FIREWORKS SOFTWARE AS A SERVICE TERMS
These Software as a Service Terms (the “Terms”) govern all transactions between Customer and bioMérieux Asia Pacific Pte Ltd and its Affiliates (collectively, “bioMérieux”) involving the Software (as defined below). (“Affiliate” is defined in the Data Processing Addendum appended to these Terms.) Customer and bioMérieux are hereinafter referred to individually as a “Party” and collectively as the “Parties”. Customer agrees to these Terms and the terms set forth in the applicable Schedules in full. These Terms along with all applicable Schedules (collectively, this “Agreement”) comprise the entire agreement between the parties regarding the Service and supersede all prior or contemporaneous understandings, agreements, negotiations, representations and warranties and communications, both written and oral, and shall not be supplemented or explained by any evidence of trade usage or course of dealing. All Customer terms and conditions on any Customer documentation or contract are hereby objected to and rejected and shall be of no force and effect or deemed to be binding on bioMérieux in whole or in part.
In consideration of the mutual promises contained herein and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree that this Agreement will become effective from the date when Customer agrees or consents to this Agreement (the“Effective Date”), applying to all transactions between Customer and bioMérieux involving the Software, regardless of whether the Customer obtained access to the Service through an Order directly to bioMérieux or indirectly through an authorized bioMérieux Distributor.
Definition of Terms.
“Access Credentials" means any user name, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify a User’s identity and authorization to access and use the Service.
“Anonymous Data” means data or data sets, including data definitions, structures, or analyses about such data or data sets, that do not identify, and are not personally attributable to, any Patient or Customer Personnel, even when combined with other information. Anonymous Data include Customer Device Data, and any other data or data set that does not identify, or is not attributable to, any Patient or Customer Personnel.
“BIOFIRE Syndromic Trends” is or can be a Component of the Service that comprises a secure, cloud-based network that compiles real-time pathogen data from Devices to allow Customers access to customized reports and the ability to spot epidemiological patterns on local, regional, and global bases.
"bioMérieux Personnel" means any employee, agent, or independent contractor of bioMérieux, of a bioMérieux subcontractor, or of an authorized bioMérieux Distributor.
“bioMérieux Proprietary Items” means, collectively, the Software, inclusive of the Service and Systems Software, and Documentation, the visual expressions, screen formats, report formats, and other design features of the Software, inclusive of the Service and Systems Software, all ideas, methods, algorithms, models, formulae, and concepts used in developing and/or incorporated into the Software, inclusive of the Service and Systems Software, or Documentation, all future modifications, revisions, updates, refinements, improvements, and enhancements of the Software, inclusive of the Service and Systems Software, or Documentation, all derivative works (as such term is used in U.S. copyright laws, Singapore law and Malaysian laws) based upon any of the foregoing, including deliverables, work product, and all copies of the foregoing.
“Cloud-Based” means the storage, management, and processing of data on a network of remote servers hosted on the Internet.
“Cloud Service” means an entity that provides Cloud-Based services and shall include, but may not necessarily be limited to, Amazon Web Services (AWS).
“Component” means a part or extension of the Service that is dedicated to a specific function.
“Configure” or ”Configuration” means making Systems Software ready for use on the Device and may be accomplished either remotely or on-site.
“Confidential Information” means all confidential or proprietary information disclosed by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) in connection with this Agreement, unless it is (a) already known by the Receiving Party without obligation of confidentiality; (b) independently developed by the Receiving Party without access to or use of the Disclosing Party’s Confidential Information; (c) publicly known without breach of this Agreement; or (d) lawfully received from a third party without obligation of confidentiality. Without limiting the generality of the foregoing,Confidential Information shall include: (a) Customer Data and non-public information, documentation, and materials, which may be disclosed or made available from any source or in any form relating to the Customer’s business, financial information, patients, employees, programs, documentation, techniques, trade secrets, and systems, (b) bioMérieux Proprietary Items and (c) all work flows and data structures created or provided by bioMérieux pursuant to this Agreement. Confidential Information shall include the terms and pricing in this Agreement, but not the fact that this Agreement has been signed, the identity of the Parties, or the identity of the Service or a Component of the Service.
“Customer” means the end user of the Service and which obtains access to Service through an Order either directly from bioMérieux or indirectly through a Distributor.
“Customer Patient Data” means Patient Data stored or maintained in a Device.
“Customer Consumable” means substance or object used or needed to carry out or facilitate tests on the Customer Device and includes, but is not necessarily limited to, pouches, reagents, etc.
“Customer Data” means Customer Patient Data, Customer Device Data, and/or any other data relating to the Customer or Customer Personnel.
“Customer Device Data” means data that is related to the performance or operation of a Customer Device and does not include any Customer Patient Data.
"Customer System" means Customer's information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.
"Customer Personnel" means any employee, agent, or independent contractor of Customer or any Customer subcontractor.
“Device” means any Customer-owned or Customer-leased medical device as developed or manufactured by BioFire Diagnostics, LLC, a bioMérieux subsidiary, and which is connected to the Service. Devices shall include, but are not necessarily limited to, the BIOFIRE® FILMARRAY® and SPOTFIRE® product lines.
“Documentation” means bioMérieux’s standard user guides, manuals and/or electronic user guides relating to the Service, including on-line help, as updated and amended from time to time.
“Distributor” means an entity that is in the business of marketing, reselling or making available Devices and/or the Service to Customers within a geographic region that is agreed upon with bioMérieux and pursuant to a distribution agreement or similar contractual arrangement.
"Good Faith Dispute" means a good faith dispute by Customer of certain and specific amounts invoiced under this Agreement.
"Order” means any order form or similar sales documentation that is mutually agreeable either between bioMérieux and Customer or between Distributor and Customer, as the case may be, and which is related to Customer obtaining access to the Service.
“Patient” means any patient of Customer.
“Patient Data” means information relating to a Patient.
“Process” means any operation or set of operations which is performed on data or on data sets, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction and in relation to processing of personal data, has the meaning as set out in the Personal Data Protection Act 2010 of Malaysia.
“Publish” means to make information available through paper, electronic, audio or visual means in a manner intended to make such information accessible, in whole or in part, to the general public regardless of whether such access is made freely available or restricted.
