FIREWORKS SOFTWARE AS A SERVICE TERMS (UKI)
These Software as a Service Terms (the “Terms”) govern all transactions between Customer and bioMérieux UK Ltd. or its Affiliates (“bioMérieux”) (each referred to individually as a “Party” and collectively as the “Parties”) involving the Software (as defined below). By accepting the Service, Customer agrees to these Terms and the terms set forth in the applicable Schedules in full. These Terms along with all applicable Schedules (collectively, the “Agreement”) comprise the entire agreement between the Parties regarding the Service and supersede all prior or contemporaneous understandings, agreements, negotiations, representations and warranties and communications, both written and oral, and shall not be supplemented or explained by any evidence of trade usage or course of dealing. All Customer terms and conditions on any Customer documentation or contract are hereby objected to and rejected and shall be of no force and effect or deemed to be binding on bioMérieux in whole or in part. This Agreement will become effective on the date when both Parties have signed it, in the event the Parties fail to sign the Agreement it shall be deemed effective when Customer accepts the Service (the “Effective Date”).
Definition of Terms.
“Access Credentials" means any user name, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify a User’s identity and authorisation to access and use the Service.
“Affiliates” means a corporation or other business entity controlled by, controlling or under common Control with a Party. For this purpose, control of such corporation or other business entity shall mean the direct or indirect ownership of more than fifty percent (50%) of voting rights and/or share capital or such other relationship which constitutes actual control of such corporation or other business entity.
“Anonymous Data” means data or data sets, including data definitions, structures, or analyses about such data or data sets, that does not constitute Personal Data and do not identify, and are not personally attributable to, any Patient or Customer Personnel. Anonymous Data include Customer Device Data, and any other data or data set that does not identify, or is not attributable to, any Patient or Customer Personnel.
“Applicable Laws” means all laws, regulations, directives, statutes, subordinate legislation, common law and civil codes of any jurisdiction, all judgments, orders, notices, instructions, decisions and awards of any court or competent authority or tribunal, all codes of practice having force of law, statutory guidance, regulatory policy or guidance and industry codes of practice, as amended, extended or re-enacted from time to time and includes all subordinate legislation made under each of the same.
“BIOFIRE Syndromic Trends” is or can be a Component of the Service that comprises a secure, cloud-based network that compiles real-time pathogen data from Customer Devices to allow Customers access to customised reports and the ability to spot epidemiological patterns on local, regional, and global bases.
"bioMérieux Personnel" means any employee, agent, or independent contractor of bioMérieux, of a bioMérieux Subcontractor, or of an authorised bioMérieux distributor.
“bioMérieux Proprietary Items” means, collectively, any Intellectual Property Rights, the Software, inclusive of the Service and Systems Software, and Documentation, the visual expressions, screen formats, report formats, and other design features of the Software, inclusive of the Service and Systems Software, all ideas, methods, algorithms, models, formulae, and concepts used in developing and/or incorporated into the Software, inclusive of the Service and Systems Software, or Documentation, all future modifications, revisions, updates, refinements, improvements, and enhancements of the Software, inclusive of the Service and Systems Software, or Documentation, all derivative works based upon any of the foregoing, including deliverables, work product, and all copies of the foregoing.
“Cloud-Based” means the storage, management, and processing of data on a network of remote servers hosted on the Internet.
“Cloud Service” means an entity that provides Cloud-Based services and shall include, but may not necessarily be limited to, Amazon Web Services (AWS).
“Component” means a part or extension of the Service that is dedicated to a specific function.
“Configure” means making Systems Software ready for use on the Customer Device and may be accomplished either remotely or on-site (and “Configuration” shall be construed accordingly).
“Confidential Information” means any information, that relates to the business, affairs, operations, customers (including Customer Data), processes, budgets, pricing policies, product information, strategies, developments, trade secrets, know-how, methods, technology, technical data, personnel and suppliers disclosed by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) in connection with this Agreement and any other information clearly designated by a Party as being confidential to it (whether or not it is marked "confidential"), or which ought reasonably be considered to be confidential or other matters connected with the Services; unless it is (a) already known by the Receiving Party without obligation of confidentiality; (b) independently developed by the Receiving Party without access to or use of the Disclosing Party’s Confidential Information; (c) publicly known without breach of this Agreement; or (d) lawfully received from a third party without obligation of confidentiality. Without limiting the generality of the foregoing, Confidential Information shall include: (a) Customer Data and non-public information, documentation, and materials, which may be disclosed or made available from any source or in any form relating to the Customer’s business, financial information, patients, employees, programs, documentation, techniques, trade secrets, and systems, (b) bioMérieux Proprietary Items and (c) all work flows and data structures created or provided by bioMérieux pursuant to this Agreement. Confidential Information shall include the terms and pricing in this Agreement, but not the fact that this Agreement has been signed, the identity of the Parties, or the identity of the Service or a Component of the Service.
“Customer Patient Data” means Patient Data stored or maintained in a Customer Device.
“Customer Device” means any Customer-owned or Customer-leased medical device as developed or manufactured by bioMerieux subsidiary, BioFire Diagnostics, LLC, and which is connected to the Service. Customer Devices shall include, but are not necessarily limited to, the BIOFIRE® FILMARRAY® and SPOTFIRE® product lines.“Customer Consumable” means substance or object used or needed to carry out or facilitate tests on the Customer Device and includes, but is not necessarily limited to, pouches, reagents, etc.
“Customer Data” means Customer Patient Data, Customer Device Data, and/or any other data relating to the Customer or Customer Personnel.
“Customer Device Data” means data that is related to the performance or operation of a Customer Device and does not include any Customer Patient Data.
"Customer System" means Customer's information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.
"Customer Personnel" means any employee, agent, or independent contractor of Customer or any Customer Subcontractor.
“Documentation” means bioMérieux’s standard user guides, manuals and/or electronic user guides relating to the Service, including on- line help, as updated and amended from time to time.
