Terms of Use

This agreement is written in Spanish. If there is a conflict between a translated version and the Spanish version of these terms, the Spanish version will prevail, to the extent permitted by applicable law.

These Terms of Use (the “Terms of Use” or the “Agreement” ) constitute a contract between you, or in the event that you represent or are using the Products and Services on behalf of a company or other entity, between such company or entity (in any case, “you”) and INNOVAHEALTH SL (“Healthinn”, “we”, “us” or “our”) with VAT number ES-B-90.286.170, with registered office at José Galán Merino St, nº6, module 7, 41015, and registered in the Mercantile Register of Seville in Volume 6.258, sheet 185, section 8, page SE-111.288, 1st inscription and with the following contact details: [email protected].

These Terms of Use govern their License and Account (as defined herein), your use, and your use of our Services available through the website www.rehand.net or www.rehbody.net (collectively, the “Web”) and, through our prescription (Generator), treatment (application for patients – ReHand and/or RehBody, depending on your contracting -), monitoring (Reports) or control (Dashboard) systems (collectively, the “Platform”). Services are understood to be all those functionalities and benefits available and contained both on the previously mentioned website and the Platform and which are the subject of recruitment by this agreement. If you are a company or other entity, the person who enters into these Terms of Use on your behalf hereby declares that he or she is an employee or agent of such company or other entity and has the authority to enter into these Terms of Use on behalf of the company.

If you are a company or other entity that has entered into a specific License of Use Proposal with Healthinn, the terms of said Proposal shall prevail in all cases with respect to those contained in these Terms of Use, which shall only be of supplementary application.

NOTICE: PLEASE READ THE FOLLOWING TERMS OF USE, OUR PRIVACY POLICY AND ALL APPLICABLE SUPPLEMENTAL TERMS (COLLECTIVELY, THE “TERMS”) BEFORE PROCEEDING. BY CREATING AN ACCOUNT OR USING THE PLATFORM, YOU AGREE TO THE TERMS. IF YOU ACCESS OR USE THE PLATFORM, YOU ACKNOWLEDGE THAT YOU COMPLY WITH THE REQUIREMENTS CONTAINED IN THESE TERMS OF USE AND AGREE TO BE BOUND BY THIS AGREEMENT.

YOUR ACCESS TO THE PLATFORM AND/OR USE OF THE SERVICES IS CONDITIONED ON YOUR ACCEPTANCE AND COMPLIANCE WITH ALL APPLICABLE TERMS. If you do not agree with these terms or with our Privacy Policy, please stop using the services and the platform immediately. We reserve the right to modify these Terms at any time (see “Modifications to these Terms” below). By accessing, browsing and/or using the Services after updates to these Terms have been posted, you agree to be bound by the updated Terms. THESE TERMS CONSTITUTE A BINDING AGREEMENT BETWEEN YOU AND HEALTHINN.

These Terms of Use are effective from the date you first create an Account or access the Platform (the “Effective Date”), whichever occurs first.

If you access the Services from a location outside Europe and/or if you use the Services to provide access to patients who will access them from a location outside Europe, you do so at your own risk and are solely responsible for compliance with any applicable laws, rules and regulations in your jurisdiction, including export laws and any local rules and laws regarding online conduct and content.

1. Definitions.

The terms used in this Agreement shall have the definitions contained herein or, if not defined in this Agreement, shall have their meaning in plain Spanish, as commonly interpreted in Spain.

2. Additional Terms.

Healthinn or our affiliates may require you to follow additional rules, guidelines or terms and conditions (“Additional Terms”) to access and use various features of the platform and/or Services offered, to participate in certain available promotions, or to receive other services offered from time to time (“Additional Services”). Before accessing or using the Additional Services, you will be asked to accept the applicable Additional Terms. Any Additional Terms that you accept through the Platform will become part of these Terms of Use. If any Additional Terms differ from the terms of these Terms of Use, the Additional Terms will take precedence over the terms of these Terms of Use, but only with respect to the matters governed by the Additional Terms.

3. Disclaimer of liability for treatment prescribed by therapists or researchers.

Healthinn is not responsible for the treatment prescribed by any Therapist, Physician, Researcher and/or health care professional (individually or collectively, the “Therapist”), regardless of whether the “Therapist” uses the Platform or Services to provide therapy. Healthinn has no control over the “Therapist” and is not responsible for the “Therapist”. Regardless of these Terms of Use, any “Therapist’s” access to and use of the Platform may also be subject to any other agreement you may have entered into (or will enter into).  Notwithstanding any other agreement, these Terms of Use will continue to apply to your use of the Services.

4. Services.

Subject to your compliance with these Terms of Use, you may create an Account and we will provide you with Services through the Platform for the type of Account you select (“Services”), including the storage, processing and analysis of your patients’ exercise data, the prescription of these programs and monitoring through the receipt of reports, as well as any other content that you or a Therapist (as defined below) establish through your Account as a professional (“User Content”) along with any additional Services that may be offered to you from time to time. 

We reserve the right, at any time, to modify the Platform or Services by making the modification available on the Platform or by providing you with other notification in the terms of stipulation 19 “Modification of the Conditions”. In this sense. Any modification will be effective immediately upon posting on the Platform or any other notice. You will be deemed to have accepted such modification if you use the Platform or the Services after the publication of such modification.

For adequate access and use of the platform it is required that the client, administrator, professional and user have the technical requirements that are attached to this contract as ANNEX I.

5. Types of accounts.

We designate several types of Accounts (each, an “Account”) that provide different functionality to different users of the Platform;

a. A “DEMO Account” allows you limited access to view and test certain content on the Platform that is limited in both quantity and time.

b. A “User Account” allows a patient to access, through the application for patients, the exercise program and questionnaires set up by his/her Therapist. The User Account is unique, personal and non-transferable. The User Account is always linked to a specific Associate Therapist Account (hereinafter referred to as Associate Therapist Account or Your Therapist). Healthinn shall not be liable for misuse or negligence of the User Account or for the use of the account by any third party other than the individual patient for whom a user account  has been created by the therapist.

c. A “Therapist Account” allows a Therapist to use “Dashboard” in order to configure and monitor their patients’ exercise programs. It allows you to set up and monitor exercise programs to unlimited “User Accounts”, provided that each User Account created corresponds to a single patient, and that those patients are under the supervision of the Therapist who holds the Therapist Account. A Therapist Account is unique, personal and non-transferable. The Therapist Account may be linked to a particular associated hospital account (“Associated Hospital Account” or “Your Hospital”), if that account has given you access by virtue of being your employer. Healthinn is not responsible for the improper or negligent use of the Therapist Account, as well as the use of such account by third parties other than the specific health professional for whom the Therapist Account has been created.

d. A “Hospital Account” allows you to create unlimited Therapist Accounts on the Platform, provided that the Therapist who holds the Therapist Account is an employee of the Hospital who has the capacity to treat patients, and that such Therapist Accounts correspond to one per Therapist.

