DATA AGREEMENT
Exhibit 10.4
CERTAIN IDENTIFIED INFORMATION HAS BEEN EXCLUDED FROM THE EXHIBIT BECAUSE IT IS BOTH (I) NOT MATERIAL AND (II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED. OMISSIONS ARE MARKED [***].
This Data Agreement (the “Agreement”) is made and entered into as of May 7, 2020 (the “Effective Date”) by and between Insulet Corporation, a Delaware corporation having a principal place of business at 000 Xxxxx Xxxx, Xxxxx, XX 00000 (“Insulet”) and DexCom, Inc., a Delaware corporation having a principal place of business at 0000 Xxxxxxxx Xxxxx, Xxx Xxxxx, XX 00000 (“DexCom”). Capitalized terms used and not defined herein shall have the meanings ascribed to them in the Commercialization Agreement (as defined below).
RECITALS
A.DexCom is in the business of developing and commercializing continuous glucose monitoring systems and related technologies.
B.Insulet is in the business of developing and commercializing insulin delivery systems with a patient interface and related technologies.
C.The parties entered into a Development Agreement dated December 7, 2016, amended by Amendment No. 1 on November 21, 2019 (as amended, “Development Agreement”) to develop an integrated solution that capitalizes on each party’s existing and developing technology platforms. The parties subsequently entered into a Commercialization Agreement dated November 21, 2019 (“Commercialization Agreement”) to commercialize such integrated solution.
D.Pursuant to the Commercialization Agreement, the parties have agreed to enter into this Agreement governing the collection, processing, storage and sharing of data (including Personal Data) collected through, or generated by, a party’s System or any component thereof (or other party products).
NOW, THEREFORE, in consideration of the terms and conditions contained herein and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:
1.DEFINITIONS
1.1.“Agreement” has the meaning set forth in the recitals.
1.2.“Breached Party” has the meaning set forth in Section 4.4(h).
1.3.“CGM Improvements” has the meaning set forth in Section 2.2.
1.4.“Commercialization Agreement” has the meaning set forth in the recitals.
1.5.“Data Breach” has the meaning set forth in Section 4.4(b).
1.6.“Development Agreement” has the meaning set forth in the recitals.
1.7.“DexCom” has the meaning set forth in the recitals.
1.8.“Effective Date” has the meaning set forth in the recitals.
1.9.“IDD Improvements” has the meaning set forth in Section 2.1.
1.10.“Insulet” has the meaning set forth in the recitals.
1.11.“Licensed CGM Data” has the meaning set forth in Section 2.1.
1.12.“Licensed Data” means (a) with respect to DexCom, Licensed Insulin Data and (b) with respect to Insulet, Licensed CGM Data.
1.13.“Licensed Insulin Data” has the meaning set forth in Section 2.2.
1.14.“Licensee” means (a) with respect to CGM Data, Insulet, and (b) with respect to Insulin Data, DexCom.
1.15.“Licensor” means (a) with respect to CGM Data, DexCom, and (b) with respect to Insulin Data, Insulet.
1.16.“Licensor IP” has the meaning set forth in Section 2.4.
1.17.“Permitted Purposes” means all lawful purposes, subject to the limitations and restrictions set forth in Section 2.1 or Section 2.2, as applicable to the respective parties.
1.18.“Term” has the meaning set forth in Section 6.1.
2.RIGHT TO RECEIVE AND USE.
2.1.License to Insulet. DexCom hereby grants to Insulet a [***] license to utilize [***] (collectively, “Licensed CGM Data”) for all lawful purposes, except no such Licensed CGM Data shall be used to (a) [***] or (b) [***]; provided, however, that the foregoing shall not prevent Insulet from [***]. To the extent such Licensed CGM Data is used by or on behalf of Insulet to [***] must be designed, to the extent practical, to be generally interoperable with DexCom Systems; (y) such [***] must not be designed [***], and (z) Insulet shall not [***], provided, however, that with respect to the foregoing clause (z), Insulet shall not be prohibited in any way from [***]. Notwithstanding the foregoing, Insulet shall not [***], except (i) [***]; (ii) as part of the functionality of [***]; (iii) to facilitate or administer any use of [***]; or (iv) to facilitate or administer any [***]. Insulet shall not [***].
