Clinician Terms and Conditions

Clinician Terms and Conditions



(From 25th May 2018)


“Abcodia” means Abcodia Limited (07383925) or such other member of its Group as has agreed to provide the Service to the Client.
“Agreement” means the contract between Abcodia and the Client for the supply of the Service, incorporating these Terms and Conditions and the Instructions for Use.
“Applicable Laws” means all laws of the European Union law (or the law of one of the Member States of the European Union), national and local laws, ordinances, rules and regulations as amended re-enacted or in force from time to time applicable to this Agreement, and/ or activities contemplated hereunder, including Data Protection Laws.
“Client” means the person or organisation requesting the Service from Abcodia.
“Controller” has the meaning set out in the GDPR;
“Client Data” means the Personal Data Processed by (or on behalf of) either Party under, or in connection with, this Agreement (as such Personal Data is more particularly described in Schedule 1 (Data Protection Particulars));
“Data Protection Impact Assessment” means an assessment of the impact of the envisaged Processing operations on the protection of Personal Data, as required by Article 35 of the GDPR;
“Data Protection Laws” means (a) any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction (as amended, consolidated or re-enacted from time to time) which relates to the protection of individuals with regards to the processing of personal data to which a Party is subject, including the Data Protection Act 2018 and the GDPR and (b) any code of practice or guidance published by the ICO and/or European Data Protection Board from time to time;
“Data Protection Particulars” means, in relation to any Processing under this Agreement:

(a) the subject matter and duration of the Processing;

(b) the nature and purpose of the Processing;

(c) the type of Personal Data being Processed; and

(d) the categories of Data Subjects;

“Data Subject Request” means an actual or purported request, notice or complaint from (or on behalf of) a Data Subject exercising his rights under the Data Protection Laws;
“Data Subject” has the meaning set out in the GDPR;
“Data Transfer” means transferring the Client Data to, and/ or accessing the Client Data from and/ or Processing the Client Data within, a jurisdiction or territory that is a Restricted Country;
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1, 4.5.2016;
“Good Industry Practice” means, at any time, the exercise of that degree of care, skill, diligence, prudence, efficiency, foresight and timeliness which would be reasonably expected at such time from a leading and expert supplier of similar services to the Service to a customer like the Customer, such supplier seeking to comply with its contractual obligations in full and complying with all applicable laws (including the Data Protection Laws);
“Group” means Abcodia, its subsidiaries and holding companies and the subsidiaries of such holding companies (‘holding company’ and ‘subsidiary’ having the meanings given in the Companies Act 2006).
“ICO Correspondence” means any correspondence or communication (whether written or verbal) from the ICO in relation to the Processing of the Client Data;
“ICO” means the UK Information Commissioner’s Office, or any successor or replacement body from time to time;
“Instructions for Use” A document that comprises part of the ROCA® Test Kit and describes how the ROCA® Test should be used by the Client.
“Losses” means losses, liabilities, damages, compensation, awards, payments made under settlement arrangements, claims, proceedings, costs and other expenses including fines, interest and penalties, whether arising in contract, tort (including negligence), breach of statutory duty or otherwise, legal and other professional fees and expenses;
“Patient” means women who attend the Client’s clinic or such other facilities for the ROCA Test.
“Permitted Purpose” means the purpose of the Processing as set out in more detail in the Data Protection Particulars;
“Personal Data Breach” has the meaning set out in the GDPR and, for the avoidance of doubt, includes a breach of Clause 7.3.1(d);
“Personal Data” has the meaning set out in the GDPR and for the purposes of this Agreement, includes Sensitive Personal Data;
“Personnel” means all persons engaged or employed from time to time by Abcodia in connection with this Agreement, including employees, consultants, contractors and permitted agents;
“Processing” has the meaning set out in the GDPR (and “Process” and “Processed” shall be construed accordingly);
“Processor” has the meaning set out in the GDPR;
“Restricted Country” means a country, territory or jurisdiction outside of the European Economic Area which the EU Commission has not deemed to provide adequate protection in accordance with Article 25(2) of the DP Directive and/ or Article 45(1) of the GDPR (as applicable);
“ROCA® Test Report” means the result of the Patient’s ROCA® Test.
“ROCA® Test Kit” means the Instructions for Use, a ‘Patient Information and Consent Form’, a ‘Test Request Form’, Summary Instructions and a Return Envelope.
“ROCA® Test” means the test performed to analyse a Patient’s individual blood profile of CA125 to assess the risk that the Patient may have ovarian cancer.
“Sample” means the Patient’s blood sample provided by the Client to Abcodia for investigation through the Service.
“Security Requirements” means the requirements regarding the security of the Personal Data, as set out in the Data Protection Laws (including, in particular, the seventh data protection principle of the DPA and/ or the measures set out in Article 32(1) of the GDPR (taking due account of the matters described in Article 32(2) of the GDPR)) as applicable;
“Sensitive Personal Data”


