Terms and Conditions of Use last updated: May 10, 2023
IMPORTANT: PAR®iConnect™ is provided by Psychological Assessment Resources, Inc. ("PAR"), a Florida corporation. Please carefully read these Terms and Conditions of Use (the "Terms") before using PARiConnect.
By registering a PARiConnect account ("Account") and using PARiConnect, you agree to be bound by these Terms, which contain important legal information about your rights and obligations and constitute a contract between you and PAR.
PAR may update or modify these Terms at any time. By continuing to use PARiConnect after such changes, you agree to be bound by the changes. You can tell when the Terms were last modified by viewing the "Last updated" date at the top. We encourage you to periodically review these Terms.
The following documents are incorporated by reference into these Terms to the extent they apply to you or your use of PARiConnect:
PARiConnect Supervisor/Account Manager/User Agreement: If you registered to use PARiConnect as the account manager or supervisor, you agree to the terms and conditions set forth in the PARiConnect Supervisor/Account Manager/User Agreement, available here.
Business Associate Agreement: If you are a "Covered Entity," PAR is your Business Associate. You may review our Business Associate Agreement here.
Data Processing Agreement (EU Customers): If you are established in the European Union ("EU") or European Economic Area ("EEA") or otherwise subject to the General Data Protection Regulation ("GDPR"), please refer to the Data Processing Agreement (EU Customers), available here.
PARiConnect Privacy Policy: For information on how PAR safeguards "Electronic Protected Health Information," or "ePHI," relating to your clients, patients, and/or students via PARiConnect, please refer to the PARiConnect Privacy Policy, available here.
PAR, Inc. Privacy Policy: For information about PAR's general collection and handling practices with respect to your information as a PAR customer, please refer to PAR's general Privacy Policy, available at https://www.parinc.com/General-Privacy-Policy.
California Privacy Policy: California residents may review our California Consumer Privacy Act ("CCPA") disclosures available here.
PAR is an independent publisher of psychological assessments and resources. PAR makes the PARiConnect online testing platform available to qualified clinicians and practitioners (each a "Qualified User") for use with selected PAR assessment tools. Using PARiConnect, Qualified Users can remotely test clients, test clients in an office setting using online assessments, and generate reports on responses gathered from remotely located clients using the PAR desktop software application.
By registering an Account to use PARiConnect as a PAR customer (a "PAR Customer") and providing your e-mail address, you consent to receive e-mail, including commercial electronic mail messages, from PAR to the e-mail address provided, unless you expressly revoke your consent in writing or by e-mail.
PAR does not provide clinical advice; diagnose conditions; or recommend or endorse any specific health care providers, procedures, or opinions. The PARiConnect platform and the assessments, tests, interpretive reports, scores and/or results obtained through the PARiConnect platform (collectively, the "PARiConnect Materials") are provided only to Qualified Users and only for professional informational purposes.
The PARiConnect Materials do not constitute clinical advice and are not intended to be a substitute for professional psychological, psychiatric, or medical advice or diagnosis. The PARiConnect Materials must not be relied on for diagnosis, treatment, or other recommended course of action for any medical, psychiatric, or other health-related condition. PAR Customers remain solely and exclusively responsible for all diagnostic, care, and/or treatment decisions for their clients.
All PAR Customers affiliated with or employed by an entity, group, business, or organization of any kind (an "Organization") must agree to the following:
PAR Customers who are not affiliated with or employed by an Organization must agree to the following:
You assume full responsibility for all use of PARiConnect under your Account including, if applicable, use by others within your Organization. You agree that any person who accesses, uses, or misuses PARiConnect under your Account does so on your behalf and that you are responsible for all such activity under your Account, including, without limitation, any activity in violation of these Terms.
You acknowledge and agree that you are responsible for ensuring that all access and use of the PARiConnect Materials under your Account complies with all of the Terms, including the restrictions and requirements that follow. You agree to follow all reasonable instructions of PAR in the use of the PARiConnect Materials.
