Last Updated : August 12, 2022
Please read these Terms of Service and Conditions carefully. All contracts that the Provider may enter into from time to time for the provision of the Hosted Services and related services shall be governed by these Terms of Service and Conditions, and the Provider will ask the Customer for the Customer’s express written acceptance of these Terms of Service and Conditions before providing any such services to the Customer.
1.1 Except to the extent expressly provided otherwise, in these Terms and Conditions:
“Account” means an account enabling a person to access and use the Hosted Services, including both administrator accounts and user accounts;
“Affiliate” means an entity that Controls, is Controlled by, or is under common Control with the relevant entity;
“Agreement” means a contract between the parties incorporating these Terms and Conditions, and any amendments to that contract from time to time;
“Business Day” means any weekday other than a public holiday in the Philippines;
“Business Hours” means the hours of 09:00 to 18:00 Singapore/Malaysia Time (GMT+8) on a Business Day;
“Charges” means the following amounts:
(a) the amounts specified in Section 4 of the Customer Order Form;
(b) such amounts as may be agreed in writing by the parties from time to time; and
(c) amounts calculated by multiplying the Provider’s standard time-based charging rates by the time spent by the Provider’s personnel performing the Support Services
(rounded down by the Provider to the nearest quarter hour);
“Control” means the legal power to control (directly or indirectly) the management of an entity
(and “Controlled” should be construed accordingly);
“Customer” means the person or entity identified as such in Section 1 of the Customer Order Form;
“Customer Confidential Information” means:
(a) any information disclosed by or on behalf of the Customer to the Provider during the Term (whether disclosed in writing, orally or otherwise) that at the time of disclosure:
(i) was marked or described as “confidential”; or
(ii) should have been reasonably understood by the Provider to be confidential; and
(b) the Customer Data;
“Customer Data” means all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer (but excluding analytics data relating to the use of the Platform and server log files);
“Customer Indemnity Event” has the meaning given to it in Clause 16.3;
“Customer Order Form” means a hard-copy order form signed or otherwise agreed by or on behalf of each party, in each case incorporating these Terms and Conditions by reference;
“Customer Personal Data” means any Personal Data that is processed by the Provider on behalf of the Customer in relation to the Agreement;
“Data Protection Laws” means all applicable laws relating to the processing of Personal Data including, while it is in force and applicable to Customer Personal Data, the General Data Protection Regulation (Regulation (EU) 2016/679);
“Documentation” means the documentation for the Hosted Services produced by the Provider and delivered or made available by the Provider to the Customer;
“Effective Date” means the date upon which the parties execute a hard-copy Customer Order Form;
“Force Majeure Event” means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);
“Hosted Services” means QUASR, as specified in the Hosted Services Specification, which will be made available by the Provider to the Customer as a service via the internet in accordance with these Terms and Conditions;
“Hosted Services Defect” means a defect, error or bug in the Platform having an adverse effect on the appearance, operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:
(a) any act or omission of the Customer or any person authorized by the Customer to use the Platform or Hosted Services;
(b) any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorized by the Customer; and/or
(c) a failure of the Customer to perform or observe any of its obligations in the Agreement;
“Hosted Services Specification” means the specification for the Platform and
Hosted Services set out in Section 3 of the Customer Order Form and in the Documentation;
“Intellectual Property Rights” means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);
“Maintenance Services” means the general maintenance of the Platform and Hosted Services, and the application of Updates and Upgrades;
“Minimum Term” means, in respect of the Agreement, the period of 12 months beginning on the Effective Date;
“Personal Data” has the meaning given to it in the Data Protection Laws;
“Platform” means the platform managed by the Provider and used by the Provider to provide the Hosted Services, including the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;
“Provider” means Healthcare GRC Pte Ltd, a company incorporated in Republic of Singapore (registration number 201805653W) having its registered office at 105 Cecil Street, #16-01 The Octagon (Suite 1612), Singapore 069534.;
“Provider Indemnity Event” has the meaning given to it in Clause 16.1;
“Services” means any services that the Provider provides to the Customer, or has an obligation to provide to the Customer, under these Terms and Conditions;
“Set Up Services” means the configuration, implementation and integration of the Hosted Services in accordance with Section 2 of the Customer Order Form;
“Support Services” means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;
“Supported Web Browser” means the current release from time to time of Microsoft Edge, Mozilla Firefox, Google Chrome or Apple Safari;
“Term” means the term of the Agreement, commencing in accordance with Clause 2.1 and ending in accordance with Clause 2.2;
“Terms and Conditions” means all the documentation containing the provisions of the Agreement, namely the Customer Order Form, the main body of these Terms and Conditions and the Schedules, including any amendments to that documentation from time to time;
“Update” means a hotfix, patch or minor version update to any Platform software; and
“Upgrade” means a major version upgrade of any Platform software.
