Terms Of Service
This agreement is made between
- Diagnostic360 Limited (Diagnostics360) a company registered in England and Wales company number 13280636 whose registered office is at Unit 146, The Light Box, 111 Power Road, London, England, W4 5PY (“Supplier”).
INTRODUCTION TO SERVICES
Diagnostics360 provides a wide range of pathology services including biochemistry, haematology, sexual health testing and COVID-19 testing. Diagnostics360 has a state-of-the-art laboratory in Chiswick with UKAS accreditation for COVID-19 testing. The service was registered by CQC on 17 October 2022.
The following terms and conditions (the Agreement for Service), govern the use of our services [by our business customers]. By placing an Order, you agree to accept this Agreement for Service.
- The Supplier is a leading provider of diagnostics testing services.
- The Customer is an entity that wishes to offer diagnostics testing to certain individuals (e.g. its clients, employees, etc.).
- This Agreement is intended to operate as a framework to enable the Customer to: (i) order diagnostic and other services that are offered by the Supplier from time-to-time; and (ii) use (or to allow others to use) the Supplier’s web portal.
- Definitions and Interpretation
- The definitions and rules of interpretation set out in schedule 1 shall apply to this Agreement.
- The Customer may order Services at any point by placing an Order. Orders shall only be legally binding if and to the extent accepted by the Supplier.
- Subject to the terms of this Agreement, the Supplier shall: (a) perform Services in accordance with clause 3; and (b) provide access to the Web Portal and/or App in accordance with clause 4.
- If a Customer Affiliate places an Order:
- all references to the “Customer” in this Agreement or in the Order shall refer to the Customer Affiliate;
- the Customer Affiliate shall be deemed to have entered into a separate agreement with the Supplier under the same terms as this Agreement, which shall apply mutatis mutandis; and
- the contract between the Supplier and the Customer Affiliate shall be enforceable by the Supplier and the Customer Affiliate only, and the Supplier will have no liability towards the Customer in respect of such Order.
- The Customer may request Services from the Supplier by submitting an Order. A list and description of Services is set out on the Supplier’s website.
- Upon the Supplier accepting an Order and subject to the terms of this Agreement, the Supplier shall perform the Services in accordance with the relevant Order (including the timeframes and delivery dates specified therein).
- Web Portal
- Upon the Supplier accepting an Order and subject to the terms of this Agreement, the Supplier grants the Customer a non-exclusive right to allow Authorised Users to use the Web Portal during the Term.
- Access to the Web Portal is at all times subject to the Customer’s compliance with this Agreement.
- The Supplier does not warrant that the Customer’s use of the Web Portal will be uninterrupted or error-free.
- The Supplier may from time-to-time provide updates to the Web Portal at no additional cost to the Customer in order to: fix bugs or update security; improve general performance; enhance the features and functionality; or support new devices and operating systems.
- Authorised Users
- The Customer shall ensure that only Authorised Users use the Web Portal and that such use is at all times in accordance with this Agreement.
- The Customer shall:
- be liable for the acts and omissions of the Authorised Users and the Authorised Affiliates as if they were its own;
- only provide Authorised Users with access to the Services via the access method provided by the Supplier and shall not provide access to (or permit access by) anyone other than an Authorised User; and
- procure that each Authorised User (and each Authorised Affiliate) is aware of, and complies with, the obligations and restrictions imposed on the Customer under this Agreement, including all obligations and restrictions relating to the Supplier’s Confidential Information.
- The Customer warrants and undertakes that it, and all Authorised Users and all others acting on its or their behalf shall keep their password or access details for the Web Portal confidential and not share them with any third party.
- Price and Payment Terms
- The fees payable by the Customer for the conduct of Services shall, unless otherwise agreed in writing, be the prices specified in the Supplier’s price guide for the applicable Services at the time those Services are requested.
- The fees and any other charges agreed between the parties in writing are non-cancellable and non-refundable.
- As at the date of this Agreement VAT is not payable on the Supplier’s Services. If the Services subsequently become subject to VAT, this will be charged in addition at the applicable rate.
- Invoices for all Services other than COVID-19 Testing Services will be issued on a monthly basis (end of each calendar month), payable within 15 calendar days of the date on the invoice unless otherwise agreed in writing. Invoices for COVID-19 Testing Services will be issued on a weekly basis, payable within 7 calendar days of the date on the invoice unless otherwise agreed in writing. The Supplier shall be entitled to issue invoices more frequently.
- At the Supplier’s option interest may be charged on late payment at the statutory rate prescribed from time to time by regulations under the Late Payments of Commercial Debts (Interest) Act 1998.
- Unless the Customer has notified the Supplier that an invoice is incorrect or invalid within five (5) business days of its receipt, it shall be deemed to be valid for the purpose of clause 6.5.
