Terms and Conditions VERACITY Surgical

These VERACITY™ Surgical Terms and Conditions (“Terms and Conditions”) are applicable to any purchase order, quote, statement of work or other purchasing document or exhibit hereto (“Schedule(s)” together with these Terms and Conditions, the “Agreement’) related to VERACITY™ Surgical, a web-based cataract surgical planning software solution, including all Updates related thereto (the “Solution”), between Carl Zeiss Meditec, Inc. (“Supplier”) and the party(ies) listed on the applicable Schedule (“Customer”). For the avoidance of doubt, this Agreement is applicable to any services provided by Supplier pursuant to a Schedule, including, without limitation, On-site Services and Remote Services. ZEISS’s agreement to provide the Solution and any services is conditioned on Customer’s assent to this Agreement and is limited to acceptance of this Agreement, and no specific condition or terms issued by the Customer which may appear on the purchase order or on any document communicated by the Customer, shall prevail over this Agreement. All such conditions and terms are objected to and rejected. Provision of the Solution or any services to Customer does not constitute acceptance of any of Customer’s terms and conditions and does not serve to modify or amend this Agreement. For the avoidance of doubt, the Customer’s general terms and conditions are expressly excluded.

1. License. During the Term of this Agreement, and provided that Customer complies with the restrictions set forth in Section 3 (“Restrictions”) below, Supplier hereby grants to Customer a limited, non-exclusive, revocable, non-transferable license to use the Software in object code for Customer’s internal business purposes of optimizing and personalizing patient care for cataract surgery (“Purpose”). Supplier authorizes any of Customer’s employees, consultants, and/or contractors to use the Solution for the performance of their duties relating to the Purpose; provided that, such use shall be governed by Supplier’s procedures, including without limitation providing each user with a separate password and user name in order to utilize the Solution. The Solution is licensed to the Customer, and not sold. Supplier reserves all rights not expressly granted to you under these Terms and Conditions.

2. Customer Obligations. Customer shall maintain their infrastructure and devices pursuant to Supplier’s guidelines during the Term. Customer shall ensure the following conditions are met during the Term: (a) EMR vendor must be supported by Solution, provided, that the functionality of the Solution may change based on the supported EMR, and since some EMRs are integrated unidirectional only, not every functionality is available for the Solution, (b) Customer’s biometer device(s) must be supported by the Solution (“Supported Devices”), and such Supported Devices must each be; (i) attached to the Customer’s network and (ii) remotely accessible by Supplier, (c) broadband internet access at each location where Customer access the Solution, and (d) Supplier must be able to remotely install a Solution component on a computer attached to Customer’s network at any time. In order for Customer to use the Barrett formula in the Solution based on data from a Supported Device, such Supported Device must have at least one licensed Barrett formula.

3. Customer Restrictions. Customer acknowledges that the Solution constitutes and contains certain intellectual property rights and trade secrets of Supplier and its licensors, and, in order to protect such trade secrets and other interests that Supplier and its licensors may have in the Solution, Customer agrees not to disassemble, decompile or reverse engineer the Solution nor permit any third party to do so, except to the extent such restrictions are prohibited by law. In addition, except as expressly authorized in this Agreement, Customer will not (a) copy or modify the Solution, in whole or in part, (b) lease, lend or rent the Solution, use the Solution to provide service bureau, time sharing, rental, application services provider, software-as-a-service, hosting or other computer services to third parties, or otherwise make the functionality of the Solution available to third parties, (c) scan, probe, or test the vulnerability of the Solution or any service connected to the Solution, nor breach the authentication or security measures on the Solution or any network connected to the Solution, (d) trace, seek to trace, reverse look-up any information on any other user of or visitor to the Solution, or any other customer of Supplier, including any Supplier account not owned by you, to its source, or exploit the Solution or any service or information made available or offered by or through the Solution, in any way where the purpose is to reveal any information, including but not limited to personal identification or information, other than your own information, as provided for by the Solution, (e) attempt to gain unauthorized access to any portion or feature of the Solution, or any other systems or networks connected to the Solution or to any server of Supplier, or to any of the services offered on or through the Solution, by hacking, password “mining” or any other illegitimate means, (f) use any “spider,” “robot,” “deep-link,” “page-scrape,” or other automatic device, program, methodology or algorithm, or any similar or equivalent manual process, to acquire, access, copy or monitor any portion of the Solution, or in any way reproduce or circumvent the navigational structure or presentation of the Solution, to obtain or attempt to obtain any materials, documents or information through any means not purposely made available through the Solution; (g) use any software, device, or routine to interfere or attempt to interfere with the proper working of the Solution or any transaction being conducted on the Solution, or with any other person’s use of the Solution, (h) take any action, intentionally or unintentionally, that imposes an unreasonable or disproportionately large load on the infrastructure of the Solution or the systems or networks of Supplier, or any systems or networks connected to Supplier or the Solution, (i) use the Solution for any purpose that is unlawful or prohibited by this Agreement, or to solicit the performance of any illegal activity or other activity which infringes the rights of Supplier or others, (j) transmit or communicate any data that is unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, invasive of another’s privacy, hateful or racially, ethnically or otherwise objectionable, (k) impersonate any person or entity or falsely state or otherwise misrepresent your affiliation with a person or entity, (l) forge headers or otherwise manipulate identifiers in order to disguise the origin of any data transmitted to other parties, (m) transmit, access or communicate any data that you do not have a right to transmit under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under non-disclosure agreements); (n) transmit, access or communicate any data that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party, (o) transmit, introduce, or communicate any data that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or any telecommunications equipment, including, without limitation, the Solution, (p) interfere with service to any user of the Solution, host or network, including, without limitation, via means of submitting a virus to the Solution, overloading, “flooding”,“spamming”,“mailbombing” or “crashing” or otherwise interfere with or disrupt or circumvent the Solution; (q) violate any applicable local, state, national or international law, including securities exchange and any regulations, requirements, procedures or policies in force from time to time relating to the Solution; (r) monitor traffic or make search requests in order to accumulate information about individual users or collect or store personal data about other users; or (s) modify, delete, or damage any information contained on the personal computer of any Solution user.

