Terms and Conditions For Clinics

MARKETING COOPERATION AGREEMENT

hereinafter referred to as the Agreement, concluded between:

A clinic registering on Clinic Hunter platform,  hereinafter referred to as “Partner“,

and

ClinicHunter Sp. z o. o. with its registered office in Lublin Aleja Kraśnicka 213, 20-718 Lublin, registered in the Register of Entrepreneurs kept by the District Court Lublin Wschód in Lublin with its registered office in Świdnik, VI Commercial Division of the National Court Register under KRS number 0000597310, with NIP number 5213719700, with share capital of 105 PLN 600,

represented by:

Marek Hołówko – President of the Management Board

Bartosz Prokopowicz – Member of the Management Board

hereinafter referred to as “Clinic Hunter“,

The Partner and Clinic Hunter are hereinafter referred to as the “Parties”, and each individually as a “Party”.

Whereas:

• Clinic Hunter and Partner cooperate in offering clients the opportunity to use the medical services of reputable entities in Poland and abroad,
• Clinic Hunter concluded a group insurance agreement with Inter partner Assistance SA with its registered office in Brussels, operating in Poland through Inter partner Assistance SA Branch in Poland (hereinafter referred to as AXA Partners), the subject of which is to insure travel abroad for the purpose of treatment (“Insurance Agreement”)
• The aim of the parties is to enable all their customers to take advantage of insurance coverage provided under the Insurance Agreement
• The goal of Clinic Hunter is to build recognition of its brand, including additional benefits that may be due to entities using its services and cooperating with it

Accordingly, the parties agree as follows:

I. Definitions

The following terms are given the following meaning:

1. Customer – a user who obtains information about the possibility of joining the Insurance Agreement through the Partner, who in particular used the Landing page posted on the Partner’s website or other website approved by the Parties in accordance with the provisions of the Agreement;
2. “Logo” – any trademarks, trade names, company names, logos, logotypes, utility models, rights to names, markings, symbols, designs, images, voices, texts, slogans and any elements that may constitute a work within the meaning of the Act of 4 February 1994 on copyright and related rights or subject to protection under the provisions of the Act of June 30, 2000 – industrial property law, transferred by the Party to the other Party as part of the implementation of the Agreement;
3. Partner’s website – website of the partner / clinic;
4. Clinic Hunter website – website of Clinic Hunter – www.clinichunter.com;
5. Landing page – a dedicated place on the Partner’s website, informing about the Product and redirecting via a link to the Clinic Hunter Website where the Customer can join the Insurance Agreement.

II. Subject of the agreement

1. The subject of the Agreement is the placement by the Partner on the Partner’s website of a banner informing about the possibility of the Partner’s client joining the Insurance Agreement, containing a link redirecting to the Clinic Hunter Website, through which the Client may join the Insurance Agreement.
2. Each time before placing a banner or Landing page on the Partner’s Website, the Partner shall provide Clinic Hunter for approval – in the form of graphic files sent to the address contact@clinichunter.com or by providing a test version of the Partner’s Website presenting the location of the banner or Landing page and the content of the page. Acceptance will take place in the form of an e-mail sent to the Partner.
3. During the term of the Agreement, the Partner has the right to change the graphic design of the banner or Landing page, after prior acceptance of these graphic changes by Clinic Hunter. The Partner undertakes to change the banner or Landing page within 10 days of Clinic Hunter sending by e-mail the acceptance referred to in the preceding sentence.
4. The cost of preparing the banner or Landing page, including the development of the graphic design and implementation of IT solutions, is borne by the Partner.

III. Remuneration

1. For the activities provided for in this Agreement, the Partner is entitled to remuneration in the amount of 10% of the amount of the insurance premium paid by the customer for accession to the Insurance Agreement.
2. The Partner’s remuneration will be paid on the basis of a VAT invoice issued by the Partner, within 10 days from the end of a given quarter, with the payment deadline 15 days from its receipt – to the bank account indicated in the invoice.
3. The remuneration referred to above exhausts all the Partner’s claims under the contract.

IV. Obligations of the Parties

1. The Partner undertakes to ensure the proper quality of the services provided, however, it is not responsible for any disruptions in the functioning of the Partner’s Website caused by force majeure, equipment failure, unauthorized interference by third parties or overloading of the Partner’s Website.
2. The Partner is not responsible for the temporary inability to use the Partner’s Website, which results from making changes and improvements in the system and from circumstances beyond the Partner’s control.
3. The Parties, if possible, will inform each other in advance about planned technical breaks, as well as any disruptions in the functioning of their Websites.