2.2.License to DexCom. Insulet hereby grants to DexCom a [***] license to utilize [***] (collectively, “Licensed Insulin Data”) for all lawful purposes, except no such Licensed Insulin Data shall be used to (a) [***] or (b) [***]; provided, however, that the foregoing shall not prevent DexCom from making any [***]. To the extent such Licensed Insulin Data is used by or on behalf of DexCom to [***], (x) such [***] must be designed, to the extent practical, to be generally interoperable with the Insulin Delivery System; and (y) such [***] must not be designed [***], and (z) DexCom shall not [***], provided, however that with respect to the foregoing clause (z), DexCom shall not be prohibited in any way from [***]. Notwithstanding the foregoing, DexCom
2
shall not [***], except (i) [***]; (iii) to facilitate or administer any use of [***]; or (iv) to facilitate or administer any [***]. Notwithstanding the foregoing, DexCom shall not [***].
2.3.Additional Restrictions on Use of Licensed Data.
(a)Each Licensee may share anonymized Licensed Data (i.e., CGM Data licensed under Section 2.1 or Insulin Data licensed under Section 2.2, as applicable) with [***].
(b)Neither Licensee shall make any statement using the applicable Licensed Data, or data derived from Licensed Data in a manner, that could be reasonably be expected to [***].
(c)Neither Licensee shall share Data that it collects from its Customers with Third Parties unless otherwise approved in writing by the Commercial Steering Committee. Notwithstanding the foregoing, a party may share Data that it collects from its Customers with Third Parties (i) when necessary to perform its obligations under this Agreement, provided that in such instance such Third Parties are prohibited from [***] or (ii) when requested and consented to by the Customer, including but not limited to [***].
2.4.Ownership. Each party will be the owner of any Data that it directly collects from Customers through its System. Licensee hereby acknowledges that Licensor and its Affiliates retain all right, title and interest in and to the Licensed Data, including any updates, translations, customized versions or derivative works thereof, and all modifications, enhancements, improvements and derivative works thereto and all intellectual property rights therein (collectively, “Licensor IP”). No title to or ownership of the Licensor IP is transferred to Licensee. Licensee acknowledges and agrees that any unauthorized use, distribution or disclosure of the Licensed Data would result in irreparable harm to Licensor and Licensor Affiliates and shall entitle Licensor and Licensor Affiliates to seek immediate injunctive or other equitable relief. With respect to Personal Data (as defined in the GDPR) collected from a party’s Customers located in the European Economic Area, each party shall be an individual, separate Data Controller (as defined in the GDPR) with respect to such Personal Data. Under no circumstances will the parties be regarded as joint Data Controllers within the meaning set forth in GDPR Article 26 with respect to such Personal Data.
2.5.Reservation of Rights. Except for the rights and licenses expressly granted in this Agreement, no other rights are granted by either party, and all other rights are expressly reserved.
3.DELIVERY AND COOPERATION.
3.1.Delivery of Data. The parties shall use commercially reasonable efforts to cooperate and collaborate to implement [***] connection between the parties for the secure sharing of Data (including Licensed Data).
3.2.Data Reconciliation. The parties shall use commercially reasonable efforts to cooperate and collaborate to develop and implement a method to reconcile the identity management of Data records stored by each party.
3.3.Customer Consents. The parties shall use commercially reasonable efforts to cooperate and collaborate to develop and implement a process for the coordination of obtaining all Customer consents with respect to the sharing of Data from its System with the other party and for complying with subsequent Customer requests for modification of consent or removal of such Personal Data.
3
4.LICENSEE OBLIGATIONS.
