|
Emerald Web Shield
CONFIDENTIALITY
(NON-DISCLOSURE) AGREEMENT
(Operated
by Emerald Technology, Inc.)
Version
1.0
January 2005
This is a Confidentiality
(Non-Disclosure) Agreement between EmeraldWebShield.com. (EWS), a web
filter owned and operated by Emerald Technology, Inc. (ETI) with offices
at 2501 Clark Street Suite #102, Apopka, FL 32703, USA and all clients (Client)
that use the ESS filter.
This agreement assumes that the
Client is using the Emerald Web Shield managed web filter (Service) in
which all Client DNS Lookups travel through the EWS software for the purpose of
web site filtering.
ETI hereby agrees to treat all
Client information supplied by or on behalf of the Client as Confidential
Information. As detailed in this agreement:
-
ETI will not disclose
Confidential Information, including email information or email contents, to any
third party, unless required to do so by court order.
-
Outside of special situations
(testing, debugging, site review) detailed below, ETI staff do not view client
DNS Traffic. Additionally, ETI staff have been trained to treat Client email
with utmost confidentiality and understand that disclosing or using information
in Client email may be a felony, and each staff member has agreed in writing to
the terms hereof.
-
ETI will log visits to websites
that are not known to ETI for the purpose of site review.
This information is not identified to a specific customer.
ETI only knows that a customer viewed an unknown site.
Confidentiality
ETI agrees to treat all Client
information as Confidential Information. ETI also agrees to treat any
information the Client shares with ETI with regard to business plans, employee
numbers, IT security, IT configuration, and similar "sensitive" business
information as Confidential Information.
The term Confidential Information
does not include information which (i) is already in ETI's possession, provided
that such information is not known by ETI to be subject to another
confidentiality agreement with the Client, or (ii) becomes generally available
to the public other than as a result of a disclosure by ETI or its directors,
officers or employees, or (iii) becomes available to ETI on a non-confidential
basis from a source other than the Client or its advisors, provided that such
source is not known by ETI to be bound by a confidentiality agreement with or
other obligation of secrecy to the Client or another party.
Non-Disclosure
Only ETI's directors, officers
and employees have (limited) access to Client information. ETI will not
disclose Confidential Information to any third party, unless required to do so
by court order. In particular, ETI does not allow subcontractors, affiliates,
partners, resellers or any other third party to access Client information.
In the event a court with proper
jurisdiction subpoenas Client information, ETI will make every effort to delay
the release of information and contact the affected Client(s). Since many
Clients are entitled to additional confidentiality by Lawyer-client or
Doctor-patient privilege, ETI will challenge any court ordered subpoena.
The directors, officers and
employees of ETI have been trained to take all reasonable steps to ensure that
Client information remains confidential, and is not deliberately or
accidentally divulged to any other party.
Access to Confidential
Information
ETI limits access to Client
information to the absolute minimum necessary to operate a reliable Service.
Outside of occasional testing and debugging of the Service, no Client billing
information is seen by any staff. Only
ETI officers and senior employees perform testing and debugging, and have
access to the computers that contain or process Client billing information.
ETI agrees to use reasonable,
industry-standard security measures to prevent unauthorized access to its
computer systems. All computers that contain Confidential Information or
process (filter) web site lookups are protected by hardware and/or software
firewalls to restrict access to only authorized personal and from authorized
locations.
Logging/Archiving
ETI certifies that this Service
does not log or archive the content (body) of websites.
All domain names that flow through the ESS service are logged, but are not tied
to a specific user or domain.
While the Service logs each DNS
Lookup, the log consists of only requester's IP address, domain name to lookup,
and whether the domain was known or unknown at the time of the lookup. This
limited log is also treated as Confidential information and will be deleted
after 90 days.
Site Review
ETI uses proprietary processes to
review websites that customers visit, but are unknown to ETI.
ETI sends a webbot to download the page and attempt to classify it.
In the event that the site cannot be classified with certainty by
automated means it is flagged for human review.
These domains are not linked or logged to a specific user in any way.
Domains are kept and reviewed by ETI and its staff.
ETI and its staff will maintain the confidentiality of domain lists.
In the event a customer desires
to visit a page that is blocked they may request the site be reviewed again.
At this time the user may optionally enter an email address for us to
contact them after the review has been made.
This email address and attempted site visit are only kept for the duration of
the time it takes the review to take place.
All such requests are deleted once they have been serviced by the EWS system.
HIPAA Compliance
The
United
States
"Health Insurance Portability and Accountability Act (HIPAA) requires that
medical and patient information be treated with a high level of
confidentiality, and imposes severe penalties for the disclosure of such
information. ETI agrees to comply with the confidentiality requirements of
HIPAA.
It is ETI's opinion that this
Confidentiality Agreement exceeds the requirements of HIPAA, especially since
no patient information is stored or used by ETI, no designated client record
sets are maintained by ESS, and no web page content ever goes through our
system. Since we do not review the
page content on intranet sites there is no chance of us looking at patient
information.
Binding Effect
This agreement is binding upon,
and inures to the benefit of, the successors and assigns of the parties.
Remedies
ETI acknowledges that failure to
comply with the terms of this Agreement may cause irreparable damage to the
Client. Therefore, ETI agrees that in addition to any other remedies at law or
in equity available to the Client for ETI's breach or threatened breach of this
Agreement, the Client is entitled to specific performance or injunctive relief
against ETI to prevent such damage or breach, and the existence of any claim or
cause of action ETI may have against the Client will not constitute a defense
thereto. Both parties agree to pay reasonable attorney fees incurred by the
prevailing party in any proceeding relating to the enforcement part of the
agreement or to any alleged breach thereof.
Confirmed and Agreed to:
Emerald
Technology, Inc.
D/B/A EmeraldWebShield.com
Jason S. Short, Ph.D.
President
Date: January
2005
|
