Medidata Services Agreement and Statement of Work

1.DEFINITIONS

“Affiliate” means any corporation or other business entity controlled by, controlling, or under common control with Customer or Medidata, as applicable. For this purpose, “control” means (i) direct or indirect beneficial ownership of fifty (50%) percent or more of the voting control, or (ii) the power to direct or cause the direction of the management and policies of such corporation or other business entity.

“Application Services” means Medidata’s provision of (i) access to Medidata software applications and Documentation to Customer and its Authorized Users via Medidata’s hosted portal applications; (ii) the hosting and support services for such applications; and (iii) Medidata's implementation of any applicable Improvements.

“Authorized Affiliate” means any Affiliate of Customer authorized by Customer to receive Services under the Agreement by entering into a Sales Order, subject in all cases to each such Affiliate being bound by the terms and conditions of the Agreement. Customer shall provide Medidata with advance written notification of any Authorized Affiliates. References in this Agreement to “Customer” shall mean, collectively, Customer and each of its Authorized Affiliates.

“Authorized Users” means employees, site investigators, study subjects, contractors and third party service providers of Customer, authorized by Customer to access the Subscription Services.

“Confidential Information” means all information provided by the disclosing party to the receiving party or any of its Affiliates for use in connection with the Services or this Agreement, including the terms and conditions of this Agreement, but does not include information that (i) the receiving party already knows prior to its disclosure by the disclosing party; (ii) becomes generally available to the public, except as a result of disclosure by the receiving party in violation of this Agreement; or (iii) becomes known to the receiving party on a non-confidential basis from a source other than the disclosing party.

“Customer Data” means the information that Customer and its Authorized Users have submitted, made available, stored and/or processed in conjunction with utilizing the Services, before or after the Effective Date. In addition, Customer Data includes information relating to Customer's protocols, third-party contracts, third-party data and other descriptive data. Customer Data excludes [***].

“Customer Infringement Event” means (i) use of the Subscription Services other than as set forth herein and in the then-current version of the Documentation; (ii) combination, operation or use with software, information, data, or other materials, not approved or supplied by Medidata, if infringement (including, without limitation, contributory infringement) would have been avoided by use without such software, hardware, information, data, or other materials; or (iii) use of a superseded release of the Subscription Services if the infringement would have been avoided by use of the most current release of the Subscription Services made available by Medidata.

“Device Provisioning” means mobile technology device rental to Customer solely for Authorized Users’ provision of Customer Data for the applicable study during the Sales Order term in conjunction with Application Services, including: (i) device configuration setup, limited to pre-installed apps and (ii) shipment to/from the Customer specified destination.

“Device Services” means mobile device provisioning to Customer for use in conjunction with Application Services, including (i) Device Provisioning and/or (ii) Device Support.

“Device Support” means managed service call center support for Authorized Users of Device Services (sites, patients and monitors).

“Documentation” means Medidata’s online technical or functional user guides for the operation of the Subscription Services, as modified from time to time.

“iMedidata” means the hosted portal application (or any such successor application however named) provided, operated and controlled by Medidata, through which Authorized Users create or maintain accounts to access the Application Services.

“Improvements” means all updates, enhancements, error corrections, bug fixes, release notes, upgrades and changes to the Services, including derivative works thereof, as developed by Medidata from time to time (without use of Customer Confidential Information (except as set forth in Section 7.4)) in its sole discretion and made generally available for production access or use to Medidata’s customers.

“Instructions” means all provisions of this Agreement, any Sales Orders, and any written amendments to either, concerning the processing of Customer Data.

“Intellectual Property Rights” or “IPR” means all rights, title and interest to or in patent, copyright, trademark, service mark, trade secret, business or trade name, know-how and rights of a similar or corresponding character.

“Managed Services” means Medidata’s provision of guidance, analytics and reporting services in conjunction with Application Services on behalf of Customer.  

“Non-Production Environment” means a non-production URL computing environment of the most current version of the Application Services that is not used to collect live Customer Data.

“Personal Data” means any Customer Data relating to an identified or identifiable natural person, as defined under Privacy Laws. Without limitation of the foregoing, an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to such person’s physical, physiological, mental, economic, cultural or social identity.

“Professional Services” means the implementation and related consulting services provided by or on behalf of Medidata to Customer during a specific period(s) of time for a fixed fee(s), unless otherwise agreed in a Sales Order(s).

“Privacy Laws” means all laws and regulations, including laws and regulations of the United States and European Union, the European Economic Area and their member states, applicable to the Processing of Personal Data under the Agreement, including the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), all as amended from time to time.

“Sales Order” shall mean the ordering documentation, including any exhibit, schedule or document attached to or referencing this Agreement, setting forth the specific Services to be provided by Medidata to Customer.

