TERMS OF SERVICE
updated: 5 February 2024
These Terms of Service (hereinafter, the Terms) regulate the general manner of use of the Services and the distribution of rights, obligations and liability of CHESTPAL LTD (hereinafter, CHESTPAL) and users of the Services. These Terms of Service neither govern nor define the rights and obligations of third parties.
Take a moment to find out more about our Terms of Service and contact us if you have any questions.
By using our Services, you are agreeing to these Terms. Subject to these Terms, CHESTPAL grants you a personal non-transferable right to access and use the Services.
1. General Provisions
1.1. The Services include the mobile application “ChestPal Pro” (hereinafter, ChestPal Pro) and the website with the domain name “chestpal.com” (hereinafter, the Website).
1.2. The Services are designed to conduct lung auscultation with automatic lung sound analysis with the usage of ChestPal Pro mobile application and electronic stethoscope, as well as to obtain relevant information about the Services through the Website.
Services related to ChestPal Pro can be used by healthcare providers who provide medical services to their patients. Services related to the Website can be used by the general public.
1.3. The administration of the Services, as well as technical support, is provided by:
CHESTPAL LTD
Company number 14073885
63, Ship Street, Brighton BN1 1AE United Kingdom
email (general questions): [email protected]
email (personal data questions): [email protected]
1.4. The time of availability of the functionality of the Services is determined by CHESTPAL and may be changed without prior notice.
1.5. CHESTPAL is not a medical institution or a healthcare provider, and ChestPal Pro does NOT provide a diagnosis and cannot be used for diagnosis and clinical decision making without a healthcare professional’s over-read of the findings and consultation. Proper administration and usage of the product is the healthcare professional’s responsibility. The quality of the computer interpretations depends heavily upon the quality of the inputted data. Please make sure you follow instructions from the ChestPal Pro user manual when conducting a lung exam using ChestPal Pro.
2. Terms and Definitions
2.1. For the purposes hereof, the following terms and definitions are used:
You (User) – healthcare provider who uses the functionality of the Services and has reached the age of full legal capacity in accordance with the legislation of the country of their citizenship.
We (CHESTPAL) – CHESTPAL LTD.
Services – the website with the domain name “chestpal.com” and the mobile application “ChestPal Pro”.
3. User Consent
3.1. By continuing to use our Services, you are agreeing to these Terms of Service. Please stop using our Services if you do not agree to these Terms of Service.
3.2. By expressing consent, you agree to regularly check and read notifications about updates and (or) additions to the Terms.
3.3. By expressing your consent, you also confirm that ChestPal Pro does NOT provide a diagnosis and cannot be used for diagnosis and clinical decision-making without a healthcare professional’s over-read of the findings and consultation. Proper administration and usage of the product is the healthcare professional’s responsibility. The quality of the computer interpretations depends heavily upon the quality of the inputted data. Please make sure you follow instructions from the ChestPal Pro user manual when conducting a lung exam using ChestPal Pro.
3.4. By expressing your consent, you also acknowledge and assume all risks associated with your consent.
4. Rights and Obligations
4.1. Hereunder we undertake to:
(1) comply with the Privacy Policy as well as the relevant requirements for personal data protection;
(2) duly consider incoming applications, complaints and comments of Users.
4.2. We have the right to:
(1) amend and (or) supplement the Terms, if necessary, including updates in accordance with the applicable law;
(2) modify, suspend or terminate operation or access to the Services, any part and/or function of the Services for any reason;
(3) interrupt the operation of the Services or any part thereof, if it is required to perform any maintenance, bug fixes and (or) make any other modifications.
4.3. The User agrees to:
(1) submit accurate information requested for the use of the Services;
(2) comply with the Terms of Service and other rules of use of the Services (Privacy Policy) as well as any other applicable law;
(3) bear full responsibility for keeping personal account details, including the password, confidential, as well as for any other activities that occur on behalf of the user account.
You agree to notify us immediately in case of a compromised account (theft, unauthorized access);
(4) ensure that there are sufficient legal grounds for uploading third-party personal data to the Services by the user;
(5) refrain from re-engineering (reverse engineering), decompilation and disassembly of the Services or parts thereof, refrain from actions aimed at determining the source code of the Services, refrain from actions aimed at circumvention of the software and hardware means of protection of the Services;
(6) refrain from using the Services for any purpose prohibited by applicable law or these Terms as well as incite any illegal activity or other activity that violates our rights and legitimate interests as well as the rights and legitimate interests of third parties.
