The URL can be used to link to this page

Home My WebLink AboutAgreement A-24-669 with ReliaStar Life Insurance Company.pdf Agreement No. 24-669 1 SERVICE AGREEMENT 2 This Service Agreement ("Agreement") is dated December 17, 2024 and is between 3 ReliaStar Life Insurance Company, a Minnesota Corporation, ("Contractor"), and the County of 4 Fresno, a political subdivision of the State of California ("County"). 5 Recitals 6 WHEREAS, the County wishes to provide optional Accident Insurance, Critical Illness 7 Insurance, and Hospital Confinement Indemnity Insurance to its employees and their eligible 8 family members; and 9 WHEREAS, Department of Human Resources staff, with assistance from County's 10 broker of record, HUB International, solicited bids for optional Accident Insurance, Critical Illness 11 Insurance, and Hospital Confinement Indemnity Insurance from qualified vendors and 12 Contractor submitted the most responsive bid; and 13 WHEREAS, This Agreement will provide optional Accident Insurance, Critical Illness 14 Insurance, and Hospital Confinement Indemnity Insurance services to County employees and 15 their eligible family members; 16 The parties therefore agree as follows: 17 Article 1 18 Contractor's Services 19 1.1 Scope of Services. The Contractor shall perform all of the services provided in 20 Exhibit A to this Agreement, titled "Scope of Services." 21 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and 22 able to perform all of the services provided in this Agreement. 23 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all 24 applicable federal, state, and local laws and regulations in the performance of its obligations 25 under this Agreement, including but not limited to workers compensation, labor, and 26 confidentiality laws and regulations. 27 28 1 1 Article 2 2 County's Responsibilities 3 2.1 Policy Administration. County will maintain all enrollment, beneficiary, and billing 4 records for the Policies (as applicable), including the following: 5 (A) Appropriately apply Policy limits and rules. 6 (B) Maintain a record of the coverage amounts for each covered employe and their 7 spouse and/or children. 8 (C) Provide the employee with the appropriate "Conversion" and/or"Portability" 9 documentation (as applicable). 10 (D) Set up any payroll deductions correctly. 11 (E) Pay premium to the insurance company with supporting documentation. 12 2.2 Claim Administration. Upon receipt of notice of a potential claim under a Policy, 13 County will confirm employees' eligibility for coverage and provide required claim documentation 14 at Contractor's request. Contractor shall be responsible for all claim reviews, determinations and 15 payments. 16 2.3 Record Keeping. County shall maintain accurate books and records documenting 17 the administration of the Policies, including employee demographics, eligibility records, 18 dependent data, coverage amounts, enrollment history, payroll deductions, benefit elections and 19 beneficiary designations (as applicable). Such records must be maintained for a period of seven 20 (7) years following termination of the Policies to which they relate. Upon reasonable notice, we 21 shall have the right to review, inspect and audit, at our expense, the books, records, data files or 22 other information maintained by you or your vendor related to the Policies. 23 Article 3 24 Compensation, Invoices, and Payments 25 3.1 The County agrees to pay, and the Contractor agrees to receive, compensation for 26 the performance of its services under this Agreement as described in Exhibit B to this 27 Agreement, titled "Compensation." 28 2 1 3.2 Maximum Compensation. There is no aggregate limit on the compensation that 2 Contractor may receive from employees who purchase optional benefit from Contractor as 3 described in Exhibit A to this Agreement. The Contractor acknowledges that the County is a 4 local government entity, and does so with notice that the County's powers are limited by the 5 California Constitution and by State law, and with notice that the Contractor may receive 6 compensation under this Agreement only for services performed according to the terms of this 7 Agreement and while this Agreement is in effect. The Contractor further acknowledges that 8 County employees have no authority to pay the Contractor except as expressly provided in this 9 Agreement. 10 3.3 Invoices. Invoices are not required of the Contractor under this Agreement. 11 3.4 Payment. The premiums described in Exhibit B of this Agreement shall be remitted 12 by County to Contractor no later than 45 days after the last calendar day of the month in which 13 premiums are collected. 14 3.5 Incidental Expenses. The Contractor is solely responsible for all of its costs and 15 expenses that are not specified as payable by the County under this Agreement. 16 Article 4 17 Term of Agreement 18 4.1 Term. This Agreement is effective on January 1, 2025 and terminates on December 19 31, 2027, except as provided in section 4.2, "Extension," or Article 6, "Termination and 20 Suspension," below. 21 4.2 Extension. The term of this Agreement may be extended for no more than two (2), 22 one-year periods only upon written approval of both parties at least 30 days before the first day 23 of the next one-year extension period. The Director of Human Resources or his or her designee 24 is authorized to sign the written approval on behalf of the County based on the Contractor's 25 satisfactory performance. The extension of this Agreement by the County is not a waiver or 26 compromise of any default or breach of this Agreement by the Contractor existing at the time of 27 the extension whether or not known to the County. 28 3 1 Article 5 2 Notices 3 5.1 Contact Information. The persons and their addresses having authority to give and 4 receive notices provided for or permitted under this Agreement include the following: 5 For the County: 6 Director of Human Resources County of Fresno 7 2220 Tulare Street, 14th Floor Fresno, CA 93721 8 Email: HRBenefits@FresnoCountyCA.gov Fax: (559) 455-4787 9 For the Contractor: 10 Mona Zielke ReliaStar Life Insurance Company 11 250 Marquette Avenue, Suite 900 Minneapolis, MN 55401 12 13 5.2 Change of Contact Information. Either party may change the information in section 14 5.1 by giving notice as provided in section 5.3. 15 5.3 Method of Delivery. Each notice between the County and the Contractor provided 16 for or permitted under this Agreement must be in writing, state that it is a notice provided under 17 this Agreement, and be delivered either by personal service, by first-class United States mail, by 18 an overnight commercial courier service, by telephonic facsimile transmission, or by Portable 19 Document Format (PDF) document attached to an email. 20 (A) A notice delivered by personal service is effective upon service to the recipient. 21 (B) A notice delivered by first-class United States mail is effective three County 22 business days after deposit in the United States mail, postage prepaid, addressed to the 23 recipient. 24 (C)A notice delivered by an overnight commercial courier service is effective one 25 County business day after deposit with the overnight commercial courier service, delivery fees 26 prepaid, with delivery instructions given for next day delivery, addressed to the recipient. 27 (D)A notice delivered by telephonic facsimile transmission or by PDF document 28 attached to an email is effective when transmission to the recipient is completed (but, if such 4 1 transmission is completed outside of County business hours, then such delivery is deemed to 2 be effective at the next beginning of a County business day), provided that the sender maintains 3 a machine record of the completed transmission. 4 5.4 Claims Presentation. For all claims arising from or related to this Agreement, 5 nothing in this Agreement establishes, waives, or modifies any claims presentation 6 requirements or procedures provided by law, including the Government Claims Act (Division 3.6 7 of Title 1 of the Government Code, beginning with section 810). 8 Article 6 9 Termination and Suspension 10 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement and the 11 services to be provided in accordance with the issued insurance polices are contingent on the 12 approval of funds by the appropriating government agency. If sufficient funds are not allocated, 13 the services provided may be modified or this Agreement terminated, at any time by giving the 14 Contractor 30 days' advance written notice. 15 6.2 Termination for Breach. 16 (A) Upon determining that a breach (as defined in paragraph (C) below) has 17 occurred, the County may give written notice of the breach to the Contractor. The written notice 18 may suspend performance under this Agreement, and must provide at least 30 days for the 19 Contractor to cure the breach. 20 (B) If the Contractor fails to cure the breach to the County's satisfaction within the 21 time stated in the written notice, the County may terminate this Agreement immediately. 22 (C) For purposes of this section, a breach occurs when, in the determination of the 23 County, the Contractor has: 24 (1) Obtained or used funds illegally or improperly; 25 (2) Failed to comply with any part of this Agreement; 26 (3) Submitted a substantially incorrect or incomplete report to the County; or 27 (4) Improperly performed any of its obligations under this Agreement. 28 5 1 6.3 Termination without Cause. In circumstances other than those set forth above, the 2 County may terminate this Agreement by giving at least 30 days advance written notice of the 3 intent to terminate to the Contractor. 4 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County 5 under this Article 6 is without penalty to or further obligation of the County. 6 Article 7 7 Independent Contractor 8 7.1 Status. In performing under this Agreement, the Contractor, including its officers, 9 agents, employees, and volunteers, is at all times acting and performing as an independent 10 contractor, in an independent capacity, and not as an officer, agent, servant, employee,joint 11 venturer, partner, or associate of the County. 12 7.2 Verifying Performance. The County has no right to control, supervise, or direct the 13 manner or method of the Contractor's performance under this Agreement, but the County may 14 verify that the Contractor is performing according to the terms of this Agreement. 