Virgin Pulse/Human Resources/43,000/Application Service Provider AgreementDocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
492 Old Connecticut Path, Suite 601
Framingham, MA 01701
(508) 766-3300
www.vieginpulse.com
;1 ` Seo Q
/r
Application Service Provider Agreement
Order Form
Prepared for: Barbara Lamb Quotation Date:
November 7, 2016.
City of Carmel, IN Quote Expiration Date:
December 16, 2016
Carmel City Hall Rep:
Patrick Donoghue, .
One, Civic Square
Phone: (508) 76673385
Carmel, IN 46032
Email: Patrick.donoghue@virginpulse.com
Phone; (317) 571-2409
Email: blamb@carmel:in.gov
This Order Form and all accompanying appendices shall be referred to as the "Agreement."
Agreement Summary Information:
Estimated Number of Eligible Lives: 600
Minimum Number of Eligible Lives (90% of Estimated): 540
Initial Term of this Agreement will commence on the Effective Date and will,expire three (3) years from the Subscription Start Date.'
Initial Term 'Definition —'— — a Y —A_
Estimated Date- —�
Launch The date oh which enrollment is available
1 02/01/2017
Invoice Date The earlier of: a) 60 days after the Effective Date; 'or b) the Launch
12/01/2016
i
Subscription Start Date . The earlier of: a) 120 days after the Effective Date; or b) the Launch
02/01/2017.
Agreement End Date The date when Agreement expires
01/31/2020
Annual Subscription
Service . Price per Eligible
per Year Price per. Year
Engage Platform
$60 $36,000
Total $36,000
C/��e CONFIDENTIAL AND PROPRIETARY Page 1
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
Implementation Services
Implementation Services
Standard .
Tracking/Biometric Measurement Devices
Virgin Pulse Mae Activity Trackers ,
Virgin Pulse Health Stations
iPad Unit
Fee Type Unit Price
One -Time
Fee Type _ Qty
Per Unit
Per Unit
$12,000
Total
Unit Price
$24.99 +$4 S&H
$699 +$40 S&H
Total
Total Price
$7,500 (discounted)
$7,500
Total Price
TBD
TBD
TBD
* Max and iPad Units for'US populations only
Pricing Summary �0 — +�-�- -
Total Price
Year One Fees
$43,500 .
Recurring AnhuaLFees.
$36,000
Payment Terms
1. The Subscription fees will be invoiced annually in advance based on the greater of the (a) Minimum Number of Eligibles (as defined above)
as of Effective
Date; or (b) the actual number of Eligibles on record in.Provider's system at the time of invoice.
The initial invoice under this Order Form shall be due on the Invoice Date.
Thereafter, the fees shall. be due every 12 months following the Subscription Start Date for the period of the Term.. .
Any increase in the number of Eligibles above the invoiced number of Eligibles in a given year will result in a prd-rated Price for such additional
Eligible forthat
Year and will be invoiced quarterly.
2. The Implementation Services fees will be invoiced on the Invoice Date.
3. Client will be invoiced.bi-monthly in arrears based on the.total value of rewards earned by each. Member during the bi-month.
�Pi CONFIDENTIAL AND PROPRIETARY Page 2
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
The Parties have caused their duly authorized representatives to execute this Agreement as of the dates set forth below. .
City of Carmel, IN
By (Signature):
Name (Printed):
Title:
Date:
Client Information:
VIRGIN PULSE, INC.
sDocuSlDned by:
ari, wt.a ct� 4.
2563BF3DFC73436...
General Counsel
Name/Client: City of Carmel Principal Contact Person: Barbara Lamb
Address: One Civic Square Title: Director of Human Resources
Carmel, IN 46032
Billing Contact: Sue Wolfgang
Title: Employee Benefits Manager
Phone: (317) 571-5850
Fax: (317) 571-2409
Email Address: swolfgang@carmel.in.gov
Phone: (317) 571-2471
Fax: (317) 571-2409
Email Address: blamb@carmel.in.gov
Virgin Pulse, Inc. Contact Information:
Virgin Pulse, Inc.
Attn: Derek Ransom, CFO
492 Old Connecticut Path, Suite 601, Framingham, MA 01701
,�Pi CONFIDENTIAL AND PROPRIETARY Page 3
D—Slgned by:
t,nk , t Sbwt
C�017DMSC730498
By (Signature):
...
Derek Ransom
Name (Printed):
Title:
CFO
11/29/2016
Date:
sDocuSlDned by:
ari, wt.a ct� 4.
2563BF3DFC73436...
General Counsel
Name/Client: City of Carmel Principal Contact Person: Barbara Lamb
Address: One Civic Square Title: Director of Human Resources
Carmel, IN 46032
Billing Contact: Sue Wolfgang
Title: Employee Benefits Manager
Phone: (317) 571-5850
Fax: (317) 571-2409
Email Address: swolfgang@carmel.in.gov
Phone: (317) 571-2471
Fax: (317) 571-2409
Email Address: blamb@carmel.in.gov
Virgin Pulse, Inc. Contact Information:
Virgin Pulse, Inc.
Attn: Derek Ransom, CFO
492 Old Connecticut Path, Suite 601, Framingham, MA 01701
,�Pi CONFIDENTIAL AND PROPRIETARY Page 3
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3El36D9C25D1D
Approved and Adopted this +Ul day of . 1)l_CCIAA lbf ✓ , 20-L.
CITY OF CARMEL, INDIANA
By and through its Board of Public Works and Safety
BY:
+w
James Brainard, Presiding Officer
WWRIS/e CONFIDENTIAL AND PROPRIETARY Page 4
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
Appendix A
Virgin Pulse, Inc.
Product Descriptions
Engage Platform
Customizable Program Design
Design a points -based quarterly or annual game
Activity Health Tracking
Via healthy habit trackers and supported devices and apps
_and
Personalization
Members personalize program based on individual goals and interests
Social Support Networks
Connect with colleagues and up to 10 friends and family members outside the company, and join groups_
Challenges _
_
Options for team -based company -sponsored challenges (2 per year), personal challenges, and friend challenges .
Content
Content delivered daily across nine well-being categories
Programs Page Directory
List unlimited HR programs and resources on the Programs Page—_—
Program Reporting
Insight into program usage and performance
• Virgin Pulse Online Reporting Dashboard measures a number of key aspects of program enrollment
and utilization and aggregates member data to offer trends in enrollment and engagement, risk
factors, outcomes, and program activities such as Challenges, Health Station utilization, device
utilization, integrated partner programs, incentives and more. Online enrollment and engagement
reports are available today with additional components to become available in 2016.
• Quarterly program reviews -with Virgin Pulse Client Success Manager
Branding
Branded program website and engagement emails with company logo
_
Third -Party Integration
_
Biometric and reward data from third -party vendors integrated into program if delivered in Virgin Pulse
preferred format
_
Web & Mobile App Program Access
Program access via the web or Virgin Pulse Mobile App
Account Management
Experienced Client Success Manager and supporting team to ensure program success .
