Terms of Service

March 2024

 

1.         Subject Matter and Scope

1.1.     Scope. These Terms of Service ("ToS") govern your use of the “Transfer as a Service” Service (“Service”) provided by Siemens Healthineers ("we", "us", or "our") to you. The Service is a cloud-based platform which allows you to share data with other parties, subject to the following rules. These ToS incorporate by reference the Acceptable Use Policy (Exhibit 1) and the Data Processing Agreement (Exhibit 2).

1.2    Out of Scope. The Services always exclude (i) the provision of any software, hardware or services besides the Services , even if they interoperate with the Services; (ii) the transmission of data or software to and from the exit of the wide area network of the data centers used by us to provide the respective Service; and (iii) any hardware intended for the connection of devices, systems, or other equipment to the Platform. You are responsible for securing and maintaining an internet connection and suitable connectivity to the Services at your own expense.

1.3.    Changes to the ToS. Siemens Healthineers reserves the right to modify this ToS at any time and you agree to adhere to the ToS in its respective current form.

1.4.     Definitions. Certain capitalized terms used in this document shall have the following meaning:

 

1.4.1 "Acceptable Use Policy" means the policy listed in Exhibit 1.

1.4.2 "Account" means one or more web-based accounts, individually or collectively, enabling access to and use of certain Services provided on the Platform through a unique URL (i.e. web-address) assigned by Siemens Healthineers, including any subtenants established under the Account.

1.4.3. "Affiliate" means a corporation or other legal entity, directly or indirectly, owned or controlled by, or owning or controlling or under common control with one of the Parties where "control" shall mean to have, directly or indirectly, the power to direct or cause the direction of the management and policies of a corporation or other entity.

1.4.4 "Applicable Law" means the law specified in Section 14.5.

1.4.5. "Application" means software that is deployed on the Platform and/or interoperates with the Platform via Platform APIs.

1.4.6."Confidential Information" means any information disclosed by a Party or its Affiliate to the other Party under or in connection with the TOS and which is - when disclosed - identified as "Confidential" or consists of information that, by its nature or context, is sufficient to put the receiving Party on notice of its confidential nature. In addition, any information and materials obtained by you in connection with the TOS or your receipt of Services, including the performance and availability of the Services, the Platform, information regarding Siemens Healthineers' or our business partners' business strategies and practices, methodologies, trade secrets, know-how, pricing, technology, software, application programming interfaces, application programming interface signatures, product plans, and information regarding Siemens Healthineers' employees, clients, vendors and consultants, are deemed to be our Confidential Information. Confidential Information does not include information that: (i) is generally available to the public without breach of the ToS and without any wrongdoing; (ii) is or becomes available to the recipient from a source other than the Party who discloses the Confidential Information, provided that the recipient has no reason to believe that such source is itself bound by a confidentiality obligation or that such source has obtained the information through any wrongful or tortious conduct; (iii) was lawfully in the recipient's possession prior to receipt from the other Party without a corresponding obligation of confidentiality; (iv) is independently developed by the recipient without the use of, or reference to, Confidential Information; or (v) has been released by the disclosing Party for non-confidential use e.g. in a Specification Document.

1.4.7. "Data Processing Agreement" or "DPA" means the terms listed in Exhibit 2.

1.4.8. "High Risk System" means a device or system that requires enhanced safety functionalities such as fail-safe or fault-tolerant features to maintain a safe state where it is reasonably foreseeable that failure of the device or system could lead directly to death, personal injury, or catastrophic property damage. Without limitation, High Risk Systems may be required in critical infrastructure, direct health support devices, aircraft, train, boat or vehicle navigation or communication systems, air traffic control, weapons systems, nuclear facilities, power plants, medical systems and facilities, and transportation facilities.

1.4.9. "Laws" means any law, rule, regulation, norm, and directive including, without limitation, industry or company specific regulations, co-determination rights of the works council, data privacy, telecommunication, energy law, IT security law, export control, sanctions, and regulation pertaining to the protection of classified information.

1.4.10.   "Material" means any software, sample code, scripts, libraries, software development kits, technology, documentation, and other proprietary material or information made available to you by or on behalf of us in relation to our provision of Services.

1.4.11.   "Platform APIs" means Siemens Healthineers' application programming interfaces that are integrated with the Platform. Platform APIs are part of the Platform and the Services.

1.4.12.   "Party" means you and/or us, depending on the context

1.4.13.   "Platform" means a Siemens Healthineers proprietary cloud-based platform solution on which the Services are provided.

1.4.14.   "Services" means the cloud services as described in the Specification Documents and Materials.

1.4.15.   "Siemens Healthineers" means Siemens Healthineers AG (Germany) and its Affiliates.

1.4.16       "Third Party" means any person or legal entity other than you or Siemens Healthineers. Third Party includes your Affiliates.

1.4.17     "User" means an individual who has access credentials to your Account, including individuals of Third Parties or who is otherwise authorized by you to access your Account. Access to your Account includes access to any subtenant that you establish under your Account, to any Application associated with your Account, to Your Content and/or the Services.

1.4.18 "Content" means any information, program, software, Application, code in any form, script, library, or data that is entered, uploaded onto or stored on the Platform in connection with your or any User's use of Services under your Account. Your Content excludes the Services and the Platform.

 

2.         Provision of Services

2.1.    Service Standards. The Services are provided free of charge to you. We will use commercially reasonable efforts to make the Services available to you, subject to operational requirements, including maintenance and security.

