FDNA’s mission is to save lives and improve the quality of life of patients with rare, or difficult-to-diagnose genetic syndromes. By making our innovative technology and tools available through our websites, web applications and mobile applications (“our Applications”), we intend to support healthcare professionals in their activities related to search and reference of genetic syndromes, capture and maintain a clinical data archives, facilitate easy peer communication, access relevant medical content, share clinical data with relevant stakeholders, support research activities and continue their medical training and education.
FDNA offers unpaid Subscriptions for limited Services (each an “Unpaid Subscription”) and paid Subscriptions providing additional Services provided by FDNA directly or through third party vendors. A Registrant with a registered domain name may purchase a Subscription that enables individuals affiliated with such Registrant to register for a User Account using an email address at such domain name at no additional cost to the individual (a “Network Subscription”). Alternatively, a Subscription may have been purchased for a single registered account (an “Individual Subscription”). For purposes of clarity, all references to “Subscription(s)” hereunder shall apply to Unpaid Subscriptions, Network Subscriptions and Individual Subscriptions.
License and warranty for your submissions to FDNA
You must comply with all applicable laws, the Agreement, as may be amended from time to time with or without advance notice, and the policies and processes explained below
You have control over the information you provide FDNA under this Agreement, and may request its deletion at any time, unless you have shared information or content with others and they have not deleted it, or it was copied or stored by other users.
Additionally, and subject to our obligations hereunder and under our Data Sharing and Protection Policy with respect to any protected health information (“PHI”), you grant FDNA a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to FDNA, including, but not limited to, any user generated content, ideas, concepts, techniques or data to the services, you submit to FDNA, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss as noted below in this Agreement.
By providing information to us, you represent and warrant that you are entitled to and have the requisite rights to submit the information and that the information is accurate, not confidential (except for PHI, which is subject to the terms herein and the terms of our Data Sharing and Protection Policy), and not in violation of any contractual restrictions or other third party rights. While you remain free to re-use or republish your own contributions made to us in its original or derivative form for republication elsewhere, such as in journals or other professional publications, you may not republish the contributions or postings of other Users or information furnished under the Services, without our explicit permission. FDNA shall be free to use any ideas, concepts, know-how or techniques contained in such information for any purpose whatsoever including, but not limited to, developing, manufacturing, and marketing products and services incorporating such information. It is your responsibility to keep your FDNA profile information accurate and updated.
To be eligible to use the Services, you must meet the following criteria and represent and warrant that: (1) you personally are (a) 18 years of age or older, and (b) a certified physician, medical student, or other health care professional; and (2) you personally and, if applicable, you the Registrant (a) are not currently restricted from the Services, or not otherwise prohibited from having a User Account, (b) are not a competitor of FDNA or are not using the Services for reasons that are in competition with FDNA, (c) have full power and authority to enter into this Agreement and doing so will not violate any other agreement to which you are a party, (d) will not violate any rights of FDNA, including intellectual property rights such as copyright or trademark rights, and (e) agree to provide at your cost all equipment, software, and internet access necessary to use the Services.
You agree to: (1) Keep your password secure and confidential; (2) not permit others to use your login credentials to access your User Account; (3) refrain from using other Users’ User Accounts; (4) refrain from selling, trading, or otherwise transferring your User Account or any information and content of another FDNA user to another party; and (5) refrain from charging anyone for access to any portion of the Services, or any information therein. Further, you are responsible for anything that happens through your User Account until you close down your User Account or prove that your User Account security was compromised due to no fault of your own.
You agree to indemnify and hold harmless FDNA, its officers, employees, agents, subsidiaries, affiliates and other partners, from and against any claims, actions or demands, liabilities and settlements including without limitation, reasonable legal and accounting fees, resulting from, or alleged to result from your use of the Services, your violation of this Agreement, or your posting of content, except in each case due to FDNA or the Services infringing the intellectual property rights of third parties or violating applicable law (other than due to content you provided).
Notifications and Service Messages
For purposes of service messages and notices about the Services to you, FDNA may place a banner notice across its pages to alert you to certain changes such as modifications to this Agreement. Alternatively, notice may consist of an email from FDNA to an email address associated with your User Account, even if we have other contact information. You also agree that FDNA may communicate with you through your User Account or through other means including email, mobile number, telephone, or delivery services including the postal service about your User Account or services associated with FDNA. You acknowledge and agree that we shall have no liability associated with or arising from your failure to do so maintain accurate contact or other information, including, but not limited to, your failure to receive critical information about the Services.
User-To-User Communication and Sharing
FDNA offers various message boards and tools that facilitate peer communication. These message boards are designed to be used only by healthcare professionals and we do our best to grant access only to Users who are validated as such. However, we cannot guarantee that all users are indeed healthcare professionals.
We may decide to remove content from these channels, if we believe that the content violates this Agreement or others’ intellectual property rights. We can also decide to restrict access to Users who we suspect or believe are not healthcare professionals, at our sole discretion.
Please note that ideas you post and information you share may be seen and used by other Users, and FDNA cannot guarantee that other Users will not use the ideas and information that you share on FDNA. Therefore, if you have an idea or information that you would like to keep confidential and/or don’t want others to use, or that is subject to third party rights that may be infringed by your sharing it, do not share it on FDNA. FDNA IS NOT RESPONSIBLE FOR A USER’S MISUSE OR MISAPPROPRIATION OF ANY CONTENT OR INFORMATION YOU POST, UPLOAD, OR TRANSMIT WITHIN FDNA.
Contributions to FDNA
By submitting ideas, suggestions, documents, and/or proposals (“Contributions”) to FDNA through its suggestion or feedback webpages, you acknowledge and agree that: (a) your Contributions do not contain confidential or proprietary information; (b) FDNA is not under any obligation of confidentiality, express or implied, with respect to the Contributions; FDNA shall be entitled to use or disclose (or choose not to use or disclose) such Contributions for any purpose, in any way, in any media worldwide; (d) FDNA may have something similar to the Contributions already under consideration or in development; (e) you irrevocably assign to FDNA all rights to your Contributions; and (f) you are not entitled to any compensation or reimbursement of any kind from FDNA under any circumstances.