6. Account registration; Account settings; Passwords.

a. Age restrictions. You may not use the Platform unless you are 18 years of age or older. If you are the parent or guardian of a minor under the age of 18 (hereinafter referred to as the “minor”), you may use the Platform and allow the minor to use the Platform and Services under your direct supervision. You will be solely responsible for all access and use by the minor in your care.

b. Your account information. By creating an Account on the Platform, you AGREE THAT:

b(i) you comply with any age restrictions for use of the Platform, and

b(ii) the information you have provided in your registration (“Account Information”) is true, accurate, current and complete. Upon any change to such information, you will immediately maintain and update your Account Information using the functionality provided through the Platform to be true, accurate, current and complete, or you will notify us in writing when modification is not possible through the Platform.

c. Passwords. You are responsible for maintaining the confidentiality of your password and are not permitted to share or disclose your password to anyone else. You will be solely responsible for the activities of anyone accessing the Platform using any password assigned to you, even if the person is not, in fact, authorized by you. If you have reason to believe that your password has been compromised or used without authorization, you must change it promptly, using the functionality provided in the applicable Platform, or notify us in writing when modification is not possible through the Platform. In the event that we or your Therapist have provided you with a dummy email and/or temporary password for access to your Account, you must change them to a real operational email of your personal ownership and/or password set by yourself. We encourage you to use “strong” passwords (passwords that use a combination of upper and lower case letters, numbers and symbols). We are not responsible for your decision to continue with fictitious mail and/or temporary passwords. Healthinn cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.

d. Therapist passwords. If your Account is linked to a Hospital Account, the person or entity to whom your Account is linked will have access to your Account to view or modify the Content of your Account. In addition, specific members of Healthinn will have access to certain content on the Account to resolve support requests.  

7. Termination of service.

a. Termination. We will provide the Services for your particular Therapist or Hospital Account. By contracting for such Services, a License Agreement is entered into by the parties and shall be effective until terminated, beginning at the time of payment, the signature of a specific Proposal of License of Use, or from the registration of your Account, whichever occurs first, unless your contract is terminated before the end of the term as permitted in these Terms of Use.

b. Termination by us. We reserve the right to disable your password and terminate your access to your Account, regardless of the type of account you have, if:

(i) you fail to comply with these Terms of Use, including without limitation, failing to comply with password restrictions or providing false account information;

(ii) for a DEMO Account, without the necessity of any specific event. If we do so, we may also choose to remove the information from your Account and the actions taken on it; or

(iii) you have chosen not to renew your Software License Agreement and/or not to pay your fees.

c. Termination of your User Account by the Therapist or the Associated Hospital Account. If you have a User Account, your Therapist or the Associated Hospital Account has the right to terminate, or instruct us to terminate, your User Account. We have the right to cancel your User Account after receiving instructions from your Therapist or the Associated Hospital Account. If your Therapist or the Associated Hospital Account cancels your User Account or instructs us to cancel it, you will no longer have access to your User Account, unless there is an express request to that effect from the Therapist or the Associated Hospital Account that has cancelled your Account or instructed us to cancel it, provided that the Software License Agreement is in effect. 

d. Termination of your User Account for non-renewal of the Associate Therapist Account or the Hospital Account associated with Your Therapist. If Your Therapist or Your Therapist’s Associated Hospital Account is not renewed or cancelled, or we are instructed not to renew or to cancel their accounts, we have the right to terminate your User Account. 

e. Termination of your Therapist Account by the Associated Hospital Account. If you have a Therapist Account associated with a Hospital Account, the Associated Hospital Account has the right to terminate, or instruct us to terminate, your Therapist Account. We have the right to cancel your Therapist Account after receiving instructions from the Associated Hospital Account. If the Associated Hospital Account cancels your Therapist Account or instructs us to cancel it, you will no longer have access to your Therapist Account, unless there is an express request to that effect from the Associated Hospital Account that has cancelled your Account or instructed us to cancel it, and provided that the Software License Agreement is in effect.  

f. Termination of your Therapist Account for non-renewal of the Associated Hospital Account If the Associated Hospital Account fails to renew or cancels your account, or instructs us not to renew or cancel your account, we have the right to terminate your Therapist Account. 

g. If you choose to re-designate your Therapist Account that was linked to a Hospital Account as a Therapist Account in its own right, the terms of these Terms of Use applicable to Therapist Accounts will apply to your Account, including payment of applicable fees (if any). If you choose not to re-designate your Account as a Therapist Account, we may terminate it. 

h. Termination by you. If you notify us that you wish to terminate your Account, regardless of the type of account you have, we will immediately take steps to terminate your Account. Upon such termination, we will elect to return, delete and/or anonymize your Account information or Content. We will not provide any refunds if your Account is terminated under this Section. The early termination of the agreement by you will not in any way entitle you to a refund of the amount paid for the period of time or if you cease to use the product you have signed up for.

i. Other termination or modification. In addition to the above cancellation rights, we have the right to cancel the Services at any time or to modify or change the Services to remove any or all of the Services. In the event that any or all of the Services provided are deleted by unilateral decision of Healthinn, you have the right to request immediate termination and cancellation of your account, with a right to a refund of the unused portion of the fee. This right does not apply when there has been a breach by you under the terms of clause 11 of this document.

8. No medical advice.

THE CONTENT THAT WE PROVIDE THROUGH THE PLATFORM AND THE WEBSITE, INCLUDING ALL TEXT, PHOTOGRAPHS, IMAGES, ILLUSTRATIONS, GRAPHICS, AUDIO CLIPS, VIDEO AND AUDIO-VIDEO AND OTHER MATERIALS, WHETHER PROVIDED BY US OR BY OTHER USERS OR THIRD PARTIES, IS NOT INTENDED TO BE AND SHOULD NOT BE USED IN LIEU OF: 

A) THE ADVICE OF YOUR PHYSICIAN OR OTHER MEDICAL PROFESSIONALS; 

B) A VISIT, CALL OR CONSULTATION WITH YOUR DOCTOR OR OTHER MEDICAL PROFESSIONALS; OR 

C) INFORMATION CONTAINED ON ANY PRODUCT PACKAGING OR LABEL. 

OUR CONTENTS DO NOT CONSTITUTE MEDICAL ADVICE. IF YOU HAVE ANY HEALTH CARE RELATED QUESTIONS, PLEASE CALL OR CONSULT YOUR DOCTOR OR OTHER HEALTH CARE PROVIDER PROMPTLY. 

IF YOU HAVE AN EMERGENCY, CALL YOUR DOCTOR OR THE EMERGENCY NUMBER IMMEDIATELY YOU SHOULD NEVER DISREGARD MEDICAL ADVICE OR DELAY SEEKING MEDICAL ADVICE FOR ANY CONTENT PRESENTED ON THIS PLATFORM. 

THE TRANSMISSION AND RECEIPT OF OUR CONTENT, IN WHOLE OR IN PART, OR COMMUNICATION VIA THE INTERNET, EMAIL OR OTHER MEANS DOES NOT CONSTITUTE OR CREATE A DOCTOR-PATIENT, THERAPIST-PATIENT OR OTHER HEALTH CARE PROFESSIONAL RELATIONSHIP BETWEEN YOU AND US. 

