Terms of Service and Privacy Policy
Effective Date: August 1, 2025
Last Updated: December 21, 2025
Version: 1.1
Table of Contents
- Introduction and Acceptance
- Definitions
- Service Description
- Account Registration and Security
- Proprietary Rights and License
- Acceptable Use Policy
- Privacy Policy
- Data Protection and Security
- Service Availability and System Requirements
- Fees and Payment
- Term and Termination
- Disclaimers and Warranties
- Limitation of Liability
- Indemnification
- Intellectual Property
- Confidentiality
- Export Compliance
- Governing Law and Dispute Resolution
- General Provisions
- Contact Information
1. Introduction and Acceptance
1.1 Agreement
These Terms of Service and Privacy Policy ("Agreement") constitute a legally binding agreement between you (whether an individual or entity, "you" or "User") and QueryX ("Company," "we," "us," or "our") concerning your access to and use of the QueryX Hospital Risk Management Application for WHO-compliant Hand Hygiene Monitoring ("Service").
1.2 Acceptance
By clicking "I Accept," accessing, or using the Service, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to this Agreement.
1.3 Compliance
This Agreement complies with:
- General Data Protection Regulation (GDPR) - EU
- California Consumer Privacy Act (CCPA) - USA
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
- UK Data Protection Act 2018 and UK GDPR
- Health Insurance Portability and Accountability Act (HIPAA) - USA (where applicable)
2. Definitions
- "Administrator": User with full access rights within an Organization
- "Authorized Users": Individuals authorized by Organization to use the Service
- "Confidential Information": Non-public proprietary information
- "Content": All data, text, information, and materials submitted to the Service
- "Observer": User with limited access rights for data entry
- "Organization": The healthcare facility or entity subscribing to the Service
- "Personal Data": Information relating to an identified or identifiable natural person
- "Service Data": All data collected or generated through use of the Service
3. Service Description
3.1 Purpose
QueryX is a multi-tenant SaaS platform designed for healthcare facilities to monitor and improve hand hygiene compliance according to WHO guidelines.
3.2 Features
- Hand hygiene observation recording
- WHO 5 Moments compliance tracking
- Real-time analytics and reporting
- Multi-language support (currently English and Italian)
- Role-based access control
- Organization-level data isolation
3.3 Not Medical Advice
THE SERVICE IS NOT INTENDED TO PROVIDE MEDICAL ADVICE. It is a quality improvement tool for healthcare facilities.
4. Account Registration and Security
4.1 Registration Requirements
You must provide accurate, current, and complete information during registration and maintain the accuracy of such information.
4.2 Account Security
You are responsible for:
- Maintaining the confidentiality of your credentials
- All activities that occur under your account
- Immediately notifying us of any unauthorized use
- Implementing appropriate security measures
4.3 User Responsibilities
Organizations must:
- Designate at least one Administrator
- Ensure Authorized Users comply with this Agreement
- Maintain appropriate access controls
- Remove access for terminated employees promptly
4.4 Age Requirements
The Service is intended exclusively for healthcare professionals who are at least 18 years of age. By using the Service, you confirm that:
- You are at least 18 years old
- You are a healthcare professional or authorized personnel within a healthcare organization
- You have the legal capacity to enter into binding agreements
We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such information from our systems. If you believe that we may have collected information from a minor, please contact us immediately at postmaster@queryx.it.
5. Proprietary Rights and License
5.1 License Grant to Use Service
Subject to your compliance with this Agreement, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service solely for your internal business purposes.
5.2 License Restrictions
You shall not:
- Sublicense, sell, resell, or lease the Service
- Reverse engineer or attempt to discover source code
- Modify, adapt, or create derivative works
- Remove or alter proprietary notices
- Use the Service to build a competitive product
- Exceed usage limits or circumvent access controls
5.3 Ownership of Service
We retain all rights, title, and interest in and to the Service, including all intellectual property rights. The Service is protected by copyright, trademark, and other laws.
5.4 User Content License
You retain ownership of your Content. By submitting Content, you grant us a worldwide, non-exclusive, royalty-free license to use, reproduce, and process your Content solely to provide the Service.
5.5 Feedback
Any feedback, suggestions, or recommendations you provide regarding the Service shall become our property and may be used without restriction or compensation to you.
6. Acceptable Use Policy
6.1 Prohibited Uses
You shall not use the Service to:
- Violate any applicable laws or regulations
- Infringe upon intellectual property rights
- Transmit malicious code or viruses
- Interfere with or disrupt the Service
- Access data of other Organizations
- Harass, abuse, or harm others
- Engage in fraudulent activities
6.2 Prohibition on Patient Information
IMPORTANT: IT IS STRICTLY PROHIBITED TO ENTER ANY PATIENT PERSONAL OR SENSITIVE INFORMATION IN ANY FIELD OF THE SERVICE, INCLUDING BUT NOT LIMITED TO NOTES FIELDS, COMMENTS, OR ANY FREE-TEXT AREAS. This includes:
- Patient names or initials
- Patient identification numbers
- Medical record numbers
- Dates of birth or other identifying dates
- Medical diagnoses or conditions
- Any information that could identify a specific patient
LIABILITY: If any User enters patient information in violation of this prohibition:
- The User and their Organization assume FULL AND SOLE LIABILITY for any resulting privacy breaches, regulatory violations, or damages
- QueryX bears NO RESPONSIBILITY for such unauthorized data entry
- The Organization must immediately notify QueryX and take corrective action
- Such violation may result in immediate termination of Service
The Service is designed to track hand hygiene compliance metrics only, NOT patient-specific information.
