Terms and Conditions 
Version: feb. 2019
The service “Practiceflow” is offered over the internet in the form of Software-as-a-Service by the company Automationsoft BV. The use of Practiceflow is subject to the below terms and conditions. Using Practiceflow constitutes acceptance of these terms and conditions. Deviations from these terms and conditions is possible only by means of written confirmation by Automationsoft BV.

Article 1. Use of the service
1.1. Practiceflow is practice management software for integrative of functional medicine practice.
1.2. To use Practiceflow, you first need to register. After completing registration, you can directly log into your account and use the servce.
1.3. You must secure access to your account using the username and password against third parties. In particular you must keep the password strictly confidential. Automationsoft BV may assume that all actions undertaken from your account after logging in with your username and password is authorized and supervised by you. This means you are liable for these actions, unless and until you have notified Automationsoft BV that someone else knows your password.
1.4. Practiceflow processes your personal data. You give your consent for all forms of processing within the scope of the service. Consult the privacy statement of Automationsoft BV for more information.

Article 2. Terms of use
2.1. It is not permitted to use Practiceflow for any purpose that violates Dutch or other applicable law or regulation. This includes (among others) the storage or transmission of data using the service that is slanderous, libelous or racist.
2.2. Should Automationsoft BV discover that you violate any of the above, or receive a complaint alleging the same, Automationsoft BV will issue a warning. If the warning does not lead to an acceptable resolution, then Automationsoft BV may intervene to end the violation. In urgent of serious cases Automationsoft BV may intervene without warning.
2.3. If in the opinion of Automationsoft BV the continued functioning of the computer systems or network of Automationsoft BV or third parties is actually or under threat of being damaged or jeopardized, for example through excessive transmission of e-mail or other data, leaks of personal data or virus activity, Automationsoft BV may take all steps it deems reasonably necessary to end or avert such damage or jeopardy.
2.4. Automationsoft BV is at all times entitled to file a criminal complaint for any offenses committed through or using the service.
2.5. Automationsoft BV may recoup from you all damages it suffers as a result of your violation of these terms of use. You agree and hold harmless Automationsoft BV from all third-party claims arising out of your violation of these terms of use.

Article 3. Availability and maintenance
3.1. Automationsoft BV uses its best efforts to have the service available at all times but makes no guarantees about uninterrupted availability.
3.2. Automationsoft BV actively maintains Practiceflow. In case maintenance is reasonably expected to negatively impact availability, Automationsoft BV shall carry out such maintenance at night (between 23:00 and 07:00 local time). Maintenance is announced in advance whenever possible. Emergency maintenance can take place at any time and without prior announcement.
3.3. Automationsoft BV may from time to time adapt Practiceflow. Your feedback and suggestions are welcome but ultimately Automationsoft BV decides which adaptations to carry out (or not).

Article 4. Intellectual property
4.1. The service Practiceflow, the accompanying software as well as all information and images on the website is the intellectual property of Automationsoft BV. None of these items may be copied or used without prior written permission of Automationsoft BV, except and to the extent permitted by mandatory law.
4.2. Information you store or process using the service is and remains your property (or the property of your suppliers or licensors). Automationsoft BV receives a limited license to use this information for the service, including for future aspects thereof. You can cancel this license by removing the information in question and/or terminating the agreement.
4.3. If you send information to Automationsoft BV, for example a bug report or suggestion for improvement, you grant Automationsoft BV a perpetual and unlimited license to use this information for the service. This does not apply to information you expressly mark as confidential.
4.4. Automationsoft BV shall refrain from accessing data you store or transfer using Practiceflow, unless this is necessary for a good provision of the service or Automationsoft BV is forced to do so by law or order of competent authority. In these cases Automationsoft BV shall use its best efforts to limit access to the information as much as possible.

Article 5. Compensation for the service
5.1. The use of certain functions of Practiceflow is subject to fees. The functions in question will inform you of the fees. The fee is due every month and must be paid in advance.
5.2. Payment is possible through direct debit order, or as explained further on the website.
5.3. Because the service is started directly at your express request, a payment cannot be refunded under the Distance Selling Act.

