1.1 These Terms apply to Agreement(s) (as defined in Section 2) on the provision of the iCare CLINIC Service (as defined in Section 2 below) by iCare Finland Oy, a Finnish company with Business ID 1084502-3 (“Supplier”) to its customer named in the Agreement (“Customer”). The Supplier and the Customer are also hereinafter referred to each as a “Party” and together as the ”Parties”.
2.1. The following terms shall have the meanings explained below, unless otherwise explicitly agreed in the Agreement:
“Agreement” means an agreement in which the Parties agree on the provision of the iCare CLINIC Service in accordance with these Terms to the Customer, such as (i) a written or electric agreement signed by the Parties, (ii) the Supplier’s offer accepted by the Customer electronically or in writing (iii) the Customer’s order accepted by the Supplier e.g. by confirming the Customer’s order or commencing the provision of the iCare CLINIC Service to the Customer.
”Customer Data” means the data or other content submitted or downloaded by the Customer or by the User into the System through the iCare CLINIC Service’s user interface(s) or by using the Mobile Application. Also a Third Party User may download his/her data into the System only by using the Mobile Application. For the avoidance of doubt it is stated that the Customer Data may contain Personal Data, in which case the Section 7 applies.
“Device” means iCare tonometer devices, as defined by iCare from time to time, supplied to the Customer by a third party (“Device Provider”).
“Device Provider” is defined in the definition of “Device” above.
“Documentation” means usage manuals and other documents in electronic or other written format that are supplied by the Supplier to the Customer or that are accessible through the iCare CLINIC Service or the Mobile Application, but excluding any marketing materials.
“Intellectual Property Rights” means patents, inventions, trademarks, domain names, rights in know-how, trade secrets, copyrights, database rights, rights related to copyrights and any other intellectual property rights, whether registered or not, and including without limitation the right to amend and further develop the objects of those rights and the right to assign the rights to third parties.
”iCare CLINIC Service” means the Supplier’s SaaS (software as a service) service delivered via data networks enabling the Customer and the User and the Third Party User to submit and/or upload the Customer Data into the System and to receive the Output Data. The iCare CLINIC Service is defined in its service description in the Documentation as modified by the Supplier from time to time, and it includes the modifications, enhancements, new versions and updates of the iCare CLINIC Service released according to the discretion of the Supplier and by the Supplier for the non-exclusive, commercial and internal use by the Customer.
“Mobile Application” means the Supplier’s separate software application called iCare PATIENT Application or iCare PATIENT2 Application, which shall be installed on the Third Party Users’ and/or Users’ mobile devices and which can be used by the Third Party Users’ and Users to upload the data provided by the iCare tonometer devices to the System. The Mobile Application is defined in its product description in the Documentation as modified by the Supplier from time to time, and it includes the modifications, enhancements and new versions and updates of the Mobile Application released by the Supplier according to the discretion of the Supplier and by the Supplier for the non-exclusive, commercial and internal use by the Third Party Users and the Users. A separate electronic contract shall be entered into between the Supplier and the Users / the Third Party Users prior to using the Mobile Application.
“Output Data” means the Customer Data as processed by the System alone.
“Personal Data” is defined in the Data Processing Schedule attached as Schedule 1.
”Statistical Information” means the Customer Data, as such or as processed and/or combined with other data, but in a statistical or aggregated form so that a user’s or the Customer’s identity cannot be seen from the Statistical Information.
"Subscription” means the Customer’s right to use the iCare CLINIC Service.
"Subscription Period” means the time period of the Customer’s right to use the iCare CLINIC Service, that renews automatically as set out in these Terms. The Subscription Period is one of the Subscription Period options offered by the Supplier and is defined in the Agreement.
”System” means the Supplier and third party systems used by the Supplier to provide the iCare CLINIC Service, and it includes the modifications, enhancements, new versions and updates of the System.
“Third Party User” is a third party private person who has a contract in force with the Customer concerning the services of the Customer only for the benefit of himself/herself (such as doctor – patient relationship).
“User” means members of the Customer’s or the Customer’s subcontractors’ personnel who are authorized by the Customer in writing or electronically to use the iCare CLINIC Service solely on behalf of and for the benefit of the Customer internally.
3.1 The Customer warrants that i) it is an entity (e.g. company, partnership, corporation or a public legal person) and not a private individual and that ii) the Customer has not acquired the usage right to the iCare CLINIC Service as a consumer or otherwise for the purpose of private household.
3.2 The Supplier may make changes to the System, the Icare CLINIC Service, the Mobile Application and the Documentation at any time.
3.3 The Customer shall contribute to the provision of the Icare CLINIC Service with respect to factors under the command or control of the Customer.