“Services” means the provision and development of the Subscription Services and the Professional Services, including any Improvements thereto, provided by Medidata to Customer.

“Subscription Services” means the Application Services, Managed Services, Device Services, or other subscription services, and any Combined Data (defined below) therein, provided by Medidata to Customer.

“Tax(es)” means any applicable services, sales, use, excise, goods, property, goods and services, value added (including proxy value added taxes), withholding, or other taxes or duties, whether international, national, state or local, which are levied or imposed by reason of the provision of the Services, excluding taxes on Medidata’s net income.

2.ACCESS TO THE SUBSCRIPTION SERVICES

2.1Access. Customer shall access, and shall enable access to, the Subscription Services for use only by Customer and Authorized Users for Customer’s internal business purposes, including research and commercial analytics, in accordance with a Sales Order, and not for the benefit of any third party or for any other purpose. Customer and its Authorized Users shall access the Application Services and any Combined Data solely through Medidata’s hosted portal applications. Unless otherwise agreed upon by the parties in an applicable Sales Order, Customer shall have no other access to the Application Services and any Combined Data and shall not be entitled to download or otherwise receive a copy of the Application Services or any Combined Data. Customer shall be liable for the acts and omissions of all Authorized Affiliates and Authorized Users relating to this Agreement.

2.2Access Restrictions. Customer shall not (i) modify, copy, translate or create any derivative works based on the Subscription Services; (ii) remove or alter any copyright notices, trademarks or other proprietary rights notices affixed to or contained within the Subscription Services; (iii) use the Subscription Services to provide hosting, service bureau, time sharing, outsourcing or other commercial services on behalf of any third parties; (iv) use or knowingly permit the use of any security testing tools in order to probe, scan or attempt to penetrate or ascertain the security of the Subscription Services; or (v) attempt to gain access to the Subscription Services or related systems or networks in a manner not set forth in the Documentation. Customer shall take all reasonable precautions to prevent any compromise of the security, integrity, or availability of the Customer Data or of any Medidata network or system. Customer shall notify Medidata without undue delay if Customer has reason to believe that such a compromise has occurred or is likely to occur. For the avoidance of doubt, such reasonable precautions include, without limitation, implementing routine scanning of systems using then-current virus scanning software and virus profiles, maintaining industry-standard security protections for any browsers or other software used to access the Subscription Services, and ensuring that all endpoints that connect to Medidata's systems are secure. Customer will cooperate with Medidata and provide necessary information to Medidata to prevent, investigate and remediate the compromise of the security, integrity, or availability of the Customer Data, or of any Medidata network or system. If Customer fails to comply with the requirements of this Section, Medidata may prevent Customer from accessing the Subscription Services until acceptable security controls are implemented. Customer shall only enable access to and allow use of the Subscription Services in accordance with the Documentation.

2.3Non-Production Use. Customer and its Authorized Users may have access to Application Services in a Non-Production Environment, as set forth in a Sales Order. Use of Application Services in a Non-Production Environment is provided “AS IS,” with respect to its performance. Section 11.1 of this Agreement shall not apply with respect to Application Services provided in a Non-Production Environment.

2.4Medidata Single Sign-On Integration Requirements. Where Customer elects to create a single sign-on (“SSO”) integration with iMedidata® (“SSO Integration”) for use with Customer’s credential authorization system, it agrees to: (i) apply minimum technical requirements and comply with the acceptable use parameters (e.g., requirements for usernames, passwords, password reset, end point maintenance, and testing environments) set forth in https://www.medidata.com/en/medidata-policies/, as may be updated on reasonable notice by Medidata (“SSO Specifications”); (ii) promptly notify Medidata of errors or vulnerabilities discovered in Customer’s SSO Integration (to ***@***); and (iii) assist Medidata with verifying Customer’s adherence to the SSO Specifications, including permitting an audit up to once annually on 45-day notice, or such audits as are required for cause. The SSO Integration may be terminated by Medidata on reasonable notice in its sole discretion.

3.COMPLIANCE

3.1Applicable Laws. Each party shall comply with laws and regulations that affect its business generally and the provision or receipt of the Services pursuant to the Agreement, including any applicable anti-bribery, export control, clinical research (including generally accepted standards of good clinical practices (“GCP”) and Privacy Laws). Customer shall not use the Services in violation of applicable laws.

