Terms of Service

Smart Omix by Sharecare lowers the barriers to real-world data collection and evidence generation for researchers, and empowers participants to contribute to clinical research with their smartphones. Using the Smart Omix app, approved participants can join research studies from the comfort of their homes. Sharecare is the leading digital health company that helps people – no matter where they are in their health journey – unify and manage their health.

These Terms of Service (“Terms”) are a legal contract between You and Sharecare Operating Company, Inc. and its affiliates (“Us” or “We”) and govern Your use of all the text, data, information, software, graphics, photographs and more (all of which We refer to as “Materials”) that We and Our affiliates may make available to You, as well as any services (“Services”) We may provide through any of Our Smart Omix mobile application and any related websites (all of which are referred to in these Terms as the “App”).

READ THESE TERMS CAREFULLY BEFORE USING THE APP. USING THE APP INDICATES THAT YOU HAVE BOTH READ AND ACCEPT THESE TERMS. YOU CANNOT USE THE APP IF YOU DO NOT ACCEPT THESE TERMS.

NOTE: THESE TERMS CONTAIN A DISPUTE RESOLUTION AND ARBITRATION PROVISION, INCLUDING CLASS ACTION WAIVER THAT AFFECTS YOUR RIGHTS UNDER THESE TERMS AND WITH RESPECT TO DISPUTES YOU MAY HAVE WITH THE COMPANY. YOU MAY OPT OUT OF THE BINDING INDIVIDUAL ARBITRATION AND CLASS ACTION WAIVER AS PROVIDED BELOW.

CHANGES

We may alter the Materials and Services We offer You and/or choose to modify, suspend or discontinue the App at any time and without notifying You. We may also change, update, add or remove provisions (collectively, “modifications”) of these Terms from time to time. Because everyone benefits from clarity, We promise to inform You of any modifications to these Terms by posting them on the App and, if You have registered with Us, by describing the modifications to these Terms in an email that We will send to the address that You provided during registration. To be sure We properly reach Your email inbox, We just ask that You let Us know if Your preferred email address changes at any time after Your registration.

If You object to any such modifications, Your sole recourse shall be to cease using the App. Continued use of the App following notice of any such modifications indicates You acknowledge and agree to be bound by the modifications. Also, please know that these Terms may be superseded by expressly-designated legal notices or terms located on particular pages of the App. These expressly-designated legal notices or terms are incorporated into these Terms and supersede the provision(s) of these Terms that are designated as being superseded.

 

GENERAL USE

 

By using the App, You promise that You are at least 13 years of age. If You are not yet 18 years old, You must have the permission of an adult to use the App and agree to its Terms, and that adult must be a parent or legal guardian who is willing to be responsible for Your use of the App. 

We invite You to use the App for individual, consumer purposes ("Permitted Purposes").

In these Terms we are granting You a limited, personal, non-exclusive and non-transferable license to use and to display the Materials; Your right to use the Materials is conditioned on Your compliance with these Terms. You have no other rights in the App or any Materials and You may not modify, edit, copy, reproduce, create derivative works of, reverse engineer, alter, enhance or in any way exploit any of the Materials or the App in any manner. If You make copies of any of the Materials in the App while engaging in Permitted Purposes then We ask that You be sure to keep on the copies all of Our copyright and other proprietary notices as they appear on the App. 

Unfortunately, if You breach any of these Terms the above license will terminate automatically and You must immediately destroy any downloaded or printed Materials (and any copies thereof).

Over the course of your use of the App, You may be given an opportunity, through the App to participate in digital health research studies (“Research Studies”) or A.I. trainings offered via our Services. In such instances, you may be able to earn rewards in the form of Amazon gift cards, contingent upon any of the metrics of such Research Studies and any other terms that may be provided in conjunction with such Research Studies. 

 

RESEARCH STUDIES

If using the App to participate in a Research Study, please be aware that you will be engaging with a third-party researcher (“Researcher(s)”) who has designed and distributed the Research Study. Researchers have near-total control over the content of the studies they launch through the App, with the App existing as a platform through which they build and conduct the study. While we will provide technical support services with respect to the App, we cannot provide support services relating to the substance of a Research Study. Without limiting any disclaimer or liability limitation contained in these Terms, we specifically disclaim, and to the maximum extent allowed by law You hereby release us from, any liability associated with the content of the Research Study or the Researcher’s use of the study data.

 

DEVICE TERMS

To use the App You must have a compatible mobile device. We do not represent or warrant that the App will be compatible with Your mobile device. We hereby grant to You a non-exclusive, non-transferable, revocable license to use an object code copy of the App for one registered account on one mobile device owned or leased solely by You, for Your personal use. You may not: (i) modify, disassemble, decompile or reverse engineer the App, except to the extent that such restriction is expressly prohibited by law; (ii) rent, lease, loan, resell, sublicense, distribute or otherwise transfer the App to any third-party or use the App to provide time sharing or similar services for any third-party; (iii) make any copies of the App; (iv) remove, circumvent, disable, damage or otherwise interfere with security-related features of the App, features that prevent or restrict use or copying of any content accessible through the App, or features that enforce limitations on use of the App; or (v) delete the copyright and other proprietary rights notices on the App. You acknowledge that We may from time to time issue upgraded versions of the App, and may automatically electronically upgrade the version of the App that You are using on Your mobile device. You consent to such automatic upgrading on Your mobile device, and agree that these Terms will apply to all such upgrades. The foregoing license grant is not a sale of the App or any copy thereof, and We and Our third-party licensors or suppliers retain all right, title, and interest in and to the App (and any copy of the App). Standard carrier data charges may apply to Your use of the App.

 

iOS TERMS

The following additional terms and conditions apply with respect to any App that We provide to You designed for use on an Apple iOS-powered mobile device (an “iOS App”):

• You acknowledge that these Terms are between You and Us only, and not with Apple, Inc. (“Apple”).
• Your use of Our iOS App must comply with Apple’s then-current App Store Terms of Service.
• We, and not Apple, are solely responsible for Our iOS App and the Services and Content available thereon. You acknowledge that Apple has no obligation to provide maintenance and support services with respect to Our iOS App. To the maximum extent permitted by applicable law, Apple will have no warranty obligation whatsoever with respect to Our iOS App.
• You agree that We, and not Apple, are responsible for addressing any claims by You or any third-party relating to Our iOS App or Your possession and/or use of Our iOS App, including, but not limited to: (i) product liability claims; (ii) any claim that the iOS App fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation, and all such claims are governed solely by these Terms and any law applicable to Us as provider of the iOS App.
• You agree that We, and not Apple, shall be responsible, to the extent required by these Terms, for the investigation, defense, settlement and discharge of any third-party intellectual property infringement claim related to Our iOS App or Your possession and use of Our iOS App.
• You represent and warrant that (i) You are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country; and (ii) You are not listed on any U.S. Government list of prohibited or restricted parties.
• You agree to comply with all applicable third-party terms of agreement when using Our iOS App (e.g., You must not be in violation of Your wireless data service terms of agreement when using the iOS App).
• The parties agree that Apple and Apple’s subsidiaries are third-party beneficiaries to these Terms as they relate to Your license of Our iOS App. Upon Your acceptance of these Terms, Apple will have the right (and will be deemed to have accepted the right) to enforce these Terms against You as they relate to Your license of the iOS App as a third-party beneficiary thereof.

 

ANDROID TERMS

The following additional terms and conditions apply with respect to any App that We provide to You designed for use on an Android-powered mobile device (an “Android App”):

• You acknowledge that these Terms are between You and Us only, and not with Google, Inc. (“Google”).
• Your use of Our Android App must comply with Google’s then-current Android Market Terms of Service.
• Google is only a provider of the Android Market where You obtained the Android App.  We, and not Google, are solely responsible for Our Android App and the Services and Content available thereon.  Google has no obligation or liability to You with respect to Our Android App or these Terms.
• You acknowledge and agree that Google is a third-party beneficiary to the Terms as they relate to Our Android App.

 

GEO-LOCATION TERMS

The Services include and make use of certain functionality and services provided by third-parties that allow Us to include maps, geocoding, places and other Content from Apple as part of the Services (the “Geo-Location Services”). Your use of the Geo-Location Services is subject to Apple’s then current terms relating to Apple’s Location Services and by using the Geo-Location Services, you are agreeing to be bound by such terms. The use of Geo-Location Services in the App is optional. 

 

USING THIS APP AND THE APP’S SERVICES

We appreciate You visiting our website and allow You to do just that – stop by and check it out without registering with Us.

However, in order to access certain areas of the App and to use certain Services and Materials offered on and through the App, You must successfully register an account with Us.

 

PASSWORD RESTRICTED AREAS OF THE APP

If You want an account with Us, You will be required to submit the requested information through the account registration page on the App which may include the following: 

• A working email address;
• First and last name;
  ‍

Additional information may be required, but We will prompt You for such information in the account creation process for the App.

You may also provide additional, optional information so that We can provide You a more customized experience when using the App – but, We will leave that decision with You. Once You submit the required registration information, We alone will determine whether or not to approve Your proposed account. If approved, You will be sent an email detailing how to complete Your registration. For so long as You use the account, You agree to provide true, accurate, current, and complete information which can be accomplished by logging into Your account and making relevant changes directly or contacting Us using the below contact information and We can make the changes for You. If You forget Your password We will happily send a password reset link to Your provided email address.

You are responsible for complying with these Terms when You access the App, whether directly or through any account that You may setup through or on the App. Because it is Your account, it is Your job to obtain and maintain all equipment and services needed for access to and use of the App as well as paying related charges. It is also Your responsibility to maintain the confidentiality of Your password(s), including any password of a third-party site that We may allow You to use to access the App. Should You believe Your password or security App has been breached in any way, You must immediately notify Us.

 

PRIVACY POLICY

We respect the information that You provide to Us, and want to be sure You fully understand exactly how We use that information. Please visit our Privacy Policy to learn more.

 

LINKS TO THIRD-PARTY SITES

 

We think links are convenient, and We sometimes provide links to third-party websites. If You use these links, You will leave the App. We are not obligated to review any third-party websites that You link to from the App, We do not control any of the third-party websites, and We are not responsible for any of the third-party websites (or the products, services, or content available through any of them). Thus, We do not endorse or make any representations about such third-party websites, any information, software, products, services, or materials found there or any results that may be obtained from using them. If You decide to access any of the third-party websites linked to from the App, You do this entirely at Your own risk and You must follow the privacy policies and terms and conditions for those third-party websites.

 

UNAUTHORIZED ACTIVITIES

To be clear, We authorize Your use of the App only for Permitted Purposes. Any other use of this App beyond the Permitted Purposes is prohibited and, therefore, constitutes unauthorized use of the App. This is because as between You and Us, all rights in the App remain Our property.

Unauthorized use of the App may result in violation of various United States and international copyright laws. Because We prefer keeping this relationship drama-free, We want to give You examples of things to avoid. So, unless You have written permission from Us stating otherwise, You are not authorized to use the App in any of the following ways (these are examples only and the list below is not a complete list of everything that You are not permitted to do):

• For any public or commercial purpose which includes use of the App on another site or through a networked computer environment;
• In a manner that modifies, publicly displays, publicly performs, reproduces or distributes any of the App;
• In a manner that violates any local, state, national, foreign, or international statute, regulation, rule, order, treaty, or other law;
• To stalk, harass, or harm another individual;
• To impersonate any person or entity or otherwise misrepresent Your affiliation with a person or entity;
• To interfere with or disrupt the App or servers or networks connected to the App;
• To use any data mining, robots, or similar data gathering or extraction methods in connection with the App; or
• Attempt to gain unauthorized access to any portion of the App or any other accounts, computer systems, or networks connected to the App, whether through hacking, password mining, or any other means.
  ‍

You agree to hire attorneys to defend Us if You violate these Terms and that violation results in a problem for Us. You also agree to pay any damages that We may end up having to pay as a result of Your violation. You alone are responsible for any violation of these Terms by You. We reserve the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by You and, in such case, You agree to cooperate with Our defense of such claim.

 

PROPRIETARY RIGHTS

Unless otherwise specified in these Terms or the Privacy Policy, all Materials, including the arrangement of them on the App are Our sole property. All rights not expressly granted herein are reserved. Except as otherwise required or limited by applicable law, any reproduction, distribution, modification, retransmission, or publication of any copyrighted material is strictly prohibited without the express written consent of the copyright owner or license. 

 

DISCLAIMER OF WARRANTIES

THE APP IS PROVIDED "AS IS" AND "WITH ALL FAULTS" AND THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE APP IS WITH YOU.

WE EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND (EXPRESS, IMPLIED OR STATUTORY) WITH RESPECT TO THE APP, WHICH INCLUDES BUT IS NOT LIMITED TO, ANY IMPLIED OR STATUTORY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, TITLE, AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. 

THIS MEANS THAT WE DO NOT PROMISE YOU THAT THE APP IS FREE OF PROBLEMS. Without limiting the generality of the foregoing, We make no warranty that the App will meet Your requirements or that the App will be uninterrupted, timely, secure, or error free or that defects in the App will be corrected. We make no warranty as to the results that may be obtained from the use of the App or as to the accuracy or reliability of any information obtained through the App. No advice or information, whether oral or written, obtained by You through the App or from Us or Our subsidiaries/other affiliated companies shall create any warranty. We disclaim all equitable indemnities.