PAR Customers are required to submit qualification information to establish professional credentials to acquire access to PAR tests. Specifically, you must provide accurate and current information pertaining to your identification, education, training, or other professional credentials ("Qualifications") required for the relevant tests to be acquired. You warrant and agree that you have not misrepresented any Qualifications for any reason, including to obtain access to tests for which you are not qualified.
You warrant and agree that any individual who accesses or uses any PARiConnect Materials (including the PARiConnect platform) under your Account:
You agree not to allow anyone to access or use the PARiConnect Materials or to conduct or interpret the results of any PAR assessment who has not had appropriate training.
Remote testing of adolescents and children aged 13 years and younger is prohibited. Assessment instruments may be administered to adolescents and children aged 13 years and younger only within your physical presence or that of another Qualified User in the Organization.
PAR will reasonably endeavor to ensure that PARiConnect is available at all times but does not guarantee 24/7 uptime. You agree and acknowledge that PARiConnect will function as intended only where you maintain a sufficiently fast and reliable Internet connection and use a browser environment that complies with any PARiConnect guidelines published from time to time at https://www.pariconnect.com. In particular, this may require the downloading of additional browser plug-ins to enable access to the content. PAR is not responsible for such third-party plug-ins, and you are responsible for complying with any license agreements that may apply to such plug-ins.
You are solely and exclusively responsible for implementing and communicating reasonable and appropriate privacy policies with respect to your clients.
You agree to submit reasonable and appropriate documentation as requested by PAR to change critical security-related Account information for PARiConnect access and use.
You acknowledge and agree that you are solely and exclusively responsible for implementing and applying reasonable safeguards to protect the security of your Account, including maintaining the privacy of your password ("Password") and not sharing it with others and modifying or requesting modification of your Password when necessary; for example, if an authorized user leaves your employ or Organization. PAR does not have access to Passwords, and, if you lose or forget your Password, you will have to create a new unique Password.
You are responsible for all activities under your Account, and you accept all risks for any unauthorized use of the Account. You agree to notify PAR immediately if you suspect that a Password or an Account has been compromised or breached to enable PAR in its discretion to investigate the circumstances and take such further action as required by law or as PAR in its discretion deems appropriate.
You agree and acknowledge that you are solely and exclusively responsible for backing up and maintaining backups of your data submitted to or generated by PARiConnect, including client records, reports, and assessment results, and that you will not to rely on PARiConnect for storage of such data or records.
PAR reserves the right to delete a PARiConnect Account, including all associated client records and data, after a period of 36 months of inactivity on the Account.
You agree to comply with all applicable law governing your use of PARiConnect Materials, including the PARiConnect platform and any products or services provided by or made available through PARiConnect, and not to use any PARiConnect Materials for unlawful purposes.
You agree not to access or attempt to access the PARiConnect Materials other than through the uniform resource locator ("URL") supplied by PAR and not to access any API providing access to the PARiConnect Materials except where such API access has been explicitly granted by PAR and subject to the interface specifications supplied by PAR.
You agree not to use any device, software, or routine to interfere or attempt to interfere with the proper working of PARiConnect or any activity being conducted on PARiConnect or take any actions that otherwise may cause damage to PARiConnect.
PAR may provide you with assessment documentation on paper. In such event, you agree not to make copies of any such documentation and only to use the originals provided by PAR. Once submitted to PAR, any client data provided via paper documentation is treated in the same manner as client data directly entered via PARiConnect.
You agree to indemnify, protect, save, and hold harmless PAR and its officers, directors, employees, agents, servants, representatives, and contractors (collectively, "PAR Indemnitees") from and against any loss, injury, damage, or expense (including, but not limited to, reasonable attorneys' fees) that arises out of or is related in any way to your use of PARiConnect or the use of PARiConnect under your Account by any employee or other individual under your control and/or supervision, including any such use in violation of these Terms, and including claims by third parties.
