Master Services Agreement AHI-FORM-0024 v2
Exhibit 4.37
Master Services Agreement
AHI-FORM-0024 v2
This document is confidential and contains trade secrets of Advanced Human Imaging Limited. Unauthorised disclosure, duplication or use of any part of this document without the prior written consent of Advanced Human Imaging Limited is strictly prohibited.
Commercial Details
1. Our Details | Name and ABN | Advanced Human Imaging Limited ABN 85 602 111 115 (we, us, our) | |
Office Address | Xxxx 0, 00-00 Xxxxx Xxxxx Xxxxxxxxx, South Perth WA 6151 Australia | ||
2. Client Details | Name and Business / Company Number | Inter-Psy B.V, Chamber of Commerce: 50074105 (you, your) | |
Office Address | Xxxx. Xxxxxxxxxxxxx 0, 0000 XX Xxxxxxxxx, XXXXXXXXXXX | ||
3. Your App | Software Product / App Details | HealthiCheck App | |
4. Contract Details | Master Services Agreement Number | AHI010027 | |
5. AHI SDKs | Product | Components | Included? |
Multi-Scan iOS & Android Software Development Kits (SDKs) | ■ Body Circumference measurements ■ Face Scan measurements |
Yes Yes | |
6. Data Processing | Applicable Data Processing Agreement | Data Processing Agreement – BodyScan and FaceScan, a copy of which is annexed to this Master Services Agreement. | |
7. Professional Services to be provided by us | Implementation Support Services (for integration of the Licensed SDKs into Your App) | During the 60 day period from the Commencement Date, the following Implementation Support Services will be made available to you for no additional charge after initial SDK hand over meeting: (a) up to a total of 16 hours of software developer time requested by you to support and assist your development team in undertaking Product Integration; (b) up to a total of 100 Support Requests in respect of Measurement Errors.
We are not required to provide any other Implementation Services except as may be set out in an Implementation Plan. | |
Training Services | Yes | Up to 4 hours of internet/phone-based training on the SDKs | |
Software Development | No | ||
Consulting Services | No | Days: [insert] | |
Support Services | Yes | Support Hours: 9:00 am – 5:00 pm AWST on Business Days | |
8. Term | Commencement Date | This Agreement will commence on 7 February 2022 | |
Initial Term | 12 months commencing on the Commencement Date | ||
9. Key Contacts | Our Contact Details | Name: | Xxxxx Xxxx |
Telephone: | + 00 000 000 000 | ||
Email: | Xxxxx.xxxx@xxxxxxxxxxxxxxxxxxxx.xxx | ||
Your Project Manager | Name: | Xxxx Xxxxxxx - Thunderbyte | |
Telephone: | [insert] | ||
Email: | xxxx.xxxxxxx@xxxxxxxxxxx.xx |
Acceptance | |||||
By signing below, you and us each agree to (1) the Commercial Details set out above together with the attached (2) Fee Schedule; (3) Terms and Conditions; (4) Service Level Agreement; and (5) the applicable Data Processing Agreement referred to above.
| |||||
/s/ Xxxxx Xxxxxxx | /s/ Xxxxxx xxx xxx Xxxxx | ||||
Xxxxx Xxxxxxx Director, Advanced Human Imaging Ltd |
Xxxxxx xxx xxx Xxxxx Date: 02/04/2022 |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 2 of 27 |
Fee Schedule
User Fees | ||||
Fee Type | Description | |||
User Fees | User Fees are payable based on pricing indicators in Schedule 2 – User Fees. An Active User is one that accesses the AHI technology serving functionality in Your App at any time in the relevant month.
The price per month, per user pricing is incrementally tier based, and requires you to pay the per month, per user price for the first tier, then the per month, per user price for the second tier and so on.
Pursuant to Clause 4 of the executed Binding Term Sheet, the Customer will use its best endeavours to grow the subscription base for the AHI Platform in the first 12 months to 200,000 Active Users across the current and new user base. | |||
Services Fees | ||||
Service | Description | Price (Excl. GST)* | Payment Terms | |
Support Services | Incident Support as specified in the SLA. | As per the Xxxxx 0 & Xxxxx 0 Support Hourly Rates set out below for Ad Hoc Services, per staff member required, where the request type is Incident. | Payable to us on a monthly basis in arrears. | |
Measurement Support as specified in the SLA. | $100 per Support Request where the request type is Measurement Support. | Payable to us on a monthly basis in arrears. | ||
Consulting Services | Consulting services that we may agree to provide. | At the rates set out below under “Ad Hoc Services”. | Payable to us on a monthly basis in arrears. | |
Training Services | Training in respect of the SDKs as specified in clause 17 of the enclosed Terms and Conditions. | [insert] | Payable to us on a monthly basis in arrears. | |
Ad Hoc Services | Time spent providing any services to you for which there is no other rate specified in this Agreement. | Service Type | Hourly Rate | Payable to us on a monthly basis in arrears. |
Xxxxx 0 Technical Support Training | $150 | |||
First 20 Support Requests per month for Measurement Support | No additional charge | |||
Additional Measurement Support+ | $100 per request | |||
Level 2 Support+ | $200 | |||
Level 3 Support+ | $250 | |||
Quality Assurance consultation | $190 | |||
Senior Architect consultation | $250 | |||
Design (UX/UI) consultation | $220 | |||
Other | [insert] | |||
* | All amounts are in Australian Dollars unless specified otherwise. |
+ | Only payable where a defect or error does not cause the Support Request in the Licensed SDK. |
<<The remainder of this page is intentially left blank >>
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 3 of 27 |
Terms and Conditions
1. | Term |
1.1. | This Agreement will commence on the Commencement Date and will continue for the Initial Term, subject to earlier termination by either party in accordance with this Agreement. Upon expiry of the Initial Term, this Agreement will automatically extend for subsequent consecutive periods each of equivalent length to the Initial Term (each, a Renewal Term) until and unless either party notifies the other party in writing of its intent not to renew the Agreement at least thirty (30) days prior to the expiry of the Initial Term or the then current Renewal Term (as applicable) (time being of the essence), in which case if such notice is provided the Agreement shall terminate at the end of the Initial Term or then current Renewal Term (as applicable). |
2. | Non-exclusive relationship |
2.1. | The relationship between you and us pursuant to this Agreement is non- exclusive. Nothing in this Agreement will prevent us from supplying any goods or services to any third party in our absolute discretion. |
3. | Priority |
3.1. | If any two of the following documents of this Agreement are inconsistent, they will be interpreted in the following order of precedence (highest to lowest): |
(a) | the terms and conditions in clauses 1 - 28 of these Terms and Conditions; | |
(b) | the SLA; | |
(c) | the Commercial Details; | |
(d) | the Fee Schedule. |
3.2. | To the extent of any inconsistency between the provisions of the Data Processing Agreement and this Agreement, this Agreement will prevail, except where inconsistent with the Privacy Act, the GDPR or any other applicable data protection laws (collectively, “Data Protection Laws”) in which case the provisions of the relevant Data Protection Laws will prevail. |
4. | Change Control |
4.1. | If either you or we wish to change any part of this Agreement (Requesting Party), the Requesting Party shall deliver a written notice to the other party pursuant to clause 25 setting out the details of the requested change (Change Request). |
4.2. | If you issue a Change Request, we will, if we consider that we can accommodate the Change Request, provide you with a written proposal (Change Proposal) setting out: |
(a) | the likely time required to implement the changes; | |
(b) | any variations to the Fees arising from the changes; and | |
(c) | any consequential variation to the Agreement required by us. |
4.3. | No change to this Agreement shall be effective unless the change is implemented pursuant to this clause 4 or the change is otherwise agreed in writing by the parties. |
5. | Integration of the Licensed SDKs into Your App |
5.1. | You must carry out Product Integration as soon as reasonably practicable, but in any event no later than 3 months following the Commencement Date. |
5.2. | We have no obligation to provide Implementation Services except to the extent we agree to do so in a separately agreed upon Implementation Plan. |
5.3. | If there is an Implementation Plan: |
(a) | we will provide the Implementation Services specified in an Implementation Plan (if any) (Implementation Services) within any timeframes for performing the Implementation Services set out therein; and | |
(b) | you will comply with your obligations under the Implementation Plan. |
5.4. | Except where otherwise agreed in writing by us, all Product Integration costs shall be borne by you. |
5.5. | You must provide all cooperation, access to Personnel and information reasonably required by us to perform Implementation Services. |
5.6. | AHI will conduct a quality assurance test prior to the target go-live date (timeframe is estimated between 3-5 days) to verify that the Licensed SDKs have been properly integrated into Your App. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 4 of 27 |
5.7. | If Product Integration has not been completed in accordance with clause 5.1 due to your non-compliance with the Implementation Plan, the Documentation, any incompatibility or defect in or with Your App, or due to any other factor (other than our non-performance of the Integration Services) then without limiting any other provisions of this Agreement, you must promptly (and in any event, within 30 days of written request by us) do everything required to complete Product Integration. |
6. | Licence |
6.1. | Subject to clause 6.3 and your compliance with this Agreement, we hereby grant you: |
(a) | a non-exclusive, non-assignable, non-sublicensable, non- transferable licence exercisable by and through your employees and Authorised Third Party Developers, to incorporate the Licensed SDKs into Your App for Product Integration in accordance with the Documentation and any applicable Implementation Plan; and | |
(b) | a non-exclusive, non-assignable, non-sublicensable, non- transferable worldwide licence exercisable by and through your Users, to use the Licensed SDKs in the form integrated into Your App during Product Integration, subject to the Documentation (collectively, the Licence). |
6.2. | You must not use the Licensed SDKs in any way other than pursuant to the Licence. |
6.3. | Any parts of the Licensed SDKs that are Open Source Software are subject to the applicable Open Source Licence. All applicable Open Source Licenses and the components of the Licensed SDKs that are governed by them are documented in the AHI MultiScan SDK Open Source Licences List which is a separate document available from us upon your request. |
6.4. | You must not commit, permit or otherwise authorise the commission of any act that would or might invalidate or be inconsistent with our Intellectual Property Rights. |
6.5. | Without limiting clause 6.4, you must not and must not permit any person, including any User or Third Party Developer, to: |
(a) | resell, on-sell, assign or transfer the Licensed SDKs or purport to do so; | |
(b) | license, sublicense, or provide others with access to, the Licensed SDKs (however, you may license your End Users to use the Licensed SDKs on a non-exclusive, non-assignable, non-transferrable, non-sublicensable, revocable basis solely for them to use the Licensed SDKs from within Your App in the usual course of operating Your App as an end user); | |
(c) | “frame”, “mirror” or serve any of the Licensed SDKs on any web server or other computer server over the internet or any other network; | |
(d) | copy, alter, modify, adapt, create derivative works from, reproduce, distribute, resell, transfer to a third party, reverse assemble, disassemble, reverse engineer, decompile, reverse compile or enhance the Licensed SDKs (except as may be expressly permitted by applicable copyright law); | |
(e) | store, transmit or distribute, or permit the storage, transmission or distribution of, any virus or Your Data or other material using any Licensed SDKs that is unlawful, harmful, threatening, defamatory, infringing, offensive or in breach of any person’s rights or Applicable Law; | |
(f) | use any Licensed SDKs in any way which is in breach of any right of any person or any Applicable Law; | |
(g) | use the Licensed SDKs or any part of them (or allow them to be used) (including any component of any graphical user interface or the look and feel of the Licensed SDKs) to develop, or contribute to the development of, any software or product competitive with the Licensed SDKs; | |
(h) | alter, remove or tamper with any trade marks, patent or copyright notices, confidentiality legend or notice, any numbers or other means of identification used on or in relation to the Licensed SDKs; | |
(i) | use the Licensed SDKs to violate all or any legal rights of any person or company or other entity in any jurisdiction; or | |
(j) | introduce malicious programs into the AHI Platform (e.g., viruses, worms, Trojan horses, e-mail bombs). |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 5 of 27 |
6.6. | Outside of the already fully executed SDK XXXX for Third Party Developers (e-Vitality B.V. VAT: NL851656110B01), you must: |
(a) | not permit any new Third Party Developer to use the Licensed SDKs unless they are an Authorised Third Party Developer; and/or | |