3.4 The Customer shall, at its own expense, acquire (i) the Devices from a Device Provider, (ii) mobile devices for the Users, (iii) connections and data traffic subscriptions, (iv) its own hardware and software environment with which the iCare CLINIC Service is used, (v) sufficient rights to the Mobile Application for the Third Party Users’ and Users’ use and (vi) information security related to any of the foregoing in this sub-section, to the extent these are required for the Customer’s use of the iCare CLINIC Service and the Users’ and the Third Party Users’ use of the Mobile Application, each according to the compatibility requirements set by the Supplier from time to time. For example, the Mobile Application is available for limited type(s) of mobile device operating system(s) and its/their version(s) and the iCare CLINIC Service is available for limited type(s) of web browsers and its/their version(s).
4.1 Subject to the Customer’s payment of the prices payable under the Agreement, the Customer is granted a non-exclusive and non-transferable right, during the Subscription Period, to: (i) use the iCare CLINIC Service by the Users in accordance with the Documentation and (ii) allow each User and each Third Party User to download one copy of the Mobile Application on a mobile device owned, rented or leased by the Customer (or the Third Party User in case of the Third Party User using the iCare CLINIC Service). The Customer’s right to use the iCare CLINIC Service is limited to use with the number of the Devices included in the Subscription at the time of use. The Customer may not use the iCare CLINIC Service or the Mobile Application to offer services to any third party or otherwise transfer the iCare CLINIC Service or the Mobile Application or allow access to the iCare CLINIC Service or the Mobile Application to any third party. In addition, the terms of use of the Mobile Application to be accepted when downloading the Mobile Application apply to the use of the Mobile Application. THE CUSTOMER AGREES THAT EACH USER IS AUTHORIZED TO CONCLUDE A BINDING AGREEMENT ON BEHALF OF THE CUSTOMER AND THE USER REGARDING THE TERMS OF USE OF THE MOBILE APPLICATION. THE CUSTOMER IS LIABLE FOR ANY BREACH OF THESE TERMS OR THE TERMS OF USE OF THE MOBILE APPLICATION BY THE USERS AND THE THIRD PARTY USERS.
4.2 The Customer may use the Documentation during the term of the Agreement internally to support the granted use of the iCare CLINIC Service.
4.3 The Users and the Third Party Users shall maintain user names and passwords diligently and they may not be disclosed to any third parties. The Customer is responsible for the use of the Users’ and the Third Party Users’ user names and passwords as widely as the law allows.
4.4 The Customer may not repair or otherwise modify the Documentation, the iCare CLINIC Service, the System or the Mobile Application. The Customer may not disassemble, decompile or reverse engineer or otherwise attempt to derive the source code of the software used in the implementation or production of the Icare CLINIC Service or the System or of the Mobile Application.
4.5 If the Customer and the Supplier have agreed on the provision of the application programming interface ("Interface”) by the Supplier to the Customer, Icare Application Programming Interface Terms in Schedule 2 attached hereto shall apply to the use of the Interface.
5.1 The Customer shall ensure that no Customer Data violates applicable laws or any rights of third parties. The Customer warrants that it and the Users and the Third Party Users have the right to download/upload and submit the Customer Data into the System and that the Supplier and its subcontractors are entitled to process the Customer Data lawfully for the purposes of the Agreement. The Supplier may remove any Customer Data that the Supplier suspects is in violation of these Terms or to satisfy a court or authority request based on mandatory law.
5.2 For the avoidance of doubt it is stated that the Customer may transfer the Customer Data or any part of it to the systems, devices or services of the Customer at the discretion and liability of the Customer.
6.1 The Supplier may suspend the provision of or access to the Icare CLINIC Service:
(a) If it is necessary for the purposes of installation, change or maintenance work, or
(b) due to interruption in public networks, repair of errors or equipment, security risks, problems in electricity supply, if required by law or an order by an authority or if the Supplier suspects misuse of the Icare CLINIC Service or breach of the Agreement.
6.2 If the suspension is due to a service break planned by the Supplier, the Supplier informs, where reasonably possible, the Customer of the suspension in advance. The Supplier will inform the Customer of other suspensions, where reasonably possible, without delay after the Supplier has received information about the cause of the suspension. The notifications can be made in the user interface of the Icare CLINIC Service, otherwise electronically or in other appropriate manner.
6.3 The following are not considered as errors of the Icare CLINIC Service or the Mobile Application: (a) errors that are caused by faulty use, (b) errors that are caused by failure to follow these Terms, the terms of the Agreement, the terms of use of the Mobile Application or the usage instructions (c) errors that are caused by a modification or repair performed by anyone else than the Supplier; (d) errors that are caused by malfunction or defects of the Devices or mobile devices; (e) errors that are caused by the Device Provider’s failures or actions, (f) errors that are caused by any system, product or service not provided by the Supplier or (g) errors that are caused by faulty form or content of the Customer Data. The Supplier’s liability for errors of the Icare CLINIC Service or the Mobile Application is limited to the fulfillment of its support duties towards the Device Provider.
