CANADIAN SERVICE ADDENDUM

THESE ADDITIONAL TERMS PERTAIN TO CUSTOMERS IN CANADA (“CANADIAN SERVICE ADDENDUM”). THIS CANADIAN SERVICE ADDENDUM IS INCORPORATED INTO SERVICE AGREEMENTS WITH CUSTOMERS WHO RESIDE IN CANADA. YOUR EXECUTION OF A CUSTOMER ORDER FOR SERVICES CONSTITUTES YOUR AGREEMENT TO BE BOUND BY THESE ADDITIONAL TERMS. YOU ACKNOWLEDGE AND AGREE THAT BEHAVIORSOFT HAS THE RIGHT TO ESTABLISH TERMS FOR THE CONTINUED USE OF OUR SERVICES. ACCORDINGLY, BEHAVIORSOFT RESERVES THE RIGHT TO MODIFY THESE TERMS FROM TIME TO TIME WITH OR WITHOUT NOTICE TO YOU. YOU AGREE THAT YOUR USE OF THE SERVICES CONSTITUTES YOUR AGREEMENT TO ANY SUCH MODIFICATION. IN THE EVENT OF ANY CONFLICT BETWEEN YOUR SERVICE AGREEMENT AND THIS CANADIAN SERVICE ADDENDUM, THE TERMS OF THIS CANADIAN SERVICE ADDENDUM SHALL CONTROL.

 

  1. DEFINITIONS

Terms not defined herein shall have the meaning set for forth in the Terms of Service or Additional Agreements, as applicable.

  1. DATA PROTECTION SCHEDULE

For all Customers located in Canada, references in the Terms of Service or Additional Agreements to the “Business Associate Agreement” shall be deemed to be references to the Data Protection Schedule attached as Appendix A to this Canadian Service Addendum.

  1. APPLICALE PRIVACY LAW

All references in the Service Agreement, including within this Canadian Service Addendum, to “applicable privacy laws” shall include the Personal Information Protection and Electronic Documents Act (Canada) or applicable provincial privacy laws that govern the collection, use, or disclosure of personal information or personal health information.

  1. TRANSFER OF DATA

Customer Information may be transferred to and stored in the United States for the purposes of providing the Services in accordance with the Terms of Service. When Customer Information is stored or processed in jurisdictions outside of Canada, it may be subject to the laws of and be accessible by legal authorities in such other jurisdictions, including in the United States. Behaviorsoft has taken appropriate technical, organizational, and legal steps to secure this information.  Customer warrants and represents it has all legal authority to transfer Customer Information to Behaviorsoft in accordance with the terms of the Service Agreement.

  1. LANGUAGE

The parties have requested that the Service Agreement, including this Canadian Service Addendum, and all communications and documents relating thereto be expressed in the English languageLes parties ont exigé que la présente convention ainsi que tous les documents s'y rattachant soient rédigés dans la langue anglaise.

 

Appendix A

Data Protection Schedule

  1. Compliance with Laws

Behaviorsoft hereby agrees that in order to carry out its duties and obligations under the Service Agreement, Behaviorsoft may have access to personal information or personal health information as defined in applicable privacy laws (collectively “PI”), and that at all times during the term of the Service Agreement, Behaviorsoft, in dealing with PI, will comply with the requirements of applicable privacy laws, as amended from time to time, relating to PI.

  1. Control of and Rights in PI

Control of PI shall at all times remain with Customer. Behaviorsoft acknowledges and agrees that nothing gives Behaviorsoft any right, title or interest in any PI.

  1. Access to and Use of PI

Behaviorsoft shall only access and use PI on a need to know basis for the purposes contemplated in the Service Agreement.

  1. Return or Destruction of PI

Upon the written request of Customer at any time and for any reason whatsoever, Behaviorsoft will promptly return to Customer all PI in Behaviorsoft's possession and confirm delivery to Customer in writing. Alternatively, if specifically instructed by the Customer in writing, Behaviorsoft shall at any time and for any reason securely dispose of any PI in its possession and confirm such destruction in writing to Customer. If for any reason PI in Behaviorsoft's possession pursuant to the Service Agreement is not returned to Customer or disposed of, as applicable, Behaviorsoft's obligations under this Schedule will continue in force notwithstanding any termination or expiration of the Service Agreement.

  1. Disclosure to Third Parties

Except as specifically permitted by the Service Agreement (including, without limitation, pursuant to section 6 of this Schedule below), Behaviorsoft shall not disclose (and will not allow any of its employees, agents or representatives to disclose) in any manner whatsoever any PI to any third party without the prior written consent of Customer and Behaviorsoft hereby acknowledges that such consent will only be provided if: (a) such disclosure is required in order for Behaviorsoft to perform its service obligations pursuant to the Service Agreement; (b) such disclosure is permitted under applicable privacy laws; (c) the third party agrees, in writing, to protect the confidentiality and security of the PI to at least the extent provided by this Schedule; and (d) Customer is otherwise satisfied, in its discretion, with the status, quality and reputation of the third party.

If Behaviorsoft becomes legally compelled to disclose any of the PI, it will to the extent permitted by law provide Customer with prompt written notice thereof prior to disclosure.

