This agreement is written in Spanish. If there is a conflict between a translated version and the Spanish version of these terms, the Spanish version will prevail, to the extent permitted by applicable law.
If you access the Services from a location outside Europe and/or if you use the Services to provide access to patients who will access them from a location outside Europe, you do so at your own risk and are solely responsible for compliance with any applicable laws, rules and regulations in your jurisdiction, including export laws and any local rules and laws regarding online conduct and content.
The terms used in this Agreement shall have the definitions contained herein or, if not defined in this Agreement, shall have their meaning in plain Spanish, as commonly interpreted in Spain.
2. Additional Terms.
3. Disclaimer of liability for treatment prescribed by therapists or researchers.
We reserve the right, at any time, to modify the Platform or Services by making the modification available on the Platform or by providing you with other notification in the terms of stipulation 19 “Modification of the Conditions”. In this sense. Any modification will be effective immediately upon posting on the Platform or any other notice. You will be deemed to have accepted such modification if you use the Platform or the Services after the publication of such modification.
For adequate access and use of the platform it is required that the client, administrator, professional and user have the technical requirements that are attached to this contract as ANNEX I.
5. Types of accounts.
We designate several types of Accounts (each, an “Account”) that provide different functionality to different users of the Platform;
a. A “DEMO Account” allows you limited access to view and test certain content on the Platform that is limited in both quantity and time.
b. A “User Account” allows a patient to access, through the application for patients, the exercise program and questionnaires set up by his/her Therapist. The User Account is unique, personal and non-transferable. The User Account is always linked to a specific Associate Therapist Account (hereinafter referred to as Associate Therapist Account or Your Therapist). Healthinn shall not be liable for misuse or negligence of the User Account or for the use of the account by any third party other than the individual patient for whom a user account has been created by the therapist.
c. A “Therapist Account” allows a Therapist to use “Dashboard” in order to configure and monitor their patients’ exercise programs. It allows you to set up and monitor exercise programs to unlimited “User Accounts”, provided that each User Account created corresponds to a single patient, and that those patients are under the supervision of the Therapist who holds the Therapist Account. A Therapist Account is unique, personal and non-transferable. The Therapist Account may be linked to a particular associated hospital account (“Associated Hospital Account” or “Your Hospital”), if that account has given you access by virtue of being your employer. Healthinn is not responsible for the improper or negligent use of the Therapist Account, as well as the use of such account by third parties other than the specific health professional for whom the Therapist Account has been created.
d. A “Hospital Account” allows you to create unlimited Therapist Accounts on the Platform, provided that the Therapist who holds the Therapist Account is an employee of the Hospital who has the capacity to treat patients, and that such Therapist Accounts correspond to one per Therapist.
6. Account registration; Account settings; Passwords.
a. Age restrictions. You may not use the Platform unless you are 18 years of age or older. If you are the parent or guardian of a minor under the age of 18 (hereinafter referred to as the “minor”), you may use the Platform and allow the minor to use the Platform and Services under your direct supervision. You will be solely responsible for all access and use by the minor in your care.
b. Your account information. By creating an Account on the Platform, you AGREE THAT:
b(i) you comply with any age restrictions for use of the Platform, and
b(ii) the information you have provided in your registration (“Account Information”) is true, accurate, current and complete. Upon any change to such information, you will immediately maintain and update your Account Information using the functionality provided through the Platform to be true, accurate, current and complete, or you will notify us in writing when modification is not possible through the Platform.
c. Passwords. You are responsible for maintaining the confidentiality of your password and are not permitted to share or disclose your password to anyone else. You will be solely responsible for the activities of anyone accessing the Platform using any password assigned to you, even if the person is not, in fact, authorized by you. If you have reason to believe that your password has been compromised or used without authorization, you must change it promptly, using the functionality provided in the applicable Platform, or notify us in writing when modification is not possible through the Platform. In the event that we or your Therapist have provided you with a dummy email and/or temporary password for access to your Account, you must change them to a real operational email of your personal ownership and/or password set by yourself. We encourage you to use “strong” passwords (passwords that use a combination of upper and lower case letters, numbers and symbols). We are not responsible for your decision to continue with fictitious mail and/or temporary passwords. Healthinn cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.
d. Therapist passwords. If your Account is linked to a Hospital Account, the person or entity to whom your Account is linked will have access to your Account to view or modify the Content of your Account. In addition, specific members of Healthinn will have access to certain content on the Account to resolve support requests.
