GENERAL TERMS AND CONDITIONS OF SALE AND SOFTWARE LICENSE (“Conditions of Sale”)
1. Initial Provisions
1.1. The Products (equipment, service, and software) offered on the quotation issued by Heartstream Singapore Pte Ltd (“Heartstream”) are subject to these Conditions of Sale.
1.2. The purchase prices set out on the quotation are net of all taxes. All taxes on the Products will be borne by the Customer.
1.3. The terms and conditions contained in the Local Sales Terms and Conditions, if any, shall supplement and form part of these Conditions of Sale. If there is a conflict or inconsistency with these Conditions of Sale, the provisions of the Local Sales Terms and Conditions shall prevail and take precedence.
2. Quotation, Order and Payment
2.1. Any quotation on the Products will be open for acceptance within the period indicated therein and may be amended or revoked by Heartstream prior to Customer’s acceptance. Any purchase orders shall be subject to Heartstream’s confirmation in writing. Any terms and conditions set forth on the Customer’s purchase order or otherwise issued by the Customer shall not apply to the Products.
2.2. The prices and payment terms are set out on the quotation. Orders are subject to Heartstream’s ongoing credit review and approval.
2.3. Interest will apply to any late payments at 1.5% per month (subject to the maximum rate permitted by applicable law) immediately from the due date of payment until receipt of amount invoiced in full. If the Customer fails to pay any amounts due or breaches these Conditions of Sale, Heartstream will be entitled to suspend the performance of its obligations and deduct the unpaid amount from any amounts otherwise owed to Customer by Heartstream, in addition to any other rights or remedies available to Heartstream. Heartstream shall be entitled to recover all costs and expenses, including reasonable attorneys’ fees related to the enforcement of its rights or remedies.
2.4. Customer has no right to cancel an order, unless such cancellation right is granted to the Customer by mandatory law in which case the Customer shall pay the costs incurred by Heartstream up to the date of cancellation. In other cases of cancellation, the agreed price shall remain due and payable.
2.5. Heartstream may adjust customer list price and/or net list price, in accordance with the Consumer Price Index published by the relevant government Department of Statistics. Heartstream shall give at least thirty (30) days prior written notice to Customer before implementing any adjustment to pricing, such adjustment shall not be retroactive, and shall not apply within 1 year from the date of the quote.
3. Retention of title until full payment
The title to the Products shall remain vested in Heartstream until the payment of the purchase price by the Customer.
4. Technical changes; obsolescence of the Product
Heartstream may make changes to the design or specifications of the Products at any time, provided such change does not adversely affect the performance of the Products. If a Product becomes obsolete before the delivery date, Heartstream shall endeavor to provide equivalent replacement Products at similar prices but shall have no liability whatsoever if no replacement is available.
5. Lease and Trade-In
5.1. If the Customer desires to convert the purchase of any Products to a lease, the Customer shall within 90 days prior to the delivery of the Products provide all relevant rental documents for review and approval by Heartstream. Heartstream may provide the rental agreement at its discretion.
5.2. If Customer will be trading-in equipment (“Trade-In”), then:
5.2.1. Customer must possess good and marketable title to the Trade-In as of the date of the quotation and when Heartstream takes possession of the Trade-in from Customer’s site. If Customer is in breach of this undertaking, Customer shall not be entitled to keep a trade-in credit for such Trade-In and shall promptly refund Heartstream such credited amounts upon receipt of an invoice from Heartstream.
5.2.2. The trade-in value set forth on Heartstream quotation is conditioned upon Customer providing Trade-In no later than the date Heartstream makes the new Product listed on such quotation available for first patient use. Customer shall bear the costs of any reduction in trade-in value arising due to a delay by the Customer causing the trade-in not to occur by the expected date and promptly pay the revised invoice.
5.2.3. If Heartstream receives a Trade-In having a different configuration (including software version) or model number than the Trade- In described on the Heartstream quotation, Heartstream may adjust the trade in value and revise the invoice accordingly and Customer shall pay such revised invoice promptly upon receipt.
5.2.4. Customer undertakes to (i) clean and sanitize all components that may be infected and all biological fluids from the Trade-In and (ii) delete all personal data in the Trade-In. Customer will reimburse Heartstream against any out-of-pocket costs incurred by Heartstream arising from Customer’s breach of its obligations herein.
6. Shipment and delivery date
6.1. Heartstream shall deliver the Products in accordance with the Incoterms set forth on the quotation. If Heartstream and the Customer agree to any other terms of delivery, additional costs shall be for the account of the Customer.
6.2. Heartstream will make reasonable efforts to meet delivery dates quoted or acknowledged. Failure to deliver by the specified date will not be a sufficient cause for cancellation nor will Heartstream be liable for any penalty, loss, or expense due to delay in delivery. If the Customer causes the delay, any reasonable expenses incurred by Heartstream will be for the account of the Customer.
7. Installation
7.1. If Heartstream has undertaken installation of the Products, the Customer shall be responsible for the following at its sole expense and risk:
7.1.1. The provision of adequate and lockable storage for the Products on or near the installation site. The Customer will repair or replace any lost or damaged item during the storage period.
7.1.2. Heartstream or its (affiliate’s) representative shall have access to the installation site without obstacle or hindrance in due time to start the installation work at the scheduled date.
7.1.3. The timely execution and completion of the preparatory works, in conformity with Heartstream’s installation requirements. The Customer shall ensure that the prepared site shall comply with all safety, electrical and building codes relevant to the Products and installation thereof.
7.1.4. The proper removal and disposal of any hazardous material at the installation site prior to installation by Heartstream.
7.1.5. The timely provision of all visa, entry, exit, residence, work or any other permits and licenses necessary for Heartstream’s or Heartstream’s representatives’ personnel and for the import and export of tools, equipment, Products and materials necessary for the installation works and subsequent testing.
7.1.6. The assistance to Heartstream or Heartstream’s representative for moving the Products from the entrance of the Customer’s premises to the installation site. The Customer shall be responsible, at its expense, for rigging, the removal of partitions or other obstacles, and restoration work.
7.2. If Products are connected to a computer network, the Customer shall be responsible for network security, including but not limited to, using secure administrative passwords, installing the latest security updates of operating software and web browsers, running a Customer firewall and maintaining up-to-date drivers, anti-virus and anti-spyware software.
7.3. If any of the above conditions are not complied with, Heartstream or Heartstream’s representative may interrupt the installation and subsequent testing for reasons not attributable to Heartstream, and the parties shall extend the period for completing the installation. Any additional costs shall be for the Customer’s account and Heartstream shall have no liability for any damage resulting from or in connection with the delayed installation.
7.4. Heartstream shall have no liability for the fitness or adequacy of the premises or the utilities available at the premises for installation or storage of the Products.
8. Acceptance
8.1. Heartstream shall notify the Customer of the completion of the installation to enable the Customer to participate in the tests and confirm, by signing a certificate, the acceptance of the Products and compliance with the agreed specifications.
8.2. In case of absence of the Customer, Heartstream shall start the tests according to Heartstream’s standard testing procedures and on completion, the test certificate shall indicate acceptance.
8.3. In case of rejection of the Products, the Customer shall submit the reasons to Heartstream in a detailed written form within 10 days from the completion of the acceptance tests, and Heartstream shall correct such failures by repeating the relevant steps of the acceptance test within a reasonable time.
8.4. If, within ten (10) days from the completion of the acceptance test, Heartstream has not received the signed certificate of acceptance or a rejection report with justified reasons, the Product shall be considered accepted by the Customer.
8.5. In case the Customer starts making clinical use of the Products, this shall be considered a deemed acceptance by the Customer.
8.6. Minor defects or deviations that do not affect the operational use of the installed Products shall be stated on the certificate of acceptance but shall not prevent acceptance. Heartstream shall be obligated to remedy such defects within a reasonable time.
9. Complaints and returns
The Customer shall notify Heartstream in writing, substantiating its complaints within ten (10) days of its receipt of the Products. If Heartstream accepts the claim as valid, Heartstream shall issue a return authorization notice, and the Customer shall return the Products. Each returned Product shall be packed in its original packaging.
10. Product warranty
10.1. In the absence of any specific Product warranty in the quotation, the following warranty provisions will apply to the Product.
10.2. Hardware Products. Heartstream warrants to Customer that the Product shall materially comply with its product specification on the quotation and the user documentation accompanying the shipment for a period of one year from the date of acceptance, deemed acceptance or first clinical use, whichever occurs first, but under any circumstances, no more than fifteen (15) months from the date of shipment, provided the Product has been subject to proper use and maintenance. Any disposable Product intended for single use supplied by Heartstream to the Customer will be of good quality until the expiration date applicable to such Product.
10.3. Service. Heartstream warrants that all services will be carried out with reasonable care and skill. Heartstream’s sole liability for breach of this warranty shall be at its option to give credit for or re-perform the services in question. This warranty shall only extend for a period of ninety (90) days after the completion of the services.
