|
Page 4 of 14
<br />v. 202207
<br />(1) policies and procedures to address: network security,
<br />virus protection, protection of information in transit,
<br />change controls, segregation of duties, separation of
<br />production and development environments, technical
<br />architecture management, audit logs, network segregation,
<br />and vulnerability assessments; (2) testing and auditing of
<br />all controls; and (3) appropriate corrective action and
<br />incident response plans. If a party determines that
<br />unauthorized access, acquisition, disclosure or use of Data
<br />has occurred that compromises the security or
<br />confidentiality of such Data (each a “Security Incident”),
<br />then such party shall promptly give the other party Notice.
<br />Such Notice shall identify the Data impacted, and the steps
<br />taken to resolve the Security Incident. Additionally, the
<br />parties agree to reasonably cooperate with such other
<br />party's investigation of Security Incident.
<br />If such event triggers any third-party notice requirements,
<br />the party undergoing the Security Incident shall be solely
<br />responsible for the timing, content, cost and method of any
<br />such notice and compliance with all applicable Data
<br />Protection Legislation. For purposes of this Section,
<br />“Data” means (i) Customer Data (with respect to data held
<br />by Carrot) and (ii) the data contained in Reimbursement
<br />Reports (with respect to data held by Customer).
<br />5.2. CCPA. Carrot represents (and Customer agrees)
<br />that Carrot shall act as Customer’s “Service Provider” as
<br />such term is defined in the California Consumer Privacy
<br />Act, Cal. Civ. Code §§1798.100 et seq. and implementing
<br />regulations (the “CCPA”) with regard to any “personal
<br />information” as such term is defined in the CCPA that is
<br />included in the Customer Data (the “CCPA Personal
<br />Information”). Carrot shall collect, access, maintain, use,
<br />process and transfer any CCPA Personal Information solely
<br />for the purpose of providing the Services or otherwise
<br />performing Carrot’s obligations under this Agreement for
<br />or on behalf of Customer and for no commercial purpose
<br />other than the performance of such obligations, and shall
<br />delete and permanently destroy such CCPA Personal
<br />Information upon a written request by Customer in
<br />accordance with Section 9.3 of this Agreement.
<br />6. PAYMENTS AND TAXES
<br />6.1. Fees. Customer agrees to pay, and shall pay, the
<br />fees as set forth on the Order Form (the “Fees”). The Fees
<br />will be invoiced as set forth on the Order Form. Customer
<br />shall pay each Fee invoice issued by Carrot hereunder via
<br />the payment method identified on the Order Form and
<br />within the number of days identified on the Order Form.
<br />Carrot may increase Fees by up to 3% of the then-
<br />applicable Fees, no more than once annually, effective as of
<br />the first Renewal Term. All payments shall be made in
<br />U.S. dollars in immediately available funds, and are non-
<br />refundable. Any Fees not paid when due shall bear interest
<br />at the rate of one and one-half percent (1.5%) per month or
<br />the maximum rate allowed by law, whichever is less. In
<br />addition to the foregoing, Carrot reserves the right to
<br />suspend Customer’s Members access to the Carrot Platform
<br />and Member Services if (a) Customer is delinquent in its
<br />payment of Fees due and payable under this Agreement for
<br />sixty (60) days or more; and/or (b) Customer is in breach of
<br />Section 4.2. Following such suspension, Carrot shall
<br />reinstate such access following Carrot’s receipt of
<br />Customer’s outstanding amounts owed in addition to a
<br />reinstatement fee in the amount of $500.
<br />6.2. Taxes. The Fees are exclusive of, and Customer
<br />shall pay, any sales, use, employment and other taxes and
<br />similar charges based on or arising from this Agreement
<br />(other than taxes based on Carrot’s net income). If Carrot
<br />is required by law to pay any such taxes or similar charges
<br />to any governmental authority, Carrot will itemize such
<br />taxes in an invoice to Customer and Customer will
<br />reimburse Carrot therefor.
<br />7. WARRANTIES; DISCLAIMERS
<br />7.1. General. Each party represents and warrants that:
<br />(a) such party is a corporation or limited liability company
<br />(as applicable) duly organized, validly existing, and in good
<br />standing under the laws of the state of its incorporation or
<br />formation, and has the full power and authority to enter into
<br />and perform its obligations under this Agreement; (b) the
<br />execution of this Agreement by such party, and the
<br />performance by such party of its obligations and duties
<br />hereunder do not and will not violate any other agreement
<br />to which such party is a party or by which it is otherwise
<br />bound; (c) when executed and delivered by such party, this
<br />Agreement will constitute the legal, valid, and binding
<br />obligation of such party, enforceable against such party in
<br />accordance with its terms; and (d) such party acknowledges
<br />that the other party makes no representations, warranties, or
<br />agreements related to the subject matter of this Agreement
<br />that are not expressly provided for in this Agreement.
<br />Carrot further represents and warrants that it shall provide
<br />the Services using personnel of required skill, experience
<br />and qualifications and shall perform the Services in a good
<br />and workmanlike manner . Customer further represents
<br />and warrants that the legal name listed on each Order Form
<br />will (and is, under applicable law, able to) be the “plan
<br />sponsor” (as such term is defined in 29 USC § 1002(16))
<br />for all entities covered by such Order Form in its receipt of
<br />the Services. For clarity, the entity(ies) “covered by” an
<br />Order Form are the entity(ies) that employ all US Eligible
<br />Employees counted in an Order Form.
<br />7.2. Business Associate Terms. Customer and Carrot
<br />agree to comply with the HIPAA Business Associate
<br />Terms attached as Exhibit E if compliance with the Health
<br />Insurance Portability and Accountability Act (“HIPAA”) is
<br />applicable.
<br />7.3. Disclaimers. EXCEPT AS PROVIDED IN THIS
<br />SECTION 7, AND TO THE MAXIMUM EXTENT
<br />PERMITTED BY APPLICABLE LAW, THE SERVICES
<br />AND ALL RELATED INFORMATION, TECHNOLOGY,
<br />AND SERVICES PROVIDED BY OR ON BEHALF OF
<br />CARROT ARE PROVIDED “AS IS”, “AS
<br />AVAILABLE”, AND WITHOUT ANY
<br />REPRESENTATIONS OR WARRANTIES OF ANY
<br />KIND, EXPRESS, IMPLIED, OR STATUTORY, AND
<br />CARROT HEREBY EXPRESSLY DISCLAIMS ANY
<br />AND ALL SUCH WARRANTIES, INCLUDING BUT
<br />NOT LIMITED TO ANY WARRANTY OF
<br />MERCHANTABILITY, NONINFRINGEMENT,
<br />DocuSign Envelope ID: D630F73D-D64F-4694-A24A-FC8220069016
|