This document contains the terms and conditions of use of the Fluxmed Platform, which belongs to the CORE CONSULTORIA E SERVICES LTDA., CNPJ/MF under nº 05.490.544/0001-00, located at SIG QUADRA 1, 385, room 404, Zona Industrial, CEP: 70.610-410, Brasília/DF (Core Consulting). This document is accession by the Contractor identified through the Fluxmed Platform when creating your registration (Contractor).
THE Contractor and the Core Consulting, whenever referred to together, for the purposes of this accession document, they will be designated as “Parties” or, individually, as a “Party”, and agree, in good faith and with free will, as follows.
Preliminarily, considering that:
- THE Contractor is a health organization that carries out human health care activities. The Contractor's CNPJ and CNAE will be verified with the Federal Revenue Service when registering on the platform.
- THE Core Consulting is a technology company that carries out information technology activities focused on the development of custom computer programs. It is the owner of the brand “Fluxmed”, according to the trademark registration certificate issued by the National Institute of Industrial Property (“INPI”), n. 922355134, as well as all material and immaterial rights related to it.
- THE Core Consulting is the developer and holder of all material and immaterial property rights related to the software which comprises the Interoperable Platform for Development of Digital Services for Health (“Platform”) called “Platform Fluxmed”.
- THE Platform consisting of 03 (three) functionalities, developed in accordance with the General Personal Data Protection Law (Law no. 13,709/2018 – “GDPR”):
- Fluxmed Siis: ideal for, for example, individual practices, small clinics, whether or not accredited with health plans. Allows clinical registration, scheduling for patients and healthcare professionals, teleservice, electronic prescriptions CFM/ICP Brasil. It consists of a patient's Electronic Health Record (SRES), meeting representation, terminology and interoperability standards in an integrated manner in the HL7 FHIR standard.
- Fluxmed API's: HL7 FHIR interoperability platform whose target audience is those interested in using the Platform's resources in third-party or proprietary products or systems, allowing HL7 FHIR standardized access to a modern development platform for digital health services, which delivers added value , scheduling, clinical records, MPI, terminology management and data lake of clinical information, and also, scalable interoperability. This is an ancillary service that will be subject to the conditions of a specific term of use with a specific price.
- Fluxmed Analytical: allows the processing of data already ingested and processed on the Platform and, consequently, the management of population health, administrative and care based on the database with standardized clinical and administrative information, it is possible to create anonymized analytical panels, aligned with the needs of population health management and much more, safely and confidentially. This is an ancillary service that will be subject to the conditions of a specific term of use with a specific price.
- In summary, the Platform consists of a software which performs health data communication and archiving functions (electronic medical records, scheduling, data transmission and communication). Therefore, the Platform does not offer functionalities related to prevention, diagnosis, treatment, rehabilitation or contraception and, therefore, it does not comply with the rules described in Resolution of the Collegiate Board (RDC) No. 185 of October 22, 2001 and in RDC No. 657/2022, both from the National Health Surveillance Agency (Anvisa). Therefore, the Platform is not considered a software as a medical device (Software as a Medical Device – SaMD) and does not need to be regularized with the Equipment Technology Management (GQUIP/GGTPS/ANVISA).
- THE Contractor is interested in hiring and using the Platform Fluxmed, hosted and accessible centrally via internet/cloud located in Brazil, in the form of Software as Service (Software as a Service – SaaS), accompanied by services provided by Core Consulting. A Contractor will be exclusively responsible for the management of clinical information and all actions and activities related to the provision of health services and the performance of its health professionals, who must be linked to it.
- The Parties are holders of commercial and technical information of a confidential, exclusive nature, related to their field of activity, and the confidential nature of this information and documentation is of substantial and inestimable value to them. The Parties declare and guarantee that all rights, material and immaterial, related to the Platform and the services related to it are the exclusive property of Core Consulting.
