TERMS OF SERVICE

1. Emergencies

Our Platform should not be used in emergency medical situations such as extreme breathing difficulties, severe bleeding, severe burns or scalds, loss of consciousness, major road accidents or a fall from height or serious head injury which requires immediate attention, heart attack situations. In any of the said events or any other medical condition which requires immediate medical attention, government backed medical services should be used.

2. Who are we?

We are an aggregator platform which connects independently verified healthcare professionals ("HCPs") with our users. All the medical services as described on the Platform are performed by such HCPs and we do not play any role in providing such medical services.

You can use the Platform to:

1. 1. book an appointment for an online or in person consultation with an HCP via the Platform ("Appointment");
2. 2. obtain qualified and professional medical advice from the HCP and related administrative services including referrals and sick notes; and
3. 3. if agreed with the Practitioner during the Appointment, you may also obtain prescriptions for certain medications (each a "Service" or together the "Services").

3. How to contact us?

To contact us, please email info@medgo2u.com or telephone our customer service. For other options, please visit Contact Us.

We may contact you by email to the email address provided in your Account, by written communication to the postal address provided in your Account or by a general notice on the Platform.

4. Terms and conditions of Appointments

a) Appointments are subject to availability:

Appointment slots are subject to change and are only made available to you at our sole discretion. In the event that:

• 1. you require medical advice, and you are unable to access Platform for whatever reason;
• 2. there are no Appointments available to suit your requirements;
• 3. you miss an Appointment for whatever reason;
• 4. you lose connection to the Platform during an Appointment; and
• 5. your Appointment is cancelled, including as a result of the relevant HCP being unavailable.

It is your sole responsibility to either book an alternative Appointment with us or seek appropriate alternative medical advice from alternative service providers.

b) Book an Appointment in Advance

You can choose to book an appointment in advance, which we refer to as an "Appointment". You can request an Appointment on your chosen date and time (subject to availability) via the Platform.

c) Rescheduling of Appointments:

You may alternatively reschedule the booked Appointment as per the cancellation and rescheduling policy as set out in these Terms.

d) Same day Appointments:

If you want a consultation as soon as possible on the same day, you will need to check for any availability via the Platform. The waiting time and all other time estimates provided and/or published on the Platform are based on our system's best estimates having reviewed live activity and usage statistics. You accept that the waiting time and all other time estimates are provided as guide only and do not guarantee provision of the services, or that a connection with a HCP will be made within certain parameters within a given time period. You accept that we will not refund fees based on waiting times or any other time estimates being inaccurate.

e) HCP and choice:

You may not be able to choose the HCP for your Appointment unless we make this option available to you on the Platform, which we may do from time to time at our sole discretion. We do not make any guarantee whatsoever as to the availability of any single HCP at any time.

Disclaimer:

We do not make any representation nor give any warranties regarding any HCP's training, qualifications or skill, although we conduct a thorough due diligence on each HCP before onboarding which ensures that each HCP has a current and valid registration with their regulator, a right to practice in the UK and CQC compliant.

5. Safe use of the Services

To ensure you are able to use the Platform and Services safely and in accordance with these Terms, you must:

• a) provide full and accurate information about your medical history and current symptoms for the Practitioner during an Appointment and/or by sharing such information at the chat box available at the Platform. Failure to provide full information may impact on our ability to provide the Services and the ability of the HCP to make a full assessment of your health and care needs.
• b) not use the Services for any inappropriate purposes (including, without limitation, to obtain clinically inappropriate prescriptions).
• c) follow instructions given to you by the HCP;
• d) follow instructions on any medicine or healthcare product recommended by the HCP;
• e) seek further medical advice if you have any concerns about the information given to you by the HCP or if your condition changes; and
• f) seek immediate medical assistance if you suffer adverse or unexpected effects of any treatment, medicine or healthcare product recommended to you by the HCP. Please see Emergencies section above.

Where we determine that our Services are inappropriate for your individual needs, we may withdraw our Services from you and you should seek appropriate healthcare advice elsewhere.

6. Prescriptions, Referral Letter and Medical Certificates

a) Contents

You understand and accept that each HCP, at their sole discretion, creates prescriptions, referral letter and medical certificates using their own resources based on their own professional judgement and legal obligations. You understand and accept that the content of such items is individual, based on information you provide to the HCP and your presentation at the time of your consultation. As such, the contents of any prescription, referral letter or medical certificate may vary; the precise nature of the content shall be at the sole discretion of the HCP and you agree to hold us and our employees, officers, directors, agents and affiliates harmless from any claim that may arise as a result of the contents of such items. You must not tamper with the content of any such prescriptions, referral letter or sick notes. You understand and accept that there is no guarantee that such prescriptions, referral letter or medical certificates will contain the content you desired, hoped for, expected, were informed of, understood or believed they would contain.

b) Lost prescriptions, referral letter or medical certificates

If you lose a prescription, referral letter or medical certificate, a copy of the relevant document may be issued, subject to the prescribing HCP agreeing to reissue the document. You understand and accept that there is no guarantee that HCP will agree to re-issue any document. In the event that the HCP re-issues your lost prescription, referral letter or medical certificate, you understand and accept you may be charged in accordance with the current cost for a “Copy”.

c) Issuing prescriptions

You understand and accept there is no guarantee whatsoever that you will be issued or provided with a prescription for any medication. You understand and accept that the issuing of any prescription is at the sole discretion of HCP, subject to the limitations applied by us from time to time. You accept that we have required our HCPs to not prescribe any medicines or drugs which are prohibited in the United Kingdom and you accept such restriction applicable to the HCPs.

d) Contents of prescriptions

You understand and agree that we do not play any role in the issuance of prescriptions. All the prescriptions are issued by HCPs as per their expertise, your diagnosis and the information you provide directly to them.
You agree and acknowledge that we shall not be held liable in the event you experience any adverse health situation as a result of (i) any side effects of the prescribed drug or medicine and (ii) over or underdosage of any prescribed drug or medicine.

