OpenEDC Health
By signing a contract or creating a user account with a purchase transaction via the OpenEDC Health UG (hereinafter referred to as OpenEDC) internet presence, you (the customer, hereinafter also referred to as the contracting party) accept the following General Terms and Conditions (GTC). Individual contractual provisions shall always take precedence and thus apply over conflicting or competing provisions in these GTC. The subject of a contractual relationship is usually the use of the OpenEDC software in a Software-as-a-Service (SaaS) model, which may be extended by individual services.
These General Terms and Conditions consist of eight provisions that should be observed when using OpenEDC’s offers. Although these eight conditions may seem standard and self-evident to some, please read these terms of use carefully. These terms of use not only protect our interests, but compliance with these terms also protects your own interests and the interests of third parties. Violation of these terms may result in your account being suspended or even lead to claims for damages. In some cases, you may also be provided with a user account by a party with whom you are collaborating (in which case you are a user of OpenEDC).
All contracts for deliveries and services by OpenEDC are based on these GTC. Counter-confirmations by the customer referring to their own GTC will only be accepted insofar as they do not contradict our GTC. Supplementary or deviating agreements require the express written consent of OpenEDC. Customers are all natural or legal persons who conclude a contract with OpenEDC or have registered and completed a purchase via the internet presence.
OpenEDC reserves the right to amend these GTC at any time and without stating reasons in a manner reasonable for the customer. Individual agreements in a contractual relationship always take precedence over these GTC and require express consent for their amendment. Changes to the GTC will be offered to the customer by email at least eight weeks before the amended GTC come into force. If the customer does not object to the amended GTC within eight weeks of receiving the email regarding the change, silence shall be deemed consent to the amended GTC. This deemed consent does not apply to amendments of essential contractual terms — in particular those relating to remuneration, liability, scope of services, and data protection — which always require the customer’s express written consent. If the customer objects in due time, both parties have a special right of termination at the time the new GTC come into force, provided that no individually agreed fixed term (e.g. for a study) precludes this. In this case, the previous GTC shall continue to apply until the end of the term.
The subject of the contract is the provision of OpenEDC software in the Software-as-a-Service (SaaS) model for use via the internet, as well as the storage and processing of customer data (data hosting). Furthermore, the customer may commission consulting, training, and development services from OpenEDC employees within the framework of the contract. The performance of these services will take place according to individual agreement between the customer and OpenEDC.
The contractual relationship between the customer and OpenEDC comes into existence through a signed written contract (with the date of the last signature) or through registration via OpenEDC’s internet presence with a completed purchase. Users who are invited to an existing project are not to be considered customers, but rather users. Performance is subject to availability if it depends on third parties and these third parties cause the unavailability. After a delay in performance of more than 4 weeks, the customer has the right to set a deadline of at least 14 days for the performance. After this period, the customer may withdraw from the contract by written declaration, provided that the performance has not yet been rendered. Any advance payments already made will be refunded in this case, whereby the customer must allow for services received to be set off against them. Unless gross negligence or intent is involved, compensation for damages due to delayed performance is excluded.
After registering via OpenEDC’s internet presence, the customer receives a personal account. These access data must not be passed on. The customer is solely responsible for their secure storage. Registration under a false name and with fictitious email accounts is not permitted. In the event of obviously fictitious information, OpenEDC reserves the right to delete the account. The customer is liable for all damages arising from a violation.
During the rental period, OpenEDC provides the software in its current version for use via the internet. All usage rights not expressly granted remain with OpenEDC or, if different, with the respective author. The customer’s right of use cannot be sublicensed to third parties without OpenEDC’s consent.
For software operation, OpenEDC stores the software on a server that is accessible to the customer via the internet.
OpenEDC provides updates to the software included in the scope of services free of charge during the contract period. This includes, in particular, security updates and the rectification of general technical software errors. The following services are not regular services and are therefore subject to a fee:
The offered support channels depend on the booked tariff. For telephone and prioritized email support, support and troubleshooting are available Monday to Friday, 08:00 - 18:00. The customer and OpenEDC jointly define users or persons responsible for reporting malfunctions. See also Chapter 5.1, Defects.
OpenEDC continuously monitors the functionality of the software and rectifies all software errors that limit or make the use of the software impossible, to the extent technically feasible. OpenEDC is entitled to add and remove new functions to the software. Should the removal of functions disproportionately restrict the customer’s use, the customer shall have an immediate special right of termination.