- All information and/or materials that relate, directly or indirectly, to the object of this document, due to its strategic nature, must be treated with the utmost secrecy and the strictest confidentiality, in order to avoid, by any means or form, its knowledge and/or use by third parties, whether during its validity or even after it, under penalty of the infringing Party bearing losses and damages resulting from non-compliance with this obligation, without prejudice to applicable judicial and administrative measures ;
- The duty of privacy and confidentiality of sensitive personal data relating to health finds constitutional protection, as article 5, X, of the Federal Constitution classifies as a fundamental right the inviolability of intimacy, private life, honor and image of people, guaranteed the right to compensation for material or moral damage resulting from its violation. Infra constitutionally, article 21 of the Civil Code establishes that “the private life of a natural person is inviolable, and the judge, at the request of the interested party, will adopt the necessary measures to prevent or cease an act contrary to this norm”.
- The Parties protect the confidentiality of personal data and sensitive data entrusted to them by the holders of such data. To this end, they have been implementing security, technical and administrative measures, capable of protecting personal data and sensitive data against unauthorized access and accidental situations, or any form of inappropriate treatment, necessary to comply with the General Data Protection Law (Law no. 13,709/2018). Rules of good practice and governance ensure that the processing of personal and sensitive data is lawful, fair, transparent and limited to the authorized purposes for which it is intended. The collection of personal data and sensitive data for processing is carried out by the Parties based on measures necessary to ensure accuracy, integrity, confidentiality, and anonymization, as well as guaranteeing respect for freedom, privacy, inviolability of intimacy, image, in short, all the rights of holders, including the exercise of the right to request access, correction and deletion of personal and sensitive data stored in databases and digital systems.
- Each Party shall observe and undertake to respect all intellectual, industrial and know how of the other Party, and no Party may use in any way the brand, logo, commercial name, internet domain, or any other distinctive sign belonging to the other Party without its prior and express written authorization signed by its due legal representatives.
- The Parties observe Brazilian legislation that deals with privacy and protection of personal data, including the Federal Constitution, the Consumer Protection Code, the Civil Code, the General Data Protection Law “LGPD” (Federal Law No. 13,709/2018) , the Civil Rights Framework for the Internet (Federal Law No. 12,965/2014), its regulatory decree (Decree No. 8,771/2016) and, in relation to the Contracting Party, Law No. 12.842/2013 (Medical Act Law), Law no. 8.078/90 (Consumer Protection Code) and, in applicable cases, to the dictates of Law No. 13,787/18 (Electronic Medical Record Law), other sectoral or general standards on the protection of personal data provided for in Resolutions of the Federal Council of Medicine, such as the Code of Medical Ethics, and other professional councils in the health sector.
- THE Contractor acknowledge and agree that the Platform does not record teleconsultations.
- For the purposes of this Document, the Contractor acts as a “data controller”, who is responsible for decisions regarding the processing of his patient’s personal data, falling on the Contractor the obligations assigned by the LGPD. It is before the data controller that the patient data subject exercises his or her rights set out in art. 18 of the LGPD. It must also prove that the consent to share health data with the Fluxmed was obtained from the patient data holder. falls on the Contractor the obligation to communicate in a timely manner to the National Data Protection Authority (“ANPD”) and to the patient-holder the occurrence of a safety incident that could result in significant risk or harm to the patient-holder.
- THE Core Consulting acts as a “data operator” before the Contractor and must process personal data shared by Contractor in the name of Contractor and related to the purposes of Fluxmed Platform hired by Contractor. THE core Consulting may only process the data for the purpose previously established by the Contractor, which is the controller.
- The processing of personal data and sensitive personal data of the patient Contractor is subject to collection by the Contractor, the free, informed and unequivocal consent of the holder-patient by which he agrees to the processing of his personal data and sensitive personal data (art. 11, I of the LGPD) by Contractor, for specific purposes related to the assistance and management of your health. Her own Fluxmed Platform offers mechanisms for compliance with consent, in accordance with the “Terms and Conditions of Use” and Privacy Policy, both available in the logged-in and non-logged-in environment of the Application/web, which can be revoked at any time by the patient.
- The Parties declare that they recognize that sensitive personal data, such as health data, belong to a special category, with more stringent processing conditions. The Parties declare and guarantee that the LGPD prohibits the processing of personal data that may result in illicit or abusive discrimination, such as, for example, the practice of risk selection.
