Bridgeline Medical MASTER SERVICE AGREEMENT

This Master Service Agreement (“MSA”) is entered into by and between Bridgeline Medical , LLC. (“Bridgeline Medical ”) and the entity identified on the applicable electronic invoice as the purchaser of the Bridgeline Medical Portal services, including its affiliates and subsidiaries (referred to collectively, as “Company”). It is considered effective upon completion of payment for the services.

mypharmacyorder.com, Inc. offers access to a service-based online electronic prescription system that allows for electronic prescribing and other online tools and related services (also “Bridgeline Medical Portal”), to assist individual physicians, their clinical staff, and their office staff (collectively, “End Users”) to perform a variety of health care activities associates with electronic prescribing and electronic medication management. The Bridgeline Medical Portal services have been made available to Company, and Company’s access and use of the Bridgeline Medical Portal Services are subject to the following terms and conditions. Therefore, Bridgeline Medical and Company agree as follows:

I. Bridgeline Medical Services. Bridgeline Medical provides software applications, platforms, and services for electronic prescribing, medication management, and related products (“the Applications”) for use by Authorized End Users. As used herein, the term “Authorized End User” means an individual who (i) has registered with Bridgeline Medical as a user of an Application; (ii) is authorized by virtue of such individual’s relationship to, or permissions from, Company to access Bridgeline Medical Applications pursuant to the Product Addendum For Bridgeline Medical Portal (“PA”); and (iii) has executed the terms of use agreement applicable to the Application. Access to Applications provided by Bridgeline Medical shall be subject to the terms of this MSA.

II. Company Obligations for all Applications. Company shall obtain consents or authorizations from patients to allow Company to use and disclose patient information and records through the Applications. Company shall ensure that Company’s use of the Application, and access by Authorized End Users, complies with applicable laws and regulations. To the extent applicable, Company shall ensure that it’s Authorized End Users use the most up to date version of the Applications and will be responsible for any failure to do so. Company’s Authorized End Users shall be obligated to adhere to any Terms of Use as a material condition of using any Bridgeline Medical Applications. Detailed Company obligations are established in the applicable PA. Company must execute and abide by the Business Associate Agreement attached hereto as Exhibit A.

III. Ownership of Software, Products and Intellectual Property. Subject only to the limited rights expressly granted to Company in a PA, Bridgeline Medical has sole and exclusive rights to the Bridgeline Medical Brand, the Application, the software associated with the Application, including interface software, and all related materials, including all copies thereof in any form or medium, whether now known or existing or hereafter developed, and including all copyrights, patents, trade secrets, trademarks, trade names and intellectual property rights associated therewith. All goodwill arising in or from the Bridgeline Medical Brand shall inure solely to Bridgeline Medical ’s benefit. Company shall not: (i) attempt to de-compile, reverse assemble, reverse engineer, or attempt to gain access to the source code of any software furnished by Bridgeline Medical ; (ii) import, add, modify or create derivative works of any such software or user materials; (iii) delete data in any such software database by any method other than direct data entry through the Application, or through a Bridgeline Medical developed interface; or (iv) remove any proprietary notices, labels, or marks from any software or user materials provided by Bridgeline Medical . The software, user materials, and other rights granted herein may not be transferred, leased, assigned, or sublicensed without Bridgeline Medical ’s prior written consent, except to a successor in interest of Company’s entire business who assumes the obligations of the MSA. In the event of any unauthorized transfer, Company’s rights under the MSA shall automatically terminate.

IV. Confidentiality. During the performance of this MSA, each party may have access to certain confidential information of the other party or third parties (“Confidential Information”). Both parties agree that all Confidential Information is proprietary to, and shall remain the sole property of, the disclosing party or such third party, as applicable. Each party receiving Confidential Information shall (i) use the Confidential Information only for the purposes described herein; (ii) not reproduce the Confidential Information except as minimally necessary to use under this MSA; (iii) hold in confidence and protect the Confidential Information from dissemination to, and use by, any third party; (iv) not create any derivative work from Confidential Information ; (v) restrict access to the Confidential Information to such of its personnel, agents, and/or consultants, if any, who have a need to have access for purposes of performing said party’s obligations hereunder and who are under an obligation of confidentiality with respect to the Confidential Information; and (vi) return or destroy all Confidential Information in its possession upon termination or expiration of the MSA. Confidential Information does not include information that is: (i) publicly available or in the public domain, through no fault of the recipient; (ii) already in the recipient’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; (iii) independently developed by the recipient without access or reference to the Confidential Information disclosed by the other party; (iv) approved for release or disclosure by the disclosing party without restriction.

V. Compliance With Privacy Laws. The parties agree to comply with all applicable state and federal laws and regulations governing the protection of protected health information, including, but not limited to the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act of 2009, all implementing laws and regulations related thereto, and the Business Associate Agreement attached hereto as Exhibit A and incorporated by reference.