6.3 Monitoring
We reserve the right to monitor usage for compliance and may suspend access for violations.
7. Privacy Policy
7.1 Information Collection
We collect the following categories of information:
A. Information You Provide Directly:
- Account Information: Full name, email address, professional role, organization name and details
- Profile Information: Language preferences, notification settings
- Service Data: Hand hygiene observations, compliance metrics, session notes (excluding any patient information as per Section 6.2)
B. Information Collected Automatically:
- Technical Data: IP address, device type and model, operating system and version, screen resolution, time zone setting
- Usage Data: Features used, time spent on each section, app opens and session duration
- Performance Data: Error logs, crash reports, loading times, application performance metrics
- Connection Data: Internet service provider, connection type (WiFi/mobile data), approximate location (city/region level based on IP)
C. Information We Do NOT Collect:
- Patient personal data or medical records
- Biometric data
- Financial information (currently, as the Service is free)
- Social media profiles or contacts
- Precise GPS location data
7.1.1 Consent and Withdrawal of Consent
Obtaining Consent
Your consent to this Privacy Policy is obtained when you:
- Click "I Accept" during registration
- Continue to use the Service after being notified of policy updates
- Actively provide information to us
For certain processing activities, we rely on:
- Contractual necessity: Processing required to provide the Service you requested
- Legitimate interests: Service improvement, security monitoring
- Legal obligations: Compliance with healthcare regulations and data protection laws
- Explicit consent: Marketing communications (if applicable in the future)
Withdrawing Consent
You have the right to withdraw your consent at any time. Since the Service cannot function without processing your essential data, withdrawing consent is equivalent to terminating your account.
For Administrators:
You may withdraw consent by:
- Deleting your account through Settings > Account > Delete Account within the application
- Sending an email to postmaster@queryx.it with subject "Account Deletion Request"
Important - Cascade Deletion for Organizations:
When an Administrator deletes their account:
- The Administrator account is immediately deactivated
- All Observer accounts associated with the Organization will be deleted by our team (postmaster@queryx.it) within 7 business days
- After 30 days from the deletion request, all organizational data (observations, compliance records, reports, and any other Service Data) will be permanently deleted by our team
- Observers will be notified via email about the account termination
For Observers:
Observer accounts are managed by your Organization's Administrator. To withdraw consent:
- Contact your Organization's Administrator to request account removal
- Alternatively, send an email to postmaster@queryx.it with subject "Observer Account Deletion Request"
Consequences of Withdrawal
Please be aware that withdrawing consent will result in:
- Immediate loss of access to the Service
- Permanent deletion of all your personal data and Service Data after 30 days
- For Administrators: deletion of all associated Observer accounts and organizational data
- Inability to recover any data after the 30-day period
Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Aggregated, anonymized data that cannot be linked back to you may be retained indefinitely as described in Section 7.8.
Data Export Before Deletion
Before initiating account deletion, Administrators may:
- Export organizational data through Settings > Data > Export (where available)
- Request a data export by emailing postmaster@queryx.it
We recommend exporting your data before submitting a deletion request, as data cannot be recovered after the 30-day retention period.
7.2 Use of Information
We use collected information to:
- Provide and improve the Service
- Generate reports for your Organization
- Ensure security and prevent fraud
- Comply with legal obligations
- Communicate service updates
7.3 Data Sharing
We do not sell Personal Data. We may share data with:
- Service providers under confidentiality agreements
- Legal authorities when required by law
- Successors in business transfers
- Within your Organization per access controls
7.4 Your Privacy Rights
GDPR Rights (EU/UK):
- Access, rectification, and erasure
- Data portability and restriction of processing
- Object to processing and automated decision-making
CCPA Rights (California):
- Know what information is collected
- Request deletion
- Opt-out of sale (we do not sell data)
- Non-discrimination
PIPEDA Rights (Canada):
- Access and correction
- Withdraw consent
- File complaints
7.5 Data Retention
We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of service relationship | Service provision |
| Hand hygiene compliance records | 7 years after collection | Healthcare regulatory compliance |
| Account data after deletion request | 30 days | Recovery period and fraud prevention |
| Backup copies | 30 days after deletion | Technical recovery purposes |
| Security and audit logs | 2 years | Security and legal compliance |
Deletion Process:
- Upon account deletion request, your personal data will be removed from active systems within 7 business days
- Backup copies will be purged within 30 days
- You may request immediate permanent deletion by contacting postmaster@queryx.it
7.6 International Transfers
Data may be processed in countries other than your residence. We ensure appropriate safeguards through Standard Contractual Clauses or other approved mechanisms.