7. Your MedGo2U Account

a) Registration requirements:

For the purposes of creating an account on the Platform and accessing the Services, you represent and warrant to us that (i) you are at least 18 years of age, and (ii) you have the capacity to accept the terms contained herein.

b) Registering an account:

Registering an account with us is a pre-requisite for availing the Services on our Platform. To register with us you are required to provide accurate and complete information, including your first and last name, email address, postal address, mobile telephone number (you are not permitted to use landline numbers in place of a mobile telephone number) and any other information that we specifically request as per our privacy policy. You must keep your Account details up to date at all times. We reserve the right to terminate any Account which (at any time) does not include a valid email address and mobile telephone number (not a landline) on file as part of that individual’s Account. Both the email address and mobile telephone number must be stored in the profile for your Account.

c) Verification of account:

You may be required to verify your identity in order to use our Services. We may contact you by telephone or email to verify identity or other Account information and may request further information from you, which you agree to provide, in order to ensure you have not fraudulently created your Account. If you do not provide this information in the manner requested within seven (7) Working Days of the request, we reserve the right to suspend, discontinue or deny you access to and use of the Platform and Services until the information is provided to our reasonable satisfaction. We may also conduct electronic identity verification checks based on the information you provide to us and should these checks fail to verify your identity, we reserve the right to suspend, discontinue or deny you access to and use of the Platform and Services until the information is provided to our reasonable satisfaction.

d) One account:

If you use multiple accounts for the Services, this will mean that records of your care may be inaccurate and you may put the safety and quality of your future care at risk.

e) Third party information:

Where you provide any personal health information to the HCP which you have obtained from a third party health service provider, you warrant that such information is provided lawfully and has not been tampered with.

f) Keep your log-in details confidential:

If you choose, or you are provided with, a user identification code, password or any other piece of information as part of our security procedures, you must treat this as confidential. You must not disclose it to any third party. If you know or suspect that anyone other than you knows your user identification code or password, you must promptly Contact Us.

g) Unauthorized usage:

You are solely responsible for all activity that occurs on your Account and you must notify us immediately if you become aware of any unauthorized use of your Account or if your login details are lost or stolen. We shall not be liable for any losses that you incur as a result of any unauthorized use of your Account.

h) Right to Monitor:

We reserve the right to monitor your use of the Platform and/or Services and to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our reasonable opinion you have failed to comply with any of the provisions of these Terms or if we suspect any unauthorized use or misuse of the Platform and/or Services (including the attempts to contact the HCP outside Platform for any reason whatsoever).

i) Right to terminate or deactivate your account:

We reserve the right to withdraw access to your account as a result of any behavior that is deemed abusive, inappropriate or in contravention of the terms as contained herein.

j) Information resources:

By registering on the Platform and then providing consent to receive information resources and/or marketing communications, you are agreeing to the receipt of offers, promotions, surveys, newsletters and other information regarding medical and health-related topics, which may include links to other related websites.

8. Payments and commission

9. Dispute Resolution

We serve to connect you with HCPs. While we ensure that all the HCPs meet the required legal compliances (including CQC, professional qualifications and checks), we do not employ them directly. As such, we are not responsible for any incidents, injuries, or complications arising from the treatment provided.

a) Unforeseen medical complications

In the event you experience an issue related to any treatment or consultation provided by a relevant HCP, you have the right to directly reach out to the concerned HCP who provided you the Service by raising a ticket on the Platform. We will facilitate your connection with the concerned HCP. All the HCPs on the Platforms have obtained third party health insurance and in the event you wish to make any monetary claim for erroneous treatment, you can require the HCP to raise a complaint with the insurance provider of the concerned HCP. Once a complaint is successfully raised with the said insurance provider, you will be required by such insurance provider to complete the required procedure for filing the claim.

b) Complaint procedure

We comply with the following internal dispute resolution procedure to resolve the complaint raised by you:

• (i) If you have a reason to believe that you were treated erroneously or the diagnosis was incorrect by the concerned HCP on the Platform, you have the right to raise a complaint with us within 48 (forty-eight) hours from the time when the consultation was marked completed on our Platform ("Complaint").
• (ii) You shall also be required to submit the documents (such as pictures, medical reports or written details) to support the Complaint.
• (iii) Upon the receipt of Complaint, we will review the Complaint and if we, in our reasonable opinion, find that the Complaint is genuine, we issue a full or partial refund at our sole discretion.
• (iv) While we will review and assess the Complaints made after the said timeline of 48 (forty-eight) hours, we do not guarantee the issuance of full or partial refund.