- All payments shall be made in pounds sterling.
- Without affecting its other rights, the Supplier may suspend the provision of the Services if the Customer fails to pay the Supplier’s invoice in accordance with clause 6.4.
- Subject to the remainder of this clause 7, the Supplier warrants that:
- the Services shall operate materially in accordance with the descriptions available on the Supplier’s website when used in accordance with this Agreement during the relevant Service Period;
- the Services will be provided with reasonable care and skill.
- The warranties in clause 7.1 are subject to the limitations set out in clause 15 and shall not apply to the extent that any error in the Services arises as a result of (in whole or in part):
- incorrect operation or use of the Services by the Customer, any Authorised Affiliate or any Authorised User;
- use of any of the Services other than for the purposes for which it is intended;
- use of any Services with third party software or services or on equipment with which it is incompatible;
- any act by any third party (including hacking or the introduction of any virus or malicious code);
- any modification of Services (other than that undertaken by the Supplier or at its direction); or
- any breach of this Agreement by the Customer (or by any Authorised Affiliate or Authorised User).
- The Customer acknowledges that no liability or obligation is accepted by the Supplier (howsoever arising whether under contract, tort, in negligence or otherwise):
- that the operation of the Web Portal shall not be subject to minor errors or defects; or
- that the Services or the Web Portal shall be compatible with any other software or service or with any hardware or equipment.
- Other than as set out in this clause 7, and subject to clause 15.5, all warranties, conditions, terms, undertakings or obligations whether express or implied and including any implied terms relating to quality, fitness for any particular purpose or ability to achieve a particular result are excluded to the fullest extent allowed by applicable law.
- Customer’s Responsibilities
- The Customer shall (and shall ensure all Authorised Affiliates and Authorised Users shall):
- provide the Supplier with: (i) all necessary Customer Data; (ii) all necessary co-operation; and (iii) all necessary access to such information or facilities, each as may be required by the Supplier in order to provide the Services. The Supplier shall not be obligated to provide the Services, nor shall it be liable for any failure to provide the Services, as a result of the Customer’s non-compliance with this clause, including, but not limited to, failure to report results to the Customer as a result of the Customer’s non-compliance with (i) above;
- provide the Supplier with an up-to-date physician contact number for transmission of critical results, during working hours, and out of hours, unless otherwise agreed in writing that the Supplier will contact its own physician at extra cost;
- comply with all applicable laws relating to the use or receipt of the Services;
- ensure that the Web Portal is used in accordance with this Agreement and shall be responsible for any Authorised User’s breach of this Agreement; and
- obtain and shall maintain all necessary licences, consents, and permissions necessary for the Supplier, its contractors and agents to perform their obligations under this Agreement.
- The Customer shall ensure that the Sample is obtained from the patient, packaged, and labelled in accordance with all applicable laws and good clinical practice.
- Except where the Supplier agrees to arrange transport of the Sample to the Supplier’s laboratory, the Customer shall ensure that the sample is transported to the laboratory in accordance with all applicable laws and good clinical practice. Where the Supplier agrees to arrange transport of the Sample, the Customer shall ensure that the Samples are ready for collection at the agreed times.
- The Customer shall provide the Supplier with all assistance as the Supplier may reasonably require and the Customer acknowledges that the Supplier’s ability to provide Services may be adversely affected, interrupted and/or delayed if the Customer does not provide such information, assistance or access.
- The Supplier shall have no liability for any delays, interruptions or other problems to the extent caused (in whole or in part) by the Customer’s failure to comply with clause 8.4.
- It is the responsibility of the Customer to ensure they have physicians available 24/7 to receive critical results, unless otherwise agreed in writing that the Supplier will contact its own physician at extra cost.
- Intellectual Property
- All Intellectual Property Rights in or arising out of or in connection with the Services shall be owned by the Supplier. The Supplier grants to the Customer a fully paid-up, worldwide, non-exclusive, non-transferable, royalty-free licence during the term of the Agreement to use the Intellectual Property Rights solely for the purposes of using the Services and the Customer’s internal communications and external marketing.
- The Customer shall not sub-license, assign or otherwise transfer the rights granted in clause 9.1.
- Any goodwill derived from the use of the Intellectual Property Rights in the Services by the Customer shall accrue to the Supplier, and the Supplier may, at any time require the Customer to enter into an assignment of such goodwill.
- The Customer acknowledges and agrees that the Supplier owns all Intellectual Property Rights in the Services. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, under or in, any Intellectual Property Rights, or any other rights or licenses in respect of the Services.