—
Member Support
email, online chat, and FAQ support for members �—
_
Champions Program
_Telephone,
I Champion training and tools to get program champions ready and engaged
Rewards Structure,& Administration
Member rewards established based upon thb'individual'Client specification's provided
• All rewards, inclusive of challenges and other prizes, will,be passed through at cost to the Client
• Virgin Pulse manages the Member rewards activity at no ,cost to the Client
• Earned rewards are credited to each Member's reward account and, are available for redemption at
any time (subject to certain limitations, administrative and processing fees)
• Member rewards may be redeemed as cash deposits.or in the Virgin Pulse store for gift cards, or
fitness merchandise
• Virgin Pulse reserves the right to modify ,the rewards redemption procedures and types of
redemption vehicles as deemed necessary by Virgin Pulse. All Visa cash cards and gift cards
redemptions must meet the minimum redemption amount of $l0. Rewards are non -transferable
and expire if not used within two (2) years from the.date earned. Virgin Pulse's practice is to advise
each Member that the rewards are approaching the two (2) year required redemption period
Nutrition Guide
Personalized nutrition plan based on individual eating habits,
• Integrated food tracking with MyFitnessPal
• Track calories in & out on a single dashboard
• Nutritional breakdown of major macronutrients
• Recipes, meal planning and grocery store discounts
• Reporting and metrics to analyze your results
• Incentive & rewards for consistent nutrition tracking
Sleep Guide
• Personalized sleep plan with tips and trackers based on individual sleep goals
• Validated sleep tracking through all major devices including our Max device
• Comprehensive analytics including avg. sleep time, avg, bedtime, avg. sleep rating, best night of
sleep for week and month
• Journal for pre -bedtime activities to uncover trends in sleep quality
• Bedtime calculator to determine proper bedtime based on awake time and sleep goal
• Reporting and graphs to analyze results and trends at daily, weekly and monthly level
—
Incentives and rewards for consistent sleep tracking and engagement
—
Health Risk Assessment powered, by
• An industry -standard assessment that surveys employees in several key areas, including lifestyle risk
(
Wellsource
factors, personal medical history, and readiness to change
• Upon completion, each member has immediate access to a report offering feedback on health
status and risks, a health baseline, and information on key behaviors that may need changing
j
• Program administrators can easily access data and use it to better understand the population's
health risks, and how those risks change over time
/se CONFIDENTIAL AND PROPRIETARY Page 5
DocuSign Envelope ID: FD2E61311-C3E7-4F97-9AF9-3EB6D9C25D1D
Virgin Pulse Max" One-time tracking device per member
Includes wireless blood pressure cuff, digital scale, and privacy screen
Includes iPad, security case, and lock (for iPad.Health Stations)
Client must supply Internet.connectivity for device
Virgin Pulse will provide service and repair of units at no additional cost. Replacement parts covered by initial two-year warranty. Subsequent replacements 1
can be.purchased, through Virgin Pulse while stocks last
Standard .
Co -branded Program
Creation of a co -branded program site. Company logo appears in the top left-hand corner on every page of the
member website.
Creation of co. -branded activation email campaigns and promotional materials: Company logo appears in top
Basic Co -branded Activation Email
left-hand.corner of 3 -touch enrollment email campaign; company logo appears with Virgin Pulse logo on, all
Campaign &Promotional Materials
enrollment promotional materials including posters (4), digital displays (4) and post card (1); email campaign
includes brief description of company -specific rewards and other offers; posters and displays include company -
specific rewards and custom enrollment URL
Standard Engagement Emails .
_
Onboarding communications and.ongoing alerts and reminders based on member activity
2 Configured Standard Challenges
Configuration bf 2 Standard Challenges. Sponsor provides copy, content and images for challenge.
Data Export
1 Program Data file export per sponsor/month provided to client in Virgin Pulse standard file format or agreed
upon format
Weekly Eligibility File Updates
_
Initial integration and acceptance of weekly eligibility files (full or incremental files) in Virgin Pulse standard file
format . .
ftw& CONFIDENTIAL AND PROPRIETARY Page 6
DocuSign Envelope ID: FD2E6Bll-C3E7-4F97-9AF9-3EB6D9C25D1D
Appendix B
Virgin Pulse, Inc.
Terms and Conditions
1. DEFINITIONS.
Certain capitalized terms; not otherwise defined on the Order, have the.
meanings set forth in this Section 1.
1.1 "Addendum" means any addendum to this Agreement, and may
include, without limitation, Provider's standard Statement of Work
("SOW-).
1.2 "Application Services" will mean the services and Software and
Provider content provided by Provider by means of access to certain
content and use of the features and functionality of software
applications available and accessible within the Provider web sites (the
"Application" or "Platform").
1.3 "Client Brand" shall mean any one or more of the trademarks,
service marks, trade names, domain names, logos, business and product
names, slogans, and registrations and applications for registration
thereof owned by Client as of the Effective Date.
1.4 "Client Data," will mean the data, media and content provided by
Client for use with the Application Services that are accessible through
the Application Services.
1.5 "Confidential Information" will have the meaning set forth in the
non -disclosure agreement entered into by the Parties, or in the absence
of. such a non -disclosure agreement will mean all written or oral
information, disclosed by either Party to the other, related to the
operations of either Party or a third party that has been identified as
confidential or that by the nature of the circumstances surrounding
disclosure ought reasonably to be treated as confidential.
1.6 "Effective Date" shall mean the last date on the signature block on
the order Form.
1.7 "Eligible" or "Eligibles" shall mean Client employees, employee
beneficiaries, and retirees and/or spouses of Client (when applicable),
who are eligible to enroll in the Virgin Pulse Program.
1.8 "Launch Date" shall mean the anticipated date on which Provider
will launch or otherwise make the Application Services and the Pulse
Program available to the participating Members, as designated on the
Order Form.
1.9 "Member" shall mean an authorized Eligible enrolled in the Virgin
Pulse Program having access to the Application Services, provided that
persons under contract with Client may not be Members unless the
same have entered into a binding agreement to maintain the
confidentiality of the Access Protocols and all Provider Confidential
Information, for example, by agreeing to the Membership Agreement
through enrollment in the Virgin Pulse Program accessible through the
Application Services. For the purposes of those Members participating in
the Enterprise Program edition, the term "Guest" shall mean those
Persons invited by such Members to participate in a more limited
version of the Virgin Pulse Program, and Client shall have no
responsibility or liability with regard to Guests, any services or products
provided to Guests, or any activities of Guests.
1.10 "Member Data" shall mean any information entered by Members
into the Application Services, or information for which Member has
provided its consent to be shared. By way of example, if a Member
consents to the provision by a Biometrics provider of its data to
Provider, such data shall be considered "Member Data" under the terms
of this Agreement.
1.11'Provider'shall mean Virgin Pulse, Inc.
1.12 "Software" means the object code version of the proprietary
computer software whose use is contemplated by the Application
Services, including but not limited to the VPSync application, and any
subsequent revisions or modifications thereto which are furnished to
Client by Provider. The term Software does not include any proprietary
software of a Third Party.
1.13 "Subscription Fees" shall mean those fees payable per Eligible per
year for access to the Virgin Pulse Program.
1.14 "Virgin Pulse Program" shall mean a proprietary, interactive health
and fitness program, including the Application, which provides Eligibles
With incentives for increased activity and healthy behaviors; as
applicable, interactive challenges to improve the Members engagement;
and a combination of activity and biometric tracking devices, along with
a personalized online program portal, to help Members monitor their
daily activity and track measureable health outcomes.