10. Our rights

We reserve the following rights in relation to the Platform:

• a) We reserve the right to restrict, suspend, or block any non-registered user's access without notice if we detect or suspect any misuse, abuse, or malicious activity;
• b) We reserve the right to block the access of any user to the Platform who attempts any of the following activities (i) Attempt to access or probe secure areas of the platform, (ii) Scraping, data mining, or using bots or automation tools, (iii) introducing or attempt to introduce viruses, malware, or other harmful code, or (iv) attempting to bypass security or authentication measures;
• c) We reserve the right to monitor usage of the Platform, including for users who are not logged in, and to take appropriate technical or legal action, including blocking IP addresses, rate-limiting access, or reporting to law enforcement, in case of suspected malicious behavior; and
• d) We are not responsible for any damage, harm, or loss caused by third-party users, including those who access the Platform without registering. You acknowledge and agree that your use of the Platform is at your own risk;
• e) We have the right to integrate our in-house developed artificial intelligence technology to suggest you one or more HCPs which may best meet your needs. However, such suggestions shall not be deemed to be any binding legal advice and you are advised to use your own judgment and discretion while selecting an HCP; and
• f) We have the right to retain limited access to your chat box or video consultations only for the purpose of ensuring that you do not contact or try to contact the HCP outside the Platform. We shall not have access to the health-related discussions you may have with the HCP either on the chatbox or during video consultations.

11. Our obligations

We are under an obligation to:

• a) Obtain and maintain a public liability insurance for a sum up to £10,000,000 (Great Britian Pounds Ten Million) for insuring all the users of the Platform against possible risk of any injury or fall which occurs to any user at the time of on-site consultation provided any concerned HCP of the Platform;
• b) Protect the data you share with us. We use the safeguards as listed in paragraph 12 below to protect your data.
• c) Obtain and maintain cyber-attack insurance to insure the Platform against any potential cyber-attack risk and the insured sum shall be decided as per our discretion;
• d) Put in best efforts for the maintenance of the Platform
• e) Onboard only such HCPs who meet the onboarding policy; and
• f) Put in best efforts for providing the Services as per the terms as contained herein.

12. How do we protect your data

We take your data security seriously. We implement a combination of technical, administrative, and organizational measures to protect your personal information from unauthorized access, loss, misuse, alteration, or destruction.

Our key data protection practices include:

(a) Encryption:

All data transmitted between your device and our servers is encrypted using industry-standard Transport Layer Security (TLS).

(b) Access Control:

Access to personal data is restricted to authorized personnel only, based on the principle of least privilege. We maintain strict internal policies to prevent unauthorized access

(c) Secure Payments:

We use Stripe, a PCI DSS-compliant third-party payment processor, for all financial transactions. MedGo2U does not store or process your payment card details on our servers.

(d) Regular Security Testing:

We conduct regular penetration testing, vulnerability scanning, and audits to identify and remediate potential security risks.

(e) Data Minimization and Anonymization:

We only collect the data necessary to provide our services and, where appropriate, anonymize or pseudonymize data to reduce privacy risks.

(f) Monitoring and Incident Response:

Our systems are monitored for suspicious activity, and we have an incident response plan in place to respond to any security breach promptly and effectively.

(g) Compliance:

MedGo2U adheres to applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

13. Appointment cancellations and refund policy

a) Set out below is the amount of refund for which you shall be eligible depending on the timing of the cancellation of appointment.

b) All the refunds shall be processed within 5 to 7 working days and shall be processed to the original payment method made for booking.

c) Any processing, Platform Fee or transaction fees, such as bank or payment gateway fees, are non-refundable.

d) If the booking was made using a gift card or voucher, the refund will be issued as a new voucher for future use rather than as cash.

e) In the event of medical emergencies or extreme unforeseen circumstances, refund requests will be reviewed on a case-by-case basis. Supporting documentation may be requested by us at our discretion.

f) Notwithstanding anything contained herein, if you are not eligible for refund as per the refund policy as stated above, we reserve the right to investigate the case on merits and may issue full or partial refund at our sole discretion.

14. Amendment to the Terms and Platform

Every time you wish to use our Platform, please check these Terms to ensure you understand the Terms that apply at that time. If we make any material changes to the Terms, we will try to give you reasonable notice prior to the change becoming effective. Any change will be effective immediately when the revised Terms are posted on the Platform. You should stop using the Platform if you do not agree to any changes.

We may update and/or revise changes to the Platform and/or the Services from time to time, for example, to reflect changes in your needs and/or our business priorities or any legal or regulatory changes. We will try to give you reasonable notice of any major changes in advance. If you are not happy with the proposed changes, then you may contact us to terminate our contract with you.

15. Suspension of withdrawal of Platform

We do not guarantee that the Platform, or any content on it, will always be available or be uninterrupted. We may suspend or withdraw or restrict the availability of all or any part of the Platform for business and operational reasons, including (without limitation) for technical or security reasons. We will try to give you reasonable notice of any suspension or withdrawal.

If we need to suspend access to the Platform at any time prior to any Appointment that you have already booked, we will notify you in advance (unless the suspension is due to unforeseen circumstances such as emergency maintenance) and arrange a new Appointment for you as soon as possible.

We reserve the right to suspend or terminate your access to the Platform at any time, without notice and without us bearing any liability to you. In such circumstances, any Appointments that you have already booked will be cancelled.

16. Disclaimers

(a) Medical disclaimers:

We make no representation or warranty as to the content of any treatment response from any HCP. Any views expressed or advice provided by the HCPs are not endorsed by us. You and your HCP are solely responsible for all information provided and/or advice given to you at any time before, during or after the consultation. You should always seek the advice of a doctor or other qualified healthcare provider regarding any medical concerns (and before starting, stopping or modifying any transfer of medications) even if you have already obtained medical advice via or read relevant materials on the platform. We do not guarantee that a videoconferencing message consultation is the best course of accessing advice or indeed the appropriate course of treatment for your particular healthcare concern or medical issue. You agree to contact your GP immediately should your condition change or your symptoms worsen if you are not registered with us (UK doctor you agree to contact your local walk-in centre or hospital for advice). If you require urgent care (you should contact your nearest emergency services center immediately).