- The Customer grants to the Supplier a fully paid-up, worldwide, non-exclusive, non-transferable, royalty-free licence during the term of the Agreement to copy and modify any materials provided by the Customer to the Supplier for the purpose of providing the Services to the Customer.
- This clause 9 shall survive the termination or expiry of this Agreement.
- System Improvement
- The Customer agrees that the Supplier may de-identify Customer Data to render it Anonymous Data, which may then be used by the Supplier for the purposes of improving its services, operations and systems.
- For the purposes of clause 10.1, the Customer hereby grants to the Supplier a non-exclusive, worldwide, royalty-free, perpetual, irrevocable, transferable, and sub-licensable licence to use, copy and other otherwise utilise Anonymous Data to improve the Supplier’s services, operations and systems.
- For the avoidance of any doubt, the Supplier shall own any and all Intellectual Property Rights in the data, analysis and improvements the Supplier (or its agents) derive from the Anonymous Data.
- Customer Indemnity
- Subject to clause 11.2, the Customer shall indemnify, keep indemnified and hold harmless the Supplier (on the Supplier’s own behalf on behalf of each of the Supplier’s Affiliates) from and against any losses, claims, damages, liability, costs (including legal and other professional fees) and expenses incurred by it (or any of its Affiliates) as a result of any third party alleging that the Customer Provided Materials or Customer Data (without prejudice to the Supplier’s obligations under the Data Protection Addendum) infringes the rights, including any Intellectual Property Rights, of a third party.
- The Customer shall have no liability or obligation under this clause 11 in respect of any claim which arises in whole or in part from: (a) any breach of this Agreement by the Supplier; or (b) use of the Customer Provided Materials or Customer Data (or any part) otherwise than in accordance with the Customer’s instructions.
- This clause 11 shall survive termination or expiry of this Agreement.
- Confidentiality and Customer Data
- Customer Data shall at all times remain the property of the Customer or its licensors.
- The Supplier shall maintain the confidentiality of the Customer Data and shall not without the prior written consent of the Customer or in accordance with this Agreement, disclose or copy the Customer Data other than as necessary for the performance of the Services, as required by law, or in accordance with its rights and obligations under this Agreement.
- The provisions of this clause 12 shall not apply to information which:
- is or comes into the public domain through no fault of the Supplier, its officers, employees, agents or contractors;
- is lawfully received by the Supplier from a third party free of any obligation of confidence at the time of its disclosure;
- is independently developed by the Supplier (or any of its Affiliates or any person acting on its or their behalf), without access to or use of such information; or
- is required by law, by court or governmental or regulatory order to be disclosed, provided that clauses 12.3(a) to 12.3(c) (inclusive) shall not apply to Protected Data.
- This clause 12 shall survive the termination or expiry of this Agreement.
- To the extent any Customer Data is Protected Data, the Supplier shall ensure that such Customer Data may be disclosed or used only to the extent such disclosure or use does not conflict with any of the Supplier’s obligations under the Data Protection Addendum with respect to such Protected Data. Clauses 12.2 to 12.4 (inclusive) are subject to this clause 12.5.
- Supplier’s Confidential Information
- The Customer shall maintain the confidentiality of the Supplier’s Confidential Information and shall not without the prior written consent of the Supplier, disclose, copy or modify the Supplier’s Confidential Information (or permit others to do so) other than as necessary for the performance of its express rights and obligations under this Agreement.
- The Customer undertakes to:
- disclose the Supplier’s Confidential Information only to those of its officers, employees, agents and contractors to whom, and to the extent to which, such disclosure is necessary for the purposes contemplated under this Agreement;
- procure that such persons are made aware of and agree in writing to observe the obligations in this clause 13; and
- be responsible for the acts and omissions of those third parties referred to in this clause 13.2 as if they were the Customer’s own acts or omissions.
- The Customer shall give notice to the Supplier of any unauthorised use, disclosure, theft or loss of the Supplier’s Confidential Information immediately upon becoming aware of the same.
- The provisions of this clause 13 shall not apply to information which:
- is or comes into the public domain through no fault of the Customer, its officers, employees, agents or contractors;
- is lawfully received by the Customer from a third party free of any obligation of confidence at the time of its disclosure;
- is independently developed by Customer, without access to or use of such information; or
- is required by law, by court or governmental or regulatory order to be disclosed provided that the Customer, where possible, notifies the Supplier at the earliest opportunity before making any disclosure.
- This clause 13 shall survive the termination or expiry of this Agreement.
- To the maximum extent permitted by law, the Supplier shall not be liable (under any legal theory, including negligence) for any breach, delay or default in the performance of this Agreement to the extent the same (or the circumstances giving rise to the same) arises or was contributed to by any Relief Event.
