Purchase Order Terms

These purchase order terms and the purchase order (the “Order”), together with any and all attachments and appendices incorporated herein and therein (collectively with the Order, the “Agreement“), issued by Inari Medical, Inc. (“Company“) to the seller as identified on the Order (“Provider“) govern the purchase of the Goods and/or Services (each herein defined) described in such Order. As used herein, the term “Party” shall mean either Company or Provider, as the context requires, and the term “Parties” shall mean both Company and Provider. This Agreement sets forth the entire understanding between the Parties with respect to the Goods and/or Services; provided however, if the Parties are parties to a separate, mutually executed written agreement governing the purchase of the Goods and/or Services (“Existing Agreement“), then the terms of such Existing Agreement shall prevail. Provider’s execution or commencement of performance hereunder constitutes Provider’s acceptance of this Agreement. Except as otherwise set forth herein (including without limitation with respect to an Existing Agreement), this Agreement (i) supersedes all prior written or oral inquiries, proposals, agreements, negotiations or commitments pertaining to the provision of the Goods and/or Services and (ii) shall prevail over any additional, inconsistent or conflicting terms of any purchase order, quotation, acknowledgment, confirmation or other document issued by Provider pertaining to the Goods and/or Services and any such terms shall be void and of no force or effect. No amendment, modification, substitution or supplement thereto is binding on Company unless and until signed by a duly authorized representative of Company. Any actions taken or not taken by Provider in anticipation of this Agreement are taken at Provider’s sole risk and expense. Unless expressly specified otherwise, Company is not obligated to purchase any amount of Goods and/or Services from Provider and is not obligated to purchase the Goods and/or Services exclusively from Provider. The article and section headings contained in this Agreement are for reference purposes only and have no effect on the interpretation of this Agreement or its application.

1. DEFINITIONS AND INTERPRETATION

1.1.  Defined Terms. The following defined terms are used in this Agreement and shall have the meanings set forth below. Any terms defined elsewhere in this Agreement shall be given equal weight and importance as though set forth in this Section.

“Affiliate” shall mean any firm, corporation or other entity, however organized, that, directly or indirectly, controls, is controlled by or is under common control with an entity. For purposes of this definition, “control” shall be defined as ownership of a majority of the voting power or other equity interests of the entity under consideration.

“Applicable Laws” shall mean any country, federal, state, provincial, commonwealth, cantonal or local government law, statute, rule, requirement, code, regulation, permit, ordinance, authorization, order, judgment or similar governmental requirement, including any interpretation or guidance documents relating to any of the foregoing issued by a relevant governmental authority, in each case to the full extent applicable to Provider, this Agreement or any Good and/or Service to be provided hereunder. Applicable Laws includes without limitation Anti-Corruption Laws (as defined in Section 10.8 below).

“Company Materials” shall mean all tangible material, or its intangible equivalent in unwritten or oral form, created directly or indirectly in performance of the Services, Provider’s obligations hereunder or through use of Company Confidential Information, including without limitation all patent, copyright, trademark, trade secret and other proprietary rights therein. Company Materials may include without limitation any or all of the following, whether finished or unfinished: drafts, documents, writings, communications, plans, protocols, data, estimates, calculations, test results, specimens, schematics, drawings, tracings, studies, specifications, surveys, photographs, software (including without limitation the firmware, object code, source code and media, in machine readable and printed form, and any improvement, addition, modification or new version thereof), programs, reports, orders, maps, models, agreements and all derivative works thereof, ideas, concepts, discoveries, inventions, patents, know-how, negative know-how and improvements. Company Materials shall not include Provider Materials.

“Company Requirements” shall mean without limitation (i) any of Company’s safety, security and compliance rules, programs and policies as applicable to Provider or Provider’s performance hereunder made available to Provider; (ii) Company’s Code of Conduct; and (iii) those policies, codes, rules, standards, procedures and other governance documents of Company made available to Provider that are applicable to persons or entities conducting business with or for Company that set forth standards of conduct, including when engaging in interactions with certain representatives of governmental authorities or other third parties, each as may be revised by Company from time to time in its sole discretion.

“Company System” shall mean any computer system, network, telecommunication system, database, or other information technology environment owned, controlled, operated or maintained by Company or any Company Representative, including electronic mail, voicemail, networks, internet and intranet portals and the Company web.

“Compensation” shall mean all consideration that, pursuant to this Agreement, may be received by Provider for performance of its obligations hereunder which may include Reimbursable Expenses.

“Confidential Information” shall mean any and all information and materials of or regarding Company or its Affiliates or their respective licensees or collaborators disclosed by or on behalf of Company or its Affiliates or any of their respective Representatives, licensees or collaborators to Provider or any of Provider’s Representatives, including without limitation trade secrets, existing and future products, designs, business plans, business opportunities, finances, research, development, know-how, Company Requirements, Company Materials and other business, operational or technical information.

“Deliverable” shall mean all tangible and intangible property provided or to be provided by Provider or Provider’s Representatives in performance of its obligations hereunder, whether explicitly required by Company or reasonably inferable from the nature of such obligations.

“Effective Date” shall mean the date set forth on the Order and, if no such date is specified, then the date that Company issued the Order to Provider.

“Goods” shall mean tangible personal property to be supplied by Provider or Provider’s Representatives hereunder, including any packaging, shipping material, items or services necessary for, but incidental to, supply of such property. All Goods are Deliverables hereunder.

“Provider Materials” shall mean proprietary methodologies, designs, drawings, materials, dies, molds, appliances, tools, models, software, procedures, documentation, know-how and processes owned or licensed by Provider independent of this Agreement which (i) are utilized by Provider in performing its obligation under this Agreement, (ii) have been clearly identified to Company in writing as proprietary to Provider and not to be property of Company, and (iii) were not designed or otherwise created for Company or based on, or derived from, any Company Confidential Information.

“Reimbursable Expenses” shall mean those actual and necessary out-of-pocket costs, all without any increase or mark-up, that (i) Company may pay Provider in accordance with the terms of this Agreement, and (ii) Provider reasonably and properly incurs in performing its obligations hereunder; provided, however, such costs shall be consistent with Company’s Travel and Business Expense Reimbursement Policy, which, by way of example requires costs (a) with respect to travel, only include travel by reasonable modes via least costly routes and economy classes of transportation; and (b) includes reasonable costs for meals and lodging incurred for travel directly in connection with Provider’s performance hereunder; and (c) not include travel time.

“Representatives” shall mean, with respect to a Party, such Party’s Affiliates and such Party’s and its Affiliates’ respective directors, officers, employees, agents and any other persons or entities (excluding the other Party or its Affiliates) who contribute to the performance of such Party’s obligations under this Agreement. For purposes of this Agreement, Provider’s Representatives shall include any and all Subcontractors and such Subcontractors’ directors, officers, employees and agents and Company’s Representatives shall include its consultants, agents, advisors, collaborators and licensees.

“Services” shall mean all necessary or required services, tasks, functions and other responsibilities and activities as set forth in, or reasonably inferable from, this Agreement, including the provision of Deliverables and the Deliverables themselves.

“Specifications” shall mean that portion of Company’s overall objectives, of which Provider’s performance hereunder is a part, consisting of the written requirements for Goods, Services, materials, equipment, systems, standards or workmanship, wherever located and whenever issued, for such overall objectives.

“Subcontractor” shall mean any person or entity that has been retained to perform all or a portion of Provider’s obligations hereunder.

1.2. Interpretation. Except where the context expressly requires otherwise (i) the words “include“, “includes” and “including” shall be deemed to be followed by the phrase “without limitation“, (ii) the word “will” shall be construed to have the same meaning and effect as the word “shall“, (iii) the term “or” shall be interpreted in the inclusive sense commonly associated with the term “and/or“, (iv) the words “herein“, “hereof” and “hereunder“, and words of similar import, shall be construed to refer to this Agreement in its entirety and not to any particular provision hereof, (v) any definition of or reference to any agreement, instrument or other document herein shall be construed as referring to such agreement, instrument or other document as from time to time amended, supplemented or otherwise modified (subject to any restrictions on such amendments, supplements or modifications set forth herein), (vi) provisions that require that a Party or the Parties “agree“, “consent” or “approve” or the like shall require that such agreement, consent or approval be specific and, unless expressly provided otherwise, in writing, whether by agreement, letter or otherwise.

2. SHIPMENT, DELIVERY AND INSPECTION

2.1. Shipping Terms. Time is of the essence. Unless otherwise specified, Provider must ship all Goods FCA destination (Incoterms, 2010) and include a packing slip, including the applicable Order number, on the outside of the container of each package shipped. If this Agreement is cancelled in whole or in part because of Provider’s default, Company may retain or return any Goods received under this Agreement, and without limiting Company’s other remedies, Provider must reimburse Company for (i) all costs of shipping or storing any returned Goods, and (ii) any amount previously paid by Company for the returned Goods.

2.2. Inspection, Testing and Quality Control. Where applicable, Provider represents and warrants that it has validated and compliant quality control systems appropriate for the supply of the Goods (including without limitation programs for documenting deviations, conducting investigations, and, with respect to Goods supplied hereunder, providing prompt notice to Company of deviations and investigations). All inspection records and other documents required by this Agreement or Applicable Laws must be kept intact and made available to Company upon reasonable request for a period of at least seven (7) years (or such longer period as required under Applicable Laws) after final delivery under this Agreement. If the Goods are active pharmaceutical ingredient(s) (“API“), excipients, raw materials, components or devices appropriate for use in manufacture of products intended for human use, Provider must notify Company prior to implementing changes to Subcontractors, facilities, quality systems, testing, or other changes to the manufacture of such Goods that are reasonably likely to affect the quality, safety, purity, characterization, identity or other critical attributes and allow Company to perform an audit of Provider as necessary. Company may inspect or test the Goods at all reasonable times or places prior to final acceptance and Provider shall provide access to or, as appropriate, samples of Goods to support such. Company’s inspection or testing, or lack thereof, shall not relieve Provider of its obligation to furnish conforming Goods. For the avoidance of doubt, there shall be no time restrictions applicable to Company’s provision of notice of rejection of any Goods with respect to any latent defects, which shall include any defects that may not be detected by Company through standard inspection and testing of a sample of the Goods or that may affect only a portion of the Goods. Provider must make repairs or replacements arising from any test or inspection at its sole cost and expense within the lead-time for the Goods.

