This privacy notice discloses the privacy practices for eCase.
- Definition: “Customer Data” means all data or information processed, generated, or displayed by, stored in, input to, or output from, eCase by a Customer or third-party authorized to use eCase by the Customer, including, without limitation, sensitive and/confidential data belonging or related to Customer or a third-party (such as personally identifiable information), and information regarding Customer’s usage of the Software.
- Rights in Data: Customer is the owner of all Customer Data and shall retain all rights and title to Customer Data, as well as all liabilities associated with its collection, processing, and retention.
- License Grant: Customer grants to AINS a fully-paid, non-exclusive, world-wide, royalty-free, transferable license to collect, store, monitor, process, host, use, display, copy, and transmit Customer usage data and Customer Data to: (1) provide Customer with Software and Services; (2) comply with and enforce the terms of this Agreement; (3) improve AINS’ products and services; and (4) for other legitimate business purposes.
- Restrictions: AINS shall use and process Customer Data only as set forth herein or as directed by the Customer and implement reasonable technical and organizational security measures to protect the Customer Data against unauthorized or unlawful use and against accidental loss, destruction, damage, alteration, or disclosure. These measures shall be appropriate to the harm or damage which might reasonably result from any unauthorized or unlawful use, accidental loss, destruction, damage, alteration, or disclosure, and having regard to the nature of the Customer Data, or as otherwise agreed-upon in writing. AINS shall take reasonable steps to ensure that all AINS staff required to access the Customer Data are informed of the confidential nature of the Customer Data and comply with the obligations set out in this clause and not publish, disclose, or divulge any of the Customer Data to any third-party except as described below or unless directed in writing to do so by the Customer. AINS retains the right, but not the obligation, to remove any data from AINS Software, environments and hardware that may, in AINS’ sole discretion, violate this Agreement or that is otherwise objectionable.
- Compliance with Laws: Customer is solely responsible for complying with any and all applicable rules, laws, and regulations applicable to Customer Data, including, but not limited to, the Privacy Act of 1974, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, Digital Millennium Copyright Act, and the E.U. General Data Protection Regulation. Such liability includes providing legally adequate notices, obtaining necessary consents for the collection, processing and storage of Customer Data, and data belonging to, originating from, or regarding any third-party, and processing such data in accordance with applicable laws and regulatory or contractual obligations. Customer is responsible for handling and processing all requests, demands, and notices sent to Customer (or any User) by any third-party relating to such party’s rights under applicable laws, and for appropriately responding in accordance therewith. AINS will notify Customer in writing if it becomes aware of any breach of Customer Data or any claim in connection with such breach or other claim under applicable laws.
- Data Migration and Deletion: Upon termination of a license, AINS will provide Customer with an export of all Customer Data in AINS’ possession in a common format of AINS’ choosing. AINS shall have no other obligation to migrate Customer Data to or from AINS Software, or to maintain any Customer Data for more than thirty (30) days after the termination or expiration of this Agreement, unless otherwise agreed between the Parties. After that thirty (30) day period, AINS will have no obligation to maintain or provide Customer’s Data, and may thereafter delete or destroy all copies of Customer Data in Company systems or otherwise in Company possession or control, unless legally prohibited and excluding any copies of Customer Data that may be retained on backup media beyond the end of such period pursuant to Company’s then-current back-up procedures.