2014-122SUBSCRIPTIONAGREEMENT
This Subscription Agreement (the 'Agreemenf')is entered into this *day of lorkn 20_L_q ("Ejf edive
Date-) by and between ESO SOLUTIONS, INC., a Texas corporation with its principal place of business at 9020 N Capital of Texas
Highway, Building Ii-300, Austin, Texas 78759 ("ESOP), andClermont Fire Department, with its principal place of business at 439 West
Highway 50, Clermont, Florida, 34711("0stornee) (each a "Party" and collectively the "Parties").
WHEREAS, ESO is in the business of providing software services (the "Services") to businesses and municipalities; and
WHEREAS, Customer desires to obtain theseServices from ESO, all upon the terms and conditions set forth herein;
NOW, THEREFORE, for and in consideration of the agreement made, and the payments to be made by Customer, the
Pardesmutually agree to the following:
1. Services. ESO agreesto provideCustomer the Servicesselected by Customer on Exhibit A attached hereto and incorporated by reference
herein. Customer agrees that Services purchased hereunder are neither contingent on the delivery of any future functionality or future
features, nor dependent on any oral or written public comments made by ESO regarding future functionality or future features.
2. Term. The Term of this Agreement shall commence on the Effective Date and shall terminate one year after the Effective Date (`Ynitia/
Tern'). THE AGREEMENT SHALL AUTOMATICALLY RENEW FOR SUCCESSIVE RENEWAL TERMS OF ONE YEAR,
UNLESS ONE PARTY GIVES THE OTHER PARTY WRITTEN NOTICE THAT THE AGREEMENT WILL NOT RENEW, AT
LEAST THIRTY (30) DAYS PRIOR TO THE END OF THE CURRENT TERM.
3. SubscriDtion Fees. Invoicesand Payment Terms.
,$ubscrintion Fees. Customer shall payto ESO the fees for the Services as describedin Exhibit (the "Subser wion Fees").ESO
may evaluate Customer's usage andadjust Customer's invoice based on changes in Customer usage as indicated in Exhibit A.ESO
shall have the option to increase pricing, except during the Initial Term, as long as it provides at least sixty (60) days' notice of
such increase to Customer prior to automatic renewal under Section 2 above.
b. Payment of Invoices. Customer shall pay the full amount of invoices within thirty (30) days of receipt (the "Due Date').
Customer is responsible for providing complete and accurate billing and contact information to ESO and to notify ESO of any
changes to such information.
a Disnuted Invoices. If Customer in good faith disputes a portion of an invoice, Customer shall remit toESO, by the Due Date, full
payment of the undisputed portion of the invoice. In addition, Customer mustsubmit written documentation: (i) identifying the
disputed amount, (ii) an explanation as to why the Customer believes this amount is incorrect, (iii) what the correct amount should
be, and (iv) written evidence supporting Customer's claim. If Customer does not notify ESO of a disputed invoiceby the Due Date,
Customer shall have waived its right to dispute that invoice. Any disputed amounts determined by ESOto be payable shall be due
within ten (10) days of such determination.
4. Termination.
a Termination by Customer for ESO DefaultitESO fails to perform a material obligation under this Agreement and does not remedy
such failure within thirty (30) days following written notice from Customer ("ESODefouifl, Customer may terminate this
Agreement without incurring further liability, except for the payment of all accmed but unpaid Subscription Fees. IfESOis unable
to provide Service(s) for ninety (90) consecutive days due to a Force Majeure event as defined in Section 16a, Force Majeure,
Customer may terminate the affected Service(s) without liability toESO.
Termination by ESO for Customer Default. ESOmay terminate this Agreement with no further liability if (i) Customer fails to pay
for Services as required by this Agreement and such failure remains uncorrected for five (5) days following written notice
fromESO, or (ii) Customer fails to perform any other material obligation under this Agreement and does not remedy such failure
within thirty(30) days following written notice fromESO(collectively referred to as "Customer Defauif'). In the event of a
Customer Default,ESOshall have the right to (i) terminate this Agreement; (ii) suspend all Services being provided to
Customer,(iii) terminate the right to use the Software on the web and/or mobile devices;(iv) apply interest to the amount past due,
at the rate of one and one-half percent (1'/2%) (or the maximum legal rate, if less) of the unpaid amount per month; (v) offset any
amounts that are owed to Customer by ESOagainst the past due amount then owed to ESO; and/or (vi) take any action in
connection with any other right or remedyESOmay have under this Agreement, at law or in equity. If ESOterminates this
Agreement due to a Customer Default, Customer shall remain liable for all accrued Subscription Fees and other charges.In
addition, Customer agrees to payESO's reasonable expenses (including attomey and collection fees) incur -red in enforcingESO's
rights in the event of a Customer Default.
Delivery of Data unonExoiration or Termination of Aurreement. if Customer requests its data within thirty (30) days of expiration of
this Agreement, or the termination of this Agreement pursuant to Section 4 abovc,ESOshall deliver to Customer its data ESOshall
make reasonable and good faith efforts to accommodate Customer's preference for the type of media for delivery. Customer shall
reimburse ESO for the cost of the media on which Customer's data is delivered to Customer.
6. System Maintenance. in the evcntESOdetermines that it is necessary to interrupt the Services or that there is a potential for Services to
be interrupted for the performance of system maintenance,ESOwill use good -faith efforts to notify Customer prior to the performance of
such maintenance and will schedule such maintenance during non -peak hours (midnight to 6 a.n-L Central Standard Time). In no event
shall interruption of Services for system maintenance constitute a failure of performance by ESO.