“Service” means an instance of the Software as made accessible to Customer as a cloud-hosted software-as-a-service offering, and commonly referred to as FIREWORKS.
“Site” means the primary location in which the Device is located, and the Customer Personnel uses the Service.
“Software” means bioMérieux’s software, technology, tools, logic, reports, workflows, algorithms, predictive models, database schemes, database, analytics, hardware, and technology infrastructure incorporating or supporting the Service, as ordered under the terms of this Agreement.
“Syndromic Trends Data” means data or data sets derived from Customer Patient Data through Processing from their initial or original forms or formats prior to transfer from the Device to the Cloud Service BIOFIRE Syndromic Trends Component of the Service.
“Systems Software” means Software provided by bioMérieux on a Device to facilitate the use and functionality of the Service.
“Term” means the duration of Customer’s right to receive, access, and use the Service as set forth in this Agreement.
"User" means any Customer Personnel who is authorized to access or use the Service.
Rights and Obligations.
Acceptance. Customer will identify and make its Devices and Customer Systems readily available and accessible to bioMérieux Personnel at the time of or prior to the Configuration of any Systems Software. The Service shall be deemed accepted by Customer upon the earlier of the following: (i) notification by Customer that the Service is accepted, (ii) the first instance of the transfer of any Customer Data from a Device to the Service, or (iii) five (5) days after the Configuration date. Customer is responsible for providing all reasonably requested assistance to bioMérieux Personnel in a timely manner to ensure bioMérieux can Configure any Systems Software as agreed upon.
Access. bioMérieux has developed and deployed specifications, standards and/or protocols necessary to allow Users to access the Service at the Site using Access Credentials. Customer and Users are jointly responsible for the security of the Access Credentials. Any access to the Service by Customer or Users through improper use or sharing of Access Credentials is prohibited. Subject to the terms and conditions contained in this Agreement, bioMérieux grants to Customer a non-exclusive, non-transferable, revocable right to: (a) permit Users to access the Systems Software and the Service solely for Customer's internal business purposes; and (b) permit Customer’s designated administrative users to access administrative features or functions of the Service solely for Customer's internal business purposes in order to manage access rights for Users.
bioMérieux Obligations. On the Configuration date, bioMérieux shall make available to Customer, on a non-exclusive, revocable, and non-transferable basis during the Term, the Service at the Site for up to the number of Users agreed upon along with any necessary Systems Software. In addition, bioMérieux (itself or through third party vendors (e.g. its Cloud Service partners)) will: (a) host, operate, maintain, and provide basic support for the Service as necessary to make the Service available; and (b) specify the procedures by which Customer may establish and obtain access to and use the features and functions of the Service or any Component of the Service.
Customer Obligations. Customer shall: (a) use the Service and Systems Software in accordance with this Agreement, the Documentation, and all applicable laws and regulations; (b) use commercially reasonable efforts to prevent unauthorized access to or use of the Service and Systems Software and notify bioMérieux promptly of any such unauthorized access or use; (c) be responsible for all User acts and omissions; (d) be responsible for maintaining, at all times during the term of this Agreement, one or more current and active administrators of Customer’s account for the Service; (e) be responsible for disabling User accounts immediately upon a User’s separation from Customer or for any other applicable reason; (f) make available in a timely manner at no charge to bioMérieux Personnel all Devices and/or Customer Systems required by bioMérieux for the performance of the Service, including making any necessary configurations to Devices at Customer’s sole cost; (g) be responsible for, and assume the risk of, any problems resulting from, the content, accuracy, completeness, and consistency of all Customer Data; (h) be responsible for the accuracy, quality, integrity, and legality of Customer Data and the means by which such data was acquired, including but not limited to, ensuring that such Customer Data was obtained in accordance with all applicable laws, rules, and regulations; and (i) reasonably cooperate with bioMérieux Personnel as necessary for bioMérieux to perform its obligations. Customer shall reimburse bioMérieux, per bioMérieux’s standard policies, for any additional efforts or costs including, without limitation, site visits, it incurs resulting from Customer’s failure to perform its obligations. bioMérieux’s rights and remedies under this clause are without prejudice to its exercise of other rights and remedies under this Agreement or pursuant to applicable law.
Restrictions. Customer shall not, and shall not permit any Customer Personnel, to: (a) sell, resell, lease, rent, license, sublicense, distribute, transfer, or otherwise make available the Service or Systems Software, including on a time-sharing, SaaS, service bureau, or other similar basis, to any third party other than Users or otherwise use the Service at any location other than the Site or the Systems Software in connection with any devices other than Devices; (b) use the Service or Systems Software to store or transmit malicious code, infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; (c) use or access the Service or Systems Software in any way that threatens the integrity, performance, or availability of the Service or Systems Software or any data therein; (d) load, or permit the loading, of Customer Data in violation of any applicable, law, rule, or contract; (e) remove, modify or obscure any product or service identifier, copyright, trademark or other proprietary rights notice or other notices, instructions, disclaimers or legends; (f) modify or create derivative works of the Service or Systems Software (or third party software embodied therein); (g) decompile, disassemble, or reverse engineer the Service or Systems Software, in whole or in part or attempt to reconstruct or discover any source code or underlying ideas, algorithms, file formats, data structures or other aspects of the Service or Components; (h) access, use, or copy any portion of the Service or Systems Software in order to build a competitive product or to benchmark with any third party product or service; or (i) engage in any other acts that may violate applicable law or this Agreement. bioMérieux may restrict or prohibit access to Customer if bioMérieux reasonably suspects Customer is breaching its obligations under this Section. No rights are assigned or granted to Customer other than as expressly set forth herein.
Use Acknowledgments. Customer understands and acknowledges that the Service is an analytics solution that is not designed, intended, validated or cleared to be used as a clinical decision support system or a medical device as contemplated under the Medical Device Act 2012 of Malaysia. Additionally, and where applicable, Customer understands and acknowledges that the optional Cp Viewer Component of the Service has not been considered or cleared by the United States Food and Drug Administration, Ministry of Health Malaysia or any other regulatory agency in Malaysia and cannot be used for patient care. No license is conveyed or implied for Customer to use, and Customer agrees not to use, the Cp Viewer Component in any manner requiring United States Food and Drug Administration, Ministry of Health Malaysia or other regulatory approval, clearance, or registration.
