONIC COMMUNICATIONS, TRANSACTIONS, AND SIGNATURES18. MISCELLANEOUS
19. CONTACT US
1. OUR SERVICES
The information provided when using the Services is not intended for distribution to or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation or which would subject us to any registration requirement within such jurisdiction or country. Accordingly, those persons who choose to access the Services from other locations do so on their own initiative and are solely responsible for compliance with local laws, if and to the extent local laws are applicable.
2. INTELLECTUAL PROPERTY RIGHTS
Our intellectual property
We are the owner or the licensee of all intellectual property rights in our Services, including all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics in the Services (collectively, the "Content"), as well as the trademarks, service marks, and logos contained therein (the "Marks").
Our Content and Marks are protected by copyright and trademark laws (and various other intellectual property rights and unfair competition laws) and treaties in the United States and around the world.
The Content and Marks are provided in or through the Services "AS IS" for your personal, non-commercial use or internal business purpose only.
Your use of our Services
Subject to your compliance with these Legal Terms, including the "PROHIBITED ACTIVITIES" section below, we grant you a non-exclusive, non-transferable, revocable license to:
- access the Services; and
- download or print a copy of any portion of the Content to which you have properly gained access
solely for your personal, non-commercial use or internal business purpose.
Except as set out in this section or elsewhere in our Legal Terms, no part of the Services and no Content or Marks may be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.If you wish to make any use of the Services, Content, or Marks other than as set out in this section or elsewhere in our Legal Terms, please address your request to: email@example.com. If we ever grant you the permission to post, reproduce, or publicly display any part of our Services or Content, you must identify us as the owners or licensors of the Services, Content, or Marks and ensure that any copyright or proprietary notice appears or is visible on posting, reproducing, or displaying our Content.
We reserve all rights not expressly granted to you in and to the Services, Content, and Marks.
Any breach of these Intellectual Property Rights will constitute a material breach of our Legal Terms and your right to use our Services will terminate immediately.
Please review this section and the "PROHIBITED ACTIVITIES" section carefully prior to using our Services to understand the (a) rights you give us and (b) obligations you have when you post or upload any content through the Services.
By directly sending us any question, comment, suggestion, idea, feedback, or other information about the Services ("Submissions"), you agree to assign to us all intellectual property rights in such Submission. You agree that we shall own this Submission and be entitled to its unrestricted use and dissemination for any lawful purpose, commercial or otherwise, without acknowledgment or compensation to you.
You are responsible for what you post or upload: By sending us Submissions through any part of the Services you:
- confirm that you have read and agree with our "PROHIBITED ACTIVITIES" and will not post, send, publish, upload, or transmit through the Services any Submission that is illegal, harassing, hateful, harmful, defamatory, obscene, bullying, abusive, discriminatory, threatening to any person or group, sexually explicit, false, inaccurate, deceitful, or misleading;
to the extent permissible by applicable law, waive any and all moral rights to any such Submission;
- warrant that any such Submissions are original to you or that you have the necessary rights and licenses to submit such Submissions and that you have full authority to grant us the above-mentioned rights in relation to your Submissions; and
- warrant and represent that your Submissions do not constitute confidential information.
You are solely responsible for your Submissions and you expressly agree to reimburse us for any and all losses that we may suffer because of your breach of (a) this section, (b) any third party’s intellectual property rights, or (c) applicable law.
3. USER REPRESENTATIONS
By using the Services, you represent and warrant that: (1) you have the legal capacity and you agree to comply with these Legal Terms; (2) you are not a minor in the jurisdiction in which you reside; (3) you will not access the Services through automated or non-human means, whether through a bot, script or otherwise; (4) you will not use the Services for any illegal or unauthorized purpose; and (5) your use of the Services will not violate any applicable law or regulation.
If you provide any information that is untrue, inaccurate, not current, or incomplete, we have the right to suspend or terminate your account and refuse any and all current or future use of the Services (or any portion thereof).