15 7.3 Benefits. Because of its status as an independent contractor, the Contractor has no 16 right to employment rights or benefits available to County employees. The Contractor is solely 17 responsible for providing to its own employees all employee benefits required by law. The 18 Contractor shall save the County harmless from all matters relating to the payment of 19 Contractor's employees, including compliance with Social Security withholding and all related 20 regulations. 21 7.4 Services to Others. The parties acknowledge that, during the term of this 22 Agreement, the Contractor may provide services to others unrelated to the County. 23 Article 8 24 Protected Health Information 25 8.1 The parties to this Agreement shall be in strict conformance with all applicable 26 Federal and State of California laws and regulations as further described in Exhibit E, "Protected 27 Health Information Confidentiality Agreement", attached hereto and incorporated herein by this 28 reference. 6 1 8.2 Safeguards. Contractor shall implement administrative, physical, and technical 2 safeguards as required by applicable law and as further described in the provisions of Exhibit F 3 "Data Security Addendum," attached hereto and incorporated herein by this reference. 4 8.3 Survival. The respective rights and obligations of the parties as stated in this Section 5 shall survive the termination or expiration of this Agreement. 6 8.4 No Waiver of Obligations. No change, waiver or discharge of any liability or 7 obligation hereunder on any one or more occasions shall be deemed a waiver of performance of 8 any continuing or other obligation, or shall prohibit enforcement of any obligation on any other 9 occasion. 10 Article 9 11 Hold Harmless 12 9.1 Hold Harmless. The Contractor agrees to indemnify, save, hold harmless, and at 13 County's request, defend the County, its officers, agents, and employees from any and all costs 14 and expenses (including attorney's fees and costs), damages, liabilities, claims, and losses 15 occurring or resulting to County in connection with any negligence, including but not limited to 16 any error or omission, or wrongful conduct, by Contractor, its officers, agents, or employees 17 under this Agreement, and from any and all costs and expenses (including attorney's fees and 18 costs), damages, liabilities, claims, and losses occurring or resulting to any person, firm, or 19 corporation who may be injured or damaged by any negligence, including but not limited to any 20 error or omission, of Contractor, its officers, agents, or employees under this Agreement, except 21 to the extent County has directly caused or significantly contributed to the error or omission. The 22 County may conduct or participate in its own defense without affecting the Contractor's 23 obligation to indemnify and hold harmless or defend the County. 24 9.2 Survival. This Article 9 survives the termination of this Agreement. 25 Article 10 26 Insurance 27 10.1 The Contractor shall comply with all the insurance requirements in Exhibit D to this 28 Agreement. 7 1 Article 11 2 Inspections, Audits, and Public Records 3 11.1 Inspection of Documents. The Contractor shall make available to the County, all of 4 the Contractor's records and data with respect to the matters covered by this Agreement, 5 excluding attorney-client privileged communications. The Contractor shall, upon request by the 6 County, and shall not occur more than once annually, permit the County to audit and inspect 7 such records and data to ensure the Contractor's compliance with the terms of this Agreement. 8 11.2 State Audit Requirements. If the compensation to be paid by the County under this 9 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the 10 California State Auditor, as provided in Government Code section 8546.7, for a period of three 11 years after final payment under this Agreement. This section survives the termination of this 12 Agreement. 13 11.3 Public Records. The County is not limited in any manner with respect to its public 14 disclosure of this Agreement or any record or data that the Contractor may provide to the 15 County. The County's public disclosure of this Agreement or any record or data that the 16 Contractor may provide to the County may include but is not limited to the following: 17 (A) The County may voluntarily, or upon request by any member of the public or 18 governmental agency, disclose this Agreement to the public or such governmental agency. 19 (B) The County may voluntarily, or upon request by any member of the public or 20 governmental agency, disclose to the public or such governmental agency any record or data 21 that the Contractor may provide to the County, unless such disclosure is prohibited by court 22 order. 23 (C)This Agreement, and any record or data that the Contractor may provide to the 24 County, is subject to public disclosure under the Ralph M. Brown Act (California Government 25 Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950). 26 (D)This Agreement, and any record or data that the Contractor may provide to the 27 County, is subject to public disclosure as a public record under the California Public Records 28 8 1 Act (California Government Code, Title 1, Division 10, Chapter 3, beginning with section 2 7920.200) ("CPRA"). 3 (E) This Agreement, and any record or data that the Contractor may provide to the 4 County, is subject to public disclosure as information concerning the conduct of the people's 5 business of the State of California under California Constitution, Article 1, section 3, subdivision 6 (b). 7 (F) Any marking of confidentiality or restricted access upon or otherwise made with 8 respect to any record or data that the Contractor may provide to the County shall be 9 disregarded and have no effect on the County's right or duty to disclose to the public or 10 governmental agency any such record or data. 11 11.4 Public Records Act Requests. If the County receives a written or oral request 12 under the CPRA to publicly disclose any record that is in the Contractor's possession or control, 13 and which the County has a right, under any provision of this Agreement or applicable law, to 14 possess or control, then the County may demand, in writing, that the Contractor deliver to the 15 County, for purposes of public disclosure, the requested records that may be in the possession 16 or control of the Contractor. Within five business days after the County's demand, the 17 Contractor shall (a) deliver to the County all of the requested records that are in the Contractor's 18 possession or control, together with a written statement that the Contractor, after conducting a 19 diligent search, has produced all requested records that are in the Contractor's possession or 20 control, or (b) provide to the County a written statement that the Contractor, after conducting a 21 diligent search, does not possess or control any of the requested records. The Contractor shall 22 cooperate with the County with respect to any County demand for such records. If the 23 Contractor wishes to assert that any specific record or data is exempt from disclosure under the 24 CPRA or other applicable law, it must deliver the record or data to the County and assert the 25 exemption by citation to specific legal authority within the written statement that it provides to 26 the County under this section. The Contractor's assertion of any exemption from disclosure is 27 not binding on the County, but the County will give at least 10 days' advance written notice to 28 the Contractor before disclosing any record subject to the Contractor's assertion of exemption 9 1 from disclosure. The Contractor shall indemnify the County for any court-ordered award of costs 2 or attorney's fees under the CPRA that results from the Contractor's delay, claim of exemption, 3 failure to produce any such records, or failure to cooperate with the County with respect to any 4 County demand for any such records. 5 Article 12 6 Disclosure of Self-Dealing Transactions 7 12.1 Applicability. This Article 12 applies if the Contractor is operating as a corporation, 8 or changes its status to operate as a corporation. 9 12.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a 10 self-dealing transaction, he or she shall disclose the transaction by completing and signing a 11 "Self-Dealing Transaction Disclosure Form" (Exhibit C to this Agreement) and submitting it to 12 the County before commencing the transaction or immediately after. 13 12.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is 14 a party and in which one or more of its directors, as an individual, has a material financial 15 interest. 16 Article 13 17 General Terms 18 13.1 Modification. Subject to approval by the County's Board of Supervisors, any matter 19 of this Agreement may be modified from time to time, by the written consent of all parties 20 without, in any way, affecting the remainder. The Contractor acknowledges that County 21 employees have no authority to modify this Agreement except as expressly provided in this 22 Agreement. 23 13.2 Non-Assignment. Neither party may assign its rights or delegate its obligations 24 under this Agreement without the prior written consent of the other party. 25 13.3 Governing Law. The laws of the State of California govern all matters arising from 26 or related to this Agreement. 27 13.4 Jurisdiction and Venue. This Agreement is signed and performed in Fresno 28 County, California. Contractor consents to California jurisdiction for actions arising from or 10 1 related to this Agreement, and, subject to the Government Claims Act, all such actions must be 2 brought and maintained in Fresno County. 3 13.5 Construction. The final form of this Agreement is the result of the parties' combined 4 efforts. If anything in this Agreement is found by a court of competent jurisdiction to be 5 ambiguous, that ambiguity shall not be resolved by construing the terms of this Agreement 6 against either party. 7 13.6 Days. Unless otherwise specified, "days" means calendar days. 8 13.7 Headings. The headings and section titles in this Agreement are for convenience 9 only and are not part of this Agreement. 