means Personal Data that reveals such special categories of personal data as are listed in Article 9(1) of the GDPR; and
“Service” means the conduct of the ROCA® Test, as requested in the ‘Test Request Form’ submitted by the Client and accepted by Abcodia.
“Third Party Request” means a written request from any third party for disclosure of Client Data where compliance with such request is required or purported to be required by law or regulation.


References to the singular include the plural and vice versa.

Paragraph headings are for ease of reference only and are not part of these Terms and Conditions for the purpose of construction. A reference to a paragraph is to the relevant paragraph of these Terms and Conditions.

  1. The Service
    • Abcodia shall use reasonable endeavours to provide the Service with reasonable skill and care and in accordance with its quality assurance standards.
    • Abcodia will provide the Client with a ROCA® Test Kit along with a customised envelope for returning the Sample to Abcodia free of charge.
    • The Client shall notify Abcodia in writing of any clinical and other information relevant to the Service by completing the Test Request Form, so that Abcodia can conduct the ROCA® Test and provide the ROCA® Test Report pursuant to paragraph 1.7.1. The Client shall ensure that all Samples provided are labelled correctly with the Patient’s given name, surname, and date of birth.
    • Abcodia reserves the right, without prejudice to any of its rights herein, not to perform the ROCA® Test should the Test Request Form or the Sample label not be completed as per the Instructions For Use in the ROCA® Test Kit.
    • Abcodia will accept no responsibility for, nor for any consequences of such errors or defects, and the Client shall indemnify and hold harmless Abcodia and the members of its Group and their respective directors, officers, employees and agents, in respect of all liabilities, costs, claims, loss, damage, demands, action and expenses (to include any settlements or ex-gratia payments and reasonable legal and expert costs and expenses) arising directly or indirectly from any error or defect in the ROCA® Test or the ROCA® Test Report consequent upon any inaccuracies in or omissions from the information (including, without limitation, the Test Request Form or the Sample label) supplied by the Client.
    • Abcodia will use reasonable endeavours to provide the ROCA® Test Report within seven (7) days from receipt of the Sample. Time will not be of the essence in respect of this paragraph 1.6.
    • The Client agrees and acknowledges that:
      • whether the ROCA® Test result is normal or not normal, the Client will take full responsibility for appropriately communicating such results and managing any clinical assessment or additional testing thereafter in accordance with paragraph 1.7.2;
      • the ROCA® Test Report and suggestions for follow up procedures are provided by Abcodia with no warranties and representations, express or implied, and are not intended to replace the Client’s clinical judgement whose responsibility rests solely with the Client. The Client shall be solely liable for the clinical treatment of the Patient and all aspect of the Client’s clinical judgement, and Abcodia disclaims all liability to the extent permissible by law in respect of such;
      • it will comply at all times with the Instructions for Use;
      • upon completion of the ROCA® Test, the Sample relating thereto will be destroyed or disposed of by Abcodia, unless otherwise agreed;
      • Abcodia will send a reminder notice to the Patient, in accordance with Data Protection Laws, when future ‘routine’ tests are due; and
      • Abcodia will be entitled to publish the Client’s contact details on its website, or in any other promotional literature, for the purpose of promoting the ROCA® Test to potential patients provided that, where such contact details include Personal Data, the Processing is carried out in accordance with Data Protection Laws, and, in particular, Clause 7.
      • These Terms and Conditions and the Instructions for Use apply to the Agreement to the exclusion of any other terms that the Client seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
    • Abcodia will be entitled to make any changes to the Service which are necessary to comply with any Applicable Laws or safety requirements.
  2. Confidentiality
    • Subject to Data Protection Laws and, in particular, Clause 7:
      • Abcodia will hold and maintain the confidence of: (a) all information of a confidential nature which is received by Abcodia from the Client or its Patient in connection with the Service; and (b) all ROCA Test Reports, invoices and other information of a confidential nature issued by Abcodia to the Client or its Patient in connection with the Service, and, save with the Client’s consent, will not disclose such information other than to its professional staff, independent consultants and/or persons to whom it has delegated the performance of the Service and who require the information for such purpose;
      • The restrictions in paragraph 2.1 shall not apply to any information which: (i) was in Abcodia’s possession prior to disclosure by the Client; or (ii) is now or hereafter comes into the public domain other than by default of Abcodia; or (iii) was lawfully received by Abcodia from a third party acting in good faith having a right of further disclosure; or (iv) is required by Applicable Laws to be disclosed by Abcodia.
  3. Liability And Indemnity
    • The Client warrants and covenants that it will:
      • comply with all Applicable Laws for the collection of the Sample being referred for the Service and their shipment to Abcodia, and, where requested by Abcodia, will provide confirmation of such;
      • provide and procure the Client’s and Patient’s signature on each Test Request Form which shall act as evidence of both the Client’s and Patient’s approval for Abcodia to perform the Service;
      • comply with the Instructions for Use and any other requirements detailed in the ROCA® Test Kit;
      • use the ROCA® Test Report and any other material provided by Abcodia in accordance with all Applicable Laws relating to such use; and
      • co-operate with Abcodia in all matters relating to the Service and ensure prompt compliance with all reasonable requests made by Abcodia.
    • The Client shall indemnify and hold harmless Abcodia and the members of its Group and their respective directors, officers, employees and agents, in respect of all liabilities, costs, claims, Losses, damage, demands, action and expenses (to include any settlements or ex-gratia payments and reasonable legal and expert costs and expenses) arising directly or indirectly from (a) any breach of this Agreement (including, without limitation, breach of paragraph 3.1) or (b) fraud, negligence, reckless conduct or intentional misconduct of the Client.
    • Subject at all times to paragraph 3.5 and whether or not Abcodia has been advised of the possibility of such Losses, Abcodia shall not be liable in respect of the Service in contract, tort or otherwise howsoever arising from any claim, damage, Losses or costs in respect of: (i) any direct loss of profit; (ii) any direct loss of anticipated savings; or (iii) any indirect or consequential loss or damage howsoever caused including without limitation, any indirect loss of profit, loss of anticipated profit including loss of profit on contracts, loss of the use of money, loss of anticipated savings, loss of business, loss of opportunity, loss of goodwill, loss of reputation, and/or loss of data.
    • The Client acknowledges that Abcodia is reliant on the Client for direction as to the extent to which Abcodia is entitled to use and process Client Data. Consequently, and for the avoidance of doubt, Abcodia will not be liable for any claim brought by a Data Subject arising from any action or omission by Abcodia to the extent that such action or omission resulted from the Client’s instructions or from the Client’s failure to comply with Data Protection Laws or its obligations under Clause 7 of this Agreement.
    • To the extent not covered by any other limitations the maximum liability of Abcodia to the client under or in connection with this agreement, whether arising in contract, tort, negligence, breach of statutory duty or otherwise, shall be £2,000,000 less any sums paid by Abcodia to any patient or other third party in satisfaction of a liability arising out of the same facts and circumstances.
    • The limitations in this paragraph 3 shall only apply where permitted under Applicable Law.
  4. Third Parties

