1. BeautyTune Website
   1. Please read these terms (the “Terms”) carefully as they govern your use of the BeautyTune website.
   2. By accepting introductions and/or continuing to use any part of the BeautyTune website, at www.beautytune.me (the “website”), you confirm your acceptance of the Terms, Privacy Policy and Cookie Policy.  Do not use the BeautyTune website or accept direct introductions unless you wish to be bound by the terms, privacy policy and cookie policy.
   3. We may vary the Terms from time to time and shall post such alterations on the Website.  If you do not agree to the changes made to the Terms, then you have the right to stop using the BeautyTune website, and should do so immediately.  Your continued use of the BeautyTune website after the date the changes have been posted will constitute acceptance of the amended Terms.
   4. To register for a Treatment Provider’s account on our Website, you must be at least 18 years of age, and/or be acting on behalf of a company or other organisation.
   5. You may register for a Treatment Provider’s account with our Website by completing and submitting the account registration form on our Website.
   6. You will be required to provide us with details of the treatment services which you make available to patients. The list will be available in your Website account. We may add new services from time to time and you will be able to update your list of chosen treatments. You will be able to quote prices on an individual basis to patients, based on the request received.
   7. We may require a minimum of one work reference before you will be accepted to be registered with us. We may also check your qualifications and you agree to provide us with any copies or certificates and/or other evidence which we may request at any time. You agree to keep us updated and notify us immediately of any change in your qualifications, licensing or status which is relevant to the provision of your services (all changes must be provided to us within 14 days of the change and any failure to do so will be considered a fundamental breach of these terms, which may result in immediate suspension or termination of your account).
   8. You will be required to be appropriately insured to carry out the services which you offer and to provide us with an up-to-date copy of your insurance on request.
   9. You warrant that you hold all necessary authorisation, licences and liability insurance required to provide the services which you offer to patients through the Website and warrant that all information you provide whether on the Website or direct to customers will be true and accurate and not misleading. You agree to provide us with an up-to-date copy of your patient contract and/or terms (as applicable).
   10. You agree to treat all patients with all due professionalism, care and respect, and to follow all relevant guidelines and rules of conduct, uniform and procedures which are applicable to your industry and location, and any other guidelines which we may provide through our Website.
   11. If a patient is concerned that they have been mistreated or overcharged, our professional team will investigate the matter. If our conclusion is that mistreatment or an incorrect overcharge has been made, you will be asked to repay the amount of any overcharge or to refund any mistreatment (or to provide compensation, where appropriate). If you do not comply with any request for repayment or compensation, your account may be suspended or terminated and we reserve the right to take any further action at our discretion.
2. Definitions
   1. Where we refer to “you” or the “Treatment Provider” in these Terms, we mean you, any company you work for and any person or entity that accesses or uses the Beauty TuneWebsite or does work for a Patient on your behalf.   
   2. The term “we” means ROYALE MEDICAL CONCIERGE LTD, the owner and operator of the Website, whose registered office is Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX and whose company registration number is 13062644 (“us” and “our” will be construed accordingly).

   3. These Terms make use of the following definitions:

      “Patient” means the person or entity which wishes to engage you to provide your services and is introduced to you through the Website.

      “Treatment provider” the licensed medical professional authorized to provide the service.