The PARiConnect platform and its content (including, but not limited to, all site design; text; data; interfaces; logos; button icons; legends; images; photographs; music; audio and/or video clips; titles; page headers; graphics; software; and the selection, arrangement, coordination, enhancement, and presentation of said elements) is the proprietary property of PAR or its licensors or suppliers and is protected as to copyrights, trade dress, trademarks, and/or other intellectual property under United States law, or foreign law, or both.
PAR grants you a limited, nonexclusive, and revocable license ("License") to use (and, if applicable, to permit employees or individuals acting on your behalf and under your control and/or supervision to use) PARiConnect and its tools to conduct assessments based on the tests acquired for use. This License does not authorize you to copy, reproduce, distribute, publish, transmit, modify, display, or create derivative or collective works from, or exploit any assessment tools, scores, results, information, or other content contained within or available on or through PARiConnect for any purpose.
Except for the limited License described above, you do not acquire any right, title, or interest in or to any intellectual property in PARiConnect or any assessment tools, information or other content contained within or available on or through PARiConnect. All rights not expressly granted to you by these Terms are reserved by PAR. Any access or use of PARiConnect except as expressly granted by these Terms is prohibited and may result in legal action.
Electronic medical record (EMR)/electronic health record (EHR) technology and digital storage of records is increasingly used in health care practice. Medicare and Medicaid reimbursements are reduced for practitioners who do not use and incorporate EMR/EHR technology in their practice. And, increasingly, assessments and their results are administered and scored on digital platforms. As noted above, PAR's tests and test materials (e.g., test items, stimulus materials, normative and validity data, interpretive statements generated from PAR software code), including those made available on PARiConnect, are PAR's intellectual property and are protected by United States copyright law. Failure to follow best practices and appropriate security measures can also affect the future utility of such assessment materials.
PAR's policy with respect to the inclusion of such items within an EMR/EHR, or in an electronic storage format, is the following:
Essentially, each PAR Customer or Qualified User who uses a digital storage method is charged with applying and employing the same safeguards that one would use with sensitive paper files and ensuring that additional security measures are in place to protect electronically stored records to reduce the threat of unauthorized access. For additional information on PAR's position regarding the disclosure of test materials to comply with the Privacy Rule of the Health Insurance Portability and Accountability Act ("HIPAA"), please click here.
PAR reserves the right, in its sole and absolute discretion at any time and without notice, (a) to suspend or terminate access to PARiConnect or any Accounts or registrations for any or no reason and (b) to modify (in whole or in part) PARiConnect, any products or services provided or available on PARiConnect, and their respective features and functionality. PAR will not be liable to you or any third party for any modification, suspension, or termination of access to PARiConnect or other PARiConnect Materials or for loss of related information or other content.
Disclaimer of warranties
YOU USE PARICONNECT AT YOUR OWN RISK. PARiConnect is provided "as is," "with all faults," and without warranty of any kind. Except and to the extent required by law, PAR does not represent, warrant, or guarantee that (a) any PARiConnect Materials or any content available on or through PARiConnect will be reliable, available, timely, error-free, uninterrupted, accurate, complete, or suitable for any purpose or otherwise meet your requirements or expectations and (b) that any defects or errors will be corrected even if PAR is aware of them.
Without limiting the generality of the foregoing and to the maximum extent permitted by law, PAR disclaims all warranties relating to any PARiConnect Materials, whether express or implied, arising under statute, common law, custom, course of dealing, course of performance, usage of trade, or otherwise. This disclaimer includes, without limitation, all warranties and conditions of merchantability, merchantable quality, fitness for a particular purpose, title, lack of viruses and non-infringement.
Some jurisdictions do not allow the exclusion of certain warranties, so the above limitations or exclusions may not apply to you.