7.7 Data Storage Technologies
As a mobile application, QueryX does not use browser cookies. We use standard mobile storage technologies to provide the Service:
| Technology | Purpose | Can Be Cleared? |
|---|---|---|
| Secure Storage | Authentication tokens to keep you logged in | Yes (by logging out or uninstalling) |
| Local Preferences | Language settings, display preferences, app settings | Yes (via device settings) |
| Local Database Cache | Offline access to your data, faster loading | Yes (via device settings) |
How to Clear Local Data:
You can clear locally stored data through your device settings:
- Android: Settings > Apps > QueryX > Storage > Clear Data
- iOS: Settings > General > iPhone Storage > QueryX > Delete App
Note: Clearing app data will log you out and remove cached information. Your account data stored on our servers will not be affected.
7.8 Aggregated and Anonymized Data
We may create aggregated, anonymized, or de-identified data from the information we collect. This data cannot be used to identify you personally and is not subject to this Privacy Policy.
How We Create Anonymized Data:
- Removing all personal identifiers (name, email, IP address)
- Aggregating data across multiple users and organizations
- Applying statistical techniques to prevent re-identification
How We Use Anonymized Data:
- Generating industry benchmarks for hand hygiene compliance
- Publishing research reports and statistics (without identifying any individual or organization)
- Improving our algorithms and Service features
- Sharing insights with healthcare industry partners
Your Rights Regarding Anonymized Data:
Once data has been properly anonymized, it is no longer considered personal data under GDPR and other privacy regulations. You cannot request deletion of anonymized data as it cannot be linked back to you.
If you do not wish your data to be included in anonymized datasets, please contact us at postmaster@queryx.it before using the Service.
7.9 Marketing Communications
Current Practice:
QueryX currently does not send marketing or promotional communications. We only send:
- Service-related notifications (maintenance, updates, security alerts)
- Account-related messages (password reset, account verification)
- Required legal notices (policy updates, terms changes)
Future Marketing Communications:
If we introduce marketing communications in the future:
- We will obtain your explicit opt-in consent before sending any marketing materials
- You will be able to unsubscribe at any time via a link in each email or through Settings
- We will never share your contact information with third parties for their marketing purposes
- Marketing preferences will be separate from essential service communications
Transactional Communications:
You cannot opt out of essential transactional communications related to your account security, service functionality, or legal obligations, as these are necessary for the provision of the Service.
8. Data Protection and Security
8.1 Security Measures
We implement industry-standard security measures including:
- Encryption in transit (TLS) and at rest (AES-256)
- Multi-factor authentication (where available)
- Role-based access controls
- Regular security audits
- Incident response procedures
8.2 Data Breach Notification
In the event of a data breach, we will notify affected users within 72 hours (or as required by law) and provide information about the nature of the breach and mitigation steps.
8.3 Your Security Obligations
You must:
- Use strong passwords
- Protect login credentials
- Report security incidents promptly
- Train users on security best practices
9. Service Availability and System Requirements
9.1 Availability
We strive for 99.9% uptime but do not guarantee uninterrupted access. Scheduled maintenance will be communicated in advance when possible via email and/or in-app notification.
9.2 System Requirements
The Service is available exclusively as a mobile application. Minimum requirements:
| Platform | Minimum Version |
|---|---|
| Android | 8.0 (API level 26) or higher |
| iOS | 13.0 or higher (when available) |
Additional requirements:
- Stable internet connection (WiFi or mobile data)
- Sufficient storage space for app installation and local data
- Device must support Google Play Services (Android)
9.3 Supported Platforms
The Service is distributed exclusively through:
- Google Play Store (Android) - Currently available
- Apple App Store (iOS) - Planned for future release
The Service is not available as a web application or through any other distribution channel. Any applications claiming to be QueryX obtained outside of official app stores are not authorized and may pose security risks.
9.4 Updates
We may release updates to the Service at any time through the official app stores. Updates may include:
- Bug fixes and security patches
- New features and improvements
- Performance optimizations
- Compliance with new platform requirements
We recommend enabling automatic updates to ensure you have the latest version. Major changes affecting functionality will be communicated in advance via email.
9.5 Device Compatibility
While we strive to support a wide range of devices, we cannot guarantee optimal performance on all devices that meet minimum requirements. Factors such as device manufacturer customizations, available memory, and other installed applications may affect performance.
10. Fees and Payment
10.1 Current Free Access
The Service is currently provided free of charge. By using the Service, you acknowledge and agree that:
- Free access is provided at our sole discretion and may be modified or terminated at any time
- We reserve the right to introduce paid subscription plans in the future
- Continued free access is not guaranteed
10.1.1 Free Plan Limitations
The free Service includes the following limitations per Organization:
| Resource | Maximum Allowed |
|---|---|
| Hospitals | 1 |
| Departments | 2 |
| Observers | 3 |
Organizations requiring additional capacity must contact us at postmaster@queryx.it to discuss available options.
Enforcement: We reserve the right to:
- Monitor account usage for compliance with these limitations
- Contact Organizations that exceed these limitations
- Suspend or restrict accounts that exceed these limitations without prior arrangement
- Require a paid subscription for continued use if limitations are exceeded
By using the Service, you agree not to circumvent these limitations through the creation of multiple accounts or Organizations.