6.4 EXCEPT TO THE EXTENT SET OUT HEREIN, THE SUPPLIER DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
6.5 During and after the term of the Agreement, the Supplier has a permanent, non-revocable, transferable, sublicensable and free of charge right to produce the Statistical Information and to use and disclose the Statistical Information for any and all purposes such as for further developing and managing the Icare CLINIC Service and the Supplier’s services.
7.1 The Customer acknowledges and agrees that in order to be able to utilize the Icare CLINIC Service, the Users and the Third Party Users will have to provide the Personal Data to be processed by the Supplier and also the Customer. If the Users and the Third Party Users do not provide the Personal Data, the User and the Third Party User are not allowed to utilize the Icare CLINIC Service.
7.2 The Data Processing Schedule attached as Schedule 1 to these Terms is an integral part of these Terms.
7.3 The Customer shall make sure that the Supplier and its sub-processors may process the Users’ and the Third Party Users’ Personal Data as explained in this Section 7 and in the Data Processing Schedule.
7.4 The Supplier acts as a processor of the Personal Data and the Customer acts as the controller of the Personal Data. The Customer defines the Personal Data it wants to collect and control in its business. The Customer is (among other things) liable for the correctness of the Personal Data and the lawfulness of the processing of the Personal Data. Without limiting the generality of the foregoing, the Customer is liable for all duties and liabilities of a Personal Data controller.
8.1 The Customer shall contract with the Device Provider regarding the provision of support services for the iCare CLINIC Service and the Mobile Application according to the Device Provider’s commercial discretion. The Customer may contact the Supplier in support matters and in such case the Supplier considers itself on how and when to provide support. Also, in such specific case(s) when the Customer is entitled to contact the Supplier in support matters, even such support is considered to be provided by the Device Provider under its support contract with the Customer.
9.1 The iCare CLINIC Service requires the use of cookies. The cookies are called authTokens. They are session-based cookies. They collect only the data to be able to identify the User or the Third Party User as he/she logs in the iCare CLINIC Service and only for the duration of the session in the iCare CLINIC Service.
9.2 The terms regarding cookies may vary from time to time, as notified by the Supplier.
10.1 Title and any and all Intellectual Property Rights in and to the Icare CLINIC Service, the System, the Mobile Application, the Documentation and the results of the Supplier’s services, and any copies, modifications, translations, amendments and derivatives thereof are and shall belong only to the Supplier and/or its licensors.
11.1 Prices
11.1.1 The prices payable by the Customer for the right to use the iCare CLINIC Service (“Subscription price(s)”) are agreed in the Agreement and depend on the length of the Subscription Period and the number of the Devices included in the Subscription. The Customer may at any time update the number of the Devices included in the Subscription. In case the Customer adds Devices to the Subscription, the Customer shall pay immediately an additional Subscription price for the added Devices according to the Supplier’s then current price list for the length of the remaining Subscription Period. In case the Customer decreases the number of the Devices included in the Subscription, the Customer is not entitled to receive any refund of the Subscription price and there will not be any decrease in the Subscription price for the remaining Subscription Period
11.1.2 If the Subscription Period renews, the Subscription price for the new Subscription Period is accordance with the Supplier’s price list (as amended by the Supplier from time to time) on the first day of the new Subscription Period and is calculated based on the number of the Devices included in the Subscription on that day. The Subscription price also for the new Subscription Period(s) will be increased if Devices are added to the Subscription, as defined in Section 11.1.1.
11.1.3 Prices other than the Subscription price are in accordance with the Supplier’s price list as amended by the Supplier from time to time.
11.1.4 The payment methods available are determined by the Supplier from time to time. The Customer agrees that the payment services may be provided by third parties or a third party, whose terms and conditions regarding the payment service might be applicable to the payments and related use of the Customer’s data.
11.1.5 The Subscription prices are adjusted as set out in Sections 11.1.1 and 11.1.2.
11.1.6 Value added tax, duties, levies and other taxes and governmental charges are borne by the Customer and added to the prices.
11.2 Invoicing and Payment
11.2.1 If not otherwise agreed in the Agreement, the prices are invoiced:
(a) recurring prices, such as Subscription price or monthly, quarterly or annual prices, in advance;
(b) one time prices upon the order; and
(c) other prices monthly afterwards.
11.2.2 Depending on the payment method, the Supplier may define that prices are payable immediately upon order. This applies e.g. to payment by credit card. If the Supplier allows the Customer to pay through an invoice, invoices are payable within fourteen (14) days from the date of the invoice unless otherwise defined the Supplier. The Supplier may suspend the Customer’s access to the iCare CLINIC Service in the event that the Customer has delayed in making a payment despite of a payment reminder.