3. CHANGES, DELAYS OR SUSPENSIONS

3.1. Change Orders. Company may, at any time and from time to time, make changes to Provider’s obligations under this Agreement, in each case as Company deems necessary (“Change Order“). Each Change Order shall be in writing and signed by Company. If Provider believes that the change is inequitable as to Compensation or schedule, Provider must submit within ten (10) days after receipt of a Change Order a written request to Company providing a detailed explanation of and reasons for any proposed adjustments to Compensation or schedule, accompanied by adequate supporting documentation. If Company does not receive such a request in accordance with this Article, Provider shall be deemed to have waived its right to make such request. Provider shall meet its obligations under this Agreement while such request is pending. Provider will not implement any change with respect to any Good or Service provided hereunder except pursuant to a Change Order executed by Company.

3.2. Delays and Suspensions. Company may delay or suspend all or any part of this Agreement by providing written notice to Provider. Provider’s obligations to Company under this Agreement will remain in full force and effect despite the delay or suspension of this Agreement under this Section. If Company suspends this Agreement, Provider shall be entitled to compensation in accordance with the terms of this Agreement up to the date of suspension; provided, however, Company’s liability to Provider shall in no case exceed the compensation payable to Provider for the Goods and/or Services under this Agreement, as appropriately adjusted and without duplication of payment.

4. COMPENSATION AND PAYMENT

4.1. Compensation. Provider will perform its obligations under this Agreement for the Compensation set forth in the Order.

4.2. Invoices. Provider shall, once each calendar month unless specified otherwise in the Order, submit to Company for payment a written invoice for performance of its obligations hereunder completed during the prior calendar month (“Invoice Month“). Provider shall submit such invoice for payment to AP@inarimedical.com or such other address as Company may from time-to-time specify to Provider pursuant to this Agreement. Provider shall include in each invoice all information reasonably requested by Company. Company shall have no liability for payment of any obligation within an invoice that did not occur within the Invoice Month.

4.3. Disputes. If Company disputes any amount stated in an invoice, then Company will notify Provider in writing of the dispute and the basis therefor. Upon receipt of such notification, Provider shall submit a revised invoice stating only undisputed amounts. Upon resolution of disputed amounts, Provider shall submit an invoice pursuant to this Article for the amounts that the Parties mutually agree are no longer in dispute. Following receipt of an invoice stating only undisputed amounts (“Correct Invoice“), Company will pay Provider such amounts in accordance with this Article. Payment by Company does not constitute acceptance of Provider’s performance hereunder or any admission of liability.

4.4. Offset. Company, without waiver or limitation of any other rights or remedies, shall be entitled to deduct any and all amounts owed by Provider to Company from any amounts due or owing by Company to Provider.

4.5. Currency Management. The currency or currencies to be used for invoicing and payment of the Compensation under this Agreement shall be the currency or currencies as stated in the Order (the “Contracted Currency“). If the performance of Services by Provider will take place in more than one country and in which different currencies are used, Company may elect to have a different Contracted Currency for each such country, which may be (i) the local currency for such country, (ii) the United States Dollar, or (iii) the Euro. No currency reconciliations shall be applied to any Contracted Currency.

4.6. Timing of Payments. Company shall pay Provider on a net sixty (60) day basis following Company’s receipt of a Correct Invoice. Company shall have no obligation to pay Provider any amounts stated on an invoice other than a Correct Invoice.

4.7. Taxes, Customs Fees and Import/Export Duties. The Compensation stated herein is inclusive of all applicable employment-related, consumer, use and other similar taxes (except Value Added Tax and sales tax), levies, duties, fees, and assessments which are legally enacted on or before the Effective Date, whether or not then in effect. Provider, not Company, shall be responsible for any and all taxes on any and all income Provider receives from Company under this Agreement. Provider shall list any Value Added Tax or sales tax amounts for which Company is responsible under this Agreement as a separate line item in the applicable Correct Invoice.

5. AUDITS

5.1. General. Company may request additional information from Provider and/or any of Provider’s Representatives as may be reasonably necessary to verify compliance with the obligations, representations and warranties set forth in this Agreement, including, without limitation, compliance with Applicable Laws and Company Requirements. Provider shall include a right to audit provision substantially similar to those contained in this Agreement in all contracts with any Subcontractor providing Services under this Agreement.

5.2. Financial Audits. Provider shall maintain complete and correct books and records relating to the performance of its material obligations hereunder and all costs and liabilities incurred hereunder, including without limitation those relating to the Compensation and the use and disposition of the Compensation. Such books and records shall be maintained for a period of no less than seven (7) years after the expiration or earlier termination of this Agreement (or such longer period as required under Applicable Laws). Such books and records shall be made available to Company and Company’s Representatives for copy, review, audit and other business purposes at such reasonable times and places during this period. If, as a result of any review or audit undertaken by or on behalf of Company pursuant to this Section, Company determines that Provider has overcharged Company under this Agreement, then Company may notify Provider of the amount of such overcharge and Provider shall (in addition to any and all other remedies that may be available to Company) promptly pay to Company the amount of the overcharge plus ten percent (10%). If any such review or audit reveals an overcharge to Company of five percent (5%) or more under this Agreement, Provider shall (in addition to any and all other remedies that may be available to Company) reimburse Company for the cost of such inspection or audit.

5.3. Quality and Facilities Audits. Company and its Representatives shall have the right during normal business hours and after advance notice to conduct audits of the activities of Provider related to the Services and Provider’s performance thereof. At no additional cost to Company, Provider shall fully cooperate with any audit conducted hereunder and make available to Company or its Representatives for examination and duplication all documentation, data and information supporting and relating to the Services provided hereunder. Provider shall permit Company and its Representatives to inspect (i) the facilities where any Services are or will be performed, (ii) any equipment used or involved in the conduct of the Services, (iii) any records and source documents, and (iv) other relevant information necessary to determine whether the Services are being conducted in conformance with this Agreement and Applicable Laws. Provider shall correct any deficiencies noted in the audit report within ten (10) business days, or other such timeframe as may be mutually agreed to between the Parties as contained in a written, documented corrective action plan.

6. SUBCONTRACTORS AND REPRESENTATIVES

6.1. Responsibility and Representatives. Provider shall properly direct and control Provider’s Representatives (including, without limitation, inspecting Subcontractors’ performance for defects and deficiencies). Provider shall be responsible for (i) all conduct, actions, and omissions of Provider’s Representatives; (ii) compliance by each of Provider’s Representatives with the requirements of this Agreement, including without limitation compliance with Company Requirements, to at least the extent that Provider would be responsible if it were performing directly; and (iii) management and coordination of the performance of all such Representatives. Any breach of the terms or conditions of this Agreement by any Provider Representative shall be deemed a direct breach by Provider of such terms or conditions.

6.2. Use of Subcontractors. Except to the extent approved in writing in advance by Company or to the extent expressly provided otherwise in the Order, Provider shall not have the right to subcontract all or any portion of Provider’s performance obligations under this Agreement. Any performance by a Subcontractor in connection with this Agreement shall be pursuant to an appropriate written agreement between Provider and such Subcontractor containing obligations consistent with the requirements of this Agreement. Any such subcontract agreement, together with such other relevant information as reasonably requested by Company, shall be submitted to Company upon Company’s request.

6.3. Notice of Subcontractor Issues. Provider shall provide Company with prompt written notice of all actual or potential disputes with Subcontractors, including, without limitation, breaches, defaults, insolvency, defects in Subcontractor’s services, regulatory problems, and work stoppages.

6.4. Labor. Provider shall be responsible for any labor interruptions (including without limitation labor interruptions due to picketing, hand-billing, boycotts or strikes) arising out of or related to its or its Representatives’ acts or omissions.

7. TERM AND TERMINATION

7.1. Term. This Agreement shall begin on the Effective Date and terminate pursuant to its terms (such period of time, the “Term“).

7.2. Company’s Right to Terminate. Company shall have the right to terminate this Agreement for convenience, in whole or in part, upon no less than thirty (30) calendar days’ prior written notice to Provider; such notice shall specify the date and extent of termination. Without limiting Company’s other rights or remedies, Company shall have the right to terminate this Agreement immediately (i) upon written notice to Provider for failure of Provider to materially comply with the terms and conditions of this Agreement, or (iii) as otherwise provided in this Agreement. In the event of any termination for cause by Company, Company reserves all of Company’s rights and remedies available at law or equity.

7.3. Obligations Upon Termination. Within thirty (30) calendar days after the effective date of a termination hereunder, Provider shall submit to Company a final invoice identifying any amounts Company may owe with respect to Services properly performed by Provider prior to the effective date of termination, and Company shall pay amounts that are due and owing subject to the terms of this Agreement. With respect to the termination, unless directed otherwise by Company, Provider shall (i) preserve, as applicable, and turn over to Company all Deliverables and supporting documentation, whether finished or in progress, in the possession or control of Provider or any of its Representatives; (ii) cooperate with Company in the orderly wind-down of activities; (iii) if Company elects to have the terminated Services performed by itself or a third party, cooperate with Company and, as applicable, the third party in the orderly transfer of the terminated Services; and (iv) cease incurring costs and take all reasonable actions to mitigate damages and costs incurred by reason of such termination.

8. PROPRIETARY RIGHTS

8.1. Ownership of Company Materials. All Company Materials shall be the sole and exclusive property of Company whether the Services to be performed are completed or not. Provider shall perform all Services hereunder as a contractor and any Services or Deliverables or work product shall be deemed to be a “work made for hire” pursuant to the Copyright Act of 1976, 17 U.S.C. § 101 et seq. (“Copyright Act“) and Section 201(b) as a work specially commissioned for use. Whether the Services and attendant Deliverables or work product are ultimately determined to be “works made for hire” or an employment to invent, all Services and Deliverables shall be and remain the sole property of Company and its assigns. Provider agrees to and hereby does assign, and shall cause its Representatives to assign, to Company or Company’s designee all right, title and interest in all Company Materials, including without limitation a work specially commissioned by Company, which is or is not protectable by copyright under the Copyright Act. Provider shall ensure that, at no cost to Company, all of Provider’s Representatives that contribute to any Company Materials have agreed in advance in writing that all right, title and interest in such contributions is assigned to Company or Provider, and that Provider’s Representatives waive any moral or similar rights to object to modifications, adjustments or additions to their contributions.

