Citus Health HIPAA Compliance and Release
Types of Data collected
Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies, Usage data, first name, last name, gender, date of birth, phone number, address, country, state, province, email address, ZIP/Postal code, Various types of Data, city, User ID, username and geographic position.
The Personal Data may be freely provided by the User, or collected automatically when using this Application.
Failure to provide certain Personal Data may make it impossible for this Application to provide its services.
Users are responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to the Owner.
Mode and Place of Processing the Data
The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.
For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System logs) or use for this purpose other Personal Data (such as IP Address).
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.
This Application does not support “Do Not Track” requests.
To determine whether any of the third party services it uses honor the “Do Not Track” requests, please read their privacy policies.
The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Access to third party services’ accounts, Registration and authentication, Analytics, Contacting the User, Managing contacts and sending messages, Content commenting, Displaying content from external platforms, Hosting and backend infrastructure, Interaction with external social networks and platforms, Interaction with online survey platforms, Interaction with support and feedback platforms, Location-based interactions, Managing support and contact requests and Social features.
The Personal Data used for each purpose is outlined in the specific sections of this document.
The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. ?The updated list of these parties may be requested from the Data Controller at any time.
Definitions and Legal References
The hardware or software tool by which the Personal Data of the User is collected.
The individual using this Application, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refers.
The legal or natural person to whom the Personal Data refers.
Small piece of data stored in the User’s device.
Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
Information collected automatically from this Application (or third party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the ?country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
Citus Health Terms of Service and EULA
End User License Agreement
This End User License Agreement (this “EULA”) governs the access and use of the Services (as defined below) provided by Citus Health Inc., a Delaware corporation (“Citus”). By accessing or using the Services, you and/or any entity for which you act on behalf of (the person or entity to use the Services, “User”) hereby consent to this EULA and agree to all its terms. If User is an entity, the term User shall include User, and all of User’s affiliates, employees, representatives, contractors, and users of the Services. The agreement by an employee, consultant or contractor acting on behalf of an entity to these terms will be deemed to be the agreement of that entity. Any such employee, consultant or contractor hereby represents and warrants that he, she or it has authority, or has been provided authority, to bind the entity to the terms and conditions of this EULA.
In the event User and Citus have both executed a written Services Agreement which governs access to or use of the Services, then the terms of that Services Agreement shall govern and control to the extent there is a direct conflict between the terms of this EULA and the terms of that Services Agreement.
Each of User and Citus may be referred to herein as a “party,” and User and Citus together may be referred to as the “parties.”
Permitted Uses and Restrictions
“Services” means the software as a service (SaaS) enterprise supply management and healthcare messaging system provided by Citus through its website (http://citushealth.com, the “Website”) and mobile application (the “App”), including all software and support services necessary to ensure the functionality and availability of the supply management and healthcare messaging services.
Subject to the terms and conditions of this EULA, during the applicable EULA Term (as defined below), Citus grants User a non-exclusive, non-transferable and non-sublicensable right for User to access, download and use the Services in conjunction with User’s internal business purposes and in accordance with Citus’ applicable documentation.
User is granted permission to access, download and use the Services, provided that User shall:
- Not use the Services for any illegal or unauthorized purpose or beyond the scope of the Services expected use;
- Not intentionally interfere with the operation of the Services or with any other person’s use of the Services;
- Not intentionally gain unauthorized access to the Services;
- Be solely liable for User’s, including without limitation all of its employees, affiliates, consultants, service providers, and users conduct, acts and omissions;
- Not alter, modify, adapt, reverse engineer, decompile, disassemble or hack the Services, or create derivative works from the Services;
- Not merge the Services with other software;
- Not resell, sell, lease, lend, redistribute, sublicense, assign or otherwise transfer the Services to any third party;
- Not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code for the Services;
- Not remove or alter any copyright notices or other notices included in the Services;
- Not alter or modify another website to falsely imply that it is associated with Citus;
- Not use the Services to create or transmit unwanted email, junk email, bulk email, promotions, spam or content that includes any advertising;
- Not intentionally transmit any viruses, bugs, worms, or any other computer code of a destructive nature or that may harm a network, computer, server, hardware, software or telephone equipment using the Services;
- Not violate anyone else’s legal rights (e.g. privacy rights) or any laws (e.g. copyright laws) in User’s jurisdiction while using the Services;
- Remain solely responsible for any message data sent from User’s account;
- Use the Services in accordance with all applicable laws;
- Not use any data mining, robots, or similar data gathering and extraction methods in connection with the Services;
- Not impose an unreasonable burden on the Services or network;
- Not breach, or attempt to breach, the security of the Services;
- Not use the Services or export the Services in violation of U.S. export laws and regulations;
- Not solicit any activity, unlawful or otherwise, that infringes Citus’ rights or the rights of any other party;
- Not enable others to violate any of these terms and conditions; and
- Ensure that all users of the Services are at least 18 years of age or older.
