Stanford University Purchase Orders are issued subject to the following terms and conditions. Terms in any acceptance by a Seller which are in addition to, or not identical with the following terms will not become a part of any Stanford University Purchase Contract unless Stanford specifically and expressly agrees in writing that such other terms are accepted.
1.1 “Stanford” means the Board of Trustees of the Leland Stanford Junior University.
1.2 “Contractor” means the person or entity contracting to supply goods and/or services under this Purchase Order, and includes all Contractor's sales or other agents, subcontractors, employees and distributors thereof.
1.3 “Purchase Order” and/or “PO” means a valid Stanford University Purchase Order.
The PO is accepted on, subject to, and governed by the terms set forth herein. Any additional Terms will not become a part of any PO unless Stanford specifically and expressly agrees in writing that such additional terms are accepted. By performing under the PO or any part hereof, Contractor agrees to and accepts all the provisions of the PO and agrees to fully perform.
Stanford shall have a reasonable time (but not less than 30 days) after receipt to inspect goods tendered by Contractor. Stanford at its option may reject all or any portion of such goods which do not in Stanford's sole discretion comply in every respect with each and every term and condition of this PO. Stanford may elect to reject any or all goods tendered even if only a portion thereof is nonconforming. If Stanford elects to accept nonconforming goods, Stanford, in addition to its other remedies, shall be entitled to deduct a reasonable amount from the price to compensate Stanford for the nonconformity. Any acceptance by Stanford, even if unconditional, shall not be deemed a waiver or settlement of any defect in such goods.
Stanford shall pay Contractor the Fee set forth in Contractor's quotation/proposal referenced herein for services satisfactorily performed by Contractor in accordance with this PO. If Contractor's Fee is stated as an hourly rate, fractional hours shall be compensated for on a prorated basis. Time necessarily spent in local travel shall not be considered working time. Hours expended by Contractor shall be documented by weekly timesheets. Timesheets shall be provided to Stanford, upon request. Hourly rates shall include Contractor's fees, cost of operation, including benefits attributable to payroll, overhead, salaries and other administrative expenses. Contractor and Stanford agree that the Maximum Cost for Contractor's Fees set forth in this PO shall not be exceeded without prior written approval by Stanford and a change order to the PO has been issued. Stanford shall reimburse Contractor on account of expenses paid or incurred by Contractor for travel beyond a 50-mile radius from the Stanford University campus. The amount and extent of reimbursement for travel shall be in accordance with the provisions of Stanford University's Guide Memorandum Number 5-4-2, which can be viewed at https://adminguide.stanford.edu/5-4-2. Stanford will also reimburse Contractor on account of incurred costs for reproduction services as may be required in the performance of this PO, and for such purchased services as may be approved in advance by Stanford, at Contractor's cost. The amount for Contractor's reimbursable expenses, if any, shall be included in Contractor's quotation/proposal. The total Not-to-Exceed amount stated on the PO shall constitute the limit of compensation due to Contractor under this Agreement.
Contractor shall include Stanford's eight (8) digit PO number on all invoices and the delivery address for all goods delivered to Stanford.
6.1 GOODS: If this PO is for the provision of goods, following acceptance of an undisputed invoice, Stanford shall transmit payment to Contractor within thirty (30) days.
6.2 SERVICES: If this PO is for the provision of services, Contractor shall submit invoices for services, reimbursable expenses and additional services not more often than once per month to the person and/or office specified in the PO. If Contractor's Fee is stated as an hourly rate, supporting data to be attached to the invoice shall include payroll data identifying each individual, the position, grade or title, number of hours worked, applicable hourly rate and dates worked. Invoices for reimbursable expenses shall be supported by receipts. Each invoice shall contain a summary of the total amount of previous invoices, this invoice amount, and the unbilled balance of this PO and its approved Change Orders. If the Contractor believes that any amount included in a current invoice is outside the scope of this PO, Contractor shall identify the amount and the nature of the work. In addition, the Contractor shall, on a monthly basis, review its progress on the project. If the Contractor, having performed said review, has reason to anticipate a need for additional funding, it shall indicate, on an invoice attachment, the reasons for the anticipated funding increase, its best estimate of the total additional costs and the time impact, if any, on the project completion schedule. Any failure by the Contractor to comply with this section shall be cause for Stanford to refuse compensation. Following acceptance of an undisputed invoice, Stanford shall transmit payment to Contractor within thirty (30) days. Invoices for Contractor's Services are to be made out to Stanford University and submitted for approval, to the address stated on the face of this PO. The PO Number shall be referenced on each invoice.
Contractor understands that time is of the essence with respect to its performance, and that this Agreement may not be modified, supplemented, qualified or interpreted by any usage of trade.
Unless otherwise specified herein, Contractor agrees that the price quoted herein includes all federal, state and local sales, use, excise, transaction, and other taxes, fees and/or assessments.
Until accepted by Stanford as provided above, Contractor shall bear all risk of loss and damage, unless such loss or damage results solely from the gross negligence or intentional misconduct of Stanford.
10.1 GOODS: If this PO is for the provision of goods, Contractor warrants that the goods (a) are of merchantable quality; (b) are fit for the particular needs and purposes of Stanford as may be communicated to Contractor; (c) comply with the highest warranties, representations and options expressed by Contractor orally or in any written advertisement, correspondence or other document provided to or in the possession of Stanford; (d) comply with all applicable laws, codes and regulations as published by any national, state or local association or group; and (e) are not restricted in any way by patents, copyrights, trade secrets, or any other rights of third parties. If any of the foregoing warranties is breached, Contractor agrees to correct all defects and nonconformities, to be liable for all direct, indirect, consequential and other damages suffered by Stanford and any other persons, and to defend, indemnify and hold harmless Stanford from any claim asserted by any person resulting in whole or in part from such breach.
