Terms & Conditions

Effective Date: 09/13/2012

TERMS AND CONDITIONS OF SALE: Unless otherwise expressly agreed in writing, all sales are subject to the following terms and conditions:

1. Price. All prices published by Seller or quoted by Seller’s representatives may be changed at any time without notice. All prices quoted by Seller or Seller’s representatives are valid for thirty (30) days, unless otherwise stated in writing. All prices for the Products will be as specified by Seller or, if no price has been specified or quoted, will be Seller’s price in effect at the time of shipment. All prices are subject to adjustment on account of specifications, quantities, raw materials, cost of production, shipment arrangements or other terms or conditions which are not part of Seller’s original price quotation.
   
2. Taxes and Other Charges. Prices for the Products exclude all sales, value added and other taxes and duties imposed with respect to the sale, delivery, or use of any Products covered hereby, all of which taxes and duties must be paid by Buyer. If Buyer claims any exemption, Buyer must provide a valid, signed certificate or letter of exemption for each respective jurisdiction.
   
3. Terms of Payment. Seller may invoice Buyer upon shipment for the price and all other charges payable by Buyer in accordance with the terms on the face hereof. If no payment terms are stated on the face hereof, payment shall be net thirty (30) days from the date of invoice. If Buyer fails to pay any amounts when due, Buyer shall pay Seller interest thereon at a periodic rate of one and one-half percent (1.5%) per month (or, if lower, the highest rate permitted by law), together with all costs and expenses (including without limitation reasonable attorneys’ fees and disbursements and court costs) incurred by Seller in collecting such overdue amounts or otherwise enforcing Seller’s rights hereunder. Seller reserves the right to require from Buyer full or partial payment in advance, or other security that is satisfactory to Seller, at any time that Seller believes in good faith that Buyer’s financial condition does not justify the terms of payment specified. All payments shall be made in U.S. Dollars.
   
4. Delivery: Cancellation or Changes by Buyer. The Products will be shipped to the destination specified by Buyer, F.C.A. (Incoterms 2020) Seller’s shipping point. Seller will have the right, at its election, to make partial shipments of the Products and to invoice each shipment separately. Seller reserves the right to stop delivery of Products in transit and to withhold shipments in whole or in part if Buyer fails to make any payment to Seller when due or otherwise fails to perform its obligations hereunder. All shipping dates are approximate only, and Seller will not be liable for any loss or damage resulting from any delay in delivery or failure to deliver which is due to any cause beyond Seller’s reasonable control. In the event of a delay due to any cause beyond Seller’s reasonable control, Seller reserves the right to terminate the order or to reschedule the shipment within a reasonable period of time, and Buyer will not be entitled to refuse delivery or otherwise be relieved of any obligations as the result of such delay. Products as to which delivery is delayed due to any cause within Buyer’s control may be placed in storage by Seller at Buyer’s risk and expense and for Buyer’s account. Orders in process may be canceled only with Seller’s written consent and upon payment of Seller’s cancellation charges. Orders in process may not be changed except with Seller’s written consent and upon agreement by the parties as to an appropriate adjustment in the purchase price therefore. Credit will not be allowed for Products returned without the prior written consent of Seller.
   
5. Title and Risk of Loss. Notwithstanding the trade terms indicated above and subject to Seller’s right to stop delivery of Products in transit, title to and risk of loss of the Products will pass to Buyer upon delivery of possession of the Products by Seller to the carrier; provided, however, that title to any software incorporated within or forming a part of the Products shall at all times remain with Seller or the licensor(s) thereof, as the case may be.
   
6. Warranty. Seller warrants that the Products will operate or perform substantially in conformance with Seller’s published specifications and be free from defects in material and workmanship, when subjected to normal, proper and intended usage by properly trained personnel, for the period of time set forth in the product documentation, published specifications or package inserts. If a period of time is not specified in Seller’s product documentation, published specifications or package inserts, the warranty period shall be one (1) year from the date of shipment to Buyer for equipment and ninety (90) days for all other products (the “Warranty Period”). Seller agrees during the Warranty Period, to repair or replace, at Seller’s option, defective Products so as to cause the same to operate in substantial conformance with said published specifications; provided that Buyer shall (a) promptly notify Seller in writing upon the discovery of any defect, which notice shall include the product model and serial number (if applicable) and details of the warranty claim; and (b) after Seller’s review, Seller will provide Buyer with service data and/or a Return Material Authorization (“RMA”), which may include biohazard decontamination procedures and other product-specific handling instructions, then, if applicable, Buyer may return the defective Products to Seller with all costs prepaid by Buyer. Replacement parts may be new or refurbished, at the election of Seller. All replaced parts shall become the property of Seller. Shipment to Buyer of repaired or replacement Products shall be made in accordance with the Delivery provisions of the Seller’s Terms and Conditions of Sale. Consumables are expressly excluded from this warranty. If Seller elects to repair defective medical device instruments, Seller may, in its sole discretion, provide a replacement loaner instrument to Buyer as necessary for use while the instruments are being repaired.
   
   Notwithstanding the foregoing, Products supplied by Seller that are obtained by Seller from an original manufacturer or third party supplier are not warranted by Seller, but Seller agrees to assign to Buyer any warranty rights in such Product that Seller may have from the original manufacturer or third party supplier, to the extent such assignment is allowed by such original manufacturer or third party supplier.
   
   In no event shall Seller have any obligation to make repairs, replacements or corrections required, in whole or in part, as the result of (i) normal wear and tear, (ii) accident, disaster or event of force majeure, (iii) misuse, fault or negligence of or by Buyer, (iv) use of the Products in a manner for which they were not designed, (v) causes external to the Products such as, but not limited to, power failure or electrical power surges, (vi) improper storage and handling of the Products or (vii) use of the Products in combination with equipment or software not supplied by Seller. If Seller determines that Products for which Buyer has requested warranty services are not covered by the warranty hereunder, Buyer shall pay or reimburse Seller for all costs of investigating and responding to such request at Seller’s then prevailing time and materials rates. If Seller provides repair services or replacement parts that are not covered by this warranty, Buyer shall pay Seller therefore at Seller’s then prevailing time and materials rates. Any installation, maintenance, repair, service, relocation or alteration to or of, or other tampering with, the Products performed by any person or entity other than Seller without Seller’s prior written approval, or any use of replacement parts not supplied by Seller, shall immediately void and cancel all warranties with respect to the affected Products.
   
