These terms of service (the “Terms of service”) govern your use of the Collective Minds Radiology service (the “Service” as defined below). By accepting the Terms of service, an agreement is entered into by you (“you”) and Collective Minds Radiology AB, company registration number 559120-7187 having its registered address at Hörnåkersvägen 14, 183 65 Täby (“we” or “us”). 

The Service is provided through our mobile application (the “App”) and our webpage www.cmrad.com and any subdomains thereof (the “Webpage”). By using the Service or creating a user account with us you accept these Terms of service. If you do not agree to these Terms of service, please do not use the Service provided by us. 

The Service

The Service is an intelligent case solving platform for radiologists where users can get support in evaluating cases, share their expertise and learn from each other. For the avoidance of doubt, the Service shall not be used as a substitute for the full medicinal diagnostic tools available to you, including consulting actual colleagues/fellow-students/teachers as they may have access to more information and diagnostic imaging relevant for the case at hand.

Everyone using our Service is, in these Terms of service, referred to as “Users” or “you”, a definition which also includes you as a party to this contract that you have entered into by accepting these Terms of service. We offer our Service to licensed medical professionalsthat have been given access to the Service through an agreement between us and the employer/university of the User or the User themselves in their capacity as an independent radiologist. The Service is to be used in the User’s professional capacity as an employee/consultant of the caregiver or in the User’s professional capacity as an independent radiologist. Any use outside of the above, including use for commercial use, requires the User to enter into separate written agreement with us.

The Service includes a professional grade DICOM viewer (MedDream), from our Partner Softneta Medical Imaging (https://www.softneta.com/). The DICOM Viewer is accessed from within a case, by pressing “OPEN REVIEW MODE”.  Prior to launching the “REVIEW MODE”, thumbnails (images) of the specific case is displayed to help users identify the case and understand its content. These thumbnail images must not be used for diagnostic purposes. When reviewing images for diagnostic purposes, the REVIEW MODE must be used.

Confidentiality and Privacy

The User acknowledges and agrees that information that the User may get access to or upload to the Service may be subject confidentiality obligations set out in laws and regulations, e.g. the Patient Data Act (SFS 2008:355). Furthermore, you agree to adhere to the Non-Disclosure Agreement set out in Appendix 1.

We process personal data received in connection with the use of the Services. The personal data processing is made in accordance with our privacy policy (https://www.cmrad.com/privacy) and in accordance with applicable data protection laws. As we will process personal data on your behalf as processors, we have a legal obligation to enter into a data processing agreement with you. Hence, if you are processing personal data in your capabilities as an independent radiologist you agree and acknowledge to the data processing agreement set out in Appendix 2 which shall govern the rights and liabilities between us and you regarding the processing of personal data.

To ensure that patients’ privacy is maintained when using the Service, all patient data is removed from the DICOM images in a pseudonymization process when images are uploaded to the Service.  Along with the pseudonymized images, Users are asked to provide information about the patient's condition and/or other information and descriptions that may be required in order to obtain the feedback requested for diagnostic purposes. When uploading a case to the Service, the User may not include information in the description that directly or indirectly may identify the patient. A patient verification function lets the User verify the original patient identity [without ever sharing or storing any personal data about the patient on the CMRAD platform]. Users who want to use the Service for diagnostic support are responsible to verify the patientID of the specific patient, using the patient verification function, to avoid mix-up between different cases.

License

Provided that you accept and adhere to these Terms of service, you are granted a non-exclusive, non-transferable, revocable license to download, install and use the App in object code form on a mobile device which you own or have access to in order to use the Service for its intended purpose. 

Subject to your acceptance and adherence to these Terms of service you are also granted a right to access and use the Service through the Webpage for its intended purpose.

You will not receive any other license to use the above intellectual property rights except as expressly provided in these Terms of service.

You may not copy, download extracts of any page of the Service unless there is a feature in the Service expressly permitting such copying or downloading. In case you have downloaded or made copies in accordance with these Terms of service, you are not entitled to modify the downloaded or copied material and may not separate any illustrations, photographs, video or audit sequences from text accompanying such media. The author of the material shall to the extent required under applicable law be recognized.

