Last updated: January 2023

When is this DPA applicable?

This Date Processing Agreement (“DPA”) forms part of the agreement between Kahun Medical Ltd. (“Company“, “we“, “us“, or “our“) and the partner entity specified in the order form or applicable agreement (“Partner” “you“, or “your” and the “Agreement”, respectively). This DPA is designed to reflect the parties’ agreements and allocation of roles concerning the Processing of Personal Data pursuant to the Agreement, where applicable. Unless explicitly mentioned otherwise, capitalized terms in this DPA shall have their respective definition as indicated in the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”.

APPLICABILITY AND SCOPE

This DPA and the obligations hereunder apply only to the extent that: (a) Processing of Personal Data is involved in the Services; or (b) the EU GDPR, UK GDPR, and/or CCPA/CPRA apply to either one of the Parties.

This DPA does not apply to (a) aggregated reporting or statistics information, or (b) data that does not (or no longer) qualify as Personal Data; or (c) Processing activities in which Company acts as a Controller; The latter will be governed by Company’s Privacy Policy, available at: https://www.kahun.com/privacy-policy

I. INTERPRETATION AND DEFINITIONS

1. The headings in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA.

2. Terms used in their singular form include the plural and vice versa, as the context may require.  

3. Definitions:

3.1. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

3.2. “Authorized Affiliate” means any of Partner’s Affiliate(s) which is explicitly permitted to use the Services pursuant to the Agreement between the Parties, but has not signed its own agreement with Company, and is not a “Partner” as defined under the Agreement.

3.3. “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. seq. “CPRA” means the California Privacy Rights Act. 

3.4. The terms “Controller“, “Member State“, “Processor“, “Sub-Processor” “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR. The terms “Business”, “Business Purpose”, “Consumer” and “Service Provider” and “Third Party” shall have the same meaning as in the CCPA and/or the CPRA, as applicable. Upon CCPA/CPRA applicability, when used in this DPA, the term “Controller” shall also mean “Business”, and the term “Processor” shall also mean “Service Provider”; any other party shall mean a “Third Party”.

3.5. “Data Protection Laws and Regulations” means all applicable and binding privacy and data protection laws and regulations, including such laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland, the United Kingdom, Israel and the United States of America, as applicable to the Processing of Personal Data under the Agreement including (without limitation) the GDPR, the UK GDPR, and the CCPA, CPRA, as applicable to the Processing of Personal Data hereunder and in effect at the time of Processor’s performance hereunder.

3.6. “Data Subject” means the identified or identifiable person to whom the Personal Data relates.

3.7. “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

3.8. “Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.9. “Protected/Personal Health Information (PHI)” or “Electronic Protected/Personal Health Information (ePHI)” shall have the meaning given under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 in the United States, only to the extent of its applicability on the Agreement and respected Services (demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care);

3.10. “Services” means the technology, platform, solutions and related services provided by Company, in accordance with the terms of the Agreement;

3.11. “Standard Contractual Clauses” or “SCC” means either the standard contractual clauses approved by the European Commission for the transfer of Personal Data to Processors or those for the transfer of Personal Data to Controllers (as the context requires), in each case established in third countries which do not ensure an adequate level of data protection current to the date of the transfer, or, where the UK GDPR applies, any equivalent set of clauses approved by the applicable authority.

3.12. “UK GDPR” means the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).   

II. PROCESSING OF PERSONAL DATA

1. Roles of the Parties. With respect to any Personal Data collected or Processed via the Services, it is agreed that (a) Partner acts as a Data Controller, and (b) Company acts as a Data Processor; and (c) Company or its Affiliates may engage Sub-processors pursuant to the requirements set forth in Section 5 “Sub-processors” below. 

2. Annex 1 (Nature of Processing) includes a description of the Processing activities performed by Company as a Processor. The Parties may, from time to time, jointly agree to make such changes to Schedule 1 as reasonably necessary to meet the requirements of GDPR Article 28(3) or any other applicable Data Protection Law and Regulation regarding information to be Processed in an agreement between a Controller and a Processor.