- Limitation of Liability
- The extent of the party’s liability under or in connection with this Agreement (regardless of whether such liability arises in tort, contract or in any other way and whether or not caused by negligence or misrepresentation or under any indemnity) shall be as set out in this clause 15.
- Subject to this clause 15, the Supplier’s aggregate liability howsoever arising under or in connection with this Agreement (including all Orders) shall not exceed the lower of:
- £1,000,000 in respect of liability arising under the Data Protection Addendum; or
- an amount equal to the Service Fees for all Services paid or payable to the Supplier in the 12-month period immediately preceding the first incident giving rise to any other claim under this Agreement.
- Subject to clause 15.5, the Supplier shall not be liable for consequential, indirect or special losses.
- Subject to clause 15.5, the Supplier shall not be liable for any of the following (whether direct or indirect): loss of profit or revenue; loss or corruption of software or systems; loss or damage to equipment; loss of use; loss of production; loss of contract; loss of opportunity; loss of savings, discount or rebate (whether actual or anticipated); and/or harm to reputation or loss of goodwill.
- Notwithstanding any other provision of this Agreement, the Supplier’s liability shall not be limited in any way in respect of the following: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other losses which cannot be excluded or limited by applicable law.
- Except as expressly and specifically provided in this Agreement:
- the Customer assumes sole responsibility for results obtained from the use of the Services, and for conclusions drawn from such use. The Supplier shall have no liability for: (i) any damage caused by errors or omissions in any information, instructions or scripts provided to the Supplier by the Customer in connection with the Services; or (ii) any actions taken by the Supplier at the Customer’s direction; and
- the Services are provided to the Customer on an “as is” basis.
- This clause 15 shall survive the termination or expiry of this Agreement.
- The Supplier may suspend access to the Services to all or some of the Authorised Users if: (a) the Supplier reasonably suspects that there has been a misuse of the Services; or (b) the Customer fails to pay any sums due to the Supplier by the due date for payment.
- Term and Termination
- This Agreement shall come into force on the date the Supplier accepts the first Order and shall continue until terminated by each party in accordance with this Agreement.
- Without affecting any other right or remedy available to it, either party may terminate this Agreement by giving the other party 30 days’ written notice.
- Either party may terminate this Agreement or any Service immediately at any time by giving notice in writing to the other party if:
- the other party commits a material breach of this Agreement and (if such breach is remediable) fails to remedy that breach within 14 Business Days of receiving written notice of such breach;
- the other party has failed to pay any amount due under this Agreement on the due date and such amount remains unpaid within 14 Business Days after the other party has received notification that the payment is overdue;
- the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), applying to court for or obtaining a moratorium under Part 1A of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; or
- the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.
- Any breach by the Customer of clause 9 shall be deemed a material breach of this Agreement which is not remediable.
- On termination of this Agreement for any reason:
- all licences granted under this Agreement shall immediately terminate;
- the Supplier may invoice for, and the Customer shall be immediately liable for, Service Fees in relation to Services performed but not yet invoiced at the date of termination;
- the Supplier may destroy or otherwise dispose of any of the Customer Data in its possession; and
- any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced.
- Changes to Services and Terms
- In relation to Services, the Supplier may at its absolute discretion make revisions to this Agreement or the Data Protection Addendum from time to time. Any revisions will be made available on the Web Portal and the Supplier’s website, and will apply to the Services from the data of publication. Any use by the Customer of the Services following the publication of the revised Agreement of Service will constitute acceptance of such changes.
- In the event that the Customer reasonably believes that any update to the Agreement of Service or Data Protection Addendum materially impacts it negatively in any manner it may by written notice elect to terminate this Agreement in respect of all impacted Services provided it exercises such right within 10 Business Days after the publication and notifies the Supplier at the time of exercising such right of the negative impact which has caused it to exercise this right. In the event of such termination the Customer shall receive a refund of any pre-paid Service Fees in respect of such terminated Services.
- The Customer acknowledges that the Supplier shall be entitled to modify the features and functionality of the Web Portal, provided that any such modification does not materially adversely affect the use of Web Portal by Authorised Users.
- Entire Agreement
- This Agreement constitutes the entire agreement between the parties and supersedes all previous agreements, understandings and arrangements between them in respect of its subject matter, whether in writing or oral.
- Each party acknowledges that it has not entered into this Agreement in reliance on, and shall have no remedies in respect of, any representation or warranty that is not expressly set out in this Agreement.
- Nothing in this Agreement shall limit or exclude any liability for fraud.
- Any notice given by a party under this Agreement shall be in writing and in English, and sent to the relevant party as follows:
- in the case of those to the Supplier, to its registered office;
- in the case of those to the Customer, to any email or physical address or contact details notified in the Order.
- This clause does not apply to notices given in legal proceedings or arbitration.