10.2 SERVICES: If this PO is for the provision of services, Contractor warrants that all services hereunder shall be performed by personnel experienced and highly skilled in their profession and in accordance with the highest applicable standards of professionalism for comparable or similar services. Contractor shall be responsible for the professional quality, timeliness, coordination and completeness of the services. Contractor personnel assigned to perform the services shall be as proposed by Contractor and approved by Stanford. No such personnel of Contractor shall be reassigned without the approval of Stanford. Contractor shall use only personnel required for the performance of the services who are qualified by education, training and experience to perform the tasks assigned to them. Contractor agrees to replace any of its employees whose work is considered by Stanford to be unsatisfactory or contrary to the requirements of the services to be performed hereunder. Stanford shall not supervise nor control the details of Contractor's services, but rather shall be interested only in the results of Contractor's services.
If at any time Stanford in good faith determines that it questions Contractor's ability or intent to perform, then Contractor agrees to provide Stanford with written assurance fully satisfactory to Stanford, in Stanford's sole discretion, of Contractor's ability and intent to fully perform. Such assurance shall be provided within the time and in the manner specified by Stanford. Contractor shall immediately notify Stanford of any circumstance which may cause Contractor to fail to fully perform. Upon Stanford's good faith determination that Contractor cannot or will not perform, then Stanford may deem this PO to be breached by Contractor (unless performance is excused as provided below), may cancel this PO, and/or may re-procure from other sources.
Stanford shall be obligated to pay Contractor only for goods and/or services described herein. Any additional goods or services must be approved in writing by Stanford. Stanford, by written notice, may change or terminate all or any part of this PO for Stanford's convenience. If such changes cause an increase or decrease in costs incurred or time required to complete performance an equitable adjustment shall be made in compensation and/or period of performance, and this PO shall be amended accordingly in writing, provided however that Stanford will not compensate Contractor for any goods not shipped or services not performed by the date of such change or termination. If such goods are standard items of Contractor's inventory, Contractor's claim for an equitable adjustment under this paragraph must be submitted to Stanford in writing within 30 days of receipt of notice of change or termination, otherwise all such claims of Contractor shall be deemed to have been waived.
Stanford may, by written notice, terminate this PO, in whole or in part, for failure of Contractor to perform any of the provisions, including failure to deliver as and when specified. If the PO is terminated, Contractor shall be liable for all damages, including without limitation:
a) Any incremental cost of re-procuring the same or similar goods or services,
b) Shipping charges for any items Stanford may, at its sole option, return to Contractor, including items already delivered, but for which Stanford no longer has any use because of Contractor's default, and
c) Amounts paid by Stanford for any items Stanford received but returns to Contractor.
d) Contractor will provide to Stanford a refund of any fees prepaid to Contractor for services not yet rendered, including a prorated refund of any fees for incomplete license periods or other incomplete service period.
In the event of termination, Stanford shall be liable only for payment in accordance with the payment provisions of this PO for services performed prior to the effective date of termination.
Neither party is responsible for any failure to perform its obligations under this Agreement, if it is prevented or delayed in performing those obligations by an event or circumstance which is reasonably unforeseen and beyond the party’s control; including, but not limited to, riot, war, act of terrorism, rebellion, earthquake, flood, fire, pandemic, or other natural disaster, national labor strike or a shortage of raw materials (Force Majeure). A party impacted by a Force Majeure event must immediately (a) notify the other party in writing with details of the event and the reasons it is preventing or delaying performance, and (b) use reasonable efforts to mitigate the effects of the event upon its performance.
Contractor agrees to indemnify, defend and hold Stanford harmless from and against, and to waive all claims against Stanford for claims, suits and demands of liability loss or damage whatsoever, including reasonable attorneys' fees, whether direct or consequential,
- on account of any loss, injury, death or damage (including without limitation lost-wage, labor, or employment claims) to any person or property (including without limitation all agents and employees of Contractor and Stanford and all property owned by, leased to or used by either Contractor or Stanford, or both) or
- on account of any loss or damage to business or reputation or privacy of any person,
arising in whole or in part in any way from or in any way connected with or in any way related to Contractor's performance, and regardless of whether such loss, injury, death or damage or person or property results in whole or in part from (1) the negligence or omission of Stanford, (2) any product liability of Stanford or any person, or (3) any strict liability of Stanford or any person.
Any such claims, suits and demands of liability, loss or damage resulting solely from Stanford's gross recklessness or willful intent to injure are excluded from the above indemnity and waiver provisions. As used in this indemnity and waiver provision, and for purposes of Contractor's insurance, “Stanford” shall be deemed to include Stanford University, its Trustees, Directors, officers, employees, faculty, students, agents, entities organizations and their insurance carriers, if any.
Contractor, at its expense, shall defend, indemnify and hold harmless Stanford, its trustees, officers, employees, agents, and students from and against any and all claims and demands which may be made to the extent that it is based on a claim that any Services furnished hereunder infringed a patent, copyright, trademark, service mark, trade secret, or other legally protected proprietary right. Contractor shall pay all costs, fees, and damages which may be incurred by Stanford for any such claim or action or the settlement thereof.
Contractor agrees not to use Stanford's name or other Stanford trademarks (together referred to herein as the "Marks"), or the name or trademarks of any related organization, or to quote any of Stanford's faculty, staff, students, volunteers or agents ("Quotes"), either in writing or orally, without the prior written consent of Stanford’s Senior Director, University Brand Management. This prohibition includes, but is not limited to, use of the Marks or Quotes in press releases, advertising, marketing materials, other promotional materials, presentations, photographs for commercial use, case studies, reports, websites, application or software interfaces, and other electronic media.
18.1 Non-Disclosure. Contractor acknowledges that Stanford continually develops confidential information for Stanford and that Contractor may learn of confidential information, including confidential information of third parties, during the term of this Agreement. Contractor will comply with the policies and procedures of Stanford for protecting confidential information set forth below and, in any event, shall not disclose to any person or entity (except as required by applicable law or for the proper performance of Contractor’s duties and responsibilities to Stanford), or use for Contractor’s or any third party’s benefit or gain, any confidential information obtained by Contractor incident to Contractor’s consultancy or other association with Stanford. Contractor understands that this restriction shall continue to apply after this Agreement terminates, regardless of the reason for such termination.