(b) Content Disclaimers:

Any information on our Platform or in any communications from us (other than advice provided by an HCP during an Appointment) is for general educational and informational purposes only and is not intended to amount to advice on which you should rely. Such information should not be relied upon as a subsidiary for seeking appropriate individual medical advice or services. Although we make reasonable efforts to update the Information on the Platform, we make no representations warranties or guarantees, whether express or implied, that the content on the Platform is accurate, complete or up to date. We accept no responsibility for any consequences relating directly or indirectly to any action or inaction you take based upon such information.

(c) General Disclaimers:

• We make no warranty that the Platform or the Services will meet your requirements or that the Services will be uninterrupted, 100% secure or error-free, or that defects, if any, will be corrected.
• We are not responsible for transmission errors or any corruption or compromise of data carried over local or interchange telecommunication carriers.
• We reserve the right to temporarily discontinue the Services on account of occurrence of any force majeure event relevant to our Services.
• We will take all reasonable precautions to protect against failure of our equipment and software and will perform regular back-ups of all data stored. You acknowledge and accept that in the event restoration of data from backup is necessary, it may take several days to complete such restoration of data and resume operation of the Platform and/or the Services, in which circumstances any booked Appointments shall be deemed a disrupted appointment.
• We do not guarantee that the Platform will be secure or free from bugs or viruses. You are responsible for configuring your information technology and computer programmes in order to access the Platform. You should use your own virus protection software.
• We make no representations or warranties about the satisfaction of government regulations requiring disclosure of information on prescription drug products; or any treatment, action or application or preparation of medication based on information offered or provided through the Platform or Services.
• We do not endorse the promotions, products or services of any third parties, nor do we warrant or validate the accuracy of any third-party advertisements, promotions, communications or other materials. We do not assume any responsibility or liability for the accuracy of information contained on any third-party websites.

17. Our responsibility for loss or damage suffered by you

• a) We make no representation or warranty as to the content of any treatment response from any HCP. HCPs are independent contractors and not our employees. Any views expressed or advice provided by HCPs are not endorsed by us. You and your HCP are solely responsible for all information provided and/or advice given via the Platform.
• b) If we fail to comply with these Terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking this contract or our failing to use reasonable care and skill, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if it is obvious that it will happen or if, at the time the contract was made, both we and you knew it might happen. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors, for fraud or fraudulent misrepresentation.
• c) Subject to applicable law, we will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty or otherwise, even if foreseeable, arising in connection with: (i) inability to use the Platform, or (ii) use of or reliance of any content displayed on the Platform.
• d) We only supply the Services for domestic and private use. If you use the Services for any commercial business or resale purpose we will have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.

18. Termination of our contract with you and consequences

(a) Our right to terminate:

We may end the contract between us, terminating your right to use the Platform or the Services, if: (i) you do not, within a reasonable time of us asking for it, provide us with information that is necessary for us to provide the Services, for example valid contact details, (ii) you seriously (as determined by us) or repeatedly breach any of these Terms.

• b) If we end the contract in the situations set out in the circumstances above we may deduct or charge you reasonable compensation for the net costs we will incur as a result of your breaking the contract.
• c) We may write to you to let you know that we are going to stop providing the Services. We will try to let you know in advance of our stopping the supply of the Services.
• d) We will advise you of any termination or suspension via the contact email held as part of your Account.

(e) Your right to terminate:

You may cancel an appointment and/or cease using the Platform at any time. You may cancel an appointment/ terminate Services via the Platform or by contacting us.

(f) Consequences of termination:

On termination of your Account for whatever reason, we have the right to delete all data, files or other information relating to you that we store or control for any reason, subject to UK law concerning the keeping and maintenance of your electronic medical record and relevant data protection laws. Please see our Privacy and Cookies Policy for further information.

19. Intellectual Property

We are the owner or the licensee of all intellectual property rights in the Platform, and in the material published on it. These works are protected by copyright laws and treaties around the world. All such rights are reserved.

20.Other important terms

• a) We may transfer our rights and obligations under these Terms to another organization. We will always tell you in writing if this happens and we will ensure that the transfer will not affect your rights under the contract you have with us.
• b) (b)Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect.
• c) (c)If we do not insist immediately that you do anything you are required to do under these Terms, or if we delay in taking steps against you in respect of your breaching these Term, that will not mean that you do not have to do those things and it will not prevent us taking steps against you at a later date.
• d) (d)These Terms are governed by English law and you can bring legal proceedings in respect of the Platform and/or the Services in the courts of Cardiff, Wales.

Terms of service applicable to Healthcare Professionals Continue below

Part B: Terms of Service for Healthcare Professionals

Please read these terms and conditions (“Terms”) carefully before applying for providing healthcare services on the Platform of Medgo2U (hereinafter referred to as “we”, “our” or “us”) (“Application”). In the event you do not agree to these terms, you should make the Application for providing healthcare services on the Platform.