Access to Internet. Customer has sole responsibility for obtaining, maintaining, and securing its connections to the Internet,
andESOmakes no representations to Customer regarding the reliability, performance or security of any particular network or provider.
g. Mobile Software. If Customer elects to useESO's Mobile Software (the "Sojhmn '), the provisions of this Section shall apply.
a. Use of Software. Subject to the terms, conditions and restrictions in this Agreement and in exchange for the Mobile Software
Interface Fees and/or Subscription Fees,ESOhereby grants to Customer a non-exclusive, world-wide, non -transferable rights, for
the Term of this Agreement, to use and copy (for installation and backup purposes only) the Software to the units for which the
Mobile Software Interface has been purchased.
b. Ownershin and Restrictions. This Agreement does not convey any rights of ownership in or title to the Software or any copies
thereof. All right, title and interest in the Software and any copies or derivative works thereof shall remain the property of ESO.
Customer will not: (i) disassemble, reverse engineer or modify the Software; (ii) allow any third party to use the Software; (iii) use
the Software as a component in any product or service provided by Customer to a third party; (iv) transfer, sell, assign, or otherwise
convey the Software; (v) remove any proprietary notices placed on or contained within the Software; or (vi) copy the Software
except for backup purposes. Customer agrees to keep the Software free and clear of all claims, liens, and encumbrances.
c. Mobile Software Interface Fee. The Mobile Software Interface Fee is non-refundable. The Software shall be deemed accepted
upon delivery to Customer.
d. j_J:Le.ESO hereby represents and warrants to Customer that ESO is the owner of the Software or otherwise has the right to grant to
Customer the rights set forth in this Agreement. in the event of a breach or threatened breach of the foregoing representation and
warranty, Customer's sole remedy shall be to require ESO to either. (i) procure, at ESO's expense, the right to use the Software, or
(ii) replace the Software or any part thereof that is in breach and replace it with Software of comparable functionality, that does not
cause any breach.
9. Support and Updates. During the Term of this Agreement, ESOshall provide Customer the support services and will meet the service
levels as set forth in Exhibit B attached hereto and incorporated herein. ESOwill also provide Updates to Customer, in accordance with
Exhibit B.
10. Other Services. Upon request by Customer, ESO may provide services related to the Software other than the standard support
described above at ESO's then -current labor rates. This may include on -site consultation, configuration, and initial technical assistance
and training for the purpose of installing the Software and training selected personnel on the use and support of the Software. ESO shall
undertake reasonable efforts to accommodate any written request by Customer for such professional services.
11. Indemniticatjon �v Customer. Customer will defend and indemnify ESO from any and all claims brought by third parties against ESO
and will hold ES harmless from all corresponding losses incurred by ESO arising out of or related to (i) Customer's misuse of the
Services and/or Software, (ii) any services provided by Customer to third parties, or (iii) Customer's negligence, inaction or omission in
connection with the services it provides to third parties.
12. Limitation of Liabilitv. NOTWITHSTANDING ANY OTHER PROVISION HEREOF, NEITHER PARTY SHALL BE LIABLE TO
THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, RELIANCE,
SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES (INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOST PROFITS,
LOST REVENUES OR COST OF PURCHASING REPLACEMENT SERVICES) ARISING OUT OF OR RELATING TO THIS
AGREEMENT. ADDITIONALLY, ESOSHALL NOT BE LIABLE TO CUSTOMER FOR ANY ACTUAL DAMAGES IN EXCESS
OF THE AGGREGATE AMOUNT THAT ESOHAS, PRIOR TO SUCH TIME, COLLECTED FROM CUSTOMER WITH RESPECT
TO SERVICES DELIVERED HEREUNDER. FURTHERMORE, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE
OTHER, EITHER iN CONTRACT OR IN TORT, FOR PROTECTION FROM UNAUTHORIZED ACCESS OF CUSTOMER DATA
OR FROM UNAUTHORIZED ACCESS TO OR ALTERATION, THEFT OR DESTRUCTION OF CUSTOMER DATA FILES,
PROGRAMS, PROCEDURES OR INFORMATION, NOT CONTROLLED BY ESO, THROUGH ACCIDENT OR FRAUDULENT
MEANS OR DEVICES. THIS SECTION SHALL SURVIVE ANY TERMINATION OR EXPIRATION OF THIS AGREEMENT.
EACH PARTY ACKNOWLEDGES THAT THIS LIMITATION OF LIABILITY WAS SPECIFICALLY BARGAINED FOR AND IS
ACCEPTABLE TO CUSTOMER. FURTHER, EACH PARTY'S WILLINGNESS TO AGREE TO THE LIMITATIONS
CONTAINED IN THIS SECTION WAS MATERIAL TO ENTERING INTO THIS AGREEMENT.
13. Acknowledeements and Disclaimer of Warranties. Customer acknowledges thatESO cannot guarantee that there will never be any
outages inESO network and that no credits shall be given in the event Customer's access toESO's network is interrupted. THE
SERVICES ARE PROVIDED "AS iS." UNLESS OTHERWISE SPECIFIED HEREIN, ESO MAKES NO REPRESENTATION OR
ESO Solutions, inc.