10.2 Future Paid Plans
We may introduce paid subscription plans at any time. If and when we implement fees:
- You will be notified at least 30 days in advance via email and/or in-app notification
- You will be offered a free trial period to evaluate the paid Service before committing
- Pricing, trial duration, and subscription terms will be communicated at that time
- You will have the option to export your data and delete your account if you choose not to subscribe
We will provide clear information about:
- Available subscription plans and pricing
- Features included in each plan
- Payment methods accepted
- Cancellation and refund policies (if applicable)
10.2.1 Transition for Existing Users
If you choose not to subscribe when paid plans are introduced:
- Your access to the Service may be limited or suspended
- You will have a reasonable period to export your data before any deletion
- Specific terms and timelines will be communicated at the time paid plans are announced
10.3 Data Rights During Transition
Regardless of any pricing changes, Administrators maintain the right to:
- Export organizational data at any time before account deletion
- Permanently delete all organizational data through the account deletion process described in Section 11.6
- Request assistance with data export by contacting postmaster@queryx.it
10.4 Taxes
When paid subscriptions are implemented, you will be responsible for all applicable taxes, duties, and governmental charges, excluding taxes based on our net income.
10.5 No Obligation
You are under no obligation to subscribe to paid plans. If you choose not to subscribe when fees are implemented, you may export your data and delete your account. QueryX shall have no liability for your decision not to continue using the Service.
11. Term and Termination
11.1 Term
This Agreement commences upon your acceptance (by clicking "I Accept" or by accessing/using the Service) and continues until terminated by either party in accordance with this Section.
11.2 Termination by You
For Administrators:
You may terminate this Agreement at any time by:
- Deleting your account through Settings > Account > Delete Account within the application
- Sending an email to postmaster@queryx.it with subject "Account Deletion Request"
No advance written notice is required. Upon initiating account deletion, the termination process described in Section 11.6 will begin immediately.
For Observers:
Observer accounts are managed by the Organization's Administrator. Observers may request termination by:
- Contacting their Organization's Administrator to request account removal
- Sending an email to postmaster@queryx.it with subject "Observer Account Deletion Request"
11.3 Termination by Us
We may terminate or suspend your access immediately and without prior notice if you:
- Breach any provision of this Agreement
- Enter patient information in violation of Section 6.2
- Fail to pay applicable fees (when subscription fees are implemented)
- Engage in illegal activities or use the Service for unlawful purposes
- Pose a security risk to the Service, other users, or third parties
- Attempt to access data belonging to other Organizations
- Engage in any activity that disrupts or interferes with the Service
We may also terminate accounts that have been inactive for more than 12 consecutive months, after providing 30 days advance notice via email.
11.4 Service Discontinuation
AS THE SERVICE IS CURRENTLY PROVIDED FREE OF CHARGE, WE RESERVE THE ABSOLUTE RIGHT TO:
- Discontinue development at any time without notice
- Remove the application from any app store or distribution platform
- Terminate the Service entirely without any obligation to users
- Delete all Service infrastructure and data after providing reasonable notice (minimum 30 days)
YOU ACKNOWLEDGE AND AGREE THAT:
- You have no right to continued access to the Service
- We have no obligation to maintain, update, or support the Service
- You cannot claim any damages or compensation for Service discontinuation
- Your sole remedy is to export your data and stop using the Service
In the event of Service discontinuation, we will make reasonable efforts to:
- Provide at least 30 days notice via email to all registered users
- Allow Administrators to export their organizational data during the notice period
- Inform users of the final date for data export
11.5 Termination for Transition to Paid Service
As described in Section 10, if we implement subscription fees:
- Users who do not wish to subscribe may continue using their current version without updating
- Users who update to a paid version will have a free trial period
- After the trial period, access will be limited or suspended unless a subscription is activated
- Users may delete their account and data at any time during or after this process
11.6 Effect of Termination - Data Deletion Process
Upon termination initiated by an Administrator, the following process applies:
| Timeline | Action |
|---|---|
| Immediately | Administrator account is deactivated; access to Service ceases |
| Within 7 business days | All Observer accounts associated with the Organization are deleted by our team (postmaster@queryx.it); Observers receive email notification |
| After 30 days | All organizational data is permanently deleted, including: observations, compliance records, reports, session data, and any other Service Data |
Important Notes:
- Data deletion is irreversible after the 30-day period
- Administrators should export data before initiating deletion (see Section 11.7)
- Aggregated, anonymized data that cannot identify individuals or organizations may be retained indefinitely
- Security and audit logs may be retained for up to 2 years for legal compliance purposes
Upon termination initiated by Us (Section 11.3):
- Access ceases immediately without prior notice
- The same data deletion timeline applies (30 days)
- In cases of serious violations, we reserve the right to preserve data as evidence for potential legal proceedings
11.7 Data Export Before Termination
Before initiating account deletion, Administrators are strongly encouraged to:
- Export organizational data through Settings > Data > Export (where available)
- Request a complete data export by emailing postmaster@queryx.it
- Allow up to 7 business days for export request processing
We are not responsible for any data loss if you fail to export your data before the 30-day deletion period expires.
