General Terms & Conditions

Important Legal Disclaimers and Notes for the use of the websites and app(s) of Incision

Please read the following PDF for Important Legal Disclaimers and Notes for the use of the websites and app(s) of Incision.

For frequently asked questions on Data Protection and Information Security, please view our Data Protection and Information Security FAQ.

These General Terms & Conditions between (i) you as ‘User’ only or as ‘Customer’ and (ii) Incision Group B.V., a private company with limited liability with registered address at the Mauritskade 63 (room BD-1), 1092 AD Amsterdam, The Netherlands, with company registration number 62060821 (“Incision”, “us” or “we”, together with you also referred to as ”Parties” and each a “Party”) govern your access to and use of the Services of Incision, and any video, sound, text, graphics or other materials sent, received, stored or otherwise appearing in or relating to the Services. By accessing or using any part of the Services, including the websites, App and Platform of Incision, you agree to be bound by these General Terms & Conditions. If you do not agree to all the General Terms & Conditions, you may not access the website or use any Services. Words and terms used in these General Terms & Conditions shall have the meaning given thereto in Article 1 or in the text of the General Terms & Conditions, unless the context requires otherwise.

Incision has entered into agreements with customers and partners relating to the Services. In case you are using Services as part of an agreement we have with your organisation (such as a commercial, research or collaborative partnership), you should also read - and agree to be bound by - any agreement we have with your organisation (including, but not limited to, the Business Terms & Conditions, customer (hospital) agreement, Order Form, Partner Agreement) or specific documents Incision or your institution provides you which apply to particular features of the Services, such as acceptable use policies, content standards, disclaimers and protocols.

If you are not using the Services (yet) as a Customer User or Partner User that is using Services as part of an agreement we have with you or your organisation (such as a commercial, research or collaborative partnership), you shall be considered to be a User and a Customer and, next to these General Terms & Conditions, also be bound to the Business Terms & Conditions. Please contact Incision if you have not been provided yet with the Business Terms & Conditions and would like to receive a copy.

No medical advice. We do not provide any advice on medical use, review, assessment, advice, opinion, treatment or otherwise relating to the Content. You are solely responsible for your own (clinical) judgment on how to use the Content that is added to the Incision websites, App, Platform and any material obtained therefrom.

Reference is made to specific schedules and disclaimers on incision.care/legal/terms-and-conditions. You confirm that you have read and agree to the legal disclaimers and notes on the aforementioned link for the use of Incision’s websites and app(s), and the Content made available to you on Assist and Academy (the “Legal Disclaimer”). If you do not agree with the Legal Disclaimer you may not access the websites and/or the app(s) or use any
Services.

Download the General Terms and Conditions in PDF.

Article 1. Definitions

“Agreement” if applicable, the Order Form or any other agreement agreed between Parties with respect to the acceptance of the Services and the fees to be paid for the use of the Services. The General Terms & Conditions and the Business Terms & Conditions are part of the Agreement and where reference is made to Agreement, this is also a reference to these General Terms & Conditions and the Business Terms & Conditions.

“App” means the (Companion) Application of Incision as described on the website of incision.care, populated by the Content added to the Platform and the App.

“Business Terms & Conditions“ means the Business Terms & Conditions, specifically written and agreed between Incision and its customers (hospitals, research companies and similar) as referenced below under the General Terms & Conditions.

“Content” means any content (including but not limited to videos, clips, protocols, feedback, text and comments) added to the Platform by Incision, Partner, Customer, other customers of Incision, Users and other third parties.

“CMS” means the content management system through which, inter alia, Partner can upload Partner Content and Customers can upload Customer Content.

“Customer” means customers of Incision that use the Platform, mostly (but not limited to) hospitals, research entities, universities or similar persons and parties. The Business Terms & Conditions are applicable to each Customer of Incision.

“Customer Content” means Content added by Customers to the Platform including, but not limited to, Protocols, video Content, photos, content items and/or text.

“Customer Users” means the natural persons connected to the Administrator and/or the Customer (e.g. as employee, owner or contractor) that have a free trial/pilot or paid subscription and license to use the Platform.

“General Terms & Conditions” means these General Terms & Conditions, including additional terms and policies referenced herein and/or available by hyperlink.

“Incision Content” means any and all modules, clips and/or other material created by Incision based on either Customer Content, Partner Content or User Content.

