These Software as a Service Terms (the “Terms”) govern all transactions between Customer and bioMérieux, Inc. or its EU Affiliates (“bioMérieux”) involvingthe Software (as defined below). (“Affiliate” is defined in the Data Processing Addendum appended to these Terms.) By accepting the Service, Customer agrees to these Terms and the terms set forth in the applicable Schedules in full. These Terms along with all applicable Schedules (collectively, the “Agreement”) comprise the entire agreement between the parties regarding the Service and supersede all prior or contemporaneous understandings, agreements, negotiations, representations and warranties and communications, both written and oral, and shall not be supplemented or explained by any evidence of trade usage or course of dealing. All Customer terms and conditions on any Customer documentation or contract are hereby objected to and rejected and shall be of no force and effect or deemed to be binding on bioMérieux in whole or in part. This Agreement will become effective when Customer accepts the Service (the “EffectiveDate”).

“Access Credentials" means any user name, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify a User’s identity and authorization to access and use the Service.

“Anonymous Data” means data or data sets, including data definitions, structures, or analyses about such data or data sets, that do not identify, and are not personally attributable to, any Patient or Customer Personnel.  Anonymous Data include Customer Device Data, and any other data or data set that does not identify, or is not attributable to, any Patient or Customer Personnel.

"bioMérieux Personnel" means any employee, agent, or independent contractor of bioMérieux, of a bioMérieux Subcontractor, or of an authorized bioMérieux distributor.

“bioMérieux Proprietary Items” means, collectively, the Software, inclusive of the Service and Systems Software, and Documentation, the visual expressions, screen formats, report formats, and other design features of the Software, inclusive of the Service and Systems Software, all ideas, methods, algorithms, models, formulae, and concepts used in developing and/or incorporated into the Software, inclusive of the Service and Systems Software, or Documentation, all future modifications, revisions, updates, refinements, improvements, and enhancements of the Software, inclusive of the Service and Systems Software, or Documentation, all derivative works (as such term is used in U.S. copyright laws) based upon any of the foregoing, including deliverables, work product, and all copies of the foregoing.

“Cloud-Based” means the storage, management, and processing of data on a network of remote servers hosted on the Internet.

“Cloud Service” means an entity that provides Cloud-Based services and shall include, but may not necessarily be limited to, Amazon Web Services (AWS).

“Component” means a part or extension of the Service that is dedicated to a specific function. 

“Configure” means making Systems Software ready for use on the Customer Device and may be accomplished either remotely or on-site.

“Confidential Information” means all confidential or proprietary information disclosed by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) in connection with this Agreement, unless it is (a) already known by the Receiving Party without obligation of confidentiality; (b) independently developed by the Receiving Party without access to or use of the Disclosing Party’s Confidential Information; (c) publicly known without breach of this Agreement; or (d) lawfully received from a third party without obligation of confidentiality. Without limiting the generality of the foregoing,Confidential Information shall include: (a) Customer Data and non-public information, documentation, and materials, which may be disclosed or made available from any source or in any form relating to the Customer’s business, financial information, patients, employees, programs, documentation, techniques, trade secrets, and systems, (b) bioMérieux Proprietary Items and (c) all work flows and data structures created or provided by bioMérieux pursuant to this Agreement. Confidential Information shall include the terms and pricing in this Agreement, but not the fact that this Agreement has been signed, the identity of the Parties, or the identity of the Service or a Component of the Service.

“Customer Patient Data” means Patient Data stored or maintained in a Customer Device.

“Customer Device” means any Customer-owned or Customer-leased medical device as developed or manufactured by bioMerieux subsidiary, BioFire Diagnostics, LLC, and which is connected to the Service.  Customer Devices shall include, but are not necessarily limited to, the BIOFIRE^®FILMARRAY^® and SPOTFIRE^® product lines.

“Customer Consumable” means substance or object used or needed to carry out or facilitate tests on the Customer Device and includes, but is not necessarily limited to, pouches, reagents, etc.

“Customer Data” means Customer Patient Data, Customer Device Data, and/or any other data relating to the Customer or Customer Personnel.

“Customer Device Data” means data that is related to the performance or operation of a Customer Device and does not include any Customer Patient Data.

"Customer System" means Customer's information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.

"Customer Personnel" means any employee, agent, or independent contractor of Customer or any Customer Subcontractor.

“Documentation” means bioMérieux’s standard user guides, manuals and/or electronic user guides relating to the Service, including on- line help, as updated and amended from time to time.

"Good Faith Dispute" means a good faith dispute by Customer of certain and specific amounts invoiced under this Agreement.

"Order” means any mutually agreeable order form or similar documentation related to the sale, purchase, or acquisition of the Service.

“Patient” means any patient of Customer.

“Patient Data” means information relating to a Patient.

“Process” means any operation or set of operations which is performed on data or on data sets, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Publish” means to make information available through paper, electronic, audio or visual means in a manner intended to make such information accessible, in whole or in part, to the general public regardless of whether such access is made freely available or restricted.

“Service” means an instance of the Software as made accessible to Customer as a cloud-hosted software-as-a-service offering, and commonly referred to as FIREWORKS.

“Software” means bioMérieux’s software, technology, tools, logic, reports, workflows, algorithms, predictive models, database schemes, database, analytics, hardware, and technology infrastructure incorporating or supporting the Service, inclusive of any third-party software included in the Service but excluding any separately licensed Third Party Components (as defined below), as ordered under the terms of this Agreement.

“Systems Software” means Software provided by bioMérieux on a Customer Device to facilitate the use and functionality of the Service. 

“Term” means the duration of Customer’s right to receive, access, and use the Service as set forth in this Agreement.