10.4. Customer shall only be entitled to make a Product warranty claim if Heartstream receives written notice of the defect during the warranty period within ten (10) days from the Customer discovering the defect, and, if required, the Product or the defective parts shall be returned to an address stated by Heartstream. Such defective parts shall be the property of Heartstream after their replacement.
10.5. Heartstream’s warranty obligations for the Product shall be limited at Heartstream’s option to the repair or replacement of the Product or any part thereof, in which case the spare parts shall be new or equivalent to new in performance, or to the refund of a pro rata portion of the purchase price paid by the Customer.
10.6. Heartstream’s warranty obligations shall not apply to any defects resulting from:
10.6.1. improper or unsuitable maintenance, configuration or calibration by the Customer or its agents.
10.6.2. use, operation, modification, or maintenance of the Product not in accordance with the Product specification and the applicable written instructions of Heartstream or performed prior to the completion of Heartstream’s validation process.
10.6.3. abuse, negligence, accident, damages (including damage in transit) caused by the Customer.
10.6.4. improper site preparation, including corrosion to Product caused by Customer.
10.6.5. any damage to the Product or any medical data or other data stored, caused by an external source (including viruses or similar software interference) resulting from the connection of the Product to a Customer network, Customer client devices, a third party product or use of removable devices.
10.7. Heartstream is not responsible for the warranty for the third-party product provided by Heartstream to the Customer. However, if Heartstream, under its license agreement or purchase agreement with such third party, has right to warranties and service solutions, Heartstream shall make reasonable efforts to extend to the Customer the third-party warranty and service solutions for such Products.
10.8. The warranties set forth in these Conditions of Sale and quotation are the sole warranties made by Heartstream in connection with the Product, are expressly in lieu of any other warranties, whether written, oral, statutory, express or implied, including any warranty of non-infringement, quiet enjoyment, merchantability or fitness for a particular purpose. Heartstream expressly disclaims the implied warranties of merchantability and fitness for a particular purpose. Moreover, Heartstream does not warrant any Product using the cloud to be uninterrupted or error free.
11. Limitation of Liability
11.1. The total liability of Heartstream arising under or in connection with the Product for any breach of contractual obligations, warranty, negligence, unlawful act or otherwise in connection with the Product is limited to the actual purchase price received for the Product that gave rise to the claim.
11.2. Heartstream shall not be liable for any indirect, punitive, incidental, exemplary, special or consequential damages and/or for any damages including, loss of data, profits, revenue, business interruption or use in connection with or arising out of these Conditions of Sale, regardless of whether they are foreseeable or not and whether the claim is made in tort (including negligence), breach of contract, at law or in equity. Neither Heartstream nor its suppliers shall be liable for any loss or inability to use medical or other data stored on or by the Product.
11.3. The exclusion of liability in these Conditions of Sale shall only apply to the extent allowed under the applicable law.
12. Infringement of Intellectual Property Rights
12.1. Customer shall promptly give Heartstream written notice of any third-party claim alleging that the Product or the use thereof constitutes infringement of third-party intellectual property rights.
12.2. Heartstream shall have the exclusive authority to defend and settle such claim. Customer shall not make any admission or conclude any settlement in relation to such claim without Heartstream’s prior written consent. Customer shall provide Heartstream with all information and assistance required to defend such claim.
12.3. Subject to Customer’s compliance with clauses 12.1 and 12.2, and subject to clause 12.4, Heartstream will, at its option and expense, either: (i) procure for Customer the right to continue using the Product; (ii) replace the Product with an equivalent non-infringing product; (iii) modify the Product such that it becomes non-infringing; (iv) repurchase the Products held in stock by Customer for the purchase price less reasonable depreciation; or (v) defend or settle such claim brought against Customer.
12.4. Heartstream shall have no liability or obligation under this clause 12 if the claim of infringement concerns a Product:
i. designed and manufactured in accordance with Customer’s specifications or instructions;
ii. modified by Customer or its end user or used not in accordance with its intended purpose;
iii. not updated by Customer in accordance with Heartstream’s instructions (e.g. software updates);
iv. combined by Customer or its end user with devices, software, methods, systems, or processes not supplied by Heartstream, where the third-party claim is based on such combination; or
v. in respect of which the alleged infringement occurs in a country other than the Territory.
12.5. In no event shall Heartstream be liable for any indirect or consequential losses or damages, suffered or incurred by Customer or any of its affiliates or its/their customers in connection with the infringement of any third party IPR.
12.6. Clauses 12.1 up to and including 12.5 represent Heartstream’s sole and entire liability and Customer’s exclusive remedy in respect of third-party intellectual property claims.
12.7. If Heartstream receives a notice either from Customer or from a third party claiming that the Product or the use thereof infringes any third-party intellectual property rights, Heartstream may to limit or avoid liability, suspend or discontinue supplies of the Products to Customer and shall not be liable to Customer by virtue of such suspension or discontinuation.
13. Use and exclusivity of Product documents
All documents and manuals including technical information related to the Products and their maintenance as delivered by Heartstream is the proprietary information of Heartstream, covered by Heartstream’s copyright, and remains the property of Heartstream, and as such, it shall not be copied, reproduced, transmitted or disclosed to or used by third parties without the prior written consent of Heartstream.
14. Export Control and Product Resale
14.1. The supply, export or transfer of Products or the provision of installation, maintenance, technical assistance, training, investment, financing or brokering services related thereto may be subject to export control laws and sanction regulations, including but not limited to those of the UN, the EU, the UK and the USA, which prohibit or restrict export or diversion of certain products, technology, and services to certain countries (the “Export Regulations”). If the delivery of Products or services to designated destinations or persons is subject to the granting of an export or import license by a government or otherwise restricted or prohibited due to Export Regulations, Heartstream may suspend its obligations to Customer until such license is granted or for the duration of the restriction or prohibition.
14.2. No export license. If no license can be obtained, or if the restriction of prohibition continues, Heartstream may decide, in its own discretion, to terminate the relevant order without incurring any liability towards Customer. Customer shall comply in all respects with the Export Regulations and with any export license applicable for the supply of Products, Software, Technology or the provision of services.
14.3. Re-export. Customer shall impose all applicable export control and sanction restrictions to any third party if the Products are transferred or re-exported to third parties. Customer shall take all actions that may be reasonably necessary to ensure that no purchaser violates the Export Regulations. Customer shall indemnify Heartstream against any and all direct, indirect and punitive damages, loss, costs (including attorney’s fees and costs) and other liability resulting from breach or non-compliance with this clause. Customer agrees that re-export of certain products, technology, and services and/or to certain countries, limited or restricted by the Export Regulations, is prohibited, and must not be executed without first obtaining approval from relevant government authorities. Customer shall inform Heartstream in writing of any resale or (re-) export of the Products to comply with export control and sanction regulations and any other regulatory responsibilities governing the sale of the Products, including but not limited to, requirements on traceability of medical devices, that may apply to Heartstream.
14.4. The parties agree that failure to comply with clauses 14.1, 14.2, or 14.3 is a sufficient reason for immediate suspension of the performance of any obligation under these Conditions of Sale and/or termination of order by Heartstream without any prior notification. In the event of such suspension or termination, (i) Heartstream shall be under no obligation to supply any Products to Customer nor under any further obligation resulting from these Conditions of Sale, (ii) Customer shall hold harmless and indemnify Heartstream of and for any damages, claims, penalties or other losses (including attorneys’ fees) that may be asserted against or incurred by Heartstream as a result of Customer’s breach of this clause; and (iii) Heartstream shall be entitled to any other remedies available at law or in equity. The provisions of this clause shall survive any termination or expiry of these Conditions of Sale.
15. License Software Terms
15.1. Subject to any usage limitations set forth on the quotation, Heartstream grants to Customer a non-exclusive, non-transferable license, without the right to grant sub-licenses, to incorporate and use the Licensed Software (as specified on the quotation, whether embedded or stand-alone) in Licensed Products and the permitted use (as referenced in the quotation) in accordance with these Conditions of Sale.
15.2. The Licensed Software is licensed and not sold. All intellectual property rights in the Licensed Software shall remain with Heartstream.
15.3. Customer may make one copy of the Licensed Software in machine-readable form solely for backup purposes. Heartstream may charge for backup copies created by Heartstream. Customer may not reproduce, sell, assign, transfer or sublicense the Licensed Software. Customer shall preserve the confidential nature of the Licensed Software and shall not disclose or transfer any portion of the Licensed Software to any third party.
15.4. Customer shall maintain Heartstream’s copyright notice or other proprietary legends on any copies of the Licensed Software. Customer shall not (and shall not allow any third party to) decompile, disassemble, or reverse engineer the Licensed Software.