“Incision Systems” means the Incision Academy, Platform, Content Management System, App and the ‘Teams Protocol Register’.

"Intellectual Property Rights" means current and future worldwide rights under patent, copyright, trade secret, trademark, and moral rights laws, and other similar rights to all inventions, know how, and all kind of works (including but not limited to software, databases, writings, schemes, designs, reports, analyses, trademarks, logo’s, photo’s, moving pictures, learning modules, protocols, business plans, contracts)

“Licensed Material” any content owned and provided by Incision to User included in the Service, and to which the User wants to have access by means of a subscription;

“OR” means the Operating Room of a hospital.

“Order Form”: Incision’s order form, Agreement, or any agreement or other document detailing the specific payment terms and Services between Incision and you, including the acceptance of the General Terms & Conditions and the Business General Terms and Conditions.

“Parties” Incision and you together, and each a “Party”.

“Partner” Medical device companies or similar companies that are connected to Incision as a partner.

“Partner Content” means any and all original footage and other material (including but not limited to the ‘Source Material’) which is (i) the original content provided by the Partner to Incision or (ii) official online content to Partner’s products provided by the Partner, Customers, customers or Incision, consisting of, but not limited to, the following: video Content, photos, content items, protocols and/or text.

“Partner Users” means the natural persons connected to the Administrator and/or the Partner which have a free trial/pilot or paid subscription and license to use the platform.

“Platform” means the Incision Assist platform, accessible through the App and/or web application and includes, but is not limited to, the App, Incision Assist and Incision Academy. The Platform is created by Incision including the CMS to make it possible for Partners, Users, Customer and customers to access, capture, create and manage their OR Protocols and make the Content, Content items and/or Protocols available in the App to its Users.

“Protocols” means the protocols added and/or created by (i) you and other customers (ii) Users and/or (iii) Partners.
"Renewal Fee” the fee to be paid annually prior to the renewal date for the (license) fee(s) to be paid according to the invoice of Incision.

“Services” any services of Incision that are offered on the Incision App, Platform and website(s). It consists of but is not limited to descriptions of surgical and/or medical procedures or Protocols as presented on the Platform, in videos, training programs, a 3D viewer and learning environment as well as any other explanations, texts, comments, guidance or technological support offered in connection with the purpose of improving surgical skills and knowledge .“User Content” means content added by Users to the Platform.

“Users” means all natural persons that have a free trial/pilot or (paid) subscription and license to use the platform.

Article 2: License and access to service

2.1 Incision hereby grants to User a non-exclusive, non-transferable license to use the Licensed Material, in accordance with (i) these General Terms & Conditions, (ii) any agreement we have with your organisation or (iii) any agreement you have with Incision.

2.2 If the Licensed Material is supplied on a trial-basis for evaluation purposes, User may use the Licensed Material for evaluation during the period agreed, in accordance with these General Terms & Conditions. However, Users of the free trial license acknowledge that not all functionalities of the Services are available for them.

2.3 In case you are using Services as part of an agreement we have with your organisation, the term agreed in such agreement is applicable. In case you have an Agreement with Incision, these General Terms & Conditions shall remain in force for an initial term of 12 months, starting (i) at the date that both Parties have agreed the Agreement, (ii) at the day that the User starts using the Services or (iii) another period as agreed between Parties. This initial term shall automatically be renewed for the same period on each anniversary of such term, unless either Party terminates this Agreement by giving at least sixty (60) calendar days prior written notice to the other Party (the “Term”).

2.4 In order to use specific features of the Service, the User will need to register with Incision by providing certain personal data. The User will then be issued with a unique user name and a unique password (or any other means of personal identification), which the User shall only use or allow to be used for the permitted use of the service. The User shall keep the identification information confidential and not disclose, disseminate or pass it on to employees, partners, group companies, branch offices, business relations or others for use from other locations than the Site or by other than the permitted users.

2.5 Incision has the right to replace or block User’s unique user name and/or password (or any other means of personal identification) immediately and without prior notice if and when illegal access to the Content / Licensed Material through this user name has been ascertained, or when there are reasonable grounds to suspect that such illegal access will occur or has occurred through this user name. Incision has the right to limit access to a restricted range or specific IP addresses or to block a range of or specific IP addresses, either in conjunction with User’s user name or regardless of the user name.

Article 3: Orders and Acceptance

3.1. These General Terms & Conditions are applicable to all agreements, offers, quotations between the User and or its institution and Incision, in so far as Incision has not made any specific written agreements or statements to the contrary.