2.1 The Agreement shall come into force upon the Effective Date.
2.2 The Agreement shall continue in force indefinitely, subject to termination in accordance with Clause 19.
2.3 Unless the parties expressly agree otherwise in writing, each Customer Order Form shall create a distinct contract under these Terms and Conditions.
3.1 The Provider shall provide the Set Up Services to the Customer.
3.2 The Provider shall use all reasonable endeavors to ensure that the Set Up Services are provided in accordance with the timetable set out in Section 2 of the Customer Order Form.
3.3 The Customer acknowledges that a delay in the Customer performing its obligations in the Agreement may result in a delay in the performance of the Set Up Services; and subject to Clause 17.1 the Provider will not be liable to the Customer in respect of any failure to meet the Set Up Services timetable to the extent that that failure arises out of a delay in the Customer performing its obligations under these Terms and Conditions.
3.4 Subject to any written agreement of the parties to the contrary, any Intellectual Property Rights that may arise out of the performance of the Set Up Services by the Provider shall be the exclusive property of the Provider.
4.1 The Provider shall create an Account for the Customer and shall provide to the Customer login details for that Account on or promptly following the Effective Date.
4.2 The Provider hereby grants to the Customer a non-exclusive license to use the Hosted Services by means of a Supported Web Browser for the internal business purposes of the Customer’s named hospitals and facilities identified in the Customer Order Form in accordance with the Documentation during the Term.
4.3 The license granted by the Provider to the Customer under Clause 4.2 is subject to the following limitations:
(a) the Hosted Services may only be used by the officers, employees, agents and subcontractors of either the Customer or an Affiliate of the Customer; and
(b) the scope of the Hosted Services is for the named hospitals and facilities identified in the Customer Order Form
4.4 Except to the extent expressly permitted in these Terms and Conditions or required by law on a non-excludable basis, the license granted by the Provider to the Customer under Clause 4.2 is subject to the following prohibitions:
(a) the Customer must not sub-license its right to access and use the Hosted Services;
(b) the Customer must not permit any unauthorized person to access or use the Hosted Services;
(c) the Customer must not use the Hosted Services to provide services to third parties;
(d) the Customer must not make any alteration to the Platform, except as permitted by the Documentation; and
(e) the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or Hosted Services without the prior written consent of the Provider.
4.5 The Customer shall use reasonable endeavors, including reasonable security measures relating to Account access details, to ensure that no unauthorized person may gain access to the Hosted Services using an Account.
4.6 The parties acknowledge and agree that Schedule 2 (Availability SLA) shall govern the availability of the Hosted Services.
4.7 The Customer must comply with Schedule 1 (Acceptable Use Policy), and must ensure that all persons using the Hosted Services with the authority of the Customer or by means of an Account comply with Schedule 1 (Acceptable Use Policy).
4.8 The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.
4.9 The Customer must not use the Hosted Services:
(a) in any way that is unlawful, illegal, fraudulent or harmful; or
(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.
4.10 For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.
4.11 The Provider may suspend the provision of the Hosted Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 30 days’ written notice, following the amount becoming overdue, of its intention to suspend the Hosted Services on this basis.
5.1 The Provider shall provide the Maintenance Services to the Customer during the Term.
5.2 The Provider shall provide the Maintenance Services in accordance with the standards of skill and care reasonably expected from a leading service provider in the Provider’s industry.
5.3 The Provider shall provide the Maintenance Services in accordance with Schedule 3 (Maintenance SLA).
5.4 The Provider may suspend the provision of the Maintenance Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 30 days’ written notice, following the amount becoming overdue, of its intention to suspend the Maintenance Services on this basis.
6.1 The Provider shall provide the Support Services to the Customer during the Term.
6.2 The Provider shall provide the Support Services in accordance with the standards of skill and care reasonably expected from a leading service provider in the Provider’s industry.
6.3 The Provider shall provide the Support Services in accordance with Schedule 4 (Support SLA).
6.4 The Provider may suspend the provision of the Support Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 30 days’ written notice, following the amount becoming overdue, of its intention to suspend the Support Services on this basis.
7.1 Save to the extent that the parties have agreed otherwise in writing, the Customer must provide to the Provider, or procure for the Provider, such:
(a) co-operation, project support, project manager and advice;
(c) information and documentation,
as are reasonably necessary to enable the Provider to perform its obligations under the Agreement.
7.2 The Customer must provide to the Provider, or procure for the Provider, such access to the Customer’s computer hardware, software, networks and systems as may be reasonably required by the Provider to enable the Provider to perform its obligations under the Agreement.
8.1 The Customer hereby grants to the Provider a non-exclusive license to process the Customer Data to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under the Agreement. The Customer also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, subject to any express restrictions elsewhere in the Agreement.