   The obligations created by this warranty statement to repair or replace a defective Product shall be the sole remedy of Buyer in the event of a defective Product. Except as expressly provided in this warranty statement, Seller disclaims all other warranties, whether express or implied, oral or written, with respect to the Products, including without limitation all implied warranties of merchantability or fitness for any particular purpose. Seller does not warrant that the Products are error-free or will accomplish any particular result.
7. Indemnification by Seller. Seller agrees to indemnify, defend and save Buyer, its officers, directors, and employees from and against any and all damages, liabilities, actions, causes of action, suits, claims, demands, losses, costs and expenses (including without limitation reasonable attorney’s fees) (“Indemnified Items”) for (i) injury to or death of persons or damage to property to the extent caused by the negligence or willful misconduct of Seller, its employees, agents or representatives or contractors in connection with the performance of services at Buyer’s premises under this Agreement and (ii) claims that a Product infringes any valid United States patent, copyright or trade secret; provided, however, Seller shall have no liability under this Section to the extent any such Indemnified Items are caused by either (i) the negligence or willful misconduct of Buyer, its employees, agents  or representatives or contractors, (ii) by any third party, (iii) use of a Product in combination with equipment or software not supplied by Seller where the Product would not itself be infringing, (iv) compliance with Buyer’s designs, specifications or instructions, (v) use of the Product in an application or environment for which it was not designed or (vi) modifications of the Product by anyone other than Seller without Seller’s prior written approval. Buyer shall provide Seller prompt written notice of any third party claim covered by Seller’s indemnification obligations hereunder. Seller shall have the right to assume exclusive control of the defense of such claim or, at the option of the Seller, to settle the same. Buyer agrees to cooperate reasonably with the Seller in connection with the performance by Seller of its obligations in this Section.
   
   Notwithstanding the above, Seller’s infringement related indemnification obligations shall be extinguished and relieved if Seller, at its discretion and at its own expense (a) procures for Buyer the right, at no additional expense to Buyer, to continue using the Product; (b) replaces or modifies the Product so that it becomes non-infringing, provided the modification or replacement does not adversely affect the specifications of the Product; or (c) in the event (a) and (b) are not practical, refund to Buyer the amortized amounts paid by Buyer with respect thereto, based on a five (5) year amortization schedule. The foregoing indemnification provision states Seller’s entire liability to Buyer for the claims described herein.
   
8. Indemnification by Buyer. Buyer shall indemnify, defend with competent and experienced counsel and hold harmless Seller, its parent, subsidiaries, affiliates and divisions, and their respective officers, directors, shareholders and employees, from and against any and all damages, liabilities, actions, causes of action, suits, claims, demands, losses, costs and expenses (including without limitation reasonable attorneys’ fees and disbursements and court costs)  to the extent arising from or in connection with (i) the negligence or willful misconduct of Buyer, its agents, employees, representatives or contractors; (ii) use of a Product in combination with equipment or software not supplied by Seller where the Product itself would not be infringing; (iii) Seller’s compliance with designs, specifications or instructions supplied to Seller by Buyer; (iv) use of a Product in an application or environment for which it was not designed; or (v) modifications of a Product by anyone other than Seller without Seller’s prior written approval.
   
9. Software. With respect to any software products incorporated in or forming a part of the Products hereunder, Seller and Buyer intend and agree that such software products are being licensed and not sold, and that the words “purchase”, “sell” or similar or derivative words are understood and agreed to mean “license”, and that the word “Buyer” or similar or derivative words are understood and agreed to mean “licensee”. Notwithstanding anything to the contrary contained herein, Seller or its licensor, as the case may be, retains all rights and interest in software products provided hereunder.
   
   Seller hereby grants to Buyer a royalty-free, non-exclusive, nontransferable license, without power to sublicense, to use software provided hereunder solely for Buyer’s own internal business purposes on the hardware products provided hereunder and to use the related documentation solely for Buyer’s own internal business purposes. This license terminates when Buyer’s lawful possession of the hardware products provided hereunder ceases, unless earlier terminated as provided herein. Buyer agrees to hold in confidence and not to sell, transfer, license, loan or otherwise make available in any form to third parties the software products and related documentation provided hereunder. Buyer may not disassemble, decompile or reverse engineer, copy, modify, enhance or otherwise change or supplement the software products provided hereunder without Seller’s prior written consent. Seller will be entitled to terminate this license if Buyer fails to comply with any term or condition herein. Buyer agrees, upon termination of this license, immediately to return to Seller all software products and related documentation provided hereunder and all copies and portions thereof.
   
   Certain of the software products provided by Seller may be owned by one or more third parties and licensed to Seller. Accordingly, Seller and Buyer agree that such third parties retain ownership of and title to such software products. The warranty and indemnification provisions set forth herein shall not apply to software products owned by third parties and provided hereunder.
   
10. Limitation of Liability. Notwithstanding anything to the contrary contained herein, the liability of Seller under these terms and conditions (whether by reason of breach of contract, tort, indemnification, or otherwise, but excluding liability of Seller for breach of warranty (the sole remedy for which shall be as provided under WARRANTY above)) shall not exceed an amount equal to the lesser of (a) the total purchase price theretofore paid by Buyer to Seller with respect to the Product(s) giving rise to such liability or (b) one million dollars ($1,000,000). Notwithstanding anything to the contrary contained herein, in no event shall Seller be liable for any indirect, special, consequential or incidental damages (including without limitation damages for loss of use of facilities or equipment, loss of revenue, loss of data, loss of profits or loss of goodwill), regardless of whether Seller (a) has been informed of the possibility of such damages or (b) is negligent.
    
