By continuing to use the Services, you agree as follows:
IF YOU ARE NOT ELIGIBLE, OR DO NOT AGREE TO THE TERMS, THEN YOU DO NOT HAVE OUR PERMISSION TO USE THE SERVICE. DO NOT LOG IN TO THE SYSTEM AND IMMEDIATELY DELETE ALL INSTALLED FILES, IF ANY, OF THE ACCOMPANYING SERVICES AND MATERIALS FROM YOUR COMPUTER OR MOBILE DEVICE.
THE EKO MOBILE APPLICATIONS, EKO CORE DEVICE, EKO DUO DEVICE, EKO ANALYSIS TOOLS, EKO TELEMEDICINE, AND WEB SERVICES (HEREAFTER, THE “APPLICATION”) ARE AVAILABLE TO USERS IN THE UNITED STATES OF AMERICA (USA) AND CERTAIN OTHER COUNTRIES, THE APPLICATION IS INTENDED TO BE USED AS A PART OF A PHYSICAL ASSESSMENT OR MONITORING OF A PATIENT BY HEALTHCARE PROFESSIONALS FOR DIAGNOSTIC DECISION SUPPORT.
ARBITRATION NOTICE: EXCEPT IF YOU OPT-OUT AND EXCEPT FOR CERTAIN TYPES OF DISPUTES DESCRIBED IN THE ARBITRATION SECTION BELOW, YOU AGREE THAT DISPUTES BETWEEN YOU AND EKO WILL BE RESOLVED BY BINDING, INDIVIDUAL ARBITRATION. YOU WAIVE YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION. YOU CAN OPT OUT OF THE AGREEMENT TO ARBITRATE BY CONTACTING email@example.com WITHIN 30 DAYS OF ACCEPTING THESE TERMS.
Purpose of the Services
Our software is provided to you subject to these Terms and any other agreements entered into between You and Eko.
For Providers, the software is provided in order to:
NOTE: Eko is not a healthcare provider nor do we provide any healthcare services. We are not a health insurance company and we are not licensed to sell health insurance.
We Do NOT Provide Medical Advice
Our Services provide an online option for Providers and patients to communicate about medical conditions that are not serious or life threatening and do not present an emergency. It is NOT intended for use in connection with active patient monitoring to allow immediate clinical action or continuous monitoring by a health care provider or the patient.
THE SERVICES CANNOT AND ARE NOT DESIGNED, INTENDED OR APPROPRIATE TO REPLACE THE PROVIDER-PATIENT RELATIONSHIP OR TO ADDRESS SERIOUS, EMERGENCY, OR LIFE-THREATENING MEDICAL CONDITIONS AND SHOULD NOT BE USED IN THOSE CIRCUMSTANCES. PATIENTS SHOULD ALWAYS TALK TO THEIR HEALTHCARE PROVIDER(S) FOR DIAGNOSIS AND TREATMENT, INCLUDING INFORMATION REGARDING WHICH DRUGS, THERAPY, OR OTHER TREATMENT MAY BE APPROPRIATE FOR THEM.
Eko is not liable in any way for any malpractice or substandard treatment a Provider provides. You are using the Services at your own risk.
Any content provided or accessed through the Services, including without limitation information provided by Eko’s staff in response to questions you may submit through the Services, is for informational purposes only, and is not intended to cover all possible uses, directions, precautions, drug interactions, or adverse effects. Please consult your doctor or other qualiﬁed health care provider if you have any questions about a medical condition, or before taking any drug, changing your diet, or commencing or discontinuing any course of treatment. Never disregard, avoid, or delay in obtaining medical advice from a doctor or other qualified healthcare provider because of something posted on our Services.
EKO DOES NOT ENDORSE OR RECOMMEND ANY PROVIDER, AND WE DO NOT CONFIRM THE CREDENTIALS OF ANY PROVIDERS. WE DO NOT CONTROL THE MEDICAL ADVICE THE PROVIDER GIVES, AND WE DO NOT HAVE ACCESS TO OR USE ANY OF THAT ADVICE. IT IS YOUR RESPONSIBILITY TO SEPARATELY CONFIRM THAT A HEALTHCARE PROVIDER IS PROPERLY LICENSED.