8.2 The Customer warrants to the Provider that the Customer Data when used by the Provider in accordance with the Agreement will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law.
8.3 The Provider shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 30 days.
8.4 Within the period of 1 Business Day following receipt of a written request from the Customer, the Provider shall use all reasonable endeavors to restore to the Platform the Customer Data stored in any back-up copy created and stored by the Provider in accordance with Clause 8.3. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration.
9.1 Nothing in these Terms and Conditions shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.
10.1 The Customer shall pay the Charges to the Provider in accordance with these Terms and Conditions.
10.2 If the Charges are based in whole or part upon the time spent by the Provider performing the Services, the Provider must obtain the Customer’s written consent before performing Services that result in any estimate of time-based Charges given to the Customer being exceeded or any budget for time-based Charges agreed by the parties being exceeded; and unless the Customer agrees otherwise in writing, the Customer shall not be liable to pay to the Provider any Charges in respect of Services performed in breach of this Clause 10.2.
10.3 All amounts stated in or in relation to these Terms and Conditions are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, which will be added to those amounts and payable by the Customer to the Provider.
10.4 The Provider may elect to vary any element of the Charges by giving to the Customer not less than 30 days’ written notice of the variation expiring on any anniversary of the date of execution of the Agreement, providing that no such variation shall constitute a percentage increase in the relevant element of the Charges that exceeds 5% over the percentage increase, since the date of the most recent variation of the relevant element of the Charges under this Clause 10.4
11.1 The Provider shall issue invoices for the Charges to the Customer based on the payment schedule set out in Section 4 of the Customer Order Form.
11.2 The Customer must pay the Charges to the Provider within the period of 30 days following the issue of an invoice in accordance with this Clause 11.
11.3 The Customer must pay the Charges by debit card, credit card, direct debit, bank transfer or cheque (using such payment details as are notified by the Provider to the Customer from time to time)
12.1 The Provider must:
(a) keep the Customer Confidential Information strictly confidential;
(b) not disclose the Customer Confidential Information to any person without the Customer’s prior written consent, and then only under conditions of confidentiality approved in writing by the Customer;
(c) use the same degree of care to protect the confidentiality of the Customer Confidential Information as the Provider uses to protect the Provider’s own confidential information of a similar nature, being at least a reasonable degree of care; and
(d) act in good faith at all times in relation to the Customer Confidential Information.
12.2 Notwithstanding Clause 12.1, the Provider may disclose the Customer Confidential Information to the Provider’s officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Customer Confidential Information for the performance of their work with respect to the Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Customer Confidential Information.
12.3 This Clause 12 imposes no obligations upon the Provider with respect to Customer Confidential Information that:
(a) is known to the Provider before disclosure under these Terms and Conditions and is not subject to any other obligation of confidentiality; or
(b) is or becomes publicly known through no act or default of the Provider.
12.4 The restrictions in this Clause 12 do not apply to the extent that any Customer Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of the Provider on any recognised stock exchange.
12.5 The provisions of this Clause 12 shall continue in force indefinitely following the termination of the Agreement.
13.1 Each party shall comply with the Data Protection Laws with respect to the processing of the Customer Personal Data.
13.2 The Customer warrants to the Provider that it has the legal right to disclose all Personal Data that it does in fact disclose to the Provider under or in connection with the Agreement.
13.3 The Customer shall only supply to the Provider, and the Provider shall only process, in each case under or in relation to the Agreement:
(a) the Personal Data of data subjects falling within the categories specified in Part 1 of Schedule 5 (Data processing information) and such other categories as may be agreed by the parties in writing; and
(b) Personal Data of the types specified in Part 2 of Schedule 5 (Data processing information) and such other types as may be agreed by the parties in writing.
13.4 The Provider shall only process the Customer Personal Data for the purposes specified in Part 3 of Schedule 5 (Data processing information).
13.5 The Provider shall only process the Customer Personal Data during the Term and for not more than 30 days following the end of the Term, subject to the other provisions of this Clause 13.
13.6 The Provider shall only process the Customer Personal Data on the documented instructions of the Customer (including with regard to transfers of the Customer Personal Data to any place outside the European Economic Area), as set out in these Terms and Conditions or any other document agreed by the parties in writing.
13.7 The Customer hereby authorises the Provider to make the following transfers of Customer Personal Data:
(a) the Provider may transfer the Customer Personal Data to its sub-processors in the jurisdictions identified in Part 5 of Schedule 5 (Data processing information), providing that such transfers must be protected by any appropriate safeguards identified therein; and
(b) the Provider may transfer the Customer Personal Data to a country, a territory or sector to the extent that the European Commission has decided that the country, territory or sector ensures an adequate level of protection for Personal Data.
13.8 The Provider shall promptly inform the Customer if, in the opinion of the Provider, an instruction of the Customer relating to the processing of the Customer Personal Data infringes the Data Protection Laws.