4. Registration. Upon registration, Customer agrees to provide current, accurate, and complete information required to register with the Solution and at other points as may be required in the course of using the Solution (“Registration Data”). Customer must have a valid email address to become a registered user of the Solution. Further, Customer agrees to maintain and update Customer’s Registration Data as required to keep it current, accurate, and complete. Customer agrees that Supplier and/or Customer’s EMR provider may store and use the Registration Data Customer provides for use in maintaining Customer’s account. Supplier and/or Customer’s EMR provider have the right to confirm or otherwise verify or check, in their sole discretion, the truth and accuracy of any registration information at any time. Verification of Customer’s registration information, specifically, your name, address and/or tax identification number, against a third party database may be considered to constitute a “credit check” under certain laws. Neither Supplier nor Customer’s EMR provider is making, as part of the registration process, and will not otherwise make, any type of inquiry to any third party regarding any individual’s credit history and personal financial information without first obtaining such individual’s express authorization to do so. Supplier may terminate your rights to any part of or the entire Solution if any information you provide is false, incomplete or inaccurate.

5. User Account. As a registered user of the Solution, Customer will establish a user account (“User Account”) along with user ID(s) and password(s) (“Login Information”). Customer will employ the security measures necessary to prevent unauthorized users from accessing the Solution and Customer’s Login Information. Customer is solely responsible for the maintenance of Customer’s Login Information and Customer’s User Account. Customer accepts sole responsibility for, and will be liable for all access to the Solution in connection with Customer’s Login Information and User Account. Customer will inform all authorized persons who are given access by Customer to the Solution that such materials are confidential and contain trade secrets of Supplier licensed to Customer as such. Without the prior written consent and such third party entering into a written agreement with Supplier, Customer will not utilize the services of any third party to assist you in using the Solution. Customer will be responsible for all activities that occur under or in connection with Customer’s User Account and Login Information. If Customer is an entity, only Customer’s bona fide employees, duly authorized agents and representatives may use the Solution under Customer’s User Account and this Agreement applies to all of Customer’s employees, representatives, agents, and any other person or entity that accesses the Solution through Customer’s User Account.

6. Delivery and Acceptance. Supplier will deliver the Solution to Customer in the manner and timeframe described on the Schedule. Unless otherwise specified in the Schedule, the Solution will be deemed accepted upon installation. The Solution will be deployed remotely. Customer shall ensure all prerequisite Customer requirements in the Schedule have been completed prior to installation.

7. Services and Updates.

7.1 Remote Services and Updates. During the Term, Supplier shall provide the following services to Customer remotely (the “Remote Services”): install, monitor, access, troubleshoot problems, assist with user operations and upgrade Solution software. In addition, Supplier will provide the Customer with Solution updates and upgrades made generally available to all of Supplier’s customers, including any corrections, fixes, modifications, improvements to the Solution (collectively, “Updates”). For the avoidance of doubt, Supplier shall have no obligation to provide any Remote Services or Updates upon termination of this Agreement.

7.2 Exclusions to Remote Services. Supplier will have no obligation of any kind to provide Remote Services of any kind for problems in the operation or performance of the Solution to the extent caused by any of the following (each, a “Customer-Generated Error”): (a) non-Supplier software or hardware products or use of the Solution in conjunction therewith; (b) modifications to the Solution made by any party without Supplier’s express written authorization; (c) Customer’s use of the Solution other than as authorized in this Agreement or as provided in the documentation; or (d) Customer’s use of other than the most current version of the Solution or any error corrections or updates thereto provided by Supplier. If Supplier determines that it is necessary to perform Remote Services for a problem in the operation or performance of the Solution that is caused by a Customer-Generated Error, then Supplier will notify Customer thereof as soon as Supplier is aware of such Customer-Generated Error and Supplier will have the right to invoice Customer at Supplier’s then-current published time and materials rates for all such Maintenance Services performed by Supplier. Furthermore, Remote Services shall not include any integration with an EMR after installation.

7.3 On-Site Services. Supplier may provide Customer with on-site services for or related to the Solution (“On-site Services”) as may be described in one or more mutually agreed to Schedules which shall contain items such as a description of the services, the services rate(s), and the services period. Customer shall reimburse Supplier for travel and per diem expenses incurred in connection with On-site Services that are reasonable, necessary and pre-approved by Customer in writing for Supplier.

7.4 Subcontractors. Supplier may enter into contractual arrangements with independent contractors or subcontractors (collectively referred to as “Subcontractors”) to perform or otherwise assist Supplier in providing the On-site Services or Remote Services, provided however, that Supplier will not be relieved of its obligations under this Agreement because of any act or failure to act by any such Subcontractor(s) and will be fully liable for all such acts and omissions of the Subcontractor(s).