Where our Service contains links to other websites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them. You subsequently understand and accept that we cannot be held liable for such third party content supplied by third parties and presented or made available within the scope of the Service.

We do not grant you or anyone else permission to copy or alter the App in whole or in part. You, or a third party, may not without our consent develop, add to, decompile or make reverse engineering on the App or its components. It is not allowed to re-create the source code or its functionality, or make copies of the App, other than as expressly permitted by mandatory law.

You may not use the Service to distribute viruses, trojans or similar programs. We do not allow automatic reading of the Service.

All intellectual property rights in the App, or in any other part of the Service, belongs to or are disposed of with license by us. Nothing in these Terms of service shall be construed as a transfer of any intellectual property right or any other right to you. You are only given the limited license as described above. 

Username and Password

In order to use the Service, you will have to create a user account (the “User account”) and sign in to it. Instructions on how to create a User account are set forth on https://www.cmrad.com.

The e-mail address you use to register your account with will be your username and you will need to choose a password to sign in to your user account on the Webpage and the App. If you choose to create a new user account, the username and password which you choose must not be: harmful, abusive, racially or ethnically offensive, sexually explicit, defamatory, infringing any intellectual property right or invasive of personal privacy rights. We have the right to change your username if it, in our opinion, violate these Terms of service.  

When creating your user account, you will be asked to submit certain information about yourself. Please make sure to read and understand our privacy policy before you start using the Service. You can find the privacy policy here https://www.cmrad.com/privacy.

Your account is personal and you are not allowed to transfer your account to any third party or to allow a third party to use the Service through your user account. You are responsible for protecting your login information from access by unauthorized persons. If you have reason to believe that any third party has gained access to your user account, you must immediately inform us. We have the right, but not the obligation, to suspend access to your user account if we have reason to believe that any third party has gained unlawful access to your user account.

Please note that if your account is left inactive during a period of 90 consecutive days, we have the right to make your account “invisible”, meaning that all account information is saved, but the account is de-activated and needs to be activated for you to be able to use it again. Additionally, if your user account is left inactive during a period of 365 consecutive days, we have the right to cancel your user account permanently. 

Your Use of the Service

We do not want the Service to be used for anything other than its intended purpose. Your use of the Service may only be in accordance with its intended purposes, as described above. If you do not accept this, we ask you not to use the Service.

User-generated Material

You may upload content such as written comments and photos ("User-generated Material") to the Service. Such User-generated Material will, if you choose (i) “anyone” be available to anyone who has been given a link, even if such person is not a registered User of the Service, (ii) “Collective Minds”- registered Users of the Service, “Group” only a predefined group of registered Users of the Service. The content of the User-generated Material is to the extent permitted under applicable law, the sole responsibility of the User that has uploaded such material.

You agree and warrant that you will not distribute or upload any User-generated Material to the Services which: 

1. is false, misleading, untruthful or inaccurate, 

2. promotes or encourages illegal activity, 

3. is racially or ethnically offensive and/or constitutes agitation against a minority (such as a national or ethnic group),

4. constitutes defamation, contains pornography or is in any other way sexually explicit,

5. attacks sexual orientation or religion or is discriminating in any other way, 

6. constitute insult or persecution of a person, 

7. is in any way harmful, abusive, offensive or illegal or which infringes the rights of any third party (such as including but not limited to copyright and trademarks), or

8. otherwise contradicts the Service's intended purposes.

Our position with regard to User-generated Material 

We will not tolerate any message we consider inappropriate, illegal or unethical. We have a statutory duty to monitor the User-generated Material that are made available in the Service and, under certain conditions, remove User-generated Material from the Service. We reserve the right to, at our sole discretion, remove User-generated Material that we deem inconsistent with these Terms of service or as we in any other way consider unfair, unethical or illegal and that may be harmful to us or the Users of the Service.

If you encounter any User-generated Material that you believe infringes these Terms of service, or encounter posts from other Users that are abusive or inappropriate in any way, or if you have any other reason to believe that our Service is used for illegal purposes or for purposes that are not in accordance with these Terms of service, please contact us at support@cmrad.com.

