DIGITAL SERVICES AGREEMENT
This Digital Services Agreement (this “Agreement”) is made and entered into as of the date of the first Order entered into by the Parties (the “Effective Date”), by and between Lirio, Inc., a Delaware corporation, with offices located at 320 Corporate Drive NW, Knoxville, Tennessee 37923 (“Lirio”), and the client identified in the Order (as “Client”). Lirio and Client may be identified individually as a “Party” and collectively as the “Parties.” 
This Agreement is the Parties’ entire agreement on this subject and merges and supersedes all related prior and contemporaneous agreements. By agreeing to these terms, Client represents and warrants that it has the authority to accept this Agreement, and Client also hereby agrees to be bound by its terms. This Agreement applies to all Orders entered into under this Agreement.
For good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

 
1.	DEFINITIONS.
1.1.	“Client Data” means all data provided by or on behalf of Client in connection with the Services, including Client Materials (as hereinafter defined).
1.2.	“Licensed Creative” means the form and content of the creative, including, but not limited to, email, SMS or multi-media messaging (MMS) communication customized with Client Materials as set forth in an Order. 
1.3.	“Order(s)” means an ordering document used to transact the Services through either Microsoft AppSource or Azure Marketplace. 
1.4.	“Services” means all services performed or provided by Lirio for Client under this Agreement and described in the applicable Order, including without limitation digital services (which may include the provision of email, text messaging (SMS), or multi-media messaging (MMS) services for Client), development of the Licensed Creative(s), and provision of support services. Service availability may vary by region.
2.	SERVICES.
2.1.	Services. Upon acceptance of an Order, and subject to Client’s compliance with this Agreement, Lirio grants Client a nonexclusive and limited license to use the ordered Services. These licenses are solely for Client’s own use and business purposes and are nontransferable except as expressly permitted under this Agreement or Applicable Law (as defined below). The license shall expire at the end of the applicable subscription period set forth in the applicable Order. 
2.2.	Client Materials. Upon request by Lirio, Client shall provide or approve all information and/or items required for Lirio to execute the Services, including, as applicable: 
(a)	Brand Guidelines;
(b)	Communication Policies;
(c)	Suppression file(s); 
(d)	Postal address of Client to include in the Licensed Creative if not already included; 
(e)	“From”, “Reply” line; and
(f)	Any fields or other information necessary for personalization of the Licensed Creative, including without limitation, information regarding Client’s customers or members logos, names, programs, links, products, services or those of Client’s competitors’ (including performance data and product claims and comparisons) and/or such other information as provided by Client or on behalf of Client (collectively, the “Client Materials”). The Parties acknowledge that Client Materials may include PII, PHI or other Client Confidential Information (each as defined herein), and such Client Materials shall be used in accordance with this Agreement.
2.3.	Right to Review. Lirio shall have the right, but not the obligation, to review and approve the Client Materials provided to Lirio by or on behalf of Client as well as the right to refuse to send any such Licensed Creative should Lirio deem, in its sole discretion, to be spam, inappropriate or in violation of Applicable Laws.  Lirio shall have the right, in order to comply with Applicable Laws, to terminate the delivery of any Licensed Creative at any time without liability to Client, except for a refund or credit of amounts previously paid by Client to Lirio for records that have not yet been fulfilled, provided that Lirio shall notify Client in writing promptly upon Lirio’s decision to terminate such delivery. Client acknowledges and agrees that Lirio shall not be held responsible or liable for delivery or blocking issues with respect to the Services, and that Lirio shall not issue any make-goods, re-blasts, credits or refunds to Client because of any such issues.
2.4.	Content/Email and Texting Practices. 
(a)	Client shall be solely responsible for (i) providing to Lirio all required labeling, privacy notices and other legal copy as required by Applicable Laws including in relation to the dissemination and publication of Client’s advertising, promotion, sweepstakes, transactional or other similar materials, as approved by Client’s legal compliance review process; and (ii) approving the content of any proposed Licensed Creative using tools for documenting approval provided by Lirio.
(b)	Client acknowledges and agrees that Client shall be solely responsible for obtaining any legally required consent (each, a “Consent”) from Client’s patients, employees, clients and any other individuals (the “Recipients”) sufficient to allow Lirio to perform the Services hereunder, including without limitation consent to the use of unsecure/unencrypted text messages. Client shall comply with all applicable laws, rules, and regulations, including without limitation HIPAA (45 CFR Parts 160 and 164), the Telephone Consumer Protection Act (TCPA), the General Data Protection Regulation (EU 2016/679) (GDPR), the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, CASL (if requirements provide for email to Canadian residents) and all Federal Communication Commission (FCC) and/or Federal Trade Commission (FTC) or other agency rules and regulations that implement the foregoing laws, and any other laws prohibiting or regulating SMS, OTT messaging, email, or other messages that may be transmitted via the Services whether applicable in Client’s jurisdiction or in the jurisdiction of all persons or entities to whom Client directs electronic communications when using the Services; Mobile Marketing Association (MMA) guidelines, and Cellular Telephone Industries Association (CTIA) guidelines (the “Applicable Laws”). Client must keep clear records of collected Consents and maintain at least the following information: (i) who Consented, (ii) when they Consented, (iii) what they were told at the time of Consent, (iv) how they Consented, and (v) whether they have withdrawn Consent. 