2. ACCESS, USE AND MEMBERS.
2.1 Provision of Access for Member. Subject to the terms and
conditions contained in this Agreement, Provider hereby grants to Client
a non-exclusive, non -transferable, (a) object -code only, non-exclusive,
non -transferable license to use the Software, and (b) right to permit
access to the Application Services for the number of Members specified
on the Order Form, for which you have paid the applicable fees solely in
accordance with the terms and conditions of this Agreement and the
Membership Agreement. On or as soon as reasonably practicable after
the Effective Date, Provider shall provide to Client the necessary
passwords, security protocols and policies and network links or
connections (the "Access Protocols") to allow Client to access the
Application Services. Provider shall also provide Client the
documentation to be used by Client in accessing and using the
Application Service. Client acknowledges and agrees that, as between
Client and Provider, Client shall be responsible for all acts and omissions
of Members, and any act or omission by such Members which, if
undertaken by Client, would constitute a breach of this Agreement, shall
be deemed a breach of this Agreement by Client.
2.2 Usage Restrictions. Client will not (a) copy or duplicate the
Application or Software; (b) decompile, disassemble, reverse engineer or
otherwise attempt to obtain or perceive the source code from which any
software component of the Application Services or Software is compiled
or interpreted; (c) modify the Application Services or Software or the
documentation, or create any derivative product from any of the
foregoing, except with the prior written consent of Provider; or (d)
assign, sublicense, sell, resell, lease, rent or otherwise transfer or
convey, or pledge as security or otherwise encumber, Client's rights
under Sections 2.1 or 2.2. Client will ensure that its use of the
Application Services and the documentation and all Client Data complies
with all applicable laws, statutes, regulations or rules. Client shall notify
Provider immediately of any unauthorized use of any password or
account or any other known or suspected breach of security. Client will
only allow Members who have been assigned a unique user
identification to access the Application Services.
2.3 Retained, Rights; Ownership.
(a) Subject to the rights granted in this Agreement, Client retains all
right, title and interest in and to the Client Brand and Client Data, and
Provider acknowledges that it neither owns nor acquires any additional
rights in and to the Client Brand or Client Data not expressly granted by
this Agreement. Client is solely responsible for all Client Data. Provider
further acknowledges that Client retains the right to use the Client Brand
and Client Data for any purpose in Client's sole discretion. Subject to the
foregoing, Client hereby grants to Provider a non-exclusive,. non-
transferable right and license to use the Client Brand and Client Data
during the Term _for the limited purposes of performing Provider's
obligations under this Agreement.
(b) Subject to the rights granted in this Agreement, Provider retains all
right, title and interest in and to the Application Services, Software, and
the documentation, and Client acknowledges that it neither owns nor
acquires any additional rights in and to the foregoing not expressly
granted by this Agreement. Client further acknowledges that Provider
retains the right to use the foregoing for any purpose in Provider's sole
discretion.
/se CONFIDENTIAL AND PROPRIETARY Page 7
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
3. PROVIDER OBLIGATIONS.
3.1 Implementation Services. Client understands that, before access to
the Application Services can be provided to Client, Client's systems may
require configuration, and will in any case require the performance of
various professional services to prepare Client's systems for such
purposes, and that Provider's systems may also require preparation in
order to configure and prepare the Application for use under the terms
of the Agreement as contemplated hereunder.
3.2 Professional Services. Client acknowledges that in the event that
Client desires that Provider perform such professional services, the
Parties will negotiate an appropriate "Work Statement" setting forth an
implementation plan (the "Initial Implementation Plan") pursuant to an
executed SOW. Notwithstanding the foregoing, Client acknowledges that
Provider will have no obligation to perform any services under the Initial
Implementation Plan unless and until engaged to perform such services
in an Addendum to this Agreement.
3.3 Client Success Manager and Technical Support. Provider will make
available to Client a Client Success Manager who will oversee services
related to the Application Services. Provider will provide monthly reports
to Client specifying the number of Members and as requested, to the
extent permitted by applicable law and the Virgin Pulse Program
Membership Agreement, each Member's level of attainment. Provider
provides certain support services as part of the Application Services.
However, Client may request for Provider to provide additional technical
support services resulting in additional professional services related to
Client's use of the Application Services. Provider agrees to provide such
professional services as agreed by the Parties; provided the Client has
also executed the applicable Statement of Work ("SOW"). Until the
Client has ordered technical support, Provider shall only provide the
limited support it normally provides to its customers generally as part of
the Application Services.
3.4 Additional Services. The Parties acknowledge and agree that
Provider may provide additional services, including those set forth on
the Order Form. Unless otherwise agreed pursuant to a SOW executed
by the Parties, Provider shall have no obligation to provide any such
services, including training, consulting, or customization support with
respect to the Virgin Pulse Program. Certain services available through
Provider may be subject to additional terms other than those set forth in
this Agreement.
3.5 Portable Devices. Provider will provide portable monitoring devices
(each a "Portable Device"), for a specified fee as listed in the Order Form
or as may be updated by Provider in the Membership Agreement, to
each Member to track the daily activity of such Members. All obligations
with respect to delivery and use of the Portable Devices shall be subject
to the Membership Agreement. The Parties acknowledge and agree that
Provider may charge additional fees for the deployment of such Portable
Devices which price lists may be modified from time to time in Provider's
sole discretion.
3.6 Rights with Respect to Unauthorized Use. The Parties acknowledge
and agree that Provider, in the exercise of Provider's sole discretion,
shall be permitted to adjust, remove, or otherwise alter rewards
accumulated by Members in a manner that violates the Membership
Agreement or have otherwise been accumulated in a fraudulent or
dishonest manner.
4. CLIENT OBLIGATIONS.
4.1 Member Access to Services. Subject to the terms and conditions
herein, Client may permit the.Members to access and use the features
and functions of the Application Service only through the Access
Protocols.
4.2 Client Assistance. Client shall make available in a timely manner at
no charge to Provider all content, graphic files, Client Data, Client Brand
information or other information and resources of Client required by
Provider for the performance of its obligations under this Agreement.
Client shall be responsible for, and assumes the risk of, any problems
resulting from, the content, accuracy, completeness and consistency of
all such content, materials and information supplied by Client. Client
shall also be solely responsible, at its own expense, for acquiring,
installing and maintaining all connectivity equipment, hardware,
software and other equipment as may be necessary for it and its
Members to connect to, access, and use the Application Services.
4.3 Provision of Data. Promptly after the Effective Date and on a
monthly basis thereafter, Client shall provide Provider, consistent with
state privacy laws, with accurate information including the number and
names of Eligibles, contact information for such Eligibles such as an
email address, and an initial eligibility file thirty (30) 'days prior to the
Launch Date that discloses the Eligibles and includes at least the
following information: the Eligibles' last name, first name, date of birth,
gender, unique employee identifying number, if applicable, and any
other information necessary to enable Provider to administer the Virgin
Pulse Program and to provide the Application Services required'by this
Agreement. Client shall not provide Provider With any individual's social
security number, even as a unique employee identifying number.
Provider, under certain limited circumstances, may be required to share
this information for the provision of biometric. services. This information
and any Eligible additions and terminations shall be kept current on at
least a monthly basis and, unless otherwise agreed upon by the Parties,
shall be provided by Client to Provider by the fifteenth (15) day of each
month during the Term. Client shall be responsible for any errors with
respect to the information provided, including any failure to report
employee terminations, or termination of an Eligible from participation
in the Virgin Pulse Program. The Parties acknowledge and agree that
such information set forth above shall be deemed Client Data and shall
be treated as Clients confidential information under this Agreement.
4.4 Client Data. Client and its Members shall have access to the Client
Data and shall be responsible for all changes to and/or deletions of
Client Data and the security of all passwords and other Access Protocols
required in order to access the Application Services. Client hereby
represents and warrants that it owns or otherwise has sufficient right to
grant Provider access to and use the Client Data in accordance with the
terms of this Agreement. Client will be solely responsible for the
accuracy and completeness of the Client Data. Client acknowledges' and
agrees that Provider's obligation to maintain any Client Data obtained in
the course of performance of the Application Services shall not extend
beyond the Term of this Agreement.
