This website and the DASI eCLINIC online software are the property of DASI INFORMATICA, S.L., with registered office at Avenida Meridiana, 34, entresuelo 3 y 4, 08018 – Barcelona (Spain), CIF B61554515, registered in the Mercantile Register of Barcelona, f. 82, t. 30655, h. B-177483.
The terms and conditions indicated below to use the DASI eCLINIC service are understood to have been read, understood and fully accepted by the user at the time they complete the registration form and create their access account.
If you do not agree with these conditions, you must refrain from using the web application as well as the DASI eCLINIC services.
First. – General terms
DASI eCLINIC is an online service software that allows users to comprehensively manage the Medical Center and its patients’ data. DASI eCLINIC has been developed by DASI INFORMATICA, SL
DASI INFORMATICA, SL reserves the right to change and/or modify these Terms and Conditions of use at any time and without prior notice. Violation of our Terms and Conditions of Use may result in the immediate suspension or termination of your license to use.
Whenever the user modifies or changes the Plan, they must accept these Conditions of Use and contracting again.
Second. – Definitions:
Below are the definitions of the terms that will govern these Conditions:
- Administrator: registered user who purchases one or more licenses. You can create new users linked to these licenses.
- System: refers to all the features and functionalities of the DASI eCLINIC web application.
- User: person authorized by the Administrator to access the System.
- License: authorization that assigns the right to use the System, not exclusively.
- Role: functions determined by the job. Integrated by permissions.
- Permission: access and modification privileges.
- Authorized personnel: new system users created by the Administrator.
- Plans: modalities of the System that include various benefits and functionalities depending on the chosen Plan (Free, Basic and Plus).
- Confidential information: information or personal data, including databases, entered in DASI eCLINIC.
Third. – Rights and limitations of the User
You will be granted a non-exclusive, personal, non-transferable and limited license to access and use the system, in order to obtain the services during the contracted term, without prejudice to your full compliance with the terms and conditions established in these Conditions. of Use and Contracting. You agree not to:
- make the system, in whole or in part, available to any other person, entity or company,
- copy, decompile, or disassemble the system, in whole or in part, or otherwise attempt to discover the source code of software used on the system,
- modify the Services or the system or associated software or combine the services or the system with any other software or services not provided or authorized by us.
Quarter. – About the System
Access to the DASI eCLINIC system requires prior registration through the registration and payment form of the chosen Plan. After entering your details, you will receive an email to confirm the activation process.
You will choose a username and password during Registration, which will serve to identify you as “Administrator”. You can create several Users but only activate them according to the number of licenses purchased. It will be you, the Administrator, who will choose the access name for new users, the password will be randomly generated and sent to the new user’s email.
After accepting these Conditions of Use and Contracting, DASI INFORMATICA, SL authorizes the user to access the system and use the services offered by DASI eCLINIC.
You agree that you may not access the system or use the services for any other purpose. In particular:
- You may not reproduce, publish, or distribute System Content that violates any third party’s rights, copyrights, trade secrets, publicity, privacy, or other personal or proprietary rights;
- You must comply with applicable laws, including laws related to maintaining the privacy, security, and confidentiality of personal data and information.
- You may not:
- Use the Services to transmit or post illegal information or messages that are obscene, offensive, threatening, defamatory or harassing.
- Abuse or misuse of the system or services, including obtaining or attempting to obtain unauthorized access to the system, alteration or destruction of information on the system (except for accepted practices).
- Use the system or services to interfere with the use of other users of the system.
To use DASI eCLINIC you must purchase one of the following Plans:
– Free : (1 user – 2 GB of space for images and files – Limited to 100 patients. Single user. May include advertising).
- Program: medical agenda, history and clinical course with CIE10, billing to private and mutual patients, collection management, material cost control, accounting and cash control, SMS appointment reminder, image/video and document manager, editor of reports and documents, questionnaires and health protocols.
– Basic : (1 simultaneous user – 10 GB for images and files)
- Program: medical calendar, online appointment, link to Google Calendar, history and clinical course with ICD10, billing to private and mutual patients, collection management, material cost control, accounting and cash control, SMS appointment reminder, mailing with SendinBlue, image/video and document manager, report and document editor, questionnaires and health protocols and electronic signature to contract with VIDSigner.