2.5	Unsubscribes and Opt-Outs. In the event Client receives a request from a Recipient receiving the Services to “unsubscribe” in response to a text message, MMS or email message or otherwise learns that a Recipient has withdrawn a Consent, Client shall promptly notify Lirio in writing within at least twenty-four (24) hours. 
2.6	Use of Tags and Cookies Disclosures. 
(a)	Client shall update its privacy policies to the extent necessary to address the features and functions of the Services, including, without limitation, the use of Engagement Metrics (as defined below) by Lirio as well as third parties and for promulgating such policies with its Recipients consistent with Applicable Law.
(b)	Client acknowledges and agrees that the Services will implement one or more tags, cookies, pixels, re-directs or similar engagement analytics technologies (the “Engagement Metrics”) in Client’s email messages, text messages (SMS), and/or multi-media messages (MMS) that are intended to enable Lirio to collect and analyze a Recipient’s interactions with the email messages, text messages (SMS), and/or multi-media messages (MMS) and certain online browsing information.  Lirio will use the foregoing information that it collects to provide the Services, including to improve and to enhance the Services, consistent with this Agreement.  The Parties acknowledge that the foregoing information collected by Lirio once de-identified in compliance with 45 CFR 164.514(a-c) is not considered Client Data or Client Confidential Information.
2.7	Addendum.  To the extent Client elects for Lirio to provide the Services utilizing and/or integrated into Client’s platform or instance, as set forth in an Order, the Parties expressly acknowledge and agree that the Addendum for Services Provided via Client’s Platform or Instance located at https://lirio.com/services-addendum/ shall apply thereto and is incorporated herein by this reference.
2.8	Suspension. In the event Client breaches this Section 2, Lirio may suspend the Services.  Lirio will provide prompt notice to Client prior to such suspension and will work with Client to resolve issues and to restore the Services.  Lirio shall have the right, but not the obligation, to monitor at any time, for any reason at its sole discretion, the Client Data and Licensed Creatives in order to determine compliance with this Agreement and/or Order or Applicable Laws; however, Lirio shall not be responsible or liable for, nor shall it have any obligation to, monitor the Client Data and/or Licensed Creatives.
2.9	Lirio Obligations.  
(a)	Lirio Representatives. Lirio shall designate employees or contractors that it deems sufficient to perform the Services (“Lirio Representatives”).
(b)	Support. Lirio shall provide Client with access to Lirio’s Client service representatives at help@lirio.com. 
2.10	Assistance. Upon request, Client shall provide Lirio with all information, documentation, and other support as may be reasonably required for Lirio to perform the Services. Lirio may rely upon the accuracy and/or validity of any instructions, authorizations, approvals, or other information provided to Lirio by Client, including without limitation the Client Data. Client acknowledges that Lirio’s ability to deliver the Services is dependent upon Client’s full and timely cooperation with Lirio, as well as the accuracy and completeness of the Client Data. Lirio may adjust the delivery and performance schedule of any applicable Services due to any act, omission, or failure by Client to timely provide such information or assistance. 
3.	PAYMENT TERMS.
3.1	Fees. Microsoft will invoice and charge Client under the terms of the Microsoft Commercial Marketplace Terms of Use agreed upon by Client and the applicable Order.
3.2	Taxes. Client shall be solely responsible for the payment of any and all taxes arising out of this Agreement, including any sales, use, cloud or hosted, and property taxes, and any taxes that may be determined to be due and owing by Client at a future date, except for taxes on Lirio’s income or assets. To the extent Client is exempt from such taxes for the purchase of any products or services under this Agreement, Client first shall provide Lirio with a signed original certificate of exemption and, in such event, this Section shall not apply to Client.
4.	CONFIDENTIALITY.
4.1.	Confidential Information. 
(a)	“Confidential Information” means any and all proprietary or confidential information and materials, including without limitation, trade secrets, ideas, improvements, processes, concepts, research, current and anticipated Client requirements, pricing, market studies, Client lists, data, know-how, products, services, suppliers, business plans, prices and costs, the terms of this Agreement, and all other information that by its nature or the nature of its disclosure reasonably should be considered confidential, that is disclosed by one Party to the other Party, either directly or indirectly, during the Term of this Agreement (whether in writing or in oral, graphic, electronic, or any other form). “Confidential Information” also includes, without limitation (a) third-party confidential information that the disclosing Party is obligated to keep confidential, and (b) all information that contains or otherwise reflects or is derived, directly or indirectly, from any information described in this paragraph, including all notes, analyses, compilations, studies, or other documents prepared by the disclosing Party that contain or otherwise reflect or are derived, directly or indirectly, from such Confidential Information. “Confidential Information” shall not include information that can be shown through written documentation to be: (i) in the public domain through no breach of this Agreement by the receiving Party or a third party acting on its behalf; (ii) known to the receiving Party from a third-party source without violation of any obligation of confidentiality to the disclosing Party; or (iii) lawfully known by the receiving Party prior to disclosure of such information by the disclosing Party. 