3. Operation of the Platform
   1. The BeautyTune Website is designed to enable Patients to submit a request for a service such as doctors, dentists and cosmetic services (amongst others) (“Requests for Services”) and to receive responses from suitable Treatment Providers who are able to provide those services in the selected geographical area.
   2. If you register as a Treatment Provider through our Website, we may from time to time forward you Request for Services submitted by Patients on the platform.
   3. If you wish to offer your services in response to a request, you will be required to complete the form on the Website setting out details of the service you are able to offer and, where applicable, the estimate or price at which you are able to offer this service. If you require more information from the Patient before providing a quote, you will be able to message the Patient through the Website’s Messaging feature.
   4. As the Treatment Provider, you will be required to offer either a fixed price quote or an estimate based on the information provided by the Patient in their request. Where a fixed price quote has been provided, this cannot be changed once the Patient has accepted the quote. You will be required to undertake the services set out in the finalized request for the fee described in the quote provided. Estimates may be given in instances where there are factors that prevent you from issuing a fixed price quote.
   5. Once you have provided a quote for your services that quote will be made available for the patient to accept within a limited expiry period. When making a request for a quote, the Patient will choose the expiry period during which it may remain open (usually 15, 30 or 45 days).
   6. If a Patient wishes to purchase your services, they will do so by contacting you directly over the phone or via email referring to the ‘Quote ref. number’.
   7. Treatment Providers are expected to treat Patients at all times with full dignity and respect and we reserve the right to remove any Treatment Provider who displays any inappropriate behaviour, or about which receives any negative feedback from Patients, from using the Website.
   8. You agree that you shall not attempt at any time to circumvent the Website or to offer services direct to the Patient without registering these services through the Website. Should we become aware of any breach by you, it may result in the suspension or termination of your account. We reserve the right to take any further action at our discretion.
4. Your compliance with these Terms
   1. You understand that we might make enquiries with any Client to ensure that you are complying with your obligations under the Terms.
   2. If you wish to deactivate or delete your registration with Beauty Tune, you can do so at any time through your Account Dashboard.You will still be bound to provide any treatment which has been booked by a Client prior to your request for removal.
   3. We have the right to remove any Treatment Provider from our database, if we receive complaints about that Treatment Provider, or for any other reason at our entire discretion.
   4. Clients will be asked to contact you direct in the case of any cancellation or request for a refund. With regard to cancellations, all refunds should follow our cancellation charges set out in clause 3.7. With regard to disputes arising for services which have been completed, you must agree any refund directly with the Client.
   5. You agree to comply with and follow all relevant Treatment Provider guidelines that we may issue from time to time. If we have reason to believe that your provision of services falls below the industry standards we expect from our Treatment Providers. If you fail to meet our guidelines, we may suspend or terminate your account.
5. Reviews
   1. You understand and agree that we may contact any Client to ask for a review of the services you have provided and that we may use such review for any purpose, including providing such review to prospective Clients and/or posting such review to the Website.
   2. You acknowledge that all present and future copyright and other intellectual property rights subsisting in, or used in connection with, such reviews is our property, and nothing in the Terms shall be taken to transfer any such intellectual property to you. In particular, you may not use all or any part of a review for any purpose outside of the Beauty TuneWebsite without our written permission.
6. Disclaimers
   1. We are not obligated to make available the BeautyTune Website services to you and we reserve the right to remove you from the BeautyTune Website at any time and for any reason at our discretion.
   2. Where we have made the BeautyTune Website available, we are not obligated to submit to you Requests for Services, and you are not obligated to submit quotes or accept instructions from a Patient (prior to a booking being made).
   3. We make no warranty that the BeautyTune Website will provide an uninterrupted service or be error free, or that any defects will be corrected.  While we take steps to prevent misuse of our systems, we cannot warrant that the BeautyTune Website will be free of viruses or other malicious code and accept no liability for loss or damage caused from the transmission of such code.  We recommend that you always use up-to-date firewalls, anti-virus and anti-malware software to protect your equipment and data.