3. Subject to the Agreement, Company will Process Personal Data in accordance with Partner’s instructions and as necessary for the performance of the Services,  the performance of the Agreement and this DPA, unless required otherwise by Union or Member State law or any other applicable law to which Company and its Affiliates are subject. In this case, Company will inform Partner of the legal requirement before Processing, unless that law prohibits such information on substantial grounds of public interest. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Personal Data Processed and categories of Data Subjects under this DPA are further specified in Annex 1.

4. To the extent that Company or its Affiliates cannot comply with a request (including, without limitation, any instruction, direction, code of conduct, certification, or change of any kind) from Partner and/or its authorized users relating to Processing of Personal Data, or where Company considers such a request to be unlawful, Company (i) will inform Partner, providing relevant details of the problem, (ii) may, without any kind of liability towards Partner, temporarily cease all Processing of the affected Personal Data (other than securely storing those data), and (iii) if the Parties disagree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Partner shall pay to Company all the amounts owed to Company or due before the date of termination. Partner will have no further claims against Company (including, without limitation, requesting refunds for Services) due to the termination of the Agreement and/or the DPA in the situation described in this paragraph (excluding the obligations relating to the termination of this DPA set forth below).

5. Company will not be liable in the event of any claim brought by a third party, including, without limitation, a Data Subject, arising from any act or omission of Company, to the extent that such is a result of Partner’s instructions.

6. Partner’s Processing of Personal Data. Partner shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations and comply at all times with the obligations applicable to data Controllers (including, without limitation, Article 24 of the GDPR).  For the avoidance of doubt, Partner’s instructions for the Processing of Personal Data, whether reflected by this DPA or by online usage, setting and configuring the Services, shall comply with Data Protection Laws and Regulations. 

7. Partner shall have sole responsibility for the means by which Partner acquired and Process Personal Data. Without limitation, Partner shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all legal bases in order to collect, Process and transfer to or via Company any Personal Data.

8. Partner shall defend, hold harmless and indemnify Company, its Affiliates and subsidiaries (including without limitation their directors, officers, agents, subcontractors and/or employees) from and against any liability of any kind related to any breach, violation or infringement by Partner and/or its authorized users of any Data Protection Laws and Regulations and/or this DPA and/or this Section.

III. RIGHTS OF DATA SUBJECTS

1. If Company receives a request from a Data Subject to exercise its right to be informed, right of access, right to rectification, erasure, restriction of Processing, data portability, right to object, or its right not to be subject to a decision solely based on automated processing, including profiling (“Data Subject Request”), Company shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Partner. 

2. Taking into account the nature of the Processing, Company shall use commercially reasonable efforts to assist Partner by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Partner’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. To the extent legally permitted, Partner shall be responsible for any costs arising from Company’s assistance.

IV. PERSONNEL

1. Confidentiality. Company will grant access to Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know and need-to-access basis and ensure that such persons engaged in the Processing of Personal Data have committed themselves to confidentiality.

2. Company may disclose and Process the Personal Data (a) as permitted hereunder (b) to the extent required by a court of competent jurisdiction or other Supervisory Authority and/or otherwise as required by applicable laws or applicable Data Protection Laws and Regulations (in such a case, Company will inform the Partner of the legal requirement before the disclosure, unless that law prohibits such information on important grounds of public interest), or (c) on a “need-to-know” basis under an obligation of confidentiality to legal counsel(s), data protection advisor(s), accountant(s), investors or potential acquirers.

V. AUTHORIZATION OF SUB-PROCESSORS

1. Company’s current list of Sub-processors is included in Schedule 2 (“Sub-processor List”) and is hereby approved by Data Controller. The Sub-processor List as of the effective date of this DPA, or as of the date of publication (as applicable), is hereby, or shall be, authorized by Partner. In any event, the Sub-processor List shall be deemed authorized by Partner unless it provides a written reasonable objection for reasons related to the GDPR within seven (7) business days following the publication of the Sub-processor List.