(b) | ensure that your Authorised Third Party Developers only use the Licensed SDKs to incorporate the Licensed SDKs into Your App for Product Integration in accordance with the Documentation and any applicable Implementation Plan. |
6.7. | You acknowledge that the integrity of the Licensed SDKs is protected by technical protection measures (TPMs) to prevent Intellectual Property Rights, including copyright, in the Licensed SDKs from being misappropriated. You must not attempt in any way to remove or circumvent any TPM in the Licensed SDKs. |
7. | Licensed SDK versions and support |
7.1. | During the Term, we may release updates of the Licensed SDKs (Update). We will not charge you any fee to provide you with any Updates. |
7.2. | AHI will provide Support Services in respect of the Licensed SDK during the Term until such time we deem an Update is required. In the event an Update is required, you will be notified and provided a 6-month grace period to accept the Update, and upon expiry of that period you will not be able to use any previous version. |
7.3. | The provisions of this Agreement that apply to the Licensed SDKs will apply equally to any Updates that we provide to you. |
8. | The AHI Platform |
8.1. | We will configure the AHI Platform within the 20 Business Day period after completion of Product Integration to enable Your App to make calls to the AHI Platform via the Licensed SDKs (AHI Platform Configuration). |
8.2. | Following Platform Configuration we undertake to use reasonable endeavours to arrange the hosting of the AHI Platform during the Term in accordance with the Availability Target set out in the SLA. |
8.3. | Any failure by us to meet the Availability Target shall not constitute a breach of this Agreement. |
9. | Risk Inference Reference Information |
9.1. | Any Risk Inference Reference Information that you may obtain from the AHI Platform is general in nature and does not constitute our advice or recommendations and may be obtained from third parties. |
9.2. | In respect of any Risk Inference Reference Information that you or an End User may obtain from the AHI Platform and/or via the use of the Licensed SDKs, we do not represent or warrant: |
(a) | the accuracy or correctness of such Risk Inference Reference Information; or | |
(b) | the relevance or suitability of such Risk Inference Reference Information to you, Your App or any User. |
9.3. | You must independently verify that any Risk Inference Reference Information that you or an End User obtains from the AHI Platform and/or use of the Licensed SDKs is accurate, correct, relevant and suitable before it is relied upon by you, your Personnel, Your App or any User. |
9.4. | The information provided by the AHI Platform and the Licensed SDKs does not constitute medical advice and we do not provide health diagnoses of any kind. |
9.5. | We do not provide, nor do we represent that we provide, any medical advice or health diagnoses. Further, we do not represent or warrant that any use of the AHI Platform or the Licensed SDKs will result in the diagnosis, detection, treatment, cure or prevention of any medical disorder, illness or condition. |
9.6. | You: |
(a) | agree that you have assessed the AHI Platform and the Licensed SDKs as being suitable for your and your Users’ requirements; | |
(b) | agree that to the maximum extent permitted by Law, you use the AHI Platform and the Licensed SDKs at your sole risk; and | |
(c) | hereby irrevocably release us from and against any claims that you might otherwise have against us in connection with any: |
(i) | Risk Inference Reference Information; and | |
(ii) | other information, that you, your Personnel, Your App or any End User may receive directly or indirectly from the AHI Platform, the Licensed SDKs or Your App. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 6 of 27 |
9.7. | As between you and us, you are solely responsible for: |
(a) | any healthcare or medical advice, treatment plans, suggestions, exercises and regimes that you provide or recommend to any User; | |
(b) | the accuracy, efficacy and results of any health information (including to the extent that any information from the AHI Platform and/or the SDKs constitutes health information) and advice, and for any clinical reports, health assessments, health care plans, treatment plans, clinical advice, suggestions, exercises, regimes, recommendations, services, clinical or remedial procedures, prescriptions and health services that you provide to any person (individually, a “Healthcare Service” and collectively, “Healthcare Services”), and for any claims arising in connection with any Healthcare Service that you supply or fail to supply. |
9.8. | You must indemnify us in respect of any loss and/or damage that we incur in respect of any claim in connection with any Healthcare Service that you provide or fail to provide to any person. |
9.9. | We do not provide, or represent that we provide, any Healthcare Service and we are not a party to any contract for the provision or receipt of any Healthcare Service. Further, we do not represent or warrant that the AHI Platform and/or the Licensed SDKs or any Users’ use of any information generated or provided by them will result in the diagnosis, cure or prevention of any medical disorder or illness or that they are suitable for any End User’s specific requirements. |
10. | Ownership and use of Your Data |
10.1. | As between you and us, you own all Intellectual Property Rights in Your Data. |
10.2. | You license us and our suppliers on a non-exclusive, non- transferable, royalty-free basis throughout the Term to use Your Data to provide the Services to you (Data Licence). The Data Licence is irrevocable and non-terminable during the Term. |
10.3. | We shall not be responsible for any loss, destruction, alteration or unauthorised disclosure of any Your Data, except in relation to liability that cannot lawfully be excluded or where caused by our wilful misconduct or intentional misuse of Your Data. |
10.4. | You warrant and represent that: |
(a) | Your Data and the collection, processing, storage and/or disclosure of it by us as part of the Services or as otherwise required by Applicable Law will not breach any Applicable Law or right of any person; and | |
(a) | you will ensure at all applicable times that the use, hosting, transmission, modification, processing, collection, holding and disclosure of Your Data via the Licensed SDKs or the AHI Platform does not breach any Applicable Law or any person’s rights, and that all relevant consents have been obtained by you as lawfully required for us and our personnel to collect, hold, disclose and otherwise process any Personal Data in the course of performing our obligations or exercising our rights under the Agreement or pursuant to Applicable Law. |
10.5. | As between you and us, you are solely responsible for the accuracy, legality and quality of all Your Data, for any claims arising in respect of Your Data and for obtaining any permissions, consents, licences, rights and authorisations necessary for us and our suppliers to use, host, modify, hold, transmit, process, store and disclose Your Data in connection with this Agreement. |
10.6. | If we receive a request from any person for the provision of Personal Data in any Your Data we will forward a copy of the request to you, unless Applicable Law prohibits us from doing so, and you must provide all assistance that we require to comply with our legal obligations in connection with any such request. |
10.7. | You must indemnify us in respect of any loss and damage that we incur in respect of any claim that any Your Data is lost, unavailable, deleted or corrupted or that the transmission, storage, hosting, disclosure, access or use of Your Data by us or our suppliers, or the processing thereof by us or them, for the proposes of this Agreement, infringes the Intellectual Property Rights or other rights of any person or breaches any Applicable Law, except to the extend caused by our breach of this Agreement. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 7 of 27 |
11. | Intellectual Property Rights |
11.1. | Nothing in this Agreement affects the ownership of any Intellectual Property Rights owned by either party prior to the Commencement Date. |
11.2. | As between you and us, we own all Intellectual Property Rights in the Licensed SDKs (other than Open Source Software), the AHI Platform and the Documentation, and any updates, upgrades, new versions, and other modifications of the Licensed SDKs, AHI Platform and Documentation. You must not represent that you own the Licensed SDKs, AHI Platform or Documentation or any updates, upgrades, new versions and other modifications of the Licensed SDKs, AHI Platform and/or the Documentation. |
11.3. | Except as expressly stated herein, this Agreement does not grant you or any third party any rights to or in patents, copyright, database rights, trade secrets, trade names, trade marks (whether registered or unregistered), or any other Intellectual Property Rights or other rights or licences in respect of the Licensed SDKs, AHI Platform or the Documentation. |
11.4. | You must not directly or indirectly do anything that would or might invalidate, jeopardise, limit, interfere with or put in dispute our or our licensors’ ownership in or rights with respect to the Licensed SDKs, AHI Platform or Documentation. |
11.5. | You may not do or authorise the commission of any act that would or might invalidate or be inconsistent with our or our licensors’ Intellectual Property Rights in the Licensed SDKs, the AHI Platform or any Documentation. |
11.6. | You hereby assign to us all and any Intellectual Property rights that you may have in all and any comments in connection with the Licensed SDKs, the AHI Platform or requests for any new Licensed SDK or AHI Platform features that you or your officers, employees or agents may suggest or create (each, an Improvement Suggestion). Each Improvement Suggestion becomes our sole and exclusive property. This assignment is effective as soon as you or your officers, employees, and agents create any Improvement Suggestion or disclose an Improvement Suggestion to us including where applicable under section 197 of the Copyright Xxx 0000 (Cth) and in equity. You must execute and procure from your officers, employees and agents the execution of any documentation reasonably required by us to give effect to: (a) the assignment to us of all Intellectual Property Rights that they may have in any Improvement Suggestions; and (b) a waiver for us and any third parties authorised by us to exploit any Moral Rights that they may have in any Improvement Suggestions. |
11.7. | You must not: |
(a) | use any of our trade marks or other marks (collectively, Marks) without our prior written consent; or | |
(b) | contest any Mark, apply for registration of any Mark or use or apply for registration of any trade mark, trade name, business name, company name or domain name that incorporates any element that is confusingly similar to any Mark. |
11.8. | Except as expressly provided in this Agreement, you have no rights in respect of any Marks or their associated goodwill. You hereby acknowledge that all such rights and goodwill inure for the benefit of, and are (and will remain) vested in, us. |
11.9. | We will indemnify you from and against any liability, loss, damage and reasonable costs arising out of any proceeding brought by any third party alleging that you are infringing that third party’s Intellectual Property Rights by using the Licensed SDKs in accordance with the Licence (IP Claim), provided that: |
(a) | you notify us immediately upon receipt by you of notice of any IP Claim or upon you suspecting or having reasonable cause to suspect that such an IP Claim may be made; | |
(b) | you do not make any admission or settlement of any IP Claim without our prior written consent; | |
(c) | you give us sole control of the defence and any negotiations for compromise; and | |
(d) | you provide such assistance in connection with the IP Claim, as we may require. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 8 of 27 |
11.10. | If the Licensed SDKs becomes the subject of any IP Claim, you must permit us if, and as we consider appropriate: |
(a) | to replace all or part of the Licensed SDKs with functionally equivalent software; | |
(b) | to modify the Licensed SDKs as necessary to avoid such claim; and/or | |
(c) | to procure a licence from the relevant complainant to allow you to continue using the Licensed SDKs for the balance of the Term. |
11.11. | If in the above circumstances we are unable to procure for you the right to continue using the Licensed SDKs, or to provide you with functionally equivalent non-infringing software, or to modify the Licensed SDKs, as necessary to avoid the IP Claim, this Agreement and the Licence may be terminated by us. |
11.12. | Notwithstanding any other provisions of this Agreement, we shall have no liability for or in connection with any IP Claim if such claim is caused by or arises out of: |
(a) | your use of the Licensed SDKs in combination with software or hardware not supplied or approved in writing by us if such infringement could have been avoided by not combining, operating or using the Licensed SDKs with such software and/or hardware; | |
(b) | any modification of the Licensed SDKs created by any person other than us; | |
(c) | code or content in Your App or the integration of the Licensed SDKs into Your App; | |