VI. Data Handling. Bridgeline Medical may de-identify protected health information and other data provided to it by Company. Company shall allow Bridgeline Medical and Surescripts, without notice, the ability to access, inspect, and review all records related to information and Medication History Information provided by or through the Surescripts network through the Application.

VII. Use of Medication History Information. Company agrees that it will only use medication history information provided by an Application (“Medication History Information”) for the purpose of providing direct health care services to a Company patient. Certain services are provided over a network operated by Surescripts, LLC (“Surescripts”). Company acknowledges that the Medication History Information provided hereunder may not be complete or accurate, and neither Bridgeline Medical , Surescripts, nor any pharmacy or other entity providing information under the Medication History Service provides any representations or warranties with respect to the accuracy or completeness of the Medication History Information. Company releases and holds harmless Bridgeline Medical , Surescripts, and any person or entity providing Medication History Information from any liability, cause of action, or claim related to the completeness or lack thereof of the Medication History Information. Company is not required to release and hold harmless any party whose conduct is found to be willfully malicious or reckless or grossly negligent. Company agrees to confirm the accuracy of the Medication History Information with the patient prior to providing any medical services based thereon and Company agrees that its Authorized End Users shall use their professional judgment in the provision of care. Company acknowledges that the Medication History Service shall be used only for those patients from whom Company has obtained prior consent of the patient to access such patient’s medication history. Other than in the course of treatment for the Company’s patient, Company shall not provide the Medication History Information to any other person or entity for any reason whatsoever, or use the Medication History Information for any other purpose. Company shall implement appropriate administrative, technical, and physical safeguards to prevent any use or disclosure of any data provided hereunder for any purpose not authorized by this MSA. Company shall not use any Medication History Information for any reason, whether in aggregated form or otherwise, except for the sole purpose of treating a Company patient.

VIII. Influencing of Providers. Company shall not use any means, program, or device to influence or attempt to influence the decision of an Authorized End User to write a prescription for a certain medication or to send the prescription to a certain pharmacy. Information related to formulary and benefit plan design and information from payers or other reputable sources providing clinical information shall be exempt from this prohibition, so long as the Authorized End User can still access all pharmaceuticals and the Authorized End User or patient is not prohibited from selecting a pharmacy. `

IX. Availability of Data Sources. Company acknowledges and agrees that any pharmacy, pharmacy benefit manager, payer or plan may elect not to receive prior authorizations from Company or Company’s Authorized End Users. Company acknowledges and agrees that any pharmacy benefit manager, pharmacy, payer, or other source of data may be added or deleted at any time without prior notice to Company.

X. Audit Rights. Company shall allow Bridgeline Medical , without notice, the ability to access, inspect, and review all records related to the services provided by Bridgeline Medical through its application.

XI. WARRANTIES AND DISCLAIMERS. EXCEPT AS EXPRESSLY SET FORTH HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, Bridgeline Medical DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND/OR NON-INFRINGEMENT. Bridgeline Medical DOES NOT WARRANT THAT THE APPLICATION WILL MEET COMPANY’S REQUIREMENTS OR THAT THE OPERATION OF THE APPLICATION WILL BE UNINTERRUPTED OR ERROR-FREE.

XII. LIMITATION OF LIABILITY. IN NO EVENT SHALL Bridgeline Medical OR ANY OF ITS LICENSORS, AGENTS OR REPRESENTATIVES BE LIABLE TO COMPANY OR ANY THIRD PARTY FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, LOST PROFITS, OR BUSINESS INTERRUPTION, EVEN IF Bridgeline Medical HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL Bridgeline Medical BE LIABLE TO COMPANY ON ACCOUNT OF ANY LOSS OR CLAIM CAUSED BY THE FAILURE OF COMPANY OR ANY OF ITS EMPLOYEES, AGENTS, PROVIDERS OR REPRESENTATIVES TO PERFORM ANY OBLIGATIONS UNDER THIS AGREEMENT. THE CUMULATIVE LIABILITY OF Bridgeline Medical TO COMPANY FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT LIABILITY, WILL NOT EXCEED THE TOTAL AMOUNT OF LICENSE FEES PAID TO Bridgeline Medical BY COMPANY, WITH RESPECT TO THE APPLICATION UPON WHICH THE CLAIM IS BASED, DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE ACT, OMISSION OR EVENT GIVING RISE TO SUCH LIABILITY