Third Party Code. The Service may contain or be provided with components subject to the terms and conditions of “open source” software licenses (“Open Source Software”) or other third-party software. bioMérieux shall provide a list of the Open Source Software to Customer upon Customer’s written request. To the extent required by the license that accompanies the Open Source Software, the terms of such license will apply in lieu of the terms of this Agreement with respect to such Open Source Software, including, without limitation, any provisions governing access to source code, modification, or reverse engineering.
Software Update. The Systems Software will be configured to automatically perform software updates to make software improvements, security improvements and provide feature enhancements to facilitate the use and functionality of the Service. By agreeing to these terms, Customer is providing bioMérieux with authorization to make such automatic updates, improvements, or modifications to the Systems Software. The Systems Software may also be configured to automatically receive other Device software updates, improvements, or modifications. However, such other software updates, improvements, or modifications will require user intervention to be configured.
Support. Support for the Service shall be governed by any applicable service agreement between Customer and bioMérieux or the appropriate bioMérieux subsidiary or authorized Distributor.
Training: Upon Customer's written request, training on the use of the Service will be provided to an agreed-upon number of Users at a time agreed by the Parties.
Data.
Customer Patient Data. All Customer Patient Data shall be considered proprietary to Customer and/or the Patient. bioMérieux will only Process and use Customer Patient Data as authorized under this Agreement.
Customer Patient Data License Grant. Customer hereby grants bioMérieux a worldwide, perpetual, fully paid-up, royalty free, non-exclusive right and license to Process Customer Patient Data for purposes of providing the Service to Customer. Customer shall secure the necessary consent from the Patient for the Customer, bioMérieux and bioMérieux’s Subprocessor(s) to Process Customer Patient Data for purposes of providing the Service.
Anonymous Data. bioMérieux shall be deemed to be the owner of any Anonymous Data. bioMérieux shall therefore be entitled to use Anonymous Data: (a) to facilitate the provision of the Service to Customer, (b) for research, development, and continuous improvement of bioMérieux’s products, software, and services, (c) to monitor the operation or performance of Devices in order to enhance Customer support including, without limitation, use of Customer names and contact information, connected Device information, Device status and Configuration information, Device performance metrics, Customer Consumable inventory levels, runs and run performance per Device, panel, institution or laboratory, and (d) for any other commercial purpose not prohibited by applicable law or this Agreement.
Data Safeguards. Where applicable, bioMérieux shall maintain reasonable and appropriate data safeguards and procedures designed to prevent the unauthorized use or disclosure of Customer Patient Data as required under applicable laws. During the Term, bioMérieux will maintain physical, administrative, and technical security measures to ensure the availability, integrity, and confidentiality of Customer Patient Data in accordance with its standard data security policies.
Data Processing. The Data Processing Addendum attached to this Agreement as Schedule A and incorporated herein by reference will govern bioMérieux’s obligations with regard to the Processing of Personal Data.
Data Publication. Customer shall retain the right to publish summaries, conclusions, or other results derived from the information or Customer Data derived or obtained from the Service; provided, however, that prior to any such publication, Customer shall provide bioMérieux with a copy of any data, findings, article, abstract, manuscript, poster, presentation or other information intended for publication, at least thirty (30) days prior to submission for publication so that bioMérieux may review the proposed publication for the purpose of determining correct usage of bioMérieux trademarks, verifying that bioMérieux’s Confidential Information is not disclosed, and verifying that the publication is not in violation of any applicable law or rule pertaining to bioMérieux.
Payments.
This Section (Payments) is only applicable to Customers who have obtained access to the Service through an Order directly to bioMérieux.
Versions of the Service. The fees and expenses that bioMérieux will charge Customer for the Service depends on the version of the Service, which versions may change from time to time and may feature varying capabilities.
Fees. Customer shall pay bioMérieux, without offset or deduction, the fees and expenses as determined under the applicable Order and this Agreement. As applicable, bioMérieux reserves the right to (1) commence charging fees or (2) increase the fees each year, but must provide notification of such an intent to either commence charging fees or increase fees at least thirty (30) days in advance. Unless otherwise provided in an applicable Order, all fees shall be due and payable within thirty (30) days after an invoice is issued by bioMérieux. Whenever any support services are provided by bioMérieux at a Customer location or any other location requested by Customer other than one of bioMérieux's locations, Customer shall reimburse bioMérieux for reasonable travel, lodging, meal, and related expenses incurred by bioMérieux representatives in providing such services.
Recalculation of Fees. The fees set forth in each Order are based on the size of Customer as of the Effective Date. Customer must notify bioMérieux within thirty (30) days of any event that would change the size of the Customer (e.g., acquisition by or of a third party). Upon notice, bioMérieux will recalculate the fee owed by Customer based on its list prices at the time of the notice and will invoice Customer for the balance owed. Customer will pay the invoiced amount within thirty (30) days of its receipt of the new invoice. Any delay by bioMérieux to invoice Customer for the amount owed shall not waive its right to recover such amount.
Taxes. The fees and other amounts payable by Customer to bioMérieux do not include any taxes of any jurisdiction that may be assessed or imposed upon the Service, Documentation, or otherwise, including sales, use, excise, value added, personal property, export, import, and withholding taxes, excluding only taxes based upon bioMérieux's net income. Customer shall directly pay any such taxes assessed. Customer shall promptly reimburse bioMérieux for any taxes payable or collectable by bioMérieux (other than taxes based upon bioMérieux’s net income). If Customer has provided bioMérieux with proof of its tax-exempt status, then, in the event that Customer’s tax-exempt status should become altered, Customer shall be obligated to notify bioMérieux immediately of any such modification and Customer shall become liable for all taxes as set forth above. In the event Customer fails to notify bioMérieux of any such change, Customer shall be liable for payment of any tax related penalties or interest assessed against bioMérieux or Customer because of such Customer failure.