 

LIMITATION OF LIABILITY

WE SHALL NOT BE LIABLE TO YOU FOR ANY DAMAGES RESULTING FROM YOUR DISPLAYING, COPYING, OR DOWNLOADING ANY MATERIALS TO OR FROM THE APP. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WE BE LIABLE TO YOU FOR ANY INDIRECT, EXTRAORDINARY, EXEMPLARY, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) HOWEVER ARISING, EVEN IF WE KNOW THERE IS A POSSIBILITY OF SUCH DAMAGE. IN NO EVENT WILL COMPANY’S LIABILITY EXCEED THE GREATER OF $100 AND THE AMOUNTS YOU PAY THE COMPANY FOR USE OF, OR IN CONNECTION WITH, THE APP. 

‍

LOCAL LAWS; EXPORT CONTROL

We control and operate the App from Our headquarters in the United States of America and the entirety of the App may not be appropriate or available for use in other locations. If You use the App outside the United States of America, You are solely responsible for following applicable local laws.

 

FEEDBACK

Any submissions by You to Us (e.g., comments, questions, suggestions, materials – collectively, “Feedback”) through any communication whatsoever (e.g., call, fax, email) will be treated as both non-confidential and non-proprietary. Except as prohibited by applicable law, you hereby assign all right, title, and interest in, and We are free to use, without any attribution or compensation to You, any ideas, know-how, concepts, techniques, or other intellectual property and proprietary rights contained in the Feedback, whether or not patentable, for any purpose whatsoever, including but not limited to, developing, manufacturing, having manufactured, licensing, marketing, and selling, directly or indirectly, products and services using such Feedback. Where the foregoing assignment is prohibited by law, you hereby grant Us an exclusive, transferable, worldwide, royalty-free, fully paid up license (including the right to sublicense) to use and exploit all Feedback as We may determine in our sole discretion. Notwithstanding the foregoing, you understand and agree that We are not obligated to use, display, reproduce, or distribute any such ideas, know-how, concepts, or techniques contained in the Feedback, and You have no right to compel such use, display, reproduction, or distribution.

 

DISPUTE RESOLUTION AND ARBITRATION; CLASS ACTION WAIVER

 

Please Read This Provision Carefully. It Affects Your Legal Rights.

This Provision facilitates the prompt and efficient resolution of any dispute (e.g., claim or controversy, whether based in contract, statute, regulation, ordinance, tort – including, but not limited to, fraud, misrepresentation, fraudulent inducement, or negligence – or any other legal or equitable theory, and includes the validity, enforceability or scope of this Provision (with the exception of the enforceability of the Class Action Waiver clause below) that may arise between You and Us. Effectively, then, “dispute” is given the broadest meaning enforceable by law and includes any claims against other parties relating to services or products provided or billed to You (such as Our licensors, suppliers, dealers or third-party vendors) whenever You also assert claims against Us in the same proceeding.

This Provision provides that all disputes between You and Us shall be resolved by binding arbitration because acceptance of These Terms constitutes a waiver of Your right to litigation claims and all opportunity to be heard by a judge or jury. We prefer this because We believe arbitration is less drama-filled than litigation. To be clear, there is no judge or jury in arbitration, and court review of an arbitration award is limited. The arbitrator must follow these Terms and can award the same damages and relief as a court (including attorney’s fees). You may, however, opt-out of this Provision which means You would have a right or opportunity to bring claims in a court, before a judge or jury, and/or to participate in or be represented in a case filed in court by others (including, but not limited to, class actions). YOU AND WE AGREE THAT, EXCEPT AS PROVIDED BELOW, ANY AND ALL DISPUTES, AS DEFINED ABOVE, WHETHER PRESENTLY IN EXISTENCE OR BASED ON ACTS OR OMISSIONS IN THE PAST OR IN THE FUTURE, WILL BE RESOLVED EXCLUSIVELY AND FINALLY BY BINDING ARBITRATION RATHER THAN IN COURT IN ACCORDANCE WITH THIS PROVISION.

Pre-Arbitration Claim Resolution

For all Disputes, whether pursued in court or arbitration, You must first give Us an opportunity to resolve the Dispute which is first done by emailing Us at legal@sharecare.com the following information: (1)Your name, (2) Your address, (3) A written description of Your Claim, and (4) A description of the specific relief You seek. If We do not resolve the Dispute within 45 days after receiving Your notification, than You may pursue Your Dispute in arbitration. You may pursue Your dispute in a court only under the circumstances described below.

Exclusions from Arbitration/Right to Opt Out

Notwithstanding the above, Your or We may choose to pursue a Dispute in court and not by arbitration if: (a) The dispute qualifies for initiation in small claims court; or (b) YOU OPT-OUT OF THESE ARBITRATION PROCEDURES WITHIN 30 DAYS FROM THE DATE THAT YOU FIRST CONSENT TO THESE TERMS (the “Opt-Out Deadline”). You may opt-out of this Provision by emailing Us at legal@sharecare.com the following information: (1) Your name; (2) Your address; (3) A clear statement that You do not wish to resolve disputes with Us through arbitration. Either way, We will not take any decision You make personally. In fact, We promise that Your decision to opt-out of this Arbitration Provision will have no adverse effect on Your relationship with Us. But, We do have to enforce the Opt-Out Deadline so keep in mind that any opt-out request received after the Opt-Out Deadline will not be valid and You must pursue Your dispute in arbitration or small claims court.

Arbitration Procedures

If this Provision applies and the dispute is not resolved as provided above (Pre-Arbitration Claim Resolution) either You or We may initiate arbitration proceedings. The American Arbitration Association (“AAA”), www.adr.org, or JAMS, www.jamsadr.com, will arbitrate all disputes, and the arbitration will be conducted before a single arbitrator. The arbitration shall be commenced as an individual arbitration only, and shall in no event be commenced as a class arbitration or a consolidated or representative action or arbitration. All issues shall be for the arbitrator to decide, including the scope of this Provision.

For arbitration before AAA, for Disputes of less than $75,000, the AAA’s Supplementary Procedures for Consumer-Related Disputes will apply; for Disputes involving $75,000 or more, the AAA’s Commercial Arbitration Rules will apply. In either instance, the AAA’s Optional Rules For Emergency Measures Of Protection shall apply. The AAA rules are available at www.adr.org or by calling 1-800-778-7879. For arbitration before JAMS, the JAMS Comprehensive Arbitration Rules & Procedures and the JAMS Recommended Arbitration Discovery Protocols For Domestic, Commercial Cases will apply. The JAMS rules are available at www.jamsadr.com or by calling 1-800-352-5267. This Provision governs in the event it conflicts with the applicable arbitration rules. Under no circumstances will class action or representative procedures or rules apply to the arbitration.

Because the App and these Terms concern interstate commerce, the Federal Arbitration Act (“FAA”) governs the arbitrability of all disputes. However, the arbitrator will apply applicable substantive law consistent with the FAA and the applicable statute of limitations or condition precedent to suit.

Arbitration Award – The arbitrator may award on an individual basis any relief that would be available pursuant to applicable law, and will not have the power to award relief to, against or for the benefit of any person who is not a party to the proceeding. The arbitrator will make any award in writing but need not provide a statement of reasons unless requested by a party or if required by applicable law. Such award will be final and binding on the parties, except for any right of appeal provided by the FAA or other applicable law, and may be entered in any court having jurisdiction over the parties for purposes of enforcement.

Location of Arbitration – You or We may initiate arbitration in either Georgia or the federal judicial district that includes Your billing address.

Payment of Arbitration Fees and Costs – So long as You place a request in writing prior to commencement of the arbitration, We will pay all arbitration filing fees and AAA or JAMS hearing fees and any arbitrator's hearing fees, costs and expenses upon Your written request to the arbitrator given at or before the first evidentiary hearing in the arbitration. But, You will still be responsible for all additional fees and costs that You incur in the arbitration which include but are not limited to attorneys’ fees or expert witnesses. In addition to any fees and costs recoverable under applicable law, if You provide notice and negotiate in good faith with Us as provided in the section above titled “Pre-Arbitration Claim Resolution” and the arbitrator concludes that You are the prevailing party in the arbitration, You will be entitled to recover reasonable attorney’s fees and costs as determined by the arbitrator.

Class Action Waiver

Except as otherwise provided in this Provision, the arbitrator may not consolidate more than one person’s claims, and may not otherwise preside over any form of a class or representative proceeding or claims (such as a class action, consolidated action, representative action, or private attorney general action) unless both You and We specifically agree to do so in writing following initiation of the arbitration. If You choose to pursue Your Dispute in court by opting out of the Arbitration Provision, as specified above, this Class Action Waiver will not apply to You. Neither You, nor any other user of the App can be a class representative, class member, or otherwise participate in a class, consolidated, or representative proceeding without having complied with the opt-out requirements above.

Jury Waiver

You understand and agree that by accepting this Provision in these Terms, You and We are each waiving the right to a jury trial or a trial before a judge in a public court. In the absence of this Provision, You and We might otherwise have had a right or opportunity to bring disputes in a court, before a judge or jury, and/or to participate or be represented in a case filed in court by others (including class actions). Except as otherwise provided below, those rights are waived. Other rights that You would have if You went to court (e.g., the rights to both appeal and certain types of discovery) may be more limited or may also be waived.

Severability

If any clause within this Provision (other than the Class Action Waiver clause above) is found to be illegal or unenforceable, that clause will be severed from this Provision whose remainder will be given full force and effect. If the Class Action Waiver clause is found to be illegal or unenforceable, this entire Provision will be unenforceable and the dispute will be decided by a court.

Continuation

This Provision shall survive the termination of Your account with Us or Our affiliates and Your discontinued use of the App. Notwithstanding any provision in these Terms to the contrary, We agree that if We make any change to this Provision (other than a change to the Notice Address), You may reject any such change and require Us to adhere to the present language in this Provision if a dispute between Us arises.

 

LANGUAGE

The Parties hereto have expressly required that these Terms and all documents and notices relating thereto be drafted in the English language.

 

GENERAL

We think direct communication resolves most issues – if We feel that You are not complying with these Terms, We will tell You. We will even provide You with recommended necessary corrective action(s) because We value this relationship.

However, certain violations of these Terms, as determined by Us, may require immediate termination of Your access to the App without prior notice to You. The Federal Arbitration Act, Georgia state law and applicable U.S. federal law, without regard to the choice or conflicts of law provisions, will govern these Terms. Foreign laws do not apply. Except for disputes subject to arbitration as described above, any disputes relating to these Terms or the App will be heard in the courts located in Fulton County, Georgia. If any of these Terms are deemed inconsistent with applicable law, then such term(s) shall be interpreted to reflect the intentions of the parties, and no other terms will be modified. By choosing not to enforced any of these Terms, We are not waiving Our rights. These Terms are the entire agreement between You and Us and, therefore, supersede all prior or contemporaneous negotiations, discussions or agreements between You and Us about the App. The proprietary rights, disclaimer of warranties, representations made by You, indemnities, limitations of liability and general provisions shall survive any termination of these Terms.

 

CONTACT US
‍
If You have any questions about these Terms or otherwise need to contact Us for any reason, You can reach Us at Sharecare Operating Company, Inc., 255 E. Paces Ferry Rd. NE, Suite 700, Atlanta, Georgia, 30305, or via our Contact Page.

 

Sharecare Smart Omix Platform Agreement
THIS PLATFORM AGREEMENT (THE "AGREEMENT") IS A LEGAL AGREEMENT BETWEEN YOU ("CUSTOMER") AND SHARECARE OPERATING COMPANY, INC. ("SHARECARE"). BY CLICKING THE "I ACCEPT" BUTTON, EXECUTING AN ORDER FORM THAT INCLUDES THIS AGREEMENT BY REFERENCE OR USING THE PLATFORM, CUSTOMER ACKNOWLEDGES THAT CUSTOMER HAS REVIEWED AND ACCEPTS THIS AGREEMENT. IF YOU ARE AGREEING TO THIS AGREEMENT AS AN INDIVIDUAL, “CUSTOMER” REFERS TO YOU INDIVIDUALLY. IF YOU ARE AGREEING TO THIS AGREEMENT AS A REPRESENTATIVE OF AN ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND THAT ENTITY AND “CUSTOMER” REFERS TO THAT ENTITY AND ALL THE USERS SPECIFIED IN THE ORDER FORM. IF CUSTOMER DOES NOT AGREE WITH ALL OF THE TERMS OF THIS AGREEMENT, DO NOT ACCESS OR OTHERWISE USE THE PLATFORM REFERENCED IN THE ORDER FORM. SHARECARE MAY MAKE CHANGES TO THE PLATFORM AT ANY TIME. IN ADDITION, SHARECARE MAY MAKE CHANGES TO THIS AGREEMENT AT ANY TIME, AND WILL POST NOTICE OF THE CHANGES AND THE UPDATED AGREEMENT OR SEND AN E-MAIL NOTIFICATION TO THE E-MAIL ADDRESS OF RECORD FOR CUSTOMER. CUSTOMER’S CONTINUED USE OF THE PLATFORM AFTER SUCH CHANGES HAVE BEEN POSTED WILL SIGNIFY CUSTOMER’S ASSENT TO AND ACCEPTANCE OF THE REVISED AGREEMENT.