  1. Employees of Behaviorsoft and Behaviorsoft's Subcontractors Bound

Behaviorsoft and Customer hereby further acknowledge and agree that, in order for Behaviorsoft to fulfill its service obligations under the Service Agreement, Behaviorsoft shall be permitted to grant its employees (or employees of Behaviorsoft's subcontractors) access to PI. Behaviorsoft hereby agrees that:

    • it will only make PI available to its employees (or employees of Behaviorsoft's subcontractors) to the minimum extent necessary for the purpose of fulfilling Behaviorsoft's obligations under the Service Agreement; and
    • it will cause, or has caused, each of its employees (or employees of Behaviorsoft's subcontractors) providing services on behalf of Behaviorsoft under the Service Agreement to agree, in writing, to protect the confidentiality and security of the PI to at least the extent provided by this Schedule.

Behaviorsoft will properly advise and train each of its employees (or employees of Behaviorsoft's subcontractors) providing services under the Service Agreement of the requirements of Behaviorsoft under this Schedule and applicable privacy laws. Behaviorsoft specifically assumes all responsibility for its employees (or employees of Behaviorsoft's subcontractors) for the breach by any of them of any provisions of this Schedule or such laws. For further clarification, Behaviorsoft will ensure each Behaviorsoft subcontractor signs an agreement to protect and maintain the confidentiality of the PI to the same extent provided for in this Schedule and the Service Agreement.

  1. Audit

Behaviorsoft will provide (a) Customer's internal auditor; and/or (b) a nationally recognized Canadian audit firm appointed by Customer, upon fifteen (15) days' prior written notice, with reasonable access to relevant books, records and facilities related to the Service Agreement in order to conduct appropriate audits, examinations and inspections to ensure Behaviorsoft's compliance with this Schedule. Except as otherwise provided below, such audits, examinations and inspections will be conducted at Customer's expense and may be conducted periodically during the term of the Service Agreement, at a frequency as mutually agreed in writing by Customer and Behaviorsoft, but not more than once per year. Behaviorsoft will provide access to information reasonably required by Behaviorsoft's auditors to perform such audits.

  1. Remedies

Behaviorsoft agrees that, in addition to any other rights or remedies Customer may have for breach of this Schedule, Customer has the right to an injunction or other equitable relief in any court of competent jurisdiction enjoining a threatened or actual material breach of this Schedule by Behaviorsoft.

  1. No Withholding

Behaviorsoft shall not be entitled to, and hereby waives forever any and all right to withhold any PI from Customer to enforce any alleged payment obligation or in connection with any dispute relating to the terms of the Service Agreement or any other matter between Customer and Behaviorsoft.

  1. Location of the PI

Behaviorsoft may possess and maintain the PI only in Canada or, where permitted by applicable privacy laws, the United States. The PI may not be possessed, stored or maintained at any other location without the prior written consent of Customer. At the written request of Customer, Behaviorsoft shall provide Customer with prompt assistance with the retrieval of PI (for example, to assist with access requests).

  1. Security and Segregation of PI

Behaviorsoft shall have in place reasonable policies, procedures and safeguards to protect the confidentiality and security of the PI. Behaviorsoft shall ensure the physical security of the PI by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss or modification. Such security arrangements shall include, without limitation, reasonable technical, physical and administrative safeguards. Without limiting the generality of the foregoing, Behaviorsoft shall take reasonable steps to: (a) ensure that all PI is securely segregated from any information owned by Behaviorsoft or third parties, including access barriers, physical segregation and password authorization; and (b) ensure that procedures are in place to authenticate the identity of individuals and of those persons to whom PI is disclosed.

  1. Compliance with Access Requests

If Behaviorsoft receives a request for access to, amendment or correction to, or disclosure of any PI from any person (other than Customer), Behaviorsoft shall promptly advise the applicant to make the request to the Customer and, if Customer has advised Behaviorsoft of the name or title and contact information of a specific official of Customer to whom such requests are to be made, Behaviorsoft shall also promptly provide that official's name or title and contact information to the applicant.

  1. Breach Notification

Behaviorsoft shall promptly notify Customer in writing in the event Behaviorsoft becomes aware of, or reasonably suspects, any unauthorized or improper access to, use of or disclosure of any PI. Behaviorsoft agrees to comply with all reasonable requests from Customer in relation to such breach and, in consultation with Customer and subject to any directions from Customer, take all reasonable steps to mitigate any harmful effect resulting from any such unauthorized access to, use or disclosure of PI.

  1. Assistance with Complaints/Investigations

Behaviorsoft shall co-operate with, and assist in, any investigation of a complaint that any PI has been collected, used or disclosed contrary to applicable privacy laws, whether such investigation is conducted by Customer or a body having the legal authority to conduct the investigation. For greater certainty, the foregoing shall apply in respect of any formal or informal review or investigation conducted by an Information and/or Privacy Commissioner.

  1. Privacy Representative

Behaviorsoft has appointed a representative to be responsible for its compliance with this Schedule, Perry Pappas, the Chief Compliance Office of Behaviorsoft (the "Privacy Representative"). The Privacy Representative may be reached out privacy@Behaviorsoft.com. Behaviorsoft may designate an alternative individual to serve as the Privacy Representative by updating this section of this Schedule or by providing written notice to the Customer.