Standard Terms and Conditions

STANDARD TERMS AND CONDITIONS OF LABORATORY SERVICE PROVISION AGREEMENT

These standard terms and conditions concern the rights and obligations between SYNLAB Eesti OÜ, registry code 11107913 (hereinafter the Service Provider) and the legal person ordering the laboratory service (hereinafter the Client) in the provision of laboratory services (hereinafter the Service) by the Service Provider.

1. ORDERING THE SERVICE

1.1. In order to order the Service, we ask the Client to forward the order to the Service Provider on the Service Provider’s delivery note together with the properly taken biological material. By submitting the order, the Client accepts these standard terms and conditions.

1.2. To order the materials and information necessary to order the Service, please contact the Service Provider’s customer support by phone at 17123 or at +372 640 8231 or by e-mail at klienditugi@synlab.ee (hereinafter Customer Support).

1.3. Orders can be sent electronically or on a paper delivery note. Please contact Customer Support to receive a paper delivery note or to apply for electronical ordering.

1.4. The instructions for taking biological material  can be downloaded from the website of the Service Provider. Please contact Customer Support for further clarifications regarding the instructions.

1.5. To obtain the test tubes, transport tubes and other sampling equipment necessary for taking biological material, please contact Customer Support by e-mail or submit an order electronically. The Service Provider then arranges the delivery of consumables to the Client within the agreed time, but no later than within 5 working days. If the Client has not received the consumables within this term, please contact Customer Support and the Service Provider will immediately arrange for the consumables to be sent again.

1.6. The consumables mentioned in the previous clause are delivered by the Service Provider to the Client free of charge on the condition that the Client undertakes to use them only to order the Service from the Service Provider. The Service Provider may refuse to send consumables to the Client if the amount of consumables to be ordered is unreasonably large considering the previous or planned order volume of the Services.

1.7. The Service Provider may require the conclusion of a separate agreement in advance if expensive medical equipment or other necessary equipment are delivered in addition to the usual sampling equipment.

2. PRICE LIST FOR THE PROVISION OF THE SERVICE

2.1. The Service Provider’s list of analyzes with prices and deadlines (hereinafter Price List), which specifies the list of Services to be provided, the deadline for Service provision and the price of the Service, can be downloaded from the Service Provider’s website.

2.2. The price of the Service determined in the Price List is based on the price determined in the list of health care services of the Health Insurance Fund, taking into account the coefficients determined in the list of health care services of the Health Insurance Fund or otherwise established.

2.3. Together with the entry into force of changes to the list of health care services of the Health Insurance Fund, the Service Provider will also change the Price List. The Service Provider can also change its Price List for other reasons that have an impact on the price of the Service.

2.4. When paying, the version of the Price List that is valid at the time of ordering the Service is applied, i.e. at the moment when the Client hands over the order to the Service Provider on the Service Provider’s delivery note together with the properly taken biological material.

3. PROVISION OF THE SERVICE AND REPORTING OF THE RESULTS

3.1. The Service Provider confirms that it has the necessary permits, licenses, registrations for the provision of all Services offered, and that other conditions arising from legislation are met.

3.2. The Service Provider confirms that it implements the necessary measures to ensure the quality of the Services provided.

3.3. The Service Provider may use other service providers for the provision of the Service while being responsible to the Client for the activities of other service providers in the same way as for its own activities.

3.4. The Service Provider complies with all data protection obligations arising from legislation and concludes personal data protection and confidentiality agreements with its employees, subcontractors and other persons who may have access to personal data provided by the Client. Information on how the Service Provider processes personal data is set out in the Service Provider’s privacy notice, which is available here. The Client ensures that the data subjects whose personal data he transfers to the Service Provider have familiarized themselves with the Service Provider’s privacy notice.

3.5. The Service Provider makes the results of the Service available within the term specified in the Price List in the Service Provider’s information system. If necessary, the Client has the opportunity to receive answers in paper form by sending a corresponding request to the Customer Support.

3.6. To view the results in the Service Provider’s information system, please contact Customer Support.

3.7. The Service is deemed reviewed and unconditionally accepted if the Client does not submit a claim to the Service Provider’s Customer Support by e-mail within 5 (five) working days from the date the Results are made available.