- Extras: patient portal (blocks of 2000 pac), Biopsy module (5 centers) and Early Care module.
– Professional : (2 simultaneous users – 10 GB for images and files)
- Includes the features of the Basic Plan plus: budgets.
- Extras: patient portal (blocks of 2000 pac), Biopsy module (5 centers) and Early Care module.
– Clinic : (5 simultaneous users – 50 GB for images and files)
- Includes the Professional Plan plus: invoicing to mutuals.
- Extras: multicenter (5 centers), patient portal (blocks of 2000 pac), additional space (10 GB), Biopsy module (5 centers) and Early Care module.
– Premium : (15 simultaneous users – 100 GB for images and files)
- Includes the Clinic Plan plus: patient portal (block of 6000 pac).
- Extras: multicenter (5 centers), patient portal (blocks of 2000 pac), additional space (10 GB), Biopsy module (5 centers) and Early Care module. Possibility to expand additional users
You can modify the number of Licenses, purchase extras or change the Plan at any time.
III. – Content
The information that appears in the system may be entered by third parties, so DASI eCLINIC is not responsible for the accuracy or completeness of said information.
You assume all the risk and responsibility for the use of the information obtained through the system and accept that DASI INFORMATICA, SL is not responsible for any claim arising from the use of said information.
You, Administrator, will be responsible for the veracity of your data and will be solely responsible for any conflicts or litigation that may result from the falsity of the same.
DASI eCLINIC will implement all the necessary security measures to protect the information found in the system.
In addition, you will notify us immediately of any breach or suspected breach of system security, or any unauthorized use or disclosure of system information.
In this sense, you, as Administrator, and new users undertake to adopt and maintain reasonable and appropriate security measures to prevent the disclosure or use by unauthorized persons of your username and password.
V.- Uses of the System
You may allow your authorized personnel to use the System and the Services offered by DASI eCLINIC through the creation of new users, subject to the terms of these Conditions.
You, the Administrator, will be able to create new users and activate them based on the number of licenses purchased.
You can assign Roles and/or Permissions to these new users. You can create as many Roles as you want, each Role will integrate a series of Permissions, which you yourself can modify and customize according to the user you assign.
You will be solely responsible for the use you make of the System, so DASI INFORMATICA, SL will not be responsible for the consequences arising from such use.
You agree to indemnify DASI INFORMATICA, SL, against any claim or liability arising from:
- Any violation by you or your authorized personnel of all the guarantees or agreements contained in these Conditions of Use and Contracting,
- The actions that may be carried out by any third party, who has accessed the System using your username and password or that of your authorized personnel.
- Your negligent or willful conduct, or that of any member of your authorized staff.
VII.- Use of information
The DASI eCLINIC System stores patient health information and data that you enter. That information will only be available to you and your authorized personnel. You will be solely responsible for obtaining the necessary consents and/or authorizations for the treatment of your patients’ information.
Without limiting the foregoing, DASI INFORMATICA, SL may allow access to the system to system developers contracted under appropriate confidentiality agreements.
VIII.- Service level agreement (SLA)
The following service levels are guaranteed as a minimum: (i) online time (uptime): 99% (ii) 24h Recovery Point Objective (RPO) (iii) Recovery Time Objective (RTO) 24h. These service levels cannot be guaranteed in the event of natural disasters in the data centers involved.
Fifth.- Intellectual Property
The DASI eCLINIC platform is protected by national intellectual property legislation, as well as by the provisions contained in international treaties that protect intellectual property.
The licenses for the use of the DASI eCLINIC platform may not be copied, adapted, translated, offered, distributed, altered, modified, nor may they be reverse engineered or combined with other software products, except to the extent permitted in These Conditions of Use and Contracting or the applicable legislation expressly provide that said right cannot be legally excluded by contract.
By accepting these Conditions of Use and Contracting, DASI INFORMATICA, SL explicitly prohibits any infringement of intellectual property.
You guarantee that you are the intellectual owner of the content that you store in DASI eCLINIC or, in any case, you agree to have the corresponding authorization from the owner of rights that legitimizes you.