4.5 Member Data. Members will have access solely to their individual
Member Data and such data will be protected under the terms of the
Membership Agreement and the terms of Provider's Privacy Policy.
4.6 Browser Requirements. Members accessing the Application must
use Internet Explorer 9 or higher, or the latest commercially available
versions of Chrome, Firefox, and Safari.
4.7 New Versions. Provider shall, within its sole discretion, release new
versions of the Virgin Pulse Platform, which the Client, at the sole
discretion of the Provider, must transition to within six (6) months of
said release, unless otherwise agreed to in writing by the Parties.
S. FEES AND EXPENSES; PAYMENTS:
5.1 Fees. In consideration for the access rights granted to Client and the
services performed by Provider under this Agreement, Client will pay to
Provider, without offset or deduction, all fees as may be determined by
reference to the pricing proposal, as described below and as attached
hereto as the Order Form. All fees shall be due and payable within thirty
(30) days of the date of Provider's invoice.
a) Subscription Fees. Unless otherwise specified on the Order Form, all
Subscription Fee invoicing shall commence upon the earlier of (a)
Launch, or (b) the date that is sixty (60) days following the Effective
Date.
b) Implementation Services Fees. Unless otherwise specified on the
Order, all Implementation Services Fee invoicing shall commence upon
the earlier of (a) Launch, or (b) the date that is sixty (60) days.following
the Effective Date.
c) Professional Services Fees shall be due and payable as detailed in the
applicable Work Statement.
5.2 Client Operating Expenses. Client will bear all expenses incurred in
performance of its obligations. hereunder, including, without limitation,
/se CONFIDENTIAL AND PROPRIETARY Page 8
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
through use by Client and/or any Member of the Application Services,
and/or through provision of support to Members with respect to such
use of the Application Services.
5.3 Taxes. Client will be responsible for payment of any applicable sales,
use and other taxes and all applicable export and import fees, customs
duties and similar charges (other than taxes based on Provider's
income),, and any related penalties and interest for the grant of license
rights hereunder, or the delivery of related services. Client will make. all
required payments to Provider free and clear of, and without reduction
for, any withholding taxes. Any such taxes imposed on payments to
Provider will be Client's sole responsibility, and Client will, upon
Provider's request, provide Provider with official receipts issued by the
appropriate taxing authorities, or such other evidence as Provider may
reasonably request, to establish that such taxes have been paid.
5.4 Late Payments; Interest;. Payment in Dollars., Any portion of any
amount payable hereunder that is not paid when due will accrue interest
at one a percent (1.0%) per month or the maximum rate
permitted by applicable law, whichever is less, from the due date until
paid. All payments to be made under this Agreement shall be made in US
dollars. Notwithstanding the foregoing, if Provider does not receive
payment of any sum ;due to it within thirty-five (35) day's of the invoice,
Provider reserves the right to suspend accrual and redemption of
rewards by Members until such time as the default has been cured to
Provider's satisfaction.
6. TREATMENT OF CONFIDENTIAL INFORMATION.
6.1 Ownership of. Confidential Information. The Parties acknowledge
that during the performance of this Agreement, each Party will have
access to certain of the other Party's Confidential Information or
Confidential Information of third parties that the disclosing Party is
required to maintain as confidential. Both Parties agree that all items of
Confidential Information are proprietay to the disclosing Party or such
third party, as applicable, and will remain the sole property of the
disclosing Party or such third party.
6.2 Mutual Confidentiality Obligations. Each Party agrees as follows: (a)
to use Confidential Information disclosed by the other Party only for the
purposes described herein; (b) that such Party will not reproduce
Confidential Information disclosed by the other Party, and will hold in
confidence and protect . such Confidential Information from
dissemination to, and use by, any third party; (c) that neither Party will
create any derivative work from Confidential Information disclosed to
such Party by the other Party; (d) t6.restrict access to the Confidential
Information disclosed by the other Party to such of its personnel, agents,
and/or. consultants,_ if any, who have at need to have access and who
have been advised of and haveagreed in writing to treat such
information in accordance with. the terms of this Agreement; and (e) to
return or destroy,, pursuant to Section 10.5, all Confidential Information
disclosed by the other Party that is in its possession upon termination or
expiration of this Agreement. Notwithstanding the foregoing, Client
agrees that Provider may collect de -identified, aggregated statistical
data regarding Client's use of the Service and provide such de -identified,.
aggregated statistical data to third parties. In no event shall Provider
provide to third parties specific data regarding Client or Client's
Members.
6.3 Confidentiality Exceptions. Notwithstanding the foregoing, the
provisions of Sections 6.1 and 6.2 will not apply to Confidential
Information that (a) is publicly available or in the public domain at the
time disclosed; (b) is or becomes publicly available or enters the public
domain through 'no fault of the recipient; (c) is rightfully communicated
to the recipient by. persons not bound by confidentiality obligations with
respect. thereto; (d) is already in the recipient's possession free of any
confidentiality obligations with respect thereto at the time of disclosure;
(e) is independently developed by the recipient; or (f) is approved for
release or disclosure by the disclosing Party without restriction.
Notwithstanding, the foregoing, each Party may disclose Confidential
Information to the limited extent required (x) in order to comply with
the order of a court or other governmental body, or as otherwise
necessary to comply with applicable law, provided that the Party making
the disclosure pursuant to the order shall first have given written notice
to the other Party and made a,reasonable effort to obtain a protective
order; or (y) to establish a Party's rights under this Agreement, including
to make such court filings as it may be required to do. Client also
acknowledges and agrees that Provider may freely use any comments,
ideas and/or error reports provided by Client to Provider and such
comments, ideas and/or error reports shall not be considered
proprietary to Client.
7. REPRESENTATIONS AND WARRANTIES. Each Party hereby represents
and warrants (a) that it is .duly organized, validly existing and in good
standing under, the -laws of its jurisdiction of incorporation or
organization; (b) that the execution and performance of this Agreement
will not conflict .with or violate any provision of any law having
applicability to such Party; and,(c),that this Agreement, when executed
and delivered, will constitute a valid and binding obligation of such Party
and will be enforceable against such Party in accordance with its terms.
8. DISCLAIMERS, EXCLUSIONS AND LIMITATIONS OF LIABILITY.
8.1 Disclaimer. EXCEPT AS EXPRESSLY REPRESENTED OR WARRANTED IN
SECTION 7, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
THE APPLICATION SERVICES, THE DOCUMENTATION, AND ALL SERVICES
PERFORMED BY PROVIDER ARE PROVIDED "AS IS," AND PROVIDER
DISCLAIMS ANY AND ALL .OTHER PROMISES, REPRESENTATIONS AND
WARRANTIES, WH ETHER. EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE, NON -INFRINGEMENT, QUIET ENJOYMENT,
SYSTEM INTEGRATION AND/OR DATA ACCURACY. PROVIDER DOES NOT
WARRANT THAT THE APPLICATION SERVICES OR ANY OTHER SERVICES
PROVIDED BY PROVIDER WILL MEET CLIENT'S REQUIREMENTS OR THAT
THE OPERATION OF THE APPLICATION SERVICE WILL BE
UNINTERRUPTED OR ERROR -FREE, OR THAT ALL.ERRORS WILL BE
CORRECTED. PROVIDER'S SERVICES MAY BE SUBJECT TO LIMITATIONS,
DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF .THE
INTERNET AND 'ELECTRONIC COMMUNICATIONS. PROVIDER IS NOT
RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE
RESULTING FROM SUCH PROBLEMS. NEITHER PROVIDER, NOR ITS
THIRD -PARTY HOSTING SERVICE OR ,SOFTWARE PROVIDERS, SHALL HAVE
ANY LIABILITY WHATSOEVER FOR THE ACCURACY, COMPLETENESS, OR
TIMELINESS OF THE CLIENT DATA, OR FOR ANY DECISION MADE OR
ACTION TAKEN BY CLIENT IN RELIANCE UPON ANY CLIENT DATA.