15.5. The Licensed Software may only be used in relation to Licensed Products or systems certified by Heartstream. If Customer modifies the Licensed Software in any manner, all warranties associated with the Licensed Software and the Products shall become null and void. Customer installation of Heartstream’s issued patches or updates shall not be deemed to be a modification.
15.6. Heartstream and its affiliates shall be free to use any feedback or suggestions for modification or enhancement of the Licensed Software provided by Customer, for the purpose of modifying or enhancing the Licensed Software as well as for licensing such enhancements to third parties.
15.7. With respect to any third party licensed software, the Customer will comply with the terms applicable to such licensed software. Customer shall indemnify Heartstream for any damage arising from its failure to comply with such terms. If the third party licensor terminates the third party license, Heartstream may terminate the third party license with the Customer and make reasonable effort to procure a solution.
16. Confidentiality
If any of the parties have access to confidential information of the other party, it shall keep this information confidential. Such information shall only be used if and to the extent that it is necessary to carry out the concerned transactions. This obligation does not extend to public domain information and/or information that is disclosed by operation of law or court order.
17. Compliance with Laws
Each party shall comply with all laws, rules, and regulations applicable to the party in connection with these Conditions of Sale, including, but not limited to, privacy, health and safety, anti-bribery, and corruption laws.
18. Force majeure
18.1. Each party shall not be liable in respect of the non-performance of any of its obligations to the extent such performance is prevented by any circumstances beyond its reasonable control, including, but not limited to, acts of God, war, civil war, insurrection, fire, flood, labor disputes, epidemics, pandemic, cyber-attack, act of terrorism, governmental regulations and/or similar acts, embargoes, export control sanctions or restrictions, Heartstream’s unavailability regarding any required permits, licenses and/or authorizations, default or force majeure of suppliers or subcontractors.
18.2. If force majeure prevents Heartstream from fulfilling any order from the Customer or otherwise performing any obligation arising out of the sale, Heartstream shall not be liable to the Customer for any compensation, reimbursement, or damages.
19. Miscellaneous
19.1. Any newly manufactured Product provided may contain selected remanufactured parts equivalent to new in terms of performance.
19.2. If the Customer becomes insolvent, unable to pay its debts as they fall due, files for bankruptcy or is subject to it, has appointed a recipient, is subject to a late fee on payments (temporary or permanent), or has its assets assigned or frozen, Heartstream may cancel any unfulfilled obligations or suspend its performance; provided that, however, the Customer’s financial obligations to Heartstream shall remain in full force and effect.
19.3. If any provision of these Conditions of Sale is found to be unlawful, unenforceable, or invalid, in whole or in part, the validity and enforceability of the remaining provisions shall remain in full force and effect. In lieu of any provision deemed to be unlawful, unenforceable or invalid, in whole or in part, a provision reflecting the original intent of these Conditions of Sale, to the extent permitted by the applicable law, shall be deemed to be a substitute for that provision.
19.4. Notices or other communications shall be given in writing and shall be deemed effective if they are delivered in person or if they are sent by courier or mail to the relevant party.
19.5. The failure by the Customer or Heartstream at any time to require compliance with any obligation shall not affect the right to require its enforcement at any time thereafter.
19.6. Heartstream may assign or novate its rights and obligations in whole or in part, to any of its affiliates or may assign any of its accounts receivable to any bank or financial institution (“Assignee“) along with other associated rights without Customer’s consent. Customer agrees to execute any documents that may be necessary to complete Heartstream’s assignment or novation (including but not limited to acknowledging in writing, the receipt and acceptance of any notice of assignment which contains the updated payment details and instructions pursuant to which the Customer shall pay the relevant third party against the assigned receivables). The Customer shall not, without the prior written consent of Heartstream, transfer or assign any of its rights or obligations.
19.7. The Customer’s obligations do not depend on any other obligations it may have under any other agreement or arrangement with Heartstream. The Customer shall not exercise any offset right in the quotation or sale in relation to any other agreement or arrangement with Heartstream.
19.8. These Conditions of Sale shall be governed by the laws Singapore, and the parties submit to the exclusive jurisdiction of the courts in Singapore, provided that Heartstream will be entitled to start legal proceedings against the Customer in any other court of competent jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.
20. Product specific terms
Product specific schedules are incorporated herein as they apply to the Products listed in the quotation and their additional terms shall apply solely to the Products specified therein. If any terms set forth in the Product specific schedules conflict with terms set forth in these Conditions of Sale, the terms set forth in the Product specific schedule shall take precedence.
21. Privacy and data protection
21.1. Where Heartstream independently processes personal data originating from the Customer (such as personal data relating to Customer’s personnel or other natural persons processed to manage the commercial relationship with the Customer and/or to comply with applicable laws), Heartstream will process such personal data in accordance with Heartstream’s prevailing Privacy Notice.
21.2. Customer acknowledges and agrees that Heartstream will process information related to the safety and performance of the Products such as log files or device parameters in order to provide the Products and related services and, where strictly necessary, to enable its compliance with and performance of its task as manufacturer of (medical) devices under the applicable regulations and standards (including but not limited to the performance of vigilance, post market surveillance, and clinical evaluation related activities).
21.3. Where Heartstream – for the provision of the Products – processes personal data on behalf and under the instructions of the Customer (such as personal data relating to Customer’s patients or other natural persons) the data processing addendum (DPA) incorporated in Annex 1 of these Conditions of Sale applies.
ANNEX 1 TO THE CONDITIONS OF SALE
Data Processing Addendum
1. This data processing addendum (“DPA”) is agreed between Heartstream and the Customer. This DPA forms part of the Conditions of Sale between Heartstream and the Customer for the provision of the Products. Customer enters into the DPA on behalf of itself and, to the extent required under Applicable Data Protection Law, in the name and on behalf of its Affiliates.
2. This DPA applies when Customer Data is Processed by Heartstream for the provision of the Products and related services. Parties acknowledge and agree that with regards to the Processing of Customer Data, Heartstream will act as Processor for the Customer, who acts as Controller (or Processor). If Customer is a Processor, Customer warrants that its instructions and actions with respect to the Customer Data have been authorized by the Original Controller.
3. The subject-matter of the Processing of Customer Data is the provision of the Products, as described in the Conditions of Sales. The nature of the Processing of Customer Data includes: hosting of Personal Data (e.g. cloud offerings); and/or administration, management, installation, configuration, migration, maintenance and support or any other Products and related services requiring processing (e.g. remote access to) of Customer Data stored in the cloud or on Customer’s IT systems (e.g. service offerings).
4. The purpose of the data processing under this DPA is the provision of the Products initiated by Customer or the Original Controller from time to time.
5. The categories of Individuals whose Personal Data will be subject to Processing include any individuals whose Personal Data is provided by Customer or its Original Controllers to Heartstream via the Products or for the provision of the Products, such as patients or Customer’s personnel, suppliers, business partners, and end-users.
6. The categories of Customer Data Processed/transferred may include any Personal Data provided to Heartstream for the provision of the Products such as: contact and user information, such as name and email address; system log-files containing Personal Data; health-related data; other application specific Personal Data which users enter into the Products.
7. As between Heartstream and Customer, the duration of the data processing under this DPA is determined by the Customer. Subject to the termination clause of this DPA, Heartstream will Process Customer Data for the duration of the Conditions of Sale, unless otherwise agreed upon in writing. Further information on the processing of Customer Data may be provided to Customer, upon request.
8. Customer shall Process Customer Data in compliance with Applicable Data Protection Law, including when acquiring Customer Data and when instructing Heartstream to Process Customer Data.
9. Heartstream will Process Customer Data only: (i) on behalf and for the benefit of Customer; (ii) in accordance with the instructions of the Customer as documented in this DPA; (iii) for the provision of the Products; and (iv) to the extent required by the Applicable Data Protection Law that Heartstream is subject to. The parties agree that this DPA and the Conditions of Sales (including Customer providing instructions via the relevant tools used to operate the Products) constitute Customer’s documented instructions regarding Heartstream’s processing of Customer Data. Any additional or alternative instructions on the Processing of Customer Data must be agreed in writing between the Parties. Taking into account the nature of the processing, Customer agrees that it is unlikely that Heartstream can form an opinion on whether Customer’s documented instructions regarding Heartstream’s processing of Customer Data infringe Applicable Data Protection Law. If Heartstream forms such an opinion, it will immediately inform Customer, in which case, Customer is entitled to withdraw or modify its instructions.
10. Heartstream will ensure that its employees and any other person authorized to Process Customer Data: (i) are informed of the confidential nature of the Customer Data; (ii) will have access to Customer Data only to the extent necessary to provide the Products; and (iii) have committed themselves to relevant contractual obligations regarding confidentiality, data protection and security.