HEALTHINN IS NOT A HEALTH CARE PROVIDER.

9. Privacy Policy Consent.

a. You and Healthinn declare that we are aware of and are obliged to comply with the provisions of the applicable regulations on the protection of personal data; specifically, Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, and on the free movement of such data (hereinafter, “GDPR”).

b. By accepting the Terms of Use, you also agree to abide by: (i) the terms of our online Privacy Policy posted on our website www.rehand.net or www.rehbody.net (our “Privacy Policy”), both the general Privacy Policy and the specific one for each type of Account, in case there is a specific one for your type of Account; and, provided that you are the data controller, with (ii) the Processing Assignment Agreement included as APPENDIX II (hereinafter, the “Processing Contract”). In this regard,before using the Platform or Services or any Account, please carefully review our Privacy Policy and Processing Contract. Any personal data you provide to us as a result of entering into a contractual relationship, use of the Platform, the Services or any Account, will be handled in accordance with these Terms of Use, our Privacy Policy and the aforementioned Processing Contract. We reserve the right to monitor your communications with us, whether by mail, voice, email or any other form of transmission, for quality control, security and other business needs.

c. Without limiting any rights under the Privacy Policy, we shall have the right to collect, extract, compile, synthesize and analyze non-personally identifiable data or information (data or information that does not identify a natural person as the source of the data or information) resulting from your access to the Platform and your use and operation of the Services. To the extent that any of this data or information is collected or generated by us, and provided that it is processed to anonymize it for the purpose of non-identification of users, by accepting these Terms of Use you agree that the data and information obtained through our Platform may be used purely for statistical purposes and for marketing of the software in terms of treatment results, number of patients treated, etc. for eventual publication in written or telematic media, without disclosing identifying data in any case.

Likewise, with the acceptance of these Terms of Use you authorize us to advertise the existing commercial relationship through our website or any written or telematic media, including your logo or any identifying element of the same, for promotional purposes.

10. Price and payment conditions.

If you access an User Account, the terms of this Clause do not apply to you, as such terms are agreed upon with the holder of your Associated Therapist Account or your Associated Hospital Account.

If you access a Hospital Account or access a Therapist Account whose access to the Platform is provided by your hospital or healthcare entity to which you belong, i.e., you have an Associate Hospital Account, and you or an officer of your entity has formalized a Proposal for a license to use the Platform, the terms of this Clause do not apply to you since the price and form of payment are set forth in such Proposal that Healthinn formalizes with your hospital or healthcare entity.

Subscriptions

You agree to pay in advance the monthly or annual subscription fee(s) at the rates in effect at the time the charges are incurred, including any applicable taxes. Any change in subscription fee(s) will be effective for the next billing period after we notify you of the change.

YOU ARE RESPONSIBLE FOR PROVIDING HEALTHINN WITH DATA FROM A VALID CREDIT CARD OR PAYMENT ACCOUNT AND PAYING ALL FEES ON TIME.

Healthinn chooses the third party payment processor “Stripe” to carry out the payment management in the contracting and renewal. Therefore, the client, via these general conditions, authorises and consents to any actions that may be necessary for this management to be carried out.

Healthinn’s third party payment processor will automatically charge the credit card or payment account associated with your account at the beginning of the billing period, and billing will automatically repeat at monthly or annual intervals until you terminate your account. If you wish to designate a different credit card or payment account, or if there is a change in your credit card or payment account status, you must change your account information by notifying us in writing at [email protected]; this may temporarily interrupt your access to your account while Healthinn’s third party payment processor verifies your new payment information. Any change in your chosen payment method will be effective for the next billing period. During the term of your subscription, you may choose to cancel your subscription early, but no refund will be made. Likewise, we will not offer a refund if you decide to stop using the subscription during the Subscription Term.

Healthinn itself does not collect or store payment card information.

If Healthinn’s third-party payment processor is unable to successfully charge your credit card or payment account for fees due, we reserve the right to revoke or restrict access to your account, or cancel your account. If you cancel your account for any reason or if we cancel your account due to your default, such cancellation will be effective immediately, and you will not receive a refund of any amounts you have already paid for that billing period. In addition, you agree to reimburse us for collection fees and interest earned for non-payment of any past due amounts.

We may contact you by email regarding your account for reasons including, but not limited to, a problem with your credit card or payment account.

We may contact you by email regarding your account for reasons including, but not limited to, a problem with your credit card or payment account.

By accepting the Terms of Use, the customer expressly consents to the sending of invoices and/or receipts relating to the provision of the contracted account by telematic means, as indicated in the applicable regulations on this matter.

Each Party informs the other that the data may be transferred, where appropriate, to the Tax Agency and other public administrations, for the purposes of carrying out the corresponding tax declarations and complying with the applicable regulations.

11. Ownership of the platform and content.

a. Content. The Platform and Content are protected by applicable intellectual property laws, possessing the copyright and intellectual property rights thereof. 

b. Content License. We hereby grant you a personal, limited, revocable and non-sub licensable license to screen printing some part of the Content of the Platform to which you have properly accessed for an exclusively personal and never divulgative use, provided that you refer to us as its creators and with the limitations set out in the section “Restrictions on the Platform”. The foregoing license is subject to these Terms of Use and does not include the right to use any data mining, robots or similar automated means or methods to access any Content on the Platform. This license is revocable by Healthinn at any time without notice and with or without cause.

c. The license of use that Healthinn grants you does not imply a definitive transfer of the Software nor of any of the rights that we hold over it. You, nor any of the users of your staff of employees, collaborators, partners or administrators, may not, therefore, transmit, assign or sublicense, directly or indirectly, in whole or in part, the rights granted herein, unless you obtain our express, prior and written consent; nor decompile, reproduce, copy, modify or manipulate, in whole or in part, any content of the Software.

In the event of your infringement of intellectual property rights and in accordance with the provisions of Article 140 of the Intellectual Property Law, you shall (without prejudice to any subsequent actions for recovery that you may bring against the infringer from among your employees, collaborators, partners or administrators) indemnify us for damages caused in a sum that includes both the value of the loss we have suffered and the value of the profit that we have ceased to obtain. This amount shall be fixed, at our option, according to one of the following criteria:

(i) The negative economic consequences, including the loss of profits we have suffered and the profits that the infringer has obtained from the unlawful use.

In the case of moral damage, compensation shall be payable, even if the existence of economic damage has not been proven. The assessment shall be based on the circumstances of the infringement, the seriousness of the injury and the degree of unlawful dissemination of the work.

