Before accessing and using the services provided on the web application, under the web domain https://nutrium.io or/and any of its subdomains, and/or Nutrium’s mobile application, we ask you to carefully read these Terms and Conditions of Use (hereinafter, “Terms of Use”; “Terms”; “Conditions”; “Terms and Conditions”) which estipulate the terms under which you may use the Nutrium software, also defining the participation rules for the Professionals and Clients, enrolled in said service.

Who are we?

HEALTHIUM – Healthcare Software Solutions, S.A., (hereinafter, “Healthium”), dedicates itself to the development of software in the cloud, with connection to mobile applications, for Nutrition Clinics and Professionals. That software, NUTRIUM, enables the simplification of complex tasks, such as management and analysis of nutritional information of their clients, planning, analysis and creation of food plans and direct and permanent follow-up of the client's, and much more. In addition to these functionalities, the most distinctive feature of the service relates to the fact that it eases and improves the nutritional monitoring and follow-up of the Client by the Nutrition Professional. Thus, through Nutrium’s mobile application, the Client, at the end of each nutrition appointment, will have available on their mobile device their food plan as prescribed by the Professional, which can be readjusted both in real time or in the next appointment.

In this way, Nutrium promotes, facilitates and simplifies the relationship between the Client and their Nutrition Professional, enabling:

  1. 1. to the Client, the contact with a Nutrition Professional that will accompany, directly, their physical progress and nutritional performance;
  2. 2. to the Professional, a tool capable of simplifying the most complex tasks, such as management and analysis of nutritional information of their clients, planning, analysis and creation of food plans and direct and permanent follow-up of the client's.

Conditions of acceptance

The registration in Nutrium’s web and/or mobile applications and the service provided by Healthium is dependent on the total acceptance of these conditions, whereby, any Professional and/or Client who does not agree or does not commit to behave according to these terms shall not be allowed to use said service.

Thus, for each person who is effectively a Professional or a Client of the Nutrium service is assumed, at the time of registration or at a later time, that they have read and fully understood the Terms and Conditions and the Privacy Policy which is inseparable from these terms, having expressly accepted both.

Healthium reserves itself the right to change, at any time and without any prior notice, the Terms and Conditions (partially or totally) being that each new version of the Terms and Conditions shall enter into force after being published on the Nutrium website. By accepting these Terms and Conditions users commit to visit and study these Terms on a regular basis. Lastly, Healthium reserves itself the right to interrupt or even terminate services at any time if it deems necessary.

These stipulations are legally biding

The provisions on these Terms and Conditions of Use are legally binding, and they contractually bind the Professional to Healthium. As such, from the moment you agree to these Terms and Conditions you are legally bound by them and accept to subject yourself to the most recent versions of the Terms and Conditions of Use and the Privacy Policy.

You may withdraw your consent to these terms at any given moment being certain that, in doing so, you will terminate this contract and you will not be entitled to any indemnity or refunds of the amounts already paid, neither will you be allowed further access to Nutrium. After withdrawing your consent all your personal data shall be deleted.

These provisions shall remain in force between the parties for the entire duration of the contract. That duration shall be determined in accordance with the chosen subscription.

Definition of terms

“Software” shall be understood as the web and mobile applications developed by Healthium, the distribution and use of which is subject to these Terms of Use.

“Distribution” shall be understood as the means by which the Software is made available by Healthium to Users.

“Professional” shall be understood as anyone who has, by any means, access to the web version of the software.

“Client” shall be understood as anyone who has, by any means, access to the mobile version of the software or the equivalent restricted web version.

“Secretary” shall be understood as anyone who has, by any means, access to the web version of the software, restricted, made available by the Professional to that third party for the purposes of managing and scheduling their consultations and Clients.

“User” shall be understood as anyone who has, by any means, access to the web and/or mobile version of the software.

“Intellectual Property Rights” shall be understood as all rights to scientific works, inventions in all fields of human activity, scientific discoveries, designs, industrial models, industrial trademarks, commercial and service brands, as well as protection against unfair competition, as well as all other rights inherent to intellectual activity in the industrial and scientific fields.