Subscription Agreement 052214
Page 2 of 12
WARRANTY TO CUSTOMER OR ANY OTHER PERSON OR ENTITY, WHETHER EXPRESS, IMPLIED OR STATUTORY, AS
TO THE DESCRIPTION, QUALITY, MERCHANTABILITY, COMPLETENESS OR FITNESS FOR A PARTICULAR PURPOSE,
OF ANY SERVICE OR SOFTWARE PROVIDED HEREUNDER OR DESCRIBED HEREIN, OR AS TO ANY OTHER MATTER
(INCLUDING WITHOUT LIMITATION THAT THERE WILL BE NO IMPAIRMENT OF DATA OR THAT SERVICES WILL BE
UNINTERRUPTED OR ERROR FREE), ALL OF WHICH WARRANTIES BY ESO ARE HEREBY EXCLUDED AND
DISCLAIMED, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
14. onfidential Infor ma n. "ConJlde►rtial Injorme ion" shall mean all information disclosed in writing by one Party to the other Patty
at is clearly marked "CONFIDENTIAL" or "PROPRIETARY" by the disclosing Patty at the time of disclosure or which reasonably
should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential
Information does not include any information that (i) was already known by the receiving Party free of any obligation to keep it
confidential at the time of its disclosure; (ii) becomes publicly known through no wrongful act of the receiving Party; (iii) is rightfully
received from a third person without knowledge of any confidential obligation; (iv) is independently acquired or developed without
violating any of the obligations under this Agreement; or (v) is approved for release by written authorization of the disclosing Party.
A recipient of Confidential Information shall not disclose the information to any person or entity except for the recipients and/or its
employees, contractors and consultants who have a need to know such Confidential Information. The recipient may disclose
Confidential Information pursuant to a judicial or governmental request, requirement or order, provided that the recipient shall take all
reasonable steps to give prior notice to the disclosing Party.
Confidential Information shall not be disclosed to any third party without the prior written consent of the owner of the Confidential
Information. The recipient shall use Confidential Information only for purposes of this Agreement and shall protect Confidential
Information from disclosure using the same degree of care used to protect its own Confidential Information, but in no event less than a
reasonable degree of care.Confidential Information shall remain the property of the disclosing Party shall be returned to the disclosing
Party or destroyed upon request of the disclosing Party. Because monetary damages may be insufficient in the event of a breach or
threatened breach of the foregoing provisions, the affected Party may be entitled to seek an injunction or restraining order in addition to
such other rights or remedies as may be available under this Agreement, at law or in equity, including but not limited to monetary
damages.
15. General Provisions.
a. Force Maieure. Neither Party shall be liable to the other, nor deemed in default under this Agreement if and to the extent that such
Parry's performance of this Agreement is delayed or prevented by reason of Force Majeure, which is defined to mean an event that
is beyond the reasonable control of the affected Party and occurs without such Parry's fault or negligence.
b. Entire Agreement. This Agreement, including all schedules, exhibits, addenda and any Business Associate Agreement (as that tam
is used in the Health Insurance Portability and Accountability Act and related regulations) (seeExhibit o are incorporated herein
by reference, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements,
proposals or . r. a�.u.,:ons, written or oral, concaving its subject matter. No modification, amendment, or waiver of any
provision of this agreement shall be effective unless in writing and signed by the Party against whom the modification, amendment
or waiver is asserted.
c. Governing Law. This Agreement shall be governed by the laws of the State of Texas without regard to choice or conflict of law
rules.
d. Arbitration. Any controversy or claim arising out of or relating to this Agreement, or a breach of this Agreement, shall be finally
settled by arbitration in Austin, Texas, and shall be resolved under the laws of the State of Texas. The arbitration shall be conducted
before a single arbitrator, who may be a private arbitrator, in accordance with the commercial rules and practices of the American
Arbitration Association then in effect.Any award, order or judgment pursuant to such arbitration shall be deayed final and binding
and may be enforced in any court of competent jurisdiction. The arbitrator may, as part of the arbitration award, permit the
substantially prevailing Party to recover all or part of its attorney's fees and other out-of-pocket costs incurred in connection with
such arbitration. All arbitration proceedings shall be conducted on a confidential basis. The Parties knowingly, voluntarily, and
irrevocably waive their right to a trial by jury.
e. No Press Releases without Consent. Neither Party may use the other Parry's name or trademarks, nor issue any publicity or public
statements concerning the other Party or the existence or content of this Agreement, without the other Patty's prior written consent.
Notwithstanding, Customer agrees thatESOmay use Customer's name and logo inESO sales presentations, without Customer's
prior written consent, during the Term of this Agreement, but only for the purposes of identifying the Customer as a customer of
ESO. Likewise, Customer may useESO's name and logo to identifyESOas a vendor oiCustomer.
f. Agereeate Data Reporting_ Customer hereby grants ESO the right to collect and store its data for aggregate reporting purposes, but
in no event shall ESO disclose Protected Health Information ("PHI") unless permitted by law. Moreover, ESO will not identify
Customer without Customer's consent.
ESO Solutions, Inc.