- It is considered “patient-data holder (or “patient-holder”)” the natural person assisted by the Contracting Party within the scope of the provision of health services offered by the Contractor. The patient is the natural person to whom the personal data that is subject to processing refers in the context of the purpose of this Document.
- It is considered “authorized user” the health professional linked to the Contracting Party who will receive the Login of access to Fluxmed Platform. falls on the Contractor full responsibility for the acts of the authorized user that result in irregular and insecure treatment of health data and security incidents involving the patient-holder's personal data.
The Parties declare that they agree and accept, in good faith and free will, the Terms and Conditions of Use of the FLuxmed platform, in accordance with this document, which mutually grant and accept:
CLAUSE ONE – OBJECT
- This document is intended to determine the conditions and terms of use of the Fluxmed Platform and the obligations of the Parties whose purpose includes:
- The membership of the Contractor, using the software denominated Fluxmed from the Core Consulting.
- Included in the subscription price, services linked to the object of the Document and provided by Core Consulting will be the following:
- Technical Support and Maintenance: Assistance in resolving technical issues so that the software function optimally. This includes regular updates to fix bugs and improve security and availability. By default, software updates regarding bug fixes, security improvements and availability will be carried out by active monitoring of the platform. A digital channel will be made available for opening technical support tickets. Criticality screening of the call will be carried out with a response to the customer within 24 hours. Depending on the criticality, high, medium or low, the adjustment period will be informed, which can be up to 5 working days.
- Installation and Configuration: Help with installing the software and initial configuration to ensure that the software be ready for use according to the specific needs of the user of the Contractor. The user manuals will be made available on the Platform itself and will form part of this document.
- Customization: if desired by Contractor, services that adapt the software to the specific needs of the Contractor, including the development of custom features or integrations with other systems, are not included in the price of this subscription. For customizations, contact Core Consulting through the site.
- Backup and Data Recovery: the Platform is hosted centrally via the internet/cloud. backup of the Platform will be automated with cloud resources. The Platform offers mechanisms for the Contractor perform backups of its records and is responsible for it.
- Updates and Upgrades: Provision of new versions of software to ensure continuous access to the latest features, performance improvements and security fixes. It is possible that new features will result in a price adjustment.
- The Parties declare and recognize that the patient is the protagonist of their own health and the holder of their personal data and sensitive personal data, and may or may not revoke consent to access their information.
CLAUSE TWO – RESPONSIBILITIES
2.1. A Core Consulting is responsible for:
- Observe the terms and uses of this document, maintain the availability and quality of the Platform.
- Keep user manuals up to date.
- Invest in constant technological developments in favor of digital health.
- In the event of cancellation or extinction of the Document, for any reason, the Core Consulting is obliged to maintain the Platform available to Contractor, with read-only access to data, for a period of 30 (thirty) days so that the Contractor can proceed in compliance with the Law no. 13,787/2018 which deals with the digitization and use of computerized systems for the custody, storage and handling of patient records.
- Notify the Contractor in the case of a security incident within 48 (forty-eight) hours of becoming aware of the incident and providing the necessary clarifications related to the incident to the Contractor.
- Maintain the timely issuance of electronic Invoices, referring to the subscription for use of the Contractor.
Inform by email to Contractor about payment issues while maintaining use of Fluxmed Platform for 10 days after reporting the payment problem.
2.2. In addition to the obligations provided for in this instrument, and in applicable legislation, the Contractor further undertakes to:
- Make all subscription payments on a timely basis. ;
- Ensure and maintain an internet connection with sufficient speed and stability to support the effective performance of the Platform.
- Observe the instructions for the use of the Platform and User Manuals
- Do not make modifications, updates or changes to the software (Platform) without the prior written approval of the Core Consulting. Any unauthorized modification may lead to compatibility or functionality problems and result in violation of the terms of use of the software, exempting the Core Consulting of any liability.
- THE Contractor is prohibited from sublicensing, renting or lending the use software (Platform) to third parties.
- In case of instabilities, failures or any other technical problem with the software (Platform), The Contractor is obliged to open technical support tickets immediately upon becoming aware of the problem.