(d) | Your Data or any other content or data used or transmitted by, you, your Personnel or any End User; | |
(e) | use of the Licensed SDKs knowingly in breach of any person’s rights; or | |
(f) | your breach of any Open Source Licence or this Agreement. |
11.13. | As between you and us, you, and not us, shall be solely liable for any claims made by any third party in connection with any of the matters referred to in clause 11.12 (a) – (f) and you must indemnify us from and against any liability, loss, damage and reasonable costs arising out of any of those matters. |
12. | Confidentiality |
12.1. | Each party (the first party) agrees and acknowledges that it may receive information of the other party marked as confidential or has the quality of confidential information during the Term of this Agreement (Confidential Information). |
12.2. | The first party agrees and acknowledges that the Confidential Information of the other party will be received and held by the first party in strict confidence and will not be disclosed by the first party, except: |
(a) | as required to perform its obligations under this Agreement; | |
(b) | with the prior written consent of the other party; | |
(c) | as must be disclosed by Applicable Law; | |
(d) | where disclosed to its Personnel on a confidential basis; | |
(e) | as required by the rules of any stock exchange; or | |
(f) | as required by a court of competent jurisdiction, and then, only to the extent required, and provided that the first party promptly notifies the other party of such requirement of disclosure and provides full particulars to the other party of the disclosure. |
12.3. | The first party must use reasonable endeavours to ensure that its Personnel keep the other party’s Confidential Information that the first party provides to its Personnel confidential. |
12.4. | Confidential Information does not include any information: |
(a) | that is independently developed, obtained or known by the first party, without relying on confidential information received by the first party from the other party; | |
(b) | that the first party can prove was already rightfully known by it at the time of disclosure to it as shown by contemporaneous records; | |
(c) | which is or becomes available to the first party from a third party lawfully in possession of such information and who has the lawful power to disclose such information to the first party on a non-confidential basis; or | |
(d) | that is in the public domain or becomes part of the public domain except where due to a breach of this Agreement or any breach of any obligation of confidence. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 9 of 27 |
12.5. | Our Confidential Information includes: |
(a) | this Agreement; | |
(b) | all parts of the Licensed SDKs and the AHI Platform (including any designs, graphical user interface, the layout of any elements of the Licensed SDKs, the AHI Platform and the look and feel of the Licensed SDKs, the AHI Platform and any Custom Software); | |
(c) | the Documentation; | |
(d) | all Intellectual Property Rights and any proprietary and technical data, trade secrets, patented and unpatented inventions, discoveries, works, improvements, innovations, ideas, concepts, graphs, flow charts, materials, samples, devices, models, know how, techniques, operations, dealings, processes, procedures, secret formula, computer hardware and software programs and designs, drawings, technology, machinery or equipment used or proposed to be used or developed in connection with the Licensed SDKs; | |
(e) | all advertising and marketing information and material provided by us to you; and | |
(f) | the Object Code and Source Code in the Licensed SDKs and AHI Platform, (collectively, AHI Confidential Information). |
12.6. | The AHI Confidential Information is not your Confidential Information and you must not use, modify, reproduce, release, perform, display or disclose it except as is strictly necessary for you to use the Licensed SDKs in accordance with the Licence. |
12.7. | You agree that our business involves, among other activities, entering into transactions with third parties who license us to use their software or technology that we use to provide smartphone-based human scanning technology via the Licensed SDKs (technology licensors). You irrevocably agree and warrant that you will not, without our prior written consent, during the Term and for 3 years thereafter directly or indirectly, whether alone, with third parties or on behalf of another person or entity, in any capacity: |
(a) | contact, solicit, accept an approach from, initiate, submit a request for products and/or services to, communicate with and/or enter into any contracts with, our technology licensors; | |
(b) | bypass us by entering into any licence or other contract with our technology licensors (whether or not introduced by us to you) for the purpose of gaining any benefit, whether such benefit is monetary or otherwise; and/or | |
(c) | attempt and/or assist, conspire with, aid, prepare or assist any third party to do anything referred to in clauses 12.7(a) and/or 12.7(b). |
12.8. | You must indemnify us for any loss or damage we incur as a result of your breach of clause 12.7. |
12.9. | You acknowledge that clause 12.7 is reasonable and necessary to protect our interests and that a breach of clause 12.7 will expose us to substantial loss and damage and that damages may be inadequate to protect our interests. We shall be entitled to seek and obtain injunctive relief or any other remedy in respect of an actual or potential breach by you of clause 12.7. You shall in good faith immediately upon our request, provide access to any documents and information necessary for us to investigate whether a breach of clause 12.7 has occurred. |
13. | Fees and Payment Terms |
13.1. | You must pay the Fees to us in accordance with the Payment Terms. |
13.2. | The Fees are exclusive of GST and you agree to pay to us all applicable GST that we incur in connection with this Agreement. You must pay all applicable GST, at the same time as the Fees, in accordance with the Payment Terms. |
13.3. | If you fail to make any payment due to us for any undisputed amounts under this Agreement by the due date for payment, then, without limiting our remedies, you shall pay interest on the overdue amount at the rate of 10% per annum (or if such rate is not permitted under Applicable Law, the highest rate of interest that may be charged under Applicable Law). Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment and you shall pay the interest together with the overdue amount upon demand by us. |
13.4. | If we have not received payment of any Fees by the due date in accordance with the Payment Terms, then without prejudice to any of our other rights and remedies, we may, without liability to you, suspend the operation of the Licensed SDKs, the AHI Platform and/or all or any part of our obligations under the Agreement. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 10 of 27 |
14. | Fee Disputes |
14.1. | If you, acting reasonably, dispute an amount invoiced by us, you: |
(a) | must pay the undisputed amount of the invoice by the due date; | |
(b) | must notify us of the dispute and the reasons for the dispute within 7 days of receipt of the invoice; and | |
(c) | may withhold payment of the disputed part of the invoice until the dispute is resolved in accordance with clause 26 (Dispute Resolution). |
14.2. | On resolution of the dispute in our favor, you must pay any additional amounts agreed or determined to be payable, plus interest at the rate of 10% per annum (or if such rate is not permitted under Applicable Law, the highest rate of interest that may be charged under Applicable Law), accruing daily from the date when the invoiced amount was due for payment until the date on which payment is made. |
14.3. | You shall pay all legal and debt collection fees, costs and disbursements incurred by us in enforcing your payment obligations under this Agreement. |
14.4. | You must not withhold payment of any Fees except any Fees that are disputed under clause 14.1. |
15. | Professional Services |
15.1. | We have no obligation to provide any professional services under this Agreement except as set out in the Commercial Details. |
16. | Support Services |
16.1. | We will provide the Support Services in relation to the Licensed SDKs, subject to the provisions of the Service Level Agreement. |
17. | Training Services |
17.1. | We will provide you with the allocated number of hours of online- based training set out in the Commercial Details in the use of the Licensed SDKs. |
17.2. | The start date of the Training Services will be determined by you and us. |
17.3. | If Training Services are to be provided on your premises, you will be responsible for all reasonable costs and expenses of our Personnel and all trainees in connection with travel to and attendance at the training, including with respect to accommodation, meals and transport (Expenses). You must reimburse us for all Expenses that we incur within twenty-eight (28) days of the date of any invoice we issue to you for any Expenses. |
18. | Software Development Services |
18.1. | We have no obligation to provide any software development services under this Agreement unless you and we execute a Statement of Work specifying the software development services to be provided and the software to be developed (Custom Software). |
18.2. | You will pay the Fees set out in or referred to in the Statement of Work on a time and materials basis for all time spent carrying out our obligations under this clause 18. |
18.3. | Except as otherwise agreed in a Statement of Work, we own all Intellectual Property Rights in all Custom Software. To the extent that we do not automatically own all such Intellectual Property Rights, you hereby assign all such Intellectual Property Rights to us. The assignment under this clause 18.3 includes an assignment of future copyright under section 197 of the Copyright Xxx 0000 (Cth) and in equity. |
18.4. | Any Custom Software developed will be subject to the same provisions of the Agreement that apply to Licensed SDKs except as otherwise expressly specified to the contrary in the applicable Custom Development Statement of Work. |
19. | Third Party Developers |
19.1. | Under no circumstances may you permit any new Third Party Developer to access, download, or use any of the Licensed SDKs or any other product (including Your App) that uses or incorporates any of the Licensed SDKs, unless they are your Third Party Developers who have each entered into a Third Party Developer Licence Agreement (e-Vitality B.V. VAT: NL851656110B01). |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 11 of 27 |
19.2. | You must: |
(a) | cause each new Third Party Developer to enter into a new Third Party Developer Licence Agreement with us and provide us with the additional Third Party Developer Licence Agreement (in the form set out in Annexure A); and |
(b) | wait for us to approve the additional Third Party Developer Licence Agreement (in our absolute discretion) and where approved by us, execute that Third Party Developer Licence Agreement, | |
prior to permitting any new Third Party Developer engaged by you to access, download or use any of the Licensed SDKs or Your App which uses or incorporates any of the Licensed SDKs. |
19.3. | Following our execution of an additional Third Party Developer Licence Agreement that has been executed by your Third Party Developer, we will provide the fully executed copy to you, and such Third Party Developer shall only from that time be deemed to be an Authorised Third Party Developer. |
20. | Force Majeure Event |
20.1. | Each party will not be liable to the other party for any breach of this Agreement to the extent that it is caused or contributed to by a Force Majeure Event. |
21. | Liability |
21.1. | Except to the extent that such liability cannot be excluded by Applicable Law, neither party is liable to the other party for any Consequential Loss whether arising in contract, tort (including negligence) or otherwise, and whether the loss or damage is foreseeable or not. |
21.2. | For any loss or damage that is not otherwise excluded by the provisions of this Agreement, our liability is capped, in the aggregate, to the value of the Fees paid by you under this Agreement, and which cap is reduced to the extent that you or any Force Majeure Event caused or were responsible for such loss or damage. |
21.3. | You hereby indemnify us in respect of all and any loss and damage incurred by us as a result of any breach by you of your obligations under this Agreement or as a result of Your App infringing the rights of any person or breaching any Applicable Law. You warrant and represent that Your App and all use thereof by us for the purposes of this Agreement, will not infringe the rights of any person or breach any Applicable Law. |
21.4. | Notwithstanding any other provisions of this Agreement, a party’s liability is not limited under the Agreement with respect to: |
(a) | liability under any indemnity specified in the Agreement; |
(b) | liability that cannot be limited by law; or |
(c) | liability for the party’s wilful misconduct or intentional breach of the Agreement. |
22. | Warranties and implied guarantees |
22.1. | Each party warrants that: |
(a) | it has full capacity, authority and all necessary consents to enter into and to perform this Agreement and to grant the rights referred to in the Agreement and that the Agreement is executed by its duly authorised representative and represents a binding commitment on it; and |