All work results developed or adapted for the customer in the course of this contract, in particular study designs, eCRF structures, database configurations, evaluation logics, documentation, and other project-specific developments, shall pass to the customer’s exclusive, unrestricted right of use — unlimited in time, place, and subject matter — upon their creation.
The customer is in particular entitled to reproduce, edit, further develop, and make these work results available to third parties — including competitors of the service provider — for use.
The service provider shall receive only a non-exclusive right of use therein to the extent necessary for the performance of the contract.
The remuneration for the use of the software (subscription) is based on the scope of the subject matter of the contract, as defined under 2.1. If the customer chooses a paid subscription, they undertake to pay OpenEDC the agreed fee for the software provision and data hosting plus the applicable sales tax. The billing cycle (monthly, quarterly, or annually) is defined in the individual contract. Payments are subject to the contractual performance by OpenEDC. If the customer is in arrears with a payment for at least 30 days, OpenEDC is entitled to refuse performance until the outstanding remuneration is paid. This can happen, for example, by blocking access to the software. If the customer is in arrears with a payment for at least 60 days, OpenEDC is entitled to extraordinarily terminate the entire contractual relationship. It is clarified that all claims for overdue payments from the customer remain unaffected by such an extraordinary termination.
For unlimited contracts (see also Termination, 2.8), OpenEDC is entitled to reasonably increase the fees and must notify the customer of this by email at least 2 months before the end of the current payment cycle. Regardless of special agreements, the customer has the right to terminate the contract without notice at the end of the current payment cycle.
Upgrading to a more expensive subscription or adding users is possible at any time without notice within the respective subscription. Downgrading to a cheaper subscription or removing users is possible at the end of the current billing period. Functions linked to a specific subscription will be activated or deactivated upon the upgrade or downgrade becoming effective.
Unless individually agreed otherwise, the contract is concluded for an indefinite period. Termination is possible at the end of the current billing period by email or within the respective account.
If the underlying clinical study is terminated, suspended, or regulatorily prohibited, the customer is entitled to terminate the contract with four weeks’ notice to the end of the month. In this case, remuneration will be charged on a pro-rata basis up to the date of termination.
The customer has the option to export their data independently in a machine-readable format (CDISC-ODM including audit trail) until the termination takes effect. Thereafter, OpenEDC shall retain the customer’s data free of charge for at least 12 months after the termination takes effect and shall provide it upon request in a regulatorily recognized, validated format (CDISC-ODM including audit trail). After these 12 months, OpenEDC is entitled to delete the user account including all data, unless an individual archiving agreement exists. Earlier deletion may be requested in writing at any time.
The right of the parties to immediate termination of the contract for good cause remains unaffected. A good cause exists for OpenEDC in particular if the customer:
OpenEDC has the right to terminate free demo accounts with 30 days’ notice after communicating it to the customer.
The use of OpenEDC’s services is at the customer’s own expense and risk. The customer is responsible for using a secure device with a stable internet connection and an up-to-date web browser. The customer is also responsible for informing their employees about the GTC and ensuring compliance.
The customer acknowledges and agrees that they are solely and entirely responsible for the manner in which they use OpenEDC’s services. In this regard, they hereby warrant that they will not use OpenEDC’s services in violation of any laws or regulations that may be applicable to them, OpenEDC, or the persons whose information they wish to process through OpenEDC’s services.
Furthermore, the customer agrees not to infringe upon the rights of OpenEDC or the rights of third parties. Without prejudice to the foregoing, this includes, for example:
The customer undertakes to take appropriate precautions to prevent unauthorized third-party access to the software. This includes, in particular, keeping the password secret and not making it accessible to any third party. The customer is also responsible for informing their employees about this. The password should be chosen and set by the user themselves. Users bear the responsibility and liability for all actions performed from their account. They are obliged to inform OpenEDC immediately if they know or suspect that their account or access data are in the hands of unauthorized third parties. Furthermore, users are obliged to immediately take effective measures, such as changing login data.
OpenEDC strongly recommends activating two-factor authentication to ensure that the user’s account is protected even if the password or email account is compromised.
The customer warrants that the use of OpenEDC’s services and all data stored or otherwise processed with the aid of the services do not violate or infringe upon applicable law or the rights of third parties. Furthermore, the customer expressly warrants that they have a valid legal basis for processing personal data if they use OpenEDC’s services to process personal data.