2. Partner may reasonably object for reasons related to the GDPR to Company’s use of an existing Sub-processor by providing a written objection to privacy@kahun.com. In the event Partner reasonably objects to an existing Sub-processor, as permitted in the preceding sentences, and the parties do not find a solution in good faith to the issue in question, then Partner may, as a sole remedy, terminate the applicable Agreement and this DPA with respect only to those Services which cannot be provided by Company without the use of the objected-to Sub-processor by providing written notice to Company provided that all amounts due under the Agreement before the termination date with respect to the Processing at issue shall be duly paid to Company. Partner will have no further claims against Company due to (i) past use of approved Sub-processors prior to the date of objection or (ii) the termination of the Agreement (including, without limitation, requesting refunds) and the DPA in the situation described in this paragraph.

3. Company shall provide notification of any new Sub-processor(s) before authorizing such new Sub-processor(s) to Process Personal Data in connection with the provision of the Services.

4. Objection Right for New Sub-processors. Partner may reasonably object to Company’s use of a new Sub-processor for reasons related to the GDPR by notifying Company promptly in writing within three (3) business days after receipt of Company’s notice in accordance with the mechanism set out in this Section 5, and such written objection shall include the reasons related to the GDPR for objecting to Company’s use of such new Sub-processor. Failure to object to such a new Sub-processor in writing within three (3) business days following Company’s notice shall be deemed as acceptance of the new Sub-Processor. In the event Partner reasonably objects to a new Sub-processor, as permitted in the preceding sentences, Company will use reasonable efforts to make available to Partner a change in the Services or recommend a commercially reasonable change to Partner’s use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Partner. If Company is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Partner may, as a sole remedy, terminate the applicable Agreement and this DPA with respect only to those Services which cannot be provided by Company without the use of the objected-to new Sub-processor by providing written notice to Company provided that all amounts due under the Agreement before the termination date with respect to the Processing at issue shall be duly paid to Company. Until a decision is made regarding the new Sub-processor, Company may temporarily suspend the Processing of the affected Personal Data. Partner will have no further claims against Company due to the termination of the Agreement (including, without limitation, requesting refunds) and/or the DPA in the situation described in this paragraph.

5. Agreements with Sub-processors. Company or Company Processor’s operating on behalf of Company, has entered into a written agreement with its Sub-processors containing appropriate safeguards to the protection of Personal Data. Where Company engages a Sub-processor for carrying out specific Processing activities on behalf of the Partner, the same or materially similar data protection obligations as set out in this DPA will be imposed on such new Sub-processor by way of a contract, in particular, obligations to implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of the applicable Data Protection Law and Regulation.

VI. SECURITY

1. Controls for the Protection of Personal Data. Taking into account the nature of Processing, Company shall maintain all industry-standard technical and organizational measures required pursuant to Article 32 of the GDPR for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data), confidentiality and integrity of Personal Data. Upon the Partner’s request, Company will use commercially reasonable efforts to assist Partner, at Partner’s cost, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the processing, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Company. 

VII. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION

1. To the extent required under applicable Data Protection Laws and Regulations, Company shall notify Partner without undue delay after becoming aware of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, including Personal Data transmitted, stored or otherwise Processed by Company or its Sub-processors of which Company becomes aware (“Personal Data Incident”).

2. Company will make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Company deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident to the extent the remediation is within Company’s reasonable control. The obligations herein shall not apply to incidents that are caused by Partner or Partner’s users. In any event, Partner will be the party responsible for notifying supervisory authorities and/or concerned data subjects (where required by Data Protection Laws and Regulations).

VIII. AUTHORIZED AFFILIATES

1. Contractual Relationship. The Parties acknowledge and agree that, by executing the DPA, the Partner enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates. Each Authorized Affiliate agrees to be bound by the obligations under this DPA. Any access to and use of the Services by Authorized Affiliates must comply with the terms and conditions of the Agreement,  this DPA and Applicable Laws and Regulation, and any violation of the terms and conditions therein by an Authorized Affiliate shall be deemed a violation by Partner.

2. Communication. The Partner shall remain responsible for coordinating all communication with Company under the Agreement and this DPA and shall be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliates.

