General Conditions

overlay overlay
overlay

Considering:

The private limited liability company KnowL solutions BV, having its registered office and principal place of business in Voorschoten at Aagje Dekenkade 71 (2251ZV) (hereinafter referred to as: "Supplier"), with the trade name "MedSafe", has developed the PBL "MedSafe";

MedSafe (hereinafter referred to as "The Service"):

  • The Service: software that is also known as PBL (Personal Health Record).
  • MedSafe offers the possibility to keep online data about his/her prescribed medicines, use of medicines, allergies, conditions from which he or she suffers, allergies and other relevant health data and, with his/her own data, to have one or more third parties, for example a healthcare worker or a family member, view and use (download).  modify and supplement (upload) or otherwise manage.
  • Characteristic of The Service is that the patient always retains full control over all data that is processed about him/her with the software.
  • The Service is made available by the Supplier via a secure internet connection as a service (hereinafter: the Service);
  • the User wishes to purchase the Service from the Supplier and to use The Service in order to be able to manage data on prescribed medicines and the use of medicines and other relevant personal data of themselves or that third party for themselves or on behalf of a third party;
  • The Supplier is prepared to provide the User with the Service and additional services and to grant a non-exclusive and non-transferable right to use The Service under the following conditions:

Article 1. Definitions

In these terms and conditions, the following terms shall have the following meanings.

1.1. Other Information: information of a general nature about the effects of the (combination of) medicines, of the use of medicines in combination with known conditions, with conditions of the body and/or with allergies, and other information of a general nature relevant to the health care sector.

1.2. Authorisation protocol: the fully automated system offered in The Service for granting consent by the Patient to a Care Provider or other third party for the management of his/her medical data in a PGO;

1.3. the User: the natural person who has concluded the Agreement with the Supplier for the use of the Service and of The Service for the management of medical data of himself (in which case the User is also a Patient) and/or of another person.

1.4. Care provider: a care provider, institution or facility for health care or social services as referred to in Article 21 of the Personal Data Protection Act, who processes personal data relating to health in the context of the exercise of a medical profession or business.

1.5. Effective Date: the date on which the Agreement was concluded by electronic means.

1.6. Intellectual property rights: all intellectual property rights and related rights, such as copyright (including the right to protection of writings), trademark rights, patent rights, design rights, trade name rights, database rights, as well as rights to know-how, to the software and other components of the Service and The Service, the data collections managed in the context of The Service and the information and documentation provided through The Service or in the context of additional services are provided.

1.7. Medical data: data of a Patient about, among other things, prescribed medicines, about the use of medicines, about conditions from which he/she suffers, about allergies, as well as information about the practitioners and the supporting natural persons involved in a treatment and other personal data of that Patient that is relevant for the correct processing of data about the use of medicines.

1.8. Agreement: the agreement concluded electronically with regard to the provision of the Service and The Service by the Supplier to the User in accordance with these terms and conditions and any Annexes.

1.9. Patient: any natural person for whom a Patient File and/or a Healthcare Service File has been created in The Service.

1.10. Server: one or more computer(s) managed by or on behalf of the Supplier that is accessible from the internet, with the Service and other software necessary to be able to deliver the Service.

1.11. Website: the website of The Service.

1.12. The Service: the standard software application operated by the Supplier that is installed on the Server with which the User or a Care Provider can process Medical Data online and with which the Other Information is provided, all this with the functionalities as described on the Website.

1.13. The Emergency Service Provider's File: a digital file created by a Care Provider in addition to the regular file that a Care Provider is required to keep about a patient on the basis of Book 7, Title 7, Section 5 of the Dutch Civil Code, in The Service for the processing of medical data of a natural person, which has not been made accessible to the natural person concerned via the functionality offered for this purpose in The Service;

1.15. The PGO: a digital file created in The Service by or with the consent of a Patient or by a Care Provider for the processing of that Patient, which has been made accessible to that Patient or a User authorised by him/her for this purpose via the functionality offered for this purpose in The Service.