Unless strictly necessary, the customer should not use OpenEDC’s services to store or otherwise process directly identifiable personal information (e.g., names, addresses, social security numbers, etc.) without ensuring that the customer uses (additional) security measures to secure such information, e.g., encryption functions to encrypt such information.
The customer shall defend, indemnify, and hold harmless OpenEDC from and against all claims, actions, proceedings, losses, damages, expenses, and costs arising out of or in connection with the breach of the above representations and warranties.
The customer is aware that OpenEDC is designed as a research tool. Content found in the software or on the website does not constitute medical advice and should not be used as a basis for medical decisions. OpenEDC has no direct influence on how the services provided are used. Everything the customer does with OpenEDC’s services and all data processed with the services are the sole responsibility of the customer.
The customer acknowledges that the use of OpenEDC is subject to regulations related to medical research. The customer is aware that all actions are logged in an audit trail and linked to usernames and IP addresses. These actions may include logging in or out, creating forms, managing users, entering, removing, or changing data, sending surveys, and changing settings.
OpenEDC’s services may contain information derived from and/or referring to (e.g., through hyperlinks, banners, or buttons) third-party websites, products, or services. Since OpenEDC has no control over such third-party websites, products, or services, the customer agrees that OpenEDC is not responsible or liable for the content of such information, websites, products, or services.
Privacy is OpenEDC’s highest priority. Users’ personal data are handled with particular care. Users agree that their personal data may be stored and processed. Without notice and explicit consent from the users, personal data will not be made accessible to third parties, unless disclosure is necessary for one of the following reasons:
Users will be informed about product news within the software or by email. The contracting parties undertake to comply with the provisions of the General Data Protection Regulation (GDPR).
For contract processing, business relationship management, and during the use of the software, OpenEDC collects personal data of persons associated with the customer. This data is used by OpenEDC exclusively within the framework of the Federal Data Protection Act. It will under no circumstances be passed on to third parties for advertising purposes. OpenEDC is entitled to collect, process, use, and store the personal data required for the processing of the business relationship within the meaning of the Federal Data Protection Act and the Telemedia Act.
Provided that applicable data protection laws are not violated, OpenEDC is permitted to conduct aggregated evaluations of the stored data and to use this data to improve the product.
OpenEDC undertakes to maintain secrecy regarding all business or trade secrets that come to its knowledge in the course of preparing, executing, and fulfilling the contract, and not to disclose or otherwise exploit them.
OpenEDC is obliged to take appropriate precautions against data loss and unauthorized third-party access to the customer’s data.
To secure all data generated by the customer during use, OpenEDC creates a data backup at least twice a day. This backup is stored on other servers that are redundantly secured multiple times. The customer has no right to restore their data if they suffer data loss due to their own fault. Individual data reconstruction is possible upon request and will be charged according to effort.
The customer remains the sole entitled party to the data in any case and can therefore demand from OpenEDC at any time, especially after termination of the contract, the surrender of individual or all data, without any right of retention on the part of OpenEDC. The data is provided via an export function in the software in the standardized CDISC-ODM format with audit trail. The customer also has a right to receive a local copy of the OpenEDC software for the use of the exported data.
OpenEDC provides the service essentially as indicated on OpenEDC’s internet presence for normal use under normal circumstances or as recorded in an individual contractual relationship.
If the services to be provided by OpenEDC under this contract are defective, OpenEDC will remedy or re-perform the services after notification by the customer. OpenEDC undertakes to respond within the reaction times specified below, initiate troubleshooting, and then rectify the malfunction as quickly as possible. The customer is obliged to report defects to OpenEDC without delay via the usual support channel. If the customer has not booked telephone support, they can send the defects to the contact address in OpenEDC’s imprint. If rectification or replacement by OpenEDC fails within a reasonable period, the customer is entitled, at their discretion, to reasonably reduce the service price or to terminate the contract.
| Critical Malfunction | Malfunction | Other Notification |
|---|---|---|
| Malfunctions that make the use of the software impossible or allow it only with severe restrictions. The problem cannot be resolved by the customer themselves or only with unreasonable effort. | Error that occurs during the use of the software and impairs the use of the software more than insignificantly, but not critically. | Notifications that do not fall into the first two categories. |
| 2h Reaction Time | 3h Reaction Time | 1 Day Reaction Time |
OpenEDC guarantees a monthly system availability of essential software functions of at least 99.5%. If this availability is not met, the customer shall receive a graduated service credit according to the following table:
| Monthly Availability | Service Credit |
|---|---|
| 99.0% – < 99.5% | 10% of the monthly remuneration |
| 95.0% – < 99.0% | 25% of the monthly remuneration |
| < 95.0% | 50% of the monthly remuneration |
Downtime attributable to scheduled maintenance windows (with at least 48 hours’ advance notice), force majeure, or circumstances beyond OpenEDC’s control shall not be counted. Availability data will either be made publicly available by OpenEDC or provided upon request if not publicly accessible.