7. Termination of service.
b. Termination by us. We reserve the right to disable your password and terminate your access to your Account, regardless of the type of account you have, if:
(ii) for a DEMO Account, without the necessity of any specific event. If we do so, we may also choose to remove the information from your Account and the actions taken on it; or
(iii) you have chosen not to renew your Software License Agreement and/or not to pay your fees.
c. Termination of your User Account by the Therapist or the Associated Hospital Account. If you have a User Account, your Therapist or the Associated Hospital Account has the right to terminate, or instruct us to terminate, your User Account. We have the right to cancel your User Account after receiving instructions from your Therapist or the Associated Hospital Account. If your Therapist or the Associated Hospital Account cancels your User Account or instructs us to cancel it, you will no longer have access to your User Account, unless there is an express request to that effect from the Therapist or the Associated Hospital Account that has cancelled your Account or instructed us to cancel it, provided that the Software License Agreement is in effect.
d. Termination of your User Account for non-renewal of the Associate Therapist Account or the Hospital Account associated with Your Therapist. If Your Therapist or Your Therapist’s Associated Hospital Account is not renewed or cancelled, or we are instructed not to renew or to cancel their accounts, we have the right to terminate your User Account.
e. Termination of your Therapist Account by the Associated Hospital Account. If you have a Therapist Account associated with a Hospital Account, the Associated Hospital Account has the right to terminate, or instruct us to terminate, your Therapist Account. We have the right to cancel your Therapist Account after receiving instructions from the Associated Hospital Account. If the Associated Hospital Account cancels your Therapist Account or instructs us to cancel it, you will no longer have access to your Therapist Account, unless there is an express request to that effect from the Associated Hospital Account that has cancelled your Account or instructed us to cancel it, and provided that the Software License Agreement is in effect.
f. Termination of your Therapist Account for non-renewal of the Associated Hospital Account If the Associated Hospital Account fails to renew or cancels your account, or instructs us not to renew or cancel your account, we have the right to terminate your Therapist Account.
h. Termination by you. If you notify us that you wish to terminate your Account, regardless of the type of account you have, we will immediately take steps to terminate your Account. Upon such termination, we will elect to return, delete and/or anonymize your Account information or Content. We will not provide any refunds if your Account is terminated under this Section. The early termination of the agreement by you will not in any way entitle you to a refund of the amount paid for the period of time or if you cease to use the product you have signed up for.
i. Other termination or modification. In addition to the above cancellation rights, we have the right to cancel the Services at any time or to modify or change the Services to remove any or all of the Services. In the event that any or all of the Services provided are deleted by unilateral decision of Healthinn, you have the right to request immediate termination and cancellation of your account, with a right to a refund of the unused portion of the fee. This right does not apply when there has been a breach by you under the terms of clause 11 of this document.
8. No medical advice.
THE CONTENT THAT WE PROVIDE THROUGH THE PLATFORM AND THE WEBSITE, INCLUDING ALL TEXT, PHOTOGRAPHS, IMAGES, ILLUSTRATIONS, GRAPHICS, AUDIO CLIPS, VIDEO AND AUDIO-VIDEO AND OTHER MATERIALS, WHETHER PROVIDED BY US OR BY OTHER USERS OR THIRD PARTIES, IS NOT INTENDED TO BE AND SHOULD NOT BE USED IN LIEU OF:
A) THE ADVICE OF YOUR PHYSICIAN OR OTHER MEDICAL PROFESSIONALS;
B) A VISIT, CALL OR CONSULTATION WITH YOUR DOCTOR OR OTHER MEDICAL PROFESSIONALS; OR
C) INFORMATION CONTAINED ON ANY PRODUCT PACKAGING OR LABEL.
OUR CONTENTS DO NOT CONSTITUTE MEDICAL ADVICE. IF YOU HAVE ANY HEALTH CARE RELATED QUESTIONS, PLEASE CALL OR CONSULT YOUR DOCTOR OR OTHER HEALTH CARE PROVIDER PROMPTLY.
IF YOU HAVE AN EMERGENCY, CALL YOUR DOCTOR OR THE EMERGENCY NUMBER IMMEDIATELY YOU SHOULD NEVER DISREGARD MEDICAL ADVICE OR DELAY SEEKING MEDICAL ADVICE FOR ANY CONTENT PRESENTED ON THIS PLATFORM.
THE TRANSMISSION AND RECEIPT OF OUR CONTENT, IN WHOLE OR IN PART, OR COMMUNICATION VIA THE INTERNET, EMAIL OR OTHER MEANS DOES NOT CONSTITUTE OR CREATE A DOCTOR-PATIENT, THERAPIST-PATIENT OR OTHER HEALTH CARE PROFESSIONAL RELATIONSHIP BETWEEN YOU AND US.
HEALTHINN IS NOT A HEALTH CARE PROVIDER.
a. You and Healthinn declare that we are aware of and are obliged to comply with the provisions of the applicable regulations on the protection of personal data; specifically, Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, and on the free movement of such data (hereinafter, “GDPR”).
10. Price and payment conditions.
If you access an User Account, the terms of this Clause do not apply to you, as such terms are agreed upon with the holder of your Associated Therapist Account or your Associated Hospital Account.
If you access a Hospital Account or access a Therapist Account whose access to the Platform is provided by your hospital or healthcare entity to which you belong, i.e., you have an Associate Hospital Account, and you or an officer of your entity has formalized a Proposal for a license to use the Platform, the terms of this Clause do not apply to you since the price and form of payment are set forth in such Proposal that Healthinn formalizes with your hospital or healthcare entity.
You agree to pay in advance the monthly or annual subscription fee(s) at the rates in effect at the time the charges are incurred, including any applicable taxes. Any change in subscription fee(s) will be effective for the next billing period after we notify you of the change.