Application of the Software Terms and Conditions of Use

The Software Terms and Conditions of Use apply to all forms of use of the applications, both in code form and in binary form, as in any other way.

Data treatment and privacy

By accepting these Terms and Conditions of Use, the Users expressly consent to the processing of their personal data as defined in the Privacy Policy.

Registration

Healthium is not responsible for any event resulting from the lack of capacity of the User. Healthium undertakes the task of ensuring that the services provided are to be offered and used without failures but reserves itself the right to temporarily suspend its operations for technical reasons or causes beyond its control.

Mandatory information when signing up for our services:

  • Name (first and last);
  • Gender;
  • Email;
  • Password creation;
  • Name of practice, business, gym or university;
  • Country of residence.

At the time of registration and during the use of the software and services, the User shall provide accurate, precise and truthful information. The Professionals and Clients also guarantee and respond, in any case, for the truthfulness, accuracy and authenticity of the personal data provided, not being Healthium in any way responsible for the veracity or correction thereof.

The records are personal and non-transferable, being the holder thereof solely responsible for the actions taken with their registration.

To each Professional or Client may only match a single record, therefore Healthium may cancel any subsequent registration made by the same individual.

A — General terms of use — PROFESSIONAL

1.Service provision conditions

By subscribing and using the Nutrium software, namely, through the online platform, the Professional, will be using tools that allow the simplification of their more complex tasks, such as planning, analysis and creation of food plans, nutritional calculations, management and analysis of information, among others. In addition to these functionalities, the most distinctive feature of the service relates to the fact that it facilitates and improves the nutritional monitoring and follow-up of their clients - NUTRIUM clients. The Professional lies constantly connected to their clients as the software allows access to the evolution of their clients’ progress as well as direct communication by message. This functionality translates into a closer follow-up of the Client as it allows the Professional to change their food plans, answer questions posed by the Client and schedule consultations, all in real time. There is no influence whatsoever of Healthium on the relationship between the client and the professional.

2.Professional liability

By accepting the Terms and Conditions, the Professional undertakes to only adopt behaviors that do not infringe the existing legal order or damage, in any way, legally protected positions and, in particular, to strictly oblige to the Code of Ethics in force on their jurisdiction as well as the European legislation regarding the protection of personal data such as the General Data Protection Regulation, ensuring, on this subject, the provision of information, collection of consents, and access to the rights of Clients and Secretaries.

3.Automatic renewal of the subscription

Without prejudice to the objection of the Professional, by accepting these Terms, the Professional accepts and agrees to the automatic renewal of their subscription, authorizing for that intent that the appropriate amounts be charged through the payment information previously made available.

4.Taking payments with Stripe

General conditions

In relevant markets, it is possible to integrate Nutrium with Stripe to allow Professionals to use their Stripe account to invoice and request payments to Clients with direct links, emails, or messages seamlessly. Professionals can then process these transactions with credit or debit cards and other payment methods.

By using this service, you agree that you have read, understood, and agree to the Terms and Conditions of the Stripe service ("Stripe Terms"). Healthium and Nutrium are not constituents of Stripe Terms; thus, according to Stripe Terms, they do not have any obligation nor responsibility towards you, nor to any other services provided by Stripe or any additional charges. If you have any questions related to Stripe or Stripe Terms, make sure to contact them at https://www.stripe.com.

The Professional is exclusively responsible for all transactions (unique, recurring, or refunds) processed through Nutrium and/or Stripe. Healthium does not take responsibility for any losses nor damages resulting in invalid or incorrect transactions processed through your Stripe account (including transactions that were not processed due to connection problems or other technical problems) or due to financial or monetary problems of any parties (Professional, Client or other party), including issues related to refunds and fraud. You can find more detailed information regarding refunds here: https://support.stripe.com/topics/refunds.