(7) to comply with the rules of medical ethics, as well as follow doctor patient confidentiality and all other applicable rules regarding the processing of medical information and personal data;
(8) distribution of information as well as of any other relevant details about Services’ vulnerabilities identified by the Customer.
4.4. The User has the right to:
(1) use the functionality of the Services within the limits and in the manner permitted hereby and by the applicable law;
(2) contact CHESTPAL for suggestions and/or complaints.
5. Data Protection
5.1. The Services may collect and process your personal data. Any collection and processing of your personal data is governed by our Privacy Policy.
5.2. Healthcare providers are obliged to comply with the rules of medical ethics, doctor-patient confidentiality and any other applicable to them regulations on privacy and data protection. Any legal roles within above mentioned processing activities are assigned on the basis of our Privacy Policy as well as respective provisions of applicable law.
5.3. As CHESTPAL might be acting as a data processor within several processing activities conducted with the usage of our Services by consenting to the current Terms of Service users also agree to the provisions of our Data Processing Addendum which is an integral part of the current Terms.
5.4. CHESTPAL Data Processing Addendum should be considered as an applicable data processing agreement on behalf as well as a business associate agreement under GDPR and HIPAA respectively.
5.5. Since CHESTPAL is processing personal data on behalf, users remain fully responsible for the compliance with applicable data protection and privacy laws as well as for legitimate collection of personal data in accordance with general principles relating to the processing of personal data. Explicitly these provisions apply to the situations when a User is sharing any patients’ personal data via our Services.
6. Content of Services
6.1. All text, graphics, user interfaces, visual interfaces, photographs, names and trademarks, logos, sounds, music, images and any other audio-visual content and software code (collectively referred to as the Content), including, without limitation, the design, structure, selection, coordination, appearance, overall style, location and any other way of organizing the Content as part of the Services, are either owned by us or transferred to us for further use by their owners under relevant agreements. The Content is protected by copyright, law on trademarks and other laws governing intellectual property and unfair competition.
6.2. Unless expressly indicated herein, no parts of the Services or the Content may be copied, reproduced, published, posted online, sent by mail, demonstrated in public, encoded, translated, transmitted or otherwise sent (including copied) to another computer, server, website or any other data medium for publication, distribution or any other commercial purpose as well as used otherwise and in any other form without our prior express written consent.
6.3. You may use the information which is specifically provided by us and can be downloaded from the Services provided that you keep copyright marks in all languages in all copies of such documents, use such information for your personal, non-commercial (not related to commercial profits) informational purposes and do not copy or post such information on any network computer or transfer it to any medium, do not make changes to such information or make additional representations or warranties relating to such documents.
6.4. All rights save those expressly granted to you in these Terms are reserved.
7. Available Subscription Plans
7.1. To access ChestPal Pro software, an organization account must be created via chestpal.com website.
7.2. In the organization’s account, the organization’s details such as name, address, contact person, product distributor or sales agent name, etc. must be filled in.
7.3. In the organization’s account, a list of user emails that shall be authorized to access ChestPal Pro mobile app under the subscription must be created. An individual user email must be listed for each healthcare provider using the ChestPal Pro mobile app.
7.4. By default, all added user emails are assigned an ‘Active’ status. ‘Active’ users will be authorized to create a ChestPal Pro app account, log in to the app, review past exam history stored in the app and conduct lung exams using the app. The organization will be charged 9.99 USD per month per ‘Active’ user.
7.5. ‘Inactive’ users will be authorized to create a ChestPal Pro app account, log in to the app and review past exam history stored in the app, but they will not have access to the lung exam functionality. The organization will not be charged for ‘Inactive’ users.
7.6. The subscription plan is 9.99 USD per month per ‘Active’ user. It is a recurring subscription, which means the organization will be charged automatically each month for all ‘Active’ users using the payment card provided. Should a payment fail to go through, a notification will be sent via email. If the payment failure is not resolved within a week, the status of all users will be automatically changed to ‘Inactive’ until the payment goes through.
7.7. Any processing of the payment information (details of the payment card) is governed by our Privacy policy.
7.8. In case of any change in the amount of payment, such change will be announced in the organization’s account on the website. The subscription plan can be canceled subject to disagreement with a new plan’s price.