Certain information and content made available by FDNA through the Services is gathered from publicly available data or submitted by other Users, and FDNA cannot guarantee the accuracy of such information. Use of the Services by you is conditioned upon your agreement that all of the information and content is for informational and educational purposes only and should not be relied upon, and that as a User, you agree to hold harmless FDNA and other Users and data suppliers for your use or reliance on such information.
Code of Conduct
You hereby undertake to always take the following actions:
- Comply with all applicable laws, including, without limitation, state and federal patient privacy laws, intellectual property laws, export control laws, tax laws, and regulatory requirements;
- Provide accurate information to us and update it as necessary;
- Review and comply with notices sent by FDNA concerning the Services; and
- Disclose any potential conflicts-of-interest, such as consultant fees (e.g. promoting “off-label” use) as appropriate; and
- Use the Services in a professional manner.
You hereby undertake never to take the following actions:
- Act dishonestly or unprofessionally by engaging in unprofessional behavior by posting inappropriate, inaccurate, or objectionable content to the Services;
- Harass, abuse or harm another person, including sending unwelcomed communications to others using FDNA;
- Upload a profile image that is not an individual’s likeness or a head-shot photo;
- Use or attempt to use another’s User Account without authorization from the user, or create a false identity on FDNA;
- Upload, post, transmit or otherwise make available or initiate any content that:
- Falsely states, impersonates or otherwise misrepresents your identity, including but not limited to misrepresenting your current or previous positions and qualifications, or your affiliations with a person or entity, past or present;
- Is unlawful, libelous, abusive, obscene, discriminatory or otherwise objectionable;
- Includes information that you do not have the right to disclose or make available under any law or under contractual or fiduciary relationships (such as private patient information, insider information, or proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
- In fringes upon patents, trademarks, trade secrets, copyrights or other proprietary rights;
- Includes any unsolicited or unauthorized advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” or any other form of solicitation;
- Contains software viruses, worms, or any other computer code, files or programs that interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment of FDNA or any Users;
- Forges headers or otherwise manipulate identifiers in order to disguise the origin of any communication transmitted through the Services; and/or
- Duplicate, license, sublicense, publish, broadcast, transmit, distribute, perform, display, sell, rebrand, or otherwise transfer information found on FDNA (excluding content posted by you) except as permitted in this Agreement or as expressly authorized by FDNA;
- Reverse engineer, decompile, disassemble, decipher or otherwise attempt to derive the source code for any underlying intellectual property used to provide the Services, or any part thereof;
- Utilize or copy information, content or any data you view on and/or obtain from FDNA to provide any service that is competitive, in FDNA’s sole discretion, with FDNA;
- Imply or state, directly or indirectly, that you are affiliated with or endorsed by FDNA unless you have entered into a written agreement with FDNA;
- Adapt, modify or create derivative works based on FDNA or technology underlying the Services, or other Users’ content, in whole or part;
- Rent, lease, loan, trade, sell/re-sell access to FDNA or any information therein, or the equivalent, in whole or part;
- Sell, sponsor, or otherwise monetize any service or functionality of FDNA, without the express written permission of FDNA.
- Deep-link to the Site for any purpose, (i.e. including a link to a FDNA web page other than FDNA’s home page) unless expressly authorized in writing by FDNA;
- Remove any copyright, trademark, insignia or other proprietary rights notices contained in or on the Services, including those of both FDNA and any of its licensors;
- Collect, use, copy, or transfer any information, including, but not limited to, personally identifiable information obtained from FDNA except as expressly permitted in this Agreement or as the owner of such information may expressly permit;
- Share information of non-Users without their express consent;
- Infringe or use FDNA’s brand, logos and/or trademarks, including, without limitation, using the word “FDNA” in any business name, email, or URL or including FDNA’s trademarks and logos or as expressly permitted by FDNA;
- Use manual or automated software, devices, scripts robots, other means or processes to access, “scrape,” “crawl” or “spider” any web pages or other services contained in the site, unless explicitly permitted by FDNA;
- Use bots or other automated methods to access FDNA, add or download contacts, send or redirect messages, or perform other activities through the Services, unless explicitly permitted by FDNA;
- Access, via automated or manual means or processes, the Services for purposes of monitoring FDNA’s availability, performance or functionality for any competitive purpose;
- Engage in “framing,” “mirroring,” or otherwise simulating the appearance or function of FDNA’s website;
- Attempt to or actually access the Services by any means other than through the interfaces provided by FDNA such as its mobile application or by navigating to http://www.fdna.com using a web browser. This prohibition includes accessing or attempting to access the Services using any third-party service, including software-as-a-service platforms that aggregate access to multiple services, including the Services;
- Attempt to or actually override any security component included in or underlying the Services;
- Engage in any action that directly or indirectly interferes with the proper working of or places an unreasonable load on FDNA’s infrastructure, including, but not limited to, sending unsolicited communications to other Users or FDNA personnel, attempting to gain unauthorized access to the Services, or transmitting or activating computer viruses through or on the Services;
- Interfere with or disrupt or game the Services, including, but not limited to, any servers or networks connected to the Services. Any attempt to obtain unauthorized access, interfere with or to exceed authorized access to the Services shall be considered a trespass and computer fraud and abuse, punishable under state and federal laws. FDNA hereby notifies you that any or all communications with this website can and will be monitored, captured, recorded, and transmitted to the authorities as deemed necessary by FDNA in its sole discretion and without further notice.
Subject to your compliance with all your obligations under this Agreement, we grant you a limited, revocable, nonexclusive, nonassignable, nonsublicenseable license and right to access the Services, through a generally available web browser, mobile device or application (but not through scraping, spidering, crawling or other technology or software used to access data without the express written consent of FDNA or its Users), view information and use the Services that we provide in accordance with this Agreement. Any other use is strictly prohibited and a violation of this Agreement. We reserve all rights not expressly granted in this Agreement, including, without limitation, title, ownership, intellectual property rights, and all other rights and interest in FDNA and all related items.
OUR RIGHTS AND OBLIGATIONS
For as long as FDNA continues to offer the Services, FDNA shall provide and seek to update, improve and expand the Services. As a result, we allow you to access FDNA as it may exist and be available on any given day and have no other obligations, except as expressly stated in this Agreement. We may modify, replace, refuse access to, suspend or discontinue the Services, partially or entirely, or change and modify prices for all or part of the Services for you or for all our users in our sole discretion. All of these changes shall be effective upon their posting on our site or by direct communication to you unless otherwise noted. FDNA further reserves the right to withhold, remove and or discard any content available as part of your User Account, with or without notice if deemed by FDNA to be contrary to this Agreement. For avoidance of doubt, FDNA has no obligation to store, maintain or provide you a copy of any content that you or other Users provide when using the Services.