13.9 Notwithstanding any other provision of the Agreement, the Provider may process the Customer Personal Data if and to the extent that the Provider is required to do so by applicable law. In such a case, the Provider shall inform the Customer of the legal requirement before processing, unless that law prohibits such information.
13.10 The Provider shall ensure that persons authorized to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
13.11 The Provider and the Customer shall each implement appropriate technical and organizational measures to ensure an appropriate level of security for the Customer Personal Data, including those measures specified in Part 4 of Schedule 5 (Data processing information).
13.12 The Provider must not engage any third party to process the Customer Personal Data without the prior specific or general written authorization of the Customer. In the case of a general written authorization, the Provider shall inform the Customer at least 14 days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Customer objects to any such changes before their implementation, then the Provider must not implement the changes. The Provider shall ensure that each third party processor is subject to equivalent legal obligations as those imposed on the Provider by this Clause 13.
13.13 As at the Effective Date, the Provider is hereby authorized by the Customer to engage, as sub-processors with respect to Customer Personal Data, the third parties identified in Part 5 of Schedule 5 (Data processing information).
13.14 The Provider shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organizational measures to assist the Customer with the fulfillment of the Customer’s obligation to respond to requests exercising a data subject’s rights under the Data Protection Laws.
13.15 The Provider shall assist the Customer in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws.
13.16 The Provider must notify the Customer of any Personal Data breach affecting the Customer Personal Data without undue delay and, in any case, not later than 24 hours after the Provider becomes aware of the breach.
13.17 The Provider shall make available to the Customer all information necessary to demonstrate the compliance of the Provider with its obligations under this Clause 13 and the Data Protection Laws.
13.18 The Provider shall, at the choice of the Customer, delete or return all of the Customer Personal Data to the Customer after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.
13.19 The Provider shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer in respect of the compliance of the Provider’s processing of Customer Personal Data with the Data Protection Laws and this Clause 13.
13.20 If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under the Agreement, then the parties shall use their best endeavors promptly to agree such variations to the Agreement as may be necessary to remedy such non-compliance.
14. Warranties
14.1 The Provider warrants to the Customer that:
(a) the Provider has the legal right and authority to enter into the Agreement and to perform its obligations under these Terms and Conditions;
(b) the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider’s rights and the fulfillment of the Provider’s obligations under these Terms and Conditions; and
(c) the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under these Terms and Conditions.
14.2 The Provider warrants to the Customer that:
(a) the Platform and Hosted Services will conform in all material respects with the Hosted Services Specification;
(b) the Hosted Services will be free from Hosted Services Defects;
(c) the application of Updates and Upgrades to the Platform by the Provider will not introduce any Hosted Services Defects into the Hosted Services;
(d) the Platform will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs; and
(e) the Platform will incorporate security features reflecting the requirements of good industry practice.
14.3 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with these Terms and Conditions, will not breach any laws, statutes or regulations applicable under the Republic of Singapore law.
14.4 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with these Terms and Conditions, will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.
14.5 If the Provider reasonably determines, or any third party alleges, that the use of the Hosted Services by the Customer in accordance with these Terms and Conditions infringes any person’s Intellectual Property Rights, the Provider may at its own cost and expense:
(a) modify the Hosted Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or
(b) procure for the Customer the right to use the Hosted Services in accordance with these Terms and Conditions.
14.6 The Customer warrants to the Provider that it has the legal right and authority to enter into the Agreement and to perform its obligations under these Terms and Conditions.
14.7 All of the parties’ warranties and representations in respect of the subject matter of the Agreement are expressly set out in these Terms and Conditions. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Agreement will be implied into the Agreement or any related contract.
15. Acknowledgements and warranty limitations
15.1 The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of these Terms and Conditions, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.
15.2 The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of these Terms and Conditions, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.
15.3 The Customer acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.
15.4 The Customer acknowledges that the Provider will not provide any legal, financial, accountancy or taxation advice under these Terms and Conditions or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in these Terms and Conditions, the Provider does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Customer will not give rise to any legal liability on the part of the Customer or any other person.
16. Indemnities
16.1 The Provider shall indemnify and shall keep indemnified the Customer against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Customer and arising directly or indirectly as a result of any breach by the Provider of these Terms and Conditions (a “Provider Indemnity Event“).
16.2 The Customer must:
(a) upon becoming aware of an actual or potential Provider Indemnity Event, notify the Provider;
(b) provide to the Provider all such assistance as may be reasonably requested by the Provider in relation to the Provider Indemnity Event;
(c) allow the Provider the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Provider Indemnity Event; and
(d) not admit liability to any third party in connection with the Provider Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Provider Indemnity Event without the prior written consent of the Provider,
without prejudice to the Provider’s obligations under Clause 16.1.
