glaucoma-case-profiling-logo

Terms & Conditions

Including Data Processing Agreement (GDPR Art. 28)

Last update: 19/01/2026

1. Scope

These Terms & Conditions govern access to and use of the Glaucoma Case Profiling Platform by licensed eye care professionals (“Doctors”).

2. Eligibility and Access

  • Access ind invitation-only
  • Only licensed eye care professionals may use the Platform
  • Accounts are personal and non-transferable

3. Doctor Obligations

Doctors agree to:

  • Upload patient data lawfully
  • Obtain and document all required patient consents or rely on another valid legal basis under GDPR
  • Upload only data necessary for clinical purposes
  • Maintain confidentiality of access credentials

4. Prohibited Use

Doctors must not:

  • Upload data without lawful authority
  • Use the Platform for non-medical purpposes
  • Attempt to access unauthorized data

5. Intellectual Property

All intellectual property in the Platform remains the exclusive property of [Your company].

6. Availability and Liability

The Platform is provided “as is”. We do not provide medical advice and do not replace professional judgment.

Liability is limited to the maximum extent permitted by law.

7. Termination

We may suspend or terminate access in case of misuse or breach of these Terms.

8. Governing Law

These Terms are governed by the laws of Italy.

Annex 1 – Data Processing Agreement (DPA)

1. Roles

  • Doctor: Data Controller
  • Platform Provider: Data Processor

2. Subject Matter and Duration

Processing of patient data for the duration of the contractual relationship.

3. Nature and Purpose

Secure hosting, processing, and access to clinical eye-related data for healthcare purposes.

4. Categories of Data

  • Identifying data
  • Demographic data
  • Health and clinical data

5. Processor Obligations

The Processor shall:

  • Process data only on documented instructions
  • Ensure confidentiality
  • Implement appropriate security measures
  • Assist the Controller with GDPR obligations
  • Notify personal data breaches without undue delay

6. Sub-Processors

Sub-processors may be engaged under GDPR-compliant agreements.

7. Data Deletion or Return

Upon termination, data shall be deleted or returned at the Controller’s instruction.

8. Audits

The Controller may request reasonable information to verify GDPR compliance.