3.8. The Service Provider has the right to carry out research on the biological material received from the Client, i.a. for scientific purposes, if biological material was left over during the provision of the Service, provided that the biological material does not relate to an unambiguously identifiable or identified person and does not violate the requirements for processing personal data.

4. FEE

4.1. The Client pays the Service Provider a fee (hereinafter Fee) in accordance with the Price List or in accordance with a special agreement concluded with the Client. Value added tax is not added to the Fee in the cases and under the conditions stipulated in the legislation (for example, if it is a healthcare service).

4.2. The Service Provider shall submit to the Client an invoice that meets the requirements set forth in the legislation together with a report (date, name of the patient, attending physician, name of the examination performed, Health Insurance Fund code) for the laboratory examinations performed in the previous calendar month within 5 (five) working days from the beginning of the following calendar month, unless the Client and Service Provider have agreed on a different settlement procedure. The Client pays the Fee to the Service Provider’s bank account IBAN EE361010220110216017. In case of delay in payment of the Fee, the Service Provider may demand interest on the delay from the Client in the amount of 0.07% (zero point zero seven percent) per day from the time the obligation to pay the Fee becomes due until it is fulfilled properly.

5. INTELLECTUAL PROPERTY

5.1. The entire content of the Service Provider’s website https://ee.minu.synlab.ee/, including the texts introducing the Service Provider’s health check-up packages and the description of the health check-up packages, website design, graphic solution, images, other texts, domain name and other copyrights, trade names, trademarks and other intellectual property (hereinafter intellectual property) is the property of the Service Provider and belongs to the Service Provider.

5.2. The intellectual property may not be reproduced, distributed, translated, modified, processed, used to create derivative works from it, performed in public, retransmitted, demonstrated to the public, transmitted, made available to the public, alienated, sold, licensed etc., in any way, without the prior written consent of the Service Provider or unless otherwise provided by the law.

5.3. The Client undertakes to ensure that the Client does not violate the Service Provider’s intellectual property rights when using the Service Provider’s website. Otherwise, the Service Provider has the right to demand a contractual penalty from the Client in the amount of 1000 (one thousand) Euros for each violation.

6. LIABILITY

6.1. The Service Provider is responsible for non-compliance of the Service with the agreed conditions and for the damages of the Client, if the Service Provider has intentionally or grossly negligently violated its obligations.

6.2. If the Service Provider has enough of the biological material transferred by the Client, the Service Provider may remedy the violation and provide the Service again without charging the Fee specified in the Price List for this for a second time. The Service Provider must inform the Client about the re-provision of the Service.

6.3. The Service Provider only compensates the direct property damage of the Client. The standard terms and conditions do not protect third parties and the Service Provider is not obliged to compensate for the damages incurred to third parties.

6.4. The Service Provider will pay compensation to the Client for the damage that occurred due to the non-compliance of the laboratory analysis with the agreed conditions in a maximum amount that corresponds to twice the amount of the price stated in the Price List of the respective analysis. If the Client suffered damage partly due to circumstances caused by the Client, the compensation for damages will be reduced to the extent that these circumstances contributed to the occurrence of the damage.

7. FINAL PROVISIONS

7.1. The Service Provider may change these standard terms and conditions once a month unilaterally by notifying the Client.

7.2. The Service can be ordered indefinitely. The Client may waive the order of the Services and the provision of the Services by the Service Provider by giving notice of this 30 (thirty) days in advance. The right to order the Services and the obligation to provide the Services shall end upon the expiration of this term. In case of unilateral change of the terms of the Agreement by the Service Provider or delay in payment of the Fee by the Client for more than 30 (thirty) days, no notice shall be applied.

7.3. Upon termination of the Service ordering agreement in accordance with clause 7.2, the Service Provider destroys at its own expense the samples of biological material that the Service Provider has not yet analyzed, and the Client returns to the Service Provider, at its own expense, the means of sampling that the Client has not yet used.

7.4. The Service Provider may refuse to provide the Services and terminate the Agreement by notifying the Client 30 (thirty) days in advance. The claims of the Parties expire within 3 (three) years from the date they become due. Disputes between the Parties are settled in the Harju County Court.