4.1.Compliance with Laws. Each party shall be solely responsible for its compliance with Privacy Laws including, but not limited to: (a) fulfilling transparency obligations; (b) obtaining all necessary authorizations and/or lawful bases from its Customers to process their Data consistent with intended uses of the Horizon System; and (c) the fulfillment of data subject rights requests. Each Licensee agrees to use the applicable Licensed Data only in accordance with all applicable federal, state, or local laws, regulations and orders which shall include without limitation, HIPAA and the GDPR. Each Licensee shall only process the applicable Licensed Data for the “Permitted Purposes.”
4.2.Publication. Each Licensee may not publish (including but not limited to posters, abstracts, clinical studies or podium presentations) the Licensed Data or cite Licensor as the source of the Licensed Data in research or materials intended for external audiences without Licensor’s prior, written approval, which shall not be unreasonably withheld, conditioned or delayed. If the parties agree to publication, Licensee shall furnish copies of any proposed publication or presentation to Licensor at least [***] before submission. During that time, Licensor shall have the right to review the material for Licensor’s Confidential Information and use of Licensor’s name. At Licensor’s request, Confidential Information provided by Licensor and/or Licensor’s name shall be deleted from the proposed publication or presentation. In addition to the foregoing, Licensor may make a written request within the [***] review period to delay the proposed disclosure for an additional [***] period if the proposed publication or presentation contains subject matter which may be patentable, in order to file the necessary patent applications.
4.3.No Re-identification. Each Licensee shall not re-identify any person reflected in the applicable Licensed Data, including without limitation: (a) re-identifying, or attempting to re-identify, or allowing to be re-identified any patient or individual who is the subject of Protected Health Information (as defined by HIPAA) within such Licensed Data; (b) re-identifying, or attempting to re-identify, or allowing to be re-identified any relative, family or household member of any patient or individual reflected in such Licensed Data; or (c) linking any of the facial or direct identifiers set forth in 45 C.F.R. 164.514 to any other information. In addition, each Licensee shall not engage in any research, study or any other use of the applicable Licensed Data that directly or indirectly involves developing a plan to or actually attempting to reidentify an individual. Each Licensee agrees that it shall not use the information in the applicable Licensed Data to contact any individual.
4.4.Security Requirements. Each Licensee shall:
(a)Employ procedures and processes as appropriate to monitor use of passwords or other personal credentials used to access the Licensed Data and to require any authorized users to protect their passwords and other personal credentials. Licensee shall promptly notify Licensor of any unauthorized use of or access to the Licensed Data;
(b)Implement and maintain administrative, physical, and technical safeguards to ensure protection of the security, confidentiality, and integrity of Data. Licensee’s security measures shall be designed to protect Data from and against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access (a “Data Breach”);
4
(c)Maintain written risk management and security policies that cover data center operations and desktop computer and mobile device use related to the Licensed Data;
(d)Protect, through use of personal credentials, and encrypt Licensed Data on any mobile devices, including hard drives and laptops;
(e)Conduct, [***], an evaluation of its processes and systems to ensure continued compliance with obligations imposed by law, regulation or this Agreement with respect to the confidentiality, integrity, and security of the Licensed Data. Upon reasonable request, Licensee will provide to Licensor a summary of the most recent evaluation and a description of any remediation activities taken in response to such evaluations;
(f)Transmit Licensed Data using only secure means. Licensee will use [***] when transmitting Licensed Data externally or will [***];
(g)Limit access to the Licensed Data to only the minimum amount of Licensed Data as necessary; and
(h)Licensee shall maintain security incident management policies and procedures and shall promptly notify Licensor within no less than [***] without any undue delay of any Data Breach that impacts or is reasonably likely to impact the Licensed Data. Where a Licensee has suffered a Data Breach (“Breached Party”), it shall make reasonable efforts to identify and remediate the cause of such Data Breach. The Breached Party shall be solely responsible to notify government authorities and individuals of any Data Breach experienced by it.