"User" means any Customer Personnel who is authorized to access or use the Service.

Acceptance. Customer will identify and make its Customer Devices and Customer Systems readily available and accessible to bioMérieux Personnel at the time of or prior to the Configuration of any Systems Software.  The Service shall be deemed accepted by Customer upon the earlier of the following: (i) notification by Customer that the Service is accepted, (ii) the first instance of the transfer of any Customer Data from a Customer Device to the Service, or (iii) five (5) days after the Configuration date. Customer is responsible for providing all reasonably requested assistance to bioMérieux Personnel in a timely manner to ensure bioMérieux can Configure any Systems Software as agreed upon.

Access. bioMérieux has developed and deployed specifications, standards and/or protocols necessary to allow Users to access the Service at the Site using Access Credentials. Customer and Users are jointly responsible for the security of the Access Credentials. Any access to the Service by Customer or Users through improper use or sharing of Access Credentials is prohibited. Subject to the terms and conditions contained in this Agreement, bioMérieux grants to Customer a non-exclusive, non-transferable, revocable right to: (a) permit Users to access the Systems Software and the Service solely for Customer's internal business purposes; (b) permit Customer’s designated administrative users to access administrative features or functions of the Service solely for Customer's internal business purposes in order to manage access rights for Users.

bioMérieux Obligations. On the Configuration date, bioMérieux shall make available to Customer, on a non-exclusive, revocable, and non-transferable basis during the Term, the Service at the Site for up to the number of Users agreed upon along with any necessary Systems Software. In addition, bioMérieux (itself or through third party vendors (e.g. its Cloud Service partners)) will: (a) host, operate, maintain, and provide basic support for the Service as necessary to make the Service available; and (b) specify the procedures by which Customer may establish and obtain access to and use the features and functions of the Service or any Component of the Service.

Customer Obligations. Customer shall: (a) use the Service and Systems Software in accordance with this Agreement, the Documentation, and all applicable laws and regulations; (b) use commercially reasonable efforts to prevent unauthorized access to or use of the Service and Systems Software and notify bioMérieux promptly of any such unauthorized access or use; (c) be responsible for all User acts and omissions; (d) be responsible for maintaining, at all times during the term of this Agreement, one or more current and active administrators of Customer’s account for the Service; (e) be responsible for disabling User accounts immediately upon a User’s separation from Customer or for any other applicable reason,  (f) make available in a timely manner at no charge to bioMérieux Personnel all Customer Devices and/or Customer Systems required by bioMérieux for the performance of the Service, including making any necessary configurations to Customer Devices at customer’s sole cost; (g) be responsible for, and assume the risk of, any problems resulting from, the content, accuracy, completeness, and consistency of all Customer Data; (h) be responsible for the accuracy, quality, integrity, and legality of Customer Data and the means by which such data was acquired, including but not limited to, ensuring that such Customer Data was obtained in accordance with all applicable laws, rules, and regulations; and (i) reasonably cooperate with bioMérieux Personnel as necessary for bioMérieux to perform itsobligations. Customer shall reimburse bioMérieux, per bioMérieux’s standard policies, for any additional efforts or costs including, without limitation, site visits, it incurs resulting from Customer’s failure to perform its obligations.

Restrictions. Customer shall not, and shall not permit any Customer Personnel, to: (a) sell, resell, lease, rent, license, sublicense, distribute, transfer, or otherwise make available the Service or Systems Software, including on a time-sharing, SaaS, service bureau, or other similar basis, to any third party other than Users or otherwise use the Service at any location other than the Site or the Systems Software in connection with any devices other than Customer Devices; (b) use the Service or Systems Software to store or transmit malicious code, infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; (c) use or access the Service or Systems Software in any way that threatens the integrity, performance, or availability of the Service or Systems Software or any data therein; (d) load, or permit the loading, of Customer Data in violation of any applicable, law, rule, or contract; (e) remove, modify or obscure any product or service identifier, copyright, trademark or other proprietary rights notice or other notices, instructions, disclaimers or legends; (f) modify or create derivative works of the Service or Systems Software (or third party software embodied therein); (g) decompile, disassemble, or reverse engineer the Service or Systems Software, in whole or in part or attempt to reconstruct or discover any source code or underlying ideas, algorithms, file formats, data structures or other aspects of the Service or Components; or (h) access, use, or copy any portion the Service or Systems Software in order to build a competitive product or to benchmark with any third party product or service. bioMérieux may restrict or prohibit access to Customer if bioMérieux reasonably suspects Customer is breaching its obligations under this Section. No rights are assigned or granted to Customer other than as expressly set forth herein.

Use Acknowledgments. Customer understands and acknowledges that the Service is an analytics solution that is not designed, intended, validated or cleared to be used as a clinical decision support system. Additionally, and where applicable, Customer understands and acknowledges that the optional Cp Viewer Component of the Service has not been considered or cleared by the United States Food and Drug Administration or any other regulatory agency in the United States or elsewhere and cannot be used for patient care.   No license is conveyed or implied for Customer to use, and Customer agrees not to use, the Cp Viewer Component in any manner requiring United States Food and Drug Administration or other regulatory approval, clearance, or registration. 

Third Party Code. The Service may contain or be provided with components subject to the terms and conditions of “open source” software licenses (“Open Source Software”) or other third-party software. bioMérieux shall provide a list of the Open Source Software to Customer upon Customer’s written request. To the extent required by the license that accompanies the Open Source Software, the terms of such license will apply in lieu of the terms of this Agreement with respect to such Open Source Software, including, without limitation, any provisions governing access to source code, modification, or reverse engineering.