11.8 Survival
The following sections shall survive termination of this Agreement:
- Section 5.3 (Ownership of Service)
- Section 5.5 (Feedback)
- Section 6.2 (Prohibition on Patient Information) - liability provisions
- Section 7 (Privacy Policy) - as applicable to retained data
- Section 12 (Disclaimers and Warranties)
- Section 13 (Limitation of Liability)
- Section 14 (Indemnification)
- Section 15 (Intellectual Property)
- Section 16 (Confidentiality)
- Section 18 (Governing Law and Dispute Resolution)
12. Disclaimers and Warranties
12.1 Service Provided "AS IS"
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
SPECIFICALLY FOR FREE USERS:
- THE SERVICE MAY BE DISCONTINUED AT ANY TIME
- NO GUARANTEE OF AVAILABILITY OR LONGEVITY
- NO COMMITMENT TO FUTURE DEVELOPMENT
- NO RIGHT TO DEMAND CONTINUED SERVICE
12.2 No Warranty
WE DO NOT WARRANT THAT:
- THE SERVICE WILL BE ERROR-FREE OR UNINTERRUPTED
- THE SERVICE WILL CONTINUE TO BE AVAILABLE
- THE SERVICE WILL MEET YOUR REQUIREMENTS
- DEFECTS WILL BE CORRECTED
- THE SERVICE IS FREE OF VIRUSES
- RESULTS WILL BE ACCURATE OR RELIABLE
12.3 Healthcare Disclaimer
THE SERVICE IS NOT A SUBSTITUTE FOR PROFESSIONAL MEDICAL JUDGMENT. WE ARE NOT RESPONSIBLE FOR HEALTHCARE OUTCOMES OR DECISIONS BASED ON SERVICE DATA.
12.4 Patient Data Disclaimer
THE SERVICE IS NOT DESIGNED OR INTENDED TO STORE PATIENT INFORMATION. WE EXPRESSLY DISCLAIM ALL LIABILITY FOR ANY PATIENT DATA ENTERED INTO THE SYSTEM IN VIOLATION OF SECTION 6.2. USERS WHO ENTER PATIENT INFORMATION DO SO AT THEIR OWN RISK AND ASSUME FULL RESPONSIBILITY FOR ANY RESULTING CONSEQUENCES, INCLUDING BUT NOT LIMITED TO PRIVACY BREACHES, REGULATORY VIOLATIONS, AND ASSOCIATED PENALTIES.
13. Limitation of Liability
13.1 Limitation
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL WE BE LIABLE FOR:
- INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES
- LOST PROFITS, REVENUE, OR DATA
- BUSINESS INTERRUPTION
- DAMAGES EXCEEDING FEES PAID IN THE TWELVE MONTHS PRECEDING THE CLAIM
13.2 Exceptions
These limitations do not apply to:
- Death or personal injury caused by negligence
- Fraud or fraudulent misrepresentation
- Breaches of data protection obligations
- Any liability that cannot be limited by law
13.3 Essential Purpose
THESE LIMITATIONS APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
14. Indemnification
14.1 Your Indemnification
You agree to indemnify, defend, and hold harmless QueryX from any claims, damages, losses, and expenses arising from:
- Your breach of this Agreement
- Your use of the Service
- Your Content
- Violation of any rights of third parties
- Your violation of applicable laws
14.2 Our Indemnification
We will defend you against third-party claims that the Service infringes intellectual property rights and will pay resulting damages, provided you promptly notify us and cooperate.
15. Intellectual Property
15.1 Our IP
All aspects of the Service, including design, functionality, and documentation, are our exclusive property protected by intellectual property laws.
15.2 Your IP
You retain ownership of your Content and any pre-existing intellectual property.
15.3 DMCA Compliance
We respond to notices of alleged copyright infringement under the Digital Millennium Copyright Act.
16. Confidentiality
16.1 Confidential Information
Each party will protect the other's Confidential Information using the same care as for its own confidential information, but no less than reasonable care.
16.2 Exceptions
Confidentiality obligations do not apply to information that:
- Is publicly known
- Was rightfully known beforehand
- Is independently developed
- Must be disclosed by law
17. Export Compliance
You shall comply with all applicable export and import control laws and regulations, including those of the United States and European Union.
18. Governing Law and Dispute Resolution
18.1 Governing Law
This Agreement is governed by Italian law, without regard to conflict of law principles.
18.2 Dispute Resolution
- Negotiation: Parties will first attempt good faith negotiations
- Mediation: If negotiation fails, non-binding mediation
- Arbitration: Finally, binding arbitration
- Exceptions: Either party may seek injunctive relief in court
18.3 Class Action Waiver
You waive any right to bring claims on a class, consolidated, or representative basis.
19. General Provisions
19.1 Entire Agreement
This Agreement constitutes the entire agreement between the parties and supersedes all prior agreements.
19.2 Amendments
We may modify this Agreement with 30 days notice. Continued use constitutes acceptance.
19.3 Severability
If any provision is unenforceable, the remaining provisions continue in effect.
19.4 No Waiver
Failure to enforce any right is not a waiver of that right.
19.5 Force Majeure
Neither party is liable for delays due to circumstances beyond reasonable control.
19.6 Assignment
You may not assign this Agreement without our written consent. We may assign without restriction.
19.7 Notices
Notices must be in writing to the addresses specified in your account or our contact information.