XIII. Indemnification. Bridgeline Medical agrees to hold, harmless, indemnify, and, at Company’s option, defend Company from and against any losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from: (i) misuse of data by Bridgeline Medical in violation of Section V; (ii) any breach by Bridgeline Medical of Confidentiality obligations in Section IV; and (iii) an Infringement Claim which, for this purpose, means a claim by any third party that an Application, infringes that third party’s U.S. patents issued as of the effective date of the applicable PA, or infringes or misappropriates such third party’s copyrights or trade secret rights under applicable laws of any jurisdiction within the United States of America. Company agrees to hold harmless, indemnify, and, at Bridgeline Medical ’s option, defend Bridgeline Medical from and against any losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from: (i) use by an Authorized End User or third party end user that has not executed the terms of use; (ii) misuse of data in violation of Section VII; (iii) any breach of Confidentiality obligations in Section IV; and (iv) any material breach of the MSA that gives rise to liability of Bridgeline Medical to a third party. A party claiming indemnification must promptly notify the indemnifying party, in writing, of a potential claim and must cooperate with the indemnifying party. The indemnifying party will not settle any third-party claim against the indemnified party unless such settlement completely and forever releases the indemnified party from all liability with respect to such claim or unless the indemnified party consents to such settlement. Except with respect to Infringement Claims, the indemnified party will have the right, at its option, to defend itself against any such claim, through counsel reasonably acceptable to the indemnifying party, or to participate with the indemnifying party in the defense thereof through counsel of its own choice. With respect to Infringement Claims, Bridgeline Medical shall have the sole authority to control the defense and settlement of such claim and may, in its sole discretion, (i) acquire for Company the right to continue use of the Application; (ii) modify or replace any infringing Application to make it non-infringing; or (iii) direct Company to cease use of, and, if applicable, return, such materials as are the subject of the Infringement Claim. Bridgeline Medical shall reimburse Company for all product and service fees necessitated by any such Infringement Claim. Bridgeline Medical shall not be obligated to indemnify Company for an Infringement Claim if the alleged infringement arises, in whole or in part, from: (i) modification of the Application by Company; (ii) combination, operation or use of the Application with other software, hardware or technology not provided by Bridgeline Medical , if such infringement would have been avoided by use of the Application alone; or (iii) use of a superseded or altered release of the Application, if such infringement would have been avoided by the use of a then-current release of the Application and if such then-current release has been made available to Company. Additionally, the indemnification provision set forth herein Section XIII is separate and apart from, and does not supersede, govern or control, any indemnification provision included in a supplemental Business Associate Agreement between the parties incorporated herein.

XIV. Term and Termination. This MSA will be enforceable from the Effective Date for the duration of the term set forth on the electronic invoice “the Service Term”; provided, however that either Party may terminate the MSA if the other party has breached the MSA and failed to cure such breach within thirty (30) days of written notice setting forth, in reasonable detail, the nature of the breach and the action necessary to cure. At the conclusion of the initial Term of this MSA and any renewal term, this MSA shall automatically renew for an additional one-year Term unless either Party provides notice of termination no less than 60 days prior to the conclusion of the then-current Term. This MSA also may be terminated by either party immediately upon written notice in the event that the other party makes a general assignment for the benefit of creditors or files a voluntary petition in bankruptcy or for reorganization or rearrangement under the bankruptcy laws, or if a petition for involuntary bankruptcy is filed against the other party and is not dismissed within thirty (30) calendar days after the filing, or if a receiver or trustee is appointed for all or any part of the property or assets of such other party. Company may cancel its services at any time. However, there are no refunds for cancellation, and Company understands and agrees that it shall receive no refund should it choose to cancel its services prior to the end of its Service Term. In the event that Company chooses to cancel its services prior to the end of the Service Term, such member shall continue to have access to the Application through the end of the Service Term.

XV. Notices. All notices given pursuant to the MSA shall be in writing and delivered either personally, via a nationally recognized overnight carrier, or by certified mail, return receipt requested, postage prepaid to the addresses set forth on the signature page of this MSA or an PA. Either party may change its address by specifying such change in a written notice given to the other in the aforesaid manner. Notices to Company shall be made to the address Company provided in the course of completing its electronic invoice. Copy of any notice directed to Bridgeline Medical shall be sent to the attention of the Bridgeline Medical PO Box 4, Ironia, NJ 07845, with a courtesy e-mail to: support@bridgelinemedical.com

XVI. Miscellaneous. This MSA may not be modified except by a writing signed by authorized representatives of each party. Company represents and warrants that they have the full power and authority to bind Company to this MSA. No waiver of rights hereunder shall be binding unless contained in a writing signed by an authorized representative of the party waiving its rights. The non-enforcement of any provision in a particular instance shall not constitute a waiver of such provision on any other occasion. No rights or obligations of a party may be assigned in whole or in part by either party without the prior written consent of the other; provided, however, that a reorganization, merger, consolidation, acquisition, or restructuring involving all, or substantially all of the voting securities and/or assets of a party shall not be deemed a prohibited assignment. Neither party shall be liable for failure to perform any of its obligations hereunder if such failure is caused by an event outside its reasonable control, including, but not limited to, an act of God, shortage of materials, personnel or supplies, war, or natural disaster. If any provision of this MSA is declared invalid by a court of competent jurisdiction, such provision shall be ineffective only to the extent so declared, so that all remaining provisions of this MSA shall be valid and enforceable to the fullest extent permitted by applicable law. This MSA shall be governed by and interpreted in accordance with the laws of the state of New Jersey, without regard to conflicts of law principles thereof. Any claims or disputes arising under this MSA or any Addendum shall be resolved in the state or federal courts in the State of New Jersey and each of the parties hereby irrevocably submits to the exclusive jurisdiction of such courts. Under no circumstances, shall the MSA or any part thereof be subject to the Uniform Computer Information Transaction Act. The parties recognize and agree that their obligations under sections III, IV, VI, VII, XII, and XIII above shall survive the cancellation, termination or expiration of this MSA.