11. Export Restrictions. Buyer acknowledges that each Product and any related software and technology, including technical information supplied by Seller or contained in documents (collectively “Items”), is subject to export controls of the U.S. government. The export controls may include, but are not limited to, those of the Export Administration Regulations of the U.S. Department of Commerce (the “EAR”), which may restrict or require licenses for the export of Items from the United States and their re-export from other countries. Buyer shall comply with the EAR and all other applicable laws, regulations, laws, treaties, and agreements relating to the export, re-export, and import of any Item. Buyer shall not, without first obtaining the required license to do so from the appropriate U.S. government agency; (i) export or re-export any Item, or (ii) export, re-export, distribute or supply any Item to any restricted or embargoed country or to a person or entity whose privilege to participate in exports has been denied or restricted by the U.S. government. Buyer shall cooperate fully with Seller in any official or unofficial audit or inspection related to applicable export or import control laws or regulations, and shall indemnify and hold Seller harmless from, or in connection with, any violation of this Section by Buyer or its employees, consultants, agents, or customers.
    
12. Miscellaneous. (a) Buyer may not delegate any duties nor assign any rights or claims hereunder without Seller’s prior written consent, and any such attempted delegation or assignment shall be void. (b) The rights and obligations of the parties hereunder shall be governed by and construed in accordance with the laws of the state of California, without reference to its choice of law provisions. Each party hereby irrevocably consents to the exclusive jurisdiction of the state and federal courts located in Los Angeles County, California, USA, in any action arising out of or relating to this Agreement and waives any other venue to which it may be entitled by domicile or otherwise. (c) In the event of any legal proceeding between the Seller and Buyer relating to this Agreement, neither party may claim the right to a trial by jury, and both parties waive any right they may have under applicable law or otherwise to a right to a trial by jury. Any action arising under this Agreement must be brought within one (1) year from the date that the cause of action arose. (d) The application to this Agreement of the U.N. Convention on Contracts for the International Sale of Goods is hereby expressly excluded. (e) In the event that any one or more provisions contained herein shall be held by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions contained herein shall remain in full force and effect, unless the revision materially changes the bargain. (f) Seller’s failure to enforce, or Seller’s waiver of a breach of, any provision contained herein shall not constitute a waiver of any other breach or of such provision. (g) Unless otherwise expressly stated on the Product or in the documentation accompanying the Product, the Product is intended for research only and is not to be used for any other purpose, including without limitation, unauthorized commercial uses, in vitro diagnostic uses, ex vivo or in vivo therapeutic uses, or any type of consumption by or application to humans or animals. (h) Buyer agrees that all pricing, discounts and technical information that Seller provides to Buyer are the confidential and proprietary information of Seller. Buyer agrees to (1) keep such information confidential and not disclose such information to any third party, and (2) use such information solely for Buyer’s internal purposes and in connection with the Products supplied hereunder. Nothing herein shall restrict the use of information available to the general public. (i) Any notice or communication required or permitted hereunder shall be in writing and shall be deemed received when personally delivered or three (3) business days after being sent by certified mail, postage prepaid, to a party at the address specified herein or at such other address as either party may from time to time designate to the other.  (j) Buyer agrees that Products covered hereby may not be offered for resale or re-distributed in any way. (k) Seller may, in its sole discretion, provide (1) applicable Product training to Buyer or its employees, or (2) samples of Products to Buyer for distribution to patients of Buyer.  Buyer agrees that any such samples shall be distributed to patients for patient use or, if not so distributed, returned to Seller.  Buyer shall not use such samples to provide care to patient and shall not bill patients or third party payers for the provision of such samples. (l) Buyer shall not use publicly for publicity, promotion or otherwise, any logo name, trade name, service mark or trademark of Seller or any of its affiliates or the name of any employee or agent of Seller or its affiliates, without Seller’s prior, written, express consent. Seller may withhold such consent in Seller’s absolute discretion.
    
13. Acceptable Payment Methods. The Seller prefers to receive payment via ACH or other electronic interface methods that directly exchange funds between the Buyer’s and Seller’s bank accounts.  The Seller also accepts checks mailed to one of its lockbox remittance locations.  Although the Seller does accept credit card payments at the time of purchase, it does not accept credit card payments after the point of sale.
    
14. Medicare/Medicaid Reporting Requirements. If Buyer is a recipient of Medicare/Medicaid funds, Buyer acknowledges that it has been informed of and agrees to fully and accurately account for, and report on its applicable cost report, the total value of any discount, rebate or other compensation paid hereunder in a way that complies with all applicable federal, state and local laws and regulations which establish ‘Safe Harbor” for discounts.  Buyer shall make written request to Seller in the event Buyer requires additional information from Seller in order to meet its reporting requirements.  Buyer acknowledges that agreement to such reporting requirement was a condition precedent to Seller’s agreement to provide Products and that Seller would not have entered into this Agreement had Buyer not agreed to comply with such obligations.

Last Updated August 5, 2022

These Terms of Use (“Terms”) govern your access to and use of Thermo Fisher Scientific’s proprietary infrastructure, software, applications and services (“Services”). By accessing or using the Services, you accept these Terms and conclude a legally binding contract between you and One Lambda, Inc., a Thermo Fisher Scientific business (“OLI”).  To access or use the Services, you must be 18 years or older and have the requisite power and authority to enter into these Terms, including on behalf of your organization if you use the Services for its benefit. If you do not accept these Terms, do not register for or use the Services.

DEFINITIONS

1. Parties. 
   • “You” and “your” refer to you, the user of the Services.  A “user” is someone who registers for, accesses, browses, crawls, scrapes, or in any way uses the Services.  If your organization has authorized or otherwise permits you to access or use the Services for its benefit, “you” also includes your organization.
   • “We”, “us” and “our” refer to OLI.
2. Services. “Services” includes any component of, and any one of, our proprietary infrastructure, platform, software, applications and services.
3. Law. “GDPR” means the European Union General Data Protection Regulation (2016/679) (“GDPR”).
4. Data. 
   • “Personal Data” means any information relating to an identified or identifiable individual.
   • “Uploaded Data” means information that you upload to the Services, other than User Data.
   • “User Data” means information relating to you, in your capacity as the individual user of the Services.

CHANGES TO THE TERMS OF USE

We may modify these Terms from time to time. You understand and agree that these Terms govern your access to or use of the Services effective as of your access to or use of the Services. If we make changes to these Terms, we will notify you, but you should revisit these terms on a regular basis as revised versions will be binding on you. Any such revisions will be effective upon our posting of new Terms. You understand and agree that your continued access to or use of the Services after the effective date of revisions to the Terms indicates your acceptance of the revisions.