3.2. The Services provided by Incision are for professional medical use only, and to be used by healthcare professionals or administrators only.

3.3. Alterations to or acting differently as agreed in these General Terms & Conditions are valid only if specifically agreed in writing by Incision.

3.4. In case where one or more of the provisions of these General Terms & Conditions or of the accompanying contract are invalid, rescinded or set aside, the remaining provisions of these general General Terms & Conditions and the contract shall remain applicable in full. Any clause in replacement of the invalid provisions should be determined or interpreted as closely as possible for the purpose and the tenor of the original provisions.

3.5. In case that the User is not connected to an organisation that has an agreement with Incision, User and Incision will agree onan Agreement between Parties to give the User the benefit of using the Services.

3.6. Incision reserves the right to refuse any order that a User sends to Incision. Incision may, in its sole discretion, limit or cancel quantities purchased per person, per institution, per company or per order. These restrictions may include orders placed by or under the same customer account, the same credit card, and/or orders that use the same billing and/or shipping address. In the event that Incision makes a change to or cancels an order, Incision may attempt to notify the User by contacting the email and/or billing address/phone number provided at the time the order was made. Incision reserves the right to limit or prohibit orders that, in her sole judgment, appear to be placed by a company or person that is not the end-User or institution.

3.7. By adding any additional condition or by rejecting any condition of Incision, the User expressly rejects the service provided by Incision, and consequently no agreement shall be made with Incision. An order with different conditions does not oblige Incision to perform the order or any part of it.

Article 4: Incision’s obligations

4.1. Incision shall ensure that the User is provided in full and in good time with all information, as well as amendments hereto, to enable the User the use of the service. If such information is not issued to the User on time or in full or the content cannot be accessed, the User is free to contact Incision for detailed explanations and information via: hi@incision.care.

4.2. In case of errors, inaccuracies or omissions, Incision will use all its reasonable commercial endeavours to correct, update, amend or clarify that information available in the Service or any related website. Incision cannot be held liable for losses of any nature whatsoever caused by the User’s use of incorrect and/or incomplete information provided on the Incision App, Platform or websites.

Article 5: User obligations

5.1. User shall use the Services and Licensed Material and shall take all reasonable steps to ensure that, if applicable, its authorized users, employees and partners shall use the Licensed Material as specified in the Agreement or License Agreement (if applicable) regarding number of users, sites, and locations. User shall not allow or authorize the Licensed Material to be used for the purpose of operating a bureau or any similar service or any online service whatsoever. User will not engage in any form of commercial venture with the Licensed Material.

5.2. User shall not erase, remove, deface or cover any trademark, trade names, numbers, copyright or other proprietary notices, guarantee, designation of origin, means of identification, disclaimer or other statement used on any media containing the Licensed Material or used in relation to it, nor shall User authorize another person to do so.

5.3. User shall promptly inform Incision if User becomes aware of:
a. any unauthorized use of the Licensed Material;
b. any actual, threatened, or suspected infringement of any intellectual property right of Incision in the Licensed Material; and
c. any claim by any third party that the Licensed Material infringes the intellectual property or other rights of any other person.

5.4. User shall at the request and expense of Incision do all such things as may be reasonably required to assist Incision in taking or resisting proceedings in relation to any infringement or claim referred to in this clause and in maintaining the validity and enforceability of the intellectual property of Incision in the Licensed Material.

5.5. Except insofar as permitted by law, User shall not modify, reverse assemble, decompile or reverse engineer the Licensed Material or any part thereof, or permit any third party to do so.
5.6. User shall not, except to the extent necessary to exercise the rights granted under these General Terms & Conditions:
a. make any alterations, additions or amendments to the Licensed Material;
b. combine the whole or any part of the Licensed Material with any other software, data or material
c. create derivative works from the whole or any part of the Licensed Material.

5.7 You will fulfill all your obligations and perform all Services as agreed with Incision in these General Terms & Conditions, (if applicable) the Agreement or in writing between Parties.

5.8 You will be responsible for the compliance of these General Terms & Conditions by any persons and companies connected to you. Where these General Terms & Conditions refer to you, they will also refer to such other persons and parties connected to you.

5.9 You agree to use the Services only in accordance with how the Services have been made available to you by us, the terms of these General Terms & Conditions and any applicable Documentation.