18.2 Ownership of Data. Ownership of technical data produced by or for Contractor or any of its employees in the course of performing the Services hereunder and of all proprietary rights therein shall vest in and shall be delivered, upon request, to Stanford. For the purposes hereof, the term "technical data" means technical writing, pictorial reproductions, drawings or other graphical representations, tape recordings, reports, calculations, tables and documents of technical nature, whether copyrightable or copyrighted, which are made in the course of performing the Services as specified. Contractor may, however, use data prepared or produced under this Agreement, where such data is otherwise made publicly available or with the specific approval of Stanford.
18.3 Data Security. Contractor agrees to handle data and other information ("Data") with a standard of care at least as rigorous as that specified in Stanford's Minimum Security Standards and Minimum Privacy Standards, located at https://minsec.stanford.edu and http://minpriv.stanford.edu respectively, which are hereby incorporated by reference into the Agreement. Prior to performing Services which require access to, transmission of, and/or storage of Stanford's Moderate or High Risk Data, Contractor will provide a third party certification verifying its ability to comply with the Guidelines. Contractor will not copy, cause to be copied, use or disclose Data received from or on behalf of Stanford except as permitted or required by the Agreement, as required by law, or as otherwise authorized by Stanford in writing. Contractor will give immediate notice to Stanford of any actual or suspected unauthorized disclosure of, access to or other breach of the Data. In the event of actual or suspected unauthorized disclosure of, access to, or other breach of the Data, Contractor will comply with all state and Federal laws and regulations related to such breach, and will cooperate with Stanford in fulfilling its legal obligations. Contractor will indemnify Stanford for its violation of this paragraph, including but not limited to the cost of providing appropriate notice to all required parties and credit monitoring, credit rehabilitation, or other credit support services to individuals with information impacted by the actual or suspected breach. Upon termination or expiration of the Agreement, Contractor will return or, at Stanford's election, destroy, the Data within 30 days from the conclusion of the Agreement. This paragraph and its indemnity will survive the termination of the Agreement.
18.4 FERPA (Family Educational Rights and Privacy Act). During the course of performing Services under this Contract, Contractor may have access to certain Student educational records. If Contractor accesses Student educational records, Contractor may not permit access to, or the release or transfer of personally identifiable information from a student’s educational record to any party by any means, other than to Stanford officials and/or the student upon written request.
18.5 Protected Health Information. During the course of performing Services under this Contract, Contractor may have access to certain information that may constitute Protected Health Information (PHI). Attached to, and hereby incorporated into, this Agreement is a Business Associate Addendum (BAA) that sets forth the terms and conditions governing the handling of PHI. If Contractor accesses PHI, Contractor agrees to comply with the requirements of the BAA, and acknowledges that failure to comply with the requirements of the BAA may result in the liquidated damages stipulated in the BAA and termination of this Agreement.
18.6 GDPR (General Data Protection Regulation). During the course of performing Services under this Agreement, Contractor may have access to certain information that may constitute Personally Identifiable Information (PII) under the General Data Protection Regulation (GDPR). Attached to and hereby fully incorporated into this Agreement is a Data Processing Addendum that sets forth the terms and conditions governing the handling of Personally Identifiable Information. If Contractor has access to PII for a particular project, Contractor: (a) will return a copy of the Data Processing Addendum to Stanford, complete with information detailing the specific usage of the applicable data, such information requirements are highlighted in yellow in the Data Processing Addendum; (b) agrees to comply with the requirements and stipulations of said Data Processing Addendum; and (c) acknowledges that failure to comply with such requirements will subject Contractor to the damages stipulated in the GDPR as well as termination of this Agreement.
19.1 Contractor shall, throughout out the term of this Agreement, handle data and other information generated from financial transactions stored, processed and/or transmitted by or for it under this Agreement ("Cardholder Data") in compliance with the then current Payment Card Industry Data Security Standards (PCI DSS) and all applicable laws and regulations.
19.2 Contractor hereby certifies its PCI DSS compliance as of the Effective Date, and shall maintain its certification throughout the term of this Agreement. Without limiting the foregoing, Contractor hereby acknowledges that it is responsible for (i) the security of Cardholder Data that it possesses or otherwise stores, processes or transmits on behalf of Stanford, or to the extent that it could impact the security of Stanford’s cardholder data environment; and (ii) managing and maintaining all PCI DSS requirements.
19.3 Contractor will provide a list of payment applications Contractor will use to conduct financial transactions under this Agreement. Payment applications must meet Stanford's published requirements. Contractor will provide 30 days-notice prior to adding or removing any payment applications.
19.4 Upon execution of this Agreement, Contractor will provide Stanford with documentation signed by a certified PCI Qualified Security Auditor verifying that Contractor, and each of its subcontractors is PCI DSS compliant. Such documentation will be sent to @email. Stanford reserves the right, at any time during the term of this Agreement, to request updated documentation of such compliance.
19.5 If Contractor becomes non-compliant with PCI DSS, it will immediately notify Stanford and provide its plan to remediate the non-compliance. In no event will Contractor’s notification to Stanford be later than seven (7) calendar days after Contractor discovers its non-compliance.
19.6 Contractor will give immediate notice to Stanford of any actual or suspected unauthorized disclosure of, access to or other breach of Cardholder Data.
19.7 Notwithstanding the foregoing sections (i.e. Sections 1.5 and Section 1.6), Stanford may terminate the Agreement immediately in the event Contractor fails to maintain compliance with PCI DSS or otherwise fails to maintain confidentiality of any Cardholder Data.
19.8 Contractor acknowledges that the indemnification provisions of this Agreement apply to any failure to maintain PCI DSS compliance or confidentiality of any Cardholder Data.