10 13.8 Severability. If anything in this Agreement is found by a court of competent 11 jurisdiction to be unlawful or otherwise unenforceable, the balance of this Agreement remains in 12 effect, and the parties shall make best efforts to replace the unlawful or unenforceable part of 13 this Agreement with lawful and enforceable terms intended to accomplish the parties' original 14 intent. 15 13.9 Nondiscrimination. During the performance of this Agreement, the Contractor shall 16 not unlawfully discriminate against any employee or applicant for employment, or recipient of 17 services, because of race, religious creed, color, national origin, ancestry, physical disability, 18 mental disability, medical condition, genetic information, marital status, sex, gender, gender 19 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to 20 all applicable State of California and federal statutes and regulation. 21 13.10 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation 22 of the Contractor under this Agreement on any one or more occasions is not a waiver of 23 performance of any continuing or other obligation of the Contractor and does not prohibit 24 enforcement by the County of any obligation on any other occasion. 25 13.11 Entire Agreement. This Agreement, including its exhibits, is the entire agreement 26 between the Contractor and the County with respect to the subject matter of this Agreement, 27 and it supersedes all previous negotiations, proposals, commitments, writings, advertisements, 28 publications, and understandings of any nature unless those things are expressly included in 11 1 this Agreement. If there is any inconsistency between the terms of this Agreement without its 2 exhibits and the terms of the exhibits, then the inconsistency will be resolved by giving 3 precedence first to the terms of this Agreement without its exhibits, and then to the terms of the 4 exhibits. Notwithstanding the foregoing, the parties understand and acknowledge that any 5 insurance obligations owed to the County or its employees will be governed solely by the terms 6 of the insurance policies issued by the Contractor under the terms of this Agreement. 7 13.12 No Third-Party Beneficiaries. This Agreement does not and is not intended to 8 create any rights or obligations for any person or entity except for the parties. 9 13.13 Authorized Signature. The Contractor represents and warrants to the County that: 10 (A) The Contractor is duly authorized and empowered to sign and perform its 11 obligations under this Agreement. 12 (B) The individual signing this Agreement on behalf of the Contractor is duly 13 authorized to do so and his or her signature on this Agreement legally binds the Contractor to 14 the terms of this Agreement. 15 13.14 Electronic Signatures. The parties agree that this Agreement may be executed by 16 electronic signature as provided in this section. 17 (A) An "electronic signature" means any symbol or process intended by an individual 18 signing this Agreement to represent their signature, including but not limited to (1) a digital 19 signature; (2) a faxed version of an original handwritten signature; or (3) an electronically 20 scanned and transmitted (for example by PDF document) version of an original handwritten 21 signature. 22 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed 23 equivalent to a valid original handwritten signature of the person signing this Agreement for all 24 purposes, including but not limited to evidentiary proof in any administrative or judicial 25 proceeding, and (2) has the same force and effect as the valid original handwritten signature of 26 that person. 27 28 12 1 (C)The provisions of this section satisfy the requirements of Civil Code section 2 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, Part 2, 3 Title 2.5, beginning with section 1633.1). 4 (D) Each party using a digital signature represents that it has undertaken and 5 satisfied the requirements of Government Code section 16.5, subdivision (a), paragraphs (1) 6 through (5), and agrees that each other party may rely upon that representation. 7 (E) This Agreement is not conditioned upon the parties conducting the transactions 8 under it by electronic means and either party may sign this Agreement with an original 9 handwritten signature. 10 13.15 Counterparts. This Agreement may be signed in counterparts, each of which is an 11 original, and all of which together constitute this Agreement. 12 [SIGNATURE PAGE FOLLOWS] 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 13 1 The parties are signing this Agreement on the date stated in the introductory clause. 2 ReliaStar Life Insurance Company COUNTY OF FRESNO 3 4 _ 5 Mona Ziefi , SVP Nathan Magsig, Chairman of the Board of Supervisors of the County of Fresno 6 250 Marquette Avenue, Suite 900 Minneapolis, MN 55401 Attest: 7 Bernice E. Seidel Clerk of the Board of Supervisors 8 County of Fresno, State of California 9 By: 10 Deputy 11 For accounting use only: 12 Org No.: 89250200 Account No.: 7295 13 Fund No.: 1060 Subclass No.: 1000 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 14 EXHIBIT A Compass Accident Insurance A Proposal for County of Fresno Compass Accident Insurance — Benefit schedule (may vary by state) Accident Hos ital Care in$'s MW Surgery 800 1,200 (open abdominal, thoracic) Surgery 125 175 (exploratory or without repair) Blood, Plasma, Platelets 400 600 Hospital Admission 1,000 1,250 Hospital Confinement 300 375 (per day up to 365 days) Critical Care Unit Confinement 475 600 (per day up to 15 days) Rehabilitation Facility Confinement 125 200 (per day up to 90 days) Coma 11,500 17,000 (duration of 14 or more days) Transportation 500 750 (per trip, up to once per accident) Lodging 120 180 (per day up to 30 days) Family care 15 25 (per child per day up to 45 days) Page 4 PLAN Issued by ReliaStar Life Insurance Company INVEST A member of the Vo aO family of companies PROTECT VOVA. y y pan FINANCIAL A Proposal for County of Fresno i ident Care in$'s = A Initial Doctor Visit 60 90 Urgent Care Facility Treatment 150 225 Emergency Room Treatment 150 225 Ground Ambulance 240 360 Air Ambulance 1,000 1,500 Follow-Up Doctor Treatment 60 90 Chiropractic Treatment 30 45 (up to 6 per accident) Medical Equipment 40 120 Physical or Occupational Therapy 30 45 (up to 6 per accident) Speech Therapy(up to 6 per 30 45 accident) Prosthetic Device (one) 500 750 Prosthetic Device (two or more) 800 1,200 Major Diagnostic Exams 80 240 Outpatient Surgery 150 225 (once per accident) X-ray 30 45 Page 5 PLAN Issued by ReliaStar Life Insurance Company INVESTVOVA. A member of the Voya°family of companies PROTECT FINANCIAL A Proposal for County of Fresno Common In'uries in$'s O I Burns 1,000 1,250 (2nd degree, at least 36%of body) Burns (3rd degree, at least 9 but 4,500 7,500 less than 35 sq in of body) Burns (3rd degree, 35 or more sq 10,000 15,000 in of body) Skin grafts 25%of burn benefit 25%of burn benefit Emergency Dental Work (Crown) 250 350 Emergency Dental Work 60 90 (Extraction) Eye Injury 60 100 (removal of foreign object) Eye Injury (surgery) 225 350 Torn Knee Cartilage (surgery with 150 225 no repair or if cartilage is shaved) Torn Knee Cartilage 500 800 (surgical repair) Laceration* (treated -no sutures) 20 30 Laceration* (sutures up to 2") 40 60 Laceration* (sutures 2"to 6") 160 240 Laceration* (sutures over 6") 320 480 Ruptured Disk (surgical repair) 500 800 Tendon, Ligament, Rotator Cuff (exploratory arthroscopic surgery 275 425 with no repair) Tendon, Ligament, Rotator Cuff 550 825 (1,surgical repair) Tendon, Ligament, Rotator Cuff 800 1,225 (2 or more, surgical repair) Concussion 150 225 Paralysis (paraplegia) 10,750 16,000 Paralysis (quadriplegia) 16,000 24,000 *Laceration benefits are a total of all lacerations per accident. Page 6 PLAN Issued by ReliaStar Life Insurance Company INVESTVOVA. A member of the Voya°family of companies PROTECT FINANCIAL A Proposal for County of Fresno Common In'uries-DISLOCATIONS Closed /O en Reduction* in$'s Hip Joint 2,550/5,100 3,850/7,700 Knee 1,600/3,200 2,400/4,800 Ankle or foot bone(s) 1,000/2,000 1,500/3,000 other than toes Shoulder 1,000/2,000 1,600/3,200 Elbow 750/1,500 1,100/2,200 Wrist 750/1,500 1,100/2,200 Finger/Toe 175/350 275/550 Hand bone(s)other than fingers 750/1,500 1,100/2,200 Lower jaw 750/1,500 1,100/2,200 Collarbone 750/1,500 1,100/2,200 Partial dislocations 25%of the closed reduction amount 25%of the closed reduction amount *Closed reduction of dislocation =non-surgical reduction of a completely separated joint; Open reduction of dislocation =surgical reduction of a completely separated joint. Common In'uries -FRACTURES Closed/O en Reduction* Hip 2,000/4,000 3,000/6,000 Leg 1,500/3,000 2,500/5,000 Ankle 1,200/2,400 1,800/3,600 Kneecap 1,200/2,400 1,800/3,600 Foot(excluding toes, heel) 1,200/2,400 1,800/3,600 Upper arm 1,400/2,800 2,100/4,200 Forearm, hand,wrist 1,200/2,400 1,800/3,600 (except fingers) Finger, Toe 160/320 240/480 Vertebral body 2,240/4,480 3,360/6,720 Vertebral processes 960/1,920 1,440/2,880 Pelvis (except coccyx) 2,250/4,500 3,200/6,400 Coccyx 200/400 400/800 Bones of the face 800/1,600 1,200/2,400 (except nose) Nose 400/800 600/1,200 Page 7 PLAN Issued by ReliaStar Life Insurance Company INVEST A member of the Voya°family of companies PROTECT VOVA. FINANCIAL A Proposal for County of Fresno Common InWries-FRACTURES Closed/O en Reduction* cont Upper jaw 1,000/2,000 1,500/3,000 Lower jaw 960/1,920 1,440/2,880 Collarbone 960/1,920 1,440/2,880 Rib or ribs 300/600 400/800 Skull -Simple (except bones of the face) 1,000/2,000 1,400/2,800 Skull -Depressed 2,000/4,000 3,000/6,000 (except bones of the face) Sternum 240/480 360/720 Shoulder blade 1,200/2,400 1,800/3,600 Chip fractures 25%of the closed reduction amount 25%of the closed reduction amount *Closed reduction of fracture =non-surgical; Open reduction of fracture =surgical. Page 8 PLAN Issued by ReliaStar Life Insurance Company INVEST A member of the Voya°family of companies PROTECT VOVA. FINANCIAL A Proposal for County of Fresno Compass Accident Additional Benefits (may vary by state) i rts Accident Benefit llmw I ""I1M�MII1I" Offer C-Low Plan 24 hour Pays an additional 25%of the Accident Hospital Care,Accident Care, or Common Injuries All Eligible Employees benefit amount listed above, up to a