(b) | it shall comply with all Applicable Laws in the performance of its obligations under this agreement. |
22.2. | You warrant that your entering into and/or performance of your obligations under this Agreement does not and will not violate or conflict with or result in a breach of, or constitute a default under, or result in the imposition of, any encumbrance under the provisions of your constitution or any contract or other instrument. If any such conflict, breach or default occurs or is likely to occur: |
(a) | you must immediately disclose full particulars of the actual and/or likely conflict, breach or default and you must indemnify us for any loss or damage that we may incur as a result thereof; and |
(b) | we may terminate this Agreement by notice to you. |
22.3. | You warrant that you have made full disclosure to us of all information which would be material to our decision as to whether or not to enter into this Agreement and that the information given by or on your behalf to us to date is true, complete and accurate in all respects and none of that information is misleading whether by inclusion of misleading information or omission of material information or both. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 12 of 27 |
22.4. | The goods and services supplied under this Agreement may come with implied non-excludable guarantees which are regulated by the Australian Consumer Law. The extent of the implied guarantees depends on whether you are a ‘consumer’ of goods or services within the meaning of that term pursuant to the Australian Consumer Law as amended. |
22.5. | If the goods or services supplied by us to you are supplied to you as a ‘consumer’ of goods or services within the meaning of that term in the Australian Consumer Law as amended you will have the benefit of certain non-excludable rights and remedies in respect of the goods or services and nothing in the Agreement excludes or restricts or modifies any condition, warranty, guarantee, right or remedy which pursuant to the Competition and Consumer Xxx 0000 (Cth) is so conferred. However, if the goods or services are subject to a non- excludable condition, warranty, guarantee, right or remedy implied by the Australian Consumer Law and the goods or services are not ordinarily acquired for personal, domestic or household use or consumption, then pursuant to section 64A of the Australian Consumer Law, we limit our liability for breach of any such non- excludable warranty, guarantee, right or remedy implied by the Australian Consumer Law (other than a guarantee implied by sections 51, 52 or 53 of the Australian Consumer Law) or expressly given by us to you, in respect of each of the goods and services, at our option, to one or more of the following: |
(a) | if the breach relates to goods: |
(i) | the replacement of the goods or the supply of equivalent goods; |
(ii) | the repair of such goods; |
(iii) | the payment of the cost of replacing the goods or of acquiring equivalent goods; or |
(iv) | the payment of the cost of having the goods repaired; and |
(b) | if the breach relates to services: |
(i) | the supplying of the services again; or |
(ii) | the payment of the cost of having the services supplied again. |
22.6. | Other than with respect to any non-excludable guarantees implied into this Agreement under the Australian Consumer Law, to the maximum extent permitted by law (and if permitted by law): |
(a) | all conditions, warranties and guarantees implied in the Agreement are excluded, to the extent possible by law; |
(b) | we do not represent that the information obtained via the Licensed SDKs or the AHI Platform is accurate, correct, up-to- date or error free; |
(c) | we do not warrant that any Licensed SDKs or the AHI Platform are error-free or will operate accurately, correctly or without interruption or will achieve your intended results; and |
(d) | you accept sole responsibility for the selection of the Licensed SDKs and AHI Platform to achieve your intended results and for any results that you, your Personnel or Users obtain therefrom. |
23. | Insurance |
23.1. | Each party will during the Term obtain and maintain the following insurances: |
(a) | cyber liability and privacy protection insurance in the amount of two million dollars ($2,000,000); and |
(b) | any other insurance that the party must obtain under Applicable Law. |
23.2. | For each insurance policy taken out by a party in accordance with this Agreement it will provide the other party (upon request only) with a certificate of currency which identifies the insurer, policy number, term of the policy, type of insurance and limits of liability for the cover. |
24. | Suspension and Termination |
24.1. | We may temporarily and/or permanently suspend and/or disable the performance of the whole or any part of any Licensed SDKs, the AHI Platform or Services and/or your Personnel’s and Users’ access to and use of any Licensed SDKs, the AHI Platform or Services by way of TPM or otherwise if we know or reasonably suspect that: |
(a) | you are in breach of the Agreement; |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 13 of 27 |
(b) | any of your Personnel have not used or are not using the Licensed SDKs in compliance with the Licence; |
(c) | any Authorised Third Party Developer is in breach of the applicable Third Party Developer Licence Agreement; or |
(d) | we determine that you or any of your Personnel’s use of the Licensed SDKs is likely to lead to any third party instituting or threatening legal proceedings against us or any other person. |
24.2. | A party (the first party) may terminate this Agreement by written notice to the other party (the Defaulting Party) if the Defaulting Party is in material breach of this Agreement which is not remediable, or if capable of remedy and the Defaulting Party fails to remedy the material breach within seven (7) days of written notice from the first party requiring the remedying of the breach. |
24.3. | A party may terminate this Agreement by written notice to the other party if the other party suffers an Insolvency Event. |
24.4. | We may terminate this Agreement, the Licence or our provision of any Services, if: |
(a) | you undergo a Change of Control without our prior written consent; |
(b) | you breach, challenge or dispute the validity of any of our Intellectual Property Rights; |
(c) | you purport to assign any of your rights or novate any of your obligations under this Agreement without our prior written consent; |
(d) | you breach any Applicable Law or any person’s rights; or |
(e) | a third party provider ceases to provide hardware, software, products, licences or services that we require to comply with our obligations under this Agreement. |
24.5. | If this Agreement is terminated or expires for any reason: |
(a) | any rights or obligations that, by their nature, survive termination shall so survive; |
(b) | you shall promptly return to us all copies of any of our Confidential Information and Documentation in your possession or control, or if required by us, destroy all such copies of our Confidential Information and Documentation; |
(c) | in the absence of any direction from you within 30 days following termination or expiry of this Agreement, we shall delete all Your Data that remains in our possession or control; |
(d) | we do not have any obligation to provide you with any refund, except to the extent that we must do so pursuant to Applicable Law; |
(e) | your right to use and access the Licensed SDKs, the AHI Platform and any Documentation immediately ceases; and |
(f) | the Licence will immediately terminate. |
24.6. | If this Agreement is terminated prior to the expiry of the Initial Term or any then current Renewal Term (other than due to our breach of the Agreement), then without prejudice to any of our other rights, you must pay any amounts (collectively, the Outstanding Amount) which we calculate or reasonably estimate would have been payable by you under the Agreement for the remainder of the Initial Term (or then current Renewal Term, if applicable) had the Agreement not been terminated. If an Outstanding Amount is payable, we will send you a tax invoice in respect of the Outstanding Amount and you will pay this invoice within twenty eight (28) days. Payment under this clause 24.6 is not intended to be, and will not be punitive and is intended to compensate us for reasonable losses that we will suffer resulting from the early termination of the Agreement. |
25. | Notices |
25.1. | All notices required or permitted to be made under this Agreement shall be in writing and may be delivered if: (a) delivered in person; (b) sent by post to the Licensee’s postal addresses identified in the Commercial Details; or (c) sent by email to the Licensee’s email addresses identified in the Commercial Details. If notice is delivered in person, notice shall be effectively given upon delivery. If notice is sent by post within Australia, notice shall be effectively given the next Business Day after posting if sent by express post, or 6 Business Days after posting if sent by ordinary post. If notice is sent by post internationally, notice shall be effectively given upon the sender receiving confirmation of delivery from the applicable postal service. If notice is sent by email, notice shall be deemed to have been effectively given on the day it is transmitted if the sender receives a read or delivery receipt confirming delivery or receipt of the email or a reply to the email. Any party may change its address for notice hereunder by giving written notice to the other party in accordance with this clause 25.1. |
25.2. | Text messages, instant messages, messages sent through social media websites, and similar messages are not considered “written” or “in writing” for the purposes of this Agreement. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 14 of 27 |
26. | Dispute Resolution |
26.1. | If a dispute arises between the parties out of or relating to this Agreement (Dispute), each party must seek to resolve it strictly in accordance with the provisions of this clause 26. Compliance with the provisions of this clause is a condition precedent to seeking relief in any court in respect of the Dispute, except as otherwise provided in this clause. |
26.2. | A party seeking to resolve a Dispute must notify the existence and nature of the Dispute to the other party (Notification). Upon receipt of a Notification, each party must refer resolution of the Dispute to their chief executives or lawyers. |
26.3. | If the Dispute has not been resolved within one (1) calendar month of the Notification, then each party will be entitled to pursue such course of action as it determines. |
26.4. | Nothing in this clause 26 shall limit either party’s right to seek urgent interlocutory relief from any court of competent jurisdiction at any time. |
27. | General |
27.1. | Assignment: You shall not assign, transfer, license or novate your rights or obligations under this Agreement without our prior written consent. Any such assignment, transfer, license or novation without our prior written consent is void. |
27.2. | Waiver: No exercise or failure to exercise or delay in exercising any right or remedy by a party shall constitute a waiver by that party of that or any other right or remedy available to it. |
27.3. | Invalidity: If any provision of this Agreement or its application to any party or circumstance is or becomes invalid or unenforceable to any extent, the remainder of the Agreement and its application shall not be affected and shall remain enforceable to the greatest extent permitted by law. |
27.4. | Relationship: Nothing contained in this Agreement creates any partnership, employment, joint venture or agency between the parties. |
27.5. | Entire Agreement: This Agreement is entered into as an agreement. It constitutes the entire agreement of the parties about its subject matter and supersedes all other proposals, prior agreements, oral or written, arrangements, agreements and all other communications between the parties about its subject matter. |
27.6. | Amendments: This Agreement may be amended only by a written document signed by all parties and a provision of or a right under this Agreement may not be waived or varied except in writing signed by the party to be bound. |
27.7. | Jurisdiction: This Agreement is governed by the laws in force in Western Australia. Each party irrevocably submits to the jurisdiction of the courts located in New South Wales and/or Western Australia, and the courts of appeal from them in relation to any dispute concerning the Agreement. |
27.8. | Counterparts: This Agreement may be executed (including via DocuSign or similar) in counterparts provided that no binding agreement shall be reached until the executed counterparts are exchanged. A counterpart of a document exchanged by email shall constitute evidence of the execution of the original. |
28. | Definitions and interpretation |
28.1. | In this Agreement, terms in bold font in brackets have the meanings given thereto as set out in the applicable clauses in which they are defined. Any word starting with a capital letter that is not otherwise defined in this document, shall have the meaning given to it in the SLA. In addition, in these Terms and Conditions the following words have the following meanings: |
Agreement means: (1) the Commercial Details; (2) the Fee Schedule; (3) these Terms and Conditions; (4) the Service Level Agreement; and (5) the applicable Data Processing Agreement specified in the Commercial Details.