8.2. Use of Company Materials. Company, its Affiliates and their respective Representatives may use Company Materials, in whole, in part or in modified form, for any purpose without restriction and without further compensation to Provider. Provider or Provider’s Representatives shall not use Company Materials for any purposes other than as expressly set forth herein and to fulfill Provider’s obligations hereunder.

8.3. Transfer of Company Materials. Provider shall make all necessary disclosures, execute, acknowledge and deliver all instruments and perform all acts necessary or desired by Company to effectuate the provisions regarding proprietary rights set forth herein.

8.4. Provider Materials. The Parties acknowledge that in the performance of Provider’s obligations hereunder, Provider or its Representatives may utilize Provider Materials. To the extent that any Provider Materials are incorporated into or otherwise required to use or exploit any Deliverable, Provider agrees to grant and hereby grants, and shall cause its Representatives to grant, to Company a perpetual, worldwide, irrevocable, fully paid-up, royalty-free, transferrable, sublicenseable (through multiple tiers), non-exclusive license under such Provider Materials to use, execute, reproduce, display, perform, distribute, prepare derivative works of, and otherwise exploit all Deliverables provided, or required to be provided, by Provider to Company or its Affiliates pursuant to this Agreement.

8.5. Third Party Materials. If Company or any of its Affiliates are required to use any intellectual property rights of a third party (“Third Party Materials“) in order to receive the full benefit of any Deliverables, then Provider will (i) provide Company with prior notice, specifying in reasonable detail, the nature of the dependency on the Third Party Materials, its owner and the commercial availability of the intellectual property, and (ii) arrange for Company to obtain (for no additional cost or on such terms as may be acceptable to Company) a perpetual, worldwide, irrevocable, fully paid-up, royalty-free, transferrable, non-exclusive right and license to use the Third Party Materials.

8.6. No Implied Rights. Except as expressly set forth in this Agreement, Company shall not be deemed to have granted Provider or any Provider Representative (by implication, estoppel or otherwise) any right, title, license or other interest in or with respect to any Company Materials.

9. CONFIDENTIALITY

9.1. Confidential Information. Company or its Representatives may disclose to Provider or its Representatives, orally or in writing, or Provider or its Representatives may otherwise obtain, through observation or otherwise, Confidential Information. Provider must, and must cause its Representatives to: (i) maintain the confidentiality of and prevent the unauthorized disclosure of Confidential Information, except as expressly permitted hereunder; (ii) protect all Confidential Information from disclosure through the use, maintenance, compliance with and enforcement of commercially reasonable technological, physical, and administrative controls; (iii) restrict the use of Confidential Information to the intended purpose of this Agreement; and (iv) only disclose Confidential Information to Provider’s Representatives to the extent necessary or required for performance of obligations hereunder, provided that, prior to such disclosure, Provider or Provider’s Representative (as the case may be) has clearly and completely conveyed the requirements of this Section to Provider’s Representatives and ensured such requirements are understood and followed. If requested by Company, Provider shall secure written commitments from Provider’s Representatives evidencing their agreement to comply with the confidentiality requirements of this Agreement.

9.2. Ownership of Confidential Information. As between Provider and Company, Company is the sole and exclusive owner of Confidential Information. To the extent third parties disclose to Provider or its Representatives any Confidential Information in furtherance of this Agreement, the obligations set forth in this Section shall apply to the same extent as if Company had disclosed such Confidential Information directly to Provider or its Representatives. The obligations set forth in this Article shall not apply to any portion of Confidential Information which (i) is or later becomes generally available to the public by use, publication or the like, through no act or omission of Provider or its Representatives; or (ii) Provider or its Representatives possessed prior to the Effective Date without being subject to an obligation to keep such Confidential Information confidential. In the event Provider becomes legally compelled to disclose any Confidential Information, except to the extent prohibited by law, it shall promptly provide Company with notice thereof prior to any disclosure, shall use its best efforts to minimize the disclosure of any such Confidential Information, and shall cooperate with the Company should Company seek to obtain a protective order or other appropriate remedy. Provider must return to Company or if instructed by Company, destroy all Confidential Information that was received in, or reduced by Provider or its Representatives, to tangible form, including without limitation all copies, translations, interpretations, derivative works and adaptations thereof, promptly upon request by Company.

10. COMPLIANCE WITH APPLICABLE LAWS AND ACCEPTED PRACTICE

10.1. Compliance with Applicable Laws and Company Requirements. Provider represents and warrants that it shall perform and shall cause Provider Representatives to perform its obligations under this Agreement in compliance with all Applicable Laws and Company Requirements.

10.2. Accepted Practice. Provider shall perform and shall cause Provider Representatives to perform its obligations in a professional, ethical and competent manner, using the degree of skill, diligence, prudence, timeliness, and foresight which would reasonably and ordinarily be expected from skilled and experienced professionals engaged in the provision of, and activities comprising, the Services (“Accepted Practice“).

10.3. Export Control. Provider and its Representatives currently do not and do not intend to use any person to supply Services hereunder who is a citizen of or has permanent residency in any country listed in Country Group E:1 (15 C.F.R. Part 740, Supplement No. 1) (and any amendments thereto or successor lists), and Provider shall not, and shall cause its Representatives not to, use any such person to supply Services hereunder without Company’s prior written consent which may be withheld in Company’s sole discretion.

10.4. Employment Law. Without limiting the generality of Provider’s representations and warranties regarding performance in compliance with all Applicable Laws and Company Requirements for any performance required under this Agreement being performed in the United States of America and/or its territories, Provider agrees that this Agreement shall be performed in compliance with the following, if applicable to Provider: the employee notice and related obligations found at 29 C.F.R. Part 471, Appendix A to Subpart A, Title VII of the Civil Rights Act of 1964; Sections (1) and (3) of Executive Order No. 11625 relating to the promotion of Minority Business Enterprises; 41 C.F.R. §§ 60-1.4(a); Americans with Disabilities Act; Age Discrimination in Employment Act; Fair Labor Standards Act; Family Medical Leave Act; all Applicable Laws relating to income tax withholding, employment taxes, employee benefits (including without limitation the Patient Protection and Affordable Care Act (including the Health Care and Education Reconciliation Act of 2010), employer contributions, discrimination, harassment, retaliation, termination, and payment of overtime or wages), and all corresponding implementing rules and regulations, all of which, including without limitation the contract clauses required and regulations promulgated thereunder, are incorporated herein by reference. Provider shall hire, train, promote, compensate, transfer and administer all employment practices and terms and conditions of employment in compliance with Applicable Law and without discrimination on the basis of race, religion, color, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, physical or mental disability, genetic information or covered veteran status.

10.5. Government Contracts Flowdown Language. Provider agrees to comply with all statutory, regulatory, and contractual requirements to the extent applicable to Provider pursuant to Company’s status as a prime contractor with the Federal Government. In furtherance thereof, (i) Provider will provide all required written certifications, representations, and disclosures, and (ii) Provider represents and warrants that it will comply with applicable requirements of the following provisions of Federal law, which are hereby incorporated by reference and made a part of this Agreement as if fully set forth herein: (a) FAR 48 C.F.R. 52.203-12, Limitation on Payments to Influence Certain Federal Transactions (Oct. 2010); (b) FAR 52.203-13, Contractor Code of Business Ethics and Conduct (Apr. 2010); (c) FAR 52.219-8, Utilization of Small Business Concerns (Dec. 2010) (incorporating 15 U.S.C. § 637(d)(2) and (3)); (d) FAR 52.222-26, Equal Opportunity (Mar. 2007) (incorporating Executive Order 11246); (e) FAR 52.222-35, Equal Opportunity for Veterans (Sep. 2010) (incorporating 38 U.S.C. § 4212 and 41 C.F.R. §60-300.5(a)); (f) FAR 52.222-36, Affirmative Action for Workers with Disabilities (Oct. 2010) (incorporating 29 U.S.C. § 793 and 41 CFR §60-741.5(a)); (g) FAR 52.222-40, Notification of Employee Rights Under the National Labor Relations Act (Dec. 2010) (incorporating Executive Order 13496); (h) FAR 52.222-50, Combating Trafficking in Persons (Feb. 2009) (incorporating 22 U.S.C. 7104(g)); (i) FAR 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels (Feb 2006); (j) FAR 52.203-15, Whistleblower Protections Under the American Recovery and Reinvestment Act of 2009; (k) FAR 52.232-99, Providing Accelerated Payments to Small Business Subcontractors; and (l) HHSAR 352.222-70, Contractor Cooperation in Equal Employment Opportunity Investigations. Provider further represents that neither it nor any of its principals is presently debarred, suspended, proposed for debarment, or declared ineligible for the award of contracts by any Federal Agency.

In addition, if applicable to Provider (for purposes of the following bold language, “contractor” shall mean Company and “subcontractor” shall mean Provider): This contractor and subcontractor shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, protected veteran status or disability for EEO/AA notification.

To the extent that Company is required by contract with an agency of the U.S. Government, Provider will permit Company and the agency of the U.S. Government to evaluate, with respect to the Services, Provider’s compliance with the FDA regulations and guidance, including those required to meet GLP, GMP or GCP standards.

Provider acknowledges that U.S. Executive Orders and Laws, including but not limited to Executive Order 13224 and P.L. 107-56, prohibit transactions with, and the provision of resources and support to, individuals and organizations associated with terrorism. It is the legal responsibility of Provider to ensure compliance with these Executive Orders and Laws.

To the extent that the Services include laboratory services subject to Section 353 of the Public Health Service Act (Clinical Laboratory Improvement Act as amended), Provider shall comply with all applicable requirements of Section 353 of the Public Health Service Act (Clinical Laboratory Improvement Act as amended).