maximum benefit of$1,000, if the covered accident is the result of an organized sporting activity. Offer D-High Plan 24 hour Pays an additional 25%of the Accident Hospital Care,Accident Care, or Common Injuries All Eligible Employees benefit amount listed above, up to a maximum benefit of$1,000, if the covered accident is the result of an organized sporting activity. Compass Accident Insurance Riders - Benefit schedules (may vary by state) iuse Accident Rider Offer C-Low Plan 24 hour All Eligible Employees Matches the employee schedule. Offer D-High Plan 24 hour All Eligible Employees Matches the employee schedule. Children's Accident Rider Offer C-Low Plan 24 hour All Eligible Employees Matches the employee schedule. Offer D-High Plan 24 hour All Eligible Employees Matches the employee schedule. Accidental Death and Dismemberment (AD&D) Rider Offer C-Low Plan 24 hour:All Eligible Employees Benefit Level Voluntary: Level 2 Page 10 PLAN Issued by ReliaStar Life Insurance Company INVESTVOVA. A member of the Voya°family of companies PROTECT FINANCIAL A Proposal for County of Fresno Compass Accident Insurance Riders — Benefit schedules (may vary by state) Accidental Death and Dismemberment D) Rider Offer D-High Plan 24 hour:All Eligible Employees Benefit Level Voluntary: Level 4 W ental Death in$'s MM Common Carrier Employee 65,000 100,000 Spouse 30,000 50,000 Children 15,000 25,000 Other Accidental Death Employee 30,000 50,000 Spouse 12,500 20,000 Children 6,000 10,000 W ental Dismemberment in$'s Loss of both hands or both feet or 20,000 28,000 sight in both eyes Loss of one hand or one foot AND 14,000 22,000 sight in one eye Loss of one hand AND one foot 14,000 22,000 Loss of one hand OR one foot 7,500 12,500 Loss of two or more fingers or toes 1,200 1,800 Loss of one finger or toe 750 1,250 Rider Form numbers (may vary by state): Spouse Accident Rider Form #: RL-ACC3-SPR-16 Children's Accident Rider Form #: RL-ACC3-CHR-16 Accidental Death &Dismemberment (AD&D) Rider Form #: RL-ACC3-ADR-16 Page 11 PLAN Issued by ReliaStar Life Insurance Company INVEST A member of the Voya°family of companies PROTECT VOVA. FINANCIAL Compass Critical Illness Insurance A Proposal for County of Fresno Compass Critical Illness Insurance — Plan summary, and benefit and rider schedules Offer B-Sold Proposal: All Eligible Employees Plan design Per Diagnosis Plan Insured persons can receive a lump—sum benefit payment(100%of the benefit associated with that condition) for covered conditions under each module selected by the employer. This offer includes a 2 times total benefit amount multiplier, meaning covered conditions which may naturally recur are payable up to the proposed multiple. Once the benefit multiplier has been claimed for a covered condition, the insured is no longer able to receive benefit payments for the same covered condition. Covered benefit modules, additional benefits &riders Base Module Heart attack(cardiac arrest is not a heart attack) —100% Cancer(Invasive)—100% Stroke—100% Major organ transplant* —100% Coronary artery bypass -25% Cancer(Non-invasive) -25% *Major organ transplant means the irreversible failure of your heart, lung, pancreas, entire kidney or liver, or any combination thereof, determined by a Physician specialized in care of the involved organ. Major Organ Module Severe burns—100% Transient ischemic attacks (TIA)—10% Ruptured or dissecting aneurysm —10% Abdominal aortic aneurysm —10% Thoracic aortic aneurysm —10% Open heart surgery for valve replacement or repair—25% Transcatheter heart valve replacement or repair—10% Coronary angioplasty —10% Implantable (or Internal)cardioverter defibrillator (ICD) placement —25% Pacemaker placement—10% Quality of Life Module Loss of sight, hearing or speech —100% Coma —100% Multiple sclerosis —50% Amyotrophic lateral sclerosis (ALS)— 50% Riders Spouse Critical Illness Rider Children's Critical Illness Rider Additional Child Diseases Module Wellness Benefit Rider Page 4 PLAN Issued by ReliaStar Life Insurance Company INVESTVOVA. A member of the Vo a®family of companies PROTECT y y pan FINANCIAL A Proposal for County of Fresno Compass Critical Illness Insurance — Plan summary, and benefit and rider schedules Offer B-Sold Proposal:(continued) All Eligible Employees (continued) Covered benefit amount Employee Benefit amount:Choice of$10,000 or$20,000 Spouse Spouse coverage matches employee benefit schedule, additional benefits and riders. Benefit amount:Choice of$5,000 or$10,000 Child Children's coverage matches employee benefit schedule, additional benefits and riders. Benefit amount: Choice of$5,000 or$10,000 Additional Child Diseases are payable at 100%of the benefit amount elected and include: Cerebral Palsy; Congenital Birth Defects; Cystic Fibrosis; Down Syndrome; Gaucher Disease, Type II or III; Infantile Tay Sachs; Niemann-Pick Disease; Pompe Disease; Type IV Glycogen Storage Disease Benefit reduction schedule None Diagnosis separation periods Time period between diagnoses:12 months for subsequent(same)diagnoses; 0 months for different diagnoses Pre-existing condition exclusion New Coverage Supplemental: None Rider Form numbers (may vary by state): Spouse Critical Illness Rider Form #: RL-CI4-SPR-16 Children's Critical Illness Rider Form #: RL-CI4-CHR-16 Page 5 PLAN Issued by ReliaStar Life Insurance Company INVESTVOVA. A member of the Vo a®family of companies PROTECT y y pan FINANCIAL A Proposal for County of Fresno Compass Critical Illness Insurance - Rider schedules Wellness Benefit Rider Offer B-Sold Proposal:All Eligible Employees Voluntary: Employee $50 Spouse $50 Child 50%of employee's Wellness Benefit amount, to a maximum of$100 for all children Rider Form numbers (may vary by state): Wellness Benefit Rider Form #: RL-04-WELL-16 Page 6 PLAN Issued by ReliaStar Life Insurance Company INVESTVOVA. A member of the Voya°family of companies PROTECT FINANCIAL Compass Hospital Confinement Indemnity Insurance A Proposal for County of Fresno Compass Hospital Confinement Indemnity Insurance — Benefit Schedule (may vary by state) Offer B All Eligible Employees Daily benefit amount Voluntary: $100, $200 Hospital Voluntary: $100, $200(1 x Daily benefit amount) per day, up to 30 days per confinement Critical care unit Voluntary: $200, $400(2 x Daily benefit amount) per day, up to 15 days per confinement Rehabilitation facility Voluntary: $50,$100(0.5 x Daily benefit amount) per day, up to 30 days per confinement Benefit waiting period* 0 Days Benefit age reduction on daily No Reductions benefit* Pre-existing condition limitation* Voluntary: None Initial Confinement Benefit Rider Voluntary: $500, $1000 (5 x Daily benefit amount) Benefit age reduction Voluntary: No Reductions Wellness Benefit Rider Employee Voluntary: $50 Spouse Voluntary: $50 Child Voluntary: 50%of employee's wellness benefit amount,to a maximum of$100 for all children Wellness benefit waiting period* 0 Days *Applies to all coverage types/levels. Rider form numbers: (may vary by state): Spouse Hospital Confinement Indemnity Rider Form #: RL-HI-SPR-12 Children's Hospital Confinement Indemnity Rider Form #: RL-HI-CHR-12 Wellness Benefit Rider Form #: RL-HI-WELL-12 Initial Confinement Benefit Rider Form #: RL-HI-ICN-12 Page 4 PLAN Issued by ReliaStar Life Insurance Company INVESTVOVA. A member of the Vo a®family of companies PROTECT y y pan FINANCIAL Exhibit B 1 Compensation 2 The Contractor will be compensated for performance of its services under this 3 Agreement as provided in this Exhibit B. The Contractor is not entitled to any compensation 4 except as expressly provided in this Exhibit B. 5 The compensation in Paragraphs B.1 through B.3 shall be paid by covered County 6 employees. There is no direct cost to County for services performed under this Agreement. 7 B.1. Accident Insurance. Employees and their spouse and/or eligible children who 8 choose to enroll in an Accident Insurance policy are subject to the following monthly rates: 9 a. Employee Only, Low Plan: $4.73 10 b. Employee & Spouse, Low Plan: $8.95 11 c. Employee & Children, Low Plan: $9.15 12 d. Family, Low Plan: $13.37 13 e. Employee Only, High Plan: $7.16 14 f. Employee & Spouse, High Plan: $12.90 15 g. Employee & Children, High Plan: $14.49 16 h. Family, High Plan: $20.23 17 B.2. Critical Illness Insurance. Employees who choose to enroll themselves and their 18 spouse and/or eligible children in a Critical Illness Insurance policy are subject to the following 19 monthly rates per $1,000 of coverage, based on their age: 20 a. Under 30 years of age: $0.26 21 b. 30-39 years of age: $0.35 22 c. 40-49 years of age: $0.78 23 d. 50-59 years of age: $1.92 24 e. 60-64 years of age: $3.17 25 f. 65-69 years of age: $4.27 26 g. 70 years of age or older: $6.58 27 h. All children of the employee: $0.28 28 B-1 Exhibit B 1 Contractor shall provide each covered employee and their spouse and/or children a 2 "Wellness Benefit", as described in Exhibit A. The monthly cost to the covered employee for the 3 Wellness Benefit is $1.18. 4 B.3. Hospital Confinement Indemnity Insurance. Employees and their spouse and/or 5 eligible children who choose to enroll in a Hospital Confinement Indemnity Insurance policy are 6 subject to the following monthly rates: 7 a. Employee Only, $100 daily benefit: $10.45 8 b. Employee & Spouse, $100 daily benefit: $20.70 9 c. Employee & Children, $100 daily benefit: $16.24 10 d. Family, $100 daily benefit: $26.49 11 e. Employee Only, $200 daily benefit: $23.40 12 f. Employee & Spouse, $200 daily benefit: $46.33 13 g. Employee & Children, $200 daily benefit: $35.82 14 h. Family, $200 daily benefit: $58.75 15 16 17 18 19 20 21 22 23 24 25 26 27 28 B-2 Exhibit C Self-Dealing Transaction Disclosure Form In order to conduct business with the County of Fresno ("County"), members of a contractor's board of directors ("County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest." The definition above will be used for purposes of completing this disclosure form. Instructions (1) Enter board member's name, job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. The form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). C-1 Exhibit C (1) Company Board Member Information: Name: Date: Job Title: (2) Company/Agency Name and Address: (3) Disclosure (Please describe the nature of the self-dealing transaction you are a party to) (4) Explain why this self-dealing transaction is consistent with the requirements of Corporations Code § 5233 (a) (5) Authorized Signature Signature: Date: C-2 Exhibit D Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability. Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) combined single limit each accident. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Professional Liability. Professional liability insurance with limits of not less than One Million Dollars ($1,000,000) per claim and an annual aggregate of Three Million Dollars ($3,000,000). If this is a claims-made policy, 1) the Contractor shall maintain the policy and provide to the County annual evidence of insurance for not less than five years after completion of services under this Agreement; and (2) if the policy is canceled or not renewed, and not replaced with another claims-made policy with a retroactive date prior to the date on which services begin under this Agreement, then the Contractor shall purchase extended reporting coverage on its claims-made policy for a minimum of one year after completion of services under this Agreement. (F) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per claim. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Exhibit E of this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment D-1 Exhibit D card liabilities and costs; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv) fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (v) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, D-2 Exhibit D alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A-: VII. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D)Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (E) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (F) Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. D-3 EXHIBIT E PROTECTED HEALTH INFORMATION CONFIDENTIALITY AGREEMENT This Protected Health Information Confidentiality Agreement (the "Agreement") is entered into as of May 1, 2020 (the "Agreement Effective Date") by and between ReliaStar Life Insurance Company or its affiliate ReliaStar Life Insurance Company of New York (the "Company"), and the County of Fresno (the "Employer"). Employer shall be referred to herein as a "Disclosing Party". RECITALS A. The Employer is seeking to purchase or has purchased compass critical illness, accident, and hospital confinement indemnity policies (collectively, the "Policy") from the Company to cover employees. B. The Disclosing Party may provide or disclose Protected Health Information (as defined below)to the Company in connection with the underwriting or payment of claims under the Policy. C. The purpose of this agreement is to limit the use and disclosure of PHI by the Company to the purposes provided for herein and to provide reasonable assurances to Disclosing Party that the Company will maintain appropriate safeguards to protect PHI from any use or disclosure contrary to this Agreement and the Privacy Rule and Security Rule to the extent applicable (each as defined below). SECTION 1: DEFINITIONS (a) Breach. "Breach"shall have the same meaning given to such term in 45 C.F.R. § 164.402, as may be amended from time to time. (b) Data Aggregation. "Data Aggregation" shall mean, with respect to Protected Health Information received by the Company, the combining of such Protected Health Information with Protected health information received by the Company under other stop-loss policy or policies, to permit data analyses as they relate to Health Care Operations. (c) Designated Record Set. "Designated Record Set" shall have the same meaning as the term "designated record set"in 45 C.F.R§ 164.501, as may be amended from time to time. (d) Electronic Protected Health Information. "Electronic Protected Health Information" shall have the same meaning as "electronic protected health information" in 45 C.F.R. § 160.103, as may be amended from time to time. (e) Health Care. "Health Care" shall have the same meaning as the term "health care" in 45 C.F.R. § 160.103, as may be amended from time to time. (f) Health Care Operations. "Health Care Operations" shall have the same meaning as the term "health care operations" in 45 C.F.R. § 164.501, as may be amended from time to time and shall include, but not be limited to, underwriting of the Policy including activities of the Company for the reinsurance of the Policy. (g) Individual. "Individual" shall have the same meaning as the term "individual" in 45 C.F.R § 160.103 and shall include a person's personal representative who is treated as the Individual in accordance with 45 C.F.R§ 164.502(g), as each may be amended from time to time. (h) Limited Data Set."Limited Data Set"shall have the same meaning as the term "limited data set" in 45 C.F.R. § 164.514(e), as may be amended from time to time. 1 I Page (i) Payment. "Payment" shall mean the same meaning as payment in 45 C.F.R. § 164.501, as may be amended from time to time, and shall include activities for the purpose of obtaining payment under the Policy and shall include, but not be limited to, Policy claim review, assessing primary and secondary coverage as between the Policy and the Group Health Plan under coordination of benefit provisions, pursuing subrogation claims and rights and submission of claim information under reinsurance policies or treaties between the Company and an insurance company that provides reinsurance benefits to the Company with respect to the Policy. (j) Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R part 160 and part 164, subparts A and E, as may be amended from time to time, as applied to the Company's use and disclosure of PHI provided for in this Agreement. (k) Protected Health Information ("PHI"). "Protected Health Information" shall have the same meaning as the term "protected health information" in 45 C.F.R § 160.103, as may be amended from time to time, limited to the information received by the Company from any Disclosing Party. (1) Required By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 C.F.R § 164.103, as many be amended from time to time. (m) Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his or her designee. (n) Security Rule. "Security Rule" shall mean the Security Standards at 45 C.F.R. Parts 160 and Part 164, Subparts A and C, as may be amended from time to time, as applied to the Company's use and disclosure of PHI provided for in this Agreement. (o) Transactions. "Transactions" shall have the same meaning as the term "transactions" in 45 C.F.R. § 164.103, as may be amended from time to time. (p) Unsecured PHI. "Unsecured PHI" shall have the same meaning given to such term under 45 C.F.R. § 402), as may be amended from time to time. SECTION 2: LIMITED DATA SET - PERMITTED USES AND DISCLOSURES 2.1 Permitted Uses and Disclosures. The Company may use PHI provided to it in the form of a Limited Data Set solely for the underwriting of the Policy. Except as provided for in Section 3 of this Agreement, the Company shall not use or disclose PHI under this Section for any other purpose. 2.2 Identification. The Company agrees not to undertake any action during the underwriting process and the placement of the Policy which may cause the PHI, including the Limited Data Set, to identify any Individual, nor shall the Company knowingly contact any Individual whose PHI is included in the Limited Data Set. 2.3 Policy Not Issued. Upon conclusion or termination of the underwriting process in which the Policy is not issued by the Company, the Company shall destroy any property received from any party which may be in the Company's possession including all PHI, confidential information, products, materials, memoranda, notes, records, reports, or other documents or photocopies of the same, including without limitation any of the foregoing recorded on any computer or any machine readable medium. 2 1 P a g e SECTION 3: PHI — PERMITTED USES AND DISCLOSURES 3.1 Purpose of PHI Disclosure. The Disclosing Party may provide and disclose PHI to the Company for underwriting of the Policy. 3.2 Permitted Uses. The Company may use PHI received from the Disclosing Party solely for the purpose for which it is provided as specified in Section 3.1 of this Agreement. 3.3 Permitted Disclosures. The Company may disclose PHI for underwriting and the payment of claims under the Policy provided that the Company obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and will be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person (which purpose must be consistent with the limitations imposed upon the Company pursuant to this Agreement)and the person agrees to notify the Company of any use or disclosure of PHI of which it becomes aware in which the confidentiality of the information has been breached. 3.4 Required by Law. The Company may disclose the PHI if and to the extent that such disclosure is Required by Law. 3.5 Data Aggregation. The Company may use PHI to provide Data Aggregation services, including use of PHI for statistical compilations, reports, research and all other purposes allowed under applicable law. 3.6 De-identified Data. The Company may create de-identified PHI in accordance with the standards set forth in 45 C.F.R. § 164.514(b), as may be amended from time to time, and may use or disclose such de-identified data for any purpose. SECTION 4: OBLIGATIONS OF THE COMPANY 4.1 Privacy of PHI. The Company will maintain appropriate safeguards to reasonably protect PHI from any intentional or unintentional use or disclosure contrary to this Agreement and the Privacy Rule. 4.2 Security of PHI. The Company shall ensure that its information security programs include appropriate administrative, physical and technical safeguards designed to prevent the use or disclosure of confidential information, such as the PHI received by the Company, contrary to this Agreement and the Security Rule. 4.3 Notification of Disclosures. The Company will report to the Disclosing Party any use or disclosure of PHI not provided for by this Agreement of which it becomes aware. 