5.10 You will be solely responsible for (i) all Content created and added by you to the Platform or the App, (ii) all use of the Services under your account or your affiliate’s account; (iii) all acts, omissions, and activities of anyone who accesses or otherwise uses our Services through you; (iv) any data and other information or content submitted by you or for you (or by a User connected to you under the Agreement and processed or stored by the Services) (together the “Customer Data”) and (v) all applications, web domains, devices owned or controlled by you or owned by third parties and made available by you to (Customer) Users that access, use, interact with, or depend on the Services.

5.11 You will not transfer, resell, lease, license, or otherwise make available the Services to third parties (except as specifically permitted under the Agreement) to allow Users to access to the Services via the Platform and/or the App.

5.12 You are responsible for preventing unauthorized access to or use of the Services through your account(s) and will notify us promptly of any such unauthorized access or use. We will not be liable for any loss or damage arising from unauthorized use of your account.

5.13 You will not use our Services or permit them to be used to transmit inappropriate content, such as content that (i) is unsolicited; (ii) violates any legal, regulatory, self-regulatory, governmental, statutory, Customer, other customer, Partner or hospital rules, practices and/or protocols; (iii) is pornographic, abusive, racist, obscene, offensive, threatening, harassing, defamatory, discriminatory, misleading or inaccurate; (iv) is harmful, including but not limited to hate speech; or (v) encourages violence, discrimination or illegal, unethical or immoral actions (“Inappropriate Content”). We may remove any Inappropriate Content or Content that contains Inappropriate Content from the Services (including the Platform) without prior notice and without any liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that you may incur as a result. You will, after request thereof by Incision, promptly (at the latest within three (3) business days) remove your Content from the Platform and refrain from adding certain Content as instructed by Incision.

5.14 Incision shall have the right to monitor and intercept the Content, Platform and Services for the purpose of verifying compliance with these General Terms & Conditions.

5.15 Either Party shall provide the other Party with any information reasonably requested: (i) to confirm Party’s and its User’s compliance with its obligations under the General Terms & Conditions or an Agreement; or (ii) in response to any request made by any legal, regulatory, governmental authority, or operator.

5.16 Either Party shall at its own cost unless otherwise agreed, be responsible for providing, installing, testing, making operational and maintaining all equipment on its side.

Article 6: Fees and Payment obligations

6.1. If your organisation did not agree to an Agreement with Incision, User undertakes to pay Incision any and all fees for the use of the Services as agreed with Incision or as mentioned on the website(s) of Incision..

6.3. The fees for the Services (including the license fees and the Renewal Fee(s), if applicable, are the fee as listed on the Incision websites or Platform, unless otherwise agreed upon in (i) any agreement we have with your organisation or (ii) any agreement you have with Incision.

6.4. Incision reserves the right to change the fees for the Services and the Renewal Fee(s), if applicable, subject to 30 days prior notice, unless otherwise agreed upon in (i) any agreement we have with your organisation or (ii) any agreement you have with Incision.

6.5. If payment of any agreed fees has not been received by Incision within 30 days of the invoice date, User will be in default without any further notice being required. If any amount owing by User to Incision under an Order Form or these General Terms & Conditions is 30 or more days overdue, Incision may, without limitation of any other rights and remedies, suspend access of the User to the Services until such amounts are paid in full. Suspension of Services will be notified at least 5 days in advance, except where this is reasonably not possible.

6.6. Incision’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, applicable by any jurisdiction whatsoever (collectively referred to as “Taxes”). User is responsible for paying all Taxes associated with the purchase of the Services. If Incision has the legal obligation to pay or collect taxes for which User is responsible under this clause, Incision will invoice User and User will pay the relevant amount unless User has provided a valid tax exemption certificate authorized by the appropriate taxing authority.

Article 7: Termination

7.1. Any party to these General Terms & Conditions may terminate these General Terms & Conditions for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.

7.2. In no event will termination of these General Terms & Conditions in accordance with these General Terms & Conditions relieve User’s obligation to pay any fees payable for the period prior to the effective date of termination.

Article 8: Inspections and complaints

8.1. Complaints carried out must be sent in writing by the User to Incision within 7 days of establishing the defect. The notice of default should contain a description of the failure to perform in as much detail as possible so that Incision is able to put forward an adequate response.

8.2. If a complaint is well-founded, Incision is authorized to decide at her own discretion whether to amend the invoice, redeliver the relevant product or service or reimburse a proportion of the price already paid without continuing to implement the agreement.