CLAUSE THREE – LIMITATION OF LIABILITY AND FORCE MAJEURE
3.1. Limitation of Liability and Force Majeure. The Parties declare and agree that the total responsibility of Core Consulting, under any circumstance arising from or related to the object of this document, if proven, it will be limited to the nature of the economic activity of the Core Consulting and their responsibilities. For the avoidance of doubt, under no circumstances will Core Consulting will be held responsible for damages suffered by the patient from the Contractor related to the provision of health services by Contractor.
3.2.1. Force Majeure: Neither party will be responsible for failures or delays in the performance of its obligations hereunder due to force majeure events, which include, but are not limited to, natural disasters, wars, acts of terrorism, strikes, Internet failures or delays , power failures, and government interventions. In such circumstances, the deadlines for performance will be extended for a reasonable period of time, considering the duration of the force majeure event. Below are examples that exempt the core Consulting of any liability to the Contractor: (The) failures in the internet contracted by contractor: the technology company cannot be held responsible for connectivity problems that occur due to failures in the internet contracted by the Contracting Party; (B) scheduled maintenance: scheduled interruptions for maintenance or system updates, about which the Contracting Party has been previously notified; (w) natural disasters: events beyond the company's control, such as earthquakes, hurricanes, floods or other natural disasters that affect the infrastructure necessary for the service; (d) third-party cyber attacks: attacks by hackers or other malicious entities that are not the result of negligence on the part of Core Consulting; (It is) equipment failures Contractor: problems caused by hardware obsolete or poorly maintained by Contractor, which affect the operation of the SaaS; (f) changes not authorized byCore Consulting : modifications made by Contractor in the configuration or use of the platform without the consent or approval of Core Consulting; (g) conflicts of software caused by third parties: interference or incompatibilities caused by software or hardware from third parties not provided by Core Consulting; (H) known technological limitations: technological restrictions or limitations of the platform that are known and documented and about which the Contractor was informed. (i) inappropriate use of the platform: use of software in a manner contrary to the instructions provided or recommended practices established by Core Consulting; (j) force majeure: any other event beyond the reasonable control of the Core Consulting, such as strikes, riots, war, pandemics, or government interventions that prevent the continuity of services; (g) When proven that the technical problem resides in the cloud, the Core Consulting will not be responsible for events such as instability or even unavailability of the Platform.
CLAUSE FOUR – TERM AND PRICE OF SERVICES
4.1. The term of the usage subscription and the price will be made available online by the resources of Fluxmed Platform and may be adjusted throughout the technological evolution of features. Payments will be in advance. In the event of early termination of the subscription, the contracted price will prevail and no refund will be made by the Core Consulting.
CLAUSE FIVE – TERMINATION
5.1. Subscription may be canceled by Contractor at any time through the mechanisms offered by Fluxmed Platform.
5.2. A Core Consulting may cancel the subscription for just reason, and must notify the Contractor 10 (ten) days in advance. If misuse of the Fluxmed Platform, by the Contractor, Core Consulting will notify the Contractor and immediately suspend the subscription until corrected.
CLAUSE SIX – CONFIDENTIALITY
6.1. The Parties undertake to maintain the strictest confidentiality of the information provided by the other party to achieve the purpose of this Document, considered of inestimable value for both, and undertake to use it only for the specific purposes referred to in this document. hiring. The party that does not comply with this obligation will be responsible for any damages caused that may be determined in due course.
6.2. The Parties, in this act, undertake, on their behalf, their representatives, agents, employees and/or subcontractors to treat with absolute secrecy and confidentiality any and all information, economic or technical data, drawings, projects, procedures, manuals, made available by both during the term of this document, and may not, under any circumstances, reveal them to third parties and/or disclose them in any form or pretext, or use them for their own benefit or that of third parties for purposes other than those of this document, except with express written authorization from other interested parties.
6.3. The parties will adopt strict measures to protect the confidential information of the other Party to prevent it from being in any way disclosed, revealed, published, sold, assigned or in any other way transferred by the Receiving Party, its representatives, agents, employees and/or subcontractors .