4. PROHIBITED ACTIVITIES
You may not access or use the Services for any purpose other than that for which we make the Services available. The Services may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved by us.
As a user of the Services, you agree not to:
- Systematically retrieve data or other content from the Services to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us.
- Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords.
- Circumvent, disable, or otherwise interfere with security-related features of the Services, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of the Services and/or the Content contained therein.
- Disparage, tarnish, or otherwise harm, in our opinion, us and/or the Services.
- Use any information obtained from the Services in order to harass, abuse, or harm another person.
- Make improper use of our support services or submit false reports of abuse or misconduct.
- Use the Services in a manner inconsistent with any applicable laws or regulations.
- Engage in unauthorized framing of or linking to the Services.
- Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party’s uninterrupted use and enjoyment of the Services or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of the Services.
- Engage in any automated use of the system, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.
- Delete the copyright or other proprietary rights notice from any Content.
- Attempt to impersonate another user or person or use the username of another user.
- Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats ("gifs"), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as "spyware" or "passive collection mechanisms" or "pcms").
- Interfere with, disrupt, or create an undue burden on the Services or the networks or services connected to the Services.
- Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of the Services to you.
- Attempt to bypass any measures of the Services designed to prevent or restrict access to the Services, or any portion of the Services.
- Except as permitted by applicable law, decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Services.
- Except as may be the result of standard search engine or internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Services, or use or launch any unauthorized script or other software.
- Use a buying agent or purchasing agent to make purchases on the Services.
- Make any unauthorized use of the Services, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses.
- Use the Services as part of any effort to compete with us or otherwise use the Services and/or the Content for any revenue-generating endeavor or commercial enterprise.
5. USER GENERATED CONTRIBUTIONS
The Services does not offer users to submit or post content. We may provide you with the opportunity to create, submit, post, display, transmit, perform, publish, distribute, or broadcast content and materials to us or on the Services, including but not limited to text, writings, video, audio, photographs, graphics, comments, suggestions, or personal information or other material (collectively, "Contributions"). Contributions will not be viewable by other users of the Services or through third- party websites.
6. CONTRIBUTION LICENSE
You and Services agree that we may access, store, process, and use any information and personal data that you provide and your choices (including settings).
By submitting suggestions or other feedback regarding the Services, you agree that we can use and share such feedback for any purpose without compensation to you.
We do not assert any ownership over your Contributions. You retain full ownership of all of your Contributions and any intellectual property rights or other proprietary rights associated with your Contributions. We are not liable for any statements or representations in your Contributions provided by you in any area on the Services. You are solely responsible for your Contributions to the Services, and you expressly agree to exonerate us from any and all responsibility and to refrain from any legal action against us regarding your Contributions.
7. SERVICES MANAGEMENT
We reserve the right, but not the obligation, to: (1) monitor the Services for violations of these Legal Terms; (2) take appropriate legal action against anyone who, in our sole discretion, violates the law or these Legal Terms, including without limitation, reporting such user to law enforcement authorities; (3) in our sole discretion and without limitation, refuse, restrict access to, limit the availability of, or disable (to the extent technologically feasible) any of your Contributions or any portion thereof; (4) in our sole discretion and without limitation, notice, or liability, to remove from the Services or otherwise disable all files and content that are excessive in size or are in any way burdensome to our systems; and (5) otherwise manage the Services in a manner designed to protect our rights and property and to facilitate the proper functioning of the Services.
8. TERM AND TERMINATION
These Legal Terms shall remain in full force and effect while you use the Services. WITHOUT LIMITING ANY OTHER PROVISION OF THESE LEGAL TERMS, WE RESERVE THE RIGHT TO, IN OUR SOLE DISCRETION AND WITHOUT NOTICE OR LIABILITY, DENY ACCESS TO AND USE OF THE SERVICES (INCLUDING BLOCKING CERTAIN IP ADDRESSES), TO ANY PERSON FOR ANY REASON OR FOR NO REASON, INCLUDING WITHOUT LIMITATION FOR BREACH OF ANY REPRESENTATION, WARRANTY, OR COVENANT CONTAINED IN THESE LEGAL TERMS OR OF ANY APPLICABLE LAW OR REGULATION. WE MAY TERMINATE YOUR USE OR PARTICIPATION IN THE SERVICES OR DELETE ANY CONTENT OR INFORMATION THAT YOU POSTED AT ANY TIME, WITHOUT WARNING, IN OUR SOLE DISCRETION.