"Good Faith Dispute" means a good faith dispute by Customer of certain and specific amounts invoiced under this Agreement.
“Intellectual Property Rights” means any of the following rights existing in any part of the world: all patents, utility models, rights to inventions, plant variety rights, copyright and neighbouring and related rights, moral rights, rights in designs, semiconductor topography rights, trade and service marks, trade names, logos, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, domain name registrations, database rights and rights in confidential information (including know-how) and all other intellectual property rights, in each case whether registered or unregistered; applications to register any of those rights; rights to apply for and be granted renewals or extensions of, and rights to claim priority from, any of those rights; and any similar or equivalent rights.
"Order” means the commercial offer issued by bioMérieux related to the sale, purchase, or acquisition of the Service as set out in any order form or similar documentation agreed between the Parties.
“Patient” means any patient of Customer.
“Patient Data” means information relating to a Patient.
“Process” means any operation or set of operations which is performed on data or on data sets, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Publish” means to make information available through paper, electronic, audio or visual means in a manner intended to make such information accessible, in whole or in part, to the general public regardless of whether such access is made freely available or restricted.
“Regulatory Agency” means any government departments and regulatory, statutory and other bodies, entities and committees to which bioMérieux or the Customer is subject.
“Service” means an instance of the Software as made accessible to Customer as a cloud-hosted software-as-a-service offering, and commonly referred to as FIREWORKS.
“Software” means bioMérieux’s software, technology, tools, logic, reports, workflows, algorithms, predictive models, database schemes, database, analytics, hardware, and technology infrastructure incorporating or supporting the Service, inclusive of any third-party software included in the Service but excluding any separately licensed Third Party Components (as defined below), as ordered under the terms of this Agreement. Syndromic Trends Data” means data or data sets derived from Customer Patient Data through Processing from their initial or original forms or formats prior to transfer from the Customer Device to the Cloud Service BIOFIRE Syndromic Trends Component of the Service. “Systems Software” means Software provided by bioMérieux on a Customer Device to facilitate the use and functionality of the Service.
“Term” means the duration of Customer’s right to receive, access, and use the Service as set forth in this Agreement.
"User" means any Customer Personnel who is authorised to access or use the Service.
In this Agreement:
- A reference to a statute or statutory provision is a reference to it as it is in force for and on behalf of the time being, taking account of any amendment, extension or re-enactment and includes any subordinate legislation for the time being in force made under it.
- In the case of conflict or ambiguity, the order of precedence for this Agreement shall be as follows:
- the body of this Agreement; and then
- the Schedules.
- Unless a right or remedy of a Party is expressed to be an exclusive right or remedy, the exercise of it by a Party is without prejudice to that Party's other rights and remedies.
- Any phrase introduced by the words “including”, “includes”, “in particular” or “for example” or similar shall be construed as illustrative and are deemed to have the words “without limitation” following them.
Rights and Obligations.
Acceptance. Customer will identify and make its Customer Devices and Customer Systems readily available and accessible to bioMérieux Personnel at the time of or prior to the Configuration of any Systems Software. The Service shall be deemed accepted by Customer upon the earlier of the following: (i) notification by Customer that the Service is accepted, (ii) the first instance of the transfer of any Customer Data from a Customer Device to the Service, or (iii) five (5) days after the Configuration date. Customer is responsible for providing all reasonably requested assistance to bioMérieux Personnel as soon as practicable to ensure bioMérieux can Configure any Systems Software as agreed upon.
Access. bioMérieux has developed and deployed specifications, standards and/or protocols necessary to allow Users to access the Service at the Site using Access Credentials. Customer and Users are jointly responsible for the security of the Access Credentials. Any access to the Service by Customer or Users through improper use or sharing of Access Credentials is prohibited. Subject to the terms and conditions contained in this Agreement, bioMérieux grants to Customer a non-exclusive, non-transferable, revocable right to: (a) permit Users to access the Systems Software and the Service solely for Customer's internal business purposes; (b) permit Customer’s designated administrative users to access administrative features or functions of the Service solely for Customer's internal business purposes in order to manage access rights for Users.
bioMérieux Obligations. On the Configuration date, bioMérieux shall make available to Customer, on a non-exclusive, revocable, and non-transferable basis during the Term, the Service at the Site for up to the number of Users agreed upon along with any necessary Systems Software. In addition, bioMérieux (itself or through third party vendors (e.g. its Cloud Service partners)) will: (a) host, operate, maintain, and provide basic support for the Service as necessary to make the Service available; and (b) specify the procedures by which Customer may establish and obtain access to and use the features and functions of the Service or any Component of the Service.
Customer Obligations. Customer shall: (a) use the Service and Systems Software in accordance with this Agreement, the Documentation, and all Applicable Laws and regulations; (b) use all reasonable endeavours to prevent unauthorised access to or use of the Service and Systems Software and notify bioMérieux promptly of any such unauthorised access or use; (c) be responsible for all User acts and omissions; (d) be responsible for maintaining, at all times during the term of this Agreement, one or more current and active administrators of Customer’s account for the Service; (e) be responsible for disabling User accounts immediately upon a User’s separation from Customer or for any other applicable reason, (f) as soon as practicable make available at no charge to bioMérieux Personnel all Customer Devices and/or Customer Systems required by bioMérieux for the performance of the Service, including making any necessary configurations to Customer Devices at customer’s sole cost; (g) be responsible for, and assume the risk of, any problems resulting from, the content, accuracy, completeness, and consistency of all Customer Data; (h) be responsible for the accuracy, quality, integrity, and legality of Customer Data and the means by which such data was acquired, including but not limited to, ensuring that such Customer Data was obtained in accordance with all Applicable Laws; and (i) reasonably cooperate with bioMérieux Personnel as necessary for bioMérieux to perform its obligations. Customer shall reimburse bioMérieux, per bioMérieux’s standard policies, for any additional efforts or costs including, without limitation, site visits, it incurs resulting from Customer’s failure to perform its obligations.