8.3. If the User fails to lodge a claim within the period provided for in clause 1 of this article, all of his rights and claims of any nature regarding the subject of the complaint made or which could have been made during that period shall be null and void.

Article 9: Liability

9.1 Each Party shall be liable to the other Party for damages resulting from a breach of the provisions of these General Terms & Conditions and/or Order Form(s). The total liability of each Party for direct damage under or in connection with these General Terms & Conditions and connected Agreement(s), if applicable, shall be limited to the higher of: (i) the aggregate of the amounts paid or payable by you to Incision for all Services during the last twelve (12) consecutive calendar months and (ii) thirty thousand EURO (EUR 30,000.00). Each Party shall not be liable to the other Party for faults in the delivery, transmission, reception or functioning of its Services attributable to any software provider or third parties. Incision will have no liability regarding damages resulting from a breach of the provisions of these General Terms & Conditions and connected Agreement(s) regarding (i) the acts and omissions of you, Users, Partners or other customers of the App and the Platform or (ii) loss of or damage to Customer Data while in transit via the internet or a telecommunications network.

9.2. Notwithstanding Article 9.1, you shall be fully responsible for, and shall hold Incision fully harmless, without limitation, at the first demand of Incision, for direct and indirect damages, costs, claims, expenses and other liabilities resulting from (a) any allegation that the use or provision of the Services by you results in any infringement of the rights of any third party, law or regulatory authority, (b) breach of the terms in Article 10 (Intellectual Property) or Article 11 (Personal Data, Data Privacy and Information) and/or (c) the adding or making available of Inappropriate Content, including, but not limited to, fines, other penalties or damages resulting from other sanctions imposed on Incision by any Users, Partners, customers, regulators or other state authorities or any other third parties.

9.3. Each Party shall promptly inform the other Party of any claim or action that may result in losses for which the other Party is liable pursuant to the aforementioned Article. The Parties shall provide to each other reasonable co-operation and all information reasonably required in the defense or settlement of such third-party claim or action.

9.4. Except if explicitly provided otherwise in these Business Terms & Conditions, no Party is ever liable (whether in contract, tort (including negligence) or otherwise) for indirect damages, consequential damages, loss of revenue, business, anticipated savings or profits, damages resulting from third party claims or loss of data.

9.5. Each Party shall remain fully responsible and the sole point of contact for all its own employees (including its independent contractors) with respect to any Services provided by the other Party.

9.6. For the avoidance of doubt:
a) Incision will be liable for Incision Content that is created by Incision and added to the Platform;
b) you will be liable for any Content created and added to the App and/or Platform by you or anyone in your organisation and/or shared with other parties as agreed in this Agreement. This includes the connecting, loading, adding or displaying of Content on the Platform and the accuracy, correctness, completeness or quality of any of the medical information, steps to take or any (other) content;
c) you guarantee that any and all Content you add to the App and the Platform is fit for purpose;
d) Incision will never be liable for any Content created by third parties (e.g. medical device companies, medical companies, partners, customers, you, Customer Users and/or any (other) Users) that is added to or accessible in the App and/or the Platform; and
e) you and each customer will have their own responsibility in how the Customer Content is used. Incision will not be liable for any use of this Content (including, but not limited to, in hospitals, operating rooms, universities and research facilities for work, teaching, preparation and/or training purposes).

Article 10: Intellectual property

10.1 Incision owns all Intellectual Property Rights relating to the Platform, Incision Systems and any and all underlying software. You may use the Platform solely for use of the Services. You guarantee not to copy, modify, distribute, sell or lease any part of the software. You guarantee not to reverse engineer or attempt to extract any of the source code from the Platform .Incision owns and reserves all Intellectual Property Rights in and to any feedback provided by you or third parties.

10.2 By providing the Content or any other content to Incision and/or by uploading Content to the Platform, you guarantee that you have the necessary (intellectual property) rights to the Content, including the right to publish it on the Platform in an edited form for the purpose of sharing it with third parties and you guarantee that you and any and all parties that own Intellectual Property Rights to the Content, provide a worldwide, non-exclusive, royalty-free license to Incision. This license includes the right to reproduce, adapt, modify, translate, publish and distribute the Content for the purpose of creating modules and clips on the Platform and giving Users access to the Platform. Furthermore you guarantee that (i) Incision is able to freely share the Customer Content with other customers of Incision and (ii) the Customer Content is fit for that purpose.