16.3 The Customer shall indemnify and shall keep indemnified the Provider against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Provider and arising directly or indirectly as a result of any breach by the Customer of these Terms and Conditions (a “Customer Indemnity Event“).
16.4 The Provider must:
(a) upon becoming aware of an actual or potential Customer Indemnity Event, notify the Customer;
(b) provide to the Customer all such assistance as may be reasonably requested by the Customer in relation to the Customer Indemnity Event;
(c) allow the Customer the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Customer Indemnity Event; and
(d) not admit liability to any third party in connection with the Customer Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Customer Indemnity Event without the prior written consent of the Customer,
without prejudice to the Customer’s obligations under Clause 16.3.
16.5 The indemnity protection set out in this Clause 16 shall be subject to the limitations and exclusions of liability set out in the Agreement.
17. Limitations and exclusion of liabilities
17.1 Nothing in these Terms and Conditions will:
(a) limit or exclude any liability for death or personal injury resulting from negligence;
(b) limit or exclude any liability for fraud or fraudulent misrepresentation;
(c) limit any liabilities in any way that is not permitted under applicable law; or
(d) exclude any liabilities that may not be excluded under applicable law.
17.2 The limitations and exclusions of liability set out in this Clause 17 and elsewhere in these Terms and Conditions:
(a) are subject to Clause 17.1; and
(b) govern all liabilities arising under these Terms and Conditions or relating to the subject matter of these Terms and Conditions, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in these Terms and Conditions.
17.3 Neither party shall be liable to the other party in respect of any losses arising out of a Force Majeure Event.
17.4 Neither party shall be liable to the other party in respect of any loss of profits or anticipated savings.
17.5 Neither party shall be liable to the other party in respect of any loss of revenue or income.
17.6 The Provider shall not be liable to the Customer in respect of any loss of use or production.
17.7 Neither party shall be liable to the other party in respect of any loss of business, contracts or opportunities.
17.8 The Provider shall not be liable to the Customer in respect of any loss or corruption of any data, database or software; providing that this Clause 17.8 shall not protect the Provider unless the Provider has fully complied with its obligations under Clause 8.3 and Clause 8.4.
17.9 Neither party shall be liable to the other party in respect of any special, indirect or consequential loss or damage.
17.10 The liability of the Provider to the Customer under the Agreement in respect of any event or series of related events shall not exceed the total amount paid and payable by the Customer to the Provider under the Agreement in the 12 month period preceding the commencement of the event or events.
17.11 The aggregate liability of the Provider to the Customer under the Agreement shall not exceed the total amount paid and payable by the Customer to the Provider under the Agreement.
18. Force Majeure Event
18.1 If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under the Agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.
18.2 A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under the Agreement, must:
(a) promptly notify the other; and
(b) inform the other of the period for which it is estimated that such failure or delay will continue.
18.3 A party whose performance of its obligations under the Agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.
19. Termination
19.1 Either party may terminate the Agreement by giving to the other party not less than 30 days’ written notice of termination, expiring after the end of the Minimum Term.
19.2 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:
(a) the other party commits any material breach of the Agreement, and the breach is not remediable;
(b) the other party commits a material breach of the Agreement, and the breach is remediable but the other party fails to remedy the breach within the period of 30 days following the giving of a written notice to the other party requiring the breach to be remedied; or
(c) the other party persistently breaches the Agreement (irrespective of whether such breaches collectively constitute a material breach).
19.3 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:
(a) the other party:
(i) is dissolved;
(ii) ceases to conduct all (or substantially all) of its business;
(iii) is or becomes unable to pay its debts as they fall due;
(iv) is or becomes insolvent or is declared insolvent; or
(v) convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;
(b) an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party; or
(c) an order is made for the winding up of the other party, or the other party passes a resolution for its winding up.
19.4 The Provider may terminate the Agreement immediately by giving written notice to the Customer if:
(a) any amount due to be paid by the Customer to the Provider under the Agreement is unpaid by the due date and remains unpaid upon the date that that written notice of termination is given; and
(b) the Provider has given to the Customer at least 30 days’ written notice, following the failure to pay, of its intention to terminate the Agreement in accordance with this Clause 19.4.
19.5 The Agreement may only be terminated in accordance with its express provisions.
20. Effects of termination
20.1 Upon the termination of the Agreement, all of the provisions of these Terms and Conditions shall cease to have effect, save that the following provisions of these Terms and Conditions shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 4.10, 11.2, 12, 13.1, 13.3, 13.4, 13.5, 13.6, 13.7, 13.8, 13.9, 13.10, 13.11, 13.12, 13.13, 13.14, 13.15, 13.16, 13.17, 13.18, 13.19, 13.20, 16, 17, 20, 23, 24, 25, 26, 27.1, 27.2, 28, 29 and 30.
