4DMedical Limited (ABN 31 161 384 831) respects your privacy and is committed to protecting your personal data. These Terms will inform you as to how we collect, process, and look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
Please read these Terms together with our Privacy Policy and any other privacy notices we may occasionally provide, so that you are fully aware of how and why we are using your data. These Terms supplement our Privacy Policy and privacy notices and are not intended to override them. In the event of any inconsistency between these Terms and the Privacy Policy, the terms of the Privacy Policy prevail. We regularly review all our Terms and privacy documents and may modify them from time to time.
The 4DMedical group is made up of different legal entities (including Imbio Inc., 4DMedical USA, Inc., 4DMedical R&D Inc. and Australian Lung Health Initiative Pty Ltd), all of which are wholly owned subsidiaries of 4DMedical Limited. These Terms are issued on behalf of all companies (together, ”4dMedical”, “we”, “us” or “our”). 4DMedical Limited is the controller and is responsible for this website.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to these Terms and our Privacy Policy. If you have any questions, including any requests to exercise your legal rights in respect of your data, please contact the DPO at: dpo@4DMedical.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
During your visit to this website, we may collect and store aggregate and non-personal information, for example, Technical Data such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website; Usage Data such as how you use our website, the pages you request and the date and time of these requests; and Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences. We collect this information via ‘cookie’ technology or with web beacons. We may use this information to measure site activity and to generate statistics.
We may request Personal Information such as your name, title, and professional occupation, contact data (for example your mailing address, e-mail address or other), type of request, or other information. Such information is collected, stored, and used and in a secure manner.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with these Terms and our Privacy Policy.
We do not sell, provide or otherwise disclose personal information about you to any third party, however, we may disclose information about you if we are required to do so by law or legal process to law enforcement authorities or other government officials, or when we believe disclosure is necessary to prevent harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Subject to our Privacy Policy, we may use free of charge any information, ideas or proposals stored by you on this website for the development, improvement, and sale of our products.
We use different methods to collect data from and about you including through direct interactions where you give us your data; via automated technologies or interactions e.g., as you interact with our website and/or via third parties or publicly available sources.
We will only use your personal data as and when the law allows us to.
For further information on how we use your personal data, you may contact our DPO at: dpo@4DMedical.com.
Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a new customer |
|
Performance of a contract with you |
| To manage our relationship with you, including notifying you about changes to our Terms or Privacy Policy |
|
|
| To enable you to partake in a survey |
|
|
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
|
|
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
|
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
|
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us directly at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data you have provided to us as a result of a product purchase, service purchase, warranty registration or other transactions.
We use cookies to provide you with a better experience. Cookies comprise small pieces of data which are stored on your computer and allow us to recognize you when you return to our site or load another page on the site. These cookies allow us to personalize the site for you and to increase your security by storing your section ID and keeping track of single user access. We also use the aggregated statistical information to learn more about the usage of the site and to improve it over time. You do not have to accept cookies. You can instead disable cookies in your web browser via your browser settings. However, if you do disable cookies, then parts of the site may not be accessible to you.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share your personal data with the parties set out below for the purposes set out above:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We share your personal data within the 4DMedical group. This may involve transferring your data to other countries. We ensure your personal data is protected by requiring all 4DMedical companies to follow the same rules when processing your personal data. These rules are called ‘binding corporate rules.’
Whenever we transfer your personal data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those trained employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to: request access to your personal data; request correction of your personal data; request erasure of your personal data; object to processing of your personal data; request restriction of processing your personal data; request transfer of your personal data; and to withdraw consent.
If you wish to exercise any of the rights set out above, please contact the DPO at dpo@4DMedical.com.
We try to respond to all legitimate requests within 7 days. Occasionally it could take us longer than 7 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Our products and processes are protected by patents and/or are subject to trade secret and/or other proprietary rights. We reserve all such rights.
This website has been developed as a service to provide information about our products and services and the Information is believed to be accurate at the time it is created. However, information on the website may become out of date, contain technical inaccuracies or typographical errors. While we will use all reasonable efforts to keep the information accurate and up-to-date, we make no warranties or representations as to its accuracy.
Nothing contained in any Information is to be construed as medical, legal, investment, financial, or other advice and it is important that you rely on the advice of an appropriate professional in all such respects. All users agree that all access to and use of the website is at their own risk and 4DMedical shall not be liable for any direct, indirect, incidental, special, or consequential damages arising from or in connection with your use of this website or any content contained on this website.