10.3 All Intellectual Property Rights to the Incision Content will remain with Incision.

10.4 Use of Content with a financial gain, even if this relates to educational purposes, is not allowed without explicit written consent from Incision. This includes and is not limited to: educational sessions and courses that require a fee from participants (e.g. hands-on courses provided on national level or organised by international societies); scientific publications; international societies’ websites and databases.

10.5 Duplication, distribution or alteration of Content by you on any medium is not allowed without explicit consent from Incision, including and not limited to: social media; scientific publications; congress presentations (requiring transferral of footage to congress organisations); educational courses.

10.6 You are not allowed to publish Content outside of the Platform, except in the following events:
a. Citation and referral to Content on the Incision Academy is allowed, in accordance with European Citation laws. Access to the content is possible behind a paywall, but partly facilitated by Incision by the single user subscription (free), which provides access to a single course. Access to additional content will require subscription to the Incision Academy.
b. Any ‘teaser’ material created and published by Incision on freely accessible (social) media (e.g. Youtube, Facebook) may be embedded as is, but may not be copied or altered.

Article 11: Personal Data

11.1 All personal data processed by Incision is subject to the privacy statement of Incision, which can be found on the website of Incision incision.care/legal/privacy-statement and may be changed from time to time.

11.2 In no event may you upload Inappropriate Content and Content that contains revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, personal data concerning health or data concerning a natural person’s sex life or sexual orientation.

Article 12: Applicable law and Forum

12.1 All legal relationships between the Incision and the User to which these General Terms & Conditions and connected Agreement(s) apply shall be solely governed by the laws of the Netherlands. The United Nations Convention on Contracts for the International Sale of Goods (CISG or the Vienna Convention) is expressly excluded.

12.2 In the absence of mandatory rules of law to the contrary, the court in Incision’s place of establishment (Amsterdam) has exclusive competent jurisdiction.

Article 13: Non-disclosure of Confidential Information

13.1. Each Party shall keep confidential and not disclose to any third party, any information relating to the technology, business affairs, finances, suppliers or customers of the other Party (“Confidential Information”). Parties agree not to disclose, without prior written consent of the other, any Confidential Information to any third parties, such third parties include their respective employees, agents, affiliates, lawyers, auditors, and accountants who have a need to know such information and who are bound by a similar obligation not to disclose the Confidential Information.

13.2. The obligations of confidence referred to in this Article shall not apply to any Confidential Information or other information which:
a. was in the public domain at the time of disclosure;
b. though originally Confidential Information, subsequently falls into the public domain other than as a result of any breach of this Article or any other duty of confidence;
c. is received by the relevant Party from a third party, or is already known by such Party, without any breach of this Article or any obligation of confidentiality; or
d. is required to be disclosed by a government body or court of competent jurisdiction or by operation of law or to comply with the rules of a recognized stock exchange or by Mobile Operators and/or by providers of messaging services, but only to the extent so required.

13.3. The obligations of the Parties under this Article shall survive the expiry or termination of the Agreement for whatever reason, until a maximum of 5 years after the start of the Term.

Article 14: Miscellaneous

14.1 English version: These terms of service will be presented in different languages. In case of any inconsistency, the English version shall prevail.

14.2 Hierarchy of Documents: If there is a conflict between any of the provisions in this these General Terms and Conditions of Incision and the agreement(s) we have with your organisation, the following order of hierarchy will apply:
a. The applicable Order Form between Incision and your organisation;
b. The specific agreement Incision has with your organisation (including Business Terms and Conditions and/or a Partner Agreement; and
c. These General Terms and Conditions.

14.3. Details Parties:

a. Incision:
Incision B.V.
Mauritskade 63 (room BD-1),
1092 AD Amsterdam,
The Netherlands.
E-mail address: hi@incision.care
Telephone number: +31 20 26 147 12
KvK-number: 62060821
BTW-identification number: NL854624107B01

b. User/Customer:
the User/Customer is obliged to send its exact details to Incision in writing before it starts using the Services.