Article 2. Provision of the Service

2.1. During the term of the Agreement, the Supplier will provide the User with the Service via a secure internet connection that runs over the public Internet. To this end, the Supplier will provide the User with the internet address of the Server. The Supplier shall provide the Service and The Service with an authentication system through which the User can access the Service and The Service.

2.2. The Supplier guarantees that the Service will be carried out in a professional manner, that it will meet the characteristics indicated in the Agreement as accurately as possible and that it will be performed in accordance with the applicable laws and regulations.

2.3. The Supplier will make every effort to achieve the greatest possible availability of the Service for the User, but cannot guarantee that the Service will be available to the User continuously, without interruptions.

Article 3. Service, features, updates and new versions

3.1. For the duration of the Agreement, the Supplier grants the User a non-exclusive right to use The Service under the terms and conditions of the Agreement.

3.2. The Supplier guarantees that The Service will be suitable for normal use with due observance of the characteristics as indicated in the Agreement.

3.3. The Other Information provided in The Service about the composition, effect and use of the medicines and about combinations of medicines is based on the G-standard compiled by Z-Index, the healthcare provider database compiled by Vektis BV, the BIG register maintained by the CIBG containing all registered healthcare providers in the Netherlands, the information about healthcare institutions of Zorgatlas and on the study of medicines and on experience in the treatment of medicines. The Other Information is only general in nature and does not relate to an individual Patient or a group of Patients, in the sense that this information is automatically linked in The Service to the related medical data entered. The supplier does not change the content of the intended G-standard and database. The Supplier makes every effort to present the correct and relevant information from these sources in The Service, but cannot guarantee that the Other Information provided is always correct, relevant or complete. Supplier is not liable for any errors or omissions in the Other Information.

3.4. The Supplier will make every effort to keep The Service up-to-date as much as possible, taking into account the technical developments, the external databases used by The Service and the applicable laws and regulations, and to make any updates and new versions available online to the User within a reasonable time after they become available.

3.5. The Supplier may extend the Service with additional optional functionality and additional services for the User. The Supplier will inform the User accordingly. The Supplier reserves the right to attach additional conditions, including the obligation to pay a user fee, to the use of the optional functionality and/or the additional services. In that case, the Supplier will always clearly specify the relevant additional terms and conditions. The User is not obliged to purchase the relevant optional functionality and/or the additional services.

Article 4. Involvement of third parties

4.1. The Supplier is entitled to engage third parties in the performance of the Agreement at its own discretion. The Supplier shall impose the same obligations on the third parties engaged by it as it assumes towards the User in the context of this Agreement for the relevant processing of personal data, in order to ensure that confidentiality and security against misuse of personal data by these third parties is also sufficiently guaranteed.

Article 5. Terms of Use of the Service and The Service

5.1. For the use of the Service, The Service and the additional services of the Supplier, the User must have an internet connection and an installed web browser or a mobile phone.

5.2. Use of the Service and The Service by the User is only possible on the basis of the authentication system provided by the Supplier to gain access to the Service and The Service.

5.3. the User shall keep secret the means of authentication provided to him by the Supplier for the purpose of gaining access to the Service and The Service. The User is at all times fully responsible and liable for any use of the means of authentication provided to him. Supplier may assume that a user who logs in with an appropriate means of authentication is actually a user authorised by the User to access and use The Service on behalf of the User via the Service as soon as the User knows or has reason to suspect that his, provided by the Supplier,  means of authentication have fallen into the hands of unauthorized persons or are otherwise misused, the User shall immediately notify the Supplier thereof, after which the Supplier shall immediately block access to The Service via those means of authentication.

5.4. In the situations in which it is responsible for the processing of personal data (see Article 11 below), the Supplier reserves the right to delete the data stored in The Service as a result of unauthorised use or misuse and to undo or disable access to the data made to the data in The Service. Under no circumstances will the Supplier be liable for damage resulting from the deletion of data or the disabling of access to it.