Subscription Agreement 052214
Page 3 of 12
g. Compliance with Laws. Both Parties shall comply with and give all notices required by all applicable federal, state and local laws,
ordinances, rules, regulations and lawful orders of any public authority bearing on the performance of this Agreement.
h. Waiver. No failure or delay by either Party in exercising any right under this Agreement shall constitute a waiver of that right. If
Customer has mode any change to the Agreement that Customer did not bring to ESO's attention in a way that is reasonably
calculated to put ESO on notice of the change, the change shall not become part of the Agreement.
i. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision
shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent
permitted by law, and the remaining provisions of this Agreement shall remain in effect.
j. Taxes and Fees. This Agreement is exclusive of all taxes and fees.Unless otherwise required by law, Customer is responsible for
and will remit (or will reimburse ESO for) all taxes of any kind, including sales, use, duty, customs, withholding, property, value-
added, and other similar federal, state or local taxes (other than taxes based on ESO's income) assessed in connection with the
Services and/or Software provided to Customer under this Agreement.
k. Independent Contractor. Nothing in this Agreement shall be construed to create: (i) a partnership, joint venture or other joint
business relationship between the Parties or any of their affiliates; or (ii) a relationship of employer and employee between the
Parties. ESO is an independent contractor and not an agent of Customer.
Counterparts: Execution. This Agreement and any amendments hereto may be executed by the Parties individually or in any
combination, in one or more counterparts, each of which shall be an original and all of which shall together constitute one and the
same agreement. Execution and delivery of this Agreement and any amendments by the Parties shall be legally valid and effective
through: (i) executing and delivering the paper copy of the document, (ii) transmitting the executed paper copy of the documents by
facsimile transmission or electronic mail in "portable document format" (".pdf') or other electronically scanned format, or (iii)
creating, generating, sending, receiving or storing by electronic means this Agreement and any amendments, the execution of
which is accomplished through use of an electronic process and executed or adopted by a Party with the intent to execute this
Agreement (Le, "electronic signature" through a process such as DoeuSignO). In making proof of this Agreement, it shall not be
necessary to produce or account for more than one such counterpart executed by the Party against whom enforcement of this
Agreement is sought.
m. Notice. All notices, requests, demands and other communications required or permitted to be given or made under this Agreement
shall be in writing, shall be effective upon receipt or attempted delivery, and shall be sent by (i) personal delivery; (ii) certified or
registered United States mail, return receipt requested; (iii) overnight delivery service with proof of delivery, or (iv) fax. Notices
shall be sent to the addresses above. No Party to this Agreement shall refuse delivery of any notice hereunder.
[Signature Page Follows]
ESO Solutions, Inc.
Subscription Agreement 052214
Page 4 of 12
IN WITNESS WHEREOF, the undersigned expressly agree and warrant that they are authorized to sign and enter into this
Agreement on behalf of the Party for which they sign and have executed this Agreement on the Effective Date first written
above.
ESO:
[Signs re] f
[Printed Name]
lei
[Date] I
CLERMONT FIRE DEPARTMENT:
<D&VA
[Signature]
4" L.. Ai• dj+0 f0
[Printed Name]
[Tltte]
—10110)1%t
[Doer
ESO Solutions, Inc.
Subscription Ageement 052214
Page 5 of 12
EXHIBITA
SCHEDULE OF SUBSCRIPTION FEES
Customer has selected the following Services, at the fees indicated:
ePCR Suite WGIMallily Management 3.730 - 5,000
1.00 38,896.00
CR
$895.00 $8,000.00 ePSail a (urimtise ed urs): Annual
lnddents
Subsciption Fee
ePCR Mobile Subscription
&00 $165.00
$45.00
$950.00 3 Mobile Lloerm= Annual Subaaiptiaf Fee
hrtertaee - Emergency Reporting 4c7,= Incidents
1.00 $596.00
$M.05
W.95 Ernenwicy Reporting Ifierfam: Arexml
Ktainteronce
interface - CAD (Meets ESO API)
1.00 36.M95.00 S5.000.00
$996.00 GAD krlerfaoe: Amual Subsaip m
hrlerlam - Monitor
1.00 $3.995.00 $3.500.00
$496.00 FP 5 Cardiac Monitor Interface: Annual
QukkSbeek
3.00 $99.00
$297.00
$0.00 tLick Speak Licenses Induded
Ful Prioe $211.272.00
Sum of Discounts S10.27&05
Cvand Total S9.995.95
Services - Tranng 1.00 $M.00 $500.00 3495.00 1 day artsite Training: Shared Cast vAh Leesburg: One Tme Fee
S - Training Travel 1.00 $1.000.00 $500.00 $500.00 TCFee
trneraTravd Ems; Shared cost w1h Leesbug One
costs
Fug Price 31.M96.00
Sun of Dtsmuds $1.000.00
Grand ToW $995.00
PAYMENT TERMS AND PAYMENT MILESTONES
The subscription year for Services shall begin upon execution of the Subscription Agreement or upon the
commencement of active work on software implementation, whichever date comes later. The Subscription Fees are
invoiced annually in advance commencing upon execution of this Agreement.
ESO Solutions, Inc.
Subscription Agreenma 052214
Page 6 of 12
EXHIBITB
SUPPORT SERVICES AND SERVICE LEVELS
This Exhibit describes the software support services ("Support Serviceel that ESO will provide and the service levels that ESO will meet.
1. Definitions. Unless defined otherwise herein, capitalized terms used in this Exhibit shall have the same meaning as set forth in the
Agreement.
(a) "Customer Service Represenadve" shall be the person at ESO designated by ESO to receive notices of Errors encountered by Customer
that Customer's Administrator has been unable to resolve.
(b) "Error" means any failure of the Software to conform in any material respect with its published specifications.
(c) "Error Correction" means a bug fix, patch, or other modification or addition that brings the Software into material conformity with its
published performance specifications.
