Terms and Conditions for Businesses

Terms and Conditions (Business Clients)

Introduction: These Terms and Conditions for Business Clients (“Business Terms”) govern the provision of CareTag.uk services by Health Pros Network Ltd (“we/us”) to you, a business, organisation, or other institutional client (“Client” or “you”). By entering into an agreement or placing an order for any CareTag business service, you agree to these Terms. These Terms apply in addition to any specific Proposal, Order Form, or Master Services Agreement (MSA) we may have executed with you. In case of conflict, the signed agreement terms will prevail over these general Terms.

These Business Terms cover both models of service:

  • Model A: Self-Hosted CareTag Solution: We supply guidance, materials, or software for you to implement emergency info profiles on your own systems. You host and run the solution; we act in a support/advisory capacity.

  • Model B: CareTag-Hosted Service: We host the profiles for your members on our platform (similar to our consumer offering), under your sponsorship. We provide you and/or your members access to create and maintain profiles on our system.

We will clarify within clauses if something applies specifically to one model. If not specified, assume it applies to both.

1. Engagement and Services Provided

  • We will provide the services (“Services”) as described in our agreement with you. This typically includes:

    • For self-hosted: delivering setup documentation, templates (like profile form questions, NFC-enabled bracelet or wallet card format), perhaps a white-label web portal or software, and a training session to your team on how to implement. We may also provide physical CareTag products (blank tags, etc.) if agreed.

    • For hosted: creating or enabling a certain number of CareTag profiles for your end-users (members/employees), hosting them on our CareTag.uk platform, and possibly providing physical CareTag items for each (if part of the package). We may also provide an admin interface or process for your designated staff to manage the profiles, and support to assist users.
  • The scope (number of profiles, duration, any custom features) will be defined in a separate Order Form or contract. For instance, you might purchase 100 profiles valid for 1 year, or a corporate package for unlimited profiles for a flat fee, etc. That document plus these Terms form the agreement.

  • We will use reasonable skill and care consistent with industry standards in performing the Services. However, you acknowledge that our Services, especially the hosted profile service, depend on individuals providing accurate data and using the system properly. We do not guarantee any specific outcome (like that using our service will fulfill all your first aid/legal obligations or that it will definitely be used in an emergency) beyond providing the system as described.

  • Each party will appoint a project manager or point of contact for the implementation phase (if needed) to facilitate communication.

  • If you require any changes to the Services scope, these should be agreed in writing (email suffices) by both parties, and there may be changes in fees if the scope expands.

2. Fees and Payment (Business)

  • Fees: You agree to pay the fees for the Services as set out in the Order Form or invoice. Fees may be structured as a one-time implementation fee, plus subscription fees per profile or per period, or a flat subscription covering X profiles. All fees are in GBP unless stated otherwise and are exclusive of VAT or taxes (if applicable) – we will add VAT if required by law.

  • Invoicing: We will invoice you per the schedule in our agreement. For example, if annual, we might invoice upfront for the year; if quarterly, at quarter start; or if after delivery for setup fees. Invoices are due for payment within 30 days of issue (unless a different term is agreed).

  • Late Payment: If you fail to pay any invoice by the due date, we reserve the right to charge statutory late payment interest (which in UK is 8% above Bank of England base rate) or as per applicable law. Additionally, we may suspend Services (e.g., not create new profiles or temporarily disable profile access) if payment is excessively overdue and after giving a prior payment reminder notice. We prefer to work out payment delays amicably, so we will contact you before any suspension.

  • Purchase Orders: If your organisation requires a PO number on invoices, you should provide that in advance. However, a failure to provide a PO does not relieve you of the obligation to pay on time.

  • Taxes: You are responsible for any taxes or duties (like VAT, sales tax) arising from the fees. If you are tax-exempt, please provide a certificate. For international clients, if withholdings are required by law, you must gross-up payments so we receive full amount owed.

  • Fee Adjustments: Upon renewal of an annual or multi-year contract, we reserve the right to adjust fees (for instance, after an initial term promotional rate). Any fee changes will be communicated at least 60 days before the renewal date. If you do not agree, you may elect not to renew.

  • No Set-off: You shall not withhold any portion of payment claiming offset against any claim or dispute, unless we agree or it’s legally adjudicated. Essentially, pay invoices in full and resolve disputes separately.