THE PARTIES UNDERSTAND AND ACKNOWLEDGE THAT COMPANY’S COMPLETION OF PAYMENT VIA ELECTRONIC INVOICE CONSTITTES ACCEPTANCE OF Bridgeline Medical ’S OFFER TO PROVIDE THE SERVICES. COMPANY UNDERSTANDS AND ACNOWLEDGES THAT BY COMPLETING THE ELECTRONIC INVOICE, IT AGREES TO ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS MASTER SERVICE AGREEMENT AND THE BUSINESS ASSOCIATE AGREEMENT AND APPLICABLE PAs SET FORTH BELOW.

EXHIBIT A Bridgeline Medical MASTER SERVICE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“Agreement”) is made and entered upon Company’s Completion of the electronic invoice binding it to Bridgeline Medical ’s Services (the “Effective Date”). This Agreement is by and between Bridgeline Medical (the “Business Associate,” as further defined below), whose address is PO Box 4, Ironia, NJ 07845, Company (the entity named on the associated electronic invoice, also “Covered Entity,” as further defined below), whose address is the same address set forth on the electronic invoice.

WHEREAS, Company is a covered entity as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the regulations promulgated pursuant to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act (Division A, Title XIII and Division B, Title IV of Public L. 111–5) and Bridgeline Medical is a “Business Associate” as defined under HIPAA;

WHEREAS, Business Associate has contracted with Covered Entity to provide certain services to or on behalf of Covered Entity (“Service Agreement”), and Covered Entity may provide Business Associate with Protected Health Information or may require Business Associate to create, use, maintain, or transmit Protected Health Information on behalf of Covered Entity;

WHEREAS, the parties enter into this Agreement for the purpose of ensuring compliance with HIPAA and relevant implementing regulations, including the Privacy Rule, the Security Rule, and the Breach Notification Rule;

NOW THEREFORE, in consideration of the mutual promises and covenants herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:

I. DEFINITIONS AND INTERPRETATION

a. Definitions Generally.

i. “Breach” shall have the meaning given to such term in 45 C.F.R. § 164.402.

ii. “Breach Notification Rule” shall mean the rule related to breach notification for Unsecured Protected Health Information at 45 C.F.R. Parts 160 and 164.

iii. "Electronic Protected Health Information" or ("EPHI") shall have the same meaning given to such term under the Security Rule, including, but not limited to, 45 C.F.R. § 160.103 limited to the information created or received by Business Associate from or on behalf of Covered Entity.

iv. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information, codified at 45 C.F.R. Parts 160 and Part 164, Subparts A and E.





v. “Protected Health Information” or “PHI” shall have the meaning given to such term under the Privacy and Security Rules at 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

vi. “Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information, codified at 45 C.F.R. § 164 Subparts A and C.

vii. Other capitalized terms used but not otherwise defined in this Agreement shall have the same meaning as those terms in the Privacy, Security or Breach Notification Rules.

b. Inconsistencies. In the event that the provisions of this Agreement are inconsistent with HIPAA or its implementing regulations or any binding interpretation thereof, said conflict will be resolved in favor of the regulations. To the extent that any such conflicts are nonetheless permitted under the Regulations, the provisions of this Agreement will prevail.

c. State Law and Preemption. Where any provision of applicable State law is more stringent or otherwise constitutes a basis upon which the Regulation is preempted, state law controls and the Parties agree to comply fully therewith.

d. Third-Parties. Except as expressly provided for in the Regulations and/or within the terms contained herein, this Agreement does not create any rights in third parties.

