Last updated: October 6, 2021
- We refer to the services we provide through our platform as “Services”.
- We use the word “Subscriber” to refer to a healthcare organization that subscribes to and pays for our platform. Subscribers may be referred to as a “health information custodian”, a “covered entity” or a “controller” depending on their location and the privacy laws applicable to them.
- We use the word “you” to refer to any individual user of our Services, such as a healthcare practitioner or staff member at a Subscriber’s organization.
- Baysil is a service provider to Subscribers and may be referred to as an “agent”, “business associate” or “processor” of the Subscriber.
Please take a moment to read these Terms carefully before subscribing to or using any of the Services. These Terms are a legal contract between Baysil Inc. (“Baysil” or “We”) and each person who uses the Services, and are accepted by subscribing to our platform. These Terms may be updated or amended from time to time.
Ownership of the Services. Baysil owns, or has obtained the rights to use, all intellectual property rights in the Services. This includes the underlying software and technology that operates the Services.
Your License. Baysil grants each Subscriber, and each individual using the Services, a limited license to access and use (i.e., display, print, download) the materials and content within the Services solely on a personal computer or device for the Subscriber’s internal business purposes and for your own personal, non-commercial use, provided that you abide by our Acceptable Use Policy below.
Your Feedback. We use your feedback to improve our Services. To ensure we have the proper rights to do this, you grant Baysil a non-exclusive, royalty-free, worldwide, perpetual and irrevocable right and license to use your feedback, including incorporating this feedback into the Services and sharing them with other users. Please note that providing feedback does not make you an author, inventor or contributor of the Services and does not entitle you to any compensation or to any ownership rights in the Services.
Acceptable Use Policy
Users of our Services are expected to behave responsibly and to show respect for our people, our intellectual property and the law. You agree to communicate with Baysil team members in a mutually respectful manner at all times.
In addition, you must not:
- “frame” or “mirror” any content from our Services on any other website or server;
- post or transmit any material that is unlawful, harmful, defamatory, obscene, profane, discriminating, harassing, threatening, infringing of intellectual property, invasive of privacy rights, or otherwise objectionable;
- harvest, scrape or otherwise collect information about others from our Services, including names and email addresses;
- probe, scan or test the vulnerability of the Services, or breach the security or authentication measures of the Services;
- forge headers or otherwise manipulate identifiers in order to disguise the origin of any message or transmittal you send on or through the Services; or
- pretend that you are, or that you represent, someone else, or impersonate any other individual or entity.
Baysil reserves the right to suspend or terminate your use of any or all of the Services, or take other appropriate remedial action, to address any inappropriate conduct or any violation or suspected violation of our Acceptable Use Policy or these Terms.
Subscribing. You can subscribe to our platform by signing up for one of our subscription plans and paying the applicable fees. The person signing up for a subscription on behalf of a Subscriber is the “Account Owner” and will be authorized to manage billing information related to the account for the Subscriber. Except as described below under Termination, all fees are non-refundable. Subscription fees may be increased over time to reflect significant expansion of our Services.
Availability of the Services. Once a Subscriber has subscribed and paid, Baysil will make the Services available to the Subscriber’s users (team members and patients) for the subscription plan purchased. Baysil will make the Services available in accordance with our Service Level Agreement as described below; however, please note that Baysil cannot be responsible for any unavailability of the Services caused by circumstances beyond our reasonable control, such as internet outages or issues with your computer systems or devices.
Overdue Fees. If any fees are more than 30 days overdue, we may, without limiting our other rights and remedies, suspend or terminate access to the Services until the overdue amounts are paid in full. We will provide at least 7 days prior notice that fees are overdue before we do this, and we will not exercise this right if the Subscriber is disputing the applicable fees reasonably and in good faith and is cooperating diligently to resolve the dispute.
Termination by Us. Baysil may terminate or suspend access to the Services, or suspend or deactivate a Subscriber’s or a user’s account, if the Subscriber or user breaches any obligations under these Terms. Baysil may also terminate a Subscriber’s subscription if Baysil discontinues the Services. We will use our best efforts to notify you in advance of any suspension or termination and help Subscribers retrieve their Subscriber Data; however, there may be some cases where we need to suspend access immediately in order to prevent harm to others.