Third Party Sites and Content
FDNA is not responsible for and does not endorse any features, content, advertising, products or other materials on or available from Third Party Sites. Accordingly, if you decide to access Third Party Sites, you do so at your own risk.
Third Party Materials
The Services may allow you to access certain third party data and databases. Your use of such third party materials through the Services is subject to the terms and conditions set forth in Exhibit B hereto and you hereby agree to be bound by such terms and conditions.
Disclosure of User Information
You acknowledge, consent and agree that we may access, preserve, and disclose your registration and any other information you provide if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary in our opinion to: (1) comply with legal process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (2) enforce this Agreement; (3) respond to claims of a violation of the rights of third parties, whether or not the third party is a User, individual, or government agency; (4) respond to customer service inquiries; or (5) protect the rights, property, or personal safety of FDNA, our Users or the public.
Connections and Interactions With Other Users
You are solely responsible for your interactions with other Users, including for sharing information with other Users through the Services. FDNA may limit the number of colleague connections you may have to other Users and may, in certain circumstances, prohibit you from contacting other Users through use of the Services or otherwise limit your use of the Services. FDNA reserves the right, but has no obligation, to monitor disputes between you and other members and to restrict, suspend, or close your User Account if FDNA determines, in our sole discretion, that doing so is necessary to enforce this Agreement.
You agree that from time to time FDNA may invite or otherwise make you aware of certain educational, promotional or financial opportunities relating to Your Communications and profile.
TERM AND TERMINATION
Subject to earlier termination as described herein, this Agreement will remain in full force and effect during the term of your Subscription (“Subscription Term”) while you use the Services. With respect to paid Network Subscriptions and Individual Subscriptions, the Subscription Term shall be the initial term of Services which you paid for when purchasing your Subscription (and which is typically one (1) year). If, when purchasing such Subscription, you agreed to the Subscription Term automatically renewing, then the Subscription Term shall automatically renew subject to your payment of the applicable renewal fee unless you notify us or we notify you at least thirty (30) days in advance of such renewal date with respect to a decision not to renew. With respect to Unpaid Subscriptions, the Subscription Term shall continue indefinitely until FDNA or the User terminates this Agreement or the User’s User Account as described below.
Termination by User
You may terminate this Agreement (and your Subscription) for any or no reason, at any time, with notice to FDNA. This notice will be effective upon FDNA processing your notice. If you purchased a Network Subscription or Individual Subscription, in no event will you be eligible for a refund of any portion of the fees paid for the then-current Subscription Term.
Termination by FDNA
If you have an Unpaid Subscription, FDNA may, with or without cause, terminate the Agreement and your User Account at any time, with or without notice.
Without limiting the foregoing, if FDNA reasonably believes that you have breached this Agreement, FDNA may terminate the Agreement and your User Account for a paid Subscription or Unpaid Subscription at any time, with or without notice. This cancellation shall be effective immediately or as may be specified in the notice. Upon such termination, if you purchased a Network Subscription or Individual Subscription, in no event will you be eligible for a refund of any portion of the fees paid for the then-current Subscription Term. Termination of your User Account includes disabling your access to the Services and may also bar you from any future use of the Services.
Misuse of the Services
Without limiting its termination rights, FDNA may restrict or suspend the User Account for a paid Subscription or Unpaid Subscription of any User who abuses or misuses the Services or offers competitive services. Misuse of the Services includes breach of any of your obligations under this Agreement or any other behavior that FDNA, in its sole discretion, deems contrary to its purpose.
If you registered for a User Account under a Network Subscription, FDNA reserves the right to terminate your User Account and revoke your access to the Services immediately upon expiration or termination of such Network Subscription.
Effect of Termination
Upon the termination of your User Account, you lose access to the Services. The terms of this Agreement shall survive any termination, except the terms set forth under “Your Rights” hereof.
DISCLAIMER OF WARRANTIES
The Services (including, without limitation, the website and any platform applications) and all content and materials accessed through or downloaded from FDNA are provided on an “as is” and “as available” basis. FDNA does not control or vet User generated content for accuracy. We do not make and we disclaim all express and implied warranties and representations, including, but not limited to, any warranties of merchantability, fitness for a particular purpose, title, accuracy of data, and non-infringement. Without limiting the foregoing, we do not warrant that access to the Services will be uninterrupted or error-free or that defects in the website or mobile applications will be corrected. FDNA is not responsible and makes no representations or warranties for the delivery of any messages sent through the Services to anyone. Any material, service, or technology described or used on the website may be subject to intellectual property rights owned by third parties who have licensed such material, service, or technology to us.
The contents of FDNA, such as text, graphics, images, information obtained from FDNA’s licensors, Users, employees and other material contained in the Services (“Content”) is for informational and educational purposes only and are not a substitute for the professional judgment of a health care professional in diagnosing and treating patients. Neither the content nor any other service offered by or through the Services is intended to be for medical diagnosis or treatment. Persons accessing this information assume full responsibility for the use of the information and agree that FDNA is not responsible or liable for any claim, loss, or damage arising from the use of the information. FDNA does not recommend or endorse any specific drugs, tests, physicians, products, procedures, opinions, “off-label” drug uses or other information that may be mentioned through the Services and Users are required to disclose any such conflicts of interest. Your reliance upon the Content obtained or used by you is solely at your own risk.
FDNA reminds you that the Services are not meant to serve as a substitute for your own professional medical judgment. You should always exercise your professional judgment in evaluating your patients, and you should carefully consider any treatment plan. FDNA encourages you to confirm the information made available or otherwise obtained through the Services with other reliable sources before undertaking any treatment.