Article 6. User's Responsibilities for Use of the Service and The Service

6.1. The User is at all times fully responsible for:
the use he/she makes of the Service;  
the changes and additions made by him/her to the medical data in The Service;  
all other forms of management of the medical data carried out by or on behalf of him/her in The Service and beyond;

6.2. The User is responsible for ensuring that he/she does not process unlawful, incorrect or incomplete data in The Service or otherwise acts in a harmful manner towards the Patient or third parties in the context of the use of the Service and The Service.

6.3. The Supplier is not liable for the inaccuracy, incompleteness or unlawfulness of (the content of) the medical data stored in The Service with the help of the Service, nor for the changes in, additions to and/or the use or other processing of medical data and the available Other Information.

6.4. Access to and any other form of processing of the medical data in a The Service (PGO) by the User, not being the Patient himself, is only permitted if and insofar as the Patient concerned has given his/her explicit consent to this. On the basis of the Authorisation Protocol, the User only has the Patient's consent to process medical data if and to the extent that the Patient has set up the Service in such a way that the User has access to that data and explicit consent for that processing is demonstrated.

Article 7. Suspension of Delivery Service

7.1. The Supplier reserves the right to immediately and without prior warning (temporarily) suspend access to the Service via the User's means of authentication and/or to restrict their use as soon as the Supplier knows or has reason to suspect that the means of authentication provided by the Supplier to the User have fallen into the hands of unauthorized persons or are otherwise being misused. If necessary, the Supplier will inform the User about this as soon as possible.

Article 8. Maintenance and support

8.1. The Supplier reserves the right to temporarily suspend the Service for the purpose of maintenance, modification or improvement of the Service, The Service and/or the Server. The Supplier shall allow such decommissioning to take place outside office hours as much as possible and shall inform the User in good time in advance of the planned shutdown. The Supplier will never be obliged to pay any compensation to the User due to such decommissioning of the Service.

8.2. Supplier is not obliged to provide support to the Customer in the use of the Service and The Service. If and to the extent that the Supplier offers support to the Customer through a helpdesk or otherwise in the use of the Service and The Service, the Supplier will make every effort to answer any questions about the use of the Service and The Service adequately and within a reasonable period of time. However, the Supplier cannot guarantee the correctness and/or completeness of the answers.

Article 9. Intellectual property rights

9.1. The Intellectual Property Rights belong to and remain vested in the Supplier and/or its licensors.

9.2. Supplier hereby grants to the User for the duration of the Agreement a non-exclusive and non-transferable license to use the Service and The Service in accordance with the provisions of the Agreement. Use of the Service and The Service other than as specified in the Agreement is not permitted.

9.3. In the event that, on the basis of a court decision that has become final, it has been established that The Service infringes Intellectual Property Rights of third parties, the Supplier is entitled to discontinue the Service without being liable to pay damages to the User in any way.

9.4. Except to the extent permitted by law or in the Agreement, the User may not reproduce, publish, decompile or reverse engineer the Service. Furthermore, the User is not permitted to remove or circumvent any security or technical (use) restrictions of The Service.

Article 10. Privacy / processing of personal data

10.1. The use of the Service and The Service involves the processing of personal data, including the processing of personal data relating to the health of the Patients. The Personal Data Protection Act applies to this processing.

10.2. The Supplier is the responsible party (within the meaning of the Personal Data Protection Act) for all processing of personal data in the context of a The Service (PGO).

10.3. The User, insofar as he/she is to be regarded as a Patient, hereby gives the Supplier explicit permission to process his/her medical data within the framework of the Agreement and in accordance with the purposes as specified in the privacy statement published on the Supplier's website.