To the maximum extent permitted by law, PAR will not be liable to you or any other person for any special, incidental, indirect, collateral, consequential, exemplary, or punitive damages, whether in contract (including breach of warranty), equity, strict liability, negligence or other tort, failure to meet any duty (including, without limitation, any duty to act in good faith; to exercise commercially reasonable care; or arising out of any course of dealing, performance, usage, trade, or otherwise), or any other theory of liability arising out of or related in any way to (a) the use, misuse, inability to use, or performance of PARiConnect; (b) any error, omission, or inaccuracy contained within or any data, information, record, or results obtained through or resulting from the use of PARiConnect; or (c) any modification, corruption, or loss of data, records, or other information.
You further agree that this exclusion shall apply even if PAR was advised of the possibility of such damages or such possibility was reasonably foreseeable and that this exclusion includes damages of any kind, including, without limitation, damages caused by delayed or lost use, loss of actual or potential business, good will, revenue, profits or savings, damages resulting from business interruption, loss of privacy, and liability to third parties. Some jurisdictions do not allow the exclusion of certain warranties or limitation of incidental or consequential damages, so the above limitations or exclusions may not apply to you.
To the maximum extent permitted by law, you agree that (a) PAR's total aggregated liability arising out or related to your use or inability to use PARiConnect, or to the PARiConnect Materials generally, will not in any event exceed one hundred U.S. dollars ($100.00 USD), and (b) this limitation applies regardless of whether liability is based on contract, warranty, negligence or other tort, strict liability, or any other theory. Some jurisdictions do not permit caps on damages, so the above limitation may not apply to you.
Except where otherwise prohibited, you agree that this section ("Limitations on liability"), including all subsections, will apply notwithstanding any failure of essential purpose of any remedy.
Except where prohibited, you agree that you will not bring, request, join, or participate in a class action or class arbitration proceeding as to any claim, demand, suit, or cause of action you may have against PAR arising out of, relating to, or in any way connected with any PARiConnect Materials, and you waive and relinquish any right you may now or in the future have to bring, request, join, or participate in any lawsuit or arbitration or other proceeding on a class action or consolidated basis or to participate as a representative or member of any class of claimants pertaining to any claim, demand, suit, or cause of action arising out of, relating to, or in any way connected with your use of any PARiConnect Materials. This provision does not constitute a waiver of any of your rights and remedies to pursue a claim individually and not on a class action, class arbitration, or consolidated basis or as a representative or member of any class of claimants.
Each provision, part, or paragraph in these Terms is severable. If any provision in these Terms is determined by a court of competent jurisdiction to be illegal, invalid, or unenforceable under applicable law, the parties intend that the court shall modify the Terms (and the Terms shall be deemed to have been so modified), to the minimum extent necessary to conform to that law while preserving the parties' original intent as much as possible. Such modification will apply only to the operation of the modified provision in the jurisdiction where the adjudication or determination was made.
The following sections will survive the termination of these Terms or your right to use PARiConnect: Indemnity obligation, Proprietary rights, Reservation of rights, Limitations on liability (including all subsections), Waiver of class action or class arbitration, Severability, and Governing law and venue.
Any dispute arising under these Terms or relating to your use of PARiConnect will be governed exclusively by the substantive laws of the State of Florida (without application of its conflict of laws principles) and controlling federal law of the United States of America and resolved exclusively in the state or federal courts located in Hillsborough County, Florida, United States. Each party irrevocably (a) consents to and submits to the mandatory jurisdiction of those courts; (b) waives any objection which such party now or hereafter may have to the institution or defense of any such suit, action, or proceeding in those courts; and (c) waives any defense or claim of inconvenient forum or improper venue. The United Nations Convention on Contracts for the International Sale of Goods will not apply to the validity, construction, interpretation, or enforcement of these Terms.