Restrictions. Customer shall not, and shall not permit any Customer Personnel, to: (a) sell, resell, lease, rent, license, sublicense, distribute, transfer, or otherwise make available the Service or Systems Software, including on a time-sharing, SaaS, service bureau, or other similar basis, to any third party other than Users or otherwise use the Service at any location other than the Site or the Systems Software in connection with any devices other than Customer Devices; (b) use the Service or Systems Software to store or transmit malicious code, infringing, libellous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; (c) use or access the Service or Systems Software in any way that threatens the integrity, performance, or availability of the Service or Systems Software or any data therein; (d) load, or permit the loading, of Customer Data in violation of any Applicable Law; (e) remove, modify or obscure any product or service identifier, copyright, trademark or other proprietary rights notice or other notices, instructions, disclaimers or legends; (f) modify or create derivative works of the Service or Systems Software (or third party software embodied therein); (g) decompile, disassemble, or reverse engineer the Service or Systems Software, in whole or in part or attempt to reconstruct or discover any source code or underlying ideas, algorithms, file formats, data structures or other aspects of the Service or Components; or (h) access, use, or copy any portion the Service or Systems Software in order to build a competitive product or to benchmark with any third party product or service. bioMérieux may restrict or prohibit access to Customer if bioMérieux reasonably suspects Customer is breaching its obligations under this Section. No rights are assigned or granted to Customer other than as expressly set forth in this Agreement.
Use Acknowledgments. Customer acknowledges and agrees that the Service is an analytics solution that is not designed, intended, validated or cleared to be used as a clinical decision support system. Additionally, and where applicable, Customer acknowledges and agrees that the optional Cp Viewer Component of the Service has not been considered or cleared by any Regulatory Agency and cannot be used for patient care. No license is conveyed or implied for Customer to use, and Customer agrees not to use, the Cp Viewer Component in any manner requiring regulatory approval, clearance, or registration.
Third Party Code. The Service may contain or be provided with components subject to the terms and conditions of “open source” software licenses (“Open Source Software”) or other third-party software. bioMérieux shall provide a list of the Open Source Software to Customer upon Customer’s written request. To the extent required by the license that accompanies the Open Source Software, the terms of such license will apply in addition to the terms of this Agreement with respect to such Open Source Software, including, without limitation, any provisions governing access to source code, modification, or reverse engineering.
Software Update. The Systems Software will be configured to automatically perform software updates to make software improvements, security improvements and provide feature enhancements to facilitate the use and functionality of the Service. By agreeing to these terms, Customer is providing bioMérieux with authorisation to make such automatic updates, improvements, or modifications to the Systems Software. The Systems Software may also be configured to automatically receive other Customer Device software updates, improvements, or modifications. However, such other software updates, improvements, or modifications will require user intervention to be configured.
Support. Support for the Service shall be governed by any applicable service agreement between Customer and bioMérieux or the appropriate bioMérieux subsidiary or distributor.
Training. Upon request, training on the use of the Service will be provided to an agreed-upon number of Users at a time agreed by the Parties.
Data.
Customer Patient Data. All rights in the Customer Patient Data shall be considered proprietary to Customer and/or the Patient. bioMérieux will only use Customer Patient Data as authorised under this Agreement.
Customer Patient Data License Grant. Customer hereby grants bioMérieux a worldwide, perpetual, irrevocable, fully paid-up, royalty free, non-exclusive right and license to use the Customer Patient Data in the performance of its obligations under this Agreement.
Anonymous Data. bioMérieux shall be deemed to be the owner of any Anonymous Data. bioMérieux shall therefore be entitled to use Anonymous Data (a) to facilitate the provision of the Service to Customer, (b) for research, development, and continuous improvement of bioMérieux’s products, software, and services, (c) to monitor the operation or performance of Customer Devices in order to enhance Customer support including, without limitation, use of Customer names and contact information, connected Customer Device information, Customer Device status and Configuration information, Customer Device performance metrics, Customer Consumable inventory levels, runs and run performance per Customer Device, panel, institution or laboratory, and (d) for any other commercial purpose not prohibited by Applicable Law or this Agreement.
Data Safeguards. Where applicable, bioMérieux shall maintain reasonable and appropriate data safeguards and procedures designed to prevent the unauthorised use or disclosure of Customer Patient Data as required under Applicable Laws. During the Term, bioMérieux will maintain physical, administrative, and technical security measures to ensure the availability, integrity, and confidentiality of Customer Patient Data in accordance with its standard data security policies.
Data Processing. The Data Processing Addendum attached to this Agreement as Schedule A and incorporated herein by reference will govern bioMérieux’s obligations with regard to the Processing of Personal Data.
Data Publication. Customer shall retain the right to publish summaries, conclusions, or other results derived from the information or Customer Data derived or obtained from the Service; provided, however, that prior to any such publication, Customer shall provide bioMérieux with a copy of any data, findings, article, abstract, manuscript, poster, presentation or other information intended for publication, at least thirty (30) days prior to submission for publication so that bioMérieux may review the proposed publication for the purpose of determining correct usage of bioMérieux trademarks, verifying that bioMérieux’s confidential information is not disclosed, and verifying that the publication is not in violation of any Applicable Law or rule pertaining to bioMérieux.
BIOFIRE Syndromic Trends Data. Where applicable, the use of Syndromic Trends Data shall be governed according to the terms and conditions attached to this Agreement as Schedule B and incorporated herein by reference.
Warranties and Limitations.
General Warranties. Both Parties represent and warrant that they have the legal power to enter into and perform under this Agreement.
Performance Warranties. bioMérieux represents and warrants that the Service shall perform as described in the Documentation as of the Configuration date and it shall provide the Services with reasonable skill and care. Customer will notify bioMérieux of any known non-conformance to the specifications outlined in the Documentation without delay. bioMérieux's only obligation under this warranty, and Customer’s sole and exclusive remedy, is for bioMérieux to correct any failure to so perform, or if such correction is not possible in a commercially reasonable timeframe, refund the fees paid for the specific non-conforming service during the periods of non-conformance. bioMérieux does not warrant that the Customer’s use of the Service will be uninterrupted or error free or that the Services will be free from vulnerabilities or viruses.