LIMITATION OF LIABILITY
Under no circumstances shall FDNA, its partners, contributors, agents, employees, directors, or affiliates be liable for any indirect, incidental, special, exemplary, punitive, or consequential damages (even if it has been advised of the possibility of such damages), including but not limited to damages arising from your use of the Services (including the website or any platform applications) or any of the content or other materials accessed through or downloaded from FDNA. FDNA’s liability for damages for any claims whatsoever, and for all claims in the aggregate, regardless of the form of any claim or action, shall not exceed: (a) with respect to paid Network Subscriptions and Individual Subscriptions, the subscription fees paid by you for the Subscription Term in which the most recent claim arose; or (b) with respect to Unpaid Subscriptions, $100. This limitation of liability is part of the basis of the bargain between the parties and without it the terms and prices charged would be different. This limitation of liability shall apply regardless of whether (1) you base your claim on contract, tort, statute or any other legal theory, (2) we knew or should have known about the possibility of such damages, or (3) the limited remedies provided in this section fail their essential purpose.
DATA PROTECTION ADDENDUMS
FDNA complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Under HIPAA, FDNA may be considered a Business Associate. If you are a Covered Entity under HIPAA and are using the Services to process certain protected health information of individuals residing in the US, You and FDNA agree to be bound by the terms of the Business Associates Addendum provided in Exhibit A..
FDNA complies with the EU General Data Protection Regulation (GDPR). Under GDPR, FDNA may be considered a Data Processor. If you are a Data Controller under GDPR and are using the Services to process certain protected health information of individuals residing in the EU, You and FDNA agree to be bound by the terms of the Data Processing Addendum provided in Exhibit A.
Law and Forum for Legal Disputes
This Agreement or any claim, cause of action or dispute (“claim”) arising out of or related to this Agreement shall be governed by the laws of the British Virgin Islands regardless of your country of origin or where you access the Services, and notwithstanding of any conflicts of law principles and the United Nations Convention for the International Sale of Goods. You and FDNA agree that all claims arising out of or related to this Agreement must be resolved exclusively by a competent court located in the British Virgin Islands. You and FDNA agree to submit to the personal jurisdiction of the courts located within the British Virgin Islands for the purpose of litigating all such claims. Notwithstanding the above, you agree that FDNA shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.
ADDRESSES FOR NOTICES
FDNA Inc. c/o FDNA US, Inc
186 South St.
Boston, MA 02111
FOR OUR USERS IN EUROPE:
FDNA Inc. c/o FDNA (UK) Limited
88 Crawford Street
London W1H 2EJ, England
FOR COVERED ENTITY/DATA CONTROLLER:
The notice address for Covered Entity will be the address provided by that entity on the online registration page for the FDNA service
If any provision of this Agreement is found by a court of competent jurisdiction or arbitrator to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable and effective to the maximum extent possible in order to effect the intention of the provision; and if a court or arbitrator finds the modified provision invalid, illegal, void or unenforceable, the validity, legality and enforceability of the remaining provisions of this Agreement will not be affected in any way.
You agree that this Agreement constitutes the entire, complete and exclusive agreement between you and us regarding the Services and supersedes all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of this Agreement. You also may be subject to additional terms and conditions that may apply when you use or purchase certain other FDNA services, third-party content or third party software.
Initial Posting and Amendments to This Agreement
No Informal Waivers, Agreements or Representations
Our failure to act with respect to a breach of this Agreement by you or others does not waive our right to act with respect to that breach or subsequent similar or other breaches. Except as expressly and specifically contemplated by the Agreement, no representations, statements, consents, waivers or other acts or omissions by any FDNA Affiliate shall be deemed legally binding on any FDNA Affiliate, unless documented in a physical writing hand signed by a duly appointed officer of FDNA.
No Injunctive Relief
In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the Services, exploitation of any advertising or other materials issued in connection therewith, or exploitation of the Services or any content or other material used or displayed through the Services.
Assignment and Delegation
You may not assign or delegate any rights or obligations under the Agreement. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under the Agreement, fully or partially without notice to you. We may also substitute, by way of unilateral novation, effective upon notice to you, FDNA for any third party that assumes our rights and obligations under this Agreement.
COMPLAINTS REGARDING CONTENT POSTED ON OUR WEBSITE OR MOBILE APPLICATIONS
We respond expeditiously to notices of claimed copyright infringement and it is our policy to terminate User Accounts for Users who are repeat infringers. If you believe any materials accessible on or from the Services infringe your copyright, you may request removal of those materials (or access thereto) from the Services by contacting FDNA’s Copyright Agent (listed below), and providing the following information:
- Identification of the copyrighted work that you believe to be infringed. Please describe the work, and where possible include a copy or the location (e.g., URL) of an authorized version of the work.
- Identification of the material that you believe to be infringing and its location. Please describe the material, and provide us with its URL or any other pertinent information that will allow us to locate the material.
- Your name, address, telephone number and (if available) e-mail address.
- A statement that you have a good faith belief that the complained of use of the materials is not authorized by the copyright owner, its agent, or the law.
- A statement that the information that you have supplied is accurate, and indicating that “under penalty of perjury,” you are the copyright owner or are authorized to act on the copyright owner’s behalf.
- A signature or the electronic equivalent from the copyright holder or authorized representative.
FDNA’s designated Copyright Agent for notice of claims of infringement is:
FDNA Inc. (c/o FDNA US, Inc.)
Mr. Dekel Gelbman
186 South St.
United States 02111
email: [email protected]
DATA PROTECTION OFFICER
FDNA has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection.
This Data Protection Officer can be reached at the following address:
Attn: Data Protection Officer
186 South St.
United States 02111
email: [email protected]
Last updated: May 25, 2018
EXHIBIT A – DATA PROTECTION ADDENDUMS
BUSINESS ASSOCIATE ADDENDUM
This Business Associate Addendum (the “Addendum”) is incorporated into the User Agreement (“Agreement”) and applies in respect of the provision of the Services to the User if the User is subject to the HIPAA, only to the extent the User (“Covered Entity”) is a using the Services provided by FDNA (“Business Associate”) to process certain protected health information of individuals residing in the United States.
WHEREAS, Congress enacted the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which protects the confidentiality of health information;
WHEREAS, pursuant to HIPAA, the United States Department of Health and Human Services (“HHS”) promulgated Privacy Standards and Security Standards, each as defined below, governing confidential health information;
WHEREAS, Business Associate performs services through its provision of the FDNA service (the “Service”) on behalf of Covered Entity;
WHEREAS, Business Associate’s provision of the Service requires Covered Entity to provide Business Associate with access to confidential health information; and
WHEREAS, in order to comply with the business associate requirements of HIPAA and its implementing regulations, Business Associate and Covered Entity must enter into an agreement that governs the uses and disclosures of such confidential health information by the Business Associate.