Refunds. If a Subscriber terminates its subscription due to a breach by Baysil or Baysil discontinues the Services, we will refund any fees you had pre-paid for the remaining unused portion of your subscription term. If Baysil terminates a Subscriber’s subscription due to a breach by the Subscriber, the Subscriber will not be entitled to any refund and must pay any unpaid fees for the remaining unused portion of the subscription term.
Termination does not relieve a Subscriber of its obligation to pay fees for any period prior to the effective date of termination.
User Accounts. Subscribers and their users must provide accurate, current and complete information when creating their user accounts. Subscribers are responsible for all activities that occur under their user accounts and for any issues, claims or disputes arising out of the conduct of their users. Subscribers must take appropriate steps to protect their user accounts, including keeping user IDs and passwords confidential, and not providing any false identity information to access the Services.
Baysil will not be liable for any losses or damages caused by a Subscriber’s failure to maintain the confidentiality of its user accounts and its account credentials. If you discover or suspect any unauthorized access to or use of your Subscriber or user account, please reset your password immediately and notify us at firstname.lastname@example.org.
Ownership and Control. Each Subscriber retains ownership and control of all the data that it has collected, entered, created or has otherwise provided to its users in the course of using the Services. Subscribers are responsible for ensuring that their collection and use of Subscriber data complies with applicable laws and regulatory requirements.
Storage and Access. Baysil will keep Subscriber data stored securely as described below under Security. Baysil will only access Subscriber data at the request of a Subscriber or its users, or where needed in order to prevent or address technical problems affecting the Services or if required by law, regulation or court order. As we otherwise have no control over Subscriber data, we are not responsible for incorrect, incomplete, lost or damaged Subscriber data, except to the extent it is caused by our failure to meet our obligations under these Terms.
HIPAA / GDPR Compliance. Baysil currently only supports Canadian Subscribers that are subject to Canadian laws and regulations. However, if a Subscriber is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we will, upon request, enter into our Business Associate Agreement (“BAA”) with the Subscriber. To request a copy of our BAA, please email us at email@example.com. If a Subscriber is subject to the General Data Protection Regulation (“GDPR”), please refer to the section below on Data Processing Under GDPR for additional terms that will apply.
Anonymized/Aggregated Data. Subscribers agree that Baysil may use computer-generated algorithms to gather anonymous and aggregated information from Subscriber data in order to assist in our continued development and improvement of the Services, and for research, data analysis, benchmarking, statistics or trend analysis. We will ensure that none of the information we gather identifies, or could be used to identify, any user or patient. Baysil may share such anonymized information with Subscribers and others, for example, by providing insights into clinical conditions and workflows.
Safeguards. Baysil will maintain industry-standard administrative, physical and technical safeguards to prevent the unauthorized access, use or disclosure of Subscriber data processed through or stored in the Services. These safeguards include, but are not limited to, security policies and training for our personnel, access controls, minimum security certifications and practices for our data centers, PCI-compliant payment processors and encryption.
Security Features. The Services also contain features which allow you to further enhance the security of your Subscriber data. For example, by establishing account access and administration controls for each user; hiding sensitive data like passwords so it cannot be read by others around you; and the ability to lock parts of medical records to prevent medical data from being accidentally overwritten.
Security Breach. Baysil will notify affected Subscribers if Baysil determines that the security of the Services has been breached and this results in Subscriber Data being accessed by or disclosed to an individual or entity who is not authorized to access or receive such information. Baysil will report to the affected Subscriber(s) on the corrective action being taken in response to such security breach and will reasonably cooperate with such Subscriber(s) in mitigating the effects of any lost or compromised Subscriber data.
Your Responsibility. Subscribers and their users will notify Baysil immediately if they become aware of any unauthorized use of their account(s), of any user ID and password, or any other known or suspected breach of security. In addition, in accordance with applicable Canadian laws, Subscribers must notify patients and regulators, such as the Privacy Commissioner, of any security breaches they have identified or that Baysil makes them aware of.
