1Life Enterprise Terms

UPDATED OCTOBER 07, 2024

These ENTERPRISE TERMS are incorporated by reference into the Order Schedule executed by 1LIFE HEALTHCARE, INC., a Delaware corporation (“1Life”) and the Customer whose name appears on the Order Schedule. Together, these Enterprise Terms and the Order Schedule form a binding agreement of the parties (the “Agreement”) as of the Effective Date set forth in the Order Schedule. Capitalized terms not defined herein shall have the same meanings ascribed to such terms in the Order Schedule.

The parties, intending to be legally bound, hereby agree as follows:

  1. Enterprise Subscription. Customer hereby agrees to purchase a 1Life Enterprise Subscription valid for the dates shown on the Order Schedule. The 1Life Enterprise Subscription includes access to a discounted Membership for each Eligible Customer Participant based on the Enterprise Benefit Offering shown on the Order Schedule, any Expanded Offerings elected by Customer or other services as set forth on the Order Schedule. Customer understands that the Expanded Offerings may require the cooperation of Customer and availability, timing, and delivery of such services shall be dependent in part upon Customer’s timely cooperation and communication with 1Life regarding such services. Customer acknowledges that it is purchasing access to Memberships solely for the benefit of its employees, contractors or other individuals as specifically stated on the Order Schedule. Customer agrees that it may not resell, offer or arrange for sale, sublicense or otherwise transfer, charge fees or receive remuneration for these Memberships.
  2. Code Redemption. If 1Life issues an activation code (the “Code”) to Customer, Customer shall distribute such Code to all Eligible Customer Participants. Each Eligible Customer Participant who presents the Code via the 1Life website and agrees to the Terms of Service prior to the Program End Date will receive a Membership or have such person’s Membership renewed. Only Eligible Customer Participants may redeem the Code or otherwise activate a Membership. All Memberships terminate when the Agreement expires or otherwise terminates.
  3. Term. The Agreement will take effect on the Effective Date and will remain in effect until the Subscription End Date; provided, however, that Sections 3 through 9 shall survive.
  4. Disclaimer and Limitation of Liability. 1LIFE DOES NOT RENDER MEDICAL OR HEALTH CARE RELATED SERVICES OR TREATMENTS TO ELIGIBLE CUSTOMER PARTICIPANTS. ACCORDINGLY, NEITHER CUSTOMER NOR 1LIFE IS RESPONSIBLE FOR THE HEALTH CARE OR OTHER SERVICES THAT ARE DELIVERED BY ONE MEDICAL. ONE MEDICAL AND ITS SERVICE PROVIDERS ARE SOLELY RESPONSIBLE FOR THE HEALTH CARE OR OTHER SERVICES THEY DELIVER. THE CODES, MEMBERSHIPS AND ANY RELATED SERVICES PURSUANT HERETO, ARE PROVIDED “AS IS” AND “WHERE-IS.” 1LIFE EXPRESSLY DISCLAIMS ALL OTHER EXPRESS WARRANTIES OR CONDITIONS, AND ALL OTHER WARRANTIES, CONDITIONS, AND OBLIGATIONS IMPLIED IN LAW, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY CONSEQUENTIAL, SPECIAL, INDIRECT, INCIDENTAL OR PUNITIVE DAMAGES, INCLUDING, WITHOUT LIMITATION, LOSS OF DATA, LOSS OF USE, LOSS OF PROFITS OR LOSS OF SAVINGS OR REVENUE, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 1LIFE’S AGGREGATE LIABILITY TO CUSTOMER FOR ANY REASON AND UPON ALL CLAIMS AND CAUSES OF ACTION HEREUNDER WILL BE LIMITED TO THE AMOUNT OF FEES PAID BY CUSTOMER TO 1LIFE DURING THE APPLICABLE SUBSCRIPTION TERM. THIS LIMITATION APPLIES TO ALL CAUSES OF ACTION OR CLAIMS INCLUDING, WITHOUT LIMITATION, BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY OR OTHER TORTS.
  5. Notices. All notices required or permitted hereunder shall be in writing and shall be deemed effectively given: (a) upon personal delivery to the party to be notified, (b) when sent by confirmed electronic mail if sent during normal business hours of the recipient; if not, then on the next business day, (c) 3 days after having been sent by registered or certified mail, return receipt requested, postage prepaid, or (d) on the next business day following deposit with a nationally recognized overnight courier, specifying next day delivery, with written verification of receipt. All communications shall be sent to the party to be notified, in the case of 1Life at the address set forth below, and in the case of the Customer, pursuant to the Customer Contact Information set forth on the Order Schedule, or at such other address or electronic mail address as such party may designate by 10 days’ advance written notice to the other parties hereto:

    1Life Healthcare, Inc.
    Attention: Legal Department
    One Embarcadero, 19th Floor
    San Francisco, CA 94111

    AND

    notices@onemedical.com

  6. Confidentiality. The recipient will not disclose Confidential Information (as defined below), except to affiliates, employees, agents or professional advisors who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that those people and entities use the Confidential Information only to exercise rights and fulfill obligations under this Agreement, while using reasonable care to keep it confidential. The recipient may also disclose Confidential Information when required by law after giving reasonable notice to the disclosure, if permitted by law. “Confidential Information” means information that one party discloses to the other party under this Agreement, and that is marked as confidential or would normally be considered confidential information under the circumstances. It does not include information that the recipient already knew, that becomes public through no fault of the recipient, that was independently developed by the recipient, or that was lawfully given to the recipient by a third party. The mere existence and nature of a commercial relationship between the parties is not Confidential Information, but the economic terms of this Agreement shall be Confidential Information.
  7. Data Security. 1Life shall implement reasonable and appropriate measures to secure Customer's data (“Customer Data”), including but not limited to, personally identifiable information and, if applicable, personal health information or “PHI” as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and Customer’s Members’ data (“Member Data”), against accidental or unlawful loss, access, or disclosure in accordance with 1Life’s security standards as identified in Section 7.1 below (“Security Standards”) and, as applicable to Customer Data or Member Data that is PHI, in accordance with HIPAA, the Health Information Technology for Economic and Clinical Health Act, also as known as Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009, as amended, the HIPAA Omnibus Final Rule, and any other state or federal privacy, cybersecurity, data breach notification, or data protection laws, in each case, as such laws, rules, and regulations have been and may be amended from time to time, that may apply to Customer Data or Member Data (the “Privacy Laws”). 1Life may modify the Security Standards from time to time, but will not materially degrade the level of security from what is described in the Security Standards on the Effective Date and in the Privacy Laws. To the extent 1Life utilizes any third parties for services that include maintaining or transmitting Customer Data or Member Data, 1Life will require such third parties to implement reasonable and appropriate measures designed to secure Customer Data and Member Data against accidental or unlawful loss, access, or disclosure.

7.1 1Life Security Standards:

  1. Information Security Program. 1Life will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) secure Customer Data and Member Data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to 1Life systems, and (c) minimize security risks, including through risk assessment and regular testing. The information security program will require reasonable and appropriate assessments of third-party systems and technologies that may maintain or transmit Customer Data and Member Data. 1Life will designate one or more employees to coordinate and be accountable for the information security program.
  2. Network Security. 1Life systems will be electronically accessible to employees, contractors and any other person as necessary to provide its services to Customer. 1Life will maintain access controls and policies to manage what access is allowed to 1Life systems from each network connection and user, including the use of firewalls or functionally equivalent technology and authentication controls. 1Life will maintain corrective action and incident response plans to respond to potential security threats.
  3. SOC 2 Audit Report. 1Life will engage an independent CPA firm, which complies with the most current updates established by the American Institute of CPAs, to perform a service organization control (SOC 2) Type 2 security audit and report applicable to 1Life services and systems (“SOC 2 Audit Report”) on an annual basis. The person(s) conducting the SOC 2 Audit Report must have the technical expertise, training, and certifications to conduct such audit. The SOC 2 Audit Report will provide details of 1Life’s security controls examined by the auditor for suitability and operating effectiveness, as they relate to 1Life services provided under the Agreement for security, confidentiality, privacy, and availability. Upon written request by Customer, 1Life will make the SOC 2 Audit Report available to Customer on an annual basis during the Term. The SOC 2 Audit Report is considered the Confidential Information of 1Life and Customer shall maintain its confidentiality pursuant to Section 6 (Confidentiality) of this Agreement.
  4. Governing Law; Dispute Resolution. This Agreement will be governed by the laws of California. Any dispute, claim or controversy arising out of or relating to this Agreement shall be determined by binding arbitration in San Francisco, California before 3 arbitrators. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures and in accordance with the Expedited Procedures in those Rules. The parties shall maintain the confidential nature of the arbitration proceeding, including the hearing, and any award resulting therefrom, except as may be necessary to prepare for or conduct the arbitration hearing on the merits, or except as may be necessary in connection with a court application for a preliminary remedy, a judicial challenge to an award or its enforcement, or unless otherwise required by law or judicial decision. In any arbitration arising out of or related to this Agreement, the arbitrator(s) shall award to the prevailing party, if any, the costs and attorneys’ fees reasonably incurred by the prevailing party in connection with the arbitration.
  5. Miscellaneous. The parties agree that the Order Schedule and these Enterprise Terms are the entire Agreement between them regarding the subject matter hereof. Except as provided herein, no change, modification, extension, termination, or waiver of this Agreement, or of any provision herein, shall be valid unless made in writing and signed by each party. 1Life may make changes to terms located at a URL referenced in this Agreement including these 1Life Enterprise Terms (collectively, “URL Terms”) from time to time. After the Effective Date, 1Life may provide Customer with an updated URL in place of any URL in this Agreement. 1Life will post the amended terms and will update the “Updated” date at the top. By continuing to utilize the Services, Customer agrees to be bound by the modified terms; provided however, that if the changes include a material adverse impact for the Customer, 1Life shall notify Customer of such modification by email and if Customer notifies 1Life that it does not agree to such change within 30 days, then Customer shall remain governed by the terms in effect immediately prior to the change, until the end of the then current Period under the applicable Order Schedule. This Agreement may not be assigned by either party without the prior written consent of the other party, which consent will not be unreasonably withheld, conditioned or delayed; provided however, that either party may assign this Agreement (including all Order Schedules) without consent of the other party, to an affiliate or in connection with a merger, acquisition or sale of substantially all of the assets of its business. In the event that any provision of this Agreement is determined to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remainder of the Agreement will remain in full force and effect without such provision.