Intellectual Property Rights to User-generated Material

Ownership of all User-generated Material belongs to you, or the third party that owns the intellectual property rights to such User-generated Material. You hereby give us, to the extent permitted under applicable law, a worldwide, perpetual, non-exclusive, gratuitous and transferable right to possess, process, store, publish, distribute, stream, transmit, playback, transcode, copy, present, display and otherwise use the User-generated Material to provide and market the Service, or any of our current or future products or services.

You warrant that you have all necessary rights to show and upload User-generated Material, to use the User-generated Material in all other ways and to grant us the license to the User-generated Material as described above.

Network Fees and Access

You are responsible for securing your access to the network necessary to use the Service. There may be additional costs for e.g. transfers of. These costs are not paid by us. Furthermore, you are responsible for obtaining and keeping the necessary hard- or software up to date to access and use our Service. 

Disclaimer of Warranty and Limitation of Liability

The Service, including the Webpage and the App and any information therein, is to the extent permitted under applicable law provided ‘as is’ without warranties of any kind. This entails that we are not responsible for any incorrect or incomplete information provided within or in connection with the Service, including incorrect or incomplete User-generated Material and input that is automatically generated through the Service. We strongly advise all Users to exercise caution in the interpretation and implementation of information obtained through the Service. Your use of the Service is solely your responsibility and at your own risk. We do not grant any warranties, express or implied or otherwise, as to the accessibility, quality, qualification for any particular purpose, suitability or accuracy of the Webpage, App or the Service. 

We recommend you not to rely on the Service for a purpose which is of high importance to you or which you consider intolerable if not met, since there may be situations where the Service will not be available, due to, but not limited to, maintenance and circumstances beyond our control. In addition, we reserve the right to modify or discontinue providing the Service, at our sole discretion. To the extent permitted under mandatory law we are not liable to you or any third party for any direct, indirect or other damages of any kind, including but not limited to, lost profits, loss of income, loss of revenue, business interruption or loss of goodwill arising out of, or in connection with these Terms of service or inability to use the Service. We are not responsible to you for any third party claims made against you. 

Indemnity

You are liable for any damages inflicted on us, or any third party, due to your breach of these Terms of service, including but not limited to the misuse of the Webpage, the App and/or the Service. Furthermore, you agree to indemnify us in relation to any claims, costs (including reasonable legal costs) damages, expenses, liabilities and losses incurred by us in relation to your breach of these Terms of service or other applicable law.

Should any User-generated Material infringe a third party’s intellectual property right, you agree to immediately remove all infringing parts of the User-generated Material and indemnify us from all damages, costs and expenses incurred by us as a result of such infringement.

Change of Terms and Termination of Serivces

We have the right to make changes and updates to these Terms of service. We will inform you of any such changes at the latest thirty (30) days before an adjustment enters into force. We will give you such information by email to the email address provided by you. 

You have the right to terminate your user account and remove your content from the Service at any time and without prior notice.

We have the right to suspend your access to the Service with immediate effect if we have reason to believe that you are violating these Terms of service. Furthermore, to the extent permitted under applicable law, we reserve the right to modify, discontinue, temporarily or permanently cease providing the Service at any time without prior notice, on our own discretion, or if required by law or by a decision by an authority. You accept that we shall not be liable to you or to any third party for such modification, suspension or discontinuance. Upon termination you shall also, at our request, destroy or return any material downloaded or copied from the Service.

Miscellaneous

The term “included” shall in these terms be read as to mean “including but not limited to”.

You may not assign or transfer any rights, obligations or licenses as provided in these Terms of service. We may assign and transfer our rights under these Terms of service without your consent and without notice to you.

Out failure to exercise or enforce any right or provision of these Terms of service shall not operate as a waiver of such right or provision.

These Terms of service operate to the fullest extent permissible by law. If any provision of these Terms of service is deemed to be unlawful, void or unenforceable, that provision is deemed severable from these Terms of service and does not affect the validity and enforceability of any remaining provisions.

Applicable Law and Disputes

These Terms of service shall be governed by and construed in accordance with Swedish laws, without regard to its conflict of law rules.