8. Medical Treatment. The Solution is intended to support Customer’s duly licensed medical personnel in their practice of medicine and their independent decisions regarding patient treatment plans. The Solution is not intended to provide medical advice or guidance. Customer’s duly licensed medical personnel are solely responsible for making all diagnostic determinations, surgery plans, and all other treatment decisions for patients whose information is managed by the Solution.

9. Intellectual Property. Customer expressly acknowledges that, as between Supplier and Customer, Supplier owns all worldwide right, title and interest in and to the Solution, and any copies thereof, including all worldwide intellectual property rights therein. Customer will not delete or in any manner alter the copyright, trademark, and other proprietary rights notices appearing on the Solution as delivered to Customer. Supplier shall retain for Supplier all right, title and interest in any intellectual property created when performing any services or creating any other deliverables under this Agreement.

10. Third Party Technology. Any third party technology provided, made available, linked to, or otherwise accessible through the Solution (“Third Party Technology”) is provided solely as a convenience to you and not under the control of Supplier. Supplier does not endorse, recommend, or otherwise make any representations or warranties with respect to any Third Party Technology. Supplier does not have any responsibility or liability to you for any Third Party Technology which you access and you use it at your own risk. Further, you agree to comply with any and all terms and conditions applicable to the use of Third Party Technology and otherwise ensure that you have obtained all rights, licenses, and clearances that may be necessary to use such Third Party Technology.

11. Third Party Portals. This Solution may contain links to other independent third-party websites and URLs (collectively, “Linked Portals”). These Linked Portals are provided solely as a convenience to our visitors. Such Linked Portals are not under the control of Supplier, and Supplier is not responsible for and does not endorse the content of such Linked Portals, including any information or materials contained on such Linked Portals. Supplier does not have any responsibility or liability for any information, data, communications or materials.

12. Payment and Terms.

12.1 Fees and Payment. Customer will pay Supplier the applicable fees for specified in a Schedule. A Schedule may contain one-time and recurring fees. Any recurring fees will be invoiced annually quarterly or monthly, as or unless otherwise specified in the Schedule. The initial invoice will be sent in the second month after installation of the Solution. All such fees and expenses will be due and payable within thirty (30) days after Customer’s receipt of Supplier's invoice, unless otherwise specified in the Schedule. All past due amounts will incur interest at a rate of one and a half percent (1.5%) per month or the maximum rate permitted by law, whichever is less.

12.2 Payment Terms. Customer will pay all amounts due under this Agreement in U.S. currency, unless otherwise specified in the applicable Schedule. All fees payable under this Agreement are net amounts and are payable in full, without deduction for taxes or duties of any kind. Customer will be responsible for, and will promptly pay, all taxes and duties of any kind (including but not limited to sales, use and withholding taxes) associated with this Agreement or Customer’s receipt or use of the Solution, Remote Services or On-Site Services, except for taxes based on Supplier’s income. For Supplier to extend tax-exemption status to Buyer, Buyer must provide a tax-exemption certificate valid in the jurisdiction of the installation location prior to acceptance of the order.

13. Customer Representations & Warranties. Customer represents, warrants, and covenants to Supplier the following: (a) all information Customer provides to Supplier as part of the registration process or otherwise will be truthful, accurate and complete, irrespective of any independent verification or other determination made by Supplier; (b) Customer owns or controls the necessary rights and authority to grant the rights, and permissions made under this Agreement, and that the exercise of such rights, licenses and permissions by Supplier will not violate or otherwise infringe the rights of any third party; (c) Customer has the full authority to act on behalf of any and all owners of any right, title or interest in and to Customer’s API(s) that you provide to Supplier; (d) this Agreement been duly and validly authorized, accepted, agreed to, and delivered by Customer (or Customer’s authorized representative) and constitutes Customer’s legal, valid, and binding obligation, enforceable against Customer in accordance with these Terms and Conditions; and (e) the performance by Customer of this Agreement and Customer’s use of the Solution does not and will not conflict with or violate (1) any law, rule, regulation, order, judgment, decree, agreement, instrument, or obligation applicable to Customer, or (2) if you are an entity, any provision of Customer’s organizational or governing documents.


15. Indemnification.

15.1 Zeiss Indemnification. Supplier will defend Customer and Customer’s officers, directors, from any allegations, claims, actions, suits or loss arising out of or relating to any claims of infringement of a third party’s intellectual property rights arising from Customer’s use or possession of the Solution provided that Customer: (a) promptly notifies Supplier in writing of the claim, provided however that the failure to promptly notify Supplier shall not reduce or affect the obligations of Supplier with respect thereto, except to the extent that Supplier is prejudiced thereby; and (b) provides Supplier, at Supplier’s expense, with all assistance, information and authority reasonably required for the defense and settlement of the claim. If Customer’s use or possession of any part of the Solution is or is likely to be enjoined as an infringement of any third party intellectual property rights, Supplier shall, at Supplier’s option: (i) procure for Customer the right to continue to use the Solution under the terms of this Agreement; or (ii) replace or modify the Solution so that it is non-infringing. Supplier shall not be required to indemnify and hold Customer harmless from any intellectual property right infringement claim that results from: (I) Solution and/or services based on Customer's specifications; (II) modifications made to any of the Solution and/or services without Supplier’s prior written approval; (III) use of the Solution and/or services by Customer other than in accordance with the provisions of this Agreement; (IV) use of the Solution and/or services by Customer with other hardware, software or any combination therefore other than in accordance with the provisions of this Agreement or other than as recommended by Supplier; or (V) infringement of any hardware or software not manufactured by Supplier or any of its affiliates. In no event will ZEISS’s total liability to Buyer with respect to any infringement exceed the amount of fees paid by Customer to Supplier during the Term. THE PROVISIONS OF THIS SECTION 15.1 SET FORTH SUPPLIER’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF ANY KIND