1. DEFINITIONS.

1.1 “Activation Date” means the date, set forth in the applicable Order Form, on which the Platform is scheduled to be made available to Customer.
1.2 “Ancillary Services” means implementation, training or consulting services that Sharecare may perform as described in a SOW executed by the parties.
1.3 “Authorized Purposes” means Customer’s internal business purposes if the Subscription Term is not for an Evaluation License or a Beta License. If the Subscription Term is for an Evaluation License or a Beta License, then “Authorized Purposes” means Customer’s internal testing and evaluation use only and not for any production use.
1.4 “Beta License” means a non-production license granted to Customer with respect to a pre-release version of the Platform for the limited period specified in the Order Form.
1.5 “Customer Data” means all data submitted, stored, posted, displayed, or otherwise transmitted by or on behalf of Customer or any User and received and analyzed by the Platform, including but not limited to the content and results of any Study.
1.6 “Customer System” means Customer’s internal website(s), servers and other equipment and software used in the conduct of Customer’s business.
1.7 “Documentation” means the printed, paper, electronic or online user instructions and help files made available by Sharecare for use with the Platform, as may be updated from time to time by Sharecare.
1.8 “Evaluation License” means a non-production license granted to Customer with respect to the Software for the limited period of time specified in the Order Form.
1.9 “Intellectual Property Rights” means all intellectual property rights or similar proprietary rights, including (a) patent rights and utility models, (b) copyrights and database rights, (c) trademarks, trade names, domain names and trade dress and the goodwill associated therewith, (d) trade secrets, (e) mask works, and (f) industrial design rights; in each case, including any registrations of, applications to register, and renewals and extensions of, any of the foregoing in any jurisdiction in the world.
1.10 “Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.
1.11 “Open Source Software” means all software that is available under the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), Mozilla Public License (MPL), Apache License, BSD licenses, or any other license that approved by the Open Source Initiative (www.opensource.org).
1.12 “Order Form” means the ordering documents for Services purchased from Sharecare that are executed hereunder by the parties from time to time, including modifications, supplements and addend thereto. Order Forms are incorporated herein.
1.13 “Participant” means any person participating in a Study created and launched by Customer.
1.14 “Participant Data” means all data submitted, stored, posted, displayed, or otherwise transmitted by or on behalf of any Participant in connection with any Study and received and analyzed by the Platform.
1.15 “Platform” means the hosted services provided by Sharecare to Customer pursuant to this Agreement, and for all purposes of this Agreement, such services exclude any Open Source Software that may be used to provide the Platform and all Third Party Offerings.
1.16 “Services” means the Platform, Support Services, and any Ancillary Services.
1.17 “Statement of Work” or “SOW” means a written statement of work entered into and signed by the parties describing Ancillary Services to be provided by Sharecare to Customer.
1.18 “Study” means the research conducted by Customer using the Platform.
1.19 “Subscription Term” means the subscription period for Customer’s use of the Platform set forth in an Order Form. Unless otherwise specified in the applicable Order Form, the Subscription Term for an Evaluation License and a Beta License is limited to 60 days from the Activation Date.
1.20 “Support Services” means the support and maintenance services offered by Sharecare and purchased by Customer separately pursuant to an Order Form.

1.21 “Third Party Offerings” means certain software or services delivered or performed by third parties that are required for the operation of the Platform, or other online, web-based CRM, ERP, or other business application subscription services, and any associated offline products provided by third parties, that interoperate with the Platform.
1.22 “Users” means Customer’s employees, consultants, contractors, agents and third parties with whom Customer may transact business and (a) for whom access to the Platform during the Subscription Term have been purchased pursuant to an Order Form, (b) who are authorized by Customer to access and use the Platform, and (c) where applicable, who have been supplied user identifications and passwords for such purpose by Customer (or by Sharecare at Customer’s request).

2. ORDERS; LICENSES; RESTRICTIONS; RESERVATION OF RIGHTS.

2.1 Orders. Subject to the terms and conditions contained in this Agreement, Customer may purchase or otherwise acquire subscriptions for Users to access and use the Platform pursuant to Order Forms. Unless otherwise specified in the applicable Order Form, User subscriptions are for designated Users only and cannot be shared or used by more than one User, but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Platform. Customer agrees that its purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Sharecare regarding any future functionality or features. If there is any inconsistency between an Order Form and this Agreement, this Agreement controls.
2.2 Access and Use License. Subject to Customer’s compliance with the terms and conditions contained in this Agreement, Sharecare hereby grants to Customer, during the relevant Subscription Term, a limited, non-exclusive, non-transferable right for its Users to access and use the Platform in accordance with the Documentation in each case solely for Customer’s Authorized Purposes and not for the benefit of any other person or entity. Customer’s use of the Platform may be subject to certain limitations, such as, for example, limits on storage capacity for Customer Data. Any such limitations will be specified either in the Order Form or in the Documentation.
2.3 Restrictions. Customer shall not, directly or indirectly, and Customer shall not permit any User or third party to: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the object code, source code or underlying ideas or algorithms of the Platform; (b) modify, translate, or create derivative works based on any element of the Platform or any related Documentation; (c) rent, lease, distribute, sell, resell, assign, or otherwise transfer its rights to use the Platform; (d) use the Platform for timesharing purposes or otherwise for the benefit of any person or entity other than for the benefit of Customer and Users; (e) remove any proprietary notices from the Documentation; (f) publish or disclose to third parties any evaluation of the Platform without Sharecare's prior written consent; (g) use the Platform for any purpose other than its intended purpose; (h) interfere with or disrupt the integrity or performance of the Platform; (i) introduce any Open Source Software into the Platform; or (j) attempt to gain unauthorized access to the Platform or its related systems or networks.
2.4 Reservation of Rights. Except as expressly granted in this Agreement, there are no other licenses granted to Customer, express, implied or by way of estoppel. All rights not granted in this Agreement are reserved by Sharecare. Without limiting the generality of the foregoing, Sharecare reserves the right to reject and prevent the operation of any Study in its sole and absolute discretion. Customer acknowledges that this right is necessary for Sharecare to protect its reputation in the event Customer were to use the Platform to conduct a Study inconsistent with Sharecare’s company values or otherwise contrary to its interests.

3. THIRD PARTY OFFERINGS.

3.1 Use of Third Party Offerings. Sharecare or third parties may from time to time make Third Party Offerings available to Customer. Any acquisition by Customer of any such Third Party Offerings, and any exchange of data between Customer and any provider of a Third Party Offering, is solely between Customer and the applicable provider of the Third Party Offering. Sharecare does not warrant or support any Third Party Offering, whether or not they are designated by Sharecare as “certified” or otherwise, except as specified in an Order Form. If Customer installs or enables any Third Party Offering for use with Platform, Customer acknowledges that Sharecare may allow providers of that Third Party Offering to access Customer Data as required for the interoperation and support of such Third Party Offering with the Platform. oc.ai shall not be responsible for any disclosure, modification or deletion of Customer Data resulting from any such access by the providers of Third Party Offerings.
3.2 Integration with Third Party Offerings. The Platform may contain features designed to interoperate with Third Party Offerings (e.g., Google, Facebook or Twitter applications). To use such features, Customer may be required to obtain access to such Third Party Offering from their providers. If the provider of any Third Party Offering ceases to make the Third Party Offering available for interoperation with the corresponding Platform features on reasonable terms, Sharecare may cease providing such features without entitling Customer to any refund, credit, or other compensation.
3.3 Third Party Hosting. Sharecare may use the services of one or more third parties to deliver any part of the Services. Sharecare will pass-through any warranties to the extent that Sharecare receives any from its then current third-party service provider that it can provide to Customer. Customer agrees to comply with any acceptable use policies and other terms of any third-party service provider that are provided or otherwise made available to Customer from time to time.

4. PASSWORDS; SECURITY.

4.1 Passwords. Sharecare will issue to Customer, user logins and passwords for each of their Users authorized to access and use the Platform. Customer shall be, and shall ensure that each of their respective Users are, responsible for maintaining the confidentiality of all user logins and passwords and for ensuring that each user login and password is used only by the User to which it was issued. Customer is solely responsible for any and all access and use of the Platform that occurs using logins and passwords Sharecare issues to any of Customer. Customer shall restrict its Users from sharing passwords. Customer agrees to immediately notify Sharecare of any unauthorized use of any account or login and password issued to Customer’s Users, or any other breach of security known to Customer. Sharecare shall have no liability for any loss or damage arising from Customer’s failure to comply with the terms set forth in this Section.
4.2 No Circumvention of Security. Neither Customer nor any User may circumvent or otherwise interfere with any user authentication or security of the Platform. Customer will immediately notify Sharecare of any breach, or attempted breach, of security known to Customer.
4.3 Security. Sharecare will use commercially reasonable efforts to maintain appropriate administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Customer Data in a in a manner consistent with what Sharecare supplies generally to its other customers. Notwithstanding the foregoing, Customer acknowledges that, notwithstanding any security precautions deployed by Sharecare, the use of, or connection to, the Internet provides the opportunity for unauthorized third parties to circumvent such precautions and illegally gain access to the Platform and Customer Data. Sharecare cannot and does not guaranty the privacy, security, integrity or authenticity of any information transmitted over or stored in any system connected to or accessible via the Internet or otherwise or that any such security precautions will be adequate or sufficient. Sharecare shall not (a) modify Customer Data, (b) disclose Customer Data except as compelled by law or as expressly permitted in writing by Customer, or (c) access Customer Data except to provide the Services and prevent or address service or technical problems, or at Customer's request in connection with customer support matters.

5. CUSTOMER OBLIGATIONS.

5.1 Customer System. Customer is responsible for (a) obtaining, deploying and maintaining the Customer System, and all computer hardware, software, modems, routers and other communications equipment necessary for Customer and their respective Users to access and use the Platform via the Internet; (b) contracting with third party ISP, telecommunications and other service providers to access and use the Platform via the Internet; and (c) paying all third party fees and access charges incurred in connection with the foregoing. Except as specifically set forth in this Agreement, an Order Form or a Statement of Work, Sharecare shall not be responsible for supplying any hardware, software or other equipment to Customer under this Agreement.
5.2 Acceptable Use Policy. Customer shall be solely responsible for its actions and the actions of its Users while using the Platform. Customer acknowledges and agrees: (a) to abide by all local, state, national, and international laws and regulations applicable to Customer’s use of the Platform, including without limitation the provision and storage of Customer Data; (b) not to send or store data on or to the Platform which violates the rights of any individual or entity established in any jurisdiction; (c) not to upload in any way any information or content that contain Malicious Code or data that may damage the operation of the Platform or another's computer or mobile device; (d) not to upload any data regarding an individual’s financial or economic identity, sexual orientation, religious beliefs, medical or physical identity, including any information comprised of either “Protected Health Information” subject to and defined by the Health Insurance Portability and Accountability Act, or an individual’s first name and last name, or first initial and last name, in combination with any one or more of the following data elements that relate to such individual: Social Security number, driver's license number or state-issued identification card number, financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; (e) not to use the Platform for illegal, fraudulent, unethical or inappropriate purposes; (f) not to interfere or disrupt networks connected to the Platform or interfere with other ability to access or use the Platform; (g) not to distribute, promote or transmit through the Platform any unlawful, harmful, obscene, pornographic or otherwise objectionable material of any kind or nature; (h) not to transmit or post any material that encourages conduct that could constitute a criminal offense or give rise to civil liability; (i) not to interfere with another customer’s use and enjoyment of the Platform or another person or entity's use and enjoyment of similar services; (j) not to use the Platform in any manner that impairs the Platform, including without limitation the servers and networks on which the Platform is provided; (k) to comply with all regulations, policies and procedures of networks connected to the Platform and Sharecare’s service providers; (l) solicit, collect, or retain Participant Data in violation of applicable law or regulation; and (l) to use the Platform only in accordance with the Documentation. Customer acknowledges and agrees that Sharecare neither endorses the contents of any Customer communications, Customer Data, or Other Information (as defined in Section 12.2 below) nor assumes any responsibility for any offensive material contained therein, any infringement of third party Intellectual Property Rights arising therefrom or any crime facilitated thereby. Sharecare may remove any violating content posted or stored using the Platform or transmitted through the Platform, without notice to Customer. Notwithstanding the foregoing, Sharecare does not guarantee, and does not and is not obligated to verify, authenticate, monitor or edit the Customer Data, Other Information, or any other information or data input into or stored in the Platform for completeness, integrity, quality, accuracy or otherwise. Customer shall be responsible and liable for the completeness, integrity, quality and accuracy of Customer Data and Other Information input into the Platform. Sharecare reserves the right to amend, alter, or modify Customer’s conduct requirements as set forth in this Agreement at any time. Sharecare may deliver notice of such updated requirements to Customer via e-mail or through the Platform. Customer’s continued access to and use of the Platform following issuance of such updated Customer requirements shall constitute Customer’s acceptance thereof. Sharecare may upon written notice to Customer amend this Section 5.2. In addition to the foregoing, Users may be required to accept Sharecare’s Smart Omix Terms of Use and User’s use of the Platform will be subject to the Terms of Use.
5.3 Accuracy of Customer’s Contact Information; Email Notices. Customer agrees to provide accurate, current and complete information as necessary for Sharecare to communicate with Customer from time to time regarding the Services, issue invoices or accept payment, or contact Customer for other account-related purposes. Customer agrees to keep any online account information current and inform Sharecare of any changes in Customer’s legal business name, address, email address and phone number. Customer agrees to accept emails from Sharecare at the e-mail addresses specified by its Users for login purposes. In addition, Customer agrees that Sharecare may rely and act on all information and instructions provided to Sharecare by Users from the above-specified e-mail address.
5.4 IRB Attestation. Before Customer conducts a Study using the Platform, Customer must attest to Institutional Review Board (“IRB”) approval or exemption. Such attestation will be a legally binding statement made on behalf of Customer, governed by the terms of this Agreement.
5.5 Temporary Suspension. Sharecare may temporarily suspend Customer’s or their respective Users’ access to the Platform in the event that either Customer any of their Users is engaged in, or Sharecare in good faith suspects Customer or any of their Users is engaged in, any unauthorized conduct (including, but not limited to any violation of this Agreement). Sharecare will attempt to contact Customer prior to or contemporaneously with such suspension; provided, however, that Sharecare’s exercise of the suspension rights herein shall not be conditioned upon Customer’s receipt of any notification. A suspension may take effect for Customer’s entire account and Customer understands that such suspension would therefore include User sub-accounts. Customer agrees that Sharecare shall not be liable to Customer, any of its Users, or any other third party if Sharecare exercises its suspension rights as permitted by this Section. Upon determining that Customer has ceased the unauthorized conduct leading to the temporary suspension to Sharecare’s reasonable satisfaction, Sharecare shall reinstate Customer’s and their respective Users’ access and use of the Platform. Notwithstanding anything in this Section to the contrary, Sharecare’s suspension of Platform is in addition to any other remedies that Sharecare may have under this Agreement or otherwise, including but not limited to termination of this Agreement for cause. Additionally, if there are repeated incidences of suspension, regardless of the same or different cause and even if the cause or conduct is ultimately cured or corrected, Sharecare may, in its reasonable discretion, determine that such circumstances, taken together, constitute a material breach.
5.6 Participant Data. Customer is responsible for the privacy and security of Participant Data as the controller of such data. The Platform is designed to transmit minimal Participant Data to Sharecare. The parties will comply with their respective obligations under the SmartOmix Data Processing Addendum located at www.smartomix.com/dpa.