12.1 Each Party (i) shall keep in confidence all information of the other Party of confidential nature or marked as confidential (together referred to as “Confidential Information”); (ii) may not disclose the other Party’s Confidential Information to any third party and (ii) may not use the other Party’s Confidential Information for any purpose other than for fulfilling its obligations and using its rights arising out of the Agreement. The structure and user interfaces of the iCare CLINIC Service, the System and the Mobile Application, and their underlying ideas and the Documentation are always the Supplier’s Confidential Information. The Supplier may disclose the Customer’s Confidential Information to its subcontractors for the fulfilment of the purpose of the Agreement if the subcontractors have committed to a confidentiality provision substantially similar as herein. In addition, the Supplier may disclose the Customer’s Confidential Information to the Device Providers to the extent required to cooperate in possible support or delivery issues.
12.2 The foregoing obligations shall not apply to information: (i) which at the time of the disclosure is or later becomes generally available or otherwise public through no fault of the receiving Party; (ii) which was in the possession or knowledge of the receiving Party prior to receipt of the same from the other Party; (iii) which the receiving Party receives from a third party who is not bound by a confidentiality obligation towards the other Party regarding the same Confidential Information; (iv) which the receiving Party has independently developed without using the other Party’s Confidential Information; or (v) which must be disclosed based on law or an order by an authority or court. Unauthorized disclosures of Confidential Information that are caused by security breaches or other similar causes are not regarded as a breach of this confidentiality obligation. The Supplier shall have the right to utilize the general expertize and skills that its and its subcontractors’ personnel have learnt in conjunction with the Agreement.
13.1 Arising out of or related to the iCare CLINIC Service, the System, the Mobile Application, the Documentation, the Supplier’s services or otherwise out of or related to the Agreement, the Supplier shall have no liability for any: (i) indirect damages such as loss of profit, revenue or savings, or for damages payable to third parties, or (ii) loss or alteration of data, information or for any damages incurred as a result thereof, or for cover purchase.
13.2 The Supplier’s aggregate maximum liability arising out of or related to the iCare CLINIC Service, the System, the Mobile Application, the Documentation, the Supplier’s services and otherwise out of or related to the Agreement for any and all causes of action occurred during any calendar month, and including the amounts of possible price returns or reductions, shall not exceed the amount of the prices (without value added tax and other governmental charges) paid by the Customer to the Supplier for the said calendar month.
13.3 The limitations of liability shall not apply to damages caused by gross negligence or intentional act.
14.1 Subscription
14.1.1 Subscription and the Agreement will remain in force initially for the first Subscription Period, after which the Subscription and the Agreement will automatically renew for subsequent time period(s) each equal to the length of the first Subscription Period, unless terminated by the Customer by using the termination functionality in the Supplier’s web shop latest on the last day of the Subscription Period or terminated by the Supplier latest three (3) months before the end of the Subscription Period.
14.2 Termination at Will
14.2.1 The Customer may also terminate the Agreement and the Subscription with immediate effect at any time by using the termination functionality in the Supplier’s web shop. In such case the Customer is not entitled to receive any refund of the Subscription price or other prices and there will not be any decrease in the Subscription price for the Subscription Period.
14.3 Termination for Cause
14.3.1 Either Party may terminate the Agreement with immediate effect by giving the other Party a written notice if:
(a) the other Party commits a material breach of the Agreement and fails to remedy the same within thirty (30) days after receipt of a written demand from the other Party to cure the breach; or
(b) the other Party is declared bankrupt, placed into liquidation or its financial situation has otherwise materially deteriorated so that it becomes evident that the other Party will not be able to fulfil its obligations under the Agreement.
14.4 Effects of Termination
14.4.1 Upon termination of the Agreement, each Party shall return to the other Party any tangible property representing Confidential Information of the other Party and erase/delete any other Confidential Information of the other Party held by the first Party in electronic form. However, unless the Parties agree on such service in writing, the Supplier does not return the Customer Data to the Customer. The Supplier is not obliged to store the Customer Data after the termination of the Agreement but the Supplier may continue to store the Customer Data if required by law or regulation.
14.4.2 In any cases of termination or cancellation the Customer is not entitled to receive any compensation for payments of any prices for the period of time the Customer cannot or has not utilized the rights under the Agreement.
15.1 Assignment and Subcontractors
15.1.1 Either Party may not assign the Agreement to a third party, without the prior written consent of the other Party. However, the Supplier may assign the Agreement without the consent of the Customer to a transferee when assigning the ownership of the Supplier’s business assets or part thereof, or to the Supplier’s affiliate, and, for the avoidance of doubt, in merger or demerger. The Supplier may subcontract its duties. The Supplier shall be liable for the work of its subcontractors as for work of its own.
15.2 Survival
15.2.1 Upon termination of the Agreement, the provisions relating to Intellectual Property Rights, confidentiality, disclaimers of warranty, limitations of liability and this Section “Miscellaneous” shall survive. Also, any other provisions which by their nature or wording contemplate effectiveness beyond the termination of the Agreement, shall survive the termination.