YOU ARE RESPONSIBLE FOR PROVIDING HEALTHINN WITH DATA FROM A VALID CREDIT CARD OR PAYMENT ACCOUNT AND PAYING ALL FEES ON TIME.
Healthinn chooses the third party payment processor “Stripe” to carry out the payment management in the contracting and renewal. Therefore, the client, via these general conditions, authorises and consents to any actions that may be necessary for this management to be carried out.
Healthinn’s third party payment processor will automatically charge the credit card or payment account associated with your account at the beginning of the billing period, and billing will automatically repeat at monthly or annual intervals until you terminate your account. If you wish to designate a different credit card or payment account, or if there is a change in your credit card or payment account status, you must change your account information by notifying us in writing at [email protected]; this may temporarily interrupt your access to your account while Healthinn’s third party payment processor verifies your new payment information. Any change in your chosen payment method will be effective for the next billing period. During the term of your subscription, you may choose to cancel your subscription early, but no refund will be made. Likewise, we will not offer a refund if you decide to stop using the subscription during the Subscription Term.
Healthinn itself does not collect or store payment card information.
If Healthinn’s third-party payment processor is unable to successfully charge your credit card or payment account for fees due, we reserve the right to revoke or restrict access to your account, or cancel your account. If you cancel your account for any reason or if we cancel your account due to your default, such cancellation will be effective immediately, and you will not receive a refund of any amounts you have already paid for that billing period. In addition, you agree to reimburse us for collection fees and interest earned for non-payment of any past due amounts.
We may contact you by email regarding your account for reasons including, but not limited to, a problem with your credit card or payment account.
We may contact you by email regarding your account for reasons including, but not limited to, a problem with your credit card or payment account.
Each Party informs the other that the data may be transferred, where appropriate, to the Tax Agency and other public administrations, for the purposes of carrying out the corresponding tax declarations and complying with the applicable regulations.
11. Ownership of the platform and content.
a. Content. The Platform and Content are protected by applicable intellectual property laws, possessing the copyright and intellectual property rights thereof.
c. The license of use that Healthinn grants you does not imply a definitive transfer of the Software nor of any of the rights that we hold over it. You, nor any of the users of your staff of employees, collaborators, partners or administrators, may not, therefore, transmit, assign or sublicense, directly or indirectly, in whole or in part, the rights granted herein, unless you obtain our express, prior and written consent; nor decompile, reproduce, copy, modify or manipulate, in whole or in part, any content of the Software.
In the event of your infringement of intellectual property rights and in accordance with the provisions of Article 140 of the Intellectual Property Law, you shall (without prejudice to any subsequent actions for recovery that you may bring against the infringer from among your employees, collaborators, partners or administrators) indemnify us for damages caused in a sum that includes both the value of the loss we have suffered and the value of the profit that we have ceased to obtain. This amount shall be fixed, at our option, according to one of the following criteria:
(i) The negative economic consequences, including the loss of profits we have suffered and the profits that the infringer has obtained from the unlawful use.
In the case of moral damage, compensation shall be payable, even if the existence of economic damage has not been proven. The assessment shall be based on the circumstances of the infringement, the seriousness of the injury and the degree of unlawful dissemination of the work.
(ii) The amount we would have received as remuneration if the infringer had requested authorization to use the intellectual property right in question.
e. Software. Unless otherwise expressly stated in a license or other agreement separate from this Agreement that you have entered into (or may enter into) with us in connection with any software, code or API available or accessible through the Platform or the Services (collectively, “Software”) (each such license or other agreement, a “Software License Agreement”), we grant you a personal, limited and non-exclusive license to download, install, run and use the Software in accordance with any instructions we provide to you, solely for your own business purposes in connection with your access to and use of the Platform and the Services. Except as expressly set forth in the preceding sentence (or in any applicable Software License Agreement), you are not granted any license or rights, whether by implication, estoppel or otherwise, in or to any Software or any intellectual property rights therein or related thereto, and you may not modify, reproduce, perform, display, create derivative works from, republish, post, transmit, participate in the transfer or sale of, distribute or otherwise exploit any portion of the Software without our prior written permission. Except as provided in this Agreement, any Software License Agreement shall control in the event of a conflict between the terms of this Agreement and that Software License Agreement. At our discretion, we may make available future updates to the Software, if any, which will not necessarily include all existing software features or new features that we release for newer or other products and our Platform.
f. Comments. We encourage you to give us your opinion, comments, ideas and suggestions to improve, expand and modify the Services (“Feedback”). You can send us your comments by email to [email protected]. You acknowledge and agree that all Feedback you provide to us, regardless of the channel of delivery, (i) will be treated as non-confidential, and (ii) will be the sole and exclusive property of Healthinn. Without limiting the foregoing, you acknowledge that your Feedback may be disseminated or used by Healthinn or its affiliates for any purpose, including developing, improving and marketing products. You hereby irrevocably transfer and assign to Healthinn all of your right, title, and interest in and to all Feedback, including all worldwide patent, copyright, trade secret, moral rights and other proprietary or intellectual property rights, and waive any moral rights you may have in such Feedback.