Payment Terms. All amounts payable by Customer for the Service shall be invoiced by bioMérieux with the initial invoice for Service being sent following the earlier of (1) thirty (30) days following Customer’s execution of the Order or (2) Configuration of the Systems Software. Service will be billed for the period agreed upon in the Order or as otherwise mutually agreed. All fees shall be invoiced in advance upon execution of the Order and are payable in advance. All expenses shall be payable as incurred. All invoices shall be sent to Customer's address designated in the Order and are due and payable within thirty (30) days after being issued by bioMérieux. If any Customer payment is more than thirty (30) days past due, interest at the rate of twelve percent (12%) per annum (or, if lower, the maximum rate permitted by applicable law) shall accrue, unless the non-payment is subject to a Good Faith Dispute. A Good Faith Dispute will be deemed to exist only if (a) Customer has given written notice of the dispute to bioMérieux promptly after receiving the invoice and (b) the notice explains Customer's position in reasonable detail. A Good Faith Dispute will not exist as to an invoice in its entirety merely because certain amounts on the invoice have been disputed. All fees and other amounts paid by Customer under this Agreement are non-refundable.
Non-Payment. In the event that Customer’s account is more than thirty (30) days overdue, bioMérieux shall have the right, in addition to its remedies under this Agreement or pursuant to applicable law and at its discretion, to disable Customer’s access to the Service or to grant Customer access to only certain limited features of the Service, until Customer has paid the full balance owed, plus any interest due.
Warranties and Limitations.
Performance Warranties. The Service shall perform as described in the Documentation as of the Configuration date. Customer will timely notify bioMérieux of any known non-conformance to the specifications outlined in the Documentation. bioMérieux's only obligation under this warranty, and Customer’s sole and exclusive remedy, is for bioMérieux to correct any failure to so perform, or if such correction is not possible in a commercially reasonable timeframe, to as far as possible, procure a refund of the fees paid for the specific non-conforming service during the periods of non-conformance.
Customer Warranty. Customer represents and warrants that Customer has all necessary consents and rights to use the Customer Data as part of the product and Customer is not violating any existing agreements or laws and regulations by providing bioMérieux or bioMérieux Personnel with access to Customer Data.
Exclusion for Unauthorized Actions and Results of Use. Neither bioMérieux nor its supplier, partners, and vendors shall have any liability underany provision of this Agreement with respect to any performance problem, delay, or other matter to the extent attributable to any unauthorized or improper use or modification of the bioMérieux Proprietary Items, any unauthorized combination with other services, deliverables, products, software, hardware, or technology, or any act or omission by Customer, its affiliates, other users, representatives, or contractors. Customer is solely responsible for the results obtained from the use of the bioMérieux Proprietary Items. THE SERVICE DOES NOT OFFER MEDICAL ADVICE OR ADVICE REGARDING THE OPTIMAL SET OF PROCEDURES, ALERTS, OR STEPS NEEDED TO ACHIEVE THE BEST OUTCOMES FOR A PATIENT. ANY CUSTOMER DATA AND DECISIONS MADE OR ACTIONS TAKEN BASED ON INFORMATION ACCESSED THROUGH THE SERVICE ARE THE SOLE RESPONSIBILITY OF CUSTOMER.
Disclaimer. EXCEPT AS EXPRESSLY STATED ABOVE IN THIS SECTION (WARRANTIES AND LIMITATIONS), THE SERVICE, THIRD PARTY COMPONENTS, AND DOCUMENTATION ARE PROVIDED "AS IS" AND NEITHER BIOMÉRIEUX NOR ITS VENDORS, SUPPLIERS, OR PARTNERS MAKES ANY REPRESENTATIONS OR WARRANTIES, ORAL OR WRITTEN, EXPRESS OR IMPLIED, ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INTERFERENCE, OR NON-INFRINGEMENT. BIOMÉRIEUX MAKES NO REPRESENTATIONS OR WARRANTIES, NOR SHALL BIOMÉRIEUX HAVE ANY LIABILITY WITH RESPECT TO, ANY THIRD PARTY DATA, THIRD PARTY COMPONENTS, THIRD PARTY PRODUCTS, OR THIRD PARTY SERVICES.
Damage Limitation. IN NO EVENT WILL EITHER PARTY (OR THEIR SUPPLIERS, PARTNERS, OR VENDORS) BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION ANY LOSS OF REVENUE, SAVINGS, OR DATA) ARISING IN CONNECTION WITH THIS AGREEMENT OR THE USE OF ANY BIOMÉRIEUX PROPRIETARY ITEMS, THIRD PARTY COMPONENTS, OR COMPONENTS BASED ON ANY THEORY OF CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE, OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, UNLESS THERE IS INTENTIONAL OR GROSS NEGLIGENCE OF A PARTY. Except for a third party infringement claim under the Section (Indemnification), bioMérieux's total liability to the Customer under this Agreement and all Orders shall under no circumstances exceed the fees actually received by thebioMérieux in relation to the Customer’s account for the access to the Service: (a) in respect of the applicable Order in the twelve months prior to the claim being made, or (b) in the twelve months prior to the claim being made if such claim does not relate to a specific Order.
Other Limitations. The warranties made by bioMérieux in this Agreement, and the obligations of bioMérieux under this Agreement, run only to Customer and not to any third party. Under no circumstances shall any Customer’s affiliate, Patient, student, contractor, or user, or any other third party be considered a third-party beneficiary of this Agreement. No action or claim of any type relating to this Agreement may be brought or made by Customer more than one (1) year after Customer first has knowledge of the basis for the action or claim. Customer and bioMérieux have freely and openly negotiated this Agreement, including the pricing, with the knowledge that the liability is to be limited in accordance with the provisions of this Agreement.
Limitations Relating to Third Party Components. The bioMérieux Proprietary Items may contain or use code and/or components of a third party that require Customer to enter into a separate agreement with such third party. Customer hereby consents to the use of such third-party components and agrees to comply with the terms and conditions set forth in any applicable third-party license. Except as otherwise set forth in the third-party license, the third-party components are provided “as is,” and without representation or warranty of any kind. Customer hereby agrees to use such third-party components in accordance with the terms and conditions of the applicable third-party component license, and agrees to indemnify, defend and hold harmless bioMérieux from all claims, losses, damages, expenses, or actions arising from its breach of any of the terms and conditions of such third-party component license.
Confidentiality.