7.9. By agreeing to these Terms, you also warrant that you use your personal or relevant corporate payment card to pay for the paid ChestPal Pro functionality and that you do not use any stolen, found or non-owned payment cards to make any payments for our services.
8. DISCLAIMER
8.1. CHESTPAL GUARANTEES NEITHER UNINTERRUPTED OPERATION OF THE SERVICES NOR THAT ITS USE OR THE USE OF ITS FUNCTIONS WILL HELP YOU OBTAIN YOUR DESIRED RESULTS. THE SERVICES AND ITS CONTENTS ARE PROVIDED ON “AS IS” AND “AS AVAILABLE” BASIS. ANY INFORMATION IN THE SERVICES MAY BE REMOVED AND/OR AMENDED WITHOUT PRIOR NOTICE. CHESTPAL IS NOT RESPONSIBLE FOR ANY ACTIONS AND (OR) OMISSIONS OF ANY THIRD PARTY WITH REGARD TO YOUR USE OF THE SERVICES.
8.2. Some links on the Services may lead to resources on third-party websites. These links are provided for the convenience of users, and CHESTPAL does not bear responsibility for the availability of these resources and their content.
8.3. The Services allow to enter and send information, including confidential information, to the relevant sections of the Services. Users will be fully responsible for the completeness and accuracy of such information and undertake to obtain any necessary permits to enter third party personal data in the Services from such third parties.
8.4. Despite the fact that ChestPal Pro is a mobile application that provides the analysis of automatic auscultation of the lungs at a high level, and a service that is developed with the involvement of professionals in the field of pulmonology, it does NOT provide a diagnosis and cannot be used for diagnosis and clinical decision making without a healthcare professional’s over-read of the findings and consultation. Proper administration and usage of the product is the healthcare professional’s responsibility. The quality of the computer interpretations depends heavily upon the quality of the inputted data. Please make sure you follow instructions from the ChestPal Pro user manual when conducting a lung exam using ChestPal Pro.
9. Additional Terms
9.1. If necessary, the Terms may be altered and (or) updated at any time of operation of the Services. The Services will be updated with the new version of the Terms and the date of their adoption. If you disagree with amendments and/or additions hereto, you must discontinue the use of the Services and their functionality.
9.2. The Terms are an agreement between us and the User with respect to the use of the Services. Any other prior written or oral agreements or arrangements with respect to such use are hereby canceled.
9.3. If any provision hereof is invalid or unenforceable, other provisions shall remain valid and enforceable to the fullest extent permitted by the applicable law.
9.4. Failure to enforce your strict compliance herewith cannot be construed as our waiver of any provision hereof or any right hereunder.
9.5. The law applicable to these Terms of Service is the law of the UK. The competent court at the location of CHESTPAL has the exclusive jurisdiction over all disagreements and disputes arising out of or in connection with the Terms.
DATA PROCESSING ADDENDUM
1. Subject Matter and Terms
1.1. This Data Processing Agreement is concluded between CHESTPAL LTD (hereinafter, the Processor) and an individual (healthcare professional) that is using functional features of the ChestPal Pro (hereafter, the Application)
and that is assigning the Processor to process personal data on his/her behalf (hereafter, the Controller).
The Processor will process personal data on behalf of the Controller within all the services provided in the context of ChestPal Pro application functionality usage.
1.2. The Agreement will be valid as long as the Controller is actively using the Application.
2. Personal Data, Processing Purposes and Data Subjects
2.1. The processing activities in the context of the present agreement will affect the following personal data and its categories:
- profile data: patient ID, first name, last name, date of birth, gender;
- auscultation results: lungs sounds and their analysis;
- medical info: chronic diseases, information about smoking and harmful working conditions, notes.
2.2. The Processor shall process personal data on behalf of the Controller only for the purposes of providing the Controller with the Application’s functionality. Any new purposes of the data processing activities shall be provided to the Processor in the form of respective written instructions.
2.3. The following groups of individuals will be affected by processing activities in the context of the present agreement:
- the Controller’s patients.
3. Obligations
3.1. The Processor processes personal data on behalf of the Controller. The Controller is responsible for maintaining compliance with data protection regulations.
3.2. During the processing of personal data, the Processor is obligated to follow only the instructions of the Controller. Outside the scope of these instructions, the Processor may not use the data provided to it for processing either for its own purposes or for the purposes of third parties. The Processor shall adjust, delete or block the data processed in the order in accordance with the Controller’s instructions. If the Processor is of the opinion that instructions of the Controller are in breach of the applicable data protection regulations, it must notify the Controller accordingly without delay.