3.2Industry-Specific Customer Duties with Respect to the Services.  Customer shall:

3.2.1be solely responsible, and assume all liability for, all operational aspects, decisions, results, and outcomes of its clinical trial(s) and related businesses including, as applicable (i) the design, structure and content of all protocols for clinical trials conducted pursuant to this Agreement; (ii) obtaining the legal basis for processing Customer Data, such as gaining consents or providing notices for study participants and Authorized Users required under Privacy Laws or GCP; (iii) the collection, quality and accuracy of Customer Data, including determination of the specific data collected; (iv) data protection agreements with any other controllers; (v) the manufacture, supply and handling of investigational products; (vi) regulatory submissions; and (vii) ensuring that Customer Data accessible via the Services is accessed only by appropriate Authorized Users;

3.2.2obtain and provide Medidata with relevant information and materials, including protocols and amendments, data, third party licenses (including for specific medical dictionaries) or consents, and timely feedback, as reasonably required in order for Medidata to provide the Services; and  

3.2.3be responsible for having in place backup processes and mechanisms to perform critical functions to support the safety of subjects or uninterrupted clinical trial operations in the event of an unexpected outage.

4.SERVICES.

4.1Sales Orders. Medidata shall perform Services in accordance with Medidata standard processes and policies and its Quality Management System (“QMS”). Medidata and Customer shall agree on the scope of Services, including any applications, clinical trial study and other non-study consulting parameters and fees, as well as assumptions, boundaries and service constraints. Prior to any material deviation from the Sales Order, the parties must authorize a written change order setting forth the additional scope of Services. Without limiting the generality of the foregoing, Medidata shall have no obligation to perform Services, and Customer shall have no obligation to accept or receive Services, until such time as the parties have entered into and executed a Sales Order or change order, as applicable.

4.2Subcontractors. Except as limited in the Data Processing Exhibit, [***]. Any subcontracting shall not relieve Medidata from its obligations under this Agreement and Medidata shall be fully responsible and liable for any acts or omissions of its subcontractors in the performance of any Services.

5.HOSTING AND SUPPORT SERVICES / SERVICE LEVEL COMMITMENTS  

Medidata shall provide access to and support of the Application Services in accordance with the Hosting and Support Services Policy posted at https://www.medidata.com/en/policies. This Hosting and Support Services Policy provides specific service level commitments which Medidata agrees to meet or exceed during the Term. Medidata shall actively monitor its compliance with these service commitments in accordance with the policy.

Medidata’s Services are designed and conducted in accordance with its QMS which specifies the parties’ roles and responsibilities and is designed to assist Customer in satisfying its compliance obligations under GCP and/or good post-marketing study practice. Medidata’s QMS is captured through a set of controlled documents, maintained within Medidata’s regulatory compliant electronic document management system. These Quality System Documents (“QSDs”) are developed and maintained in accordance with applicable national and international regulatory requirements and industry standards and best practices. The QSDs include policies, standard operating procedures, work instructions, and other forms and templates. Medidata maintains Regulatory and Audit Policies posted at https://www.medidata.com/policies.

7.INTELLECTUAL PROPERTY; DATA RIGHTS

7.1Title to Services. Medidata and its licensors own all IPR in and to the Services and Documentation. Full ownership of the Services (including in each case any Improvements) are and shall remain the proprietary, copyrighted and trade secret property of Medidata and its licensors. Notwithstanding the foregoing, Customer shall be entitled to independently develop procedures, test scripts, test scenarios, reports and interfaces using application programming interfaces provided by Medidata as part of the Application Services. Medidata reserves to itself all IPR not expressly granted pursuant to this Agreement. Medidata retains all IPR in reports or other materials provisioned to Customer in conjunction with the Services (e.g., incorporated functionality or formatting), exclusive of Customer Data.  

7.2Materials. Each party retains all IPR in and to all previously existing or newly created materials, methodologies, operating and applications software, programs, architecture data, processes, methods, creations, developments and technical information and intellectual property developed (“Developments”) by such party, provided any newly created materials do not use or rely on the Confidential Information of the other party other than as expressly set forth in this Agreement or any Sales Order.

7.3Customer Data. All right, title and ownership of Customer Data, including any derivatives thereof, is and shall remain solely and exclusively vested in Customer, including all IPR relating thereto. Medidata shall process Customer Data for the purpose of providing the Services to Customer pursuant to the Instructions.

7.4Medidata Uses. Medidata will also process Customer Data in order to combine it with other data for inclusion in Medidata’s analytical, statistical or benchmarking services (“Medidata Uses”). [***] (the “Combined Data”). The Medidata Uses are at Medidata’s sole risk, and Medidata shall not rely upon Customer’s legal basis in providing any Personal Data to Medidata for the Medidata Uses (e.g., patient consent). Medidata represents and warrants that all Medidata Uses are permitted by Privacy Laws. In addition, the Combined Data shall not disclose, or permit the identification of, any of Customer’s Personal Data, Customer’s identity or Customer’s Confidential Information. The Instructions include that Medidata shall anonymize the Combined Data.