DATA AND PRIVACY

1. Privacy Policy. By accessing or using the Services, you consent to our use of your User Data as described in our Privacy Policy (available at Thermo Fisher Scientific Privacy Notice | Thermo Fisher Scientific - US).
   
   
2. Do Not Upload Personal Data Except As Permitted. We make available via our proprietary platform two types of applications: (A) Research-Use Only Apps; and (B) Multipurpose Apps. Which applications are Research-Use Only Apps and which applications are Multipurpose Apps will be clearly indicated on the platform.
   
   
   1. Research-Use Only Apps. You are prohibited from uploading Personal Data to Research-Use Only Apps.  For the avoidance of doubt, you may upload genetic data and data relating to an individual’s blood and tissue samples to Research-Use Only Apps provided that you comply with these Terms and do not also upload any identifiers that could be used to identify the individual to whom such data relates, including, but not limited to, name, address, contact information, social security number, government ID number, medical record number, full-face photograph or a similar image, any elements of dates (except year) for dates that are directly related to the individual, the age of any individual over 89, or any other unique identifying characteristic or code, unless:
      1. the characteristic or code is not derived in any way from an identifier of the individual; 
      2. you do not disclose such characteristic or code to any other party, including OLI; and 
      3. you do not use the characteristic or code for any purpose other than to re-identify the individual.
         
         
   2. Multipurpose Apps. You are permitted to upload Personal Data to Multipurpose Apps, subject to these Terms.
       
3. Your Warranties regarding Uploaded Data and User Data. You represent and warrant to us that:
   1. you have all necessary rights and permissions to upload any and all Uploaded Data to the Services; 
   2. you only provide us with accurate and truthful User Data; and 
   3. your and our use of Uploaded Data as contemplated in these Terms will not violate any applicable law or any contract or obligation to which you are bound, and will not infringe or misappropriate the intellectual property rights, privacy rights, or any other right of any person.
   
   
4. Our Use of Uploaded Data. We and our service providers will only use Uploaded Data on your behalf to provide the Services or else as permitted or required by applicable law. In accordance with applicable laws, we and our service providers may monitor the Services and collect data regarding your use of the Services and the performance and operation of the Services, and use such data to provide support to users, detect and address threats to the functionality, security, integrity and availability of the Services, detect and address violations of these Terms, and improve the Services and other OLI services.
   
   You hereby grant to us and our service providers a worldwide, royalty‐free, fully‐paid, non‐exclusive, transferable, sublicensable license to copy, modify, publicly display and distribute Uploaded Data in furtherance of the purposes stated in these Terms. This license ends when Uploaded Data is no longer stored within our Services.
   
   
5. Other Users. Our Services allow you to transmit Uploaded Data to other registered users of the Services (“Other Users”). When you transfer Uploaded Data to an Other User, you acknowledge that you will no longer have control over that data. For example, an Other User may copy, download, modify, store, use and further transfer that information, even if you have changed that information, changed your sharing settings, or later remove that information. If you permit an Other User to transmit such user’s data to you through the Services (“Other User Data”), you are responsible and liable for your use of Other User Data, and you must use the Other User Data in accordance with these Terms and in accordance with all applicable laws. We will have no obligation or responsibility for your use of Other User Data. Your interactions with Other Users are solely between you and them, and we will not be responsible or liable for any loss or claim relating to such dealings or with respect to any other person’s or entity’s use or disclosure of Uploaded Data. If there is a dispute between you and an Other User, you will manage any such dispute or disagreement directly, and you agree not to bring any proceedings against us with respect to these dealings.
   
   
6. European Data Processing Terms. The data processing terms attached at Appendix A shall form part of these Terms and govern your disclosure and our use of Personal Data (other than User Data) that you upload to the Services if and to the extent that: 
   1. the Personal Data relates to individuals in the European Economic Area; and 
   2. the GDPR applies to your disclosure of such Personal Data to us.

GRANT OF RIGHTS; ACCOUNTS

1. Limited License. In a separate agreement between you and OLI, you have been granted a limited license to use our Services, and any associated or supporting content or data, hardware, user manuals or other documentation related to the Services (including without limitation associated sample files or programs, media, printed materials, patches, upgrades, utilities, tools, and/or “online” or electronic documentation) (“Associated Materials”). You may use the Services and Associated Materials solely as described in such separate agreement and, if you are an organization or entity, only your authorized employees and agents may use the Services and Associated Materials. If certain Services use registration codes, access to the number of licensed copies of such Services is controlled by the relevant registration codes. For example, if you have a registration code that enables you to use three copies of an application on the Services simultaneously, you may not install more than three separate instances of such application.
   
   
2. Account and Login. If you registered for the Services as an individual, you must establish a unique user ID and associated password (“Login Credentials”) to gain access to and use the Services. If you have registered an account for the Services on behalf of an organization, each member of your organization who wishes to use the Services must register separately for the Services and establish Login Credentials unique to him or her. You are fully responsible for maintaining the confidentiality of your User Data and Login Credentials, and fully responsible and liable for any and all activity that occurs under your account as a result of your failing to keep this information confidential. If your User Data changes, you must update it promptly. You are prohibited from using the Login Credentials or account of another user of the Services unless we have provided our express written consent in advance. Multiple accounts held by the same individual are subject to termination by us. If we have reason to believe that the User Data you provide to us is untrue, inaccurate, out‐of‐date or incomplete, we may suspend or terminate your account.

RESTRICTIONS ON YOUR USE OF THE SERVICES AND ASSOCIATED MATERIALS

You shall not use or allow the use of the Services or Associated Materials:

1. for any illegal, unlawful or malicious purpose or activity;
2. for activities that we deem improper for any reason whatsoever in our sole discretion;
3. for rental or in the operation of a service bureau, including without limitation, providing third party hosting, or third party application integration or application provider services;
4. by persons who are not employees or contractors of yours or the organization on whose behalf you have accepted these Terms;
5. as essential equipment in the operation of any nuclear facility, aircraft navigation or communication systems or air traffic control machines;
6. or any use in which failure of the Services could lead to death, personal injury or severe physical or environmental damage;
7.  as, or in substitution of, medical advice;
8. for the purpose, in whole or in part, of building a solution that would compete with the Services or to assist another person in building such a solution;
9. to defame, abuse, harass, stalk, intimidate, bully, threaten or otherwise violate the rights of others, including without limitation others’ privacy rights or rights of publicity;
10. to send or otherwise post unauthorized commercial communications (such as spam); or
11. upload content that is hateful, threatening, or pornographic, incites violence, or contains nudity or graphic or gratuitous violence.