A violation of any of the terms in this EULA by User may result in the termination of User’s Citus account and User’s ability to access or use the Services, in Citus’ sole discretion.
User acknowledges that the Services, and their respective structures, organization, documentation, software and source code constitute valuable intellectual property of Citus and are owned solely by Citus. Citus does not grant and User acknowledges that it shall have no right, license or interest in any of the patents, copyrights, trademarks, or trade secrets owned, used or claimed now or in the future by Citus. No title to or ownership of the intellectual property contained in the Services, the software, or any part of the Services or the software, as well as all enhancements, updates, modifications, local versions or any derivatives of the Services or the software, or any and all intellectual property and proprietary rights therein, or Citus’ confidential information is transferred to User.
“Citus” and other Citus graphics, logos, designs, page headers, button icons, scripts and service names are trademarks in the United States. Citus’ trademarks and trade dress, as well as third party trademarks, logos and service marks used in conjunction with the Services, may not be used in connection with any product or service in any manner that is likely to cause confusion and may not be copied, imitated, or used, in whole or in part, without the prior written permission of Citus.
User represents and warrants that User fully understands and acknowledges that (i) the Services are intended to deliver non-critical, non-emergency messages between users; (ii) the Services are dependent upon a number of factors outside the control of Citus, including but not limited to, the operation of third party provided hardware and network services; (iii) the Services are not a substitute for any of User’s current systems of administering and safeguarding medical treatment and/or medicine; patient services, data and information; and communications; (iv) there may be occasional communication failures or delays in the delivery or receipt of properly sent Citus messages, and (v) the Services are not expected to perform at the same level of performance and/or reliability one might expect from medical devices used in the delivery of critical medical care environments.
By using the Services, User grants Citus permission to send all User end users messages regarding the Services, its features, service alerts, and network activity. Notwithstanding the foregoing, it is User’s responsibility to frequently check Citus’ webpage at http://citushealth.com or updates with respect to the Services. User’s continued use of the Services after such updates will constitute its acceptance of the changes.
As a condition of accepting and consenting to this EULA, User hereby accepts Citus’ HIPAA Policy set forth under http://www.citushealth.com/hipaa, as fully incorporated by reference herein.
Term and Termination
This EULA shall be effective as of the date User accepts the terms herein or first accesses, downloads or uses any of the Services (the “Effective Date”) and shall remain in effect for so long as User uses or accesses any of the Services (the “EULA Term”). Upon termination of the EULA Term, User shall no longer be permitted to use or access the Services. The terms herein that contemplate obligations after the EULA Term, including but not limited to Indemnification, Disclaimer, Limitation of Liability, Controlling Law and Severability, and Confidentiality, shall survive termination.
User shall own all of User’s message data, text, information, screen names, graphics, photos, profiles, audio and video clips, links and other content and materials that User submits and/or transmits using the Services, (collectively, “Data”), and Citus acknowledges that it will not acquire any rights in Data. Citus shall only use Data to fulfill its contractual obligations. User shall be fully liable and responsible to ensure that Data does not violate any law, regulation under any U.S. state or federal laws, or any laws of User’s jurisdiction, or the terms herein. Citus shall not be responsible for maintaining backups of Data on Citus systems. All Data will be processed and stored within the geographic limits of the United States of America. Upon the termination of User’s Citus account, Data will no longer be stored on Citus’ systems.