8.2 Exclusions of Remedies; Limitation of Liability. IN NO EVENT WILL
PROVIDER BE LIABLE TO CLIENT FOR ANY INCIDENTAL,. INDIRECT,
SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE
NATURE OF THE CLAIM; INCLUDING, WITHOUT LIMITATION, LOST
PROFITS, COSTS. OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS
INTERRUPTION, COSTS OF 'LOST OR DAMAGED DATA OR
DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM
ANY SOURCE, EVEN IF PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. THIS LIMITATION UPON DAMAGES AND CLAIMS IS
INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER
PROVISIONS' OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE
PROVEN INEFFECTIVE. UNLESS PROHIBITED BY LAW, THE CUMULATIVE
LIABILITY OF PROVIDER TO CLIENT FOR ALL CLAIMS ARISING FROM OR
RELATING TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION,
ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT
LIABILITY, WILL NOT EXCEED THE FEES PAID TO PROVIDER BY CLIENT
DURING THE TWELVE (12). MONTH PERIOD PRECEDING THE EVENT
GIVING RISE TO THE CLAIM. THIS LIMITATION OF LIABILITY IS INTENDED
TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS
AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.
8.3 Essential Basis of the Agreement. Client acknowledges and
understands that the disclaimers, exclusions and limitations of liability
set forth in this Section 8 form an essential basis of the agreement
between the Parties, that the Parties have relied upon such disclaimers,
exclusions and limitations of liability in negotiating the terms and
conditions in this Agreement, and that absent such disclaimers,
exclusions and limitations of liability, the terms and conditions of this
Agreement would be substantially different.
wase CONFIDENTIAL AND PROPRIETARY Page 9
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
9. INDEMNIFICATION.
9.1 Indemnification of Client. Provider agrees to indemnify, defend and
hold harmless Client from and against any and all losses, liabilities, costs
(including reasonable attorneys' fees) or damages resulting from any
claim by any third party that the Application Services and/or the
documentation infringes such third party's U.S. patents issued as of the
Effective Date, or infringes or misappropriates, as applicable, such third
party's -copyrights or trade secret rights under applicable laws of any
jurisdiction within the United States of America, provided that Client
promptly notifies Provider in writing of the claim, cooperates with
Provider, and allows Provider sole authority to control the defense and
settlement of such claim. If such a claim is made or appears possible,
Client agrees to permit Provider, at Provider's sole discretion, to enable
it to continue to use the Application Service or the documentation, as
applicable, or to modify or replace any such infringing material to make
it non -infringing. If Provider determines that none of these alternatives
is reasonably available, Client shall, upon written request from Provider,
cease use of, and, if applicable, return, such materials as are the subject
of the infringement claim. This Section 9.1 shall not apply if the alleged
infringement arises, in whole or in part, from (a) modification of the
Application or the documentation by Client, (b) combination, operation
or use of the Application with other software, hardware or technology
not provided by Provider, (c) use of a superseded or altered release of
the Application or the documentation, if such infringement would have
been avoided by the use of a then -current release of the Application or
the documentation, as applicable, and if such then -current release has
been made available to Client, or (d) related to the Client Data (any of
the foregoing circumstances under clauses (a), (b), (c), or (d) a "Client
Indemnity Responsibility"). IN NO EVENT SHALL PROVIDER'S LIABILITY
UNDER THIS SECTION 9 EXCEED CAP ON LIABILITY SET FORTH IN SECTION
8.2. THIS SECTION STATES PROVIDER'S ENTIRE OBLIGATION AND
LIABILITY WITH RESPECT TO ANY CLAIM OF INFRINGEMENT.
9.2 Client's Indemnity Obligations. Client agrees to hold, harmless,
indemnify, and, at Providers option, defend Provider from and against
any losses, liabilities, costs (including reasonable attorneys' fees) or
damages resulting from a Client Indemnity Responsibility, provided that
Provider promptly notifies Client in writing of the claim, cooperates with
Client, and allows Client sole authority to control the defense and
settlement of such claim; provided that Client will not settle any third -
party claim against Provider unless such settlement completely and
forever releases Provider from all liability with respect to such claim or
unless Provider consents to such settlement, and further provided that
Provider will have the right, at its option, to defend itself against any
such claim or to participate in the defense thereof by counsel of its own
choice.
10. TERM AND TERMINATION.
10.1 Term. The term of this Agreement will commence on the Effective
Date and will continue for the Period as indicated on the Order Form as
measured from the Subscription Start Date (the "Initial Term"), unless
earlier terminated in accordance with this Section 10. The Agreement
Will automatically renew for a period of one (1) year at the end of the
then -current term (each, a "Renewal Term"), at Providers then
prevailing list prices, unless either Party provides written notice of its
desire to terminate at least ninety (90) days prior to the expiration of the
then -current term (the Initial Term and any Renewal Terms, collectively
referred to herein as the "Term").
10.2 Termination for Breach. Either Party may, at its option, terminate
this Agreement in the event of a material breach by the other Party.
Such termination may be effected only through a written notice to the
breaching Party, specifically identifying the breach or breaches on which
such notice of termination is based. The breaching Party will have a right
to cure such breach or breaches within thirty (30) days of receipt of such
notice, and this Agreement will terminate in the event that such cure is
not made within such thirty (30) day period.
10.3 Suspension of Access. Provider may suspend access to the
Application Services in the event any amount due under this Agreement
is not received by Provider within thirty-five (35) days from invoice.
10.4 Termination Upon Bankruptcy or Insolvency. Either Party may, at
its option, terminate this Agreement immediately upon written notice to
the other Party, in the event (a) that the other Party becomes insolvent
or unable to pay its debts when due; (b) the other Party files a petition in
bankruptcy, reorganization or similar proceeding, or, if filed against, such
petition is not removed within ninety (90) days after such filing; (c) the
other Party discontinues it business; or (d) a receiver is appointed or
there is an assignment for the benefit of such other Party's creditors.
10.5 Effect of Termination. Upon any termination of this Agreement: (a)
Client will immediately discontinue all use of the Application Service, the
documentation, and any Provider Confidential Information; (b) Client will
delete any Provider Confidential Information from Client's computer
storage or any other media including, but not limited to, online and off-
line libraries; (c) Provider will delete any Client Confidential Information
and Client Data from Provider's computer storage or any other media
including, but not limited to, online and off-line libraries; (d) return to
Provider or, at Providers option, destroy, all copies of the
documentation and any Provider Confidential Information then in
Client's possession; and (e) promptly pay to Provider all amounts •clue
and payable hereunder. Notwithstanding the foregoing, Members may
redeem their rewards under the Virgin Pulse Program for a period of
thirty (30) days following the termination of this Agreement, provided,
however that this Agreement is not terminated for nonpayment, in
Which case Members will not be able to redeem their rewards upon
termination.