Special conditions

The payment system has its own features and working procedures, and its use is not free of charge. The use of this service includes a fee payment to Healthium in the terms defined below. When using this service, the Professional declares to know and agree to the fees and working procedure of this service.

Preliminary settings

  • "Available balance" means the gross amount available in the Professional Nutrium account, available for payout and transfer.
  • "Outstanding balance" means the pending amount is still being processed but was already paid to the professional. Check the conditions in this article;
  • "Service fee", means the standard fee that is charged by Healthium for each payment received in the Professional Nutrium account. Check the conditions in this article;
  • "Minimum payout amount" means the minimum value set by Healthium the Professional needs to have on their account so they can transfer the total amount in their available balance. Check the conditions in this article;
  • "Payout fee" means the fixed value charged by Healthium for each transaction of the available balance in Nutrium to the Professional's bank account. Check the conditions in this article;
  • "Minimum payment amount" means the minimum value the Professional can charge. Check the conditions in this article;

The payment system requires a valid registration in Stripe, and only after this account verification by Stripe is it possible to make transactions and payouts from the Nutrium account balance seamlessly. This registration is the Professional's total responsibility and is mandatory for using this service and the integration between the Professional's Nutrium account and the Stripe account.

The use of the payment system allows the Professional to send payment requests to Clients and collect said payment. This service is bound to a minimum payment amount and to a service fee for each payment collected.

After the reception of the Client's payment, this amount will be shown in the Professional's Nutrium account under Pending balance until the transaction is confirmed. After this period, the value will be moved to Available balance.

The Available balance can be transferred to a bank account chosen by the Professional as soon as the Minimum payout amount is reached, and this action is bound to a Payout fee. The Available balance can only be kept in your account for a maximum of 90 days. If the Professional chooses to delete their Nutrium Professional account, this amount should first be moved to a bank account.

Healthium does not charge any fees for the use of this service, such as a membership or monthly fees. However, additional fees can apply in case a dispute is opened.

Disputes

A dispute is opened when the Client and cardholder of the card used to make the payment to a Professional, questions the legitimacy of this transaction to their bank.

In such cases, the bank should enable an automated process to revert this payment and refund the Client with the amount paid until legitimacy is verified and discussed between both parties. Thus, Healthium has the right to deduce and charge the Professional with the necessary amount to solve this dispute. This means that when a dispute is opened, the payment value is automatically deducted from the Professional account, as well as an additional fee. The Professional should then provide Healthium all the necessary evidence for the smooth resolution of this dispute. You can check further information on dispute fees on this page: https://stripe.com/docs/disputes#fees.

By continuing to use this service, the Professional declares to be aware of the terms and conditions and accepts them.

5.Age limitation

In order to use the Nutrium software the Professional must be at least eighteen years old or older if the Legal Age in force in their country is superior to this age.

B – General terms of use – PATIENT

1.Service provision conditions

The client, by subscribing the Nutrium mobile application, will have direct access to their food plans, receiving, at the time stipulated therein, notifications regarding the list of foods advised by the Professional. In addition to this functionality, the mobile application allows the follow-up of the clients’ physical activity and other data such as water intake, weight, height and body mass index (BMI) while also facilitating constant and real-time monitoring by the Professional, since they can review this information and update the plan according to their client's progress.

Follow-up subscriptions add to these features the possibility of registering the weight as well as allowing direct communication with the Professional through messages. This way, it facilitates the comfortable management of consultations (scheduling, confirmation and cancellation), the sharing of progress and the solving of doubts.

There is no influence whatsoever of Healthium on the relationship between the client and the professional. Also, it is under the control of the professional the definition of the specific functionalities to be made available and, because of this, the permissions available in the application may vary from client to client.

2.Client liability

By accepting the Terms and Conditions, the client is obliged to only adopt behaviors that do not infringe the existing legal order or damage, in any way, legally protected positions.

3.Payment system with Stripe

A third-party entity provides the payment system you are about to use with no connections to Healthium and the Nutrium software. By using this payment service, you agree to the Terms and Conditions provided by your Nutrition Professional and Stripe available in https://www.stripe.com. The Professional is the only party responsible for all the transactions, including refunds, cancelations, and disputes processed through Nutrium and/or Stripe.