 

ANNEX – DATA PROCESSING AGREEMENT

1. GENERAL PROVISIONS

1.1. This Data Processing Agreement applies as an annex to an agreement concluded between SYNLAB Eesti OÜ, registry code 11107913 (hereinafter the Service Provider) and a legal person ordering laboratory services (hereinafter the Customer), under which the Service Provider provides laboratory services to the Customer (hereinafter the Services).

1.2. The Data Processing Agreement is an annex to and an integral part of the Service Contract. The Data Processing Agreement regulates the processing of personal data performed by the Service Provider as a processor (hereinafter the Processor) on behalf of the Customer as the controller (hereinafter the Controller) for the provision of the Services based on a contract between the Parties (hereinafter the Contract).

1.3. To ensure that the processing of personal data is secure, following requirements, and lawful, the Parties have agreed on the conclusion of this Data Processing Agreement.

1.4. The Parties are aware that the Data Processing Agreement and the related personal data processing are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the GDPR) and other relevant legal acts and guidelines of supervisory authorities applied to the processing of personal data in the Republic of Estonia (hereinafter the Legal Acts). With regard to the terms and definitions used in the Data Processing Agreement, the meaning assigned to them in Article 4 of the General Data Processing Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter the GDPR) shall be applied.

2. RIGHTS AND OBLIGATIONS OF CONTROLLER

2.1. The Controller shall ensure that all the guidelines concerning the processing of personal data under the Contract or the Data Processing Agreement or following other agreements or stipulations conform with the provisions of the GDPR and the Legal Acts and the said guidelines will in no way cause a situation in which the Processor would violate the provisions of the GDPR or the Legal Acts.

2.2. The Controller shall comply with the obligations applicable to the Controller under the GDPR and the Legal Acts, including notifying the data subjects of the processing procedures conducted by the Processor.

2.3. The Controller shall notify the Processor if the Controller requests the use of special rules, security measures, or other such related to the processing of personal data.

3. RIGHTS AND OBLIGATIONS OF PROCESSOR

3.1. The Processor shall be obligated to process personal data only pursuant to and in accordance with the terms and conditions of the GDPR, the Legal Acts, the Contract, and the Data Processing Agreement.

3.2. The Processor shall process personal data to the extent necessary for the provision of Services to the Controller, processing data in accordance with the instructions given or received by the Controller at least in a written reproducible format as well as the personal data processing provisions of the Legal Acts. The Processor shall notify the Controller at the first opportunity if the instructions given by the Controller are in the Processor’s opinion in contradiction with the provisions of the GDPR or the Legal Acts.

3.3. The Processor shall process personal data to provide Services to the Controller. The Services comprise healthcare services/laboratory services. The Processor shall analyse the sample materials sent by the Controller. If necessary (depending on the analysis ordered), the Processor shall send the sample materials to a partner laboratory. The Processor shall forward the obtained analysis results to the Controller or, depending on the Contract, directly to the data subject.

3.4. The data subjects whose personal data the Processor processes under the Contract and the Data Processing Agreement include the Customer’s patients, customers, or other data subjects whose sample material the Processor analyses.

3.5. The Processor shall apply the security measures required in the Legal Acts, particularly in Article 32 of the GDPR, including technical and organisational measures, to ensure a level of data processing corresponding to the risks related to the processing of personal data and to avoid the risks arising from the processing of personal data, particularly the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of personal data. The Processor shall have the right to amend or update the technical and organisational measures applied to the processing of personal data under the Data Processing Agreement as necessary and at its own discretion.

3.6. The Processor shall ensure that access to personal data is only given to the Processor’s representatives, specific employees, or other specific persons acting for the benefit of the Processor, who need access to personal data strictly in connection with the fulfilment of their work duties towards the Processor and who are subject to the confidentiality obligation.

3.7. The Processor shall ensure that access to personal data is limited to strictly necessary data which the Processor’s representatives, employees, or other persons acting for the benefit of the Processor need in connection with the fulfilment of their work duties.

3.8. The Processor shall take measures to ensure that no random third persons gain access to personal data, such as employees present on the premises who do not need access in connection with the fulfilment of their work duties, or other service providers.

3.9. The Processor shall use appropriate information technological solutions to process personal data, ensure that its premises are regulated and under surveillance, and that up-to-date virus and spyware protection programmes are used, etc.