(b)	Except as otherwise permitted in writing by the disclosing Party, the receiving Party will (i) use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but in no event less than reasonable care), (ii) not disclose or use any Confidential Information of the disclosing Party for any purpose outside the scope of this Agreement, and (iii) limit access to Confidential Information of the disclosing Party to those of its employees, contractors, advisors, and agents with a need to know or who need access for purposes consistent with this Agreement and who are bound by confidentiality obligations at least as stringent to those in this Agreement.
(c)	Notwithstanding any other provision of this Agreement, the receiving Party may disclose Confidential Information pursuant to any governmental or judicial order applicable to the receiving Party, provided that the receiving Party first notifies the disclosing Party sufficiently in advance of such order and provides the disclosing Party with reasonable assistance at the disclosing Party’s expense so that the disclosing Party may object to such order or make such disclosure subject to a protective order or confidentiality agreement. 
(d)	For the avoidance of doubt, the Lirio Intellectual Property (as defined herein) shall be considered the Confidential Information of Lirio, and the Client Intellectual Property (as defined herein) shall be considered the Client’s Confidential Information. Each Party retains all rights in its Confidential Information.
4.2.	Injunctive Relief. The receiving Party acknowledges that the remedy at law for any breach or threatened breach of Sections 2.1 or 4 shall be inadequate and that the disclosing Party shall be entitled to seek injunctive relief against any such breach or threatened breach, without posting any bond or showing of irreparable harm, in addition to any other remedy available to it.
4.3.	Return of Confidential Information. The receiving Party shall promptly destroy or return all tangible and intangible material in its possession or control embodying the disclosing Party’s Confidential Information (in any form and including, without limitation, all summaries, copies, and excerpts of Confidential Information) promptly after the disclosing Party makes a written request therefor. Within thirty (30) days after the disclosing Party has requested the return or destruction of the Confidential Information, the receiving Party shall certify in writing to the disclosing Party that all such Confidential Information has been returned and/or permanently destroyed.  Notwithstanding the foregoing, the receiving Party may retain copies of the disclosing Party’s Confidential Information: (a) to the extent required under applicable law, or (b) that are stored on such Party’s backup and disaster recovery systems until the ordinary course deletion thereof. The receiving Party shall continue to be bound by the terms and conditions of this Agreement with respect to such retained Confidential Information.
5.	DATA PROTECTION
5.1.	Business Associate Agreement.  The Parties shall comply with the terms of that certain Business Associate Addendum, attached hereto as Schedule A and incorporated herein by this reference (the “BAA”), which shall be deemed to cover the treatment of any PHI.
5.2.	Security. Lirio shall take appropriate security measures that are required by Applicable Laws and in accordance with industry practice relating to data security.
6.	INTELLECTUAL PROPERTY RIGHTS.
6.1.	Lirio Intellectual Property. 
(a)	Lirio Rights. As between Lirio and Client, Lirio retains sole and exclusive ownership of, and all rights, title, and interests in and to the Services, Licensed Creatives and all documents, work product, and other materials that are delivered to Client and or Recipients under this Agreement or prepared by or on behalf of Lirio in the course of performing the Services, including any items identified as such in an Order, including all modifications, enhancements, patches, bug fixes, releases, version or other updates or upgrades to the Services generally provided to the Clients of Lirio at no additional cost (“Updates”), modifications, or derivative works thereof (regardless of who developed the enhancements, modifications, or derivative works and the source of inspiration for any such enhancements, modifications, or derivative works) (collectively, the “Lirio Intellectual Property”) excluding any Confidential Information of Client or Client Data. Except for the limited rights expressly granted in this Agreement, no other rights or licenses in or to the Lirio Intellectual Property are granted to Client under this Agreement. 
(b)	Licensed Creatives. Nothing herein shall be deemed to grant Client a license to the Licensed Creatives. 
(c)	Restrictions. Except as expressly permitted in this Agreement, Client shall not, and shall not permit any third party to: (i) translate, adapt, modify, copy, update, revise, enhance, or otherwise alter or create derivative works based on the Lirio Intellectual Property; or (ii) rent, sell, commercialize, lease, sublicense, assign, distribute, or otherwise make available the Lirio Intellectual Property to any third party. 