- No variation of this Agreement shall be valid or effective unless it is an Update made in accordance with this Agreement, or made in writing, refers to this Agreement and is duly signed or executed by, or on behalf of, each party.
- Assignment and Subcontracting
- Except as expressly provided in this Agreement, the Supplier may at any time assign, sub-contract, sub-licence (including by multi-tier), transfer, mortgage, charge, declare a trust of or deal in any other manner with any or all of its rights or obligations under this Agreement.
- Except as expressly permitted by this Agreement, the Customer shall not assign, transfer, subcontract, sub-licence, mortgage, charge, declare a trust of or deal in any other manner with any or all of its rights or obligations under this Agreement (including the licence rights granted), in whole or in part, without the Supplier’s prior written consent.
- Set Off
- Each party shall pay all sums that it owes to the other party under this Agreement without any setoff, counterclaim, deduction or withholding of any kind, save as may be required by law
- No Partnership or Agency
- The parties are independent and are not partners or principal and agent and this Agreement does not establish any joint venture, trust, fiduciary or other relationship between them, other than the contractual relationship expressly provided for in it. Neither party shall have, nor shall represent that it has, any authority to make any commitments on the other party’s behalf.
- If any provision of this Agreement (or part of any provision) is or becomes illegal, invalid or unenforceable:
- the legality, validity and enforceability of any other provision of this Agreement shall not be affected; and
- but would be legal, valid and enforceable if some part of it was deleted or modified, the provision or part-provision in question shall apply with such deletions or modifications as may be necessary to make the provision legal, valid and enforceable.
- No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under this Agreement shall operate as a waiver of that right, power or remedy, nor shall it preclude or restrict any future exercise of that or any other right, power or remedy.
- No single or partial exercise of any right, power or remedy provided by law or under this Agreement shall prevent any future exercise of it or the exercise of any other right, power or remedy.
- A waiver of any term, provision, condition or breach of this Agreement shall only be effective if given in writing and signed by the waiving party, and then only in the instance and for the purpose for which it is given.
- Third Party Rights
- A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its provisions.
- Each party represents and warrants to the other that it has the right, power and authority to enter into this Agreement and grant to the other the rights (if any) contemplated in this Agreement and to perform its obligations under this Agreement.
- Governing Law and Jurisdiction
- This Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with, the laws of England and Wales.
The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Agreement, its subject matter or formation (including non-contractual disputes or claims).
ON BEHALF OF
ON BEHALF OF
Definitions and interpretation
means, in respect of any entity, any entity that directly or indirectly controls, is controlled by or is under common control with that entity within the meaning set out in section 1124 of the Corporation Tax Act 2010;
means all terms and conditions in this Agreement of Service together with the Data Protection Addendum and all Orders entered into by the Customer;
means data (including Customer Data) that has been de-identified and/or aggregated with other data to such an extent that data subjects are no longer identified, identifiable or otherwise ascertainable by reference to or with the combination of other datasets;
means the Supplier’s mobile software application by which test results are delivered (if available);
means, in respect of the relevant Service, the Affiliates of the Customer (if any) identified in the Order as Authorised Affiliates in respect of that Service;
means the users authorised by the Customer to use the Services, the Web Portal and/or the App in accordance with the terms of this Agreement (e.g. the Customer’s employees, clients, etc.);
means a day other than a Saturday, Sunday or bank or public holiday in England;
means all data (excluding Feedback) provided to the Supplier by the Customer, an Authorised User, or an Authorised Affiliate;
‘Customer Provided Materials’
means all of the Materials provided or made available by or on behalf of the Customer;
means all software and systems used by or on behalf of the Customer, the Customer’s Affiliates, any of its or their direct or indirect subcontractors, or any Authorised User in connection with the provision or receipt any of the Services or that the Services otherwise, link, interoperate or interface with or utilise;
‘Data Protection Addendum’
means the addendum at Schedule 2 identifying certain respective rights and obligations of the parties in respect of personal data and privacy under this Agreement (as Updated from time to time);
has the meaning given to it in clause 9.3;
means an event or sequence of events beyond a party’s reasonable control preventing or delaying it from performing its obligations under this Agreement (provided that an inability to pay is not Force Majeure), including any matters relating to transfer of data over public communications networks and any delays or problems associated with any such networks or with the internet;
‘Intellectual Property Rights’
means any and all copyright, neighbouring and related rights, rights in inventions, patents, know-how, trade secrets, trade marks and trade names, service marks, design rights, rights in get-up, database rights and rights in data, semiconductor chip topography rights, utility models, domain names and all similar rights and, in each case whether registered or not, including any applications to protect or register such rights, including all renewals and extensions of such rights or applications, whether vested, contingent or future; and wherever existing;