2.2.    Security. We maintain a formal security program that is designed to protect against threats or hazards to the security of Your Content and prevent unauthorized access to Your Content. Providers of our cloud infrastructure are required to (i) implement and maintain a security program that complies, inter alia, with the ISO 27001 or a successor standard (if any) that is substantially equivalent to ISO 27001 and that is designed to provide at least the same level of protection as evidenced by the certification of the providers under ISO 27001 and (ii) have the adequacy of their security measures annually verified by independent auditors. The Platform (i) employs firewalls, anti-malware, threat detection systems and the corresponding management processes designed to protect service delivery from malware and (ii) is operated under a security governance model aligned with ISO 27001, including regular penetration testing. This Section contains Siemens Healthineers' entire obligation regarding the security of Your Content, the Platform and the Services.

2.3.    Changes to the Services. We provide the Service in a multiuser environment and must therefore reserve the right to modify and discontinue the Service. We may modify a Service at any time without degrading its functionality or security features. We may discontinue or stop the Service at any time in our discretion.

2.4.    Subcontractors, Location of Data Centers. To support the rendering of the Services, we may use personnel and resources in the EU, India and Brasil. The locations of data centers used by us for the storage of Your Content are in Germany and USA.

2.5.    Monitoring of Usage. Without limiting any of our rights in Section 5.1, Siemens Healthineers or Siemens Healthineers' subcontractors may monitor Users' usage of Services and Third Party Applications for Siemens Healthineers' internal purposes, including: (i) for security and availability reasons; (ii) to the extent required to ensure compliance with the ToS; (iii) to detect, prevent, and suspend any use of Services exceeding the permitted use under the ToS, and otherwise as necessary for payment and billing purposes (also in relation to Third Parties); (iv) to provide you with reports on Users' use of the Services; and (v) to offer to you, in accordance with any applicable legal requirements, other products or services that are not yet part of the Services. You will not block or interfere with our monitoring but may use encryption technology or firewalls to help keep Your Content confidential. We may also use usage information on an aggregated basis to improve the Services, other Siemens Healthineers products and services, and Siemens Healthineers' subcontractors' services.

2.6.    Data Privacy. Each Party shall comply with all applicable data privacy laws and regulations governing the protection of personal data in relation to their respective performance under the ToS. If we act as your processor of personal data, our Data Processing Agreement applies to your use of the relevant Services.

 

3.         Use of Services

3.1.    Use Rights. We grant you the non-transferable, non-sub-licensable, time-limited and revocable right to access and use the Services for your internal purposes as end-user, subject to the limitations set out in the ToS. In any case, Services on the Platform may only be accessed by Users via your Account using access credentials, by Siemens Healthineers at your request.

3.2.    Credentials. You shall: (i) carefully store access credentials and security tokens and protect them from unauthorized access; (ii) not gain access to the Services by any means other than your Account or other means permitted by us; (iii) not circumvent or disclose the authentication or security of your Account, the Platform or any host, network, or account related to the Platform; (iv) not use a false identity or credentials of another person to gain access to your Account, the Platform or the Services; and (v) ensure that any credentials are used only by the individual who was granted the credentials. We may change access credentials if we determine in our reasonable discretion that a change is necessary.

3.3.    Responsibility for Users and Other Persons. You are responsible for all activities that occur under your Account and any use of the Services by any User, any of your employees or any Third Party to whom you facilitate or permit access to the Services, and all liabilities or other consequences arising from such activities or use, as if these were your own acts. This does not apply to the extent damage or breach is caused by our violation of the ToS. You will ensure that all Users, your employees and any Third Party to whom you facilitate or permit access to the Services, comply with your obligations under the ToS. Should you become aware of any violation of your obligations under the ToS you will immediately terminate the relevant person's access to the Services. You acknowledge and agree that Your Users who submit declarations and/or notifications to us act on your behalf and have the legal authority to bind you.

3.4.    Obligations when Using Services. You are responsible that your use of the Services complies with the Laws at all times. You shall (i) obtain, at your own expense, any rights, consents and permits from vendors of software and services used by you in connection with the Services which are necessary for Siemens Healthineers and its subcontractors to provide the Services and (ii) always keep up to date any software that we provide to you as part of the Services by installing updates and patches as they become available. You shall remain responsible for the security of your systems and of on-premise hardware and software.

3.5.    Your Content. You are responsible for the development, content, management, use, and quality of Your Content and the means by which you acquire and share Your Content. This includes your responsibility for: (i) the technical operation of Your Content including compatibility of any calls you make to a Service with the Platform APIs; (ii) the transfer or copying of Your Content to data centers outside your country of residence in compliance with Laws; (iii) taking your own steps to maintain legally required or otherwise appropriate security and protection, including backup and archiving, of Your Content; (iv) any document retention or archiving obligations resulting from Laws or company policies; and (v) ensuring that Your Content can be used by Siemens Healthineers and its business partners as permitted under this TOS without violating Laws or rights of others. You shall properly handle any notices and claims sent to you claiming that Your Content violates Third Party's rights or Laws. We will not delete any of Your Content during the Subscription Term unless such deletion is required by a governmental body, to avoid or limit the liability of Siemens Healthineers or any Third Party, or to prevent the security of Siemens Healthineers' systems from being affected.

3.6.    Information Obligations. You will provide information or other materials related to Your Content as we reasonably request to verify your compliance with the ToS. If you become aware of any of the following actual or potential events you shall promptly provide us with reasonable information and assistance regarding their mitigation and resolution: (i) unauthorized use of your Account; (ii) loss or theft of your Account information; (iii) circumstances or incidents affecting the security of the Platform or Services; and (iv) measures by authorities or court decisions specifically relating to your use of Services or the Platform which may affect the Platform or the Services.

3.7.    Limited Reliance. You acknowledge and agree that (i) our Services are not designed to be used for the operation of or within a High Risk System and (ii) that the outcome from any processing of data through the use of the Services is beyond our control. You are responsible for the use and the interpretation of the outcome from such processing and any reliance on such outcome.

 

4.         No Fees

The Services are provided free of charge.