4DMedical Limited (ABN 31 161 384 831) respects your privacy and is committed to protecting your personal data. These Terms will inform you as to how we collect, process, and look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
Please read these Terms together with our Privacy Policy and any other privacy notices we may occasionally provide, so that you are fully aware of how and why we are using your data. These Terms supplement our Privacy Policy and privacy notices and are not intended to override them. In the event of any inconsistency between these Terms and the Privacy Policy, the terms of the Privacy Policy prevail. We regularly review all our Terms and privacy documents and may modify them from time to time.
The 4DMedical group is made up of different legal entities (including Imbio Inc., 4DMedical USA, Inc., 4DMedical R&D Inc. and Australian Lung Health Initiative Pty Ltd), all of which are wholly owned subsidiaries of 4DMedical Limited. These Terms are issued on behalf of all companies (together, ”4dMedical”, “we”, “us” or “our”). 4DMedical Limited is the controller and is responsible for this website.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to these Terms and our Privacy Policy. If you have any questions, including any requests to exercise your legal rights in respect of your data, please contact the DPO at: dpo@4DMedical.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
During your visit to this website, we may collect and store aggregate and non-personal information, for example, Technical Data such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website; Usage Data such as how you use our website, the pages you request and the date and time of these requests; and Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences. We collect this information via ‘cookie’ technology or with web beacons. We may use this information to measure site activity and to generate statistics.
We may request Personal Information such as your name, title, and professional occupation, contact data (for example your mailing address, e-mail address or other), type of request, or other information. Such information is collected, stored, and used and in a secure manner.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with these Terms and our Privacy Policy.
We do not sell, provide or otherwise disclose personal information about you to any third party, however, we may disclose information about you if we are required to do so by law or legal process to law enforcement authorities or other government officials, or when we believe disclosure is necessary to prevent harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Subject to our Privacy Policy, we may use free of charge any information, ideas or proposals stored by you on this website for the development, improvement, and sale of our products.
We use different methods to collect data from and about you including through direct interactions where you give us your data; via automated technologies or interactions e.g., as you interact with our website and/or via third parties or publicly available sources.
We will only use your personal data as and when the law allows us to.
For further information on how we use your personal data, you may contact our DPO at: dpo@4DMedical.com.
Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a new customer |
|
Performance of a contract with you |
| To manage our relationship with you, including notifying you about changes to our Terms or Privacy Policy |
|
|
| To enable you to partake in a survey |
|
|
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
|
|
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
|
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
|
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us directly at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data you have provided to us as a result of a product purchase, service purchase, warranty registration or other transactions.
We use cookies to provide you with a better experience. Cookies comprise small pieces of data which are stored on your computer and allow us to recognize you when you return to our site or load another page on the site. These cookies allow us to personalize the site for you and to increase your security by storing your section ID and keeping track of single user access. We also use the aggregated statistical information to learn more about the usage of the site and to improve it over time. You do not have to accept cookies. You can instead disable cookies in your web browser via your browser settings. However, if you do disable cookies, then parts of the site may not be accessible to you.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share your personal data with the parties set out below for the purposes set out above:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We share your personal data within the 4DMedical group. This may involve transferring your data to other countries. We ensure your personal data is protected by requiring all 4DMedical companies to follow the same rules when processing your personal data. These rules are called ‘binding corporate rules.’
Whenever we transfer your personal data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those trained employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to: request access to your personal data; request correction of your personal data; request erasure of your personal data; object to processing of your personal data; request restriction of processing your personal data; request transfer of your personal data; and to withdraw consent.
If you wish to exercise any of the rights set out above, please contact the DPO at dpo@4DMedical.com.
We try to respond to all legitimate requests within 7 days. Occasionally it could take us longer than 7 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Our products and processes are protected by patents and/or are subject to trade secret and/or other proprietary rights. We reserve all such rights.
This website has been developed as a service to provide information about our products and services and the Information is believed to be accurate at the time it is created. However, information on the website may become out of date, contain technical inaccuracies or typographical errors. While we will use all reasonable efforts to keep the information accurate and up-to-date, we make no warranties or representations as to its accuracy.
Nothing contained in any Information is to be construed as medical, legal, investment, financial, or other advice and it is important that you rely on the advice of an appropriate professional in all such respects. All users agree that all access to and use of the website is at their own risk and 4DMedical shall not be liable for any direct, indirect, incidental, special, or consequential damages arising from or in connection with your use of this website or any content contained on this website.
Welcome to portal.imbio.com, the website and online service of Imbio, LLC (collectively “Imbio”, “We”, “Us” and “Our”). This Portal Terms and Conditions Agreement (the “Agreement”) is made by and between Imbio, a fully owned subsidiary of 4DMedical, Level 7/700 Swanston Street, Carlton Victoria 3053 Australia, and the customer accepting this agreement (customer hereinafter referred to as “Customer”, “You” and “Your”).