(d)	Third Party Intellectual Property. Client acknowledges and agrees that the Licensed Creative may include third party intellectual property, including without limitation, original photography, stock photography, fonts, illustrations, and other copyrightable works (“Third Party Intellectual Property”). Lirio will inform Client of any restrictions on the use of the Third Party Intellectual Property incorporated into Licensed Creatives in writing.  Client agrees to abide by the usage restrictions for the Third Party Intellectual Property (if any) and will release, hold harmless, indemnify and defend Lirio from and against any claims arising out of Client’s non-compliance with such restrictions. 
6.2.	Client Intellectual Property. 
(a)	Client Rights. The Parties acknowledge and agree that all Client Data provided to or accessed by Lirio under this Agreement, is and shall remain proprietary to and owned by Client (collectively, the “Client Intellectual Property”). 
(b)	Client Data. As between Lirio and Client, Client exclusively owns all right, title and interest in and to all Client Data.  Lirio may use on a perpetual, irrevocable basis Client Data that has been de-identified or anonymized as permitted by Applicable Laws such that the data constitutes de-identified data under 45 CFR 164.514(a-c). Notwithstanding the foregoing, Lirio shall own all right, title and interest in and to any and all Generated Output (as defined below) resulting from the performance of Services hereunder and may use such Generated Output for any purpose, including without limitation, the development and provision of the Services and Licensed Creatives and any other services and/or materials. As used herein, “Generated Output” mean information that has been de-identified under 45 CFR 164.514(a-c) and that is information of general applicability to the Services and the results thereof, including without limitation, any ideas, analytics, concepts, know-how, and techniques contained therein or derived therefrom. 
(c)	Use of Client Intellectual Property; Promotion. Client hereby grants Lirio a limited, royalty-free, and non-exclusive license during the Term to use the Client Intellectual Property for the purpose of performing the Services, including without limitation, development and provision of the Licensed Creatives. Lirio shall also have the right to use Client’s trademarks, name, and logo to promote the Services in advertising, media, or other marketing materials with Client’s approval. No rights, title, or interests in any such trademarks is intended to be given to or acquired by Lirio, and Lirio shall not use the trademarks for any purpose or activity except as expressly authorized in this Agreement. All goodwill arising from Lirio’s approved use of Client’s trademarks shall inure to the benefit of Client. 
6.3.	Suggestions and Feedback. Client hereby grants to Lirio a perpetual, worldwide, transferable, sublicenseable, irrevocable, royalty-free right and license to use, modify or incorporate into the Services any ideas, suggestions, enhancements, recommendations or other feedback including without limitation, any and all usage statistics, analytic data, benchmarking data and/or similar types of data that describe or relate to the performance, features or functionality of the Services, provided by or on behalf of Client.
7.	WARRANTIES; DISCLAIMER.
7.1.	Representations and Warranties. 
(a)	Lirio’s Warranties. Lirio represents, warrants and covenants that it: (i) has the full right, power, and authority to enter into and perform its obligations under this Agreement; (ii) shall perform the Services in accordance with the terms and subject to the conditions set out in the respective Order and this Agreement; (iii) shall perform the Services using personnel of commercially reasonable skill, experience and qualifications; and (iv) shall perform the Services in a timely, workmanlike, and professional manner in accordance with generally recognized industry standards for similar services. 
(b)	Client’s Warranties. Client represents, warrants and covenants that: (i) no Confidential Information of Client, Client Data, or any other information provided to Lirio from Client infringes, misappropriates or violates any intellectual property or other right of any person or entity; (ii) it has formalized and instituted a privacy policy, or similar legal disclosure regarding the uses, disclosures and processing by Lirio (including vendors on its behalf), of information that can identify any individual, including an individual’s name, address, telephone number, e-mail address, credit or debit card information, social security number or other similar specific factual identifying information (“PII”) and “protected health information” as defined in 45 C.F.R. 160.103 (“PHI”) regardless of the media on which such information is stored and shall adhere to such privacy policy, and such privacy policy permits the provision of the Services as contemplated by this Agreement; and (iii) any third party information, including PII and PHI, provided to Lirio is authorized to be shared by such third party. 