These Terms apply to all the healthcare professionals before and after making the Application (hereinafter referred to as “you”) of our website (http://www.medgo2u.com) (“Platform”). These Terms apply to you whether you are a resident or national of the United Kingdom or not

By using the Platform, you agree to these Terms, the data processing agreement (including its appendices) as contained in Schedule 1 and the additional terms as contained in our Privacy Policy and Cookie Policy.

1. Your relationship with us

Our Platform enables you to provide healthcare services to the users acting as an independent contractor for us. You agree and acknowledge that you are NOT our employee, and we shall not be liable to comply with the applicable employment laws in respect of you.

2. Registration

Before you can commence providing your services on the Platform, you will have to make the Application of registration on the Platform and as our onboarding requirement, you shall be required to submit the true copies of the following documents on our Platform (“HCP Information”):

• a) Contact details such as your email address, mobile number and proof of residence;
• b) Demographic details such as age, gender and date of birth;
• c) Professional details such as (i) college or university degree, (ii) valid and active professional license and registration number (wherever applicable);
• d) Your work visa or any other document issued by the Government which evidences your right to work in the United Kingdom;
• e) DBS certificate which conclusively determine non-existence of criminal history, first aid certification, and other qualifications which may be applicable to the relevant discipline of your medical services; and
• f) Proof of valid and subsisting malpractice/professional liability insurance

3. Our rights

We have the following rights in relation to you:

• a) Right to verify the contents and genuineness of the HCP Information. For the purposes of exercising this right, we shall have the right to appoint a third party to verify the genuineness of all or any of the HCP Information at any point of time. Please note that HCP Information is shared with third parties in full compliance of our privacy policy.
• b) Right to carry out randomized audits to verify the validity and subsistence of your professional qualifications and professional liability insurance.
• c) Delist you from the platform if you cease to meet our internal onboarding requirements and the obligations as stated in these Terms (including the failure to meet professional qualifications and hold a subsisting professional liability insurance).

4.Your obligations

You shall be responsible for fulfilling all the following obligations until you continue to provide your services on the Platform:

• a) Meet and continue to meet the eligibility requirements for providing services on the Platform (including the maintenance of a valid professional liability insurance and requisite professional qualifications);
• b) Comply with all the healthcare and other laws applicable to you (including the CQC compliance);
• c)Store the health-related information of the users directly shared with you for not more than 7 (seven) years in case of adults, 25 (twenty five) years for minors and 20 (twenty) years after the last treatment or 8 (eight) years after death in case of mental health patients. The said timelines will be calculated from the date on which the user last consulted you;
• d)Process the health-related information of users only for the purpose of providing the services to them and you shall keep such information confidential;
• e)Maintain adequate professional standards as may be laid down by the relevant regulatory authority;
• f) Fully cooperate with the users and the insurance service provider with whom the professional liability insurance is maintained for the purpose of settlement of dispute raised by the user via Platform;
• g)Pay non-refundable Platform fee of 22% (Twenty Nine Percent) out of the total consultation fee paid to you by the relevant user (“Platform Fee”). Platform Fee is charged by us for round the clock maintenance of the Platform which enables you to provide your seamless Services to the users;
• h)Pay the cancellation fee of £20 (Great Britian Pound Twenty) from the amount payable by any user on the next consultation if you cancel any prior consultation or do not show up at the relevant location for such consultation;
• i)Ensure that you do not contact or try to contact any user of the Platform outside the Platform; and
• j)Provide your services to the users to the best of your experience and ability.

5.Legal Disclaimers

You shall be responsible for fulfilling all the following obligations until you continue to provide your services on the Platform:

• a)The Platform serves solely as an intermediary connecting users with you for the purpose of booking consultations and related services. Healthcare Professionals work on the Platform independently and are not employees, agents, or representatives of the Platform.
• b)The Platform does not provide medical advice, diagnosis, or treatment of any kind. All medical consultations and treatments are rendered solely by the healthcare professional selected by the user. The Platform does not supervise, control, or influence the professional judgment or actions of any healthcare provider.
• c)To the fullest extent permitted by law, the Platform shall not be held liable for any injury, harm, adverse outcome, or mistreatment that may occur during or as a result of any consultation, diagnosis, procedure, treatment, or other interaction between the user and the healthcare professional.
• d)In the event of any dispute, disagreement, or claim arising between the user and the healthcare professional, whether related to the consultation, diagnosis, treatment, service quality, or any other matte, the user agrees to resolve such dispute directly with the concerned healthcare professional in accordance with the terms applicable to users. The Platform shall have no obligation, responsibility, or role in mediating, arbitrating, or resolving such disputes. The Platform's role is strictly limited to assisting users in identifying and connecting with healthcare professionals. By using the Platform, the user acknowledges and agrees that any issues arising from the healthcare service must be addressed directly with the healthcare provider concerned or the insurance provider with whom the healthcare professional holds professional indemnity insurance.

6.Intellectual Property

We are the owner or the licensee of all intellectual property rights in the Platform, and in the material published on it. These works are protected by copyright laws and treaties around the world. All such rights are reserved

7.Indemnity

You agree to indemnify, defend, and hold us, the Platform, its affiliates, directors, officers, employees, agents, and representatives harmless (collectively, the “Indemnified Parties”) from and against any and all claims, demands, actions, liabilities, losses, damages, judgments, settlements, costs, and expenses (including reasonable legal fees) arising out of or in connection with:

• a)Any act, omission, negligence, misconduct, or breach of professional duty by you in the course of providing services to any user;
• b)Any claim by a user or third party arising from or relating to the healthcare services rendered (or failed to be rendered) by you;
• c)Any breach by you of these Terms, data processing agreement as set out in Schedule 1, our privacy policy, our cookie policy or any applicable laws, regulations, or ethical standards; and
• d)Any violation of a user's rights, including but not limited to personal injury, wrongful treatment, or breach of confidentiality.