Healthium does not take responsibility for any losses nor damages, resulting in invalid or incorrect transactions processed by your Nutrition professional. This includes transactions that were not processed due to connection problems or other technical problems or due to refund refusals from the Professional. If you proceed with a transaction, you agree it is your responsibility to verify with your Nutrition Professional if it was successful.

Amendments to the Terms and Conditions of Use and the Privacy Policy

Healthium may at any time carry out an update of the Terms and Conditions of Use and the Privacy Policy in order to respond to legal requirements or mobile application operating changes.

Intellectual Property

The applications produced by Healthium are intellectual works protected by the Law of Intellectual Property and are protected by the applicable law, namely Decree-Law no. 252/94 of 20 October on the board of the Legal Protection of Computer Programs, as well as the Community Directives and International Treaties. Each of the elements that compose them (such as design, text, video, music, graphics, images, information, applications, sounds, colors, logos, web page layout, applications and tools, among others) are exclusive property of Healthium, the only authorized to use the intellectual property rights of personality therein assessed.

Any reproduction and/or full or partial representation, use, adaptation or modification of the applications or any of the elements that compose them, under any format, or in any form, for other purposes, including commercial, is expressly prohibited.

Confidentiality

The Professional is obliged to keep in absolute and complete confidentiality, any personal or business data, even if it is not mentioned that it is confidential, of all information made available to which will have access by virtue of the distribution of web application software.

By protected or confidential information it is understood all the information, regardless of the medium used, consisting of technical and non-technical, financial, commercial or technological, namely: intellectual and industrial property, "know-how", conclusions, business models, working models, trade secrets, studies, formulas, methods, "drafts", drawings, photographs, prototype samples, models, financial data, technical and related information, directly or indirectly, with the distribution of pre-release beta software framework, or any other commercial elements, legal and/or tax, or any other information relating to the software, which is distributed in any form.

Disclaimer of warranties

The User, expressly accepts that:

  1. 1. The use of the software is carried out at the expense and risk of the User, being of their sole responsibility;
  2. 2. The User declares and assumes that is legally able, capable and authorized to exercise their activity related in particular to the provision of nutrition consultations. It cannot, therefore, be assigned any responsibility to Healthium for any error arising from the practice of the User activity;
  3. 3. Healthium provides no assurance regarding:
    1. 1. the matching of the software with the user requirements;
    2. 2. the exemption of errors in the software;
    3. 3. the reliability, quality or performance of the software;
  4. 4. No advice or information, oral or written, obtained by the user from Healthium or third parties associated with Healthium may constitute a warranty not expressly referred to in these Terms of Use.

Limitation of liability

The User expressly understands and agrees that Healthium shall not be liable towards the User for any direct, indirect, incidental or special, arising from the use of the software. Also, Healthium shall not be liable for the omission of any of the legally imposed obligations on the Professional, namely those resulting from the General Data Protection Regulation or applicable Codes of Ethics.

System failures

It is not allowed the use of any device, software, or other feature that might interfere in the activities and operations of Healthium and its software, Nutrium. Any interference, attempt or activity that violates or contravenes the laws of intellectual property rights and/or the prohibitions set in these Software Terms of Use, will make the responsible liable to the corresponding legal actions, and also responsible for compensations for possible damages.

Healthium is not responsible for any harm, loss or damage to the equipment of the User caused by flaws in the system, server or the Internet. Users may not assign Healthium any responsibility or demand any payment for any loss of earnings due to losses resulting from technical difficulties or failures in the system or the Internet. Healthium does not guarantee access and continuous use, or without interruption of the application. Eventually, the system may not be available for technical reasons or Internet failures, or any other circumstances unrelated to Healthium.