7.2.	Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 7.1, THE SERVICES AND LICENSED CREATIVES ARE PROVIDED “AS IS,” “AS AVAILABLE,” AND “WITH ALL FAULTS,” AND LIRIO MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAWS. THE PARTIES AGREE THAT, AS BETWEEN CLIENT AND LIRIO, CLIENT IS RESPONSIBLE FOR THE ACCURACY AND QUALITY OF CLIENT DATA AND CLIENT CONFIDENTIAL INFORMATION. NO EMPLOYEE, AGENT, REPRESENTATIVE, OR AFFILIATE OF LIRIO HAS AUTHORITY TO BIND LIRIO TO ANY ORAL REPRESENTATIONS OR WARRANTIES CONCERNING THE SERVICES. ANY WRITTEN REPRESENTATION OR WARRANTY NOT EXPRESSLY CONTAINED IN THIS AGREEMENT SHALL NOT BE ENFORCEABLE. CLIENT ACKNOWLEDGES AND AGREES THAT THE SERVICES ARE AN ADMINISTRATIVE TOOL DESIGNED TO ASSIST CLIENT’S BUSINESS AND MARKETING OPERATIONS.  HOWEVER, CLIENT REMAINS SOLELY RESPONSIBLE FOR ITS SERVICES AND ALL CODING, DATA ELEMENTS, DOCUMENTATION AND/OR CLAIMS FOR REIMBURSEMENT RELATED THERETO.  THE SERVICES DO NOT PROVIDE MEDICAL, LEGAL OR BILLING ADVICE.  CLIENT EXPRESSLY ACKNOWLEDGES AND AGREES THAT LIRIO IS NOT RESPONSIBLE FOR THE RESULTS OF ANY DECISIONS MADE BASED ON ANY USE OF THE SERVICES. CLIENT SHALL BE SOLELY RESPONSIBLE FOR ALL BACKUP AND PROTECTION OF ANY DATA AND INFORMATION THAT MAY BE LOST THROUGH TERMINATION OF CLIENT’S ACCESS TO THE SERVICES.
8.	INDEMNIFICATION.
8.1.	Indemnification by Client. Client shall indemnify, defend, and hold harmless Lirio from and against any third-party claims (each, a “Claim”) and all resulting losses, liability, damages, costs, and expenses (including reasonable attorneys’ fees and expenses incidental thereto) arising out of or resulting from: (a) Client’s breach of this Agreement or any use of the Licensed Creatives or Services in breach of this Agreement, including without limitation, Sections 2 or 3 hereof; and (b) any Client Data, except to the extent resulting from Lirio’s misuse of such Client Data in violation of this Agreement. 
8.2.	Indemnification by Lirio. Lirio shall indemnify, defend, and hold harmless Client from and against any Claim and all resulting losses, liability, damages, costs, and expenses (including reasonable attorneys’ fees and expenses incidental thereto) arising out of or resulting from an allegation that the Licensed Creatives or use of the Services by Client, as contemplated hereunder, infringes or misappropriates any copyright, trademark, or trade secret of a third-party (“Infringement Claim”). Notwithstanding the foregoing, Lirio shall have no indemnification obligation for Claims related to Client’s failure to comply with this Agreement. THIS SECTION 8.2 SETS FORTH LIRIO’S EXCLUSIVE LIABILITY, AND CLIENT’S SOLE REMEDY, FOR CLAIMS OF INTELLECTUAL PROPERTY INFRINGEMENT.
8.3.	Indemnification Process. If any Party is entitled to indemnification under this Section 8, the Party seeking such indemnification (the “Indemnified Party”) shall: (a) promptly notify the Party obligated to provide indemnification (the “Indemnitor”) of the existence of the Claim (together with copies of any applicable documents or other relevant information); (b) provide Indemnitor with reasonable assistance and cooperation in connection with the defense of the Claim, in each case at the Indemnitor’s sole expense; and (c) allow Indemnitor to control the defense of the Claim and any related settlement negotiations; provided that the Indemnified Party shall have the right to participate in such Claim or settlement negotiations with counsel of its selection and at its sole expense. The Indemnitor may not consent to entry of any judgment or enter into any settlement that imposes liability or obligations on the Indemnified Party or diminishes the Indemnified Party’s rights without first obtaining the Indemnified Party’s express written consent.
9.	LIMITATIONS ON LIABILITY. 
(A)	SUBJECT TO SECTION 9(D), IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR ANY LOST PROFITS, LOSS OF DATA OR DIMINUTION IN VALUE, LOSS OF REVENUE OR USE, OR BUSINESS INTERRUPTION, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES WHETHER ARISING OUT OF BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE AND WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
(B)	SUBJECT TO SECTIONS 9(C) AND 9(D),IN NO EVENT SHALL LIRIO’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER INCURRED WITH RESPECT TO ONE CLAIM, OR CUMULATIVELY INCURRED FROM MULTIPLE RELATED OR UNRELATED CLAIMS ARISING UNDER THIS AGREEMENT FROM TIME TO TIME, AND WHETHER ARISING OUT OF OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EXCEED THE AGGREGATE AMOUNTS PAID BY CLIENT TO LIRIO PURSUANT TO THE APPLICABLE ORDER GIVING RISE TO THE CLAIM.
(C)	SUBJECT TO SECTION 9(D),IN NO EVENT SHALL LIRIO’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO ANY UNAUTHORIZED DISCLOSURE OF CLIENT DATA DUE TO LIRIO’S BREACH OF ITS OBLIGATIONS UNDER SECTION 5, WHETHER INCURRED WITH RESPECT TO ONE CLAIM, OR CUMULATIVELY INCURRED FROM MULTIPLE RELATED OR UNRELATED CLAIMS ARISING UNDER THIS AGREEMENT FROM TIME TO TIME, EXCEED TWO TIMES (2X) THE AGGREGATE AMOUNTS PAID BY CLIENT TO LIRIO PURSUANT TO THE APPLICABLE ORDER GIVING RISE TO THE CLAIM.