10.6 Survival. The provisions of Sections 2.3, 6, 7, 8, 9, 10.5, 10.6, and 11
will survive the termination of this Agreement.
11. MISCELLANEOUS.
11.1 Entire Agreement. This Agreement sets forth the entire agreement
and understanding between the Parties hereto with respect to the
subject matter hereof and, except as specifically provided herein,
supersedes and merges all prior oral and written agreements,
discussions and understandings between the Parties with respect to the
subject matter hereof, and neither of the Parties will be bound by any
conditions, inducements or representations other than as expressly
provided for herein.
11.2 Independent Contractors. In making and performing this
Agreement, Client and Provider act and will . act at all times as
independent contractors, and, except as expressly set forth herein,
nothing contained in this Agreement will be construed or implied to
create an agency, partnership or employer and employee relationship
between them. Except as expressly set forth herein, at no time will
either Party make commitments or incur any charges or expenses for, or
in the name of, the other Party.
11.3 Notices. All notices required by or relating to this Agreement will be
in writing and will be sent by means of certified mail, postage prepaid, to
the Parties at their respective addresses set forth in the Order Form, or
addressed to such other address as the receiving Party may have given
by written notice in accordance with this provision. All notices required
by or relating to this Agreement may also be communicated by facsimile
and/or other electronic communications provided that the sender
receives and retains confirmation of successful transmittal to the
recipient. Such notices will be effective on the date indicated in such
confirmation. In the event that either Party delivers any notice by means
of facsimile transmission or other electronic means in accordance with
the preceding sentence, such Party will promptly thereafter send a
duplicate of such notice in writing by means of certified mail, postage
prepaid, to the receiving Party, addressed as set forth above or to such
other address as the receiving Party may have previously substituted by
written notice to the sender.
11.4 Amendments; Modifications. This Agreement may not be amended
or modified except in a writing- duly executed by authorized
representatives of both Parties.
11.5 Assignment; Delegation. Except in the case of merger or
acquisition, neither party shall assign any of its rights or delegate any of
its duties under this Agreement without the express, prior written
Waale CONFIDENTIAL AND PROPRIETARY Page 10
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
consent of the other Party, and, absent such consent, any attempted
assignment or delegation will be null, void and of no effect.
11.6 No Third Party Beneficiaries. The Parties acknowledge that the
covenants set forth in this Agreement are intended solely for the benefit
of the Parties, their successors and permitted assigns. Nothing herein,
whether express or implied, will confer upon any person or entity, other
than the Parties, their successors and permitted assigns, any legal or
equitable right whatsoever to enforce any provision of this Agreement.
11.7 Severability. If any provision of this Agreement is invalid or
unenforceable for any reason in any jurisdiction, such provision will be
construed to have been adjusted to the minimum extent necessary to
cure such invalidity or unenforceability. The invalidity or unenforceability
of one or more of the provisions contained in this Agreement will not
have the effect of rendering any other provisions of this Agreement
invalid or unenforceable whatsoever.
11.8 Waiver. No waiver under this Agreement will be valid or binding
unless set forth in writing and duly executed by the Party against whom
enforcement of such waiver is sought. Any such waiver will constitute a
waiver only with respect to the specific matter described therein and will
in no way impair the rights of the Party granting such waiver in any other
respect or at any othertime. Any delay or forbearance by either Party in
exercising any right hereunder will not be deemed a waiver of that right.
11.9 Force Majeure. Except with respect to payment obligations
hereunder, if a Party is prevented or delayed in performance of its
obligations hereunder as a result of circumstances beyond such Party's
reasonable control, including, by way of example, Internet access
outside of Provider's control, war, terror, riot, fires, floods, epidemics, or
failure of public utilities or public transportation systems, such failure or
delay will not be deemed to constitute a material breach of this
Agreement, but such obligation will remain in full force and effect, and
will be performed or satisfied as soon as reasonably practicable after the
termination of the relevant circumstances causing such failure or delay,
provided that if such Party is prevented or delayed from performing for
more than ninety (90) days, the other Party may terminate this
Agreement upon thirty (30) days' written notice.
11.10 Governing Law. THIS AGREEMENT WILL BE GOVERNED BY AND
INTERPRETED IN ACCORDANCE WITH THE LAWS OF THE STATE OF
INDIANA, WITHOUT REGARD TO CONFLICTS OF LAW PRINCIPLES
THEREOF OR TO THE UNITED NATIONS CONVENTION ON THE
INTERNATIONAL SALE OF GOODS. FOR PURPOSES OF ALL CLAIMS
BROUGHT UNDER THIS AGREEMENT, EACH OF THE PARTIES HEREBY
IRREVOCABLY SUBMITS TO THE EXCLUSIVE JURISDICTION OF THE STATE
AND FEDERAL COURTS'LOCATED IN THE STATE OF INDIANA.
11.11 U.S. Government End -Users. Each of the documentation and the
software components that constitute the Application Service is a
"commercial item" as that term is defined at 48 C.F.R. 2.101, consisting
of "commercial computer software" and "commercial computer
software documentation" as such terms are used in 48 C.F.R. 12.212.
Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through
227.7202-4, all U.S. Government end users acquire the Application
Service and the documentation with only those rights set forth therein.
11.12 Counterparts. This Agreement may be executed in any number of
counterparts, each of which when so executed will be deemed to be an
original and all of which when taken together will constitute one
Agreement.
11.13 Headings. The headings in this Agreement are inserted merely for
the purpose of convenience and will not affect the meaning or
interpretation of this Agreement.
11.14 NONDISCRIMINATION. Provider represents and warrants that it
and all of its officers, employees, agents, contractors and subcontractors
shall comply with all laws of the United States, the State of Indiana and
Client prohibiting discrimination against any employee, applicant for
employment or other person in the provision of any Goods and Services
provided by this Agreement with respect to their hire, tenure, terms,
conditions and privileges of employment and any other matter related
to their employment or subcontracting, because of race, religion, color,
sex, handicap, national origin, ancestry, age, disabled veteran status
and/or Vietnam era veteran status.
11.15 E -VERIFY. Pursuant to I.C. § 22-5-1.7 et seq., as the same may be
amended from time to time, and as is incorporated herein by this
reference (the "Indiana E -Verify Law"), Provider is required to enroll in
and verify the work eligibility status of its newly -hired employees using
the E -Verify program, and to execute the Affidavit attached herein as
Appendix D, affirming that it is enrolled and participating in the E -verify
program and does not knowingly employ unauthorized aliens. .In
support of the Affidavit, Provider shall provide the City with
documentation indicating that it has enrolled and is participating in the
E -Verify program. Should Provider subcontract for the performance of
any work under and pursuant to this Agreement, it shall fully comply
with the Indiana E -Verify Law as regards each such subcontractor.
Should Provider or any subcontractor violate the Indiana E -Verify law,
Client may require a'cure of such violation and thereafter, if no timely
cure is performed, terminate this Agreement in accordance with either
the provisions hereof or those set forth in the Indiana E -Verify Law. The
requirements of this paragraph shall not apply should the E -Verify
program cease to exist.
11.16 IRAN CERTIFICATION. Pursuant to I.C. § 5-22-16.5, Provider shall
certify that, in signing this document, it does not engage in investment
activities within the Country of Iran.
/se CONFIDENTIAL AND PROPRIETARY Page 11
DocuSign Envelope ID: FD2E6B1 1 -C3E7-4F97-9AF9-3EB6D9C25D1 D
Appendix C
Virgin Pulse, Inc.