V. Protection of business secrets

1. In connection with the implementation of the Agreement and activities arising from it and related to it, undertaken by the Parties, the Parties mutually and accordingly undertake to:

1.1. treat as confidential, covered by the trade secret of the relevant Party and protected by professional secrecy applicable to the relevant Party, provided by the relevant Party or to the relevant Party, any materials, including written or prepared on any other information carriers, as well as any oral information, consultations and information, to which, in connection with and during the performance of the Agreement, employees of the relevant Party had access, acting on its behalf or on the basis of another legal relationship or legal event of a similar nature (Employees), relating in particular to the activities conducted by the relevant Party, organizations and current and future plans and actions of the relevant Party, including planned transactions and development strategies (“Confidential Information”);

1.2. provide Confidential Information only to those Employees who will need it to perform activities under the Agreement and – with the prior written consent of the relevant Party – only to those third parties who have been approved by the relevant Party and who have signed a confidentiality agreement on the same terms, as this obligation (third parties are also considered to be the Contractor’s partners);

1.3. not to use the Confidential Information for any other purposes, except for the purposes set out in the Agreement;

1.4. not to use or disclose Confidential Information to any third party to conduct any activity that competes with that of the relevant Party or to interfere with or otherwise adversely affect the plans or activities of the relevant Party;

1. The Receiving Party may disclose Confidential Information without the prior written consent of the other Party only if:

2.1. the Confidential Information was publicly known or became publicly available other than through the act or omission of the Receiving Party;

2.2. disclosure of Confidential Information is required on the basis of mandatory provisions of law, a court judgment or a decision of another state authority, acting within the limits of powers set by law;

2.3. discloses Confidential Information to an entity belonging to the same capital group as the Receiving Party, provided that the disclosure is made for the purpose of exercising ownership supervision, providing shared services, for internal control purposes or for group audit purposes, provided that the auditor has been employed by an entity belonging to this the capital group itself;

2.4. discloses Confidential Information to auditors, statutory auditors, in order to carry out mandatory inspections or inspections resulting from corporate regulations;

2.5. discloses Confidential Information to the tax authorities servicing the capital group of which the Receiving Party is a member in order to fulfill tax obligations, e.g. preparation of consolidated statements, reporting tax schemes.

1. In the case referred to in the paragraph. 2.2. The Receiving Party is obliged to:

3.1. immediately inform the transferring Party about the obligation to disclose Confidential Information,

3.2. disclose of only such part of the Confidential Information as is required by applicable law or a court judgment (decision of a state authority),

3.3. provide it  in a manner that guarantees confidentiality.

1. In the cases referred to in par. 2.3. – 2.5. The receiving party is obliged to inform the entities to whom it discloses information about its confidential nature and oblige these entities to maintain confidentiality on the terms set out in the Agreement. Only such Confidential Information that is necessary to achieve the indicated purpose may be provided and may be processed only for the time necessary to achieve this purpose.
2. The receiving party disclosing Confidential Information in the cases specified in section 2.3. – 2.5. is liable to the providing Party for the acts or omissions of entities to which it disclosed Confidential Information leading to a breach of this Agreement.
3. The capital group referred to in this paragraph should be understood as all companies, including foreign companies related by control or by control with the same person, i.e. the parent company together with subsidiaries controlled by the parent company
4. Confidential Information, despite being provided to the Receiving Party, remains the property of the Disclosing Party.

VI. Intellectual Property Rights

1. Upon providing the Partner with graphic materials for the banner or Landing page by Clinic Hunter, Clinic Hunter grants the Partner a non-exclusive license to use the Logo in the following fields of exploitation:

1.1. in the field of recording and reproduction – production using all techniques, including magnetic recording, photosensitive, audiovisual, digital, optical, printing, computer, regardless of the recording format and medium, size, form, technique, binding, type and method of distribution or making public,

1.2. entering into computer memory, temporary and permanent recording and a copy of such records; archiving records;

1.3. public performance or playback on the Internet, in other telephone, ICT, multimedia and computer networks; interactive use; sharing via streaming media;

1. The license referred to in par. 1 above is granted for the period of cooperation of the Parties under the Agreement and expires with its termination and has been included in the Partner’s remuneration specified in the Agreement.
2. The Partner is not entitled to make changes, abbreviated reassemblies, modify part or all of it, make corrections, alterations, changes or adaptations of the Logo.
3. The Partner is obliged to use the Logo only to implement the rights and obligations under the Agreement.
4. The Partner declares that he is entitled to the rights to the Partner’s Website and posting a Landing page on this website will not infringe the rights of third parties.