15.3 Entire Agreement
15.3.1 The Agreement constitutes the complete agreement between the Parties with respect to the subject matter hereof and it supersedes all previous proposals, marketing materials and other communications between the Parties with respect to the subject matter hereof.
15.4 Severability
15.4.1 If any provision of the Agreement is found to be contrary to law, the other provisions of the Agreement will remain in force. The invalid provision shall be amended by the Parties, and the Agreement shall be interpreted so as to best accomplish the objectives of the original provision to the fullest extent allowed by law.
15.5 Waiver and Amendment
15.5.1 No change of the Agreement shall be binding unless made in writing and signed by duly authorized representatives of each Party. A failure by a Party to use any of its rights based on the Agreement shall not be construed as a waiver of such right.
15.6 Force Majeure
15.6.1 A Party shall not be liable for delays, defects or damages caused by factors due to an impediment beyond his control, which he cannot reasonably be deemed to have taken into account at the time of the conclusion of the Agreement, and the consequences of which he could not reasonably have avoided or overcome. Such events of force majeure shall include, without being limited to, natural disasters, breakdown of electricity or networks, security attacks, failures in Internet or other public networks or data traffic, strikes and other labor disputes or acts of government. A labor dispute shall be considered a force majeure event also when a Party is the target or a party to such an action. The force majeure events suffered by subcontractors are also be deemed as force majeure events.
15.7 Governing Law and Dispute Settlement
15.7.1 The Agreement shall be construed in accordance with the laws of Finland, excluding its choice of law provisions and the UN Convention on Contracts for the International Sale of Goods.
15.7.2 Any dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Rules of Arbitration of the Finland Chamber of Commerce. The arbitration shall take place in Helsinki, Finland, and shall be conducted in English. The arbitrator shall have at least a master’s degree in law from a Finnish university. Notwithstanding the above, the Supplier shall be entitled to seek equitable and/or injunctive relief to prevent or stop a violation of the terms and conditions in the Agreement and take legal actions concerning overdue payments, in any court of law.
15.8. Schedules
Schedule 1: SaaS Data Processing Schedule
Schedule 2: Icare Application Programming Interface Terms
Version 1.3
APRIL 2024
This Schedule sets out the terms and conditions for the processing of the Personal Data by iCare Finland Oy, Business ID 1084502-3 (“Supplier”) and the Customer in connection with the Supplier’s provision of the iCare CLINIC Service to the Customer based on the Agreement. This Schedule is an integral part of the Agreement and of the iCare Clinic Service General Terms and Conditions.
2.1 This Schedule applies to the limited extent the Supplier Processes Personal Data and/or Patient Data as a Processor on the Customer’s behalf based on the Agreement.
2.2 The Parties acknowledge and agree that with regard to the Processing of the Personal Data and the Patient Data under this Schedule, the Customer is the Controller and the Supplier is the Processor.
As used in this Schedule the following terms shall have the following meanings:
“Controller” means the legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Laws” means mandatory laws in force from time to time in Finland (“Country”) relating to the protection of Personal Data, Patient Data and the Processing, including but not limited to the EU General Data Protection Regulation 2016/679 (“GDPR”), and all binding EU and national data protection legislation in force in the Country.
“Patient Data” means data relating to a patient as defined in applicable Laws.
“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”) which information is Processed under this Schedule on behalf of the Customer. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data and/or Patient Data transmitted, stored or otherwise Processed.
“Process” or “Processing” means any operation or set of operations which is performed on the Personal Data or the Patient Data or on sets of Personal Data or the Patient Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the legal person, public authority, agency or other body, which Processes the Personal Data and/or the Patient Data on behalf of the Controller.
“Separate Pricing” is defined in Section 4.
“Service” or “Services” means the responsibilities of the Supplier under the Agreement.
4.1 The types of the Personal Data and categories of the Data Subjects of the Personal Data can be:
(i) full name;
(ii) title;
(iii) email address;
(iv) office address;
(v) phone numbers;
(vi) IP-addresses relating to remote sessions regarding online support;
(vii) national ID number;
(viii) patient ID number (internal to customer clinic);
(ix) date of birth;
(x) tonometer configuration;
(xi) IOP measurement results;
(xii) IOP notification limits;
(xiii) unique serial number and name of the device; device’s cheek and forehead support settings; and
(xiv) notes on the patient and on the IOP measurements.
4.2 The Supplier and any person acting under the authority of the Supplier, who has access to the Personal Data and/or the Patient Data, may Process the Personal Data and/or the Patient Data only on documented instructions from the Customer, unless required to do so by EU or EU member state law to which the Supplier is subject to. In such a case, the Supplier shall inform the Customer of that legal requirement before the Processing, unless that law prohibits such information on important grounds of public interest. Such instructions are hereby given by the Customer to the Supplier and include the following. The Customer gives the Supplier instructions to Process the Personal Data and the Patient Data in order for the Supplier and its sub-processors to provide the Services to the Customer in accordance with the Service specification in the Agreement. In addition, the Supplier may also decide at its discretion to support the Data Subjects directly in relation to use of the device and/or in the use of the iCare CLINIC Service. If and when the Customer desires to amend the documented instructions or give new documented instructions to the Supplier, the compliance with the amended and new instructions may be priced in accordance with the Separate Pricing.