All Confidential Information of a Disclosing Party in the possession of the Receiving Party, whether or not authorized, shall be held in strict confidence, and the Receiving Party shall take all steps reasonably necessary to preserve the confidentiality and prevent the unauthorized use or disclosure of the Confidential Information. The Receiving Party will not use or disclose any Confidential Information except as expressly authorized by this Agreement and will protect the Disclosing Party’s Confidential Information using the same degree of care that it uses with respect to its own Confidential Information, but in no event with safeguards less than a reasonable level of care under similar circumstances. Notwithstanding the foregoing, the Receiving Party will not be in violation of this Section (Confidentiality) with regard to a disclosure that is in response to a valid order or requirement by a court or other governmental body or otherwise required by law, provided the Receiving Party gives the Disclosing Party prior written notice of such disclosure in order to permit the Disclosing Party to seek an appropriate protective order. Information that is disclosed pursuant to a valid court or governmental order shall not lose its status as Confidential Information.
Ownership of bioMérieux Proprietary Items.
Ownership and License Grants. All bioMérieux Proprietary Items provided to or accessed by Customer under this Agreement are being made available on a strictly confidential and limited use basis in accordance with this Agreement and have great commercial value to bioMérieux (or its partners or suppliers). This Agreement provides access and not a license to the Service. This Agreement grants Customer a non-exclusive, revocable, and non-transferable license to the Systems Software, Documentation, and any other bioMérieux Proprietary Items transferred from bioMérieux to Customer under this Agreement. This Agreement is not an agreement of sale, and no title, patent, copyright, trademark, trade secret, intellectual property or other ownership rights to any bioMérieux Proprietary Items or Components are transferred from bioMérieux to Customer under this Agreement. All bioMérieux Proprietary Items and related intellectual property shall remain the sole and exclusive property of bioMérieux. bioMérieux, on behalf of itself and its vendors, partners, and suppliers, reserves all rights not expressly granted by this Agreement.
Feedback. Customer may provide bioMérieux with feedback, comments, and recommendations regarding the functionality and performance of the Software, inclusive of the Service and Systems Software, including, without limitation, identifying potential errors and improvements. bioMérieux (and its partners and suppliers) shall have the unrestricted right to use such feedback in their sole discretion, including to improve or enhance the Service, Systems Software, and other bioMérieux (or its partners’ and suppliers’) products, and, accordingly, bioMérieux (and its partners and suppliers) shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit such feedback without restriction.
Indemnification.
bioMérieux shall defend, indemnify, and hold Customer harmless against all third party intellectual property infringement suits brought against Customer, insofar as such suit directly arises out of Customer’s use of the Service or Systems Software, only as expressly authorized under this Agreement, provided bioMérieux shall have no obligation or liability to the extent that the alleged infringement or misappropriation arises from (1) the combination, operation, or use of the bioMérieux Proprietary Items with products, services, deliverables, materials, technologies, business methods, or processes not furnished by bioMérieux; (2) modifications which were not made by bioMérieux; (3) Customer’s breach of this Agreement; (4) third-party components, Customer-created Patient Care Frameworks and Customer Modifications; or (5) any other reasons not attributable to bioMérieux. bioMérieux’s indemnification obligation hereunder is contingent upon prompt notice of and full control over the defense and/or settlement of any claim. Upon the occurrence of any claim for which indemnification is or may be due under this Section (Indemnification), or in the event that bioMérieux believes that such a claim is likely, bioMérieux may, at its sole option (i) modify the bioMérieux Proprietary Item so that it becomes non-infringing, or substitute functionally similar services, deliverables, or documentation; (ii) obtain a license to the applicable third-party intellectual property; or (iii) terminate this Agreement on written notice to Customer and as far as possible, procure a refund to Customer any pre-paid fees for services not provided. The obligations set forth in this Section (Indemnification) shall constitute bioMérieux’s entire liability and Customer’s sole remedy for any infringement or misappropriation.
Term and Termination.
The Term of this Agreement shall be for a twelve (12) month period beginning on the Effective Date or for the period agreed upon in the Order. The Agreement shall automatically renew for subsequent twelve (12) month terms. Either Party may terminate this Agreement for convenience by providing a written notice of its intent to terminate the Agreement at least ninety (90) days prior to the expiration of the current term of the Agreement.
Either Party may terminate this Agreement immediately on giving notice in writing to the other Party if the other Party: (a) commits a material breach (including any non-payment of fees due by Customer other than fees subject to a Good Faith Dispute) and, in the case of a material breach capable of being cured, failed to cure that breach within sixty (60) days after the receipt of a request in writing to cure such breach; (b) files for bankruptcy; (c) becomes or is declared insolvent, or is the subject of any proceedings related to its liquidation, insolvency or the appointment of a receiver or similar officer for it; (d) makes an assignment for the benefit of all or substantially all of its creditors; or (e) enters into an agreement for the cancellation, extension, or readjustment of substantially all of its obligations.
Upon any termination or expiration of this Agreement, Customer: (a) shall cease use of the Service; (b) shall return and discontinue all access and use of all the Confidential Information of bioMérieux then in Customer's possession or control; (c) shall certify in writing that all copies of the Confidential Information of bioMérieux have been permanently deleted; and (d) understands and acknowledges that such termination or expiration shall result in the retention by bioMérieux of Anonymous Data and the return to Customer in a mutually agreeable format, or the destruction of, any Customer Data that does not constitute Anonymous Data. Customer is expressly prohibited from retaining any Confidential Information of bioMérieux past the Term of this Agreement. Customer shall remain liable for all payments due (whether to bioMérieux or the Distributor, as the case may be) with respect to the period ending on the date of termination. For any termination other than a termination for good cause by Customer in accordance with this Section (Term and Termination), the balance of all remaining subscription fees relating to the then current Term will be due and payable. The provisions in the Payments, Warranties and Limitations, Confidentiality, Ownership of bioMérieux Proprietary Items, Indemnification, Termination, and Other Provisions Sections of this Agreement shall survive any termination or expiration of this Agreement.
Other Provisions.
Compliance with Laws. Each Party will comply with all applicable legal and regulatory (existing or future) rules. The Parties will comply with all anti-corruption and related statutes or regulatory provisions, and do not intend this Agreement to be any type of inducement for any other relationship between the Parties. The Parties further represent that their performance of this Agreement will not violate any existing covenant, contracts, applicable law, rule, or regulation, and will not infringe upon the rights of third parties, including property, contractual, employment, trade secrets, proprietary information, intellectual property, and nondisclosure rights.