Article 6. Limitation of liability
6.1. Except in case of intentional misconduct or gross negligence the liability of Automationsoft BV shall be limited to the amount paid by you in the three months prior to the moment the cause of the damage occurred.
6.2. Automationsoft BV in no event is liable for indirect damages, consequential damages, lost profits, missed savings or damages through business interruption.
6.3. Damages may only be claimed if reported in writing to Automationsoft BV at most two months after discovery.
6.4. In case of force majeure Automationsoft BV is never required to compensate damages suffered by you. Force majeure includes among others disruptions or unavailability of the internet, telecommunication infrastructure, power interruptions, riots, traffic jams, strikes, company disruptions, interruptions in supply, fires and floods.

Article 7. Term and termination
7.1. This agreement enters into force as soon as you first use the service and then remains in force for a month.
7.2. After this period the agreement is silently renewed with successive terms of the same period. If you entered into this agreement as a consumer, you may after the first silent renewal terminate the agreement at any time with a notice period of one month, calculated from the moment of the notice. Non-consumers can terminate the agreement by the end of the term indicated in the previous clause with a notice period of one month.
7.3. Automationsoft BV is entitled to terminate the agreement if you have not used the service at all in the last 18 months. In such an event Automationsoft BV shall first send a reminder mail to the e-mail address connected to your account.
7.4. You can export the you store or process using the service at any time through the service interface.

Article 8. Changes to terms
8.1. Automationsoft BV may change or add to these terms and conditions as well as any prices at any time.
8.2. Automationsoft BV shall announce through the service changes or additions at least thirty days before their taking effect.
8.3. If you do not want to accept a change or addition, you can terminate the agreement until the date the changes take effect. Use of Practiceflow after the date of effect shall constitute your acceptance of the changed or added-to terms and conditions.

Article 9. Personal data of you and your customers
You can fill in personal details of others, such as address details and contact details of your contacts or medical details, in practiceflow. Because you enter this personal information with us, we and you must comply with the General Data Protection Regulation (AVG). To comply with the AVG, we agree the following:

From a legal point of view, you are responsible for processing the personal data that you enter with us. You are then the controller. We are the processor here. According to the AVG, it is necessary for us to conclude a processing agreement with each other. Based on this processing agreement, we will only process the personal data that you enter with us if you give us the order for it. You give us this assignment by agreeing to these terms and conditions.

Read our processor agreement

You are personally responsible for the personal data that you enter in your user account. You must comply with the applicable legislation and legal requirements. If you do not meet these requirements and we are held liable by a third party for any damage, you immediately indemnify us and you indemnify us for any liability.

In order to protect the personal data mentioned above, we have taken all measures within our control, such as secure SSL encryption of data traffic, SSL and HTST. Our servers are on Dutch territory and are subject to Dutch legislation.

We and you ensure that anyone who has access to the personal data mentioned above will not share it with others and keep it secret. Unless we are obliged to do so by a statutory regulation.

Article 10. Miscellaneous provisions
10.1. Dutch law applies to this agreement.
10.2. Except to the extent determined otherwise by mandatory applicable law all disputes arising in connection with Practiceflow shall be brought before the competent Dutch court for the principal place of business of Automationsoft BV.
10.3. For any clause in these terms and conditions that demand that a statement must be done “in writing” to be legally valid, a statement by e-mail or communication through the Practiceflow service shall be sufficient provided with sufficient certainty the authenticity of the sender can be established and the integrity of the statement has not been compromised.
10.4. The version of any communication of information as recorded by Automationsoft BV shall be deemed to be authentic, unless you supply proof to the contrary.
10.5. In case any part of these terms and conditions are declared legally invalid, this shall not affect the validity of the whole of the agreement. The parties shall in such an event agree on one or more replacement provisions that approximate the original intent of the invalid provision(s) within the limits of the law.
10.6. Automationsoft BV is entitled to transfer its rights and obligations under this agreement to a third party as part of an acquisition of Practiceflow or the associated business activities.