1.0 REGISTRATION; TERM OF REGISTRATION
1.1. Registration through the Application
You must be a registered user with Eko in order to use the Application. You may register through the Application or through the Website. By submitting the information requested in the Application’s online registration form, You may access and use the Application and Website to view certain data pertaining to You as made available by Eko. You may not access or use the Application or Website for any other purpose.
By registering for an account, you represent and warrant:
DO NOT USE THE SERVICES WHERE PROHIBITED BY LAW. YOU UNDERSTAND THAT YOUR USE OF THE SERVICES MAY INVOLVE OR REQUIRE THE TRANSMISSION OF SIGNIFICANT AMOUNTS OF DATA. YOU ARE RESPONSIBLE FOR ALL DATA CHARGES THAT MAY BE CHARGED BY YOUR WIRELESS CARRIER OR INTERNET SERVICE PROVIDER OR THAT MAY OTHERWISE ARISE FROM YOUR USE OF THE SERVICES.
1.2. Term of Your registration
The term of Your registration will commence as of the date You complete Your online registration form (“Registration Date”) and, unless earlier terminated in accordance with these Terms will continue in perpetuity (“Term”). Notwithstanding the foregoing, Your registration may automatically expire following any period of inactivity associated with Your account in excess of twelve (12) consecutive months.
You must be at least 13 years of age to use the Service. By agreeing to these Terms, you represent and warrant to us that: (a) you are at least 13 years of age; (b) you have not previously been suspended or removed from the Service; and (c) your registration and your use of the Service is in compliance with all applicable laws and regulations in your local jurisdiction. If you are using the Service on behalf of an entity, organization, or company, you represent and warrant that you have the authority to bind that organization to these Terms and you agree to be bound by these Terms on behalf of that organization.
1.5 Keeping your Information Secure
You need to provide Eko with a valid, working e-mail address to access and use the Services. When you register, you will create a password for your account. Your e-mail address and password and any codes assigned to you are your “User Information.” When you create an account with us, you guarantee that the information you provide is accurate, complete, and current.
(A) Keep your User Information private,
(B) Do not allow another person to use your User Information to access the Services, and
(C) Do not allow another person to use your Device(s).
To protect your conﬁdential healthcare information, it is good practice to enable touch ID, ﬁngerprint ID, Face ID, and/or a passcode on your smartphone.
If you do not do the above and Eko suffers damages as a result, you will be responsible for all of those damages. You agree to immediately notify Eko in writing by email of any unauthorized use of your User Information or any other breach of security.
All of your communications using the Services can and will be monitored, captured, recorded, and transmitted to government authorities if we decide it is necessary, and we do not have to notify you.
2.0 MODIFICATIONS TO THE APPLICATION / TERMS
2.1. We Have the Right to Change These Terms
We may, at any time, modify, discontinue or terminate the Services or modify these Terms, without prior notice to you. If we modify these Terms, we will post the changes on our website or Application. If you continue to use the Services after we have let you know about the changes, you agree to be bound by the modified Terms. If the changes are not acceptable to you, you should immediately stop using the Services.
3.0 YOUR USE OF THE SERVICES
You shall use the Application and Website in strict compliance with (1) these Terms; (2) any additional applicable instructions, guidelines or policies issued by Eko, including those posted within the Application or on the Website; and (3) all applicable laws, rules and regulations (collectively, “Laws”).
4.2 Use Prohibitions
You agree to use the Website and Application only for their intended purpose. You must use the Website and Application in compliance with all privacy, data protection, intellectual property, and other applicable laws.