Contractor shall not commence Services under this Agreement until it has obtained insurance that satisfies the below minimum insurance requirements. The Contractor shall not allow any subcontractor to commence Services under a subcontract until the subcontractor has obtained insurance that satisfies the below minimum insurance requirements, or Contractor has insured the subcontractor under its own insurance policies.
Insurance required under this Agreement shall be:
20.1 Commercial General Liability (bodily injury, property damage, and personal injury) insurance, with a single limit of not less than $2,000,000 for a single occurrence.
20.2 Automobile Liability insurance (bodily injury, property damage and personal injury), with a combined single limit of not less than $1,000,000 for all owned, non-owned, and hired vehicles.
20.3 Required insurance shall include the following provisions:
20.3.1 For projects at the University: The Board of Trustees of the Leland Stanford Junior University, its officers, agents, representatives, students, employees and volunteers, shall be included as additional insureds, by endorsement.
20.3.2 For projects at Stanford Health Care: In addition to those listed above, Stanford Health Care, its Board of Directors, its officers, agents, representatives, students, employees, and volunteers shall be included as additional insureds, by endorsement.
20.3.3 The Contractor’s insurance shall be primary coverage, Stanford University and/or Stanford Health Care insurance or self-insurance shall be excess and noncontributory.
20.3.4 Thirty (30) days prior written notice of cancellation or material change in the insurance must be given to Stanford.
20.3.5 Contractor and Contractor’s insurance companies waive their rights to subrogation against the above named insureds, by endorsement.
20.4 Worker's Compensation insurance and employer's liability insurance covering all persons whom the Contractor may employ in carrying out the Services hereunder. Worker's Compensation insurance will be in accordance with the Worker's Compensation Law of the State of California.
20.5 The insurance arranged by the Contractor and subcontractor(s) or subconsultant(s) shall include contractual liability insurance insuring the indemnity terms of this Agreement.
20.6 On each insurance certificate, the Certificate Holder shall read as follows:
“The Board of Trustees of the Leland Stanford Junior University
485 Broadway, University Hall, Redwood City, CA 94063”
The Contractor shall furnish Stanford the insurance documents for all insurance required in the preceding paragraphs. The failure of Stanford to: a) object to insurance documents that do not comply with the above insurance requirements or b) require performance by the Contractor under these provisions does not constitute a waiver of these provisions. These provisions may only be amended or waived as provided by this Agreement or by a separate writing signed by Stanford.
Additional Insurance Requirements for Specific Services
Design Services or Other Services Requiring a State License or Professional Certification:
Include additional Professional Errors and Omissions Liability Insurance with limits not less than $1,000,000.
Include additional Pollution/Environmental Impairment Liability insurance (including cleanup costs) with limits of not less than $1,000,000.00 per claim and $2,000,000 annual aggregate for liability resulting in Bodily Injury or Property damage arising out of the work or services to be performed for Stanford University. Coverage shall be provided for both work performed on site, as well as during the transport of lead-based paint.
Commercial General Liability insurance, increased to a single limit of not less than $10,000,000 for a single occurrence.
Employer’s Liability coverage shall be provided with limits not less than:
$2,000,000.00 Bodily Injury by Accident – Each Accident
$2,000,000.00 Bodily Injury by Disease – Policy Limit
$2,000,000.00 Bodily Injury by Disease – Each Employee
Asbestos Abatement and Other Hazardous Waste Handling Services:
The Business Automobile Liability insurance shall be increased to a combined single limit of not less than $2,000,000 per accident for bodily injury and property damage for all owned, non-owned and hired vehicles. The Business Automobile Liability policy shall be endorsed to delete pollution related exclusions (including lead and asbestos). If Agreement requires transporting asbestos or other hazardous materials, an MCS 90 endorsement with limits of not less than $5,000,000 must be provided to Stanford. Without such coverage Contractor MAY NOT transport asbestos or other hazardous materials to and from Stanford.
Include additional Pollution/Environmental Impairment Liability insurance (including coverage for asbestos and cleanup costs) with limits of not less than $2,000,000 per claim and $4,000,000 annual aggregate for liability resulting in bodily injury or property damage arising out of the work or services to be performed under this contract. Coverage shall be provided for both work performed on site, as well as during the transport of hazardous materials.
Include additional Umbrella/Excess Liability insurance with a limit of not less than $5,000,000 per occurrence for bodily injury and property damage liability, listing the required Employer’s Liability, General Liability, and Business Automobile Liability as underlying policies.
Employer’s Liability limits shall be not less than $1,000,000 each accident; $1,000,000 each employee; $1,000,000 each disease including occupational disease.
Large Construction Projects:
The minimum coverage for Commercial General Liability will be increased an appropriate amount based on the overall Construction Project cost.
Automobile Liability insurance is increased to a minimum combined single limit of not less than $2,000,000 for all owned, non-owned, and hired vehicles.
Include additional Umbrella/Excess Liability insurance with a limit of not less than $2,000,000 per occurrence for bodily injury and property damage liability, listing the required employer’s liability, general liability, and automobile liability as underlying policies.
Recycling, Disposal and Transport of Gas Cylinders:
Include additional Pollution/Environmental Impairment Liability insurance (including cleanup costs) with limits of not less than $1,000,000.00 per claim and $2,000,000 annual aggregate for liability resulting in bodily injury or property damage arising out of the work or services to be performed for Stanford University. Coverage shall be provided for both services performed on site, as well as during the transport of the gas cylinders.
Automobile/Bus Charter Services:
Automobile Liability insurance is increased to a minimum combined single limit of not less than $10,000,000 per vehicle for all owned, non-owned, and hired vehicles.
Include additional Umbrella/Excess Liability insurance “follow-form” for the required coverage to supplement any deficiency. The coverage limit is per occurrence for bodily injury and property damage liability, listing the required employer’s liability, general liability, and automobile liability as underlying policies.