4.3 The Supplier shall:
(i) ensure that persons authorised to process the Personal Data and the Patient Data on its behalf have committed themselves to a written confidentiality undertaking;
(ii) in accordance with the Separate Pricing, taking into account the nature of the Processing, assist the Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests for exercising the Data Subject’s rights laid down in the Laws;
(iii) in accordance with the Separate Pricing, assist the Customer in ensuring compliance with the obligations pursuant to the Laws in the performance of data protection impact assessments and consultations with the supervisory authorities as required pursuant to the Laws;
(iv) in accordance with the Separate Pricing, as requested by the Customer in writing, delete or return all Personal Data and the Patient Data to the Customer after the end of the provision of the Services relating to the Processing, and delete existing copies unless EU or EU member state law requires storage of the Personal Data and the Patient Data; and
(v) in accordance with the Separate Pricing, make available to the Customer information necessary to demonstrate compliance with the obligations laid down in the Laws and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer to audit the Supplier’s compliance with this Schedule. The Supplier shall inform the Customer if, in its opinion, the Customer’s instruction infringes the Laws. The Customer shall notify the Supplier of the audit in writing at least thirty (30) days in advance. The auditor may not be a competitor of the Supplier. The information regarding the Supplier’s operations learnt during the audits are the Supplier’s confidential trade secrets. The Customer is liable for the auditor’s compliance with the terms of this Schedule.
4.4 If based on the Laws or any other applicable legislation, regulations or decisions of authorities or the Customer’s instructions, the Supplier is at any time instructed or required to assist the Customer in performing the Customer’s obligations to respond to requests for exercising the Data Subjects’ rights or is otherwise required to perform any other tasks or activities relating to the Personal Data or the Patient Data or the Processing that are not the Supplier’s Service duties, the Customer shall pay to the Supplier a separate price for such tasks or activities on a time and material basis in accordance with the Supplier’s price list in force from time to time (such prices payable by the Customer to the Supplier are referred to as “Separate Pricing”). These tasks or activities can be e.g. providing information to a Data Subject on the Personal Data and/or the Patient Data possessed by the Supplier, or removing or transferring Personal Data and/or the Patient Data or responding or reporting to data protection authorities or allowing audits or inspections.
5.1 The Supplier may engage sub-processor(s) for the purpose of the Processing. A list of the Supplier’s current sub-processor(s) is in Appendix 1 to this Schedule.
5.2 The Supplier shall notify the Customer of intended changes concerning the engagement of a new sub-processor. The Customer has fourteen (14) days after receiving such notification to object to the engagement of new sub-processor(s) in writing, including valid reasonable reasoning for the objection. If the Customer objects to the engagement of a new sub-processor as permitted herein and if the Supplier does not change the Services to avoid the Processing of the Personal Data and/or the Patient Data by that new sub-processor within sixty (60) days after receiving such objection and reasoning, either Party may terminate the Agreement, by giving the other Party a thirty (30) days’ written notice. If the Supplier engages a sub-processor for carrying out the Processing activities, the Supplier shall agree with the sub-processor on data protection obligations substantially similar as in this Schedule by way of a written contract or other legal act, to the extent applicable to the nature of the services provided by such sub-processor.
6.1 The Customer acts as the Controller in relation to all Personal Data and the Patient Data. The Customer is (among other things) liable for the correctness of the Personal Data and the Patient Data and the lawfulness of the Processing of the Personal Data and the Patient Data and for all other duties and liabilities of the Controller under the Laws.
6.2 The Customer shall take backup copies of the Personal Data and the Patient Data before providing the same to the Supplier and/or its sub-processors.
6.3 The Customer warrants to the Supplier that: (a) the Personal Data and the Patient Data have been obtained lawfully; (b) the Services to be provided by the Supplier and its sub-processors will be consistent with and appropriate to the specified and lawful purposes for which the Customer is engaged in relation to the Personal Data and the Patient Data; (c) the Customer has not and will not disclose the Personal Data and the Patient Data or any part thereof to the Supplier or its sub-processors in a manner incompatible with applicable legislation; and (d) the Supplier and its sub-processors are authorized under applicable legislation to Process the Personal Data and the Patient Data.
7.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Supplier shall implement appropriate technical and organisational measures to ensure a level of security in its systems appropriate to the risk, including inter alia as appropriate: (a) in accordance with the Separate Pricing and as reasonably instructed by the Customer, the pseudonymisation and encryption of the Personal Data and the Patient Data, (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to the Personal Data and the Patient Data in a timely manner in the event of a physical or technical incident; and (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.