Data Security Exhibit
Scope; Definitions. Virgin Pulse, Inc. ("Virgin Pulse") shall comply with
the requirements set forth in this Exhibit. The Agreement relates to
Services whereby Virgin Pulse collects, accesses, processes, stores,
transfers, transmits, uses, discloses or otherwise handles any Client or
Member Data (collectively, "Client Data"). In the event of a conflict or
inconsistency between any provision of this Exhibit and the
Agreement, the more stringent requirement shall prevail. Capitalized
terms in this Exhibit not herein defined are defined in the Agreement
or have the following meanings:
a. "Affiliate" means, with respect to any entity, another entity that
directly, or indirectly through one or more intermediaries, Controls or
is Controlled by or is under common Control with the entity specified,
where "Control" (and its derivatives) means the possession, directly
or indirectly, of the power to direct or cause the direction of the
management or policies of an entity, whether through the ability to
exercise twenty percent (20%) or greater of voting power or by
contract or otherwise; and provided that two or more entities will not
be deemed Affiliates based on the fact that an individual is a director
and/or officer of each such entity.
b. "Agreement' means the agreement between Client and. Virgin
Pulse to which this Exhibit is attached.
c. "Intellectual Property Rights" means all past, present, and future
rights of the following types, which may exist or be created under the
laws of any jurisdiction in the world: (i) rights associated with works of
authorship, including 'exclusive exploitation rights, copyrights, moral
rights, and mask works, (ii) trademark and trade name rights and
similar rights and associated goodwill, (iii) trade secret rights, (iv)
patents and industrial property rights, (v) software, inventions,
discoveries, designs, processes, or other proprietary rights in
intellectual property of every kind and nature; and (vi) rights in or
relating to registrations, renewals, extensions, combinations,
divisions, and reissues of, and applications for, any of the rights
referred to in subsections (i) through (v) of this sentence.
d. "Person" means any natural person or entity, whether an
Individual, trustee, corporation; partnership, limited partnership,
limited liability company, trust, unincorporated organization, business
association, firm, joint venture, governmental authority, agency,
division of any of the above, or other body.
e. "PII" means information (i) that identifies an individual, (ii) with
respect to which there is a . reasonable basis to bell eve the
information can be used to identify an individual, or (Iii) is considered
personally identifiable information by applicable codes, laws,
guidelines, rules or regulations, including, without limitation, industry
self-regulation. The term PH shall also include any "Personal Data" as
defined in the EU Data Protection Directive.
f. "Virgin Pulse Personnel" means each director; officer, manager,
employee, representative and each natural person employed or
retained by Virgin Pulse.
g. "Virgin Pulse Sites" means locations owned or leased by Virgin
Pulse from which it provides services to its Clients.
h. "Virgin Pulse Systems" means the Systems of Virgin Pulse.
i. "Restricted Information" means (i) PH, (ii) information that if lost or
disclosed without authorization could result in a violation of
applicable codes, laws, guidelines, rules or regulations, (iii)
information that if lost or disclosed without authorization could
require Client, Inc. to notify individuals or regulators, or (iv)
information that, if disclosed inappropriately, would result in a
significant or material loss to Client, an individual, or a third party..
j. "Security Incident" means (i) any confirmed unauthorized access,
disclosure, misappropriation, theft, loss, acquisition, or use of Client
Intellectual Property or Client Data, or (ii) any compromise of Client
Systems, whether, in the case of (i) or (ii), any such circumstance is
known or suspected to have occurred or Virgin Pulse has reason to
know of a risk of any such circumstance occurring.
k. "Services" means the services to be provided and performed by
Provider pursuant to the Agreement.
I. "S sv teme means hardware, software, networks, applications and
other equipment that comprise a technical environment.
m."Client Intellectual Property" means all Intellectual Property Rights
owned by Client as of the effective date of the Agreement or acquired
by Client at any time before, during or after the term of the
Agreement.
2. General: Virgin Pulse will implement and maintain all reasonable
security measures appropriate to the nature of Client and Member
Data, including, without limitation, electronic, physical, administrative
and organizational controls as described in the document "Virgin
Pulse Physical Design and Dataflows".
3. Privacy and Security Training: Virgin Pulse maintains a detailed and
comprehensive privacy and data security training program for all
Virgin Pulse Personnel. Such training program is designed to meet the
objectives and requirements of this Exhibit.
4. Virgin Pulse Access to Client Data: Virgin Pulse access, by any means
or methods, to any Client Data collectively, "Access") is solely for the
purpose of, and will be limited only to the extent necessary for,
performing the Services. Virgin Pulse will ensure that Access by Virgin
Pulse Personnel is limited to a need -to -know basis. Virgin Pulse will
comply and will ensure that Virgin Pulse Personnel comply with such
protocols. Without limiting the foregoing, Virgin Pulse shall also
comply with the following:
a. User IDs must not be shared among Virgin Pulse Personnel and
Virgin Pulse must not utilize any "generic" or default User ID's or
passwords. Any remote access by Virgin Pulse Personnel (Le.'
from outside a Client Site or Virgin Pulse Site) that is otherwise
permitted by .the Agreement will be implemented in a manner
that prohibits the storage of Client Data on the equipment that
was utilized for such remote access. Virgin Pulse will conduct user
access reviews at least semi-annually.
b. Virgin Pulse will at all times maintain the logical separation, and if
hard copies of Client Intellectual Property or Client Data are
provided or created, the physical separation, of any .Client
Intellectual Property or Client Data .within Virgin Pulse's
possession or control, and of any Virgin Pulse Systems used for
Access or performing Services from (i) any other data, including
Virgin Pulse data and Virgin Pulse customer data, and (ii) the
Virgin Pulse Systems processing, storing, hosting, transporting
and/or transmitting such other data. Physical separation of hard
copies of Client Intellectual Property and Client Data may be
maintained by the use of a locked filing drawer or cabinet that
does not contain any other data or information.
c. Virgin Pulse will include at least one (1) layer of firewall between
(i) Virgin Pulse Systems used for Access or to provide the Services,
and (ii) other networks that Client may permit Virgin Pulse to
wpaale CONFIDENTIAL AND PROPRIETARY Page 12
DocuSign Envelope ID: FD2E6B11-C3E7-4F97-9AF9-3EB6D9C25D1D
connect to or from Virgin Pulse Sites, if any (including without
limitation, if applicable, the Internet or any third party network).
d. Virgin Pulse will cause Virgin Pulse Personnel to cooperate fully in
resolving any actual or suspected unauthorized Access,
acquisition or misuse of Client Intellectual Property or Client Data
that had been in Virgin Pulse's possession or under its control at
the time of the actual or suspected unauthorized ' Access,
acquisition or misuse.
e. If any Virgin Pulse Personnel transfers to the account of another
Virgin Pulse Client, resigns from his or her employment with
Virgin Pulse or Subcontractor, has his or her employment
terminated, or ceases to perform Services for any other reason,
then Virgin Pulse will promptly (i) terminate such individual's
Access (including by shutting down badge/key cards and
retrieving SecurID fobs and the like), and (ii) ensure that such
individual does not retain any Client Data, in any format.
Virgin Pulse Security Reviews and Audits: On an annual basis, for each
of the Virgin Pulse Sites at which Client Employee, Client or Member
Data is stored, Virgin Pulse will provide to Client a Statement on
Standards for Attestation Engagements No: 16, Service Organization
Control 2, Type 2 ("SSAE 16 SOC 2 TVpe 2") audit as defined by the
American Institute of Certified Public Accountants or an audit made
pursuant to any other guidance that supersedes or replaces SSAE 16
SOC 2 Type 2 or comparable, industry standard independent audit.