Customer Warranty. Customer represents and warrants that Customer has all necessary consents and rights to use the Customer Data as part of the Product and Customer is not violating any existing agreements or Applicable Laws by providing bioMérieux or bioMérieux Personnel with access to Customer Data.
Exclusion for Unauthorised Actions and Results of Use. Neither bioMérieux nor its supplier, partners, and vendors shall have any liability under any provision of this Agreement with respect to any performance problem, delay, or other matter to the extent attributable to any unauthorised or improper use or modification of the bioMérieux Proprietary Items, any unauthorised combination with other services, deliverables, products, software, hardware, or technology, or any act or omission by Customer, its Affiliates, other users, representatives, or contractors. Customer is solely responsible for the results obtained from the use of the bioMérieux Proprietary Items. The Customer acknowledges and agrees that the Service does not offer medical advice or advice regarding the optical set of procedures, alerts, or steps needed to achieve the best outcomes for a Patient. Any Customer Data and decisions made or actions taken based on information accessed through the Service are the sole responsibility of the Customer.
Disclaimer. Except as expressly stated above in this section (Warranties and Limitations), the Service, Third Party Components, and Documentation are provided “as is” and neither bioMérieux nor its vendors, suppliers or partners makes any conditions, guarantees, representations or warranties, oral or written, express or implied or otherwise arising including implied warranties of satisfactory quality, or fitness for a particular purpose except as expressly stated in this Agreement. Accordingly, all terms that are capable at law of being excluded are excluded from this Agreement. bioMérieux makes no representations or warranties, nor shall bioMérieux have any liability with respect to, any third party data, third party components, third party products, or third party services.
Limitation of Liability. Nothing in this Agreement shall limit or exclude a Party’s liability; (i) for fraud or fraudulent misrepresentation; (ii) for gross negligence, or wilful misconduct; (iii) for death or personal injury caused by its negligence or that of its employees, agent or subcontractors; or (iv) for any other liability that may not otherwise be limited or excluded by law. In no event will either Party (or their suppliers, partners, or vendors) under any circumstances whatsoever and whether in contract, tort (including negligence), breach of statutory duty, or otherwise be liable to the other Party for any indirect, special, punitive, or consequential damages (including without limitation any loss of revenue, savings, or data) howsoever (including but not limited to pure economic loss, loss of anticipated profit or saving, loss of business, loss of production, depletion of goodwill or similar) arising out of or in connection with this Agreement or the use of any bioMérieux Proprietary Items, Third Party Components, or Components based on any theory of contract, tort, strict liability, negligence or otherwise, even if advised of the possibility of such damages. Subject to the foregoing, each Party’s (including its Suppliers, Partners, or Vendors) total aggregate liability to the other Party (or their suppliers, partners or vendors) arising under or in connection with this Agreement and all Orders whether arising in contract, tort (including negligence) or restitution, or for breach of statutory duty or misrepresentation, or otherwise howsoever, shall under no circumstances exceed the fees actually paid by the Customer to bioMérieux: (a) under the applicable Order in the twelve months prior to the claim being made, or (b) under this Agreement in the twelve months prior to the claim being made if such claim does not relate to a specific Order. Subject to the foregoing, bioMérieux’s total aggregate liability to Customer (or their suppliers, partners or vendors) for any third party infringement claim under section 8 (indemnification) shall be limited to the greater of £10.000,000 (ten thousands British pounds) or 250% of the fees actually paid by Customer to bioMérieux under: (a) the applicable Order in the twelve months prior to the claim being made; or (b) this Agreement in the twelve months prior to the claim being made if such claim does not relate to a specific Order.
Other Limitations. The warranties made by bioMérieux in this Agreement, and the obligations of bioMérieux under this Agreement, are exclusive only to Customer and not to any third party. Under no circumstances shall any Customer Affiliate, Patient, student, contractor, or user, or any other third party be considered a third-party beneficiary of this Agreement. No action or claim of any type relating to this Agreement may be brought or made by Customer more than one (1) year after Customer first has knowledge of the basis for the action or claim. Customer and bioMérieux have freely and openly negotiated this Agreement, including the pricing, with the knowledge that the liability is to be limited in accordance with the provisions of this Agreement.
Limitations Relating to Third Party Components. The bioMérieux Proprietary Items may contain or use code and/or components of a third party that require Customer to enter into a separate agreement with such third party. Customer hereby consents to the use of such third-party components and agrees to comply with the terms and conditions set forth in any applicable third-party license. Except as otherwise set forth in the third-party license, the third-party components are provided “as is,” and without representation or warranty of any kind. Customer hereby agrees to use such third-party components in accordance with the terms and conditions of the applicable third-party component license, and agrees to indemnify, defend and hold harmless bioMérieux from all claims, losses, damages, expenses, or actions arising from its breach of any of the terms and conditions of such third-party component license.
Confidentiality.
For the duration of this Agreement and for a period of five (5) years after termination or expiry of this Agreement, all Confidential Information of a Disclosing Party in the possession of the Receiving Party, whether or not authorised, shall be held in strict confidence, and the Receiving Party shall take all steps reasonably necessary to preserve the confidentiality and prevent the unauthorised use or disclosure of the Confidential Information. The Receiving Party will not use or disclose any Confidential Information except as expressly authorised by this Agreement and will protect the Disclosing Party’s Confidential Information using the same degree of care that it uses with respect to its own confidential information, but in no event with safeguards less than a reasonable level of care under similar circumstances. Notwithstanding the foregoing, the Receiving Party will not be in breach of this Section (Confidentiality) with regard to a disclosure that is in response to a valid order or requirement by a court of competent jurisdiction or other governmental body or Regulatory Agency or otherwise required by Applicable Law, provided that (where possible) the Receiving Party gives the Disclosing Party prior written notice of such disclosure in order to permit the Disclosing Party to seek an appropriate protective order. Information that is disclosed pursuant to a valid court or governmental order shall not lose its status as Confidential Information.