Notice. All notices, consents, and other communications under or regarding this Agreement shall be in writing and shall be deemed to have been received on the earlier of the date of actual receipt or the first business day after being sent by a reputable overnight delivery service or by e-mail to mutually agreed-upon respective e-mail addresses of the Parties. Either Party may change its address for notices by giving written notice of the new address to the other Party.
Parties in Interest. This Agreement shall bind, benefit and be enforceable by and against bioMérieux and Customer and, to the extent permitted hereby, their respective successors and assigns. Neither Party may assign any of its rights or obligations under this Agreement, and any attempt at such assignment will be void without the other Party’s prior written consent, which consent will not be unreasonably withheld. Notwithstanding the foregoing, bioMérieux may assign this Agreement or of any bioMérieux rights under this Agreement to: (a) any bioMérieux successor by merger or consolidation or to any person or entity that acquires all or substantially all of its capital stock or assets; and (b) any person or entity to which bioMérieux transfers any of its rights in the bioMérieux Proprietary Items.
Export Laws and Use Outside of Malaysia. Customer shall comply with the export related laws and regulations. Customer shall not export or re-export directly or indirectly (including via remote access) any bioMérieux Proprietary Items (or parts thereof) to any applicable jurisdiction or entity prohibited by law or to which a license is required without first obtaining a license from the applicable regulatory authority. Customer agrees to indemnify, defend and hold harmless bioMérieux (and its partners and suppliers) from and against any and all losses they may suffer in any way arising out of or related to Customer’s breach of this Section.
Relationship. The relationship between the Parties under this Agreement is that of independent contractors and not partners, joint venturers or agents.
Entire Understanding. This Agreement, which includes and incorporates Orders made directly to bioMérieux, attachments, and any other schedules, exhibits and addenda attached to it, states the entire understanding between the Parties with respect to its subject matter, and supersedes all prior proposals, marketing materials, negotiations and other written or oral communications between the Parties with respect to the subject matter of this Agreement. In the event of any conflict between these Terms and Conditions and an Order made directly to bioMérieux, the Order made directly to bioMérieux shall govern.
Modification. bioMérieux may revise this Agreement from time to time to better reflect changes to the law, new regulatory requirements, or improvements or enhancements made to the Service. If a revision affects the use of the Service and any legal rights relating to the Service, bioMérieux will provide notification prior to the effective date by sending an email to the email address associated with Customer or, where applicable, via an in-product notification. Revised terms will be effective no less than seven (7) days from bioMérieux’s notification, or in case the revisions are unfavorable or significant to Customer, thirty (30) days from bioMérieux’s notification. If Customer does not agree to the revisions, Customer may terminate this Agreement before the revised terms take effect. Where applicable, bioMérieux will as far as possible, procure a prorated refund based on the amounts Customer has prepaid for the Service. By continuing to use or access the Service after the revisions take effect, Customer agrees to be bound by the revised terms.
Severability. If any provision of this Agreement is declared unenforceable in whole or in part, the remainder of the provision and other provisions herein will remain in full force and effect and this Agreement will be amended in order to effect, to the maximum extent allowable by law, the original intent of such provision.
Right to Seek Injunctive Relief. The Parties acknowledge and agree that either Party may seek injunctive relief relating to a breach of this Agreement.
Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument.
Governing Law and Dispute Resolution. This Agreement shall be governed by and construed in accordance with the laws of Singapore, irrespective of any conflict of laws principles.
Any dispute arising out of or in connection with this Agreement which cannot be settled through amicable discussions between the Parties shall be referred to and finally settled by the exclusive jurisdiction of the courts of Singapore.
Force Majeure. Except with respect to Customer’s payment obligations, neither Party shall be liable for, nor shall either Party be considered in breach of this Agreement due to any failure to perform its obligations under this Agreement as a result of a cause beyond its control, including any act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications (including the Internet or other networked environment), power or other utility, labor problem or unrest, unavailability of supplies, disruption of the Service due to Internet connection impairments, or any other cause which could not have been prevented by the non-performing Party with reasonable care.
Use of Customer’s Name. Customer authorizes bioMérieux to use Customer’s name and logo in any routine list of bioMérieux clients, as a reference, or in any advertising or press release.
Government End-Users. Customer acknowledges and agrees that the Service, Documentation, and product (including any third-party components included therein) is a commercial product, which was developed at private expense. All government end users only have the rights set forth herein.
Independent Legal Advice: Each of the Parties hereby acknowledges that it has been afforded the opportunity to obtain independent legal advice and confirms by the execution and delivery of this Agreement that they have either done so or waived their right to do so in connection with the entering into of this Agreement.
SCHEDULE A
DATA PROCESSING ADDENDUM (MALAYSIA)
Article 1 - Definitions
1.1 “Affiliates” shall mean a corporation or other business entity controlled by, controlling or under common Control with a Party. For this purpose, control of such corporation or other business entity shall mean the direct or indirect ownership of more than fifty percent (50%) of voting rights and/or share capital or such other relationship which constitutes actual control of such corporation or other business entity.
1.2 “bioMérieux” shall refer to bioMerieux Asia Pacific Pte Ltd and any of its Affiliates including, without limitation, bioMérieux, SA and BioFire Diagnostics, LLC.
1.3 “Customer” shall refer to the entity designated as “Customer” for purposes of the FIREWORKS Software as a Service Terms (FIREWORKS SaaS Agreement).
1.4 “Device” shall have the meaning as “Device” in the FIREWORKS SaaS Agreement.
1.5 “Controller” shall have the same meaning as “data user” under the PDPA, which means a person who either alone or jointly or in common with other persons processes any Personal Data or has control over or authorizes the processing of any Personal Data, but does not include a Processor.
1.6 “Data Protection Law” shall mean all applicable laws and contractual and fiduciary obligations related to data privacy, data protection, data security, data transfer, or marketing, as applicable from time to time including without limitation, PDPA, any national implementing legislation, and all equivalent, security and data breach notification laws with respect to the business of bioMérieux, and applicable data protection authorities of Malaysia.