Citus may (i) issue a press release within thirty (30) days from the Effective Date regarding User’s selection and/or use of the Services, the content of which User and Citus will mutually agree upon prior to publication, and (ii) include User’s name and/or logo in the list of customers that Citus provides to its then current or prospective customers.
Multiple Healthcare Organization Users
User acknowledges that some of its authorized end users may desire to work with other healthcare organizations and that the authorized end users of other or multiple healthcare organizations may desire to work with User (each such authorized end user shall be referred to as a “MHO User”). In order to facilitate use of the Services for MHO Users, and not withstanding anything to the contrary in any other document, User gives Citus permission to share the name, phone number(s), email address(es), job title and department of MHO Users (“Contact Details”) with applicable organizations, including User, and User shall be required to treat such Contact Details in the same manner it treats other Confidential Information.
“Confidential Information” means any non-public data, information and other materials regarding the products, software, services, prices and discounts, or business of a party (and/or of third parties, to the extent a party is bound to protect the confidentiality of any third ’parties’ information) provided by a party, its employees, contractors or affiliates (“Disclosing Party”) to the other party (“Receiving Party”) where such information is marked or otherwise communicated as being “proprietary” or “confidential” or the like, or where such information should, by its nature, be reasonably considered to be confidential and/or proprietary. The parties agree, without limiting the foregoing, that any performance and security data, product roadmaps, source code, benchmark results, and technical information relating to the Services, including pricing information, shall be deemed the Confidential Information of Citus. Notwithstanding the foregoing, Confidential Information shall not include information which: (i) is already known to the Receiving Party without the obligations of confidentiality prior to disclosure by the Disclosing Party; (ii) becomes publicly available without fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without restriction as to disclosure, or is approved for release by written authorization of the Disclosing Party; (iv) is independently developed or created by the Receiving Party without use of the Disclosing Party’s Confidential Information; or (v) is required to be disclosed by law or governmental regulation, provided that the Receiving Party provides reasonable notice to Disclosing Party of such required disclosure to the extent allowed by applicable law, and reasonably cooperates with the Disclosing Party in limiting such disclosure. Except as expressly authorized herein, the Receiving Party shall: (i) use the Confidential Information of the Disclosing Party only to perform hereunder or exercise rights granted to it hereunder; and (ii) treat all Confidential Information of the Disclosing Party in the same manner as it treats its own similar proprietary information, but in no case will the degree of care be less than reasonable care.
User agrees to defend, indemnify, hold harmless and defend Citus and its officers, shareholders, predecessors, successors in interest, directors, employees, agents, subsidiaries, affiliates, licensors and suppliers from and against any and all claims, charges, complaints, damages, losses, liabilities, costs and expenses (including attorneys’ fees and expert fees) due to, arising out of or relating in any way to User’s use of, or access to, the Services.
