• Brimton is the author of a software, which you are ready to use ("Software").
• The Software is designated for doctors and other qualified persons who will use the Software (the "Users", "you"), the Software is connected to a hardware device ("Device") and helps Users – doctors – with acquiring and interpreting data related to a patient and with a subsequent therapy.
• We own copyrights to the Software and hereby we authorize you to perform our copyrights (the "License") in accordance with these terms (the "Terms"). On the contrary by granting your consent you oblige to adhere to the Terms and you also confirm that you are a doctor or other qualified person.

1. Extent of Software Usage

1. These Terms determines the extent of the Software usage. We may agree on the actual individual terms of the License beforehand (e.g. number of licenses or maximum number of connected Devices).
2. The User is allowed to use the Software with one (1) account for each License purchased. Every account can administrate unlimited number of users.
3. We charge the provision of the License – we agree on the current individual terms of the consideration for the License (the "License Consideration") in the individual order beforehand.
4. The License is valid only for the limited period until the License Consideration (subscription) is expired. The License can be renewed automatically by paying the License Consideration for a next period.
5. Unless we agree in the individual order otherwise, we authorize you to use the Software in the following extent:
   1. the License is granted as a non-exclusive;
   2. the Software can be used only in its original form;
   3. the Software can be used only within the intended field of exploitation – that means only to serve the purpose of the Software, others fields of exploitation are without our consent forbidden;
   4. it is forbidden to make any changes to the Software, to combine the Software with other works or to use it as part of a compilation;
   5. you are not allowed to disseminate the Software, to lend it, to lease it or to use it in other similar exploitation, which is not in accordance with the original purpose of acquiring the Software;
   6. the Software can be installed on an unlimited number of computers.
6. The License shall not be transferred to any other third person. If you transfer the License anyway, we are entitled to cancel your License without claim to return the License Consideration or its part, which will lead to the termination of the Software's providing.

2. Usage of Software

1. You shall not make any reverse engineering or decompilation to the Software or evade the technical security means of the Software.
2. The Software shall not be used for any purpose other than we stipulated, in particular not for illegal or competitive purposes. If you use the Software for competitive purposes anyway (i.e. you will use unique principles which are used and determine our Software) you will interfere with our copyrights and with these Terms. Also it can be deemed as an unfair competition.

3. License Termination

1. We may withdraw from the License (and therefore cancel the Software's usage) in case when you:
   1. wrongfully disseminate the Software in any form;
   2. wrongfully process, change or make other change to the Software;
   3. facilitate the usage of the Software to the unauthorized person;
   4. wrongfully take advantage of the ideas and principles, configuration or used methods on which the Software stands or which the Software includes;
   5. interfere with the provision of law or with the norms of morality in any other way.

4. Compensation for Damages

1. Please take in your account that we are not liable i. e. if:
   1. the User was not entitled to upload data to the Software (in particular from the point of view of data privacy, unfair competition, etc.);
   2. the uploaded data interfere with third person's right;
   3. regarding data privacy, the user was not entitled to process and to make available the data;
   4. the uploaded data and the disposal with the data is generally at variance with law of the norms of morality;
   5. the uploaded data contain false information about third person, capable to jeopardize person's dignity, renown or reputation, eventually to evoke an invasion in any other personal aspect;
   6. the User broke the non-disclosure obligation given by laws.
2. We are also not liable for consequential, incidental or specific damages caused by the usage or not enabling the usage of the Software, including the loss of earnings, the hiatus of business or the loss of data.
3. The Software must be used by the doctor or other qualified User and shall not be deemed as a substitute of an education in the human health field. Any outcomes from the usage of the Software are to be deemed as an only not-binding recommendation and must be interpreted by the doctor or by other qualified User. We are not liable for any incorrectness or mistakes occurred in or from the acquired values. The doctor or other qualified person must always decide of the usage of the values acquired when using the Software.
4. Brimton is also not liable for any damages caused by the Device and the use of the Device is regulated in a separate agreement between User and a provider of the Device.
5. We are not liable for defects arisen from the interconnection between the Software and third party's software, i. e. for defects arisen from the non-compliance of versions or from the inadequate configuration.