If we terminate or suspend your account for any reason, you are prohibited from registering and creating a new account under your name, a fake or borrowed name, or the name of any third party, even if you may be acting on behalf of the third party. In addition to terminating or suspending your account, we reserve the right to take appropriate legal action, including without limitation pursuing civil, criminal, and injunctive redress.
9. MODIFICATIONS AND INTERRUPTIONS
We reserve the right to change, modify, or remove the contents of the Services at any time or for any reason at our sole discretion without notice. However, we have no obligation to update any information on our Services. We will not be liable to you or any third party for any modification, price change, suspension, or discontinuance of the Services.
We cannot guarantee the Services will be available at all times. We may experience hardware, software, or other problems or need to perform maintenance related to the Services, resulting in interruptions, delays, or errors. We reserve the right to change, revise, update, suspend, discontinue, or otherwise modify the Services at any time or for any reason without notice to you. You agree that we have no liability whatsoever for any loss, damage, or inconvenience caused by your inability to access or use the Services during any downtime or discontinuance of the Services. Nothing in these Legal Terms will be construed to obligate us to maintain and support the Services or to supply any corrections, updates, or releases in connection therewith.
10. GOVERNING LAW
These Legal Terms shall be governed by and defined following the laws of the State of California. Hona and yourself irrevocably consent that the courts of the State of California shall have exclusive jurisdiction to resolve any dispute which may arise in connection with these Legal Terms.
11. DISPUTE RESOLUTION
To expedite resolution and control the cost of any dispute, controversy, or claim related to these Legal Terms (each a "Dispute" and collectively, the "Disputes") brought by either you or us (individually, a "Party" and collectively, the "Parties"), the Parties agree to first attempt to negotiate any Dispute (except those Disputes expressly provided below) informally for at least 30 days before initiating arbitration. Such informal negotiations commence upon written notice from one Party to the other Party.
Binding ArbitrationAny dispute arising out of or in connection with these Legal Terms, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the Rules of Arbitration of the American Arbitration Association of Service. The seat, or legal place, or arbitration shall be San Francisco, California. The language of the proceedings shall be American English. The governing law of these Legal Terms shall be substantive law of the State of California.
RestrictionsThe Parties agree that any arbitration shall be limited to the Dispute between the Parties individually. To the full extent permitted by law, (a) no arbitration shall be joined with any other proceeding; (b) there is no right or authority for any Dispute to be arbitrated on a class-action basis or to utilize class action procedures; and (c) there is no right or authority for any Dispute to be brought in a purported representative capacity on behalf of the general public or any other persons.
Exceptions to Informal Negotiations and ArbitrationThe Parties agree that the following Disputes are not subject to the above provisions concerning informal negotiations binding arbitration: (a) any Disputes seeking to enforce or protect, or concerning the validity of, any of the intellectual property rights of a Party; (b) any Dispute related to, or arising from, allegations of theft, piracy, invasion of privacy, or unauthorized use; and (c) any claim for injunctive relief. If this provision is found to be illegal or unenforceable, then neither Party will elect to arbitrate any Dispute falling within that portion of this provision found to be illegal or unenforceable and such Dispute shall be decided by a court of competent jurisdiction within the courts listed for jurisdiction above, and the Parties agree to submit to the personal jurisdiction of that court.
There may be information on the Services that contains typographical errors, inaccuracies, or omissions, including descriptions, pricing, availability, and various other information. We reserve the right to correct any errors, inaccuracies, or omissions and to change or update the information on the Services at any time, without prior notice.