VII. Duration of the agreement

1. The agreement is concluded for an indefinite period and enters into force on the day of its signing.
2. Each Party has the right to terminate the Agreement with a 2-month notice period.
3. The parties, after prior notice and the ineffective expiry of the designated additional period of not less than 7 days, have the right to terminate the Agreement without notice for important reasons, i.e.:

3.1. in the event of breach by the other Party of the provisions of the Agreement;

3.2. in the event of the other Party conducting illegal activities;

3.3. in the event of publication by any of the Parties of content that is inconsistent with Polish law, in particular:

3.3.1. pornographic, in particular with the participation of persons under the age of 15, related to the use of violence or involving animals;

3.3.2. offensive, defamatory, violating the good name of a person, persons, companies and institutions;

3.3.3. calling for the spread of hatred, racism, xenophobia, conflicts between nations;

3.3.4. infringing copyrights/intellectual property, in particular providing:

3.3.4.1. in any way, files or hyperlinks to graphic files, music or literary texts and other works that are subject to copyright or that promote or encourage copyright infringement;

3.3.4.2. that provide viruses, “Trojan horses”, data containing “bugs” or other harmful or destructive elements or hyperlinks to them.

VIII. Final Provisions

1. Any changes to the Agreement and statements made in its performance require a written form to be valid.
2. The contract is subject to Polish law.
3. Any disputes that may arise in connection with the performance of the Agreement will be resolved through negotiations, and if no agreement is reached within 30 days of the dispute being raised, it will be submitted to the common court for resolution.

Terms and conditions for telemedicine

I  Scope of the Regulations and definitions

1. This document regulates the rules of using the services of the Website operated by Clinic Hunter Limited Liability Company with its registered office in Lublin (20-718), Aleja Kraśnicka 213, which is entered in the register of entrepreneurs of the National Court Register kept by the Lublin-Wschód District Court in Lublin with its seat in Świdnik, 6th Commercial Division of the National Court Register under the KRS number 0000597310, tax number: 5213719700, National Business Registry Number: 363560798, share capital PLN 105,600.00, hereinafter also referred to as “Clinic Hunter”, “Administrator” or “Company”.
2. Definitions:
3. Administrator – Clinic Hunter Limited Liability Company with its registered office in Lublin (20-718), Aleja Kraśnicka 213, which is entered in the Register of Entrepreneurs of the National Court Register kept by the Lublin-Wschód District Court in Lublin with its seat in Świdnik, 6th Commercial Division of the National Register Court under KRS number 0000597310, tax number: 5213719700, National Business Registry Number: 363560798, share capital PLN 105,600.00,
4. Client (Patient) – a natural person visiting the Company’s website, potentially interested in using the services offered on the Clinic Hunter website by the Clinic,
5. Consumer – a natural person who performs a legal transaction not directly related to his/her business or professional activity,
6. Regulations – these regulations for the provision of services,
7. Website – website maintained by the Administrator, located at www.clinichunter.com,
8. Service – a service specified in these Regulations, provided through the Administrator.

II General provisions and scope of the Service

1. The Administrator provides Services on the website www.clinichunter.com, on the terms and to the extent specified in the Regulations, and these activities constitute a service provided electronically within the meaning of the Act of 18 July 2002 on the provision of electronic services (i.e. Journal of Laws 2020, item 344 as amended).
2. Access to the Service consists in providing a space where there are options for:

1. connecting the Client with the Clinic,
2. obtaining medical advice (consultation) by the Client
3. obtaining information by the Client thanks to leaving a telephone number, contact via a remote communication application (e.g. Messenger, Whatsapp), e-mail,
4. data transmission regarding a medical service.