IX. TRANSFERS OF DATA

1. Transfers to countries that offer an adequate level of data protection. Personal Data may be transferred from the EU Member States, the three EEA member countries (Norway, Liechtenstein and Iceland),  (collectively, “EEA”), Switzerland and the United Kingdom (UK) to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the Union, the Member States or the European Commission (“Third Countries” and “Adequacy Decisions”, respectively), without any further safeguard being necessary.

2. Transfers to other countries. If the Processing of Personal Data includes transfers from the EEA or the UK to countries outside the EEA or the UK, respectively, which do not offer an adequate level of data protection or which have not been subject to an Adequacy Decision (“Other Countries”), the Parties shall comply with Chapter V of the GDPR, including, if necessary, executing the Standard Contractual Clauses (SCC) adopted by the relevant data protection authorities of the EEA, the Union, the Member States, the UK or the European Commission or comply with any of the other mechanisms provided for in the GDPR for transferring Personal Data to such Other Countries.

3. Without limiting the generality of Sections 9.1 and 9.2, for the purpose of Chapter V of the GDPR, or similar provisions under any Applicable Laws and Regulation, Company may transfer Personal Data, including, without limitation, to Processors (in its role as a Controller), to Sub-Processors and/or to Company’a group member companies in Third Countries where such transfers are conducted in a lawful manner under the GDPR (or the UK GDPR), or to Other Countries where such Personal Data transfers are (i) governed by the applicable Standard Contractual Clauses, or (ii) otherwise based on an international agreement under Article 48 of the GDPR; or (iii) subject to a derogation under Article 49 of the GDPR.

4. Schedule 3 sets forth the applicable Standard Contractual Clauses applicable to the Parties engagement under this DPA.

X. TERMINATION

This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided. Sections 2.2, this Section 10 and 11 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately from the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.

XI. GENERAL

1. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement.

2. Notwithstanding anything to the contrary in the Agreement and/or in any agreement between the parties and to the maximum extent permitted by law: (A) Company’s (including Company’s Affiliates’) entire, total and aggregate liability, related to Personal Data or information, privacy, or for breach of, this DPA and/or Data Protection Laws and Regulations, including, without limitation, if any, any indemnification obligation under the Agreement or applicable law regarding data protection or privacy, shall be limited to the amounts paid to Company under the Agreement within twelve (12) months preceding the event that gave rise to the claim. This limitation of liability is cumulative and not per incident; (B) In no event will Company and/or Company Affiliates and/or their third-party providers, be liable under, or otherwise in connection with this DPA for: (i) any indirect, exemplary, special, consequential, incidental or punitive damages; (ii) any loss of profits, business, or anticipated savings;  (iii) any loss of, or damage to data, reputation, revenue or goodwill; and/or (iv) the cost of procuring any substitute goods or services; and (C) The foregoing exclusions and limitations on liability set forth in this Section shall apply: (i) even if Company, Company Affiliates or third-party providers, have been advised, or should have been aware, of the possibility of losses or damages; (ii) even if any remedy in this DPA fails of its essential purpose; and (iii) regardless of the form, theory or basis of liability (such as, but not limited to, breach of contract or tort).

XII. AMENDMENTS

This DPA may be amended at any time by a written instrument duly signed by each of the Parties.

XIII. LEGAL EFFECT

This DPA shall only become legally binding between Partner and Company when the formalities steps set out in the Section “INSTRUCTIONS ON HOW TO EXECUTE THIS DPA” below have been fully completed. Company may assign this DPA or its rights or obligations hereunder to any Affiliate thereof, or a successor or any Affiliate thereof, in connection with a merger, consolidation or acquisition of all or substantially all of its shares, assets or business relating to this DPA or the Agreement. Any Company obligation hereunder may be performed (in whole or in part), and any Company right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of the Company.



Annex A: Nature of processing


Subject matter

Company will Process Personal Data as necessary to maintain the technology, platform and Services pursuant to the Agreement, and as further instructed by Partner in its use of the Services.

Nature and Purpose of Processing

1. Providing the Service(s) to Partner, including Services operation, facilitation and accessibility by Partner, for Partner to be able to utilize them.