4.4 Notification of Breach. The Company will notify the Disclosing Party of any Breach of Unsecured PHI as soon as practicable, and no later than 30 days after discovery of such Breach. The Company's notification of a Breach will include: (a)the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by the Company to have been, accessed, acquired or disclosed during the Breach; and (b) any particulars regarding the Breach that the Employer would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404,as may be amended from time to time. 4.5 Mitigation. To the extent practicable,the Company will cooperate with the Disclosing Party's efforts to mitigate a harmful effect that is known to the Company of a use or disclosure of PHI not provided for in this Agreement. 4.6 HIPAA Compliance Support. The Company agrees to make internal practices, books,and records, including policies and procedures of its information security program, relating to the use and disclosure of confidential information,such as the PHI received by the Company,available to the Secretary,as requested by the Employer, or designated by the Secretary,for purposes of the Secretary determining the Employer's compliance with the Privacy Rule. 3 1 P a g e SECTION 5: OBLIGATIONS OF THE DISCLOSING PARTIES 5.1 Privacy Practices. The Employer will notify the Company of any changes to the limitation(s) in the Employer's notice of privacy practices in accordance with 45 C.F.R. § 164.520, as amended from time to time, to the extent that such a limitation may affect the Company's use or disclosure of PHI under this Agreement. The Employer will provide such notice no later than 15 days prior to the effective date of the limitation. The Employer confirms that the it's privacy notice discloses the use and disclosure of PHI for Health Care Operations and Payments as permitted by this Agreement. 5.2. Minimum Necessary. Disclosing Party shall limit PHI to the minimum necessary to accomplish the permitted uses and disclosures of the Company provided for in this Agreement when providing or disclosing PHI to the Company in accordance with 45 C.F.R. § 164.502(b) and 45 C.F.R. § 164.514(d), as each may be amended from time to time. 5.3. Payment and Health Care Operations Standards. Disclosing Party shall ensure that the use and disclosure of PHI by the Company complies with the standards of 45 C.F.R. § 164.506,as may be amended from time to time. 5.4 Electronic PHI. Disclosing Party shall not provide Electronic PHI to the Company in the form of "unsecured protected health information"as defined in 45 C.F.R. § 164.402, as may be amended from time to time. 6. TERM AND TERMINATION 6.1 Term. This Agreement will commence as of the Agreement Effective Date and will terminate in accordance with Section 2.3 or upon the termination of the Policy. 6.2 Termination for Cause. Upon either party's knowledge of a material breach by the other party of this Agreement, such party will provide written notice to the breaching party detailing the nature of the breach and providing an opportunity to cure the breach within 30 business days. Upon the expiration of such 30 day cure period, the non-breaching party may terminate this Agreement and, at its election, the Policy, if cure is not possible. 6.3 Effect of Termination. Upon termination of this Agreement or the Policy, the Company will: (a) extend the protections of this Agreement to all PHI retained by Company; (b) limit further uses and disclosures of such PHI to those purposes provided for in this Agreement for so long as the Company maintains such PHI; and (c) where possible, only disclose such PHI to a third party if the information has been de-identified in accordance with the standards set forth in 45 C.F.R. § 164.514(b),as may be amended from time to time. The parties acknowledge and agree that it is not feasible for the Company to return or destroy all PHI received by the Company under this Agreement; provided, however, that the Company's retention of PHI upon the termination of the Agreement or the Policy shall be solely for the purposes of complying with state record retention and insurance regulatory requirements applicable to the Policy and the Company as a licensed insurance company and for the Company's reinsurance obligations under reinsurance policies or treaties covering the Policy. SECTION 7: SURVIVAL The respective rights and obligations of the parties under Section 6.3 of this Agreement will survive the termination of this Agreement and the Policy. 41 SECTION 8: GENERAL 8.1 Relationship of the Parties under HIPAA. Disclosing Party agrees and acknowledges that the Company does not perform any function or service on behalf of any Group Health Plan and this Agreement should not be construed and does not establish any contractual relationship for services. The Company is not an agent or sub-contractor of any Disclosing Party or any Group Health Plan. Each Disclosing Party acknowledges and agrees that the Company does not provide Health Care to or for any Individual either directly or indirectly on behalf of any Group Health Plan. The Company does not conduct Transactions with any Group Health Plan or any Disclosing Party on behalf of any Group Health Plan and any Electronic PHI provided to the Company for the purposes of this Agreement shall not be subject to the administrative requirements of 45 C.F.R. § 162, as may be amended from time to time. Disclosing Party does not intend for the Company to maintain any PHI in a Designated Record Set. 8.2. Governing Law.This Agreement is governed by, and will be construed in accordance with,the laws of the State of California. 8.3 Successors and Assigns. This Agreement and each party's obligations hereunder will be binding on the representatives, assigns, and successors of such party and will inure to the benefit of the assigns and successors of such party. No party may assign this Agreement without the prior written consent of Company, which will not be unreasonably withheld. 8.4 Severability. If any part of a provision of this Agreement is found illegal or unenforceable, it will be enforced to the maximum extent permissible, and the legality and enforceability of the remainder of that provision and all other provisions of this Agreement will not be affected. 8.5 Notices. All notices relating to the parties' legal rights and remedies under this Agreement will be provided in writing to a party, will be sent to its address set forth in the Policy, or to such other address as may be designated by that party by notice to the sending party, and will reference this Agreement. 8.6 Amendment and Waiver. This Agreement may be modified, or any rights under it waived, only by a written document executed by the authorized representatives of the parties. Nothing in this Agreement will confer any right, remedy, or obligation upon anyone other than the Disclosing Parties and the Company. 8.7 Entire Agreement. This Agreement is the complete and exclusive agreement between the parties with respect to the subject matter hereof, superseding and replacing all prior agreements, communications, and understandings (written and oral) regarding its subject matter. 8.8 Headings and Captions. The headings and captions of the various subdivisions of this Agreement are for convenience of reference only and will in no way modify, or affect the meaning or construction of any of the terms or provisions hereof. 8.9 Counterparts. This Agreement may be signed in counterparts, which together will constitute one agreement. 5 1 P a g e IN WITNESS WHEREOF, the parties have caused this Agreement to be signed by their duly authorized representatives or officers, effective as of the Agreement Effective Date. ReliaStar Life Insurance Company and its County of Fresno affiliate ReliaStar Life Insurance Company of New York Address: Address: 20 Washington Avenue South 2220 Tulare Street, 14t" Floor Minneapolis, Minnesota 55401 Fresno, CA 93721 Signed: Signed: NAME Nathan Magsig Title Chairman of the Board of Supervisors of the County of Fresno Date: Date: 6 1 P a g e EXHIBIT F DATA SECURITY ADDENDUM This Data Security Addendum("Addendum")is an addendum to the Agreement between Voya and Client (together "Parties") and sets forth the obligations of the Parties regarding the Data Security pursuant to such Agreement. 1. Definitions. "Agreement" means one or more contracts between Voya, or its affiliates, and Client, including any exhibits or attachments thereto,that are applicable to the Services. "Affected Persons" means Client's and its Affiliate's former and current employees whose Personal Information ("PI") may have been disclosed or compromised as a result of an Information Security Incident. "Affiliates"means any entities that, now or in the future, control, are controlled by, or are under common control with Client.An entity will be deemed to control another entity if it has the power to direct or cause the direction of the management or policies of such entity, whether through ownership, voting securities, contract,or otherwise. "Confidential Information" means (a) non-public information concerning the Disclosing Party, its affiliates,and their respective businesses,products,processes,and services, including technical,marketing, agent, customer, financial,personnel, and planning information; (b) PI; (c)trade secrets; and(d) any other information that is marked confidential or which,under the circumstances surrounding disclosure,the Non- Disclosing Party should know is treated as confidential by the Disclosing Party. Except with respect to PI, which will be treated as Confidential Information under all circumstances, Confidential Information will not include(A)information lawfully obtained or developed by the Non-Disclosing Party independently of the Disclosing Party's Confidential Information and without breach of any obligation of confidentiality; or (B) information that enters the public domain without breach of any obligation of confidentiality. All Confidential Information will remain the property of the Disclosing Party. "Information Security Incident" means any breach of security or cyber security incident impacting Voya that has a reasonable likelihood of(a) resulting in the loss or unauthorized access, use or disclosure of Client PI; or (b) materially affecting Voya's ability to provide the Services to Client as defined in the underlying Agreement. "Law" means all U.S. and non-U.S. laws, ordinances, rules, regulations, declarations, decrees, directives, legislative enactments and governmental authority orders and subpoenas. "Personal Information (Pl)" means any information or data processed by Voya in performing the Services that is considered"Personally Identifiable Information,""Personal Information,""Personal Data," or like terms under applicable Law, including, but not limited to, information regarding or reasonably capable of being associated with an identified or identifiable individual, device, or household, or information(including sensitive information)that can directly or indirectly identify a natural person or data subject. For the avoidance of doubt,Personal Information shall not include anonymous, aggregated, or de- identified data to the extent such data is exempt or excluded from regulation under applicable Law. "Services"means the services that Voya provides to Client pursuant to an Agreement. "Voya Personnel"means Voya's employees and subcontractors engaged in the performance of Services. PLAN I INVEST I PROTECT VOVA ff FINANCIAL 2. Data Security. 