10.6. Inspections and Government Contact. To the extent that Provider is aware of meetings with or inspections by governmental authorities regarding or which could reasonably affect Provider’s performance of Provider’s obligations hereunder, Provider shall provide Company advance and timely notice of such. Provider shall provide Company with a reasonable opportunity in advance of submittal to comment on drafts of documents Provider is required to submit to governmental authorities pursuant to its obligations hereunder. Provider shall submit to Company copies of documents to be submitted to governmental authorities or insurance companies relating to Provider’s obligations hereunder, including, without limitation, reports of accidents or injuries occurring on Company’s premises.

10.7. Gratuities; Debarment. Provider and its Representatives (i) will not offer or give to Company or any of its Representatives gifts, entertainment, payments, loans or other gratuities in order to or that may influence the award of a contract or obtain favorable treatment under any agreement with Company or its Representatives, and (ii) will not use federal funds to influence or attempt to influence any employee of the United States Federal government or a member of Congress in connection with this Agreement. Provider shall immediately notify Company upon Provider or Provider’s Representative(s) becoming aware of any inquiry concerning, or the commencement of any proceeding or disqualification that involves Provider or Provider’s Representative(s) and a Disqualified Persons Process (as defined herein) or Denied Persons Process (as defined in herein). Notice of or failure to provide such notice shall constitute a breach hereunder for which Company may terminate this Agreement immediately for default notwithstanding any right of Provider to cure.

10.8. Foreign Corrupt Practices Act and Anti-Corruption. Provider represents, warrants and covenants, as of the Effective Date and through the expiration or earlier termination of this Agreement, (i) that Provider, and, to the best of its knowledge, Provider’s Representatives, owners, or other third parties acting for or on Provider’s behalf (collectively, “Extended Representatives“), shall not, directly or indirectly, offer, pay, promise to pay, or authorize such offer, promise or payment, of anything of value, to any individual or entity for the purposes of obtaining or retaining business or any improper advantage in connection with this Agreement, or that would otherwise violate any Applicable Laws, rules and regulations concerning or relating to public or commercial bribery or corruption (“Anti-Corruption Laws“), and (ii) that Provider’s books, accounts, records and invoices related to this Agreement or related to any work conducted for or on behalf of Company are and will be complete and accurate. Without limiting other rights or remedies, Company has the right to terminate this Agreement immediately (a) if Provider or Extended Representatives fails to comply with the Anti-Corruption Laws or with this provision, or (b) if Company has a good faith belief that Provider or Extended Representatives has violated, intends to violate, or has caused a violation of the Anti-Corruption Laws. If Company requires that Provider complete a compliance certification, without limiting other rights or remedies, Company may also terminate this Agreement immediately if Provider (1) fails to complete a compliance certification, (2) fails to complete it truthfully and accurately, or (3) fails to comply with the terms of that certification.

10.9. U.S. Economic Sanctions. Neither Provider nor its Representatives are: (i) listed on the Office of Foreign Assets Control’s (“OFAC“) “Specially Designated National and Blocked Person List” (“SDN List“) or otherwise subject to any sanction administered by OFAC (“S. Economic Sanctions“), or (ii) owned, controlled by or acting on behalf of, directly or indirectly, any person, entity, or government listed on the SDN List or otherwise subject to any U.S. Economic Sanctions. Provider and its Representatives have not and will not engage directly or indirectly in any transaction on behalf of Company that could potentially violate applicable U.S. Economic Sanctions.

10.10. Disclosure Laws. Notwithstanding anything to the contrary in this Agreement, Provider acknowledges and agrees that (i) Company is permitted to publicly disclose information regarding this Agreement to comply with Applicable Laws (including without limitation the Physician Payment Sunshine Act (a provision of the Patient Protection and Affordable Care Act) and related requirements (collectively, “Disclosure Laws“), and (ii) this information may include without limitation payments, or other transfers of value, made on behalf or at the request of Company to physicians, teaching hospitals, and other persons or entities that are the subject of the Disclosure Laws (each a “Disclosure Subject“). Provider agrees to promptly respond to, and cooperate with, reasonable requests of Company regarding collection of information regarding and compliance with Disclosure Laws. Provider shall collect and, no later than thirty (30) days after each calendar quarter during the Term and no later than thirty (30) days after the termination or expiration of the Agreement, submit in a format reasonably requested by Company the following information for each Disclosure Subject that, in connection with or as a result of performance of the Services, received payments or other transfers of value in the calendar year prior to the year in which such submittal is to be made hereunder: (a) the amounts, dates, and description of payments made to, or other transfers of value to, each Disclosure Subject; (b) the name, address, specialty(ies), and, if applicable, National Provider Identifier number of each Disclosure Subject; and (c) a description of the Services provided by each Disclosure Subject in return for such payments or transfers of value.

10.11. Manufacture and Content of Goods. Provider shall not use, and shall not allow to be used, any (i) cassiterite, columbite, tantalite, gold, wolframite, or the derivatives tantalum, tin or tungsten (“Initial Conflict Minerals“) that originated in the Democratic Republic of Congo (“DRC“) or an adjoining country, or (ii) any other mineral or its derivatives determined by the Secretary of State to be financing conflict pursuant to Section 13p of the Securities and Exchange Act of 1934 (“Additional Conflict Minerals“, and together with the Initial Conflict Minerals, “Conflict Minerals“), in the production of the Goods. Notwithstanding the foregoing, if Provider or its Representatives uses, or determines that it or its Representatives have used, a Conflict Mineral in the production of the Goods, Provider shall promptly notify Company in writing, which notice shall contain a description of the use of the Conflict Mineral including without limitation whether the Conflict Mineral appears in any amount in the Goods (including trace amounts) and a valid and verifiable certificate of origin of the Conflict Mineral used. Upon Company’s request, Provider must promptly provide information that demonstrates to Company’s reasonable satisfaction that it undertook a reasonable country of origin inquiry and due diligence process with respect to the preparation of the aforementioned certificate of origin. Upon Company’s reasonable request made from time to time, Provider will reasonably cooperate with Company to enable Company to comply with its disclosure and reporting obligations with respect to the origin or content of, or manufacturing related to, the Goods (including without limitation with respect to Conflict Minerals) (such cooperation, including, without limitation, assisting Company in conducting or validating “reasonable country-of-origin inquiry” and Provider or its Representatives completing and submitting to Company questionnaires or templates relating to the origin of Conflict Minerals).

10.12. Covered Individuals and Entities. The following are defined terms used herein:

“Covered Entity” (or, in the plural, “Covered Entities“) shall mean any one or more of HCP, HCO, Payor, Purchaser, Healthcare Industry Professional Societies and Trade Association, and entities owned or operated by one or more HCP, HCO, Payor, Purchaser, or Healthcare Industry Professional Societies or Trade Association. Additionally, the capitalized terms used in the above definition are defined as follows:

“Healthcare Industry Professional Societies and Trade Association” shall mean a non-profit or tax-exempt healthcare industry organization seeking to further a particular profession, the interests of individuals engaged in that profession, or the public interest.

“Healthcare Organization” or “HCO” shall mean a facility that provides health maintenance, or treats illness and injury and can include without limitation any hospital, convalescent hospital, health clinic, nursing home, extended care facility, or other institution devoted to the care of sick, infirm, or aged persons, and is in a position to purchase or influence a purchasing decision for any human therapeutic product marketed, distributed, or sold or any service related thereto provided by or on behalf of Company (each a “Company Therapeutic Product“).

“Healthcare Professional” or “HCP” shall mean any person licensed to prescribe Company products, as well as anyone working for a person licensed to prescribe a Company Therapeutic Product and in a position to influence a purchasing decision, including without limitation physicians, other providers (e.g., nurses, pharmacists, dialysis providers), and office personnel.

“Payor” shall mean an organization, including without limitation its directors, officers, employees, contractors and agents, whether private or governmental (e.g., Centers for Medicare and Medicaid Services, Veterans Administration), that provides medical and/or pharmacy plans for covering and reimbursing patients and/or Healthcare Professionals from medical expenses incurred, including, without limitation, managed care organizations, pharmacy benefit managers, health maintenance organizations, other healthcare coverage providers, and any similar such organization.

“Purchaser” shall mean individuals or entities, including, without limitation, wholesalers, pharmacies, and group purchasing organizations, that purchase a Company Therapeutic Product to sell to members of the healthcare community or that are authorized to act as a purchasing agent for a group of individuals or entities who furnish healthcare services.

In the event one or more Covered Entities contributes to or performs any of Provider’s obligations hereunder, payments made by or on behalf of Provider to each such Covered Entity or other compensation or consideration received by each such Covered Entity on account of its contributions to or performance of any of Provider’s obligations hereunder shall (i) comply with all Applicable Laws, (ii) represent fair market value, (iii) not be determined in a manner that takes into account the volume or value of any future business that might be generated between the parties, and (iv) not be construed to require a Covered Entity to promote, purchase, prescribe, or otherwise recommend any Company product being marketed or under development. If Provider is or becomes a Covered Entity or is or becomes owned, operated or controlled by one or more Covered Entities, Provider shall notify Company of such and, after receipt of such notification or upon Provider becoming a Covered Entity, Provider agrees that Company shall have the right, upon notice to Provider and without further agreement or acknowledgement of Provider, to modify the terms of this Agreement as Company determines, in its reasonable discretion, is necessary or required to comply with Company’s or, as applicable, one or more of its Affiliate’s requirements for interactions with a Covered Entity (including without limitation conformance of the Compensation to fair market value and imposition of additional reporting or documentation obligations). Additionally and without limiting any other rights or remedies of Company, if on or after the Effective Date, Provider is or becomes a Covered Entity or is or becomes owned, operated or controlled by one or more Covered Entities, Company shall have the right to terminate this Agreement immediately or, in its sole discretion, suspend Provider’s performance hereunder by notice to Provider, and Company shall not be liable to Provider for any costs, expenses, or losses arising out of such termination or suspension. For purposes of this Section, “owned, operated or controlled” shall mean that one or more Covered Entities is in a position to direct or control the performance of Provider’s obligations hereunder, or that one or more Covered Entities is in a position to direct or control Provider’s management or operations, including, without limitation, when a Covered Entity owns a majority of the voting power or other equity interests in Provider.