4.5.Certification. Each party agrees that upon request, it shall certify in writing whether it is in compliance with the provisions of this Agreement. Within [***] after a party becomes aware of its possible or actual noncompliance with this Agreement, such party shall notify the other party in writing. Such written notice shall include the nature and period of existence of the possible or actual noncompliance and what action such party is taking or proposes to take to identify and cure such possible or actual noncompliance. After delivery of such written notice, such party shall work in good faith with the other party to address and remediate such possible or actual noncompliance.
4.6.Data Breaches. If a Data Breach affects both parties, the parties agree to coordinate with respect to any communications or notifications that are sent regarding such Data Breach. In the event of a dispute or claim brought by an individual or any government authority concerning Licensed Data against either or both parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to resolving them within a reasonable time.
5.CONFIDENTIAL INFORMATION. Section 13 of the Commercialization Agreement is hereby incorporated by reference as if set forth herein in full, mutatis mutandis.
6.TERM AND TERMINATION
6.1.Term. The term of this Agreement will commence upon the Effective Date and will, unless terminated as provided for below, continue until the expiration or termination of the Commercialization Agreement (the “Term”).
5
6.2.Termination for Breach. Either party may terminate this Agreement upon [***] written notice if the other party is in material breach of any of its obligations under this Agreement and such party fails to remedy the breach within such [***] period.
6.3.Suspension. Each Licensor reserves the right to suspend delivery of or access to the applicable Licensed Data or any portion thereof upon its reasonable belief that tortious, criminal or otherwise improper or prohibited activity may be associated with Licensee’s utilization of such Licensed Data or in the event that Licensee is in default of any obligation hereunder. Licensor shall provide written notice to Licensee explaining the reason for any such suspension and Licensee shall immediately suspend such access. Licensor may condition any restoration of access upon satisfaction of such conditions directly associated with the suspension of service as Licensor reasonably determines are appropriate.
6.4.Effect of Termination or Expiration. In the event of any termination of this Agreement, (a) with respect to any Licensed CGM Data or Licensed Insulin Data, as applicable, that was provided to the applicable Licensee prior to such termination, all licenses and rights thereto granted hereunder will continue in effect perpetually, provided that [***]; and (b) with respect to any Licensed CGM Data or Licensed Insulin Data, as applicable, that is first provided to the applicable Licensee after such termination, (i) all [***], and (ii) all licenses and rights thereto granted hereunder to commercialize and maintain products that utilize such Licensed Data shall, upon such termination, be [***]. Notwithstanding the foregoing, each party will return to the other party or destroy all materials (in written, electronic or other form) constituting such other party’s Confidential Information, including any copies and extracts thereof, and will not use such Confidential Information in any way for any purpose.
6.5.Survival. The following provisions will survive any expiration or termination of this Agreement: 1, 5, 6.4, 8, 9, 10.
7.REPRESENTATIONS AND WARRANTIES
7.1.Mutual Representations and Warranties. Each party hereby represents and warrants to the other that: (a) it possesses full power and authority to enter into this Agreement and to fulfill its obligations hereunder; (b) the performance of this Agreement and of its obligations hereunder will not breach any separate agreement by which it is bound; (c) it will comply with all applicable laws, rules and regulations when performing or receiving Services under this Agreement, including without limitation HIPAA; (d) it will not violate rights of any third party in performing obligations under this Agreement; (e) it has obtained or will obtain all necessary institutional and regulatory approvals necessary to perform any Services, including, without limitation, any institutional review board approval; and (f) the Services performed by such party, and/or work product provided by such party to the other party, do not and will not infringe the rights of any third party.
7.2.Licensor Additional Representations and Warranties. Licensor additionally represents and warrants that: (a) Licensor has all rights, power and authority that are necessary for Licensor’s collection, use, processing, and disclosure of Licensor Data as contemplated by this Agreement; and (b) Licensee’s use of the applicable Licensed Data pursuant to this Agreement will not violate any Intellectual Property Rights, rights of publicity or privacy, other proprietary rights, or any applicable local, state or federal laws, regulations, orders or rules.