1.7 “Data Subject” means an individual who is the subject of the Personal Data.
1.8 “FIREWORKS SaaS Agreement” shall mean the FIREWORKS Software as a Service Terms of which this addendum is appended.
1.9 “Personal Data” shall have the same meaning under the PDPA, being any information in respect of commercial transactions, which:
(a) is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose;
(b) is recorded with the intention that it should wholly or partly be processed by means of such equipment; or
(c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, that relates directly or indirectly to a Data Subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the Data Subject; but does not include any information that is processed for the purpose of a credit reporting business carried on by a credit reporting agency under the Credit Reporting Agencies Act 2010 of Malaysia.
1.10 “Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
1.11 “PDPA” shall mean the Personal Data Protection Act 2010 of Malaysia.
1.12 “Processing” shall have the same meaning as “processing” under the PDPA, which means collecting, recording, holding or storing the Personal Data or carrying out any operation or set of operations on the Personal Data, including:
(a) the organization, adaptation or alteration of Personal Data;
(b) the retrieval, consultation or use of Personal Data;
(c) the disclosure of Personal Data by transmission, transfer, dissemination or otherwise making available; or
(d) the alignment, combination, correction, erasure or destruction of Personal Data.
1.13 “Processor” shall have the same meaning as “data processor” under the PDPA, which shall mean any person, other than an employee of the Controller, who processes the personal data solely on behalf of the Controller, and does not process the Personal Data for any of his own purposes.
1.14 "sensitive personal data" shall have the same meaning under the PDPA, being any personal data consisting of information as to the physical or mental health or condition of a Data Subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence or any other personal data as the Minister charged with the responsibility for the protection of personal data, may determine by order published in the Gazette;
1.15 “Service” shall have the same meaning as “service” in the FIREWORKS SaaS Agreement.
1.16 “Subprocessor” shall mean a natural or legal person, public authority, agency or other body appointed by or on behalf of Processor to process Personal Data on behalf of the Controller.
Article 2 - Processing of Personal Data
2.1 Data Processing
bioMérieux may process Personal Data under the FIREWORKS SaaS Agreement as a Processor acting on behalf of Customer, who is the Controller, for the various purposes as indicated in the table below:
Nature and Purpose of Processing of Personal Data | Such Processing as is necessary for purposes of enabling Customer to access and analyze laboratory data from multiple FilmArray systems by:
|
Controller | Customer |
Processor | bioMérieux |
Data Subjects | Patients seeking medical diagnoses or care from Customer |
Providing Notice, Obtaining Consent, and/or Formulating Legal Basis | Sole Responsibility of Customer |
Collection of Personal Data | The Service collects Personal Data from Customer’s connected Devices. |
Data Elements Processed | Personal Data contained in the entire raw data file obtained from Devices and generally includes the following categories of data elements:
|
Duration of Processing | Processing of Personal Data shall continue for the duration of the FIREWORKS SaaS Agreement, unless otherwise agreed by the parties. |
bioMérieux and its Subprocessors shall not process the Personal Data for purposes other than those specified in the above table.
2.2 Customer’s Responsibilities
When using the Service, Customer shall direct processing of Personal Data in accordance with Data Protection Laws, including providing all requisite notices or obtaining all requisite consents, and obtaining all requisite rights to use and disclose the Personal Data including establishing applicable legal bases, where applicable.
2.3 Instructions
bioMérieux and its Subprocessors will process Personal Data in accordance with Customer’s documented instructions. Customer agrees that this Addendum, the FIREWORKS SaaS Agreement and any related statements of work or service orders issued by Customer or its authorized representatives, comprise Customer’s complete instructions to bioMérieux regarding the Processing of Personal Data. Any additional or alternate instructions must be agreed to between the parties in writing, including the costs (if any) associated with complying with such instructions.
bioMérieux and its Subprocessors are not responsible for determining whether Customer’s instructions are compliant with Data Protection Laws. However, if bioMérieux and/or its Subprocessors are of the opinion that a Customer instruction violates applicable Data Protection Laws, bioMérieux shall notify Customer as soon as reasonably practicable and shall not be required to comply with such instructions.
2.4 Details of Processing
Details of the subject matter of the Processing, its duration, nature and purpose, and the type of Personal Data and data subjects are specified in the FIREWORKS SaaS Agreement and in Article 2.1 above.
2.5 Compliance
Customer and bioMérieux agree to comply with their respective obligations under Data Protection Laws applicable to the Personal Data that is Processed in connection with the Service. Customer has sole responsibility for complying with Data Protection Laws regarding the lawfulness of the Processing of Personal Data prior to disclosing, transferring, or otherwise making available, any Personal Data to bioMérieux or its Subprocessors.
Article 3 - Subprocessors
3.1 Use of Subprocessors
bioMérieux may use Subprocessors with the Customer’s general written authorization. Customer authorizes bioMérieux to appoint and use Subprocessors to Process Personal Data in connection with the Service provided that bioMérieux puts in place a contract in writing with each Subprocessor that imposes obligations that are: (i) relevant to the services to be provided by the Subprocessors and (ii) materially similar to the rights and/or obligations imposed on bioMérieux under this Schedule. Subprocessors may include third parties or any of bioMérieux’s Affiliates.
bioMérieux shall ensure that the aforementioned Subprocessors have entered into confidentiality agreements and limit the use of and access to Personal Data to bioMérieux’s employees and Subprocessors who need to know such Personal Data and who are subject to obligations of confidentiality which are no less onerous than those which are set forth in this Schedule.
3.2 List of Subprocessors
Customer acknowledges and agrees that bioMérieux may use the Subprocessor identified below:
Subprocessor | Location | Responsibility for Processing |
Amazon Web Services Korea, LLC (AWS) Amazon Web Services Japan AWS Singapore | South Korea Japan Singapore | Cloud hosting and storage |
Customer acknowledges and agrees that bioMérieux may change the Subprocessor from time to time, and bioMérieux shall update the details of the Subprocessor in the Service Terms published and accessible on: https://www.biomerieux.com/biofire-fireworks/en.html
Article 4 - Technical and Security Measures
4.1 Technical and Organizational Security Measures
Taking into account industry standards, the costs of implementation, the nature, scope, context and purposes of the Processing, and any other relevant circumstances relating to Processing of Personal Data on Processor systems, bioMérieux has implemented appropriate technical and organizational security measures to ensure that the security, confidentiality, integrity, availability and resilience of the systems involved in Processing of Personal Data are commensurate with the risk in respect of such Personal Data.
