Acceptable Use Policy

(for IBM Q System)

(effective v2019-02-18)

 

This Acceptable Use Policy (for IBM Q System) (this “AUP”) provides additional terms and conditions applicable to a party, whether a “Client”, or a “Member” of a Client led hub, or a user accessing the IBM Q System (“User”), as applicable.  A User is responsible for compliance with this AUP by its entity/organization and its personnel, representatives, authorized users, parties to which they are entitled to grant access to the IBM Q System, and the personnel and representatives of such grantees with such access (collectively, “Representatives”).

 

The following are defined terms are used in this AUP:

 

“IBM Remote Access System” means an IBM system externally accessible via an application programming interface (API).

 

“IBM Remote Access System Technology” means the IBM Q System, and any additional enhancement or other software which IBM may provide, at its sole discretion, to provide such access to Client, or its Members under this AUP via the IBM Remote Access System.

 

1.0       Ownership and Conditions of Access to System

 

IBM will retain all right, title and interest in and to the IBM Remote Access System and the IBM Remote Access System Technology, subject only to the limited right of access to the IBM Remote Access System under this AUP. Availability of the IBM Remote Access System and the IBM Remote Access System Technology are subject to scheduled maintenance and unanticipated conditions.

 

For quality control, compliance with Security and Use Standards set out in Section 2.0 below and other purposes, IBM may monitor use of the IBM Remote Access System. User agrees not to submit or upload any materials or software through the IBM Remote Access System, except as expressly provided in this AUP.

 

User will not and will not allow any third party to: 1) copy, modify, link to, distribute or access the IBM Remote Access System, IBM Remote Access System Technology, or any component thereof, except as expressly provided in the AUP; or 2) reverse engineer or otherwise attempt to discover or decode any component of the IBM Remote Access System, IBM Remote Access System Technology, or any component thereof, except as specifically permitted by law without the possibility of contractual waiver.

 

User assumes all risks associated with its access to the IBM Remote Access System, the IBM Remote Access System Technology, and all component(s) thereof, including without limitation: IBM Remote Access System and/or IBM Remote Access System Technology errors; damage to data related to storing and using any data in the IBM Remote Access System Technology; damage to or loss of programs or equipment; and unavailability or interruption of operations. Neither IBM nor its suppliers are responsible for the accuracy, completeness, timeliness, reliability, content, or availability of the IBM Remote Access System or IBM Remote Access System Technology.

 

2.0       Security and Use Standards

 

User will be solely responsible for and must control access to the IBM Remote Access System by User’s Representatives in accordance with this AUP. User will ensure that User’s equipment which can access the IBM Remote Access System will be physically and technically protected, including without limitation, screen and keyboard locks, and will prevent IP forwarding or other services such as DNS or DHCP when used to mask User’s physical location, and maintain security for User’s facilities and its computer network. User agrees to protect all passwords and tokens from unauthorized users and use.

 

User will be solely responsible for and must control access to the IBM Remote Access System by User’s Representatives in accordance with this AUP. User will ensure that User’s equipment which can access the IBM Remote Access System will be physically and technically protected, including without limitation, screen and keyboard locks, and will not use IP forwarding or other services such as DNS or DHCP for the purpose of masking physical location (for clarity, use of standard networking technologies, for example, NAT, VPN, DNS, and DHCP, is allowed if they are not used for the purpose of masking a User’s physical location), and maintain security for User’s facilities and its computer network. User agrees to protect all passwords and tokens from unauthorized users and use.

 

User will not: (i) use the IBM Q System for activity unrelated to the purpose set forth in the Client’s agreement with IBM or this AUP, or interfering with or violating the integrity or security of a network or system, or violating third party rights; (ii) connect remote devices to the IBM Q System for non-Client agreement related activity; (iii) saturate the IBM Q System or consume its resources to intentionally cause the IBM Q System to reset or to intentionally degrade its performance to prevent from providing its intended service; (iv) use the IBM Remote Access System or any connected equipment for any unlawful or improper activity; (v) provide access to any third party, other than as permitted in the Agreement; (vi) use the IBM Q System in any application or situation where failure could lead to death or serious bodily injury of any person, or to severe physical or environmental damage, such as aircraft, motor vehicles or mass transport, nuclear or chemical facilities, life support or medical equipment, or weaponry systems; or (vii) use the IBM name, any IBM trademark, or refer to access to the IBM Q System without IBM’s prior written approval. If there is a complaint or notice of violation, use may be suspended until resolved, and terminated if not resolved promptly.