USER EXPRESSLY ACKNOWLEDGES AND AGREES THAT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, USE OF THE SERVICES IS AT USER’S SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH USER. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND, AND CITUS HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH RESPECT TO THE SERVICES, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, QUIET ENJOYMENT, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. CITUS DOES NOT WARRANT AGAINST INTERFERENCE WITH USER’S ENJOYMENT OF THE SERVICES, THAT THE FUNCTIONS CONTAINED IN OR PERFORMED BY THE SERVICES WILL MEET USER’S REQUIREMENTS, THAT THE OPERATION OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ANY UPDATE WILL CONTINUE TO BE MADE AVAILABLE, THAT DEFECTS IN THE SERVICES WILL BE CORRECTED, OR THAT THE SERVICES WILL BE COMPATIBLE OR WORK WITH ANY THIRD PARTY SOFTWARE, APPLICATIONS OR THIRD PARTY SERVICES. INSTALLATION OF THE SERVICES MAY AFFECT THE USABILITY OF THIRD PARTY SOFTWARE, APPLICATIONS OR THIRD PARTY SERVICES. USER FURTHER ACKNOWLEDGES THAT THE SERVICES ARE NOT INTENDED OR SUITABLE FOR USE IN SITUATIONS OR ENVIRONMENTS WHERE THE FAILURE OR TIME DELAY OF, OR ERRORS OR INACCURACIES IN, THE CONTENT, DATA OR INFORMATION PROVIDED BY THE SERVICES COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL, FINANCIAL OR ENVIRONMENTAL DAMAGE. USING THE SERVICES FOR TRADING SECURITIES IS NOT PERMITED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CITUS OR AN APPROVED REPRESENTATIVE SHALL CREATE A WARRANTY. SHOULD THE SERVICES PROVE DEFECTIVE, USER ASSUMES THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION, IF APPLICABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON APPLICABLE STATUTORY RIGHTS OF A CONSUMER, SO THE ABOVE EXCLUSIONS AND LIMITATIONS MAY NOT APPLY.
Limitation of Liability
Except where prohibited by law, in no event will Citus, its officers, shareholders, predecessors, successors in interest, directors, employees, agents, subsidiaries, affiliates, licensors and suppliers be liable for any indirect, special, punitive, incidental, exemplary or consequential damages even if Citus has been advised of the possibility of such damages or any direct damages that result from: (1) the use of, or inability to use, the Services; (2) the performance of the Services; or (3) any failure in the Services. User assumes total responsibility for the use of the Services. User’s only remedy against Citus for dissatisfaction with the Services is to stop using the Services. If, notwithstanding the terms herein, Citus is found liable to User for any damage or loss which arises out of or is in any way connected with User’s use of the Services, Citus’ liability shall in no event exceed the amount paid by User to Citus during the previous six (6) months. In addition to the forgoing limitations of liability, User agrees that User will not join any claim against Citus with the claim of any other person or entity in a lawsuit, arbitration or other proceeding; that no claim User has against Citus shall be resolved on a class-wide basis; and that User will not assert a claim in a representative capacity against Citus on behalf of anyone else.
In the event any suit or other action is commenced to construe or enforce any provision of this EULA, the prevailing party, in addition to all other amounts such party shall be entitled to receive from the other party, shall recover its reasonable attorneys fees and court costs.
The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.
Any notice required or permitted to be given in accordance with this EULA shall be in writing. Notices to Citus shall be sent by personal delivery, registered or certified mail (return receipt requested, postage prepaid) or commercial express courier (with written verification of receipt) to: Citus Health Inc., 181 East 119th Street, 8C, New York, New York, United States. For contractual purposes, User consents to receive communications from Citus electronically. Notices sent to User shall be sent by personal delivery, electronic mail, registered or certified mail (return receipt requested, postage prepaid) or commercial express courier (with written verification of receipt) to the address listed on User’s account. All notices will be deemed given: (i) when delivered personally; (ii) 24 hours after electronic mail is sent, unless Citus is notified that the email address is invalid; (iii) five (5) days after having been sent by registered or certified mail (or ten (10) days for international mail); or (iv) one (1) day after deposit with a commercial express courier specifying next day delivery (or two (2) days for international courier packages specifying 2-day delivery). Either party may change its address for receipt of notice by notice to the other party in accordance with this Section.
The parties agree that a material breach of this EULA adversely affecting Citus’ intellectual property rights in the Services or the Confidential Information may cause irreparable injury to Citus for which monetary damages would not be an adequate remedy and Citus shall be entitled to equitable relief (without a requirement to post a bond) in addition to any remedies it may have hereunder or at law.
This EULA may not be assigned or transferred, in whole or in part, without the other party’s prior written consent, provided that Citus expressly reserves the right to assign this EULA in its entirety to a successor in interest of all or substantially all of its business or assets. Any action or conduct in violation of the foregoing shall be void and without effect. Subject to the foregoing, all rights and obligations of the parties hereunder shall be binding upon and inure to the benefit of and be enforceable by and against the successors and permitted assigns. Citus may delegate any of its obligations hereunder, provided that it shall remain fully liable and responsible for its delegates’ actions or inactions in violation of this EULA.