OpenEDC makes no assurance, guarantee, or warranty that:
a) The use of the products will meet the customer’s requirements or expectations.
b) All defects or errors concerning the products, or software provided to the customer as part of the product, will be rectified, unless they affect the core functionality or individually agreed functions necessary for the implementation of a study.
Unless expressly agreed otherwise, advice or information received by the customer from the provider shall not give rise to any warranty claims against the provider.
OpenEDC does not warrant that the software is suitable or available for use in other locations outside the contract territory.
OpenEDC is liable for damages without limitation in cases of intent and gross negligence. In cases of slight negligence, OpenEDC is only liable for the breach of essential contractual obligations (cardinal obligations); in such cases, liability is limited to the contract-typical, foreseeable damage.
Notwithstanding the foregoing, liability is not limited where damages arise directly from the breach of data protection, confidentiality, or regulatory obligations. In these cases, OpenEDC is liable for the actual damage incurred, to the extent the statutory requirements are met.
OpenEDC cannot be held liable for the misuse of information and data made accessible by users themselves to third parties.
The customer bears sole legal responsibility for stored data, content, and files and is responsible for compliance with legal regulations regarding data protection, licensing, and compliance. If an individual contract includes the validation of the software, OpenEDC undertakes to provide the customer with all necessary documents with which compliance with legal regulations can be checked. These documents will be provided through access to OpenEDC’s Quality Management System (QMS).
The parties mutually undertake to indemnify the respective other party from all third-party claims and to reimburse the costs incurred thereby, to the extent the respective party has caused such claims through its own culpable breach of obligation. The customer shall in particular indemnify OpenEDC from third-party claims based on unlawfully stored or processed data. OpenEDC shall in particular indemnify the customer from third-party claims based on a culpable breach of data protection, confidentiality, or regulatory obligations by OpenEDC.
OpenEDC is entitled to immediately suspend the account if there is a reasonable suspicion that the stored data has been obtained unlawfully and/or infringes the rights of third parties. A reasonable suspicion of illegality and/or infringement exists in particular if courts, authorities, and/or other third parties inform OpenEDC thereof. OpenEDC must inform the customer of the suspension and the reason for it without delay. The suspension shall be lifted as soon as the suspicion has been dispelled.
All notifications must be sent in writing to the addresses provided. Transmission by email shall suffice for the written form requirement. The contracting parties are obliged to inform the other contracting party immediately of any changes of address, otherwise notifications sent to the last address provided in writing shall be deemed legally effective.
The customer may only set off against or assert a right of retention with claims other than their contractual counterclaims from the respective affected legal transaction if this claim is undisputed by OpenEDC or has been legally established.
The law of the Federal Republic of Germany shall apply. In the case of individually negotiated contracts with customers domiciled in the United States of America, the law of the state in which the customer has its registered office shall apply. Notwithstanding the application of foreign law, the limited liability status of OpenEDC Health UG (haftungsbeschränkt) under German law shall remain in full effect, and no member of OpenEDC Health shall be personally liable for any obligations of the company beyond the extent provided for under German law.
The exclusive place of jurisdiction for all disputes between the parties arising from or in connection with the business relationship shall be the competent court at OpenEDC’s registered office. In the case of individually negotiated contracts with customers domiciled in the United States of America, the exclusive place of jurisdiction shall be the competent court at the customer’s registered office.
Should individual provisions or parts of the contract prove to be ineffective, the validity of the overall agreement shall not be affected thereby. In such a case, the contracting parties shall adapt the contract in such a way that the purpose pursued with the void or ineffective part is achieved as far as possible.
OpenEDC undertakes to comply with the SPECTARIS Code of Conduct in its current version. The Code forms an integral part of this contract. A serious or persistent breach of the Code of Conduct entitles the customer to extraordinarily terminate the contract, provided that OpenEDC has not remedied the breach following written notice and the setting of a reasonable cure period of at least 30 days.