6. SUPPORT SERVICES.

6.1 Support. Sharecare makes a variety of Support Services offerings available to its customers and will provide Customer with the level of support to which Customer is entitled based on Customer’s purchase as set forth in an Order Form.
6.2 Evaluation and Beta Licenses. No service level agreement is offered or made in connection with this Agreement if the Subscription Term is for an Evaluation License or a Beta License. Sharecare has no obligation to support or maintain the Platform during the Subscription Term of any Evaluation License or Beta License in any way, correct any errors or deficiencies in the Platform or provide updates, new builds or error corrections.

7. ANCILLARY SERVICES. Sharecare shall use commercially reasonable efforts to perform the Ancillary Services as set forth in applicable mutually executed SOWs. Each SOW will include, at a minimum: (a) a description of the scope of Ancillary Services, (b) any work product or other deliverables to be provided to Customer (each a “Deliverable”), (c) the schedule for the provision of Ancillary Services, and (d) the applicable fees and payment terms for such Ancillary Services. All SOWs shall be deemed part of and subject to this Agreement. If there is any inconsistency between an SOW and this Agreement, the SOW shall control. If either Customer or Sharecare requests a change to the scope of Ancillary Services described in a SOW, the party seeking the change shall propose such change by written notice. Promptly following the other party’s receipt of the written notice, the parties shall discuss and agree upon the proposed changes. Sharecare will prepare a change order document describing the agreed changes to the SOW and any applicable change in fees and expenses (a “Change Order”). Change Orders are not binding unless and until executed by both parties. Executed Change Orders shall be deemed part of, and subject to, this Agreement. Sharecare and Customer shall cooperate to enable Sharecare to perform the Ancillary Services according to the dates of performance and delivery terms set forth in each SOW. In addition, Customer shall perform any Customer obligations specified in each SOW. In the event the Ancillary Services are not performed in accordance with the terms of the applicable SOW, Sharecare shall notify Customer in writing no later than thirty (30) calendar days after performance of the affected Ancillary Services by Sharecare, Customer’s notice shall specify the basis for non-compliance with the SOW and if Sharecare agrees with the basis for non-compliance, then at Sharecare sole option, Sharecare shall re-perform the Ancillary Services at no additional charge to Customer or refund to Customer the applicable fees for the affected Deliverable or Ancillary Service. THE FOREGOING CONSTITUTES CUSTOMER’S SOLE AND EXCLUSIVE REMEDY AND SHARECARE’S SOLE AND EXCLUSIVE LIABILITY WITH RESPECT TO PERFORMANCE OR NON-PERFORMANCE OF THE ANCILLARY SERVICES.

8. FEES AND PAYMENT.

8.1 Fees. Customer agrees to pay all fees specified in all Order Forms and SOWs using one of the payment methods Sharecare supports. Except as otherwise specified in this Agreement or in an Order Form, (a) fees are quoted and payable in United States dollars, (b) fees are based on Services purchased, regardless of actual usage, (c) payment obligations are non-cancelable and fees paid are non-refundable, and (d) the number of Users of Subscription Terms purchased cannot be decreased during the relevant Subscription Term shown on the applicable Order Form(s). User subscription fees are based on monthly periods that begin on the subscription start date and each monthly anniversary thereof; therefore, fees for User subscriptions added in the middle of a monthly period will be charged for that full monthly period and the monthly periods remaining in the subscription term. All amounts payable under this Agreement will be made without setoff or counterclaim, and without any deduction or withholding.
8.2 Invoices and Payment. All fees for Platform will be invoiced in advance and in accordance with the applicable Order Form. Fees for Ancillary Services will be invoiced as set forth in an applicable SOW or Order Form. Except as otherwise set forth in the applicable Order Form or SOW, Customer agrees to pay all invoiced amounts within thirty (30) calendar days of the invoice date. Customer is responsible for providing complete and accurate billing and contact information to Sharecare and notifying Sharecare of any changes to such information.
8.3 Overdue Charges. If Sharecare does not receive fees by the due date, then at Sharecare’s discretion, (a) such charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid; and (b) Sharecare may condition future purchases of Services and Order Forms on payment terms shorter than those specified in Section 9.2 (Invoices and Payment).
8.4 Suspension of Service. If any amounts owed by Customer for the Services are Fifteen (15) or more days overdue, Sharecare may, without limiting Sharecare’s other rights and remedies, suspend Customer’s and its Users’ access to the Services until such amounts are paid in full.
8.5 Payment Disputes. Sharecare agrees that it will not exercise its rights under Section 9.3 (Overdue Charges) or Section 9.4 (Suspension of Service) if the applicable charges are under reasonable and good-faith dispute and Customer is cooperating diligently to resolve the dispute.
8.6 Taxes. “Taxes” means all taxes, levies, imposts, duties, fines or similar governmental assessments imposed by any jurisdiction, country or any subdivision or authority thereof including, but not limited to federal, state or local sales, use, property, excise, service, transaction, privilege, occupation, gross receipts or similar taxes, in any way connected with this Agreement or any instrument, order form or agreement required hereunder, and all interest, penalties or similar liabilities with respect thereto, except such taxes imposed on or measured by a party’s net income. Notwithstanding the foregoing, Taxes shall not include payroll taxes attributable to the compensation paid to workers or employees and each party shall be responsible for its own federal and state payroll tax collection, remittance, reporting and filing obligations. Fees and charges imposed under this Agreement or under any order form or similar document ancillary to or referenced by this Agreement shall not include Taxes except as otherwise provided herein. Customer shall be responsible for all of such Taxes. If, however, Sharecare has the legal obligation to pay Taxes and is required or permitted to collect such Taxes for which Customer is responsible under this section, Customer shall promptly pay the Taxes invoiced by Sharecare unless Customer has furnished Sharecare with valid tax exemption documentation regarding such Taxes at the execution of this Agreement or at the execution of any subsequent instrument, order form or agreement ancillary to or referenced by this Agreement. Customer shall comply with all applicable tax laws and regulations. Customer hereby agrees to indemnify Sharecare for any Taxes and related costs paid or payable by Sharecare attributable to Taxes that would have been Customer’s responsibility under this Section 9.6 if invoiced to Customer. Customer shall promptly pay or reimburse Sharecare for all costs and damages related to any liability incurred by Sharecare as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligation under this Section 9.6 shall survive the termination or expiration of this Agreement.

9. REPRESENTATIONS AND WARRANTIES; DISCLAIMER.

9.1 Mutual Representations and Warranties. Each party represents, warrants and covenants that: (a) it has the full power and authority to enter into this Agreement and to perform its obligations hereunder, without the need for any consents, approvals or immunities not yet obtained; and (b) its acceptance of and performance under this Agreement shall not breach any oral or written agreement with any third party or any obligation owed by it to any third party to keep any information or materials in confidence or in trust.
9.2 Evaluations of New Services. From time to time Sharecare may invite Customer to try, at no charge, Sharecare products or services that are not generally available to Sharecare customers (“Non-GA Services”). Customer may accept or decline any such trial in its sole discretion. Any Non-GA Services will be clearly designated as beta, pilot, limited release, developer preview, non-production or by a description of similar import. Non-GA Services are provided for evaluation purposes and not for production use, are not supported, may contain bugs or errors (but shall not knowingly contain any undisclosed Malicious Code), and may be subject to additional terms that shall be provided by Sharecare to Customer prior to or concurrent with Sharecare’s invitation to the applicable Non-GA Services. Non-GA Services are not considered “Services” hereunder. Customer has the right to discontinue Non-GA Services at any time in its sole discretion and may never make them generally available.
9.3 Regulatory Compliance. Customer represents and warrants, and covenants on behalf of itself and its Users that it does and shall comply with and conduct all aspects of the study, including the recruitment and treatment of subjects, in compliance with the terms of this Agreement, the IRB-approved protocol, all applicable federal, state, and local laws and regulations, including as applicable to the study, generally accepted standards of good clinical practice as adopted by current U.S. Food and Drug Administration (FDA) regulations and statutes and regulations of the U.S. government relating to exportation of technical data, computer software, laboratory prototypes, and other commodities as applicable to Customer. Customer acknowledges that the purpose of the Platform is strictly to provide support services related to study design and electronic data capture and that Customer, not Sharecare, is responsible for ensuring all regulated activities related to the Study (including as related to adverse event reporting; sponsor responsibilities; principal investigator responsibilities; the creation, maintenance, modification, storage, archival, and distribution of records; the content of research documentation, including the consent form; and handling investigations or audits by regulatory agencies), comply with the IRB-approved protocol and such applicable laws and regulations. Without limiting the generality of the foregoing, as between Customer and Sharecare, Customer shall be responsible for implementing Participant consents that are compliant with Part 11 of Title 21 of the Code of Federal Regulations (“Part 11”), notwithstanding the fact that Platform’s electronic signature functionality is designed to be, and Sharecare may advertise it as being, compliant with the relevant portion of Part 11.
9.4 Disclaimer. EXCEPT FOR THE WARRANTIES SET FORTH IN THIS SECTION 10, THE PLATFORM, SUPPORT SERVICES, ANCILLARY SERVICES, THIRD-PARTY OFFERINGS AND ANY NON-GA SERVICES ARE PROVIDED ON AN AS-IS BASIS. CUSTOMER’S USE OF THE PLATFORM, SUPPORT SERVICES, ANCILLARY SERVICES, THIRD-PARTY OFFERINGS AND NON-GA SERVICES IS AT ITS OWN RISK. SHARECARE DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS, STATUTORY AND IMPLIED REPRESENTATIONS AND WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND TITLE, QUALITY, SUITABILITY, OPERABILITY, CONDITION, SYSTEM INTEGRATION, NON-INTERFERENCE, WORKMANSHIP, TRUTH, ACCURACY (OF DATA OR ANY OTHER INFORMATION OR CONTENT), ABSENCE OF DEFECTS, WHETHER LATENT OR PATENT, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. THE EXPRESS WARRANTIES MADE BY SHARECARE IN SECTION 10 ARE FOR THE BENEFIT OF THE CUSTOMER ONLY AND NOT FOR THE BENEFIT OF ANY THIRD PARTY. ANY SOFTWARE PROVIDED THROUGH THE PLATFORM IS LICENSED AND NOT SOLD. NO WARRANTIES OF ANY KIND WHATSOEVER ARE MADE FOR CUSTOMER’S BENEFIT DURING THE SUBSCRIPTION TERM OF ANY EVALUATION LICENSE OR BETA LICENSE.
NO AGENT OF SHARECARE IS AUTHORIZED TO ALTER OR EXPAND THE WARRANTIES OF SHARECARE AS SET FORTH HEREIN. SHARECARE DOES NOT WARRANT THAT: (A) THE USE OF THE SERVICES OR NON-GA SERVICES WILL BE SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA; (B) THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (C) ANY STORED DATA WILL BE ACCURATE OR RELIABLE; (D) THE QUALITY OF ANY INFORMATION OR OTHER MATERIAL OBTAINED BY CUSTOMER THROUGH THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (E) THE SERVICES WILL BE ERROR-FREE OR THAT ERRORS OR DEFECTS IN THE SERVICES AND NON-GA SERVICES WILL BE CORRECTED; OR (F) THE SERVER(S) THAT MAKE THE SERVICES AND NON-GA SERVICES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE SERVICES AND NON-GA SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. SHARECARE IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.