Ownership of bioMérieux Proprietary Items.
Ownership and License Grants. All bioMérieux Proprietary Items provided to or accessed by Customer under this Agreement are being made available on a strictly confidential and limited use basis in accordance with this Agreement and have great commercial value to bioMérieux and its Affiliates (or its partners or suppliers). This Agreement provides access to the Service only. This Agreement grants the Customer (for the duration of the Term) a non-exclusive, revocable, and non-transferable licence to use the Systems Software, Documentation, and any other relevant bioMérieux Proprietary Items transferred from bioMérieux to Customer in connection with this Agreement. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the bioMérieux Proprietary Items or Components. The Customer acknowledges and agrees that all bioMérieux Proprietary Items and all right, title and interest in such items shall remain the sole and exclusive property of bioMérieux or its Affiliate entities. bioMérieux, on behalf of itself and its vendors, partners, and suppliers, reserves all rights not expressly granted by this Agreement. bioMérieux confirms that it has all the rights in relation to the bioMérieux Proprietary Items that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this Agreement.
Feedback. Customer may provide bioMérieux with feedback, comments, and recommendations regarding the functionality and performance of the Software, inclusive of the Service and Systems Software, including, without limitation, identifying potential errors and improvements. bioMérieux (and its partners and suppliers) shall have the unrestricted right to use such feedback in their sole discretion, including to improve or enhance the Service, Systems Software, and other bioMérieux (or its partners’ and suppliers’) products, and, accordingly, bioMérieux (and its partners and suppliers) shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit such feedback without restriction.
Indemnification.
bioMérieux shall defend, indemnify, and hold Customer harmless against all third party claims relating to alleged or actual infringement of any Intellectual Property Rights brought against Customer, insofar as such claim directly arises out of Customer’s use of the Service or Systems Software, only as expressly authorised under this Agreement, provided bioMérieux shall have no obligation or liability to the extent that the alleged infringement or misappropriation arises from (1) the combination, operation, or use of the bioMérieux Proprietary Items with products, services, deliverables, materials, technologies, business methods, or processes not furnished by bioMérieux; (2) modifications which were not made by bioMérieux; (3) Customer’s breach of this Agreement; or (4) third-party components, Customer-created patient care frameworks and Customer modifications. bioMérieux’s indemnification obligation hereunder is contingent upon prompt notice of and full control over the defence and/or settlement of any claim. Upon the occurrence of any claim for which indemnification is or may be due under this Section (Indemnification), or in the event that bioMérieux considers that such a claim is likely, bioMérieux may, at its sole option (i) modify the bioMérieux Proprietary Item so that it becomes non-infringing, or substitute functionally similar services, deliverables, or documentation; (ii) obtain a license to the applicable third-party intellectual property; or (iii) terminate this Agreement on written notice to Customer and refund to Customer any pre-paid fees for services not provided. The obligations set forth in this Section (Indemnification) shall constitute bioMérieux’s entire obligations and liability and Customer’s sole and exclusive rights and remedy for any infringement or misappropriation.
Other Provisions.
Compliance with Laws. Each Party will comply with all Applicable Laws. The Parties further represent that their performance of this Agreement will not violate any existing covenant, contracts, or Applicable Law, and will not infringe upon the rights of third parties, including property, contractual, employment, trade secrets, and Intellectual Property Rights.
Anti-Bribery and Corruption: Neither Party nor any of its officers, employees or representatives ("Associated Parties") shall, directly or indirectly, either in private business dealings or in dealings with the public sector, offer, give or agree to offer or give (either itself or in Agreement with others) any payment, gift or other advantage with respect to any matters which are the subject of this Agreement which: (i) would violate anti-corruption or bribery legislation in the UK or European Union (including the Bribery Act 2010); or (ii) a reasonable person would otherwise consider to be unethical, illegal or improper, (in this Agreement, a “Corrupt Act”). Each Party represents, warrants and undertakes that it and its Associated Parties have not engaged in any Corrupt Act prior to the Effective Date.
Criminal Finances: The Customer shall not engage in any activity, practice or conduct which would constitute an offence under the Criminal Finances Act 2017.
Notice. All notices, consents, and other communications under or regarding this Agreement shall be in writing and shall be deemed to have been received on the earlier of the date of actual receipt or the second business day after being sent by a pre-paid first class post or recorded delivery service. Either Party may change its address for notices by giving written notice of the new address to the other Party.
Parties in Interest. This Agreement shall bind, benefit and be enforceable by and against bioMérieux and Customer and, to the extent permitted hereby, their respective successors and assigns. Neither Party may assign any of its rights or obligations under this Agreement, and any attempt at such assignment will be void without the other Party’s prior written consent, which consent will not be unreasonably withheld or delayed. Notwithstanding the foregoing, bioMérieux may assign this Agreement or of any bioMérieux rights under this Agreement to: (a) any bioMérieux successor by merger or consolidation or to any person or entity that acquires all or substantially all of its capital stock or assets; and (b) any person or entity to which bioMérieux transfers any of its rights in the bioMérieux Proprietary Items.
Invalidity. If any term or provision of this Agreement is held void, illegal, unenforceable or in conflict with any Applicable Laws of a governmental authority having jurisdiction over this Agreement, such invalidity, illegality or unenforceability shall not affect the other provisions of this Agreement, which shall remain in full force and effect.
Relationship. The relationship between the Parties under this Agreement is that of independent contractors and not partners, joint venturers or agents and nothing in this Agreement shall constitute, establish or imply any partnership, joint venture, agency, employment or fiduciary relationship between the Parties. Neither Party shall have, nor represent that it has, any authority to make or enter into any commitments on the other’s behalf or otherwise bind the other in any way (including the making of any representation or warranty, the assumption of any obligation or liability or the exercise of any right or power).