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 15 of 27 |
Applicable Law means any applicable act, law, legislation, rule of the general law, including common law and equity, judicial order or consent or requisition from, by or with any governmental agency, including any Data Protection Law in any applicable jurisdiction.
Australian Consumer Law means schedule 2 to the Competition and Consumer Xxx 0000 (Cth).
Authorised Third Party Developer means a person who is deemed to be such pursuant to clause 0.
Business Day means any day from Monday to Friday in Western Australia, excluding public and bank holidays in Western Australia.
Business Hours means 9:00 am – 5:00 pm on Business Days.
Change of Control means a change in the beneficial ownership of more than 25% of: (a) the issued share capital of a company; or (b) the legal power to direct or cause the direction of the general management of the company.
Commencement Date means the commencement date specified in the Commercial Details.
Commercial Details means the table of this document under that heading.
Consequential Loss means any Loss that is:
(a) | indirect or consequential to another loss; |
(b) | loss or damage being or caused by a loss of revenue, loss of profits, loss of savings or anticipated savings or business, loss of data, loss of opportunity, loss of goodwill or expectation loss; |
(c) | a special, punitive or exemplary loss or damage (including, without limitation, any penalty or fine imposed); or |
(d) | a pure economic loss. |
Custom Software has the meaning given to it in clause 18.1.
Data Processing Agreement means the applicable data processing agreement(s) specified in the Commercial Details.
Documentation means any information, materials or documents (whether in electronic form or not) referring to or describing the Licensed SDKs, the AHI Platform and/or Services that we provide to you, including any written specifications, user guides, manuals and explanatory materials.
Fees means the fees, rates and charges that are payable by you to us under this Agreement, as set out in the Fee Schedule or otherwise agreed in writing between you and us.
Force Majeure Event means any act, event, omission, accident or circumstance beyond our reasonable control.
GDPR means the EU General Data Protection Regulation.
GST has the meaning given in the A New Tax System (Goods and Services Tax) Xxx 0000 (Cth) as amended or replaced from time to time.
Implementation Plan means a written plan agreed in writing between you and us for the integration of the Licensed SDKs with Your App.
Initial Term means the initial term as set out in the Commercial Details.
Insolvency Event means, in respect of a party: (a) the party ceases to carry on business, is unable to pay its debts as and when they fall due, or is deemed to be insolvent or bankrupt; (b) a receiver or a liquidator or provisional liquidator or an administrator is appointed to the party, or an application (including voluntary application filed by that party) is lodged or an order is made or a resolution is passed for the winding up (whether voluntary or compulsory) of that party; (c) where the party is a partnership, the partnership is dissolved or an application is made for its dissolution; (d) the party suspends payment of its debts to the other party, or the party takes the benefit of any law for the relief of insolvent debtors; or (e) anything analogous or having a substantially similar effect to any of the events described in (a) through (d) above occurs under the law of any applicable jurisdiction.
Intellectual Property Rights means all current and future intellectual property rights, including all copyright, patents, trade marks, design rights, trade secrets, domain names, and other rights of a similar nature and all other rights to intellectual property as defined under Article 2 of the Convention Establishing the World Intellectual Property Organization, whether registrable or not and whether registered or not, and any applications for registration or rights to make such an application, anywhere in the World.
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 16 of 27 |
Licensed SDKs means the software development kits specified in the Commercial Details, including any new versions, updates, patches, and upgrades. Such SDKs may include: (a) libraries (including any binary libraries); (b) documentation; (c) software; (d) sample code; and (e) other materials supplied by us to you in connection with any such libraries, Documentation and sample code.
Level 1 Technical Support means first level support services including:
(a) | providing a suitable mechanism for your Users to be able to report a fault to you in Your App for diagnosis (i.e support hotline, support emails etc); and |
(b) | basic investigation of faults reported by your Users. |
Loss means any direct or indirect loss, cost, expense, penalties, fines, liability or damage including legal costs on a solicitor/client basis and any claim, demand or proceedings brought, or judgment or order obtained, by a third party.
Measurement Error has the meaning given to it in the SLA.
Moral Rights has the meaning given in the Copyright Xxx 0000 (Cth).
Object Code means computer code in a form that a computer can execute, when compiled or converted from its Source Code version.
Open Source Licence means the applicable licence that governs Open Source Software.
Open Source Software means any software licensed under any form of open source licence meeting the Open Source Initiative’s Open Source Definition (xxxx://xxx.xxxxxxxxxx.xxx/xxxx/xxxxxxxxxx.xxx).
Parties or parties means you and us and Party or party means either you or us as the context dictates.
Payment Terms means any payment terms and conditions set out in the Fee Schedule.
Personal Data has the meaning given in the Data Processing Agreement.
Personnel means officers, agents, employees and subcontractors (excluding any Third Party Developer and Authorised Third Party Developer). We are not your Personnel and you are not our Personnel for the purposes of this definition.
Privacy Act means the Privacy Xxx 0000 (Cth).
Product Integration means the process of integrating the Licensed SDKs into Your App(s).
Risk Inference Reference Information means health risk information derived from applying a specific risk study to a set of scan results produced by the Licensed SDKs.
Scheduled Outage means any downtime of the AHI Platform scheduled by us or any of our suppliers in advance with respect to the hosting of the AHI Platform.
Service Level Agreement or SLA means the document entitled “Service Level Agreement (SLA)” attached to this MSA.
Services means the Implementation Services, Support Services (as that term is defined in the SLA), the Training Services, the processing of Your Data by the AHI Platform and any other services that we agree to supply pursuant to this Agreement.
Source Code means computer code in human-readable form, that when compiled becomes Object Code.
Statement of Work or SOW means a document entitled “Statement of Work” executed by you and us.
Support Request has the meaning given to it in the SLA.
Support Services has the meaning given to it in the SLA.
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 17 of 27 |
Term means the Initial Term and any applicable Renewal Terms.
Terms and Conditions means clauses 1 - 28 of this document.
Third Party Developer means a third party software developer engaged or to be engaged by you to provide software development services to you.
Third Party Developer Licence Agreement mean the agreement set out at Annexure A to this Agreement.
User means an end user authorised by you to use Your App.
Your App has the meaning given to it in the Commercial Details.
Your Data means all data entered into the AHI Platform via Your App.
28.2. | In this Agreement, the following rules of construction applies, unless the context otherwise requires: |
(a) | headings and underlinings are for convenience only and do not affect the construction of the Agreement; |
(b) | a provision of the Agreement will not be interpreted against a party because the party prepared or was responsible for the preparation of the provision, or because the party’s legal representative prepared the provision; |
(c) | currency or “$” refers to Australian Dollars; |
(d) | a reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time; |
(e) | a reference to a clause, subclause or paragraph is a reference to a clause, subclause or paragraph of the Agreement; |
(f) | a reference to a subclause or paragraph is a reference to the subclause or paragraph in the clause in which the reference is made; |
(g) | a reference to time is to time in New South Wales; |
(h) | a reference to a person includes a reference to an individual, a partnership, a company, a joint venture, government body, government department, and any other legal entity; |
(i) | words in the singular shall include the plural and in the plural, shall include the singular; |
(j) | a provision of the Agreement shall not be construed against a party merely because the party or its solicitors prepared the provision; |
(k) | the phrases “specified in the Commercial Details” and similar, means specified as being applicable or in the affirmative in the Commercial Details; |
(l) | the Agreement shall not bind you or us until and unless the “Acceptance” section of the Commercial Details has been executed by both you and us; and |
the words ’such as’, ‘including’, ‘includes’ and similar expressions are not used as, nor are intended to be, interpreted as words of limitation and shall be interpreted as if the words “but not limited to” immediately followed them in each case.