means all equipment, services, data, information, content, Intellectual Property Rights, websites, software and other materials provided in connection with the Services, but excluding all Customer Data;
means a written request for Services received by the Supplier from the Customer, whether in the form of an email, letter, order form, or similar;
means the details of pricing and fees in respect of each part of the Services, as initially provided by the Supplier in relation to the Order and as updated from time to time in accordance with this Agreement or, in respect of any part of the Services for which prices are not expressly agreed, on the Supplier’s Standard Pricing Terms;
has the meaning given in the Data Protection Addendum;
means any breach of this Agreement by the Customer, or any Force Majeure;
means (subject to clause 17) in respect of each Service, the duration during which such Services are to be provided as initially set out in the Order and as varied in accordance with this Agreement;
means the services specified in a relevant Order;
either: (i) a PCR laboratory test for COVID-19 to be carried out by the Supplier, or (ii) a lateral flow test for COVID-19 to be carried out by an individual and the result verified by the Supplier;
‘COVID-19 Testing Services’
the performance of the COVID-19 Test by the Supplier, and where agreed, add-ons such as courier pick up and drop off services;
‘Supplier Provided Materials’
means all of the Materials provided or made available by or on behalf of the Supplier, but excluding Customer Data;
‘Supplier’s Confidential Information’
means all information (whether in oral, written or electronic form) relating to the Supplier’s business which may reasonably be considered to be confidential in nature including information relating to the Supplier’s technology, know-how, Intellectual Property Rights, assets, finances, strategy, products and customers. All information relating to the Pricing Terms and any other technical or operational specifications or data relating to each Service shall be part of the Supplier’s Confidential Information;
‘Supplier’s Standard Pricing Terms’
means the Supplier’s standard pricing terms for each part of the Services, as amended by the Supplier from time to time;
means the period beginning on the Supplier accepting the first Order and ending with the last of the Service Periods;
has the meaning given in clause 18.2, and ‘Updated’ shall be construed accordingly;
means United Kingdom value added tax, any other tax imposed in substitution for it and any equivalent or similar tax imposed outside the United Kingdom; and
means the Supplier’s test result and booking website portal.
- In this Agreement, unless otherwise stated:
- the table of contents, recitals section and the clause, paragraph, schedule or other headings in this Agreement are included for convenience only and shall have no effect on interpretation;
- the Supplier and the Customer are together the ‘parties’ and each a ‘party’, and a reference to a ‘party’ includes that party’s successors and permitted assigns;
- words in the singular include the plural and vice versa;
- any words that follow ‘include’, ‘includes’, ‘including’, ‘in particular’ or any similar words and expressions shall be construed as illustrative only and shall not limit the sense of any word, phrase, term, definition or description preceding those words;
- a reference to ‘writing’ or ‘written’ includes any method of reproducing words in a legible and nontransitory form (including email);
- a reference to specific legislation is a reference to that legislation as amended, extended, re-enacted or consolidated from time to time and a reference to legislation includes all subordinate legislation made as at the date of this Agreement under that legislation; and
- a reference to any English action, remedy, method of judicial proceeding, court, official, legal document, legal status, legal doctrine, legal concept or thing shall, in respect of any jurisdiction other than England, be deemed to include a reference to that which most nearly approximates to the English equivalent in that jurisdiction.
- each Order accepted by the Supplier shall form part of this Agreement together with the Data Protection Addendum;
- in the event of any conflict in respect of the provisions of this Agreement and/or the documents referred to therein the following order of priority shall prevail (in descending order of priority): (a) the Order; (b) the Data Protection Addendum; and (c) the Agreement of Service;
subject to the order of priority between documents in clause 2.9, later versions of documents shall prevail over earlier ones if there is any conflict or inconsistency between them.
Data Protection Addendum
DEFINITIONS AND INTEPRETATION
1. Definitions and Interpretation
1.1 The following definitions and rules of interpretation apply in this Data Protection Addendum (“DPA”). Definitions used but not defined herein will have the same meaning as prescribed in the Terms of Service.
as defined in the Data Protection Legislation.
‘Data Protection Legislation’
the UK Data Protection Legislation and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).
the individual to whom the Personal Data relates.
any information relating to an identified or identifiable natural person that is processed by the Supplier as a result of, or in connection with, the provision of the Services; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
6. ‘Personal Data Breach’
a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Protected Data transmitted, stored or otherwise processed.
‘Processing, processes, process’
as defined in the Data Protection Legislation.
as defined in the Data Protection Legislation.
the Personal Data comprised in the Customer Data but not including the Supplier-Controlled Data.
has the meaning given in clause 2.1 of this DPA.