7.3.Limitations. THE RESPECTIVE REPRESENTATIONS AND WARRANTIES OF LICENSEE AND LICENSOR AS SET FORTH IN THIS AGREEMENT ARE THE SOLE AND
6
EXCLUSIVE REPRESENTATIONS AND WARRANTIES MADE BY THE PARTIES. EACH PARTY EXPRESSLY DISCLAIMS, TO THE FULLEST EXTENT PERMITTED BY LAW, ALL OTHER REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
8.INDEMNIFICATION. Section 14 of the Commercialization Agreement is hereby incorporated by reference as if set forth herein in full, mutatis mutandis
9.LIMITATION ON LIABILITY. OTHER THAN WITH RESPECT TO BREACHES OF [***], IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER OR ANY OTHER ENTITY FOR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS, LOST PROFITS, OR ANY OTHER SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY ARISING OUT OF THIS AGREEMENT WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE. THESE LIMITATIONS ARE WITHOUT PREJUDICE TO THE PARTIES’ [***] AND SHALL APPLY WHETHER OR NOT THE BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY PROVIDED HEREIN. IF EITHER PARTY TERMINATES THIS AGREEMENT IN ACCORDANCE WITH ANY OF ITS PROVISIONS, [***].
10.GENERAL.
10.1.Miscellaneous. Sections 17.1-17.6, 17.8-17.10, 17.12, 17.4, and 17.15 of the Commercialization Agreement are hereby incorporated by reference as if set forth herein in full, mutatis mutandis.
10.2.Assignment. Except as otherwise expressly provided under this Agreement, neither party may assign or otherwise transfer this Agreement or any right or obligation hereunder without the express prior written consent of the other party; provided that: either party shall be permitted to effect such an assignment or other transfer of this Agreement in its entirety [***] (a) [***], or (b) [***], but solely, in each case (a) and (b), in connection with the assignment or other transfer of the Commercialization Agreement, and solely to the assignee or other transferee of the Commercialization Agreement. Any attempt to assign or transfer this Agreement not in compliance with this Section 10.2 will be void. Subject to the foregoing, this Agreement is binding upon and will inure to the benefit of each of the parties and their respective successors and permitted assigns.
10.3.Nonexclusive Remedy. Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise.
10.4.Entire Agreement. This Agreement (including all Exhibits to this Agreement), together with the Existing NDA, Development Agreement, Commercialization Agreement and Quality Agreement, constitutes the entire understanding and agreement between the parties with respect to the subject matter hereof, and supersedes all prior or contemporaneous understandings or agreements, whether written or oral, between the parties with respect to such subject matter. In the event of conflicts among the terms of the foregoing agreements, the order of precedence shall be the Commercialization Agreement, the Quality Agreement, this Agreement, the Development
7
Agreement, and the Existing NDA; provided, however that with respect to any matter related to Licensed Data, this Agreement shall control.
10.5.Counterparts. This Agreement may be executed in two or more counterparts, each of which will be deemed an original, and all of which together, will constitute one and the same instrument.
10.6.Waiver. The parties hereby waive the requirement of Section 8.1 of the Commercialization Agreement, requiring execution of this Agreement within [***] of the effective date of the Commercialization Agreement.
[Signature Page Follows]
8
IN WITNESS WHEREOF, the duly authorized representatives of the parties have executed this Data Agreement and have rendered it effective as of the Effective Date.
DEXCOM, INC. By: /s/ Xxxxxx Sylvain Print Name: Xxxxxx Sylvain Title: VP, Finance Date: 5/8/2020 | INSULET CORPORATION By: /s/ Brittany Bradrickc Print Name: Brittany Bradrick Title: VP, Strategy & Corporate Development Date: 5/8/2020 |
[Signature Page to Data Agreement]