11. Heartstream shall maintain appropriate technical and organizational measures to safeguard security (including protection against unauthorized or unlawful Processing and Personal Data Breaches), confidentiality and integrity of Customer Data, as set forth in the relevant security documentation provided by Heartstream in relation to the Products or as otherwise agreed between the Parties.
12. Heartstream shall notify Customer, without undue delay, after becoming aware of a Personal Data Breach. Such notification may be delivered to one or more of Customer’s representatives by any means Heartstream selects, including via email. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay. In any case, Heartstream shall (i) reasonably assist the Customer in ensuring compliance with its Personal Data Breach obligations pursuant to Applicable Data Protection Law, and (ii) initiate respective and reasonable remedy measures. Customer agrees that unsuccessful security incidents that results in no destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data or to any of Heartstream’s equipment or facilities storing Customer Data, will not be subject to this Personal data breach clause.
13. Taking into account the nature of the processing and the information available to Heartstream, Heartstream shall take reasonable steps to assist Customer with appropriate technical and organizational measures, insofar as reasonably possible, in the fulfilment of Customer’s obligation to respond to requests from an Individual to exercise the privacy and data protection rights as set forth by the Applicable data Protection Law.
14. Heartstream shall make available to Customer all information necessary to demonstrate compliance with its obligations under Applicable Data Protection Law. Provided that an audit right is required by Applicable Data Protection Law, Customer shall have the right to audit, by appropriate means and in accordance with this clause, Heartstream’ compliance with the data protection obligations included in this DPA, unless additional audits are necessary under Applicable Data Protection Law. Such audits shall be limited to Customer Data and data processing systems that are relevant for the provision of the Products provided to Customer. Heartstream may provide to Customer a certification or report issued by a qualified independent third-party assessor that Heartstream’ business processes and procedures involving the Processing of Customer Data comply with this DPA. Customer agrees that these certification or reports shall first be used to address Customer’s audit rights under these DPA. If required under Applicable Data Protection Law, and at Customer’s costs, Heartstream will allow for additional audits, including onsite audits at Heartstream facilities used for the processing of Customer Data, by Customer or an independent, accredited third party audit firm provided they have executed a written confidentiality agreement acceptable to Heartstream. Audits shall be conducted no more than once per year, during regular business hours and with minimal disruption to Heartstream’ business and shall be subject to 6 weeks prior notice to Heartstream.
15. Customer hereby grants to Heartstream its authorization for Heartstream’s authorized sub-processors (“Sub-Processors”) to Process Customer Data. In addition, Customer grants Heartstream a general authorization to engage other Sub-processors. This authorization constitutes Customer’s prior written consent to the outsourcing of the Processing of Customer Data by Heartstream subject to such outsourcing meeting the requirements in the below clause “Objection to Sub-processors”. Heartstream may remove or add new Sub-processors at any time as long as the requirements in the clause “Objection to Sub-processors” are met.
16. If required under Applicable Data Protection Law, Heartstream shall inform Customer of any changes to the Sub-Processors listed on the URL specified in the above clause (“Consent to Sub-Processors’ engagement”). Customer may object to Heartstream’ use of a new Sub-Processor in case of reasonable and substantiated concerns regarding the protection of Customer Data, by notifying Heartstream in writing within ten (10) business days after Heartstream’s notification to Customer. If Customer does not inform Heartstream of any objections within the stipulated period, the new Sub-Processor will be deemed accepted by Customer. If Customer objects to a new Sub-Processor, Heartstream will undertake reasonable efforts to find a mutually acceptable solution and if not found within sixty (60) days, Customer may terminate the Conditions of Sales for those Products that cannot be provided without the use of the objected-to new Sub-Processor. This termination right is Customer’s sole and exclusive remedy if Customer objects to any Sub-Processor. If Customer does not terminate the affected Products, this shall be taken as an approval of the Sub-Processor by Customer.
17. When Heartstream engages a new Sub-Processor, Heartstream: (a) shall enter into a written agreement with each Sub-Processor containing data protection obligations not less protective than those in this DPA; and (b) subject to the terms set forth in the Conditions of Sales, shall be liable for the acts and omissions of its Sub-Processors regarding the Processing of Customer Data to the same extent Heartstream would be liable when performing the services of each Sub-Processor itself under the terms of this DPA.
18. Without prejudice to any applicable data restrictions specified in the Conditions of Sales and in the DPA, Customer instructs Heartstream to process Customer Data in any country in which Heartstream or its Sub-Processors maintain facilities, as necessary to provide the Products and related services.
19. Heartstream will not disclose Customer Data to any third party except where such disclosure is necessary to: (i) provide the Products; (ii) comply with the law; or (iii) comply with a valid and binding order of a governmental body or court (such as a subpoena or court order). If Heartstream receives an order from a governmental for disclosure of Customer Data, Heartstream will use every reasonable effort to redirect the governmental body to request data directly from the Customer. If compelled to disclose Customer Data to a governmental body, Heartstream will notify the Customer, unless prohibited under appliable law, and, if prohibited from notifying the Customer, Heartstream will use all reasonable lawful efforts to challenge the order for disclosure on the basis of any legal deficiencies under any appliable laws.
20. The DPA shall have the same term as the Conditions of Sales. Unless differently agreed in writing by the Parties and unless Heartstream is required by applicable law to retain certain data, upon termination of the provision of the relevant Products and related services, Customer instructs Heartstream to delete or anonymize Customer Data.
10. Definitions
For the purposes of the DPA, the following terms are defined:
Affiliate: means (in relation to either Party) any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
Applicable Data Protection Law: means all applicable law pertaining to the Processing of Personal Data hereunder.
Customer Data: means Personal Data provided to Heartstream by the Customer or any Original Controller and Processed by Heartstream on behalf and under the instruction of Customer for the provision of the Products.
Controller: means the legal entity or natural person which alone or jointly with others determines the purposes and means of Processing of Personal Data.
Customer: means the customer’s entity that executed the Conditions of Sales together with its Affiliates (for so long as they remain Affiliates) which have signed order forms.
Heartstream: means the Heartstream Affiliate that executed the Conditions of Sales.
Individual: means any natural person whose Personal Data are Processed by Heartstream on behalf and under the instructions of Customer.
Original Controller: means any third party (such as an Affiliate of the Customer) acting as Controller which is entitled to use or receive Products under the terms of the Conditions of Sales.
Personal Data Breach: means a breach of Heartstream’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to use, Processing of, or access to Customer Data.
Processing: means any operation or set of operations performed on Personal Data, whether or not by automated means, including but not limited to, collecting, viewing, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process” and “Processed” are to be construed accordingly.
Products: means the relevant Heartstream Products and related services (as identified in the Product specific schedules) purchased by the Customer under the Conditions of sale and provided by Heartstream acting in its role as Processor.
Processor: means the legal entity or natural person which Processes Personal Data on behalf and under the instructions of a Controller.
Sub-Processor: means any further Processor engaged by Heartstream to Process Customer Data.
Schedule 1
Heartstream Capital Portfolio
| Product Category | Products |
| Emergency Care & Resuscitation (ECR) | AEDs |
| ALS Monitor/Defibrillators | |
| Tempus LS | Tempus Pro Monitor |
| Tempus LS Defibrillator |
1. Delivery
1.1. Acceptance by Customer occurs upon delivery. Heartstream will make reasonable efforts to meet Customer’s delivery requirements. If Heartstream is unable to meet Customer’s delivery requirements, alternative arrangements may be mutually agreed. If the Customer requests a major delay in the date of delivery of the product, Philips may attempt to arrange re-delivery within a reasonable time or may terminate the order.
2. Installation
2.1. Deployment and installation are Customer’s responsibility.
3. Operating Software License
3.1. Purchase of a hardware product includes a license to use the software contained therein, which may not be reverse engineered, decompiled, altered or transferred. Customer agrees that it will not attempt to defeat any copy protection mechanism.
Schedule 2
Heartstream Consumables Portfolio
| Product Category | ProductsConsumables(non-serialized) |
| Emergency Care and Resuscitation | AED Consumables |
| ALS Consumables |
1. Shipping/Orders
1.1. Heartstream may charge a shipping fee for Consumables.
2. Return Policy
2.1. If there is a problem with an order, Heartstream wants to correct it as soon as possible. Please note the following instructions before returning merchandise to Heartstream.
2.1.1. The Customer Services Department of Heartstream must authorize all returns of Consumables. Customer shall pay all shipping charges for returns, unless due to Heartstream error.
2.1.2. Returns after ninety (90) days of shipment shall be subject to a restocking charge.
2.1.3. Heartstream does not accept returns of Consumables that have been opened, are expired or damaged.
GENERAL CUSTOMER SERVICE TERMS AND CONDITIONS
1. Services. The services included in the quotation (the “Quotation”) will be provided by the Heartstream Entity entering into this customer service agreement with Customer as identified in the Quotation (“Heartstream”) and these services will be referred to as the “Services”. Heartstream will provide the Services to Customer on the equipment and software listed in the Quotation (the “Equipment”) that is at the location in the Quotation (the “Site”), and certain Service entitlements will be provided for the exclusive benefit of the Site, under the terms and conditions described herein, including the Quotation, any Exhibits and attachments, each of which are hereby incorporated (collectively the “Agreement”).