Eatery Operators Serving Alcoholic Beverages:
The required Commercial General liability insurance shall include the following coverage:
A. For injury to one person $2,000,000
B. For injuries arising out of any single accident or occurrence $2,000,000
C. For property damage $2,000,000
Include additional Liquor Liability insurance coverage with a limit of not less than $5,000,000. The Liquor Liability coverage shall be either (i) separate liquor liability, or (ii) a liquor liability endorsement to the comprehensive public liability policy.
Include additional Personal Property Insurance covering property and contents (including food and beverage) of Stanford or the Operator.
Whenever an actual or potential labor dispute delays or threatens to delay the performance under this Agreement, Contractor shall immediately notify Stanford in writing, presenting all relevant information concerning the dispute and its background.
Stanford's policy requires avoidance of real or apparent conflict of interests. Contractor affirms, that to the best of its knowledge, there exists no actual or potential conflict between Contractor's family, business or financial interest and the Services under this Agreement, and in the event of change in either private interests or Services under this Agreement, it will raise with Stanford any question regarding possible conflict of interest which may arise as a result of such change.
Stanford shall have access to and the right to examine any directly pertinent books, documents, papers and records of Contractor involving transactions related to this Agreement until the expiration of three (3) years after final payment hereunder. Contractor agrees to keep and maintain such records for such period of time. If this Agreement is for the provision of Services with a value of $10,000.00 or more within a 12 month period, then until the expiration of four (4) years after the furnishing of any Services pursuant to this Agreement, Contractor shall make available, upon written request from the Secretary of the United States Department of Health and Human Services or from the United States Comptroller General, or any of their duly authorized representatives, this Agreement and such books, documents and records of Contractor as are necessary to certify the nature and extent of the reasonable cost of Services to Stanford. If Contractor enters into an agreement with any related organization to provide Services pursuant to this Agreement with a value of $10,000.00 or more within a 12-month period, such agreement shall contain a clause identical in content to the first sentence of this paragraph. This paragraph shall be of force and effect only to the extent required by P.L. 96 499.
Except for subcontracting specifically approved by Stanford, Contractor shall not assign its rights nor delegate its duties under this Agreement. Notwithstanding any notice of assignment, Stanford's tender of payment to the Contractor named herein or to any person reasonably believed by Stanford to be entitled to payment shall fully satisfy Stanford's obligation to pay, and in no event shall Stanford be obligated to pay additional sums or be liable for any damages due to failure to pay the correct party.
The laws of the State of California govern all matters arising out of or relating to this Agreement. Any dispute arising under this Agreement shall be resolved in the courts of Santa Clara County or in the Federal District Court for the Northern District of California, Northern Branch, and Stanford and Contractor hereby submit themselves to the personal jurisdiction of said courts. All rights and remedies of Stanford and Contractor shall be cumulative.
All Services performed under this Agreement shall conform to all applicable Local, County, State and Federal codes and regulations, and applicable guidelines and policies at Stanford, including, but not limited to, Stanford's Code of Conduct which can be found at: https://adminguide.stanford.edu/1-1-1.
Nothing in this Agreement shall be construed as requiring or permitting Services that are contrary to the above-referenced codes, regulations, policies and guidelines.
If the Contractor is providing websites, web applications, or other electronic content design or development services to Stanford under this agreement, Contractor confirms that such deliverables shall meet the requirements of Stanford’s Accessibility of Electronic Content Policy, the provisions of which are incorporated by reference.
This Agreement is subject to Stanford’s “Living Wage and Benefit Guidelines for Stanford Contractors”, hereinafter “The Guidelines,” which can be found at Policy and Initiative Information for Suppliers.
Contractor represents and warrants that it will comply with The Guidelines as amended by Stanford from time to time. Contractor acknowledges that failure to comply with The Guidelines will be deemed a material breach of this Agreement. Contractor agrees to provide in a timely manner upon Stanford’s written request, but in any event not more than 10 business days, written evidence of compliance satisfactory to Stanford.
In connection with its performance under this Agreement, Contractor will not discriminate against any employee or applicant for employment because of race, religion, color, sex, sexual orientation, gender identity, age, national origin; or because he or she is a special disabled veteran or veteran of the Vietnam era in regard to any position for which the employee or applicant is qualified; or because of physical or mental disability in regard to any position for which the employee or applicant is qualified. Contractor agrees to comply with the following federal regulations which are hereby incorporated herein by reference: 41 CFR 60-1.4; 41 CFR 60-250.5; 41 CFR 60-741.5; and all other applicable regulations of 41 CFR Part 60, Federal Acquisition Regulation (“FAR”) 52.222-26 (Equal Opportunity); FAR 52.222-27 (Affirmative Action Compliance Requirements for Construction) – applicable for construction contracts only; FAR 52.222-35 (Affirmative Action for Disabled Veterans and Veterans of the Vietnam Era); FAR 52.222-36 (Affirmative Action for Workers with Disabilities); and all other applicable provisions of the Federal Acquisition Regulations.
All Federal Grant and/or subcontract purchases are subject to the terms and conditions defined in Public Law 87-653 (Truth in Negotiations) and the Copeland “Anti-Kickback” Act. In addition, the following clauses are incorporated herein by reference according to the amount of this order, and references to Government (or United States) and this PO shall be interpreted as necessary to apply to the U.S. Government or Stanford and Contractor, respectively.
Clauses which are required for the transaction covered by this PO also are incorporated by reference.