7.5Customer Access to Combined Data. Customer shall only access or use Combined Data as set forth in Sections 2.1, 2.2 and 9.6 of this Agreement and as set forth in a Sales Order. Upon termination or expiration of the applicable Sales Order term, Customer shall (i) cease using the Combined Data and any derivatives; and (ii) destroy or return all copies or extracts thereof to Medidata. Customer represents and warrants that, with respect to Combined Data, it has implemented business processes that specifically prohibit reidentification, and that it will not, and will not permit any entity or person to, reidentify or attempt to reidentify any individual or the source of any data contained within the Combined Data (e.g., through combination with external data sources).

8.PAYMENT TERMS

8.1Payment and Fees. Customer agrees to pay the fees set forth in the Sales Order(s) and in the manner set forth therein. Except as specifically set forth to the contrary under Article 11 (Limited Warranties and Exclusions) and Article 13 (Indemnification), all payment obligations under any Sales Order(s) are non-cancelable and all payments made are non-refundable. Medidata shall electronically invoice Customer at the e-mail address provided by Customer. Customer shall pay all invoices in US dollars or such other currency reflected in the Sales Order within [***].

8.2Taxes.  

8.2.1Except as otherwise agreed in an applicable Sales Order, the fees do not include any Taxes. For purposes of reporting or collecting any present or future Taxes owed with respect to or as a result of this Agreement, Customer agrees to treat the Subscription Services as a service (and not as “royalties”) and any amounts owed or owing under Section 8.1 as payments for fees from the provision of services. If Medidata has a legal obligation to pay or collect Taxes for which Customer is responsible under Section 8.2.1, Medidata shall invoice the appropriate amount to Customer, unless Customer provides Medidata with a valid tax exemption certificate authorized by the appropriate taxing authority.

8.2.2All payments shall be made to Medidata without deductions or withholding based on any Taxes, unless agreed upon in advance by the parties. If the parties agree that payments made pursuant to Section 8.1 of this Agreement are properly subject to withholding under applicable laws, Customer agrees to provide Medidata with any information, certification, or other documentation as may reasonably be necessary to mitigate, reduce or eliminate any Tax that could be imposed that are attributable to fees paid to Medidata under this Agreement, including (but not limited to) cooperation in obtaining relief or exemption under the applicable double taxation treaty or the claiming of foreign tax credits.

9.TERM AND TERMINATION

9.1Term. This Agreement shall commence on the Effective Date and continue unless terminated earlier in accordance with the provisions of this Article 9 (the “Term”). Upon execution of any Sales Order, neither party shall have the right to terminate such Sales Order, except as provided in Section 9.2 (Termination for Material Breach) and Section 9.4 (Termination of Sales Orders for Cancelled Studies).  

9.2Termination for Material Breach. In the event either party defaults in any material obligation in this Agreement or a Sales Order, the non-defaulting party shall give written notice of such default. If the party in default has not cured the default within [***] of receipt of the notice, the non-defaulting party may terminate this Agreement or the applicable Sales Order by delivering notice thereof to the defaulting party.

9.3Termination for Insolvency. Either party may terminate this Agreement, effective immediately upon written notice, in the event that the other party: (i) makes a general assignment for the benefit of creditors; (ii) institutes proceedings seeking relief or reorganization under any laws relating to bankruptcy or insolvency; or (iii) has a court of competent jurisdiction appoint a receiver, liquidator or trustee over all or substantially all of such party’s property or provides for the liquidation of such party’s property or business affairs.

9.4Termination of Sales Orders for Cancelled Studies. In the event that a regulatory agency withdraws authorization and approval to conduct an individual study which is the subject of a Sales Order under this Agreement or Customer reasonably determines that a study should terminate or be transferred from Customer to a clinical research organization that has been accredited by Medidata pursuant to Medidata’s partner accreditation program, Customer may terminate the applicable single study Sales Order. In the event of a study termination or such transfer, Customer shall notify Medidata via the Study Termination Request Form posted at https://www.medidata.com/en/study-termination-form/. Such notification must be electronically signed by an authorized officer, or other duly authorized representative of Customer, and must be received by Medidata at least [***] in advance of the effective date of such study cancellation.  For the avoidance of doubt, this Section 9.4 does not apply to multi-study Sales Orders.

9.5Study Suspension. In the event that Customer reasonably determines that a study must be suspended, then Customer may suspend the applicable single study Sales Order (but not, for the avoidance of doubt, a multi-Study Sales Order) in accordance with the Study Postponement and Suspension Policy posted at https://www.medidata.com/en/study-postponement-suspension-policy.