NOW, THEREFORE, in consideration of the foregoing recitals, the mutual promises and covenants set forth herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
The following terms used in this Addendum shall have the same meaning as those terms in the HIPAA Rules: Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Minimum Necessary, Notice of Privacy Practices, Security Incident, Subcontractor, and Use.
For purposes of this Addendum, the following terms shall have the following meanings:
“Breach” when capitalized, “Breach” shall have the meaning set forth in 45 C.F.R. 164.402 (including all of its subsections); with respect to all other uses of the word “breach” in this Addendum, the word shall have its ordinary contract meaning.
“Business Associate” shall generally have the same meaning as the term “business associate” at 45 C.F.R. § 160.103.
“Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 C.F.R. § 160.103.
“Aggregated Data” shall mean any data assembled as the result of “data aggregation” as that term is defined in 45 CFR § 164.501.
“De-Identified Data” shall mean any data meeting the specifications set out in 45 CFR § 164.514(a) and §164.514(a) or (b)(1) or (2).
“Electronic Media” shall have the meaning set forth in 45 C.F.R. 160.103, which is defined as electronic storage media (including memory devices in computers, hard drives, any removable or transportable digital memory medium, such as magnetic tape or disk, optical disk or digital memory card) or transmission media used to exchange information already in electronic storage media (including the Internet, extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media). Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media, because the information being exchanged does not exist in electronic form before the transmission.
“Electronic Protected Health Information” or “EPHI” shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media or (ii) maintained in any medium constituting Electronic Media. For instance, EPHI includes information contained in a patient’s electronic medical records and billing records. “EPHI” shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C. 1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.
“HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Part 160 and Part 164.
“HITECH Act” shall mean the Health Information Technology for Economic and Clinical Health Act, found in Title XIII of the American Recovery and Reinvestment Act of 2009, effective February 17, 2009.
“Individual” shall have the same meaning as set forth in 45 C.F.R. 160.103, defined as the person who is the subject of PHI, and shall include a personal representative in accordance with 45 C.F.R. 164.502(g).
“Individually Identifiable Health Information” shall mean information that is a subset of health information, including demographic information collected from an individual, and
(i) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(ii) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and (a) identifies the individual, or (b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
“Privacy Standards” shall mean the Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164, Subparts A, D, and E, as currently in effect.
“Protected Health Information” or “PHI” shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media, (ii) maintained in any medium constituting Electronic Media; or (iii) transmitted or maintained in any other form or medium. For instance, PHI includes information contained in a patient’s medical records and billing records. “Protected Health Information” shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C. 1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.
“Required by Law” shall have the same meaning as the term “Required by law” in 45 C.F.R. 164.103.
“Secretary” shall mean the Secretary of the U.S. Department of Health and Human Services or any office or person within the U.S. Department of Health and Human Services to which/whom the Secretary has delegated his or her authority to administer the Privacy Standards and the Security Standards, such as the Director of the Office for Civil Rights.
“Security Standards” shall mean Security Standards for the Protection of Electronic Protected Health Information, 45 C.F.R. Part 160 and Part 164, Subparts A and C.
“Subsequent Business Associate” shall mean any agent, including subcontractors, of Business Associate to whom Business Associate discloses Protected Health Information or Electronic Protected Health Information.
“Unsecured Protected Health Information” shall have the same meaning as the term “unsecured protected health information” in 45 C.F.R. 164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
All references to “days” in this Addendum shall mean calendar days. Capitalized terms used not defined herein or in the Agreement shall have the meanings ascribed to them in the Privacy Standards or the Security Standards.
- Business Associate Obligations. Business Associate acknowledges and agrees that it is considered a “business associate” as defined by HIPAA and by regulations promulgated thereunder. As a business associate of Covered Entity, Business Associate shall comply with the following terms of this Addendum, as required pursuant to 45 C.F.R. § 164.504.
2.1 Permitted Uses and Disclosures. Business Associate agrees that it shall use and disclose Protected Health Information received from Covered Entity for the purposes of providing the Service, as otherwise permitted under this Addendum, or as Required by Law. Business Associate is authorized to use Protected Health Information to de-identify or aggregate any such data received hereunder in accordance with 45 C.F.R. § 164.514(a)-(c) and Business Associate shall have a non-exclusive, perpetual and unlimited royalty-free license to use and disclose the De-Identified or Aggregated Data collected or created from PHI received under this Addendum, including without limitations, for purposes of continuing to develop its Services and the underlying technologies, through research and development activities. Business Associate agrees to follow guidance issued by the Secretary regarding what constitutes “minimum necessary” with respect to the use or disclosure of PHI and EPHI. Until such time that such guidance is issued, Business Associate shall limit its use or disclosure of PHI and EPHI, to the extent practicable, to the limited data set (as defined in 45 C.F.R. 164.514(e)(2)), or to the minimum necessary to accomplish the intended purpose of such use, disclosure or request, respectively.
2.2 Disclosures to Subsequent Business Associates. Business Associate shall not disclose any PHI to any Subsequent Business Associate, unless and until Business Associate and the Subsequent Business Associate have entered into an agreement containing the same terms and conditions as set forth in this Addendum.
2.2.1 Business Associate, in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and § 164.308(b)(2), if applicable, shall ensure that any subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information.
2.3 Reporting Violations of Law. Consistent with the requirements of 45 C.F.R. 164.502(j)(1), Business Associate may disclose Protected Health Information to report violations of law to appropriate Federal and State authorities.
2.4 Appropriate Safeguards. Business Associate shall implement appropriate administrative, technical, and physical safeguards to prevent any use or disclosure of Protected Health Information not authorized by this Addendum. Specifically, Business Associate agrees to comply with the requirements of 45 C.F.R. 164.308, 164.310,164.312 and 164.316 to the same extent such requirements apply to Covered Entity.