5. Defects Liability

1. If you think that the Software you paid us for is defected (the extent or the quality does not match with the Terms) you are entitled to claim our liability of the Software, fully in accordance with law. If the defect proves to be repairable, you may claim reparation or a proportionate reduction in License Consideration. If the defect appears to be irreparable, you may claim a proportionate reduction in License Consideration.
2. To claim the defects, please reach us out on our e-mail: support@brimton.eu. or on our telephone number: +49 176 306 27 233. Please specify the following:
   • your contact information, the description of the defects and your request to the compensation of the defects;
   • confirmation of the payment and delivery of the Software.
3. We will settle your claim without undue delay.

6. Final Provisions

1. As a controller of your personal data we process within the meaning of Regulation (EC) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "Regulation") following personal data: name, surname, identification number, tax identification number, e-mail address, telephone number, invoicing address, bank account number. We process these data for fulfilling the purpose of our contractual relationship and eventual future assertion and defence of rights and obligations of the parties. Processing of personal data for the aforementioned purpose lasts as long as our contractual relationship lasts and then for periods given by relevant provisions of law. We may use other processors which help us with providing of and maintaining the Software.
2. According to the Regulation the User is entitled to: request information from us describing which personal data connected to you are processed and request a copy of the processed personal data; request us to grant you access to these data and have them updated or rectified, eventually request restriction of processing; object to processing based on our legitimate interest at the address support@brimton.eu; request us to destroy these personal data (we will destroy them unless it is in conflict with valid legal regulations or our legitimate interests); you have a right to court protection if you believe that your rights arising from the Regulation have been violated in the consequence of processing of your personal data in conflict with the Regulation; you have a right to file a complaint with the Office for Personal Data Protection.
3. This agreement is closed in the moment of the acceptation of these Terms in the extent which is not at variance with terms agreed by contracted parties beforehand. In case of that variance will the former agreement prevail over provisions of these Terms.
4. In case of the termination of the contractual relationship you are not entitled to return of neither the License Compensation nor its part.
5. In case that our contractual relationship will include an international element we agree that the Terms and the Data Processing Agreement are governed by German law.
6. In case of eventual disputes we agree to adjudge such dispute by relevant German court.
7. We may amend or supplement these Terms in the necessary scope, in particular as a result of a change in legal regulations, significant changes in prices of our suppliers or extension of functions of the Software. We will notify you of crucial changes by an e-mail, always at least one month before the intended day when such a change becomes effective. You may express your disapproval with this amendment of the Terms after accessing the Software where you will be visibly notified of the amendment and requested to accept it. If you express your approval with this amendment or you fail to express your approval within one month after notification, you will remain using the Software under the new conditions. If you express your disapproval, you will not be able to use the Software in the future and the contract will be in such case terminated as of the day preceding the day when the notified amendment becomes effective. Expressing disapproval shall not affect the fulfilment of previous unfulfilled obligations.

DATA PROCESSING AGREEMENT

1. Subject and Purpose of the Agreement

1. The User, as the Controller, and Brimton, as the Processor, cooperate on the basis of above mentioned Terms of the Software (hereinafter as "Service"), when the Processor provides Service for the Controller. Within such cooperation personal data are or may be transferred, when purpose of processing thereof and funds for such processing are determined and provided by the Controller and the Processor further processes the Personal Data for the Controller within this Data Processing Agreement.
2. This Agreement defines rights and duties of the Parties during such Personal Data processing.

2. Personal Data Processing

1. The Processor shall be entitled to process for the Controller the following Personal Data of Controller’s patients or clients:
   • Name and surname
   • Date of birth
   • Gender
   • Values recorded by the hardware sensor – the Device
   • Other Personal Data entered into the software by the Controller
     (hereinafter referred to as the "Personal Data").
2. The Processor shall process the Personal Data only for the purpose of providing Service and only on documented instructions from the Controller. The Processor takes into account that in the case of breach of this provision the Processor shall be considered as an controller of Personal Data.
3. The Controller makes Personal Data accessible to the Processor by inserting them into the software stored and backed up on Processor data servers.
4. The Controller shall be entitled to extend purpose of processing in accordance with law, where instruction for further processing may be notified to the Processor only in writing. E-mail communication of the Contracting Parties addressed to authorized persons shall be also considered as written form.