You shall not:

1. download any open source software to the Services;
2. modify, adapt, sublicense, translate, sell, reverse engineer, decompile or disassemble any portion of the Services;
3. remove any proprietary, copyright, trade secret or warning legend from the Services or Associated Materials;
4. impersonate any person or entity, falsely state or otherwise misrepresent your affiliation with any person or entity, or use or provide any fraudulent, misleading or inaccurate information, in connection with the Services;
5. access or use (or attempt to access or use) another user’s account without permission, or solicit another user’s Login Credentials;
6. transmit to us or our service providers, or transmit via the Services, any software or materials that contain any viruses, worms, Trojan horses, defects, or other items of a destructive nature;
7. “frame” or “mirror” the Services;
8. use any robot, spider, site search/retrieval application or other manual or automatic device or process to retrieve, index, “data mine” or in any way reproduce or circumvent the navigational structure or presentation of the Services;
9. harvest or collect information about or from other users of the Services (except as otherwise permitted herein);
10. probe, scan or test the vulnerability of the Service, or breach the security or authentication measures on the Service, monitor data or traffic on the Service, or take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Service, such as a denial of service attack; or
11. violate the Amazon Web Services Acceptable Use Policy found at http://aws.amazon.com/aup/.

If a component of the Services requires you to use such component, and data generated by such component, for the sole purpose of review and analysis of data generated by OLI instruments, you agree to do so. The components subject to this requirement will be clearly identified on the platform.

We may review your use of the Services for the purposes of determining whether you have complied with these Terms. Any such review shall be conducted during regular business hours at your facilities or through a remote monitoring/connectivity application and shall not unreasonably interfere with your business activities.

We may take preventative or corrective actions relating to your use of the Services to protect OLI, our affiliates, licensors, partners, suppliers and users.

THIRD PARTY APPLICATIONS

The Services may, from time to time, make Thermo Fisher or third-party software applications available to you through use of the Services (“App(s)”). If you elect to download an App, then you may need to agree to separate terms and conditions governing your use of the App. Apps are provided solely as a convenience to you. Third-party Apps are not under our control, and we are not responsible for and do not endorse the content or functions of third party Apps, and you must exercise independent judgment regarding your interaction with all Apps. You should review all terms and policies governing Apps, including privacy and data gathering practices, and should make whatever investigation you feel necessary or appropriate before downloading or using any Apps.

OWNERSHIP; INTELLECTUAL PROPERTY

1. Ownership. You acknowledge that the Associated Materials and the Services (including their structure, sequence, organization, text, graphics, user interfaces, visual interfaces, photographs, trademarks, logos, sounds, artwork and computer code, including but not limited to the design, structure, “look and feel” and arrangement of the content of the Services), are owned, controlled or licensed by or to us, is and remains the proprietary information of us and our affiliates, suppliers and licensors, and are protected by intellectual property laws. You acknowledge that all intellectual property rights relating to the Services (other than Uploaded Data and User Data) and the Associated Materials are, as between you and OLI, solely and exclusively owned by OLI. All modifications, enhancements or changes to the Services and the Associated Materials are and shall remain the property of us and our licensors and suppliers, without regard to the origin of such modifications, enhancements or changes. No ownership rights in the Services or Associated Materials are granted, and we reserve all right, title and interest therein and thereto. Use of the Services does not grant you a license to intellectual property or other rights of OLI or its affiliates or licensors or any third parties, whether express, implied, by estoppel or otherwise, or grant you the right to make or have made any products, or to use the Services or Associated Materials beyond the scope of these Terms. You will not challenge the ownership or rights in and to the Services and the Associated Materials, including without limitation all copyrights and other proprietary rights. Nothing in these Terms limits our ability to enforce our intellectual property rights.
2. Feedback. If you have comments regarding the Services or ideas on how to improve them (“Feedback”), please note that by doing so, you also assign, and hereby assign, all right, title, and interest worldwide in Feedback to us and agree to assist us, at our expense, in perfecting and enforcing our rights thereto and ownership thereof. You acknowledge and agree that we may use and incorporate Feedback into the Services or for other business purposes without compensation and without restriction.

DISCLAIMERS

TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE SERVICES, ASSOCIATED MATERIALS AND ANY SUPPORT AND INFORMATION PROVIDED BY US IN CONNECTION WITH THE SERVICES, ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE BASIS” “WITH ALL FAULTS” AND WITHOUT WARRANTY OF ANY KIND.

TO THE FULLEST EXTENT PERMITTED BY LAW, OLI, ITS AFFILIATES, SERVICE PROVIDERS, AGENTS, PARTNERS AND LICENSORS DISCLAIM ALL WARRANTIES AND REPRESENTATIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED OR OTHER WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON‐INFRINGEMENT OR NON‐MISAPPROPRIATION OF INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS OF A THIRD PARTY, CUSTOM, TRADE, QUIET ENJOYMENT, ACCURACY OF INFORMATIONAL CONTENT, OR SYSTEM INTEGRATION. NO WARRANTY IS MADE THAT THE SERVICES WILL BE OPERABLE OR ACCESSIBLE, OPERATE IN AN ERROR FREE, BUG FREE, UNINTERRUPTED OR SECURE MANNER, IN COMBINATION WITH THIRD PARTY HARDWARE OR SOFTWARE PRODUCTS, OR THAT OUR SECURITY PROCEDURES AND MECHANISMS WILL PREVENT LOSS OR ALTERATION OF OR IMPROPER ACCESS TO YOUR INFORMATION OR DATA.