3. Client’s Responsibilities and Warranties

  • Provision of Information: You will provide in a timely manner all information and materials reasonably required by us to deliver the Services. For hosted model, that includes providing us with the list of authorised individuals or any initial data. For self-hosted, it might include details of your IT environment, branding assets for customisation, etc.

  • Lawful Basis for Data: You warrant that for any personal data of your members/employees you share with us or ask us to process, you have obtained all necessary consents or have another lawful basis under applicable data protection law. In particular, for any health data, you confirm that the data subjects have given explicit consent for you to process and share that data with us for the purpose of creating an emergency profile, OR that another Article 9 condition applies and you will document it. You also agree to inform the individuals that their data will be processed by us (you can reference our privacy policies).

  • Compliance with GDPR as Controller: In the hosted scenario, you are the data controller. You agree to comply with all obligations of a controller, including providing privacy notices to individuals, honoring their rights, and not instructing us to do anything with the data that would violate the law. We will assist you as needed (see Data Processing Addendum).

  • Appropriate Use: You will use the CareTag services only for legitimate purposes of emergency information. You will not misuse the platform. For example, you will not upload information that is unrelated (no posting of irrelevant personal data), and you will ensure no unlawful, harmful, or discriminatory content is put into profiles. If using self-hosted tools, you will not reverse engineer or use our provided materials beyond your internal purposes.

  • User Management: You are responsible for managing how your members use the service. If, for example, you give out CareTags to employees, you should provide them instructions and ensure they fill in their information accurately. We can provide user guides, but the relationship with the member is largely yours. If a member refuses to participate or withdraws, you should inform us so we can remove their data.

  • Security on Your Side: For hosted model, we handle backend security, but you must ensure that any access credentials we give your admins are kept secure. If we provide an admin login, your staff must use strong passwords and keep them confidential. Immediately notify us if an admin leaves your organisation or should no longer have access, so we can revoke credentials. For self-hosted, you bear responsibility for securing the servers and software as per our guidelines. We are not responsible for vulnerabilities introduced in your hosting environment or for your failure to follow security recommendations.

  • Hardware/Tags: If we supply physical tags or cards, you are responsible for distributing them to the intended individuals and for any printing of info on them if that’s part of the plan. If you customize tags with personal data (like engraving names), ensure accuracy and that you have the person’s okay.

  • Indemnification: You agree to indemnify and hold us harmless from any loss, liability, or claim arising out of: (a) your breach of the warranty that you obtained proper consent/basis for the data you provided, (b) any misuse of the service by you or your users that causes harm (e.g., if you repurpose it for something illegal), or (c) your failure to comply with applicable laws in relation to your use of the Service. This means if we incur damages or legal costs due to your provided data or instructions violating someone’s privacy or rights, you’ll cover those costs, to the extent permitted by law.

  • Licence to Use Feedback: If you provide suggestions or feedback to us about improving CareTag, you grant us a free, perpetual licence to use and incorporate those suggestions without obligation (so we can improve the product).

  • No Resale without Agreement: You are not permitted to resell or offer CareTag services outside your organisation’s use without our consent. If you’re, say, a health provider wanting to offer CareTag to patients as a paid add-on, talk to us for a proper reseller arrangement. The standard business contract assumes you’re using it internally for known members.

4. Data Processing and Confidentiality

  • Data Processing Agreement: Where we process personal data on your behalf (hosted model), our roles are subject to UK GDPR Article 28. These Business Terms incorporate our Data Processing Agreement (DPA) by reference, which sets out specifics like processing subject-matter, duration, nature, purposes, types of data, categories of data subjects, and obligations of both parties. In summary:

    • We (the processor) will only process personal data as needed to provide the Services and in accordance with your documented instructions (the contract and any written instructions given from time to time).

    • We will ensure persons processing the data are bound by confidentiality.

    • We will implement appropriate security measures.

    • We will not engage sub-processors without your general or specific authorisation. (Hereby, you authorise our use of sub-processors listed in our Privacy Policy or provided list. We will inform you of any intended changes to sub-processors and give you a chance to object.)

    • We will assist you in fulfilling data subject rights requests and legal compliance (with things like breach notifications, DPIAs) as needed and reasonably possible.

    • Upon termination of services, at your choice, we will delete or return all personal data (except any we must retain by law).

    • We will make available information needed to demonstrate compliance and allow audits by you or an auditor on your behalf (with reasonable notice, during business hours, not more than once a year, and subject to confidentiality).