You acknowledge that the Services, the Content, the Platform, the Software and all other databases, software and other technology used to provide the Services and operate the Platform (collectively, our “Technology”) and its structure, organization and underlying data, information and source code constitute our valuable trade secrets. You will not and will not allow any third party to:
(ii) use the Technology in any unlawful manner or in any other manner that could damage, disable, overburden or impair the Technology;
(iii) use automated scripts to collect information from or otherwise interact with the Technology;
(iv) alter, modify, reproduce, or create derivative works from the Technology;
(v) distribute, sell, resell, lend, loan, lease, license, sublicense or transfer any of your rights to access or use the Technology, including, without limitation, providing third party outsourcing, consulting, hosting, providing application services or online services, or making the Technology, or access to it, available to any third party;
(vi) reverse engineer, disassemble, decompile or otherwise attempt to derive the source code or method of operation or any trade secrets incorporated into the Technology;
(vii) attempt to circumvent or overcome any technological protection measures designed to restrict access to any part of the Technology;
(viii) use the Technology to monitor its availability, performance or functionality, or for any other reference or competitive purpose; or
(ix) interfere in any way with the operation or hosting of the Technology, or attempt to gain unauthorized access to the Technology;
(x) prepare derivative works of the Services;
(xi) circumvent our systems, policies and determinations regarding the status of your account, including attempting to access or use the Services if your account has been suspended or terminated or if you have been temporarily or permanently prohibited or blocked from using the Services;
(xii) access, search, collect information from or otherwise interact with the Services, whether by manual methods or by using any software, device, script or robot, or by any other means (automated or otherwise), including “scraping”, “crawling” or “scratching” the Services, to systematically retrieve content in order to create or compile, directly or indirectly, in single or multiple downloads, a collection, compilation, database, directory or similar;
(xiii) interfere with, disrupt, damage or compromise the Services or our systems or the access of any user, host or network in any way, including through the use of viruses, cancel bots, Trojan horses, harmful code, flood pings, denial of service attacks, backdoors, packet or IP spoofing, forging email routes or address information or similar methods or technologies or by overloading, flooding, spamming, email bombarding the Services or imposing an unreasonable or disproportionately large load on the Website or Application;
(xiv) access, manipulate or use non-public areas of any of Healthinn’s Services, computer systems or the technical delivery systems of Healthinn’s suppliers;
(xv) probe, scan or test the vulnerability of any Healthinn system or network or its providers, or breach or circumvent any security or authentication measures on such system or network;
(xvi) prevent, circumvent, remove, disable, impair, decrypt or otherwise circumvent any technological measures implemented by Healthinn or any of Healthinn’s providers or any other third party to protect the Services;
(xvii) forge any TCP/IP packet header or any part of the header information in any e-mail or posting, or otherwise use the Services to send altered, misleading or false information to identify the source;
(xviii) attempt to do any of the foregoing, or advocate, encourage, assist or allow any third party to do any of the foregoing;
(xix) publish by any written, telematic or other means any content of the platform, detailing in detail the form of work that includes the Services of the same.
Healthinn reserves the right to investigate and prosecute violations of any and all reports, complaints and grievances, or any other suspected misconduct or violation of law to the fullest extent of the law.
Without limiting the foregoing, you acknowledge that Healthinn has the right, but not the obligation, at any time and without notice, to monitor access to or use of the Services by any user if we believe in good faith that it is reasonably necessary (i) to comply with any law or regulation or to satisfy any legal process or governmental request (e.g., a subpoena, warrant, order or other request from a court, administrative agency or other government body), (ii) to respond to claims asserted against Healthinn, (iii) to enforce and ensure a user’s compliance with the Terms, including investigating possible violations, (iv) to conduct risk assessments, and prevent, detect and investigate incidents of fraud, security and technical issues, (v) to protect the rights, property or safety of Healthinn, its users or members of the public, and (vi) for the purpose of operating and improving the Services (including for customer support purposes).
Cooperation of the users.
You agree to cooperate and assist Healthinn or its representative in good faith in any such investigations, including providing us with such information as we may reasonably request.
Account Suspension and Termination for Failure to Comply.
We may, in our discretion, without liability to you and without limiting our other remedies, with or without notice and at any time, decide to limit, suspend, deactivate or terminate your account in response to a suspected breach of the Terms, and take technical and legal steps to prevent you from using our Services. If Healthinn has suspended your account due to your actual or suspected breach of the Terms, such suspension will continue until the suspected breach is remedied or otherwise resolved to Healthinn’s reasonable satisfaction.
Once your account is terminated, Healthinn may retain your personal data for as long as necessary to comply with our legal obligations, resolve disputes or as otherwise permitted by law.
When a problem arises, we reserve the right to consider that user’s performance history and specific circumstances in applying our policies, and to determine the degree of rigor with which those policies should be applied in an effort to achieve a fair outcome for all parties involved.