FAR Number and Title of Clause, Regardless of Amount:
52.203.11 Certification & Disclosure Re: Payments to Influence Certain Federal Transactions
52.222.4 Contract Work Hours and Safety Standards Act
52.225.13 Restrictions on Certain Foreign Purchases
52.227.10 Filing of Patent Applications-Classified Subject Matter
52.227.11/12/13 Patent Rights
52.247.63 Preference for U.S. Flag Air Carriers
52.247.64 Preference for Privately Owned U.S. Flag Commercial Vessels
252.227.7034 DFAR Patents- Subcontracts DOD only
252.227.7039 DFAR Patents Reporting Subject Inventions DOD only
52.222.21 Prohibition of Non-Segregated Facilities
52.222.26 Equal Opportunity
52.222.35 Affirmative Action for Disabled Veterans of the Vietnam Era
52.222.36 Affirmative Action for Workers with Disabilities
52.222.37 Employment Reports on Disabled Veterans of the Vietnam Era
FAR Number and Title of Clause, Orders over $100,000: all of the above clauses plus:
52.203.6 Restrictions on Subcontractor Sales to the Government
52.203.7 Anti-Kickback Procedures
52.203.12 Limitation on Payments to Influence Certain Federal Transactions
52.215.2 Audit and Records- Negotiation, Alternative II
52.219.8 Utilization of Small Business Concerns
52.227.1 Authorization and Consent Alternative I
52.227.2 Notice and Assistance Regarding Patent and Copyright Infringement
42 U.S.C. 7401, et. seq. Clean Air Act
33 U.S.C. 1251, et. seq. Federal Water Pollution Control Act
FAR Number and Title of Clause, Orders over $700,000: all of the above clauses plus:
52.219.9 Small Business Subcontracting Plan
FAR Number and Title of Clause, Orders over $750,000: all of the above clauses plus:
52.215.12/13 Subcontractor Cost or Pricing Data- Modifications
This section applies to all contractors who supply Stanford University with services that are not related to facilities or grounds maintenance, construction, demolition, installation of equipment (including furnishings) or products that contain regulated hazardous materials (including consumer products).
Asbestos: In accordance with California Health and Safety Code Section 25915 (Connelly Act) and the Cal/OSHA Asbestos Standard, 8 CCR Section 1529, Contractor is hereby notified that in Stanford facilities there are construction materials that are known to contain asbestos. In some areas, asbestos has been identified in one or more of the following construction products: spray-applied fireproofing; pipe, boiler, tank and air duct insulation; air duct seam tape; gaskets; roofing tar, felt and mastic; asbestos-cement pipe, wallboard, and shingles; plaster and acoustical treatments; gypsum board taping compound; vinyl and asphalt floor tile; vinyl sheet flooring; vinyl flooring, basecove, and ceiling tile adhesive; caulking and glazing compound; acoustic ceiling and wall tile; lab fume hood liners, exhaust ducts and counter tops; and fire-rated door core insulation.
Contractor shall not disturb building materials and shall stop work and report any inadvertent disturbance of such materials immediately to Stanford Environmental Health and Safety at 650-725-9999. Unless specifically qualified to do so, Contractor shall not enter an area that is posted with warning signs or labels indicating the presence or chemical, biohazardous or radioactive materials or equipment or areas that may have residual contamination from such materials.
Proposition 65 Notice: Under California Health and Safety Code Sections 25249.5 through 25249.13, asbestos, lead, mercury and polychlorinated biphenyls have been listed as chemicals known to the State of California to cause cancer or reproductive harm. Contractor will be working in areas in which some or all of these materials may be present. This notice constitutes the warning of the presence of a chemical known to cause cancer or reproductive harm required by Proposition 65. It is Contractor’s duty to follow all requirements of Proposition 65.
Persons who work on Stanford University projects under contract, including supply vendors, must comply with the provisions of Stanford’s Sexual Harassment policy. Stanford defines Sexual Harassment as: “Unwelcome sexual advances, requests for sexual favors, and other visual, verbal or physical conduct of a sexual nature, between persons of the same or different gender, constitute sexual harassment when: (1) It is implicitly or explicitly suggested that submission to or rejection of the conduct will be a factor in academic or employment decisions or evaluations, or permission to participate in a Stanford activity; or (2) The conduct, whether subtle or blatant, has the purpose or effect of interfering with an individual’s academic or work performance by creating an intimidating, hostile or offensive academic, work or student living environment, such as persistent and unwanted communication of a sexual nature (e.g., in person, by phone, text, email, via social media) and applies to one incident if sufficiently severe or repeated behaviors over time.
For information, consultation, advice or to lodge a complaint, contact the Sexual Harassment Policy Office at 556 O’Connor Lane, Griffin Drell House, Room 101 Stanford, CA 94305-8210, (650) 724-2120; email to: @email; website: http://harass.stanford.edu.
If Stanford determines that any Stanford employee, student, agent, representative or associate is being sexually harassed by a Contractor employee or subcontractor, the Contractor will immediately remove the employee or subcontractor from any and all Stanford University projects under contract. Contractor must operate in accordance with all federal, state and local laws and regulations, as well as Stanford's Code of Conduct which can be found at: https://adminguide.stanford.edu/1-1-1.
33.1 In accordance with Stanford policy supporting its fundamental research mission, Stanford suppliers may NOT sell or ship any International Traffic in Arms (ITAR) controlled defense article or technical data, any dual-use “500/600 Series” item or technology, and any Wassenaar Arrangement Munitions List item, without express written preauthorization from Stanford’s Export Control Officer. Learn more about Stanford’s ITAR policy.
33.2 Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment. Section 889 of the FY 2019 National Defense Authorization Act (Public Law 115- 232) prohibits, among other things, the US government from contracting with any entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. The prohibition in Section 889(a)(1)(B) applies to the use of covered telecommunications equipment or services, regardless of whether that use is in performance of work under a Government contract. Supplier is therefore prohibited from providing to Stanford University or the US government any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless otherwise permitted by laws. Supplier hereby represents that it has reviewed the definition of “covered telecommunications equipment or services” set forth in Federal Acquisition Regulation 52.204-25, as amended, and hereby represents and warrants that Supplier has not provided and will not provide any equipment, system, or service that uses covered telecommunications equipment or services to Stanford University in the performance of any contract, supply agreement, purchase order, or other agreement entered into between Stanford University and the Supplier. Supplier shall ensure that it is in compliance with Section 889 of Public Law 115-232 and is required to monitor the prohibited parties listing, which currently includes, without limitation, the following companies or any of their subsidiaries: Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company.