  • If you require us to sign a separate formal DPA document for internal compliance, we can do that, but the above captures the essence. Our ICO registration number and security policy can be shared for your due diligence.

  • Confidentiality: Both parties agree to keep confidential any business, technical, or financial information of the other disclosed during the relationship that is either identified as confidential or would reasonably be understood as such given the nature of the info. For example, you might share internal processes, or we might share non-public features roadmap. We both agree not to disclose or use the other’s confidential info except for fulfilling the contract. Exceptions: information that is public (not due to a breach by recipient), lawfully obtained from a third party, or independently developed without reference to confidential info. If required by law or court order to disclose the other’s confidential info, one can do so with prior notice to the extent allowed.

  • Data Ownership: You retain all rights to the personal data of your members you provide to us. We do not acquire any ownership of that data. Similarly, we retain all rights to our know-how, software, and materials. This arrangement is not a transfer of ownership of data or IP, just a limited use for service. If we create a custom solution or integration for you, ownership of that deliverable can be defined in the Order (by default, if it’s based on our platform, we own underlying IP, you get a licence to use it).

  • Reference: Unless you object, we may identify you as a client in our marketing (e.g., listing your organisation name or logo on our site as a user of CareTag). We will not reveal any sensitive details or personal data, just the fact of partnership. If you’d prefer we not do this, let us know in writing.

5. Term and Termination (Business)

  • Term: The term of service is as specified in the Order/contract. Often it might be 12 months from signing or go-live, with automatic renewal for successive terms unless notice is given. Check your specific contract. If not specified, default term is 1 year, renewable annually by mutual agreement.

  • Termination for Convenience: Some contracts may allow either party to terminate without cause with X days’ notice (e.g., 60 days) prior to the end of the current term. If early termination mid-term without cause is allowed (not usual unless specified), any prepaid fees might not be refunded. Generally, we expect the term to run its course.

  • Termination for Cause: Either party can terminate the agreement by written notice if the other party materially breaches it and fails to cure such breach within 30 days of notice. For example, if we fail to provide the service as agreed and don’t fix it, you can terminate and potentially get a refund for remaining period. If you fail to pay or violate usage terms, we can terminate after due warning.

  • Additionally, either party may terminate immediately if the other becomes insolvent or bankrupt or ceases business.

  • Effect of Termination: Upon termination or expiration:

    • We will cease providing the Services. For hosted model, that means we’ll deactivate profiles. We can, at your request, keep them running for a brief transition period if you need to migrate data (subject to agreed fees if extended).

    • Data: As noted in Data Processing, you’ll decide if we should return data to you (in a suitable format) or just delete it. If not instructed, we will securely delete after a grace period.

    • Any unpaid fees for services already rendered or committed are due immediately upon termination. If you terminated for our breach, you aren’t obliged to pay for remaining term and we’d refund any prepayments covering period after termination. If we terminated for your breach or you terminated without cause, we may invoice a pro-rated amount for the rest of the term or any early termination fee specified.

    • Both parties should return or destroy the other’s confidential info upon request (except that which needs to be retained by law or kept in secure archives for proof).

  • Survival: Provisions which by nature should survive (confidentiality, liability limits, data obligations, accrued rights to payment, etc.) will survive termination.

6. Liability (Business)

  • Unlimited Liabilities: Neither party excludes or limits liability for death or personal injury caused by its negligence, or for its fraud or fraudulent misrepresentation. Also, any other liability which cannot be excluded or limited by law (some data protection liabilities, etc.) remains.

  • Limits on Liability: Subject to the above, each party’s total aggregate liability to the other for all claims arising under or in connection with the contract, whether in contract, tort (including negligence), or otherwise, shall be limited to the total fees paid or payable by you to us in the 12 months preceding the claim (or in the first year, the amount expected for that year). This is a typical cap; if you have a different cap in your procurement policies, we negotiate accordingly, but absent that, it’s fee-based.

  • Types of Excluded Damages: We will not be liable for any indirect, special, incidental, or consequential damages, or for any loss of profit, revenue, anticipated savings, business opportunity, goodwill, or data, even if advised of possibility. For example, if our service malfunction leads to you missing a business deal or facing internal disciplinary issues, we are not liable for those knock-on effects. We specifically are not liable for: your failure to obtain consents (that’s your responsibility as controller), any misuse of data by your employees or members, or for the accuracy of data provided by members.

