Service Provider Agreement

---

DOWNLOAD SERVICE PROVIDER AGREEMENT IN PDF

---

TABLE OF CONTENTS

1. PARTIES
2. DEFINITIONS
3. PURPOSE OF THIS AGREEMENT
4. COMPANY AS SERVICE PROVIDER
5. OBLIGATIONS OF THE COMPANY
6. OBLIGATIONS OF THE CLIENT
7. RIGHTS OF THE COMPANY
8. INDEMNIFICATION

---

1. PARTIES

1. The Company. 
2. The Client, as defined in the Master Services Agreement dated               (the “MSA”).

2. DEFINITIONS

Terms not otherwise defined herein shall be as defined in the MSA.

3. PURPOSE OF THIS AGREEMENT

a. This Agreement is further to, and incorporates the terms of, the MSA and the Statement of Work numbered                and dated               (the “SOW”), or an Authorized Amendment dated                      .

b. Pursuant to the SOW, or otherwise, Client has requested the Company to provide one or more Services which may require the Company to generate or have access to Personal Data, including personal health information.

c. This Agreement defines the respective rights and obligations of the Parties in connection with such Personal Data.

d. Except as expressly modified in this Agreement, the terms of the MSA shall apply.

4. COMPANY AS SERVICE PROVIDER

a. The Company shall act as a Service Provider with respect to Circles identified in the SOW or Authorized Amendment.

b. Examples of Services which the Company may provide to or on behalf of the Client include but are not limited to

i. collection of patient-reported outcomes,

ii. migration from one healthcare data platform to the inCytes™ Platform of Personal Data,

iii. development and/or implementation of API’s integrating portions of the inCytes™ Platform with an existing electronic medical record system,

iv. resetting log-in credentials, and

v. other support functions not specifically excluded by the Client in

c. Any operations or functions performed by the Company which involve access to or use of Personal Data are referred to as Service Provider Functions.

d. Under no circumstances shall the Company be, or be considered by the Client as, a data controller (as defined in the GDPR) or similar status under HIPAA or other personal data and patient privacy laws.

5. OBLIGATIONS OF THE COMPANY

The Company shall:

a. Fulfill all lawful and reasonable instructions from the Client as data controller with respect to Personal Data.

b. Create, access and use Personal Data only to the extent necessary to fulfill such instructions, as reflected in the SOW or Authorized Amendment(s).

c. Upon written instructions from the Client, delete all or a specified portion of Personal Data.

6. OBLIGATIONS OF THE CLIENT

The Client shall:

a. Obtain appropriate written consents from any individuals with respect to whom Personal Data is to be accessed in the context of Service Provider Functions.

b. Upon the request of the Company, provide copies of such consents.

c. Properly observe its obligations as a data controller (as defined in the GDPR) or similar status under HIPAA or other personal data and patient privacy laws.

7. RIGHTS OF THE COMPANY

 The Company has the right to:

a. Follow the lawful instructions of any individual having rights with respect to his or her Personal Data.

b. Seek further written documentation from the Client and/or the owner of any Personal Data regarding the generation, maintenance or processing of such Personal Data.

c. Cease providing one or more Service Functions, and/or delete any Personal Data in its possession, if in its reasonable judgment not to do so may be in violation of applicable laws or regulations.

8. INDEMNIFICATION

Each Party indemnifies the other with respect to any costs and expenses incurred as a result of the material breach by the other Party of its obligations hereunder.

 

Date:

Accepted and Agreed