[The remainder of this page is left intentionally blank]
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 18 of 27 |
Service Level Agreement (SLA)
1. | Definitions and Interpretation |
1.1. | This Service Level Agreement (SLA) forms part of the Agreement. In this SLA, definitions and any rules of construction in the attached Terms and Conditions, are hereby incorporated into this SLA by reference. |
2. | Availability Target |
2.1. | We will use our best endeavours to make the AHI Platform Available, as measured over each calendar month during the Term (each such calendar month, a Service Period), at least 99% of the time, excluding only the time it is not Available solely as a result of your breach of the Agreement, Your App, a Scheduled Outage, an outage of any infrastructure or hosting service supplied by Amazon Web Services or a Force Majeure Event. ’Available’ means the AHI Platform is available and operable for access by Your App via the Licensed SDKs. |
3. | Provision of Support Services |
3.1. | Where Support Services are specified in the Commercial Details, we shall use our best endeavours to respond to any request for: |
(a) | technical support with respect to any reproducible malfunction in the Licensed SDKs or the AHI Platform that you report to us that prevents the Licensed SDKs from performing materially in accordance with the Documentation (Software Error); and |
(b) | technical support with respect to an anthropometric measurement capture or result, or transdermal optical imaging capture or result (Measurement Error), | |
in accordance with the applicable response times specified in clause 6.2 of this SLA (collectively, the Support Services). |
4. | Support Services Conditions |
4.1. | You must: |
(a) | provide us with prompt access to your technical environment, including any software, systems, equipment, and networks via remote access, as reasonably required by us to provide the Support Services; and |
(b) | provide us with access to all of your necessary Personnel and/or documentation as reasonably required by us to provide the Support Services. |
5. | Technical Support |
5.1. | The Support Services are limited to the provision of telephone and email support during Business Hours to your designated Personnel approved by us (Support Staff) to answer questions from your Support Staff. |
5.2. | The Support Services will be provided through our technical support hotline (via telephone or email) which operates during Business Hours. A support phone number and a support email address will be provided to you by us through which your Support Staff can request the Support Services referred to in clause 5.1. |
5.3. | If you require Support Services during the Term, you must notify us that you require technical support (Support Request) in accordance with the following procedure: |
(a) | you must issue a Support Request to us in accordance with clause 5.2; |
(b) | when issuing a Support Request, you must ensure that you provide to us: |
(i) | the impacted User’s unique identification number as designated by us; |
(ii) | the make, model and operating system of the impacted User’s mobile device (where applicable); |
(iii) | a detailed description of the Software Error or Measurement Error; |
(iv) | details of the version number of the Licensed SDK/s that the Personnel or User is experiencing the Software Error or Measurement Error with; |
(v) | evidence of the Software Error or Measurement Error; and |
(vi) | any other information reasonably required by us. |
5.4. | We shall have no obligation to provide any Support Services with respect to the Licensed SDKs or the AHI Platform to any of your Authorised Third Party Developers, Personnel or Users, other than your Support Staff. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 19 of 27 |
5.5. | You must provide Level 1 Technical Support to Users. |
5.6. | We may temporarily suspend the operation of the Licensed SDKs and/or the AHI Platform or your access to them as reasonably required by us to perform the Support Services. |
6. | Support Service Prioritisation |
6.1. | We will prioritise support services requested by you under this SLA in accordance with the following severity code classification (as determined by us in our absolute discretion): |
● | Major (Severity 1) – A Software Error or Measurement Error which either (a) impacts an essential part of Your App; or (b) materially impacts your business operations. |
● | Normal (Severity 2) – An Error or Measurement Error which either (a) impacts a non-essential part of Your App; or (b) does not materially impact your business operations. |
6.2. | We will use reasonable endeavors to acknowledge the receipt of any relevant request for Support Services pursuant to this SLA within the following timeframes: |
Severity Level | Target Response Time | Target Resolution Time |
Severity Level 1 | 1 Business Hour | 1 Business Day |
Severity Level 2 | 4 Business Hours | 5 Business Days |
The Target Response Time is measured from the time we receive a Support Request. If a support request is sent outside Business Hours it shall be deemed to be received by us at 9.00 am on the next Business Day. The Target Resolution Time is measured from the time we acknowledge receipt of your Support Request.
6.3. | We will use reasonable endeavors to resolve the Software Error or Measurement Error (including by providing a workaround) the subject of any Support Request, within the Target Resolution Time. |
6.4. | Support Levels are defined as: |
Level | Provided By | Description |
Level 1 | You | Your Support Staff provides end user, first line support in accordance with Support Documentation |
Level 2 | AHI | Our Support Staff to provide support to your Designated Support Staff if a Support Request is unable to be resolved |
Level 3 | AHI | Our technical support staff to provide support to Level 2 Support Staff. |
7. | Exclusions |
7.1. | We shall have no obligation to provide any Support Services or other technical support with respect to the Licensed SDKs or the AHI Platform other than as expressly required pursuant to this SLA. In addition, and without limiting the foregoing provisions, we shall have no obligation to provide Support Services: |
(a) | for Software Errors or Measurement Errors occurring during a planned or scheduled outage by us or our hosting providers; |
(b) | with respect to any Software Error or Measurement Error resulting from your and/or your Third Party Developer’s, Personnel’s or Users’ action or inaction; |
(c) | for errors caused by or in connection with a Force Majeure Event; |
(d) | any Software Errors or Measurement Errors caused by use of the Licensed SDKs in conjunction with any third-party software; |
(e) | for Software Errors or Measurement Errors resulting from third party software bugs and defects; |
(f) | with respect to Software Errors or Measurement Errors caused by or relating to your technical environment; |
(g) | with respect to any Error or Measurement Error caused by your and/or your Authorised Third Party Developer’s Personnel’s or Users’ breach of the Agreement; or |
(h) | if you have failed to pay any outstanding Fees to us as and when due and payable. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 20 of 27 |
Annexure A - Third Party Developer Licence Agreement
Third Party Developer Licence Agreement
This
Third Party Developer Licence Agreement (“Agreement”) is made and entered into on [insert date] by and between Advanced
Human Imaging Limited ABN 85 602 111 115 of Xxxx 0, 00 - 00 Xxxxx Xxxxx Xxxxxxxxx, South Perth WA 6151 (“Licensor”)
and [insert Third Party Developer name, ABN and address of licensee] (“Licensee”, “you”, “your”).
‘AHI
Software Development Kit’ means one or more software development tools supplied by the Licensor and described by the
Licensor as a “software development kit” or “SDK” or that can be used to create applications incorporating smartphone-based
human scanning technology. Such software development tools may include:
(a)
libraries (including any binary libraries); (b) documentation; (c) software; (d) sample code; and (e) other materials supplied by the
Licensor to the Licensee in connection with any such libraries, documentation and sample code.
‘Commencement
Date’ means the date on which a copy of the Licensed SDKs are delivered to you or made available to you by the Licensor or
the Partner.
‘Confidential Information’ means all information provided by the Licensor
to the Licensee in connection with this Agreement where such information is identified by the Licensor as confidential at the
time of its disclosure or has the quality of confidential information, but excluding information which is:
Notwithstanding
any other provisions of this Agreement, the Licensor’s Confidential Information includes the source code in the Licensed SDKs.
‘Documentation’
means any information, materials or documents (whether in electronic form or not) referring to or describing the Licensed SDKs
that is provided to you, including any written specifications, user guides, manuals and explanatory materials.
‘Force
Majeure Event’ means a circumstance beyond the Licensor’s reasonable control, which results in the Licensor being
unable to observe or perform on time an obligation under this Agreement.
‘Implementation Audit’ means once the SDK
product integration is complete, the Third Party Developer agrees to allow AHI access to a pre-release version of the Third Party Developer
Product/s integrated with AHI Licensed SDKs, for the purpose of conducting an Implementation Audit, as documented in Schedule 1 –
SDK Implementation Audit Checklist.
‘Intellectual
Property Rights’ means all intellectual property rights, including all copyright, patents, trademarks,
design rights, trade secrets, domain names and other rights of a similar nature, whether registrable or not and whether registered or
not, and any applications for registration or rights to make such an application, anywhere in the World.
‘Licence’
has the meaning given to it in clause 2.2.
‘Licence
Period’ means the period commencing on the Commencement Date and concluding upon the conclusion of your engagement with Partner.
‘Licensed
SDKs’ means the AHI Software Development Kit, including any new versions, updates, and upgrades.
‘Open Source Licence’
means the applicable licence that governs Open Source Software.
‘Open
Source Software’ means any software licensed under any form of open source licence meeting the Open Source Initiative’s
Open Source Definition (xxxx://xxx.xxxxxxxxxx.xxx/xxxx/xxxxxxxxxx.xxx).
‘Partner’
means the third party who engages you, or has engaged you, to integrate the Licensed SDKs into its application.
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 21 of 27 |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 22 of 27 |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 23 of 27 |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 24 of 27 |
Signed
as an agreement.
Signed
for and on behalf of Advanced Human Imaging Limited
ABN
85 602 111 115 by its authorised representative:
Xxxxx
Xxxxxxx
CEO
Signed
for and on behalf of the Licensee by its authorised representative:
Xxxxxx
xxx xxx Xxxxx
Projectmanager HiC
[The
remainder of this page is left intentionally blank]
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 25 of 27 |
Schedule 1 - SDK Implementation Audit Checklist
Auditor name: __________________________________________________________
Third Party Developer Company Name: e-Vitality B.V. VAT: NL851656110B01
Audit Date:_____________________________________________________________
Partner Company Name: Inter-Psy B.V, Chamber of Commerce: 50074105
Partner Applications integrated with AHI SDKs: HealthiCheck App
SDK(s) audited (include version numbering): _____________________________________
☐ | Within the implemented AHI SDKs there are no bugs or UX/UI blockers (eg all buttons work) |
☐ | No offensive language |
☐ | No unreadable text |
☐ | New User - Able to create a new account |
☐ | New User - Able to create first scan |
☐ | Returning user – Able to create second scan |
☐ | Circumference measurements: 6 scan accuracy test - minimum 97% average accuracy in comparison to XXXX physical measurements |
☐ | Circumference measurements 6 scan repeatability test – minimum 97% average repeatability test |
Note: This checklist is to be used for initial Product Integration and, at the discretion of AHI may be used on any subsequent SDK version updates.
There were ________Non-Conformance’s in this audit.
Description of Non-Conformance’s (write N/A if 0)
Comments (if applicable)
Auditor Signature: _________________________________________________________
Third Party Developer Representative Name:______________________________________
Third Party Developer Representative Signature: ___________________________________
Partner Representative Name: _________________________________________________
Partner Representative Signature: ______________________________________________
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 26 of 27 |
Schedule 2 – User Fees
Tier | Body Scans Cost Per Month, Per User* | Combined Body and Face Scans Per Month, Per User* |
1 – 25,000 active users | EUR€4.99 | EUR€6.49 |
25,001 – 50,000 active users | EUR€3.99 | EUR€5.49 |
50,001 – 100,000 active users | EUR€2.99 | EUR€4.49 |
100,001 – 250,000 active users | EUR€2.50 | EUR€4.00 |
250,001 – 500,000 active users | EUR€1.99 | EUR€3.49 |
500,001 – 1,000,000 active users | EUR€1.50 | EUR€3.00 |
1,000,001 – 3,000,000 active users | EUR€1.00 | EUR€2.50 |
> 3,000,000 active users | EUR€0.80 | EUR€2.30 |
Individual Body scan without subscription | EUR€4.99 | |
Individual Combined (Body and Face scan) scans without subscription | EUR€8.99 | |
4 Combined (Body and Face scan) scans without subscription** |
EUR€19.99 |
* | The above per month, per user pricing is tier based, where the Customer pays the per month, per user price for the first tier, then the per month, per user price for the second tier and so on. |
** | 4 combined scans per user paid up front and must be captured in a 12 month period. |
● | NB: above revenues are either per month, per user tier based pricing or individual scan based pricing to be paid to AHI or as mutually agreed under arrangement between the parties. |
● | All above per month, per user pricing is based on a 12-month subscription. |
● | Monthly Face Scan subscription is based on a fair use policy, allowing the user to take up to 10 scans per month. |
Commercial in Confidence AHI-FORM-0024 | AHI Master Services Agreement v2 Page 27 of 27 |
MASTER SERVICES AGREEMENT REFERENCE: : AHI010027
THIS AGREEMENT is made on: 07/02/2022 (“Commencement Date”)
PARTIES
(1) | ADVANCED HUMAN IMAGING LIMITED (ABN 85 602 111 115) of Xxxx 0, 00-00 Xxxxx Xxxxx Xxxxxxxxx, Xxxxx Xxxxx Xxxxxxx Xxxxxxxxx 0000 (the “Service Provider”, “AHI”); and |
(2) | INTER-PSY B.V, Chamber of Commerce: 50074105 of Xxxx. Xxxxxxxxxxxxx 0, 0000 XX Xxxxxxxxx, XXXXXXXXXXX (“Licensee”). |
BACKGROUND
(A) | Under an agreement (the “Master Services Agreement”) between AHI and the Licensee with the Contract Reference indicated in the Master Services Agreement, AHI provides to the Licensee, access to the AHI cloud platform for the purpose of providing smartphone and cloud based digital biometric processing services. |
(B) | The provision of the AHI Services involves the processing of Personal Data (as defined below) by AHI on behalf of the Licensee. |
(C) | The parties have agreed to enter into this Data Processing Agreement (“DPA”) to meet the requirements of applicable Data Protection Law. |
THE PARTIES AGREE as follows:
1. | DEFINITIONS AND INTERPRETATION |
1.1. | In this DPA any capitalised expression used but not defined in this DPA shall have the meaning provided to it in the Master Services Agreement and the following expressions shall have the following meanings: |
Account Data means Personal Data that relates to the Service Provider’s supplier relationship with the Licensee.