THE SERVICES ARE PROVIDED ON AN AS-IS AND AS-AVAILABLE BASIS. YOU AGREE THAT YOUR USE OF THE SERVICES WILL BE AT YOUR SOLE RISK. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, IN CONNECTION WITH THE SERVICES AND YOUR USE THEREOF, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE MAKE NO WARRANTIES OR REPRESENTATIONS ABOUT THE ACCURACY OR COMPLETENESS OF THE SERVICES' CONTENT OR THE CONTENT OF ANY WEBSITES OR MOBILE APPLICATIONS LINKED TO THE SERVICES AND WE WILL ASSUME NO LIABILITY OR RESPONSIBILITY FOR ANY (1) ERRORS, MISTAKES, OR INACCURACIES OF CONTENT AND MATERIALS, (2) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF THE SERVICES, (3) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION AND/OR FINANCIAL INFORMATION STORED THEREIN, (4) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICES, (5) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE WHICH MAY BE TRANSMITTED TO OR THROUGH THE SERVICES BY ANY THIRD PARTY, AND/OR (6) ANY ERRORS OR OMISSIONS IN ANY CONTENT AND MATERIALS OR FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE VIA THE SERVICES. WE DO NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SERVICES, ANY HYPERLINKED WEBSITE, OR ANY WEBSITE OR MOBILE APPLICATION FEATURED IN ANY BANNER OR OTHER ADVERTISING, AND WE WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND ANY THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES. AS WITH THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE CAUTION WHERE APPROPRIATE.
14. LIMITATIONS OF LIABILITY
IN NO EVENT WILL WE OR OUR DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT, LOST REVENUE, LOSS OF DATA, OR OTHER DAMAGES ARISING FROM YOUR USE OF THE SERVICES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO THE LESSER OF THE AMOUNT PAID, IF ANY, BY YOU TO US OR US$500.00. CERTAIN US STATE LAWS AND INTERNATIONAL LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MAY HAVE ADDITIONAL RIGHTS.
You agree to defend, indemnify, and hold us harmless, including our subsidiaries, affiliates, and all of our respective officers, agents, partners, and employees, from and against any loss, damage, liability, claim, or demand, including reasonable attorneys’ fees and expenses, made by any third party due to or arising out of: (1) use of the Services; (2) breach of these Legal Terms; (3) any breach of your representations and warranties set forth in these Legal Terms; (4) your violation of the rights of a third party, including but not limited to intellectual property rights; or (5) any overt harmful act toward any other user of the Services with whom you connected via the Services. Notwithstanding the foregoing, we reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate, at your expense, with our defense of such claims. We will use reasonable efforts to notify you of any such claim, action, or proceeding which is subject to this indemnification upon becoming aware of it.
16. USER DATA
We will maintain certain data that you transmit to the Services for the purpose of managing the performance of the Services, as well as data relating to your use of the Services. Although we perform regular routine backups of data, you are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Services. You agree that we shall have no liability to you for any loss or corruption of any such data, and you hereby waive any right of action against us arising from any such loss or corruption of such data.
17. ELECTRONIC COMMUNICATIONS, TRANSACTIONS, AND SIGNATURES
Visiting the Services, sending us emails, and completing online forms constitute electronic communications. You consent to receive electronic communications, and you agree that all agreements, notices, disclosures, and other communications we provide to you electronically, via email and on the Services, satisfy any legal requirement that such communication be in writing. YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS, AND OTHER RECORDS, AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES, AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED BY US OR VIA THE SERVICES. You hereby waive any rights or requirements under any statutes, regulations, rules, ordinances, or other laws in any jurisdiction which require an original signature or delivery or retention of non-electronic records, or to payments or the granting of credits by any means other than electronic means.