The Parties agree that the technical and organizational security measures described in Annex 1 (“Information Security Measures”) provide an appropriate level of security for the protection of Personal Data to meet the requirements of this clause. bioMérieux shall periodically (i) test and monitor the effectiveness of the safeguards, controls, systems and procedures and (ii) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of Personal Data, and ensure that the risks are addressed.
4.2 Restricted Access
bioMérieux shall ensure that persons authorized to access Personal Data (i) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, (ii) access Personal Data only upon documented instructions from Customer, unless required or allowed to do so by applicable law, and (iii) have received appropriate training on their responsibilities, specifically pertaining to security and privacy measures.
Article 5 - Personal Data Breach
bioMérieux shall notify Customer, without undue delay, after becoming aware of a Personal Data Breach in relation to the product and shall use reasonable efforts to assist Customer in mitigating, where possible, the adverse effects of any Personal Data Breach. The notification of a Personal Data Breach shall be sent to Customer by email to Customer’s Chief Privacy Officer using the address set forth in Article 10 below.
Article 6 - Deletion of Personal Data
Upon termination of the FIREWORKS SaaS Agreement and if requested by Customer in writing, bioMérieux and/or its Subprocessors shall, as soon as reasonably practical and where feasible, return or delete Personal Data received from Customer unless applicable law or any relevant agreement between bioMérieux and Customer requires retention of such Personal Data. To the extent that applicable law or relevant agreement requires retention of such Personal Data, the provisions of this Addendum shall continue to apply to such Personal Data. bioMérieux reserves the right to charge Customer for any reasonable costs and expenses incurred by bioMérieux in deleting or returning Personal Data pursuant to this clause.
Article 7 – Cooperation
7.1 Data Subject Requests
bioMérieux shall promptly inform Customer by email to Customer’s Chief Privacy Officer using the address set forth in Article 10 below of any requests from Data Subjects seeking exercising their data subject rights under Data Protection Laws. Customer is responsible for responding to such requests. bioMérieux reserves the right to charge Customer for such assistance if the cost of assisting exceeds a nominal amount.
7.2 Third Party Requests
Subject to, and to the extent permitted by, applicable Data Protection Laws, nothing in this Addendum shall prevent bioMérieux or its Subprocessors from disclosing Personal Data processed on behalf of Customer to the extent required pursuant to a judicial or government request, requirement, or order. bioMérieux shall notify Customer in writing at least fifteen (15) days before disclosing Personal Data pursuant to a third party request, requirement, or order, and shall cooperate with Customer, as Customer reasonably requests, in seeking a protective order or other recourse limiting the effect of that disclosure.
7.3 Privacy Impact Assessments and Prior Consultations
To the extent required by Data Protection Laws, bioMérieux shall provide reasonable assistance to Customer (i) to carry out a data protection impact assessment in relation to Processing of Personal Data by bioMérieux or (ii) as part of any required prior consultation(s) with supervisory authorities.
Article 8 - Demonstrating Compliance
bioMérieux shall, upon reasonable prior written request from Customer (such request to be made in accordance with the terms of this Addendum), provide Customer such information as may be reasonably necessary to demonstrate compliance with bioMérieux’s and, as applicable, Subprocessors’ obligations under this Schedule, and allow for and contribute to audits, conducted by Customer or another auditor retained by Customer.
Article 9 - Liability and Limitations
In the event that bioMérieux or its Subprocessors intentionally or negligently fails to perform or insufficiently performs any obligations under this Addendum, bioMérieux shall compensate Customer for the damages resulting therefrom. Each Party’s and all of its Affiliates’ liability, in the aggregate, arising out of or related to this Addendum is subject to the Limitation of Liability section of the FIREWORKS SaaS Agreement.
Article 10 – Chief Privacy Officer Contacts and Information
10.1 Controller (Customer)
Title: ____________________________________
Email Address: ____________________________________
10.2 Processor (bioMérieux)
Title: Chief Privacy Officer
Email Address: PrivacyOfficer@biomerieux.com
Annex 1 - Information Security Measures
As a Processor, bioMérieux is committed to providing an appropriate level of information security regarding the Service and related services. bioMérieux shall provide an appropriate security level through organizational, technical and physical security measures as described below to the extent that bioMérieux has or gains access to Customer’s Personal Data. bioMérieux shall also ensure that the Subprocessor provides appropriate security level through organizational, technical and physical security measures and shall, upon reasonable request from Customer, provide information obtained from or published by the Subprocessor regarding such measures.
1. Physical Access Controls
bioMérieux has implemented reasonable measures to prevent unauthorized persons from gaining access to Personal Data.
2. System Access Controls
bioMérieux has taken reasonable measures to prevent Personal Data from being accessed without authorization. These controls vary based on the nature of Processing undertaken and may include, among other controls, password-protected individual accounts, password policies, and electronic or multi-factor authentication methods.
3. Data Access Controls
bioMérieux has taken reasonable measures to provide that Personal Data is accessible and manageable only by properly authorized employees, database query access is controlled, and application access rights are established and enforced to ensure that employees entitled to use a Processing system only have access to Personal Data to which they have privilege of access, and that Personal Data cannot be read, copied, modified or removed without authorization in the course of Processing. bioMérieux has taken reasonable measures to implement an access policy under which access to system environments, Personal Data and other data is limited to authorized personnel only.
4. Transmission Controls
bioMérieux has taken reasonable measures to ensure that Personal Data cannot be read, copied, modified or deleted without authorization during transmission. These controls include encryption of data transmission using either 128-bit Symmetric Encryption keys or the then-current but no less secure industry standard encryption.
5. Input Controls
bioMérieux has taken reasonable measures to guard against any unauthorized inclusion, modification or deletion of Personal Data from databases. bioMérieux has taken reasonable measures to ensure that (i) the source of Personal Data is under the control of Customer at the time of Personal Data collection, and (ii) Personal Data exported into bioMérieux databases are managed by secure and encrypted file transfer from Customer to bioMérieux.