CCPA DATA PROCESSING ADDENDUM

This CCPA Data Processing Addendum (“Addendum”), effective January 1, 2020, reflects the agreement between Customer and 1Life in relation to the Processing of Enterprise Personal Information and is incorporated into the Agreement. 1Life understands the terms in this Addendum and agrees to comply with them. This Addendum shall terminate automatically when the Agreement expires or terminates.

  1. Definitions
    1.1. “CCPA” means the California Consumer Privacy Act of 2018 (“CCPA”), as amended or replaced from time to time, along with any implementing regulation.
    1.2. “Consumer” means natural persons who reside in California as defined by Section 17014 of Title 18 of the California Code of Regulations.
    1.3. “Consumer Request” means any request submitted by a Consumer to exercise a right in relation to that Consumer’s Enterprise Personal Information provided by the CCPA.
    1.4. “Enterprise Personal Information” is personal information, as defined under the CCPA, of any Consumer, which is Processed by 1Life on behalf of Customer under the Agreement, but does not include any personal information governed under HIPAA.
    1.5. “Process” means any operation or set of operations that are performed on Enterprise Personal Information by 1Life under the Agreement.
    1.6. “Sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s personal information to another business or a third party for monetary or other valuable consideration.
    1.7. “Services” means the services to be provided by 1Life to Customer as specified in the Agreement.
  2. Consumer Requests. Customer shall be responsible for all communications in relation to all requests made by Consumers in relation to Enterprise Personal Information.
  3. 1Life’s Obligations
    3.1. Restrictions on Personal Information. 1Life will Process Enterprise Personal Information as necessary to perform the Services, and will not Sell, Process, use, share, transfer Enterprise Personal Information for any purpose not related to providing the Services, outside of the direct business relationship between 1Life and Customer, or as otherwise permitted by the CCPA. For clarity, 1Life may share or transfer Enterprise Personal Information with its own service providers to the extent necessary to perform the Services. 1Life may use Aggregated and De-identified information (as defined in the CCPA) for statistical analysis and its business operations purposes.
    3.2. Customer Requests. If 1Life, directly or indirectly, receives a Consumer Request relating to Enterprise’s Personal Information, 1Life may provide a copy of the Consumer Request to Customer and direct the Consumer to make the Consumer Request directly with Customer.
  4. General
    4.1. Except as provided in this Addendum, all other terms of the Agreement will remain in full force and effect. In the event of any conflict between the terms of this Addendum and the terms of the Agreement, the terms of this Addendum prevail.
    4.2. Any provision of this Addendum that is prohibited or unenforceable shall be ineffective to the extent of such prohibition or unenforceability without invaliding the remaining provisions hereof, and any such prohibition or unenforceability in any jurisdiction shall not invalidate or render unenforceable such provision in any other jurisdiction. The Parties will attempt to agree upon a valid and enforceable provision that is a reasonable substitute and shall incorporate such substitute provision into this Addendum.