10.13. Provider Conduct. Company shall have the right, at any time, to terminate, in whole or in part, this Agreement immediately upon written notice to Provider if, at any time during the Term of this Agreement, Provider and/or Provider’s Representatives (i) is charged or indicted with any felony or crime involving moral turpitude, (ii) is convicted or pleads “no contest” to any felony or any crime involving moral turpitude, (iii) if the Services include Select Services (defined below), makes any public statement or commits any public act disparaging of Company or Company’s products, or (iv) if the Services include Select Services, acts or fails to act (or it becomes known during the Term that prior to the commencement of the Term, Provider and/or Provider’s Representatives acted or failed to act) in a way that brings Provider, Provider’s Representatives, Company or Company’s products into public disrepute or ridicule, or which insults or offends community standards, or which might injure or reflect badly on Company or Company’s products (and, for avoidance of doubt, termination pursuant to this Section shall be a termination for cause). In the event of any termination based on this Section, without limiting any other rights or remedies, (a) any amounts payable by Company hereunder shall be subject to reduction and offset for any damages caused to Company resulting from Provider’s and/or Provider’s Representatives’ conduct that is contrary to this Section, (b) to the extent that Company pre-paid any amounts (e.g., paid for Services before they were rendered or completed, paid a retainer, or made a payment at the beginning of the year for the entire year) to Provider, Provider will promptly reimburse the applicable pro-rated amount to Company, and (c) if the Services include Select Services, (1) upon notice to Provider, Company may suspend Provider’s performance of all or any part of the Services during Company’s investigation of statements or acts of Provider that Company, acting in good faith, reasonably suspects could be of the nature set forth in subsections (iii) or (iv), above, and (2) Company may demand that Provider, and if so demanded, Provider shall, cease making such statements or engaging in such conduct. The term “Select Services” shall mean Services that include the following: lobbying; Provider or its Representatives acting as Company’s agent; Provider or its Representatives making statements on behalf of, or acting as a spokesperson for, Company or making statements regarding Company’s human therapeutic products, campaigns or capabilities.

11. REPRESENTATIONS AND WARRANTIES

11.1. Mutual Representations and Warranties. Each Party represents and warrants to the other Party as follows: (i) the person signing this Agreement on behalf of such Party has the power and authority to execute this Agreement and to carry out the transactions contemplated herein; (ii) the execution, delivery and performance of this Agreement and the consummation of the transactions contemplated herein have been duly authorized by the requisite action on the part of such Party; (iii) the execution, delivery, and performance of this Agreement and the consummation of the transactions contemplated herein do not and shall not constitute (a) a material breach, conflict with or default under any other agreement, whether written or oral, by which such Party or any of its material assets are bound, or (b) an event that would, with notice or lapse of time, or both, constitute such a breach, conflict or default; and (iv) such Party is financially solvent, able to pay its debts as they mature, and possesses sufficient working capital to complete its obligations hereunder.

11.2. Representations and Warranties of Provider. Provider represents and warrants to Company as follows: (i) Provider and its Representatives are fully and properly licensed, qualified, experienced, equipped, organized and financed to perform all of Provider’s obligations hereunder; (ii) Provider’s performance of its obligations and supply of Goods and/or Services will comply with all Applicable Laws and Company Requirements, meet the requirements set forth in the Order, conform with all applicable Specifications, be free from material defects, errors and deficiencies, and, to the extent required hereunder, will meet current Good Manufacturing Practices; (iii) Provider and its Representatives do not appear on, nor are associated with, any name or entity on the U.S. Department of Commerce’s Entity List or Denied Persons List, the U.S. Department of Treasury’s Specially Designated Nationals and Blocked Persons List, or the U.S. Department of State’s Debarred Parties List (“Denied Persons Process“); (iv) neither Provider nor any of its Representatives contributing to or in connection with performance hereunder is presently or has ever been (a) the subject of a debarment action or is debarred pursuant to Section 306 of the U.S. Federal Food, Drug, and Cosmetic Act of 1938, as amended, or other Applicable Law, (b) the subject of a disqualification proceeding or is disqualified as a clinical investigator pursuant to 21 C.F.R. § 312.70, or (c) the subject of an exclusion proceeding or excluded from participation in any federal health care program under 42 C.F.R. Part 1001 et seq. (“Disqualified Persons Process”); (v) the performance of Provider’s obligations and each Deliverable or any part thereof, or the import, sale, distribution or the use thereof, do not and will not infringe any patent, copyright, trade secret or other proprietary right of any third party; (vi) Provider has full right to transfer all Deliverables, and there are no liens, claims or encumbrances of any kind whatsoever against any Deliverable; (vii) to the extent a Deliverable incorporates software, such Deliverable, and any parts thereof, shall be free from program code or programming instructions intentionally designed to disrupt, disable, harm, interfere with or otherwise adversely affect computer programs, data files or operations, or other code typically designated to be a Trojan horse, worm, backdoor or other term customarily considered to be a virus; and (viii) if Provider is a health care entity (e.g. a hospital, pharmaceutical company, medical device manufacturer, or clinical laboratory) or Covered Entity, Provider has, and shall maintain and continue to operate in compliance with throughout the Term of this Agreement, an operational healthcare compliance program (“Provider’s Compliance Program“) that (a) governs all of Provider’s Representatives, (b) is consistent with the U.S. Federal Sentencing Guidelines for effective compliance programs, (c) is consistent with applicable compliance program guidance, and (d) includes systems and processes reasonably designed to protect the security, confidentiality, and integrity of Confidential Information in accordance with all Applicable Laws and contractual obligations.

11.3. Remedies for Breach of Infringement Warranties. In the event a Deliverable infringes any patent, copyright, trade secret or other proprietary right of any third party, without limiting Company’s other rights or remedies hereunder, Provider, at its sole expense, shall timely undertake to procure for Company the right to continue such use of the infringing Deliverable. If such right cannot be timely procured, then Provider shall, at Provider’s sole expense, (i) modify such infringing Deliverable to render it non-infringing, but functionally equivalent, as determined by Company in its sole discretion; (ii) substitute such infringing Deliverable with a replacement that is non-infringing, but functionally equivalent, as determined by Company in its sole discretion; or (iii) if Provider, using Provider’s best efforts, is unable to accomplish item (i) or (ii) above, refund to Company amounts paid by Company for the infringing Deliverable.

11.4. Warranty Term. Except as specifically set forth herein, any warranty corresponding to Provider’s performance hereunder, or a portion thereof, including without limitation performance under its warranty obligations, shall continue for a period of the longer of (i) eighteen (18) months following completion of such performance and Company’s written acceptance of such performance, or (ii) for Provider’s standard warranty period. Notwithstanding the foregoing, this warranty term shall not limit the duration of any applicable third-party warranties.

11.5. Remedies for Breach of Warranties. If Company notifies Provider of any breach of warranty during the warranty period, Provider will, at Provider’s cost, remedy the breach of warranty, or repair or replace the Goods that fail to comply with the warranty. The Parties acknowledge and agree that this Article shall not limit any other remedies available to Company under this Agreement (including without limitation remedies for personal injury, property damage, death, violation of Applicable Laws or infringement).

12. INDEMNIFICATION AND RISK ALLOCATION

12.1. General Indemnity. Provider shall, to the fullest extent permitted by law, indemnify, defend and hold harmless Company, its Affiliates and their respective Representatives (“Indemnified Parties“) from and against any and all suits, actions, legal or administrative proceedings, governmental investigations, claims, liens, and demands brought or maintained by one or more third parties (“Claims“) for damages, liabilities, losses, costs, fees, penalties, fines and expenses (including, without limitation, reasonable attorneys’ fees and expenses, and costs of investigation, litigation, settlement, and judgment) (including personal injury or death of persons, collectively, “Losses“) to the extent such Losses arise out of Provider’s or its Representatives’ actual or alleged breach of Provider’s representations, warranties or obligations contained herein, including, but not limited to, (i) any actual or alleged defect in the Goods and/or Services or in their design, manufacture or material; (ii) actual or alleged breach of any confidentiality obligations set forth herein; (iii) failure of the Provider to deliver the Goods and/or Services on a timely basis; (iv) negligence, gross negligence, or willful misconduct on the part of the Provider or its Representatives; (v) actual or alleged patent, copyright or trademark, infringement or violation of other proprietary right, arising out of the purchase, sale or use of the Goods and/or Services; (vi) failure of the Goods and/or Services to meet the requirements of any Applicable Law; or (vii) any security incident, whether or not occasioned through any act or omission of Provider; provided, however, Provider shall have no obligation to indemnify, defend, or hold harmless the Indemnified Parties to the extent the Claim arises out of any Indemnified Party’s gross negligence or willful misconduct.

12.2. Defense and Resolution of Claim. Upon Company’s request, Provider, at its expense, shall assume control of the defense and resolution of each Claim using legal counsel reasonably acceptable to Company and keep Company informed of the progress of such defense and resolution. Provider and its legal counsel shall cooperate with Company and its legal counsel during the pendency of each Claim. If Company, in its sole discretion, determines that Provider has failed to (i) defend a Claim to Company’s reasonable satisfaction, or (ii) take timely and reasonable steps to resolve a Claim, then Company shall have the right (but not the obligation), upon prior written notice, to assume control of the defense and resolution of such Claim, and Provider shall be bound by the results obtained by Company with respect to the Claim. Provider shall not settle, compromise or resolve any Claim without the written consent of Company.

12.3. Waiver of Consequential Damages. Except for any liquidated damages set forth in this Agreement, neither Party or its Affiliates shall be liable to the other Party or its Affiliates for any loss of profit or potential profit or for any incidental, indirect, special or consequential losses or damages, whether based on contract, tort, strict liability, negligence or other theory of law. The waiver of damages set forth in this Section shall expressly exclude liabilities arising out of a Party’s: (i) fraud, (ii) willful misconduct; (iii) gross negligence; (iv) breach of confidentiality obligations set forth herein; (v) breach of intellectual property ownership and assignment obligations set forth herein; and (vi) indemnification obligations set forth herein.