(d) "Priority A Error' means an Error that renders the Software inoperable or causes a complete failure of the Software.
(e) "Priority B Error" means an Error that substantially degrades the performance of the Software or materially restricts Customer's use of
the Software.
(f) "priority C Error' means an Error that causes only a minor impact on Customer's use of the Software.
(g) "Update" means any new commercially available or deployable version of the Software, which may include Error Corrections,
enhancements or other modifications, issued by ESO from time to time to its Customers.
(h) "Normal Business Hours" means 7:00 am to 7:00 pm Monday through Friday, Central Time Zone,
2. Customer Obli as tions.
Customer will provide at least one administrative employee (the' Administrator' or `Administrators') who will handle all requests for first -
level support from Customer's employees with respect to the Software. Such support is intended to be the "front line" for support and
information about the Software to Customer's employees. ESO will provide training, documentation, and materials to the Administrators to
enable the Administrators to provide technical support to Customer's employees. The Administrators will refer any Errors to ESO's
Customer Service Representative that the Administrators cannot resolve, pursuant to Section 3 below; and the Administrators will assist ESO
in gathering information to enable ESO to identify problems with respect to repotted Errors.
3. Support Services.
(a) Scope. As further described herein, the Support Services consist of: (i) Error Corrections that the Administrator is unable to resolveand (ii)
periodic delivery of Error Corrections and Updates. The Support Services will be available to Customer during normal business hours,
to the extent practicable. Priority A Errors encountered outside normal business hours may be communicated to the Customer Service
Representative via telephone or email. Priority B and C Errors encountered outside normal business hours shall be communicated via
email.
(b) Procedure.
(i) Report of Error. In reporting any Error, the Customer's Administrator will describe to ESO's Customer Service Representative the
Error in reasonable detail and the circumstances under which the Error occurred or is occurring; the Administrator will initially
classify the Error as a Priority A, B or C Error. ESO reserves the right to reclassify the Priority of the Error.
(ii) Efforts Required. ESO shall exercise commercially reasonable efforts to correct any Error reported by the Administrator in
accordance with the priority level assigned to such Error by the Administrator. Errors shall be communicated to ESO's Customer
Service Representative after hours as indicated below, depending on the priority level of the Error. In the event of an Error, ESO
will within the time periods set forth below, depending upon the priority level of the Error, commence verification of the Error;
and, upon verification, will commence Error Correction. ESO will work diligently to verify the Error and, once an Error has been
verified, and until an Error Correction has been provided to the Administrator, shall use commercially reasonable, diligent efforts to
provide a workaround for the Error as soon as reasonably practicable. ESO will provide the Administrator with periodic reports on
the status of the Error Correction on the frequency as indicated below.
Priority of Error Communicating Error to ESO Time in Which ESO Will Frequency of Periodic Status
outside Normal Business Hours Commence Verification Reports
Priority A Telephone or email Within 8 hours of Every 4 hours until resolved
notification
Priority B Email Within 1 business day of Every 6 hours until resolved
notification
Priority C Email Within two calendar Every week until resolved
weeks of notification
ESO Solutions, Inc.
Subscription Agreement 052214
Page 7 of 12
4. ESO Server Administration.
ESO is responsible for maintenance of Server hardware. Server administration includes:
(a) Monitoring and Response
(b) Service Availability Monitoring
(c) Backups
(d) Maintenance
(i) Microsoft Patch Management
(ii) Security patches to supported applications and related components
(iii) Event Log Monitoring
(iv) Log File Maintenance
(v) Drive Space Monitoring
(e) Security
(f) Virus Definition & Prevention
(g) Firewall
ESO Solutions, Inc.
Subscription Agreement 052214
Page 3 of 12
EXHIBITC
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (:Agreement') is entered into as of the Effective Date of the Subscription Agreement by and
between ESO (hereinafter "Vendor l and Clermont Fire Department(hereinafter "Covered Enthy 1, for the purpose of setting forth Business
Associate Agreement terms between Covered Entity and Vendor. Covered Entity and Vendor each are referred to as a "Party" and
collectively as the `Parties." This Agreement shall commence on the Effective Date set forth above.
WHEREAS, Covered Entity, owns, operates, manages, performs services for, otherwise are affiliated with or are themselves a
Covered Entity as defined in the federal regulations at 45 C.F.R. Parts 160 and 164 (the "Privacy Standards") promulgated pursuant to the
Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical
Health Act of 2009 ("HITECH');
WHEREAS, pursuant to HIPAA and HITECH, the U.S. Department of Health & Human Services ("HHS') promulgated the
Privacy Standards and the security standards at 45 C.F.R. Parts 160 and 164 (the "Security Standards") requiring certain individuals and
entities subject to the Privacy Standards and/or the Security Standards to protect the privacy and security of certain individually identifiable
health information ("Protected Health Information' or "PHI" ), including electronic protected health information (` EPHT);
WHEREAS, the Parties wish to comply with Privacy Standards and Security Standards as amended by the HHS regulations
promulgated on January 25, 2013, entitled the "Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules
Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act," as
such may be revised or amended by HHS from time to time:
WHEREAS, in connection with Vendor's performance under its agreement(s) or other documented arrangements between Vendor
and Covered Entity, whether in effect as of the Effective Date or which become effective at any time during the term of this Agreement
(collectively "Business Arrangements'), Vendor may provide services for, or on behalf of, Covered Entity that require Vendor to use,
disclose, receive, access, create, maintain and/or transmit health information that is protected by state and/or federal law; and
WHEREAS, Vendor and Covered Entity desire that Vendor obtain access to PHI and EPHI in accordance with the terms specified
herein:
NOW, THEREFORE, in consideration of the mutual promises set forth in this Agreement and the Business Arrangements, and
other good and valuable consideration, the sufficiency and receipt of which are hereby severally acknowledged, the Parties agree as follows:
1. Vendor Obli a ions.
In accordance with this Agreement and the Business Arrangements, Vendor may use, disclose, access, create, maintain, transmit,
and/or receive on behalf of Covered Entity health information that is protected under applicable state and/or federal law, including without
limitation, PHi and EPHI. All capitalized terms not otherwise defined in this Agreement shall have the meanings set forth in the regulations
promulgated by HHS in accordance with HiPPA and HITECH, including the Privacy Standards and Security Standards (collectively referred
to hereinafter as the "Con,/i'dential ty Requirements'). All reference to PHI herein shall be construed to include EPHI. PHI shall mean only
that PHI Vendor uses, discloses, accesses, creates, maintains, transmits and/or receives for or on behalf of Covered Entity pursuant to the
Business Arrangements. The Parties hereby acknowledge that the definition of PHI includes "Genetic Information" as set forth at 45 C.F.R.
§ 160.103. To the extent Vendor is to carry out an obligation of Covered Entity under the Confidentiality Requirements, Vendor shall comply
with the provision(s) of the Confidentiality Requirements that would apply to Covered Entity (as applicable) in the performance of such
obligations(s).
2. Use of PHI.
Except as otherwise required by law, Vendor shall use PHI in compliance with this Agreement and 45 C.F.R. §164.504(e). Vendor
agrees not to use PHI in a manner that would violate the Confidentiality Requirements if the PHI were used by Covered Entity in the same
manner. Furthermore, Vendor shall use PHI: (i) for the purpose of performing services for, or on behalf of, Covered Entity as such services
are defined in the Business Arrangements; and (ii) as necessary for the proper management and administration of Vendor or to carry out its
legal responsibilities; provided that such uses are permitted under federal and applicable state law. All de -identification of PHI must be
performed in accordance with the Confidentiality Requirements, specifically 45 C.F.R. § I64.514(b).
3. Disclosure of PHI.
3.1 Subject to any limitations in this Agreement, Vendor may disclose PHI to any third party as necessary to perform its
obligations under the Business Arrangements and as permitted or required by applicable law. Vendor agrees not to
disclose PHI in a manner that would violate the Confidentiality Requirements if the PHI was disclosed by the Covered
Entity in the same manner. Further Vendor, may disclose PHI for the proper management and administration of Vendor;
provided that: (i) such disclosures are required by law; or (ii) Vendor. (a) obtains reasonable assurances from any third
ESO Solutions, Inc.
Subscription Agreement 052214
Page 9 of 12
party to whom the PHI is disclosed that the PHI will be held confidential and used and disclosed only as required by law
or for the purpose for which it was disclosed to third party, and (b) requires the third party to agree to immediately notify
Vendor of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise
provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Vendor
shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement of which it becomes aware.
Such report shall be made within five (5) business days of Vendor becoming aware of such use or disclosure.
3.2 If Vendor uses or contracts with any agent, including a subcontractor (collectively "Subcontracrors'I that uses, discloses,
accesses, creates, receives, maintains or transmits PHI on behalf of Vendor, Vendor shall require all Subcontractors to
agree in writing to substantially similar restrictions and conditions that apply to Vendor under this Agreement. in
addition to Vendor's obligations under Section 9, Vendor agrees to mitigate, to the extent practical and unless otherwise
requested by the Covered Entity, any harmful effect that is known to Vendor and is the result of a use or disclosure of
PHI by Vendor or any Subcontractor in violation of this Agreement. Additionally, Vendor shall ensure that all
disclosures of PHI by Vendor and its Subcontractors comply with the principle of "minimum necessary use and
disclosure," (i.e., in accordance with 45 C.F.R. §164.502(b), on the minimum PHI that is necessary to accomplish the
intended purpose may be disclosed).
4. Individual Rights Reeardinr Designated Record Sets
If Vendor maintains a Designated Record Set on behalf of Covered Entity, Vendor shall: (i) provide access to and permit inspection
and copying of PHI by Covered Entity under conditions and limitations required under 45 C.F.R. §164.524, as it may be amended from time
to time; and (ii) amend PHI maintained by Vendor as required by Covered Entity. Vendor shall respond to any request from Covered Entity
for access by an Individual within ten (10) business days of such request and shall make any amendment requested by Covered Entity within
twenty (20) business days of such request. Any information requested under this Section 4 shall be provided in a form or format requested, if
it is readily producible in such form or format. Vendor may charge a reasonable fee based upon Vendor's labor costs in responding to a
request for electronic information (or a cost -based fee for the production of non -electronic media copies). Vendor shall notify Covered Entity
within ten (10) business days of receipt of any request for access or amendment by an Individual.