 

User will ensure that no Harmful Code will enter IBM as a result of User’s access. “Harmful Code” means any computer programming code constructed with the intent or likelihood of damage to or interfere with other computer programs, data files or hardware, without the knowledge or consent of the computer user, and includes self-replicating and self-propagating program instructions such as viruses, worms, or the like. User will promptly notify IBM if it discovers or suspects that Harmful Code has entered the IBM Remote Access System, and will fully cooperate with IBM’s efforts to remove Harmful Code and protect the IBM Remote Access System, which may include, without limitation, suspension or termination of Client’s, its Members’, or Users’ access rights to the IBM Remote Access System.

 

3.0       Privacy and Data

 

3.1       Privacy and Personal Information. IBM and its Affiliates and their contractors and subprocessors, may, wherever they do business, collect, store and otherwise process the following personal identifiable information (“PI”): (a) business contact information (“BCI”) of Users and their respective Representatives, for example name, business telephone, address, email and user IDs, as may be required by IBM under this AUP, and (b) Users’ email addresses, IP addresses, and as part of the normal operation and support of the IBM Q System, Users’ personal information from Users accessing the IBM Q System related to the use of the IBM Q System, through tracking and other technologies (such as cookies) (“Account Data”) for the purposes and for the duration as specified in the IBM Q End User License Agreement ( the “EULA”). User authorizes IBM to obtain fully informed consents necessary to enable lawful use of the IBM Q System and to collect and process the PI as described herein. However, if User determines that User (not IBM) will handle consent communications with individuals, User agrees that it has obtained or will obtain any fully informed consents, permissions, or licenses necessary to enable lawful use of the IBM Q System and to permit collection and processing of the PI by IBM.

 

IBM will process the BCI and the Account Data, as a Data Controller, all in accordance with applicable laws, including the EEA data protection laws and regulations, including the European General Data Protection Regulation (EU/2016/679)

 

3.2       Data

 

“Data” means any data content that Users may upload to the IBM Q System or grant access to IBM in connection with this AUP.

 

  1. Users must have all necessary permissions or licenses to permit the licensing and the use and processing of the Data by IBM in accordance with this AUP in a manner that will not violate any laws, including privacy laws, and is responsible for assessing any regulatory or security requirements with respect to the Data. Users hereby grant IBM permission to process such Data.
  2. User understands and agrees that the IBM Q System is not designed to any specific security requirements for regulated data content, such as personal or sensitive personal information (“PI”). Accordingly, User represents and warrants that all of the Data fits entirely within one of the following categories:

    (i) Data which does not contain PI, whether or not anonymized or de-identified in any fashion, or that is otherwise subject to governmental regulation in connection with use of the IBM Q System;

    (ii) BCI and Account Data of User or its Representatives; and

    (iii) Data which may have contained PI, but which has been fully anonymized prior to the upload of Data to the to the IBM Q System so as to ensure that the Data no longer contain personal information and a person without prior knowledge of Data and its collection cannot, from the Data and any other available information, identify the nature of the transactions or personal information.

     

  3. User acknowledges that IBM has no obligation to review Data uploaded upload to the IBM Q System to determine if such Data contains PI. However, if IBM becomes aware of PI provided by User, its Representatives, its Members, and/or Members’ Users, IBM will delete or return the PI.
  4. User agrees that it will not deliver or otherwise provide IBM with access to any data that may include PI (except for the BCI or the Account Data detailed in Section 3.1 above) or any data that may be subject to the EEA data protection laws and regulations, including the European General Data Protection Regulation (EU/2016/679) unless and until the Parties have reached an agreement in writing on the requirements for receipt and processing of any such data.

 

4.0       Additional Provisions

 

If IBM reasonably believes that the IBM Remote Access System may have been accessed or manipulated by a third party or wrongfully accessed, IBM reserves the right to restrict, suspend, or discontinue access to the system associated with such personnel pending review and resolution of the matter. IBM will provide User notice as applicable in connection with taking any such actions. Similarly, User must promptly report to IBM any security concerns or known or suspected unauthorized use, including any lost or stolen data or access rights to IBM.

 

User represents that it has agreements sufficient to meet its obligations under this AUP, prior to accessing or granting access to that Representative.

 

User acknowledges that IBM may use global resources (non-permanent residents used locally and personnel in locations worldwide) to remotely support the delivery of the IBM Remote Access System Technology. User represents on behalf of itself and its Representatives that content will not, in whole or part, be controlled under the U.S. International Traffic in Arms Regulation (ITAR) or the defense trade control regime of any country and that no content accessible to IBM will require an export license or is restricted from export to any IBM global resource or personnel under applicable export control laws. User represents on behalf of itself and its Representatives that content will not be described on the Commerce Control List of the U.S. Export Administration Regulations or the dual-use control list of any country.