8.1 The Supplier shall notify the Customer without undue delay after becoming aware of a Personal Data Breach.
8.2 The Supplier shall, in accordance with the Separate Pricing, assist the Customer in ensuring compliance with the Customer’s obligations pursuant to Laws to notify the Personal Data Breach to the supervisory authority and/or to the Data Subjects, taking into account the nature of the Processing and the information available to the Supplier.
9.1 The Supplier may transfer the Personal Data and the Patient Data to countries outside the EEA and EU (“Third Countries”).
9.2 The legal basis for the transfer of the Personal Data to Third Countries is the Supplier’s or its sub-processors’ Binding Corporate Rules, European Commission’s Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries (“Standard Contractual Clauses”), alternative data export mechanisms for the lawful transfer of Personal Data (as recognized under GDPR) or other legal basis.
10.1 Without limiting the validity of the limitations of liability and disclaimer of warranties in the iCare Clinic Service General Terms and Conditions and elsewhere in the Agreement, either Party shall have no liability to the other Party for any indirect damages such as loss of profit, revenue or goodwill, or punitive damages, for cover purchase or loss of data, or for damages payable to third parties, and even if the Party concerned has been advised of the possibility of such damages.
10.2 Without limiting the validity of the limitations of liability and disclaimer of warranties in the iCare Clinic Service General Terms and Conditions and elsewhere in the Agreement, the Supplier’s aggregate maximum liability arising out of or related to the iCare CLINIC Service, the System, the Mobile Application, the Documentation, the Services and otherwise out of or related to the Agreement and this Schedule for any and all causes of action occurred during any calendar month, and including the amounts of possible price returns or reductions, shall not exceed the amount of the prices (without value added tax and other governmental charges) paid by the Customer to the Supplier based on the Agreement for the said calendar month.
10.3 The Supplier shall not be liable for any failures or damages caused by (i) the non-performance or delay by the Customer or (ii) the inaccuracy, incorrectness or illegality of the Personal Data or the Patient Data, materials, information, data or instructions provided by the Customer to the Supplier or its sub-processors.
11. This Schedule, together with the Agreement and the iCare Clinic Service General Terms and Conditions, constitutes the complete agreement between the Parties with respect to the subject matter hereof and it supersedes all prior oral or written proposals, understandings, negotiations, marketing materials and other communications between the Parties with respect to the subject matter of this Schedule.
Appendices: Appendix 1: SUB-PROCESSOR(S)
| Name | Address | Purpose of Procsing | Further Information |
| Amazon Web Services EMEA SARL | 38 Avenue John F. Kennedy, L-1855, Luxembourg | Cloud hosting and data storage as the Supplier’s service provider
Amazon Simple Email Service |
The Supplier has specified that the location(s) where Personal Data of data subjects located in EU member states will be processed within the AWS Network is the EEA region. AWS is thus committed not to transfer Personal Data from this selected region except as necessary to provide the services initiated by the Supplier or as necessary to comply with the law or binding order of a governmental body. The Supplier has selected only services where processing of personal data for those services is within EEA. Further information:
Link to AWS DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf Link to AWS Supplementary addendum: https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf https://aws.amazon.com/compliance/sub-processors/
|
| Taitopilvi Oy | Hannikaisenkatu 20, 40100 JYVÄSKYLÄ, Finland | Maintenance of AWS environment | Processing only within EEA. |
| Microsoft Corporation | One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 | Outlook is used for communication to provide support services. | |
| Atlassian Corporation Plc | 1098 Harrison Street, San Francisco, California 94103 | Jira is used for internal communication to provide support services. |
Version 1.0 APRIL 2024
1.1 These Terms apply to the provision of the application programming interface (“Interface”) by Icare Finland Oy (“Supplier”) to the firm, company, corporation or other entity named in the Agreement (“Customer”). The Interface enables another software program to query intraocular pressure data generated by the Devices and related data from the iCare CLINIC Service. These Terms form an integral part of the Agreement. The Supplier and the Customer are hereinafter referred to each as a “Party” and together as the ”Parties”.
The following terms shall have the meanings assigned to them herein:
”Customer Data” means data submitted by or on behalf of the Customer into the Interface, including but not limited to Personal Data contained in the Customer Data.
“Device(s)” means tonometer devices manufactured by the Supplier.
“Documentation” means usage manuals and other documentation in written or electronic form.
“Error” means an error in the Interface, which can be reproduced and which causes the Interface not to function materially.
“Intellectual Property Rights” means any and all intellectual property rights, such as patents, inventions, trademarks, copyrights, rights related to copyright and rights in designs, whether registered or not, and all rights or forms of protection having equivalent or similar effect to any of the foregoing.