 

5.         Proprietary Rights

5.1.    Rights in Your Content. We will not acquire any rights, title or interest in or to Your Content, except as granted under the ToS. Siemens Healthineers and its business partners have a worldwide, non-exclusive, transferable, sub-licensable, royalty-free right to use, host, store, transmit, display, modify and reproduce Your Content for the purpose of providing the Services.

5.2.    Rights in the Platform, Services, Feedback. All right, title and interest in and to the Platform and the Services, including any know-how and any part and improvement thereof, and all intellectual property rights in or to the foregoing shall remain wholly vested in Siemens Healthineers, its business partners and/or licensors. You grant Siemens Healthineers a worldwide, perpetual, irrevocable, unlimited, transferable, sub-licensable, fully paid, royalty-free license to use any suggestion, recommendation, feature request, or other feedback related to the Services and/or the Platform, provided by you or on your behalf.

 

6.         No Warranty

Except to the extent prohibited by Applicable Law, the Services are provided "as is" without warranties of any kind and in their then-current version made available by us from time to time without support and availability commitments. We are not obliged to offer post-termination assistance. 

THIS SECTION SETS OUT THE EXCLUSIVE WARRANTY FROM US AND IT REPLACES ALL OTHER EXPRESS OR IMPLIED WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT, OR ANY EXPRESS OR IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, COURSE OF DEALING AND USAGE OF TRADE. WITHOUT LIMITING THE FOREGOING, SIEMENS HEALTHINEERS DOES NOT WARRANT THAT THE SERVICES WILL BE FAIL-SAFE, FAULT-TOLERANT, UNINTERRUPTED, ERROR FREE, FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT, OR THIRD-PARTY SOFTWARE WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. THIS SECTION 6.2 DOES NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

 

7.         Indemnification

7.1.    Intellectual Property Infringement. If a Third Party asserts a claim against you that the Services infringe such Third Party's patent or copyright, we will defend you against or, at our option, settle such claim and pay amounts finally awarded by a court of competent jurisdiction against you or included in a settlement approved by us.

7.1.1.    Notices. You will give us prompt written notice of such claim, allow us to control the defense and settlement, and reasonably cooperate with us in this regard. Your failure to provide such notice or cooperation will release us from our obligations under this Section 7.1, if and to the extent we are materially prejudiced by such failure.

7.1.2.    Exceptions. Our obligations in this Section 7.1 shall not apply to the extent that any such infringement claims arise from: (i) your failure to use the most current version of the Services or a defect correction or patch made available by us; (ii) the combination, operation or use of the Services in conjunction with any of Your Content or with any Third Party software, equipment, materials, services or products; (iii) an adjustment or configuration of the Services not made by us; or (iv) any use of the Services following our notification to you to discontinue such use; or (v) our compliance with designs, plans or specifications provided to us by you or on your behalf.

7.1.3.    Injunction. If a permanent injunction is obtained against you due to an infringement pursuant to Section 7.1, then we will, at our sole discretion: (i) obtain for you the right to continue using the Services; (ii) replace or modify the Services so that they no longer infringe the relevant intellectual property right; We reserve the right to stop the Services immediately.

7.1.4.    Sole and Exclusive Remedy. To the extent permissible under Applicable Law, this Section 7.1 represents the sole and exclusive remedy available to you against Siemens Healthineers for infringement of intellectual property rights under the TOS.

7.2.    Indemnity by You. You will indemnify Siemens Healthineers and its suppliers and contractors and each of their respective employees, officers, directors, and representatives from and against, and, at Siemens Healthineers' option, defend Siemens Healthineers from, any claims, damages, liabilities, losses, costs and expenses (including reasonable attorney's fees) arising from or in connection with: (i) Your Content; (ii) any violation of Laws or rights of others by your use of the Services; (iii) any breach by you of the TOS, (iv) the operation, your combination or use of the Services in conjunction with any of Your Content and/or in conjunction with any Third Party software, materials and/or services; (v) an adjustment or configuration of the Services made by you or a Third Party to which you facilitate or permit access to the Services, including Users; (vi) our compliance with designs, plans or specifications provided to us by you or on your behalf; (vii) any claims by any User or any Third Party to which you facilitate or permit access to the Services; (x) your use of Siemens Healthineers' trademarks, designations and logos without explicit prior approval; and (xi) the use of a Service for the operation of or within a High Risk System, if the functioning of a High Risk System depends on the proper functioning of a Service or a Service caused a High Risk System to fail. Section 7.1.1 shall apply mutatis mutandis.

 

8.         Limitation of Liability

8.1.  The Service is provided “as is”. Any liability of Siemens Healthineers for all claims or damages arising out of or related to the TOS, regardless of the form of action, whether in contract, tort or otherwise, is excluded unless required by mandatory law, e.g. under the Act on Product Liability or in cases of willful misconduct, gross negligence, personal injury or death, fraudulent concealment of a defect or in case of breach of fundamental contractual obligations.  The damages in case of breach of fundamental contractual obligations is limited to the contract-typical, foreseeable damage.

8.2.    Disclaimer. In no event will Siemens Healthineers be liable for any amounts for loss of production, interruption of operations, contractual claims against you by any Third Party, damage to property, loss or corruption of Your Content, loss of use, loss of interest, income, profit or savings, or indirect, incidental, consequential, exemplary, punitive, or special damages, even if Siemens Healthineers has been advised of the possibility of such damages in advance, and all such damages are expressly disclaimed.

8.3.    Limitation on Claims. Any claims against Siemens Healthineers shall be brought no later than 12 months after the event giving rise to the respective claim. Thereafter all claims arising out of that event against Siemens Healthineers shall be barred.

8.4.    Beneficiaries. Any limitations and exclusions of liability shall also apply to the benefit of any employees, officers, directors, representatives, suppliers, subcontractors, and any person used by Siemens Healthineers in performing any of our obligations.