6.4. A Contractor is solely responsible for the origin of the information provided by it to the Core Consulting for the performance of the Services contracted herein and in this act expressly declares that the content of the lives base and the information contained therein and which will be provided to the Core Consulting does not violate any law or any third party rights, including, without limitation, intellectual property rights and copyrights, exempting and indemnifying the Core Consulting, at any time, even after the expiration or termination of this document for any reason, from any liability arising from misleading or false information in the data provided to Core Consulting.
6.4.1. A Core Consulting is exempt from responsibility for the content of any and all information, personal, economic or technical data related to the beneficiary, made available by Contractor, which is responsible for the origin and accuracy of the information it makes available to the Core Consulting to carry out the services covered by this instrument.
6.5. A Core Consulting expressly undertakes to adopt the necessary technical and organizational measures to guarantee the security of the personal data of the Contracting Party's members and prevent their alteration, loss and unauthorized access, given the personal nature of the stored data and the risks to which they are exposed, either from human action or the physical or electronic environment in which they are stored.
6.6. A Contractor is also aware that the medical records, guides, information sent by Core Consulting to beneficiaries are non-shareable documents, the ownership of which belongs exclusively to the beneficiary, and Core Consulting reserves the right not to provide a copy to Contractor, under no circumstances, under penalty of violating the beneficiary's secrecy and privacy, except with unequivocal consent, in accordance with the Law.
6.7. The obligations relating to the confidentiality of technical and business information, exchanged between the Parties for the execution of this Document, will last for a period of 02 (two) years after the termination of this Document, except in the case of commercial and industrial secrets, and rights personal data of individuals, such as sensitive personal data.
CLAUSE SEVEN – PRIVACY AND PROTECTION OF PERSONAL DATA
7.1. Regarding the General Personal Data Protection Law (Law 13,709/2018 – LGPD), without prejudice to the other provisions set out in this instrument, the Parties declare the following:
- The Parties protect the confidentiality of personal data and sensitive data entrusted to them by the holders of such data pursuant to this document. They declare, including on behalf of their employees, cooperative members, agents and subcontractors that they comply with Brazilian legislation on privacy, set out in the Federal Constitution, the Consumer Protection Code, the Civil Code, the General Data Protection Law “LGPD” (Law Federal Law No. 13,709/2018), the Marco Civil da Internet (Federal Law No. 12,965/2014), its regulatory decree (Decree No. 8,771/2016) and other sectoral or general standards on the protection of personal data. To this end, they have been implementing security, technical and administrative measures, capable of protecting personal data and sensitive data against unauthorized access and accidental situations, or any form of inappropriate treatment, necessary to comply with the General Data Protection Law (Law no. 13,709/2018).
- Rules of good practice and governance guarantee that the processing of personal and sensitive data is lawful, fair, limited to the authorized purposes for which it is intended and respecting the principles of transparency, necessity, proportionality and non-discrimination. The collection of personal data and sensitive data for processing is carried out by the Parties based on measures necessary to ensure accuracy, integrity, confidentiality, and anonymization, as well as guaranteeing respect for freedom, privacy, inviolability of intimacy, image, in short, all the rights and freedoms of data subjects, including the exercise of the right to request access, correction and deletion of personal and sensitive data stored in databases and digital systems, except when conservation is permitted by law or regulatory obligation (art. 16. I of LGPD)
- The Parties must have a privacy policy, information security guidelines and risk mitigation mechanisms, with a view to ensuring the security of the processing of personal data and sensitive personal data, for example, an impact report on the protection of personal data (art. 5th, XVII of the LGPD), in order to avoid security incidents such as information leaks, including those caused internally, with accessible evidence that such content is communicated and disseminated to all its adherents.
- For the purposes of this Document the Core Consulting acts as a “Data Operator”, under the terms of the LGPD and the Contractor acts as “Data Controller”, under the terms of the LGPD.
- THE Core Consulting will respond jointly with the Contractor for damages caused by the processing when it is proven that it (i) failed to comply with the obligations of data protection legislation or (ii) when it did not follow the lawful instructions of the Contractor, applying the liability exemption hypotheses provided for in art. 43 of the LGPD.