Software Update.  The Systems Software will be configured to automatically perform software updates to make software improvements, security improvements and provide feature enhancements to facilitate the use and functionality of the Service. By agreeing to these terms, Customer is providing bioMérieux with authorization to make such automatic updates, improvements, or modifications to the Systems Software.  The Systems Software may also be configured to automatically receive other Customer Device software updates, improvements, or modifications.  However, such other software updates, improvements, or modifications will require user intervention to be configured.

Support.  Support for the Service shall be governed by any applicable service agreement between Customer and bioMérieux or the appropriate bioMérieux subsidiary or distributor.

Training: Upon request, training on the use of the Service will be provided to an agreed-upon number of Users at a time agreed by the Parties.

Customer Patient Data. All Customer Patient Data shall be considered proprietary to Customer and/or the Patient. bioMérieux will only use Customer Patient Data as authorized under this Agreement.

Customer Patient Data License Grant. Customer hereby grants bioMérieux a worldwide, perpetual, irrevocable, fully paid-up, royalty free, non-exclusive right and license to Process Customer Patient Data for purposes of providing the Service to Customer.

Anonymous Data.  bioMérieux shall be deemed to be the owner of any Anonymous Data.  bioMérieux shall therefore be entitled to use Anonymous Data (a) to facilitate the provision of the Service to Customer, (b) for research, development, and continuous improvement of bioMérieux’s products, software, and services, (c) to monitor the operation or performance of Customer Devices in order to enhance Customer support including, without limitation, use of Customer names and contact information, connected Customer Device information, Customer Device status and Configuration information, Customer Device performance metrics, Customer Consumable inventory levels, runs and run performance per Customer Device, panel, institution or laboratory, and (d) for any other commercial purpose not prohibited by applicable law or this Agreement.

Data Safeguards. Where applicable, bioMérieux shall maintain reasonable and appropriate data safeguards and procedures designed to prevent the unauthorized use or disclosure of Customer Patient Data as required under applicable laws. During the Term, bioMérieux will maintain physical, administrative, and technical security measures to ensure the availability, integrity, and confidentiality of Customer Patient Data in accordance with its standard data security policies.

Data Processing. The Data Processing Addendum attached to this Agreement as Schedule A and incorporated herein by reference will govern bioMérieux’s obligations with regard to the Processing of Personal Data. 

Data Publication. Customer shall retain the right to publish summaries, conclusions, or other results derived from the information or Customer Data derived or obtained from the Service; provided, however, that prior to any such publication, Customer shall provide bioMérieux with a copy of any data, findings, article, abstract, manuscript, poster, presentation or other information intended for publication, at least thirty (30) days prior to submission for publication so that bioMérieux may review the proposed publication for the purpose of determining correct usage of bioMérieux trademarks, verifying that bioMérieux’s confidential information is not disclosed, and verifying that the publication is not in violation of any applicable law or rule pertaining to bioMérieux.

Versions of the Service.  The fees and expenses that bioMérieux will charge Customer for the Service depends on the version of the Service, which versions may change from time to time and may feature varying capabilities.  

Fees. Customer shall pay bioMérieux, without offset or deduction, the fees and expenses as determined under the applicable Order and this Agreement. As applicable, bioMérieux reserves the right to (1) commence charging fees or (2) increase the fees each year, but must provide notification of such an intent to either commence charging fees or increase fees at least thirty (30) days in advance. Unless otherwise provided in an applicable Order, all fees shall be due and payable within thirty (30) calendar days after an invoice is issued by bioMérieux. Whenever any support services are provided by bioMérieux at a Customer location or any other location requested by Customer other than one of bioMérieux's locations, Customer shall reimburse bioMérieux for reasonable travel, lodging, meal, and related expenses incurred by bioMérieux representatives in providing such services.

Recalculation of Fees. The fees set forth in each Order are based on the size of Customer as of the Effective Date. Customer must notify bioMérieux within thirty (30) days of any event that would change the size of the Customer (e.g., acquisition by or of a third party). Upon notice, bioMérieux will recalculate the fee owed by Customer based on its list prices at the time of the notice and will invoice Customer for the balance owed. Customer will pay the invoiced amount within thirty (30) days of its receipt of the new invoice. Any delay by bioMérieux to invoice Customer for the amount owed shall not waive its right to recover such amount.

Taxes. The fees and other amounts payable by Customer to bioMérieux do not include any taxes of any jurisdiction that may be assessed or imposed upon the Service, Documentation, or otherwise, including sales, use, excise, value added, personal property, export, import, and withholding taxes, excluding only taxes based upon bioMérieux's net income. Customer shall directly pay any such taxes assessed. Customer shall promptly reimburse bioMérieux for any taxes payable or collectable by bioMérieux (other than taxes based upon bioMérieux’s net income). If Customer has provided bioMérieux with proof of its tax-exempt status, then, in the event that Customer’s tax-exempt status should become altered, Customer shall be obligated to notify bioMérieux immediately of any such modification and Customer shall become liable for all taxes as set forth above. In the event Customer fails to notify bioMérieux of any such change, Customer shall be liable for payment of any tax related penalties or interest assessed against bioMérieux or Customer because of such Customer failure.