Supervisor/Account Manager/User Agreement last updated: May 10, 2023
PAR®iConnect™ is made available by Psychological Assessment Resources, Inc. (PAR) and provides an online testing platform for selected PAR assessment tools, providing clinicians and practitioners with the capability for remote testing of clients. PARiConnect also provides a method for licensed users of select PAR software products to purchase online administrations and use existing PC-based desktop software to complete scoring and/or interpretation. As the Supervisor/Account Manager of the PARiConnect connection and account that will be used for online testing by me and other users within my organization, I hereby understand and acknowledge the following:
Business Associate Agreement last updated: May 10, 2023
Psychological Assessment Resources, Inc. ("PAR"), a duly registered Florida corporation authorized to do business in Florida and located at 16204 North Florida Avenue, Lutz, FL, 33549, provides PARiConnect (defined below) for use by PAR customers (each a "Customer") who have registered accounts to use PARiConnect in various ways, including to enter Customer client data that may contain PHI (defined below).
The Customer enters this Business Associate Agreement ("Agreement") with PAR to satisfy the Customer's obligations as a Covered Entity (defined below) under HIPAA, the DHHS Regulations, and the HITECH Act, as amended from time to time, to obtain reasonable assurances from PAR that PAR, as the Customer's Business Associate, will comply with those laws and regulations made applicable to the Business Associate by the HITECH Act.
The Customer and PAR (each a "Party" and together, the "Parties") will accomplish the Customer's need for access to online assessments available within PARiConnect as described by this Agreement by electronically transmitting and receiving data in agreed formats and assuring that such transactions comply with relevant laws and regulations.
NOW, THEREFORE, the Parties agree as follows:
As used in this Agreement, the following terms will have the corresponding meanings:
If PAR inadvertently obtains Client PHI, PAR may use or disclose such Client PHI only if such use or disclosure complies with all applicable requirements of 45 C.F.R. § 164.504(e). Specifically, and except as otherwise restricted by this Agreement:
The Customer agrees that PAR shall be entitled to de-identify and aggregate data provided to PAR for internal analytical purposes so long as PAR ensures that such data ("De-identified Aggregated Data") are effectively and irreversibly anonymized and de-identified prior to such internal use and that no individual will be identifiable from such data once anonymized and aggregated such that the De-identified Aggregated Data will not constitute "protected health information" or "individually identifiable health information" as defined by 45 C.F.R. §160.103. PAR may use De-identified Aggregated Data internally to improve our products and services. PAR has never and will never deliberately disclose Client ePHI to outside parties.
Third-party service providers
Each Party, at its own expense, shall provide and maintain the equipment, software, services, and testing necessary to effectively, reliably, and confidentially transmit and receive Documents.
Each Party shall adopt as its signature ("Signature") an electronic identification consisting of symbol(s) or code(s) that are to be affixed to or contained in each Document transmitted by such Party. Each Party agrees that any Signature of such Party affixed to or contained in any transmitted Document shall be sufficient to verify that such Party originated such Document. Neither Party shall disclose to any unauthorized person the Signature of the other Party. Such Signature may be represented by the combination of the e-mail address and password of the Customer.
No Document will be deemed to have been properly received or give rise to any obligation until accessible to the receiving Party at such Party's e-mail address as used for PARiConnect registration.
On proper receipt of any Document, the receiving Party shall promptly and properly transmit a functional acknowledgment in return. A functional acknowledgment shall constitute conclusive evidence that the receiving Party has properly received a Document.
The Parties will take reasonable measures to protect the integrity of all Documents and data. Neither Party will insert any virus, key locks, or other programs into the system, regardless of whether a dispute exists between the Parties. The receiving Party will return all information in usable form on request or on termination of the Agreement.
PAR may amend this Agreement from time to time to the extent required to ensure consistency with the provisions of 42 U.S.C. §§ 1171 et seq., HIPAA, the HITECH Act, and regulations promulgated thereunder.
This Agreement also contains a number of stipulations that are specific to the use of PARiConnect by the Customer ("Additional Stipulations"), which have been included in the PARiConnect Terms and Conditions of Use and/or additional disclosures contained in this Agreement. By accepting this Agreement, the Customer also agrees to be bound by the Additional Stipulations.