Any dispute or claim arising out of or in connection with these Terms of service, or the breach, termination or invalidity thereof, shall be finally settled by Swedish courts, with the Stockholm District Court as the first instance although we retain the right to bring proceedings against you in your country of residence, unless otherwise is provided by mandatory law.

Warranties in Relation to Apple Inc.

The parties to this agreement, we and the Users, hereby clarify the following in relation to Apple Inc. ("Apple"):

That we and the Users are the only parties to this Agreement;

1. That we are responsible for the Service, the App and all content therein. We carry all responsibility for the maintenance, support and service of the Service or any technical equipment used to enable the provision of these. Claims that directly or indirectly depend on such grounds may only be directed against us, and not against any third party.

2. That all demands or claims arising directly or indirectly from the use of the Service and which might be directed against us, only shall be directed against us. Apple is not in any way liable to respond to these demands or claims, if these are directed against Apple.

3. That we, and not Apple, are solely responsible to investigate, defend, settle or secure liability in the event of any third party claims, based on the Service or infringements of any third party's intellectual property rights caused by use of the Service.

4. The User guarantees and ensures that you are not located in a country subject to an embargo issued by the US government, or has been designated by the US as a "terrorist supporting" country and that you are not on any of the US government's list of prohibited or restricted parties.

5. That these Terms of service creates rights for Apple to apply these Terms of service directly against you, regardless of our participation. In addition to the third-party rights given to Apple, these Terms of service will not give any third-party rights to any other natural or legal person.

Warranties in Relation to Google Inc.

This section sets out the specific terms and conditions that apply to the use of the App in android based mobile devices and applies between you and us;

1. Google Inc. (“Google”) provides Google Play where you download the App.

2. You hereby undertake to use the App in accordance with Google’s at each time valid terms and conditions for Google Play;

3. we, and not Google, is solely responsible for the App as well as the services and offerings available therein. Google does not have any obligations or liability to you regarding the App or these Terms of service.

 

Appendix 1 - Confidentiality Agreement

This Confidentiality Agreement (the “Agreement”) is entered into by; 

1. Collective Minds Radiology, reg. no. 559120-7187, with address Hörnåkersvägen 14, SE-183 65 Täby, Sweden (“CMRAD”); and 

2. The User (as defined in the Terms of Service). 

CMRAD and the User are hereinafter each referred to as a “Party” and jointly as the “Parties”. When either Party discloses information to the other Party under this Agreement the discloser is hereinafter referred to as the “Disclosing Party” and a Party receiving any Confidential Information hereunder as the “Receiving Party”.

1. Background

   1. The Parties have entered into an agreement regarding the provision and the use of the Collective Minds Service (the “Service”) through which the Parties will share and be privy to information regarding medical radiology cases (the “Purpose”). In order to protect such information, the Parties have agreed on the following; 

2. Confidential Information

   1. Confidential Information shall mean any and all information of a confidential nature, that is made available to or by the User through the Service, and shall, for the avoidance of doubt, include but not be limited to information regarding patients, and any information designated by the Disclosing Party as confidential or which should otherwise reasonably be regarded as being of a confidential nature (“Confidential Information”). For the avoidance of doubt, any information which is posted in the Service where the post has been labelled as being available for anyone with a link to that part of the Service, is not considered as Confidential Information.

   2. Confidential Information does not include information which the Receiving Party can demonstrate (a) is or becomes available to the public other than as a result of a disclosure by the Receiving Party in breach of this Agreement or any confidentiality undertaking, (b) was available to the Receiving Party on a non-confidential basis prior to its disclosure to the Receiving Party or (c) becomes available to the Receiving Party on a non-confidential basis from a person, other than the Disclosing Party or another User, who is not known by the Receiving Party to be bound by an obligation of confidentiality to the Disclosing Party. 

   3. The Receiving Party agrees to keep secret and not to disclose to any third party other than registered users of the Service, directly or indirectly, any Confidential Information and to take all reasonable measures to ensure that Confidential Information is so not disclosed and to only use the Confidential Information for the Purpose. The Receiving Party undertakes to safeguard Confidential Information in a manner no less protective than with reasonable care. The obligation of confidentiality does however not apply where the disclosure of Confidential Information is required by mandatory law, rule, regulation, applicable stock exchange rules or a court order, subject to what is set out in clause 2.6 below.