For the purposes of the Contracts (Rights of Third Parties) Act 1999 these Terms and Conditions are not intended to, and do not, give any person who is not a party to it any right to enforce any of the provisions, except that any sub-contractor of Abcodia and the servants and agents of Abcodia and any such subcontractor are third parties to these Terms and Conditions within the meaning of that Act and shall be entitled to enforce these Terms and Conditions accordingly.

  1. Force Majeure

If the performance of this Agreement or any obligation under it is prevented, restricted or interfered with by reason of circumstances beyond the reasonable control of that party obliged to perform it (including, without limitation, flood, fire, storm, strike, lockout, sabotage, terrorist act, civil commotion and government intervention), the party so affected shall (upon giving prompt notice thereof to the other party) be excused from performance to the extent only of the prevention, restriction or interference, provided always that the party so affected shall use all reasonable endeavours to avoid or remove the causes of non-performance and shall continue performance as expeditiously as possible as soon as such causes have been removed.

  1. General
    • Dispute resolution
      • If any dispute arises relating to this Agreement or any breach or alleged breach of this Agreement, the parties shall make a good faith effort to resolve such dispute without recourse to legal proceedings. If, notwithstanding such good faith efforts, the dispute is not resolved either party may submit the dispute to the jurisdiction of the English Court.
      • Except to the extent clearly prevented by the area of dispute, the parties will continue to perform their respective obligations under this Agreement while such dispute is being resolved.
    • Variation

Any amendments to this Agreement shall not be effective unless in writing and signed by an authorised signatory on behalf of each of the parties. The terms of this Agreement may be varied by agreement of the parties but without the consent of any third party whether or not the rights of such third party are affected by such variation.