2. Access to Equipment. Customer shall make the Equipment available to Heartstream at a mutually agreed date and time. If the Equipment is not available at the agreed time, Heartstream or Customer may attempt to reschedule the Service or cancel the Service. Heartstream may charge Customer at the prevailing demand service rates for all time spent by Heartstream service personnel waiting for access to the Equipment.
3. Price. In consideration of the Services to be performed by Heartstream, Customer shall pay the prices as defined in the Quotation (the “Contract Price”).
3.1. The Contract Price is a gross amount but exclusive of any value added tax (VAT), sales tax, GST, consumption tax or any other similar tax only. If the transactions as described in the Agreement are subject to any applicable VAT, sales tax, consumption tax or any other similar tax, Heartstream will charge VAT, sales tax, consumption tax or any other similar tax to Customer, which will be paid by Customer in addition to the Contract Price.
3.2. Heartstream may increase Contract Prices and/or net pricing, during the term of the Agreement, in accordance with the Consumer Price Index published by the relevant government agency in the country where Customer is located. Heartstream shall give written notice together with the Invoice with adjusted Contract Prices and/or net pricing. Such adjustment shall not be retroactive and cannot start before the first year of the contract.
3.3. Customer shall notify Heartstream and Heartstream may change the Contract Price if:
3.3.1. the location of the Equipment is changed
3.3.2. any ambient conditions of operation (e.g. installation or de-installation of air-conditioning system) of the Equipment at the location are changed;
3.3.3. any additional equipment is acquired by the Customer which should be added to the inventory list of Equipment;
3.3.4. the Equipment is (partly) removed or taken out of service by Customer; and/or
3.3.5. the incoming main power supply and protective earth configuration is changed, becomes unreliable, or is no longer in accordance with the Equipment specifications.
4. Payment. Unless specifically agreed otherwise in the Quotation, Heartstream shall invoice Customer quarterly, with an invoice 30 days in advance of the quarter. Customer shall pay the Contract Price to Heartstream within 30 days from the date of invoice in accordance with the instructions on the invoice. Where any other amount is payable to Heartstream pursuant to this Agreement, Heartstream may invoice such amount when it becomes due.
4.1. Customer shall make any payments under this Agreement without any set-off, withholdings or any other deductions.
4.2. Any delay in payments will incur legal interest immediately as from the due date at the maximum rate permitted by applicable law.
4.3. If Customer fails to pay any amount when due, Heartstream may, in addition to other rights it may have under this Service Agreement or by law, at its option:
4.3.1. withhold or suspend performance under the Service Agreement until all payments by Customer have been received by Heartstream;
4.3.2. deduct the unpaid amount from any amounts otherwise owed to Customer under any agreement by Heartstream or any of Heartstream’s Affiliates (meaning any entity that directly or indirectly controls, is controlled by, or is under common control with Heartstream (“control” means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity);
4.3.3. declare all sums outstanding to become immediately due and payable under the Agreement;
4.3.4. commence collection activities for all sums due or to become due hereunder, including costs and expenses of collection, and reasonable attorney’s fees; and/or;
4.3.5. terminate this Agreement with 10 days’ written notice to Customer.
4.4. If Customer has contracted with a third party service management organization, asset management company, maintenance management company, technology management company, maintenance insurance organization or the like (”Third Party Organization”) for purposes of centralized billing and management of Services provided to Customer, at Customer’s written request, Heartstream will route invoices for payment of Services rendered by Heartstream to such Third Party Organization and accept payment from them on Customer’s behalf. Notwithstanding the above, the Services provided by Heartstream are subject solely to the terms and conditions set forth in this Agreement. Customer guarantees the payment of all monies due or that may become due under this Agreement in spite of any collateral arrangements Customer may have with such Third-Party Organization or any payments Customer has made to the Third-Party Organization. Heartstream has no contractual relationship for the Services rendered to Customer except as set forth herein. To the extent that the parts and Services Heartstream provides are not covered by Customer’s arrangement with such Third-Party Organization, Customer shall promptly pay for such parts and Services on demand.
5. Exclusions. The Services do not include, unless specifically agreed otherwise in the Quotation:
5.1. servicing or replacing components of equipment other than those Equipment or components listed in the Quotation that are at the Site;
5.2. servicing Equipment if contaminated with blood or other potentially infectious substances, disposing of hazardous, infectious, or biomedical waste or material;
5.3. service specifically excluded in the Quotation;
5.4. any service necessary due to: (i) a design, specification or instruction provided by Customer or Customer representative; (ii) the failure of anyone to comply with Heartstream’s written instructions or recommendations; (iii) any combining of the Equipment with other manufacturers product or software other than those recommended by Heartstream; (iv) any alteration or improper storage, handling, use or maintenance of the Equipment, including any components, e.g. detectors, transducer, coils, by anyone other than Heartstream’s subcontractor or Heartstream; (v) damage caused by an external source, regardless of nature; (vi) any removal or relocation of the Equipment; or (vii) neglect or misuse of, or accident with the Equipment, including any components, e.g. detectors, transducer, coils;
5.5. any cost of materials, supplies, parts, or labor supplied by any party other than Heartstream or Heartstream’s subcontractors, or explicitly excluded in the Quotation;
5.6. providing or paying the cost of any rigging, facility, structural alteration, or accessory incident;
5.7. the cost of consumables, accessories and auxiliaries, including but not limited to: batteries of any type, light bulbs, power cords/AC adapters, EKG cables, SPO2 sensors, BP hose/cuff, temperature probes, extension/trunk/adapter cables, defibrillator cables/paddles/test plugs, patient pads, and any item that hangs off of or, plugs into, a device, unless specifically included in the Agreement;
5.8. cosmetic repairs;
5.9. the cost of factory reconditioning or rebuilds;
5.10. providing any updates or upgrades other than field safety corrective actions (i.e. safety related updates); and
5.11. maintenance or repair, including the cost thereof, of third-party, non-Heartstream branded products, unless specified otherwise in this Agreement;
5.12. maintenance or repair, including the cost thereof, required due to any computer viruses, Trojan horse, worms, back doors, time bombs, drop dead device, or other computer programming code or routines that are designed to or that disable, damage, impair, detrimentally interfere with, surreptitiously intercept or expropriate any system, computer hard- or software, data, information or telecommunications equipment or to permit unauthorized access;
5.13. third party software related installation, configuration, updates or issues.
6. Customer Responsibilities.
6.1. During the term of this Agreement, Customer shall:
6.1.1. comply with all applicable laws, rules, and regulations; the Customer’s obligations do not depend on any other obligations it may have under any other agreement or arrangement with Heartstream;
6.1.2. ensure that the Site is maintained in a clean and sanitary condition; and that the Equipment, product and/or part is decontaminated prior to service, shipping or trade-in as per the instructions in the user manuals;
6.1.3. ensure the proper removal and disposal of any hazardous material;
6.1.4. maintain operating environment within Heartstream specifications for the Site (including temperature and humidity control, incoming power quality, and fire protection system);
6.1.5. use the Equipment in accordance with the published manufacturer’s operating instructions in accordance with manufacturer’s security and privacy handbook;
6.1.6. make normal operator adjustments to the Equipment as specified in the published manufacturer’s operating instructions;
6.1.7. provide Heartstream with broadband internet Wi-Fi access for business purposes;
6.2. If Heartstream issues a field safety notice, notification, initiates a recall or other field safety action, Customer shall fully cooperate with Heartstream in the execution of such event, including but not limited to:
6.2.1. taking all action(s) listed in the notification;
6.2.2. sending the notification it receives from Heartstream to all who need to be aware of it within the organization, as well as to other organizations to which the system has been transferred; and
6.2.3. providing Heartstream with details of any affected systems that have been transferred to other organizations (if any).
7. Warranty Disclaimer. Heartstream’s sole service obligations to Customer are described in this Agreement. All labor, including technical support shall be performed in a good and workmanlike manner, subject to applicable service terms of sale, including any exclusions. Heartstream provides no additional warranties under this Agreement. All service and parts to support service under this Agreement are provided “as is”. Heartstream specifically disclaims all other express or implied warranties including, without limitation, all warranties of merchantability and fitness for a particular purpose.
8. Limitations of Liability
8.1. Heartstream’s, Heartstream’s Affiliates’ and Heartstream’s subcontractors’ total liability, if any, and Customer’s exclusive remedy with respect to the Services or Heartstream’s performance of the Services or otherwise in connection with the Agreement is limited to an amount not to exceed the aggregate amount of fees paid by Customer to Heartstream under this Agreement in the twelve (12) months preceding the event that gives rise to claim for the Service that is the basis for the claim. This limitation shall not apply to third party claims for bodily injury or death caused by Heartstream’s gross negligence or willful misconduct.