You can find data breaches reported pursuant to California Civil Code § 1798.82 on the California Attorney General’s website at https://oag.ca.gov/privacy/databreach/list
Data Processing Agreement last updated: May 10, 2023
1.1The following Data Processing Addendum (“DPA”) applies to all transfers of Personal Information (defined below) by and between Psychological Assessment Resources, Inc., PARiConnect, PAR InVista, and/or the Self-Directed Search (collectively, “PAR,” “we,” “us,” or “our”) and any entities that provide the Personal Information of their patients, clients, students, or customers to PAR for PAR's provision of services (these entities are herein referred to as “Customer”). This DPA is effectively incorporated into the agreement (“Agreement”) entered into between PAR and Customer (each a “Party” and collectively the “Parties”). This DPA is effective as of the date of the Agreement. In the event of a conflict between any provisions of the Agreement and the provisions of this DPA, the provisions of this DPA shall govern and control.
1.2PAR acknowledges that Customer and/or the data it discloses to PAR may be subject to consumer privacy laws and regulations, as well as common law restrictions and/or obligations (the “Consumer Privacy Laws”). Consumer Privacy Laws may include, but it is not limited to, laws, and associated regulations or guidance, such as pursuant to the Health Insurance Portability and Accountability Act, General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), U.K. General Data Protection Regulation, California Consumer Privacy Act (the “CCPA”) and California Privacy Rights Act (“CPRA”), as codified in California Civil Code sections 1798.100, et seq. (collectively, “CCPA/CPRA”), and other similar foreign or domestic, federal, state, or local privacy statutes, regulations, rules, or guidance, laws currently in effect or that may come into effect during the term of the Agreement, all as applicable and as may be amended from time to time.
2.1Based on Customer's relationship with PAR, PAR is considered a “service provider,” “contractor,” or “processor” (collectively, “Processor”) under the Consumer Privacy Laws. As a Processor, PAR may process and/or receive “personal information” or “personal data,” as such terms are defined in applicable Consumer Privacy Laws, from, or on behalf of, Customer (such personal information or personal data is herein referred to as “Personal Information”).
2.2The term “security incident” means (i) any act or omission that compromises either the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by PAR that relate to the protection of the security, confidentiality, or integrity of Personal Information, or (ii) receipt of a complaint in relation to the privacy and data security practices of PAR or a breach or alleged breach of this DPA. Without limiting the foregoing, a compromise shall include any unauthorized access to or disclosure or acquisition of Personal Information.
2.3The term “Model Clauses” means the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
2.4The term “U.K. Addendum” means the template U.K. Information Commissioner's Office Addendum to the Model Clauses for international data transfers, issued under Section 119A of the U.K. Data Protection Act 2018, and including both tables and mandatory clauses.
3.1PAR will comply with Customer's instructions regarding the processing of Personal Information, including but not limited to instructions regarding amending, transferring, or deleting Personal Information.
3.2PAR shall not “sell” or “share” Personal Information it collects pursuant to the Agreement, as those terms are defined by applicable Consumer Privacy Laws.
3.3Customer is providing PAR access to Personal Information for the limited and specific purposes provided in the Agreement, as described in section 5 herein, and/or as otherwise expressly permitted by Consumer Privacy Laws. PAR shall not retain, use, or disclose Personal Information for any purpose(s) other than those specified in section 5 herein or otherwise permitted by the Consumer Privacy Laws. Such purposes are incorporated by reference herein.
3.4PAR shall not retain, use, or disclose Personal Information that it collects pursuant to the Agreement for any “commercial purpose,” as defined by applicable Consumer Privacy Laws, other than the business purposes specified in section 5 herein, including in the servicing of any entity other than Customer.
3.5PAR shall not retain, use, or disclose Personal Information it collects pursuant to the Agreement outside of the direct business relationship between PAR and Customer.
3.6PAR shall not combine or update Personal Information with any other information, except to perform a business purpose defined in Consumer Privacy Laws, such as regulations adopted pursuant to Cal. Civ. Code § 1798.185(a)(10), except as provided by Consumer Privacy Laws.