3.3. The Processor shall assist the Controller in satisfying the data subjects’ rights to access, rectification, restriction of processing, objection, erasure, and data portability regarding their personal data. If a data subject contacts the Processor directly regarding the rights listed above, the Processor shall forward this request to the Controller without delay.
3.4. Upon request, the Processor shall provide the Controller with the information necessary to enable the Controller to satisfy notification obligations, maintain records of processing activities, or perform a data protection impact assessment.
3.5. Once the term of the present agreement has ended, the Processor shall be obliged to surrender the data processed under the present agreement in a generally readable format or to delete it, at the Controller’s discretion.
4. Use of Sub-processors
4.1. The Controller is deemed to have consented to the involvement of the sub-processors and functions listed in Processor’s Privacy Policy.
4.2. If sub-processor are replaced or added during the term of the present agreement, the Processor must first obtain the consent of the Controller in writing, including in electronic form.
4.3. The Processor shall inform the Controller in writing about any new sub-processors to be involved into relevant processing activities at least 15 (fifteen) calendar days before actual involvement. In case if the Controller does not object to the involvement of any new sub-processors within the mentioned period of time all the new sub-processors shall be considered automatically approved by the Controller.
4.4. Any Controller’s objections with regards to any new sub-processors should be based solely on privacy and data protection considerations. In the case of disagreement with regards to the involvement of any new sub processors both the Controller and the Process will take reasonable steps to ensure continuous mutual compliance with applicable data protection regulations in the context of the involvement of new sub-processors on the side of the Processor. Those reasonable steps will include mutually agreed mitigating measures subject to considering risk-oriented approach as well as currently existing data protection best practices and technological state-of-the-art.
4.5. In case if both the Controller and the Processor are not able to mutually agree on the involvement of new sub-processors the Processor reserves its right to unilaterally terminate the Terms of Services and relevant Data Processing Addendum with the Controller.
5. Security Measures
5.1. The Processor shall apply all necessary technical and organizational measures to protect personal data on behalf of the Controller. Such
measures should be implemented taking into account the state of the art in the cybersecurity sphere as well as the costs of implementation of such measures. In any case the Processor guarantees the compliance of its technical and organizational measures with applicable privacy and data protection regulations.
5.2. The Processor may only grant authorization to access the Controller’s data to its own employees in accordance with the authorization concept, and to the extent required for the task in question in connection with the execution of the present agreement. The Processor undertakes not to
disclose the access authorizations assigned to it for the use of the system to any unauthorized persons.
5.3. The Controller or its representative have the right to carry out checks on compliance with the requirements of the present agreement. The Processor shall provide the desired information and, at the request of the Controller and within a reasonable period, submit documentary evidence that it has met its obligations by completing a questionnaire supplied by the Controller or by confirming in writing that the measures agreed on in the current agreement are appropriate and up-to-date.
5.4. The Processor undertakes to treat as confidential all information – including but not limited to technical and commercial information, plans, findings, intelligence, designs, and documents – that becomes known to it or that it receives from the Controller in connection with the present agreement. That includes, not to disclose this information to third parties, to protect it from third-party access, to use it only for the purposes of the present agreement, and to disclose it only to employees who are themselves under an obligation to observe confidentiality, unless otherwise agreed in writing between the parties.
5.5. This confidentiality obligation shall not apply in respect of information
- That can be proven to have been known to the Processor before the present agreement came into effect;
- That can be proven to have been lawfully obtained by the Processor from a third party without being subject to a confidentiality obligation;
- That is already in the public domain or that enters into the public domain without any infringement of the obligations contained in the present agreement;
- That can be proven to have been developed by the Processor during the course of its own independent work.
5.6. The Processor undertakes to impose on its employees to whom this information is disclosed the same obligations that it entered into above unless said employees are already subject to an equivalent confidentiality obligation by virtue of their employment contracts.
6. Data Breaches
6.1. The Processor must report any data protection security breaches (unintentional or unauthorized destruction, loss, amendment, disclosure or access involving personal data processed under the present agreement) or violation of client confidentiality to the Controller without delay in order to give the Controller the opportunity to report the incident to the relevant authorities without undue delay.
6.2. The Processor shall initiate all steps necessary to clarify the matter and remedy the security incident without delay, and provide the Controller all information necessary to document the event and potentially submit a report to the relevant supervisory authority.