II. PERMITTED USES AND DISCLOSURES BY THE BUSINESS ASSOCIATE

a. Permitted Uses. Except as otherwise limited in the Service Agreement, this Agreement or as Required By Law, the Business Associate may use or disclose PHI as permitted by the Security Rule, as permitted by this Agreement or the MSA, and as necessary to perform functions, activities or services for or on behalf of the Covered Entity including but not limited to: (i) Facilitating the processing of administrative, clinical and financial healthcare transactions; (ii) Treatment of patients of the Covered Entity; and (iii) Establishing and maintaining Business Management Programs.

b. Data Aggregation. Except as otherwise limited in this Agreement, the Business Associate may use PHI to provide data aggregation services to the Covered Entity to the fullest extent permitted by the Privacy Rule, the Service Agreement and any applicable provisions in this Agreement.

c. De-Identification. The Business Associate may de-identify PHI received or created pursuant to the Service Agreement consistent with 45 C.F.R. § 164.514.

d. Other Permitted Uses. The Business Associate may use PHI to facilitate the management and administration of the Business Associate or to carry out legal responsibilities thereof.

e. Permitted Disclosures. The Business Associate may disclose PHI to facilitate the management and administration of the Business Associate or to carry out legal responsibilities, if: (i) Required By Law; and/or (ii) Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person and Business Associate will be notified of any instances of which the person is aware in which the confidentiality of the PHI is breached or suspected to have been breached.

f. Report Violations of Law. The Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. § 164.502(j)(1).

III. PRIVACY RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE

a. Limitations on Disclosures. The Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement, the Service Agreement, or as Required by Law. The Business Associate shall not use or disclose PHI in a manner that would violate the Privacy Rule if done by the Covered Entity, unless expressly permitted to do so pursuant to the Privacy Rule, the Service Agreement, and this Agreement

b. Safeguards against Unauthorized Use. The Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by the Service Agreement and this Agreement or as Required by Law.

c. Reporting and Mitigation. The Business Associate agrees to report to the Covered Entity any unauthorized use or disclosure of PHI in violation of this Agreement and to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by the Business Associate in violation of the requirements of this Agreement.

d. Agreements with Subcontractors. The Business Associate agrees to ensure, consistent with 45 C.F.R. § 164.502(e)(1)(ii), that any Subcontractor that creates, receives, maintains, or transmits PHI on behalf of the Business Associate agrees in writing to the same restrictions and conditions that apply to the Business Associate in the Service Agreement and this Agreement with respect to the PHI.

e. Obligations on Behalf of the Covered Entity. To the extent the Business Associate carries out an obligation of the Covered Entity’s under the Privacy Rule, the Business Associate must comply with the requirements of the Privacy Rule that apply to the Covered Entity in the performance of such obligation.

f. Access to PHI. The Business Associate shall provide access, at the request of the Covered Entity, and in the time and manner reasonably designated by the Covered Entity, to PHI in a Designated Record Set, to the Covered Entity in order to meet the requirements under the Privacy Rule at 45 C.F.R. § 164.524.

g. Amendment of PHI. The Business Associate shall make PHI contained in a Designated Record Set available to the Covered Entity for purposes of amendment per 45 C.F.R. § 164.526. The Business Associate shall make any amendment(s) to an Individual’s PHI that the Covered Entity directs or agrees to pursuant to the Privacy Rule, at the request of the Covered Entity, and in the time and manner reasonably designated by the Covered Entity. If an Individual requests an amendment of PHI directly from the Business Associate or its Subcontractors, the Business Associate shall notify the Covered Entity in writing promptly after receiving such request. Any denial of amendment of PHI maintained by the Business Associate or its Subcontractors shall be the responsibility of the Covered Entity.

h. Accounting of Disclosures. The Business Associate shall document disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. At a minimum, such information shall include: (i) the date of disclosure; (ii) the name of the entity or person who received PHI and, if known, the address of the entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the Individual of the basis for the disclosure, or a copy of the Individual’s authorization, or a copy of the written request for disclosure. The Business Associate shall provide to Covered Entity information necessary to permit the Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. In the event that the request for an accounting is delivered directly to the Business Associate or its Subcontractors, the Business Associate shall provide a copy of such request to the Covered Entity, in writing, promptly after the Business Associate’s receipt of such request.

i. Retention of Protected Health Information. Notwithstanding Section VII of this Agreement, the Business Associate and its Subcontractors shall retain all PHI throughout the term of the Service Agreement and shall continue to maintain the information required under Section III(h) of this Agreement for a period of six (6) years after termination of the Service Agreement.

j. Minimum Necessary. The Business Associate shall only request, use and disclose the Minimum Necessary amount of PHI necessary to accomplish the purpose of the request, use or disclosure.

k. Availability of Information. For the purpose of the Secretary determining the Covered Entity’s compliance with the Privacy Rule, the Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of the Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for the purposes of the Secretary determining the Covered Entity's compliance with the Privacy Rule.

IV. SECURITY RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE

a. Compliance with the Security Rule. The Business Associate agrees to comply with the Security Rule with respect to Electronic Protected Health Information and have in place reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of EPHI and to prevent the use or disclosure of EPHI other than as provided for by the Service Agreement and this Agreement or as Required by Law.

b. Subcontractors. The Business Associate shall ensure that any Subcontractor that creates, receives, maintains, or transmits EPHI on behalf of the Business Associate agrees in writing to comply with the Security Rule with respect to such EPHI.

c. Security Incident/Breach Notification Reporting. The Business Associate shall report any successful Security Incident promptly upon becoming aware of such incident.