 

9.         Temporary Suspension

9.1.    Our right to Suspend. We may suspend or limit Users' use of a Service immediately upon notice if we reasonably determine that there is a material breach of your obligations or a security incident or threat to the security of the Platform in connection with your access to or use of Services; or if such suspension or limitation is required by Laws, a court decision, or a request from a governmental body. . In addition, we may throttle or terminate computing jobs that we determine degrade the performance of the Services or any component of the Services.

9.2.    Effect of Temporary Suspension. If you can reasonably remedy the cause of the suspension or limitation, we will notify you of the actions that you must take to reinstate the Services. The suspension or limitation will be lifted as soon as the reason for such suspension or limitation no longer exists.

 

10.      Confidentiality, Compelled Disclosure

10.1. Confidentiality Obligations. Each Party shall treat Confidential Information disclosed by the other Party or its Affiliates as confidential, only use it in connection with the Services or as otherwise permitted under the TOS, and not disclose such Confidential Information to anyone except to those Users, employees, Affiliates, business partners and advisors, and the respective employees of such Affiliates, business partners and advisors who need to know that information for the implementation of the TOS and who are bound to appropriate confidentiality obligations.

10.2. Compelled Disclosure. We will not disclose Confidential Information and/or any of Your Content to any Third Party except (i) as instructed by you, (ii) as permitted in the TOS, (iii) as required by Laws or governmental order. Should any Third Party (including governmental bodies) contact us with a request to disclose Confidential Information and/or any of Your Content, we will redirect such Third Party to request that data directly from you and may provide your basic contact information unless we are prevented from doing so by Laws or governmental order. If we are compelled to disclose Confidential Information and/or any of Your Content to any Third Party, we will promptly notify you and provide a copy of the request unless we are prevented from doing so by Laws or governmental order. We may further disclose Confidential Information and/or Your Content to Third Parties in order to report to them potential violations of Laws in connection with your use of the Services.

 

11.      Export Control and Sanctions Compliance

11.1. Export and Sanctions Laws. You agree to comply with all applicable sanctions (including embargoes) and (re-)export control laws and regulations including (to the extent applicable) those of the Federal Republic of Germany, the European Union and the United States of America (collectively "Export and Sanctions Laws").

11.2 Technology:  You may only upload and transfer such technology, know-how, software in object and/or source code, and other technical data (“Technology”) to countries which are not subject to sanctions or embargoes of the Federal Republic of Germany, the European Union or the United States of America. Before onboarding an external user, you need to screen the user against the relevant export control sanctioned lists.

 

11.3 Your Obligations. You are obliged: (i) to deny and prevent access to Services from any location prohibited by or subject to sanctions or license requirements according to Export and Sanctions Laws; (ii) to continuously check any of your customers and any Users against applicable sanctioned party lists; (iii) not to grant access to the Services, including any Materials, or the Platform to any individual or entity designated on any of these lists; and (iv) ensure that Your Content is neither classified under EU / German (only AL = N) nor US export control regulations (only "not subject to EAR" [ECCN = N].

11.4. Information Requirements. If required to enable authorities or Siemens Healthineers to conduct export control or sanctions compliance checks, you, upon request by Siemens Healthineers, shall promptly provide Siemens Healthineers with all information pertaining to the particular destination, end user, and particular intended use of Services provided by Siemens Healthineers, including information on you, your customers, and Users.

11.5. Right to Withhold Performance. We shall not be obligated to perform the Services if such performance is prevented by any impediments arising out of national or international foreign trade or customs requirements or any embargoes or other sanctions. You further acknowledge that Siemens Healthineers may be obliged under Export and Sanctions Laws applicable to Siemens Healthineers to limit or suspend access by you and/or Users to the Services.

 

12.     General Provisions

12.1. Dispute Resolution. All disputes arising out of or in connection with the TOS, including the formation, interpretation, amendment, breach or termination thereof, shall be finally settled under the rules of arbitration of the International Chamber of Commerce (ICC) by one or more arbitrators appointed in accordance with such rules. The seat of arbitration shall be Munich, Germany. The language to be used in the arbitration shall be English. Any orders for the production or disclosure of documents shall be limited to the documents on which each Party specifically relies in its submission(s). Nothing in this Section 12.1 shall restrict the right of the Parties to seek interim relief intended to preserve the status quo or interim measures in any court of competent jurisdiction.

12.2. Applicable Law. The TOS shall be governed by and construed in accordance with the Laws of Germany, without giving effect to any choice-of-law rules that may require the application of the law of another jurisdiction. The UN Convention on Contracts for the International Sale of Goods shall not apply.

12.3. Notices. We may provide notice to you under the TOS by: (i) posting a notice on your Account; or (ii) sending a message to the email address provided to us . It is your responsibility to regularly visit your Account and to keep your email address current. If you do not comply with such obligation or if the receipt of a notice by you fails because of technical issues related to equipment or services which are under your or your subcontractors' control, notices shall be deemed to have been provided to you 2 days following the date of such notice. Notwithstanding the foregoing, notices of claims or notices regarding disputes shall always be sent by facsimile or postal mail to the contact addresses provided in the respective Order Form.

12.4. Validity and Enforceability. If any provision of the TOS is held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions will not in any way be affected or impaired, and such provision will be deemed to be restated to reflect the original intentions of the Parties as nearly as possible in accordance with Applicable Law.

12.5. Publicity. Except as may be required by Applicable Law, neither Party shall issue a press release in connection with the subject matter hereof without the prior written consent of the other Party, which shall not be unreasonably withheld. Notwithstanding the foregoing, Siemens Healthineers and you shall have the limited right to disclose the terms of the TOS to their bona fide financial, tax and legal advisors subject to appropriate confidentiality obligations.