Payment Terms. All amounts payable by Customer for the Service shall be invoiced by bioMérieux with the initial invoice for Service being sent following the earlier of (1) thirty (30) days following Customer’s execution of the Order or (2) Configuration of the Systems Software. Service will be billed for the period agreed upon in the Order or as otherwise mutually agreed. All fees shall be invoiced in advance upon execution of the Order and are payable in advance. All expenses shall be payable as incurred. All invoices shall be sent to Customer's address designated in the Order and are due and payable within thirty (30) calendar days after being issued by bioMérieux. If any Customer payment is more than thirty (30) days past due, late payment fees shall apply, unless the non-payment is subject to a Good Faith Dispute. Such fees shall amount to 5% of the amount owed, in accordance with the statutory rate of interest set forth in the Swiss Code of Obligation. In addition, a CHF 50 reminder fee shall apply, as compensation for bioMérieux's administrative costs. A Good Faith Dispute will be deemed to exist only if (a) Customer has given written notice of the dispute to bioMérieux promptly after receiving the invoice and (b) the notice explains Customer's position in reasonable detail. A Good Faith Dispute will not exist as to an invoice in its entirety merely because certain amounts on the invoice have been disputed. All fees and other amounts paid by Customer under this Agreement are non-refundable.

Non-Payment. In the event that Customer’s account is more than thirty (30) days overdue, bioMérieux shall have the right, in addition to its remedies under this Agreement or pursuant to applicable law and at its discretion, to  disable Customer’s access to the Service or to grant Customer access to only certain limited features of the Service, until Customer has paid the full balance owed, plus any interest due.

Performance Warranties. The Service shall perform as described in the Documentation as of the Configuration date. Customer will timely notify bioMérieux of any known non-conformance to the specifications outlined in the Documentation. bioMérieux's only obligation under this warranty, and Customer’s sole and exclusive remedy, is for bioMérieux to correct any failure to so perform, or if such correction is not possible in a commercially reasonable timeframe, refund the fees paid for the specific non-conforming service during the periods of non-conformance.

Customer Warranty. Customer represents and warrants that Customer has all necessary consents and rights to use the Customer Data as part of the Product and Customer is not violating any existing agreements or laws and regulations by providing bioMérieux or bioMérieux Personnel with access to Customer Data.

Exclusion for Unauthorized Actions and Results of Use. Neither bioMérieux nor its supplier, partners, and vendors shall have any liability underany provision of this Agreement with respect to any performance problem, delay, or other matter to the extent attributable to any unauthorized or improper use or modification of the bioMérieux Proprietary Items, any unauthorized combination with other services, deliverables, products, software, hardware, or technology, or any act or omission by Customer, its affiliates, other users, representatives, or contractors. Customer is solely responsible for the results obtained from the use of the bioMérieux Proprietary Items. THE SERVICE DOES NOT OFFER MEDICAL ADVICE OR ADVICE REGARDING THE OPTIMAL SET OF PROCEDURES, ALERTS, OR STEPS NEEDED TO ACHIEVE THE BEST OUTCOMES FOR A PATIENT. ANY CUSTOMER DATA AND DECISIONS MADE OR ACTIONS TAKEN BASED ON INFORMATION ACCESSED THROUGH THE SERVICE ARE THE SOLE RESPONSIBILITY OF CUSTOMER. 

Disclaimer. EXCEPT AS EXPRESSLY STATED ABOVE IN THIS SECTION (Warranties and Limitations), THE SERVICE, THIRD PARTY COMPONENTS, AND DOCUMENTATION ARE PROVIDED "AS IS" AND NEITHER BIOMÉRIEUX NOR ITS VENDORS, SUPPLIERS, OR PARTNERS MAKES ANY REPRESENTATIONS OR WARRANTIES, ORAL OR WRITTEN, EXPRESS OR IMPLIED, ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INTERFERENCE, OR NON-INFRINGEMENT. BIOMÉRIEUX MAKES NO REPRESENTATIONS OR WARRANTIES, NOR SHALL BIOMÉRIEUX HAVE ANY LIABILITY WITH RESPECT TO, ANY THIRD PARTY DATA, THIRD PARTY COMPONENTS, THIRD PARTY PRODUCTS, OR THIRD PARTY SERVICES.

Damage Limitation. IN NO EVENT WILL EITHER PARTY (OR THEIR SUPPLIERS, PARTNERS, OR VENDORS) BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION ANY LOSS OF REVENUE, SAVINGS, OR DATA) ARISING IN CONNECTION WITH THIS AGREEMENT OR THE USE OF ANY BIOMÉRIEUX PROPRIETARY ITEMS, THIRD PARTY COMPONENTS, OR COMPONENTS BASED ON ANY THEORY OF CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE, OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Except for a third partyinfringement claim under Section 8 (Indemnification), each Party’s (including its Suppliers, Partners, or Vendors) total liability to theother Party (or their suppliers, partners or vendors) under this Agreement and all Orders shall under no circumstances exceed the feesactually paid by the Customer to bioMérieux: (a) under the applicable Order in the twelve months prior to the claim being made, or (b)under this Agreement in the twelve months prior to the claim being made if such claim does not relate to a specific Order.

Other Limitations. The warranties made by bioMérieux in this Agreement, and the obligations of bioMérieux under this Agreement, run only to Customer and not to any third party. Under no circumstances shall any Customer affiliate, Patient, student, contractor, or user, or any other third party be considered a third-party beneficiary of this Agreement. No action or claim of any type relating to this Agreement may be brought or made by Customer more than one (1) year after Customer first has knowledge of the basis for the action or claim. Customer and bioMérieux have freely and openly negotiated this Agreement, including the pricing, with the knowledge that the liability is to be limited in accordance with the provisions of this Agreement.