10.4. If one or more Care Providers process data in a The Service Provider File and the Care Provider(s) in question has made the relevant file accessible to the Patient or another User authorized by him/her via the technical facility made available for this purpose in The Service, the relevant The Service Provider File will be deleted at the moment that the Patient,  or the relevant authorized User, on the basis of this Agreement, is using The Service or the Service automatically converted into (and to the extent necessary: merged into) one PBL pursuant to this Agreement. In that conversion process, the Care Providers who had access to the Emergency Service Files converted in this way are automatically authorized by the Patient to view and change the medical data of the Patient in question in the PGO as well. The User may modify or revoke the relevant authorization(s) at any time in accordance with the Authorization Protocol. The User hereby gives explicit permission to include the data from the Emergency Service files in the PGO and to set up the aforementioned initial authorizations to the Emergency Responder in the PGO.

10.5. In accordance with the Authorisation Protocol in The Service, the User may authorise one or more third parties (either Emergency Responders or other Users) to view or otherwise process his medical data and to manage settings of The Service. Insofar as data is exchanged with Emergency Responders in that context, the relevant data exchange may take place via a network of a third party to which the Emergency Responder in question is connected (such as the National Exchange Point). The User hereby authorises the Supplier to grant the third party(ies) authorised in accordance with the Authorisation Protocol (other Users or Healthcare Providers) access to (depending on the relevant authorisation) his medical data and/or the settings of The Service, subject to any conditions/restrictions chosen by the User and – insofar as applicable – via the external networks used by the Healthcare Provider(s). The User may revoke an authorization once granted at any time by means of the Authorization Protocol or by contacting the Supplier.

10.6. If and to the extent that the User uses the Service and The Service on the basis of an authorization for the processing of medical data of a Patient, not being the User himself, the User guarantees to the Supplier that the Patient in question has given his explicit consent for the personal data processing in question.

10.7. If and to the extent that one or more Care Providers also use the Service and The Service to process medical data in the context of a Patient File, with the Patient's consent, then those concerning Care Providers are jointly responsible in relation to that processing. In other words: each Care Provider is the controller for the processing of medical data carried out by him/her in the Patient File and the Supplier is the controller for the processing of medical data carried out by the User/Patient and for the Service/Service as such.

10.8. The Supplier will take appropriate technical and organisational measures (or have them taken) to protect the personal data against loss or any form of unlawful processing. These measures will be appropriate taking into account the state of the art and the costs involved and will also aim to avoid unnecessary collection and further processing of personal data.

10.9. The Supplier shall keep the medical data confidential and shall not provide it to any third party, except with the consent of the User or pursuant to an obligation arising from a statutory regulation. The Supplier shall ensure that employees under its authority only have access to the medical data insofar as they have been authorised to do so by the Supplier and that is necessary for a proper service in the context of The Service. The Supplier will have all employees who act under the authority of the Supplier and have access to the medical data sign a written confidentiality agreement, will maintain confidentiality on the basis of which they undertake to maintain confidentiality with regard to the personal data of which they become aware in the context of The Service, unless a statutory provision obliges them to disclose it.

10.10. In The Service, the Supplier keeps a log of all medical data and Other Information processed in The Service and of all actions of individual users that take place in The Service. The data in this logbook will be retained by the Supplier for a period of 15 years, unless the Agreement ends before then. In that case, the Customer concerned determines whether his/her medical data will be retained afterwards.

Article 11. Emergency Login Code

11.1. The Supplier will provide Healthcare Providers with whom the Supplier has entered into an agreement with regard to the use of the Service and The Service with an institution-specific emergency login code with which the Patient's medical data can be viewed in the PGO without the Patient's consent. The code may only be used by the relevant Healthcare Provider on the basis of the relevant agreement insofar as knowledge of the medical data is necessary in connection with the performance of acts in the field of medicine that is apparently necessary immediately, without time for requesting permission, to prevent serious harm to the Patient.

11.2. The Supplier shall register the use of the emergency login code and notify the User when the medical data in question have been viewed by the Emergency Responders by means of an emergency login code.

11.3. When using the emergency login code, the Supplier will only provide the Patient's medical data to the Caretaker(s) if and to the extent that the User (whether or not on behalf of the Patient) has given explicit permission for such provision when using the emergency login code in accordance with this article. The User can revoke the consent in question at any time, free of charge and free of charge.