2. Improving the Services, technological modulus and the safety of such.

3. Setting up an account for users authorized by Partner, operating and maintaining such access and account.

4. Complying with documented reasonable instructions provided by Partner where such instructions are consistent with the terms of the Agreement.

5. Performing the Agreement, this DPA and/or other contracts executed by the Parties.

6. Providing support and technical maintenance, if agreed in the Agreement.

7. Resolving disputes.

8. Enforcing the Agreement, this DPA and/or defending Company’s rights or Data Subject’s rights, as the case may be.

9. Managing the Agreement, the DPA and/or other contracts executed by the Parties, including fees payment, account administration, accounting, tax, management, and litigation; and

10. Complying with applicable laws and regulations, including cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.

11. Tasks related to any of the above. 

Duration of Processing

Subject to any Section of the DPA and/or the Agreement handling the duration of the Processing and the consequences of the expiration or termination thereof, Company will Process Personal Data as per Partners’ instructions, or, in the absence of such, for as long as the Agreement is not terminated or expired (provided there are no other conflicting requirements by applicable law). 

Categories of Data Subjects 

The Processing activities may include one or more of the following categories of data subjects:

1. Partner’s personnel/staff (contact persons)

2. Partners patients

Categories of Personal Data

The following categories of Personal Data may be processed as part of rendering the Services by the Processor (including by using Sub-processors):

Data Subject Category: Partner’s Personnel or Authorized Users

  1. Contact Information
  2. Role and relevant work-related information
  3. Account access information 
  4. Online identifiers
  5. Device information (when required)
  6. Activity log
  7. As otherwise stipulated in the Company’s privacy policy, available at: https://www.kahun.com/privacy-policy


Data Subject Category: Users of the “Assessment Process” (Patients)

  1. Contact information (phone and/or email address)
  2. Online identifiers
  3. Device information (when required)
  4. Activity log
  5. Demographic information (age, gender)
  6. Unique identifiers
  7. Anonymized (or identified) health information (Special Category of Personal Data)
  8. (Dashboard) personally identifiable information (full name)


Annex B: Sub-processors

[The parties may add sub-processors as relevant]


Annex C: International transfers of data


According to the GDPR, Standard Contractual Clauses ensuring appropriate data protection safeguards can be used as a ground for data transfers from the EU or the EEA to Third Countries. This includes model contract clauses, so-called Standard Contractual Clauses (SCC) that have been pre-approved by the European Commission.

On 4 June 2021, the European Commission issued modernized Standard Contractual Clauses under the GDPR for data transfers from Controllers or Processors in the EU/EEA (or otherwise subject to the GDPR) to Controllers or Processors established outside the EU/EEA (and not subject to the GDPR), those available here.

Applicability of SCC to this DPA and Agreement

In the absence of an Adequacy Decision, as per Section 9 of the DPA, the following modules of the Standard Contractual Clauses shall apply:

[please select the applicable modules]:

  1. If Personal Data from the UK is being involved, the Parties will complete and attach the ICO Data Transfer Agreement, available at https://ico.org.uk/media/for-organisations/documents/4019538/international-data-transfer-agreement.pdf.
  2. If Personal Data from the EEA is involved, the Parties will complete and attach Module 3 of the EU SCC (Transfers Controller to Processor), available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN.  

[Action Required] Upon applicability, the Parties shall complete, attach and sign the applicable Module of the SCC.