(D)	NO LIMITATION OR EXCLUSIONS IN THIS SECTION 9 WILL APPLY TO LIABILITY ARISING OUT OF EITHER PARTY’S: (I) INDEMNIFICATION OBLIGATIONS; (II) VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS; OR (III) GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR FRAUD.
10.	TERM AND TERMINATION.
10.1.	Term.  
(a)	Agreement Term. Unless earlier terminated in accordance with this Agreement, the term of this Agreement shall be one (1) year commencing on the Effective Date. The term of this Agreement shall automatically renew for successive one (1) year terms unless either Party provides the other Party with written notice of non-renewal at least sixty (60) days’ prior to the expiration of the then-current term. Notwithstanding any expiration of the Agreement term, the Agreement shall remain in effect with respect to all Orders then in effect until the expiration or termination of all such Orders.
(b)	Order Term. The term for each Order will be set forth therein.  Unless otherwise set forth in the Order, each Order term will automatically renew unless either Party provides the other Party with written notice of non-renewal at least sixty (60) days’ prior to the expiration of the then-current term. 
10.2.	Mutual Termination.  Either Party may terminate this Agreement and/or any Order in the event the other Party: (a) materially breaches this Agreement or an Order and fails to cure the breach within thirty (30) days following receipt of written notice from the non-breaching Party; (b) becomes insolvent or admits its inability to pay its debts generally as they become due; (c) becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law, which is not fully stayed within seven (7) days or is not dismissed or vacated within forty-five (45) days after filing; (d) is dissolved or liquidated or takes any corporate action for such purpose; (e) makes a general assignment for the benefit of creditors; or (f) has a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business. If Client terminates this Agreement or any Order pursuant to Section 10.2(a), Lirio shall refund Client all pre-paid Fees (if any) as of the date of termination within thirty (30) days after the effective date of termination. 
10.3.	Effect of Termination.  Upon expiration or termination of this Agreement: (a) Lirio shall immediately terminate Client’s access to the Services; and (b) Client shall cease all use of the Services. Client shall pay Lirio for all amounts payable through to the effective date of termination. In addition, Client shall immediately return to Lirio or permanently destroy all Confidential Information of Lirio and copies of the Licensed Creatives in Client’s control or possession. Within thirty (30) days of the termination or expiration of this Agreement, Client shall certify in writing to Lirio that all such Confidential Information has been returned and/or permanently destroyed. The following provisions shall survive termination or expiration of this Agreement: Sections 1, 2.4, 4, 6, 7.2, 8, 9, 10.3, and 11.  
11.	GENERAL PROVISIONS. 
11.1.	Insurance. At all times while obligated to perform Services under this Agreement, Lirio will maintain in force, at its expense, insurance of the type and such amounts as is reasonably customary for providers of services similar to those set forth in an Order. 
11.2.	Entire Agreement; Amendments; No Waiver. This Agreement, together with the BAA, Orders, and any addenda, exhibits, schedules, attachments and appendices incorporated into the foregoing, constitutes the entire agreement between the Parties, and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. The BAA, Orders, and all other attachments attached hereto are incorporated by this reference. If there is a conflict between any parts of this Agreement, the following order of precedence will apply: (i) the BAA; (ii) the applicable Order; (iii) this Agreement; No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the Party against whom the modification, amendment or waiver is to be asserted. Notwithstanding any language to the contrary therein, no terms or conditions stated in a purchase order or in any other Client order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void. Any failure of a Party to exercise or enforce any of its rights under this Agreement will not act as a waiver of such rights. 
11.3.	Notices.  All notices, requests, consents, claims, demands, waivers and other communications under this Agreement (each, a “Notice”) must be in writing and addressed to the other Party at its address set forth on the Order. Unless otherwise agreed herein, all Notices must be delivered by personal delivery, nationally recognized overnight courier, certified or registered mail (in each case, return receipt requested, postage prepaid), or e-mail.  Except as otherwise provided in this Agreement, a Notice is effective only (a) on receipt by the receiving Party; and (b) if the Party giving the Notice has complied with the requirements of this Section 10.3. 
10.4.	Assignment. Client shall not assign, transfer, delegate, or subcontract any of its rights or delegate any of its obligations under this Agreement without the prior written consent of Lirio. Any purported assignment or delegation in violation of this Section 10.4 shall be null and void. No assignment or delegation shall relieve Client of any of its obligations under this Agreement. Lirio may assign any of its rights or delegate any of its obligations to any affiliate or in the event of a change of control, merger, or sale of substantially all of Lirio’s assets without Client’s consent. Lirio may subcontract its obligations hereunder to third-party service providers or subcontractors, provided that Lirio will remain responsible for the obligations performed by any such service providers and subcontractors to the same extent as if such obligations were performed by Lirio hereunder.   