12.4. Insurance. Provider shall maintain adequate levels and types of insurance coverage appropriate to its business and profession to cover its indemnity obligations hereunder, as required by Applicable Laws, and consistent with Accepted Practice, with such coverage levels and types to include at a minimum and without limitation insurance required by Applicable Laws with respect to Provider’s status as an employer, workers’ compensation, comprehensive general liability, employer’s liability, and automobile liability. Provider’s insurance coverage must be primary coverage. All insurance coverage must be in full force and effect at all times during performance of Provider’s obligations hereunder. At Company’s request, Provider must submit to Company a certificate of insurance on the ACORD form evidencing the above coverages. Such obligations shall be in addition to and shall in no way be construed to limit the indemnification obligations set forth herein.

13. NOTICES

13.1 Notices. All notices pursuant to this Agreement must be in writing, referencing the Order number associated herewith, and delivered personally or sent by courier, certified mail (return receipt requested) addressed to the Parties at their respective address set forth in the Order. Either Party may specify a different address to receive notices by providing a notice in accordance with this Section. Notices sent by courier or certified mail are effective upon receipt or five days after dispatch, whichever occurs first.

14. MISCELLANEOUS

14.1. Background Checks. In order to (i) receive an unrestricted (non-visitors) access badge to Company’s premises; (ii) drive Company-owned or leased vehicles or transport Company personnel; or (iii) access or use any Company Systems, Provider’s Representatives must comply with Company’s policies and procedures, which may require, among other things, (a) Provider first providing to Company a certification, in form and content specified by Company, of certain background information for such Provider Representative, and (b) such Representative first executing agreements or other documents, in form and content specified by Company, addressing among other things confidentiality, proprietary rights, adherence to Company policies, legal rights and remedies between such Representative and Company. Provider shall perform, or shall use an outside agency to perform, the background check and shall provide all notifications to Provider’s Representatives required by Applicable Laws.

14.2. Contractual Relationship. Each Party is engaged in an independent business and not as an agent, employee, partner or joint employer of the other Party. The Parties acknowledge and agree that neither Party shall have responsibility or liability for treating the other Party’s Representatives as employees for any purpose. Neither Party nor any of its Representatives shall be eligible for coverage or to receive any benefit under the other Party’s provided workers’ compensation, occupational health services, employee plans or programs or employee compensation arrangement, including without limitation any and all medical and dental plans, bonus or incentive plans, retirement benefit plans, stock plans, disability benefit plans, life insurance and any and all other such plans or benefits.

14.3. Modifications. Except as set forth herein, no amendments or other modifications to this Agreement shall be binding unless in writing and signed by the Parties.

14.4. No Exclusivity. Nothing contained herein shall (i) obligate Company or any Company Affiliate to any exclusive relationship with Provider; (ii) restrict or preclude Company or any Company Affiliate from contracting with any competitor of Provider; or (iii) obligate Company or any Company Affiliate to purchase any minimum amount of tangible or intangible Goods or Services from Provider.

14.5. Assignment. This Agreement may not be assigned or otherwise transferred by Provider without the prior written consent of Company; provided, however, that Provider may, without such consent, but upon prior written notice, assign its rights and obligations under this Agreement in connection with a merger, consolidation or sale of substantially all of the business to which this Agreement relates. Any purported assignment or transfer in violation of this Section shall be void. This Agreement shall be binding on the Parties and their respective successors and permitted assigns.

14.6. Governing Law. If legal action is commenced, Provider will continue to diligently perform its obligations under this Agreement pending final resolution of the dispute. Unless otherwise specified in this Agreement, this Agreement is governed by, and shall be construed and enforced in accordance with, the laws of the State of California, excluding conflict of laws rules, and all actions relating to this Agreement must be brought and heard in (i) a United States federal court of competent jurisdiction, or (ii) if no such court has jurisdiction, then a court of the State of California.

14.7. Publicity. Except for the purposes of performance hereunder, without Company’s prior written consent, which may be withheld at Company’s sole discretion, Provider and its Representatives shall not use (including without limitation use in any publicity, advertising, media release, public announcement or other public disclosure) (i) any name, acronym, symbol or other designation by which Company or any of their respective human therapeutics, products or other materials is known, or (ii) the names of any agent or employee of Company (each a “Prohibited Use“). Provider shall immediately notify Company in each event of a Prohibited Use and, at Provider’s sole cost and expense, without limiting Company’s rights or remedies hereunder, Provider shall, and shall cause its Representatives, to immediately cease and desist each such Prohibited Use and take such other actions as requested by Company.

14.8. Waiver. No action or inaction by either Party shall be construed as a waiver of such Party’s rights under this Agreement or as provided by law. The failure or delay of any Party in enforcing any of its rights under this Agreement shall not be deemed a continuing waiver of such right. The waiver of one breach hereunder shall not constitute the waiver of any other or subsequent breach.

14.9. Severability. In the event any provision of this Agreement conflicts with the law under which this Agreement is to be construed or if any such provision is held illegal, invalid or unenforceable, in whole or in part, by a competent authority, such provision shall be deemed to be restated to reflect as nearly as possible the original intentions of the Parties in accordance with Applicable Laws. The legality, validity and enforceability of the remaining provisions shall not be affected thereby and shall remain in full force and effect.

14.10. Survival. Provider’s representations, warranties and obligations under any provisions set forth in this Agreement related to ownership of Deliverables, infringement, confidentiality, publicity, governing law and indemnification or which contemplate performance or observance subsequent to termination or expiration of this Agreement shall survive such expiration or termination.

14.11. Third-Party Beneficiaries. Except as expressly provided for in this Agreement, (i) this Agreement is entered into solely between, and may be enforced only by, Company and Provider; and (ii) this Agreement shall not be deemed to create any rights in third parties, including without limitation Subcontractors, or to create any obligations of a Party to any such third parties.

14.12. Remedies Cumulative. Unless otherwise expressly provided hereunder, no remedy or election hereunder shall be deemed exclusive but shall, whenever possible, be cumulative, in addition to, and not in lieu of any other remedies available at law or in equity.

14.13. Headings. Article and Section headings are for reference purposes only and shall not be considered in the construing of this Agreement.

14.14. Execution. This Agreement may be executed in any number of counterparts, each of which shall be an original and all of which together shall constitute one and the same document, binding on all Parties notwithstanding that each of the Parties may have signed different counterparts. Facsimiles or scanned copies of signatures or electronic signatures or electronic images of signatures shall be considered original signatures unless prohibited by Applicable Laws.

14.15. Force Majeure. A Party shall not be liable for any delay in the performance of its obligations under this Agreement if and to the extent such delay is caused, directly or indirectly, by acts of God, war, riots, terrorism, embargos, acts of public enemy, acts of military authority, earthquake, fire or flood (“Force Majeure Event“); provided that a Party may not claim relief for a Force Majeure Event under this Section unless each of the following conditions has been satisfied: (i) the Party claiming delay by Force Majeure Event (the “Delayed Party“) is without fault in causing such delay; (ii) such delay could not have been prevented by reasonable precautions taken by the Delayed Party, including, without limitation, the use of alternate sources, or workaround plans; (iii) the Delayed Party uses commercially reasonable efforts to recommence performance of such obligations whenever and to whatever extent possible following the Force Majeure Event; and (iv) the Delayed Party immediately notifies the other Party by the most expedient method possible (to be confirmed in writing) and describes at a reasonable level of detail the circumstances causing the delay. All obligations of both Parties shall return to being in full force and effect upon the earlier to occur of (i) the passing of the Force Majeure Event, or (ii) the failure of the Delayed Party to satisfy the conditions and/or perform its covenants under this Section.

14.16. Construction. The Parties acknowledge that each Party is of equal bargaining strength, has actively participated in the preparation and negotiation of this Agreement. Each Party is entering into this Agreement on its own free will and is not acting under duress or coercion of any kind or nature whatsoever. Each Party has had the right and opportunity to consult with legal counsel of its choice in connection with this Agreement; and each Party has either done so or has voluntarily declined to do so free from duress or coercion. Any rule of construction to the effect that ambiguities are to be resolved against the drafting Party shall not apply in the interpretation of this Agreement, any portion hereof, or any modifications hereto.

MARKET AND CUSTOMER RESEARCH SCHEDULE

This Market and Customer Research Schedule supplements (and is not intended, and shall not be interpreted, to limit the terms of the Agreement) and is governed by the Agreement to which it is attached. Any defined terms not otherwise defined herein shall have the meanings set forth in the Agreement.

Market Research Requirements. To the extent Provider’s Services hereunder includes any activity involving (a) original collection of data or information directly from a defined audience of interest, and/or (b) purchase of existing data/information about a defined audience, designed to systematically investigate, test, evaluate, acquire, analyze or report on data and insights with respect to any markets and/or products (any such activity “Market Research“), Provider shall comply, and cause its Subcontractors to comply, with the following requirements:

i. Provider shall prohibit any Covered Individual or Covered Entity (as defined by the Center for Medicare and Medicaid Services), to participate in any portion of the Market Research until the Covered Individual or Covered Entity has executed an written agreement with Provider (“Participant Agreement“) that complies with the following requirements: (a) the Participant Agreement must set forth the compensation to be paid to any such Covered Individual or Covered Entity; (b) the Participant Agreement must comply with any legal and regulatory requirements related to non-anonymous Market Research, Market Research conducted over the Internet or in other formats, adverse event reporting, or Market Research involving protected health information (as defined in HIPAA as “PHI“); and (c) the Participant Agreement must be executed prior to the Covered Individual or Covered Entity or any of its personnel arrives at the location of an in-person research project, or completing any Internet-based on-line survey.

ii. Provider shall not make payment to any participant in Market Research until such participant has signed the Provider’s Participant Agreement and satisfactorily performed its obligations related to the Market Research.

iii. Provider shall conduct the research project consistent with the Insights Association Code of Standards and Ethics, ICC/ESOMAR Code, or other applicable foreign country codes of conduct, specifically electronic equipment (taping, recording, photographing) and one-way viewing rooms may be used only with the full knowledge of the Market Research participants.