While using the Services, you shall not:
(A) Post, upload, publish, submit, transmit or otherwise make available any content that you do not have a right to make available;
(B) Use, display, mirror or frame the Services, or any individual element within the Services, Eko or Eko’s name, any Eko trademark, logo or other proprietary information, or the layout and design of any page or form contained on a page, without Eko’s express written consent;
(C) Access, tamper with, or use non-public areas of the Services, Eko’s computer systems, or the technical delivery systems of Eko’s service providers;
(D) Attempt to probe, scan, or test the vulnerability of any Eko system or network or breach any security or authentication measures;
(E) Avoid, bypass, remove, deactivate, impair, descramble or otherwise circumvent any technological measure implemented by Eko or any third party to protect the Services;
(F) Attempt to access or search the Services or download materials from the Services through the use of any engine, software, tool, agent, device, or mechanism (including scripts, bots, spiders, scrapers, crawlers, data mining tools or the like) other than the software and/or search agents provided by Eko or other generally available third party web browsers;
(G) Send any unsolicited or unauthorized advertising, promotional materials, email, junk mail, spam, chain letters or other form of solicitation;
(H) Use any meta tags or other hidden text or metadata utilizing an Eko trademark, logo, URL, or product name without Eko’s express written consent;
(I) Use the Services or materials for any commercial purpose or the benefit of any third party or in any manner not permitted by these Terms;
(J) Forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Services or materials to send altered, deceptive or false source-identifying information;
(K) Attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the Services or materials;
(L) Interfere with, or attempt to interfere with, the access of any user, host or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the Services;
(M) Collect or store any personally identifiable information (not your own) from the Services;
(N) Impersonate or misrepresent your affiliation with any person or entity;
(O) Violate any applicable law or regulation; or
(P) Encourage or enable any other individual to do any of the above.
4.3 Computer Equipment; Browser Access and Internet Services
With the exception of the Devices provided to you, you are responsible for obtaining, installing, maintaining and operating all software, hardware or other equipment (collectively, “Systems”) necessary for you to access and use the Services. This includes, without limitation, obtaining internet services, using up to date web-browsers and the best commercially available encryption, antivirus, anti-spyware, and internet security software. There are always certain security and access availability risks associated with using open networks such as the Internet, and you expressly assume such risks. You are responsible for the data security of the Systems used to access the Services and for the transmission and receipt of information using such Systems. We are not responsible for any errors or problems that arise from the malfunction or failure of the Internet or your System.
5.0 INTELLECTUAL PROPERTY RIGHTS; RESTRICTIONS ON USE
5.1. Ownership of the Services and Related Data
The Services and all materials on the Services are owned or licensed by Eko. We grant to you, for your personal purposes only, a nonexclusive, limited, and revocable right to access and use the Services during the term of this agreement, so long as you comply with these Terms. You agree not to use the Services for any other purpose, including commercial purposes, such as co-branding, framing, linking, or reselling any portion of the Services without our prior written consent.
You may access, download or print the materials available through the Services for non-commercial purposes and solely within the scope allowable by these Terms. You may not use the materials for any other purpose without our express written permission. Any unauthorized use of words or images from the Services may violate copyright laws, trademark laws, laws of privacy and publicity, and civil and criminal statutes
You may not use Eko’s name, trademarks, service marks or logos or those of third parties appearing on the Services in any advertising or publicity, or otherwise to indicate Eko’s or such third party’s sponsorship of or afﬁliation with any product or service without express written permission of Eko or such third party.
5.2. The Eko Findings and Reports
You may use the Eko Application to generate reports of findings using the heart or body sound data. Any reports provided by Eko do not suggest a diagnosis. The interpreted report is intended as information for You and to be used as a tool to provide proper diagnosis and treatment taking into account the patient’s complete medical history. Analysis and diagnosis based on the data can only be accomplished by a physician.
5.3. Regional Telemedicine Restrictions
Due to telemedicine restrictions, Your location may restrict Your ability to use the Application for telehealth purposes. Since you are using a mobile device to collect Your data, it is your responsibility to ensure the Application is legal according to Your local telemedicine laws. This section applies only to Eko telemedicine purposes and does not apply to Remote Patient Monitoring or other functions of the Services that are not restricted by current telemedicine laws and regulations.