Data Processing Agreement

This Data Processing Agreement including the Annexes (the “DPA”) is part of the Agreement between Customer and Incision Group B.V. (“Incision”), unless otherwise stated on your Order Form. All capitalized terms not defined in this DPA shall have the meaning given to them in other parts of the Agreement or in art. 4 of the GDPR. Whereas:

  • the Customer has requested certain Services from Incision as defined in the Agreement;
  • with regard to the processing of personal data for the provision of the service, the Customer is the Controller and Incision, in its capacity of Processor, processes the data on behalf of the Customer;
  • Incision, in its capacity of Processor, for the provision of the Services will process only “common” personal data (name and surname, e-mail, role, structure) and other “common” personal data depending on the Services. Incision products are not meant to process special categories of personal data (art. 9, par. 1, GDPR).
  • this DPA and its Annexes contain the terms and conditions under which Incision, in its capacity of Processor, shall process personal data on behalf of the Customer, in its capacity of Controller;
  • the Controller agrees that Incision provides sufficient guarantees of expert and secured processing, implementing appropriate technical and organizational measures (see list of security measures in Annex 1) that meet the requirements of the Regulation EU 679/2016 (hereinafter “GDPR”); and
  • this DPA is supplemental to and forms integral part of the Business Terms & Conditions. In case of any conflict, this DPA will take precedence over the terms of the Business Terms & Conditions.

Download the DPA in PDF.

The Parties agree as follows:

  1. Duties of the Processor

The Processor shall:

a) Process personal data only for the purpose of performance of the Services, or as otherwise agreed within the lawful written instructions of the Controller.
b) Promptly inform the Controller in case the Processor becomes aware that one of Controller’s instructions violate any relevant data protection legislation. In such case the Processor shall, where necessary, cease all processing. In the event this provision is invoked, the Processor shall not be liable for any failure to provide the Services.
c) Ensure that each of its employees that will need to access to personal data processed on behalf of the Customer:
received specific authorization, instructions, and training regarding the processing activity; and
has committed to confidentiality or is subjected to an appropriate obligation of confidentiality.
d) Ensure the respect of the security measures described in Annex 1. If the Controller requests the Processor in writing to implement or amend such security framework, the Processor will inform the Controller about the implementation and/or amendment costs; once the Controller has confirmed to bear such costs, the Processor will implement it without undue delay.
e) Assist the Controller, insofar as this is feasible and limited to the processing activities performed on behalf of the Customer:
For the fulfillment of the Controller’s obligation to respond to requests of data subjects regarding the exercise of their rights; and
With all the information needed to perform a data protection impact assessment as required by art. 35 GDPR.
f) Make available to the Controller, upon its written request, information that demonstrates compliance with this DPA.
g) Notify to the Controller, without undue delay, in case a personal data breach occurred. In such event the Processor shall provide the following information:
A description of the incident and how it occurred;
Date and time of the incident and information about when/how the incident concluded (or the fact that the incident is still occurring);
The approximated amount and categories of personal data it involved;
The actual and likely consequences of the incident; and
The measures which have been or will be taken to resolve the Incident or to minimise its consequences.
h) Implement and keep up to date a register of processing activities as required by art. 30 GDPR.
i) Notify the Controller in advance if the Processor intends to outsource part or all processing activities, providing all necessary information to prove the security of the processing. The Controller has 30 days to oppose (in writing and for proved and well-founded reasons). The Processor shall impose the same requirements (or even stricter) to which it is subject itself under this DPA on the Sub-Processor. If a Sub-Processor fails to fulfill its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of that Sub-Processor obligations. The Controller accept the Sub-Processors listed in Annex 2 and agrees that those Sub-Processors provide adequate guarantees regarding the security of the processing of personal data.

  1. Duties and rights of the Controller

2.1 The Controller shall ensure the Processor that all personal data has been collected legitimately and that all data subjects have been informed of the processing of their personal data.
2.2 The Controller is entitled to conduct an audit on the processing of personal data by the Processor. In such case the Controller shall align with the Processor on a suitable date, time, duration, and manner and shall not unreasonably disturb the business of the Processor. Such audits can be performed by the Controller itself or by a third party hired by the Controller; in both cases the Controller shall bear all costs of the audit and share without undue delay the findings of the audit with the Processor.
2.3 For all relevant communications regarding the content of this DPA, the Controller shall use the following contact information: privacy.security@incision.care.

  1. Liability
    Reference is made to the Liability and Indemnification clauses of the Business Terms & Conditions.

  2. Duration and termination
    This DPA shall enter into force on the date of signing, and the duration of this DPA shall be the same one of the one of the contract(s) for the provision of the Services, terminating at the termination of the (last) contract for the provision of the Services, unless the processing of personal data continues, in which case the DPA shall remain in force.