1. The Administrator is not a medical entity and does not provide medical services (neither at its headquarters nor in the form of telemetry services), but only acts as an intermediary in contact and communication between the Patient and the Clinic. The website is informative and is intended to enable the Patient to contact clinics around the world in order to conduct consultations, obtain remote advice, and determine the costs of a medical service.
2. On the website www.clinichunter.com, the Clinic provides forms and possible consultation hours, the maximum duration of a single consultation and the possibility of booking a consultation date, details of doctors and their specializations, and a fee for the consultation. The patient independently chooses the Clinic and the date of consultation. Depending on the Clinic and its business profile, the scope of the information provided may vary.
3. The services provided by the Administrator are not addressed to children under 16 years of age. In the case of services that will ultimately be used by a minor, contact is made by a legal guardian (e.g. a parent).
4. The current technical requirements necessary to use the Service are: Windows operating system with the latest version of Google Chrome or Firefox, having a current, active and properly configured e-mail account. The service also works on all other configurations, however, the Administrator does not guarantee that it will work properly. The service also works on smartphones. In order to use the services to the greatest possible extent, the devices used by the client should be equipped with a camera and a microphone. The Service Provider reserves the right to introduce changes to the technical requirements and they do not constitute a change to the Regulations or the contract. The costs of adapting to technical requirements are borne by the customer.
5. The Administrator may introduce separate or additional conditions for the provision of Services, including in the form of promotion regulations or separate regulations that apply to the Customer after its acceptance.
6. The service may be based on services as well as technical and IT solutions offered by third parties (e.g. payment intermediation, instant messaging, widgets) – in this situation, the Customer is bound by the regulations presented by these third parties, after the Customer’s acceptance.

III Clinic registration

1. Clinic registration is obligatory. Registration takes place via the website: https://clinic.clinichunter.com/auth/register and after providing the required data.
2. By registering on the website, the Clinic confirms and declares that it has read the Regulations, technical requirements and accepts them.
3. The Administrator grants the Clinic access to the Clinic’s panel for the duration of the Agreement. The clinic is obliged to share the following information in the Clinic’s panel: a description of the clinic and possible consultation hours, the maximum duration of a single consultation and the possibility of booking a consultation date, doctors’ details, and their specializations, as well as consultation fees. In the Clinic’s panel, the Clinic has access to the history of correspondence and consultations, including medical data sent by the client.
4. Settlement for access to the website www.clinichunter.com and to the services provided by the Administrator takes place on a monthly basis.

IV Charges

1. The Administrator does not charge the Customer any fees.
2. Each consultation has an assigned price, which is set directly by the Clinic. The clinic can indicate the price at 0 – in this case, the consultation is free.
3. The Patient pays for consultations through the appropriate tool offered by the Administrator, who then makes settlements with the Clinic.
4. Funds for telemedicine will be transferred to the Clinic’s account using an external tool that requires integration with the Clinic’s bank account. Funds will be reduced by the tool’s commission.
5. Section 4 does not apply to clinics in Turkey, where the funds will be debited to the ClinicHunter LTD account and transferred to the clinic’s account by bank transfer.
6. The clinic pays a certain number of telemedicine hours as part of the package. The clinic itself determines the time intervals for the consultations. Consultation time is counted from the moment it begins to the end. The end of the consultation is marked by clicking on the button ending the interview. If such a button is not pressed and the consultation ends before the agreed period, the clinic will be charged the agreed consultation period. If the clinic extends the consultation for a fixed period, clicking the button ending the interview is considered to end the consultation.

V Resignation from the Service

1. By registering, the Client concludes a contract, which expires after the consultation.
2. The Clinic may cancel the consultation and cancel it in the system.
3. If the Clinic cancels the consultation for reasons beyond the control of the Client, it is obliged to return the funds for the paid service directly to the Client outside the Clinic Hunter system.
4. The Client cannot cancel the consultation via the system. He/She can resign from consultation only by contacting the Clinic.
5. If the Patient informs the Clinic about the resignation from the consultation up to 24 hours before the scheduled time, the Clinic should return the funds for the paid consultation. The return is made directly to the Client outside the Clinic Hunter system.
6. If the Patient informs the Clinic about the resignation from the consultation later than 24 hours before the scheduled time, the funds for the paid consultation remain in the Clinic.

 VI Liability of Clinic Hunter

1. The Administrator takes actions and exercises due diligence to ensure the correct and uninterrupted operation of the Services. The Client or the Clinic is not entitled to compensation for the inability to use the Service and the resulting damages. The Administrator does not provide any guarantees in connection with the use of the service by the Customer.
2. The administrator undertakes to maintain the IT environment necessary for the functioning of the Service. This does not apply to interruptions or other limitations in the functioning of the Service resulting from the need for maintenance work carried out on the server or website on which the Service is placed.
3. The Administrator is not responsible for damages resulting from decisions made by the Customer as a result of using the Service. In particular, the Administrator is not responsible for the quality of consultations, contact, and correspondence with the Clinic.
4. The Administrator is not liable for damages resulting from the provision of the Customer’s data or the access to the Customer’s or the Clinic’s account by a third party, including the inability to use the Service by the Customer or the Clinic in this situation. The restriction mentioned in the preceding sentence does not apply to a situation where a third party gained access to the account for reasons attributable to the Administrator.