12.6. Entire Agreement. The TOS constitutes the full and complete statement of the terms agreed between the Parties with respect to the subject matter thereof and supersedes any previous or contemporaneous agreements, understandings or communications, whether written or verbal, relating to its subject matter. The reference to a document that refers to another document shall be deemed to also include such other document, unless otherwise stated therein.

12.7. Independent Contractors. For all purposes, the Parties will be deemed to be independent contractors and nothing contained in the TOS will be deemed to constitute a joint venture, partnership, employer-employee relationship or other agency relationship. Neither Party is, nor will either Party hold itself out to be, vested with any power or right to contractually bind or act on behalf of the other Party.

 

13.   China laws and regulations:

 

13.1

This Solution/Platform covers the following topics and functions: Transfer as a Service

本解决方案/平台有如下内容和功能：Transfer as a Service

 

With this document, Siemens Healthineers notifies you of the precautions relevant to uploading functions for the purpose of you conducting data uploading activities via this Solution/Platform.

为您使用本解决方案/平台进行数据上传活动的目的，西门子医疗希望通过本文件向您告知与上传功能相关的注意事项。

 

13.2

Before you download and use the system, please ensure you have completed relevant training containing the contents including but not limited to the ones on how to use such system and share data appropriately via it. The training could be found on Siemens Healthineers Transfer as a Service system. Uploading the documents and/or the information as listed below is strictly prohibited:

 

· national secret, Siemens Healthineers trade secret and/or other confidential information, unauthorized personal information;

· infringement on any intellectual property right or any other proprietary right;

· any contents containing virus, or any other program that could damage data;

· transmit, store or upload hyperlinks or contents to which the user is not entitled, in particular in cases where such hyperlinks or contents are in breach of confidentiality obligations or unlawful

 

请确保在您使用本解决方案/平台之前已接受相关培训，该培训包括但不限于系统使用和如何适当进行数据分享方面的内容。该培训材料可在西门子医疗 Transfer as a Service 系统找到。严禁上传包含以下情形在内的文件和/或信息：

· 国家秘密、西门子医疗商业秘密和/或保密信息、未经授权的个人信息；

 

· 侵犯任何知识产权或其他财产权利；

· 任何含有病毒的文件，或其他可能破坏数据的程序；

· 用户无权的链接或内容，特别是如果该链接或内容违反保密义务或非法

 

Siemens Healthineers shall be entitled to limit or revoke your access right to this Solution/Platform at any time via blocking your authority on data uploading or other measures if it determines that you have violated the rules specified above or other regulations on data protection.

 

如西门子医疗认为您已违反上述或相关数据保护方面的规定，有权在任何时间通过阻止用户数据上传等方式限制或取消您对系统访问的使用权限。

 

13.3

Kindly be informed that Siemens Healthineers stores the materials input and uploaded from your side (including “Personal Information”, collectively “Materials”) in an intranet-based software tool located in Germany via this Solution/Platform. Access to the Materials will be limited to certain employees of the Siemens Healthineers. The Materials will be deleted as soon as its knowledge is no longer needed for the purpose as stated above or required to be retained by law, and if you would like to withdraw the relevant authorization or request to delete the relevant information, please contact file.transfer.func@siemens-healthineers.com

 

敬请知悉，通过本解决方案/平台，西门子医疗将把您输入和上传的相应信息和资料（包括个人信息等，以下简称“资料”）储存在位于 Germany 的基于内部网络的软件工具中，只有西门子医疗的特定雇

员才有权访问该资料，且基于上述目的收集和存储的资料一旦不被需要将被立即删除或依法保存，如您想撤回相关许可或要求相应删除，请联系 file.transfer.func@siemens-healthineers.com。

 

If you have any further questions in this regard, please contact us for necessary support according on the following e-mail address:file.transfer.func@siemens-healthineers.com

若您有任何进一步的问题，您可通过电子邮箱地址 file.transfer.func@siemens-healthineers.com 联系我们以获取您所需要的支持。

 

By clicking “Next” above, you confirm that:

· you have read, fully understood and agreed on the above.

· you consent to the precautions above to conduct data uploading activities.

 

单击上面的“下一步”即表示您确认:

· 您已经阅读、充分理解并同意上述文字；

· 您同意遵守上述注意事项进行数据上传活动。

 

Exhibit 1 - Acceptable Use Policy

October 2023

 

This Acceptable Use Policy ("Policy") sets out terms with which you must comply when using our Services.

1.         Definitions

Capitalized terms shall have the meaning given to them in the terms governing the Services.

2.         No Illegal, Harmful, or Offensive Use of Your Content

You shall not use, or encourage, promote, facilitate, or instruct others to use, the Services for any illegal, harmful, or offensive use. Your Content must not be illegal, harmful, or offensive. In particular, your use of the Services, Your Content and your use of Your Content shall not:

(i)                   Violate any rights of third parties or Laws;

 

(ii)                 violate any intellectual property right or any other proprietary rights;

 

(iii)                be harmful to others, or Siemens Healthineers' operations or reputation, including by offering or disseminating fraudulent goods, services, schemes, or promotions, make-money-fast schemes, ponzi or pyramid schemes, phishing, farming, or other deceptive practices;

 

(iv)                distribute advertising or unsolicited e-mails (so-called "spam") or inaccurate warnings of viruses;

 

(v)                 be defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable;

 

(vi)                subject Siemens Healthineers or its business partners to any liability.