(ii) The amount we would have received as remuneration if the infringer had requested authorization to use the intellectual property right in question.

d. Content restrictions. Unless Healthinn expressly grants you the rights to do so under an agreement separate from these Terms of Use, you may not and must not allow others to copy, distribute, publicly perform or display, prepare derivative works based on, disseminate, exploit or use any of the Content of the Platform, except as expressly provided in these Terms of Use, without our prior written permission. Any use of the Platform, including the Platform Content, other than that specifically authorized in these Terms of Use (or any separate agreement with Healthinn) is strictly prohibited and will terminate the license granted herein. Such unauthorized use may also violate applicable laws, including copyright and trademark laws and applicable communications regulations and statutes. You shall not remove, modify or obscure any copyright, trademark or other proprietary notices from any Content.

e. Software. Unless otherwise expressly stated in a license or other agreement separate from this Agreement that you have entered into (or may enter into) with us in connection with any software, code or API available or accessible through the Platform or the Services (collectively, “Software”) (each such license or other agreement, a “Software License Agreement”), we grant you a personal, limited and non-exclusive license to download, install, run and use the Software in accordance with any instructions we provide to you, solely for your own business purposes in connection with your access to and use of the Platform and the Services. Except as expressly set forth in the preceding sentence (or in any applicable Software License Agreement), you are not granted any license or rights, whether by implication, estoppel or otherwise, in or to any Software or any intellectual property rights therein or related thereto, and you may not modify, reproduce, perform, display, create derivative works from, republish, post, transmit, participate in the transfer or sale of, distribute or otherwise exploit any portion of the Software without our prior written permission. Except as provided in this Agreement, any Software License Agreement shall control in the event of a conflict between the terms of this Agreement and that Software License Agreement. At our discretion, we may make available future updates to the Software, if any, which will not necessarily include all existing software features or new features that we release for newer or other products and our Platform.

f. Comments. We encourage you to give us your opinion, comments, ideas and suggestions to improve, expand and modify the Services (“Feedback”). You can send us your comments by email to [email protected]. You acknowledge and agree that all Feedback you provide to us, regardless of the channel of delivery, (i) will be treated as non-confidential, and (ii) will be the sole and exclusive property of Healthinn. Without limiting the foregoing, you acknowledge that your Feedback may be disseminated or used by Healthinn or its affiliates for any purpose, including developing, improving and marketing products. You hereby irrevocably transfer and assign to Healthinn all of your right, title, and interest in and to all Feedback, including all worldwide patent, copyright, trade secret, moral rights and other proprietary or intellectual property rights, and waive any moral rights you may have in such Feedback.

Platform restrictions.

You acknowledge that the Services, the Content, the Platform, the Software and all other databases, software and other technology used to provide the Services and operate the Platform (collectively, our “Technology”) and its structure, organization and underlying data, information and source code constitute our valuable trade secrets. You will not and will not allow any third party to:

(i) access or use the Technology, in whole or in part, except as expressly provided in these Terms of Use;

(ii) use the Technology in any unlawful manner or in any other manner that could damage, disable, overburden or impair the Technology;

(iii) use automated scripts to collect information from or otherwise interact with the Technology;

(iv) alter, modify, reproduce, or create derivative works from the Technology;

(v) distribute, sell, resell, lend, loan, lease, license, sublicense or transfer any of your rights to access or use the Technology, including, without limitation, providing third party outsourcing, consulting, hosting, providing application services or online services, or making the Technology, or access to it, available to any third party;

(vi) reverse engineer, disassemble, decompile or otherwise attempt to derive the source code or method of operation or any trade secrets incorporated into the Technology;

(vii) attempt to circumvent or overcome any technological protection measures designed to restrict access to any part of the Technology;

(viii) use the Technology to monitor its availability, performance or functionality, or for any other reference or competitive purpose; or

(ix) interfere in any way with the operation or hosting of the Technology, or attempt to gain unauthorized access to the Technology;

(x) prepare derivative works of the Services;

(xi) circumvent our systems, policies and determinations regarding the status of your account, including attempting to access or use the Services if your account has been suspended or terminated or if you have been temporarily or permanently prohibited or blocked from using the Services;

(xii) access, search, collect information from or otherwise interact with the Services, whether by manual methods or by using any software, device, script or robot, or by any other means (automated or otherwise), including “scraping”, “crawling” or “scratching” the Services, to systematically retrieve content in order to create or compile, directly or indirectly, in single or multiple downloads, a collection, compilation, database, directory or similar;

(xiii) interfere with, disrupt, damage or compromise the Services or our systems or the access of any user, host or network in any way, including through the use of viruses, cancel bots, Trojan horses, harmful code, flood pings, denial of service attacks, backdoors, packet or IP spoofing, forging email routes or address information or similar methods or technologies or by overloading, flooding, spamming, email bombarding the Services or imposing an unreasonable or disproportionately large load on the Website or Application;

(xiv) access, manipulate or use non-public areas of any of Healthinn’s Services, computer systems or the technical delivery systems of Healthinn’s suppliers;

(xv) probe, scan or test the vulnerability of any Healthinn system or network or its providers, or breach or circumvent any security or authentication measures on such system or network;

(xvi) prevent, circumvent, remove, disable, impair, decrypt or otherwise circumvent any technological measures implemented by Healthinn or any of Healthinn’s providers or any other third party to protect the Services;

(xvii) forge any TCP/IP packet header or any part of the header information in any e-mail or posting, or otherwise use the Services to send altered, misleading or false information to identify the source;

(xviii) attempt to do any of the foregoing, or advocate, encourage, assist or allow any third party to do any of the foregoing;

(xix) publish by any written, telematic or other means any content of the platform, detailing in detail the form of work that includes the Services of the same.

Research.

Healthinn reserves the right to investigate and prosecute violations of any and all reports, complaints and grievances, or any other suspected misconduct or violation of law to the fullest extent of the law.

Without limiting the foregoing, you acknowledge that Healthinn has the right, but not the obligation, at any time and without notice, to monitor access to or use of the Services by any user if we believe in good faith that it is reasonably necessary (i) to comply with any law or regulation or to satisfy any legal process or governmental request (e.g., a subpoena, warrant, order or other request from a court, administrative agency or other government body), (ii) to respond to claims asserted against Healthinn, (iii) to enforce and ensure a user’s compliance with the Terms, including investigating possible violations, (iv) to conduct risk assessments, and prevent, detect and investigate incidents of fraud, security and technical issues, (v) to protect the rights, property or safety of Healthinn, its users or members of the public, and (vi) for the purpose of operating and improving the Services (including for customer support purposes).

Cooperation of the users.

You agree to cooperate and assist Healthinn or its representative in good faith in any such investigations, including providing us with such information as we may reasonably request.

Account Suspension and Termination for Failure to Comply.

We may, in our discretion, without liability to you and without limiting our other remedies, with or without notice and at any time, decide to limit, suspend, deactivate or terminate your account in response to a suspected breach of the Terms, and take technical and legal steps to prevent you from using our Services. If Healthinn has suspended your account due to your actual or suspected breach of the Terms, such suspension will continue until the suspected breach is remedied or otherwise resolved to Healthinn’s reasonable satisfaction.

Once your account is terminated, Healthinn may retain your personal data for as long as necessary to comply with our legal obligations, resolve disputes or as otherwise permitted by law.

Policy implementation.