THIRD-PARTY COMPONENTS  

  1. The Services may use, integrate, refer to or include third-party software, files and components that are subject to open source and/or third-party\license terms (“Third Party Components”). Your right to use such Third Party Components as part of, or in connection with, the Services is subject to any applicable acknowledgments and license terms accompanying such Third Party Components, contained therein or related thereto. If there is a conflict between the licensing terms of such Third Party Components and these Terms, the licensing terms of the Third Party Components shall prevail only in connection with the related Third Party Components. These Terms do not apply to any Third Party Components accompanying or contained in the Services and Kahun disclaims all liability related thereto. You acknowledge that Kahun is not the author, owner or licensor of any Third Party Components and that Kahun makes no warranties or representations, express or implied, as to the quality, capabilities, operations, performance or suitability of Third Party Components. Under no circumstances shall the Services or any portion thereof (except for the Third Party Components contained therein) be deemed to be “open source” or “publicly available” software. 
  2. We may, from time to time, incorporate, test or utilize new technologies into the Services or only certain functions of the Services, for purposes of testing, enriching or enhancing the Services. For example, AI-Language Models (AILM) technologies, such as those developed by OpenAI. When doing so, we make sure to use such technologies for internal use so we can monitor the input and output they generate and test it in light of our technology and Services’ capabilities. If we present to you an output that was generated directly by such AILMs, we will indicate so in proximity to the output to allow you to use your best judgments when using the Services that incorporate such functionality. When such notification is provided, the following disclaimers shall be taken into consideration:
  • Not a substitute for professional judgment. Such output should not be considered a substitute for your, or HCP’s (if you are not one), personal or professional judgment.
  • Accuracy and reliability. While such tools strive to generate accurate and helpful output, they may occasionally produce incorrect or unreliable information. Any output should be evaluated critically, and you should independently verify any important or critical information from trusted sources (such as Kahun’s engine).
  • Responsibility. You must exercise your own responsibility when acting based on the output generated by these tools.

LINKS 

The Services may contain links to third-party sites or resources. We do not endorse and are  not responsible or liable for any content, advertising, products or other materials on or  available from external sites or resources linked to the Services. 

AVAILABILITY OF AND CHANGES TO THE SERVICES 

  1. The Services’ availability and functionality depend on various factors, such as communication networks, software, hardware, Kahun’s Service providers and contractors. Kahun will use reasonable efforts to maintain the availability of the Services but does not warrant or guarantee any specific level of availability of the Service. Kahun does not warrant or guarantee that the Services will operate and/or be available at all times without disruption or interruption, or that it will be immune from unauthorized access error-free. Kahun will not be liable to you or any third party as a result of Service interruptions.  
  2. Kahun reserves the right, at its sole discretion, to modify, correct, amend, enhance, improve,  make any other changes to, or discontinue, temporarily or permanently, the Services (or any  part thereof) with or without prior notice to you, at any time, and in such event, you will not be able to access your Account or any User Content uploaded to the Services. In addition, you hereby acknowledge that the Content available through the Services may be changed, modified, edited or extended in terms of content and form or removed at any time without any notice to you. You agree that Kahun shall not be liable to you or to any third party for any modification, suspension, error, malfunction or discontinuance of the Services (or any part thereof). 

DISCLAIMERS & DISCLAIMER OF WARRANTY 

  1. YOU HEREBY ACKNOWLEDGE THAT KAHUN DOES NOT ATTEMPT TO DIAGNOSE, TREAT, CURE, OR  PREVENT ANY DISEASE NOR DOES IT SUGGEST OR REPLACE ANY PROFESSIONAL HEALTH ADVICE. THE SERVICES, INCLUDING WITHOUT LIMITATION ANY CONTENT, DATA AND INFORMATION RELATED THERETO, ARE PROVIDED ON AN “AS IS” AND “AS  AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF TITLE OR NON-INFRINGEMENT OR IMPLIED WARRANTIES OF USE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE. KAHUN DISCLAIMS RESPONSIBILITY FOR ANY AND ALL  INFORMATION UPLOADED OR COMMUNICATED THROUGH THE SERVICES BY  USERS. 
  2. KAHUN AND ITS AFFILIATES AND/OR ITS SUBSIDIARIES, INCLUDING ANY OF THEIR  RESPECTIVE OFFICERS, DIRECTORS, SHAREHOLDERS, EMPLOYEES, SUBCONTRACTORS, AGENTS, PARENT COMPANIES, SUBSIDIARIES AND OTHER  AFFILIATES (COLLECTIVELY, “KAHUN AFFILIATES”), JOINTLY AND SEVERALLY,  DISCLAIM AND MAKE NO REPRESENTATIONS OR WARRANTIES AS TO THE USABILITY, ACCURACY, QUALITY, AVAILABILITY, RELIABILITY, SUITABILITY,  COMPLETENESS, TRUTHFULNESS, USEFULNESS, OR EFFECTIVENESS OF ANY CONTENT, DATA, RESULTS, OR OTHER INFORMATION OBTAINED OR GENERATED IN CONNECTION WITH YOUR OR ANY USER’S USE OF THE SERVICES.  
  3. KAHUN DOES NOT WARRANT THAT THE OPERATION OF THE SERVICES IS OR WILL BE SECURE, ACCURATE, COMPLETE, UNINTERRUPTED, WITHOUT ERROR, OR FREE  OF VIRUSES, WORMS, OTHER HARMFUL COMPONENTS, OR OTHER PROGRAM  LIMITATIONS. KAHUN MAY, AT ITS SOLE DISCRETION AND WITHOUT AN OBLIGATION  TO DO SO, CORRECT, MODIFY, AMEND, ENHANCE, IMPROVE AND MAKE ANY OTHER CHANGES TO THE SERVICES AT ANY TIME, OR DISCONTINUE DISPLAYING OR PROVIDING ANY CONTENT OR FEATURES WITHOUT ANY NOTICE TO YOU. 