Sixth.- Data Protection and Order of Treatment (for the Conditions of Use and Contracting)
I.- PURPOSE OF THE PROCESSING ORDER
In accordance with the provisions of Regulation (EU) 2016/679 General Data Protection, through these clauses it is enabled to DASI INFORMÁTICA SL , hereinafter MANAGER OF TREATMENT or IN CHARGE on behalf of CUSTOMER , hereinafter RESPONSIBLE FOR THE TREATMENT or RESPONSIBLE , the processing of personal data necessary to troubleshoot and support the DASI eClinic application .
II.- IDENTIFICATION OF PERSONAL DATA AND INTERESTED PARTIES
For the execution of such services, the DATA CONTROLLER makes available to the DATA PROCESSOR, the information described below:
- Personal data object of treatment:
- Social Security Number
- Name and surname
- mailing address
- health card
- Personal characteristics
- social circumstances
- Academic/professional data
- Commercial information
- health data
- health documents
- Categories of interested parties whose personal data are processed:
- Clients and/or suppliers
III.- OBLIGATIONS OF THE DATA PROCESSOR
The MANAGER and all his staff undertake to:
- Use the personal data subject to processing, or those collected for processing, in accordance with the instructions of the RESPONSIBLE and only for the purpose of this assignment. In no case may you use the data for your own purposes or purposes other than those established by the RESPONSIBLE, not being able to communicate them to other people for their conservation. If the PROCESSOR must transfer personal data to a third country or an international organization, by virtue of the Law of the Union or of the Member States that is applicable, it will inform the RESPONSIBLE of that legal requirement in advance, unless such Law prohibits it. for important reasons of public interest.
- Guarantee that the persons authorized to process personal data undertake, expressly and in writing, to respect confidentiality, professional secrecy and comply with the corresponding security measures , of which awareness, training and appropriate information must be made.
- . The PROCESSOR may subcontract the treatment, provided that it meets the requirements for this established in article 28.4 of Regulation (EU) 2016/679. The RESPONSIBLE may at any time request the PROCESSOR the list of subcontractors. The PROCESSOR does not plan to subcontract outside the European Economic Area.
The subcontractor or SUB-PROCESSOR, who also has the status of data processor, is also obliged to comply with the obligations established for the PROCESSOR and the instructions issued by the CONTROLLER.
It is the responsibility of the initial MANAGER to regulate the new relationship in such a way that the SUB-MANAGER is subject to the same conditions (instructions, obligations, security measures…) and with the same formal requirements as him, regarding the proper processing of personal data. and the guarantee of the rights of the people affected.
- Keep, in writing, a record of all the categories of treatment activities carried out on behalf of the RESPONSIBLE, in accordance with article 30 of Regulation (EU) 2016/679.
- Do not communicate the data to third parties , unless you have the express authorization of the RESPONSIBLE, or in the legally admissible cases.
The MANAGER will communicate the data to other MANAGERS of the treatment of the same RESPONSIBLE, only if the RESPONSIBLE requests it and according to his instructions. In this case, the CONTROLLER will identify, in advance and in writing, the entity to which the data must be communicated, the data to be communicated and the security measures to be applied to proceed with the communication.
In this sense, in the event that the CONTROLLER expressly requests the CONTROLLER to enable tools that allow the data collected or entered in eCLINIC to be exported to link them to calendar applications (Google Calendar, iCal, Outlook, etc.), sending applications (SendinBlue, Mailchimp and Acumbamail, etc.) or others that may be configured, the CONTROLLER undertakes to implement technical measures to guarantee and allow exportation, but is not responsible for subsequent leaks that may occur from said applications. To guarantee the protection of personal data, once the data has been transferred to such applications, it will be the RESPONSIBLE who must, where appropriate, sign the permitting Treatment Manager contract with the entities that provide the applications.
- Assist the RESPONSIBLE of the treatment, taking into account the nature of the same and through appropriate technical and organizational measures, whenever possible , so that it can comply with the response to the exercise of the rights of access, rectification, deletion and opposition, limitation of treatment, portability of personal data and not being the subject of automated individualized decisions (including profiling).