You have indicated that You wish to subscribe to the Portal software services offered by Imbio as defined herein, and Imbio agrees to make services, software or applications owned, controlled, or offered by Imbio (which may include, as applicable, content and offline components such as associated media, printed materials, and electronic documentation) (collectively the “Services”) available to You for the purpose of either (i) a limited time (the “Trial Period”) for the purpose of evaluating the Services, or (i) an ongoing use of the Services, subject to the completion of any additional subscription, research or beta use agreement as may be required by Imbio.
BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM OR QUOTATION THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
Services provided to Customer include Imbio’s image analysis services as made available via the Portal website, and as may be updated or amended by Imbio in its sole discretion, and are subject to the terms and conditions (collectively the “Terms”) of this Agreement. If you have a separate Subscription Agreement, Beta Agreement or Research Agreement with Imbio, the separate Subscription, Beta or Research agreement takes precedence over this Portal agreement where any conflicts may exist.
1.1 Term and Termination. This Agreement commences on the date You first accept it and continues until (i) any Trial Period set forth herein has expired or has been terminated, or (ii) any related subscription, research or beta use agreement expires or is terminated.
1.2 Trial Periods. If You are subscribing to the Services for a Trial Period, such Trial Period for this agreement begins upon your first login to Portal and continues for the lesser of (a) the number of days indicated on the Imbio web site as the offered trial period at the time at which You request Your trial, or (b) the expiration of the trial credits offered to You to utilize the Services. In no circumstance, will a Trial Period exceed ninety (90) days. Either party may terminate a Trial Period for any reason or no reason upon seven (7) days notice to the other party.
1.3 Cessation of Use. Upon expiration or termination of this Agreement, You may no longer utilize the Services and We will terminate your access to the Services. We will delete all of Your data and any outputs You generate as you utilize the Services within thirty (30) days of the expiration or termination of this Agreement.
2.1 Your Responsibilities. Subject to Your use of Services in accordance with the terms of this Agreement, Imbio hereby grants You a non-exclusive, non-transferable right to permit Your employees or other users authorized by You (“Users”) to use the Services during the term of this Agreement solely for Your internal business operations. You will (a) be responsible for Users’ compliance with this Agreement and be responsible for any breach of this Agreement by the Users, (b) be solely responsible for the accuracy, quality, integrity and legality of Your data and the means by which You acquired Your data, (c) use Services only in accordance with any documentation provided by Imbio and applicable laws and government regulations.
2.2 Usage Restrictions; Reservation of Rights. All title, rights, ownership and copyrights in and to the software used in providing the Services, the accompanying media and printed materials are owned at all times by Imbio or its licensors. You will not (a) make any Service available to, or use any Service or Content for the benefit of, anyone other than You or Your Users, (b) use a Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights (including, but not limited to, the PHI of patients, as defined by the laws and regulations commonly referred to as HIPAA), or (c) attempt to defeat, avoid, by-pass, remove, deactivate, or otherwise circumvent any software protection mechanisms in the Services. Subject to the limited rights expressly granted hereunder, We and Our licensors reserve all of Our/their right, title and interest in and to the Services, including all of Our/their related intellectual property rights. No rights are granted to You hereunder other than as expressly set forth herein.
2.3 Medical Use. You understand that the Services offered by us involve software used to supplement the treatment of patients undergoing medical procedures. The Services are only to be used as a supplement to standard methods of interpreting radiological images. If any of the Services You utilize under the terms of this Agreement are identified by Imbio as a beta application (for example, identified as Beta Products, Beta Software, Beta Applications, Research Use Only, or Investigational Use Only) (collectively, “Beta Services”), You understand that such Beta Services are not intended for clinical usage, and You agree that You will not use the Beta Services for clinical patient treatment purposes. Any Beta Services will be identified by Imbio on the Portal website or will produce outputs labeled to indicate beta, research or investigational use only.
3.1 HIPAA Compliance. Imbio represents that, to the extent required by law, the Services provided under this Agreement will comply in all material respects with the privacy standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160 and 164, subparts A and E (“the Privacy Rule”) and the security standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160, 162 and 164, subpart C (“the Security Rule”). Collectively, the Privacy Rule and the Security Rule are referred to herein as “HIPAA Rules.”