Controller shall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Consent shall mean any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
Data Protection Law refers to all laws and regulations applicable to the Service Provider’s processing of Personal Data under this DPA including, without limitation:
● | Australian Privacy Xxx 0000 (Cth) (“APA”) and associated legislation such as, the Australian Privacy Amendment (Notifiable Data Breaches) Xxx 0000 (Cth) (“NDB Law”) |
● | California Consumer Privacy Act, California Civil Code Sections 1798.100 et seq and its implementing regulations (“CCPA”) |
AHI-FORM-0025 v1 Page 1 of 11 |
● | UK General Data Protection Regulation (“UK GDPR”) |
● | EU General Data Protection Regulation (“EU GDPR”) |
● | Brazilian General Data Protection Law (“LGPD”) |
● | Peru’s Personal Data Protection Law (N°29733 (“PDPL”)) and its Regulation (N°003-2013- JUS-Regulation of the PDPL) |
● | China’s Personal Information Protection Law (“PIPL”). |
Data Subject shall mean an identified or identifiable natural person to whom Personal Data relates.
End User means an individual Data Subject who is a customer or user of any Licensee product or service which incorporates the AHI Service or relies upon the AHI Platform.
End User Data means Personal Data about an End User provided to the Service Provider by the End User and/or the Licensee and including the End User’s height, weight, Sex, Age, whether the End User: is a smoker, has hypertension, is on blood pressure medication, is diabetic, together with facial blood-flow information, generated on End User devices by the AHI Services.
Licensed SDK means the software development kits listed at Schedule 1 of the Master Services Agreement.
Licensee Products means the Licensee software products listed at Schedule 1 of the Master Services Agreement.
AHI Platform means the AHI public cloud environment described at Parts A and B of Schedule 3 of this DPA.
AHI Services means smartphone digital biometric processing services provided by AHI, using the AHI Platform, to End Users through Licensee Products that integrate the Licensed SDKs.
Personal Data means any information relating to a person (‘Data Subject’) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Processor shall mean a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
‘Processing’ and ‘process’ shall mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
AHI-FORM-0025 v1 Page 2 of 11 |
Service Data means data processed by the Service Provider for the purposes of transmitting and exchanging End User Data including, without limitation, the date, time, duration and type of communication; information collected from End User devices about how they use the AHI Service; and activity logs used to optimise and maintain the performance and security of the AHI Services and to investigate and prevent system abuse.
Sensitive Data means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation; and Personal Data relating to criminal convictions and offences and shall be deemed to include “Sensitive Information” as defined in the Australian Privacy Xxx 0000 (Cth).
Silhouette means the image of an End-User represented as a solid shape or a single colour, with the interior of a silhouette being featureless.
Supervisory Authority means an independent public authority which is established under the UK GDPR or the EU GDPR.
3D Model means a virtual 3D representation of an End-User’s human body shape.
1.2. | In this DPA: |
1.2.1. | a reference to this DPA includes its schedules; |
1.2.2. | clause, paragraph, schedule or other headings in this DPA are included for convenience only and shall have no effect on interpretation; |
1.2.3. | a reference to a ‘party’ includes that party’s successors and permitted assigns; |
1.2.4. | words in the singular include the plural and vice versa; |
1.2.5. | any words that follow ‘include’, ‘includes’, ‘including’, ‘in particular’ or any similar words and expressions shall be construed as illustrative only and shall not limit the sense of any word, phrase, term, definition or description preceding those words; |
1.2.6. | a reference to ‘writing’ or ‘written’ includes any method of reproducing words in a legible and non-transitory form (including email); |
1.2.7. | references to any applicable laws shall be references to any applicable laws replacing, amending, extending, re-enacting or consolidating any such applicable laws and the equivalent terms defined in such applicable laws, once in force and applicable; and |
1.2.8. | a reference to any law includes all subordinate legislation made from time to time under that law. |
AHI-FORM-0025 v1 Page 3 of 11 |
2. | SCOPE AND APPLICATION OF THIS AGREEMENT |
2.1. | This DPA applies to the processing of End User Data by the Service Provider on behalf of the Licensee pursuant to the Master Services Agreement. |
2.2. | This DPA shall continue in full force and effect for the term of the Master Services Agreement and will automatically and immediately terminate upon termination or expiry of the Master Services Agreement for any reason. |
3. | PROCESSING OF PERSONAL DATA & INSTRUCTIONS |
3.1. | The parties acknowledge and agree that with regard to the processing of End User Data, the Licensee shall be the Controller and the Service Provider is a processor (except where the Licensee is a processor to a third-party Controller, in which case the Service Provider shall be a sub- processor). |
3.2. | The Service Provider shall process End User Data solely for the purpose of providing the AHI Services to the Licensee and only in accordance with the Licensee’s instructions (including processing initiated by End Users in their use of the Services) or as otherwise necessary to comply with applicable laws. Information about the means of processing, including hosting and technical architecture information, are provided at Schedule 3. |
3.3. | The Licensee’s instructions shall only be constituted by: |
3.3.1. | the Master Services Agreement and this DPA; |
3.3.2. | the Licensee or any End User uploading or otherwise entering End User data into the AHI Platform; |
3.3.3. | any settings selected and/or configurations made or initiated by the Licensee or any End User in or to the AHI Platform or in respect of the AHI Services; |
3.3.4. | any reasonable written instructions provided by the Licensee to the Service Provider via email or through any communications tool facilitated by the AHI Services which are expressly stated to be written instructions issued by the Licensee as Controller to the Service Provider as processor and which are consistent with the terms of the Master Services Agreement and this DPA; or |
3.3.5. | the Licensee and relevant End-Users using the functionality of the AHI Platform or provided as part of the AHI Services to issue instructions to process Personal Data, such as, to delete Personal Data or export Personal Data. |
3.4. | The Licensee shall ensure that its instructions comply with Data Protection Law, and the Service Provider shall not be required to comply with the Licensee’s instructions if such instructions would violate Data Protection Law or any other law or regulation. |
3.5. | The parties acknowledge and agree that with regard to the processing of Account Data and Service Data, the Service Provider is an independent Controller, and the Service Provider shall process Account Data and Service Data in accordance with Data Protection Law. |
AHI-FORM-0025 v1 Page 4 of 11 |
4. | LICENSEE’S OBLIGATIONS |
4.1. | The Licensee shall, in its use of the AHI Platform and AHI Services, process End User Data in accordance with the requirements of Data Protection Law and shall have sole responsibility for the accuracy, quality and legality of End User Data and the means by which it has acquired End User Data; and represents and warrants to the Service Provider that: |
4.1.1. | it has complied and will continue to comply, with Data Protection Law in respect of its processing of End User Data; |
4.1.2. | it has provided, and will continue to provide, all necessary notices (including any applicable requirements to provide notice to End Users regarding the use of the Service Provider as a processor) and has obtained, and will continue to obtain, all Consents and rights necessary under Data Protection Law for the Service Provider to process End User Data for the purposes described in this DPA; |
4.1.3. | it has and will continue to have, the right to upload or transfer End User Data to the AHI Platform for processing in accordance with the terms of the Master Services Agreement and this DPA; and |
4.1.4. | The processing of End User Data by the Service Provider for the purposes of the Services will not violate the rights of any Data Subject that has opted out from sales. |
4.2. | The Licensee undertakes not to upload or transfer (or cause to be uploaded or transferred) any Sensitive Data (excluding any End User Data created by or using the AHI Service) or any Personal Data relating to any Data Subject who is not an End User to the AHI Platform, and agrees that the Service Provider shall have no liability whatsoever for any such Sensitive Data (with the exception of End User Data created by or using the AHI Service) or third party Personal Data, whether in connection with a Personal Data Breach or otherwise. |
5. | SUB-PROCESSING |
5.1. | The Service Provider shall be entitled to use sub-processors to process End User Data for the purpose of providing the AHI Services. For these purposes, the Licensee authorises the use of the sub-processors listed at Schedule 2. |
5.2. | If the Service Provider intends to use any new sub-processor to process End User Data for the purpose of providing the AHI Services, it shall notify the Licensee thereof in writing following which the Licensee shall have 30 days to object, on reasonable grounds, to the use of any such new sub- processor. If no objection is raised, the Licensee shall be deemed to have authorised the new sub- processor for the purposes of clause 5.1, above. If the Licensee raises an objection, the parties shall meet (in person, by telephone or by video call) within 7 days of such objection to discuss commercial reasonable alternative solutions in good faith. If the parties cannot reach a resolution in 30 days, the Service Provider shall be entitled to terminate the Master Services Agreement by written notice. |
5.3. | Before using any sub-processor to process End User Data, the Service Provider shall enter into a sub-processing contract with the sub-processor that meets the requirements of Data Protection Law. |
5.4. | In the event that a sub-processor used by the Service Provider to process End User Data for the purpose of providing the AHI Service fails to meet its obligations under a sub-processing contract with the Service Provider, the Service Provider shall remain fully liable to the Licensee for failing to meet its obligations under this DPA. |
AHI-FORM-0025 v1 Page 5 of 11 |
6. | SECURITY & CONFIDENTIALITY |
6.1. | The Service Provider has implemented and will maintain the technical and organisational measures set out at Schedule 1 (the “Security Measures”) to protect End User Data against unauthorised or unlawful processing, accidental loss, destruction, damage, alteration, or disclosure. |
6.2. | The Licensee acknowledges and agrees that: |
6.2.1. | the Security Measures provide a level of security for End User Data that is appropriate for the risk to End Users associated with the processing of End User Data, taking in to account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing; and |
6.2.2. | that the security measures are subject to technical and organisational progress and development and that the Service Provider may update or modify the Security Measures from time to time, provided that such updates do not result in the degradation of the overall security of the AHI Service or protection of End User Data. |
6.3. | The Service Provider shall ensure that any person who is authorised by it to process End User Data (including its staff, agents and subcontractors) shall be under a contractual obligation of confidentiality. |