LIMITATION OF LIABILITY 

  1. Kahun assumes no responsibility for any error, omission, interruption, deletion, defect, delay in operation or transmission, communications line failure, theft or destruction or unauthorized access to, or alteration of, any Content or the Service. Kahun is not responsible for any problems or technical malfunction of any network or lines, computer online systems, servers or providers, computer equipment, software, failure of any email due to technical problems or traffic congestion on the internet, on the Services, including any injury or damage to Users or to any person’s personal device related to or resulting from participation or downloading materials in connection with the Service. Under no circumstances shall Kahun be responsible for any loss or damage, including personal injury or death, resulting from the use of the Service, from any content posted on or through the Service, or from the conduct or misconduct of any users of the Service, whether online or offline. 
  2. IN NO EVENT SHALL KAHUN OR ANY OF ITS OFFICERS, DIRECTORS, EMPLOYEES,  AFFILIATES OR AGENTS BE LIABLE TO YOU FOR ANY DAMAGE OR DAMAGES WHATSOEVER,  INCLUDING WITHOUT LIMITATION, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR  CONSEQUENTIAL DAMAGES, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICES OR CONTENT THEREIN, WHETHER THE DAMAGES ARE  FORESEEABLE AND WHETHER OR NOT KAHUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SUCH LIMITATIONS, EXCLUSIONS AND  DISCLAIMERS SHALL APPLY TO ALL CLAIMS FOR DAMAGES, WHETHER BASED ON AN ACTION OF CONTRACT, WARRANTY, STRICT LIABILITY, NEGLIGENCE, TORT, OR  OTHERWISE. 
  3. YOU HEREBY ACKNOWLEDGE AND AGREE THAT THESE LIMITATIONS  OF LIABILITY ARE AGREED ALLOCATIONS OF RISK CONSTITUTING IN PART THE  CONSIDERATION FOR KAHUN’S SERVICES TO YOU, AND SUCH LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED  REMEDY, AND EVEN IF KAHUN AND/OR ANY KAHUN AFFILIATES HAS BEEN ADVISED  OF THE POSSIBILITY OF SUCH LIABILITIES AND/OR DAMAGES. THE FOREGOING  LIMITATION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION AND IN NO EVENT SHALL KAHUN ‘S  CUMULATIVE LIABILITY TO YOU EXCEED THE AMOUNTS PAID TO KAHUN FOR THE USE OF THE  SERVICE. IF YOU HAVE NOT MADE ANY PAYMENTS TO KAHUN FOR THE USE OF THE  SERVICE, THEN KAHUN SHALL HAVE NO LIABILITY WHATSOEVER TOWARDS YOU.