V. BREACH NOTIFICATION RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE

a. Notification Requirement. To the extent the Business Associate accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses or discloses Unsecured PHI, it will, following discovery of the Breach of such information, notify the Covered Entity of such Breach.

b. Content of Notification. Any notice referenced above in Section V(a) of this Agreement will include, to the extent known to the Business Associate, the identification of each individual whose Unsecured PHI has been, or is reasonably believed by the Business Associate to have been accessed, acquired, or disclosed during such Breach. Business Associate will also provide to the Covered Entity other available information that the Covered Entity is required to include in its notification to the individual pursuant to the Breach Notification Rule.

VI. OBLIGATIONS OF THE COVERED ENTITY

a. Notification Regarding Limitations and Restrictions on Disclosure. The Covered Entity shall notify the Business Associate of any limitation(s) in its Notice of Privacy Practices of Covered Entity which may affect the Business Associate’s use or disclosure of PHI in accordance with the Privacy Rule.

b. Notification of Changes to Limitations and Restrictions on Disclosure. The Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.

c. Limitations and Restrictions on Disclosure Arising Under Third-Party Agreements. The Covered Entity shall further notify the Business Associate of any restriction to the use or disclosure of PHI that the Covered Entity has agreed to which may affect the Business Associate’s use or disclosure of PHI in accordance with the Privacy Rule.

d. Requests by the Covered Entity. The Covered Entity shall not request the Business Associate to use or disclose PHI in any manner that would be prohibited to the Covered Entity under the applicable Regulations.

VII. TERM AND TERMINATION

a. Term. The term of this Agreement shall be enforceable as of the Effective Date and shall terminate upon the expiration or termination of the Service Agreement.

b. Termination for Cause. Upon the Covered Entity's knowledge of a material breach by the Business Associate of this Agreement, the Covered Entity shall provide an opportunity for the Business Associate to cure the breach or terminate this Agreement if the Business Associate does not cure the breach or end the violation within thirty (30) days after receipt of written notice from the Covered Entity.

c. Disposition of PHI Upon Termination. Except as otherwise provided in this Section, upon termination of this Agreement for any reason, the Business Associate shall continue to extend the protections of this Agreement to all PHI received from Covered Entity. This provision shall also be applicable to any PHI in the possession of Subcontractors of the Business Associate. Business Associate shall limit further uses and disclosures of PHI for so long as the Business Associate maintains such PHI.

d. Retention of Certain Information. The Covered Entity understands and agrees that information generated through the use of the services provided under the Service Agreement will be retained as necessary by the Business Associate for purposes of financial reporting, insurance claims, and other legal and business purposes.

VIII. MISCELLANEOUS

a. Indemnification. In the event that there is a breach of privacy with respect to PHI under this BAA, the party causing the breach will indemnify the other party and its officers and directors for all actual damages, costs and attorneys’ fees caused by the breach, including but not limited to the actual costs of providing patient notice as a result of the breach.

b. LIMITATION OF LIABILITY. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

c. Regulatory References. Any references in this Agreement to any law, rule or regulation shall be interpreted to include the section as in current effect or as may from time to time be amended and for which compliance is required.

d. Amendments. The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for the Covered Entity and the Business Associate to comply with the requirements of the Privacy, Security, or Breach Notification Rules, as well as HIPAA and the HITECH Act; however, all amendments to any of the provisions contained herein shall be made in writing.

e. Survival. The respective rights and obligations of Business Associate under Article III of this Agreement shall survive the termination of this Agreement.

f. Entire Agreement. This Agreement is the entire agreement between the parties with regard to its subject matter and shall supersede any prior agreements.

g. Notice. Any notices required or relating to this Agreement shall be in writing and shall be sent by means of certified mail, postage prepaid, or reputable commercial carrier. Bridgeline Medical , PO Box 4, Ironia, NJ 07845 With a courtesy email to support@bridgelinemedical.com

If to Covered Entity: To the address set forth by Covered Entity on the electronic Invoice

COMPANY UNDERSTANDS AND ACKNOWLEDGES THAT BY COMPLETING THE ELECTRONIC INVOICE, IT AGREES TO ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS BUSINESS ASSOCIATE AGREEMENT.

PRODUCT ADDENDUM FOR Bridgeline Medical PORTAL

I. Overview.

This Product Addendum (“PA”) is entered into by and between Bridgeline Medical (“Bridgeline Medical ”) and the entity identified on the applicable electronic invoice, including its affiliates and subsidiaries (referred to, collectively, as “Company”). This PA is incorporated into a certain Master Service Agreement (“MSA”) entered into by the undersigned parties. In the event of a conflict between this PA and the MSA, the terms of this PA shall govern. Unless otherwise defined herein, capitalized terms used in this PA shall have the meanings used in the MSA.