YOU ACKNOWLEDGE THAT WE HAVE NO CONTROL OVER THE SPECIFIC CONDITIONS UNDER WHICH YOU USE THE SERVICES. OLI CANNOT AND DOES NOT WARRANT THE PERFORMANCE OF THE SERVICES OR RESULTS THAT MAY BE OBTAINED BY THE USE OF THE SERVICES. THE SERVICES AND ANY SUPPORT OFFERED BY US DOES NOT REPLACE YOUR OBLIGATION TO EXERCISE YOUR INDEPENDENT JUDGMENT IN USING THE SERVICES.

Certain states and/or jurisdictions do not allow certain warranty disclaimers, in which case certain disclaimers in this Section 8 may not apply to you.

LIMITATIONS OF LIABILITY

1. Limitation of Liability. TO THE FULLEST EXTENT ALLOWED BY LAW, IN NO EVENT SHALL THERMO FISHER OR ITS AFFILIATES, SUPPLIERS OR LICENSORS BE LIABLE, WHETHER IN CONTRACT, TORT, WARRANTY, OR UNDER ANY STATUTE (INCLUDING WITHOUT LIMITATION ANY TRADE PRACTICE, UNFAIR COMPETITION OR OTHER STATUTE OR REGULATION OF SIMILAR IMPORT) OR ON ANY OTHER BASIS FOR SPECIAL, INCIDENTAL, INDIRECT, PUNITIVE, MULTIPLE OR CONSEQUENTIAL DAMAGES SUSTAINED BY YOU OR ANY OTHER PERSON OR ENTITY, WHETHER OR NOT FORESEEABLE AND WHETHER OR NOT OLI IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES ARISING FROM OR RELATED TO THE SERVICES, ASSOCIATED MATERIALS, LOSS OF USE, LOSS OF DATA, DOWNTIME, OR FOR LOSS OF REVENUE, PROFITS, GOODWILL, OR BUSINESS OR OTHER FINANCIAL LOSS.
2. Damage Cap. IN ANY CASE, THE ENTIRE LIABILITY OF OLI AND ITS AFFILIATES, SUPPLIERS AND LICENSORS UNDER THESE TERMS, OR ARISING OUT OF THE SERVICES, SHALL NOT EXCEED THE AMOUNTS ACTUALLY PAID BY YOU FOR THE SERVICE DURING THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE CAUSE OF ACTION.
3. Acknowledgement. You agree that the limitations of liability set forth in this Section 9 shall be effective despite any failure of consideration or of an exclusive remedy. You acknowledge that the Services fees (if any) have been set and these Terms are accepted by us in reliance upon these limitations of liability and that these limitations form an essential basis of the bargain between the parties. Certain states and/or jurisdictions do not allow the limitation of liability for incidental, consequential or certain other types of damages, so certain exclusions and limitations set forth in this Section 9 may not apply to you.

INDEMNITY

If a third party makes a claim against Thermo Fisher or its directors, officers, shareholders, proprietors, partners, employees, agents, representatives, servants, attorneys, predecessors, successors or assigns, or those of its affiliates (“Thermo Fisher Parties”) related to your use of the Service, your contravention of these Terms, your use of Other User Data, or your provision to us of any Uploaded Data or User Data, then you will indemnify and hold Thermo Fisher Parties harmless from and against any and all claims, losses, damages, liabilities, costs and expenses (including reasonable attorneys’ fees and other costs of defending and/or settling any proceeding) that such Thermo Fisher Parties may suffer or incur as a result of the claim. You will defend such claim, at your expense, if instructed by us.

U.S. GOVERNMENT END USERS

The Services and Associated Materials are copyright protected Commercial Computer Software and Computer Software Documentation as those terms are defined in 48 C.F.R. 2.101. The Government shall obtain only those rights to the Services and Associated Materials as are authorized by 48 C.F.R. 12.212 or 48 C.F.R. 227.7202‐3, as applicable. Any use, modification, reproduction, release, performance, display or disclosure of the Services and Associated Materials by the U.S. Government shall be governed solely by these Terms.

EXPORT RESTRICTIONS

You agree to adhere to all applicable export control laws and regulations with respect to your use of the Service, and you will not export or re‐export or permit access to the Services or Associated Materials, in whole or in part, directly or indirectly, to any country to which such export or re‐export is restricted by any laws or regulations of the U.S. or the country in which you obtained the Services or Associated Materials, or unless properly authorized by the U.S. Government or other applicable regulatory authority as provided by law or regulation. You represent that you are not named on any U.S. or other applicable government denied‐party list.

MISCELLANEOUS

European Union End Users. If the Services are used within a Member State of the European Union, nothing in this Agreement shall be construed as restricting any rights available under Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs.

DATA AND PRIVACY

1. Privacy Policy. By accessing or using the Services, you consent to our use of your User Data as described in our Privacy Policy (available at Thermo Fisher Scientific Privacy Notice | Thermo Fisher Scientific - US).
   
   
2. Do Not Upload Personal Data Except As Permitted. We make available via our proprietary platform two types of applications: (A) Research-Use Only Apps; and (B) Multipurpose Apps. Which applications are Research-Use Only Apps and which applications are Multipurpose Apps will be clearly indicated on the platform.
   
   
   1. Research-Use Only Apps. You are prohibited from uploading Personal Data to Research-Use Only Apps.  For the avoidance of doubt, you may upload genetic data and data relating to an individual’s blood and tissue samples to Research-Use Only Apps provided that you comply with these Terms and do not also upload any identifiers that could be used to identify the individual to whom such data relates, including, but not limited to, name, address, contact information, social security number, government ID number, medical record number, full-face photograph or a similar image, any elements of dates (except year) for dates that are directly related to the individual, the age of any individual over 89, or any other unique identifying characteristic or code, unless: 
      1. the characteristic or code is not derived in any way from an identifier of the individual; 
      2. you do not disclose such characteristic or code to any other party, including OLI; and 
      3. you do not use the characteristic or code for any purpose other than to re-identify the individual.
         
         
   2. Multipurpose Apps. You are permitted to upload Personal Data to Multipurpose Apps, subject to these Terms.
       
3. Your Warranties regarding Uploaded Data and User Data. You represent and warrant to us that:
   1. you have all necessary rights and permissions to upload any and all Uploaded Data to the Services; 
   2. you only provide us with accurate and truthful User Data; and 
   3. your and our use of Uploaded Data as contemplated in these Terms will not violate any applicable law or any contract or obligation to which you are bound, and will not infringe or misappropriate the intellectual property rights, privacy rights, or any other right of any person.
   