When a problem arises, we reserve the right to consider that user’s performance history and specific circumstances in applying our policies, and to determine the degree of rigor with which those policies should be applied in an effort to achieve a fair outcome for all parties involved.

12. Violation of copyright.

a. Claims of Copyright Infringement. If you have reason to believe that any of the Content on the Platform infringes the copyrights of others, please notify us immediately using the contact information provided below. It is our policy to investigate any allegations of copyright infringement that are brought to our attention.

b. Notification of Claimed Copyright Infringement. If you are the owner of the copyright (or are authorized to act on behalf of the owner of the copyright), please notify us immediately if you believe that (1) any Content displayed on the Platform infringes your copyright or (2) any links posted on the Platform link to materials that infringe your copyright. As soon as we receive your notification of alleged infringement, in the manner described below, we will promptly remove or disable access to the allegedly infringing materials (or that are the subject of infringing activity). Your notification must be in writing and must include the following:

(i) a description of the copyrighted work that you believe has been infringed (or if you believe that multiple copyrighted works have been infringed, a representative list);

(ii) a description of the material that you believe is infringing or is the subject of infringing activity, together with sufficient information to enable us to locate the material on the applicable Platform; sufficient information to allow us to contact you, such as your name, address, telephone number and, if possible, e-mail address;

(iii) a statement that you have a good faith belief that the allegedly infringing use of the material was not authorized by the owner of the exclusive right that is allegedly infringed (the “copyright owner”), an agent of the copyright owner, or the law;

(iv) statement that all information you have provided is accurate; and

(v) a statement, made under penalty of perjury, that you are the copyright owner or authorized to act on the copyright owner’s behalf.

c. Your Notice. Your notice must be signed (physically or electronically) and must be addressed to: [email protected].

13. Registered trademarks.

a. Ownership of trademarks. The trademarks used or displayed on the Site and Platform (“Trademarks”) are registered and unregistered trademarks of Healthinn and its licensors or affiliates. Access to the site and Platform does not constitute a license to use any Trademark and you may not use any of the Trademarks displayed on the Platform without the express prior written permission of Healthinn or the owner of the trademark.a. Ownership of trademarks. The trademarks used or displayed on the Site and Platform (“Trademarks”) are registered and unregistered trademarks of Healthinn and its licensors or affiliates. Access to the site and Platform does not constitute a license to use any Trademark and you may not use any of the Trademarks displayed on the Platform without the express prior written permission of Healthinn or the owner of the trademark.

14. Links to the Platform and RSS feeds.

a. We grant you permission to create hyperlinks to the home page of www.rehand.net and/or www.rehbody.net. In addition, you are granted the right to implement links from Healthinn social networks for your personal, non-commercial use only as described in the Platform. We reserve the right to revoke these licenses generally, or your right to use specific links, at any time, with or without cause. If you wish to obtain a license to use, distribute or otherwise present our social networking channels for commercial purposes, please contact us at [email protected] and request a license for commercial use. Under no circumstances may you include the Platform or any of its Content or copy parts of the Platform to a server. When accessing a page or image on the Platform from a link (including social network feeds) that appears on your web Platform, each page and image within the Platform must be displayed in its entirety, without any frame, border, margin, design, brand, trademark, advertising or promotional materials that were not originally displayed on the applicable page within the Platform. If you wish to link to any part of the Platform other than that described here, you must sign a separate agreement with Healthinn.

15. Third party platforms.

The Platform may contain links to websites operated by other entities. If you decide to visit any linked Platform, you do so at your own risk and it is your responsibility to take all protective measures to prevent viruses or other destructive elements. We do not warrant or represent, or endorse, any linked website or the information contained therein, or any of the products or services described therein. ReHand is available for download both in App Store and Google Play Store, whose conditions are own and independent of these Terms of Use, and of which Healthinn is not responsible.

16. Warranties; Disclaimer.

a. EXCEPT AS EXPRESSLY PROVIDED HEREIN, HEALTHINN HEREBY EXPRESSLY DISCLAIMS, AND YOU DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO THE RESULT OF THE SERVICES, OUR CONTENT, AND ALL SOFTWARE, PRODUCTS OR SERVICES DESCRIBED OR AVAILABLE THROUGH THE PLATFORM, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. WE ARE NOT RESPONSIBLE FOR ANY ACTIONS OF A THERAPIST OR RESEARCHER RELATED TO THE USE OF THE PLATFORM. YOU WILL NOT BRING ANY CLAIM YOU MAY HAVE AGAINST A SPONSOR, THERAPIST OR HOSPITAL AGAINST HEALTHINN.

b. HEALTHINN DOES NOT GUARANTEE: THAT THE SERVICES WILL MEET YOUR REQUIREMENTS; THAT THE PLATFORM WILL BE UNINTERRUPTED, TIMELY, UPDATED, SECURE OR ERROR-FREE OR THAT THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE PLATFORM WILL BE ACCURATE OR RELIABLE; THAT THE QUALITY OF ANY PRODUCT, SERVICE, INFORMATION OR OTHER MATERIAL OBTAINED BY YOU THROUGH THE PLATFORM WILL MEET YOUR EXPECTATIONS. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM HEALTHINN OR THROUGH THE PLATFORM SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THE TERMS OF USE. WE DO NOT WARRANT THAT THE PLATFORM SERVERS, THE PLATFORM CONTENTS, THE E-MAILS SENT BY US, OR THE PRODUCTS OR SERVICES AVAILABLE ON THE PLATFORM, IF ANY, ARE FREE OF ANY HARMFUL COMPONENT (INCLUDING VIRUSES). 

17. Limitation of liability.

a. TO THE EXTENT PERMITTED BY APPLICABLE LAW, WE, ON BEHALF OF OURSELVES AND OUR MANAGERS AND SENIOR MANAGEMENT, DIRECTORS, SHAREHOLDERS, EMPLOYEES, AGENTS, SUPPLIERS AND CONTRACTORS, EXCLUDE AND DISCLAIM LIABILITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF HEALTHINN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE SERVICES AND THE PLATFORM, OR OTHERWISE RESULTING FROM (1) the use or inability to use the services or the Platform; (2) the cost of acquiring substitute products and services as a result of any goods, content, data, information or service acquired or obtained, or messages received or transactions made through or from the Platform; (3) unauthorized access to or alteration of its transmissions, content or data; (4) statements or conduct of any third party on the Platform; or (5) any other matter relating to the Platform. YOU ASSUME FULL RESPONSIBILITY FOR ESTABLISHING SUCH DATA BACKUP AND VIRUS CONTROL PROCEDURES AS YOU DEEM NECESSARY. THIS LIMITATION OF LIABILITY APPLIES WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER BASIS.

b. Also, any harm caused to a patient by using the Services other than as established by Healthinn or by not properly following the Instructions for Use is not the responsibility of Healthinn and rests entirely with the health care professional responsible for implementing it.

c. HEALTHINN’S TOTAL LIABILITY IN CONNECTION WITH THESE TERMS OF USE, THE PLATFORM AND ALL SERVICES PROVIDED UNDER THESE TERMS OF USE, WHETHER IN CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE CHARGES PAID TO HEALTHINN.

d. These terms of use give you specific legal rights, and you may have other rights that vary from country to country. Some jurisdictions do not allow the exclusion of implied warranties, or certain types of limitations or exclusions of liability, so the limitations and exclusions set forth in these Terms of Use may not apply to you. Other jurisdictions allow limitations and exclusions subject to certain conditions. In such a case, the limitations and exclusions set forth in these Terms of Use shall apply to the extent permitted by the laws of such applicable jurisdictions. Your statutory rights as a consumer, if any, are not affected by these provisions, and we do not seek to exclude or limit liability for fraudulent misrepresentations.

e. Regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to use of the Platform, or the Terms of Use, must be filed within one year after such claim or cause of action arose or be forever barred.