  • Rights and Waiver

All rights granted to either of the parties shall be cumulative and not exhaustive of any rights and remedies provided by law. The failure of either party to enforce (or delay in enforcing) at any time for any period any one or more of the terms of this Agreement shall not be a waiver of such term or of the right of such party at any time subsequently to enforce all the terms of this Agreement.

  • Severability

If any provision of this Agreement is or becomes invalid, illegal or unenforceable in any respect under any law, the validity, legality and enforceability of the remaining provisions will not be in any way affected.

  • Assignment

Abcodia may assign or sub-contract the performance of this Agreement (in whole or in part) to suitably accredited laboratories. The Client may not assign this Agreement or any of its rights or obligations hereunder without the prior written approval of Abcodia.

  • Relationship of the parties

It is acknowledged and agreed that Abcodia and the Client are independent contractors and nothing in this Agreement shall create or be construed as creating a partnership or a relationship of agent and principal between the parties. The Client acknowledges and agrees that, in requesting the Service from Abcodia, it is not acting as agent for any patient or patients to which the Service relates.

  • Notices

All notices given under this Agreement shall be in writing and shall be delivered by hand or sent by prepaid first class post or by prepaid first class recorded delivery or by facsimile transmission provided that a hard copy of any notice transmitted by facsimile is posted within 24 hours of such transmission. All notices shall be delivered at or sent, in the case of Abcodia to 1 Park Row, Leeds, LS1 5AB and, in the case of the Client to the address specified in the Test Request Form submitted by the Client (or such other address as that party shall notify in writing to the other for this purpose). A notice sent by post shall be deemed to be served at 9.00 am on the second business day following the date of posting; a notice sent by facsimile transmission shall (subject to posting of a hard copy as provided above) be deemed to have been served at the time it is transmitted if transmitted within business hours (9.00 am to 6.00 pm) on a business day or, if transmitted outside such business hours on a business day or on a day which is not a business day as soon thereafter as such business hours commence.

  • Governing law and Jurisdiction

This Agreement shall be governed by and construed in accordance with English law and each of the parties submits to the exclusive jurisdiction of the English Courts subject to paragraph 6.

  1. Data Protection
    • Arrangement between the Parties
      • The Parties shall each Process the Client Data. The Parties acknowledge that the factual arrangement between them dictates the classification of each Party in respect of the Data Protection Laws.  Notwithstanding the foregoing and subject to Clause 2, the Parties anticipate that the Client shall act as a Controller and Abcodia shall act as a Processor, as follows:
        • The Client shall be a Controller where it is Processing the Client Data in relation to the submission of the Test Request Form
        • Abcodia shall be a Processor where it is Processing the Client Data in relation to the Permitted Purposes in connection with performing its obligations under this Agreement.
      • Each of the Parties acknowledges and agrees that Schedule 1 (Data Protection Particulars) of this Agreement is an accurate description of the Data Protection Particulars.
      • Each of the Parties shall in performing its obligations under this Agreement, comply with the obligations imposed on it under the Data Protection Laws.
    • Contact Details
      • The Parties each acknowledge and agree that they may need to Process Personal Data relating to each Party’s representatives (in their respective capacities as Controllers) in order to (as appropriate): (a) administer and provide the Services; (b) request and receive the Services; (c) compile, dispatch and manage the payment of invoices relating to the Services; (d) compile, dispatch and manage the payment of invoices relating to the Services; (e) manage the Agreement and resolve any disputes relating to it; (f) respond and/or raise general queries relating to the Services; (g) comply with their respective regulatory obligations; and as set out at Clause 1.7.6.
      • Each Party shall Process such Personal Data relating to each Party’s representatives for the purposes set out in Clause 2.1 in accordance with their respective privacy policies and Data Protection Laws.  The Parties acknowledge that they may be required to share Personal Data with their affiliates, group companies and other relevant parties, within or outside of the country of origin, in order to carry out the activities listed in Clause 7.2.1, and in doing so each Party will ensure that the sharing and use of this Personal Data complies with applicable Data Protection Laws
    • Processor Obligations
      • To the extent that Abcodia is acting as a Processor for and on behalf of the Client (as the Controller) in relation to the Processing that it is carrying out arising out of, or in connection with, the Permitted Purpose, it shall:
        • Process Client Data for and on behalf of the Client for the purposes of performing its obligations under this Agreement, and only in accordance with the terms of this Agreement and any instructions from the Client;
        • unless prohibited by law, notify the Client immediately if it considers, in its opinion (acting reasonably) that it is required by Applicable EU Law to act other than in accordance with the instructions of the Client, including where it believes that any of the Client’s instructions under Clause 3.1(a) infringes any of the Data Protection Laws;
        • implement and maintain appropriate technical and organisational security measures to safeguard against any unauthorised or unlawful Processing of Client Data and against accidental loss or destruction of, or damage to, Client Data and where requested provide to the Client evidence of its compliance with such requirement;
        • implement and maintain appropriate technical and organisational security measures which are sufficient to comply with at least the obligations imposed on the Client by the Security Requirements;
        • take all reasonable steps to ensure the reliability and integrity of any of the Personnel who shall have access to the Client Data, and ensure that each member of Personnel shall have entered into appropriate contractually-binding confidentiality undertakings;
        • at the Client’s reasonable request: (i) make available to the Client evidence to demonstrate Abcodia’s compliance with the requirements of this Paragraph 7.3.1; and/or (ii) allow for and contribute to audits of Abcodia’s Processing activities pursuant to this Agreement conducted by or on behalf of the Client on reasonable notice
        • not disclose Client Data to a third party (including a sub-contractor or sub-processor) unless the third party agrees to terms which are substantially the same as the terms set out in this Agreement, save in relation to Third Party Requests where Abcodia is prohibited by law or regulation from notifying the Client.
        • at the Client’s direction, arrange for the prompt and safe return and/or secure permanent destruction of all Client Data, together with all copies in its possession or control (if any) within twenty eight (28) days of such direction and, where requested by the Client, certify that such destruction has taken place, except where the Client is required by Applicable EU Law to retain any of such Client Data;
        • not transfer any Client Data to a Restricted Country unless such transfer is made in compliance with the Data Protection Laws;
        • At the Client’s request use all reasonable endeavours to assist the Client to comply with the obligations imposed on the Client by or in relation to:
          • the rights of Data Subjects;
          • assistance to the ICO; and/or
          • Data Protection Impact Assessments