15.2 Customer Indemnification. Customer agrees to indemnify, defend, and hold harmless Supplier and its directors, officers and employees against any and all losses, liabilities, judgments, penalties, awards and costs, including costs of investigation and legal fees and expenses asserted against Supplier by a third party (collectively, a “Loss”) arising from or relating to (a) any claim for professional negligence against Customer or any of its practitioners regarding the practice of any of the healing arts (b) Customer’s breach of any of Customer’s representations, warranties, covenants, or other agreements made under this Agreement, (c) any claims by or disputes related to your use of the Solution between you and any third party, and any Data you provide to the Solution or otherwise transmit using the Solution. If Supplier receives a claim with respect to a potential Loss for which Supplier will or may seek indemnification (a “Claim”), Supplier shall provide Customer with notice of the existence of such Claim and such information, documents and cooperation as are reasonably necessary to permit Customer to establish a defense to such Claim. Customer shall have the option to assume the defense of a Claim and to employ attorneys selected by it to defend it, in which case the costs and expenses of any such defense shall be the responsibility of Customer.

16. Limitation of Liability. NEITHER PARTY SHALL HAVE ANY LIABILITY IN REGARD TO CONSEQUENTIAL, EXEMPLARY, SPECIAL, INCIDENTAL OR PUNITIVE DAMAGES, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL EITHER PARTY’S TOTAL LIABILITY IN CONNECTION WITH OR UNDER THIS AGREEMENT (WHETHER UNDER THE THEORIES OF BREACH OF CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LAW) EXCEED THE FEES PAID BY CUSTOMER UNDER THIS AGREEMENT. The parties expressly acknowledge and agree that Supplier has set its prices and entered into this Agreement in reliance upon the limitations of liability specified herein, which allocate the risk between Customer and Supplier and form a basis of the bargain between the parties.

17. Confidential Information. Each party (“Receiving Party”) acknowledges that, in the course of the performance of this Agreement, it may learn certain confidential and proprietary information about the other party’s (“Disclosing Party”) business and operations that has been identified as “confidential” or proprietary or that the receiving Party knows or has reason to know to be confidential, including, without limitation, patient data, information or personal health information (“Confidential Information”). Receiving Party agrees that it will keep all such information strictly confidential, and that it will not use it for any other purpose other than to exercise its rights and responsibilities under this Agreement, that it will not resell, transfer, or otherwise disclose such information to any third party without the Disclosing Party’s specific, prior written consent. Receiving Party agrees that Disclosing Party is and shall remain the exclusive owner of Confidential Information disclosed hereunder and all patents, copyrights, trade secrets, trademarks and other intellectual property rights therein. Receiving Party shall, upon the request of Disclosing Party, return to Disclosing Party all drawings, documents and other tangible manifestations of Confidential Information received by Receiving Party pursuant to this Agreement (and all copies and reproductions thereof). The obligations in this provision shall remain in effect following termination of this Agreement. Specifically excluded from the Parties’ confidentiality obligation is all information that: (a) was in the Receiving Party’s legitimate possession prior to receipt of such information from Disclosing Party; (b) that can be proven to have been independently developed by personnel of Receiving Party; (c) was rightfully received from third parties and, to the best knowledge of Receiving Party, without an obligation of confidentiality to Disclosing Party; (d) is in the public domain through means other than by breach of this Agreement by Receiving Party; or (e) is disclosed pursuant to any judicial or government request, requirement or order, provided that the Receiving Party takes reasonable steps to provide the Disclosing Party the ability to contest such request, requirement or order. The parties acknowledge that Confidential Information has competitive value and that irreparable damage may result to the Disclosing Party if the Receiving Party discloses Confidential Information. The parties agree that legal proceedings at law or in equity, including injunctive relief, are appropriate in the event of a breach hereof without the duty of posting bond.

18. Term and Termination. This Agreement shall become effective upon installation of the Solution and shall continue for one year (“Term”), unless this Agreement is otherwise terminated pursuant to the terms of this Agreement. Either party may terminate this Agreement by giving at least thirty (30) days’ prior written notice of termination. Supplier may suspend or terminate your access to and use of the Solution as follows: (i) upon notice to you if you breach any term of this Agreement; or (ii) upon notice (if reasonably practicable) in the event of a security breach or other technical issue related to the Solution.

18.1 Effect of Termination. Upon termination of this Agreement by either party, Customer will discontinue further use of the Solution and any licenses granted shall immediately terminate, and Customer will promptly return to Supplier or (at Supplier’s request) will destroy all copies of the Solution.

18.2 Survival. The following sections shall survive termination or expiration of this Agreement for any reason: 9 (“Intellectual Property”), 12 (“Payment and Terms”), 14 (“Disclaimer of Warranties”), 15 (“Indemnification”), 16 (“Limitation of Liability”), 17 (“Confidential Information”), 18.1 (“Effect of Termination”), 18.2 (“Survival”), and 20 (“General Terms”).

19. Compliance.

19.1 Compliance with Laws. By entering into this Agreement, the parties specifically intend to comply with all applicable state and federal laws, rules and regulations, including (i) the personal services safe harbor of the federal anti-kickback statute (42 U.S.C. 1320a-7(b)) and in particular, that the services performed under the Agreement do not involve the counseling or promotion of a business arrangement or other activity that violates any state or federal law; (ii) the Limitation on Certain Physician Referrals, also referred to as the “Stark Law” (42 U.S.C. 1395nn) and (iii) federal and state privacy laws.