Data processing agreement
Version: feb. 2019
This data processing agreement is applicable to all processing of personal data to be undertaken by Practiceflow, registered with the Chamber of Commerce under number 718605584, (hereinafter: Processor) for the benefit of another party to whom it provides services (hereinafter: Controller) on the basis of the agreement concluded between these parties (hereinafter: the Agreement).

Validity of this processor agreement:
Because you use our services or because you visit our website, these conditions apply in this processing agreement and you are referred to as the controller. If you create a user account with us, you explicitly state that you agree with these conditions as a controller. We work in all cases on the basis of these conditions and only deviate from this if explicitly agreed in writing or by e-mail.

The processor agreement forms an integral part of our Terms and Conditions.

Article 1. Purposes of processing
1.1. Processor hereby agrees under the terms of this Data Processing Agreement to process personal data on behalf of the Controller. Processing shall be done solely for the purpose of managing the patient administration of Controller, and all purposes compatible therewith or as determined jointly.
1.2. The personal data to be processed by Processor for the purposes as set out in the previous clause and the categories of data subjects involved are set out in Appendix 1 to this Data Processing Agreement. Processor shall not process the personal data for any other purpose unless with Controller’s consent. Controller shall inform Processor of any processing purposes to the extent not already mentioned in this Data Processing Agreement. Processor however is permitted to use personal data for quality assurance purposes, including surveys to data subjects and statistical research purposes regarding the quality of Processor’s services.
1.3. All personal data processed on behalf of Controller shall remain the property of Controller and/or the data subjects in question.

Article 2. Processor obligations
2.1. Regarding the processing operations referred to in the previous clause, Processor shall comply with all applicable legislation, including at least all data processing legislation such as the General Data Protection Regulation (GDPR).
2.2. Upon first request Processor shall inform Controller about any measures taken to comply with its obligations under this Data Processing Agreement.
2.3. All obligations for Processor under this Data Processing Agreement shall apply equally to any persons processing personal data under the supervision of Processor, including but not limited to employees in the broadest sense of the term.
2.4. Processor shall inform Controller without delay if in its opinion an instruction of Controller would violate the legislation referred to in the first clause of this article.
2.5. Processor shall provide reasonable assistance to Controller in the context of any privacy impact assessments to be made by Controller.
2.6. Processor shall, in accordance with Article 30 GDPR, keep a register of all categories of processing activities which it carries out on behalf of the Controller under this data processing agreement. At Controller’s request, Processor shall provide Controller access to this register.

Article 3. Transfer of personal data
3.1. Processor may process the personal data in any country within the European Union.
3.2. In addition Processor may transfer the personal data to a country outside the European Union, provided that country ensures an adequate level of protection of personal data and complies with other obligations imposed on it under this Data Processing Agreement and the General Data Protection Regulation (GDPR), including the availability of appropriate safeguards and enforceable data subject rights and effective legal remedies for data subjects.
3.3. Processor shall report to Controller of the countries involved. Processor warrants that, considering the circumstances that apply to the transfer of personal data or any category of transfers, the country or countries outside the European Union have an adequate level of protection.
3.4. In particular Processor shall take into account the duration of the processing, the country of origin and the country of destination, the general and sector-based rules of law in the country of destination and the professional rules and security measures which are complied with in that country.

Article 4. Allocation of responsibilities
4.1. Processor shall make available IT facilities to be used by Controller for the purposes mentioned above. Processor shall not itself perform processing operations unless separately agreed otherwise.
4.2. Processor is solely responsible for the processing of personal data under this Data Processing Agreement in accordance with the instructions of Controller and under the explicit supervision of Controller. For any other processing of personal data, including but not limited to any collection of personal data by Controller, processing for purposes not reported to Processor, processing by third parties and/or for other purposes, the Processor does not accept any responsibility.
4.3. Controller represents and warrants that the content, usage and instructions to process the personal data as meant in this Data Processing Agreement are lawful and do not violate any right of any third party.