   4. We make no warranty as to the Patients we refer to you and are not liable for any loss or damage you may incur as a result of an introduction to a Patient, including without limitation any failure by the Patient to pay you for your work.  
   5. BeautyTune acts as an introducing agent and is not a party to any contract made between you and the Patient. You will be responsible for all legal and regulatory requirements relevant to your contract with your Patient.
7. Verification of identity
   1. Although we have no obligation to do so, we reserve the right at our discretion to use third party services to scan on an ongoing basis a variety of sources, which may include, but are not limited to, sex offender registries, certain media streams, terrorist watch lists, criminal and fugitive watch lists, fraud watch lists, law enforcement reports, and other data to assist us in verifying the information you provide us and the representations and warranties you make in these terms of use and on the Website and in evaluating your suitability to use or be listed on the Website. By using the Website, you authorise us to conduct such checks and searches and to review the information provided by third party verification service and we retain the right to terminate your registration based on the information we receive. You also hereby represent, understand and expressly agree that we do not have control over or assume any responsibility for the quality, accuracy, or reliability of the information included in a verification check. If you do not consent to these verification checks being performed, you should not use our Website.
8. Limitation of Liability
   1. Nothing in these Terms shall exclude or limit our liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot lawfully be excluded or limited.
   2. If you are dissatisfied with the BeautyTune Website, or the Terms, your remedy under the Terms shall be to discontinue your use of the BeautyTune Website.  
   3. Other than as set out above, we shall not be liable in contract, tort, negligence, statutory duty, misrepresentation, or otherwise for any loss or damage whatsoever arising from or in any way connected with these Terms or your use of the BeautyTune Website.
   4. Except as expressly set out in these Terms, all conditions, warranties and obligations which may be implied or incorporated into the Terms by statute, common law, or otherwise and any liabilities arising from them are expressly excluded to the extent permitted by law.
   5. We shall not be liable for any loss of business, loss of profits, business interruption, loss of business information, or any other economic loss.
   6. In the event that any limitation or exclusion of liability in the Terms is not enforceable, then we shall not be liable to you for more than £100 in total in respect of all matters concerning or arising out of your use of the BeautyTune Website.
9. Intellectual Property Rights
   1. You acknowledge that all present and future copyright and other intellectual property rights subsisting in, or used in connection with, the BeautyTune Website (the “Intellectual Property“), including the manner in which BeautyTune is presented or appears and all information and documentation relating to it, is our property (or that of our licensors), and nothing in the Terms shall be taken to transfer any of any Intellectual Property to you.
10. Data Processing
    1. You agree to handle, store and process any personal data relating to Patients strictly in accordance with the terms of the Data Processing Schedule set out below.
11. General Terms
    1. If any of the Terms are held to be illegal or unenforceable, such provisions shall be severed and the rest of the Terms shall remain in full force and effect. 
    2. The Terms constitute the entire agreement and replace any previous agreement or understanding (whether oral or written, express or implied) between us in respect of the matters contained or referred to in the Terms.  Each of us agree that, in entering the Terms, we have not relied on and have no remedy in respect of, any representation, warranty or other provision (oral or written, express or implied) of any person which is not expressly set out in the Terms.   The only remedy available in respect of any misrepresentation or untrue statement shall be a claim for breach of contract under the Terms.  This paragraph does not operate to limit or exclude any liability arising from any fraudulent or dishonest statement, act or omission.
    3. We reserve the right at all times to edit, refuse to post, or to remove from the BeautyTune Website any information or materials for any reason whatsoever, and to disclose any information we deem appropriate to satisfy any obligation we may have under applicable laws, regulatory requirements, legal processes, or to satisfy any request of the police, government or any regulatory body.
    4. You may not assign, transfer or sub-contract any of your rights under the Terms without our prior written consent.  We may assign, transfer or sub-contract all or any of our rights at any time without consent.
    5. A person who is not a party to the Terms shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any provision in the Terms.
    6. No waiver by either of us shall be effective unless in writing, and no waiver shall constitute a continuing waiver so as to prevent us or you from acting upon any continuing or subsequent breach or default.
    7. The Terms shall be subject to the laws of England and the parties shall submit to the exclusive jurisdiction of the English courts.