3.2 Business Associate Agreement. To the extent that HIPAA Rules (45 C.F.R. Section 164.504(e)) may require a “Business associate contract” between You or the Legal Entity that You represent as a covered entity, and Imbio as a business associate, attached and incorporated herein and agreed to by the parties is Exhibit A, “HIPAA Business Associate Agreement”. Terms of Exhibit A shall be considered binding upon your acceptant of this Agreement and shall remain in effect during the term of the Agreement including any extensions.
3.3 GDPR Compliance. Imbio represents that, to the extent required by law, the Services provided under this Agreement will comply in all material respects with the EU General Data Protection Regulation 2016/679 referred to herein as “GDPR”. If You are a User to which GDPR protections apply, You acknowledge that Imbio collects your personal information through the Portal registration process and through Your Portal online user profile. This information is retained to document and support Your subscription and may be used by Imbio to contact You regarding Your subscription, Your use of the Services and product notices or other marketing communications related to the Services You are using so long as You maintain an active subscription to the Services. Imbio shall not sell, share or otherwise transfer any of Your personal information to any 3rd party other than as may be required for performing the Services and Imbio communications authorized herein. You may contact IMBIO at support@imbio.com to edit, correct, change, or delete your personal information at any time, or to terminate your use of the Services under a Trial Period at any time.
3.4 Non-U.S. and EU Users or Entities. IMBIO DOES NOT WARRANT OR REPRESENT that the Services provided hereunder meet all international laws and regulations regarding personal or patient privacy and protected health information, except for the representations in sections 3.1 and 3.3 of this Agreement. IMBIO DOES REPRESENT that We shall take substantially the same measure of care and apply the same internal policies, procedures and standards in managing and protecting Your data as We do to meet the HIPAA compliance standards per section 3.1 of this agreement, for all users of the Services. If You or the Legal Entity you represent are not subject to or protected by the representations in sections 3.1 and 3.3 of this Agreement, You are responsible to ensure that Your use of the Services and any data that You may uploaded to Imbio shall comply with Your internal processes and policies, and any applicable governmental laws or regulatory requirements pertaining to patient privacy and protected patient health information. You hereby accept sole liability for non-compliance with laws or regulations regarding patient privacy and protected health information.
4. The parties agree that the data exchanged by the parties under the terms of this Agreement, including but not limited to the data uploaded to and downloaded from the Portal website, as well as the information contained on the Portal website itself, are considered Confidential Information. In addition, any data, including the existence of, the user interface of, Your use of and outputs of any Beta Services shall be considered Confidential. The receiving party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) not to use any Confidential Information of the disclosing party for any purpose outside the scope of this Agreement,. The obligations under this Section 3 shall remain in force for a term expiring two (2) years after the expiration of this Agreement.
5.1 Indemnification by Us. We will defend You against any claim, demand, suit or proceeding made or brought against You by a third party alleging that the use of the Services in accordance with this Agreement infringes or misappropriates such third party’s intellectual property rights (a “Claim Against You”), and will indemnify You from any damages, attorney fees and costs finally awarded against You as a result of a Claim Against You, provided You (a) promptly give Us written notice of the Claim Against You, (b) give Us sole control of the defense and settlement of the Claim Against You, and (c) give Us all reasonable assistance, at Our expense. The above defense and indemnification obligations do not apply to the extent a Claim Against You arises from Your use of the Services in a manner contrary to the instructions given to You by Us, or Your breach of this Agreement. In addition, Imbio shall not be responsible for any compromise or settlement made without its written consent. THE FOREGOING STATES THE ENTIRE LIABILITY OF IMBIO FOR INFRINGEMENT AND SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY AND IMBIO’S SOLE OBLIGATOIN AND LIABILITY FOR ANY ALLEGED INFRINGEMENT.
5.2 Indemnification by You. Except as is specified in Section 5.1, You will defend us and hold us harmless against any claim, demand, suit or proceeding made or brought against us by a third party resulting from Your use of the Services under the terms of this Agreement, including indemnifying us against any damages, costs or attorney fees as a result of any such claim.
5.3 Limitation of Liability. IMBIO ACCEPTS NO LIABILITY WITH RESPECT TO ANY INCIDENT ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEPT FOR LIABILITY ARISING DIRECTLY FROM INFRINGEMENT OR MISAPPROPRIATION OF A THIRD PARTY’S INTELLECTUAL PROPERTY RIGHTS BY IMBIO.
5.4 Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES. THIS DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
6.1 Surviving Provisions. The Sections titled “Usage Restrictions,” “Reservation of Rights,” “Confidentiality,” “Indemnification & Limitation of Liability,” and “General Provisions” will survive any termination or expiration if this Agreement.