10. INDEMNIFICATION.

10.1 Sharecare Indemnity.
(a) General. During the Subscription Term (other than with respect to an Evaluation License or a Beta License), Sharecare, at its expense, shall defend Customer and their respective officers, directors and employees (the “Customer Indemnified Parties”) from and against all actions, proceedings, claims and demands by a third party (a “Third-Party Claim”) alleging that the Platform infringes any copyright or misappropriates any trade secret and shall pay all damages, costs and expenses, including attorneys’ fees and costs (whether by settlement or award of by a final judicial judgment) paid to the Third Party bringing any such Third-Party Claim. Sharecare’s obligations under this Section are conditioned upon (i) Sharecare being promptly notified in writing of any claim under this Section, (ii) Sharecare having the sole and exclusive right to control the defense and settlement of the claim, and (iii) Customer providing all reasonable assistance (at Sharecare’s expense and reasonable request) in the defense of such claim. In no event shall Customer settle any claim without Sharecare’s prior written approval. Customer may, at its own expense, engage separate counsel to advise Customer regarding a Claim and to participate in the defense of the claim, subject to Sharecare’s right to control the defense and settlement.
(b) Mitigation. If any claim which Sharecare is obligated to defend has occurred, or in Sharecare’s determination is likely to occur, Sharecare may, in its sole discretion and at its option and expense (a) obtain for Customer the right to use the Platform, (b) substitute a functionality equivalent, non-infringing replacement for such the Platform, (c) modify the Platform to make it non-infringing and functionally equivalent, or (d) terminate this Agreement and refund to Customer any prepaid amounts attributable the period of time between the date Customer was unable to use the Platform due to such claim and the remaining days in the then-current Subscription Term.
(c) Exclusions. Notwithstanding anything to the contrary in this Agreement, the foregoing obligations shall not apply with respect to a claim of infringement if such claim arises out of (i) Customer’s use of infringing Customer Data; (ii) use of the Platform in combination with any software, hardware, network or system not supplied by Sharecare where the alleged infringement relates to such combination, (iii) any modification or alteration of the Platform other than by Sharecare, (iv) Customer’s continued use of the Platform after Sharecare notifies Customer to discontinue use because of an infringement claim, (v) Customer’s violation of applicable law; (vi) Third Party Offerings; and (vii) Customer System.
(d) Sole Remedy. THE FOREGOING STATES THE ENTIRE LIABILITY OF SHARECARE WITH RESPECT TO THE INFRINGEMENT OF ANY INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS BY THE PLATFORM OR OTHERWISE, AND CUSTOMER HEREBY EXPRESSLY WAIVES ANY OTHER LIABILITIES OR OBLIGATIONS OF SHARECARE WITH RESPECT THERETO. NO INDEMNITIES OF ANY KIND WHATSOEVER ARE MADE FOR CUSTOMER’S BENEFIT DURING THE SUBSCRIPTION TERM OF ANY EVALUATION LICENSE OR BETA LICENSE.
10.2 Customer Indemnity. Customer shall defend Sharecare and its licensors and their respective officers, directors and employees (“Sharecare Indemnified Parties”) from and against any and all Third-Party Claims which arise out of or relate to: (a) a claim or threat that the Customer Data or Customer System (and the exercise by Sharecare of the rights granted herein with respect thereto) infringes, misappropriates or violates any third party’s Intellectual Property Rights; (b) Customer’s use or alleged use of the Platform other than as permitted under this Agreement; (c) arising from the occurrence of any of the exclusions set forth in Section 11.1(c); or (d) brought by any Participant, Customer client, actual or potential consumer of Customer’s products, and/or regulatory body and in any way related to a Study or Customer Data. Customer shall pay all damages, costs and expenses, including attorneys’ fees and costs (whether by settlement or award of by a final judicial judgment) paid to the Third Party bringing any such Third-Party Claim. Customer’s obligations under this Section are conditioned upon (x) Customer being promptly notified in writing of any claim under this Section, (y) Customer having the sole and exclusive right to control the defense and settlement of the claim, and (z) Sharecare providing all reasonable assistance (at Customer’s expense and reasonable request) in the defense of such claim. In no event shall Sharecare settle any claim without Customer’s prior written approval. Sharecare may, at its own expense, engage separate counsel to advise Sharecare regarding a Third-Party Claim and to participate in the defense of the claim, subject to Customer’s right to control the defense and settlement.

11. CONFIDENTIALITY.

11.1 Confidential Information. “Confidential Information” means any and all non-public technical and non-technical information disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in any form or medium, whether oral, written, graphical or electronic, pursuant to this Agreement, that is marked confidential and proprietary, or that the Disclosing Party identifies as confidential and proprietary, or that by the nature of the circumstances surrounding the disclosure or receipt ought to be treated as confidential and proprietary information, including but not limited to: (a) techniques, sketches, drawings, models, inventions (whether or not patented or patentable), know-how, processes, apparatus, formulae, equipment, algorithms, software programs, software source documents, APIs, and other creative works (whether or not copyrighted or copyrightable); (b) information concerning research, experimental work, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, sales and merchandising and marketing plans and information; (c) proprietary or confidential information of any third party who may disclose such information to Disclosing Party or Receiving Party in the course of Disclosing Party’s business; and (d) the terms of this Agreement and any Order Form or Statement of Work. Confidential Information of Sharecare shall include the Platform, the documentation, the pricing, and the terms and conditions of this agreement. Confidential Information also includes all summaries and abstracts of Confidential Information.
11.2 Non-Disclosure. Each party acknowledges that in the course of the performance of this Agreement, it may obtain the Confidential Information of the other party. The Receiving Party shall, at all times, both during the Term and thereafter, keep in confidence and trust all of the Disclosing Party’s Confidential Information received by it. The Receiving Party shall not use the Confidential Information of the Disclosing Party other than as necessary to fulfill the Receiving Party’s obligations or to exercise the Receiving Party’s rights under this Agreement. Each party agrees to secure and protect the other party’s Confidential Information with the same degree of care and in a manner consistent with the maintenance of such party’s own Confidential Information (but in no event less than reasonable care), and to take appropriate action by instruction or agreement with its employees or other agents who are permitted access to the other party’s Confidential Information to satisfy its obligations under this Section. The Receiving Party shall not disclose Confidential Information of the Disclosing Party to any person or entity other than its officers, employees and agents who need access to such Confidential Information in order to effect the intent of this Agreement and who are subject to confidentiality obligations at least as stringent as the obligations set forth in this Agreement.
11.3 Exceptions to Confidential Information. The obligations set forth in Section 12.2 (Non-Disclosure) shall not apply to the extent that Confidential Information includes information which: (a) was known by the Receiving Party prior to receipt from the Disclosing Party either itself or through receipt directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (b) was developed by the Receiving Party without use of the Disclosing Party’s Confidential Information; or (c) becomes publicly known or otherwise ceases to be secret or confidential, except as a result of a breach of this Agreement or any obligation of confidentiality by the Receiving Party. Nothing in this Agreement shall prevent the Receiving Party from disclosing Confidential Information to the extent the Receiving Party is legally compelled to do so by any governmental investigative or judicial agency pursuant to proceedings over which such agency has jurisdiction; provided, however, that prior to any such disclosure, the Receiving Party shall (x) assert the confidential nature of the Confidential Information to the agency; (y) immediately notify the Disclosing Party in writing of the agency’s order or request to disclose; and (z) cooperate fully with the Disclosing Party in protecting against any such disclosure and in obtaining a protective order narrowing the scope of the compelled disclosure and protecting its confidentiality.
11.4 Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information may cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Receiving Party will be entitled, in addition to any other available remedies, to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damages.

12. PROPRIETARY RIGHTS.

12.1 Platform. As between Sharecare and Customer, all right, title and interest in the Platform and any other Sharecare materials furnished or made available hereunder, and all modifications and enhancements thereof, and all suggestions, ideas and feedback proposed by Customer regarding the Platform, including all copyright rights, patent rights and other Intellectual Property Rights in each of the foregoing, belong to and are retained solely by Sharecare or Sharecare’s licensors and providers, as applicable. If the Subscription Term is for an Evaluation License or a Beta License, Customer shall periodically (and, in any case, not less than once every thirty (30) days or more frequently as provided in the Order Form) provide Sharecare with written feedback regarding Customer’s use of the Platform, the functionality of the Platform, any bugs, errors or deficiencies that Customer encounters regarding the operation and functionality of the Platform and any suggestions that Customer may have regarding improvement of such operation and functionality (“Feedback”). Additionally, Customer shall promptly respond to any questions that Sharecare may have regarding such Feedback or to any other questions Sharecare may have regarding Customer’s use of the Platform. Customer hereby does and will irrevocably assign to Sharecare all Feedback and all Intellectual Property Rights in the Feedback.
12.2 Customer Data. As between Sharecare and Customer, all right, title and interest in (a) the Customer Data, (b) other information input into the Platform by Customer (collectively, “Other Information”) and (c) all Intellectual Property Rights in each of the foregoing, belong to and are retained solely by Customer. Customer hereby grants to Sharecare a limited, non-exclusive, royalty-free, worldwide license to use the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Sharecare to provide the Services to Customer, and a non-exclusive, perpetual, irrevocable, worldwide, royalty-free, fully paid license to use, reproduce, modify and distribute the Other Information as a part of the Aggregated Statistics (as defined in Section 11.3 below). To the extent that receipt of the Customer Data requires Sharecare to utilize any account information from a third party service provider, Customer shall be responsible for obtaining and providing relevant account information and passwords, and Sharecare hereby agrees to access and use the Customer Data solely for Customer’s benefit and as set forth in this Agreement. As between Sharecare and Customer, Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. Notwithstanding the foregoing, Sharecare will use Customer Data and Other Information in accordance with the terms of its Smart Omix Privacy Policy.
12.3 Aggregated Statistics. Notwithstanding anything else in this Agreement or otherwise, Sharecare may monitor Customer’s use of the Services and use data and information related to such use, Customer Data, and Other Information in an aggregate and anonymous manner, including to compile statistical and performance information related to the provision and operation of the Platform (“Aggregated Statistics”). As between Sharecare and Customer, all right, title and interest in the Aggregated Statistics and all Intellectual Property Rights therein, belong to and are retained solely by Sharecare. Customer acknowledges that Sharecare will be compiling Aggregated Statistics based on Customer Data, Other Information, and information input by other customers into the Platform and Customer agrees that Sharecare may use such information to the extent and in the manner required by applicable law or regulation and for purposes of data gathering, analysis, and service enhancement, provided that such data and information does not identify Customer or its Confidential Information and that such use complies with Sharecare’s SmartOmix Privacy Policy.
12.4 Sharecare Developments. All inventions, works of authorship and developments conceived, created, written, or generated by or on behalf of Sharecare, whether solely or jointly, including without limitation, in connection with Sharecare’s performance of the Ancillary Services hereunder, including (unless otherwise expressly set forth in an applicable SOW) all Deliverables (“Sharecare Developments”) and all Intellectual Property Rights therein, shall be the sole and exclusive property of Sharecare. Customer agrees that, except for Customer Confidential Information, to the extent that the ownership of any contribution by Customer or its employees to the creation of the Sharecare Developments is not, by operation of law or otherwise, vested in Sharecare, Customer hereby assigns and agrees to assign to Sharecare all right, title and interest in and to such Sharecare Developments, including without limitation all the Intellectual Property Rights therein, without the necessity of any further consideration.
12.5 Further Assurances. To the extent any of the rights, title and interest in and to Feedback or Sharecare Developments or Intellectual Property Rights therein cannot be assigned by Customer to Sharecare, Customer hereby grants to Sharecare an exclusive, royalty-free, transferable, irrevocable, worldwide, fully paid-up license (with rights to sublicense through multiple tiers of sublicensees) to fully use, practice and exploit those non-assignable rights, title and interest. If the foregoing assignment and license are not enforceable, Customer agrees to waive and never assert against Sharecare those non-assignable and non-licensable rights, title and interest. Customer agrees to execute any documents or take any actions as may reasonably be necessary, or as Sharecare may reasonably request, to perfect ownership of the Feedback and Sharecare Developments. If Customer is unable or unwilling to execute any such document or take any such action, Sharecare may execute such document and take such action on Customer’s behalf as Customer’s agent and attorney-in-fact. The foregoing appointment is deemed a power coupled with an interest and is irrevocable.
12.6 License to Deliverables. Subject to Customer’s compliance with this Agreement, Sharecare hereby grants Customer a limited, non-exclusive, non-transferable license during the Subscription Term to use the Deliverables solely in connection with Customer’s authorized use of the Platform. Notwithstanding any other provision of this Agreement: (i) nothing herein shall be construed to assign or transfer any Intellectual Property Rights in the proprietary tools, source code samples, templates, libraries, know-how, techniques and expertise (“Tools”) used by Sharecare to develop the Deliverables, and to the extent such Tools are delivered with or as part of the Deliverables, they are licensed, not assigned, to Customer, on the same terms as the Deliverables; and (ii) the term “Deliverables” shall not include the Tools.

13. LIMITATION OF LIABILITY.

13.1 No Consequential Damages. NEITHER SHARECARE NOR ITS LICENSORS OR SUPPLIERS SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, OR ANY DAMAGES FOR LOST DATA, BUSINESS INTERRUPTION, LOST PROFITS, LOST REVENUE OR LOST BUSINESS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF SHARECARE OR ITS LICENSORS OR SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT LIMITATION, ANY SUCH DAMAGES ARISING OUT OF THE LICENSING, PROVISION OR USE OF THE PLATFORM, ANCILLARY SERVICES, SUPPORT SERVICES OR THE RESULTS THEREOF. SHARECARE WILL NOT BE LIABLE FOR THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.
13.2 Limits on Liability. NEITHER SHARECARE NOR ITS LICENSORS OR SUPPLIERS SHALL BE LIABLE FOR CUMULATIVE, AGGREGATE DAMAGES GREATER THAN AN AMOUNT EQUAL TO THE LESSER OF (a) THE AMOUNTS PAID BY CUSTOMER TO SHARECARE UNDER THIS AGREEMENT DURING THE PERIOD OF SIX (6) MONTHS PRECEDING THE DATE ON WHICH THE CLAIM FIRST ACCRUED, AND (b) THE AMOUNT OF FEES PAID BY CUSTOMER IN A SINGLE SUBSCRIPTION TERM.
13.3 Essential Purpose. CUSTOMER ACKNOWLEDGES THAT THE TERMS IN THIS SECTION 14 (LIMITATION OF LIABILITY) SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND SHALL APPLY EVEN IF AN EXCLUSIVE OR LIMITED REMEDY STATED HEREIN FAILS OF ITS ESSENTIAL PURPOSE WITHOUT REGARD TO WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE.