VII Complaints procedure

1. The Client / Clinic has the right to lodge a complaint in the event of non-performance or improper performance of the services provided electronically by Clinic Hunter.
2. The complaint is submitted to the Administrator’s e-mail address from the Customer’s / Clinic’s e-mail address.
3. In order for the complaint to be reported effectively and to produce results, it should contain the data identifying the Client / Clinic, the name and type of service to which the complaint relates, the subject of the complaint and the circumstances justifying its submission. If the application does not contain such data, the Administrator will not handle it.
4. The complaint will be handled within 14 days from the effective submission of the complaint.

VIII Personal data protection

1. The Administrator of personal data on the website is Clinic Hunter Limited Liability Company with its registered office in Lublin (20-718), al. Kraśnikca 213, entered into the register of entrepreneurs kept by the Lublin-Wschód District Court in Świdnik, 6th Commercial Division of the National Court Register under the KRS number: 0000597310, tax number: 5213719700, National Business Registry Number: 363560798.
2. The data is processed only on the basis of legal provisions or consent granted by the Customer. The Customer has the right to request the Administrator to access his/her data, rectify them, transfer and delete them, as well as the right to limit data processing.
3. Providing data is voluntary, but necessary to provide the Website’s services. Personal data will be stored for the period necessary for the proper performance of the functions and tasks of the Website, as well as for the legitimate purposes of the data controller, as well as in accordance with other / related legal provisions.
4. The Administrator protects the personal data provided to him and makes every effort to protect them against unauthorized access or use. The personal data of the Client / Clinic are processed in compliance with the security rules required in accordance with the GDPR and the Personal Data Protection Act.

IX Final provisions

1. In matters not covered by the Regulations, the provisions generally applicable in the territory of the Republic of Poland shall apply, including those relating to the provision of electronic services, copyright and related rights, personal data protection and contract law.
2. The Regulations are available free of charge via the website www.clinichunter.com.
3. These Regulations may be changed by the Administrator. The amended Regulations are announced on the website www.clinichunter.com. Using the Services after introducing changes to the Regulations is tantamount to accepting these changes.
4. Any disputes arising in connection with the Regulations will be resolved first by the parties’ good faith negotiations, and in the event of failure to reach an agreement – by the common court competent for the Administrator’s seat.
5. If any provision or provisions of these Regulations prove to be invalid, illegal or ineffective, this shall not prejudice the validity, compliance with the law and effectiveness of the remaining provisions of the Regulations.

Annex 1

Rules of protection of confidential information.
WHEREAS, during the course of the contract, a party (the “Disclosing Party”) may disclose to the other Party (the “Recipient”) certain Confidential Information (as defined below); and
WHEREAS, the Parties wish to include this Annex 1 to the contract to set the terms and conditions upon which such disclosure will be made.
NOW, THEREFORE, for the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

1. Definition. “Confidential Information” means (i) the existence and terms of the contract, and (ii) any and all information of the Disclosing Party disclosed by the Disclosing Party to the Recipient and/or its affiliated companies, directors, officers, employees and agents (such personnel that receive Confidential Information shall be hereinafter referred to as the “Recipient Representatives”), relating to the business of the Disclosing Party, whether communicated in writing, orally, electronically, photographically, or in recorded or any other form, including, but not limited to, all sales and operating information, existing and potential business and marketing plans and strategies, financial information, cost and pricing information, data media, know-how, designs, drawings, specifications, source codes, technical information, concepts, reports, methods, processes, techniques, operations, devices, information concerning Patients and the like, whether or not the foregoing information is patented, tested, reduced to practice, or subject to copyright; provided, however, that the term “Confidential Information” does not include information that (i) was, is or becomes generally available to the public other than as a result of disclosure by the Recipient or a Recipient Representative in breach of the contract; (ii) was available to the Recipient or a Recipient Representative on a non-confidential basis prior to its disclosure to the Recipient or a Recipient Representative by the Disclosing Party; (iii) becomes available to the Recipient or a Recipient Representative on a non-confidential basis from a source other than the Disclosing Party; or (iv) is independently developed by the Recipient or a Recipient Representative without use of Confidential Information.