19.2 Access to Records. In accordance with Section 952 of the Omnibus Reconciliation Act of 1980, which amended Section 1861(v)(1) of the Social Security Act, and the regulations promulgated thereunder, so that the costs of services furnished under this Agreement by Company can be included for Medicare reimbursement purposes, Supplier will make available to the Secretary of Health and Human Services and the Comptroller General of the United States shall, upon written request, have access to such books, documents and records of Supplier necessary to verify the nature and extent of the costs of the services provided by Supplier. Access will be granted during the term of this Agreement until the expiration of four (4) years after the services being provided hereunder are furnished. Access will also be granted to any books, documents or records related to this Agreement between Supplier and organizations related to Supplier; provided, however, that such access shall be limited to books, documents and records on an as needed basis.

19.3 HIPAA and Provision and Collection of Data. Supplier acknowledges that Customer is a Covered Entity and Supplier is a Business Associate for purposes of the Health Insurance Portability and Accountability Act of 1996 and the related regulations, as they may be amended from time to time (“HIPAA’’). Accordingly the parties agree to comply with the terms and conditions of the Business Associate Agreement attached as Exhibit A and incorporated by this reference. Customer must comply with all applicable laws in connection with the provision and transmission of any images, data, and other information, including without limitation, any personally identifiable information and other Protected Health information (as defined by HIPAA) that you transmit or otherwise provide to the Solution (“Data”). You must have obtained all proper consents, authorizations, and rights necessary to provide and transmit the Data to the Solution in accordance with all laws, including without limitation, HIPAA. Accordingly, you grant to Supplier all rights necessary with respect to the Data you provide to the Solution in order for Supplier to provide the Solution and Remote Services or On-Site Services to you in connection with your care and treatment of patients. Customer acknowledges and agrees that Supplier may preserve any transmittal or communication by you through the Solution, or any other service offered on or though the Solution, and Data related to your use of the Solution, and may also disclose such Data to others subject to compliance with applicable laws. Further Supplier may also disclose such Data if required to do so by law or Supplier determines that such preservation or disclosure is reasonably necessary to (a) comply with legal process, (b) enforce this Agreement, (c) respond to claims that any such Data violates the rights of others, or (d) protect the rights, property, or personal safety of Supplier, its employees, and users of the Solution.

19.4 Discount Disclosure. All rebates and other discounts provided under this Agreement are intended to comply with the Anti-Kickback Statute, 42 U.S.C. § 1320a-7b(b). To the extent required by 42 C.F.R. § 1001.952(h) (the Anti-Kickback Statute safe harbor regulations) or other applicable laws or regulations, the Customer shall fully and accurately reflect in cost reports or other submissions to federal healthcare programs all discounts provided under this Agreement and, upon request by the Secretary of the U. S. Department of Health and Human Services or a state agency, shall make available information provided to the Buyer by ZEISS concerning the discounts.

19.5 Compliance Related Changes. The parties recognize that the law and regulations may change or may be clarified, and that terms of this Agreement may need to be revised, on advice of counsel, in order to remain in compliance with such changes or clarifications, and the parties agree to negotiate in good faith revisions to the term or terms that cause the potential or actual violation or noncompliance. In the event the parties are unable to agree to new or modified terms as required to bring the entire Agreement into compliance, either party may terminate this Agreement on thirty (30) days written notice to the other party, or earlier if necessary to prevent noncompliance with a deadline or effective date.

20. General Terms.

20.1 Choice of Law; Jurisdiction; Waiver of Trial by Jury. This Agreement shall be governed by New York law and controlling United States federal law, without regard to the choice or conflict of laws provisions of any jurisdiction, and any disputes, actions, claims or causes of action arising out of or in connection with this Agreement. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sales of Goods, the application of which is expressly excluded. EXCEPT WHERE PROHIBITED BY LAW, THE PARTIES EXPRESSLY WAIVE TRIAL BY JURY IN ANY JUDICIAL PROCEEDING INVOLVING ANY DISPUTE, CONTROVERSY, OR CLAIM ARISING OUT OF OR RELATING TO THIS AGREEMENT.

20.2 Export Control. Customer agrees to comply fully with all relevant export laws and regulations of the United States (“Export Laws”) to ensure that neither the Solution, nor any direct product thereof are: (a) exported or re-exported directly or indirectly in violation of Export Laws; or (b) used for any purposes prohibited by the Export Laws, including but not limited to nuclear, chemical, or biological weapons proliferation.

20.3 coRelationship of the Parties. No joint venture, partnership, employment, or agency relationship exists between Customer and Supplier as a result of this Agreement or use of the Solution or any related Remote Services or On-Site Services.

20.4 Waiver. The failure of either party to enforce any right or provision in this Agreement shall not constitute a waiver of such right or provision unless acknowledged and agreed to by the party in writing.

20.5 Severability. If for any reason a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible and the other provisions of this Agreement will remain in full force and effect.

20.6 Assignment. Customer may not assign its rights and obligations under this Agreement in full or in part by operation of law or otherwise, without ZEISS’s prior written consent. Supplier may freely assign this Agreement.

20.7 Force Majeure. Neither party will be responsible for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, shortages of or inability to obtain labor, energy, raw materials or supplies, war, terrorism, riot, acts of God or governmental action.