   
4. Our Use of Uploaded Data. We and our service providers will only use Uploaded Data on your behalf to provide the Services or else as permitted or required by applicable law. In accordance with applicable laws, we and our service providers may monitor the Services and collect data regarding your use of the Services and the performance and operation of the Services, and use such data to provide support to users, detect and address threats to the functionality, security, integrity and availability of the Services, detect and address violations of these Terms, and improve the Services and other OLI services.
   
   You hereby grant to us and our service providers a worldwide, royalty‐free, fully‐paid, non‐exclusive, transferable, sublicensable license to copy, modify, publicly display and distribute Uploaded Data in furtherance of the purposes stated in these Terms. This license ends when Uploaded Data is no longer stored within our Services.
   
   
5. Other Users. Our Services allow you to transmit Uploaded Data to other registered users of the Services (“Other Users”). When you transfer Uploaded Data to an Other User, you acknowledge that you will no longer have control over that data. For example, an Other User may copy, download, modify, store, use and further transfer that information, even if you have changed that information, changed your sharing settings, or later remove that information. If you permit an Other User to transmit such user’s data to you through the Services (“Other User Data”), you are responsible and liable for your use of Other User Data, and you must use the Other User Data in accordance with these Terms and in accordance with all applicable laws. We will have no obligation or responsibility for your use of Other User Data. Your interactions with Other Users are solely between you and them, and we will not be responsible or liable for any loss or claim relating to such dealings or with respect to any other person’s or entity’s use or disclosure of Uploaded Data. If there is a dispute between you and an Other User, you will manage any such dispute or disagreement directly, and you agree not to bring any proceedings against us with respect to these dealings.
   
   
6. European Data Processing Terms. The data processing terms attached at Appendix A shall form part of these Terms and govern your disclosure and our use of Personal Data (other than User Data) that you upload to the Services if and to the extent that: 
   1. the Personal Data relates to individuals in the European Economic Area; and 
   2. the GDPR applies to your disclosure of such Personal Data to us.

APPENDIX A - DATA PROCESSING TERMS

You are prohibited from uploading Personal Data to Research-Use Only Apps.  For the avoidance of doubt, you may upload genetic data and data relating to an individual’s blood and tissue samples to Research-Use Only Apps provided that you comply with these Terms and do not also upload any identifiers that could be used to identify the individual to whom such data relates, including, but not limited to, name, address, contact information, social security number, government ID number, medical record number, full-face photograph or a similar image, any elements of dates (except year) for dates that are directly related to the individual, the age of any individual over 89, or any other unique identifying characteristic or code, unless: (i) the characteristic or code is not derived in any way from an identifier of the individual; (ii) you do not disclose such characteristic or code to any other party, including OLI; and (iii) you do not use the characteristic or code for any purpose other than to re-identify the individual.

These Data Processing Terms constitute a binding agreement between you and us only if and to the extent that: (i) you upload any Personal Data to the Services; and (ii) the GDPR requires that you and we enter into certain data processing terms that comply with Article 28 of the GDPR.

WHEREAS, OLI provides Services to you and/or your affiliates and may receive custody or store, process or gain access to personal data related to your individual contacts or those of its affiliates, as further described in Appendix 1 hereto.

WHEREAS, you are required to conclude certain data processing terms with us to satisfy the requirements of the GDPR.

NOW THEREFORE, in consideration of the foregoing and other valuable consideration, receipt and adequacy of which is hereby acknowledged,

• You, as “data exporter”, and
• OLI as “data importer”,
• each a “party”; together “the parties”,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1: Definitions. For the purposes of the Clauses:

1. 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
2.  'the data exporter' means the controller who transfers the personal data;
3. 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
4. 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
5. 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
6. 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2: Details of the transfer. The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3: Third-party beneficiary clause.

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
   
   
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
   
   
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
   
   
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4: Obligations of the data exporter

The data exporter agrees and warrants:

1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
2. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
3. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
5. that it will ensure compliance with the security measures;
6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
7. to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
8. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
9. that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
10. that it will ensure compliance with Clause 4(a) to (i).

Clause 5: Obligations of the data importer. The data importer agrees and warrants:

1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
3. that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
4. that it will promptly notify the data exporter about:
   1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
   2. any accidental or unauthorised access, and
   3. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
6. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
8.  that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
9. that the processing services by the subprocessor will be carried out in accordance with Clause 11;
10. to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6: Liability.

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
   
   
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. 
   
   The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
   
   
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7: Mediation and jurisdiction.

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
   1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
   2. to refer the dispute to the courts in the Member State in which the data exporter is established.
       
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8: Cooperation with supervisory authorities.

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
   
   
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
   
   
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9: Governing Law. The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10: Variation of the contract. The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11: Subprocessing.

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
   
   
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
   
   
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
   
   
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12: Obligation after the termination of personal data processing services.

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
   
   
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

APPENDIX 1 - DETAILS OF PROCESSING

This Appendix forms part of the Clauses and must be completed and signed by the parties

Data exporter. The data exporter is your and/or your customers or affiliates.

Data importer. The data importer is us.

Data subjects. The personal data transferred concern data subjects residing in the European Economic Area and Switzerland.

Categories of data. The personal data transferred concern the following categories of data (please specify):
See technical specifications of the Services.

Special categories of data (if appropriate). 
See technical specifications of the Services.

Processing operations. The personal data transferred will be subject to the following basic processing activities (please specify):
We will process personal data to provide the Services, discharge our obligations in the Terms of Use relating to the Services and comply with applicable laws.

APPENDIX 2 - TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

This Appendix 2 describes the technical and organizational security measures that we shall, as a minimum, maintain to protect the security of the personal data processed in connection with the Services and to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems.

Access Control to Processing Areas. We shall implement suitable measures in order to prevent unauthorized individuals from gaining access to the data processing equipment used for the data processing. Where appropriate, these measures include:

1. establishing security areas;
2. protection and restriction of access to processing areas;
3. securing the data processing equipment;
4. establishing access authorizations for staff and third parties;
5. regulations on key cards;
6. restrictions on key cards;
7. all access to the data centre where the personal data is hosted is logged, monitored, and tracked; and
8. the data center where the personal data is hosted is secured by a security alarm system.