 

3.         No violation of use restrictions

You shall not:

(i)                   copy, sell, resell, license, transfer, assign, sublicense, rent, lease, or otherwise make available the Services or the Platform in whole or in part to any Third Party (unless permitted otherwise by us or required by Laws);

 

(ii)                 translate, disassemble, decompile, reverse engineer or otherwise modify, tamper with, repair or attempt to discover the source code of any software contained in the Services or the Platform (unless permitted otherwise by us or required by Laws);

 

(iii)                create derivative works of, or based on, any parts of the Services or the Platform;

 

(iv)                change or remove any notices or notations from the Services or the Platform that refer to intellectual property rights or brand names; and

 

(v)                 imitate the "look and feel" of any of Siemens Healthineers' website or other user interface, nor the branding, color combinations, fonts, graphic designs, product icons or other elements associated with Siemens Healthineers; and

 

(vi)                upload to the Platform any of Your Content that is subject to a license that, as a condition of use, access, and/or modification of such content, requires that any Siemens Healthineers' or Siemens Healthineers' business partners' software or service provided by Siemens Healthineers and interacting with or hosted alongside Your Content: (a) are disclosed or distributed in source code form; (b) are licensed to recipients for the purpose of making derivative works; (c) are licensed at no charge; (d) are not used for commercial purposes; or (e) are otherwise encumbered in any manner.

 

4.         No Abusive Use

You shall not do any of the following:

(i)                    use the Services in a way intended to avoid or work around any use limitations and restrictions placed on such Services, such as access and storage restrictions or to avoid incurring fees;

 

(ii)                 access or use the Services for the purpose of conducting a performance test, building a competitive product or service or copying its features or user interface or use the Services in the operation of a business process outsourcing or other outsourcing or a time-sharing service;

 

(iii)                interfere with the proper functioning of any of Siemens Healthineers' systems, including any overload of a system by mail bombing, news bombing, broadcast attacks, or flooding techniques;

 

(iv)                engage in any activity or modification or attempt to modify the Platform or the Services in such a way as to negatively impact on the performance of the Platform or the Services.

5.         No Security Violations

You shall not use the Services in a way that results in, permits, assists or facilitates any action that constitutes a threat to the security of the Platform or the Services. You shall in particular:

(i)                   before accessing the Services, during use, and when transferring Your Content, take all reasonable precautions against security attacks on your system, on-site hardware, software or services that you use to connect to and/or access the Platform, including appropriate measures to prevent viruses, trojan horses or other programs that may damage software;

 

(ii)                 not interfere with or disrupt the integrity or performance of the Services or other equipment or networks connected to the Platform, and in particular not transmit any of Your Content containing viruses, trojan horses, or other programs that may damage software;

 

(iii)                not use the Services in a way that could damage, disable, overburden, impair or compromise any of Siemens Healthineers' systems or their security or interfere with other Users of the Platform;

 

(iv)                not perform any penetration test of or on the Services or the Platform without obtaining our express prior written consent; and

 

(v)                 not connect devices to the Services that do not comply with industry standard security policies (e.g., password protection, virus protection, update and patch level).

6.         Reporting

If you become aware of any violation of this Policy, you will immediately notify us and provide us with assistance, as requested by us, to stop, mitigate or remedy the violation.

 

 

 

 Exhibit 2 - Data Processing Agreement ("DPA")

(October 2023)

1.      Scope of the DPA and compliance with applicable data protection law

1.1    This DPA serves as written commissioned data processing agreement between You (“Company”) and Siemens Healthineers and applies to Services provided under the Agreement that involve the Processing of Personal Data by Siemens Healthineers acting in its role as Processor (each such service hereinafter referred to as "Service"). The DPA describes Company's and Siemens Healthineers' data protection related rights and obligations with regard to the Services; all other rights and obligations shall be exclusively governed by the other parts of the Agreement.

1.2    When providing the Services, Siemens Healthineers will comply with all data protection laws and regulations directly applicable to Processors. However, Siemens Healthineers is not responsible for compliance with any data protection laws or regulations applicable to Company or Company's industry that are not generally applicable to Processors. Company shall ensure that Siemens Healthineers and its Sub-Processors are allowed to provide the Services as de-scribed in this DPA.

2.      Details of the Processing operations provided by Siemens Healthineers

The details of the Processing operations conducted by Siemens Healthineers, including the scope, the nature and purpose of the Processing, the types of Personal Data Processed and the categories of affected data subjects, are specified in Attachment 1. 

3.      Company's instructions and disclosure of customer data

3.1    As Processor, Siemens Healthineers will only Process Personal Data upon Company's documented instructions. The Agreement (including this DPA) constitutes Company's complete and final instructions for the Processing of Personal Data by Siemens Healthineers as Company's Processor. Any additional or alternate instructions must be agreed between Siemens Healthineers and Company in writing and may be subject to additional costs. Siemens Healthineers shall inform Company if, in the opinion of Siemens Healthineers, an instruction infringes applicable data protection law. Siemens Healthineers shall, how-ever, not be obligated to perform any legal examination of Company's instructions.

3.2    Siemens Healthineers shall be entitled to disclose or to entitle its Sub-Processors to disclose Personal Data to comply with applicable laws and/or governmental orders. In case of such a request, Siemens Healthineers or the Sub-Processor will (i) use reasonable efforts to redirect such requesting entity to request data directly from Company and may provide Company's basic contact information, and (ii) promptly notify Company and provide a copy of the request, un-less Siemens Healthineers is prevented from doing so by applicable laws or governmental order.

4.      Technical and organizational measures

4.1    Siemens Healthineers shall implement the technical and organizational measures described in Attachment 2. Company hereby confirms that the level of security provided is appropriate to the risk inherent with the Processing by Siemens Healthineers on behalf of Company.

4.2    Company understands and agrees that the technical and organizational measures are subject to technical progress and development. In that regard, Siemens Healthineers shall have the right to implement adequate alternative measures as long as the security level of the measures is maintained.

5.      Confidentiality of the processing

Siemens Healthineers will ensure that personnel who are involved with the Processing of Personal Data under this DPA have committed themselves to confidentiality.