Article 5. Involvement of sub-processors 
5.1. Processor shall involve third parties in the processing under this Data Processing Agreement on the condition that such parties are reported in advance to the Controller; Controller may object to a specific third party if its involvement would reasonably be unacceptable to it.
5.2. In any event, Processor shall ensure that any third parties are bound to at least the same obligations as agreed between Controller and Processor.
5.3. Processor represents and warrants that these third parties shall comply with the obligations under this Data Processing Agreement and is liable for any damages caused by violations by these third parties as if it committed the violation itself.

Article 6. Security
6.1. Processor shall use reasonable efforts to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk for the processing operations involved, against loss or unlawful processing (in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed).
6.2. Processor shall implement at least the following specific security measures:
• Automatic logging of all operations concerning personal data
• Organisational measures for access control
• Secure Socket Layer (SSL) technology for securing network communication
• A secure internal network
• Purpose-bound access controls
• Web Application Firewall, DDos protection, Bruteforce attacks, Rate limiting on login pages, Always Use HTTPS
6.3. Processor does not warrant that the security is effective under all circumstances. If any security measure explicitly agreed in this Data Processing Agreement is missing, then Processor shall use best efforts to ensure a level of security appropriate to the risk taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. 
6.4. Controller shall only provide personal data to Processor for processing if it has ensured that the required security measures have been taken. Controller is responsible for the parties’ compliance with these security measures. 

Article 7. Notification and communication of data breaches 
7.1. Controller is responsible at all times for notification of any security breaches and/or personal data breaches (which are understood as: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed) to the competent supervisory authority, and for communication of the same to data subjects. In order to enable Controller to comply with this legal requirement, Processor shall notify Controller within a reasonable period after becoming aware of an actual or threatened security or personal data breach. 
7.2. A notification under the previous clause shall be made only for actual breaches with severe impact . 
7.3. The notification shall include at least the fact that a breach has occurred. In addition, the notification shall: 
• describe the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; 
• include the name and contact details of the Data Protection Officer (if appointed) or a contact person regarding privacy subjects; 
• describe the likely consequences of the personal data breach; 
• describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 

Article 8. Processing requests from data subjects 
8.1. In the event a data subject makes a request to exercise his or her legal rights under the GDPR (Articles 15-22) to Controller, Processor shall pass on such request to Controller, and Controller shall process the request. Processor may inform the data subject of this passing on. 

Article 9. Confidentiality obligations 
9.1. All personal data that Processor receives from Controller and/or collects itself is subject to strict obligations of confidentiality towards third parties. Processor shall not use this information for any goals other than for which it was obtained, not even if the information has been converted into a form that is no longer related to an identified or identifiable natural person. 
9.2. The confidentiality obligation shall not apply to the extent Controller has granted explicit permission to provide the information to third parties, the provision to third parties is reasonably necessary considering the nature of the assignment to Controller or the provision is legally required. 

Article 10. Audit 
10.1. Controller has the right to have audits performed on Processor by an independent third party bound by confidentiality obligations to verify compliance with the Data Processing Agreement, and all issues reasonably connected thereto. 
10.2. This audit may be performed once every year as well as in the event of a substantiated allegation of misuse of personal data. 
10.3. Processor shall give its full cooperation to the audit and shall make available employees and all reasonably relevant information, including supporting data such as system logs. 
10.4. The audit findings shall be assessed by Processor and implemented if and to the extent deemed reasonable by Processor. 
10.5. The costs of the audit shall be borne by Controller. 

Article 11. Liability 
11.1. Parties explicitly agree that any liability arising in connection with personal data processing shall be as provided in the Agreement. 

Article 12. Term and termination 
12.1. This Data Processing Agreement enters into force upon signature by the parties and on the date of the last signature. 
12.2. This Data Processing Agreement is entered into for the duration of the cooperation between the parties. 12.3. Upon termination of the Data Processing Agreement, regardless of reason or manner, Processor shall - at the choice of Controller - return in original format or destroy all personal data available to it. 
12.4. Processor is entitled to amend this Data Processing Agreement from time to time. Processor shall notify the Controller of amendments at least three months prior to their taking effect. Controller may terminate if the amendments are unacceptable to it. 