18. Indemnification.

a. You will indemnify and hold harmless Healthinn, and its subsidiaries, affiliates, officers, agents or other partners, users and employees, from and against any claim, liability, loss, expense or demand, including reasonable attorneys’ fees, related to or arising from your Content, your use of any other Content, your use or connection to the Platform and Services (including any information, material, product or service available through the Platform or Services), your violation of these Terms of Use, or your violation of any applicable law or any right of another user or third party.

19. Modification of the Conditions.

a. Healthinn reserves the right to modify, in any way, the characteristics and conditions of its Platform and/or Services, with the purpose of improving, developing and benefiting the users. In order to do so, it will be sufficient to inform the client by e-mail and/or to include this modification in the clauses of the contractual Conditions that are applicable and/or to publish it on the website or the platform.

b. Any substantial modification of the Conditions of Use by Healthinn will be communicated in writing in the shortest possible time for its acceptance by the client. The client, once the modification has been communicated, if he/she does not agree with the new conditions, has a period of 14 calendar days from the receipt of said communication, to terminate the contractual relationship between the parties. After this period without communication to the contrary from the client, it will be understood that he/she accepts the new conditions. By accessing, browsing and/or using the Services after the updates to these Conditions have been published, you agree to be bound by the updated Conditions.

c. Notwithstanding the foregoing, Healthinn will make available to all its customers a copy of the contractual conditions in force at any given time, by publishing them on its web page.

20. Compliance with Laws.

YoYou agree to use the Platform in compliance with all applicable laws.

21. Jurisdictional issues.

These Terms of Use shall be governed and interpreted in all matters not provided for herein and for all purposes, by the provisions of European consumer legislation and specifically by its transposition into Spanish law; and, in particular, by Royal Legislative Decree 1/1996, of 12 April, approving the Consolidated Text of the Intellectual Property Law; Law 7/1998, of 13 April, on General Contracting Conditions; Royal Legislative Decree 1/2007, of 16 November, approving the revised text of the General Law for the Defence of Consumers and Users; Law 34/2002, of 11 July, on Services for the Information Society and Electronic Commerce; and the rest of the applicable regulations.

The user accepts and consents that any litigation, discrepancy, question or claim derived from the fulfilment, execution or interpretation of this contract, or related to it, directly or indirectly, will be definitively resolved by the Courts and Tribunals of Seville (Spain), expressly renouncing any other jurisdiction that may correspond to him/her.

22. Miscellaneous.

a. Notice. We may send any notice to you by email or regular mail at the address we have on file for you. We may provide you with a notice by displaying it on the Platform. You will provide any notice to Healthinn only as provided in these Terms of Use or in writing to the address below.

b. Assignment. You may not assign, delegate or otherwise transfer your Account or your rights or obligations under these Terms of Use. Healthinn shall have the right, in its sole discretion, to transfer or assign all or a portion of its rights under these Terms of Use to any third party, and shall have the right to delegate or use third party contractors or subcontractors to perform its duties and obligations under these Terms of Use.

c. Severability. If any clause or provision of these Terms of Use is found by a court of competent jurisdiction to be invalid in whole or in part, the remaining clauses and provisions, or portions thereof, shall nevertheless be and remain in full force and effect, and the parties shall promptly replace the invalid provision with a valid and binding provision that most closely matches the invalid provision in terms of intent and economic effect.

d. Legal expenses. If either party fails to comply with this agreement and the performing party files a legal claim against it, all court and out-of-court expenses corresponding to such failure shall be borne by the failing party.

e. Validity. The sections relating to copyright, intellectual property, protection of personal data, confidentiality of information and exemption from liability shall remain in force after the expiry or conclusion of the Terms of Use. In addition, any perpetual or irrevocable rights or licenses granted to Healthinn shall remain in effect after the termination or expiration of these Terms of Use.

f. Waiver. Failure to insist upon strict compliance with any of the terms, covenants and conditions herein shall not be deemed a waiver of such terms, covenants and conditions, nor shall it be deemed a waiver of any right or power hereunder on one or more occasions. No waiver shall be valid unless made in writing and signed by an authorized officer of Healthinn.

g. Full agreement. The Terms of Use, including our Online Privacy Policy and any Additional Terms, constitute the entire agreement between you and Healthinn and govern your use of the Platform, superseding any prior agreements between you and Healthinn with respect to your use of the Platform without prejudice to the validity and prevalence of the terms and conditions contained in the Proposal of License of Use formalized between you and Healthinn, which will also include the acceptance of the present Terms of Use in what is not regulated in the described Proposal.

Except as expressly set forth in this Agreement, this Agreement may be amended or modified only by a writing approved by both parties. Similarly, when required by technical conditions, you may give fourteen  (14) calendar days prior notice.

After this period has elapsed without any communication from Healthinn, it will be understood that you accept the modifications. All waivers under these Terms of Use must be in writing. Any waiver or failure to enforce any provision of these Terms of Use on one occasion shall not be deemed a waiver of any other provision or of such provision on any other occasion.

h. If any of the clauses of this Agreement is declared null and void or unenforceable, such clause shall be deemed excluded from the Agreement, without implying the nullity or unenforceability of the same. In this case, the Parties shall use their best efforts to find an equivalent solution that is valid and duly reflects their intentions and is in accordance with the purpose of the Contract Agreement.

i. The headings of the various clauses are for informational purposes only, and shall not affect, qualify or extend the interpretation of this Agreement.

23. Questions About These Terms of Use.

If you have any questions about these Terms of Use, please contact us by email at [email protected].

ANNEX I.- TECHNICAL REQUIREMENTS

In order to access the contents and resources of the Platform and all its new features, we recommend using updated browsers and operating systems. The ReHand application must be used on a Tablet device with a screen larger than 7″ and an Operating System equal to or higher than Android 6.0.1 or iOS 11. Reports must be used on browsers above the following versions: Chrome 37, Edge 12 or iOS Safari 10.1. Dashboard must be used on browsers above the following versions: Chrome 80, Edge 80, iOS Safari 14 or Chrome Android 80.