18. MISCELLANEOUSThese Legal Terms and any policies or operating rules posted by us on the Services or in respect to the Services constitute the entire agreement and understanding between you and us. Our failure to exercise or enforce any right or provision of these Legal Terms shall not operate as a waiver of such right or provision. These Legal Terms operate to the fullest extent permissible by law. We may assign any or all of our rights and obligations to others at any time. We shall not be responsible or liable for any loss, damage, delay, or failure to act caused by any cause beyond our reasonable control. If any provision or part of a provision of these Legal Terms is determined to be unlawful, void, or unenforceable, that provision or part of the provision is deemed severable from these Legal Terms and does not affect the validity and enforceability of any remaining provisions. There is no joint venture, partnership, employment or agency relationship created between you and us as a result of these Legal Terms or use of the Services. You agree that these Legal Terms will not be construed against us by virtue of having drafted them. You hereby waive any and all defenses you may have based on the electronic form of these Legal Terms and the lack of signing by the parties hereto to execute these Legal Terms.
19. CONTACT US
In order to resolve a complaint regarding the Services or to receive further information regarding use of the Services, please contact us at: firstname.lastname@example.org
Hona AI Inc.447 Sutter Street
Suite 405 PMB 449
San Francisco, CA 94108
Phone: (847) 751-0045
ANNEX I: BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (“BAA”) is made and entered into by and between Hona AI Inc. (“Business Associate”), and a client who has entered a Terms of Service Agreement with the Business Associate (“Covered Entity”) and is effective as of the date of the Agreement (the “BAA Effective Date”). Business Associate and Covered Entity may be referred to individually as a “Party” or, collectively, as the “Parties” in this BAA.
A. The Parties have entered into or will enter into one or more agreements to trial under which Business Associate provides or will provide certain specified services to Covered Entity (the “Underlying Agreement”), and Covered Entity wishes to disclose certain information to Business Associate pursuant to the terms of such Underlying Agreement, some of which may constitute Protected Health Information (“PHI”) (defined below).
B. Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to the Underlying Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and privacy regulations (the “Privacy Rule”), security regulations (the “Security Rule”) and breach notification regulations (the “Breach Notification Rule”) promulgated thereunder, including, but not limited to, Title 45, §§ 164.314(a)(2)(i), 164.410, 164.502(e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”). The Privacy Rule, Security Rule and Breach Notification Rule shall be referred to collectively as the “HIPAA Regulations.”
In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:
a. Capitalized Terms. Capitalized terms used in this BAA and not otherwise defined herein shall have the meanings set forth in the Privacy Rule, the Security Rule, and the Breach Notification Rule, which definitions are incorporated in this BAA by reference.
b. “Breach” shall have the same meaning given to such term in 45 C.F.R. § 164.402.
c. “Breach Notification Rule” shall mean the Standards for Notification in the Case of Breach of Unsecured Protected Health Information at 45 C.F.R. Part 160 and Part 164, Subparts A and D.
d. “Designated Record Set” shall have the same meaning given to such term in 45 C.F.R. § 164.501.
e. “Electronic Protected Health Information” or “Electronic PHI” shall have the same meaning given to such term under the Privacy Rule and the Security Rule, including, but not limited to, 45 C.F.R. § 160.103, as applied to the information that Business Associate creates, receives, maintains or transmits from or on behalf of Covered Entity.
f. “Individual” shall have the same meaning given to such term in 45 C.F.R. § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
g. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Part 160 and Part 164, Subparts A and E.
h. “Protected Health Information” or “PHI” shall have the same meaning given to such term in 45 C.F.R. § 160.103, as applied to the information created, received, maintained or transmitted by Business Associate from or on behalf of Covered Entity.
i “Required by Law” shall have the same meaning given to such term in 45 C.F.R. § 164.103.
j. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his or her designee.
k. “Security Incident” shall have the same meaning given to such term in 45 C.F.R. § 164.304.
l. “Security Rule” shall mean the Security Standards at 45 C.F.R. Part 160 and Part 164, Subparts A and C.
m. “Unsecured PHI” shall have the same meaning given to such term under 45 C.F.R. § 164.402, and guidance promulgated thereunder.