2. Non-disclosure.
(a) Subject to Section 2(b), the Recipient:
i. shall hold all Confidential Information in confidence and with the same degree of care it uses to keep its own similar information confidential, but in no event shall the Recipient use less than a reasonable degree of
care; and
ii. shall not, without the prior written consent of the Disclosing Party, disclose Confidential Information to any corporation, company, partnership, entity or individual for any reason at any time;
(b) The Parties agree and acknowledge that the Recipient may disclose the Confidential Information:
i. to those Recipient Representatives who need such Confidential Information for the purpose of the contract, and who are subject to confidentiality provisions no less stringent than those set forth herein.
ii. as requested or required by (A) applicable law, regulation (including, for the avoidance of doubt, any applicable securities and/or disclosure law or regulation) or stock exchange rule, (B) applicable judicial, administrative, governmental or regulatory order, or (C) oral questions, interrogatories, requests for information or documents, subpoena, civil investigative demand or similar process; provided, however, that (1) the Recipient agrees to give prompt notice of such requirement to the Disclosing Party, (2) the Recipient may only disclose such portion of the Confidential Information as is requested or required and (3) if available, the Recipient will use its commercially reasonable efforts to obtain reasonable assurance that confidential treatment will be accorded such disclosed Confidential Information.

3. Use. The Recipient shall only use Confidential Information to (a) perform its obligations under the contract.

4. Return of Confidential Information.
(a) Subject to Section 4(b), promptly following the written request of the Disclosing Party, the Recipient will, at the Recipient’s option and expense, (i) deliver to the Disclosing Party or destroy all Confidential Information furnished by the Disclosing Party to the Recipient, together with all copies thereof and (ii) confirm any such destruction in writing to the Disclosing Party.
(b) Legal or financial counsel for the Recipient and/or the Recipient’s Representatives may retain, solely for archival purposes, one copy of all Confidential Information, as well as all documents, memoranda, notes and other writings prepared by Recipient and/or the Recipient’s Representatives and based on the Confidential Information. Any materials retained pursuant to the terms of this paragraph shall remain subject to the obligations of confidentiality under this Annex 1.

5. Representations and Warranties. Neither Party makes any representation or warranty in this Annex 1as to the Confidential Information,or the accuracy or completeness thereof.

6. Remedies. The Recipient acknowledges that money damages would be both incalculable and an insufficient remedy for any breach of this confidential obligations by the Recipient or the Recipient Representatives and that any such breach would cause the Disclosing Party irreparable harm. Accordingly, the Recipient agrees that, in the event of any breach or threatened breach of this Annex 1, the Disclosing Party, in addition to any other remedies at law or in equity it may have, shall be entitled, without the requirement of posting a bond or other security, to equitable relief, including injunctive relief and specific performance.

7. Term. The term of the obligations set herein in this Annex 1 is indefinite. Each Party may terminate this Annex 1 with a one month notice period. The obligations of confidentiality under this Annex 1 shall continue for a period of ten years from expiry or termination of this Annex 1.

8. Applicable law, jurisdiction. The terms of the contract concerning the governing law and applicable court shall apply to this Annex 1.

Annex 2
Processing of personal data
PROCESSING OF PERSONAL DATA ENTRUSTMENT AGREEMENT

Between
Clinic Hunter Sp. z o.o., Kraśnicka Avenue 213, 20-718 Lublin, NIP (TAX ID) 5213719700, KRS 0000597310 represented hereof by Marek Hołówko – the Chairman of the Board, and Bartosz Prokopowicz – Member of the Board, henceforth referred to as the Administrator,

and

The Clinic – hereinafter referred to as the Data Processor.
(Hence called Parties)

Given that:
a. Both Parties signed Agreement to Acquire Foreign Patients (Primary ‘Agreement’), with regard to fulfilling which the Administrator will entrust the Data Processor processing personal data in range defined by the Agreement.
b. Both Parties consenting to the Agreement will seek to fulfil obligations according to the law and in particular the provisions of General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as ‘GDPR.’
Parties enter a Contract of following import:

1. Purposes and Range of Data Processing

1.1. According to the regulations defined herein by the present Contract and the Primary Agreement the Administrator entrusts the Data Processor with processing (in terms of GDPR) of personal data of its clients (henceforth referred to as ‘data’).
1.2. Data Processing will be performed throughout Contract duration.
1.3. The nature and purpose of the data processing ensue from the Primary Agreement between Parties, particularly as to:
1.3.1. Specificity of data processing is defined by the following role of the Data Processor: responding to potential patients’ queries delivered by the Administrator, realisation of the incoming orders for Administrator’s clients.
1.3.2. The aim of the data processing is to enable the Administrator fulfilling his legal liabilities, for instance with bookkeeping as well as the Administrator’s financial administration).
1.4. Data processing will concern the following data categories:

Regular personal data:
1. Forename and Name
2. Personal Identification Number
3. Email Address
4. IP Address
5. Phone numbers
6. Home Address
7. Birthday
Particular categories data and criminal data:
8. Medical history
9. Body pictures
10. Patient’s next appointments dates.

Children’s data:
11. Forename and Name
12. Birthday
13. Email Address
14. Phone Numbers
15. Home Address

1.5. Data Processing will concern the following categories of people:

1. Administrator’s Employees
2. Administrator’s service / product clients, as defined in the Primary Agreement.

2. Sub-Entrustment of Data Processing
2.1. Data Processor may entrust specific data processing operations (Sub Processing) by form of a written Sub-Entrustment Contract (Sub-Entrustment Contract) third-party data processing companies (Sub Processors), under the condition of prior acceptance of the Sub Processor by the Administrator, or lack of objection of thereof.
2.2. Data Processor is not entitled to entrust the Sub Processor with realisation of entirety of the Contract.

3. Obligations of the Data Processor
Data Processor is obliged to comply with and perform the following:
3.1. The Data Processor processes data only in accordance with documented instructions or commands of the Administrator.
3.2. The Data Processor declares that he shall not transfer data to a third country or international organization (i.e. outside the European Economic Area – EEA). The Data Processor also declares that he does not use subcontractors who transfer Data outside of the EEA.
3.3. If the Data Processor intends or is obliged to transfer data outside the EEA, he shall inform the Administrator about it in order to enable the Administrator to take the decisions and actions necessary to ensure the lawfulness of data processing with regard to the law of terminating entrusted processing.
3.4. The Data Processor obtains, from authorized to transfer personal data people, in accordance to the Agreement, documented obligations to maintain secrecy, or the Data Processor eventually ensures that these people are subject to the statutory obligation of confidentiality.
3.5. The Data Processor ensures data protection and takes data protection measures referred to in art. 32 GDPR, in accordance with the further provisions of the Agreement.
3.6. The Data Processor complies with the terms of use of the services of another processor (Sub-processor).
3.7. The Data Processor assures to the Administrator to respond to the requests of the data owner, pursuant to the rights set out in Chapter III of the GDPR (so-called individual rights). The Data Processor declares that it provides support for the rights of the individual in relation to the entrusted data.
3.8. The Data Processor cooperates with the Administrator in performing the Administrator’s obligations in the area of personal data protection referred to in art. 32-36 GDPR (data protection, reporting violations to the supervisory authority, notification of persons affected by the data protection breach, assessment of the effects on data protection and prior consultation with the supervisory authority).
3.9. In case of any doubts on the part of Data Processor as to the legality of the instructions or demands issued by the Administrator, the Data Processor will immediately inform the Administrator of such doubt (in a documented
and substantiated manner), under penalty of losing the possibility of pursuing claims against the Administrator in this respect.
3.10. When planning modifications in the way entrusted data is processed, the Data Processor is obliged to comply with the pursuant law of privacy of design and privacy by default referred to in art. 25 paragraph 1 GDPR) and is obliged to inform the Administrator in advance about planned changes in such a way and in such periods as to provide the Administrator with a real opportunity to react if changes planned by the Processor in the Administrator’s opinion threaten the agreed level of data security or increase the risk of violation of the rights or freedoms of persons as a result of data processing by the Data Processor.
3.11. The Data Processor undertakes to limit access to entrusted personal data only to people whose access to data is necessary in order to perform the tasks of the Agreement and who have the appropriate authorization.
3.12. The Data Processor undertakes to maintain documentation describing the manner how data is processed, including a register of personal data processing activities (Article 30 GDPR). At the Administrator’s request, the Data Processor provides a record kept of the processor’s data processing activities, excluding information constituting the trade secret of other Data Processor’s clients.
3.13. The Data Processor undertakes to exercise due diligence in due process of processing entrusted personal data.