20.2 Except to the extent that these Terms and Conditions expressly provides otherwise, the termination of the Agreement shall not affect the accrued rights of either party.
20.3 Within 30 days following the termination of the Agreement for any reason:
(a) the Customer must pay to the Provider any Charges in respect of Services provided to the Customer before the termination of the Agreement; and
(b) the Provider must refund to the Customer any Charges paid by the Customer to the Provider in respect of Services that were to be provided to the Customer after the termination of the Agreement,
without prejudice to the parties’ other legal rights.
21. Notices
21.1 Any notice from one party to the other party under these Terms and Conditions must be given by one of the following methods (using the relevant contact details set out in Section 5 of the Customer Order Form and Clause 21.2):
(a) delivered personally or sent by courier, in which case the notice shall be deemed to be received upon delivery; or
(b) sent by email, in which case the notice shall be deemed shall be deemed to be received upon sending,
providing that, if the stated time of deemed receipt is not within Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time.
21.2 The Provider’s contact details for notices under this Clause 21 are as follows:
Healthcare GRC Pte Ltd
105 Cecil Street, #16-01 The Octagon
Singapore 069534
Tel: +65 62260706
21.3 The addressee and contact details set out in Section 5 of the Customer Order Form and Clause 21.2 may be updated from time to time by a party giving written notice of the update to the other party in accordance with this Clause 21.
22. Subcontracting
22.1 Subject to any express restrictions elsewhere in these Terms and Conditions, the Provider may subcontract any of its obligations under the Agreement, providing that the Provider must give to the Customer, promptly following the appointment of a subcontractor, a written notice specifying the subcontracted obligations and identifying the subcontractor in question.
22.2 The Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.
22.3 Notwithstanding the provisions of this Clause 22 but subject to any other provision of these Terms and Conditions, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.
23. Assignment
23.1 The Provider must not assign, transfer or otherwise deal with the Provider’s contractual rights and/or obligations under these Terms and Conditions without the prior written consent of the Customer, providing that the Provider may assign the entirety of its rights and obligations under these Terms and Conditions to any Affiliate of the Provider or to any successor to all or a substantial part of the business of the Provider from time to time.
23.2 The Customer must not assign, transfer or otherwise deal with the Customer’s contractual rights and/or obligations under these Terms and Conditions without the prior written consent of the Provider, providing that the Customer may assign the entirety of its rights and obligations under these Terms and Conditions to any Affiliate of the Customer or to any successor to all or a substantial part of the business of the Customer from time to time.
24. No waivers
24.1 No breach of any provision of the Agreement will be waived except with the express written consent of the party not in breach.
24.2 No waiver of any breach of any provision of the Agreement shall be construed as a further or continuing waiver of any other breach of that provision or any breach of any other provision of the Agreement.
25. Severability
25.1 If a provision of these Terms and Conditions is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions will continue in effect.
25.2 If any unlawful and/or unenforceable provision of these Terms and Conditions would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect
26. Third party rights
26.1 The Agreement is for the benefit of the parties, and is not intended to benefit or be enforceable by any third party.
26.2 The exercise of the parties’ rights under the Agreement is not subject to the consent of any third party.
27. Variation
27.1 The Agreement may not be varied except in accordance with this Clause 27.
27.2 The Agreement may be varied by means of a written document signed by or on behalf of each party.
27.3 The Provider may vary the Agreement by giving to the Customer at least 30 days’ written notice of the proposed variation, providing that if the Provider gives to the Customer a notice under this Clause 27.3, the Customer shall have the right to terminate the Agreement by giving written notice of termination to the Provider at any time during the period of 14 days following receipt of the Provider’s notice.
28. Entire agreement
28.1 The Customer Order Form, the main body of these Terms and Conditions and the Schedules shall constitute the entire agreement between the parties in relation to the subject matter of the Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.
28.2 Neither party will have any remedy in respect of any misrepresentation (whether written or oral) made to it upon which it relied in entering into the Agreement.
28.3 The provisions of this Clause 28 are subject to Clause 17.1
29. Law and jurisdiction
29.1 These Terms and Conditions shall be governed by and construed in accordance with Republic of Singapore law.
29.2 Any disputes relating to the Agreement shall be subject to the exclusive jurisdiction of the courts of Republic of Singapore
30. Interpretation
30.1 In these Terms and Conditions, a reference to a statute or statutory provision includes a reference to:
(a) that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and
(b) any subordinate legislation made under that statute or statutory provision.
30.2 The Clause headings do not affect the interpretation of these Terms and Conditions.
30.3 References in these Terms and Conditions to “calendar months” are to the 12 named periods (January, February and so on) into which a year is divided.
30.4 In these Terms and Conditions, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.
1.1 This acceptable use policy (the “Policy“) sets out the rules governing:
(a) the use of the website at .quasrapp.com, any successor website, and the services available on that website or any successor website (the “Services“); and
(b) the transmission, storage and processing of content by you, or by any person on your behalf, using the Services (“Content“).