2. Permitted Uses and Disclosures of PHI.
a. Uses and Disclosures of PHI Pursuant to Underlying Agreement. Business Associate shall not use or disclose PHI other than as permitted or required to perform functions, activities or services for, or on behalf of, Covered Entity as specified in the Underlying Agreement or as Required by Law. To the extent Business Associate is carrying out any of Covered Entity’s obligations under the Privacy Rule pursuant to the terms of the Underlying Agreement or this BAA, Business Associate shall comply with the requirements of the Privacy Rule that apply to Covered Entity in the performance of such obligation(s). Business Associate may not use or disclose PHI in a manner that would violate the Privacy Rule if done by Covered Entity, except as set forth in Sections 2(b)-(e).
b. Permitted Uses of PHI by Business Associate. Except as otherwise limited in this BAA, Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate.
c. Permitted Disclosures of PHI by Business Associate. Except as otherwise limited in this BAA, Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that the disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and will be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person (which purpose must be consistent with the limitations imposed upon Business Associate pursuant to this BAA), and that the person agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
d. Data Aggregation. Except as otherwise limited in this BAA, Business Associate may use PHI to provide Data Aggregation services as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B).
e. De-identified Data. Business Associate may create de-identified PHI in accordance with the standards set forth in 45 C.F.R. § 164.514(b) and may use or disclose such de-identified data for any purpose.
3. Obligations of Business Associate.
a. Appropriate Safeguards. Business Associate shall use appropriate safeguards and shall comply with the Security Rule with respect to Electronic PHI, to prevent use or disclosure of such information other than as provided for by the Underlying Agreement and this BAA.
b. Reporting of Improper Use or Disclosure, Security Incident, or Breach. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or Security Incident, without unreasonable delay, and in any event no more than five (5) business days following discovery; provided, however, that the Parties acknowledge and agree that this Section 3.b. constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Covered Entity by Business Associate shall be required only upon request. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate’s notification to Covered Entity of a Breach shall include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during the Breach; and (ii) any particulars regarding the Breach that Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404.
c. Breach Claims. Business Associate shall indemnify, defend, and hold Covered Entity and its respective officers, directors, employees, agents, successors, and assigns harmless from and against any and all losses, claims, actions, demands, liabilities, damages, costs, and expenses (including costs of judgments, settlements, court costs and reasonable attorneys’ fees actually incurred) (collectively, “Breach Claims”) arising from or related to (i) the use or disclosure of PHI in violation of the terms of this BAA or applicable law; and (ii) whether in oral, paper or electronic media, any Breach.
d. Business Associate’s Agents. In accordance with 45 C.F.R. § 164.502(e)(1)(ii) and 45 C.F.R. § 164.308(b)(2), as applicable, Business Associate shall enter into a written agreement with any agent or subcontractor that creates, receives, maintains or transmits PHI on behalf of Business Associate for services provided to Covered Entity, providing that the agent agrees to restrictions and conditions that are no less protective of privacy and security than those that apply through this BAA to Business Associate with respect to such PHI.
e. Access to PHI. To the extent Business Associate has PHI contained in a Designated Record Set, it agrees to make such information available to Covered Entity pursuant to 45 C.F.R. § 164.524 within ten (10) business days of Business Associate’s receipt of a written request from Covered Entity; provided, however, that Business Associate is not required to provide such access where the PHI contained in a Designated Record Set is duplicative of the PHI contained in a Designated Record Set possessed by Covered Entity. If an Individual makes a request for access pursuant to 45 C.F.R. § 164.524 directly to Business Associate, or inquires about his or her right to access, Business Associate shall direct the Individual to Covered Entity.
f. Amendment of PHI. To the extent Business Associate has PHI contained in a Designated Record Set, it agrees to make such information available to Covered Entity for amendment pursuant to 45 C.F.R. § 164.526 within twenty (20) business days of Business Associate’s receipt of a written request from Covered Entity. If an Individual submits a written request for amendment pursuant to 45 C.F.R. § 164.526 directly to Business Associate, or inquiries about his or her right to amendment, Business Associate shall direct the Individual to Covered Entity.