6.2 General Provisions. The parties mutually agree i) this Agreement shall be governed by the laws of the State of Minnesota, each party agrees to the applicable governing law without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above; ii) neither party may assign any of its rights or obligations hereunder, without the other party’s prior written consent (not to be unreasonably withheld), except that Imbio may assign this Agreement in its entirety without the other party’s consent to its affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. used in the performance of the services hereunder; iii) the parties are independent contractors, this Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties; iv) no failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right; and v) if any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.
This Business Associate Agreement (this “Agreement”) is made by and between Imbio, LLC, a Minnesota corporation located at 807 Broadway St NE, Suite 350, Minneapolis MN 55413, hereinafter referred to as “Imbio” or “Business Associate”, and the customer accepting the Portal Terms and Conditions Agreement into which it is incorporated, hereinafter referred to as “Covered Entity”, (individually, a “Party” and collectively, the “Parties”).
WHEREAS, Covered Entity may from time to time enter into agreements with Imbio for the provision of services (“Service Agreements”), pursuant to which Imbio will act as a business associate (“Business Associate”) within the meaning of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as the same may be amended from time to time (“HIPAA”); and
WHEREAS, both Parties are required to comply with the Health Information Technology Economic and Clinical Health (“HITECH”) Act, as well as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the privacy regulations promulgated pursuant to HIPAA, including, but not limited to, 45 C.F.R. Parts 160 and 164 Subpart E (the “Privacy Regulation”), and the security regulations promulgated pursuant to HIPAA, including, but not limited to 45 C.F.R. Parts 160 and 164 Subpart C (the “Security Regulation”), as may be amended from time to time.
NOW, THEREFORE, This Agreement sets forth the terms and conditions pursuant to which Protected Health Information, including electronic Protected Health Information will be handled by Business Associate and third parties during the term of the Agreement and after its termination. The Parties agree as follows:
Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the definitions set forth by HIPAA. In the event of an inconsistency between the provisions of this Agreement and mandatory provisions of HIPAA, HIPAA shall control. Where provisions of this Agreement are different from those mandated by HIPAA, but are nonetheless permitted by HIPAA, the provisions of this Agreement shall control.
Business Associate agrees to:
(a) Not use or disclose protected health information other than as permitted or required by this Agreement or by law;
(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;
(c) Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware within seventy-two (72) hours. Covered Entity shall be responsible for any required notifications to individuals, regulatory bodies or government agencies as required by law on behalf of Covered Entity;
(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;
(e) Make available protected health information in a designated record set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524. Should Business Associate receive a request for protected health information from any individual, Business Associate shall forward such request to Covered Entity, and Covered Entity shall, in its sole discretion fulfill such requests as required by applicable law and regulations;
(f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
(g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity” as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528. Should Business Associate receive a request for an accounting of disclosures from any individual, Business Associate shall forward such request to Covered Entity, and Covered Entity shall, in its sole discretion fulfill such requests as required by applicable law and regulations;
(h) To the extent the Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
(i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
(a) Business Associate may only use or disclose protected health information as necessary to perform its obligations under any Service Agreement between the Parties, subject to the terms of this Agreement.
(b) Business Associate may use or disclose protected health information as required by law.
(c) Business Associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures.
(d) Business Associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
(a) Term. This Agreement shall be effective upon your acceptance of the Portal Terms and Conditions Agreement into which it is incorporated, and will continue until either (i) the expiration or termination of all Service Agreements between the Parties, or (ii) termination for cause as authorized in paragraph (b) of this Section.
(b) Termination for Cause. Business Associate authorizes termination of this Agreement by Covered Entity, if Covered Entity determines Business Associate has violated a material term of the Agreement, and Business Associate has not cured the breach or ended the violation within thirty (30) days of receiving written notice of such violation from Covered Entity. Termination of this agreement does not in any manner affect, reduce or eliminate Covered Entity’s payment obligations under any Service Agreement between the Parties.
(c) Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, Business Associate, with respect to protected health information received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:
This Agreement sets forth the entire understanding of the parties regarding the subject matter covered herein, and may be modified or amended only by a written Amendment signed by both Parties.
This Agreement will be interpreted and construed in accordance with the laws of the State of Minnesota, and each party agrees to the applicable governing law without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above.
If any provision of this Agreement is held invalid, illegal or unenforceable in any respect, such invalidity, illegality or unenforceability will not affect any other provisions of this Agreement, and this Agreement will be construed as if such invalid, illegal or unenforceable provision had never been contained herein. Further, if any provision of this Agreement is held to be unenforceable as written, it will be construed, by limiting and reducing it, so as to be enforceable to the extent compatible with applicable law.