10.5.	Choice of Law. This Agreement, including all exhibits attached hereto, shall be governed exclusively by the laws of the State of New York, United States of America, without regard to its conflicts of laws rules. 
10.6.	Waiver of Jury Trial. EACH PARTY ACKNOWLEDGES THAT ANY CONTROVERSY THAT MAY ARISE UNDER THIS AGREEMENT, INCLUDING EXHIBITS, SCHEDULES, ATTACHMENTS, AND APPENDICES ATTACHED TO THIS AGREEMENT, IS LIKELY TO INVOLVE COMPLICATED AND DIFFICULT ISSUES AND, THEREFORE, EACH SUCH PARTY IRREVOCABLY AND UNCONDITIONALLY WAIVES ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LEGAL ACTION ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING ANY EXHIBITS, SCHEDULES, ATTACHMENTS, OR APPENDICES ATTACHED TO THIS AGREEMENT, OR THE TRANSACTIONS CONTEMPLATED HEREBY.
10.7.	Force Majeure. Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement when and to the extent such failure or delay is caused by or results from acts or circumstances beyond the reasonable control of such Party, including, without limitation, acts of God, flood, fire, earthquake, explosion, governmental actions, war, invasion or hostilities (whether war is declared or not), terrorist threats or acts, riot, or other civil unrest, national emergency, revolution, insurrection, epidemic, pandemic, viral outbreak, lock-outs, strikes or other labor disputes (whether or not relating to either Party’s workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials, materials or telecommunication breakdown or power outage.
10.8.	Miscellaneous. The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. There are no third-party beneficiaries to this Agreement. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect. This Agreement may be executed in counterparts, each of which is an original but all of which, together, shall constitute but one and the same instrument.
[Remainder of Page is Intentionally Blank]  
 
SCHEDULE A
Business Associate Addendum
This Business Associate Addendum (the “Addendum”) supplements that certain Digital Services Agreement (the “Agreement”) by and between Client (as defined in the Agreement) (“Entity”) and Lirio, Inc. (“Associate”).

Entity and Associate agree that the Parties incorporate this BAA into the Agreement in order to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and their implementing regulations set forth at 45 C.F.R. Parts 160 and Part 164 (the “HIPAA Rules”). To the extent Associate is acting as a Business Associate of Entity pursuant to the Agreement, the provisions of this BAA shall apply.
1.	Definitions. Capitalized terms not otherwise defined in this BAA shall have the meaning set forth in the HIPAA Rules. References to “PHI” mean Protected Health Information maintained, created, received or transmitted by Associate in its capacity as a Business Associate of Entity.
2.	Uses and Disclosures. Associate will neither use nor disclose PHI except as permitted or required by this BAA or as Required By Law. To the extent Associate is to carry out an obligation of a Covered Entity under 45 CFR Part 164, Subpart E, Associate shall comply with the requirements of 45 CFR Part 164, Subpart E that apply to such Covered Entity in the performance of such obligation. Associate is permitted to use and disclose PHI: 
(a)	to perform any and all obligations of Associate pursuant to the Agreement, provided that such use or disclosure would not violate the HIPAA Rules, if done by Entity directly; 
(b)	as otherwise permitted by law, provided that such use or disclosure would not violate the HIPAA Rules, if done by Entity directly and provided that Entity gives its prior written consent; 
(c)	to perform Data Aggregation services relating to Entity’s health care operations; 
(d)	to report violations of the law to federal or state authorities consistent with 45 CFR § 164.502(j)(1);
(e)	as necessary for Associate’s proper management and administration and to carry out Associate’s legal responsibilities (collectively “Operations”), provided that Associate may only disclose PHI for Operations if the disclosure is Required By Law or Associate obtains reasonable assurance, evidenced by a written contract, from the recipient that the recipient will: (1) hold such PHI in confidence and use or further disclose it only for the purpose for which it was disclosed or as Required By Law; and (2) notify Associate of any instance of which the recipient becomes aware in which the confidentiality of such PHI was breached;
(f)	to create de-identified information in accordance with 45 CFR § 164.514(b), provided that such de-identified information may be used and disclosed only consistent with Applicable Law; 
(g)	to create a limited data set as defined at 45 CFR §164.514(e)(2), provided that Associate will only use and disclose such limited data set for purposes of research, public health or health care operations and will comply with the data use agreement requirements of 45 CFR §164.514(e)(4), including that Associate will not identify the information or contact the individuals;
(h)	for purposes of research in compliance with 45 CFR §164.512(i) or the terms of authorizations that comply with 45 CFR §164.508, provided that Entity has approved the research project.