‘UK Data Protection Legislation’
all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
2. Personal data types and processing purposes
2.1 The Supplier shall act as the sole Controller in respect of data provided to the Supplier by Authorised Users in relation to:
- the Supplier’s on-boarding and account set-up processes for new Authorised Users;
- the provision of support services by the Supplier to Authorised Users
- analytics activities undertaken by the Supplier in relation to the use of the Services by Authorised Users
(the “Supplier-Controlled Data“).
2.2 This DPA applies to the Supplier’s processing of Protected Data. The Customer and the Supplier acknowledge that for the purpose of the Data Protection Legislation, the Customer is the Controller of the Protected Data and the Supplier is the Processor.
2.3 The Customer retains control of the Protected Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Supplier.
2.4 Annex 1 describes the subject matter, duration, nature and purpose of processing and the Protected Data categories and Data Subject types in respect of which the Supplier may process to fulfil its obligations under the Agreement.
3. Supplier’s obligations
3.1 The Supplier will only process the Protected Data to the extent, and in such a manner, as is necessary to comply with its legal obligations and its obligations under the Agreement in accordance with the Customer’s written instructions. The Supplier will not process the Protected Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. The Supplier must promptly notify the Customer if, in its opinion, the Customer’s instruction would not comply with the Data Protection Legislation.
3.2 The Supplier must promptly comply with any Customer request or instruction requiring the Supplier to amend, transfer, delete or otherwise process the Protected Data, or to stop, mitigate or remedy any unauthorised processing.
3.3 The Supplier will maintain the confidentiality of all Protected Data and will not disclose Protected Data to third parties unless the Customer or this Agreement specifically authorises the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires the Supplier to process or disclose Protected Data, the Supplier must first inform the Customer of the legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
3.4 The Supplier will reasonably assist the Customer with meeting the Customer’s compliance obligations under the Data Protection Legislation, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation provided the Customer shall pay the Supplier’s reasonable costs for providing assistance under this Clause 3.4.
3.5 The Supplier must promptly notify the Customer of any changes to Data Protection Legislation that may adversely affect the Supplier’s performance of the Agreement.
4. Supplier’s employees
4.1 The Supplier will ensure that all of its key employees responsible for Protected Data:
- are informed of the confidential nature of the Protected Data and are bound by confidentiality obligations in respect of the Protected Data; and
- have undertaken training on the Data Protection Legislation relating to handling Protected Data.
5.1 The Supplier must at all times implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Protected Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Protected Data.
5.2 The Supplier must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of security measures.
6. Personal data breach
6.1 The Supplier will promptly and without undue delay notify the Customer if any Protected Data is lost or destroyed or becomes damaged, corrupted, or unusable.
6.2 The Supplier will promptly and without undue delay notify the Customer if it becomes aware of a Personal Data Breach.
6.3 Where the Supplier becomes aware of a Personal Data Breach, it shall, without undue delay, also provide the Customer with the following information:
- description of the nature of the Personal Data Breach, including the categories and approximate number of both Data Subjects and Protected Data records concerned;
- the likely consequences; and
- description of the measures taken or proposed to be taken to address the Personal Data Breach, including measures to mitigate its possible adverse effects.
6.4 The Supplier will reasonably co-operate with the Customer in the Customer’s handling of a Personal Data Breach, including:
- assisting with any investigation;
- making available information reasonably required to comply with all Data Protection Legislation; and
- taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach.
6.5 The Supplier will not inform any third party of any Personal Data Breach without first obtaining the Customer’s prior consent, except when required to do so by law.
6.6 The Supplier agrees that the Customer has the sole right to determine whether to provide notice of the Personal Data Breach to any Data Subjects.
7. Cross-border transfers of protected data
7.1 The Supplier may only transfer or otherwise process, or permit the processing, of Protected Data outside the UK or the EEA under the following conditions:
- the Supplier is processing Protected Data in a territory which is subject to a current finding by the European Commission under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals;
- the Supplier participates in a valid cross-border transfer mechanism under the Data Protection Legislation, so that the Supplier (and, where appropriate, the Customer) can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the General Data Protection Regulation ((EU) 2016/679), including, where required, the use of European Commission approved standard contractual clauses; or
- the transfer otherwise complies with Data Protection Legislation.
8.1 The Customer hereby acknowledges that the Services and the Web Portal may be provided via subcontractors. The Customer hereby authorises the Supplier’s use of the subcontractors set out in Annex 2. The Supplier shall notify the Customer in relation to any changes and additions to the subcontractor list prior to such changes and additions taking place, thereby providing the Customer with an opportunity to reasonably object such changes and additions. Where the Customer does not object in writing to the Supplier’s notice pursuant to this clause within seven (7) calendar days, the Customer shall be deemed to have authorised the relevant change or addition.