II. Bridgeline Medical Portal License. Subject to the terms of this PA, the MSA, and applicable law, Bridgeline Medical grants to Company the number of licenses shown on the applicable electronic invoice to use and access the Bridgeline Medical Portal, Bridgeline Medical ’s mobile electronic prescription writing application and service which allows Authorized End Users to electronically prescribe medications from a mobile device.

III. Bridgeline Medical Obligations.

a. Bridgeline Medical shall during the term of this PA comply with all applicable laws, rules, and regulations regarding the electronic prescribing of controlled substances and shall maintain any third-party audits or certifications as necessary to provide the Services. At Company’s request, Bridgeline Medical shall provide any copies of such third-party audits or certifications for the software provided.

b. Bridgeline Medical shall not be responsible for obtaining, on behalf of Company, any federal or state approvals to use or dispense controlled substances. Bridgeline Medical shall at no time be responsible for Company’s failure to maintain or procure any such required approvals.

IV. Company Obligations.

a. Company agrees to remain, and to cause all of its Authorized End Users to remain, bound by any and all obligations and restrictions set forth in any Business Associate Agreement (“BAA”) and the Bridgeline Medical Portal Terms of Use (“TOU”), each of which are set forth at the URLs hyperlinked in this section.

b. Terms applicable to mobile users. Company, Company’s customers, and all Authorized End Users are solely responsible for any and all charges incurred from using or accessing Bridgeline Medical Portal on a mobile data network. Company, Company’s customers, and Authorized End Users are responsible for ensuring the use of Bridgeline Medical Portal complies with any terms of use imposed by a mobile device provider or mobile network provider.

c. EPCS. For features related to the electronic prescribing of controlled substances, Company, for itself and its Authorized End Users, shall be responsible for obtaining any necessary state or federal approvals for prescribing or dispensing controlled substances. Bridgeline Medical expressly disclaims any liability for any damages or costs occurring as a result of Company’s failure to obtain and/or maintain any necessary approvals or certifications required by the relevant provisions of the DEA Regulations applicable to Company’s status as an individual practitioner, institutional practitioner, or pharmacy (as applicable). Company agrees to remain, and to cause all of its Authorized End Users to remain, bound by any and all obligations and restrictions set forth in any Business Associate Agreement (“BAA”) and Terms of Use (“TOU”). An Authorized End User must undergo identity proofing satisfactory to Bridgeline Medical .

V. Pricing and Payment. Any fees charged for the services provided by the Bridgeline Medical Portal (the “Service Fees”) through the electronic invoice shall be based on the “Service Term) and must be paid in advance in order to access the Application. Bridgeline Medical may offer special promotions from time-to-time. All Service Fees are subject to applicable sales and other taxes and shall be non-refundable. Bridgeline Medical reserves the right to change Service Fees at any time without further notice. Such revised Service Fees shall become effective upon the expiration of the current Service Term.

VI. Term and Termination. Subject to the termination provisions of the MSA, the term of this PA shall be the same as the term set forth on the applicable electronic invoice. At the conclusion of the initial Term of this PA and any renewal term, this PA shall automatically renew for an additional one-year Term unless either party provides notice of termination no less than 60 days prior to the conclusion of the then-current Term, and Company shall be billed in accordance with Bridgeline Medical ’s then-current pricing, which may change from time to time. Company grants Bridgeline Medical permission to charge the credit card Company has on file with Bridgeline Medical at the time of any automatic renewal.

COMPANY UNDERSTANDS AND ACKNOWLEDGES THAT BY COMPLETING THE ELECTRONIC INVOICE, IT AGREES TO ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS PRODUCT ADDENDUM.

Bridgeline Medical Health Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions
For the purposes of this Privacy Policy:
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Bridgeline Medical LLC
PO Box 4, Ironia, NJ 07845
Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Account means a unique account created for You to access our Service or parts of our Service.
Website refers to Bridgeline Medical , accessible from mypharmacyorder.com.
Service refers to the Website.
Country refers to: United States
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
Personal Data is any information that relates to an identified or identifiable individual.
For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.


Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet. Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of the processing of Consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California.
Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal information to another business or a third party for monetary or other valuable consideration.
Collecting and Using Your Personal Data
Types of Data Collected
Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Phone number
Usage Data
Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser. Learn more about cookies: All About Cookies.

We use both session and persistent Cookies for the purposes set out below:

Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
Tracking and Performance Cookies
Type: Persistent Cookies
Administered by: Third-Parties
Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website.
The information gathered via these Cookies may directly or indirectly identify you as an individual visitor.
This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new advertisements, pages, features or new functionality of the Website to see how our users react to them.
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data
The Company may use Personal Data for the following purposes:

To provide and maintain our Service, including to monitor the usage of our Service.
To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
To manage Your requests: To attend and manage Your requests to Us.
We may share your personal information in the following situations:

With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
For Business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
With Business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data
Service Providers have access to Your Personal Data only to perform their tasks on Our behalf and are obligated not to disclose or use it for any other purpose.