9.6Effect of Termination. Termination of this Agreement or a Sales Order shall terminate all Services provided by Medidata thereunder, and Customer and its Authorized Users shall cease all use of the applicable Services on the effective date of termination. Medidata shall invoice for Services rendered through the effective date of termination and any non-cancellable third-party fees accrued by Medidata in the provision of the Services prior to the effective date of termination. Notwithstanding the foregoing, if, upon the expiration of the Term or any termination of this Agreement for any reason other than termination by either party under Section 9.2 for a material breach by the other party, there are Sales Orders for ongoing Services which were effective prior to the effective date of such expiration or termination of this Agreement, the terms and conditions of this Agreement shall remain in full force and effect with regard to any such Sales Order(s) until the expiration or termination thereof.

9.7Return of Data Post Termination. Medidata shall provide Customer with access to the Application Services during the term of the Sales Order for the purpose of downloading Customer Data in a durable format. If Customer Data is not available for download through the Application Services, upon request from Customer during the Sales Order term Medidata will deliver Customer Data to Customer in a durable format. If Customer requires Medidata’s assistance to access Customer Data upon the expiration or termination of the Sales Order, Customer may acquire Medidata’s Services pursuant to a separately executed Sales Order.

10.CONFIDENTIALITY

All Confidential Information disclosed under this Agreement shall remain the exclusive and confidential property of the disclosing party. The receiving party shall not disclose to any third party the Confidential Information of the disclosing party and shall use at least the same degree of care, discretion and diligence in protecting the Confidential Information of the disclosing party as it uses with respect to its own confidential information. The receiving party shall limit access to Confidential Information to: (i) its employees, consultants and advisors on a need-to-know basis and shall instruct those persons to keep such information confidential and (ii) auditors who are bound by confidentiality obligations.  Medidata may disclose Customer’s Confidential Information on a need-to-know basis to (x) Medidata's subcontractors who are performing the Services, provided that Medidata shall remain liable for any unauthorized disclosure of Customer’s Confidential Information by those subcontractors and (y) employees of Medidata’s Affiliates, provided such employees are instructed to keep the information confidential as set forth in this Agreement. If the receiving party is compelled to disclose any of the disclosing party’s Confidential Information by court order or government regulation, it shall disclose only that portion thereof which it is compelled to disclose and shall reasonably cooperate with the disclosing party’s efforts to obtain an order or other reliable assurance that confidential treatment will be accorded to the Confidential Information so disclosed. Subject to any applicable regulatory requirements, following receipt of a written request, the other party shall return to the requesting party, in whole or in part, the Confidential Information that has been disclosed in tangible form. A party may retain a copy of Confidential Information solely for archival purposes or applicable regulatory requirements.  

11.LIMITED WARRANTIES AND EXCLUSIONS

11.1Medidata Warranties. Medidata warrants to Customer that during the Term, the Subscription Services (i) will perform materially in accordance with the Documentation when used and accessed in accordance with the terms and conditions of this Agreement and (ii) the functionality of the Subscription Services will not be materially decreased. Customer shall provide Medidata with prompt notice of any claim under the warranties set forth above and, if applicable, provide Medidata with reasonable assistance required for Medidata to identify and repair any performance issues with the Subscription Services. Customer’s sole and exclusive remedy for a breach of this warranty shall be that Medidata shall be required to use commercially reasonable efforts to provide modifications or fixes with respect to any noncompliant Subscription Services. If Medidata is unable to remedy the noncompliant Subscription Services, then Medidata shall refund pro-rata amounts paid by Customer to Medidata under the applicable Sales Order for such noncompliant Subscription Services and terminate Customer’s access thereto.

11.2Exclusions. Medidata is not liable for: (i) an Authorized User’s use of the Subscription Services not in accordance with this Agreement or Sales Order; (ii) use of the Subscription Services by Customer with third party data, software or hardware which is incompatible with the Subscription Services or not recommended by Medidata; (iii) reduced performance or non-availability of the Subscription Services as a result of Customer’s  network connections; or (iv) errors in the Subscription Services resulting from Customer’s configuration of the Subscription Services, in each case not specifically recommended in writing by Medidata.

11.3Mutual Warranties. Each party represents and warrants to the other party that: (i) such party has the full corporate power and authority to execute and deliver this Agreement and to consummate the transactions contemplated hereby and has taken all necessary corporate action to authorize the execution and delivery of this Agreement and (ii) this Agreement is and shall be the legal, valid, and binding obligation of such party and shall be enforceable in accordance with its terms.