20. Contact Information
QueryX Support
Email: postmaster@queryx.it
Data Protection Officer
Email: postmaster@queryx.it
Response time: Within 30 days
Termini di Servizio e Privacy Policy
Data di Entrata in Vigore: 1 Agosto 2025
Ultimo Aggiornamento: 21 Dicembre 2025
Versione: 1.1
Indice
- Introduzione e Accettazione
- Definizioni
- Descrizione del Servizio
- Registrazione Account e Sicurezza
- Diritti di Proprieta e Licenza
- Politica di Utilizzo Accettabile
- Privacy Policy
- Protezione e Sicurezza dei Dati
- Disponibilita del Servizio e Requisiti di Sistema
- Tariffe e Pagamenti
- Durata e Cessazione
- Esclusioni di Garanzia
- Limitazione di Responsabilita
- Manleva
- Proprieta Intellettuale
- Riservatezza
- Conformita alle Esportazioni
- Legge Applicabile e Risoluzione delle Controversie
- Disposizioni Generali
- Informazioni di Contatto
1. Introduzione e Accettazione
1.1 Accordo
I presenti Termini di Servizio e Privacy Policy ("Accordo") costituiscono un accordo legalmente vincolante tra te (sia come individuo che come entita, "tu" o "Utente") e QueryX ("Societa," "noi," "ci," o "nostro") riguardo al tuo accesso e utilizzo dell'Applicazione QueryX per la Gestione del Rischio Ospedaliero per il Monitoraggio dell'Igiene delle Mani conforme alle linee guida OMS ("Servizio").
1.2 Accettazione
Cliccando "Accetto," accedendo o utilizzando il Servizio, accetti di essere vincolato dal presente Accordo. Se stai stipulando il presente Accordo per conto di una societa o altra entita legale, dichiari di avere l'autorita di vincolare tale entita al presente Accordo.
1.3 Conformita
Il presente Accordo e conforme a:
- Regolamento Generale sulla Protezione dei Dati (GDPR) - UE
- California Consumer Privacy Act (CCPA) - USA
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
- UK Data Protection Act 2018 e UK GDPR
- Health Insurance Portability and Accountability Act (HIPAA) - USA (ove applicabile)
2. Definizioni
- "Amministratore": Utente con pieni diritti di accesso all'interno di un'Organizzazione
- "Utenti Autorizzati": Individui autorizzati dall'Organizzazione a utilizzare il Servizio
- "Informazioni Riservate": Informazioni proprietarie non pubbliche
- "Contenuto": Tutti i dati, testi, informazioni e materiali inviati al Servizio
- "Observer": Utente con diritti di accesso limitati per l'inserimento dati
- "Organizzazione": La struttura sanitaria o entita che sottoscrive il Servizio
- "Dati Personali": Informazioni relative a una persona fisica identificata o identificabile
- "Dati del Servizio": Tutti i dati raccolti o generati attraverso l'uso del Servizio
3. Descrizione del Servizio
3.1 Finalita
QueryX e una piattaforma SaaS multi-tenant progettata per le strutture sanitarie per monitorare e migliorare la conformita all'igiene delle mani secondo le linee guida OMS.
3.2 Funzionalita
- Registrazione osservazioni igiene delle mani
- Monitoraggio conformita ai 5 Momenti OMS
- Analytics e reportistica in tempo reale
- Supporto multilingua (attualmente Inglese e Italiano)
- Controllo accessi basato sui ruoli
- Isolamento dati a livello di Organizzazione
3.3 Non e Consulenza Medica
IL SERVIZIO NON E INTESO A FORNIRE CONSULENZA MEDICA. E uno strumento di miglioramento della qualita per le strutture sanitarie.
4. Registrazione Account e Sicurezza
4.1 Requisiti di Registrazione
Devi fornire informazioni accurate, attuali e complete durante la registrazione e mantenere l'accuratezza di tali informazioni.
4.2 Sicurezza dell'Account
Sei responsabile per:
- Mantenere la riservatezza delle tue credenziali
- Tutte le attivita che si verificano sotto il tuo account
- Notificarci immediatamente qualsiasi uso non autorizzato
- Implementare misure di sicurezza appropriate
4.3 Responsabilita dell'Utente
Le Organizzazioni devono:
- Designare almeno un Amministratore
- Assicurarsi che gli Utenti Autorizzati rispettino il presente Accordo
- Mantenere controlli di accesso appropriati
- Rimuovere tempestivamente l'accesso per i dipendenti cessati
4.4 Requisiti di Eta
Il Servizio e destinato esclusivamente a professionisti sanitari che abbiano compiuto almeno 18 anni di eta. Utilizzando il Servizio, confermi che:
- Hai almeno 18 anni
- Sei un professionista sanitario o personale autorizzato all'interno di un'organizzazione sanitaria
- Possiedi la capacita giuridica di stipulare accordi vincolanti
Non raccogliamo consapevolmente informazioni personali da soggetti di eta inferiore ai 18 anni. Qualora venissimo a conoscenza di aver inavvertitamente raccolto dati personali di un minore, adotteremo misure immediate per eliminare tali informazioni dai nostri sistemi. Se ritieni che potremmo aver raccolto informazioni da un minore, ti preghiamo di contattarci immediatamente all'indirizzo postmaster@queryx.it.
5. Diritti di Proprieta e Licenza
5.1 Concessione di Licenza per l'Uso del Servizio
Subordinatamente alla tua conformita al presente Accordo, ti concediamo una licenza limitata, non esclusiva, non trasferibile e revocabile per accedere e utilizzare il Servizio esclusivamente per i tuoi scopi aziendali interni.