5. Accounting of Disclosures.
Vendor shall make available to Covered Entity within ten (10) business days of a request by Covered Entity the information
required for an accounting of disclosures of PHI in accordance with 45 C.F.R. §164.528 (or such shorter time as may be required by state or
federal law). Such accounting must be provided without cost if it is the first accounting requested within any twelve (12) month period. For
subsequent accountings within the same twelve (12) month period, Vendor may charge a reasonable fee based upon Vendor's labor costs in
responding to a request for electronic information (or a cost -based fee for the production of non -electronic media copies) only after Vendor
informs Covered Entity and Covered Entity informs the Individual in advance of the fee, and the Individual is afforded an opportunity to
withdraw or modify the request. Such accounting obligations shall survive termination or expiration of this Agreement and with respect to
any disclosure, whether on or before the termination of this Agreement, shall continue for a minimum of seven (7) years following the date of
such disclosure.
6. Withdrawal of Authorization.
if the use or disclosure of PHI under this Agreement is based upon an Individual's specific authorization regarding the use of his or
her PHI, and: (i) the Individual revokes such authorization in writing; (ii) the effective date of such authorization has expired; or (iii) the
authorization is found to be defective in any manner that renders it invalid for whatever reason, then Vendor agrees, if it has received notice
from Covered Entity of such revocation or invalidity, to cease the use and disclosure of any such Individual's PHI except to the extent
Vendor has relied on such use or disclosure, or where an exception under the Confidentiality Requirements expressly applies.
Records and Audit.
Vendor shall make available to HHS or its agents its internal practices, books, and records relating to the compliance of Vendor and
Covered Entity with the Confidentiality Requirements, such internal practices, books and records to be provided in the time and manner
designated by HHS or its agents. Except to the extent prohibited by law, Vendor agrees to notify Covered Entity immediately upon receipt
by Vendor of any and all requests by or on behalf of any and all federal, state, and local government authorities served upon Vendor
requesting PHI or investigating compliance with the Confidentiality Requirements.
8. Imnlementation of Securitv Standards: Notice of Securitv Incidents.
Vendor will comply with the Security Standards and, by way of example and not limitation, use appropriate safeguards to prevent
the use or disclosure of PHI other than as expressly permitted under this Agreement. In accordance with the Security Standards, Vendor will
implement administrative, physical, and technical safeguards that protect the confidentiality, integrity and availability of the PHi that is uses,
discloses, accesses, creates, receives, maintains or transmits. To the extent feasible, Vendor will use commercially reasonable efforts to
ensure that the technology safeguards used by Vendor to secure PHI will render such PHI unusable, unreadable and indecipherable to
individuals unauthorized to acquire or otherwise have access to such PHi. Vendor will promptly report to Covered Entity any Security
ESO Solutions, Inc.
Subscription Agreement 052214
Page 10 of 12
Incident of which it becomes aware; provided, however, that Covered Entity acknowledges and shall be deemed to have received notice from
Vendor that there are routine occurrences of (i) unsuccessful attempt to penetrate computer networks or services maintained by Vendor, and
(ii) immaterial incidents such as "pinging" or "denial of services" attacks. At the request of Covered Entity, Vendor shall identify: the date of
the Security Incident, the scope of the Security Incident, Vendor's response to the Security Incident, and to the extent permitted by law, the
identification of the party responsible for causing the Security Incident, if known.
9. Data Breach Notification and Mitigation.
9.1 _WPAA Data Breach Notification and Miti aq tion. Vendor agrees to implement reasonable systems for the discovery and
prompt reporting of any "breach" of "unsecured PHI" as those terms are defined by 45 C.F.R. §164.402 ("HIPAA Breach"). The Parties
acknowledge and agree that 45 C.F.R. §§ 164.404 and 164.410, as describe below in this Section 9.1, govern the determination of the date of
a HIPAA Breach. In the event of any conflict between this Section 9.1 and the Confidentiality Requirements, the more stringent
requirements shall govern. Following the discovery of a H11PAA Breach, Vendor will notify Covered Entity immediately and in no event
later than five (5) business days after Vendor discovers such HiPAA Breach unless Vendor is prevented from doing so by 45 C.F.R.
§164.412 concerning law enforcement investigations. For purposes of reporting a HiPAA Breach to Covered Entity, the discovery of a
HIPAA Breach shall occur as of the first day on which such HIPAA Breach is known to Vendor or, by exercising reasonable diligence,
would have been known to Vendor. Vendor will be considered to have had knowledge of a HIPAA Breach if the HIPAA Breach is known,
or by exercising reasonable diligence would have been known, to any person (other than the person committing the HIPAA Breach) who is
an employee, officer or other agent of Vendor. No later than ten (10) business days following a HIPAA Breach, Vendor shall provide
Covered Entity with sufficient information to permit Covered Entity to comply with the HiPAA Breach notification requirements set forth at
45 C.F.R. § 164.400 et. seq. This Section 9.1 shall survive the expiration or termination of this Agreement and shall remain in effect for so
long as Vendor maintains PHI.
9.2 Data Breach Notification and Mitir*gfipp Under Other Laws. In addition to the requirements of Section 9.1, Vendor
agrees to implement reasonable systems for the discovery and prompt reporting of any breach of individually identifiable information
(including, but not limited to, PHI and referred to hereinafter as "Individually Idenrtfurble Information") that, if misused, disclosed, lost or
stolen would trigger an obligation under one or more State data breach notification laws (each a "Slate Breach'I to notify the individuals
who are the subject of the information. Vendor agrees that in the event any Individually Identifiable Information is lost, stolen, used or
disclosed in violation of one or more State data breach notification laws, Vendor shall promptly: (i) notify Covered Entity within five (5)
business days of such misuse, disclosure, loss or theft; and (ii) cooperate and assist Covered Entity with any investigation into any State
Breach or alleged State Breach. This Section 9.2 shall survive the expiration or termination of this Agreement and shall remain in effect for
so long as Vendor maintains PHI or individually Identifiable Information.