The RehBody application must be used on Windows devices above the following technicals requirements: RAM memory 4 GB, fifth generation processor or equivalent and Intel HD Graphics 5500 graphics card or equivalent; on Android smartphone devices above the following technical requirements: memory RAM 3 GB, processor with minimum speed 2.3 GHz and Adreno 540 graphics card or equivalent; on iOS MAC devices above Apple Mac mini 2012; and on iOS smartphone devices above iPhone 6S.

If you use Chrome, Edge, or iOS Safari, as browsers it is very important that you update them to their latest version. We cannot ensure proper operation of the Platform if they are not up to date. You may experience problems if you access from an outdated version of your browser.

There are functionalities with a high load of additional content. The waiting time until the activity is fully loaded may be increased if the speed of the internet connection is slow or if the hardware of your computer or device is not powerful enough.

Healthinn cannot guarantee the proper functioning of the Platform on devices (fixed and mobile) that have obsolete operating systems, especially those on which the support of their operating system provider has ended.

ANNEX II – DATA PROCESSOR CONTRACT

1. Parties

The present processing contract (hereinafter, the “Processing Contract”) between you and Healthinn is entered into and shall be effective as of: (i) the time of acceptance of the General Terms and Conditions; or, if applicable, (ii) the time of signing the agreement signed between you and Healthinn to regulate the engagement and use of the Platform.

2. Processing of personal data

2.1. Scope and purpose

The purpose of this Entrustment Agreement is to comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and any applicable local regulations (hereinafter collectively the “Data Protection Regulation”) in relation to agreements between a Controller and a Processor. The Controller is the controller in relation to the processing governed by this Entrustment Agreement, and the Processor is the processor in relation to the processing governed by this Entrustment Agreement.

The processing of personal data may only be carried out by the Processor in order to fulfill the responsibilities of the Processor under this Processing Contract, in accordance with the following purposes.

The Data Processor shall not use the personal data for purposes other than those set forth in this Entrustment Agreement.

3. Instruction

3.1. The Data Processor may only act and process the Personal Data in accordance with the documented instruction of the Data Controller (the “Instruction”), unless required by law to act without such Instruction. The Instruction at the time of entering into this Processing Contract is that the Data Controller may only process Personal Data for the purpose of providing the proposed services as set out in the Terms of Use. Subject to the terms of this Entrustment Agreement and the Terms of Use, subject to the mutual agreement of the parties, the Data Controller may issue additional written instructions that are consistent. The Data Controller is responsible for ensuring that all persons providing written instructions are authorized to do so.

3.2. The Controller ensures that personal data is processed in accordance with the requirements of the Data Protection Regulations. The instructions of the Controller for the processing of personal data shall comply with the applicable legislation. The Controller shall be solely responsible for the accuracy, quality and lawfulness of the Personal Data and the means by which they have been obtained.

4. Specification of the processing to be carried out and identification of the corresponding information

For the performance of the proposed services and on the basis of this Processing Contract  and the Terms, the Data Controller makes available to the Data Processor the information previously described in the Privacy Policy, in the manner, purpose, processing and transfers described.

5. Duration

The term of this Processing Contract shall be for the duration of the contract between you and Healthinn, according to the Terms.

6. Termination

Upon expiration or termination of the Entrustment Agreement, the Data Processor will anonymize all Personal Data in its possession as provided in the Processing Contract, except to the extent that applicable law requires the Data Processor to retain some or all of the Personal Data (in which case the Data Processor will archive the data and implement reasonable measures to prevent further processing of the Personal Data). The terms of this Agreement shall continue to apply to such Personal Data.

7. Obligations of the Data Processor

7.1. Confidentiality

7.1.1. The Data Controller shall treat all Personal Data as strictly confidential information. Personal Data may not be copied, transferred or processed in any way that conflicts with the Instruction, unless the Data Controller has given its written agreement.

7.1.2. The employees of the Data Controller shall be subject to an obligation of confidentiality which ensures that the employees shall treat all Personal Data under this Instruction in strict confidence.

7.1.3. Personal Data shall only be made available to personnel who require access to such Personal Data for the provision of the service and on the basis of this Processing Contract.

7.2. Technical and organizational measures

7.2.1. The Processor shall endeavor to take appropriate technical and organizational measures against loss or any form of unlawful processing (such as unauthorized disclosure, deterioration, alteration or disclosure of personal data) in connection with the performance of the processing of personal data under this Processing Contract.

7.2.2. The Processor does not guarantee that the security measures will be effective in all circumstances. The Processor shall endeavor to ensure that the security measures are of a reasonable level, taking into account the state of the art, the sensitivity of the personal data and the costs related to the security measures.

7.2.3. The Processor shall implement the appropriate technical and organizational measures set out in this Entrustment Agreement and in the applicable law, including those in accordance with Article 32 of the General Data Protection Regulation. The security measures are subject to technical progress and development. The Data Processor may update or modify the security measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security.

7.3.   Data protection impact assessments and prior consultation

7.3.1. If the assistance of the Processor is necessary and relevant, the Processor shall assist the Controller in the preparation of data protection impact assessments in accordance with Article 35 of the GDPR, together with any prior consultation in accordance with Article 36 of the GDPR.

7.4. Rights of data subjects

7.4.1. If the Controller receives a request from a data subject for the exercise of the data subject’s rights under applicable law and the correct and lawful response to such request requires the assistance of the Processor, the Processor shall assist the Controller by providing the necessary information and documentation. The Processor shall have a reasonable period of time to assist the Controller with such requests in accordance with the Data Protection Regulation.

7.4.2. If the Processor receives a request from a data subject for the exercise of the data subject’s rights under applicable law and such request relates to the Controller’s personal data, the Processor shall immediately forward the request to the Controller and shall refrain from responding directly to the individual.

7.5.    Personal data breaches

7.5.1. The Processor shall immediately notify the Controller if a breach occurs that may result in the unauthorized destruction, loss, alteration, disclosure or access of Personal Data transmitted, stored or processed on behalf of the Controller (a “Personal Data Breach”).

7.5.2. The Processor shall make reasonable efforts to identify the cause of such a breach and shall take such measures as it deems necessary to establish the cause and prevent a recurrence.

7.6. Compliance Documentation and Audit Rights

7.6.1. Upon request of the Controller, the Processor shall make available to the Controller all relevant information necessary to demonstrate compliance with this Entrustment Agreement and shall permit and reasonably cooperate with audits, including inspections by the Controller or an auditor commissioned by the Controller. The Controller shall give notice of any audit or document inspection to be conducted and shall use reasonable efforts to prevent damage or disruption to the Processing Controller’s facilities, equipment and business in the course of such audit or inspection. Any such audit or document inspection shall be conducted upon reasonable prior written notice of not less than 30 days, and shall not be conducted more than once a year.

7.6.2. The Data Controller may be required to sign a non-disclosure agreement reasonably acceptable to the Data Controller before the foregoing is provided to the Data Controller.

7.6.3. The costs of the audit shall be borne by the Data Controller.

7.7. Data Transfers

7.7.1. The Data Controller shall not transfer the processed data to countries outside the European Economic Area, or in countries without sufficient guarantees to ensure an adequate level of data protection.