2.5 Reporting of Illegal, Unauthorized or Improper Uses or Disclosures and Remedial Actions. Business Associate shall report to Covered Entity any illegal, unauthorized, or improper use or disclosure of Protected Health Information, Security Incident or any Breach (collectively, “Known Misuse”) by it or a Subsequent Business Associate without unreasonable delay and within ten (10) business days of obtaining knowledge of such Known Misuse. Additionally, if the Known Misuse is a Breach of Unsecured Protected Health Information, Business Associate shall comply with the requirements of 45 C.F.R. 164.410. Business Associate shall take, or, in the event that the acts or omissions of a Subsequent Business Associate gave rise to the Known Misuse, shall require a Subsequent Business Associate to take, commercially reasonable actions to mitigate the negative impact of any Known Misuse and adopt additional or improve existing safeguards to prevent recurrence. The parties acknowledge and agree that this section 2.5 constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence or attempts of unsuccessful security incidents for which no additional notice to Covered Entity shall be required. “Unsuccessful security incidents” mean, without limitation, pings, and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI or EPHI.
2.6 Internal Practices, Books and Records. Business Associate shall make its internal practices, books and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, or their designees, for purposes of determining and facilitating Business Associate’s and Covered Entity’s compliance with the Privacy Standards and Security Standards.
2.7 Access to Protected Health Information.
2.7.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.524 to provide Individuals with access to their Protected Health Information.
2.7.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to access Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.8 Amendments to Protected Health Information.
2.8.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.526 to provide Individuals the right to amend their Protected Health Information.
2.8.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to amend Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.9 Accounting of Disclosures.
2.9.1 Within twenty (20) days of a request by Covered Entity, Business Associate shall provide Covered Entity with an accounting of all disclosures of Protected Health Information, other than disclosures excepted from the Privacy Standards accounting requirement under 45 C.F.R. 164.528(a)(1)(i)-(ix), made by Business Associate or by a Subsequent Business Associate in the previous six (6) years (but in no event prior to April 14, 2003) in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.528 to provide Individuals with an accounting of disclosures of their Protected Health Information.
2.9.2 Such accounting shall include, with respect to each disclosure: the date of the disclosure; the name (and address, if known) of the entity or person receiving the Protected Health Information; a description of the Protected Health Information disclosed; a statement of the purpose of the disclosure; and any other information the Secretary may require under 45 C.F.R. 164.528 (collectively, “Disclosure Information”).
2.9.3 Notwithstanding Section 2.11.2, for repetitive disclosures of Protected Health Information that Business Associate makes for a single purpose to the same person or entity, Business Associate may record: (a) the Disclosure Information for the first of these repetitive disclosures; (b) the frequency, periodicity or number of these repetitive disclosures made during the accounting period; and the date of the last of these repetitive disclosures.
2.9.4 Business Associate shall notify Covered Entity within ten (10) days of receiving a request from an Individual for an accounting of disclosures of Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.9.5 In accordance with the HITECH Act, the parties acknowledge that the Secretary shall promulgate regulations regarding the right of Individuals to receive an accounting of disclosures made for treatment, payment and healthcare operations during the previous three (3) years if such disclosures are made through the use of an electronic health record. The parties agree to comply with such regulations promulgated by the Secretary as of the effective date of those regulations.
2.10 Subpoenas, Court Orders, and Governmental Requests. If Business Associate receives a court order, subpoena, or governmental request for documents or other information containing Protected Health Information, Business Associate will use reasonable efforts to notify Covered Entity of the receipt of the request within ten (10) business days to provide Covered Entity an opportunity to respond. Business Associate may comply with such order, subpoena, or request as Required by Law or permitted by law.
2.11 Remuneration in Exchange for PHI. Except as permitted by the HITECH Act or regulations promulgated by the Secretary in accordance with the HITECH Act, and as of the effective date of such regulations, Business Associate shall not directly or indirectly receive remuneration in exchange for PHI unless Covered Entity notifies Business Associate that it obtained a valid authorization from the Individual specifying that the Individual’s PHI may be exchanged for remuneration by the entity receiving such Individual’s PHI.
- Covered Entity Obligations.
3.1 Notice of Privacy Practices. Covered Entity shall notify Business Associate of limitation(s) in its notice of privacy practices, to the extent such limitation affects Business Associate’s permitted Uses or Disclosures.
3.2 Individual Permission. Covered Entity shall notify Business Associate of changes in, revocation of, permission by an Individual to use or disclose PHI, to the extent such changes affect Business Associate’s permitted Uses or Disclosures.
3.3 Restrictions. Covered Entity shall notify Business Associate of restriction(s) in the Use or Disclosure of PHI that Covered Entity has agreed to, to the extent such restriction affects Business Associate’s permitted Uses or Disclosures.
3.4 Consents and Authorizations. Covered Entity represents and warrants that any and all consents, authorizations, or other permissions necessary under the Privacy Standards or other applicable law (including state law) to transmit information through the Service and/or under this Addendum have been properly secured.
3.5 Marketing. Covered Entity represents and warrants that it has obtained any and all authorizations from Individual for any use or disclosure of PHI for marketing, unless the marketing communication is made without any form of remuneration (i) to describe medical services or products provided by either party; (ii) for treatment of the Individual; or (iii) for case management or care coordination for the Individual or to direct or recommend alternate treatments, therapies, providers or settings.
3.6 Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under Subpart E of 45 C.F.R. Part 164.
- Term and Termination.
4.1 Term. The Term of this Addendum shall commence on and this Addendum shall be effective as of the date on which Covered Entity electronically registers for the Service, and shall continue in effect for as long as Covered Entity is registered for the Service.
4.2 Termination for Cause. In the event either party determines that the other has engaged in a pattern of activity or practice that constitutes a material breach of a term of this Addendum and such violation continues for thirty (30) days after written notice of such breach has been provided, the party claiming a breach shall have the right to terminate Covered Entity’s participation on the Service or, if termination is not feasible, to report the breach to the Secretary.
4.3 Effect of Termination.
4.3.1 Return or Destruction of Protected Health Information; Disposition When Return or Destruction Not Feasible. Upon termination of this Addendum, the parties hereby acknowledge that the return or destruction of PHI received by the Business Associate from Covered Entity is not feasible, and that, therefore, Business Associate may retain a copy of such Protected Health Information provided that: (i) the provisions of this Addendum shall continue to apply to any such information retained following cancellation, termination, expiration, or other conclusion of Covered Entity’s participation on the Service; and (ii) Business Associate shall limit Uses and Disclosures of such PHI to those purposes that make the return or destruction thereof not feasible, for as long as Business Associate maintains such PHI. Furthermore, Business Associate may de-identify or aggregate any PHI received under this Addendum and Business Associate shall have a non-exclusive, perpetual and unlimited royalty-free license to use and disclose the De-Identified or Aggregated Data collected or created from PHI received under this Addendum.