12. Violation of copyright.
a. Claims of Copyright Infringement. If you have reason to believe that any of the Content on the Platform infringes the copyrights of others, please notify us immediately using the contact information provided below. It is our policy to investigate any allegations of copyright infringement that are brought to our attention.
b. Notification of Claimed Copyright Infringement. If you are the owner of the copyright (or are authorized to act on behalf of the owner of the copyright), please notify us immediately if you believe that (1) any Content displayed on the Platform infringes your copyright or (2) any links posted on the Platform link to materials that infringe your copyright. As soon as we receive your notification of alleged infringement, in the manner described below, we will promptly remove or disable access to the allegedly infringing materials (or that are the subject of infringing activity). Your notification must be in writing and must include the following:
(i) a description of the copyrighted work that you believe has been infringed (or if you believe that multiple copyrighted works have been infringed, a representative list);
(ii) a description of the material that you believe is infringing or is the subject of infringing activity, together with sufficient information to enable us to locate the material on the applicable Platform; sufficient information to allow us to contact you, such as your name, address, telephone number and, if possible, e-mail address;
(iii) a statement that you have a good faith belief that the allegedly infringing use of the material was not authorized by the owner of the exclusive right that is allegedly infringed (the “copyright owner”), an agent of the copyright owner, or the law;
(iv) statement that all information you have provided is accurate; and
(v) a statement, made under penalty of perjury, that you are the copyright owner or authorized to act on the copyright owner’s behalf.
c. Your Notice. Your notice must be signed (physically or electronically) and must be addressed to: [email protected].
13. Registered trademarks.
a. Ownership of trademarks. The trademarks used or displayed on the Site and Platform (“Trademarks”) are registered and unregistered trademarks of Healthinn and its licensors or affiliates. Access to the site and Platform does not constitute a license to use any Trademark and you may not use any of the Trademarks displayed on the Platform without the express prior written permission of Healthinn or the owner of the trademark.
14. Links to the Platform and RSS feeds.
a. We grant you permission to create hyperlinks to the home page of www.rehand.net and/or www.rehbody.net. In addition, you are granted the right to implement links from Healthinn social networks for your personal, non-commercial use only as described in the Platform. We reserve the right to revoke these licenses generally, or your right to use specific links, at any time, with or without cause. If you wish to obtain a license to use, distribute or otherwise present our social networking channels for commercial purposes, please contact us at [email protected] and request a license for commercial use. Under no circumstances may you include the Platform or any of its Content or copy parts of the Platform to a server. When accessing a page or image on the Platform from a link (including social network feeds) that appears on your web Platform, each page and image within the Platform must be displayed in its entirety, without any frame, border, margin, design, brand, trademark, advertising or promotional materials that were not originally displayed on the applicable page within the Platform. If you wish to link to any part of the Platform other than that described here, you must sign a separate agreement with Healthinn.
15. Third party platforms.
16. Warranties; Disclaimer.
a. EXCEPT AS EXPRESSLY PROVIDED HEREIN, HEALTHINN HEREBY EXPRESSLY DISCLAIMS, AND YOU DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO THE RESULT OF THE SERVICES, OUR CONTENT, AND ALL SOFTWARE, PRODUCTS OR SERVICES DESCRIBED OR AVAILABLE THROUGH THE PLATFORM, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. WE ARE NOT RESPONSIBLE FOR ANY ACTIONS OF A THERAPIST OR RESEARCHER RELATED TO THE USE OF THE PLATFORM. YOU WILL NOT BRING ANY CLAIM YOU MAY HAVE AGAINST A SPONSOR, THERAPIST OR HOSPITAL AGAINST HEALTHINN.
17. Limitation of liability.
a. TO THE EXTENT PERMITTED BY APPLICABLE LAW, WE, ON BEHALF OF OURSELVES AND OUR MANAGERS AND SENIOR MANAGEMENT, DIRECTORS, SHAREHOLDERS, EMPLOYEES, AGENTS, SUPPLIERS AND CONTRACTORS, EXCLUDE AND DISCLAIM LIABILITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF HEALTHINN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE SERVICES AND THE PLATFORM, OR OTHERWISE RESULTING FROM (1) the use or inability to use the services or the Platform; (2) the cost of acquiring substitute products and services as a result of any goods, content, data, information or service acquired or obtained, or messages received or transactions made through or from the Platform; (3) unauthorized access to or alteration of its transmissions, content or data; (4) statements or conduct of any third party on the Platform; or (5) any other matter relating to the Platform. YOU ASSUME FULL RESPONSIBILITY FOR ESTABLISHING SUCH DATA BACKUP AND VIRUS CONTROL PROCEDURES AS YOU DEEM NECESSARY. THIS LIMITATION OF LIABILITY APPLIES WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER BASIS.
b. Also, any harm caused to a patient by using the Services other than as established by Healthinn or by not properly following the Instructions for Use is not the responsibility of Healthinn and rests entirely with the health care professional responsible for implementing it.
19. Modification of the Conditions.
a. Healthinn reserves the right to modify, in any way, the characteristics and conditions of its Platform and/or Services, with the purpose of improving, developing and benefiting the users. In order to do so, it will be sufficient to inform the client by e-mail and/or to include this modification in the clauses of the contractual Conditions that are applicable and/or to publish it on the website or the platform.
b. Any substantial modification of the Conditions of Use by Healthinn will be communicated in writing in the shortest possible time for its acceptance by the client. The client, once the modification has been communicated, if he/she does not agree with the new conditions, has a period of 14 calendar days from the receipt of said communication, to terminate the contractual relationship between the parties. After this period without communication to the contrary from the client, it will be understood that he/she accepts the new conditions. By accessing, browsing and/or using the Services after the updates to these Conditions have been published, you agree to be bound by the updated Conditions.
c. Notwithstanding the foregoing, Healthinn will make available to all its customers a copy of the contractual conditions in force at any given time, by publishing them on its web page.