Article 13. Applicable law and competent venue 
13.1. This Data Processing Agreement and its execution are subject to Dutch law. 
13.2. Any disputes that may arise between the parties in connection with this Data Processing Agreement shall be brought to the competent court for the place of business of Processor. 


Appendix 1: Stipulation of personal data and data subjects 
Data subjects and personal data of different purposes Processor shall process the below personal data of the categories data subjects from different purposes (with retention period if specified) under the supervision of Controller, as specified in article 1 of the Data Processing Agreement: Patient administration / 15 year Patients 
• Medical data 
• Names and addresses 
• Email addresses 
• Dates of birth 
• Telephone numbers 

Controller represents and warrants that the description of personal data and categories of data subjects in this Appendix 1 is complete and accurate, and shall indemnify and hold harmless Process for all faults and claims that may arise from a violation of this representation and warranty. 
Privacy statement
Version: feb. 2019
During the processing of personal data Automationsoft BV works conform the requirements of the applicable data protection legislation, like the General Data Protection Regulation. This means we:
• clearly specify our purposes before we process personal data, by using this Privacy Statement;
• limit our collection of personal data to only the personal data needed for legitimate purposes;
• first ask for explicit permission to process your personal data in cases where your permission is required;
• take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf;
• respect your right to access, correct or delete your personal data held by us.

Automationsoft BV is the party responsible for all data processing. In this privacy statement, we will explain what kind of personal data we collect and for which purposes within our Practiceflow. 

We recommend that you read it carefully. If you have any questions regarding the processing of personal data, you can find the contactdetails of Automationsoft BV at the end of this privacy statement.

Registration
Certain features of our service require you to register beforehand. You will have to provide some information about yourself and choose a username and password for the account that we will set up for you.

For this purpose, we use your phone number, email address, invoice address, name and address details, birth date and payment details.We do this on the basis of your consent. We store this information for six months after you closed your account.

We will retain this data so that you do not have to re-enter it every time you visit our website, and in order to contact you in connection with the execution of the agreement, invoicing and payment, and to provide an overview of the products and services you have purchased from us.

Contact Form
You can use our contact form to ask questions or make any request. 

For this purpose, we use your name and address details, email address and phone number.We do this on the basis of your consent. We store this information until we are sure that you are satisfied with our response and six months thereafter. This way we can easily access the information in case you have any following questions and train our customer service to improve even more. 

Statistics and profiling 
We keep statistics on the use of our . These statistics help us to, for example, only show you information that is relevant to you. We may combine personal data to get to know more about you. We will of course respect your privacy at all times. If you do not want us to do these statistics, please let us know. 

For this purpose, we use your ip address.We do this on the basis of your consent. We store this information for six months. 

Subscription 
Via Practiceflow you can take out a paid subscription. We use your personal data to complete the payment.

For this purpose, we use your birth date, payment details, email address, invoice address, phone number and name and address details.We do this on the basis of your consent. We store this information for one year after you cancelled your subscription. Certain types of personal data will be retained for a longer period with regards to the legal tax retention.. 

Access to portal 
Within our portal, you can access a management environment where you can set, specify and change settings. We will keep track of your activities for proof. For this purpose, we use your email address, payment details, birth date, phone number, invoice address and name and address details.We do this on the basis of your consent. We store this information for six months after our services to you have ended. 

Promotion 
Other than the advertisements on the website, we can inform you about new products or services: 

• by e-mail- via social media 

You can object at all times against this promotional communication. Every e-mail contains a cancellation link. On social media, you can block us or use the cancellation option. You can also inform us through your account. Further, you can inform us through the portal. 

Location data 
If necessary, we may collect your location data (GPS). If that is the case, you will be asked to grant consent beforehand. 

This location data and other data can also be stored and processed by the provider of the navigation/mapping software, such as Google Maps, but the data could also be used by, for example, Google or Apple itself. We have no control over their actions. We recommend that you read the applicable privacy statement of the provider in question. 