During Your Subscription Term. Baysil’s platform is designed to retain, protect and preserve the integrity of Subscriber data in accordance with the Subscriber’s regulatory and compliance obligations around medical records. As a result, we will not delete Subscriber data unless there is a regulatory or legal requirement to do so. If you have such a requirement, please contact us at firstname.lastname@example.org.
Data Export. Subscribers may export their Subscriber data at any time, but it is preferable they do so prior to ceasing or terminating their use of our Services.
After Termination of Your Subscription. When a subscription expires or is terminated, the account is inactivated. This means the account and any Subscriber data associated with the account is no longer available for modification or sharing, but it can still be accessed for viewing. In the event the Subscriber re-activates the account, any Subscriber data associated with the account will be available again for modification or sharing.
Service Level Agreement
Service Commitment. Baysil will use commercially reasonable efforts to make our Services operational and available at least 99% of the time during any calendar month, subject to the exclusions set forth below (the “Service Commitment”).
Service Credit. If Baysil fails to meet this Service Commitment for any calendar month, and such failure impacts a Subscriber (i.e., the failure occurred during a time when the Subscriber or its users would normally be accessing the Services and not during off-hours), the Subscriber will be entitled to a 25% credit on its next invoice. To report a failure and receive a service credit, please contact us within 30 days of the occurrence of the failure. Credits will not be issued after such period. Issuance of service credits is the sole and exclusive remedy for any failure by Baysil to meet the Service Commitment.
Exclusions. The Service Commitment does not include or apply to the following:
- Minimal Downtime. Intermittent interruption or downtime for a period of less than ten (10) minutes.
- Scheduled Maintenance. Occasional maintenance of the Services to add resources, upgrade software, install security patches, etc. Scheduled maintenance will typically occur during the period of lowest anticipated system usage. System notification is generally provided in advance of scheduled maintenance. During scheduled maintenance, certain components of the Services may be offline, or may be operating at reduced capacity levels.
- External Factors. Any unavailability caused by circumstances beyond Baysil’s reasonable control, including, but not limited to, power outages, external forces affecting the reliability of the internet, and computer systems or other devices through which the Subscriber or its users access the Services.
Disclaimer. While we aim to provide great Services, there are certain things about the Services that we cannot promise. For example, Baysil cannot promise, and does not represent or warrant that:
- The Services will meet your specific needs or requirements;
- The Services will be uninterrupted, timely, 100% secure or free from errors, viruses or other defects; or
- Information provided through the Services will be accurate, timely, complete or reliable.
You understand and agree that:
- Except as specifically provided in these terms, the Services are provided “as is” without warranty and that use of the Services is at your sole risk; and
- Baysil makes no representations or warranties of any kind, either express or implied, including, but not limited to, the implied warranties of fitness for a particular purpose, merchantability, quality or non-infringement.
Limitation of Liability. The total liability of either of us under these Terms will be limited to the amount you paid Baysil for use of the Services in the three (3) month period preceding the date of the claim, or one hundred dollars ($100) if you have not had any payment obligation to Baysil.
No Indirect or Consequential Damages. Regardless of the above, neither of us will be liable, under any circumstances, for any indirect, special, or consequential damages arising out of or in connection with the Services, such as lost revenue or business interruption. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so this limitation may not apply depending on where you live.
Data Processing Under GDPR
When we process personal data that is subject to the General Data Protection Regulation (GDPR) on behalf of a Subscriber, some additional terms apply. In these terms:
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified natural person or which can be used (directly or indirectly) to identify a natural person, such as name, address, email address, username, credit card, billing information, health information or other like information.
- “Process” or “Processing” means the collection, use, storage, disclosure, erasure or destruction of Personal Data, or any other operation or set of operations performed on Personal Data, whether or not by automated means.
Roles. The Subscriber will act as the “Controller”, being the party who determines the purposes and means of the Processing of Personal Data. Baysil will act as the “Processor” being the service provider who Processes Personal Data on behalf of the Subscriber. Each party will comply with the provisions of the GDPR that apply to its role as Controller or Processor, respectively.