14. TERM AND TERMINATION.

14.1 Term. The term of this Agreement commence on the Effective Date and continues until the expiration or termination of all Subscription Term(s), unless earlier terminated as provided in this Agreement. Except as otherwise specified in the applicable Order Form, Subscription Terms (other than for Evaluation Licenses and Beta Licenses) for all Users shall automatically renew for additional periods equal to the expiring Subscription Term unless one party gives the other written notice of non-renewal at least Thirty (30) days prior to the expiration of the then current Subscription Term. The per-unit pricing during any automatic renewal term shall be the same as that during the immediately prior term unless Sharecare has given Customer written notice of a pricing increase at least sixty (60) days before the end of such prior term, in which case the pricing increase shall be effective upon renewal and thereafter; provided however that no such pricing increase shall occur until after expiration of the then current Subscription Term. Evaluation Licenses and Beta Licenses will terminate at the end of their respective Subscription Term unless the parties enter into an Order Form for a new Subscription Term.
14.2 Termination for Cause. A party may terminate this Agreement and any Statement of Work (and all Subscription Term(s)) upon written notice to the other party in the event the other party (a) files a petition for bankruptcy or has a petition for bankruptcy filed against it that is not dismissed within sixty (60) days after filing or admits its inability to pay its debts as they mature, makes an assignment for the benefit of its creditors or ceases to function as a going concern or to conduct its operations in the normal course of business and such termination shall occur immediately upon notice; or (b) commits a material breach of any provision of this Agreement and does not remedy such breach within thirty (30) days after receipt of notice from the other party or such other period as the parties may agree. Upon any termination for cause by Customer, Sharecare shall refund Customer any prepaid fees for the remainder of the terminated Subscription Terms after the effective termination date. Upon any termination for cause by Sharecare, Customer shall pay any unpaid fees covering the remainder of the term of all Order Forms after the effective date of termination. In no event shall any termination relieve Customer of the obligation to pay any fees payable to Sharecare for the period prior to the effective date of termination.
14.3 Termination for Convenience. Sharecare shall have the right to terminate any Subscription Term for convenience on at least Sixty (60) days prior written notice to Customer. If Sharecare exercises such termination right, Sharecare shall refund to customer the amount of any pre-paid fees for the terminated Subscription Term.
14.4 Effects of Termination. Upon expiration or termination of this Agreement, (a) Customer’s use of and access to the Platform and Sharecare's performance of all Support Services and Ancillary Services shall cease; (b) all Order Forms and Statements of Work shall terminate; and (c) all fees and other amounts owed to Sharecare shall be immediately due and payable by Customer, including without limitation, all fees incurred under any outstanding Statement of Work up through the date of termination for any Ancillary Services completed and a pro-rated portion of the fees incurred for any partially completed Ancillary Services. Sharecare shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control. In addition, within ten (10) days of the effective date of termination each Receiving Party shall: (a) return to the Disclosing Party, or at the Disclosing Party’s option, the Receiving Party shall destroy, all items of Confidential Information (other than the Customer Data) then in the Receiving Party’s possession or control, including any copies, extracts or portions thereof, and (b) upon request shall certify in writing to Disclosing Party that it has complied with the foregoing.
14.5 Survival. This Section and Sections 1, 2.2, 2.4, 9, 10, 11, 13, 14, 15.4, 16 shall survive any termination or expiration of this Agreement.

15. MISCELLANEOUS.

15.1 Notices. All notices which any party to this Agreement may be required or may wish to give may be given by addressing them to the other party at the addresses set forth below (or at such other addresses as may be designated by written notices given in the manner designated herein) by (a) personal delivery, (b) sending such notices by commercial overnight courier with written verification of actual receipt, (c) by email, effective (A) when the sender receives an automated message from the recipient confirming delivery or (B) one hour after the time sent (as recorded on the device from which the sender sent the email) unless the sender receives an automated message that the email has not been delivered, whichever happens first, but if the delivery or receipt is on a day which is not a business day or is after 5:00 pm (addressee’s time) it is deemed to be received at 9:00 am on the following business day, or (d) sending them by registered or certified mail. If so mailed or otherwise delivered, such notices shall be deemed and presumed to have been given on the earlier of the date of actual receipt or three (3) days after mailing or authorized form of delivery. All communications and notices to be made or given pursuant to this Agreement shall be in the English language.
15.2 Governing Law. This Agreement and the rights and obligations of the parties to and under this agreement shall be governed by and construed under the laws of the United States and the State of Georgia as applied to agreements entered into and to be performed in such State without giving effect to conflicts of laws rules or principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to this Agreement. The parties further agree to waive and opt-out of any application of the Uniform Computer Information Transactions Act (UCITA), or any version thereof, adopted by any state of the United States in any form. Any dispute arising out of or in connection with this Agreement, including but not limited to any question regarding its existence, interpretation, validity, performance, or termination, or any dispute between the parties arising from the parties' relationship created by this Agreement, shall be referred to and finally resolved by arbitration administered by the American Arbitration Association under its rules. The number of arbitrators shall be one (1). The parties shall endeavor to agree upon the sole arbitrator and jointly nominate the arbitrator. If the parties cannot agree upon the sole arbitrator within a time prescribed by AAA, the parties shall request the AAA to propose five (5) arbitrators and each party shall rank the proposed arbitrators. The AAA shall appoint an arbitrator from the list of five (5), based upon the parties' rankings. The seat, or legal place of arbitration shall be Atlanta, Georgia, United States. Notwithstanding the foregoing, Sharecare has the right to pursue equitable relief in the state and federal courts located in Georgia, and Customer agrees to the exclusive jurisdiction and venue of such courts.
15.3 Publicity. Sharecare has the right to reference and use Customer’s name and trademarks and disclose the nature of the Services provided hereunder in each case in Sharecare business development and marketing efforts, including without limitation Sharecare’s website. Customer shall without the prior written consent of Sharecare (email sufficing), use in advertising, publicity or otherwise the names, trade names, service marks, trade dress or logo of Sharecare. Notwithstanding the foregoing, in any publication of the results of a Study, Customer shall include the language, “Study conducted on the Sharecare® Smart Omix™ platform,” unless otherwise instructed by Sharecare.
15.4 No Solicitation of Employees. Customer agrees that, so long as the Subscription Term remains in effect, and for a period of one (1) year following the last Subscription Term hereunder to terminate or expire, it will not directly solicit for employment the employees of Sharecare without Sharecare’s prior written consent; provided, however, that the foregoing prohibition shall not preclude the hiring by Customer of any individual who responds to a general solicitation or advertisement, whether in print or electronic form, only job postings and social networking sites.
15.5 U.S. Government Customers. If Customer is a Federal Government entity, Sharecare provides the Platform, including related software and technology, for ultimate Federal Government end use solely in accordance with the following: Government technical data rights include only those rights customarily provided to the public with a commercial item or process and Government software rights related to the Platform include only those rights customarily provided to the public, as defined in this Agreement. The technical data rights and customary commercial software license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If greater rights are needed, a mutually acceptable written addendum specifically conveying such rights must be included in this Agreement.
15.6 Export. The Platform utilizes software and technology that may be subject to United States and foreign export controls. Customer acknowledges and agrees that the Services shall not be used, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. By using the Platform, Customer represents and warrants that it is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Platform may use encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations, 15 C.F.R. Parts 730-774 and Council Regulation (EC) No. 1334/2000. Customer agrees to comply strictly with all applicable export laws and assume sole responsibility for obtaining licenses to export or re-export as may be required. Sharecare and its licensors make no representation that the Platform is appropriate or available for use in other locations. Any diversion of the Customer Data contrary to law is prohibited. None of the Customer Data, nor any information acquired through the use of the Platform, is or will be used for nuclear activities, chemical or biological weapons, or missile projects.
15.7 General. Customer shall not assign its rights hereunder, or delegate the performance of any of its duties or obligations hereunder, whether by merger, acquisition, sale of assets, operation of law, or otherwise, without the prior written consent of Sharecare. Any purported assignment in violation of the preceding sentence is null and void. Subject to the foregoing, this Agreement shall be binding upon, and inure to the benefit of, the successors and assigns of the parties thereto. Except as otherwise specified in this Agreement, this Agreement may be amended or supplemented only by a writing that refers explicitly to this Agreement and that is signed on behalf of both parties. No waiver will be implied from conduct or failure to enforce rights. No waiver will be effective unless in a writing signed on behalf of the party against whom the waiver is asserted. If any of this Agreement is found invalid or unenforceable that term will be enforced to the maximum extent permitted by law and the remainder of this Agreement will remain in full force. The parties are independent contractors and nothing contained herein shall be construed as creating an agency, partnership, or other form of joint enterprise between the parties. This Agreement, including all applicable Order Forms, and Statements of Work, constitute the entire agreement between the parties relating to this subject matter and supersedes all prior or simultaneous understandings, representations, discussions, negotiations, and agreements, whether written or oral. Except for your payment obligations hereunder, neither party shall be liable to the other party or any third party for failure or delay in performing its obligations under this Agreement when such failure or delay is due to any cause beyond the control of the party concerned, including, without limitation, acts of God, governmental orders or restrictions, fire, or flood, provided that upon cessation of such events such party shall thereupon promptly perform or complete the performance of its obligations hereunder.

SMART OMIX DATA PROCESSING ADDENDUM

 

This Data Processing Addendum (“Addendum”) forms part of the agreement between Customer and Sharecare covering Customer’s use of the “Services” as defined in the Platform Agreement between Sharecare and Customer (the “Agreement”).

 

Definitions

 

A. “Applicable Data Protection Law” refers to all laws and regulations applicable to Sharecare’s processing of personal data under the Agreement.

 

B. “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

C. “Customer Account Data” means personal data that relates to Customer’s relationship with Sharecare, including the names or contact information of individuals authorized by Customer to access Customer’s account, and billing information of individuals that Customer has associated with its account.

 

D. “Customer User Content” means personal data exchanged as a result of using the Services, such as study content, study participant data, and study results, but excluding participant account data that is considered part of the Customer Usage Data as defined below.

 

E. “Customer Usage Data” means data processed by Sharecare for the purposes of transmitting or exchanging Customer User Content, including but not limited to personal data of study participants that is used to establish an account with Sharecare but not to the extent such data is so intermingled with a particular study as to become Customer User Content.

 

F. “personal data” means any information relating to an identified or identifiable natural person (“data subject”) as defined under the Applicable Data Protection Law. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

G. “Sharecare Smart Omix Privacy Policy” means the privacy notice for the Services, the current version of which is available at smartomix.com/privacy.

 

H. “processor” means the entity which processes personal data on behalf of the controller.

 

I. “processing” (and “process”) means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

 

J. “Security Incident” means a confirmed or reasonably suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer User Content.

 

K. “Sensitive Data” means (i) social security number, passport number, driver’s license number, or similar identifier (or any portion thereof); (ii) credit or debit card number (other than the truncated (last four digits) of a credit or debit card), financial information, banking account numbers or passwords; (iii) employment, financial, genetic, biometric or health information; (iv) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (v) account passwords, mother’s maiden name, or date of birth; (vi) criminal history; or (vii) any other information or combinations of information that falls within the definition of “special categories of data” under GDPR or any other applicable law or regulation relating to privacy and data protection.

 

L. “Standard Contractual Clauses” means, as set forth on Schedule 3 attached hereto, (i) the standard contractual clauses adopted by the European Commission on 4 June 2021 for the transfer of personal data to third countries pursuant to the GDPR (“SCCs”); (ii) the standard contractual clauses for the transfer of personal data to Processors established in third countries which do not ensure an adequate level of data protection annexed to Commission Decision of 5 February 2010 as adopted by the UK pursuant to the EU Withdrawal Act of 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations of 2019 (“UK Controller-to-Processor SCCs”).

 

M. “subprocessor” means (i) Sharecare, when Sharecare is processing Customer User Content and where Customer is a processor of such Customer User Content or (ii) any third-party processor engaged by Sharecare to process Customer User Content in order to provide the Services to Customer.

 

N. “Third Party Request” means any request, correspondence, inquiry, or complaint from a data subject, regulatory authority, or third party.

 

Capitalized terms not defined in this section will have the meaning given to them in this Addendum or the Agreement.

 

Controller and Processor

 

A. Sharecare as a Processor. The parties acknowledge and agree that with regard to the processing of Customer User Content, Customer is a controller and Sharecare is a processor. Sharecare will process Customer User Content in accordance with Customer’s instructions as set forth in the section title Customer Instructions.

 

B. Sharecare as a Controller of Customer Account Data. The parties acknowledge that, with regard to the processing of Customer Account Data, Customer is a controller and Sharecare is an independent controller, not a joint controller with Customer. Sharecare will process Customer Account Data as a controller in order to (i) manage the relationship with Customer; (ii) carry out Sharecare’s core business operations, such as accounting and filing taxes; (iii) detect, prevent, or investigate security incidents, fraud, and other abuse or misuse of the Services; (iv) perform identity verification; and (v) as otherwise permitted under Applicable Data Protection Law and in accordance with this Addendum, the Agreement, and the Sharecare Smart Omix Privacy Policy.

 

C. Sharecare as a Controller of Customer Usage Data. The parties acknowledge that, with regard to the processing of Customer Usage Data, Customer may act either as a controller or processor and Sharecare is an independent controller, not a joint controller with Customer. Sharecare will process Customer Usage Data as a controller in order to carry out the necessary functions as a communications service provider, such as: (i) Sharecare’s accounting, tax, billing, audit, and compliance purposes; (ii) to provide, optimize, and maintain the Services, platform and security; (iii) to investigate fraud, spam, wrongful or unlawful use of the Services; (iv) as required by applicable law or regulation; or (v) as otherwise permitted under Applicable Data Protection Law and in accordance with this Addendum, the Agreement, and the Sharecare Smart Omix Privacy Policy.

 

D. Purpose Limitation. Sharecare will process personal data in order to provide the Services in accordance with the Agreement. Schedule 1 (Details of Processing) of this Addendum further specifies the nature and purpose of the processing, the processing activities, the duration of the processing, the types of personal data and categories of data subjects.