DATA PROCESSING SCHEDULE

This Data Processing Schedule shall apply between the Treatment Provider (defined in this Schedule as the “Data Processor”) and ROYALE MEDICAL CONCIERGE LTD (defined in this Schedule as the “Patient Organisation” or “Data Controller”) whenever the Treatment Provider acts as a data processor in relation to personal data provided by the Patient Organisation.

BACKGROUND:

• The Patient Organisation is acting for these purposes as a Data Controller.
• The Patient Organisation wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
• The Treatment Provider shall for these purposes act as the Data Processor.
• The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

IT IS AGREED AS FOLLOWS:

1. Definitions and Interpretation
   1. Capitalised terms and expressions used in this Schedule shall have the following meaning:
      1. “Patient Organisation Personal Data” means any Personal Data Processed by a Sub-processor on behalf of Patient Organisation pursuant to or in connection with the Principal Agreement;
      2. “Data Protection Laws” means the UK Data Protection Act 2018 (as amended or replaced from time to time) and the EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
      3. “Data Transfer” means:
         1. a transfer of Patient Organisation Personal Data from the Patient Organisation to a Sub-processor; or
         2. an onward transfer of Patient Organisation Personal Data from a Sub-processor to a second Sub-processor, or between two establishments of a Sub-processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
      4. “EEA” means the European Economic Area;
      5. “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
      6. “GDPR” means EU General Data Protection Regulation 2016/679;
      7. “Principal Agreement” means the Terms of Service document setting out the agreed terms between the Treatment Provider and the Patient Organisation for the use of the Website.
      8. “Services” means the services which the Patient Organisation provides to its members.
      9. “Sub-processor” means any person appointed by or on behalf of Processor to process Personal Data on behalf of the Patient Organisation in connection with the Schedule.
   2. The terms, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach” and “Processing” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
2. Processing of Patient Organisation Personal Data
   1. The Data Processor shall:
      1. Comply with all applicable Data Protection Laws in the Processing of Patient Organisation Personal Data; and
      2. not Process Patient Organisation Personal Data other than on the relevant Patient Organisation’s documented instructions.
3. Data Processor Personnel
   1. The Data Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Sub-processor who may have access to the Patient Organisation Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Patient Organisation Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with all applicable laws in the context of that individual’s duties to the Sub-processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4. Security
   1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor shall in relation to the Patient Organisation Personal Data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
   2. In assessing the appropriate level of security, the Data Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5. Subprocessing
   1. The Data Processor shall not appoint (or disclose any Patient Organisation Personal Data to) any Sub-processor unless required or authorised by the Patient Organisation.
6. Data Subject Rights
   1. Taking into account the nature of the Processing, the Data Processor shall assist the Patient Organisation by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfillment of the Patient Organisation obligations, as reasonably understood by Patient Organisation, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
   2. The Data Processor shall:
      1. promptly notify Patient Organisation if it receives a request from a Data Subject under any Data Protection Law in respect of Patient Organisation Personal Data; and
      2. ensure that it does not respond to that request except on the documented instructions of Patient Organisation or as required by all applicable laws to which the Processor is subject, in which case Processor shall to the extent permitted by all applicable laws inform Patient Organisation of that legal requirement before the Sub-processor responds to the request.
7. Personal Data Breach
   1. The Data Processor shall notify Patient Organisation without undue delay upon the Data Processor becoming aware of a Personal Data Breach affecting Patient Organisation Personal Data, providing Patient Organisation with sufficient information to allow the Patient Organisation to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
   2. The Data Processor shall co-operate with the Patient Organisation and take reasonable commercial steps as are directed by Patient Organisation to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation
   1. The Data Processor shall provide reasonable assistance to the Patient Organisation with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Patient Organisation reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Patient Organisation Personal Data by, and taking into account the nature of the Processing and information available to, the Sub-processors.
9. Deletion or return of Client Organisation Personal Data
   1. The Data Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Patient Organisation Personal Data, delete and procure the deletion of all copies of the Patient Organisation Personal Data (except as may be lawfully retained under Data Protection Laws).
10. Audit rights
    1. Subject to this section 10, the Data Processor shall make available to the Patient Organisation on request all information necessary to demonstrate compliance with this Schedule, and shall allow for and contribute to audits, including inspections, by the Patient Organisation or an auditor mandated by the Patient Organisation in relation to the Processing of the Patient Organisation Personal Data by the Sub-processors.
    2. Information and audit rights of the Patient Organisation only arise under section 10.1 to the extent that the Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
11. Data Transfer
    1. The Data Processor may transfer data, including any Data Transfer, to countries outside the EU and/or the European Economic Area (EEA). If personal data processed under this Schedule is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.
12. General Terms

    1. Confidentiality. Each Party must keep this Schedule and information it receives about the other Party and its business in connection with this Schedule (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:

       Disclosure is required by law; or

       The relevant information is already in the public domain.

    2. Notices. All notices and communications given under this Schedulemust be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Scheduleat such other address as notified from time to time by the Parties changing address.
13. Governing Law and Jurisdiction
    1. This Schedule is governed by English law. Any dispute arising in connection with this Schedule, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of England & Wales.
14. Privacy Practices
    1. In the course of using our applications and services you may come in contact with a patient’s protected health information ("PHI") which may be subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In acknowledgment of the confidential nature of PHI, you agree to only access, use, or disclose a patient’s PHI in compliance with applicable state or federal laws, including but not limited to, HIPAA and the privacy regulations promulgated pursuant to HIPAA such as the requirements of 45 C.F.R. §160, 162, and 164 and related regulations. You also agree to use any patient’s PHI consistent with permitted and required uses under HIPAA and in accordance with other applicable laws.
    2. Further, in the event that we are considered to be a “covered entity” or “business associate” under HIPAA, you shall execute a Business Associate Agreement in the form provided for the purpose of complying with HIPAA.
    3. You understand and agree that we have no, expressed or implied, with regard to your use of a patient’s PHI, whether such use is authorized or not.