Analytics
We may use third-party Service providers to monitor and analyze the use of our Service.

Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
Email Marketing
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

We may use Email Marketing Service Providers to manage and send emails to You.

MailChimp
MailChimp is an email marketing sending service provided by The Rocket Science Group LLC.
For more information on the privacy practices of MailChimp, please visit MailChimp’s Privacy Policy.
Usage, Performance and Miscellaneous
We may use third-party Service Providers to provide better improvement of our Service.

Invisible reCAPTCHA
We use an invisible captcha service named reCAPTCHA. reCAPTCHA is operated by Google.
The reCAPTCHA service may collect information from You and from Your Device for security purposes.
The information gathered by reCAPTCHA is held in accordance with the Privacy Policy of Google.
CCPA Privacy
Your Rights under the CCPA
Under this Privacy Policy, and by law if You are a resident of California, You have the following rights:

The right to notice.
You must be properly notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
The right to access / the right to request. The CCPA permits You to request and obtain from the Company information regarding the disclosure of Your Personal Data that has been collected in the past 12 months by the Company or its subsidiaries to a third-party for the third party’s direct marketing purposes.
The right to say no to the sale of Personal Data. You also have the right to ask the Company not to sell Your Personal Data to third parties. You can submit such a request by visiting our “Do Not Sell My Personal Information” section or web page.
The right to know about Your Personal Data.
You have the right to request and obtain from the Company information regarding the disclosure of the following:
The categories of Personal Data collected
The sources from which the Personal Data was collected
The business or commercial purpose for collecting or selling the Personal Data
Categories of third parties with whom We share Personal Data
The specific pieces of Personal Data we collected about You
The right to delete Personal Data. You also have the right to request the deletion of Your Personal Data that have been collected in the past 12 months.
The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your Consumer’s rights, including by:
Denying goods or services to You
Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
Providing a different level or quality of goods or services to You
Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your CCPA Data Protection Rights
In order to exercise any of Your rights under the CCPA, and if you are a California resident, You can email or call us or visit our “Do Not Sell My Personal Information” section or web page.

The Company will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonable necessary and with prior notice.

Do Not Sell My Personal Information
We do not sell personal information. However, the Service Providers we partner with (for example, our advertising partners) may use technology on the Service that “sells” personal information as defined by the CCPA law.

If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.

Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that you use.

Website
You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:

From Our “Cookie Consent” notice banner
Or from Our “CCPA Opt-out” notice banner
Or from Our “Do Not Sell My Personal Information” notice banner
Or from Our “Do Not Sell My Personal Information” link
The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.

Mobile Devices
Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:

“Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices
“Limit Ad Tracking” on iOS devices
You can also stop the collection of location information from Your mobile device by changing the preferences on your mobile device.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)
Our Service does not respond to Do Not Track signals.

However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

Your California Privacy Rights (California’s Shine the Light law)
Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes.

If you’d like to request more information under the California Shine the Light law, and if you are a California resident, You can contact Us using the contact information provided below.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)
California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.

To request removal of such data, and if you are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.

Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us
If you have any questions about this Privacy Policy, You can contact us:

By email: support@bridgelinemedical.com

Terms and Conditions

By accessing this website, you are agreeing to be bound by these website Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.

Use License
Permission is granted to temporarily download one copy of the materials (information or software) on Bridgeline Medical ’s website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license, you may not:

modify or copy the materials;

use the materials for any commercial purpose, or for any public display (commercial or non-commercial);

attempt to decompile or reverse engineer any software contained on Bridgeline Medical ’s website;

remove any copyright or other proprietary notations from the materials; or transfer the materials to another person or “mirror” the materials on any other server.

This license shall automatically terminate if you violate any of these restrictions and may be terminated by Bridgeline Medical at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.

Disclaimer
The materials on Bridgeline Medical ’s website are provided “as is”. Bridgeline Medical makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, Bridgeline Medical does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.

Limitations
In no event shall Bridgeline Medical or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption,) arising out of the use or inability to use the materials on Bridgeline Medical ’s Internet site, even if Bridgeline Medical or a Bridgeline Medical authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

Revisions and Errata
The materials appearing on Bridgeline Medical ’s web site could include technical, typographical, or photographic errors. Bridgeline Medical does not warrant that any of the materials on its web site are accurate, complete, or current. Bridgeline Medical may make changes to the materials contained on its web site at any time without notice. Bridgeline Medical does not, however, make any commitment to update the materials.

Links
Bridgeline Medical has not reviewed all of the sites linked to its Internet web site and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Bridgeline Medical of the site. Use of any such linked website is at the user’s own risk.

Site Terms of Use Modifications
Bridgeline Medical may revise these terms of use for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these Terms and Conditions of Use.

Governing Law
Any claim relating to Bridgeline Medical ’s website shall be governed by the laws of the State of New Jersey without regard to its conflict of law provisions.