Please read these terms and conditions carefully before engaging our consultancy services in the field of digital health. These terms and conditions outline the rights, obligations, and responsibilities of both the consultancy service provider (hereinafter referred to as "Provider" or "We") and the client (hereinafter referred to as "Client" or "You"). By engaging our services, you acknowledge and accept these terms and conditions in their entirety.

1. Scope of Services:

1.1. The Provider shall offer consultancy services related to digital health, including but not limited to healthcare technology assessment, digital health strategy development, software and application evaluation, data privacy and security assessment, regulatory compliance guidance, and implementation support.

1.2. The specific scope of services, timelines, and deliverables shall be mutually agreed upon in a separate statement of work or project agreement between the Provider and the Client.

2. Client Responsibilities:

2.1. The Client shall provide the necessary information, access to relevant systems, and resources required for the successful execution of the consultancy services.

2.2. The Client shall promptly respond to requests for information, clarification, and feedback from the Provider to ensure efficient progress of the engagement.

   2.3. The Client acknowledges that the Provider's recommendations and advice are based on the information provided by the Client, and the Client shall be solely responsible for the accuracy and completeness of such information.

3. Confidentiality:

   3.1. Both parties agree to maintain the confidentiality of any proprietary or confidential information disclosed during the course of the engagement. This includes, but is not limited to, trade secrets, business strategies, technical know-how, and any other information identified as confidential.

   3.2. The Provider shall not disclose the Client's confidential information to any third party without prior written consent from the Client, except as required by law or authorized by the Client.

   3.3. The Client acknowledges that the Provider may use anonymized and aggregated data for internal purposes, such as improving service quality, research, and statistical analysis, provided that such data cannot be used to identify the Client or any individual.

4. Intellectual Property:

   4.1. Any intellectual property rights, including but not limited to copyrights, patents, trademarks, trade secrets, or any other proprietary rights related to pre-existing materials, tools, methodologies, or software used by the Provider shall remain the exclusive property of the Provider or their respective owners.

   4.2. The Provider grants the Client a non-exclusive, non-transferable license to use any deliverables specifically created for the Client during the engagement, solely for the Client's internal purposes and in accordance with the terms specified in the statement of work or project agreement.

5. Limitation of Liability:

   5.1. The Provider shall exercise reasonable skill, care, and diligence in providing the consultancy services. However, the Provider shall not be liable for any direct, indirect, incidental, consequential, or special damages arising out of or in connection with the engagement, including but not limited to loss of profits, data, or business opportunities.

   5.2. The total liability of the Provider, whether in contract, tort, or otherwise, shall be limited to the fees paid by the Client to the Provider for the specific services giving rise.

6. GDPR Compliance and Data Protection: This section reinforces the importance of GDPR compliance and emphasizes the protection of personal data shared between the Client and the Provider. It ensures that the Client's consent is obtained before disclosing any sensitive business information and highlights the Provider's commitment to data security and confidentiality.

     6.1. The Provider acknowledges the importance of complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. The Provider agrees to handle and process any personal data obtained from the Client in accordance with the GDPR and only for the purposes specified in the engagement.

     6.2. The Client retains full ownership and control over any personal data provided to the Provider for the purposes of the consultancy services. The Provider shall act as a data processor and shall process such data solely on the Client's documented instructions and for the agreed-upon purposes.

    6.3. The Provider shall implement appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of the Client's personal data. This includes measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage of personal data.

    6.4. The Provider shall not transfer any personal data obtained from the Client to any third party without the explicit prior consent of the Client, except as required by law or as necessary for the provision of the agreed-upon consultancy services. In such cases, the Provider shall ensure that any third party engaged in the processing of personal data provides sufficient guarantees regarding the implementation of appropriate technical and organizational measures to protect the data.

    6.5. The Client agrees to provide accurate and up-to-date personal data and to obtain any necessary consents or permissions for the lawful transfer and processing of such data by the Provider. The Client shall indemnify and hold the Provider harmless against any claims, liabilities, or costs arising out of any breach of data protection laws or regulations by the Client.

    6.6. In the event of a personal data breach, the Provider shall promptly notify the Client without undue delay after becoming aware of the breach. The Provider shall cooperate with the Client to investigate and mitigate the effects of the breach and to comply with any legal obligations related to data breach notifications.

    6.7. Upon the completion or termination of the consultancy services, the Provider shall, at the Client's request, securely delete or return any personal data provided by the Client, unless retention is required by law.

    6.8. Both parties shall maintain records of their respective data processing activities as required by the GDPR and provide reasonable assistance to each other to fulfill their obligations under data protection laws.