3. Rights and Duties of the Contracting Parties

1. The Processor undertakes to take technical, organizational and other measures that shall prevent unauthorized or accidental access to the Personal Data, their change, destruction, loss or other unauthorized treatment of the Personal Data. The Processor undertakes in particular: a) to use secured access to PC, where accesses to PC are known only to the Processor; b) to use secured access to database of Personal Data, the Processor shall be obliged to enter the accesses in such manner so that they were not displayed, stored and made available for any third party; c) to use for the processing software and services that comply with standard requirements for data security and standards set by the European Union; d) not to make copies of the database without prior consent of the Controller; e) use suitable methods of security, e.g. encryption or other convenient and necessary means always depending on particular act and data; f) not to allow access to the Data for the third parties, unless such access is approved in writing by the Controller or unless it arises herefrom; g) to maintain confidentiality regarding the Data.
2. The Processor also undertakes: a) to process the Personal Data only in such form, in which they were transferred to it by the Controller; b) to process the Personal Data only for the purpose defined hereby and solely to the extent necessary for fulfillment of such purpose; c) not to merge Personal Data obtained for different purposes; d) to keep the Personal Data only for the period set by the Controller.
3. The Processor shall be obliged to ensure that the employees and other persons authorized by the Processor to process the Personal Data processed them only in the scope and for the purpose under this Agreements and under the Regulation.
4. The Processor and the Controller undertake to observe, when processing the Personal Data on the basis hereof, duties set by the Regulation and other generally binding legal regulations relating to such activities.
5. The Processor undertakes upon the Controller's call to repair, update, delete or transfer the Personal Data under the Controller's instruction without undue delay after such call.
6. In the case that objection of a data subject under Article 21 paragraph 1 of the Regulation meant for the Processor is found legitimate, the Processor undertakes to remove the detrimental situation immediately after the written call of the Controller. E-mail communication of the parties shall be also considered as written form.
7. When fulfilling the duties herefrom the Processor shall be obliged to proceed with professional care, observe the Controller's instructions and act in accordance with interests of the Controller. If the Processor finds out that the Controller breaches the Controller's duties imposed by the Regulation, it shall be obliged to inform the Controller immediately.
8. The Controller agrees that the Processor shall be entitled to charge another processor with processing of the Personal Data without additional express particular permission of the Controller (hereinafter referred to as the "Sub-processor"). The Processor shall inform the Controller on all Sub-processors that it intends to charge with processing of the Personal Data and thus it provides the Controller with opportunity to express its objections to admission of such Sub-processors. If the Controller does not express its objections to the Sub-processors within three business days, the Processor shall be entitled to charge such Sub-processor with processing of the Personal Data. If the Processor involves the Sub-processor so that it carried out certain processing activities, the same duties for protection of the Personal Data must be imposed on the Sub-processor by an agreement, as are stated in this Agreement and in the Regulation. If the mentioned Sub-processor does not fulfill its duties regarding the data protection, the Processor shall be liable to the Controller for fulfillment of the duties of such Sub-processor.
   The Processor at the present time charges with processing these following Sub-processors:
   • Amazon Web Services EMEA SARL, 5 rue Plaetis, L-2338 Luxembourg
9. The Processor undertakes to provide the Controller with any and all information necessary for proving that the duties stipulated by this Agreement or by the Regulation relating to the personal data were fulfilled and allow the Controller or third party bound towards the Controller by duty of confidentiality, to carry out audit in the reasonable scope. Audit must be notified well in advance, at least 30 days before the audit and it must not intervene unreasonably in the Processor’s activities. Controller and Processor bear their costs related to such Audit.

4. Term of the Agreement

1. This Agreement shall be effective for the period of effectiveness of the contractual relationship mentioned in clause 1.1. hereof.
2. In the case of any termination of the Agreement or termination of the Personal Data processing, the Processor shall be obliged to return or liquidate immediately the Personal Data provided to it on the basis hereof.

5. Confidentiality

1. The Processor undertakes to maintain confidentiality concerning the processed Personal Data or safety measures taken to secure personal data protection, in particular the Processor must not publish them, spread them or transfer to other persons except for the persons in employment relation with the Processor or other authorized persons charged with the Personal Data processing. The Processor shall be obliged to ensure that also its employees and other authorized persons observe the duty of confidentiality. This duty of the Processor shall survive termination of this contractual relation.

6. Final Provisions

1. Invalidity or unintelligibility of any of provisions hereof shall not affect validity of other provisions hereof.
2. The Contracting Parties undertake to provide each other with all the necessary assistance and data to secure effective implementation hereof, in particular in the case of dealing with the Office for Personal Data Protection or other public authorities.