20. Compliance with Laws.
You agree to use the Platform in compliance with all applicable laws.
21. Jurisdictional issues.
The user accepts and consents that any litigation, discrepancy, question or claim derived from the fulfilment, execution or interpretation of this contract, or related to it, directly or indirectly, will be definitively resolved by the Courts and Tribunals of Seville (Spain), expressly renouncing any other jurisdiction that may correspond to him/her.
d. Legal expenses. If either party fails to comply with this agreement and the performing party files a legal claim against it, all court and out-of-court expenses corresponding to such failure shall be borne by the failing party.
f. Waiver. Failure to insist upon strict compliance with any of the terms, covenants and conditions herein shall not be deemed a waiver of such terms, covenants and conditions, nor shall it be deemed a waiver of any right or power hereunder on one or more occasions. No waiver shall be valid unless made in writing and signed by an authorized officer of Healthinn.
Except as expressly set forth in this Agreement, this Agreement may be amended or modified only by a writing approved by both parties. Similarly, when required by technical conditions, you may give fourteen (14) calendar days prior notice.
h. If any of the clauses of this Agreement is declared null and void or unenforceable, such clause shall be deemed excluded from the Agreement, without implying the nullity or unenforceability of the same. In this case, the Parties shall use their best efforts to find an equivalent solution that is valid and duly reflects their intentions and is in accordance with the purpose of the Contract Agreement.
i. The headings of the various clauses are for informational purposes only, and shall not affect, qualify or extend the interpretation of this Agreement.
ANNEX I.- TECHNICAL REQUIREMENTS
In order to access the contents and resources of the Platform and all its new features, we recommend using updated browsers and operating systems. The ReHand application must be used on a Tablet device with a screen larger than 7″ and an Operating System equal to or higher than Android 6.0.1 or iOS 11. Reports must be used on browsers above the following versions: Chrome 37, Edge 12 or iOS Safari 10.1. Dashboard must be used on browsers above the following versions: Chrome 80, Edge 80, iOS Safari 14 or Chrome Android 80.
The RehBody application must be used on Windows devices above the following technicals requirements: RAM memory 4 GB, fifth generation processor or equivalent and Intel HD Graphics 5500 graphics card or equivalent; on Android smartphone devices above the following technical requirements: memory RAM 3 GB, processor with minimum speed 2.3 GHz and Adreno 540 graphics card or equivalent; on iOS MAC devices above Apple Mac mini 2012; and on iOS smartphone devices above iPhone 6S.
If you use Chrome, Edge, or iOS Safari, as browsers it is very important that you update them to their latest version. We cannot ensure proper operation of the Platform if they are not up to date. You may experience problems if you access from an outdated version of your browser.
There are functionalities with a high load of additional content. The waiting time until the activity is fully loaded may be increased if the speed of the internet connection is slow or if the hardware of your computer or device is not powerful enough.
Healthinn cannot guarantee the proper functioning of the Platform on devices (fixed and mobile) that have obsolete operating systems, especially those on which the support of their operating system provider has ended.
ANNEX II – DATA PROCESSOR CONTRACT
The present processing contract (hereinafter, the “Processing Contract”) between you and Healthinn is entered into and shall be effective as of: (i) the time of acceptance of the General Terms and Conditions; or, if applicable, (ii) the time of signing the agreement signed between you and Healthinn to regulate the engagement and use of the Platform.
2. Processing of personal data
2.1. Scope and purpose
The purpose of this Entrustment Agreement is to comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and any applicable local regulations (hereinafter collectively the “Data Protection Regulation”) in relation to agreements between a Controller and a Processor. The Controller is the controller in relation to the processing governed by this Entrustment Agreement, and the Processor is the processor in relation to the processing governed by this Entrustment Agreement.
The processing of personal data may only be carried out by the Processor in order to fulfill the responsibilities of the Processor under this Processing Contract, in accordance with the following purposes.
The Data Processor shall not use the personal data for purposes other than those set forth in this Entrustment Agreement.
3.2. The Controller ensures that personal data is processed in accordance with the requirements of the Data Protection Regulations. The instructions of the Controller for the processing of personal data shall comply with the applicable legislation. The Controller shall be solely responsible for the accuracy, quality and lawfulness of the Personal Data and the means by which they have been obtained.
4. Specification of the processing to be carried out and identification of the corresponding information
The term of this Processing Contract shall be for the duration of the contract between you and Healthinn, according to the Terms.
Upon expiration or termination of the Entrustment Agreement, the Data Processor will anonymize all Personal Data in its possession as provided in the Processing Contract, except to the extent that applicable law requires the Data Processor to retain some or all of the Personal Data (in which case the Data Processor will archive the data and implement reasonable measures to prevent further processing of the Personal Data). The terms of this Agreement shall continue to apply to such Personal Data.