6. Logical Access Security Log: Where technically feasible, Virgin Pulse
will create, maintain and monitor electronic access security logs for
the Virgin Pulse Systems and network components from and/or
through which Virgin Pulse or any Virgin Pulse Personnel has Access
or that are used to perform the Services.
7., Changes Log: To the extent such changes relate to the Services, Virgin
Pulse will create and maintain an electronic log of all changes to the
technical and logical architecture of Virgin Pulse Sites, the physical
And electronic access control systems and the logical and physical
security standards. Virgin Pulse's change control procedures shall
protect the confidentiality, integrity and availability of Virgin Pulse
Data.
B. Patch Management and Anti -Virus Malware Software: Virgin Pulse
Will cause all Virgin Pulse Personnel equipment provided by Virgin
Pulse or a Subcontractor to have current patch management solutions
provided by an industry recognized vendor and anti-virus malware
software with the latest virus definition update installed on their
respective computers and Systems. Such anti-virus malware software
shall include technical controls that provide for automatic updates of
the virus definitions.
9. Payment Card Transactions and Data: To the extent that the Services
include the processing of payment card transactions or storage of
payment card data, Virgin Pulse will, at all times during the term of
the Agreement, comply with the rules and regulations of the Payment
Card Industry's and the card associations (e.g., Visa, MasterCard,
American Express, Discover, JCB), including, but not limited to, the
data security standards. Without limiting the generality .of the
foregoing, Virgin Pulse will (a) provide data security reports as may be
required by the credit or debit or payment card issuer, (b) pay any
fines and penalties in the event Virgin Pulse fails to comply with such
data security requirements, and (c) fully cooperate with, and provide
access to, the payment card issuer or payment card association to
conduct a security review of Virgin Pulse's policies and procedures.
10. Encryption: Any encryption required under the Agreement, including
this Attachment, will be in accordance With Advanced Encryption
Standards (AES), or any successor standards, and no less than 128 -bit.
11. Back -Ups: If Virgin Pulse stores any Client Data, Virgin Pulse will
utilize a backup procedure, which in any case will include the
provision of back-ups on a periodic basis that is no less frequent than
monthly, and all back-ups will be encrypted.
12. Restricted Information: Virgin Pulse (including all Virgin Pulse
Personnel) must not Access or display Restricted Information in
applications, reports, data transmissions or, other outputs unless
required to provide the Services or needed to meet a legal . or
regulatory requirement. Any transmission of Restricted Information
other than as required to provide the Services or needed to meet a
legal or regulatory requirement is subject to Virgin Pulse's prior
written approval in each instance and all transmissions of Restricted
Information must be encrypted as required by this Exhibit. Virgin
Pulse and Virgin Pulse Personnel must not include Restricted
Information in unencrypted emails or files attached to emails that are
transmitted unprotected via the Internet. Virgin Pulse shall employ a
tool, such as data loss prevention software, to monitor and prevent
the unprotected transfer of Restricted Information. All electronic data
sources with Restricted Information must be encrypted.
13. Storage and Physical Delivery of Virgin Pulse Data: Virgin Pulse will
store hardcopy documents, Removable Media or Portable Devices
containing Virgin Pulse Data in secure, locked cabinets where access is
limited to Virgin Pulse Personnel on a need -to -know basis. When
Virgin Pulse Data, in any form, is physically delivered by or on behalf
of Virgin Pulse, such delivery will be via a secure method, such as
signature upon receipt, bonded courier and shipment tracking.
14. Retired or. Reassigned Equipment: Any equipment, including any
Portable Devices or Removable Media, that Virgin Pulse has retired or
reassigned will be wiped or magnetically wiped pursuant to applicable
US Department of Defense standards within two (2) weeks of the
retirement or reassignment of such equipment:
15. Data Retention and Destruction: Virgin Pulse will create and
implement effective data retention and destruction procedures to
ensure documents and records containing'Client Data are disposed of
in a timely manner that does not compromise the security,
confidentiality or integrity of the information, in accordance with
Virgin Pulse's records retention guidelines and any requirements in
the Agreement.
16. Authentication: Virgin Pulse will protect authentication credentials,
including by: (a) ensuring that passwords and PINs do not appear in
readable form while the user is typing or entering the password or
PIN; and (b) storing passwords and PINs in a one-way hashed format,
protected with salt. Virgin Pulse will prevent users from elevating
their own privileges within a System without first re -authenticating as
a more privileged user. Where technologically feasible, Virgin Pulse
will ensure passwords contain at least eight (8) alpha=numeric
characters and at least three (3) of the following criteria: (i) 'upper
case letters, (ii) lower case letters, (iii) numbers, and (iv) special
characters.
17. Security Incident: Virgin Pulse will be responsible for detecting and
responding to Security Incidents on Virgin Pulse Systems impacting or
potentially impacting Access, or performance of Services, from and/or
through Virgin Pulse Sites. Upon becoming aware of a confirmed
Security Incident, Virgin Pulse will report such Security Incident within
five (5) days by telephoning the Client General Counsel's. In the event
of a Security Incident related to any Services or Client Data, (a) Virgin
Pulse will cooperate with Client to comply with any of their
requirements or decisions to notify individuals. whose PH has been or
may have been compromised as a result of a Security Incident;
provided that in no event will Virgin Pulse serve any notice or
otherwise publicize a Security Incident without the prior written
consent of Client, and (b) upon Client's request, engage a mutually
acceptable, regionally recognized third party to perform or assist with
forensic analysis. Virgin Pulse will deliver the results of any such
analysis to Client including its (or their) general counsel or other
responsible attorneys, in accordance with the confidentiality and
notice provisions of the Agreement, marked "CONFIDENTIAL".
WQ,50, CONFIDENTIAL AND PROPRIETARY Page 13
DocuSign Envelope ID: FD2E6B1 1-C3E7-4F97-9AF9-3EB6D9C25D1 D
492 Old Connecticut Path, Suite 601
Framingham, MA 01701
Al/f �IiJV
(508) 766-3300
www.virginpulse.com
APPENDIX D
AFFIDAVIT.
Derek Ransom . being first duly sworn; deposes and says that he/she is familiar with and has personal knowledge of the facts
herein and, if called as a witness in this matter, could testify as follows:
1. 1 am over eighteen (18) years of age and am competent to testify to the facts contained herein.
2. 1 am now and at all times relevant herein have been employed by
Virgin Pulse, Inc. (the "Employer")
in the position of CFO
3. 1 am familiar with the employment policies, practices, and procedures of the Employer and have the authority to act on
behalf of the Employer.
4. The Employer is enrolled and participates in the federal E -Verify program and has provided documentation of such
enrollment and participation to the City of Carmel, Indiana.
5. The Company does not knowingly employ any unauthorized aliens.
FURTHER AFFIANT SAYETH NOT.
EXECUTED on the 29`h day of November, 2016.
�DmuSipned by:
Putt F406M
Derek Ransom
Printed: -
I certify under the penalties for perjury under the laws of the United States of America and the State of Indiana that the foregoing factual
statements and representations are true and correct.
Printed: Derek Ransom
DoeuS1ped by:
Fv
t.lk
�Onarrsscsaass ...
hy:
EDo.uS111n.d
25636F3DFC73436...
General Counsel
wpatsle CONFIDENTIAL AND PROPRIETARY Page 14