7. | REPORTING & NOTIFICATION of PERSONAL DATA BREACHES |
7.1. | The Service Provider shall notify the Licensee about any Personal Data Breach without undue delay and in any event within 48 hours (48) hours of identifying the Personal Data Breach. |
7.2. | The Licensee acknowledges and agrees that the Service Provider is subject to the Australian Privacy Amendment (Notifiable Data Breaches) Xxx 0000 (Cth) (“NDB Law”), meaning it will be deemed to ‘jointly hold’ the End User Data with the Licensee for the purposes of the NDB Law and will be required, following a Personal Data Breach to assess whether a reasonable person would conclude that the Personal Data Breach is likely to result in serious harm to affected individuals and if so, to notify the affected Data Subjects and the Office of the Australian Information Commissioner. |
7.3. | The Licensee acknowledges and agrees that if it is subject to the provisions of the UK GDPR or the EU GDPR, it will need to notify the appropriate Supervisory Authority of a Personal Data Breach without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of Data Subjects. |
7.4. | The Licensee acknowledges and agrees that if it is subject to the provisions of the UK GDPR or the EU GDPR, it will need to notify the Data Subjects affected by a Personal Data Breach without undue delay, if the Personal Data Breach is likely to result in a high risk to their rights and freedoms. |
AHI-FORM-0025 v1 Page 6 of 11 |
8. | RECORDS, AUDIT & ASSISTANCE |
8.1. | Where required by Data Protection Law, the Service Provider shall: |
8.1.1. | make available to the Licensee such information that is in its possession or control as is necessary to demonstrate the Service Provider’s compliance with Data Protection Law; and |
8.1.2. | allow for and contribute to audits, including inspections, by the Licensee (at the Licensee’s cost) to enable to Licensee to assess and verify the Service Provider’s compliance with Data Protection Law (subject to a maximum of no more than one audit request in any 12 month period). |
8.2. | Where required by Data Protection Law, the Service Provider shall (at the Licensee’s cost), assist the Licensee in complying with its obligations under Data Protection Law including by: |
8.2.1. | notifying the Licensee without undue delay if it receives a request from an End User to exercise their rights under Data Protection Law or any other compliant or request relating to the processing of the End User data; |
8.2.2. | cooperating fully with the Licensee and assisting as required in relation to any such End User request, compliant or other request by providing such End User Data and information as the Licensee reasonably requires; and |
8.2.3. | providing reasonable assistance to the Licensee in complying with its obligations under Data Protection Laws with respect to the security of processing, notification of Personal Data breaches, carrying out data protection impact assessments and in its dealings with data protection supervisory authorities. |
8.3. | Any costs payable by the Licensee under this clause 8 shall be charged by the Service Provider at its standard hourly rates and shall be payable by the Licensee within 7 days of invoice, except where charging for any of the access, information or assistance covered in this section is prohibited by Data Protection Law. |
9. | INTERNATIONAL TRANSFERS |
9.1. | At the request of the Licensee, the Service Provider confirms that in connection with the provision of the AHI Services, End-User Data will only be processed within the geometric proximity of the End-User’s public IP address i.e. where the End-User’s request (to use the service) originates from a location in Europe, their request will be processed by the AWS located in Europe. For clarity and the purposes of this DPA, the Licensee has requested all End-User Data be processed within the EU. Please refer to Schedule 2 for the AWS Cloud location specified. |
9.2. | The Licensee acknowledges and agrees that in connection to providing support services to the Licensee, End-User Data will only be transferred to, or accessible by, AHI personnel based in Australia or sub-processer NuraLogix, documented in Schedule 2 – Sub Processors in Canada, for the provision of support services. |
9.3. | The Service Provider may transfer ‘personal information’ for the purposes of the Australian Privacy Xxx 0000 (Cth) to the relevant region provided that it complies with Australian Privacy Principle 8 (Cross-border disclosure of personal information). |
9.4. | The Service Provider will also adhere to any other applicable Data Protection Law when transferring Personal Data internationally. |
AHI-FORM-0025 v1 Page 7 of 11 |
10. | DELETION & DEIDENTIFICATION OF DATA |
10.1. | Subject as set out at clause 10.2, the Service Provider shall, at the request of the Licensee, delete all End User Data (unless retention of End User Data is required by law, in which case the Service Provider shall inform the Licensee of such requirement in writing) or return it to the Licensee (in the format reasonably requested by the Licensee) within a reasonable time after the earlier of the following: |
10.1.1. | termination of the Master Services Agreement; or |
10.1.2. | where processing of that End User Data is no longer required for the performance of the Service Provider’s obligations under this DPA or the Master Services Agreement. |
10.2. | Before deleting or returning End User Data to the Licensee in accordance with clause 10.1, the Service Provider shall be permitted to anonymise and aggregate End User Data such that it fully ceases to include Personal Data (“Deidentified Data”) and to keep and use the Deidentified Data for the purposes of improving and developing the AHI Services following termination of the Master Services Agreement and this DPA. |
11. | GENERAL |
11.1. | Amendment: This DPA represents the entire agreement between the parties with respect to its subject matter and may not be amended except by a written document executed by the parties. Notwithstanding the foregoing provisions of this paragraph, the Service Provider may amend this DPA by written notice to the Licensee (“Amendment Notice”) if and to the extent the amendment is necessary to comply with Data Protection Laws or any amendments made to them, or the requirements of any applicable supervisory, government or regulatory authority. If the Licensee does not agree with any Amendment Notice, it must notify the Service Provider by written notice of that fact within 7 days of the date of the Amendment Notice (“Objection Notice”). If the parties are unable to resolve the objection within 7 days from the date of the Objection Notice (“Dispute Resolution Period”), either party may terminate this DPA for its convenience by written notice within 7 days of the expiry of the Dispute Resolution Period. |
11.2. | Assignment: Neither party may assign, transfer, licence or novate its rights or obligations under this DPA without the prior written Consent of the other party. |
11.3. | Severability: If any provision of this DPA is deemed invalid by a court of competent jurisdiction, the remainder of this DPA shall remain enforceable. If a provision of this DPA conflicts with any Data Protection Law affecting the parties’ commercial relationship, that provision will be severed and the remainder of this will remain enforceable. |
11.4. | Relationship: The parties are independent contractors and this DPA does not create any relationship of partnership, joint venture, or employer and employee or otherwise. |
11.5. | Counterparts: This DPA may be executed in counterparts provided that no binding agreement shall be reached until the executed counterparts are exchanged. |
11.6. | Entire Agreement: This DPA and any terms implied herein by any applicable Data Protection Laws constitute the entire agreement between the parties and to the extent possible by law, supersedes all prior understandings, representations, arrangements and agreements between the parties, regarding its subject matter. |
11.7. | Applicable Law: This DPA will be governed by and construed in accordance with the law of the Master Services Agreement. To the extent this Data Processing Agreement is inconsistent with any other provision of the Master Services Agreement, this Master Services Agreement shall prevail. |
<< The remainder of this page is intentionally left blank >>
AHI-FORM-0025 v1 Page 8 of 11 |
SCHEDULE 1: SECURITY MEASURES
The Service Provider has implemented the following technical and organisational security measures:
● | Information security policies and related procedures |
● | Staff security awareness straining |
● | Security and data protection obligation in staff contracts of employment |
● | Identity and access management measures including identity verification, multi-factor authentication and authorisation processes in respect of all computer systems |
● | Anti-malware software, email web filtering and security detection and protection software. |
● | Physical security measures at all buildings and offices, include door and window locks, filing cabinet locks and visitor access management controls. |
● | Security assurance activities including internal and external security auditing. |
● | Network boundary protection controls, including firewalls |
● | Security testing including penetration testing of software developed by the Service Provider (including the AHI software development kit or ’SDK’). |
● | Data backup and archiving supporting by business continuity and IT disaster recovery plans. |
● | Where necessary, taking in to account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing, pseudonymisation and/or encryption of Personal Data. |
<< The remainder of this page is intentionally left blank >>
AHI-FORM-0025 v1 Page 9 of 11 |
SCHEDULE 2: SUB-PROCESSORS
The following sub-processors are authorised by the Licensee to End-User Data:
Sub-Processor | Purpose | Location |
NuraLogix Corporation (“NuraLogix”) | Face Scan processing Services | Canada* |
Amazon Web Services | Public Cloud Services | Frankfurt |
Itoc Pty Ltd | 24x7 Monitoring of the AHI Platform | Australia |
* | Please refer to clause 9.2 above. |
<< The remainder of this page is intentionally left blank >>
AHI-FORM-0025 v1 Page 10 of 11 |
AHI DATA PROCESSING AGREEMENT |
SCHEDULE 3: NATURE, MEANS & PURPOSES OF PROCESSING
Part A: Overview
The Service Provider Processes End-User Data on behalf of the Licensee for the purpose of providing smartphone and cloud based digital biometric processing services.
The Service Provider processes:
● | Face Scan Data to calculate heart rate, irregular heartbeats, breathing, blood pressure, heart rate variability, and cardiac workload information, as well as provide support to End Users. |
● | Body Scan Data to calculate digital anthropometric circumference measurements, body composition information (such as body fat %), and to provide support to End Users. |
The AHI Platform is hosted on the Amazon Web Services (AWS) cloud platform.
AHI regularly test our SDK for vulnerability to Open Web Application Security Project standards by independent security experts.
BodyScan
All BodyScan data processing happens on-device. No End-User images or videos ever leave their device, as all measurements are processed on-device.
To process and return Body Scan results, no Personally Identifiable Information leaves the End-User’s device.
FaceScan
FaceScan data is processed on AWS cloud.
The processing of the End-User’s data is based on the geographic proximity of the End-User’s public IP address. When the End-User requests a FaceScan, if they are located in the EU, the request will be processed in the EU (Frankfurt) located AWS. The signals (facial blood flow data) are extracted from the FaceScan video and encrypted at rest and on transmission.
All Personally Identifiable Information is deleted after processing.
The diagram at Part B (image below) shows the AHI Platform architecture as of the commencement date of this DPA.
Part B: Architecture
AHI-FORM-0025 v1 Page 11 of 11 |