   4. CMRAD agrees to impose on its employees and consultants, in an appropriate manner, the obligations of confidentiality as set out herein. CMRAD shall be liable for the actions of its employees and consultants with respect to the confidentiality obligations under this Agreement.

   5. CMRAD may disclose Confidential Information to its affiliates and its respective employees, directors, officers, consultants, advisors, legal advisors, financial advisers, accountants, subcontractors or sub-licensees (the “Affiliates”) who have a need to know such information for the Purpose. CMRAD will however in such case ensure that the Affiliates to which it discloses Confidential Information undertake to only use the Confidential Information in accordance with the Purpose of this Agreement and to observe a level of confidentiality no less protective of the Confidential Information than as set out in this Agreement. CMRAD shall be liable for any use and/or disclosure of Confidential Information by such Affiliates. 

   6. Should the Receiving Party be under obligation to disclose Confidential Information, in accordance with what is set forth in this Agreement, the Receiving Party shall without undue delay, before any disclosure is made, inform the Disclosing Party hereof in order for the Disclosing Party to be able to take such actions in order to protect the information as it may deem necessary. Any disclosure in accordance with this clause 2.6 shall be made only to the extent so required. The Receiving Party furthermore undertakes to without delay inform the Disclosing Party in case it becomes aware of any unauthorized disclosure of Confidential Information and shall take all reasonable measures in order to prevent any further disclosure.

   7. For the avoidance of doubt, nothing in this Agreement shall affect either Party’s confidentiality obligations set out in mandatory law, if any.

3. Proprietary Rights

   1. The Receiving Party acknowledges that any Confidential Information received shall at all times remain the property of the Disclosing Party or the user that has uploaded such information to the Service and that the Confidential Information received may not be used for any other purpose than the Purpose. 

   2. The Parties acknowledge that any Confidential Information is provided “as is” without any warranties as to its accuracy or completeness. 

4. Term

   1. This Agreement shall remain valid for the same period of time as the agreement between the Parties regarding the Service of which this Agreement is a part. However, the confidentiality obligations shall bind the Receiving Party from the date of disclosure of such information without limitation in time.

5. Miscellaneous

   1. The Receiving Party may not assign this Agreement without the prior written consent of the Disclosing Party.

   2. This Agreement does not, and is not intended to confer any rights or remedies upon any person other than the Parties hereto.

   3. This Agreement may only be amended by written instrument duly signed by both Parties.

6. Governing Law and Arbitration

   1. This Agreement, and any non-contractual obligation arising out of or in connection therewith, will be governed by the substantive laws of Sweden.

   2. Any dispute or claim arising out of or in connection with this Agreement, or the breach, termination or invalidity thereof, shall be finally settled by Swedish courts, with the Stockholm District Court as the first instance although we retain the right to bring proceedings against you in your country of residence, unless otherwise provided by mandatory law.

 

Appendix 2 - Data Processing Agreement

This Data Processing Agreement (the “DPA”) is entered into between:

1. Controller, a natural or legal person that is a party to the Collective Minds Radiology Terms of Service in their capacity as an independent radiologist (“Controller”); and 

2. Collective Minds Radiology AB, reg. no. 559120-7187, Hörnåkersvägen 14, 183 65 Täby, a company organized under the laws of Sweden (“Processor”).  

Each of Controller and Processor are referred to as a “Party” and jointly as the “Parties”.

1. Background

   1. The Parties have entered into Collective Minds Radiology Terms of Service (the “Agreement”), where Controller have contracted Processor in order to use the Processor’s intelligent case solving platform for radiologists, which forms the subject matter of the processing of personal data under this Agreement.

   2. Terms such as “personal data”, “processing” and “data subject” and other expressions not defined in this DPA shall have the same meaning as set out in the Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR"), as may be amended, updated, replaced or superseded from time to time, if not expressly stated otherwise.