4.3.2 Reasonable Fees. All reasonable fees incurred to cause the return, destruction, or storage of Protected Health Information under this Section 4.3 shall be borne by the Covered Entity.
5.1 Regulatory References. A reference in this Addendum to a section in HIPAA, the HITECH Act, the Privacy Standards, or the Security Standards means the section as in effect or as amended at the time.
5.2 Survival. The respective rights and obligations of the parties under Section 4.3 of this Addendum shall survive the termination of this Addendum.
5.3 Interpretation. Any ambiguity in this Addendum shall be resolved in favor of a meaning that permits the parties to comply with the Privacy Standards and Security Standards. Except to the extent specified by this Addendum, all of the terms and conditions governing Covered Entity’s participation on the Service shall be and remain in full force and effect. In the event of any inconsistency or conflict between this Addendum and the terms and conditions governing Covered Entity’s participation on the Service, the terms and provisions and conditions of this Addendum shall govern and control.
5.4 Amendment. The parties shall work together through reasonable negotiations to amend this Addendum as necessary to comply with any changes in law, including, but not limited to, the promulgation of amendments to the Privacy Standards or Security Standards required by the HITECH Act or any other future laws, applicable to or affecting the rights, duties, and obligations of the parties under this Addendum or the terms and conditions governing Covered Entity’s participation on the Service.
5.5 Independent Relationship. None of the provisions of this Addendum are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other as independent contractors solely for the purposes of effecting the provisions of this Addendum and the terms and conditions governing Covered Entity’s participation on the Service.
5.6 Notices. All notices and notifications under this Addendum shall be sent in writing by traceable carrier to the listed persons on behalf of Business Associate and Covered Entity at the addresses indicated on the last page hereof, or such other address as a party may indicate by at least ten (10) days’ prior written notice to the other party. Notices will be effective upon receipt.
5.7 Construction and Jurisdiction. This Addendum shall be governed by and construed in accordance with the laws of the British Virgin Islands (excepting any conflict of laws provisions which would serve to defeat application of BVI law). Each of the parties hereto submits to the exclusive jurisdiction of the competent courts located within the British Virgin Islands for any suit, hearing or other legal proceeding of every nature, kind and description whatsoever in the event of any dispute or controversy arising hereunder or relating hereto, or in the event any ruling, finding or other legal determination is required or desired hereunder.
DATA PROCESSING ADDENDUM
This Data Processing Addendum (the “Addendum”) is incorporated into the User Agreement (“Agreement”) and applies in respect of the provision of the Services to the User if the User is subject to the GDPR, only to the extent the User is a Controller of patient Personal Data (as defined below) that FDNA Processes on behalf of the User. The Addendum is intended to satisfy the requirements of Article 28(3) of the GDPR. This Addendum shall be effective for the term of the Agreement.
For the purposes of the Addendum:
“GDPR” means the General Data Protection Regulation (EU) 2016/679, together with any national implementing laws in any Member State of the European Union, as amended, repealed, consolidated or replaced from time to time; and
“Personal Data”, “Data Subject”, “Data Protection Authority”, “Data Protection Impact Assessment”, “Process”, “Processor” and “Controller” will each have the meaning given to them in the GDPR.
Capitalized terms not otherwise defined herein or in the Agreement shall have the meanings ascribed to them in the GDPR.
- Description and purpose of the processing
The Processor is authorized to process, on behalf of the Controller, the necessary Personal Data to provide the Service(s). Personal Data may include names, dates of birth, ethnicity, gender, medical record numbers, facial photos, clinical and medical information and genetic and biometric data. Specifically, Processor is authorized to de-identify Personal Data and use such de-identified data to continue to enhance and develop its Service and underlying technologies, through research activities.
- Processor’s obligations with respect to the Controller
- General obligations of the Processor
The Processor shall undertake to:
- process the data solely for the purposes set forth herein;
- process the data in accordance with the documented instructions from the Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by European Union or EU Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
- guarantee the confidentiality of Personal Data processed hereunder;
- ensure that the persons authorized to process the Personal Data hereunder:
- have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality,
- receive the appropriate personal data protection training
- take into consideration, in terms of its tools, products, applications or services, the principles of data protection by design and by default.
The Processor shall inform the Controller in advance of any intended changes concerning the addition or replacement of other Processors. With the written authorization of Controller, the Processor may engage another Processor (hereinafter “the Sub-Processor“) to conduct specific processing activities. The Processor must clearly indicate to Controller which processing activities are being subcontracted out, the name and contact details of the Sub-Processor and the dates governed by the subcontract. The Controller has a minimum timeframe of ten (10) business days from the date on which it receives said information to object thereto. Such sub-processing is only possible where the Controller has not objected thereto within the agreed timeframe.
The Sub-Processor is obliged to comply with the obligations hereunder on behalf of and on instructions from the Controller. It is the initial Processor’s responsibility to ensure that the Sub-Processor provides the same sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing meets the requirements of the General Data Protection Regulation. Where the Sub-Processor fails to fulfil its data protection obligations, the initial Processor remains fully liable with regard to the Controller for the Sub-Processor’s performance of its obligations.
- Data subjects’ right to information
It is the Controller’s responsibility to inform the data subjects concerned by the processing operations at the time data are being collected.
- Exercise of data subjects’ rights
The Processor shall assist the Controller, insofar as this is possible, for the fulfilment of its obligation to respond to requests for exercising the data subject’s rights: right of access, to rectification, erasure and to object, right to restriction of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).
Where the data subjects submit requests to the Processor to exercise their rights, the Processor must forward these requests as soon as they are received by email to Controller.
- Notification of personal data breaches
The Processor shall notify the Controller of any personal data breach immediately, and in any event no later than ten (10) business days after having become aware of it. Said notification shall be sent along with any necessary documentation to enable the Controller, where necessary, to notify this breach to the competent supervisory authority.
- Processor’s assistance to the Controller regarding compliance with its obligations
The Processor will reasonably assist the Controller in carrying out data protection impact assessments.
The Processor will reasonably assist the Controller with regard to prior consultation of the supervisory authority.