Limitations Relating to Third Party Components. The bioMérieux Proprietary Items may contain or use code and/or components of a third party that require Customer to enter into a separate agreement with such third party. Customer hereby consents to the use of such third-party components and agrees to comply with the terms and conditions set forth in any applicable third-party license. Except as otherwise set forth in the third-party license, the third-party components are provided “as is,” and without representation or warranty of any kind. Customer hereby agrees to use such third-party components in accordance with the terms and conditions of the applicable third-party component license, and agrees to indemnify, defend and hold harmless bioMérieux from all claims, losses, damages, expenses, or actions arising from its breach of any of the terms and conditions of such third-party component license.

All Confidential Information of a Disclosing Party in the possession of the Receiving Party, whether or not authorized, shall be held in strict confidence, and the Receiving Party shall take all steps reasonably necessary to preserve the confidentiality and prevent the unauthorized use or disclosure of the Confidential Information. The Receiving Party will not use or disclose any Confidential Information except as expressly authorized by this Agreement and will protect the Disclosing Party’s Confidential Information using the same degree of care that it uses with respect to its own confidential information, but in no event with safeguards less than a reasonable level of care under similar circumstances. Notwithstanding the foregoing, the Receiving Party will not be in violation of this Section (Confidentiality) with regard to a disclosure that is in response to a valid order or requirement by a court or other governmental body or otherwise required by law, provided the Receiving Party gives the Disclosing Party prior written notice of such disclosure in order to permit the Disclosing Party to seek an appropriate protective order. Information that is disclosed pursuant to a valid court or governmental order shall not lose its status as Confidential Information.

Ownership and License Grants. All bioMérieux Proprietary Items provided to or accessed by Customer under this Agreement are being made available on a strictly confidential and limited use basis in accordance with this Agreement and have great commercial value to bioMérieux (or its partners or suppliers). This Agreement provides access and not a license to the Service.  This Agreement grants Customer a non-exclusive, revocable, and non-transferable license to the Systems Software, Documentation, and any other bioMérieux Proprietary Items transferred from bioMérieux to Customer under this Agreement. This Agreement is not an agreement of sale, and no title, patent, copyright, trademark, trade secret, intellectual property or other ownership rights to any bioMérieux Proprietary Items or Components are transferred from bioMérieux to Customer under this Agreement. All bioMérieux Proprietary Items and related intellectual property shall remain the sole and exclusive property of bioMérieux. bioMérieux, on behalf of itself and its vendors, partners, and suppliers, reserves all rights not expressly granted by this Agreement.

Feedback. Customer may provide bioMérieux with feedback, comments, and recommendations regarding the functionality and performance of the Software, inclusive of the Service and Systems Software, including, without limitation, identifying potential errors and improvements. bioMérieux (and its partners and suppliers) shall have the unrestricted right to use such feedback in their sole discretion, including to improve or enhance the Service, Systems Software, and other bioMérieux (or its partners’ and suppliers’) products, and, accordingly, bioMérieux (and its partners and suppliers) shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit such feedback without restriction.

bioMérieux shall defend, indemnify, and hold Customer harmless against all third party intellectual property infringement suits brought against Customer, insofar as such suit directly arises out of Customer’s use of the Service or Systems Software, only as expressly authorized under this Agreement, provided bioMérieux shall have no obligation or liability to the extent that the alleged infringement or misappropriation arises from (1) the combination, operation, or use of the bioMérieux Proprietary Items with products, services, deliverables, materials, technologies, business methods, or processes not furnished by bioMérieux; (2) modifications which were not made by bioMérieux; (3) Customer’s breach of this Agreement; or (4) third-party components, Customer-created Patient Care Frameworks and Customer Modifications. bioMérieux’s indemnification obligation hereunder is contingent upon prompt notice of and full control over the defense and/or settlement of any claim. Upon the occurrence of any claim for which indemnification is or may be due under this Section (Indemnification), or in the event that bioMérieux believes that such a claim is likely, bioMérieux may, at its sole option (i) modify the bioMérieux Proprietary Item so that it becomes non-infringing, or substitute functionally similar services, deliverables, or documentation; (ii) obtain a license to the applicable third-party intellectual property; or (iii) terminate this Agreement on written notice to Customer and refund to Customer any pre-paid fees for services not provided. The obligations set forth in this Section (Indemnification) shall constitute bioMérieux’s entire liability and Customer’s sole remedy for any infringement or misappropriation.

The Term of this Agreement shall be for a twelve (12) month period beginning on the Effective Date or for the period agreed upon in the Order. The Agreement shall automatically renew for subsequent twelve (12) month terms.  Either Party may terminate this Agreement for convenience by providing notice of its intent to terminate the Agreement at least ninety (90) prior to the expiration of the current term of the Agreement.

Either Party may terminate this Agreement immediately on giving notice in writing to the other Party if the other Party: (a) commits a material breach (including any non-payment of fees due by Customer other than fees subject to a good faith dispute) and, in the case of a material breach capable of being cured, failed to cure that breach within sixty (60) days after the receipt of a request in writing to cure such breach; (b) files for bankruptcy; (c) becomes or is declared insolvent, or is the subject of any proceedings related to its liquidation, insolvency or the appointment of a receiver or similar officer for it; (d) makes an assignment for the benefit of all or substantially all of its creditors; or (e) enters into an agreement for the cancellation, extension, or readjustment of substantially all of its obligations.