Publication 
We will not publish your customer data. 

Providing Data to Third Parties 
Except for the parties mentioned above, we do not under any circumstance provide your personal data to other companies or organisations, unless we are required to do so by law (for example, when the police demands access to personal data in case of a suspected crime). 

Our website features social media buttons. These buttons are used by the providers of these services to collect your personal data. 

Statistics 
We keep statistics on the use of our 

Cookies 
Our makes use of cookies. Cookies are small files in which we can store information, so that you do not have to fill in that information again. We can also use them to see whether you are visiting us again. The first time you visit our , we will show you a notification explaining our cookies and ask for your permission for the use of these cookies. 

You can disable the use of cookies through your browser setting, but some parts of our website may not work properly as a result of that. We made arrangements with other parties who place cookies through our website. Nevertheless, we cannot fully control what they are doing with their cookies, so please read their privacy statements as well. 

Google Analytics 
We use Google Analytics to track visitors on our website and to get reports about how visitors use the website. We accepted the data processing agreement from Google. We do allow Google to use information obtained by Analytics for other Google services, and we don’t anonymize the IP-adresses. 

Security 
We take security measures to reduce misuse of and unauthorized access to personal data. We take responsibility in the security of your personal data. We renew our security measures to ensure safe storage of personal data and keep track what might go wrong. 

Changes to this Privacy Statement 
We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes. 

Inspection and Modification of your Data 
You can always contact us if you have any questions regarding our privacy policy or wish to review, modify or delete your personal data. 

You have the following right: 
• Right of access: you have the right to see what kind of personal data we processed about you. 
• Right of rectification: you have the right to rectify any personal data we have processed about you, if this information is (partially) wrong. 
• Right to complain: you have the right to file a complain against the processing of your personal data by us, or against direct marketing. 
• Right to be forgotten: you can file a request with us to remove any personal data we processed of you. 
• Right to data portability: if technically possible, you have the right to ask us to transfer your processed personal data to a third party. 
• Right to restriction of processing: you can file a request with us to (temporarily) restrict the processing of your personal data. 

If you exercise any of the rights mentioned above, we will ask to identify yourself with a valid ID, to conform it is your personal data. It is important that you hide your social security number and photo. 

We will usually comply to your request within 30 days. This term can be extended if the request is proven to be complex or tied to a specific right. You will be notified about a possible extension of this term. 

Complaints 
If you think that we are not helping you in the right way, you have the right to lodge a complaint at the authority. For The Netherlands, this is the Autoriteit Persoonsgegevens. 
Copyright
Version: feb. 2019
© Copyright 2019 Practiceflow (Automationsoft BV), all right reserved.

Intellectual Property Rights
All intellectual property rights and title to the Service and materials on the Website, including without limitation photographs and graphical images (save to the extent they incorporate any Customer Data or third party owned item) shall remain owned by us and our licensors and no interest or ownership in the Service or Website is transferred to the Customer. Nothing in these Customer Terms shall be construed to mean, by inference or otherwise, that the Customer has any right to obtain source code for the software comprised within the Service or Website.

No part of the Website or Service may be reproduced or stored in any other website or included in any public or private electronic retrieval system or service without our prior written permission.

When using the Service, Customers are encouraged to provide us with their feedback, suggestions or ideas for changes to the Service (“Feedback”). The Customer assigns to us all rights, title and interest in any Feedback. If for any reason such assignment is ineffective, the Customer shall grant us a non-exclusive, perpetual, irrevocable, royalty free, worldwide right and licence to use, reproduce, disclose, sub-licence, distribute, modify and exploit such feedback without restriction.

We may take and maintain technical precautions to protect the Service and Website from improper or unauthorised use, distribution or copying.

Automationsoft BV
t.a.v. Practiceflow
Bosseweg 7b
5682BA Best
KvK: 718605584 
The Netherlands  
Copyright 2019 - Practiceflow - All Rights Reserved