You have the option to obtain a data recording from the Eko device at any time. Your heart and body sound recordings are subject to multiple factors related to your health and activities. Eko makes no guarantees of the accuracy or clinical significance of the interpretation of the data. You explicitly consent to sharing data with the third-party electronic health record systems (EHRs) according to terms described in the Eko Privacy Notice located at https://ekohealth.com/privacy.
We welcome and encourage you to provide us with feedback, comments and suggestions for improvements to the Services, Devices or materials (“Feedback”). You may submit Feedback by emailing us at firstname.lastname@example.org. If you submit any Feedback to us, we will own all intellectual property rights in such Feedback and may use such Feedback for any lawful purpose.
6.0 PRIVACY NOTICE
6.1. Privacy Notice
6.2. For EEA customers
To the extent that your use of the Services involves the transfer of data from data controllers in the EEA and to the extent that Eko acts as a controller of that data, you and Eko are both controllers. In this case, the Data Transfer Agreement, included as an addendum to the Terms, shall apply.
For purposes of the Processor SCCs:
With respect to the data that Eko processes on your behalf, you represent and warrant that you have have established an appropriate legal basis or bases to allow Eko to process such data.
7.0 SUSPENSION AND TERMINATION
7.1 Suspension and Termination
If you breach any of these Terms, we may suspend or disable your account or terminate your access to the Services, without prior notice to you. There may be other instances where We may need to terminate your access to the Services that are not related to any of your actions or inactions. We reserve the right to terminate your access to and use of the Services and materials at any time, with or without cause.
7.4. Effect of Termination
If We or You terminate your access to the Services: (i) You will no longer be authorized to access or use the Application or Website or otherwise use any of the features or services offered by or through the Application or Website; and (ii) Eko may delete any data associated with You or Your account.
8.0 REPRESENTATIONS, COVENANTS AND WARRANTIES
8.1. Warranty Disclaimers
YOU EXPRESSLY UNDERSTAND AND AGREE THAT: (A) YOUR USE OF THE WEBSITE AND APPLICATION IS AT YOUR SOLE RISK, AND THE WEBSITE AND APPLICATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THESE TERMS OR EXPRESSLY STATED ELSEWHERE BY EKO, EKO MAKES NO REPRESENTATIONS, COVENANTS OR WARRANTIES AND OFFERS NO OTHER CONDITIONS, EXPRESS OR IMPLIED, REGARDING ANY MATTER, INCLUDING (1) THE MERCHANTABILITY, SUITABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, NON-INFRINGEMENT OR RESULTS TO BE DERIVED FROM THE USE OF THE APPLICATION, WEBSITE OR ANY DATA SERVICE, SOFTWARE, HARDWARE, DELIVERABLE, WORK PRODUCT OR OTHER MATERIALS RELATED TO THE APPLICATION OR WEBSITE, OR THE AVAILABILITY OF ANY OF THE FOREGOING; OR (2) WHETHER THE INFORMATION AVAILABLE ON OR TRANSMITTED BY THE APPLICATION OR WEBSITE IS TRUE, COMPLETE OR ACCURATE. YOU SPECIFICALLY ACKNOWLEDGE AND AGREE THAT EKO IS NOT RESPONSIBLE FOR ANY HEALTHCARE OR RELATED DECISIONS MADE BY YOU OR YOUR HEALTHCARE PROFESSIONAL BASED UPON DATA COLLECTED, TRANSMITTED OR DISPLAYED BY OR ON THE APPLICATION OR WEBSITE, WHETHER SUCH DATA IS ACCURATE OR INACCURATE. FURTHER, EKO DOES NOT REPRESENT, COVENANT OR WARRANT THAT ACCESS TO OR SERVICES PROVIDED BY THE APPLICATION OR WEBSITE WILL BE UNINTERRUPTED OR ERROR-FREE. YOU ACKNOWLEDGE AND AGREE THAT THERE ARE RISKS INHERENT TO TRANSMITTING INFORMATION OVER AND STORING INFORMATION ON THE INTERNET AND THAT EKO IS NOT RESPONSIBLE FOR ANY LOSSES OF YOUR DATA, CONFIDENTIALITY OR PRIVACY IN CONNECTION THEREWITH.