6.      Sub-Processors

6.1    Customer generally consents that Siemens Healthineers may engage Sub-Processors. Company hereby authorizes the Sub-Processors listed in Attachment 1.

6.2    Siemens Healthineers may remove or add new Sub-Processors at any time. In such case, Siemens Healthineers will obtain Company's approval to engage new Sub-Processors in accordance with the following process: (i) Siemens Healthineers shall notify Company with at least 20 days' prior notice before authorizing any new Sub-Processors to access Company's Personal Data; (ii) if Company raises no reasonable objections that include an explanation of the grounds for non-approval in writing within this 20 day period, then this shall be taken as an approval of the new Sub-Processors; (iii) if Company raises reason-able objections, Siemens Healthineers will - before authorizing the Sub-Processors to access Company's Personal Data - use reasonable efforts to (a) recommend a change to Company's configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-Processors or (b) propose other measures that ad-dress the concerns raised in the objection; (iv) if the pro-posed changes or measures cannot eliminate the grounds for non-approval, Company may terminate the affected Service with 10 days' notice following Siemens Healthineers' response to Company's objection. If Company does not terminate the affected Service within the 10-day period, this shall be taken as an approval of the Sub-Processors by Company.

6.3    Siemens Healthineers shall be entitled to perform Emergency Replacements of Sub-Processors. In such case Siemens Healthineers shall inform Company of the Emergency Re-placement without undue delay and the process as de-scribed in Section 6.2 shall apply mutatis mutandis after Company's receipt of the notification

6.4    In case of any subprocessing, Siemens Healthineers shall enter into a contract with each Sub-Processor imposing appropriate contractual obligations on the Sub-Processor that are no less protective than this DPA. Siemens Healthineers re-mains responsible for any acts or omissions of its Sub-Processors in the same manner as for its own acts and omissions hereunder

7.      Data processing location

Personal Data will only be Processed on: (a) Servers and networks located in the EEA and US; and (b) locations in the EEA and US from which Siemens Healthineers provides support. We shall not move or transfer Personal Data from servers and networks within the EEA to any other destination without Customer's prior approval.

8.      Rectification and erasure

Siemens Healthineers shall, at its own discretion, either (i) provide Company with the ability to rectify or erase Personal Data via the functionalities of the Services, or (ii) rectify or erase Personal Data as instructed by Company.

9.      Personal Data Breach

In the event of any Personal Data Breach, Siemens Healthineers shall notify Company of such breach without undue delay after Siemens Healthineers becomes aware of it. Siemens Healthineers shall (i) reasonably cooperate with Company in the investigation of such event; (ii) provide reasonable support in assisting in Company's security breach notification obligations under applicable data protection law (if applicable); and (iii) initiate respective and reasonable remedy measures.

10.    Further notifications and support

10.1 Siemens Healthineers shall notify Company without undue delay of (i) complaints or requests of data subjects whose Personal Data are Processed pursuant to this DPA (e.g. regarding the rectification, erasure and restrictions of Processing of Personal Data) or (ii) orders or requests by a competent data protection authority or court which relate to the Processing of Personal Data under this DPA.

10.2 At Company's request, Siemens Healthineers shall reasonably support Company in (i) dealing with complaints, requests or orders described in Section 10.1 above (especially in fulfilling Company's obligation to respond to requests for exercising data subject's rights) or (ii) fulfilling any of Company's further obligations as Controller under applicable data protection law (such as the obligation to con-duct a data protection impact assessment). Such support shall be compensated by Company on a time and material basis.

11.    Audits            

11.1  Company shall have the right to audit, by appropriate means - in accordance with Sections 11.2 to 11.4 below - Siemens Healthineers' and Sub-Processors' compliance with the data protection obligations hereunder annually (in particular in regard to the technical and organizational measures implemented), unless additional audits are necessary under applicable data protection law; such audit being limited to information and data processing systems that are relevant for the provision of the Ser-vices provided to Company.

11.2  Siemens Healthineers and Sub-Processors may use (internal or external) auditors to perform audits to verify compliance with the data protection obligations hereunder. In such case each audit will result in the generation of an audit report (e.g. Service Organization Controls 1, Type 2 reports and Service Organization Controls 2, Type 2 reports). Where a control standard and framework implemented by Siemens Healthineers or our Sub-Processors provides for audits, such audit will be performed according to the standards and rules of the regulatory or accreditation body for each applicable control standard or framework. Upon Company's request, Siemens Healthineers shall provide such relevant audit reports and corresponding information (together "Audit Reports") for the Services concerned.

11.3 Company agrees that these Audit Reports shall first be used to address Company's audit rights under this DPA. In case Company can demonstrate that the Audit Reports provided are not reasonably sufficient to allow Company to comply with applicable audit require-ments and obligations under applicable data protection law, Company shall specify the further information, documentation or support required. Siemens Healthineers shall render such information, documentation or support within a reasonable period of time at Company's expense.

11.4 The Audit Reports and any further information and documentation provided during an audit shall constitute Confidential Information. In case audits relate to Sub-Processors, Company may be required to enter into non-disclosure agreements directly with the respective Sub-Processor before issuing Audit Reports to Company.

12.    Term and Termination

This DPA shall have the same term as the Agreement. Upon termination of the DPA, unless otherwise agreed between the Parties, Siemens Healthineers shall erase all Personal Data made available to Siemens Healthineers or obtained or generated by Siemens Healthineers on behalf of Company in connection with the Services. The erasure shall be confirmed by Siemens Healthineers in writing upon request.

13.    Definitions

13.1  "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

13.2  "DPA" shall mean this Data Processing Agreement.

13.3  "EEA" shall mean the European Economic Area.