Supplier is responsible for its access to, use of, and data accuracy within Stanford's approved vendor database, including keeping its login information confidential and secure. Stanford will treat any information updates associated with a valid login as authentic. Stanford is not responsible for unauthorized access to Supplier's account, or inaccurate data resulting from a valid login, including, but not limited to, misdirection of funds.
For account access please contact Stanford’s Financial Support Center (FSC). The FSC will then send Supplier an email with a secure access link.
This PO (including these Terms and Conditions), any specifications or additional terms and conditions attached or referenced, constitute the entire agreement between Stanford and Contractor. Contractor's quotation/proposal is incorporated if specifically stated in the PO. No other terms or conditions are binding on Stanford unless accepted by Stanford in writing. In the event of a conflict between this PO and terms and conditions stated in Contractor's quotation/proposal, the terms of this PO shall take precedence.
THE FOLLOWING BUSINESS ASSOCIATE ADDENDUM (BAA) IS APPLICABLE IN SITUATIONS WHERE THE CONTRACTOR MIGHT ACCESS, RECEIVE, USE, DISCLOSE, OR MAINTAIN PROTECTED HEALTH INFORMATION TO PERFORM A SERVICE ON STANFORD UNIVERSITY’S BEHALF
This Addendum (the “Addendum”) supplements and is a part of this purchase order Agreement (the “Agreement”) by and between The Board of Trustees of the Leland Stanford Junior University through its HIPAA Covered Entity (“Covered Entity” and/or “Stanford”) and the supplier in receipt of this Stanford purchase order (“Business Associate”), each individually a “Party” and collectively the “Parties”.
This Addendum governs any activity, whether under any current or future agreement, that involves the supplier performing a Business Associate service on behalf of Stanford that involves access to, creation, receipt, maintenance, use, disclosure, or transmission of Protected Health Information (PHI).
Both Parties are required to comply with the Health Information Technology Economic and Clinical Health (“HITECH”) Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and applicable regulations issued thereunder, including, but not limited to, the Privacy, Security, Breach Notification and Enforcement Rules (45 C.F.R. Parts 160, 162 and 164), as may be amended from time to time. This Addendum sets forth the terms and conditions under which any PHI will be handled by Business Associate.
The Parties agree as follows:
All capitalized terms used but not otherwise defined in this Addendum have the meaning set forth in HITECH/HIPAA and regulations issued thereunder, and state privacy laws, including but not limited to the California Confidentiality of Medical Information Act (“CMIA”) and breach notification laws (e.g., California Health and Safety Code § 1280.15 and Civil Code § 1798.82 et seq., as these may be amended from time to time). Any discrepancies between definitions will be resolved to comply with the HIPAA Rules.
Without limiting the generality of the foregoing, the term “Breach” as used herein also means unlawful or unauthorized access to, or use or disclosure of PHI pursuant to state laws.
2. PERMITTED USES AND DISCLOSURES OF PHI BY BUSINESS ASSOCIATE
2.1 Services. Except as otherwise specified herein, Business Associate may only use, access, transmit, store, or disclose PHI to the extent necessary to perform its obligations under the Agreement, provided that (i) such use complies with and does not violate HITECH, HIPAA or the Privacy or Security Regulation or (ii) such use is expressly permitted by this Addendum. Business Associate shall limit the use and/or disclosure of PHI to the minimum amount of information necessary to accomplish the intended purpose of the use or disclosure. Business Associate will comply with the legal requirements that apply to Covered Entities in the performance of such obligation(s).
2.2 Business Activities. Business Associate may use and disclose PHI if necessary for the proper management and administration of Business Associate or to meet its legal responsibilities; provided that Business Associate may disclose PHI to third parties for such purposes only if the disclosures are Required by Law, or Business Associate obtains reasonable written assurances from the third party to whom the information is disclosed that: (a) the information will remain confidential; (b) the information will be used only as Required by Law or for the purposes for which the information was disclosed to the third party; and (c) the third party will notify Business Associate and Stanford of any instances of which it is aware in which the confidentiality of the information has been Breached.
2.3 No Data Aggregation. Business Associate may not use PHI data received from or created on behalf of Stanford for Data Aggregation purposes unless such Data Aggregation is expressly permitted by the Agreement.
2.4 No De-Identification. Business Associate may not de-identify PHI received from or created on behalf of Stanford unless such de-identification is expressly permitted by the Agreement.
2.5 Limits of Disclosure. Business Associate may disclose PHI for the purposes authorized by this Addendum only (a) to members of its Workforce, (b) to its Subcontractors and agents in accordance with Section 3, (c) as directed in writing by Stanford, or (d) as otherwise permitted by the terms of this Addendum. Any other use and/or disclosure not permitted or required by this Addendum is prohibited.
2.6 Prohibition on Sale of Protected Health Information. Business Associate agrees to comply with the prohibition of sale of Protected Health Information without authorization unless an exception under 45 C.F.R §164.508 applies.
3. RESPONSIBILITIES OF BUSINESS ASSOCIATE
3.1 Disclosure Required by Law. Business Associate shall not, without the prior written consent of Stanford, disclose any PHI on the basis that such disclosure is Required by Law without first notifying Stanford, providing Stanford a reasonable opportunity to object to the disclosure and to seek appropriate relief. Business Associate will require reasonable written assurances from third parties receiving PHI that such third parties will provide Stanford with similar notice and opportunity to object before any such disclosure Required by Law.
3.2 Security Rule Compliance. In addition to compliance with Stanford’s relevant Minimum Security Standards and Minimum Privacy Standards, Business Associate will maintain an information privacy and security program that complies with HITECH, HIPAA, and the regulations and guidance issued thereunder by the U.S. Department of Health and Human Services (“HHS”), including the Security Rule and any other Federal and State Rules and Regulations applicable to Covered Entities to prevent any unauthorized use and/or disclosure of PHI including electronic PHI.
Business Associate does and will comply with the HHS guidance to render unsecured PHI unusable, unreadable, or indecipherable to unauthorized individuals, including with respect to electronic PHI in motion and at rest, and destruction of PHI.