Controlling Law and Severability
This EULA and all matters arising out of or relating to this EULA shall be governed by and construed in accordance with the laws of the State of New York, without regard to any conflict of law provisions. Each party irrevocably agrees that any claim brought by it in any way arising out of this EULA must be brought solely and exclusively in state or federal court located in New York County, New York, including any appellate matters thereof, and each party irrevocably accepts and submits to the sole and exclusive jurisdiction of each of the aforesaid courts, generally and unconditionally, with respect to any action, suit, or proceeding brought by it or against it by the other party.
In the event any one or more of the terms or provisions contained in this EULA shall be declared by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions of this EULA or any application thereof shall not in any way be affected or impaired, except that, in such an event, this EULA shall be deemed revised in order to provide the party adversely affected by such declaration with the benefit of its expectation, evidenced by the provision(s) affected by such a declaration, to the maximum extent legally permitted.
Citus shall not be liable to the other for failure to perform if said failure results, directly or indirectly, from government action or inaction, mechanical or electrical breakdown, or natural disaster. In the event Citus excuses its performance of any of its requirements or otherwise invokes the Force Majeure, the payment provisions in any User Agreement shall be suspended for an equal period of time. If either party is affected by an interruption or delay contemplated by this section, it will: (a) promptly provide notice to the other party, explaining the full particulars and the expected duration of the such delay and (b) use its best efforts to remedy the interruption or delay if it is reasonably capable of being remedied.
Mobile Device Application
The terms and conditions of this EULA (the “Terms”) apply to User’s use of the Services, including any and all mobile and iOS applications (the “Application”) available through or by the Apple, Inc. App Store, Android Apps by Google, Inc., and/or Microsoft (each a “Mobile Device Company” or together, the “Mobile Device Companies”), provided, however, the following additional terms also apply to the Application:
- Both User and Citus acknowledge that the Terms are concluded between User and Citus only, and not with any of the Mobile Device Companies, and that the Mobile Device Companies are not responsible for the Application or the Services;
- The Application is licensed to User on a limited, non-exclusive, non-transferrable, non-sublicensable basis, solely to be used in connection with the Services;
- User will only use the Application in connection with a device issued by a Mobile Device Company that is owned or controlled by User;
- User acknowledges and agrees that no Mobile Device Company herein has no obligation whatsoever to furnish any maintenance and support services with respect to the Application;
- In the event of any failure of the Application to conform to any applicable warranty, including those implied by law, User may notify the applicable Mobile Device Company of such failure; upon notification, the applicable Company’s sole warranty obligation to User will be to refund to User the purchase price, if any, of the Application paid by User to such Mobile Device Company;
- User acknowledges and agrees that Citus, and not any Mobile Device Company, is responsible for addressing any claims User or any third party may have in relation to the Application;
- User acknowledges and agrees that, in the event of any third party claim that the Application or User’s possession and use of the Application infringes that third party’s intellectual property rights, Citus, and not any Mobile Device Company, will be responsible for the investigation, defense, settlement and discharge of any such infringement claim;
- User represents and warrants that he, she or it is not located in a country subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country, and that User is not listed on any U.S. Government list of prohibited or restricted parties;
- Both User and Citus acknowledge and agree that, in User’s use of the Application, User will comply with any applicable third party terms of agreement which may affect or be affected by such use; and
- Both User and Citus acknowledge and agree that the Companies’ respective subsidiaries are third party beneficiaries of the Terms, and that upon User’s acceptance of this EULA, each of the Mobile Device Companies will have the right (and will be deemed to have accepted the right) to enforce the Terms against User as the third party beneficiary hereof.
This EULA supersedes all prior discussions, communications, understandings and writings by and between User and Citus, and constitutes the entire agreement between User and Citus with respect to the subject matter hereof.
For more information or any questions, you may contact Citus Health Inc. at [email protected]