7. Obligations of the Data Processor
7.1.1. The Data Controller shall treat all Personal Data as strictly confidential information. Personal Data may not be copied, transferred or processed in any way that conflicts with the Instruction, unless the Data Controller has given its written agreement.
7.1.2. The employees of the Data Controller shall be subject to an obligation of confidentiality which ensures that the employees shall treat all Personal Data under this Instruction in strict confidence.
7.1.3. Personal Data shall only be made available to personnel who require access to such Personal Data for the provision of the service and on the basis of this Processing Contract.
7.2. Technical and organizational measures
7.2.1. The Processor shall endeavor to take appropriate technical and organizational measures against loss or any form of unlawful processing (such as unauthorized disclosure, deterioration, alteration or disclosure of personal data) in connection with the performance of the processing of personal data under this Processing Contract.
7.2.2. The Processor does not guarantee that the security measures will be effective in all circumstances. The Processor shall endeavor to ensure that the security measures are of a reasonable level, taking into account the state of the art, the sensitivity of the personal data and the costs related to the security measures.
7.2.3. The Processor shall implement the appropriate technical and organizational measures set out in this Entrustment Agreement and in the applicable law, including those in accordance with Article 32 of the General Data Protection Regulation. The security measures are subject to technical progress and development. The Data Processor may update or modify the security measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security.
7.3. Data protection impact assessments and prior consultation
7.3.1. If the assistance of the Processor is necessary and relevant, the Processor shall assist the Controller in the preparation of data protection impact assessments in accordance with Article 35 of the GDPR, together with any prior consultation in accordance with Article 36 of the GDPR.
7.4. Rights of data subjects
7.4.1. If the Controller receives a request from a data subject for the exercise of the data subject’s rights under applicable law and the correct and lawful response to such request requires the assistance of the Processor, the Processor shall assist the Controller by providing the necessary information and documentation. The Processor shall have a reasonable period of time to assist the Controller with such requests in accordance with the Data Protection Regulation.
7.4.2. If the Processor receives a request from a data subject for the exercise of the data subject’s rights under applicable law and such request relates to the Controller’s personal data, the Processor shall immediately forward the request to the Controller and shall refrain from responding directly to the individual.
7.5. Personal data breaches
7.5.1. The Processor shall immediately notify the Controller if a breach occurs that may result in the unauthorized destruction, loss, alteration, disclosure or access of Personal Data transmitted, stored or processed on behalf of the Controller (a “Personal Data Breach”).
7.5.2. The Processor shall make reasonable efforts to identify the cause of such a breach and shall take such measures as it deems necessary to establish the cause and prevent a recurrence.
7.6. Compliance Documentation and Audit Rights
7.6.1. Upon request of the Controller, the Processor shall make available to the Controller all relevant information necessary to demonstrate compliance with this Entrustment Agreement and shall permit and reasonably cooperate with audits, including inspections by the Controller or an auditor commissioned by the Controller. The Controller shall give notice of any audit or document inspection to be conducted and shall use reasonable efforts to prevent damage or disruption to the Processing Controller’s facilities, equipment and business in the course of such audit or inspection. Any such audit or document inspection shall be conducted upon reasonable prior written notice of not less than 30 days, and shall not be conducted more than once a year.
7.6.2. The Data Controller may be required to sign a non-disclosure agreement reasonably acceptable to the Data Controller before the foregoing is provided to the Data Controller.
7.6.3. The costs of the audit shall be borne by the Data Controller.
7.7. Data Transfers
7.7.1. The Data Controller shall not transfer the processed data to countries outside the European Economic Area, or in countries without sufficient guarantees to ensure an adequate level of data protection.
Google Inc. and Hubspot are the only sub-processors that process the data also in the USA. The transfer mechanism is the Standard Contractual Clauses referred to in Article 46 GDPR.
7.7.2. Transfers of personal data to a so-called third country or to an international organization described above are considered to be carried out on the instruction of the Controller for the provision of the service. Other transfers of personal data to a so-called third country or to an international organization different from the above should only be made on the instruction of the Controller.
7.7.3. In addition to the above, where the personal data does not originate from Europe, the receipt and transfer of personal data from other continents to Europe and vice versa is permitted by the Controller, and is a requirement for the provision of the service.
The Processor receives general authorization to engage third parties to process the Personal Data (“Sub-processors”) without obtaining any further specific written authorization from the Controller, provided that the Processor notifies the Controller in writing of the identity of a potential Sub-processor before any agreement with the relevant Sub-processors is entered into and before the relevant Sub-processor processes any of the Personal Data. If the Controller wishes to object to the relevant Sub-Processor, the Controller shall notify the it in writing within ten (10) working days of receipt of the notification from the Processor. The absence of any objection by the Data Controller shall be deemed to constitute consent to the relevant Sub-Processor.
Currently, the Controller employs the following Sub-Processors:
-Microsoft Azure: For, among others, the provision of Infrastructure and Platform Services, computing capacity, storage and database services, security services and technical maintenance services, which we use for the operation of our solutions and, thereby, the provision of the Service.
-Google Inc. (Gmail): For, among others, the sending of follow-up reports to the Associate Therapist Account and the management and resolution of technical issues and communications via email.