Article 12. Data back-ups

12.1. The Supplier will make a full backup of the data stored in The Service on a daily basis in order to protect against loss of that data. The backups will be stored securely on one or more separate servers of the Supplier, which are not directly involved in the Service and which are physically located at a different location than the Server.

12.2. Data stored in backups in this way will be stored by the Supplier for a period of two weeks.

Article 13. Liability

13.1. The total liability of the Supplier due to attributable failure to comply with the Agreement is limited to compensation for damage, of whatever nature, up to a maximum of € 1,000.

13.2. The Supplier's liability due to an attributable failure to comply with the Agreement shall in all cases only arise if the User gives Supplier proper written notice of default, whereby a reasonable period is set to remedy the shortcoming and the Supplier continues to imputably fail to comply with its obligations even after that period. The notice of default must contain a description of the shortcoming that is as complete and detailed as possible, so that the Supplier is able to respond adequately.

Article 14. Force majeure

14.1. The Supplier is not obliged to comply with any obligation if it is prevented from doing so as a result of force majeure. Force majeure includes power failures, failure of internet and/or telecommunication connections, lack of personnel, strikes, illness of staff, failure to properly comply with obligations by suppliers of the Supplier or third parties engaged by the Supplier, the outbreak of hostilities, riots and war, terrorist attacks, fire, explosions, floods, as well as any other situation over which the Supplier cannot actually control (decisive) exert.

Article 15. Term and Termination

15.1. The Agreement commences on the Effective Date and is entered into for an indefinite period of time. The parties may terminate the Agreement by registered letter with due observance of a notice period of one month.

15.2. The Agreement with the User who is also a Patient (who therefore manages his/her own data) ends immediately by operation of law upon the death of the Patient in question.

15.3. As soon as the Supplier becomes aware of the Patient's death, it will make access to the relevant Patient File impossible as soon as possible, both for the holder of the means of authentication provided to the Patient and for the third parties authorised up to that point.

15.4. To the extent that, upon the User's death, he or she has access to one or more Patient Files of third parties – on the basis of an authorization – the Supplier shall disable access to the relevant Patient Files of third parties as soon as possible after becoming aware of the User's death.

15.5. and/or in the event of the death of the User who is not a Patient.

Article 16. Contract takeover/transfer

16.1. The rights and obligations arising from the Agreement between the Supplier and the User cannot be transferred by the User to a third party.  
16.2. The Supplier reserves the right to transfer its rights and obligations under the Agreement to a third party in full. The User acknowledges this reservation of the Supplier and accepts such a transfer by the Supplier for that time. If necessary, the Supplier will inform the User by letter at least three months prior to the transfer, whereby the Supplier will also indicate the date on which the transfer will be completed. The User has the right, where applicable, to dissolve the Agreement free of charge until the date of transfer by means of a written rescission declaration, unless the transfer of rights and obligations takes place in connection with the transfer of a company to which both those obligations and the rights stipulated in respect of them belong.

Article 17. Changes, additions and conversion

17.1. Amendments to and additions to any provision in the Agreement are only valid if they are agreed in writing.

17.2. If any provision of the Agreement is deemed null and void, the other provisions of the Agreement shall remain in force. In that case, the parties undertake to consult with each other about a new provision to replace the null and void provision, which will come as close as possible to the purport of the null and void provision.

Article 18. Applicable law and competent court

18.1. The Agreement and all agreements arising from or in connection therewith, as well as all related obligations, shall be governed by Dutch law.

18.2. All disputes arising from or in connection with the Agreement and the obligations related thereto shall be brought exclusively before the competent Dutch court in the first instance, unless the parties agree otherwise in writing.

Disputes

If you do not agree with the Supplier's actions, please contact the Supplier via the contact form on the website or by letter to the following address:

MedSafe
Aagje Dekenkade 71
2251 ZV in Voorschoten
info@medsafe.io