Google Inc. and Hubspot are the only sub-processors that process the data also in the USA. The transfer mechanism is the Standard Contractual Clauses referred to in Article 46 GDPR.

7.7.2. Transfers of personal data to a so-called third country or to an international organization described above are considered to be carried out on the instruction of the Controller for the provision of the service. Other transfers of personal data to a so-called third country or to an international organization different from the above should only be made on the instruction of the Controller. 

7.7.3. In addition to the above, where the personal data does not originate from Europe, the receipt and transfer of personal data from other continents to Europe and vice versa is permitted by the Controller, and is a requirement for the provision of the service.

8. Sub-processors

The Processor receives general authorization to engage third parties to process the Personal Data (“Sub-processors”) without obtaining any further specific written authorization from the Controller, provided that the Processor notifies the Controller in writing of the identity of a potential Sub-processor before any agreement with the relevant Sub-processors is entered into and before the relevant Sub-processor processes any of the Personal Data. If the Controller wishes to object to the relevant Sub-Processor, the Controller shall notify the it in writing within ten (10) working days of receipt of the notification from the Processor. The absence of any objection by the Data Controller shall be deemed to constitute consent to the relevant Sub-Processor.

Currently, the Controller employs the following Sub-Processors: 

-Microsoft Azure: For, among others, the provision of Infrastructure and Platform Services, computing capacity, storage and database services, security services and technical maintenance services, which we use for the operation of our solutions and, thereby, the provision of the Service.

-Google Inc. (Gmail): For, among others, the sending of follow-up reports to the Associate Therapist Account and the management and resolution of technical issues and communications via email.

-HubSpot: for, among others, the sending of marketing information, customer management, and provision of relevant information about the Platform such as clinical trial results, use cases and updates, and for the management and resolution of reported technical issues.

9. Responsibility

9.1. The Controller shall ensure that the processing of personal data under this Processing Contract complies with the applicable Data Protection Regulations, and shall ensure a legal basis for the processing of personal data that the Controller, by means of the Entrustment Agreement, assigns to the Processor, as well as ensure that the instructions provided by the Controller to the Processor in relation to the processing comply with the Data Protection Regulations.

9.2.    The Processor is subject to and complies with all consumer and user regulations of Spain and the European Union, and is governed by such legislation, and shall therefore assist the Controller with appropriate technical and organizational measures only to the extent possible, for the fulfillment of the Controller’s obligations under the Data Protection Regulations.

9.3. In this sense, we will respond with respect to penalties, fines or any type of claim only in accordance with the consumer and user regulations of Spain and the European Union, according to which it is governed, this being expressly accepted by you.

10. Obligations of the Data Controller

It is incumbent upon the Data Controller

a) Submit the data referred to herein to the Processor.

b) Conduct an assessment of the impact on the protection of personal data of the processing operations to be carried out by the Controller, whenever it considers it likely that, by their nature, scope, context or purposes, they pose a high risk to the rights and freedoms of natural persons. A single assessment may address several similar processing operations involving similar high risks.

c) Carry out appropriate prior consultations.

d) Ensure, before and during processing, compliance with the GDPR and other applicable data protection laws and regulations.

e) Supervise the processing, including inspections and audits.

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES EX ART. 32 GDPR

A. Confidentiality

✓ Encryption (Logical security control).

Our digital solution relies on encryption methods to address the needs of compliance with the General Data Protection Regulation (GDPR). ReHand implements encryption of certain sensitive data both in transit and at rest. Data is sent via HTTPS, and stored in an encrypted database.

Each API call uses HTTPS/TLS encryption, a portion of the data is encrypted at rest and passwords are encrypted.

✓ Pseudonymization (Logical security control).

Personal data are separated into several data tables. Each patient is assigned an identification number, without which personal data can no longer be attributed to a specific data subject.

✓ Access control (Logical security control).

✓ Authentication and access control (or authorization) by means of access control policies (also called permissions).

All actions carried out on data are recorded (audit logs).

Access control to personal data is implemented.  A user name and password are required to access them.

✓ Passwords (Logical security control).

Passwords protected by encryption.

✓ Minimization of the amount of personal data (Logical security control).

We reduce the volume of stored data, only collecting and accessing personal data fully necessary for service provision.

✓ Limited storage duration (Logical security control).

Appropriate data retention procedures have been adopted.

✓ Processor contracts (Physical Security Control).

We only use sub-processors who can provide sufficient guarantees. 

✓ Network security (Physical Security Control).

The network security of the servers is provided by the sub-processor, Microsoft Azure, which provides the following technical measures: Access control lists, perimeter router security (“edge router security”) or Network segmentation to provide physical separation.

✓ Personnel management (Organisational control).

Heathinn ensures that all its employees are adequately informed about the security controls of the technological systems that relate to their daily work. Employees involved in the processing of personal data have been properly informed about the relevant data protection requirements and legal obligations. 

✓ Relations with third parties (Organisational control).

Guidelines and procedures regarding the processing of personal data by controllers (contractors/subcontractors) have been taken into account by Healthinn in the Data Protection Impact Assessment.

B. Integrity

 ✓ Traceability (logging) (Logical security control).

Audit: All records of logging operations are stored in the database. The system tracks who accesses your data, when it was accessed and from where.

✓ Operational Security (Physical Security Control).

All our versions undergo documentation and testing processes, which ensure optimal software quality and freedom from bugs.

✓ Organization (Organisational Control)

Internal roles and responsibilities for data protection are clearly defined.

✓ Integrate privacy protection into projects (Organisational control).

We implement data protection by design and by default in our technology and in our projects. 

C. Availability and resilience.

✓ Backups (Physical Security Control).

Regular backups of database information are performed regularly through Azure.

✓ Maintenance (Physical Security Control).

Physical maintenance of the servers is performed by the sub-provider, Microsoft Azure https://docs.microsoft.com/en-us/azure/security/.
https://docs.microsoft.com/en-us/azure/security/fundamentals/infrastructure

✓ Physical Security Control.

We rely on our sub-processor, Microsoft Azure, to limit the risks of unauthorized persons physically accessing the servers where personal data is stored.

✓ Hardware Security (Physical Security Control).

Controls related to the physical security of servers. 

https://docs.microsoft.com/en-us/azure/security/
https://docs.microsoft.com/en-us/azure/security/fundamentals/infrastructure

✓ Protection against malicious software (Physical Security Control).

Use of security programs (virus scanners, firewalls, encryption programs).

✓ Management of workstations (Physical Security Control).

Measures have been taken to manage employee workstations.

✓ Protection against non-human sources of risk (Physical Security Control).

We rely on our subprocessor, Microsoft Azure, for prevention and protection of systems.

✓ Privacy risk management (Organizational Control).

Risk assessments and policies to control the risks that the processing operations performed pose to data protection and data subject privacy have been carried out and clearly analyzed and defined.

✓ Management of personal data breaches (Organisational control).

Appropriate personal data security breach procedures have been adopted.

Download our app

And see how your patients can work with ReHand.