- Security measures
The Processor undertakes to implement appropriate technical and organizational measures to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
- Data exit
The Processor undertakes to destroy all personal data within 90 days of receipt of a written request from Controller or from the time the Company ceases to provide the Services according to termination of the Agreement. Once destroyed, the Processor must demonstrate, in writing, that this destruction has taken place. All reasonable fees incurred to cause the destruction of Personal Data under this Section 3.8 shall be borne by the Controller.
- The Data Protection Officer
The Processor states it has appointed a data protection officer in accordance with Article 37 of the GDPR and will provide the Controller the name and contact details of its data protection officer.
- Record of categories of processing activities
The Processor states that it maintains a written record of all categories of processing activities carried out on behalf of the Controller containing all the information required by GDPR.
At the request of Controller, the Processor will provide the Controller with the necessary documentation for demonstrating compliance with all of its obligations hereunder to reasonably allow Controller to perform a data protection impact assessment.
- Controller’s obligations with respect to the Processor
The Controller undertakes to
- Collect appropriate consent from patients, to which the Personal Data pertains, which consent shall explicitly outline the purpose of collecting Personal Data according to this Addendum;
- document, in writing, any instruction bearing on the processing of data by the Processor, to the extent they differ from general use of the Services, as described in the Agreement;
- Interpretation. Except to the extent specified by this Addendum, all of the terms and conditions governing Controller’s use of the Service shall be and remain in full force and effect. In the event of any inconsistency or conflict between this Addendum and the terms and conditions governing Covered Entity’s participation on the ServiceAgreement, the terms and provisions and conditions of this Addendum shall govern and control.
- Amendment. The parties shall work together through reasonable negotiations to amend this Addendum as necessary to comply with any changes in law, or any other future laws, applicable to or affecting the rights, duties, and obligations of the parties under this Addendum or the Agreement.
- Independent Relationship. None of the provisions of this Agreement are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other as independent contractors solely for the purposes of effecting the provisions of this Addendum and the Agreement.
EXHIBIT B – OMIM SUBLICENSE PROVISIONS
If your Subscription allows you to access data (the “OMIM Data”) contained in the database described as Online Mendelian Inheritance in Man® or OMIM® [JHU Ref. C03746], including the databases described as MIM, GeneMap, MiniMIMs, and Clinical Synopses, and shall include their structure, schema, annotations, documentation, and any related information (collective, the “OMIM Database”), then the following additional terms and conditions shall apply with respect to the OMIM Data and the OMIM Database. As used herein, “Licensed Software” refers to FDNA’s Services.
- The OMIM Data is under the control of The Johns Hopkins University (“JHU”). Access to the OMIM Data is being provided and sublicensed to the User by FDNA pursuant to a certain Non-Exclusive License Agreement (the “JHU License”) between FDNA and JHU.
- User agrees to use the OMIM Data within the Licensed Software solely for its internal research purposes. User shall not copy OMIM Data for the purpose of providing OMIM Data and derivatives thereof to any third party or in any other way grant a sublicense or other similar rights to OMIM Data or distribute any database or software containing the OMIM Data. In the event that User wishes to access OMIM Data for any other purpose and separate from the Licensed Software then User is required to come to JHU for such permission and access.
- Any use of the OMIM Data or database containing the OMIM Data not authorized herein may constitute copyright infringement. JHU reserves the right to pursue all available remedies, including without limitation monetary damages and/or injunctive relief, and any other relief that may be available in the event of a use of the OMIM Data that is not permitted herein.
- User shall not remove or obscure any proprietary notices or legends on the Licensed Software or the OMIM Data, and to the extent User is licensed to make copies of any of the foregoing, it shall replicate any such notices or legends that were affixed thereto.
- Upon termination of User’s Account, User acknowledges that it shall cease to have access to OMIM Data from FDNA, including via the Licensed Software. For purposes of clarity, User shall not be required to delete or cease using data elements that User has obtained from the OMIM Data or OMIM Database and that may be in User reports and files and which may be part of User research and findings.
- USER AGREES THAT THE OMIM® DATA AND THE OMIM® DATABASE
IS PROVIDED “AS IS”, AND THAT JHU MAKES NO REPRESENTATION OR
WARRANTY WITH RESPECT TO THE PERFORMANCE OF THE OMIM® DATA OR THE OMIM® DATABASE INCLUDING ITS ACCURACY OR COMMERCIAL VIABILITY, USE IN RESEARCH, OR OTHER USES. JHU MAKES NO REPRESENTATIONS THAT IT WILL PROVIDE UPDATES OR IN ANY WAY MAINTAIN OR SUPPORT THE OMIM® DATABASE. JHU DISCLAIMS ALL WARRANTIES WITH REGARD TO THE OMIM® DATA AND OMIM® DATABASE, INCLUDING, BUT NOT LIMITED TO, ALL WARRANTIES,
EXPRESS OR IMPLIED, OF MERCHANTABILITY AND FITNESS FOR ANY
PARTICULAR PURPOSE. JHU DOES NOT WARRANT THAT THE OMIM®
DATA OR OMIM® DATABASE MAY BE USED, COPIED, OR REDISTRIBUTED
WITHOUT INFRINGING THE COPYRIGHTS, PATENT RIGHTS OR PROPERTY RIGHTS OF THIRD PARTIES.
- User shall defend and hold JHU, The Johns Hopkins Health Systems, their
present and former trustees, officers, authors of the OMIM® Data and the OMIM® Database, agents, faculty, employees and students (“JHU Parties”) harmless as against any judgments, fees, expenses, or other costs arising from or incidental to any lawsuit, claim, demand or other action brought against JHU Parties as a consequence of the use or sublicensing of the OMIM® Data or OMIM® Database by User or other third parties that may otherwise gain access to the OMIM® Data or OMIM® Database through User. The obligation of User to defend and indemnify as set out in this Paragraph shall survive the termination of the JHU License.
- Upon termination of the JHU License, User’s right to access and use the OMIM® Data or OMIM® Database pursuant to this Agreement shall be immediately terminated.
- Except as expressly stated herein, User shall not use the name of The Johns Hopkins University or The Johns Hopkins Health System or any of its constituent parts, such as the Johns Hopkins Hospital or any contraction thereof or the name of the authors of the OMIM® Data or OMIM® Database in any advertising, promotional, sales literature or fundraising documents without prior written consent from an officer of JHU. User shall allow at least seven (7) business days notice of any proposed public disclosure for JHU’s review and comment and/or to provide written consent.