Purpose and Duration of Processing. Each party will Process Personal Data only as necessary for the provision and use of the Services, and for as long as the Subscriber has a valid paid subscription to the Services.
Categories of Personal Data. The categories of Personal Data to be Processed will be determined by the Subscriber, but may include: name, address, email address, telephone number, health insurance information, billing information and data concerning health. The categories of individuals whose Personal Data may be processed are: employees, contractors and patients or clients of the Subscriber.
Obligations. Baysil will:
- Process Personal Data only on the written instructions of the Subscriber. These Terms are the Subscriber’s written instructions for this purpose. The Subscriber warrants that it is and will remain authorized to give these instructions, as well as any future instructions regarding the Processing of Personal Data, and that the Subscriber’s instructions will comply with the GDPR;
- Not transfer Personal Data to a country outside the European Union, the EEA or the United Kingdom, except where such third country provides appropriate safeguards by way of an adequacy decision (such as Canada) or where the recipient of the Personal Data provides appropriate safeguards through adherence to an approved certification framework (such as the EU-US Privacy Shield), Standard Contractual Clauses or binding corporate rules, or other legal mechanisms are in place to safeguard the Personal Data being transferred;
- Ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- Implement and maintain appropriate technical and organizational measures to protect the security, confidentiality and integrity of the Personal Data (including as appropriate, pseudonymization, encryption, incident management, restoration and access controls), and will regularly monitor compliance with these measures;
- Use only sub-processors who maintain at least the same level of security measures and adequate safeguards as required under these Terms and who have entered a written agreement (which may be electronic) with Baysil requiring such measures and safeguards. Baysil will inform the Subscriber of any intended changes to its sub-processors. If a sub-processor fails to fulfill its data protection obligations, Baysil will be liable for the performance of such obligations;
- Notify the Subscriber, without undue delay, after becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data processed by Baysil, and take all steps reasonably within Baysil’s control to mitigate and remediate the breach;
- Meet its obligations under the GDPR to assist the Subscriber, insofar as this is possible and at the expense of the Subscriber, to: respond to individuals’ requests to exercise their rights with respect to their Personal Data being Processed by Baysil; provided however, that Baysil will not respond directly to any individual; and
- Meet the Subscriber’s legal obligations with respect to breach notification, data protection impact assessments, or the cooperation or prior consultation with a supervisory authority with respect to Personal Data processed by Baysil;
- Upon request of the Subscriber, either delete or return Personal Data after completion of Services relating to the Processing, subject to any legal or regulatory obligations to maintain or store the Personal Data; and
- Provide the Subscriber with all information necessary to demonstrate Baysil’s compliance with the GDPR, and contribute to audits or inspections to be conducted by or on behalf of the Subscriber no more than once in any calendar year, unless an additional audit is required by the GDPR or regulatory authority, or is reasonably necessary due to genuine concerns regarding Baysil’s compliance with these terms. The Subscriber will provide reasonable advance notice of any audit and will abide by Baysil’s reasonable security requirements. Baysil may charge for any time expended for such audit or inspection at Baysil’s then-current hourly rates.
Notices, Governing Laws, and Disputes
Notices. Baysil will provide Subscribers with notices, alerts and communications regarding the Services and these Terms electronically to the email address on file for the user designated as the Subscription Owner. Any notice you are required or wish to provide to Baysil may be provided to the contacts shown below under Contacting Us.
Governing Law. The Services are provided by Baysil from its offices in Waterloo, Canada. All matters relating to access to and use of the Services will be governed by the laws of the Province of Ontario in Canada.
Disputes. In the event of a dispute, we both agree to try and settle the dispute through consultation and negotiation in good faith and a spirit of mutual cooperation. We may also agree to use some form of non-binding alternative dispute resolution, such as mediation. If we are unable to resolve the dispute within 60 days after it first arose, we will resolve the dispute by binding arbitration before a single arbitrator with relevant experience. The arbitration will be held in Waterloo, Ontario, and will be administered by ICDR Canada ( www.icdr.org/icdrcanada ) in accordance with its Canadian Expedited Procedures.