20.8 Notices. All notices or other communications required or permitted to be given under this Agreement shall be in writing (unless otherwise specifically provided herein) and delivered to the address listed on the applicable Schedule or as otherwise specified by a party.

20.9 Conflicting Terms. Unless otherwise mutually agreed in writing, in the event that any terms and/or conditions in these Terms and Conditions conflict or are inconsistent with any terms and/or conditions in any attached and incorporated agreement, including but not limited to, amendments, addenda, exhibits and statements of work, then these Terms and Conditions shall control.

20.10 Entire Agreement. This Agreement, together with any applicable Schedules, represents the entire agreement between Supplier and Customer with respect to the Solution and the services, obligations and responsibilities to be performed by the parties hereunder. Supplier and Customer agree that all other agreements, proposals, purchase orders, representations and other understandings concerning the subject matter of this Agreement, whether oral or written, between the parties are superseded in their entirety by this Agreement. No alterations or modifications of this Agreement will be valid unless made in writing and signed by the parties. No attachment, supplement or exhibit to this Agreement shall be valid unless initialed by an authorized signatory of Supplier and Customer.

Exhibit A

Business Associate Agreement

This Business Associate Agreement (the “Agreement”) is entered into as by and between Carl Zeiss Meditec, Inc., (“ZEISS” or “Business Associate”) and the Customer (as defined in the VERACITY™ Surgical Terms and Conditions) (“Covered Entity”).

1. Scope.

A. This Agreement sets forth the terms and conditions that shall govern Covered Entity’s disclosure of Protected Health Information to ZEISS and its subsidiaries and affiliates, to the extent ZEISS meets the definition of, and in its capacity as, a Business Associate (defined below), in connection with the provision of certain Services (defined below) to Covered Entity as set forth in any agreement as described under Paragraph 2.P of this Agreement. This Agreement is not intended to amend, modify, or otherwise alter the rights, duties, and obligations of the parties under any other agreements between them. This Agreement also is not intended to grant any rights to any person or entity who is not a party to this Agreement. This Agreement only applies to the extent ZEISS is a Business Associate to Covered Entity under the HIPAA Rules (defined below). ZEISS does not, by entering into this Agreement, concede it is a Business Associate to Covered Entity under the HIPAA Rules.

B. This Agreement is intended for compliance with applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act, Division A of Title XIII of the American Recovery and Reinvestment Act of 2009, Public Law 111-005 (the “HITECH Act”).

2. Definitions. Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the definitions set forth in the HIPAA Rules:

A. “Breach” has the meaning set forth in 45 C.F.R. § 164.402.

B. “Breach Notification Rule” has the meaning set forth in 45 C.F.R. Parts 160 and 164, Subpart D.

C. “Business Associate” has the meaning set forth in 45 C.F.R. § 160.103.

D. “Covered Entity” shall generally have the same meaning as the term “covered entity” 45 C.F.R. § 160.103, and in reference to the party to this agreement, shall mean the entity named as the Covered Entity in the introductory paragraph above.

E. “Designated Record Set” has the meaning set forth in 45 C.F.R. §164.501.

F. “Electronic Protected Health Information” or “ePHI” has the meaning set forth in 45 C.F.R. §160.103.

G. “HIPAA Rules” shall mean the Privacy, Security and Breach Notification Rules.

H. “Individual” has the meaning set forth in 45 C.F.R. § 160.103.

I. “Limited Data Set” has the meaning set forth in 45 C.F.R. § 164.514(e)(2).

J. “Privacy Rule” has the meaning set forth in the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160 and 164, Subparts A and E.

K. “Protected Health Information” or “PHI” has the meaning set forth in 45 C.F.R. § 160.103, provided, however that it is limited to PHI created, maintained or received by Business Associate from or on behalf of Covered Entity.

L. “Required by Law” has the meaning set forth in 45 C.F.R. § 164.103.

M. “Secretary” means the Secretary of the Department of Health and Human Services or his or her designee.

N. “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

O. “Security Rule” has the meaning set forth in the Security Standards at 45 C.F.R. Parts 160, 162, and 164, Subparts A and C.

P. “Services” means those services Business Associate provides to Covered Entity, and documented by a written agreement between Covered Entity and Business Associate, under which Business Associate provides services involving access to or the exchange of PHI.

Q. “Subcontractor” shall have the same meaning as the term “subcontractor” in 45 C.F.R. § 160.103. If not capitalized herein, “subcontractor” shall have its general meaning in this Agreement.

3. Obligations and Activities of Business Associate.

A. Legal Compliance; Appropriate Safeguards. Business Associate agrees to (1) not use or disclose Protected Health Information other than as permitted or required by this Agreement or as Required By Law, and (2) use appropriate safeguards, and comply with applicable provisions of the Security Rule with respect to ePHI, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.

B. Reporting of Unauthorized Use and Disclosures. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement, including Breaches of unsecured PHI and Security Incidents, of which it becomes aware, as described below.

C. Reporting of Breaches. Business Associate agrees to notify Covered Entity without unreasonable delay and in no case later than 60 calendar days after the discovery of any Breach of Unsecured Protected Health Information. A Breach shall be treated as discovered by Business Associate as of the first day on which the Breach (i) is known to an employee, officer, or other agent of Business Associate (except the person committing the Breach), or (ii) by exercising reasonable diligence, would have been known to an employee, officer, or other agent of Business Associate (except the person committing the Breach). The notice shall include, to the extent possible, the identification of each individual whose unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used or disclosed during the Breach, as well as any other available information set forth in 45 C.F.R. §164.410(c)(2).