  • Data Protection Liability: While we strive to maintain perfect compliance, if we as a processor breach data protection laws specifically, and you incur regulatory fines or claims as a direct result, our liability to you for those will be subject to the above cap unless otherwise mandated by law. Note, under UK GDPR, data subjects can claim against either controller or processor for full damage, but as between us and you, we’d allocate responsibility in line with fault. We’re open to a clause that each party shall be responsible for and indemnify the other for penalties arising from its own GDPR violations. But any such indemnity from us would still usually be capped as above in aggregate.

  • Acknowledgement: You acknowledge the Service is intended to assist with emergency information but is not foolproof. Provided we adhere to agreed standards, you assume responsibility for any use of the Service in your safety protocols. Our liability if the Service fails at a critical moment (e.g., system downtime during one emergency) is limited as above; you should have backup measures for critical scenarios.

  • If you are providing the service onward to your members (like employees), you will hold us harmless against any claims from those individuals that arise due to your failure to fulfill your responsibilities (for instance, if an employee sues because you forced them to share medical data without proper consent, that’s on you).

  • Insurance: We maintain appropriate insurance (such as professional liability/cyber insurance). If required, we can provide certificate of insurance. Our liability is however limited to the terms here, not the insurance coverage amounts.

7. Intellectual Property Rights

  • Our IP: All intellectual property rights in the CareTag.uk platform, including software, designs, templates, trademarks (“CareTag”), etc., belong to Health Pros Network Ltd or its licensors. Except as explicitly granted, no rights are transferred to you. You get a limited, non-exclusive, non-transferable license to use our platform and materials for the duration of the contract and solely for the purposes of utilising the Service for your organisation. For self-hosted, if we provide a certain software or code, we may grant a license to use that code internally perpetually (if it’s something like a template site), but you cannot use it outside agreed scope.

  • Your IP: You retain ownership of all data you provide and any of your logos or branding we use. If we use your name/logo on our site as reference, that’s under license from you which you can revoke by request.

  • Developments: If during the project we develop a custom feature or integration specifically for you (and you paid for that development), the ownership of that feature can be agreed separately. Often, unless fully bespoke, we will incorporate it into our main product offering (with no identifying info) – in which case we retain ownership but you get the benefit. If it’s entirely bespoke and not reused, we can assign it to you if that’s negotiated, or license it. We will clarify any IP outcomes in proposals.

  • Third-Party Software: If our solution includes third-party open-source or licensed components, we’ll ensure we have rights to use them and will pass through any necessary licensing terms to you. You agree to comply with any such third-party terms that we make known (e.g., not removing an OSS license notice).

8. Service Levels and Support

  • (Note: If we promised specific SLA uptime or support response times in a contract, those would be referenced. If not, general best-effort applies.)

  • Uptime: We aim for a high availability of our hosted platform (e.g., 99% uptime excluding scheduled maintenance). We typically perform maintenance during off-peak hours and will notify you in advance for any major downtime.

  • We are not liable for downtime due to factors outside our control (internet outages, DDoS attacks, etc., see Force Majeure).

  • Support: We provide reasonable email support during business hours (e.g., 9-5 UK time, Mon-Fri) for your designated administrators. They can contact our support for help with using the system or resolving issues. If your members contact us directly (hosted model), we will assist them as well, typically via email support. If you prefer member queries route through your helpdesk, let us know and we’ll redirect them accordingly.

  • Issue Resolution: We classify issues into priority levels (critical = system down, high = major functionality impaired, normal = minor issue or question). We strive to respond to critical issues within e.g. 2 hours and resolve within 24 hours; high within same business day; normal within 2 business days. These are targets, not strict guarantees, unless otherwise contracted.

  • Training: We will provide initial training or documentation to your team as agreed. Additional training or onsite support (if needed) may incur additional charges unless bundled.

  • Feature Updates: You will benefit from any improvements we make to the platform. We may add new features and will inform you of major changes. If any update will require you to change something on your end (for self-hosted, e.g., updating code), we’ll notify and coordinate.

  • Custom Requests: If you need a new feature or change specifically for your deployment, this may be outside the scope. We can discuss custom development and provide a quote.