9.1. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER EKO NOR ANY OTHER PERSON OR ENTITY INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SERVICES OR MATERIALS SHALL BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RESULTING FROM YOUR USE OF THE APPLICATION OR WEBSITE, OR BASED UPON ANY BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT (INCLUDING THESE TERMS AND ANY ADDITIONAL INSTRUCTIONS, GUIDELINES OR POLICIES ISSUED BY EKO, INCLUDING THOSE POSTED IN THE APPLICATION OR ON THE WEBSITE), NEGLIGENCE, TORT OR ANY OTHER LEGAL THEORY (COLLECTIVELY, THE “EXCLUDED DAMAGES”). FOR THE AVOIDANCE OF DOUBT, THE EXCLUDED DAMAGES ALSO INCLUDE WITHOUT LIMITATION, LOSS OF SAVINGS OR REVENUE; LOSS OF PROFIT; LOSS OF USE; LOSS OF LIFE OR HEALTH, THE CLAIMS OF THIRD PARTIES; AND ANY COST OF ANY SUBSTITUTE EQUIPMENT OR SERVICES.
IF YOU ARE NOT SATISFIED WITH THE SERVICES, THE MATERIALS, OR THE TERMS, YOU SHOULD DISCONTINUE USING THEM – THIS IS YOUR ONLY REMEDY. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SOME OF THESE LIMITATIONS MAY NOT APPLY TO YOU. IN SUCH STATES, EKO’S LIABILITY IS LIMITED AND WARRANTIES ARE EXCLUDED TO THE GREATEST EXTENT PERMITTED BY LAW, BUT SHALL, IN NO EVENT, EXCEED $100.00. YOU MUST BRING ANY CLAIM ARISING FROM THE USAGE OF THE SERVICES OR MATERIALS WITHIN ONE (1) YEAR OF THE EVENT FROM WHICH THE CLAIM AROSE.
At its option, Eko may seek all remedies available to it under law and in equity, including injunctive relief in the form of specific performance to enforce these Terms, including any additional instructions, guidelines or policies issued by Eko, including those posted in the Application or on the Website, and/or actions for damages.
10.1. Indemnity by You
You agree to indemnify, defend and hold harmless Eko, its clients, and its suppliers and their respective afﬁliates, employees, ofﬁcers, directors, agents, servants and representatives of each from any liability, loss, claim, suit, damage, and expense (including reasonable attorneys’ fees and expenses) arising out of or in any way connected with your access to or use of the Services or Eko’s materials, your violation of these Terms, or any negligent or wrongful conduct by you or related to your account by you or any other person accessing the Services or Eko materials through your account.
11.0 DISPUTE RESOLUTION
If you or Eko has any dispute regarding these Terms, including but not limited to any alleged breach of these Terms, the parties will submit the dispute to binding arbitration in California before a single arbitrator, in accordance with rules and procedures of the American Arbitration Association. The arbitrator may, but does not have to, award legal fees, arbitrator’s fees and costs and other costs incurred by the party that does not win the dispute. Any arbitration will be strictly confidential and neither party will disclose to any person (other than necessary to carry out the arbitration) the existence of the dispute or any aspect of the dispute.
11.2. Governing Law
To the fullest extent permitted pursuant to applicable law, these Terms are governed by the laws of the State of California without regard to conflict of law principles. If a lawsuit or court proceeding is permitted under these Terms, then you and Eko agree to submit to the personal and exclusive jurisdiction of the state courts and federal courts located within Santa Clara County, California for the purpose of litigating any dispute. If you are a consumer located in the EU, such jurisdiction of the Santa Clara County courts will be non-exclusive.
12.1. General Legal Provisions
If any provision of this Agreement is determined to be invalid, illegal or unenforceable, the remaining provisions of the Agreement remain in full force, provided that the essential terms and conditions of this Agreement remain valid, binding and enforceable and the economic and legal substance of the transactions contemplated by the Agreement are materially preserved.