Upon any termination or expiration of this Agreement, Customer: (a) shall cease use of the Service; (b) shall return and discontinue all access and use of all the Confidential Information of bioMérieux then in Customer's possession or control; (c) shall certify in writing that all copies of the Confidential Information of bioMérieux have been permanently deleted; and (d) understands and acknowledges that such termination or expiration shall result in the retention by bioMérieux of Anonymous Data and the return to Customer in a mutually agreeable format of any Customer Data that does not constitute Anonymous Data. Customer is expressly prohibited from retaining any Confidential Information of bioMérieux past the Term of this Agreement. Customer shall remain liable for all payments due to bioMérieux with respect to the period ending on the date of termination. For any termination other than a termination for good cause by Customer in accordance with this Section (Term and Termination), the balance of all remaining subscription fees relating to the then current Term will be due and payable. The provisions in the Payments, Warranties and Limitations, Confidentiality, Ownership of bioMérieux Proprietary Items, Indemnification, Termination, and Other Provisions Sections of this Agreement shall survive any termination or expiration of this Agreement.

Compliance with Laws. Each Party will comply with all applicable legal and regulatory (existing or future) rules. The Parties will comply with all anti-kickback and related statutes or regulatory provisions, and do not intend this Agreement to be any type of inducement for any other relationship between the Parties.  The Parties further represent that their performance of this Agreement will not violate any existing covenant, contracts, applicable law, rule, or regulation, and will not infringe upon the rights of third parties, including property, contractual, employment, trade secrets, proprietary information, intellectual property, and nondisclosure rights.

Notice. All notices, consents, and other communications under or regarding this Agreement shall be in writing and shall be deemed to have been received on the earlier of the date of actual receipt or the first business day after being sent by a reputable overnight delivery service. Either Party may change its address for notices by giving written notice of the new address to the other Party.

Parties in Interest. This Agreement shall bind, benefit and be enforceable by and against bioMérieux and Customer and, to the extent permitted hereby, their respective successors and assigns. Neither Party may assign any of its rights or obligations under this Agreement, and any attempt at such assignment will be void without the other Party’s prior written consent, which consent will not be unreasonably withheld. Notwithstanding the foregoing, bioMérieux may assign this Agreement or of any bioMérieux rights under this Agreement to: (a) any bioMérieux successor by merger or consolidation or to any person or entity that acquires all or substantially all of its capital stock or assets; and (b) any person or entity to which bioMérieux transfers any of its rights in the bioMérieux Proprietary Items.

Export Laws and Use Outside of the United States. Customer shall comply with the export related laws and regulations. Customer shall not export or re-export directly or indirectly (including via remote access) any bioMérieux Proprietary Items (or parts thereof) to any applicable jurisdiction or entity prohibited by law or to which a license is required without first obtaining a license from the applicable regulatory authority. Customer agrees to indemnify, defend and hold harmless bioMérieux (and its partners and suppliers) from and against any and all losses they may suffer in any way arising out of or related to Customer’s breach of this Section.

Relationship. The relationship between the Parties under this Agreement is that of independent contractors and not partners, joint venturers or agents.

Entire Understanding. This Agreement, which includes and incorporates Orders, attachments, and any other schedules, exhibits and addenda attached to it, states the entire understanding between the Parties with respect to its subject matter, and supersedes all prior proposals, marketing materials, negotiations and other written or oral communications between the Parties with respect to the subject matter of this Agreement. In the event of any conflict between these Terms and Conditions and an Order, the Order shall govern.

Modification. bioMérieux may revise this Agreement from time to time to better reflect changes to the law, new regulatory requirements, or improvements or enhancements made to the Service.  If a revision affects the use of the Service and any legal rights relating to the Service, bioMérieux will provide notification prior to the effective data by sending an email to the email address associated with Customer or, where applicable, via an in-product notification.  Revised terms will be effective no less than 30 days from when bioMérieux’s notification.  If Customer does not agree to the revisions, Customer may terminate this Agreement before the revised terms take effect.  Where applicable, bioMérieux will offer a prorated refund based on the amounts Customer has prepaid for the Service.  By continuing to use or access the Service after the revisions take effect, Customer agrees to be bound by the revised terms. 

Severability. If any provision of this Agreement is declared unenforceable, the other provisions herein will remain in full force and effect and this Agreement will be amended in order to effect, to the maximum extent allowable by law, the original intent of such provision.

Right to Seek Injunctive Relief. The Parties acknowledge and agree that either Party may seek injunctive relief relating to a breach of this Agreement.

Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument.

Governing Law. This Agreement will be interpreted according to the laws of Utah without application of conflict of laws principles. Provided, however, that the terms of any applicable law now or hereafter enacted that is based on or similar to the Uniform Computer Information Transactions Act drafted by the National Conference of Commissioners on Uniform State Laws shall not apply.

Force Majeure. Except with respect to Customer’s payment obligations, neither Party shall be liable for, nor shall either Party be considered in breach of this Agreement due to any failure to perform its obligations under this Agreement as a result of a cause beyond its control, including any act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications (including the Internet or other networked environment), power or other utility, labor problem, unavailability of supplies, disruption of the Service due to Internet connection impairments, or any other cause which could not have been prevented by the non-performing Party with reasonable care.

Use of Customer’s Name. Customer authorizes bioMérieux to use Customer’s name and logo in any routine list of bioMérieux clients, as a reference, or in any advertising or press release.

Government End-Users. Customer acknowledges and agrees that the Service, Documentation, and Product (including any Third-Party Componentsincluded therein) is a commercial product, which was developed at private expense. All government end users only have the rights set forth herein.

1.1        “Affiliates” shall mean a corporation or other business entity controlled by, controlling or under common Control with a Party. For this purpose, control of such corporation or other business entity shall mean the direct or indirect ownership of more than fifty percent (50%) of voting rights and/or share capital or such other relationship which constitutes actual control of such corporation or other business entity.

1.2        “bioMérieux” shall refer to bioMérieux, Inc. and any of its Affiliates including, without limitation, bioMérieux, SA and BioFire Diagnostics, LLC.