D. Reporting of Security Incidents. Business Associate shall report any Security Incident promptly (but in no event later than 15 business days) upon becoming aware of such incident. However, the parties acknowledge and agree that this section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no further notice to Covered Entity shall be required. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.

E. Limitations on Use for Marketing Purposes. Business Associate is specifically prohibited from using or disclosing PHI in violation of the marketing prohibitions set forth in the HIPAA Rules. Business Associate shall not use or disclose PHI for fundraising. Except as permitted under 45 C.F.R. § 164.502(a)(5)(ii), Business Associate agrees that it shall not directly or indirectly receive remuneration in exchange for PHI from or on behalf of the recipient of such PHI.

F. Subcontractors. Business Associate agrees, per 45 C.F.R. §§ 164.502(e)(1)(ii) (Privacy Rule) and 164.308(b)(2) (Security Rule) to ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Business Associate agree to the same restrictions, conditions and requirements that apply to Business Associate with respect to such information.

G. Documentation of Disclosures. Business Associate agrees to document any disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. § 164.528 as amended, and, within 15 business days of receiving such request from Covered Entity, provide such information to Covered Entity. If an Individual submits a request for an accounting to Business Associate, Business Associate shall, within 15 business days of receipt, forward the request to Covered Entity.

H. Access to Records. Within 10 business days of a request by Covered Entity, Business Associate shall make available to Covered Entity for inspection and duplicating any PHI in a Designated Record Set, so that Covered Entity may meet its access obligations under the Privacy Rule at 45 C.F.R. § 164.524. If an Individual submits a request for access to Business Associate, Business Associate shall, within 10 business days of receipt, forward the request to Covered Entity.

I. Amendment of Records. Business Associate shall inform Covered Entity within 10 business days of receipt of any request by or on behalf of an Individual who is the subject of the PHI to amend the PHI that Business Associate maintains for or on behalf of Covered Entity in a Designated Record Set. Business Associate shall, within 20 business days of receipt of a written request, make the subject’s PHI available to Covered Entity as may be required to fulfill Covered Entity’s obligations to amend PHI pursuant to the HIPAA Rules, including, but not limited to, 45 C.F.R. § 164.526. Business Associate shall incorporate any amendments to Covered Entity’s PHI into copies of such PHI maintained by Business Associate.

J. Designated Record Set. Covered Entity and Business Associate agree that PHI received by Business Associate in connection with providing the Services described herein is not intended to, and as a general matter does not, qualify as a Designated Record Set.

K. Compliance with 45 C.F.R. part 164 Subpart E. In the event Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 C.F.R. part 164 (Privacy of IIHI), Business Associate will comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).

L. Availability of Books and Records. Business Associate will make its internal practices, books and records relating to its use and disclosure of Protected Health Information it creates, receives, transmits or maintains for or from Covered Entity available to the Secretary to determine compliance with the HIPAA Rules.

4. Permitted Uses and Disclosures; Minimum Standard of Privacy Rule.

A. Permitted Uses and Disclosures by Business Associate. Business Associate may only use and disclose PHI as necessary to perform Services set forth in any agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity, except for the specific uses and disclosures set forth in Subsections (1) through (4) below:

(1) Use and Disclosures Permitted by Law. Business Associate may use and disclose PHI as Required by Law.

(2) Use and Disclosures for Administrative and Internal Purposes. Business Associate may use PHI for the proper management and administration of its business and to carry out the legal responsibility of Business Associate. Business Associate may disclose PHI for the proper management and administration of its business and to carry out the legal responsibility of Business Associate, provided the disclosures are required by law, or Business Associate obtains from any recipient of such PHI reasonable assurances that the PHI will remain confidential and be used or further disclosed as required by law or for the purposes for which it was disclosed and the recipient will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI was breached.

(3) Use for Data Aggregation Services. Business Associate may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B) and 164.501.

(4) De-Identification Permitted by Law. Business Associate may de-identify PHI as permitted by 45 C.F.R. § 164.514 and may use and disclose de-identified information, provided that any such use or disclosure shall be consistent with applicable law.

B. Compliance with Minimum Standard of Privacy Rule. Business Associate agrees to comply with the minimum necessary standard for Business Associates as set forth in the Privacy Rule, 45 C.F.R. § 164.502(b).

C. Individual Authorization. Business Associate may possess, use and disclose the PHI in any manner permitted consistent with a HIPAA-compliant authorization signed by or on behalf of the individual.

5. Obligations of Covered Entity.

A. Notification of Limitation in Notice of Privacy Practices. Covered Entity shall notify Business Associate in writing of any limitations in its notice of privacy practices in accordance with 45 C.F.R. §164.520, to the extent that the limitations may affect Business Associate's use or disclosure of Protected Health Information.

B. Notification of Changes with Regard to Permissions Given by Individual. Covered Entity shall notify Business Associate in writing of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that the changes or revocation may affect Business Associate's use or disclosure of Protected Health Information.

C. Notification of Restrictions on Use. Covered Entity shall notify Business Associate in writing of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to or is required to abide by under 45 C.F.R. § 164.522, to the extent that the restriction may affect Business Associate's use or disclosure of Protected Health Information.

D. No Requests in Violation of HIPAA. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the HIPAA Rules, HIPAA or the HITECH Act if done by Covered Entity.

E. Duty to Minimize Disclosure. Covered Entity shall use its best efforts to minimize the disclosure of Protected Health Information to Business Associate where the disclosure of that information is not needed for Business Associate to provide products or services to Covered Entity.