8.Termination

We reserve the right to terminate its agreement or arrangement with you immediately, without notice, in the event of any of the following:

• a) Breach of Terms:Any material breach by the Healthcare Professional of the Terms, policies, or guidelines of the Platform, including failure to comply with applicable laws and professional standards;
• b) Professional Misconduct:Any instance of professional negligence, malpractice, or unethical behavior that, in the sole discretion of the Platform, may harm the reputation or interests of the Platform or its users;
• c) User Complaints:Receipt of repeated or serious complaints from users regarding the conduct, treatment, or quality of services provided by the you;
• d) Legal or Regulatory Action:Any investigation, suspension, revocation, or disciplinary action initiated by a relevant regulatory or licensing authority against you;
• e) MisrepresentationProvision of false, misleading, or inaccurate information regarding qualifications, credentials, or experience; and
• f) Reputational Risk:Any act or omission by you that, in the Platform’s reasonable opinion, poses a risk to the safety, trust, or confidence of users, or negatively affects the reputation of the Platform

Termination under this clause shall be without prejudice to any other rights or remedies available to us under law or contract. Upon termination, Termination under this clause shall be without prejudice to any other rights or remedies available to the Platform under law or contract. Upon termination, you shall immediately cease to use the Platform and shall have no further right to access or offer services through it.

Governing Law and Jurisdiction

These Terms are governed by the English Laws and the courts of Cardiff, Wales shall have exclusive jurisdiction.

1. Definitions

1.1) In this Data Protection Agreement, the following capitalized terms will have the meaning set forth in this Section 1.1. Any other terms not defined hereunder shall be understood in accordance with Article 4 in GDPR.

• a) “Applicable Law” means UK General Data Protection Regulation (UK GDPR), UK Data Protection Act 2018 (DPA 2018) and any enforceable rules, regulations, policies, or standards issued by UK or member state law or authorities.
• b) “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
• c) “Data Controller” means Medgo2U;
• d) “Data Processor” means the healthcare professionals providing healthcare services to users of the Platform;
• e) “Processing” means any operation performed on personal data, including collection, storage, access, use, dissemination, alignment, or erasure.
• f) “Third Country” means a country other than the United Kingdom.

2. The Rights and Obligations of the Parties

2.1 The Data Controller shall be responsible for ensuring that the Processing of personal data which the Data Processor is instructed to perform has a legal basis. The Data Controller is also obligated to ensure that the Processing takes place in accordance with Applicable Law and to make decisions about the purposes and essential means of the Processing of personal data.

2.2 The Data Processor confirms that personal data is kept confidential, and is only processed as follows:

• The Data Processor confirms that personal data is kept confidential and processed only as follows:
• i) exclusively for the purpose(s) described in the Healthcare Agreement as executed between the Data Processor and Data Controller on the even date and this Data Protection Agreement,
• ii) privacy policy in force of the Data Controller and
• iii) in accordance with the documented instructions from the Data Controller in Appendix A and Appendix B, as well as any subsequent instructions given in writing by the Data Controller, unless required by Applicable Law to which the Data Processor is subject. In such cases, the Data Processor shall notify the the Data Controller as soon as possible and in any event prior to the Processing, unless Applicable Law prohibits such notification on important grounds of public interest.

2.3 Subsequent instructions may be given by the Data Controller throughout the term of the Data Protection Agreement - until the termination or expiry of the Agreement - but such instructions shall always be documented and kept in writing, including electronically, in connection with this Data Protection Agreement.

2.4 The Data Processor shall immediately inform the Data Controller if instructions given by the Data Controller, in the opinion of the Data Processor, contravene Applicable Law.

3. Confidentiality

• 3.1Access to personal data processed on behalf of the Data Controller shall be limited to the Data Processor's employees and representatives, including and without limitation its officers, directors, agents and advisors (“Authorized Persons”) under the Data Processer's authority who have committed themselves to confidentiality either by contract or under an appropriate statutory obligation of confidentiality and only on a need-to-know basis.
• 3.23.2The list of Authorized Persons to whom access has been granted shall be kept under periodic review by the Data Processor and access to personal data must be withdrawn, if access is no longer needed for carrying out the Services under the Agreement.
• 3.3Upon request from the Data Controller, the Data Processor shall demonstrate that the concerned Authorized Persons under the Data Processor's authority are subject to the abovementioned confidentiality.

4.Security of processing

4.1 The Data Controller and the Data Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

4.2 The Data Controller shall evaluate the risks to the rights and freedoms of natural persons as a result of the Processing and implement measures to mitigate any identified risks. These measures may include the following:

• a) pseudonymisation and encryption of personal data;
• b) the ability to ensure ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
• c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
• d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.

4.3 In addition, the Data Processor shall - independently from the Data Controller - also evaluate the risks to the rights and freedoms of natural persons as a result of the Processing and implement measures to mitigate any identified risks. To this effect, the Data Controller shall show best endeavours to provide the Data Processor with all necessary information to identify and evaluate such risks.

4.4 Furthermore, the Data Processor shall assist the Data Controller with its obligations pursuant to Section 4.2 subsection a)-d), by inter alia providing the Data Controller with information concerning the technical and organisational measures implemented by the Data Processor.