8.2. In no event shall Heartstream or its Affiliates or subcontractors be liable for any indirect, punitive, incidental, consequential, or special damages, including without limitation, lost revenues or profits, business interruption, loss of data, or the cost of substitute products or services whether arising from breach of contract, breach of warranty, negligence, indemnity, strict liability or other tort.
8.3. Heartstream, its Affiliates and subcontractors will have no liability for any assistance Heartstream provides that is not required under this Agreement.
8.4. Heartstream, its Affiliates and subcontractors will have no liability for any loss of or inability to use medical or other data stored in goods, including (embedded) software or on other magnetic media, and neither Heartstream nor Heartstream’s representatives shall be responsible for reloading data in such event.
8.5. Heartstream, its Affiliates and subcontractors, shall not be liable for any claim for intellectual property infringement arising from the services provided under this Agreement. In executing the services under this Agreement, Heartstream may use or implement software or hardware updates, modifications or changes. Any intellectual property indemnification associated with any such updates, modifications or changes shall be solely provided under the terms of purchase, if one exists and is applicable, and nothing in this Agreement shall be construed to modify, update, add, replace, or supplement any such intellectual property indemnification.
8.6 The foregoing limitations of liability shall apply notwithstanding anything contained to the contrary in this Agreement.
9. Expected Service Life. Heartstream follows strict procedures managing the lifecycle of its products. Such procedures define a minimum period, per equipment, during which phase Heartstream makes Services available as described in this Agreement. This period for the Equipment(s) under this Agreement is indicated in the Quotation. During or after such period, Heartstream may determine that its ability to provide the Service is hindered due to unavailability of parts, trained personnel or outdated technology; or that the Equipment can no longer be maintained in a safe and effective manner as determined by Heartstream. Heartstream will timely and proactively notify or make notification available to Customer electronically about the approaching of such dates. Customer hereby acknowledges that upon such notices, Heartstream may without liability for doing so terminate this Agreement (or part thereof), remove such Equipment from the inventory list, and adjust the coverage of the Agreement. In such event Heartstream’s sole obligation shall be to provide Customer with a refund of any Customer pre-payments for periods and parts of Service not yet rendered, unless the Parties agree to replace such Equipment on the inventory list of Equipment with another equipment purchased by Customer from Heartstream either as a new product or via an upgrade program offered by Heartstream to the Equipment; or modify the terms of this Agreement with regard to the Service provided on the Equipment. Such agreement of the Parties will be signed in writing and incorporated into this Agreement.
10. Adulterated Systems. If Heartstream determines that the Equipment has been modified or adulterated in a manner not explicitly specified in the documentation accompanying the Equipment, including without limitation by including a part, component, or device not specified as compatible (an “Adulterated System”), and such modification or adulteration hinders Heartstream’s ability to provide the Service or maintain the Equipment in a safe or effective manner, then Heartstream will promptly notify Customer of such Adulterated System. Following receipt of such notice, if Customer does not permit Heartstream (at Customer’s cost) to remediate the Adulterated System, then Heartstream may remove the Adulterated System from the Quotation, adjust the Services under this Agreement, and provide Customer with a refund of any Customer pre-payments for periods of Service not yet rendered or parts not yet rendered or parts not yet provided.
11. Proprietary Service Materials. In connection with the Services, Heartstream may deliver or transmit to the Site certain proprietary service materials (including software, hardware, tools and written documentation) that have not been purchased by or licensed to Customer. The presence of this property within the Site will not give Customer any right or title to this property or any license or other right to access, use or decompile this property. Customer hereby consents to this delivery, storage, attachment, installation and use of such proprietary service materials, and consents to the presence of a Heartstream’s locked cabinet or box at the Site for storage of this property, and to Heartstream’s removal of all or any part of this property at any time, all without charge to Heartstream. Customer agrees to return any service tools that are no longer required on-site to Heartstream and to take responsibility for exportation, duties, fees and transport cost, all in accordance with Heartstream’s instructions. Failure to do this entitles Heartstream to invoice Customer for the value of the respective tool. Customer will protect this property against damage or loss and to prevent any access to or use of this property by any unauthorized party and Customer will be liable for any violation thereof. Customer shall immediately report to Heartstream any violation of this provision.
12. Confidentiality. Each party will maintain as confidential any information furnished or disclosed to one party by the other party, whether disclosed in writing or disclosed orally, relating to the business of the disclosing party, its customers, or its patients, and this Agreement and its terms, including its pricing terms. Each party will use the same degree of care to protect the confidentiality of the disclosed information as that party uses to protect the confidentiality of its own information, but not less than reasonable care. Each party will use the disclosed information solely for the purposes of this Agreement and exercising its rights thereunder and will disclose such information only to its employees and in the case of Heartstream its Affiliates and subcontractors having a need to know such information to perform the transactions contemplated by this Agreement. The obligation to maintain the confidentiality of such information will not extend to information in the public domain at the time of disclosure, or to information that is required to be disclosed by law or by court order and will expire five years after the Agreement terminates or expires. If a party is required by law or court order to disclose the other party’s confidential information, it shall first inform the other party of the request or requirement for disclosure to allow an opportunity for the other party to apply for an order to prohibit or restrict such disclosure. The party receiving the other party’s confidential information agrees and acknowledges that any breach or threatened breach of these obligations of confidentiality will result in irreparable harm to the disclosing party for which there will be no adequate remedy at law. In addition to any other remedies, in such event the disclosing party shall be entitled to seek an injunction to prevent any further breach of this Agreement by the receiving party.
13. Privacy and Data Protection.
13.1. Each party will comply with applicable data protection laws governing the protection of personal data in relation to their respective obligations under this Agreement.
13.2. Where Heartstream independently processes personal data originating from the Customer (such as personal data relating to Customer’s personnel or other natural persons processed to manage the commercial relationship with the Customer and/or to comply with applicable laws), Heartstream will process such personal data in accordance with the Heartstream Privacy Notice, a copy of which will be provided upon request.
13.3. Subject to Section 13.5, Heartstream – for the provision of the Services – processes personal data on behalf and under the instructions of the Customer (such as personal data relating to Customer’s patients or other natural persons processed to provide the Services), the data processing addendum (DPA) incorporated in Exhibit 2 of this Agreement applies.
13.4. Customer acknowledges and agrees that Heartstream will process information related to the safety and performance of the Products such as log files or device parameters in order to provide the Services where strictly necessary, to enable its compliance with and performance of its task as manufacturer of (medical) devices under the applicable regulations and standards (including but not limited to the performance of vigilance, post market surveillance and clinical evaluation related activities).
13.5. If Parties have separately agreed on a data processing agreement that covers the provision of the relevant Services, such data processing agreement shall apply and the data processing addendum incorporated in Annex 2 of this Agreement will not apply. If Parties have not separately agreed on a data processing agreement that covers the provision of the relevant Services, the data processing addendum (DPA) incorporated in Annex 2 of this Agreement applies.
14. Use of Non-Personal Data. Customer agrees that Heartstream and/or its Affiliates may use any data other than personal data generated by the Equipment and/or otherwise provided by Customer to Heartstream for Heartstream’s own legitimate business purposes including but not limited to, for data analytics activities to determine trends of usage and advise on the use of Heartstream products and Services, for research, product and service development and improvement (including the development of new offerings), substantiation of marketing claims and for benchmarking purposes.
15. Export Control. Customer understands that certain transactions of Heartstream are subject to export control and sanctions laws and regulations, including but not limited to those of the UN, EU or US (“Export Regulations”) which prohibit export, re-export, transfer or diversion of certain products, technology, software and services to certain countries, entities and/or persons. The provision of Services may be subject to the granting of governmental export licenses. If such licenses or an end-user statement are required, Heartstream will contact Customer immediately and Customer shall provide Heartstream with such documents on first request. Heartstream may suspend its obligation to fulfil any order or subsequent Service if the delivery is restricted under Export Regulations or an export/import license is not granted by relevant authorities. In case of such suspension Heartstream will not incur any liability towards Customer other than reimbursing any amounts received for Services not yet rendered in compliance with Export Regulations. Customer warrants that it complies with relevant Export Regulations to ensure that replacement and replaced parts are not used for any purposes prohibited by Export Regulations. Customer warrants that replacement and replaced parts must not be resold, transferred, or otherwise disposed of, to any country, to any person or entity, if required, without first obtaining approval from relevant government authorities defined by Export Regulations and/or set forth in export license. Customer shall inform Heartstream in writing of any resale or (re-) export of replacement and replaced parts in order to comply with Export Regulations and any other legal responsibilities governing the sale of replacement and replaced parts, including but not limited to, requirements on end-user/end-use controls and traceability of replacement and replaced parts, that may apply to Heartstream. Heartstream, its Affiliates and subcontractors shall be indemnified and held harmless for any damages that may be asserted against or incurred by Heartstream as a result of Customer’s breach of this Section.