11.4Disclaimer. It shall be Customer’s responsibility for determining the suitability of the Services for Customer’s use. except as expressly stated in [***], AND TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, MEDIDATA AND ITS LICENSORS MAKE NO, AND HEREBY DISCLAIM ANY, REPRESENTATION, WARRANTY OR GUARANTY, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO THE SERVICES PROVIDED UNDER THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTY: (1) of merchantability; (2) of fitness for a particular purpose; (3) arising from course of performance, course of dealing, or usage of trade; or (4) Of Non-Inringement of Third Party Rights. EXCEPT AS SET FORTH IN [***], the SERVICES ARE provided without any further warranties of any kind. medidata and its licensors make no warranty that operation of the SUBSCRIPTION SERVICES will be uninterrupted or error free or that all defects will be corrected.

12.DISCLAIMERS OF DAMAGE AND LIMITATIONS OF LIABILITY

12.1Limit on Liability. For all claims by either party against the other party, except with respect to [***], whether such claims are made in contract, tort, strict liability, or otherwise, the injured party’s potential recovery in any [***] period shall be limited to [***] damages suffered by such party up to [***] during the [***] prior to such claim(s) for the specific Service(s) giving rise to such claim(s); and (ii) with respect to breaches of [***], an additional amount equal to [***] during the [***] prior to such claim(s) for the specific Service(s) giving rise to such claim(s) (the “[***] Cap”).

12.2Exclusions to the Limitation on Liability. The limitations in Section 12.1 shall not apply to: [***].

12.3Medidata Liability for Security Incidents. In the event of a Security Incident (as defined in Section 7.2 of the Data Processing Exhibit to this Agreement) that is the direct result of the failure of Medidata to comply with the terms of this Agreement, Medidata shall bear [***]. Medidata and Customer shall mutually agree on the content and timing of any such notifications, in good faith and as needed to meet applicable legal requirements. Notwithstanding the preceding sentence, the parties agree that Medidata shall have no obligation to send notification letters or provide credit monitoring for Customer unless such letters are legally required or otherwise reasonably required to alert individuals of potential harm.

12.4Disclaimer of Certain Damages. IN NO EVENT SHALL CUSTOMER OR MEDIDATA OR ITS AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFIT OR COSTS OF SUBSTITUTE SERVICES) SUFFERED BY EITHER PARTY, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EVEN IF THE OTHER PARTY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY, OR HAS CONSTRUCTIVE KNOWLEDGE, OF SUCH DAMAGES, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE. The foregoing exclusion shall not apply to claims for [***]; provided, however, that any consequential damages recovered by Customer or Medidata for claims pursuant to Article 10 will be subject to [***]. For the avoidance of doubt, any claim as a result of a breach of Article [***].

13.INDEMNIFICATION.

13.1Medidata Indemnity.

13.1.1Infringement. Subject to Section 13.3, Medidata will defend Customer against any third party claim and will indemnify Customer from any resulting damage awards, settlement amounts and reasonable attorney’s fees in any cause of action to the extent such cause of action is based on a third party claim alleging that the Subscription Services, as provided by Medidata and used in accordance with the terms of this Agreement, infringe upon any Intellectual Property Rights of a third party. The foregoing infringement indemnity will not apply and Medidata will not be liable for any damages assessed in any cause of action to the extent such cause of action arises from a Customer Infringement Event or Medidata’s use of Customer Data as contemplated by this Agreement. If any Subscription Service is held or believed to infringe on any third party’s Intellectual Property Rights, Medidata may, in its sole discretion, (i) [***], (ii) [***], or (iii) if neither (i) nor (ii) are practical, terminate the applicable Sales Order as to the infringing Service and return to Customer any unearned fees prepaid by Customer to Medidata.

13.1.2Indemnity for Medidata Uses. Subject to Section 13.3, Medidata will defend Customer against any third party claim and will indemnify Customer from any resulting damage awards or settlement amounts in any cause of action to the extent such cause of action is based on a third party claim alleging Medidata Uses as set forth in Section 7.4 violate Privacy Laws.  

13.2Customer Indemnity. Subject to Section 13.3, Customer will defend and will indemnify Medidata against any third party claim and from any resulting damage awards, settlement amounts and reasonable attorney’s fees in any cause of action arising out of or relating to: (i) the occurrence of a Customer Infringement Event; (ii) any claim that any materials, software, or other items provided to Medidata by Customer infringes a third party’s Intellectual Property Rights; (iii) [***]; or (iv) breach of Section 2.4.