2.1. Security Standards and Controls. (a) Voya will establish and maintain: (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of confidential Information;and (ii) Appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of all applicable Laws relating to PI security. (b) In addition,Voya will implement and maintain the following information security controls: (i) Privileged access rights will be restricted and controlled; (ii) An inventory of assets relevant to the lifecycle of information will be maintained; (iii) Network security controls will include, at a minimum, firewall, intrusion detection,and intrusion prevention Services; (iv) Detection, prevention and recovery controls to protect against malware will be implemented; (v) Information about technical vulnerabilities of Voya's information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; (vi) Detailed event logs recording user activities, exceptions, faults, access attempts, operating system logs, and information security events will be produced, retained and regularly reviewed as needed;and (vii) Development, testing and operational environments will be separated to reduce the risks of unauthorized access or changes to the operational environment. 2.2. Information Security Policies. Voya will implement and maintain written policies, standards or procedures that address the following areas: (a) Information security; (b) Data governance and classification; (c) Access controls and identity management; (d) Asset management; (e) Business continuity and disaster recovery planning andresources; (f) Capacity and performance planning; (g) Systems operations and availability concerns; (h) Systems and network security; (i) Systems and application development,quality assurance and change management; 0) Physical security and environmental controls; (k) Customer data privacy; (1) Patch management; (m) Maintenance,monitoring and analysis of security audit logs; (n) Vendor and third-party service provider management;and (o) Incident response,including clearly defined roles and decision-making authority and a logging and monitoring framework to allow the isolation of an incident;and (p) Data Loss Prevention 2.3. Subcontractors. Voya will implement and maintain policies and procedures to ensure the security of Confidential Information and related systems that are accessible to, or held by, third party service providers. Voya will not allow any third parties to access Voya's systems or store or process sensitive data, unless such third parties have entered into written contracts with Voya that require,at a minimum,the following: (a) The use of encryption to protect sensitive PI in transit, and the use of encryption or other mitigating controls to protect sensitive PI at rest; (b) Prompt notice to be provided in the event of an Information Security Incident; PLAN I INVEST I PROTECT VOVA ff FINANCIAL (c) The ability of Voya or its agents to perform information security assessments;and (d) Representations and warranties concerning adequate information security. 2.4. Encryption Standards,Multifactor Authentication and Protection of Confidential Information. (a) Voya will implement and maintain cryptographic controls for the protection of Confidential Information,including the following: (i) Use of an encryption standard equal to or better than the industry standards included in applicable National Institute for Standards and Technology Special Publications (or such higher encryption standard required by applicable Law) to protect Confidential Information at rest and in transit over un-trusted networks; (ii) Use of cryptographic techniques to provide evidence of the occurrence or nonoccurrence of an event or action; (iii) Use of cryptographic techniques to authenticate users and other system entities requesting access to or transacting with system users,entities and resources;and (iv) Development and implementation of policies on the use,protection and lifetime of cryptographic keys through their entire lifecycle. (b) In addition to the controls described in clause(a)above,Voyawill: (i) Implement multi-factor authentication for all remote access to Voya'snetworks; (ii) Ensure that no Client PI is (A) placed on unencrypted removable media, mobile devices, computing equipment or laptops or (B) stored outside the United States; and (iii) Ensure that media containing Confidential Information is protected against unauthorized access,misuse or corruption during transport. 2.5. Information Security Roles and Responsibilities. Voya will employ personnel adequate to manage Voya's information security risks and perform the core cyber security functions of identify, protect,detect,respond and recover.Voya will designate a qualified employee to serve as its Chief Information Security Officer ("CISO") responsible for overseeing and implementing its information security program and enforcing its information security policies. Voya will define roles and responsibilities with respect to information security, including by identifying responsibilities for the protection of individual assets,for carrying out specific information security processes, and for information security risk management activities, including acceptance of residual risks. These responsibilities should be supplemented, where appropriate, with more detailed guidance for specific sites and information processing facilities. 2.6. Segregation of Duties. Voya must segregate duties and areas of responsibility in order to reduce opportunities for unauthorized modification or misuse of Voya's assets and ensure that no single person can access, modify or use assets without authorization or detection. Controls should be designed to separate the initiation of an event from its authorization. If segregation is not reasonably possible, other controls such as monitoring of activities, audit trails and management supervision should be utilized. Development, testing, and operational environments should be separated to reduce the risks of unauthorized access or changes to the operational environment. 2.7. Information Security Awareness, Education and Training. Voya will provide regular information security education and training to all Voya Personnel,as relevant for their job function.In addition, Voya will provide mandatory training to information security personnel and require key information security personnel to stay abreast of changing cyber security threats and countermeasures. 2.8. Vulnerability Assessments. Voya will conduct monthly vulnerability assessments that meet the following criteria: (a) All production servers and network devices must be scanned at least monthly; (b) All vulnerabilities must be rated; PLAN I INVEST I PROTECT VOVA ff FINANCIAL (c) All vulnerability remediation must be prioritized based on risk; (d) All tools used for scanning must have signatures updated at least monthly with the latest vulnerability data;and, (e) Voya will implement and maintain a formal process for tracking and resolving issues in a timely fashion. 2.9. Penetration Tel t . If any Services to be provided by Voya include the hosting or support of one or more externally facing applications that can be used to access systems that store or process Client data,the terms of this Section will apply. (a) At least once every 12 months during the Term and prior to any major changes being moved into production, Voya will conduct a Valid Penetration Test (as defined below)on each internet facing application described above.As used herein,a"Valid Penetration Test" means a series of tests performed by a team of certified professionals, which tests mimic real-world attack scenarios on the information system under test and include,without limitation,thefollowing: (i) Information-gathering steps and scanning forvulnerabilities; (ii) Manual testing of the system for logical flaws, configuration flaws, or programming flaws that impact the system's ability to ensure the confidentiality, integrity,or availability of Client's information assets; (iii) System-compromise steps; (iv) Escalation-of-privilege steps;and (v) Assignment of a rating for each issue based on the level of potential risk exposure to Client's brand or information assets. (b) Upon Client's request, Voya will provide to Client an executive summary of any material issues or vulnerabilities identified by the most recent Valid Penetration Test along with the scope of systems tested. The report may be redacted to ensure confidentiality. 