5.2 Restrizioni della Licenza
Non devi:
- Sublicenziare, vendere, rivendere o noleggiare il Servizio
- Decompilare o tentare di scoprire il codice sorgente
- Modificare, adattare o creare opere derivate
- Rimuovere o alterare avvisi proprietari
- Utilizzare il Servizio per costruire un prodotto concorrente
- Superare i limiti di utilizzo o aggirare i controlli di accesso
5.3 Proprieta del Servizio
Manteniamo tutti i diritti, titoli e interessi sul Servizio, inclusi tutti i diritti di proprieta intellettuale. Il Servizio e protetto da copyright, marchi e altre leggi.
5.4 Licenza sui Contenuti dell'Utente
Mantieni la proprieta dei tuoi Contenuti. Inviando Contenuti, ci concedi una licenza mondiale, non esclusiva, esente da royalty per utilizzare, riprodurre ed elaborare i tuoi Contenuti esclusivamente per fornire il Servizio.
5.5 Feedback
Qualsiasi feedback, suggerimento o raccomandazione che fornisci riguardo al Servizio diventera di nostra proprieta e potra essere utilizzato senza restrizioni o compenso nei tuoi confronti.
6. Politica di Utilizzo Accettabile
6.1 Usi Vietati
Non devi utilizzare il Servizio per:
- Violare leggi o regolamenti applicabili
- Violare diritti di proprieta intellettuale
- Trasmettere codice malevolo o virus
- Interferire con o interrompere il Servizio
- Accedere a dati di altre Organizzazioni
- Molestare, abusare o danneggiare altri
- Impegnarsi in attivita fraudolente
6.2 Divieto sulle Informazioni dei Pazienti
IMPORTANTE: E SEVERAMENTE VIETATO INSERIRE QUALSIASI INFORMAZIONE PERSONALE O SENSIBILE DEI PAZIENTI IN QUALSIASI CAMPO DEL SERVIZIO, INCLUSI MA NON LIMITATI A CAMPI NOTE, COMMENTI O QUALSIASI AREA DI TESTO LIBERO. Questo include:
- Nomi o iniziali dei pazienti
- Numeri di identificazione dei pazienti
- Numeri di cartella clinica
- Date di nascita o altre date identificative
- Diagnosi o condizioni mediche
- Qualsiasi informazione che possa identificare uno specifico paziente
RESPONSABILITA: Se qualsiasi Utente inserisce informazioni sui pazienti in violazione di questo divieto:
- L'Utente e la sua Organizzazione assumono PIENA E UNICA RESPONSABILITA per qualsiasi violazione della privacy, violazione normativa o danno risultante
- QueryX NON HA ALCUNA RESPONSABILITA per tale inserimento non autorizzato di dati
- L'Organizzazione deve immediatamente notificare QueryX e intraprendere azioni correttive
- Tale violazione puo comportare la cessazione immediata del Servizio
Il Servizio e progettato per tracciare solo metriche di conformita all'igiene delle mani, NON informazioni specifiche sui pazienti.
6.3 Monitoraggio
Ci riserviamo il diritto di monitorare l'utilizzo per la conformita e possiamo sospendere l'accesso per violazioni.
7. Privacy Policy
7.1 Raccolta delle Informazioni
Raccogliamo le seguenti categorie di informazioni:
A. Informazioni fornite direttamente dall'utente:
- Informazioni Account: Nome completo, indirizzo email, ruolo professionale, nome e dettagli dell'organizzazione
- Informazioni Profilo: Preferenze lingua, impostazioni notifiche
- Dati del Servizio: Osservazioni sull'igiene delle mani, metriche di compliance, note delle sessioni (escluse informazioni sui pazienti come da Sezione 6.2)
B. Informazioni raccolte automaticamente:
- Dati Tecnici: Indirizzo IP, tipo e modello dispositivo, sistema operativo e versione, risoluzione schermo, impostazione fuso orario
- Dati di Utilizzo: Funzionalita utilizzate, tempo trascorso in ogni sezione, aperture app e durata sessione
- Dati di Performance: Log errori, report crash, tempi di caricamento, metriche prestazioni applicazione
- Dati di Connessione: Provider internet, tipo di connessione (WiFi/dati mobili), posizione approssimativa (livello citta/regione basato su IP)
C. Informazioni che NON raccogliamo:
- Dati personali dei pazienti o cartelle cliniche
- Dati biometrici
- Informazioni finanziarie (attualmente, essendo il Servizio gratuito)
- Profili o contatti social media
- Dati di localizzazione GPS precisi
7.2 Utilizzo delle Informazioni
Utilizziamo le informazioni raccolte per:
- Fornire e migliorare il Servizio
- Generare report per la tua Organizzazione
- Garantire la sicurezza e prevenire frodi
- Rispettare gli obblighi legali
- Comunicare aggiornamenti del servizio
7.3 Condivisione dei Dati
Non vendiamo i Dati Personali. Possiamo condividere i dati con:
- Fornitori di servizi sotto accordi di riservatezza
- Autorita legali quando richiesto dalla legge
- Successori in trasferimenti aziendali
- All'interno della tua Organizzazione secondo i controlli di accesso
7.4 I Tuoi Diritti Privacy
Diritti GDPR (UE/UK):
- Accesso, rettifica e cancellazione
- Portabilita dei dati e limitazione del trattamento
- Opposizione al trattamento e al processo decisionale automatizzato
7.5 Conservazione dei Dati
Conserviamo le tue informazioni solo per il tempo necessario a soddisfare le finalita descritte nella presente Privacy Policy:
| Tipo di Dato | Periodo di Conservazione | Motivazione |
|---|---|---|
| Dati account attivo | Durata del rapporto di servizio | Fornitura del Servizio |
| Registrazioni compliance igiene mani | 7 anni dalla raccolta | Conformita normativa sanitaria |
| Dati account dopo richiesta cancellazione | 30 giorni | Periodo di recupero e prevenzione frodi |
| Copie di backup | 30 giorni dopo la cancellazione | Scopi di recupero tecnico |
| Log sicurezza e audit | 2 anni | Sicurezza e conformita legale |
8. Protezione e Sicurezza dei Dati
8.1 Misure di Sicurezza
Implementiamo misure di sicurezza standard del settore incluse:
- Crittografia in transito (TLS) e a riposo (AES-256)
- Autenticazione multi-fattore (dove disponibile)
- Controlli di accesso basati sui ruoli
- Audit di sicurezza regolari
- Procedure di risposta agli incidenti
8.2 Notifica di Violazione dei Dati
In caso di violazione dei dati, notificheremo gli utenti interessati entro 72 ore (o come richiesto dalla legge) e forniremo informazioni sulla natura della violazione e sui passaggi di mitigazione.