1.2 References in this Policy to “you” are to any customer for the Services and any individual user of the Services (and “your” should be construed accordingly); and references in this Policy to “us” are to Healthcare GRC Pte Ltd (and “we” and “our” should be construed accordingly).
1.3 By using the Services, you agree to the rules set out in this Policy.
1.4 We will ask for your express agreement to the terms of service of this Policy before you upload or submit any Content or otherwise use the Services.
1.5 You must be at least 18 years of age to use the Services; and by using the Services, you warrant and represent to us that you are at least 18 years of age.
2.1 You must not use the Services in any way that causes, or may cause, damage to the Services or impairment of the availability or accessibility of the Services.
2.2 You must not use the Services:
(a) in any way that is unlawful, illegal, fraudulent, deceptive or harmful; or
(b) in connection with any unlawful, illegal, fraudulent, deceptive or harmful purpose or activity.
3.1 You must not conduct any systematic or automated data scraping, data mining, data extraction or data harvesting, or other systematic or automated data collection activity, by means of or in relation to the Services.
4.1 The Content must not contain or consist of any viruses, worms, spyware, adware or other harmful or malicious software, programs, routines, applications or technologies.
4.2 The Content must not contain or consist of any software, programs, routines, applications or technologies that will or may have a material negative effect upon the performance of a computer or introduce material security risks to a computer.
1.1 This Schedule 2 sets out the Provider’s availability commitments relating to the Hosted Services.
1.2 In this Schedule 2, “uptime” means the percentage of time during a given period when the Hosted Services are available at the gateway between public internet and the network of the hosting services provider for the Hosted Services.
2.1 The Provider shall use reasonable endeavors to ensure that the uptime for the Hosted Services is at least 99.9% during each calendar month.
2.2 The Provider shall be responsible for measuring uptime, and shall do so using the following methodology: Actual Uptime % = (Maximum Uptime – Downtime) / Maximum Uptime.
2.3 The Provider shall report uptime measurements to the Customer in writing, in respect of each calendar month, within 10 Business Days following the end of the relevant calendar month, upon request by Customer.
3.1 In respect of each calendar month during which the Hosted Services uptime is less than the commitment specified in Paragraph 2.1, the Customer shall earn service credits in accordance with the provisions of this Part 3.
3.2 The service credits earned by the Customer shall be as follows:
Actual Uptime: Service Credit*
99.0% < 99.9% 10%
<99.0% 25%
* Defined as discount to pro-rated monthly subscription fee
3.3 The Provider shall deduct an amount equal to the service credits due to the Customer under this Part 3 from amounts invoiced in respect of the Charges for the Hosted Services. All remaining service credits shall be deducted from each invoice issued following the reporting of the relevant failure to meet the uptime commitment, until such time as the service credits are exhausted.
3.4 Service credits shall be the sole remedy of the Customer in relation to any failure by the Provider to meet the uptime guarantee in Paragraph 2.1, except where the failure amounts to a material breach of the Agreement.
3.5 Upon the termination of the Agreement, the Customer’s entitlement to service credits shall immediately cease, save that service credits earned by the Customer shall be offset against any amounts invoiced by the Provider in respect of Hosted Services following such termination.
4.1 Downtime caused directly or indirectly by any of the following shall not be considered when calculating whether the Provider has met the uptime guarantee given in Paragraph 2.1:
(a) a Force Majeure Event;
(b) a fault or failure of the internet or any public telecommunications network;
(c) a fault or failure of the Customer’s computer systems or networks;
(d) any breach by the Customer of the Agreement; or
(e) scheduled maintenance carried out in accordance with the Agreement.
1.1 This Schedule 3 sets out the service levels applicable to the Maintenance Services.
2.1 The Provider shall where practicable give to the Customer at least 10 Business Days’ prior written notice of scheduled Maintenance Services that are likely to affect the availability of the Hosted Services or are likely to have a material negative impact upon the Hosted Services, without prejudice to the Provider’s other notice obligations under this Schedule 3.
2.2 The Provider shall provide all scheduled Maintenance Services outside Business Hours.
3.1 The Provider shall give to the Customer written notice of the application of any security Update to the Platform and at least 10 Business Days’ prior written notice of the application of any non-security Update to the Platform.
3.2 The Provider shall apply Updates to the Platform as follows:
(a) third party security Updates shall be applied to the Platform promptly following release by the relevant third party, providing that the Provider may acting reasonably decide not to apply any particular third party security Update;
(b) the Provider’s security Updates shall be applied to the Platform promptly following the identification of the relevant security risk and the completion of the testing of the relevant Update; and
(c) other Updates shall be applied to the Platform in accordance with any timetable notified by the Provider to the Customer or agreed by the parties from time to time.