  • Backups: For hosted, we perform regular backups of data to allow recovery. If an incident occurs causing data loss on our side, we will restore from backup as quickly as possible. If you accidentally delete something (like an admin deletes a profile by mistake), notify us promptly – we might retrieve from backup if within retention, though we can’t guarantee restoration of individually deleted entries outside a full rollback.

  • We do not guarantee that the Service will be error-free or uninterrupted, but we commit to diligently maintain and rectify issues.

9. Termination of Member Profiles (Hosted)

  • This is a specific aspect: If an individual member leaves your organisation or you no longer want us to host their profile, you should either delete it via admin or instruct us to delete it. We will comply promptly.

  • If a profile reaches one year and is not renewed, by default we will delete it (if under a corporate master plan, we might ask if you want to reallocate that slot to a new user).

  • If our contract ends, we will provide you an export of all member data upon request so you have a record, then delete from our side (unless individuals convert to personal accounts, which could be an option if we arrange - e.g., offering employees to continue individually at their own cost).

10. Relationship of Parties

  • We are an independent contractor to you. Nothing in this agreement creates a partnership, joint venture, or agency. Neither party has authority to act on behalf of or bind the other in any way beyond the contract.

  • You are solely responsible for your employees and users; we are not providing medical or professional services, just technical services.

11. Publicity

  • As mentioned, we may use your name and logo in our client lists or marketing materials, which is often mutually beneficial. We will not disclose any sensitive details. If you have guidelines for logo usage, we’ll follow them.

  • Any joint press release or case study will be mutually agreed.

12. Non-solicitation (optional clause):

  • Both parties agree not to knowingly solicit for employment the other party’s staff who have been involved directly in this project, during the term and for 12 months after, without prior consent. (This is to avoid, say, you hiring our key developer away, or vice versa we hiring your project lead. This may or may not be included depending on relationship.)

13. Force Majeure

  • Neither party will be liable for failure or delay in performing its obligations (except payment obligations) due to circumstances beyond its reasonable control: e.g., acts of God, war, terrorism, pandemic, government lockdowns, power or telecom failures, etc. The affected party should notify the other and make reasonable efforts to mitigate. If such force majeure event lasts more than a certain period (say 60 days), either party may terminate the contract by notice.

  • In a force majeure scenario affecting us, we will try to keep critical services running (maybe via backup systems), but there could be interruptions which we aren’t liable for.

14. Governing Law and Dispute Resolution

  • Governing law is typically the law of England and Wales (since we’re UK-based).

  • Jurisdiction: Courts of England and Wales (if you’re UK-based, that’s straightforward. If client is elsewhere, sometimes they negotiate local courts or arbitration).

  • We prefer to resolve disputes amicably. In event of a dispute, senior representatives of each party will meet (virtually is fine) to attempt resolution in good faith before any legal proceedings.

  • If not resolved, we might consider mediation or arbitration for complex cases, but unless specified, litigation in courts as above is default.

15. Entire Agreement

  • These Terms, along with the Order Form or contract, and any documents incorporated (like the DPA, Privacy Policy if referenced), constitute the entire agreement. They supersede any prior discussions or proposals. Any changes or waivers must be in writing and signed by both parties.

  • If you issue a purchase order or similar with additional terms, the parties agree that such terms are for administrative purposes and any substantive legal terms on a PO (like vendor terms) have no effect unless we expressly agree in writing.

  • If any provision is found unenforceable, the rest remains in effect (with a valid interpretation replacing the invalid part).

  • No failure to enforce a provision is a waiver of that provision.

  • You may not assign the agreement to others without our consent (except within your corporate group to a successor). We may assign to a successor in interest (e.g., in merger or sale of our business) with notice to you, provided the successor continues the service as per agreement.

  • No third party beneficiaries in this contract (third parties can’t enforce terms, other than permitted assignees and allowed sub-processors commitments).

  • Notices: Formal notices under these Terms should be sent to the official addresses (ours: the registered office or a specified contact, yours: address on record or specified contact). Email notice is acceptable for routine comms, but legal notices like breach or termination should be delivered with proof (email with read receipt or physical mail recommended).

By signing an Order Form or clicking to accept (if online), the parties indicate acceptance of these Terms and Conditions.

Last Updated: 31st May 2025.

Copyright 2025 | Health Pros Network Ltd t/a CareTag Company number: 15970093
For Organisations
Sectors SupportedPricing GuideHow it WorksContact
Other
Privacy Policy Terms & ConditionsBlog