g. Documentation of Disclosures. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. Business Associate shall document, at a minimum, the following information (“Disclosure Information”): (i) the date of the disclosure, (ii) the name and, if known, the address of the recipient of the PHI, (iii) a brief description of the PHI disclosed, and (iv) the purpose of the disclosure that includes an explanation of the basis for such disclosure.
h. Accounting of Disclosures. Business Associate agrees to provide to Covered Entity, within twenty (20) business days of Business Associate’s receipt of a written request from Covered Entity, information collected in accordance with Section 3(g) of this BAA, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. If an Individual makes a request for an accounting of disclosures of PHI pursuant to 45 C.F.R. § 164.528 directly to Business Associate, or inquiries about his or her right to an accounting of disclosures of PHI, Business Associate shall direct the Individual to Covered Entity.
i. Governmental Access to Records. Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
j. Mitigation. To the extent practicable, Business Associate will reasonably cooperate with Covered Entity’s efforts to mitigate a harmful effect that is known to Business Associate of a use or disclosure of PHI that is not permitted by this BAA.
k. Minimum Necessary. Business Associate shall request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure, in accordance with 45 C.F.R. § 164.514(d), and any amendments thereto.
4. Obligations of Covered Entity.
a. Notice of Privacy Practices. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 C.F.R. § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.
b. Notification of Changes Regarding Individual Permission. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity shall obtain any consent or authorization that may be required by the HIPAA Privacy Rule, or applicable state law, prior to furnishing Business Associate with PHI.
c. Notification of Restrictions to the Use or Disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.
d. Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Regulations if done by Covered Entity, except as permitted pursuant to the provisions of Section 2 of this BAA.
5. Term and Termination.
a. Term. The term of this BAA shall commence as of the BAA Effective Date, and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with Section 5(c).
b. Termination for Cause. Upon either Party’s knowledge of a material breach by the other Party of this BAA, such Party shall provide written notice to the breaching Party stating the nature of the breach and providing an opportunity to cure the breach within thirty (30) business days. Upon the expiration of such 30-day cure period, the non-breaching Party may terminate this BAA and, at its election, the Underlying Agreement, if cure is not possible.
c. Effect of Termination.
i. Except as provided in paragraph (ii) of this Section 5(c), upon termination of the Underlying Agreement or this BAA for any reason, Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, and shall retain no copies of the PHI.
ii. If it is infeasible for Business Associate to return or destroy the PHI upon termination of the Underlying Agreement or this BAA, Business Associate shall: (i) extend the protections of this BAA to such PHI; and (ii) limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.
6. Cooperation in Investigations.
The Parties acknowledge that certain breaches or violations of this BAA may result in litigation or investigations pursued by federal or state governmental authorities of the United States resulting in civil liability or criminal penalties. Each Party shall cooperate in good faith in all respects with the other Party in connection with any request by a federal or state governmental authority for additional information and documents or any governmental investigation, complaint, action or other inquiry.
The respective rights and obligations of Business Associate under Section 5(c) of this BAA shall survive the termination of the BAA and the Underlying Agreement.
8. Effect of BAA.
In the event of any inconsistency between the provisions of this BAA and the Underlying Agreement, the provisions of this BAA shall control. In the event of inconsistency between the provisions of this BAA and mandatory provisions of the HIPAA Regulations, or their interpretation by any court or regulatory agency with authority over Business Associate or Covered Entity, such interpretation shall control; provided, however, that if any relevant provision of the HIPAA Regulations is amended in a manner that changes the obligations of Business Associate or Covered Entity that are embodied in terms of this BAA, then the Parties agree to negotiate in good faith appropriate non-financial terms or amendments to this BAA to give effect to such revised obligations. Where provisions of this BAA are different from those mandated in the HIPAA Regulations, but are nonetheless permitted by such rules as interpreted by courts or agencies, the provisions of this BAA shall control.