The United States export control laws regulate the export and re-export of technology originating in the United States. This includes the electronic transmission of information and software to foreign countries and to certain foreign nationals. You agree to abide by these laws and their regulations.
Nothing in this agreement creates an agency, partnership, or joint venture. Failure to enforce any provision will not constitute a waiver of that provision.
You may not assign these Terms (or any rights, benefits or obligations hereunder) by operation of law or otherwise without the prior written consent of Eko, which may be withheld at Eko’s sole discretion. Any attempted assignment by You that does not comply with the terms of this Section shall be null and void. Eko may assign these Terms and Conditions, in whole or in part, to any third party in its sole discretion.
The Service is offered by Eko Devices, Inc. You may contact us by emailing us at email@example.com.
Eko Devices, Inc.
1212 Broadway, Suite 100
Oakland, CA 94612
This GDPR Data Transfer Agreement is entered into by and between:
You (hereinafter “data exporter”) and Eko Devices Inc., 1212 Broadway Suite 100, Oakland, CA 94612, United States (hereinafter “data importer”); each a “party”, together “the parties”.
For the purposes of the clauses:
(a) “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);
(b) “the data exporter” shall mean the controller who transfers the personal data;
(c) “the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection;
(d) “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements.
The details of the transfer (as well as the personal data covered) are specified in Annex B, which forms an integral part of the clauses.
Obligations of the data exporter
The data exporter warrants and undertakes that:
(a) The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter.
(b) It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses.
(c) It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established.
(d) It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time.
(e) It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required.
Obligations of the data importer
The data importer warrants and undertakes that:
(a) It will have in place appropriate technical and organisational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.
(b) It will have in place procedures so that any third party it authorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorised or required by law or regulation to have access to the personal data.
(c) It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws.
(d) It will process the personal data for purposes described in Annex B, and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses.
(e) It will identify to the data exporter a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e).
(f) At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage).
(g) Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion.
(h) It will process the personal data, at its option, in accordance with:
(i) the data protection laws of the country in which the data exporter is established, or
(ii) the relevant provisions (1) of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorisation or decision and is based in a country to which such an authorisation or decision pertains, but is not covered by such authorisation or decision for the purposes of the transfer(s) of the personal data (2), or
(iii) the data processing principles set forth in Annex A.
Data importer to indicate which option it selects: h(iii)
Initials of data importer:_Eko Devices Inc.;
(i) It will not disclose or transfer the personal data to a third-party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and
(i) the third-party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or
(ii) the third-party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or
(iii) data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or
(iv) with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer
Liability and third party rights
(a) Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law.
(b) The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter’s country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts).
Law applicable to the clauses
These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause.
Resolution of disputes with data subjects or the authority
(a) In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
(b) The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.
(c) Each party shall abide by a decision of a competent court of the data exporter’s country of establishment or of the authority which is final and against which no further appeal is possible.
(a) In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated.
(b) In the event that:
(i) the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a);
(ii) compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import;
(iii) the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;
(iv) a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or
(v) a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs
then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses.
(c) Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country.
(d) The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.
Variation of these clauses
The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.
Description of the Transfer
The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
This Data Transfer Agreement (“DTA”) amends and is incorporated into the terms of any existing agreement between the parties. In the event of any conflict between this DTA and any other agreement between the parties, this DTA shall control with respect to the subject matter hereof.
Dated: The date of acceptance of the Data Transfer Agreement or the Terms
DATA PROCESSING PRINCIPLES
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
4. Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.
8. Automated decisions: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:
(a) (i) such decisions are made by the data importer in entering into or performing a contract with the data subject, and
(ii) (the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties.
(b) where otherwise provided by the law of the data exporter.
DESCRIPTION OF THE TRANSFER
The personal data transferred concern the following categories of data subjects:
Purpose of the transfers
The transfer is made for the following purposes:
Categories of data
The personal data transferred concern the following categories of data:
The personal data transferred may be disclosed only to the following recipients or categories of recipients:
The personal data transferred concern the following categories of sensitive data:
Data protection registration information