3.7PAR shall comply with all applicable laws and obligations regarding the use and protection of Personal Information, including all Consumer Privacy Laws, as applicable. PAR certifies that it understands these restrictions, including pursuant to the CCPA/CPRA, and shall comply with them.
3.8PAR shall provide the same level of privacy protection as required by Customer, and shall assist the Customer in meeting the Customer's obligations in relation to the Personal Information. These privacy protections and obligations include, but are not limited to:
3.9PAR shall ensure that each person processing Personal Information is subject to a duty of confidentiality with respect to such Personal Information. The termination or expiration of this DPA shall not discharge PAR from its confidentiality obligations pursuant to the Agreement and this paragraph. PAR shall process Personal Information until the date of expiration or termination of the Agreement, unless instructed otherwise by Customer, or until such data is returned, de-identified, or destroyed on instruction of Customer.
3.10If PAR engages any other person or entity to assist it in processing Personal Information for purposes of providing the services enumerated in the Agreement, PAR shall:
3.11To the extent PAR processes or receives any deidentified personal information, as defined by applicable Consumer Privacy Laws, from, or on behalf of, Customer (“Deidentified Information”), PAR shall comply with all Consumer Privacy Laws concerning the Deidentified Information, including maintaining the information as deidentified personal information. PAR shall take reasonable measures to ensure the Deidentified Information cannot be associated with a consumer or household, publicly commit to maintain and use the Deidentified Information in deidentified form, not attempt to reidentify the information unless solely for the purpose of determining whether the data is deidentified, and contractually obligate any recipient of the Deidentified Information to comply with this DPA and all Consumer Privacy Laws regarding the processing of such Deidentified Information.
3.12Unless PAR is otherwise required by law, or if Customer sooner requests PAR return Personal Information to Customer instead, PAR will delete and destroy Personal Information and all copies of the same once the Personal Information is no longer needed to complete the transaction or services requested.
3.13Upon the reasonable request of Customer, PAR shall make available to Customer all information in its possession, custody, or control that is necessary to demonstrate PAR's compliance with all Consumer Privacy Laws and the requirements of this DPA or to enable Customer to conduct and document any required data protection assessments.
3.14PAR shall notify Customer if PAR determines it can no longer meet its Consumer Privacy Laws obligations.
3.15To the extent PAR processes any Personal Information from the European Economic Area (“EEA”) or United Kingdom (“U.K.”), Customer as “data exporter” and PAR as “data importer” hereby enter into the Model Clauses and U.K. Addendum. If required by law or by any agency or regulatory body with jurisdiction, the Parties agree to re-execute the Model Clauses and U.K. Addendum (including Annexes hereto) as a document separate from this DPA. For purposes of the Model Clauses and U.K. Addendum, the Parties hereby agree that:
4.1PAR grants Customer the right to take, and PAR shall allow and contribute to, appropriate and reasonable steps to monitor PAR and ensure PAR's use of Personal Information is consistent with all applicable privacy rights and obligations, whether statutory, regulatory, based in common law, contractual, or otherwise. These steps may include, but are not limited to, ongoing manual reviews, automated scans, regular assessments, audits, or other policy review or technical and operational testing at least once every 12 months. As an alternative to a Customer-requested review, assessment, audit, or testing, PAR may arrange for a qualified and independent assessor, using an appropriate and accepted control standard or framework and assessment procedure, to conduct such review, scan, assessment, audit, or other policy review and testing of PAR's policies and technical and organizational measures to satisfy its obligations under this DPA. PAR shall provide a report of all such reviews, scans, assessments, audits, or tests to Customer upon request.
4.2PAR grants Customer the right, upon notice, to take reasonable and appropriate steps to stop, mitigate, and remediate any and all unauthorized use of Personal Information.