Use of cookies

Healthium resorts, through the web application and Nutrium software, under the web domain https://nutrium.io or/and any of its subdomains, to the use of cookies in order to improveand understand how the platform is used. They also allow to recognize when someone uses the platform as well as to offer the user a positive browsing experience. By using the platform, both Professional and Client, accept that Healthium, may use cookies for these purposes or others, as described in the Privacy Policy. Cookies consist of small text files that are placed inside the computer, tablet or phone of the Professional and the Client with their permission.

Our cookies have different functions:

Cookies strictly necessary (essential)

Allow navigation on the website and use of its applications as well as allowing access to secure areas of the website. Without these cookies, services you have requested cannot be provided. Some cookies are essential to access specific areas of our website.

Analytical cookies

These cookies are used to analyze how users use the website and monitor the performance it’s performance. This allows us to provide a high-quality experience by customizing our offer and quickly identifying and correcting any problems that arise. For example, we use performance cookies to find out what the most popular pages are, what method of connection between pages is more effective, or to determine why some pages are receiving error messages. These cookies are used only for the purpose of statistical creation and analysis, never collecting personal information in the process.

Functionality cookies

These keep the user preferences regarding the use of the website, so that it is not necessary to configure the website for each new visit.

Third party cookies

They measure the success of applications and the effectiveness of third-party advertising. They may also be used in order to customize a widget with the user data.

Cookies can be:

Permanent cookies

These remain stored, for a variable time, on the Internet browser of the devices you use to access it (PC, mobile and tablet) and they are used whenever the user makes a new visit to the website. They are typically used for direct navigation according to the user's interests, allowing us to provide a more customized service.

Session cookies

These are temporary and remain stored on your web browser until you exit the website. The information obtained allows us to identify problems and provide a better browsing experience.

How can you manage cookies?

As previously explained, cookies help you to get the most out of our site.

The vast majority of Internet browsers allow the user to accept, decline or delete cookies, in particular by selecting the appropriate settings in the software itself. This way, after authorizing the use of cookies, you can disable some or all of our cookies.

Notifications

Professionals and Clients agree to receive communications from Healthium, including notifications related to the Nutrium service and software, as well as communications regarding anychanges to these Terms of Use and/or the Privacy Policy, among other communications, to the mailbox associated with your registration or by any other form of communication that we may deem relevant.

Safety and information quality

It is our goal to assure the quality and integrity of the information provided by Nutrium professionals and clients. With this in mind, we have implemented the necessary measures, both technologically and organizationally, in order to keep information safe, accurate, updated and complete. For more information, please see our Privacy Policy.

Hyperlinks

The mobile and web applications may contain links to other applications or sites on which Healthium has no control. The inclusion of links to other applications or sites is of pure informational content, being Healthium entirely alien to their content, services and/or products offered and cannot be held liable, in this regard, of any responsibility.

Partial invalidity

If any provision of the Terms of Use is held invalid or unenforceable, for any reason or to any extent, such invalidity or unenforceability will not affect, in any way, or render invalid or unenforceable the remaining provisions of the Terms of Use and the application of that provision shall be enforced in the extent permitted by law.

Processors

By accepting these Terms and Conditions of Use, the Professional expressly agrees and understands that the processing of personal data might be carried out on behalf of Healthium by other processors for the purposes and functions described in these Terms of Use and the PrivacyPolicy, furthermore, reserving itself the right to increase the number of processors in order to perform these or other functions or to substitute any existing processors. The Professional gives, furthermore, general authorization to Healthium to engage other processors. Healthium shall notify the Professionals of any change to the processors, when legally obliged, in accordance with the General Data Protection Regulation.