  3. Retention period
    The retention periods are indicated in Annex 3.

  4. Dispute Resolution and Governing Law
    Reference is made to the Dispute Resolution and Governing Law clauses of the Business Terms & Conditions.

  5. Final provisions
    7.1 The recitals constitute integral part of this DPA.
    7.2 In the event that one or more provisions of this DPA are rendered null or void, the other provisions shall remain in force completely.

ANNEX 1
Security measures
All Incision’s products are protected by the following security measures.

Technical measures

  • Encryption at rest: All personal data in AWS databases are encrypted (AES-256)
  • Security in communications: Incision applies the protocol https to communicate with AWS databases
  • Backups: All personal data in AWS databases are regularly backed up in a separate environment. The backups are encrypted as well
  • Event logs: All events in AWS databases are logged. System admins audit these logs regularly
  • Automated alerts: Automated alerts are installed on AWS databases to notify in real time Incision and Levi9 about suspicious activities. The efficiency of the alarms has been tested
  • Firewall and antivirus: All Incision devices are protected by a firewall and an antivirus; both are updated regularly
  • AWS physical security: Physical barrier controls are used to prevent unauthorised entrance to AWS facilities; passage through the physical barriers requires either electronic access control validation or validation by security personnel. Employees and contractors are assigned photo-ID badges that must be worn. Visitors are required to sign-in with designated personnel, must show appropriate identification, are assigned a visitor ID badge that must be worn, and are continually escorted by authorised employees or contractors while visiting the facilities. All access points are maintained in a secured state and are monitored by video surveillance cameras designed to record all individuals accessing the facilities. AWS also maintains electronic intrusion detection systems designed to detect unauthorised access to the facilities, including monitoring points of vulnerability with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to the facilities. All physical access to the facilities by employees and contractors is logged and routinely audited

Organizational measures

  • Redundant storing: All personal data in AWS are stored on multiple devices across a minimum of three Availability Zones (an Availability Zone is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region). These Services are designed to handle concurrent device failures by quickly detecting and repairing any lost redundancy, and they also regularly verify the integrity of the data using checksums
  • Employee access limitation: Incision employees access to AWS databases on a least privilege, access limitation, and need to know base
  • Employee training: All Incision employees received specific training regarding data protection and information security
  • Two factor authentication: All Incision employee that need to access AWS databases need to authenticate themselves through a 2FA process
  • Password manager: All Incision passwords are stored and protected by a professional password manager tool
  • Incident response plan and data breach notification policy: Incision adopted and shared with all its employees and (when appropriate) external partners an incident response plan and a data breach notification policy to be able to track, assess and report efficiently any incident occurred
  • Information security policy: Incision adopted and shared with all its employees an information security policy, to ensure and enhance the respect of its security practices
  • Privacy & Security organization: Incision set up an internal framework of roles and responsibilities regarding data protection and information security matters

ANNEX 2

Sub-Processors
The following providers are Sub-processors for the processing of personal data performed by Incision on behalf of the Customer. Incision imposed at least the same requirements to which it is subject itself under this DPA on all its providers.

Amazon Web Services (“AWS”)
Purpose: Storage of all data processed by Incision’s services
Storage location: AWS Region (Ireland)
Transfer out of EU?: No
Certifications: ISO/IEC 27001 ISO/IEC 27701

Levi9
Purpose: Product maintenance
Storage location: Levi9 only access, when needed, personal data without storing it
Transfer out of EU?: No
Certifications: ISO/IEC 27001

ANNEX 3

Retention period

The retention period of personal data processed by Incision on behalf of the Customer depends on the product.

Incision Academy

At the termination of the contract with the Customer, Incision (after removing every reference of the Customer from its users’ profiles) leaves the control of the personal data in the single account to the user (natural person). In fact, the single user could have the interest in keeping his/her account active or even choose to activate his/her own license to access Incision Academy content. Doing this, Incision becomes the Controller of that data (and fully accountable for compliance with all controller’s data protection obligations) until the user decides to delete his/her account.

Incision Assist

At the termination of the contract with Incision, the Customer, with a written instruction, shall notify Incision to either delete or return all personal data processed on its behalf. In any case, Incision will promptly execute the request, notifying the Customer that Incision is no longer processing any personal data.