Entire Agreement. This Agreement, which includes and incorporates Orders, attachments, and any other schedules, exhibits and addenda attached to it, states the entire understanding and agreement between the Parties with respect to its subject matter, and supersedes and extinguishes all prior proposals, marketing materials, negotiations and other written or oral communications between the Parties with respect to the subject matter of this Agreement. In the event of any conflict between these Terms and Conditions and an Order, the Order shall govern.
Modification. bioMérieux may revise this Agreement from time to time to better reflect changes to the law, new regulatory requirements, or improvements or enhancements made to the Service. If a revision affects the use of the Service and any legal rights relating to the Service, bioMérieux will provide notification prior to the effective date by sending an email to the email address associated with Customer or, where applicable, via an in-product notification. Revised terms will be effective no less than 30 days from when bioMérieux’s notification. If Customer does not agree to the revisions, Customer may terminate this Agreement before the revised terms take effect. Where applicable, bioMérieux will offer a prorated refund based on the amounts Customer has prepaid for the Service. By continuing to use or access the Service after the revisions take effect, Customer agrees to be bound by the revised terms.
Waiver. A delay or failure to exercise, or the single or partial exercise of, any right or remedy shall not waive that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy.
Rights and remedies. Except as expressly provided in this Agreement, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
Severability. If any provision of this Agreement is declared unenforceable, the other provisions herein will remain in full force and effect and this Agreement will be amended in order to effect, to the maximum extent allowable by law, the original intent of such provision.
Right to Seek Injunctive Relief. The Parties acknowledge and agree that either Party may seek injunctive relief relating to a breach of this Agreement.
Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument. No counterpart or duplicate shall be effective until each Party has executed at least one counterpart or duplicate.
Governing Law. This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of England and Wales. Each Party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any such dispute or claim.
Variation. No variation or amendment to this Agreement shall be binding upon the Parties unless it is recorded and signed in writing between the Parties.
Rights of Third Parties. This Agreement does not create any right or benefit enforceable by any person who is not a party to (whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise) except for any bioMérieux Affiliates.
No Representation. Each Party confirms that, except as provided in this Agreement and without prejudice to any liability for fraudulent misrepresentation, no Party has relied on any representation, warranty or undertaking (whether made innocently or negligently) which is not contained in this Agreement or any document referred to herein.
Force Majeure. Except with respect to Customer’s payment obligations, neither Party shall be liable for, nor shall either Party be considered in breach of this Agreement due to any failure to perform its obligations under this Agreement as a result of a cause beyond its reasonable control, including any act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications (including the Internet or other networked environment), power or other utility, labour problem, unavailability of supplies, disruption of the Service due to Internet connection impairments, or any other cause which could not have been prevented by the non-performing Party with reasonable care.
Use of Customer’s Name. Customer authorises bioMérieux to use Customer’s name and logo in any routine list of bioMérieux clients, as a reference, or in any advertising or press release.
SCHEDULE A
DATA PROCESSING ADDENDUM (UK)
Clause 1 - Definitions
1.1 “Approved Third Country” shall mean any country within the European Economic Area (EEA) or any third country which is approved by the European Commission, the UK Secretary of State or other competent body from time to time as providing adequate protection for personal data pursuant to Article 45(3) of the EU GDPR or the equivalent provision in the Data Protection Law of the UK, as applicable.
1.2 “bioMérieux” shall refer to bioMérieux UK Ltd. and any of its Affiliates in the United Kingdom.
1.3 “Customer” shall refer to the entity designated as “Customer” for purposes of the FIREWORKS Software as a Service Terms (FIREWORKS SaaS Agreement).
1.4 “Customer Device” shall have the meaning as “Customer Device” in the FIREWORKS SaaS Agreement.
1.5 “Controller” shall mean an entity which, alone or jointly with others, determines the purposes and means of the Processing of the Personal Data.
1.6 “Data Protection Law” shall mean (i) all Applicable Laws related to data privacy, data protection, data security, data transfer, or protection of personal data of individual, as applicable from time to time including without limitation and where applicable, GDPR, any national implementing legislation and the equivalent laws of the United Kingdom, and all equivalent, comparable, or applicable United Kingdom privacy, security and data breach notification laws with respect to the business of bioMérieux, and applicable United Kingdom data protection authorities.
1.7 “Data Subject” shall mean an identified or identifiable natural person who is the subject of Personal Data.
1.8 “EU GDPR” shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (as may be amended or replaced from time to time).
1.9 “EU Personal Data” shall mean Personal Data subject to the EU GDPR.
1.10 “EU Restricted Transfer” shall mean a transfer of EU Personal Data Processed outside the EEA to a country, territory or jurisdiction that is not an Approved Third Country.
1.11 “FIREWORKS SaaS Agreement” shall mean the FIREWORKS Software as a Service Terms (EU) of which this addendum is appended.
1.12 “GDPR” shall mean, as applicable, the UK GDPR and the EU GDPR.
1.13 “Personal Data” shall mean any information relating to an identified or identifiable natural person or Data Subject; an identifiable natural person is one who can be identified, directly or indirectly, in particular or by reference to an identifier such as a name, a unique identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.14 “Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
1.15 “Processing” shall mean any operation or set of operations which is performed on the Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and “process” shall have the corresponding meaning.
1.16 “Processor” shall mean a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of a Controller.
1.17 “Service” shall have the same meaning as “service” in the FIREWORKS SaaS Agreement.
1.18 “Subprocessor” shall mean a natural or legal person, public authority, agency or other body appointed by or on behalf of Processor to process Personal Data on behalf of the Controller.
1.19 “UK GDPR” shall mean Retained Regulation (EU) 2016/679 as applicable as part of UK domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended) (as may be amended or replaced from time to time).
1.20 “UK Personal Data” shall mean Personal Data subject to UK GDPR.