- The PROCESSOR shall notify the RESPONSIBLE without undue delay, and in any case before the maximum period of 48 hours, the violations of the security of the personal data under his charge of which he is aware.
Once the notification has been received from the MANAGER, it is the responsibility of the RESPONSIBLE to notify the security violation to the control authority (in the Spanish case, the Spanish Data Protection Agency, hereinafter <<AEPD>>), without undue delay and if possible, no later than 72 hours after becoming aware of it, if the analysis of the security breach concludes that it is likely to entail a risk to the rights and freedoms of the interested parties.
The notification to the AEPD must contain at least the information required in article 33 of Regulation (EU) 2016/679.
If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually, as it is obtained, without undue delay.
Likewise, the RESPONSIBLE must notify the security breach to the affected interested parties when required by article 34 of Regulation (EU) 2016/679
The RESPONSIBLE must document any security violation, including the facts related to it, its effects and the corrective measures adopted, even in those cases in which it is not necessary to notify the AEPD and, where appropriate, notify the affected interested parties. for the security breach.
- Give support to the RESPONSIBLE of the treatment in the conducting impact assessments related to data protection and in carrying out prior consultations with the supervisory authority, where appropriate and when appropriate, in accordance with the applicable data protection regulations and/or the instructions issued by the national supervisory authority .
- Make available to the RESPONSIBLE all the information necessary to demonstrate compliance with the obligations established in the data protection regulations , as well as allow audits, including inspections, to be carried out by the RESPONSIBLE or another auditor designated by him. For this type of action, a prior notice of 10 days is established.
- Adopt the necessary security measures in light of the risks of the treatment to guarantee the protection of the personal data entered and collected by the application. These security measures include:
Functions and obligations of the staff : The staff of DASI INFORMATICA, SL knows the internal security regulations and is aware of the commitment regarding the confidentiality and integrity of the data owned by the User.
Event log: DASI INFORMATICA, SL will notify the incidents that may affect the information stored by the User in DASI eCLINIC, through the platform’s alert system, indicating the type of incident, the time it occurred and the effects that would have derived from it. The platform user can notify incidents through the support system via tickets. You will be assigned a number to track the progress and responses to your issue online.
Access control : DASI INFORMATICA, SL will have authorized access only to the resources necessary for the performance of its maintenance, management and development functions. The User must make use of the access control mechanisms made available through the DASI eCLINIC system, consisting of a username and password, which must meet a minimum of requirements: 8 characters, alphanumeric, expiration date of 3 months and without the possibility of repeating the last 3 passwords. In this sense, you and authorized users agree to adopt and maintain reasonable and appropriate security measures to prevent the disclosure or use by unauthorized persons of your username and password.
Physical access control : The facilities where the infrastructure that provides the service is housed are equipped with access control and monitoring and control systems to guarantee that only authorized personnel have access to them.
Data encryption – Data in special categories, such as health, is stored using encryption.
Backup and recovery copies : DASI INFORMATICA, SL makes daily backup copies (backups) of the information contained in DASI eCLINIC automatically on different servers; storing a copy history of the last 30 days.
In addition, DASI eCLINIC users will have the option (from their Control Panel) to download a backup copy of the information contained in DASI eCLINIC. Users will be able to choose between two types of copies: Full or Partial.
The Total backup will always be generated at the express request of the user (through the Control Panel), and will contain a copy of the clinical records (a PDF file for each patient); a folder for each patient where the associated images, reports and documents will be recorded. All this information will be compressed into a .zip file that the user can download from their Control Panel. With this copy mode, the user will be able to have all the information that has been entered in DASI eCLINIC.
The Partial backup will be an option configurable by the user from his Control Panel; and will allow users to receive an email to the email account that they have previously assigned, with the following attachments: the Clinical Agenda, the Clinical Records of the patients to be visited that day (both files in PDF format and compressed in a .zip file). The user, from his Control Panel, will be able to define the frequency with which he wants the Partial copy to be made (daily or weekly) and the days he wants to receive the email with the information (to choose from one to seven days, counting from the last partial copy email received). The purpose of this copy mode is to allow users to continue working with the information they have entered in DASI eCLINIC, in the event that they do not have an Internet connection.