Contractual relationship between Healthium and the Professional

For the purposes of the General Data Protection Regulation, Healthium shall be considered as being the “processor” and the Professional the “controller”. Thus, in the scope of this contractual relationship, in addition to the Terms set forth above, it is determined that Healthium:

  • processes the personal data only on documented instructions from the controller, namely, by entering the data onto the Nutrium software;
  • does not process personal data of its users outside the Union. However, it may resort to processors who do, and, in those cases, we are given all the guarantees that the level of protection of natural persons is not compromised;
  • ensures that the persons authorized by Healthium to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • takes all measures required to ensure the security of data processing, pursuant to Article 32.º of the Regulation;
  • undertakes to inform the Professional whenever it makes use of new processors, if applicable, as defined under the "Processors" section of these Terms of Use;
  • assists the Professional by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Professional's obligation to respond to requests for exercising the data subject's rights as well as other obligations pursuant to the Regulation;
  • at the choice of the Professional, deletes or returns all the personal data to the Professional after the end of the provision of services concerning the processing, and deletes existing copies, after the storage period ends and in the terms of the Regulation;
  • makes available to the Professional all the information necessary to demonstrate compliance with its obligations, insofar as this is possible and legally enforceable.

Healthium HIPAA Business Associate Agreement (“BAA”)

If you are subject to United States federal, state, or local law, the terms of this Business Associate Agreement (“BAA”) shall govern your access to and use of our service and your relationship with Healthium under the scope of the Health Insurance Portability and Accountability Act (“HIPAA”), as better defined bellow. By using the Nutrium service, you agree to be bound by these terms, if applicable to you.

This HIPAA Business Associate Agreement (this "BAA") defines the rights and responsibilities of Provider and Customer with respect to Protected Health Information (PHI) as defined in the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder, including the HITECH Act and Omnibus Rule, as each may be amended from time to time (collectively, "HIPAA"). This BAA shall be applicable only in the event and to the extent Provider meets, with respect to Customer, the definition of a Business Associate set forth at 45 C.F.R. §160.103, or applicable successor provisions. This BAA shall only be applicable to Customer's use of the Platform and as specified in the General Terms and Conditions (the "main Agreement") to which this BAA is attached and fully referenced and incorporated. This BAA is intended to ensure that Business Associate and Customer will establish and implement appropriate safeguards where Business Associate may receive, create, maintain, use or disclose in connection with the functions, activities and services that Business Associate performs on behalf of Customer solely to perform its duties and responsibilities under the main Agreement.

  1. Applicability and Definitions. This BAA applies only where:

    1. Customer uses the Services to store or transmit any PHI as defined in 45 C.F.R. §160.103

    2. Customer has applied the required security configurations, as specified in Section 5.2 of this BAA to Customer's Applications. Customer acknowledges that this BAA does not apply to any other accounts it may have now or in the future. Unless otherwise expressly defined in this BAA, all capitalized terms in this BAA will have the meanings set forth in the main Agreement or in HIPAA.

  2. Additional Meanings.

    • "Business Associate" shall mean Provider, or Healthium – Healthcare Software Solutions, S.A.

    • "HITECH ACT" shall mean the Health Information Technology for Economic and Clinical Health Act.

    • "Individual" shall have the same meaning as the term "individual" in 45 CFR § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g).

    • "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.

    • "Protected Health Information" or "PHI" shall have the same meaning as the term "protected health information" in 45 CFR § 160.103, limited to the information received by Business Associate from or on behalf of Customer.

    • "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR § 164.103.

    • "Security Rule" shall mean the Security Standards for the Protection of Electronic Protected Health Information, located at 45 CFR Part 160 and Subparts A and C of Part 164.

  3. Permitted and Required Uses and Disclosures.

    1. Service Offerings. Business Associate may use or disclose PHI for or on behalf of Customer as defined in the main Agreement.

    2. Administration and Management of Services. Business Associate may Use and Disclose PHI as necessary for the sole purpose of the proper management and administration of the Services. Any disclosures under this section will be made only if Business Associate obtains reasonable assurances from the recipient of the PHI that (i) the recipient will hold the PHI confidentially and will use or disclose the PHI only as required by law or for the purpose for which it was disclosed to the recipient, and (ii) the recipient will notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

  4. Obligations of Business Associate.

    1. Limit on Uses and Disclosures. Business Associate will use or disclose PHI only as permitted by this BAA or as required by law, provided that any such use or disclosure would not violate HIPAA if done by a Covered Entity, unless permitted for a Business Associate under HIPAA.