8.2 In any circumstances, the Supplier may only authorise a third party (subcontractor) to process the Protected Data if the Supplier enters into a written contract with the subcontractor that contains terms substantially similar as those set out in this Agreement, in particular, in relation to requiring appropriate technical and organisational data security measures. The Supplier remains fully liable to the Customer for the acts and omissions of any approved subcontractor in connection with the Services.
8.3 The Supplier shall use commercially reasonable efforts to comply with the Customer’s objection pursuant to 8.1 above. Where the Supplier is unable to continue to provide the Services, the Web Portal and/or the App as a result of such Customer objection, the Customer shall be entitled to terminate the Agreement in accordance with the provisions of clause 12 of the Agreement.
9. Complaints, data subject requests and third-party rights
9.1 The Supplier shall provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with:
- the rights of Data Subjects under the Data Protection Legislation, including subject access rights, the rights to rectify and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
- information or assessment notices served on the Customer by any supervisory authority under the Data Protection Legislation.
9.2 The Supplier shall notify the Customer promptly if it receives any complaint or notice that relates to the processing of the Protected Data or to either party’s compliance with the Data Protection Legislation in connection with its obligations under this Agreement.
9.3 The Supplier shall notify the Customer within five (5) working days if it receives a request from a Data Subject for access to their Protected Data or to exercise any of their related rights under the Data Protection Legislation.
9.4 The Supplier shall provide reasonable assistance to the Customer in responding to any complaint, notice or Data Subject request.
10. Term and termination
10.1 This DPA shall survive termination of the Agreement for so long as the Supplier retains any Protected Data related to the Agreement in its possession or control.
10.2 If a change in any Data Protection Legislation prevents either party from fulfilling all or part of its Agreement obligations, the parties will suspend the processing of Protected Data until that processing complies with the new requirements. If the parties are unable to bring the Protected Data processing into compliance with the Data Protection Legislation within three (3) months, they may terminate the Agreement on written notice to the other party.
11. Data return and destruction
11.1 On termination of the Agreement for any reason, the Supplier will securely delete or destroy or, if directed in writing by the Customer, return and not retain, all or any Protected Data related to this Agreement in its possession or control.
11.2 If any law, regulation, or government or regulatory body requires the Supplier to retain any documents or materials that the Supplier would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends.
12.1 To the extent required by Data Protection Legislation the Supplier will keep detailed, accurate and up-to-date written records regarding any processing of Protected Data it carries out for the Customer, including but not limited to, the access, control and security of the Protected Data, approved subcontractors and affiliates, the processing purposes and categories of processing (“Records”).
12.2 The Supplier will ensure that the Records are sufficient to enable the Customer to verify the Supplier’s compliance with its obligations under this Agreement and the Supplier will provide the Customer with copies of the Records upon the Customer’s reasonable request.
13.1 The Supplier will permit the Customer to audit the Supplier’s compliance with its Agreement obligations, on at least thirty (30) days’ notice, not more than once in any twelve (12) month period during the term of the Agreement, while the Supplier is actively providing the Services to the Customer. Any such audit shall be undertaken during normal business hours and in a manner which does not impact the Supplier’s business. The Supplier shall use its reasonable efforts to provide the Customer assistance to conduct an audit, provided that the Customer shall pay the Supplier’s reasonable costs for providing any such assistance. Any disclosures made as a result of an audit shall be considered the Supplier’s Confidential Information.
13.2 On the Customer’s reasonable written request, the Supplier will make its own data protection audit reports available to the Customer for review. The Customer will treat such audit reports as the Supplier’s Confidential Information under this Agreement.
14.1 The Customer warrants that the Supplier’s expected use of the Protected Data in performing the Services and as specifically instructed by the Customer will comply with the Data Protection Legislation.
Annex 1 – Processing, Protected Data and Data Subjects
- Processing by the Supplier
- Nature and purpose of processing:
The Supplier will process the Protected Data as necessary to perform the Services pursuant to the Agreement and as further instructed by the Customer in its use of the Services.
- Duration of the processing:
The Supplier will process the Protected Data for the duration of the Agreement in performance of the Services, unless agreed in writing.
- Types of Personal Data
- The Customer may submit Protected Data in connection with the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to, the following categories of data:
- first and last name;
- contact information (email, phone, address);
- date of birth;
- home postcode;
- barcode identifying a sample of biological material received by the Supplier;
- sample tube containing such biological material; and
- test result.
- Categories of Data Subjects
- The Customer may submit Protected Data in connection with the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include but is not limited to, Protected Data relating to the following categories of Data Subjects:
- employees of the Customer;
- contractors of the Customer;
- agents of the Customer;
- authorised representatives of the Customer; and
clients/customers of the Customer.