13.3Procedures. The indemnities set forth in this Agreement are conditioned on the following: (i) the party claiming indemnification (the “Indemnitee”) shall promptly notify the indemnifying party (the “Indemnitor”) of any matters in respect of which it seeks to be indemnified, and shall give the Indemnitor full cooperation and opportunity to control the response thereto and the defense thereof, including without limitation any settlement thereof; (ii) the Indemnitor shall have no obligation for any claim under this Agreement if the Indemnitee makes any admission, settlement or other communication regarding such claim without the prior written consent of the Indemnitor, which consent shall not be unreasonably withheld; and (iii) the Indemnitee’s failure to promptly give notice to the Indemnitor shall affect the Indemnitor’s obligation to indemnify the Indemnitee only to the extent the Indemnitor’s rights are materially prejudiced by such failure. The Indemnitee may participate, at its own expense, in such defense and in any settlement discussions directly or through counsel of its choice. Each party will take all reasonable steps to mitigate any potential damages. If both the Indemnitor and the Indemnitee are negligent or otherwise at fault, or strictly liable without fault, then the indemnification obligations under this Article 13 shall continue, but the Indemnitor shall indemnify the Indemnitee only for the percentage of responsibility for the damage or injuries attributable to the Indemnitor.

13.4Effect. THIS ARTICLE 13 STATES MEDIDATA’S ENTIRE LIABILITY AND Customer’S EXCLUSIVE REMEDY FOR THIRD-PARTY INFRINGEMENT AND/OR MISAPPROPRIATION, WHETHER SUCH ACTION, CLAIM OR PROCEEDING IS BASED ON BREACH OF WARRANTY OR ANY OTHER CAUSE OF ACTION. EXCEPT AS STATED ABOVE, MEDIDATA DISCLAIMS ALL INDEMNITIES, EXPRESS, IMPLIED OR STATUTORY FOR INTELLECTUAL PROPERTY INFRINGEMENT AND/OR MISAPPROPRIATION.

14.DATA PRIVACY AND SECURITY

14.1 Data Privacy.

14.1.1Customer Representations. Customer represents that it is responsible for the legal basis under Privacy Laws of any Personal Data in the Customer Data made available to Medidata for processing pursuant to the Instructions. Customer agrees that, as between the parties, it is responsible for compliance as the data controller (or data exporter) under Privacy Laws with respect to the Services.

14.1.2Medidata’s Responsibilities. Medidata shall process Customer’s  Personal Data pursuant to the Instructions, including as set forth in Medidata’s Data Processing Exhibit, inclusive of the Standard Contractual Clauses where applicable, which are incorporated herein by reference. Customer’s Instructions are inclusive of all processing required to execute the Instructions. As set forth in the Data Processing Exhibit, Medidata agrees that it is responsible for compliance as the data processor (or data importer) under all Privacy Laws with respect to the Services.

14.1.3Inapplicability of HIPAA. [***]

14.1.4Unauthorized Disclosure. Without limitation of Medidata’s obligations set forth in the Data Processing Exhibit, if either party believes that there has been a material disclosure under Privacy Law of Customer Data to anyone other than an authorized party or Medidata, such party must promptly notify the other party. For the purposes of this Section and the Data Processing Exhibit, Medidata shall notify Customer at ***@***. Additionally, each party will reasonably assist the other party in remediating or mitigating any potential damage, including any notification required under applicable Privacy Laws to be sent to individuals impacted or potentially impacted. Subject to Article 12, each party shall bear the costs of such remediation or mitigation to the extent the breach or Security Incident was caused by it.

14.2Data Security

14.2.1Business Continuity; Disaster Recovery. Medidata maintains a commercially reasonable business continuity and disaster recovery plan and will follow such plan.

14.2.2Data Security. Medidata utilizes administrative, physical and technical safeguards to protect Customer Data that are no less rigorous than accepted industry practices. Medidata verifies such physical and technical safeguards as described at https://www.medidata.com/en/trust-and-transparency/.

15.MISCELLANEOUS

15.1Assignment. Except for either party’s right to transfer this Agreement to an Affiliate, neither this Agreement nor any of the rights or obligations hereunder may be transferred or assigned directly or indirectly by either party without the prior written consent of the other party, which consent shall not be unreasonably withheld. Notwithstanding the foregoing, either party may transfer or assign this Agreement in connection with a sale of all or substantially all of its assets that relate to this Agreement or in connection with a change of control of such party.

15.2Waiver. The failure of either party to enforce any of the provisions of this Agreement shall not constitute a waiver of the provisions or of the right of the party to enforce each and every provision contained in this Agreement.

15.3Severability. If any provision of this Agreement for any reason shall be declared void, illegal, invalid or unenforceable in whole or in part, such provision shall be severable from all other provisions herein and shall not affect or impair the validity or enforceability of any other provisions of this Agreement.

15.4Survival. The following provisions shall survive expiration or termination of this Agreement for any reason: Articles and Sections 7, 8, 9.6, 10, 12, 15.6 and 15.7.