4.3Customer is responsible for providing any required privacy notice to data subjects and securing any required consent for PAR's processing of Personal Information in accordance with Customer's instructions.
4.4Customer agrees that PAR may aggregate data and use such data for analytical purposes. In those instances, PAR will ensure that the data is effectively anonymized prior to such use and that no individual is reasonably identifiable from the data once anonymized and aggregated.
4.5PAR shall enable Customer to comply with any consumer privacy request made pursuant to Consumer Privacy Laws.
4.6The parties will work and communicate with each other in good faith to comply with Consumer Privacy Laws.
4.7Indemnification.
4.8Limitation of Liability.
EXCEPT WITH RESPECT TO EACH PARTY'S OBLIGATIONS AS TO CONFIDENTIALITY AND INDEMNIFICATION, OR LOSSES ARISING FROM A PARTY'S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT:
Any disputes arising from or in connection with this DPA shall be brought as set forth in the Agreement.
Data Exporter is: Customer.
Address: See Agreement.
Contact person's name, position, and contact details:
See Agreement.
Activities relevant to the data transferred under these Clauses:
Data Exporter is a professional seeking PAR's assistance evaluating an individual for purposes of Data Exporter advising the data subject.
Data Exporter is the Controller.
Data Importer is: PAR.
Address: 16204 N Florida Ave, Lutz, FL 33549.
Travis White, PhD, President and Chief Operating Officer
twhite@parinc.com
1.800.331.8378
Data Importer processes the data provided to assist Data Exporter in providing professional services to the data subject.
Data Importer is the Processor.
The competent supervisory authority for purposes of the Model Clauses is the Irish Supervisory Authority. The competent supervisory authority for purposes of the U.K. Addendum is the U.K. Information Commissioner's Office.
Description of the technical and organizational measures implemented by the data importer(s)
PAR employs and applies a variety of information technology tools, strategies, devices, and methodologies to protect both PAR Customer data and patient/client data and item responses that are captured and stored on PARiConnect. Below is information pertaining to these various IT controls.
Infrastructure Sub-Processors
Sub-Processor
Location
Purpose/Services
Website
Flexential
United States
Data center services
https://www.flexential.com/
Microsoft Azure
Cloud Hosting
https://azure.microsoft.com/
General Sub-Processors
Microsoft
Business administration, delivery, support, and related services
https://www.microsoft.com/
Microsoft D365
Cloud based accounting and customer support services
https://dynamics.microsoft.com
SK Global
Payment Processing
https://www.sksoft.com/
Pay Fabric
Payment Gateway
https://www.payfabric.com/
EVO
Payment Processor
https://www.nodus.com/
Avalara
Tax solutions
https://www.avalara.com/
Pacejet
Shipping Software solutions
https://www.pacejet.com/
CIO Tech
IT Support services
https://www.ciotech.us/
Quisitive
https://www.quisitive.com/
Click Dimensions
Marketing Email services
https://www.clickdimensions.com/
Google Analytics
Analytics
https://analytics.google.com/
Pendo.io, Inc.
https://www.pendo.io/
Altaro
Cloud based backup solutions
https://www.altaro.com/
Parties' details
Full legal name: See Agreement
Trading name (if different): N/A
Main address (if a company registered address): See Agreement
Official registration number (if any) (company number or similar identifier): See Agreement (if applicable)
Key Contact
Full Name (optional): See Agreement
Job Title: See Agreement
Contact details including email: See Agreement
Addendum EU SCCs
☐The version of the Approved EU SCCs which this Addendum is appended to, detailed below, including the Appendix Information:
Date:
Reference (if any):
Other identifier (if any):
Or
☒the Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum:
“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:
Annex 1A: List of Parties: See Annex I
Annex 1B: Description of Transfer: See Annex I
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data
Annex III: List of Sub processors (Modules 2 and 3 only)
Ending this Addendum when the Approved Addendum changes
Which Parties may end this Addendum as set out in Section 19:
☐Importer
☐Exporter
☒neither Party