2.10. Physical and Environmental Security. Voya will ensure that all sites are physically secure, including the following: (a) Sound perimeters with no gaps where a break-in could easily occur; (b) Exterior roof,walls and flooring of solid construction and all external doors suitable protected against unauthorized access with control mechanisms such as locks, bars, alarms,etc.; (c) All doors and windows to operational areas locked whenunattended; (d) Equipment protected from power failures and other disruptions caused by failures in supporting utilities; (e) Closed-circuit television cameras at site entry/exit points; badge readings at all site entry points,or other means to prevent unauthorized access;and (f) Visitor sign-in/mandatory escort at site;and (g) With respect to remote work environments, if the foregoing controls are not present, then Voya will use commercially reasonable efforts to mitigate any increased risk associated with such remote work environments,by,for example,limiting the types of access and functional roles eligible for a remote work environment, restricting access to a virtual private network (VPN) or virtual desktop infrastructure (VDI), providing formal guidance and standards for workspace security, and enhancing data protection controls such as data masking, logging and monitoring. PLAN I INVEST I PROTECT VOVA ff FINANCIAL 2.11. Information Security Incident Notification. (a) In the event of any Information Security Incident,Voya will,at its sole expense promptly (and in any event within 72 hours after Voya confirms an Information Security Incident) report such Information Security Incident to Client by sending an email to Client Contact Information, summarizing in reasonable detail the effect on Client,if known,and designating a single point of contact at Voya who will be: (i) Available to Client for information and assistance related to the Information Security Incident; investigate such Information Security Incident, perform a root cause analysis, develop a corrective action plan and take all necessary corrective actions; (ii) Mitigate, as expeditiously as possible, any harmful effect of such Information Security Incident and cooperate with Client in any reasonable and lawful efforts to prevent, mitigate, rectify and remediate the effects of the Information Security Incident; (iii) Provide a written report to Client containing all information necessary for Client to determine compliance with all applicable Laws, including the extent to which notification to Affected Persons or to government or regulatory authorities is required;and (iv) Cooperate with Client in providing any filings, communications, notices, press releases or reports related to such Information Security Incident. (b) In addition to the other indemnification obligations of Voya set forth in this Agreement,Voya will indemnify, defend and hold harmless Client from and against any and all claims, suits, causes of action, liability, loss, costs and damages, including reasonable attorneys' fees, arising out of or relating to any Information Security Incident,which may include,without limitation: (i) Expenses incurred to provide notice to Affected Persons and to law-enforcement agencies,regulatory bodies or other third parties as required to comply with Law; (ii) Expenses related to any reasonably anticipated and commercially recognized consumer data breach mitigation efforts, including, but not limited to, costs associated with the offering of credit monitoring or a similar identify theft protection or mitigation product for a period of at least twelve (12) months or such longer time as is required by applicable Laws or any other similar protective measures designed to mitigate any damages to the Affected Persons; and (iii) Fines or penalties that Client pays to any governmental or regulatory authority under legal or regulatory order as a result of the Information Security Incident. 2.12. Risk Assessments. Upon Client's request no more than once per year, Voya will complete an industry standard information security questionnaire and provide relevant Service Organization Control("SOC")audit reports,when available. 2.13. Data Loss Prevention. Voya will use commercially available data loss prevention technology designed to detect and prevent unauthorized transmission of electronic data obtained or created in connection with the Services through various methods, including but not limited to email, network traffic, USB devices, CDs/DVDs, and print. Voya will implement features of such technology that are designed to both detect and prevent unauthorized transmission using rules within the technology that are reasonably related to the specific type of data handled by Voya. Voya will: (a) Investigate any evidence of a potential or actual unauthorized transmission detected by such technology; (b) Identify,prevent,and mitigate the effects of any such potential or unauthorized transmission; (c) Carry out any action necessary to remedy the cause of the potential or unauthorized PLAN I INVEST I PROTECT VOVA FINANCIAL transmission and prevent a recurrence;and (d) Notify Client of the progress and results of the foregoing. Voya's obligations under this section shall be in addition to any other obligations Voya may have under the Agreement with respect to an Information Security Incident. 3. Confidential Information. 3.1. Confidential Information.Either Party("Disclosing Party")may disclose Confidential Information to the other Party("Non-Disclosing Party")in connection with this Agreement. 3.2. Use and Disclosure of Confidential Information. The Non-Disclosing Party agrees that it will disclose the Disclosing Party's Confidential Information only to its employees, agents, consultants, and contractors who have a need to know and are bound by obligations of confidentiality no less restrictive than those contained in this Agreement. In addition,Voya agrees that it will use the Disclosing Party's Confidential Information only for the purposes of performing its obligations under this Agreement. The Non-Disclosing Party will use all reasonable care in handling and securing the Disclosing Party's Confidential Information and will employ all security measures used for its own proprietary information of similar nature. These confidentiality obligations will not restrict any disclosure of Confidential Information required by Law or by order of a court, regulatory authority or governmental agency; provided, that the Non-Disclosing Party will limit any such disclosure to the information actually required to be disclosed. Notwithstanding anything to the contrary, Client may fully comply with requests for information from regulators of Client and the ClientAffiliates. 3.3. Treatment of Confidential Information Following Termination. Promptly following the termination or expiration of this Agreement, or earlier if requested by the Disclosing Party, the Non-Disclosing Party will return to the Disclosing Party any and all physical and electronic materials in the Non-Disclosing Party's possession or control containing the Disclosing Party's Confidential Information. The materials must be delivered via a secure method and upon such media as may be reasonably required by the Disclosing Party. Alternatively, with the Disclosing Party's prior written consent, the Non-Disclosing Party may permanently destroy or delete the Disclosing Party's Confidential Information and, if requested, will promptly certify the destruction or deletion in writing to the Disclosing Party. Notwithstanding the foregoing, if the Non-Disclosing Party, due to requirements of applicable Law, must retain any of the Disclosing Party's Confidential Information, or is unable to permanently destroy or delete the Disclosing Party's Confidential Information as permitted above within 60 days after termination of this Agreement, the Non-Disclosing Party will so notify the Disclosing Party in writing, and the Parties will confirm any extended period needed for permanent destruction or deletion of the Disclosing Party's Confidential Information. All Confidential Information in the Non-Disclosing Party's possession or control will continue to be subject to the confidentiality provisions of this Agreement. The methods used to destroy and delete the Confidential Information must ensure that no Confidential Information remains readable and cannot be reconstructed so to be readable. Destruction and deletion must also comply with the following specific requirements: MEDIUM DESTRUCTION METHOD Hard copy Shredding, pulverizing, burning, or other permanent destruction method Electronic tangible media, such as disks Destruction or erasure of the media and tapes PLAN I INVEST I PROTECT VOVA ff FINANCIAL Hard drive or similar storage device Storage frame metadata removal to hide the organizational structure that combines disks into usable volumes and physical destruction of the media with a Certificate of Destruction COD 3.4. Period of Confidentiality. The restrictions on use, disclosure, and reproduction of Confidential Information set forth in this Section will, with respect to PI and Confidential Information that constitutes a"trade secret" (as that term is defined under applicable Law),be perpetual, and will, with respect to other Confidential Information, remain in full force and effect during the term of this Agreement and for three years following the termination or expiration of this Agreement. 3.5. Injunctive Relief. The Parties agree that the breach, or threatened breach, of any of the confidentiality provisions of this Agreement may cause irreparable harm without adequate remedy at law. Upon any such breach or threatened breach, the Disclosing Party will be entitled to injunctive relief to prevent the Non-Disclosing Party from commencing or continuing any action constituting such breach, without having to post a bond or other security and without having to prove the inadequacy of other available remedies. Nothing in this Section will limit any other remedy available to either Party. 4. Cyber Liability Insurance. During the Term, Voya will, at its own cost and expense, obtain and maintain in full force and effect, with financially sound and reputable insurers, cyber liability insurance to cover Voya's obligations under this Addendum. Upon execution of the Agreement, Voya will provide Client with a certificate of insurance evidencing the following coverage and amount with such insurer: Risk Covered: Network Security(a.k.a.Cyber/IT) Limits: $50,000,000 5. Disaster Recovery and Business Continuity Plan. Voya maintains, and will continue to maintain throughout the Term, (a) a written disaster recovery plan ("Disaster Recovery Plan"), which Disaster Recovery Plan is designed to maintain Client's access to Services and prevent the unintended loss or destruction of Client data; and (b) a written business continuity plan ("BCP") that permits Voya to recover from a disaster and continue providing Services to customers, including Client, within the recovery time objectives set forth in the BCP. Upon Client's reasonable request,Voya will provide Client with evidence of disaster recovery test date and result outcome. PLAN I INVEST I PROTECT VOVA FINANCIAL