4.5 To the extent the Data Controller decides that mitigation of the identified risks requires further measures to be implemented by the Data Processor than those already implemented by the Data Processor, the Data Controller shall specify these additional measures in Appendix B.

5. Data Processor's Use of another Processor

5.1 The Data Processor shall not engage sub-processors for the fulfilment of its obligations in this Data Protection Agreement without the written specific authorisation of the Data Controller as per the Applicable Laws.

5.2 Upon the receipt of the Data Controller's written specific authorisation, the Data Processor is entitled to make changes concerning the addition or replacement of its sub-processor(s) provided the Data Processor has informed in writing the Data Controller of any intended changes at least one (1) month prior to the engagement giving the Data Controller the right to object to the changes of sub-processor(s).

5.3 Subject to Clause 5.1 above, where the Data Processor engages sub-processor(s) for carrying out specific processing activities, the Data Processor must impose on its sub-processor(s) the same data protection obligations in substance, as set out in this Data Protection Agreement by way of a contract or other legal act under Applicable Law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that it will meet the requirements under this Data Protection Agreement.

5.4 For the sake of clarity, the Data Processor shall ensure that its sub-processor complies with the obligations to which the Data Processor is subject pursuant to this Data Protection Agreement and Applicable Law.

5.5 A copy of such sub-processor(s) agreement and subsequent amendments shall - at the Data Controller's request - be submitted to the Data Controller, thereby giving the Data Controller the right to ensure that the same data protection obligations apply to the Data Processor's sub-processor(s). Other business-related terms that do not affect the legal data protection content of the sub-processor(s) agreement, shall not require submission to the Data Controller.

5.6 The Data Processor agrees to enforce a third-party beneficiary clause with its sub-processor(s) where - in the event of bankruptcy of the Data Processor - the Data Controller shall have the right to terminate the agreement with the Data Processor's sub-processor(s) and to instruct sub-processor(s) to delete or return the personal data.

5.7 In the event the Data Processor's sub-processor(s) does not fulfil its data protection obligations, the Data Processor shall remain fully liable to the Data Controller as regards the fulfilment of the obligations of its sub-processor(s). This does not, however, affect the rights of the data subjects under Applicable Law applicable to the Data Controller, the Data Processor, including its other processor(s).

6. Assistance to the Data Controller

6.1 If the Data Processor receives a request from a data subject, any government agency or authority or a third party in relation to the Processing of personal data, the Data Processor must notify the Data Controller without undue delay after the receipt of such request. The Data Processor shall, furthermore, provide any necessary information to the Data Controller regarding the Processing of personal data concerned. The Data Processor shall refrain from responding to any requests unless agreed in writing with the Data Controller or if required by Applicable Law.

6.2 Taking into account the nature of the Processing of personal data and subject to an individual assessment by the Data Controller, the Data Processor shall assist the Data Controller by appropriate technical and organisational measures as described in Appendix B and in the fulfilment of the Data Controller's obligations to respond to requests for exercising the data subject's rights including the information obligations, as applicable:

• a) the right to be informed when collecting personal data from the data subject
• b) the right to be informed when personal data have not been obtained from the data subject;
• c) the right of access by the data subject;
• d) the right to rectification;
• e) the right to erasure ('the right to be forgotten');
• f) the right to restriction of processing;
• g) notification obligation regarding rectification or erasure of personal data or restriction of processing;
• h) the right to data portability;
• i) the right to object; and
• j) the right not to be subject to a decision based solely on automated processing, including profiling

6.3 In addition to the Data Processor's obligation to assist the Data Controller pursuant to Section 6.2, the Data Processor shall, taking into account the nature of the Processing and the information available to the Data Processor, assist the Data Controller in ensuring compliance with the following:

• a) without undue delay and, where feasible, not later than 72 hours after becoming aware of it, notify a Data Breach to Information Commissioner's Officeunless the Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons;
• b) without undue delay notify the Data Breach to the data subject, in the event the Data Breach is likely to result in a high risk to the rights and freedoms of natural persons;
• c) carry out an assessment of the impact of the envisaged processing operations on the protection of personal data a Data Protection Impact Assessment (DPIA);
• d) consult Information Commissioner's Office, prior to Processing in the event the DPIA indicates a high risk in the absence of measures taken by the Data Controller to mitigate the risk.

6.4 The Parties shall define in Appendix B the appropriate technical and organisational measures to be taken by the Data Processor to assist the Data Controller.

7.Notification of data breach

7.1 The Data Processor must notify the Data Controller without undue delay, but no later than 24 hours, after discovery of any actual or suspected Data Breach, including those of its sub-processor.

7.2 In addition, the Data Processor shall assist the Data Controller in notifying the Data Breach to the competent supervisory authority as stipulated in Section 6.3, meaning that the Data Processor is required to assist in obtaining the following list of information:

• a) The nature of the personal data including where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of the different processing activities concerned;
• b) the likely consequences of the Data Breach for the data subjects;
• c) the measures taken or proposed to be taken by the Data Controller to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

7.3 If any of the abovementioned information is not known to the Data Processor at the time of notifying the Data Controller, the information must be provided to the Data Controller via a supplementary notification as soon as it becomes known to the Data Processor.