   3. The Processor’s service is an intelligent case solving platform for radiologists where users can get support in evaluating medical cases, share their expertise and learn from each other. The Controller is able to upload and partake X-ray images in addition to other uploaded personal data for which data processing is carried out (the “Service”), rendering Controller the data controller, whilst Processor qualifies as data processor under the applicable data protection laws. In light of the above, Processor and Controller have agreed on the following terms and conditions set out in this DPA including the Schedules concerning the processing of personal data under this DPA.

   4. This DPA shall supersede any prior agreements, arrangements and understandings between the parties and constitutes the entire agreement between the parties relating to the subject matter hereof. In case of conflict between the Agreement and the DPA including the Schedules, this DPA shall take precedence.

2. Processor’s obligations

   1. Processor shall to the extent any personal data is processed by Processor on behalf of Controller under the Agreement:

      1. only process personal data in accordance with Controller’s documented instructions specified in Schedule 1 of this DPA, unless when required to do so under applicable EU or Member State law to which the Processor is subject. Processor shall in such case inform Controller of such legal obligation unless prohibited by law. Processor shall immediately inform Controller if the Controller’s documented instructions, in the Processor’s reasoned opinion, are infringing applicable laws, rules and regulations. Such information shall not be considered as legal advice provided by Processor; 

      2. ensure that the employees/agents/sub-contractors or other third parties that are authorized to process personal data are subject to an obligation of confidentiality with regards to the personal data. Processor is only allowed to disclose personal data to third parties if Controller has given its written consent or if it is required by applicable law;

      3. implement appropriate technical and organizational measures required pursuant to Article 32 of the GDPR; 

      4. hereby be given a general authorization to engage other processors (“Sub-processors”) for the processing of personal data on behalf of Controller. Where Processor engages a Sub-processor under this clause, Processor undertakes to ensure that the contract entered into between Processor and any Sub-processor shall impose, as a minimum, data protection obligations not less stringent as those set out in this DPA. Processor shall notify Controller of any intended changes concerning the addition or replacement of Sub-processors, to which the Controller may object. If Controller has made no such objection within [ten (10)] days from the date of receipt of the notification, Controller is assumed to have made no objection. 

      5. have the right to cure an objection from Controller as described in  (iv) above, at Processors sole discretion. If no corrective option is reasonably available and the objection has not been cured within [thirty (30) days] after receiving the objection, either Party may terminate the affected Service or the Agreement with reasonable written notice;

      6. be allowed to transfer of personal data to third countries outside of EU or EEA is in accordance with Controller’s documented instructions.  When personal data is transferred to a country that does not ensure an adequate level of data protection, the Processor ensures that the transfer is subject to adequate safeguards as stated in Chapter V GDPR is in place. Processor is hereby given clear mandate, on behalf of the Controller, enter into: 2010/87/EU: Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (notified under document C(2010) 593) or decisions and clauses that may replace or amend these.

      7. taking into account the nature of the processing and the information available for the Processor, at Controller’s cost, assist the Controller in its obligation to respond to requests from data subjects pursuant to chapter III in the GDPR by implementing appropriate technical and organizational measures, insofar as this is possible;

      8. taking into account the nature of processing and the information available to the Processor, at Controller’s cost, assist the Controller to fulfil its obligations pursuant to Articles 32 to 36 in the GDPR;

      9. on termination or expiration of the Agreement or on instruction from Controller, upon written request and at Controller’s choice, return or delete all personal data processed under the Agreement at Controller’s cost, unless Processor is required to retain the personal data by applicable laws, rules and regulations. Controller must make such written request [fourteen (14) days] from the Agreement’s termination or expiration; and

      10. upon Controller’ request and at the cost of Controller, make available all information necessary to demonstrate Processor's compliance with the obligations laid down in Article 28 in the GDPR and in this DPA and allow for and contribute to audits, including inspections, conducted by Controller or another auditor mandated by Controller and accepted by Processor. Processor shall not unreasonably withhold its acceptance. The audit shall be carried out maximum [once (1) per calendar year], and a written notice shall be sent to the Processor with a notice period of at [least thirty (30) days] before the audit commences. The audit shall be conducted during Processor’s normal working hours without disturbance to the normal operations of Processor.