16. Subcontracts and Assignments. Heartstream may subcontract to service contractors of Heartstream’s choice any of Heartstream’s service obligations to Customer or other activities performed by Heartstream under this Agreement. No such subcontract will release Heartstream from those obligations to Customer. Customer may not assign this Agreement or the responsibility for payments due under it without Heartstream’s prior express written consent, which will not be unreasonably withheld.
17. Term and Termination.
17.1. The term of this Agreement is set forth in the Quotation and shall -unless to the extent in violation of applicable law- automatically renew for subsequent one-year periods (i) unless a Party notifies the other Party at least 30 days prior to the end of the term or (ii) as provided in this Agreement.
17.2. Either Party may terminate this Agreement upon written notice if the other Party becomes or is deemed to be insolvent, discontinues business, is unable to pay its debts, is the subject of bankruptcy proceedings, enters into liquidation whether compulsory or voluntarily or has a receiver or administrator appointed over all or any part of its assets, enters into any arrangement or agreement, or assignment with, or for the benefit of its creditors or any of them, or if the other Party takes or suffers any similar action in consequence of debt or insolvency in any jurisdiction. If the Customer becomes insolvent, unable to pay its debts as they fall due, files for bankruptcy or is subject to it, has appointed a recipient, is subject to late fee on payments (temporary or permanent), or has its assets assigned or frozen, Heartstream may cancel any unfulfilled obligations or suspend its performance; provided that, however, the Customer’s financial obligations to Heartstream shall remain in full force and effect.
17.3. Customer may terminate this Agreement, wholly or partially, upon 60 days written notice to Heartstream:
17.3.1. representing that any of the Equipment is being permanently removed from the Site and is not being used in any other Customer site, or
17.3.2. specifically describing a material breach or default of this Agreement by Heartstream, provided however that Heartstream may avoid such termination by curing the condition of breach or default within such 60 days’ notice period.
17.4. Heartstream may terminate this Agreement, wholly or partially:
17.4.1. if Customer defaults in the performance of any of its obligations under this Agreement, and fails to remedy the same within sixty (60) days of a written notice;
17.4.2. as described in Section 4 (Payment) and Section 9 (Expected Service Life).
18. Independent Contractor. Heartstream is Customer’s independent contractor. Nothing in this Agreement shall be construed to designate Heartstream or Heartstream’s employees or Heartstream’s subcontractor or any of its employees as Customer employees, agents or partners. Heartstream’s employees and Heartstream subcontractors are under Heartstream’s exclusive direction and control. Heartstream has no liability or responsibility for and does not warrant customer’s or customer’s employees’ or other representatives’ acts or omissions related to any Services that are performed by Customer’s employees or representatives under this Agreement.
19. Force Majeure. Each party shall not be liable in respect of the non-performance of any of its obligations to the extent such performance is prevented by any circumstances beyond its reasonable control, including, but not limited to, acts of God, war, civil war, insurrection, fire, flood, labor disputes, epidemics, pandemic, cyber-attack, act of terrorism, governmental regulations and/or similar acts, embargoes, export control sanctions or restrictions, Heartstream’s unavailability regarding any required permits, licenses and/or authorizations, default or force majeure of suppliers or subcontractors. If force majeure prevents Heartstream from performing any obligation arising out of the sale, Heartstream shall not be liable to the Customer for any compensation, reimbursement, or damages.
20. Survival, Waiver, Severability. Customer’s obligation to pay any money due to Heartstream under this Agreement survives expiration or termination of this Agreement. All of Heartstream’s rights, privileges, and remedies with respect to this Agreement will continue in full force and effect after the end of this Agreement. A party’s failure to enforce any provision of this Agreement is not a waiver of that provision or of such party’s right to later enforce each and every provision. If any part of this Agreement is found to be invalid, the remaining part will be effective.
21. Notices. Notices or other communications shall be given in writing and shall be deemed effective if they are delivered in person or if they are sent by courier or mail to the relevant party.
22. Governing Law and Dispute Resolution. This Agreement shall be governed by and is construed in accordance with the laws of the country where Customer is located, without regard to the principles of choice of law. The competent court of country where Customer is located shall have exclusive jurisdiction in case of any dispute between the Parties in connection with this Agreement. Notwithstanding the foregoing, Heartstream is entitled to start local legal proceedings to recover overdue payments, to seek interim relief, and/or to request interim conservatory measures to be taken to secure its interests under this Agreement.
23. Entire Agreement. This Agreement, including all applicable Exhibits as specified in the Quotation, constitutes the entire understanding of the Parties and supersedes all other agreements, written or oral, regarding its subject matter. No additional terms, conditions, consent, waiver, alteration, or modification will be binding unless in writing and signed by Heartstream’s authorized representative and Customer. Additional or different terms and conditions, whether stated in a purchase order or other document issued by Customer, are expressly rejected and will not apply to the transactions contemplated by this Agreement. No prior proposals, statements, course of dealing, course of performance, usage of trade or industry standard will be part of this Agreement. The Quotation and the service specific Exhibits listed on the face of this Agreement, and any associated attachments, are incorporated herein as they apply to the Services listed on the Quotation and their additional terms shall apply solely to Customer’s purchase of the services specified therein. If any terms set forth in an Exhibit conflict with terms set forth in these “General Customer Service Terms and Conditions”, the terms set forth in the other Exhibits shall govern with the exception of Section 8 hereof. If any terms set forth in this “General Customer Service Terms and Conditions” or an Exhibit conflict with terms set forth in the Quotation, the terms set forth in the Quotation shall govern.
24. Amendment. Save and except for items where Heartstream has retained the right to unilaterally amend the terms of this Agreement, this Agreement may not be amended except by written instrument signed by both Parties.
25. Authority to Execute. The Parties acknowledge that they have read the terms and conditions of this Agreement, that they know and understand the same, and that they have the express authority to execute this Agreement. This Agreement may be executed in one or more counterpart copies, each of equal validity, that together constitute one and the same instrument. Any photocopy of this Agreement or any such counterpart is deemed the equivalent of an original and any such copy constitute evidence of the existence of this Agreement.
ANNEX – DATA PROCESSING ADDENDUM
1. Scope and roles of the Parties.
1.1. Scope: This data processing addendum (“DPA”) applies when Personal Data are provided to Heartstream and Processed by Heartstream on behalf and by instruction of Customer for the provision of the Services (“Customer Data”). This DPA is governed by the terms of the Agreement between Heartstream and Customer (“Parties”). By signing this DPA, Customer enters into this DPA on behalf of itself and, to the extent required under mandatory laws and regulations of a country (“Applicable Laws”), in the name and on behalf of Customer’s Affiliates.
1.2. Roles of the Parties: Parties acknowledge and agree that with regard to the Processing of Customer Data, Heartstream will act as Processor for Customer, who acts as Controller (or Processor). If Customer is a Processor, Customer warrants that its instructions and actions with respect to the Customer Data have been authorized by the Original Controller.
2. Details of the processing.
2.1. Processing of Customer Data: The subject-matter of the Processing of Customer Data is the provision of the Heartstream Services, as described in the Agreement. The nature of the Processing of Customer Data includes hosting of Personal Data (e.g. cloud offerings); and/or administration, management, installation, configuration, migration, maintenance and support or any other Heartstream Services requiring processing (e.g. remote access to) of Customer Data stored in the cloud or on Customer’s IT systems (e.g. service offerings). The purpose of the data processing under this DPA is the provision of the Heartstream Services initiated by Customer from time to time. The categories of Individuals whose Personal Data will be subject to Processing include any individuals whose Personal Data is provided by Customer or its Original Controllers to Heartstream via the Heartstream Services or for the provision of the Heartstream Services, such as patients or Customer’s personnel, suppliers, business partners, and end-users. The categories of Customer Data Processed/transferred may include any Personal Data provided to Heartstream for the provision of Heartstream Services such as: contact and user information, such as name and email address; system log-files containing Personal Data; health-related data; other application specific Personal Data which users enter into the Heartstream Services. As between Heartstream and Customer, the duration of the data processing under this DPA is determined by the Customer. Subject to the termination clause of this DPA, Heartstream will Process Customer Data for the duration of the Agreement, unless otherwise agreed upon in writing. Further information on the processing of Customer Data may be provided to Customer, upon request.
3. Obligations of Customer. Customer shall Process Customer Data in compliance with Applicable Data Protection Law, including when acquiring Customer Data and when instructing Heartstream to Process Customer Data.