“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Professional Service(s)” means, except for the Supplier Service, any services agreed to be provided by the Supplier in the Agreement, such as consultation, separately priced Support Services and/or training.
3.1 The Customer is granted a non-exclusive, non- transferable and non-sublicensable right to use the Interface and the agreed functionalities of the Interface during the term of the Agreement in the Customer’s internal use solely in connection with using the Devices and in accordance with the Documentation and these Terms.
3.2 The Supplier can develop the Interface. Thus, the Supplier may make updates, upgrades, bug fixes, modifications and enhancements to the Interface from time to time.
3.3 THE INTERFACE IS PROVIDED “AS IS”, WITHOUT ANY EXPRESS OR IMPLIED WARRANTY, LIABILITY OR REPRESENTATION OF ANY ARISING OUT OF OR IN CONNECTION WITH THE INTERFACE, THE SUPPLIER SHALL NOT HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR OTHER DAMAGES, SUCH AS LOSS OF PROFIT, REVENUE OR GOODWILL, BUSINESS INTERRUPTION, OR PUNITIVE DAMAGES, PERSONAL INJURY, COST OF COVER PURCHASE OR LOSS OF DATA OR FOR DAMAGES PAYABLE TO THIRD PARTIES, EVEN IF THE SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3.4 The Customer may not transfer the Interface to any third party or allow any third party to benefit from the Interface. There are no implied rights to use. The Customer may not (a) copy, modify or create a derivative work of the Interface; (b) reverse engineer, decompile, translate, disassemble or otherwise attempt to extract any or all of the source code of the Interface; (c) sell, resell, sublicense, transfer or distribute any of the Interfaces or; or (d) use the Interface for any unlawful, fraudulent, offensive or obscene activity. In the use of the Interface, the Customer shall comply with applicable laws and regulations.
3.5 The Supplier is responsible for keeping the Interface working for six (6) months from the termination of the Agrreement.
4.1 The Supplier makes available to the Customer its support service for the Interface according to the Supplier’s support model as in force from time to time (“Support Service”). Additional Support Service may be available to the Customer as Professional Service upon payment of applicable fees, as specified in the Supplier’s price list applicable at each time. Customer shall pay for such Professional Services according to the Supplier’s valid price list.
4.2 The Customer may contact the Supplier in support matters and in such case the Supplier considers itself on how and when to provide support. Also, in such specific case(s) when the Customer is entitled to contact the Supplier in support matters, even such support is considered to be provided by the Supplier under its support contract with the Customer.
4.3 The Support Service may be accessed and contacted by such named main users of the Customer, who are trained in the use of the Interface.
4.4 The Supplier cannot warrant that all Errors can or will be corrected or that Errors can or will be corrected within a certain time period. The Supplier may prioritize the investigation and correction of different Errors taking into account their severity and effect, as estimated by the THE SUPPLIER DOES NOT WARRANT THAT THE INTERFACE WOULD BE ERROR-FREE OR UNINTERRUPTED OR FIT FOR PURPOSE. THERE ARE PLANNED AND OTHER SERVICE BREAKS IN THE PROVISION OF AND ACCESS TO THE INTERFACE.
5.1 As between the Parties, the Customer retains title and Intellectual Property Rights in and to the Customer Data (excluding the Supplier’s technology and other rights of the Supplier).
5.2 Title and Intellectual Property Rights in and to the Interface, the results of the Interface, the Documentation, and any copies, modifications, translations, amendments and derivatives thereof, belong to the Supplier and/or its licensors.
6.1 Prices
If not agreed otherwise by and between the Supplier and the Customer, the Supplier’s general price list in force from time to time shall apply to the provision of the Interface and any services.
7.1 The Data Processing Schedule(s) attached to the Agreement concerning the processing of personal data defined in the Agreement apply to the provision of the Interface in accordance with these Terms.
7.2 The Customer warrants that the Supplier and its Sub- Processors are authorized to process the Customer Data under applicable legislation for the purposes of the Agreement and that the Customer has gained the necessary consents from the patient and other Data Subjects for the purpose of such processing.
8.1 A Party shall have no liability for any: (i) indirect, incidental, special, consequential, punitive or exemplary damages, such as loss of profit, revenue or savings, or (ii) personal injury, loss or alteration of data or for any damages incurred as a result thereof, or for cover purchase.
8.2 The Supplier’s aggregate maximum liability arising out of or related to the Interface, the Supplier’s services and otherwise out of or related to the Agreement for any and all causes of action occurred during any calendar month, and including the amounts of possible price returns or reductions, shall not exceed the amount of the prices (without value added tax and other governmental charges) paid by the Customer to the Supplier for the said calendar month.
8.3 No action, regardless of form, may be brought by a Party against the other Party more than six (6) months after the cause of action has arisen.
8.4 These limitations of liability shall not apply to damages caused by gross negligence or intentional act or to breaches of the terms of use in Section 5.