9. Disponibilita del Servizio e Requisiti di Sistema
9.1 Disponibilita
Ci impegniamo per un uptime del 99,9% ma non garantiamo un accesso ininterrotto.
9.2 Requisiti di Sistema
Il Servizio e disponibile esclusivamente come applicazione mobile. Requisiti minimi:
| Piattaforma | Versione Minima |
|---|---|
| Android | 8.0 (livello API 26) o superiore |
| iOS | 13.0 o superiore (quando disponibile) |
9.3 Piattaforme Supportate
Il Servizio e distribuito esclusivamente attraverso:
- Google Play Store (Android) - Attualmente disponibile
- Apple App Store (iOS) - Previsto per rilascio futuro
10. Tariffe e Pagamenti
10.1 Accesso Gratuito Attuale
Il Servizio e attualmente fornito gratuitamente.
10.1.1 Limitazioni del Piano Gratuito
Il Servizio gratuito include le seguenti limitazioni per Organizzazione:
| Risorsa | Massimo Consentito |
|---|---|
| Ospedali | 1 |
| Reparti | 2 |
| Observer | 3 |
Le Organizzazioni che necessitano di capacita aggiuntiva devono contattarci all'indirizzo postmaster@queryx.it.
11. Durata e Cessazione
11.1 Durata
Il presente Accordo entra in vigore al momento della tua accettazione e rimane in vigore fino alla cessazione.
11.2 Cessazione da Parte Tua
Puoi cessare il presente Accordo in qualsiasi momento eliminando il tuo account o contattando postmaster@queryx.it.
11.6 Effetti della Cessazione - Processo di Cancellazione Dati
| Tempistica | Azione |
|---|---|
| Immediatamente | L'account Amministratore viene disattivato; l'accesso al Servizio cessa |
| Entro 7 giorni lavorativi | Tutti gli account Observer associati vengono eliminati |
| Dopo 30 giorni | Tutti i dati organizzativi vengono eliminati permanentemente |
12. Esclusioni di Garanzia
IL SERVIZIO E FORNITO "COSI COM'E" E "COME DISPONIBILE" SENZA GARANZIE DI ALCUN TIPO.
13. Limitazione di Responsabilita
NELLA MISURA MASSIMA CONSENTITA DALLA LEGGE, IN NESSUN CASO SAREMO RESPONSABILI PER DANNI INDIRETTI, INCIDENTALI, SPECIALI O CONSEQUENZIALI.
14. Manleva
Accetti di indennizzare e manlevare QueryX da qualsiasi reclamo derivante dal tuo utilizzo del Servizio.
15. Proprieta Intellettuale
Tutti gli aspetti del Servizio sono di nostra esclusiva proprieta protetta dalle leggi sulla proprieta intellettuale.
16. Riservatezza
Ciascuna parte proteggera le Informazioni Riservate dell'altra parte.
17. Conformita alle Esportazioni
Devi rispettare tutte le leggi applicabili sul controllo delle esportazioni.
18. Legge Applicabile e Risoluzione delle Controversie
18.1 Legge Applicabile
Il presente Accordo e regolato dalla legge italiana.
18.2 Risoluzione delle Controversie
- Negoziazione: Le parti tenteranno prima negoziazioni in buona fede
- Mediazione: Se la negoziazione fallisce, mediazione non vincolante
- Arbitrato: Infine, arbitrato vincolante
19. Disposizioni Generali
Il presente Accordo costituisce l'intero accordo tra le parti. Possiamo modificarlo con 30 giorni di preavviso.
20. Informazioni di Contatto
Supporto QueryX
Email: postmaster@queryx.it
Responsabile della Protezione dei Dati
Email: postmaster@queryx.it
Tempo di risposta: Entro 30 giorni