4. Obligations of Heartstream.
4.1. Customer instructions: Heartstream will Process Customer Data only: (i) on behalf and for the benefit of Customer; (ii) in accordance with the instructions of the Customer as documented in this DPA; (iii) for the provision of the Heartstream Services; and (iv) to the extent required by the Applicable Data Protection Law that Heartstream is subject to. The Parties agree that this DPA and the Agreement (including Customer providing instructions via the relevant tools used to operate the Heartstream Services) constitute Customer’s documented instructions regarding Heartstream’s processing of Customer Data. Any additional or alternative instructions on the Processing of Customer Data must be agreed in writing between the Parties. Taking into account the nature of the processing, Customer agrees that it is unlikely that Heartstream can form an opinion on whether Customer’s documented instructions regarding Heartstream’s processing of Customer Data infringe Applicable Data Protection Law. If Heartstream forms such an opinion, it will immediately inform Customer, in which case, Customer is entitled to withdraw or modify its instructions.
4.2. Confidentiality obligations of Heartstream’s personnel: Heartstream will ensure that its employees and any other person authorized to Process Customer Data: (i) are informed of the confidential nature of the Customer Data; (ii) will have access to Customer Data only to the extent necessary to provide the Heartstream Services; and (iii) have committed themselves to relevant contractual obligations regarding confidentiality, data protection and security.
4.3. Security: Heartstream shall maintain appropriate technical and organizational measures to safeguard security (including protection against unauthorized or unlawful Processing and Personal Data Breaches), confidentiality and integrity of Customer Data, as set forth in the relevant security documentation provided by Heartstream in relation to the Heartstream Services or as otherwise agreed between the Parties.
4.4. Personal Data Breach: Heartstream shall notify Customer, without undue delay, after becoming aware of a Personal Data Breach. Such notification may be delivered to one or more of Customer’s representatives by any means Heartstream selects, including via email. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay. In any case, Heartstream shall (i) reasonably assist the Customer in ensuring compliance with its Personal Data Breach obligations pursuant to Applicable Data Protection Law, and (ii) initiate respective and reasonable remedy measures. Customer agrees that unsuccessful security incidents that results in no destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data or to any of Heartstream’s equipment or facilities storing Customer Data, will not be subject to this Personal data breach clause.
4.5. Individuals’ rights: Taking into account the nature of the processing and the information available to Heartstream, Heartstream shall take reasonable steps to assist Customer with appropriate technical and organizational measures, insofar as reasonably possible, in the fulfilment of Customer’s obligation to respond to requests from an Individual to exercise the privacy and data protection rights as set forth by the Applicable data Protection Law.
4.6. Cooperation and audit: Heartstream shall make available to Customer all information necessary to demonstrate compliance with its obligations under Applicable Data Protection Law. Provided that an audit right is required by Applicable Data Protection Law, Customer shall have the right to audit, by appropriate means and in accordance with this clause, Heartstream’s compliance with the data protection obligations included in this DPA, unless additional audits are necessary under Applicable Data Protection Law. Such audits shall be limited to Customer Data and data processing systems that are relevant for the provision of the Heartstream Services provided to Customer. Heartstream may provide to Customer a certification or report issued by a qualified independent third-party assessor that Heartstream’s business processes and procedures involving the Processing of Customer Data comply with this DPA. Customer agrees that these certification or reports shall first be used to address Customer’s audit rights under these DPA. If required under Applicable Data Protection Law, and at Customer’s costs, Heartstream will allow for additional audits, including onsite audits at Heartstream facilities used for the processing of Customer Data, by Customer or an independent, accredited third party audit firm provided they have executed a written confidentiality agreement acceptable to Heartstream. Audits shall be conducted no more than once per year, during regular business hours and with minimal disruption to Heartstream’s business and shall be subject to 6 weeks prior notice to Heartstream.
5. Sub-Processors.
5.1. Consent to Sub-Processors’ engagement: Customer hereby grants to Heartstream a specific authorization for those entities listed on its privacy notice (“Sub-Processors”) to Process Customer Data. In addition, Customer grants Heartstream a general authorization to engage other Sub-processors. This authorization constitutes Customer’s prior written consent to the outsourcing of the Processing of Customer Data by Heartstream subject to such outsourcing meeting the requirements in the below clause “Objection to Sub-processors”. Heartstream may remove or add new Sub-processors at any time as long as the requirements in the clause “Objection to Sub-processors” are met.
5.2. Objection to Sub-Processors: If required under Applicable Data Protection Law, Heartstream shall inform Customer of any changes to the Sub-Processors listed on the URL specified in the above clause (“Consent to Sub-Processors’ engagement”). Customer may object to Heartstream’s use of a new Sub-Processor in case of reasonable and substantiated concerns regarding the protection of Customer Data, by notifying Heartstream in writing within ten (10) business days after Heartstream’s notification to Customer. If Customer does not inform Heartstream of any objections within the stipulated period, the new Sub-Processor will be deemed accepted by Customer. If Customer objects to a new Sub-Processor, Heartstream will undertake reasonable efforts to find a mutually acceptable solution and if not found within sixty (60) days, Customer may terminate the Agreement for those Services that cannot be provided without the use of the objected-to new Sub-Processor. This termination right is Customer’s sole and exclusive remedy if Customer objects to any Sub-Processor. If Customer does not terminate the affected Heartstream Services, this shall be taken as an approval of the Sub-Processor by Customer.
5.3. Sub-Processor engagement requirements: When Heartstream engages a new Sub-Processor, Heartstream: (a) shall enter into a written agreement with each Sub-Processor containing data protection obligations not less protective than those in this DPA; and (b) subject to the terms set forth in the Agreement, shall be liable for the acts and omissions of its Sub-Processors regarding the Processing of Customer Data to the same extent Heartstream would be liable when performing the services of each Sub-Processor itself under the terms of this DPA.
6. Transfers of Customer Data. Without prejudice to any applicable data restrictions specified in the Agreement and in the DPA, Customer instructs Heartstream to process Customer Data in any country in which Heartstream or its Sub-Processors maintain facilities, as necessary to provide the Heartstream Services.
7. Confidentiality of Customer Data. Heartstream will not disclose Customer Data to any third party except where such disclosure is necessary to: (i) provide the Heartstream Services; (ii) comply with the law; or (iii) comply with a valid and binding order of a governmental body or court (such as a subpoena or court order). If Heartstream receives an order from a government for disclosure of Customer Data, Heartstream will use every reasonable effort to redirect the governmental body to request data directly from the Customer. If compelled to disclose Customer Data to a governmental body, Heartstream will notify the Customer, unless prohibited under appliable law, and, if prohibited from notifying the Customer, Heartstream will use all reasonable lawful efforts to challenge the order for disclosure on the basis of any legal deficiencies under any appliable laws.
8. Termination. The DPA shall have the same term as the Agreement. Unless differently agreed in writing by the Parties and unless Heartstream is required by applicable law to retain certain data, upon termination of the relevant Heartstream Services Heartstream shall delete Customer Data.
9. Definitions. For the purposes of the DPA, the following terms are defined (all other terms used in the DPA have the same meaning as in the Agreement):
Affiliate: means (in relation to either Party) any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
Applicable Data Protection Law: means all applicable law pertaining to the Processing of Personal Data hereunder.
Customer Data: means Personal Data provided to Heartstream by the Customer or any Original Controller and Processed by Heartstream on behalf and under the instruction of Customer for the provision of the Heartstream Services.
Controller: means the legal entity or natural person which alone or jointly with others determines the purposes and means of Processing of Personal Data.
Customer: means the customer’s entity that executed the Agreement together with its Affiliates (for so long as they remain Affiliates) which have signed order forms.
Heartstream: means the Heartstream Affiliate that executed the Agreement.
Individual: means any natural person whose Personal Data are Processed by Heartstream on behalf and under the instructions of Customer.
Original Controller: means any third party (such as an Affiliate of the Customer) acting as Controller which is entitled to use or receive Heartstream Services under the terms of the Agreement.
Personal Data: means any information relating to an identified or identifiable Individual.
Personal Data Breach: means a breach of Heartstream’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to use, Processing of, or access to Customer Data.
Processing: means any operation or set of operations performed on Personal Data, whether or not by automated means, including but not limited to, collecting, viewing, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process” and “Processed” are to be construed accordingly.
Heartstream Services: means the relevant services (such as cloud offering or service offering) purchased by the Customer under the Agreement and provided by Heartstream acting in its role as Processor. In the Agreement, Heartstream Services as defined herein may be referred to as “Product”, “Service” or “Solution”.
Processor: means the legal entity or natural person which Processes Personal Data on behalf and under the instructions of a Controller.
Sub-Processor: means any further Processor engaged by Heartstream to Process Customer Data.
© 2025 Heartstream Holding Company LLC. All rights reserved.
Hearstream and other trademarks are the property of Heartstream Holding Company LLC or their respective owners.