    2. Safeguards. Business Associate will use reasonable and appropriate safeguards to prevent Use or Disclosure of PHI other than as provided for by this BAA, consistent with the requirements of Subpart C of 45 C.F.R. Part 164 (with respect to Electronic PHI) as determined by Business Associate Policies and as reflected in the main Agreement, which includes Disk Encryption and Encryption In-Transit services.

    3. Reporting. For all reporting obligations under this BAA, the parties acknowledge that, because Business Associate does not know the details of PHI contained in any of Customer Account, there will be no obligation on the Business Associate to provide information about the identities of the Individuals who may have been affected, or a description of the type of information that may have been subject to a Security Incident, Impermissible Use or Disclosure, or Breach. Business Associate will ensure Customer access to Audit Logging, when applicable, to help Customer in addressing Customer's obligations for reporting under this BAA. Customer acknowledges Business Associate is under no obligation to provide additional support for Customer's BAA reporting obligations but may choose to provide such additional services at its sole discretion or at Customer expense.

    4. Reporting of Impermissible Uses and Disclosures. Business Associate will report to Customer any Use or Disclosure of PHI not permitted or required by this BAA of which Business Associate becomes aware.

    5. Reporting of Security Incidents. Business Associate will report to Customer on no less than fourteen business (14) days from the date any Security Incidents involving PHI of which Business Associate becomes aware in which there is a successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an Information System in a manner that risks the confidentiality, integrity, or availability of such information. Notice is hereby deemed provided, and no further notice will be provided, for unsuccessful attempts at such unauthorized access, use, disclosure, modification, or destruction, such as pings and other broadcast attacks on a firewall, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information where the key is not compromised, or any combination of the above.

    6. Reporting of Breaches. Business Associate will report to Customer any Breach of Customer's Unsecured PHI that Business Associate may discover to the extent required by 45 C.F.R. § 164.410. Business Associate will make such report without unreasonable delay, and in no case later than forty-eight (48) hours after discovery of such Breach. Business Associate undertakes no obligation to report network security related incidents which occur on its managed network but does not directly involve Customer's use of Services.

    7. Subcontractors. Business Associate will ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to restrictions and conditions at least as stringent as those found in this BAA, and agree to implement reasonable and appropriate safeguards to protect PHI.

    8. Access to PHI. Customer acknowledges that Business Associate is not required by this BAA to make disclosures of PHI to Individuals or any person other than Customer, and that Business Associate does not, therefore, expect to maintain documentation of such disclosure as described in 45 CFR § 164.528. In the event that Business Associate does make such disclosure, it shall document the disclosure as would be required for Customer to respond to a request by an Individual for an accounting of disclosures in accordance with 45 CFR §164.504(e)(2)(ii)(G) and §164.528, and shall provide such documentation to Customer promptly on Customer's request. In the event that a request for an accounting is made directly to Business Associate shall, within 5 Business Days, forward such request to Customer.

    9. Accounting of Disclosures. Business Associate will make available to Customer the information required to provide an accounting of Disclosures in accordance with 45 C.F.R. § 164.528 of which Business Associate is aware, if requested by Customer. Because Business Associate cannot readily identify which Individuals are identified or what types of PHI are included in Customer Content, Customer will be solely responsible for identifying which Individuals, if any, may have been included in Customer Content that Provider has disclosed and for providing a brief description of the PHI disclosed.

    10. Internal Records. Provider will make its internal practices, books, and records relating to the Use and Disclosure of PHI available to the Secretary of the U.S. Department of Health and Human Services ("HHS") for purposes of determining Customer compliance with HIPAA. Nothing in this section will waive any applicable privilege or protection, including with respect to trade secrets and confidential commercial information.

  5. Customer's Obligations:

    1. Appropriate Use of HIPAA Accounts. Customer is responsible for implementing appropriate privacy and security safeguards in order to protect PHI in compliance with HIPAA and this BAA. Without limitation, Customer shall: (i) not include protected health information (as defined in 45 CFR 160.103) in any Services that are not or cannot be HIPAA compliant, (ii) utilize the highest level of audit logging in connection with its use of all Customer Applications, and (iii) maintain the maximum retention of logs in connection with its use of all Services.