13.4  "Emergency Replacement" refers to a short-term replacement of a Sub-Processor which is necessary (i) due to an event outside of Siemens Healthineers' reasonable control and (ii) in order to provide the Services without interruptions (such as if the Sub-Processor unexpectedly ceases business, abruptly discontinues services to Siemens Healthineers, or breaches its contractual duties owed to Siemens Healthineers).

13.5 "GDPR" shall mean the General Data Protection Regulation (EU) 2016/679.

13.6  "Personal Data" has the meaning given to that term in the applicable data protection law. Personal Data, for the purposes of this DPA, includes only such Personal Data entered by Company into the Services;

13.7  "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data Processed under the terms of this DPA.

13.8  "Processor" means a natural or legal person, public authority, agency or any other body which Processes Personal Data on behalf of a Controller,

13.11  "Processing" means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction..

13.12  "Sub-Processor" shall mean any further Processor engaged in the performance of the Services pro-vided under the terms of this DPA. Sub-Processor shall only mean a subcontractor with access to Personal Da-ta, a subcontractor without access to Personal Data shall not qualify as Sub-Processor in the meaning of this DPA.

 

 

Attachment 1 to the Data Processing Agreement -Description of the Processing Operations

 

Processing operations

Siemens Healthineers will Process Personal Data as follows:

•       to provide the Services

•       to provide storage and backup of Personal Data in data centers

 

Data Subjects

The Personal Data Processed concerns the following categories of Data Subjects:

Data Subjects include employees, contractors, business partners or other individuals whose Personal Data is stored in the Services.

Categories of data

The Personal Data Processed concerns the following categories of personal data:

Customer determines the categories of Personal Data that will be Processed in connection with the Services. The Personal Data Processed and contained in content stored in the Services may include name, phone number, email address, time zone, address data.

Special Categories of Personal Data (if appropriate)

The Services are not intended for the processing of Special Categories of Personal Data.

 

List of approved Sub-Processors

This document lists the Sub-Processors Siemens Healthineers engages when providing Services to Company.

Sub-Processor name               Sub-Processor Address

Microsoft Azure                                   Microsoft Corporation, 1 Microsoft Way, Redmond, WA, USA

 

 

 

 

 Attachment 2 to the Data Processing Agreement - Technical and Organizational Measures (“Attachment TOM”)

1.     Pseudonymization and Encryption of Personal Data

Siemens Healthineers separates personal data from the processed data so that it is not possible to link the processed data to an identified or identifiable person without additional information that is stored separately and securely. Siemens Healthineers encrypts personal data with symmetric or asymmetric keys.

 

2.     Confidentiality, Integrity, Availability and Resilience of Systems and Services

a)     Siemens Healthineers ensures confidentiality and integrity by taking the following measures:

Access control:

Siemens Healthineers protects its buildings with appropriate access control systems based on a security classification of the buildings and an appropriately defined access authorization concept. All buildings are secured by access control measures using a card reader system. Depending on the security category, property, buildings or individual areas are secured by additional measures. These include special access profiles, biometrics, pin pads, DES dongles, separation locks, video surveillance and security personnel. Access rights for authorized persons are granted individually according to defined criteria. This also applies to external persons.

 

System access control:

Access to data processing systems is only granted to authenticated users based on a role-based authorization concept using the following measures: Data encryption, individualized password assignment (at least 8 characters, regularly automatic expiration), employee ID cards with PKI encryption, password-protected screen savers in case of inactivity, intrusion detection systems and intrusion-prevention systems, regularly updated antivirus and spyware filters in the network and on the individual PCs and mobile devices.

 

Data access control:

Access to personal data is granted on the basis of a role-based authorization concept. A user management system has been set up, which maps the user database with their respective authorizations and is available centrally in the network for retrieval by requesting data processing systems. Furthermore, data encryption prevents unauthorized access to personal data.

 

Data transmission control:

Siemens Healthineers secures electronic communication channels by setting up closed networks and data encryption procedures. If a physical data carrier transport takes place, verifiable transport processes are implemented that prevent unauthorized data access or logical loss. Data carriers are disposed of in accordance with data protection regulations.

 

b)     Siemens Healthineers ensures systems and services constant availability and reliability by taking the following measures:

Siemens Healthineers ensures availability and resilience of systems and services by isolating critical IT and network components, by providing adequate backup and redundancy systems, using power redundancy systems, and regularly testing of systems and services. Test and live systems are kept completely separated.

 

3.     Availability and Access to Personal Data in the Event of an Incident

Siemens Healthineers shall restore the availability of and access to personal data in the event of a physical or technical incident by taking the following measures:

Siemens Healthineers stores personal data in RAID systems and integrates redundant systems according to security marking. Siemens Healthineers uses systems for uninterruptible power supplies (e. g. UPS, batteries, generators) to secure the power supply in the data centers.

Databases or data centers are mirrored in different physical locations.

A comprehensive written emergency plan is available. Emergency processes and systems are regularly reviewed.

 

4.     Control Procedures to ensure the Safety of Processing

Siemens Healthineers maintains a control procedure based on a risk-management-based approach, taking into account the basic IT protection catalogues of the Federal Office for Information Security (BSI) and ISO/IEC 27001 requirements for the regular review, assessment and evaluation of the effectiveness of technical and organizational measures to ensure security of processing. This ensures the protection of relevant information, applications (including quality and safety test methods), operating environments (e. g. by network monitoring against harmful effects) and the technical implementation of protection concepts (e. g. by means of vulnerability analyses). By systematically detecting and eliminating weak- points, the protective measures are continuously questioned and improved.

 

5.     Personnel Measures

Siemens Healthineers issues written work instructions and regularly trains personnel who have access to personal data to ensure that personal data is only processed in accordance with the law, this DPA and associated instructions of the Customer, including the technical and organizational measures described herein.