15.5Force majeure. Neither party shall be liable for any delay or failure to perform its obligations under this Agreement (except for Customer’s obligation to pay fees to Medidata pursuant to Section 8.1 during the pendency of the Force Majeure event) if prevented from doing so by a cause or causes beyond its reasonable control. Without limiting the generality of the foregoing, such causes include, fires, floods, storms, earthquakes, riots, terrorism, strikes, blackouts, wars or war operations, restraints of government, utility or communications failures, computer hackers, denial of service attacks, software viruses, telecommunications slow-downs or failure, erroneous data transmission, or causes which could not with reasonable diligence, including compliance with Medidata’s commercially reasonable disaster recovery plan, be controlled or prevented by the party.

15.6Governing Law; Venue. This Agreement and any disputes arising out of or relating to the Agreement shall be governed by the laws of the State of New York without giving effect to its conflict of law provisions. Any disputes that may arise between Medidata and Customer regarding the performance or interpretation of this Agreement shall be subject to the exclusive jurisdiction of the state and federal courts of [***]. The parties hereby irrevocably consent to the exclusive jurisdiction of the state and federal courts [***] and waive any claim that any proceedings brought in such courts have been brought in an inconvenient forum. THE PARTIES HEREBY IRREVOCABLY WAIVE THEIR RIGHT TO TRIAL BY JURY.

15.7Injunctive Relief. The parties acknowledge that violations of Articles 2, 7, 10 and 14.1 of this Agreement may result in irreparable harm to the non-violating party for which remedies other than injunctive relief may be inadequate, and that the non-violating party shall be entitled to seek from a court of competent jurisdiction injunctive or other equitable relief to restrain such unauthorized acts in addition to other appropriate remedies. In the event of any claimed breach of any provisions of this Agreement, and in the event a party requests any injunctive relief or other relief in equity to stop or enjoin any act or acts by the other party, the parties agree that the requesting party shall not be required to post any bond or other surety as a pre-condition to such relief being granted and enacted.

15.8Notices. All notices required to be sent or given under this Agreement shall be sent in writing and will be deemed duly given and effective (i) immediately if delivered in person, or (ii) upon confirmation of signature recording delivery, if sent via a nationally recognized overnight courier service with signature notification requested. Notices shall be sent to the addresses set forth in the initial paragraph of the Agreement, or to any other address a party may identify in writing from time to time.

15.9Publicity. Either party may publicly announce the existence of this Agreement and the general, non-confidential business terms contained herein provided that the other party has the opportunity to review and approve such announcement (such review and approval not to be unreasonably delayed or withheld).  Customer further agrees to cooperate with Medidata to issue a press release announcing Customer’s selection and/or usage of Medidata Services, the form of which shall be mutually agreed by both parties within one (1) week following the Effective Date of this Agreement.  Medidata, with Customer approval, may identify Customer as a  customer in Medidata’s promotional and informational  materials, including, website, presentations and other proposals to current and prospective customers of Medidata.

15.10Independent Contractors. Medidata and Customer shall be and shall act as independent contractors, and neither party is authorized to act as an agent of the other party for any purpose. Neither party by virtue of this Agreement shall have any right, power, or authority to act or create any obligation, express or implied, on behalf of the other party.

15.11Entire Agreement. This Agreement, including any Sales Order(s), constitutes the complete and exclusive statement of the terms and conditions between the parties, and supersedes all prior negotiations, agreements and representations. Each time a Sales Order is executed by the parties, a separate contract is formed between Medidata and Customer expressly incorporating the terms and conditions of this Agreement. The Agreement shall not be modified except by written consent of both parties. In the event of a conflict between the terms of this Agreement and those found within a Sales Order, the Sales Order shall control. Purchase orders or other similar ordering documentation submitted to Medidata by Customer will be for Customer’s internal administrative purposes only and the terms and conditions contained in any purchase order or statements of work will have no force and effect and will not amend or modify this Agreement.

15.12Counterparts. This Agreement and any Sales Order may be signed in two or more counterparts by original, .pdf (or similar format for scanned copies of documents), electronic signature or facsimile signature, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.

15.13Amendment. This Agreement may not be modified, supplemented or amended, except by a writing signed by the authorized representatives of Medidata and Customer.

15.14No Third Party Beneficiaries. Nothing in this Agreement creates, or will be deemed to create, third party beneficiaries of or under this Agreement. Customer agrees that Medidata's obligations in this Agreement are to Customer only, and Medidata has no obligation to any third party (including, without limitation, Customer's personnel, directors, officers, employees, Authorized Users and any regulatory authorities).

15.15Headings. The headings used in this Agreement are for reference only and do not define, limit, or otherwise affect the meaning of any provisions hereof.