10. QhWations of Covered Entitv.
10.1 Notification Reauirement. Covered Entity shall notify Vendor of:
a. Any limitation(s) in Covered Entity's notice of privacy practices in accordance with 45 CFR 164.520 to the extent
that such changes may affect Vendor's use or disclosure of PHI;
b. Any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes
may affect Vendor's use or disclosure of PHI; and
c. Any restriction to the use or disclosure if PHI that Covered Entity has agreed to in accordance with 45 CFR 164.522,
to the extent that such restriction may affect Vendor's use or disclosure of PHI.
10.2 Permissible Reauests. Covered Entity agrees that it will not request Vendor to use or disclose PHi in any manner that
would not be permissible under the Confidentiality Requirements if done by Covered Entity.
I I . Terms and Termination.
11.1 Termination. This Agreement shall remain in effect until terminated in accordance with the terms of this Section 11;
provided, however, that termination shall not affect the respective obligations or rights of the Parties arising under this Agreement prior to the
effective date of termination, ail of which shall continue in accordance with their terms.
11.2 Termination with Cause. Either Party may immediately terminate this Agreement if either of the following events have
occurred and are continuing to occur:
a. Vendor or Covered Entity fails to observe or perform any material covenant or obligation contained in this
Agreement for ten (10) business days after written notice of such failure has been given; or
ESO Solutions, Inc.
Subscription Agreement 052214
Page 11 of 12
b. Vendor or Covered Entity violates any provision of the Confidentiality Requirement or applicable federal or state
privacy law relating to its obligations under this Agreement.
11.3 Mav Terminate Business Arrangaments in Event of for Cause Termination. Termination of this Agreement for either of
the two reasons set forth in Section 11.2 above shall be cause for immediate termination of any Business Arrangement pursuant to which
Vendor uses, discloses, accesses, receives, creates, or transmits PHI for or on behalf of Covered Entity.
11.4 Return of PHI Unon Termination. Upon termination of this Agreement for any reason, Vendor agrees either to return all
PHi or to destroy all PHI received from Covered Entity that is in the possession or control of Vendor or its Subcontractors. in the case of
PHI for which it is not feasible to return or destroy, Vendor shall extend the protection of this Agreement to such PHI and limit further uses
and disclosure of such PHI. Vendor shall comply with other applicable state or federal law, which may require a specific period of retention,
redaction, or other treatment of such PHI. This Section 11.4 shall survive the expiration or termination of this Agreement and shall remain in
effect for so long as Vendor maintains PHI.
12. No Warranty.
PHI 1S PROVIED SOLELY ON AN "AS IS" BASIS. THE PARTIES DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
13. anel rble Persons.
Vendor represents and warrants to Covered Entity that Vendor its director, officers, and key employees: (i) are not currently
excluded, debarred, or otherwise ineligible to participate in the federal health care programs as defined in 42 U.S.C. § 1320a-7b(f) of any
state healthcare program (collectively, the "Heahheare Programs"); (ii) have not been convicted of a criminal offense related to the
provision of healthcare items or services but have not yet been excluded, debarred, or otherwise declared ineligible to participate in the
Healthcare Programs; and (iii) are not under investigation or otherwise aware of any circumstances which may result in Vendor being
excluded from participation in the Healthcare Programs (collectively, the "Warranty of Nos -occlusion"). Vendor representations and
warranties underlying the Warranty of Non -exclusion shall be ongoing during the term, and Vendor shall immediately notify Covered Entity
of any change in the status of the representations and warranties set for in this Section 13. Any breach of this Section 13 shall give Covered
Entity the right to terminate this Agreement immediately.
14. Eauitable Relief.
The Parties understand and acknowledge that any disclosure or misappropriation of any PHI in violation of this Agreement will
cause irreparable harm, the amount of which may be difficult to ascertain, and therefore agree that either Party shall have the right to apply to
a court of competent jurisdiction for specific perfb mane and/or an order restraining and enjoining any such further disclosure or breach and
for such other relief deemed appropriate. Such right shall be in addition to the remedies otherwise available at law or in equity.
15. Entire Agreement.
This Agreement constitutes the complete agreement between Vendor and Covered Entity relating to the matters specified in this
Agreement and supersedes all prior representations or agreements, whether oral or written with respect to such matters. In the event of any
conflict between the terms of this Agreement and the terms of the Business Arrangements or any such later agreement(s), the terms of this
Agreement shall control unless the terms of such Business Arrangements are more strict with respect to PHi and comply with the
Confidentiality Requirements, or the Patties specifically otherwise agree in writing. No oral modification or waiver of any of the provisions
of this Agreement shall be binding on either Patty to this Agreement; provided, however that upon the enactment of any law, regulation, court
decision or relevant government publication and/or interpretive guidance or policy that Vendor believes in good faith will adversely imixict
the use or disclosure of PHI under this Agreement, Vendor may amend the Agreement to comply with such law, regulation, court decision or
government publication, guidance or policy by delivering a written amendment to Covered Entity which shall be effective thirty (30)
calendar days after teceipL This Agreement is for the benefit of, and shall be binding upon the Parties, their affiliates and respective
successors and assigns.
ESO Solutions, Inc.
Subscription Agreement 052214
Page 12 of 12