In the event Entity notifies Associate of an Individual’s restriction request granted pursuant to 45 CFR §164.522 that would restrict a use or disclosure otherwise permitted by this Section, Associate shall comply with the terms of the restriction request.   
3.	Safeguards. Associate agrees to use appropriate safeguards, and comply with applicable provisions of 45 C.F.R. Part 164, Subpart C with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA.
4.	Mitigation. Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Associate as a result of a use or disclosure of PHI by Associate in violation of this BAA.
5.	Reporting. To the extent Associate becomes aware or discovers any use or disclosure of PHI not permitted by this BAA, any Security Incident involving electronic PHI or any Breach of Unsecured Protected Health Information involving PHI, Associate shall promptly report such use, disclosure, Security Incident or Breach to Entity. Notwithstanding the foregoing, the Parties acknowledge and agree that this Section constitutes notice by Associate to Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to Entity shall be required. “Unsuccessful Security Incidents” shall means pings and other broadcast attacks on Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of electronic PHI. All reports of Breaches shall be made in compliance with 45 CFR § 164.410. 
6.	Subcontractors. Associate agrees, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restriction and conditions that apply to the Business Associate with respect to such information.
7.	Access and Amendment.  In accordance with 45 CFR § 164.524, Associate shall permit Entity or an Individual (or the Individual’s designee) to inspect and obtain copies of any PHI about the Individual that is maintained by Associate in a Designated Record Set. Associate will, upon receipt of notice from Entity, promptly amend or permit Entity access to amend PHI held in a Designated Record Set by Associate so that Entity may meet its amendment obligations under 45 CFR § 164.526.
8.	Minimum Necessary. Associate will limit its uses and disclosures of, and requests for, PHI (i) when practical, to the information making up a Limited Data Set; and (ii) in all other cases subject to the requirements of 45 CFR § 164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request.
9.	Accounting. Except for disclosures excluded from the accounting obligation by the HIPAA Rules, Associate agrees to maintain and make available the information required to provide an accounting of disclosures to Entity as necessary to satisfy Entity’s obligations under 45 C.F.R. § 164.528.
10.	Books and Records.  Associate will make its internal practices, books, and records, relating to its use and disclosure of PHI, available upon request to HHS to determine compliance with the HIPAA Rules.
11.	Entity Obligations. Entity shall notify Associate of (i) any limitations in its notice of privacy practices, (ii) any changes in, or revocation of, permission by an Individual to use or disclose PHI, and (iii) any confidential communication request or restriction on the use or disclosure of PHI that Entity has agreed to or with which Entity is required to comply, to the extent any of the foregoing affect Associate’s use or disclosure of PHI. Entity shall not request Associate to use or disclose PHI in a manner not permitted by the HIPAA Rules, shall obtain all permissions or authorizations, if any, required to disclose PHI to Associate in order for Associate to perform its obligations under the Agreement, and only disclose to Associate the minimum Protected Health Information necessary to allow Associate to perform its obligations under the Agreement.
12.	Term and Termination. This BAA shall be effective as of the effective date of the Agreement and shall remain in effect until termination of the Agreement. Either Party may terminate this BAA and the Agreement effective immediately if it determines that the other Party has breached a material provision of this BAA and failed to cure such breach within thirty (30) days of being notified by the other Party of the breach. If the non-breaching Party determines that cure is not possible, such Party may terminate this BAA and the Agreement effective immediately upon written notice to other Party.
Upon termination of this BAA for any reason, Associate will, if feasible, return to Entity or destroy all PHI maintained by Associate in any form or medium, including all copies of such PHI. Further, Associate shall recover any PHI in the possession of its Subcontractors and return to Entity or securely destroy all such PHI. In the event that Associate determines that returning or destroying any PHI is infeasible, Associate may maintain such PHI but shall continue to abide by the terms and conditions of this BAA with respect to such PHI and shall limit its further use or disclosure of such PHI to those purposes that make return or destruction of the PHI infeasible. All of Associate’s obligations under this BAA shall survive termination and remain in effect (a) until Associate has completed the return or destruction of PHI as required by this Section and (b) to the extent Associate retains any PHI pursuant to this Section.
13.	General Provisions. In the event that any final regulation or amendment to final regulations is promulgated by HHS or other government regulatory authority with respect to PHI, the Parties shall negotiate in good faith to amend this BAA to remain in compliance with such regulations. This BAA may not be modified unless done so in writing and signed by a duly authorized representative of both Parties. Any ambiguity in this BAA shall be resolved to permit the Parties to comply with the HIPAA Rules. A reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended. Nothing in this BAA shall be construed to create any rights or remedies in any third parties or any agency relationship between the Parties. The terms and conditions of this BAA override and control any conflicting term or condition of the Agreement and replace and supersede any prior business associate agreements in place between the Parties. All non-conflicting terms and conditions of the Agreement remain in full force and effect. Notwithstanding the foregoing, this BAA shall be subject to any limitation of liability specified in the Agreement.