Emerald
Spam Shield Service
CONFIDENTIALITY
(NON-DISCLOSURE) AGREEMENT
(Operated
by Emerald Technology, Inc.)
Version
1.1
October 2004
This is a Confidentiality
(Non-Disclosure) Agreement between EmeraldSpamShield.com. (ESS), an anti-spam
service owned and operated by Emerald Technology, Inc. (ETI) with offices at
2501 Clark Street Suite #102, Apopka, FL 32703, USA and all clients (Client)
that use the ESS service.
This agreement assumes that the
Client is using the Emerald Spam Shield anti-spam hosted service (Service) in
which all Client email passes through the ESS servers for the purpose of
anti-spam filtering.
ETI hereby agrees to treat all
Client email and other information supplied by or on behalf of the Client as
Confidential Information. As detailed in this agreement:
-
ETI will not log or archive the
contents (body) of email messages without explicit permission.
-
ETI will not disclose
Confidential Information, including email information or email contents, to any
third party, unless required to do so by court order.
-
If Client is a "covered entity"
under the
United
States
"Health Insurance Portability and Accountability Act" (HIPAA), the "HIPAA
Addendum" is incorporated by reference as part of this agreement.
-
Outside of special situations
(testing, debugging, spam review) detailed below, ETI staff do not view Client
email. Additionally, ETI staff have been trained to treat Client email with
utmost confidentiality and understand that disclosing or using information in
Client email may be a felony, and each staff member has agreed in writing to
the terms hereof.
Confidentiality
ETI agrees to treat all Client
email as Confidential Information, unless the email is beyond a reasonable
doubt an Unsolicited Commercial Email (UCE), i.e. "Spam". ETI also agrees to
treat any information the Client shares with ETI with regard to business plans,
employee numbers, IT security, IT configuration, and similar "sensitive"
business information as Confidential Information.
The term Confidential Information
does not include information which (i) is already in ETI's possession, provided
that such information is not known by ETI to be subject to another
confidentiality agreement with the Client, or (ii) becomes generally available
to the public other than as a result of a disclosure by ETI or its directors,
officers or employees, or (iii) becomes available to ETI on a non-confidential
basis from a source other than the Client or its advisors, provided that such
source is not known by ETI to be bound by a confidentiality agreement with or
other obligation of secrecy to the Client or another party.
ETI will always treat all
legitimate (non-UCE) Client email as Confidential Information.
Non-Disclosure
Only ETI's directors, officers
and employees have (limited) access to Client email and information. ETI will
not disclose Confidential Information, email information or email contents to
any third party, unless required to do so by court order. In particular, ETI
does not allow subcontractors, affiliates, partners, resellers or any other
third party to access Client email.
In the event a court with proper
jurisdiction subpoenas Client or email information, ETI will make every effort
to delay the release of information and contact the affected Client(s). Since
many Clients are entitled to additional confidentiality by Lawyer-client or
Doctor-patient privilege, ETI will challenge any court ordered subpoena.
The directors, officers and
employees of ETI have been trained to take all reasonable steps to ensure that
Client email remains confidential, and is not deliberately or accidentally
divulged to any other party.
Access to Confidential
Information
ETI limits access to Client email
to the absolute minimum necessary to operate a reliable Service. Outside of
occasional testing and debugging of the Service, no Client email (body) content
is seen by any staff, unless the Client explicitly permits ETI to review only
those email messages filtered by the Service. (This is detailed below.) Only
ETI officers and senior employees perform testing and debugging, and have
access to the computers that contain or process (filter) Client email.
ETI agrees to use reasonable,
industry-standard security measures to prevent unauthorized access to its
computer systems. All computers that contain Confidential Information or
process (filter) Client email are protected by hardware and/or software
firewalls to restrict access to only authorized personal and from authorized
locations.
Logging/Archiving
ETI certifies that this Service
does not log or archive the content (body) of email messages, unless the Client
explicitly permits ETI to do so for spam review purposes.
All domain names that flow through the ESS service are logged, but are not tied
to a specific user or domain.
In the event a Client's legitimate (non-UCE) email is captured during the
course of testing, debugging, or spam review, any copy/capture of the email
will be immediately deleted.
While the Service logs each email
message, the log consists of only sender's email address, IP address and the
Subject line of the email. This limited log is also treated as Confidential
information and will be deleted after 31 days.
Spam Review
Many Clients give ETI explicit
permission to monitor and review the spam which is filtered for their
domain(s). When permitted, only those emails which are filtered by the Service
are logged and reviewed by ETI staff. Since unfiltered emails are not logged or
reviewed, ETI staff will only view UCE (spam) emails and an occasional
(typically less than 1 in 10,000) legitimate email which was incorrectly
filtered by the Service. In the event a legitimate email is reviewed, all
copies of it are immediately deleted. All domains from emails that flow through
the ESS service are logged. These
domains are not linked or logged to a specific user in any way.
Domains are kept and reviewed by ETI and its staff.
ETI and its staff will maintain the confidentiality of these and all
legitimate emails.
HIPAA
The
United States
"Health Insurance Portability and Accountability Act (HIPAA) requires that
medical and patient information be treated with a high level of
confidentiality, and imposes severe penalties for the disclosure of such
information. ETI agrees to comply with the confidentiality requirements of
HIPAA, pursuant to the terms hereof and the HIPAA Addendum.
It is ETI's opinion that this
Confidentiality Agreement exceeds the requirements of HIPAA, especially since
no Client email information is stored or used by ETI, no designated client
record sets are maintained by ESS, and email not shared with any third party.
Binding Effect
This agreement is binding upon,
and inures to the benefit of, the successors and assigns of the parties.
Remedies
ETI acknowledges that failure to
comply with the terms of this Agreement may cause irreparable damage to the
Client. Therefore, ETI agrees that in addition to any other remedies at law or
in equity available to the Client for ETI's breach or threatened breach of this
Agreement, the Client is entitled to specific performance or injunctive relief
against ETI to prevent such damage or breach, and the existence of any claim or
cause of action ETI may have against the Client will not constitute a defense
thereto. ETI further agrees to pay reasonable attorney fees incurred by the
Client in any proceeding relating to the enforcement part of the agreement or
to any alleged breach thereof in which the Client will prevail in whole or in
part.
Confirmed and Agreed to:
Emerald
Technology, Inc.
D/B/A EmeraldSpamShield.com
Jason S. Short, Ph.D.
President
Date: Oct 1,
2004
|