4. Administrator’s Obligations
4.1. The Administrator is obliged to cooperate with the Data Processor in fulfilling of the Agreement, providing the Data Processor with explanations in case of doubts as to the legality of the Administrator’s instructions, as well as to fulfil his own specific obligations.

5. Data Security
5.1. The Data Processor has carried out an analysis of the risks of processing entrusted data and applies the results with regard to organizational and technical data protection measures.
5.2. Security Measures. The Data Processor ensures and assures the following:
(a) Data Processor has the capacity to continuously ensure the confidentiality, integrity, availability and resistance of its processing systems and services;
b) Data Processor has the ability to quickly restore the availability of personal data and access to them in the event of a physical or technical incident;
c) Data Processor regularly tests and assesses the effectiveness of technical and organizational measures used to ensure security of processing.
5.3. Both Parties agree to make every effort to ensure that the means of communication used to receive, transfer and store confidential data guarantee the protection of confidential data, in particular personal data entrusted for processing, from being accessed by unauthorized third parties to read their content.

6. Notification of Personal Data Violations
6.1. The Data Processor notifies the Administrator of any suspected breach of data protection no later than 24 hours from the first report, allows the Administrator to participate in explanatory activities and informs the Administrator about the findings at the time of their making, in particular about the finding or lack of violation.
6.2. The Data Processor notifies of a violation enclosing all necessary documentation in it regarding the violation, in order to enable the Administrator to comply with the obligation to notify the supervisory authority.

7. Supervision
7.1. The administrator controls the processing of entrusted data after informing the Data Processor about the planned control. The Administrator or persons designated by him are entitled to access the rooms where the data is processed, and to view documentation related to data processing. The Administrator is entitled to request from the Data Processor to provide information on the course of data
processing and to provide processing registers (with respect to the Data Processor’s professional secrecy requirement).
7.2. The Data Processor cooperates with the personal Data Protection Office in the scope of his tasks.
7.3. The Data Processor:
1. provides the Administrator with all necessary information to demonstrate compliance of the Administrator’s activities with the provisions of the GDPR;
2. enables the Administrator or an authorized auditor to carry out audits or inspections. The Data Processor cooperates in the implementation of audits or inspections.

8. Statements by the Parties
8.1. The Administrator’s statement. The Administrator declares that he is the Data Administrator and that he is entitled to process them to the extent in which he entrusted them to the Data Processor.
8.2. The Data Processor’s declaration (Article 28 paragraph 1 of the GDPR). The Data Processor declares that as part of his business, he professionally deals with the processing of personal data covered by the Agreement and the Primary Agreement, has the necessary knowledge, appropriate technical and organizational measures in this respect and guarantees the proper performance of this Contract.

9. Responsibility
9.1. The Data Processor is liable for damages caused by its actions in connection with failure to comply with the obligations that the GDPR imposes directly on the Data Processor or when it acted outside the lawful instructions of the Administrator or contrary to these instructions. The Data Processor is responsible for damages caused by the application or non-application of appropriate security measures. The Data Processor is responsible for providing or using personal data contrary to the content of the Contract, and in particular for providing personal data entrusted for processing to unauthorized persons.
9.2. If the Sub-Processor does not fulfil his obligations regarding data protection, full accountability towards the Administrator and responsibility for the fulfilment of the obligations by the Sub-Processor lies with the Data Processor.

10. Duration of the Agreement
10.1. The Contract was concluded for the duration of the Primary Agreement.

11. Data Deletion
11.1. Upon termination or expiry of the Contract, the Data Processor has no right to further process the entrusted data and is obliged to:
1.delete data and inform the Administrator in writing about the date and manner in which the data was deleted,
2. delete any existing copies or return of data, unless the Administrator decides otherwise, or European Union or national law require the storage of data.

12. Final Provisions
12.1. In the event of a conflict between the provisions of this entrustment Contract and the Primary Agreement, the entrustment Contract shall prevail. It also means that issues regarding the processing of personal data between the Administrator and the Data Processor should be regulated by amendments to this Contract or in the implementation of its provisions.
12.2. The Processing Party is not entitled to additional remuneration for performing the services specified in this Contract.
12.3. The Contract has been drawn up in two identical copies, one for each Party.
12. 4. The contract is subject to the GDPR and Polish Law