    2. Encryption. Customer shall encrypt all PHI stored or transmitted outside the Services in accordance with the Secretary of HHS's Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals, available at https://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brguidance.html, as it may be updated from time to time, and as may be made available on any successor or related site designated by HHS.

    3. Necessary Consents. Customer warrants that it has obtained any necessary authorizations, consents, and other permissions that may be required under applicable law prior to placing Customer Content, including without limitation PHI, on the Services.

    4. Restrictions on Disclosures. Customer shall not agree to any restriction requests or place any restrictions in any notice of privacy practices that would cause Business Associate to violate this BAA or any applicable law.

    5. Compliance with HIPAA. Customer shall not request or cause Business Associate to make a Use or Disclosure of PHI in a manner that does not comply with HIPAA or this BAA.

  6. Term and Termination

    1. Term. The term of this BAA will commence on the main Agreement Effective Date and will remain in effect until the earlier of the termination of the main Agreement or notification by Customer that an account is no longer subject to this BAA.

    2. Effect of Termination. At termination of this BAA, Business Associate, if feasible, will return or destroy all PHI that Business Associate still maintains, if any. If return or destruction is not feasible, Business Associate will extend the protections of this Agreement to the PHI, limit further uses and disclosures to those purposes that make the return of the PHI infeasible, and make not further use or disclosure of PHI.

    3. If Customer requests contemporaneously with any termination event or notice, Business Associate will allow Customer to have access to Customer's account for a reasonable period of time following termination as necessary for Customer to retrieve or delete any PHI at its then current monthly recurring rate; provided, however, that if the security of Customer's servers has been compromised, or the Agreement was terminated by Customer's failure to use reasonable security precautions, Business Associate may: (i) provide Customer with restricted access via a dedicated or private link or tunnel to Customer account or (ii) refuse to allow Customer to have access to Customer's account but will use reasonable efforts to copy Customer data on to media Customer provides to Business Associate, and will ship the media to Customer at Customer expense. Business Associate's efforts to copy Customer data onto Customer media shall be billable as an Additional Service at Business Associate's then current hourly rates.

  7. No Agency Relationship. As set forth in the Agreement, nothing in this BAA is intended to make either party an agent of the other. Nothing in this BAA is intended to confer upon Customer the right or authority to control Business Associate's conduct in the course of Business Associate complying with the Agreement and BAA.

  8. Nondisclosure. Customer agrees that the terms of this BAA are not publicly known and constitute Business Associate Confidential Information under the Agreement.

  9. Entire Agreement; Conflict. Except as amended by this BAA, the Agreement will remain in full force and effect. This BAA, together with the main Agreement as amended by this BAA: (a) is intended by the parties as a final, complete and exclusive expression of the terms of their agreement; and (b) supersedes all prior agreements and understandings (whether oral or written) between the parties with respect to the subject matter hereof. If there is a conflict between the Agreement, this BAA or any other amendment or BAA to the Agreement or this BAA, the document later in time will prevail.

  10. Miscellaneous.

    1. Amendment. Customer and Business Associate agrees to take such action as is reasonably necessary to amend this HIPAA BAA from time to time as is necessary for either party to comply with the requirements of the Privacy Rule and related laws and regulations.

    2. Survival. Customer and Business Associate's respective rights and obligations under this HIPAA BAA shall survive the termination of the Agreement.

    3. Interpretation. Any ambiguity in the main Agreement shall be resolved to permit Customer to comply with HIPAA and the Privacy Rule.

Applicable law and jurisdiction

The current Terms and Conditions of Use are subject to Portuguese law and for all the issues arising therefrom, the parties elect the forum of the Braga Court (Comarca de Braga).

Get started today!

If you can make a list or send an email, you can use Nutrium. Starting an appointment is really that simple.