It is the responsibility of the User to download the appropriate restorations, if applicable, to carry out the periodic verifications established by law. If the backup service is not included in the contracted Plan, it is the User’s responsibility to contract the necessary additional services or implement copy tools.
In addition to the aforementioned backups, the DASI eCLINIC servers are hosted by Amazon Web Services LLC, equipped with Multi-AZ implementations, which allow automatic replication in several availability zones (logical data centers), the information contained on their servers; thus guaranteeing greater availability of data and backup copies. DASI eCLINIC servers are hosted within the European Union.
Audit : DASI INFORMATICA, SL will provide the necessary data to Users to carry out audits by the User’s own staff or by a third party, as long as such information is related to the files owned by the User. Likewise, DASI INFORMATICA, SL carries out data protection security audits, with the participation of a specialized company, at least every two years.
Access log : The logical access control will be carried out through personal access codes and registering the logs. The accesses will be limited to the purpose of the contracted services and in any case will be registered.
Telecommunications : DASI eCLINIC has implemented an Extended Validation (EV) SSL certificate, for the transmission of encrypted data, through a high-level encryption system (Advanced Encryption Standard 256 bits). This certificate has been contracted with DigiCert Inc.
- Appoint a data protection delegate and communicate your identity and contact information to the RESPONSIBLE, if applicable and where applicable .
IV.- OBLIGATIONS OF THE DATA CONTROLLER.
Corresponds to the RESPONSIBLE:
- Deliver to the MANAGER the data referred to in clause 2 of this annex.
- Give the corresponding instructions to carry out the treatment.
- Carry out risk analysis and an evaluation of the impact on the protection of personal data of the treatment operations to be carried out by the MANAGER, when appropriate.
- Carry out the corresponding prior consultations .
- Ensure , prior to and throughout the treatment, compliance with the RGPD by the MANAGER.
- Supervise the treatment , including the performance of inspections and audits.
V.- DESTINATION OF THE DATA.
The MANAGER will destroy the personal data and, if applicable, the supports where they appear, once the provision of the services that motivated the need for access by the MANAGER has been completed. However, the PROCESSOR may keep a copy, with the data duly blocked, as long as there is a legal provision that requires its conservation. The backup copies that include the CLIENT’s data will be destroyed after 30 days, after the termination of the contractual relationship.
VI.- EXONERATION OF LIABILITY.
The RESPONSIBLE FOR THE TREATMENT is exempt from any responsibility that could be generated by the non-compliance by the RESPONSIBLE FOR THE TREATMENT of the stipulations of this contract, as well as the provisions of the RGPD, in which case it will be considered as Responsible for the Treatment responding to the infractions that may be incurred, as well as any claim for compensation that the interested parties may file before the Control Authority or before the Courts.
If the DATA PROCESSOR subcontracts, giving rise to a SUB-DATA PROCESSOR, the latter failing to comply with its data protection obligations, the Processor will continue to be fully responsible to the DATA CONTROLLER for compliance with the obligations of the SUB-DATA PROCESSOR. This will continue regardless of the number of successive Sub-Processors.
VII.- DOCUMENTED COMMUNICATIONS.
In accordance with the principle of proactive responsibility, the parties indicate, for the purposes of documenting their communications , the addresses that appear in the header of the contract, and also the email accounts:
Responsible for the treatment: CLIENT
Responsible for the treatment: DASI INFORMÁTICA SL
VIII.- CONFIDENTIALITY AND DATA PROTECTION.
The Parties undertake to maintain absolute confidentiality regarding the information and documentation provided or accessed during the provision of the Service, not to reveal or use directly or indirectly the information derived from this contractual relationship.
Both parties inform that the personal data of the signatories of this contract may be included in their respective treatments to satisfy the purpose of management and maintenance of the contractual relationship, being kept for no longer than necessary to comply with it. At any time, they may exercise their rights of access, rectification, cancellation and opposition, as well as those recognized by the RGPD when fully applicable, accompanied by a photocopy of the DNI or any other equivalent identification document, to the address indicated in the first part of the contract.