iv. Provider shall not identify Company as the sponsor of any Market Research, unless otherwise consented to by Company.

v. Provider shall abide by the restrictions on the use and disclosure of PHI found in (a) HIPAA, (b) the Health Information Technology for Economic and Clinical Health Act and its implementing regulations, and (c) any applicable domestic and foreign laws, regulations, rules and industry standards related to consumer protection or the collection, storage, handling, processing and transfer of PHI, such as the California Confidentiality of Medical Information Act.

vi. Provider shall provide patient level information to Company (i) in a format that is aggregated and de-identified so that Company is unable to identify individual patients consistent with the de-identification standards found in the HIPAA regulations (45 C.F.R. §§ 164.512 and 164.514), (ii) as a limited data set consistent with the HIPAA regulations for limited data sets (45 C.F.R. § 164.514(e)), or (iii) pursuant to a signed authorization consistent with the standards set forth in the HIPAA regulations (45 C.F.R. § 164.508), which authorization and any modifications thereto shall be in a form reasonably acceptable to Company and shall permit (1) disclosures from Provider to Company or its agents of the individual’s PHI and (2) Company’s use of such PHI for, at a minimum, the purposes of the project being performed hereunder, including the monitoring the accuracy and completeness of the research data.

vii. Provider shall not use any materials as a stimulus for participants during the research project, including but not limited to, marketing materials, prescribing information, discussions guides, surveys, screening criteria or other materials of a similar nature (“Project Materials“), unless the Project Materials have received written approval from the Company for that particular research project. 

viii. To the extent the Services require Provider to ask healthcare professionals to recruit participants for Market Research, Provider shall ensure that such patient recruitment is conducted in a manner consistent with clauses (ii) through (vii) of this Market and Customer Research Schedule.

ix. With respect to adverse event reporting, Provider shall conduct Market Research in accordance with (a) Company’s safety and adverse event reporting policies and procedures (as each may be revised from time to time) that are applicable to Provider’s performance or obligations hereunder, and (b) any and all safety and adverse event reporting training provided to Provider by or on behalf of Company.

x. Provider shall ensure that no Project Materials containing Confidential Information are left behind or otherwise provided to participants in Market Research; and, where Company consents to any such disclosure, Provider shall take all reasonable steps to protect such Project Materials as Company’s Confidential Information and as Company otherwise deems reasonably necessary, including requiring participants to execute confidentiality agreements acceptable to Company.

Provider represents, warrants, and covenants that it and its Subcontractors performing any Market Research are members of, and adhere strictly to a professional code of ethics, under, the Strategic of Competitive Intelligence Professionals and Provider’s own code of conduct. Such codes of ethics forbid breaching an employer’s guidelines, breaking the law or misrepresenting oneself in the performance of its services. Provider and it Subcontractors shall perform the Market Research according to such codes of ethics. In the event that Company requires additional or more stringent restrictions, Provider shall subscribe to such restrictions in the performance of its Services. Provider shall not use unethical methods, which undermine trust, foster unhealthy competition, or pose unnecessary legal or public relations risks to Company. This includes, without limitation, engaging in acts which would qualify as economic espionage under the Economic Espionage Act of 1996, or which would violate any other federal or state laws applicable to obtaining information.

PRIVACY AND DATA PROCESSING SCHEDULE

This Privacy and Data Processing Schedule (“Schedule“) supplements (and is not intended, and shall not be interpreted, to limit the terms of the Agreement) and is governed by the terms and conditions of the Agreement to which it is attached. Except as modified and supplemented herein, all other terms of the Agreement shall remain the same and in full force and effect. In the event of a conflict between the terms of this Schedule and the terms of the Agreement, the terms of this Schedule shall prevail and control.

1. DEFINITIONS. The following defined terms are used in this Schedule and shall have the meanings set forth below. Any terms defined elsewhere in this Schedule shall be given equal weight and importance as though set forth in this Section. Capitalized terms used but not otherwise defined herein shall have the meaning given to them in the Agreement.

“Company Personal Data” means any Personal Data Processed by Provider on behalf of Company or any Company Affiliate pursuant to or in connection with the Agreement.

“Controller” means the entity which determines the means and purposes of the Processing of Personal Data.

“Data Protection Authority” means any supervisory authority (as defined in Data Protection Laws) and any other governmental authority responsible for the oversight, regulation, or enforcement of Data Protection Laws.

“Data Protection Laws” means all privacy, data protection, and/or information security-related laws and regulations of any jurisdiction applicable to the Processing of Company Personal Data including, as applicable and without limitation: (a) the EU General Data Protection Regulation 2016/679 (“GDPR”), any other applicable national rule, law, or legislation on privacy or the protection of Personal Data in the European Union, European Economic Area, the United Kingdom, or Switzerland that is already in force or that will come into force during the Term of this Agreement; (b) Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”); (c) the California Consumer Privacy Act of 2018 (“CCPA”); (d) the General Personal Data Protection Law of Brazil (“LGPD”); and (e) the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, and the Privacy and Security Rule regulations of HIPAA and the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the HITECH Act and the Genetic Information Nondiscrimination Act (“Omnibus Final Rule”) and all amendments to and further regulations of the HIPAA and HITECH Acts (collectively, “HIPAA”).

“Data Subject” means the identified or identifiable natural person who is the subject of Personal Data.

“Personal Data” means any information that constitutes “personal data,” “personal information,” “personally identifiable information,” or similar term governed by Data Protection Laws.

“Process” or “Processed” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means the entity which Processes Personal Data for or on behalf of the Controller.

“Restricted Transfer” means the transfer of Company Personal Data from (a) a country in the EEA, the United Kingdom, or Switzerland to a country which is not part of the EEA or does not benefit from an adequacy recognition decision of the European Commission, or (b) any jurisdiction where such transfer would be prohibited by Data Protection Laws in the absence of a transfer mechanism that ensures an adequate level of protection.

“Security Incident” means any actual or reasonably suspected accidental, unauthorized or unlawful destruction, loss, alteration, unavailability, disclosure of, or access to (a) Company Personal Data, or (b) information systems owned, operated, or controlled by Provider that Process Company Personal Data.

“Standard Contractual Clauses” means the European Commission’s decision (C(2021)3972 final) of 4 June 2021 on Standard Contractual Clauses (Module Two: Transfer controller to processor) for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/678 (available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj).

“Subprocessor” means any Processor (including any third party or any Provider Affiliate) appointed by Provider to Process Company Personal Data.

2. PROCESSING OF COMPANY PERSONAL DATA.

2.1. Processing Terms; Roles of the Parties; Details of Processing. While providing the Services pursuant to the Agreement, Provider may Process Company Personal Data on behalf of Company or any Company Affiliate as per the terms of this Schedule. Provider agrees to comply with this Schedule with respect to any Company Personal Data collected or otherwise Processed for or on behalf of Company or any Company Affiliate. The Parties acknowledge and agree that Company or the relevant Company Affiliate is the Controller of Company Personal Data and Provider is a Processor of Company Personal Data. The Agreement and/or the Order sets out certain information regarding Provider’s Processing of the Company Personal Data as required by Data Protection Laws. The Parties may supplement or amend the details of Processing relevant to the particular Services by incorporating such details into the applicable Order.

2.2. Company’s Instructions. Provider shall not Process Company Personal Data other than on Company’s documented instructions unless Processing is required by applicable Data Protection Laws to which Provider is subject, in which case Provider shall to the extent permitted by Data Protection Laws inform Company in writing of that legal requirement before Processing Company Personal Data. Company hereby instructs Provider to Process Company Personal Data only as necessary to provide the Services and to perform its other obligations and exercise its rights under the Agreement and any Order entered pursuant thereto. Provider shall only Process Company Personal Data in compliance with Data Protection Laws and the Agreement. If Provider believes in its reasonable opinion that an instruction of Company violates Data Protection Laws, Provider shall promptly notify Company in writing. In the event that Company instructs Provider to pseudonymize and/or de-identify Company Personal Data, Provider shall perform such activities in a manner that complies with Data Protection Laws and Company’s instructions.

2.3. Provider Compliance. Provider agrees to comply, and will ensure the compliance of its Subprocessors, with Data Protection Laws. In addition, Provider will act in accordance with all applicable Company policies and procedures provided to Provider in advance of performing the Services. Provider agrees to implement such reasonable additional data protection policies and procedures as may be requested in writing by Company.

2.4. No Additional Cost. Provider agrees that the Processing of Company Personal Data under the Agreement is part of the Services, and, as such, all costs related to such Processing and to complying with this Schedule are included in the fees. Any changes related to Processing or in connection with Provider’s compliance with the requirements in this Schedule will not result in additional charges to Company or its Affiliates.

2.5. Processing Subject to CCPA. Provider shall not (a) sell (as defined in the CCPA) any Company Personal Data; (b) retain, use, or disclose any Company Personal Data for any purpose other than for the specific purpose of providing the Services as described in Section 2.2, including retaining, using, or disclosing Company Personal Data for a commercial purpose (as defined in the CCPA); or (c) retain, use, or disclose Company Personal Data outside of the direct business relationship between Provider and Company. Provider hereby certifies that it understands its obligations under this Section and will comply with them. Notwithstanding anything in the Agreement, the Parties acknowledge and agree that Provider’s access to Company Personal Data does not constitute part of the consideration exchanged by the Parties in respect of the Agreement

3. SECURITY. 

3.1. Confidentiality. Notwithstanding any exceptions to the confidentiality provisions set forth in the Agreement, Company Personal Data shall be considered Confidential Information under the Agreement and protected in accordance therewith.

3.2. Personnel. Provider shall take all necessary steps to ensure the reliability and confidentiality of any personnel that Process Company Personal Data, ensuring that access is strictly limited to those individuals who need to Process the relevant Company Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with Data Protection Laws in the context of that individual’s duties to Company. Provider shall ensure that its personnel engaged in Processing of Company Personal Data (a) are properly instructed, trained and made aware of, and will at all times comply with Data Protection Laws and the terms and conditions of this Schedule and the Agreement, and (b) are subject to appropriate obligations of confidentiality or are under an appropriate statutory obligation of confidentiality in respect of the Company Personal Data, and (c) Process Company Personal Data only in accordance with Data Protection Laws and the terms and conditions of this Schedule and the Agreement.