1.3        “Customer” shall refer to the entity designated as “Customer” for purposes of the FIREWORKS Software as a Service Terms (FIREWORKS SaaS Agreement).

1.4        “Customer Device” shall have the meaning as “Customer Device” in the FIREWORKS SaaS Agreement.

1.5        “Controller” shall mean an entity which, alone or jointly with others, determines the purposes and means of the Processing of the Personal Data.

1.6        “Data Protection Law” shall mean (i) all applicable laws and contractual and fiduciary obligations related to data privacy, data protection, data security, data transfer, or marketing, as applicable from time to time including without limitation, GDPR, any national implementing legislation, the equivalent laws the United Kingdom, the Swiss Federal Act on Data Protection and its implementing ordinance and (ii) all equivalent, comparable, or applicable European Union member or Swiss state privacy, security and data breach notification laws with respect to the business of bioMérieux, and (iii) the requirements set forth in any implementation decision and/or guidelines of competent applicable Swiss and/or European Union data protection authorities.

1.7        “Data Subject” shall mean an identified or identifiable natural person or, to the extent required by Data Protection Law, legal entity who is the subject of Personal Data.

1.8        “FIREWORKS SaaS Agreement” shall mean the FIREWORKS Software as a Service Terms (EU) of which this addendum is appended.

1.9        “GDPR” shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.10     “Personal Data” shall mean any information relating to an identified or identifiable natural person or Data Subject; an identifiable person or entity is one who can be identified, directly or indirectly, in particular or by reference to an identifier such as a name, a unique identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person or entity. 

1.11     “Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

1.12     “Processing” shall mean any operation or set of operations which is performed on the Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and “process” shall have the corresponding meaning.

1.13     “Processor” shall mean a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of a Controller.

1.14     “Service” shall have the same meaning as “service” in the FIREWORKS SaaS Agreement.

1.15     “Subprocessor” shall mean a natural or legal person, public authority, agency or other body appointed by or on behalf of Processor to process Personal Data on behalf of the Controller.

2.1        Data Processing

bioMérieux may process Personal Data under the FIREWORKS SaaS Agreement as a Processor acting on behalf of Customer as the Controller for the various purposes as indicated in the table below:

2.2        Customer’s Responsibilities

When using the Service, Customer shall direct processing of Personal Data in accordance with Data Protection Laws, including providing all requisite notices or obtaining all requisite consents, and obtaining all requisite rights to use and disclose the Personal Data including establishing applicable legal bases, where applicable.

2.3        Instructions

bioMérieux and its Subprocessors will process Personal Data in accordance with Customer’s documented instructions.  Customer agrees that this Addendum, the FIREWORKS SaaS Agreement and any related statements of work or service orders issued by Customer or its authorized representatives, comprise Customer’s complete instructions to bioMérieux regarding the Processing of Personal Data.  Any additional or alternate instructions must be agreed to between the parties in writing, including the costs (if any) associated with complying with such instructions. 

bioMérieux and its Subprocessors are not responsible for determining whether Customer’s instructions are compliant with Data Protection Laws.  However, if bioMérieux and/or its Subprocessors are of the opinion that a Customer instruction violates applicable Data Protection Laws, bioMérieux shall notify Customer as soon as reasonably practicable and shall not be required to comply with such instructions. 

2.4        Details of Processing

Details of the subject matter of the Processing, its duration, nature and purpose, and the type of Personal Data and data subjects are specified in the FIREWORKS SaaS Agreement and in Article 2.1 above.  

2.5        Compliance

Customer and bioMérieux agree to comply with their respective obligations under Data Protection Laws applicable to the Personal Data that is Processed in connection with the Service. Customer has sole responsibility for complying with Data Protection Laws regarding the lawfulness of the Processing of Personal Data prior to disclosing, transferring, or otherwise making available, any Personal Data to bioMérieux or its Subprocessors.

3.1        Use of Subprocessors

bioMérieux may use Subprocessors with the Customer’s general written authorization.  Customer authorizes bioMérieux to appoint and use Subprocessors to Process Personal Data in connection with the Service provided that bioMérieux puts in place a contract in writing with each Subprocessor that imposes obligations that are: (i) relevant to the services to be provided by the Subprocessors and (ii) materially similar to the rights and/or obligations imposed on bioMérieux under this Schedule. 

bioMérieux shall ensure that  the aforementioned Subprocessor has entered into confidentiality agreements and   limit   the   use   of   and   access   to Personal Data to bioMérieux’s  employees  and  Subprocessors  who  need  to  know  such Personal Data and who are subject to obligations of confidentiality which  are no  less  onerous  than  those  which  are  set  forth in this Schedule.  

Subprocessors may include third parties or any of bioMérieux’s Affiliates. Where a Subprocessor fails to fulfil its data protection obligations as specified above, bioMérieux shall be liable to the Customer for the performance of the Subprocessor’s obligations, subject to any applicable limitation of liability provision in the FIREWORKS SaaS Agreement. 

3.2        List of Subprocessors

Customer acknowledges and agrees that bioMérieux may use the Subprocessor identified below:

As Controller, Customer may reasonably object to any changes concerning addition or replacement of the Subprocessors in accordance with article 28(2) of the GDPR.  Customer shall object in writing by sending the objection by email to bioMérieux’s Data Protection Officer at privacyofficer@biomerieux.com.

4.1        Technical and Organizational Security Measures

Taking into account industry standards, the costs of implementation, the nature, scope, context and purposes of the Processing, and any other relevant circumstances relating to Processing of Personal Data on Processor systems, bioMérieux has implemented appropriate technical and organizational security measures to ensure that the security, confidentiality, integrity, availability and resilience of the systems involved in Processing of Personal Data are commensurate with the risk in respect of such Personal Data.  