INDEMNIFICATION 

You agree to indemnify, defend, and hold harmless Kahun and its respective employees,  directors, officers, subsidiaries, Kahun Affiliates, partners, subcontractors and agents of each, against any and all fines, claims, damages, or costs or expenses (including reasonable attorneys’  fees) that arise directly or indirectly from: (a) your use of the Services (or any part thereof); (b) breach of these Terms by you or anyone using your computer, mobile device or password; (c) any claim, loss or damage experienced from your use or attempted use of (or inability to use) the Service; (d) your violation of any law or regulation; (e) your infringement of any right of any  third party; (f) information you provide to or use in connection with the Services violating third  party intellectual property, privacy or other rights and (g) any other matter for which you are responsible hereunder or under law. You agree that your use of the Services shall be in compliance with all applicable laws, regulations and guidelines. 

NOTIFICATION OF INFRINGEMENT 

Notifications regarding any alleged data privacy or intellectual property infringement should be directed to the Kahun Legal Department by email addressed to legal@kahun.com. 

NO WAIVER  

The failure of Kahun to exercise or enforce any right conferred upon it hereunder shall not be  deemed to be a waiver of any such right nor shall it operate to bar the exercise or performance thereof at any time or times thereafter. A waiver of any right hereunder at any given time shall not be deemed a waiver thereof for any other time. 

SEVERABILITY  

If any provision of these Terms is held to be illegal, invalid, or unenforceable by a court of  competent jurisdiction, you and Kahun shall, if possible, agree on a legal, valid and  enforceable substitute provision that is as similar in effect to the deleted provision as  possible. The remaining portion of these Terms not declared illegal, invalid or unenforceable  shall, in any event, remain valid and effective for the term remaining unless the provision found illegal, invalid, or unenforceable goes to the essence of these Terms. 

NOTICES 

You agree that we may send notices to you by email at the email address you provide when registering to become a registered User of the Services (or which you later update). All notices to Kahun hereunder shall be in writing, personally delivered, by certified mail, return receipt requested, or by nationally recognized overnight delivery service or email: support@kahun.com. A notice shall be effective from the date of personal delivery or upon  receipt if sent by certified mail, and upon the date of sending if sent by fax or email. 

GOVERNING LAW AND VENUE 

These Terms, and the rights and remedies provided hereunder, and any and all claims,  disputes and controversies arising hereunder or related hereto and/or to the Services, their  interpretation, or the breach, termination or validity thereof, the relationships which result from these Terms, or any related transaction shall be governed by, construed under and enforced in all respects solely and exclusively in accordance with the laws of the State of Israel without reference to its conflict-of-laws principles, and shall be brought in, and you hereby consent to exclusive jurisdiction and venue in, the competent courts in Tel Aviv, Israel. 

RELATIONSHIP OF THE PARTIES

These Terms do not, and shall not be construed to create any relationship, partnership, joint  venture, employer-employee, agency, or franchisor-franchisee relationship between Kahun  and you. 

NO ASSIGNMENT 

Kahun may assign its rights and obligations hereunder and/or transfer ownership rights and  title in the Services to a third party at any time without your consent or prior notice to you.  Kahun may assign this agreement at any time to a subsidiary or parent company or to a  successor to its business as part of a merger or sale of substantially all of its assets. You may  not assign or transfer this Agreement without our prior written consent. Any attempted or actual  assignment thereof without Kahun’s prior explicit and written consent will be null and void. 

ENTIRE AGREEMENT 

  1. Unless explicitly specified otherwise in these Terms or any direct contract with us, these Terms constitute the entire terms and conditions between you and Kahun relating to the subject matter herein and supersede any and all prior or contemporaneous agreements,  understandings, promises, conditions, negotiations, covenants or representations, whether  written or oral, between Kahun and you, including, without limitation, those made by or  between any of our respective representatives, with respect to the Services and the Content. 
  2. You agree that you will make no claim at any time or place that these Terms have been orally  altered or modified or otherwise changed by oral communication of any kind or character. You  further agree that you are not relying upon any promise, inducement, representation,  statement, disclosure or duty of disclosure of Kahun in entering into these Terms. 

CONTACT US 

For any questions or comments, or to report violations of the Terms, let  us know by contacting us at: support@kahun.com. 

Mapped medical knowledge at your fingertips
© 2023 Kahun Ltd. All rights reserved.