 

E. Compliance. Customer is responsible for ensuring that (i) it has complied, and will continue to comply, with Applicable Data Protection Law in its use of the Services and its own processing of personal data and (ii) it has, and will continue to have, the right to transfer, or provide access to, personal data to Sharecare for processing in accordance with the terms of the Agreement and this Addendum. Customer and Sharecare, respectively, will notify the other party no later than five business days after it makes a determination that it can no longer meet its obligations under the Applicable Data Protection Law.

 

Sharecare as a Processor – Processing Customer User Content

 

A. Customer Instructions. Customer appoints Sharecare as a processor to process Customer User Content on behalf of, and in accordance with, Customer’s instructions (i) as set forth in the Agreement, this Addendum, and as otherwise necessary to provide the Services to Customer, and which includes investigating security incidents and preventing spam, fraudulent activity, and violations of the Sharecare Acceptable Use Policy, and detecting and preventing network exploits or abuse; (ii) as necessary to comply with applicable law or regulation, including Applicable Data Protection Law; and (iii) as otherwise agreed in writing between the parties (“Permitted Purposes”). Sharecare may not retain, use, or disclose Customer User Content for any commercial or other purpose, except for the Permitted Purposes or as otherwise permitted by the Applicable Data Protection Law. Without limiting the generality of the foregoing, Sharecare will not retain, use, or disclose Customer User Content outside the direct business relationship between Customer and Sharecare.

 

B. Lawfulness of Instructions. Customer will ensure that its instructions comply with Applicable Data Protection Law. Customer acknowledges that Sharecare is neither responsible for determining which laws or regulations are applicable to Customer’s business nor whether Sharecare’s provision of the Services meets or will meet the requirements of such laws or regulations. Customer will ensure that Sharecare’s processing of Customer User Content, when done in accordance with Customer’s instructions, will not cause Sharecare to violate any applicable law or regulation, including Applicable Data Protection Law.

 

C. Additional Instructions. Additional instructions outside the scope of the Agreement or this Addendum will be agreed to between the parties in writing, including any additional fees that may be payable by Customer to Sharecare for carrying out such additional instructions.

 

Confidentiality

 

A. Responding to Third Party Requests. In the event any Third Party Request is made directly to Sharecare in connection with Sharecare’s processing of Customer User Content, Sharecare will promptly inform Customer and provide details of the same, to the extent legally permitted. Sharecare will not respond to any Third Party Request without Customer’s prior consent, except as legally required to do so or to confirm that such Third Party Request relates to Customer.

 

B. Confidentiality Obligations of Sharecare Personnel. Sharecare will ensure that any person it authorizes to process Customer User Content has agreed to protect personal data in accordance with Sharecare's confidentiality obligations in the Agreement.

 

Subprocessors

 

A. Authorization for Subprocessing. Customer provides a general authorization for Sharecare to engage onward subprocessors that is conditioned on the following requirements:

 

(i) Sharecare will restrict the onward subprocessor’s access to Customer User Content only to what is strictly necessary to provide the Services, and Sharecare will prohibit the subprocessor from processing the personal data for any other purpose;

 

(ii) Sharecare agrees to impose contractual data protection obligations, including appropriate technical and organizational measures to protect personal data, on any subprocessor it appoints that require such subprocessor to protect Customer User Content to the standard required by Applicable Data Protection Law; and

 

(iii) Sharecare will remain liable for any breach of this Addendum that is caused by an act, error, or omission of its subprocessors.

 

B. Current Subprocessors and Notification of Subprocessor Changes. Customer consents to Sharecare engaging third party subprocessors to process Customer User Content within the Services for the Permitted Purposes. Sharecare will provide Customer with a current list of Subprocessors upon Customer’s request. Sharecare will provide details of any change in subprocessors as soon as reasonably practicable.

 

C. Objection Right for new Subprocessors. Customer may object to Sharecare's appointment or replacement of a subprocessor, provided such objection is in writing and based on reasonable grounds relating to data protection. In such an event, the parties agree to discuss commercially reasonable alternative solutions in good faith. If the parties cannot reach a resolution within ninety (90) days from the date of Sharecare’s receipt of Customer’s written objection, Customer may discontinue the use of the affected Services by providing written notice to Sharecare. Such discontinuation will be without prejudice to any fees incurred by Customer prior to the discontinuation of the affected Services.

 

Data Subject Rights

 

In the event that either party receives any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, and data portability, as applicable) requiring action by the other party under the Applicable Data Protection Law, such party will promptly inform such other party in writing. The parties agree to cooperate, in good faith, as necessary to respond to any Third Party Request as necessary and fulfill their respective obligations under Applicable Data Protection Law.

 

Upon Customer’s request, Sharecare will provide reasonable additional and timely assistance to assist Customer in complying with its data protection obligations with respect to data subject rights under Applicable Data Protection Law.

 

Impact Assessments and Consultations

 

Sharecare will provide reasonable cooperation to Customer in connection with any data protection impact assessment (at Customer’s expense only if such reasonable cooperation will require Sharecare to assign significant resources to that effort) or consultations with regulatory authorities that may be required in accordance with Applicable Data Protection Law.

 

Return or Deletion of Customer User Content

 

A. Sharecare will, in accordance with Section 3 (Duration of the Processing) of Schedule 1 (Details of Processing) of this Addendum, delete or return to Customer any Customer User Content stored within the Services.

 

B. Upon termination of the Agreement, Sharecare may retain Customer User Content in storage for the time periods set forth in Schedule 1 (Details of Processing) of this Addendum, provided that Sharecare will ensure that Customer User Content (a) is processed only as necessary for the Permitted Purposes and (b) remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.

 

C. Notwithstanding anything to the contrary in this section, Sharecare may retain Customer User Content, or any portion of it, if required by applicable law or regulation, including Applicable Data Protection Law, provided such Customer User Content remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.

 

Security and Audits

 

A. Security Measures. Sharecare has implemented and will maintain the technical and organizational security measures as set forth in the Agreement. Additional information about Sharecare’s technical and organizational security measures to protect Customer User Content is set forth in Schedule 2 (Technical and Organizational Security Measures) of this Addendum.

 

B. Determination of Security Requirements. Customer acknowledges the Services include certain features and functionalities that Customer may elect to use which impact the security of Customer User Content processed by Customer’s use of the Services. Customer is responsible for reviewing the information Sharecare makes available regarding its data security, including its audit reports, and making an independent determination as to whether the Services meet the Customer’s requirements and legal obligations, including its obligations under Applicable Data Protection Law. Customer is further responsible for properly configuring the Services and using features and functionalities made available by Sharecare to maintain appropriate security in light of the nature of Customer User Content processed as a result of Customer’s use of the Services.

 

C. Security Incident Notification. Sharecare will provide notification of a Security Incident in the following manner:

 

(i) Sharecare will, to the extent permitted by applicable law, notify Customer without undue delay, but in no event later than seventy-two (72) hours after Sharecare’s discovery of a Security Incident impacting Customer User Content of which Sharecare is a processor;

 

(ii) Sharecare will notify Customer of any Security Incident via email to the email address(es) designated by Customer in Customer’s account.

 

Sharecare will make reasonable efforts to identify a Security Incident, and to the extent a Security Incident is caused by Sharecare’s violation of this Addendum, remediate the cause of such Security Incident. Sharecare will provide reasonable assistance to Customer in the event that Customer is required under Applicable Data Protection Law to notify a regulatory authority or any data subjects impacted by a Security Incident.

 

D. Audits. The parties acknowledge that Customer must be able to assess Sharecare’s compliance with its obligations under Applicable Data Protection Law and this Addendum, insofar as Sharecare is acting as a processor on behalf of Customer.

 

E. Sharecare’s Audit Program. Sharecare uses external auditors to verify the adequacy of its security measures with respect to its processing of Customer User Content. Such audits are performed at least once annually at Sharecare’s expense by independent third-party security professionals at Sharecare’s selection and result in the generation of a confidential audit report (“Audit Report”).

 

F. Customer Audit. Upon Customer’s written request at reasonable intervals, and subject to reasonable confidentiality controls, Sharecare will make available to Customer a copy of Sharecare’s most recent Audit Report. Customer agrees that any audit rights granted by Applicable Data Protection Law will be satisfied by these Audit Reports. To the extent that Sharecare’s provision of an Audit Report does not provide sufficient information or Customer is required to respond to a regulatory authority audit, Customer agrees to a mutually agreed-upon audit plan with Sharecare that: (i) ensures the use of an independent third party; (ii) provides written notice to Sharecare in a timely fashion; (iii) requests access only during business hours; (iv) accepts billing to Customer at Sharecare’s then-current rates; (v) occurs no more than once annually; (vi) restricts its findings to only data relevant to Customer; and (vii) obligates Customer, to the extent permitted by law or regulation, to keep confidential any information gathered that, by its nature, should be confidential.

 

International Provisions

 

A. Location of Data. All data processed by Sharecare under the Agreement will be housed in the United States of America.

 

B. Cross Border Data Transfer Mechanisms for Data Transfers. To the extent Customer’s use of the Services requires an onward transfer mechanism to lawfully transfer personal data from a jurisdiction (i.e., the European Economic Area, the United Kingdom, Switzerland, or any other jurisdiction listed in Schedule 3 (Standard Contractual Clauses) of this Addendum) to Sharecare located outside of that jurisdiction (“Transfer Mechanism”), the terms set forth in Schedule 3 of this Addendum will apply.

 

Miscellaneous

 

A. Conflict. In the event of any conflict or inconsistency among the following documents, the order of precedence will be: (1) the terms of this Addendum; (2) the Agreement; and (3) the Sharecare Smart Omix Privacy Policy. Any claims brought in connection with this Addendum will be subject to the terms and conditions, including, without limitation, the exclusions and limitations set forth in the Agreement. If any personal data processed by Sharecare on behalf of Customer constitutes Protected Health Information under the U.S. Health Information Portability and Accountability Act of 1996 (HIPAA), then the Business Associate Agreement entered into between Sharecare and Customer shall supersede this Addendum to the extent there is a conflict between the two documents.

 

B. Failure to Perform. In the event that changes in law or regulation render performance of this Addendum impossible or commercially unreasonable, the parties may renegotiate this Addendum in good faith. If renegotiation would not cure the impossibility or the parties cannot reach an agreement, the parties may mutually agree to terminate the Agreement for convenience.

 

C. Updates. Sharecare may update the terms of this Addendum from time to time; provided, however, Sharecare will provide at least thirty (30) days prior written notice to Customer when an update is required as a result of (a) changes in Applicable Data Protection Law; (b) a merger, acquisition, or other similar transaction; or (c) the release of new products or services or material changes to any of the existing Services. The then-current terms of this Addendum are available at https://www.smartomix.com/dpa.

 

 

 

SCHEDULE 1

DETAILS OF PROCESSING

 

 

1. Nature and Purpose of the Processing. Sharecare will process personal data as necessary to provide the Services under the Agreement and this Addendum. Sharecare does not sell Customer’s personal data or Customer end users’ personal data and does not share such end users’ personal information with third parties for compensation or for those third parties’ own business interests.

 

1.1 Customer User Content. Sharecare will process Customer User Content as a processor in accordance with Customer’s instructions as set forth in the section titled Customer Instructions.

 

1.2 Customer Account Data. Sharecare will process Customer Account Data as a controller for the purposes set forth in subsection (b) of the section titled Controller and Processor (Sharecare as a Controller of Customer Account Data).

 

1.3 Customer Usage Data. Sharecare will process Customer Usage Data as a controller for the purposes set forth in subsection (c) of the section titled Controller and Processor (Sharecare as a Controller of Customer Usage Data).

 

2. Processing Activities. Personal data will be subject to the processing activities of providing the Services.

 

3. Duration of the Processing. The period for which personal data will be retained and the criteria used to determine that period is as follows:

 

3.1 Customer User Content.

 

(a) Services. Prior to the termination of the Agreement, (x) Sharecare will process stored Customer User Content for the Permitted Purposes until Customer elects to delete such Customer User Content via the Services and (y) Customer agrees that it is solely responsible for deleting Customer User Content via the Services. Upon termination of the Agreement, Sharecare will (i) provide Customer thirty (30) days after the termination effective date to obtain a copy of any stored Customer User Content via the Services; (ii) automatically delete any stored Customer User Content thirty (30) days after the termination effective date; and (iii) automatically delete any stored Customer User Content on Sharecare’s back-up systems sixty (60) days after the termination effective date. Any Customer User Content archived on Sharecare’s back-up systems will be securely isolated and protected from any further processing, except as otherwise required by applicable law or regulation.

 

3.2 Customer Account Data. Sharecare will process Customer Account Data as long as required (a) to provide the Services to Customer; (b) for Sharecare’s legitimate business needs; or (c) by applicable law or regulation. Customer Account Data will be stored in accordance with the Sharecare Smart Omix Privacy Policy.

 

3.3 Customer Usage Data. Upon termination of the Agreement, Sharecare may retain, use, and disclose Customer Usage Data for the purposes set forth in Section 1.3 (Customer Usage Data) of this Schedule 1, subject to the confidentiality obligations set forth in the Agreement. Sharecare will anonymize or delete Customer Usage Data when Sharecare no longer requires it for the purposes set forth in Section 1.3 (Customer Usage Data) of this Schedule 1.

 

 

4. Categories of Data Subjects.

 

4.1 Customer User Content. Customer’s end users.

 

4.2 Customer Account Data. Customer’s employees and individuals authorized by Customer to access Customer’s Sharecare account.

 

4.3 Customer Usage Data. Customer’s end users and Customer’s employees and individuals authorized by Customer to access Customer’s Sharecare account.