-HubSpot: for, among others, the sending of marketing information, customer management, and provision of relevant information about the Platform such as clinical trial results, use cases and updates, and for the management and resolution of reported technical issues.
9.1. The Controller shall ensure that the processing of personal data under this Processing Contract complies with the applicable Data Protection Regulations, and shall ensure a legal basis for the processing of personal data that the Controller, by means of the Entrustment Agreement, assigns to the Processor, as well as ensure that the instructions provided by the Controller to the Processor in relation to the processing comply with the Data Protection Regulations.
9.2. The Processor is subject to and complies with all consumer and user regulations of Spain and the European Union, and is governed by such legislation, and shall therefore assist the Controller with appropriate technical and organizational measures only to the extent possible, for the fulfillment of the Controller’s obligations under the Data Protection Regulations.
9.3. In this sense, we will respond with respect to penalties, fines or any type of claim only in accordance with the consumer and user regulations of Spain and the European Union, according to which it is governed, this being expressly accepted by you.
10. Obligations of the Data Controller
It is incumbent upon the Data Controller
a) Submit the data referred to herein to the Processor.
b) Conduct an assessment of the impact on the protection of personal data of the processing operations to be carried out by the Controller, whenever it considers it likely that, by their nature, scope, context or purposes, they pose a high risk to the rights and freedoms of natural persons. A single assessment may address several similar processing operations involving similar high risks.
c) Carry out appropriate prior consultations.
d) Ensure, before and during processing, compliance with the GDPR and other applicable data protection laws and regulations.
e) Supervise the processing, including inspections and audits.
TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES EX ART. 32 GDPR
✓ Encryption (Logical security control).
Our digital solution relies on encryption methods to address the needs of compliance with the General Data Protection Regulation (GDPR). ReHand implements encryption of certain sensitive data both in transit and at rest. Data is sent via HTTPS, and stored in an encrypted database.
Each API call uses HTTPS/TLS encryption, a portion of the data is encrypted at rest and passwords are encrypted.
✓ Pseudonymization (Logical security control).
Personal data are separated into several data tables. Each patient is assigned an identification number, without which personal data can no longer be attributed to a specific data subject.
✓ Access control (Logical security control).
✓ Authentication and access control (or authorization) by means of access control policies (also called permissions).
All actions carried out on data are recorded (audit logs).
Access control to personal data is implemented. A user name and password are required to access them.
✓ Passwords (Logical security control).
Passwords protected by encryption.
✓ Minimization of the amount of personal data (Logical security control).
We reduce the volume of stored data, only collecting and accessing personal data fully necessary for service provision.
✓ Limited storage duration (Logical security control).
Appropriate data retention procedures have been adopted.
✓ Processor contracts (Physical Security Control).
We only use sub-processors who can provide sufficient guarantees.
✓ Network security (Physical Security Control).
The network security of the servers is provided by the sub-processor, Microsoft Azure, which provides the following technical measures: Access control lists, perimeter router security (“edge router security”) or Network segmentation to provide physical separation.
✓ Personnel management (Organisational control).
Heathinn ensures that all its employees are adequately informed about the security controls of the technological systems that relate to their daily work. Employees involved in the processing of personal data have been properly informed about the relevant data protection requirements and legal obligations.
✓ Relations with third parties (Organisational control).
Guidelines and procedures regarding the processing of personal data by controllers (contractors/subcontractors) have been taken into account by Healthinn in the Data Protection Impact Assessment.
✓ Traceability (logging) (Logical security control).
Audit: All records of logging operations are stored in the database. The system tracks who accesses your data, when it was accessed and from where.
✓ Operational Security (Physical Security Control).
All our versions undergo documentation and testing processes, which ensure optimal software quality and freedom from bugs.
✓ Organization (Organisational Control)
Internal roles and responsibilities for data protection are clearly defined.
✓ Integrate privacy protection into projects (Organisational control).
We implement data protection by design and by default in our technology and in our projects.
C. Availability and resilience.
✓ Backups (Physical Security Control).
Regular backups of database information are performed regularly through Azure.
✓ Maintenance (Physical Security Control).
Physical maintenance of the servers is performed by the sub-provider, Microsoft Azure https://docs.microsoft.com/en-us/azure/security/.
✓ Physical Security Control.
We rely on our sub-processor, Microsoft Azure, to limit the risks of unauthorized persons physically accessing the servers where personal data is stored.
✓ Hardware Security (Physical Security Control).
Controls related to the physical security of servers.
✓ Protection against malicious software (Physical Security Control).
Use of security programs (virus scanners, firewalls, encryption programs).
✓ Management of workstations (Physical Security Control).
Measures have been taken to manage employee workstations.
✓ Protection against non-human sources of risk (Physical Security Control).
We rely on our subprocessor, Microsoft Azure, for prevention and protection of systems.
✓ Privacy risk management (Organizational Control).
Risk assessments and policies to control the risks that the processing operations performed pose to data protection and data subject privacy have been carried out and clearly analyzed and defined.
✓ Management of personal data breaches (Organisational control).
Appropriate personal data security breach procedures have been adopted.