CLAUSE EIGHT – FINAL PROVISIONS
8.1. This document is signed by entirely different people and cannot be characterized as any form of company or association, given that the Parties will not have any other type of relationship, other than that resulting from the relationship governed by this Document.
8.2. Each Party will be fully responsible for its labor, tax or civil obligations, contracted, in the absence of any form of employment relationship between the Parties, and other legal entities in any way related to this Document;
8.5. The Parties undertake to: (i) act within applicable laws and regulations and comply with the strictest and most rigorous concepts and principles of ethics, morality and good faith in the conduct of joint business, including, but not limited to, avoiding relationships, contacts and/or commercial partnerships with any agents who, by any means, are known to participate or have participated in illicit activities of any kind; (ii) possess all authorizations and licenses to operate your business as it is currently operated and maintain, during the term of this Document, all governmental or non-governmental approvals, permissions, registrations and authorizations required to achieve the objectives of this Document, without any restrictions or conditions; (iii) not promise, offer or give, directly or indirectly, payment, donation, compensation, financial or non-financial advantages or benefits of any kind to a public agent or third party related to him with the purpose of influencing any act or decision of that public agent in the exercise of his office; (iv) not carry out any actions or omissions that constitute an illegal or corrupt practice, in accordance with Law No. 12,846/2013, Decree No. 8,420/2015, the US Foreign Corrupt Practices Act of 1977 (“FCPA”), the Law against UK Bribery Act (“UK Bribery Act”), or any other applicable laws or regulations (“Anti-Corruption Laws”), even if not related to this Document.
8.6. The Parties mutually declare and guarantee, including to their suppliers of goods and services, that: (a) they carry out their activities in accordance with the current legislation applicable to them, and that they have the necessary approvals to execute this Document, and to fulfill the obligations provided for therein; (b) do not use illegal labor, and undertake not to use labor practices similar to slavery, or child labor, except for the latter as an apprentice, observing the provisions of the Consolidation of Labor Laws, whether direct or indirectly, through their respective product and service suppliers; (c) do not employ minors up to 18 years of age, including apprentice minors, in places that are detrimental to their training, physical, mental, moral and social development, as well as in dangerous or unhealthy places and services, at times that do not allow attendance at school and also at night, considering this period between 10pm and 5am; (d) do not use negative discrimination practices, which limit access to the employment relationship or its maintenance, such as, but not limited to, reasons of: sex, origin, color, physical condition, religion, marital status, age , family situation or pregnancy status; (e) undertake to protect and preserve the environment, as well as to prevent and eradicate practices that are harmful to the environment, performing their services in compliance with current legislation regarding the National Policy on the Environment, Environmental Crimes and the Policy National Solid Waste Authority, as well as legal, normative and administrative acts relating to the environmental and related areas, emanating from the Federal, State and Municipal spheres.
8.7. The Parties to this act declare that this Document will constitute an extrajudicial enforceable title and its execution may be promptly promoted if any of the parties incurs default, under the terms of article 784, item III of the Code of Civil Procedure.
8.8. All previous understandings (oral or made in any other way) related to this Document that are not incorporated in this Document are not valid and should not be considered for the purposes of its interpretation.
8.9. Any omission or tolerance by the parties in demanding faithful compliance with the terms and conditions of this Document, or in the exercise of the prerogatives arising therefrom, will not constitute novation or waiver, nor will it affect the party's right to exercise it at any time.
CLAUSE NINE – JURISDICTION AND APPLICABLE LAW
9.1. The legislation of the Federative Republic of Brazil will govern the interpretation, validity and operation of this Document, as well as compliance with all obligations established therein. 9.2. The Parties will use their best efforts to resolve amicably and in good faith any disputes arising from the interpretation and/or fulfillment of the obligations set forth in this instrument, even after its termination or expiration. If self-composition is not possible between the Parties, within a plausible period established between them, they agree to the exclusive jurisdiction of the forum of the City of Brasília/DF, expressly renouncing any other, however privileged it may be.