 

 

5.Categories of Personal Data. Sharecare processes personal data contained in Customer Account Data, Customer User Content, and Customer Usage Data.

 

6. Sensitive Data or Special Categories of Data.

 

6.1 Customer User Content. Sensitive Data (including health information) may, from time to time, be processed via the Services where Customer or its end users choose to include Sensitive Data within the communications that are transmitted using the Services. Customer is responsible for ensuring that suitable safeguards are in place prior to transmitting or processing, or prior to permitting Customer’s end users to transmit or process, any Sensitive Data via the Services.

 

6.2 Customer Account Data and Customer Usage Data.

 

(a) Sensitive Data may be found in Customer Usage Data in the form of health information submitted by the end user and used to populate the end user’s profile.

 

(b) Customer Account Data does not contain Sensitive Data.

 

 

 

SCHEDULE 2

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

 

For the purposes of this Information Security Addendum (“ISA”), “Vendor” shall mean Sharecare Operating Company, Inc., and “Customer” shall mean the entity to which Vendor is providing services in the agreement this ISA appends.

 

I.                Purpose & Disclaimer

 

This Sharecare Information Security Addendum ("ISA") describes the minimum information security program requirements implemented and maintained by Vendor during the course of its performance of services for Customer. Vendor may have additional privacy and security obligations under the terms of other policies or provisions in its contractual relationship with Customer.  

II.              Definitions

1. Information Security - the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.
2. Incident Management – the defined process of monitoring and detection of security events on a computer or computer network and the execution of proper responses to those events.
3. Exception Management – an established process to document and maintain appropriate management approvals for areas, processes or events that do not meet the company defined security policies.
4. Customer Confidential Data – any Customer customer/member records or personal data in the possession of, or accessible by, Vendor or its computer or communication system(s), including personal data of any kind. Examples of this include PHI and PII data, pricing data, and Customer intellectual property.
5. Cyber Security Insurance - insurance designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.
6. Demilitarized Zone (DMZ) - a middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet. Also called a "perimeter network," the DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a firewall. Organizations typically place their web, mail and authentication servers in the DMZ.

 

III.              Security Program and Policy

1. Consistent with applicable data security laws and regulatory requirements, Vendor shall:
   • implement, enforce, and update Information Security policies, standards, processes, and procedures;
   • develop Information Security strategy and maintain sufficient security budget to successfully implement the strategy; and
   • establish critical security processes such as Incident Management and Exceptions Management.
2. Information Security policies must be reviewed and approved by Vendor management no less frequently than annually.
3. Security Risk Management Program – Vendor must maintain a formal risk management function and methodically identify, analyze and mitigate security and technology risks.
4. Sub-contractor Security Program – Vendor must require and verify that its subcontractors maintain security program standards that meet or exceed those of the Vendor.

IV.             Human Resources

1. A security training and awareness program must be in place for all Vendor employees and contractors, and training shall take place upon hire and no less frequently than annually. Upon request, Vendor shall provide Customer with written attestation that all employees and contractors have completed training.
2. Upon hire, Vendor shall conduct background checks on all new employees and contractors.
3. Vendor agrees that any employee or contractor who violates the security requirements of this ISA will be immediately removed and prohibited from providing services to Customer under any agreement, including statements of work or engagement letters, entered into between Customer and Vendor.
4. All Vendor employee and contractor access must be deleted or disabled within 24 hours of termination. In the case of hostile terminations of employees or contractors, access must be deleted or disabled immediately.

V.              Physical, Data and Environmental Security

1. Access for all persons to Vendor premises, buildings, and areas must be justified, authorized, logged and monitored. Appropriate steps must be taken by Vendor to protect documents and media containing sensitive information.
2. Upon confirmed breach of this ISA and Customer’s request, Vendor shall provide complete and auditable records of employees and contractors who may have had access to Customer Confidential Data, including at a minimum, their identity and date and time of access.
3. All Customer Confidential Data shall be stored in a secure data center, and such data center shall provide to Customer upon request an ISO 27001 certificate or a Service Organization Control (SOC 2) report.
4. All Customer Confidential Data must be encrypted in transit and at rest.

VI.             Audits, Assessments, Certifications and Insurance

1. Notice of Audits and Certifications. Upon request from Customer, Vendor shall provide Customer with data relating to the following audits of and certifications relating to Vendor’s business and operations:

 

1. External Network Security Assessment. No less frequently than annually, Vendor shall engage an independent third party to complete an external network assessment that shall include in the scope the services provided to Customer. Vendor shall provide Customer with the full report or at a minimum a signed letter of attestation from this assessor and an overview of any critical or high issues noted by third party.
2. Internal Network Security Assessment. No less frequently than biennially, Vendor shall engage an independent third party to complete an internal network assessment (including social engineering tests) that shall include in the scope the services provided to Customer. Vendor shall provide Customer with the full report or at a minimum a letter of attestation from this assessor and an overview of any critical or high issues noted by third party.
3. Customer Assessment. Upon request and 60 days advanced notice, Customer or a third party on Customer’s behalf may perform an audit to ensure compliance with this Document. Vendor is responsible for ensuring appropriate personnel are available for questions and ensuring audit records are provided in a timely manner. Any critical or high issues noted during audit must be remediated within mutually agreeable timeframe.
   
   ii. Vendor must maintain Cyber Security Insurance policy that includes services provided to Customer.

VII.           Network Security and Other Security Controls

1. Perimeter Defense – Vendor must deploy a multilayered perimeter defense of its system by use of firewalls, proxies and DMZs. Vendor must implement and maintain rules for allowing inbound and outbound traffic.
2. Data Loss Prevention – Vendor must monitor networks, user activities and system processes to prevent and detect unauthorized data movements.
3. Malware Defenses - Vendor must monitor workstations, servers, and mobile-devices for active, up-to-date anti-malware protection with anti-virus, and procedures to ensure antivirus checking for all incoming files.
4. Access Control – All access must follow the minimal necessary and “least privileged” principles. Vendor must maintain appropriate access by implementing access approval, termination and revalidation processes and procedures. This should include appropriate segregation of duties (e.g., developers do not have access to production data, etc.).
5. Controlled Use of Administrative Privileges – Vendor must ensure all service accounts have long and difficult-to-guess passwords that are changed on a periodic basis or is set to not allow interactive login. Passwords for all systems must be stored in a hashed or encrypted format.
6. Secure Configurations – Vendor must develop, implement, and maintain secure configuration standards for hardware and software, including networking devices, operating systems, databases and applications. Vendor must enforce use of strong authentication and secure protocols.
7. Maintenance, Monitoring and Analysis of Audit Logs – Vendor must log user and system activities around data, ensure integrity of log files, and implement activity review procedures and tools.
8. Inventory of Information Assets – Vendor must maintain a detailed inventory of information assets complete and accurate with proper classification, ownership, location, value and criticality.
9. Change Management – Vendor must use formal, documented change management procedures for any modifications to systems, infrastructure, equipment, software/applications, or other elements related to the services performed for Customer.

VIII.          Vulnerability Management and Application Security Testing

1. Application Software Security - Both internally developed and third-party application software must be carefully tested by Vendor for security vulnerabilities. For third-party software, Vendor must verify that its suppliers have conducted detailed security testing of their products. For in-house developed applications, Vendor must conduct such testing itself or engage an outside firm to complete the testing. Findings must be remediated within an established reasonable timeframe. Vendor’s developers must be trained in secure coding techniques and security testing integrated into the System Development Lifecycle.
2. Continuous Vulnerability Assessment and Remediation – Vendor must maintain vulnerability and patch management processes for all software and hardware. All servers and workstations must be scanned by Vendor for vulnerabilities no less than monthly, and have defined remediation timelines to remediate any vulnerabilities that are noted.
3. Corrective Action. If during an audit Vendor is found to be not compliant with the stipulations in this ISA, a corrective action plan will be put in place and reviewed yearly if not closed.

IX.             Business Continuity Management Program

1. Business Continuity Program - At all times during the term of its agreements with Customer, including statements of work and engagement letters, Vendor will maintain and adequately support a Business Continuity Management Program that ensures the continuous operation and, in the event of an interruption, the recovery of all material business functions needed to meet Vendor’s contractual obligations to Customer.
2. Business Continuity Plan (which includes a Disaster Recovery (IT) Plan) - Vendor shall develop, implement, maintain, and exercise a written Business Continuity Plan (the "Plan").
3. Delivery of the Plan - Upon request from Customer and within 30 days, Vendor shall provide review to Customer of Vendor’s then-current official company Plan.
4. Content - The Plan must, at a minimum, describe the actions and resources required to provide for the continuous operation, and in the event of any interruption, the recovery of Vendor’s contractual obligations to Customer under all agreements, including statements of work and engagement letters. Resources are defined as including, but not limited to, all people and facility resources and required systems, hardware, software and data. The recovery of systems, hardware, software and data must be within a Recovery Time Objective (RTO) sufficient to sustain contracted levels of service. Included as part of the required data, Vendor must provide Recovery Point Objective (RPO).
5. Updates - Vendor shall update and re-publish the Plan whenever there is a significant or material change in Vendor’s systems, recovery strategies, recovery resources, actions described in the Plan or other data affecting Vendor’s contractual obligations to Customer under all agreements, including statements of work and engagement letters, but no less frequently than at least once in every 12-month period.
6. Exercises - Vendor shall exercise the Plan no less than annually and provide review to Customer of the exercise results.

X.              Incident Reporting

1. In the event of a confirmed or suspected breach of Customer Confidential Data, Vendor shall notify Customer Information Security as soon as possible and within 72 hours of discovery. This notification is in addition to, but can be coordinated with, any other contractual reporting requirements.

 

 

SCHEDULE 3

STANDARD CONTRACTUAL CLAUSES

 

I. Incorporation of SCCs

With respect to transfers of Personal Data across national borders to other countries that have not been recognized under the applicable Data Protection Legislation as an Adequate Jurisdiction, the Parties hereby agree to be bound by, where applicable:

 

1. For transfers of Personal Data from the EEA to a Non-Adequate Jurisdiction and for transfers of Personal Data from Brazil, Israel, Japan, Mexico, the Philippines, Singapore, and South Korea (“Applicable Data Transfer Jurisdiction”) to a Non-Adequate Jurisdiction, the Controller to Processor SCCs are deemed incorporated into this DPA in their entirety and without alteration, except as noted below. To the extent that the data importer is subject to the extra-territorial scope of Article 3(2) of the GDPR with respect to the specific processing, the obligations imposed to the data importer by the GDPR shall prevail over its obligations under the SCCs, where the latter are less strict. For reference, the official SCCs are available at the following link:https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en or any subsequent link published by the European Union Publications Office;
   
   
2. For transfers of Personal Data from the UK to a non-Adequate Jurisdiction, the UK Controller-to-Processor SCCs are deemed incorporated into this DPA in their entirety and without alteration, except as noted below. For reference, the UK Controller-to-Processor Standard Contractual Clauses are available at the following link: https://ico.org.uk/media/for-organisations/documents/2620100/uk-sccs-c-p-202107.docx or any subsequent link published by the UK Information Commissioner’s Office.

 

The parties’ signature to this DPA shall be considered as a signature for the Standard Contractual Clauses.

 

II. Adjustments to the SCCs for Personal Data Transfers from Switzerland

 

1. To the extent that the data exporter transfers Personal Data related only to Swiss data subjects to a Non-Adequate Jurisdiction, the Swiss Federal Act on Data Protection of 19 June 1992 (“FADP”) applies to the transfers of the Personal Data and, therefore, the following adjustments to the SCCs shall apply to ensure an adequate level of protection for the transfers of Personal Data outside Switzerland in accordance with the FADP:

 

i. Annex I.C under Clause 13 of the SCCs:

 

The competent supervisory authority is the Federal Data Protection and Information Commissioner (“FDPIC”);

ii. Clause 17 of the SCCs:

 

The law governing the Standard Contractual Clauses is Swiss law;

iii. The use of the term ‘EU Member State’ in the SCCs must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18 of the SCCs;

iv. References to the GDPR in the SCCs are to be understood as references to the FADP; and

v. The SCCs also protect the data of legal entities until the entry into force of the revised FADP (scheduled to come into force in the second half of 2022).

 

2. To the extent that the data exporter transfers Personal Data related to Swiss and EEA data subjects or if the transfers of Personal Data are otherwise subject to the extraterritoriality provisions of the EU GDPR (Article 3), the FADP and the GDPR apply in parallel to the transfers of Personal Data. In this case, the Parties agree that the GDPR standard will apply to the transfers of Personal Data because the GDPR provides adequate protection and data subjects are consequently not disadvantaged as a result of the transfers. The following adjustments to the SCCs shall apply:

 

1. Annex I.C under Clause 13 of the SCCs: The competent supervisory authorities are the FDPIC, insofar as the transfers of Personal Data are governed by the FADP, and the EEA competent supervisory authority as indicated in Annex I.C of the SCCs, insofar as the transfers of Personal Data are governed by the GDPR;
   
   
2. the use of the term ‘EU Member State’ in the SCCs must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18 of the SCCs; and
   
   
3. the SCCs also protect the data of legal entities until the entry into force of the revised FADP (scheduled to come into force in the second half of 2022).

 

III. UK SCCs

 

When a data exporter processes Personal Data from the UK to a non-Adequate Jurisdiction and the data exporter acts as a Controller and the data importer processes Personal Data in its capacity as a Processor, the UK Controller-to-Processor SCCs apply. With respect to the UK Controller-to-Processor SCCs, the Parties hereby further agree that the details of the processing and the description of the technical and organizational security measures are set forth in Schedule 1 of this DPA (Details of Processing) and Schedule B (Technical and Organizational measures) of this DPA.