3.3 Breach Notification. Business Associate must report to the Stanford University Privacy Office, in writing, any Breach or Security Incident (including through Subcontractors, agents or other 3rd party members of its Workforce) of which Business Associate becomes aware as soon as possible, and at least within five (5) days of Discovery. Business Associate must report such breach regardless of whether the Breach or Security Incident arises from the actions or omission of Business Associate or its employees, Subcontractors, agents, or others.
a. If such Breach or Security Incident requires notification of government agencies and/or individuals, Business Associate will cooperate fully with Stanford in efforts to carry out notification requirements, and will indemnify and reimburse Stanford for Stanford’s reasonable associated costs.
b. Business Associate will cooperate fully with Stanford in efforts to mitigate, to the greatest extent practicable, any harmful effects from any such Breach or any Security Incident, and will indemnify and reimburse Stanford for Stanford’s reasonable associated costs.
3.4 U.S. Subcontractors. Business Associate will require any person(s) to whom Business Associate delegates a function, activity or service under the Agreement (other than members of Business Associate’s Workforce) or who otherwise creates, receives, accesses, uses, maintains or transmits PHI on behalf of or for Business Associate (“Subcontractors”) to enter into a written agreement that, (i) complies with HITECH and HIPAA, (ii) includes the same restrictions, conditions, obligations and requirements concerning PHI that apply to Business Associate pursuant to this Addendum; and (iii) provides that all assignees or subcontractors of Business Associate’s Subcontractor or agent enter into written agreements satisfying the requirements of clauses (i) through (iii) above.
3.5 Foreign Subcontractors. Before allowing any Subcontractor or agent that is not organized under the laws of any state within the United States (“Foreign Subcontractor”) to use or disclose, or have access to, PHI, Business Associate will obtain the prior written consent of Stanford, which consent may be withheld in Stanford’s sole discretion.
3.6 Accounting of Disclosures of PHI. Business Associate will maintain and within fifteen (15) days of receiving a written request from Stanford, provide to Stanford, such information as is requested or required to enable Stanford to respond to an individual’s request for an accounting of the disclosures of the individual's PHI in accordance with 45 C.F.R. § 164.528.
3.7 Direct Accounting Requests. In the event that an individual requests an accounting of disclosures directly from Business Associate or its agents or Subcontractors, Business Associate must notify Stanford in writing within five (5) days of the request; Stanford shall be responsible for preparing and delivering to the individual any such accounting requested.
3.8 Availability of Records for Review by Stanford and/or HHS. Business Associate will make available all records, books, agreements, policies, and procedures relating to the security, use, and/or disclosure of PHI to Stanford and/or the Secretary of the U.S. Department of Health and Human Services (or any officer or employee of HHS to whom the Secretary of HHS has delegated such authority) for purposes of determining compliance, subject to attorney-client and other applicable legal privileges.
Business Associate will immediately notify Stanford of any complaint or request for access received from the Secretary of HHS and will provide Stanford with a copy thereof as well as a copy of all materials disclosed pursuant thereto.
3.9 Designated Record Set. In the event that the PHI received by Business Associate pursuant to the Agreement constitutes a Designated Record Set, Business Associate will, at the request of Stanford, (i) provide Stanford with access to the PHI to enable Stanford to fulfill its obligations under 45 C.F.R. § 164.524, or (ii) make any amendment(s) to the PHI that Stanford directs pursuant to 45 C.F.R. § 164.526.
3.10 Individual Requests. In the event that an individual requests access to, amendment of, or an accounting of disclosures directly from Business Associate or its agents or Subcontractors, Business Associate must notify Stanford in writing within five (5) days of the request and timely provide all information reasonably requested by Stanford to respond; Stanford will be responsible for preparing and delivering to the individual any such accounting requested.
4. TERMINATION FOR BREACH
4.1 Term. This Addendum shall become effective on the Agreement Effective Date and shall continue in effect until termination or expiration of the Agreement, unless terminated as provided in Section 4.2 below.
4.2 Termination by Covered Entities. As provided under 45 C.F.R. § 164.504(e)(2)(iii), Stanford may immediately terminate this Addendum and the Agreement if Stanford knows of a pattern of activity or practice of Business Associate that constitutes a material breach or violation of Business Associate’s obligations under the provisions of this Addendum.
4.3 Effect of Termination. Upon termination of the Agreement and this Addendum pursuant to Section 4.2, Business Associate shall return to Stanford, or if agreed by Stanford, destroy all PHI received from Stanford, or created, maintained, or received by Business Associate on behalf of Stanford, that Business Associate and its agents and Subcontractors still maintain in any form. If such return or destruction is not feasible, then Business Associate will so notify Stanford in writing, and shall (a) extend any and all protections, obligations, limitations and restrictions contained in this Addendum to PHI retained by Business Associate, its agents and its Subcontractors after the termination of the Agreement and this Addendum, (b) limit any further uses and/or disclosures to those purposes that make the return or destruction of the PHI infeasible and (c) at such time as return or destruction of such retained PHI becomes feasible, return or, if agreed by Stanford, destroy such PHI.
5.1 Interpretation; Inconsistences between Agreement and Addendum. The provisions of this Addendum prevail over any provisions in the Agreement that may conflict or appear inconsistent with any provisions in this Addendum. Any ambiguity in this Addendum will be resolved in favor of a meaning that complies and is consistent with the Privacy Regulation and Security Regulation.
5.2 State Law. Nothing in this Addendum is to be construed to require or permit Business Associate to use or disclose PHI without proper written authorization, where such authorization would be required under state law for such use or disclosure.
5.3 Injunctions. In addition to any other remedies available to Stanford at law, in equity, or under this Addendum, in the event of any violation of any of the provisions of this Addendum, or any explicit threat thereof, Stanford will be entitled to an injunction or other decree of specific performance with respect to such violation(s) or explicit threat thereof.