Seventh.- Technical information
You agree to acquire, install, configure or maintain the hardware, software or communication systems necessary to access the DASI eCLINIC System. It will ensure that your configuration is compatible with the System. For the correct functioning of the platform, an Internet connection and one of the following browsers are required: Mozilla Firefox 17, Google Chrome 19, Internet Explorer 9, Safari 6 or higher.
- PHPSESSID: DASI eCLINIC cookie that allows the user to view the page and interact with it.
- Treeview: DASI eCLINIC cookie that allows the correct display of the permissions tree.
- TSe9a623 Apache: PayPal cookie that reinforces security in accessing the PayPal payment platform from DASI eCLINIC.
- lang_dasieclinic : it is used to register the selected language and be able to consult it on any page that does not require user authentication.
- codi_desc : used to register the discount code that comes from a DASI eCLINIC promotion URL
- sideCobBtnPan: it is used to remember the position of the button panel in the payment screen.
- popupCookies: to remember to hide the cookie notice
- curConv: in the public part it saves the conversion value in euros of the geolocated currency
- curSym: same as above but saves the symbol of the geolocated currency
- paisCentre: saves the country of the connection in the public part
Third party cookies:
- On our website we use remarketing cookies to show ads on the Google display advertising network.
Plans: Free Free, Basic Plan €18/month, Professional Plan €25/month, Clinic Plan €49/month, Premium Plan €60/month (additional 10 Gb €2/month, “parking” service €5/month ., Biopsies module €5/month (5 centers), early care module €5/month, additional users €5 u/month, multicenter €10/month (5 centers))
Prices are monthly. 21% VAT must be added.
Discounts according to payment periods: Quarterly discount 1%, Semiannual 2%, Annual 5%.
All prices and discounts shown here are subject to future changes. DASI INFORMATICA, SL reserves the right to make the changes it deems appropriate, without prior notice. These changes will not affect the services previously contracted. All modifications and updates will be published in these Conditions of Use and Contracting.
Ninth.- Form of Payment
The payment of the invoices for the use of the licenses will be made through Paypal or credit or debit bank card (Visa, MasterCard or Maestro), and will be invoiced for months in advance, depending on the payment frequency selected by you.
You can modify your acquired Plan, expanding or reducing the number of licenses, varying the payment frequency (30 days, 90 days, 180 days, 360 days), adding extras to the services included (additional 2.5Gb) or changing the Plan entirely.
Eleventh.- Term and termination
The initial term of this agreement will begin on the effective date of acquisition of the Plan and will continue indefinitely until either party terminates the contractual relationship.
Non-payment of the agreed fee, non-compliance of the User with any point of these Conditions of Use and Contracting or express resignation of the User are causes of termination of the contract, without limitation. Unilateral waiver by the User does not entail the right to a refund of the amounts already paid and not used. In the case of the Free Plan, the contract will be automatically terminated if the user does not access the application for a period of 6 months.
Twelfth.- Applicable law
The interpretation, validity and compliance with these Conditions of Use and Contracting are subject to Spanish law; In the event of legal proceedings arising from disputes, the parties agree to submit to the exclusive jurisdiction of the Spanish courts, specifically the city of Barcelona. Unless the law establishes otherwise.
Spanish will be the language for the resolution of any conflict through legal procedure.
If for any reason a court of competent jurisdiction decides that any clause of these Conditions of Use and Contract is illegal, invalid or inapplicable according to the current legislation in a specific jurisdiction:
These clauses will not be affected in other jurisdictions to the extent that said resolution is not applicable; and in the relevant jurisdiction, the rest of the clauses will continue in force in all their aspects.
History of changes
- Disappearance of the Premium plan and the Vademecum service
- it is clarified in the section OBLIGATIONS OF THE DATA PROCESSOR:
- Possibility of subcontracting the treatment, only when the requirements for this established in article 28.4 of Regulation (EU) 2016/679 are met. The RESPONSIBLE may at any time request the PROCESSOR the list of subcontractors.
- The RESPONSIBLE has a period of 72 hours to notify a security breach to the control authority, counting from the time it became known.
- Data encryption: Data in special categories, such as health, is stored using encryption.
Audit: DASI INFORMATICA, SL carries out data protection security audits, with the participation of a specialized company, at least every two years.