The Parties agree that the technical and organizational security measures described in Annex 1 (“Information Security Measures”) provide an appropriate level of security for the protection of Personal Data to meet the requirements of this clause.  bioMérieux shall periodically (i) test and monitor the effectiveness of the safeguards, controls, systems and procedures and (ii) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of Personal Data, and ensure that the risks are addressed. 

4.2        Restricted Access

bioMérieux shall ensure that persons authorized to access Personal Data (i) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, (ii) access Personal Data only upon documented instructions from Customer, unless required to do so by applicable law, and (iii) have received appropriate training on their responsibilities, specifically pertaining to security and privacy measures.

bioMérieux shall notify Customer, without undue delay, after becoming aware of a Personal Data Breach in relation to the Product and shall use reasonable efforts to assist Customer in mitigating, where possible, the adverse effects of any Personal Data Breach. The notification of a Personal Data Breach shall be sent to Customer by email to Customer’s Data Privacy Officer using the address set forth in Article 10 below.

Upon termination of the FIREWORKS SaaS Agreement and if requested by Customer in writing, bioMérieux and/or its subprocessors shall, as soon as reasonably practical and where feasible, return or delete Personal Data received from Customer unless applicable law or any relevant agreement between bioMérieux and Customer requires retention of such Personal Data. To the extent that applicable law or relevant agreement requires retention of such Personal Data, the provisions of this Addendum shall continue to apply to such Personal Data. bioMérieux reserves the right to charge Customer for any reasonable costs and expenses incurred by bioMérieux in deleting or returning Personal Data pursuant to this clause.

7.1        Data Subject Requests

bioMérieux shall promptly inform Customer by email to Customer’s Data Privacy Officer using the address set forth in Article 10 below of any requests from Data Subjects seeking exercising their data subject rights under Data Protection Laws. Customer is responsible for responding to such requests. bioMérieux reserves the right to charge Customer for such assistance if the cost of assisting exceeds a nominal amount.  

7.2        Third Party Requests

Subject to, and to the extent permitted by, applicable Data Protection Laws, nothing in this Addendum shall prevent bioMérieux or its Subprocessors from disclosing Personal Data processed on behalf of Customer to the extent required pursuant to a judicial or government request, requirement, or order. bioMérieux shall notify Customer in writing at least 15 days before disclosing Personal Data pursuant to a third party request, requirement, or order, and shall cooperate with Customer, as Customer reasonably requests, in seeking a protective order or other recourse limiting the effect of that disclosure.  

7.3        Privacy Impact Assessments and Prior Consultations

To the extent required by Data Protection Laws, bioMérieux shall provide reasonable assistance to Customer (i) to carry out a data protection impact assessment in relation to Processing of Personal Data by bioMérieux or (ii) as part of any required prior consultation(s) with supervisory authorities.

bioMérieux shall, upon reasonable prior written request from Customer (such request to be made in accordance with the terms of this Addendum), provide Customer such information as may be reasonably necessary to demonstrate compliance with bioMérieux’s and, as applicable, Subprocessors’ obligations under this Schedule, and allow for and contribute to audits, including inspections, conducted by Customer or another auditor retained by Customer.

Each Party’s and all of its Affiliates’ liability, in the aggregate, arising out of or related to this Addendum is subject to the Limitation of Liability section of the FIREWORKS SaaS Agreement.

10.1                Controller (Customer)

Title:                  ____________________________________

Email Address:            ____________________________________

10.2                Processor (bioMérieux)

Title:                  Data Protection Officer

Email Address:            privacyofficer@biomerieux.com

As a Processor, bioMérieux is committed to providing a high level of information security regarding the Service and related services. bioMérieux shall provide an appropriate security level through organizational, technical and physical security measures as described below to the extent that bioMérieux has or gains access to Customer’s Personal Data. bioMérieux shall also ensure that AWS, as a Subprocessor, shall provide appropriate security level through organizational, technical and physical security measures and shall, upon reasonable request from Customer, provide information obtained from or published by AWS regarding such measures.

1.          Physical Access Controls 

bioMérieux has implemented reasonable measures to prevent unauthorized persons from gaining access to Personal Data. 

2.          System Access Controls

bioMérieux has taken reasonable measures to prevent Personal Data from being used without authorization. These controls vary based on the nature of Processing undertaken and may include, among other controls, password-protected individual accounts, password policies, and electronic or multi-factor authentication methods.

3.          Data Access Controls

bioMérieux has taken  reasonable measures to provide that Personal Data is accessible and manageable only by properly authorized employees, database query access is controlled, and application access rights are established and enforced to ensure that employees entitled to use a Processing system only have access to Personal Data to which they have privilege of access, and that personal data cannot be read, copied, modified or removed without authorization in the course of Processing. bioMérieux has taken reasonable measures to implement an access policy under which access to system environments, Personal Data and other data is limited to authorized personnel only.  

4.          Transmission Controls 

bioMérieux has taken reasonable measures to ensure that Personal Data cannot be read, copied, modified or deleted without authorization during transmission.  These controls include encryption of data transmission using either 128-bit Symmetric Encryption keys or the then-current but no less secure industry standard encryption

5.          Input Controls

bioMérieux has taken reasonable measures to guard against any unauthorized inclusion, modification or deletion of Personal Data from databases. bioMérieux has taken reasonable measures to ensure that (i) the source of Personal Data is under the control of Customer at the time of Personal Data collection, and (ii) Personal Data exported into bioMérieux databases are managed by secure and encrypted file transfer from Customer to bioMérieux.