1.21 “UK Restricted Transfer” shall mean a transfer of UK Personal Data Processed outside the UK to a country, territory or jurisdiction that is not an Approved Third Country.
Clause 2 - Processing of Personal Data
2.1 Data Processing
bioMérieux may process Personal Data under the FIREWORKS SaaS Agreement as a Processor acting on behalf of Customer as the Controller for the various purposes as indicated in the table below:
Subject Matter, Nature and Purpose of Processing of Personal Data | Such Processing within the United Kingdom (UK) ) and the European Economic Area (EEA) as is necessary for purposes of enabling Customer to access and analyse laboratory data from multiple FilmArray systems by:
The Processing is necessary for the Processor to comply with its obligations under the FIREWORKS SaaS Agreement and its provision of the Service to Customer. |
Controller | Customer |
Processor | bioMérieux |
Data Subjects | Patients seeking medical diagnoses or care from Customer |
Providing Notice, Obtaining Consent, and/or Formulating Legal Basis | Sole responsibility of Customer |
Collection of Personal Data | The Service collects Personal Data from Customer’s connected Customer Devices. |
Data Elements Processed | Personal Data (including special categories of Personal Data) contained in the entire raw data file obtained from Customer Devices and generally includes the following categories of data elements concerning health:
|
Duration of Processing | Processing of Personal Data shall continue for the duration of the FIREWORKS SaaS Agreement, unless otherwise agreed by the parties. |
Category of Recipients | Customers |
Rights and Obligations of Controller | The rights and obligations of Customer where it is a Controller shall be as set out in this Addendum and Data Protection Laws. |
2.2 Customer’s Responsibilities
When using the Service, Customer shall be solely responsible for its own compliance obligations as the Controller in relation to the Processing of Personal Data in accordance with Data Protection Laws, including providing all requisite notices or obtaining all requisite consents, and obtaining all requisite rights to use and disclose the Personal Data including establishing applicable legal bases and conditions for Processing, where applicable.
2.3 Instructions
bioMérieux and its Subprocessors will process Personal Data in accordance with Customer’s documented instructions except to the extent necessary to comply with Applicable Laws. Customer agrees that this Addendum, the FIREWORKS SaaS Agreement and any related statements of work or service orders issued by Customer or its authorised representatives, comprise Customer’s complete instructions to bioMérieux regarding the Processing of Personal Data, and that such instructions accurately reflect the Processing of Personal Data. Any additional or alternate instructions must be agreed to between the parties in writing, including the costs (if any) associated with complying with such instructions. Customer shall ensure that all instructions it issues to bioMérieux comply with Data Protection Laws.
Customer acknowledges and agrees that bioMérieux and its Subprocessors are not responsible for determining whether Customer’s instructions are compliant with Data Protection Laws. However, if bioMérieux and/or its Subprocessors are of the opinion that a Customer instruction violates applicable Data Protection Laws, bioMérieux shall notify Customer as soon as reasonably practicable and shall not be required to comply with such instructions.
2.4 Details of Processing
Details of the subject matter of the Processing, its duration, nature and purpose, and the type of Personal Data and data subjects are specified in the FIREWORKS SaaS Agreement and in Clause 2.1 above.
2.5 Compliance
Customer and bioMérieux agree to comply with their respective obligations under Data Protection Laws applicable to the Personal Data that is Processed in connection with the Service. Customer has sole responsibility for complying with Data Protection Laws regarding the lawfulness of the Processing of Personal Data prior to disclosing, transferring, or otherwise making available, any Personal Data to bioMérieux and/or its Subprocessors.
2.6 Restricted Transfers
Customer hereby consents to bioMérieux and/or its Subprocessors transferring Personal Data outside the United Kingdom to an Approved Country.
bioMérieux shall not make or permit any UK Restricted Transfer or EU Restricted Transfer under this Addendum without prior written consent of Customer. Where such consent is granted, bioMérieux may only make or permit the UK Restricted Transfer or EU Restricted Transfer if bioMérieux participates in a valid cross-border transfer mechanism under Data Protection Laws so that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the UK GDPR and EU GDPR.
Clause 3 - Subprocessors
3.1 Use of Subprocessors
bioMérieux shall be generally authorised by Customer to use Subprocessors subject to the conditions set out in this Clause 3. Customer authorises bioMérieux to appoint and use Subprocessors to Process Personal Data in connection with the Service provided that bioMérieux puts in place a contract in writing with each Subprocessor that imposes obligations that are: (i) relevant to the services to be provided by the Subprocessors and (ii) materially similar to the rights and/or obligations imposed on bioMérieux under this Addendum.
Subprocessors may include third parties or any of bioMérieux’s Affiliates. Where a Subprocessor fails to fulfil its data protection obligations in connection with the Service, bioMérieux shall be liable to the Customer for the performance of the Subprocessor’s obligations.
3.2 List of Subprocessors
Customer acknowledges and agrees that bioMérieux may use the Subprocessor identified below:
Subprocessor | Location | Responsibility for Processing |
Amazon Web Services (AWS) | EU | Cloud hosting and storage |
bioMérieux shall notify Customer of any intended changes concerning additional or replacement Subprocessors. As Controller, Customer may reasonably object to any changes concerning such additional or replacement of the Subprocessors. Customer shall object in writing by sending the objection by email within ten (10) days from the date that it is notified to bioMérieux’s Data Protection Officer at PrivacyOfficer@biomerieux.com. If no objective is received within such time period, Customer shall be deemed to have given its approval to use such Subprocessor.
Clause 4 - Technical and Security Measures
4.1 Technical and Organisational Security Measures
Taking into account industry standards, the state of technical development, the costs of implementation, the nature, scope, context and purposes of the Processing, bioMérieux will implement appropriate technical and organisational security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration and unauthorised disclosure or access and to ensure that the security, confidentiality, integrity, availability and resilience of the systems involved in Processing of Personal Data are commensurate with the risk in respect of such Personal Data.