3. Interpretatitve Prerogative

   1. In the event that the clauses of the Agreement or this DPA  are in conflict with the data protection provisions set forth in the data processing agreement that the Processor has signed with the Sub-processors (“Sub-processor Agreement”) set out in https://www.cmrad.com/data-processors, the data protection provisions set out in the prevailing Sub-Processor Agreement, to the extent it is applicable, shall take precedence with due changes. The above applies, insofar these data protection obligations in the Sub-Processor Agreement are at least as stringent as the obligations in this DPA or constitutes data protection obligations for which the Processor must comply with.

   2. For avoidance of doubt, what is stated in 3.1., above, does not affect the other applicable data protection provisions stated in this DPA.

4. Limitation of liability and Indemnification

   1. The Controller shall hold Processor harmless and indemnify for third party claims, damages as well as administrative penalties or fines issued by courts or authorities if and to the extent Processor is held liable by a competent court, authority or any other dispute resolution body for processing of personal that is contrary to the applicable data protection laws, unless such liability has arisen as a consequence of Processor’s failure to perform its obligations under this Agreement. Notwithstanding the above, Processor’s aggregate liability for breach of the personal data obligations set forth in this DPA or applicable data protection laws shall be limited to an amount corresponding to [100% of the fees paid or payable ] as per the Agreement, during the [twelve (12) months period] immediately preceding the time when the claim arose. This includes, but not limited to, claims from data subjects and administrative penalties or fines issued by relevant courts or data protection authorities.

   2. Notwithstanding what is stated in this DPA, the Processor should be held harmless from all liability in the DPA, if such liability arises as a result of the Controller’s instructions which is in breach with the provisions of the GDPR or other applicable laws.

5. Governing Law And Disputes

   1. This DPA shall be governed in accordance with the laws of Sweden, with the exclusion of its conflict of laws rules.

This Agreement shall be governed by Swedish law, without application of its conflict of laws principles.

Any dispute, controversy or claim, contractual or non-contractual, arising out of or in connection with this DPA, shall be settled by the Swedish general courts, with the Stockholm District Court as the first instance although we retain the right to bring proceedings against you in your country of residence, unless otherwise provided by mandatory law.

Schedule 1 - Controller’s Instructions

The following is instructions from the Controller to the Processor for the processing of personal data which covers this DPA.

Processing Activities

The nature of the processing consists of the following processing activities: 

• To enable, verify and administer the Controller’s account;

• To provide, personalize and improve the Controller’s experience with the Service and integrated third party services;

• To send alerts or messages by email, such as marketing information or updates of the Service;

• To improve and develop the Service or new services and to analyze the Controller’s use of the Service;

• To ensure the technical functioning of the Service and to prevent the use of the Service in breach of the Terms of Service;

• To enforce the Terms of Service, including to protect the rights, property and safety of the Processor and third parties;

• To respond to any queries you raise with us and to provide customer support; and

• To fulfil requirements by law.

Categories of Personal Data

1. User profiles

   1. Name;

   2. contact details (e-mail address, telephone number, address, country of residence, nationality);

   3. position, title and workplace;

   4. medical doctor’s license;

   5. social network references;

2. Pseudonymous patient case information

   1. Pseudonymized DICOM images including embedded metadata;

   2. Content that you post, upload and/or contribute to the Service;

3. Technical usage data 

   1. Such as the URL you are accessing the Service from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information and operating system;

   2. Information about your use of the Service, such as what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clocks and mouse-overs), consultation length(s), recurrence of visits and other interaction information, methods used to browse away from the page.

Categories of Data Subjects

• End-users of the Service, such as radiologists, clinicians, doctors and other specialists; and

• Patients whose patient information has been pseudonymized.

Retention Periods

• Personal data about end-users of the Service will be retained for as long as the end-user has an active profile on the Service;

• Inactive end-users will have their personal data deleted after two (2) years of inactivity on the Service.

• For end-users who have been added to the mailing list, personal information for that purpose will be retained unless the end-user unsubscribes or want to be removed, in which case the Processor deletes the end-users personal data (aside from keeping a record that end-user have stated that they do not want marketing information).