8. Deletion and return of data

8.1 Upon completion of the Services performed by the Data Processor or in case of termination or expiry of the Agreement the Data Processor shall delete all personal data processed on behalf of the Data Controller and certify to the Data Controller that it has done so unless Applicable Law requires storage of the personal data for a longer period of time and in such case, the Data Processor shall have the duty to inform the Data Controller that it has retained the relevant information for longer period under the Applicable Laws.

8.2 The Data Processor commits to exclusively process the personal data for the purposes and duration provided for herein and in accordance with Applicable Law.

9. Audit and inspection

9.1 Upon request from the Data Controller, the Data Processor shall make available all information related to the Processing of personal data here under to allow the Data Controller to demonstrate compliance with Applicable Law. Furthermore, the Data Processor shall allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor appointed by the Data Controller.

9.2 To ensure compliance with Applicable Law, the Data Processor shall be required to provide the supervisory authorities, which pursuant to Applicable Law have access to the Data Controller's and Data Processor's premises, or representatives acting on behalf of such supervisory authorities, with access to the Data Processor's premises on presentation of proper identification.

10. The parties agreement on other terms

10.1 10.1The Parties may agree on subsequent terms and conditions related to the Processing of personal data in the Agreement or elsewhere, e.g. liability or indemnification, which shall be deemed effective between the Parties, as applicable, provided that such subsequent terms and conditions do not conflict either directly or indirectly with this Data Protection Agreement or prejudice the fundamental rights or freedoms of the data subject and the protection afforded by Applicable Law. In the event these subsequent terms and conditions conflicts with this Data Protection Agreement, the latter shall prevail.

11. Term and termination

11.1 This Data Protection Agreement shall become effective on the date on which the Terms are accepted by the Data Processor and shall be in force until the Data Processor continues to provide services to the users via Platform.

11.2 Both Parties shall be entitled to require amendments to this Data Protection Agreement in the event that changes to Applicable Law has substantial effect on the Processing activities carried out by the Data Processor. Any amendments to this Data Protection Agreement shall not be valid unless made in writing and executed by each Party.

1. The purpose of the Data Processor's processing of personal data:

To facilitate the delivery of healthcare services to users on the platform of Data Controller, Data Processor is assessing, diagnosing, and providing appropriate treatment to patients based on their individual health information and medical histories submitted directly to Data Processor.

2. The Data Processor's processing of personal data shall mainly pertain to (the nature of the processing):

Processing of personal data by the Data Processor in relation to providing medical services to the users of the platform owned and operated by Data Controller.

3. The processing includes the following types of personal data about data subjects:

Personal Data

1. Name

2. Age

3. Gender

4. Address

5. GPS Location

4. Processing includes the following categories of data subjects that are subject to processing according to the service:

Users of the platform of Data Controller

5. The Data Processor's processing of personal data may be performed on the effective date of the agreement. processing has the following duration:

For the duration of the Data Processor's provision of services to the users availing your services on the platform owned and operated by Data Controller

1. The subject of/instruction for the Processing

Processing of personal data of the users of the platform of Data Controller in order to provide healthcare services to such users.

2. Security of Processing

Data Controller shall implement necessary infrastructure to ensure encryption and pseudonymization of the personal data shared by data subjects.

3. Assistance to the Data Controller

The Data Processor shall insofar as this is possible - within the scope and to the extent specified below assist the Data Controller by implementing appropriate technical measures.

4. The Data Processor shall insofar as this is possible - within the scope and to the extent specified below assist the Data Controller by implementing appropriate technical measures.

Upon request, the Data Processor must provide the Data Controller with any and all necessary information enabling the Data Controller to assess whether and how the Data Processor complies with this Data Protection Agreement. This includes information regarding the security measures, information on back-up procedures, (attempting or suspected) hacking, etc.

The Data Controller may request further measures to be taken to ensure compliance with the Applicable Law and the Data Protection Agreement.

The Data Controller or the Data Controller's representative shall in addition have access to inspect, including physically inspect, the places, where the Processing of personal data is carried out by the Data Processor, including clinics, hospitals as well as systems used for and related to the Processing. Such an inspection shall be performed when the Data Controller deems it required. Both the Data Controller and the Data Processor must bear their own costs in relation to an audit or an inspection, and the Data Processor is obligated to allocate such resources and time necessary for the Data Controller to conduct an audit or an inspection.

If a third party is to conduct the audit on behalf of the Data Controller, the Data Controller must draft a written confidentiality agreement with the third party in question prior to the audit or inspection.

5. Procedures for audits, including inspections, of the Processing of personal data being performed by the Data Processor's sub-processor

The Data Processor or a representative of the Data Processor performs an annual inspection with its sub-processor regarding sub-processor's compliance with this Data Protection Agreement. Upon request of the Data Controller, documentation for the inspections conducted shall be sent to the Data Controller as soon as possible and in any event no later than one (1) month after obtaining it.

Upon request of the Data Controller, the Data Processor must gather control information from sub-processor on the same terms as set forth in Agreement C.4 above and send it to the Data Controller no later than two (2) months after obtaining them.

The Data Controller may choose to initiate and participate in an inspection with the Data Processor's sub-processor if the Data Controller finds it necessary. This may be relevant if the Data Controller finds that the Data Processor's inspection of sub-processor has not provided the Data Controller with sufficient assurance that the Processing of personal data conducted by the Data Processor's sub-processor is in accordance with the Data Protection Agreement

The Data Controller's participation in an inspection with the Data Processor's sub-processor does not change the fact that the Data Processor is solely responsible for its sub-processor's compliance with Applicable Law and this Agreement.