6. Term and Termination.

A. Term. This Agreement shall be effective as of the date set forth above and it shall continue in effect until terminated as provided in Paragraphs 6.B or 6.C.

B. Termination. This Agreement shall terminate when Business Associate no longer provides any Services set forth in any agreement with Covered Entity or on the date Covered Entity terminates this Agreement for cause as set forth below, whichever is sooner.

C. Termination for Cause. If Covered Entity has reason to believe that Business Associate has violated a material term of this Agreement, Covered Entity shall notify Business Associate of the claimed violation and provide Business Associate with an opportunity to explain why no violation has occurred or to cure the violation. If Business Associate does not explain why no violation has occurred or cure the alleged violation within thirty (30) days after receiving Covered Entity’s notice, Covered Entity may immediately terminate this Agreement by written notice to Business Associate.

D. Obligations upon Termination. Upon termination of this Agreement for any reason, Business Associate with respect to all Protected Health Information received from Covered Entity, or created, maintained or received by Business Associate on behalf of Covered Entity, shall:

(1) Retain only that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;

(2) Return to Covered Entity or destroy, if feasible, the remaining PHI that Business Associate still maintains in any form, and if return or destruction is not feasible extend the protections of this Agreement to the PHI and limit further uses and disclosure to those purposes that make the return or destruction infeasible;

(3) Continue to use appropriate safeguards, and comply, where applicable, with the Security Rule with respect to ePHI, to prevent use or disclosure of the PHI, other than as provided for in this Section of the Agreement, for as long as Business Associate retains the PHI;

(4) Not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set forth in Section 4(A)(2) above, which applied prior to termination; and

(5) Return to Covered Entity or destroy, if feasible, the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities, and if return or destruction is not feasible extend the protections of this Agreement to the PHI and limit further uses and disclosure to those purposes that make the return or destruction infeasible.

7. Notices. Any notice required or permitted to be given hereunder shall be in writing and shall be (i) personally delivered, (ii) transmitted by postage pre-paid first class certified United States mail, (iii) transmitted by pre-paid, overnight delivery with delivery tracking service, or (iv) transmitted by facsimile transmission. All notices and other communications shall be deemed to have been duly given, received and effective on (i) the date of receipt if delivered personally, (ii) 3 business days after the date of posting if transmitted by mail, (iii) the business day after the date of transmission if by overnight delivery with proof of delivery, or (iv) if transmitted by facsimile transmission, the date of transmission with confirmation by the originating facsimile transmission machine of receipt by the receiving facsimile machine of such transmission, addressed to the Parties at the addresses below:

As to Covered Entity: As to Business Associate:
To the address noted on the front of the schedule

Carl Zeiss Meditec, Inc.

Attn: General Counsel

5160 Hacienda Drive

Dublin, CA 94568-7562

8. Miscellaneous.

A. Regulatory References. A reference in this Agreement to a section in the HIPAA Rules, the Privacy Rule, the Security Rule, the Breach Notification Rule, HIPAA, or the HITECH Act means the section as in effect or as amended.

B. Amendment. Upon the effective date of any final regulation or amendment to final regulations promulgated by HHS with respect to Protected Health Information, the HIPAA Rules, HIPAA, or the HITECH Act, this Agreement will automatically amend the obligations of Business Associate and Covered Entity to the extent necessary to remain in compliance with such regulations.

C. Assignment. Neither party shall assign any of the rights granted by this Agreement nor delegate any of its duties under this Agreement without the prior written consent of the other party, except that either party may assign this Agreement to a parent, subsidiary, affiliate, or purchaser who acquires all or substantially all of the business operations of the assigning party.

D. Choice of Law. This Agreement shall be construed and interpreted and the legal relations created hereby shall be determined in accordance with the laws of the State of California, excluding those laws relating to choice of law and as if this Agreement were performed entirely within California.

E. Section Headings. The Section headings used in this Agreement are for purposes of convenience or reference only. They shall not be used to explain, limit, or extend the meaning of any part of this Agreement.

F. Severability. In the event that any one or more of the provisions contained in this Agreement shall for any reason be held by a court of competent jurisdiction to be unenforceable in any respect, such holding shall not affect any other provisions of this Agreement, and this Agreement shall then be construed as if such unenforceable provisions are not a part hereof.

G. Survival. Any provision of this Agreement, which by its terms is intended to survive the termination or expiration of this Agreement shall so survive.

H. Independent Contractors. Covered Entity and Business Associate agree that the relationship between them is solely that of independent contractors and nothing in this Agreement is intended to create a partnership, agency, or joint venture between Covered Entity and Business Associate.

I. Entire Agreement. This Agreement represents the entire agreement between the parties relating to the subject matter hereof, and shall supersede any other agreements, whether written or oral. There are no understandings, representations, or warranties of any kind between the parties relating to the subject matter hereof, except as expressly set forth herein. No alteration or modification of any of the provisions of this Agreement shall be binding on any party unless in writing and signed by the party against whom enforcement of such alteration or modification is sought. Nothing in this Agreement shall be deemed to have amended or modified the terms or conditions of any other agreement between the parties, nor shall this Agreement be deemed to have created any rights or obligations except as specifically set forth in this Agreement.

The contents of this website may differ from the current status of approval of the products in your country. Please contact our regional representative for more information. Subject to change in design and scope of delivery and as a result of ongoing technical development.

© Carl Zeiss Meditec, Inc. in December 2017