This BAA is governed by, and shall be construed in accordance with, the laws of the State that govern the Underlying Agreement. If any part of a provision of this BAA is found illegal or unenforceable, it shall be enforced to the maximum extent permissible, and the legality and enforceability of the remainder of that provision and all other provisions of this BAA shall not be affected. All notices relating to the Parties’ legal rights and remedies under this BAA shall be provided in writing to a Party, shall be sent to its address set forth in the signature block below, or to such other address as may be designated by that Party by notice to the sending Party, and shall reference this BAA. This BAA may be modified, or any rights under it waived, only by a written document executed by the authorized representatives of both Parties. Nothing in this BAA shall confer any right, remedy or obligation upon anyone other than Covered Entity and Business Associate. This BAA is the complete and exclusive agreement between the Parties with respect to the subject matter hereof, superseding and replacing all prior agreements, communications and understandings (written and oral) regarding its subject matter.
10. Independent Contractor.
Business Associate will be considered, for all purposes, an independent contractor, and Business Associate will not, directly or indirectly, act as agent, servant or employee of Covered Entity or make any commitments or incur any liabilities on behalf of Covered Entity without its express written consent. Nothing in this BAA shall be deemed to create an employment, principal-agent, or partner relationship between the parties. Business Associate shall retain sole and absolute discretion in the manner and means of carrying out its activities and responsibilities under this BAA.
We will use and retain the collected personal information as needed to provide the Services or for:
- Category A - As long as the user has an account with us
- Category B - As long as the user has an account with us
- Category F - As long as the user has an account with us
- Category I - As long as the user has an account with us
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
How do we use and share your personal information?More information about our data collection and sharing practices can be found in this privacy notice.
You may contact us by email at email@example.com, or by referring to the contact details at the bottom of this document.
If you are using an authorized agent to exercise your right to opt out, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA.
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.
Hona has not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. Hona will not sell or share personal information in the future belonging to website visitors, users, and other consumers.
Your rights with respect to your personal data
Right to request deletion of the data — Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.
Right to be informed — Request to know
Depending on the circumstances, you have a right to know:whether we collect and use your personal information;the categories of personal information that we collect;the purposes for which the collected personal information is used;
- whether we sell or share personal information to third parties;
- the categories of personal information that we sold, shared, or disclosed for a business purpose;
- the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
- the business or commercial purpose for collecting, selling, or sharing personal information; and
- the specific pieces of personal information we collected about you.
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you if you exercise your privacy rights.
Right to Limit Use and Disclosure of Sensitive Personal Information
We do not process consumer's sensitive personal information.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
Other privacy rights
- You may object to the processing of your personal information.
- You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.
- You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
- You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.
To exercise these rights, you can contact us by email at firstname.lastname@example.org, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.
12. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.
Virginia CDPA Privacy Notice
Under the Virginia Consumer Data Protection Act (CDPA):
"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de- identified data or publicly available information.
"Sale of personal data" means the exchange of personal data for monetary consideration.
If this definition "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.
The information we collect, use, and disclose about you will vary depending on how you interact with Hona and our Services. To find out more, please visit the following sections:
- Personal data we collect
- How we use your personal data
- When and with whom we share your personal data
Your rights with respect to your personal data
- Right to be informed whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")
Hona has not sold any personal data to third parties for business or commercial purposes. Hona will not sell personal data in the future belonging to website visitors, users, and other consumers.
Exercise your rights provided under the Virginia CDPA
More information about our data collection and sharing practices can be found in this privacy notice.
You may contact us by email at email@example.com, by visiting https://www.hona.ai, or by referring to the contact details at the bottom of this document.
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.
Right to appeal
If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at firstname.lastname@example.org. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.
13. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO), Adam Steinle, by email at email@example.com, by phone at (847) 751-0045, or contact us by post at:
Hona AI Inc.
447 Sutter Street
Suite 405 PMB 449
San Francisco, CA 94108
15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please visit: https://www.console.hona.ai