Access Control to Data Processing Systems. We shall implement adequate measures to prevent our data processing systems from being used by unauthorized persons. Where appropriate, these measures include:

1. dentification of the terminal and/or the terminal user to our processing systems;
2. automatic time-out of user terminal if left idle, identification and password required to reopen;
3. automatic turn-off of the user ID when several erroneous passwords are entered, log file of events (monitoring of break-in-attempts);
4. issuing and safeguarding of identification codes;
5. dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific functions;
6. staff policies in respect of staff members’ access rights to the personal data (if any), informing staff about their obligations and the consequences of any violations of such obligations;
7. all access to data content is logged, monitored, and tracked; and
8. use of industry-standard encryption and pseudonymization technologies.

Access Control to Use Specific Areas of Data Processing Systems. We shall ensure that the individuals entitled to use our data processing system are only able to access the personal data within the scope and extent covered by their respective authorization and that the personal data cannot be read, copied or modified or removed without authorization. Where appropriate, these measures include:

1. staff policies in respect of each staff member’s access rights and responsibilities with respect to the personal data;
2. allocation of individual terminals and/or terminal user, and identification characteristics exclusive to specific functions;
3. monitoring capability in respect of individuals who delete, add or modify the personal data and regular monitoring and updating of authorization profiles;
4. effective and measurable disciplinary action against individuals who access the personal data without authorization;
5. release of personal data limited to authorized individuals;
6. control of files, including the controlled and documented destruction of personal data;
7. policies controlling the retention of back-up copies; and
8. use of industry-standard encryption pseudonymization technologies.

Transmission Control. We shall implement adequate measures to prevent the personal data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. Where appropriate, these measures include:

1. use of industry-standard firewall and encryption and pseudonymization technologies to protect the gateways and pipelines through which the personal data travels;
2. as far as possible, all data transmissions are logged, monitored and tracked; and
3. monitoring of the completeness and correctness of the transfer of personal data (end-to-end check).

Input Control. We shall implement adequate measures to ensure that it is possible to check and establish whether and by whom the personal data have been put into the data processing systems or removed from such systems. Where appropriate, these measures include:

1. a policy for the authorization to put personal data into memory, as well as for the reading, alteration and deletion of stored personal data;
2. authentication of the authorized personnel;
3. individual authentication credentials such as user IDs that, once assigned, cannot be re-assigned to another individual;
4. protective measures for the personal data input into memory, as well as for the reading, alteration and deletion of stored data;
5. providing that entries to data processing facilities (the rooms housing the computer hardware and related equipment) are capable of being locked;
6. automatic log-off of user IDs (requirement to re-enter password to use the relevant work station) that have not been used for a significant period of time;
7. automatic deactivation of user authentication credentials (such as user IDs) in case the person is no longer authorized to  access the personal data or in case of non-use for a substantial period of time, except for those individuals authorized solely for technical management;
8. proof of the input restrictions and authorizations by the Processor; and
9. electronic recording of entries.

Availability Control. We shall implement adequate measures to ensure that the personal data is protected from accidental destruction or loss, including measures to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident. Where appropriate, these measures include:

1. infrastructure redundancy to ensure data access is regularly backed up and restored in a timely manner;
2. tape backup is stored off-site and available for recovery in case of failure of SAN infrastructure for database server;
3. only the controller may authorize the recovery of backups (if any) or the transfer of personal data outside of the location where the physical database is held, whereby in case of transfer the security measures shall be adjusted to avoid loss or unauthorized access to the personal data, when transferred;
4. regular checks of all the implemented security measures described herein;
5. removable media containing sensitive or judicial data shall be destroyed or made unusable when not used anymore; alternatively the data media may be re-used if data previously stored on that media cannot be re-constructed by any technical means; and
6. any detected security incident is recorded, alongside the executed data recovery procedures, and the identification of the individuals who carried them out.

Separation of Data. We shall implement adequate measures to ensure that personal data collected for different purposes can be processed separately. Where appropriate, these measures include:

1. access to data is separated through application security for the appropriate users (logical separation);
2. modules within our database allow the separation of data regarding their purpose, i.e. by functionality and function;
3. at the database level, the personal data is stored in different normalized tables, separated per module or function they support; interfaces, batch processes and reports are designed exclusively for specific purposes and functions, to ensure that the personal data collected for different purposes are processed separately; and
4. measures of pseudonymization or encryption of personal data.

APPENDIX 3 - GDPR TERMS

This Appendix 3 applies to us solely to the extent that the GDPR applies to the processing of any personal data that you transfer to us under the Clauses.

For the purposes of this Appendix 3, “controller” means the relevant controller of the personal data.

Further to Article 28 of the GDPR, OLI agrees that it:

1. processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which OLI is subject; in such a case, OLI shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest; also, OLI shall immediately inform the controller if, in its opinion, an instruction infringes the GDPR, national data protection laws in the EU or other applicable law; for the avoidance of doubt, the controller agrees that its instructions to OLI for processing personal data include to process such data in accordance with any written agreement between OLI and Purchaser or between OLI and the controller;
2. ensures that persons authorised by OLI to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
3. takes all measures required pursuant to Article 32 of the GDPR (security of processing);
4. respects the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor; for the avoidance of doubt, the controller authorizes OLI to engage another processor where the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR have been met, and such authorization applies to OLI’s current processors, a list of which will be provided to the controller upon written request to OLI;
5. taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR, at the controller’s cost, including, to the extent required to fulfill GDPR obligations, data subjects’ right to access, rectification, erasure and portability of the data subject's personal data; (for the avoidance of doubt, processor shall only assist and enable controller to meet controllers obligations to satisfy data subjects' rights, but processor shall not respond directly to data subjects);
6. assists the controller, at the controller’s cost, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, including notifying the controller of any personal data breach without undue delay, taking into account the nature of processing and the information available to OLI;
7. at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless  required by law;
8. makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, up to once per year, and at the controller’s cost, including inspections, conducted by the controller or another auditor mandated by the controller. OLI can provide certificates or audit reports of its own auditors as evidence of compliance.