3.3. Security Measures. Provider shall implement, maintain, monitor, and comply with appropriate technical, administrative, and physical security measures, safeguards, procedures, and practices to ensure the confidentiality, integrity, and availability of Company Personal Data and to prevent Security Incidents. Without limiting the generality of the foregoing, such safeguards shall (a) be as protective as the measures Provider applies to its own similar information, (b) comply with Data Protection Laws, (c) remain consistent with industry standards, and (d) include the minimum measures described in Section 3.4.

3.4. Data Security Program. Provider shall maintain through the Term of the Agreement a comprehensive written data security program (“Data Security Program”) that satisfies the requirements under this Section 3. Without limiting the generality of Section 3.3, Provider’s Data Security Program must, at a minimum, comply with the most recently published version of the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (IG3), and provide for: (a) protection of business facilities, paper files, servers, computing equipment, including all mobile devices and other equipment with information storage capability, and backup systems containing any Company Personal Data; (b) network, application (including databases) and platform security; (c) business systems segmentation designed to optimize security; (d) secure transmission and storage of Company Personal Data (whether by strong encryption or other equally protective measures); (e) authentication and access control mechanisms (including strong password management practices); and (f) personnel security and integrity requirements. Provider shall provide annual training to personnel and subcontractors on how to comply with the Provider’s Data Security Program. Provider shall regularly test and monitor the effectiveness of its Data Security Program and shall evaluate and adjust its Data Security Program in light of the results of such testing and monitoring. Provider shall notify Company of: (i) any material changes to its Data Security Program, and (ii) any other changes that may have a material effect on its Data Security Program.

4. SECURITY INCIDENTS.

4.1. Notice to Company. Upon discovery of a Security Incident, Provider shall notify Company without undue delay but in no event more than 24 hours after discovery. As part of such notification, Provider shall, to the extent known or can be reasonably determined, identify: (a) the specific Company Personal Data subject to the Security Incident; (b) the nature of the unauthorized access, loss, use and/or disclosure; (c) the person(s) involved in the Security Incident; (d) the actions taken (or to be taken) by Provider to mitigate any deleterious effect of the Security Incident; and (e) the corrective actions taken (or to be taken) by Provider to prevent any future Security Incident. In addition, Provider shall provide to Company such other information as reasonably requested by Company with respect to the Security Incident.

4.2. Response to Security Incident. In the event of a Security Incident, Provider, at its own cost and expense, will immediately perform an evaluation, conduct any necessary forensic or security review, and develop plans to contain the Security Incident, including without limitation steps to prevent its reoccurrence. Provider will provide documentation to Company or its representatives, including, among others, insurance carriers and counsel, regarding such analysis and remediation.

4.3. Remediation. Without limitation of Company’s other rights or remedies under the Agreement, following a Security Incident, Provider shall be responsible for the cost and expense of the following upon Company’s request: (a) the provision of any notices of the Security Incident in a manner and format determined by Company, in its sole discretion, to affected Data Subjects and other third parties that Company reasonably determines should be notified of the Security Incident, such as Data Protection Authorities and other regulators, law enforcement agencies, and/or consumer reporting agencies; and (b) remediation services and other reasonable assistance (such as credit monitoring) to Data Subjects, directly or through a third party, as required under Data Protection Laws, requested by governmental authorities, that is customary industry practice in the applicable jurisdiction, or that is mutually agreed by the Parties. Unless required by law, Provider shall not notify any third party of any Security Incident without Company’s prior written consent.

5. SUBPROCESSING

5.1. Consent to Subprocessor Engagement. Provider shall not engage any Subprocessor to Process Company Personal Data other than with Company’s prior written consent, which Company may refuse in its absolute discretion.

5.2. Subprocessor Requirements. With respect to each Subprocessor, Provider shall: (a) provide Company with relevant details of the Processing to be undertaken by the Subprocessor; (b) carry out adequate due diligence on each Subprocessor to ensure that it is capable of providing the level of protection for Company Personal Data as is required by this Schedule and Data Protection Laws; (c) ensure that the Subprocessor’s Processing is carried out under a written contract with Provider imposing on the Subprocessor obligations no less restrictive than those imposed on Provider under this Schedule; (d) insofar as that contract involves a Restricted Transfer, ensure that such Restricted Transfer is conducted in accordance with Data Protection Laws and Company’s instructions; and (e) remain fully liable to Company for the acts or omissions of its Subprocessors, including any failure to fulfil its obligations in relation to the Processing of any Company Personal Data.

5.3. Notice and Objection. Provider shall provide sixty (60) days’ prior written notice to Company of any addition or replacement of a Subprocessor. If Company objects to Provider’s proposed use of a new Subprocessor, Provider and Company shall work together in good faith to find a mutually acceptable resolution to such objection before Provider engages the Subprocessor. If the Parties are unable to reach a mutually acceptable resolution within thirty (30) days after such written notice, Company may terminate the Agreement and cancel the Services by providing written notice to Provider and receive a refund of any prepaid fees under the Agreement.

6. DATA SUBJECT RIGHTS. Provider shall promptly notify Company upon (and in no event later than two (2) business days after) receipt of any request from a Data Subject in relation to Company Personal Data (e.g., requests for access, anonymization, data portability, correction, erasure, etc.) or any other communication or complaint of a Data Subject relating to Company Personal Data. Provider shall not respond to any such Data Subject communication except in compliance with Company’s prior written instructions. Provider shall promptly and without undue delay provide such cooperation and assistance and take such action as Company may reasonably request (including assistance by appropriate technical and organizational measures) to allow Company to fulfill its obligations under Data Protection Laws in respect of such requests or complaints, including, without limitation, meeting any deadlines imposed by such obligations.

7. DATA PROTECTION IMPACT ASSESSMENTS AND PRIOR CONSULTATION. In the event that Company considers that the Processing of Company Personal Data requires a data protection impact assessment or consultation with a Data Protection Authority to be undertaken under Data Protection Laws, following written request from Company, Provider shall provide relevant information and reasonable assistance to Company to fulfill such request.

8. COOPERATION WITH DATA PROTECTION AUTHORITIES. Provider shall promptly and without undue delay notify Company of any inquiries, requests, investigations, or proceedings by Data Protection Authorities that Provider receives or becomes aware which relate to the Processing of Company Personal Data, the provision or receipt of the Services, or either Party’s obligations under this Agreement, unless prohibited from doing so by applicable law or by the Data Protection Authority. If Provider or Company receive such an inquiry or request from a Data Protection Authority, Provider shall promptly and without undue delay provide Company with such cooperation and information as Company may reasonably request to satisfy such inquiry or request. Unless Company notifies Provider that Provider will be responsible for handling a particular communication or correspondence with a Data Protection Authority or a Data Protection Authority requests in writing to engage directly with Provider, Company will handle all communications and correspondence relating to Company Personal Data. Where Provider interacts directly with a Data Protection Authority in accordance with this Section, Provider shall do so in an open and cooperative way and in consultation with Company.

9. DELETION OR RETURN OF COMPANY PERSONAL DATA. Within thirty (30) days of (a) Company’s request, (b) the date that Company Personal Data is no longer reasonably necessary for Provider’s performance under the Agreement, or (c) the termination or expiration of the Agreement, whichever occurs first, Provider shall, at Company’s option, either return or securely destroy all Company Personal Data, including all copies and excerpts thereof, in Provider’s possession and/or control (including any Company Personal Data in the possession of Provider’s Subprocessors). Upon Company’s request, Provider shall certify to Company in writing that Provider has fully complied with the foregoing obligations. Provider may retain Company Personal Data to the extent required by applicable law, provided that Provider shall ensure that such Company Personal Data is kept confidential and only Processed as necessary for the purpose specified in such applicable law requiring its storage and for no other purpose. Notwithstanding any earlier termination or expiration of the Agreement, the terms of this Schedule shall continue to apply to all Company Personal Data for so long as it is Processed by Provider or any Subprocessor.

10. RELEVANT RECORDS AND AUDIT RIGHTS. Upon Company’s request, Provider shall promptly make available to Company all information reasonably necessary to demonstrate compliance with this Schedule and Data Protection Laws. In addition to any audit rights granted pursuant to the Agreement (if any), Provider shall allow for and contribute to audits, including inspections, by Company, any Company Affiliate, or an auditor mandated by Company (“Mandated Auditor”) of any relevant records or premises where the Processing of Company Personal Data takes place in order to assess compliance with this Schedule, and shall provide reasonable access to Company or the Mandated Auditor to inspect, audit, and copy any relevant records, processes, and systems documents in order that Company may satisfy itself that the provisions of this Schedule and Data Protection Laws are being complied with. If Provider is found to be in breach of this Schedule, Company has the right to immediately terminate this Agreement, including any applicable Order, without penalty.

11. TRANSFER OF PERSONAL DATA. All Restricted Transfers shall be conducted in accordance with Company’s instructions and, where relevant, the Standard Contractual Clauses, or as otherwise instructed by Company. Provider agrees to cooperate with Company to amend this Schedule or implement any transfer mechanism as may be necessary for compliance with Data Protection Laws, including by entering into additional or updated Standard Contractual Clauses approved by the European Commission for purposes of a Restricted Transfer.

12. INDEMNIFICATION; LIABILITY.  Provider agrees to indemnify, defend, and hold harmless Company, its Affiliates, and their respective subsidiaries, directors, officers, employees, contractors, agents, and successors and assigns against all damages, losses, penalties, expenses, other liabilities including reasonable attorneys’ fees, and all associated actions, claims, demands and proceedings arising from or relating to any act, omission, default or negligence of Provider or any Subprocessor relating to the Processing of Company Personal Data or to a Security Incident. This indemnification will be subject to the same process for handling indemnification claims as set forth in the Agreement. Notwithstanding the limitation of liability clause or any other provision of the Agreement, any liability cap or exclusion from liability therein will not apply to liabilities arising under this Schedule.