3.10. The Processor shall forward the requests of data subjects to the Controller at the first opportunity and help the Controller to fulfil the obligation to respond to requests for exercising the rights of data subjects established in Chapter III of the GDPR, using the appropriate technical and organisational measures and in the extent possible.

3.11. The Processor shall help the Controller to ensure the fulfilment of the obligations arising for the Controller from the Legal Acts, particularly from Articles 32 to 36 of the GDPR, to the extent in which this is reasonable, appropriate and not excessively burdensome and taking into account the nature of personal data processing and the information available to the Processor.

3.12. The Processor shall maintain a register of the personal data processing procedures performed on behalf of the Controller in accordance with the requirements of the GDPR.

3.13. The Processor’s liability towards the Controller shall be limited as agreed in the Contract.

3.14. The Controller allows the Processor to transmit personal data outside the EU/EEA, including to engage Sub-processors located outside the EU/EEA, if the Processor performs such transmissions based on an adequacy decision of the European Commission or has implemented other safeguards established in Chapter V of the GDPR (e.g., the standard contractual clauses approved by the European Commission). The Controller may request information from the Processor about countries to which personal data are transmitted and about the presence or absence of an adequacy decision of the European Commission, or a reference to appropriate safeguards. If any of the measures specified in this section proves inadequate to fulfil the requirements arising from the Data Processing Agreement, the GDPR or the Legal Acts so that the transmission of personal data outside the EU/EEA is lawful, the Processor shall either make reasonable efforts to apply an alternative data transmission mechanism which meets the requirements of the Legal Acts applicable to the processing of personal data under the Data Processing Agreement or discontinue such data transmission.

3.15. The Controller shall have the right to audit the fulfilment of the Data Processing Agreement in accordance with the requirements of the GDPR. The Controller shall be obligated to give the Processor reasonable prior notice of conducting an audit. The audit shall be conducted during the Processor’s ordinary working hours and in a way that obstructs the Processor’s everyday business activities to the minimum extent possible. The Controller understands that during an audit, the Processor cannot disclose to the Controller information that is related to the Processor’s other customers or is the Processor’s trade secret. The Controller shall bear the expenses related to conducting an audit.

4. PERSONAL DATA BREACHES

4.1. The Processor shall be obligated to immediately notify the Controller in the event of a personal data breach or a suspected personal data breach. The notification shall, to the extent possible, state all the information specified in Article 33 (3) of the GDPR to the extent available to the Processor.

4.2. The Processor shall cooperate with the Controller to resolve a personal data breach as efficiently and quickly as possible and/or to alleviate the possible adverse effects of the personal data breach.

5. SUB-PROCESSORS

5.1. The Controller hereby grants the Processor a general written authorisation (pursuant to Article 28 (2) of the GDPR) to engage its own processors (Sub-processors) for the provision of Services.

5.2. If the Processor engages a Sub-processor, the Processor shall conclude a contract with the Sub-processor, the obligations established in which are equivalent to those established in the Data Processing Agreement and remain fully responsible towards the Controller for the fulfilment of the obligations of each Sub-processor.

6. DELETION AND RETURN

6.1. After the end of the Contract or upon the Controller’s respective request, the Processor shall delete all the personal data processed for the provision of Services under the Contract, including all the copies of the personal data in question, or return these to the Controller, except if the Processor has a legal basis or obligation to continue storing the personal data pursuant to the Legal Acts.

6.2. The Controller agrees that the deletion of personal data after the termination of the Contract or the Data Processing Agreement does not exclude the Processor’s right to store the personal data in its backup systems (backup copies). The Processor shall ensure that the applicable safeguards have been implemented, the personal data cannot be directly used in the backup systems and the personal data shall be deleted at the first opportunity, i.e. during the Processor’s next data deletion/destruction cycle.

7. FINAL PROVISIONS

7.1. The Data Processing Agreement shall be terminated in accordance with the provisions of the Contract. The termination of the Contract shall automatically terminate the Data Processing Agreement.

7.2. The Data Processing Agreement shall be subject to the law of the Republic of Estonia. Any disputes arising from the Data Processing Agreement shall be resolved in accordance with the provisions of the Contract.

 

Updated 9.05.2024