The Parties agree that the technical and organisational security measures described in Annex 1 (“Information Security Measures”) provide an appropriate level of security for the protection of Personal Data to meet the requirements of this clause. bioMérieux shall periodically (i) test and monitor the effectiveness of the safeguards, controls, systems and procedures and (ii) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of Personal Data, and ensure that the risks are addressed.
4.2 Restricted Access
bioMérieux shall ensure that its personnel authorised to access and/or process Personal Data (i) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, and (ii) have received appropriate training on their responsibilities, specifically pertaining to security and privacy measures. bioMérieux shall ensure that its personnel process Personal Data only upon documented instructions from Customer, unless required to do so by Applicable Laws.
Clause 5 - Personal Data Breach
bioMérieux shall notify Customer, without undue delay, after becoming aware of a Personal Data Breach involving Customer’s Personal Data and shall use reasonable efforts to assist Customer in the particulars of the breach (to the extent available to bioMérieux) and in mitigating, where possible, the adverse effects of any Personal Data Breach. The notification of a Personal Data Breach shall be sent to Customer by email to Customer’s Data Privacy contact using the address set forth in Clause 10 below.
Clause 6 - Deletion of Personal Data
Upon termination of the FIREWORKS SaaS Agreement and if requested by Customer in writing, bioMérieux shall, at Customer’s option, as soon as reasonably practical and where feasible, either return or delete Personal Data received from Customer unless Applicable Law or any relevant agreement between bioMérieux and Customer requires retention of such Personal Data. To the extent that Applicable Law or relevant agreement requires retention of such Personal Data, the provisions of this Addendum shall continue to apply to such Personal Data. bioMérieux reserves the right to charge Customer for any reasonable costs and expenses incurred by bioMérieux in deleting or returning Personal Data pursuant to this clause.
Clause 7 – Cooperation
7.1 Data Subject Requests
bioMérieux shall promptly inform Customer by email to Customer’s Data Privacy contact using the address set forth in Clause 10 below of any requests from Data Subjects seeking exercising their data subject rights under Data Protection Laws and provide such assistance (to such extent permitted by Data Protection Laws) as Customer may reasonably require in responding to any such request. Customer is responsible for responding to such requests. bioMérieux reserves the right to charge Customer for such assistance if the cost of assisting exceeds a nominal amount.
7.2 Third Party Requests
Subject to, and to the extent permitted by, applicable Data Protection Laws, nothing in this Addendum shall prevent bioMérieux and/or its Subprocessors from disclosing Personal Data processed on behalf of Customer to the extent required pursuant to a judicial or government request, requirement, or order. bioMérieux shall notify Customer in writing at least 15 days before disclosing Personal Data pursuant to a third party request, requirement, or order, and shall cooperate with Customer, as Customer reasonably requests, in seeking a protective order or other recourse limiting the effect of that disclosure.
7.3 Privacy Impact Assessments and Prior Consultations
To the extent required by Data Protection Laws, bioMérieux shall provide reasonable assistance to Customer (i) to carry out a data protection impact assessment in relation to Processing of Personal Data by bioMérieux and (ii) as part of any required prior consultation(s) with supervisory authorities. bioMérieux reserves the right to charge Customer for such assistance if the cost of assisting exceeds a nominal amount.
Clause 8 - Demonstrating Compliance
bioMérieux shall, upon reasonable prior written request from Customer (such request to be made in accordance with the terms of this Addendum), provide Customer such information as may be reasonably necessary to demonstrate compliance with bioMérieux’s obligations under this Addendum, and allow for and contribute to audits (limited to one (1) audit per year, with fifteen (15) business days prior notice), including inspections, conducted by Customer or another auditor retained by Customer.
Clause 9 - Limitation of Liability
Each Party’s and all of its Affiliates’ liability, in the aggregate, arising out of or related to this Addendum is subject to the Limitation of Liability section of the FIREWORKS SaaS Agreement.
Clause 10 – Contacts and Information
Processor (bioMérieux)
Title: Data Protection Officer
Email Address: PrivacyOfficer@biomerieux.com
Annex 1 - Information Security Measures
As a Processor, bioMérieux is committed to providing a high level of information security regarding the Service and related services. bioMérieux shall provide an appropriate security level through organisational, technical and physical security measures as described below to the extent that bioMérieux has or gains access to Customer’s Personal Data. bioMérieux shall also ensure that AWS, as a Subprocessor, shall provide appropriate security level through organisational, technical and physical security measures and shall, upon reasonable request from Customer, provide information obtained from or published by AWS regarding such measures.
1. Physical Access Controls
bioMérieux has implemented reasonable measures to prevent unauthorised persons from gaining access to Personal Data.
2. System Access Controls
bioMérieux has taken reasonable measures to prevent Personal Data from being used without authorisation. These controls vary based on the nature of Processing undertaken and may include, among other controls, password-protected individual accounts, password policies, and electronic or multi-factor authentication methods.
3. Data Access Controls
bioMérieux has taken reasonable measures to provide that Personal Data is accessible and manageable only by properly authorised employees, database query access is controlled, and application access rights are established and enforced to ensure that employees entitled to use a Processing system only have access to Personal Data to which they have privilege of access, and that personal data cannot be read, copied, modified or removed without authorisation in the course of Processing. bioMérieux has taken reasonable measures to implement an access policy under which access to system environments, Personal Data and other data is limited to authorised personnel only.
4. Transmission Controls
bioMérieux has taken reasonable measures to ensure that Personal Data cannot be read, copied, modified or deleted without authorisation during transmission. These controls include encryption of data transmission using either 128-bit Symmetric Encryption keys or the then-current but no less secure industry standard encryption
5. Input Controls
bioMérieux has taken reasonable measures to guard against any unauthorised inclusion, modification or deletion of Personal Data from databases. bioMérieux has taken reasonable measures to ensure that (i) the source of Personal Data is under the control of Customer at the time of Personal Data collection, and (ii) Personal Data exported into bioMérieux databases are managed by secure and encrypted file transfer from Customer to bioMérieux.