4.1 The Provider shall produce Upgrades at least once in each calendar year during the Term.
4.2 The Provider shall give to the Customer at least 10 Business Days’ prior written notice of the application of an Upgrade to the Platform.
4.3 The Provider shall apply each Upgrade to the Platform within any period notified by the Provider to the Customer or agreed by the parties in writing.
1.1 This Schedule 4 sets out the service levels applicable to the Support Services.
2.1 The Provider shall make available to the Customer a helpdesk in accordance with the provisions of this Schedule 4.
2.2 The Customer may use the helpdesk for the purposes of requesting and, where applicable, receiving the Support Services; and the Customer must not use the helpdesk for any other purpose.
2.3 The Provider shall ensure that the helpdesk is accessible by telephone, email and using the Provider’s web-based ticketing system.
2.4 The Provider shall ensure that the helpdesk is operational and adequately staffed during Business Hours during the Term. In addition, the Provider shall provide a special telephone number for the Customer to report critical issues outside of Business Hours.
2.5 The Customer shall ensure that all requests for Support Services that it may make from time to time shall be made through the helpdesk.
3.1 Issues raised through the Support Services shall be categorized as follows:
(a) critical: the Hosted Services are inoperable or a core function of the Hosted Services is unavailable;
(b) serious: a core function of the Hosted Services is significantly impaired;
(c) moderate: a core function of the Hosted Services is impaired, where the impairment does not constitute a serious issue; or a non-core function of the Hosted Services is significantly impaired; and
(d) minor: any impairment of the Hosted Services not falling into the above categories; and any cosmetic issue affecting the Hosted Services.
3.2 The Provider shall determine, acting reasonably, into which severity category an issue falls.
3.3 The Provider shall use all reasonable endeavors to respond to requests for Support Services promptly, and in any case in accordance with the following time periods:
(a) critical: 1 Business Hour;
(b) serious: 4 Business Hours;
(c) moderate: 1 Business Day; and
(d) minor: 2 Business Days.
3.4 The Provider shall ensure that its response to a request for Support Services shall include the following information (to the extent such information is relevant to the request): an acknowledgement of receipt of the request, where practicable an initial diagnosis in relation to any reported error, and an anticipated timetable for action in relation to the request.
3.5 The Provider shall use all reasonable endeavors to resolve issues raised through the Support Services promptly, and in any case in accordance with the following time periods:
(a) critical: 4 Business Hours;
(b) serious: 8 Business Hours;
(c) moderate: 4 Business Days; and
(d) minor: 10 Business Days.
4.1 The Support Services shall be provided remotely, save to the extent that the parties agree otherwise in writing.
5.1 The Provider shall have no obligation to provide Support Services in respect of any issue caused by:
(a) the improper use of the Hosted Services by the Customer; or
(b) any alteration to the Hosted Services made without the prior consent of the Provider.
Categories of data subject whose personal data may be processed include:
a. Customer’s employees (medical, non-medical, management and support staff);
b. Customer’s Specialists and Consultants;
c. Inpatients, out-patients and visitors;
d. Customer’s contractors, sub-contractors and volunteers
Types of personal data to be processed include:
a. name, ID, date of birth (for all data subject categories)
b. contact number and email address (for Customer’s employees, Specialists and Consultants)
c. profile data such as employment status, employer name, employee ID, department, designation, supervisor name, highest qualification (for Customer’s employees, Specialists and Consultants)
d. incident data such as injury, illness, medication, treatment received (for all data subject categories)
Purposes for which personal data may be processed are to meet hospital management system requirements to record, manage, analyse, store, archive and generate incident reports. Some of the incident data are processed to meet regulatory requirements.
Security measures used to protect personal data include:
a. Transmission Control: The browser is connected to the server over a secure HTTPS connection which ensures that the data is encrypted before it is transmitted to the server.
b. Encryption Controls:
i. In the application environment, the data is sent to the database layer over a SSL connection to ensure the data is not visible within the application network.
ii. The database is encrypted at rest. All the backups, hence, are also encrypted at rest. The encryption keys for these are part of the network infrastructure and can be accessed only via a 2FA mechanism.
iii. All file uploads and attachments are encrypted at rest as well.
c. Access Controls:
i. The database is protected with both user login-based access and by network-based login restrictions. Access to the network is protected with 2FA (two-factor authentication) mechanisms.
ii. System features such as “mark as sensitive” further limit access to personal data to a smaller group of authorized personnel only.
d. Integrity Control: Role-based user access, audit logs and server logs.
e. Confidentiality Control: Role-based user access and password policies.
f. Recoverability: Data backups is done at least once a day and regularly checked for successful recovery
Amazon Web Services (AWS) Data Centre in Singapore
Freshdesk Customer Support Portal