provided that any such assistance shall be provided to the Client subject to a fee payable to Abcodia to be agreed between the Parties; and

  • notify the Client promptly upon becoming aware of any Personal Data Breach, and:
    • implement any measures necessary to restore the security of compromised Client Data; and
    • assist the Client to make any notifications to the ICO and affected Data Subjects.
  • Data Controller Obligations


  • Without limiting the generality of the obligations set out in Paragraph 7.1.3, in particular, the Client shall:
    • make all required notification(s) to the ICO in relation to its Processing of Client Data;
    • ensure that it is not subject to any prohibition or restriction which would:
      • prevent or restrict it from disclosing or transferring Client Data to Abcodia;
      • prevent or restrict it from granting Abcodia access to Client Data; and/or
      • prevent or restrict Abcodia from Processing Client Data, in each case as required for Abcodia to perform the Services in accordance with this Agreement;
    • ensure that all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to allow Abcodia to Process Client Data as required in connection with the provision of the Services under this Agreement and in accordance with the Data Protection Laws;
    • ensure that all Client Data disclosed or transferred to, or accessed by, Abcodia is accurate, up-to-date, adequate, relevant and not excessive to enable Abcodia to process Client Data as required for Abcodia to perform the Services in accordance with this Agreement.
    • maintain technical and organisational security measures sufficient to comply at least with the obligations imposed on the Controller by Data Protection Laws including, without limitation, (i) ensuring a level of security appropriate to the risk involved in the processing (which shall include without limitation and, as appropriate, taking steps such as the pseudonymisation and/or encryption of personal data, taking steps to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services used to process Personal Data, ensuring the ability to restore the availability and access to Personal Data and regularly testing the effectiveness of the systems in place); (ii) adhering to any relevant codes of conduct or approved certifications; and (iii) ensuring that all individuals who have access to Personal Data maintain the confidentiality and security of Personal Data and comply with the terms of this Agreement;


The subject matter and duration of the Processing


The Provision of the Service by Abcodia to the Client, for the duration of the term of the Agreement, which shall involve the sharing of the Personal Data of the Patients between the Client as Controller and Abcodia as Processor for the Client.


The nature and purpose of the Processing


Processed for the purposes of:

(i) performing the ROCA® Test and providing the ROCA Test Report to the client for the benefit of their Patient; and

(ii) sending a reminder notice to the Patient when future routine tests are due.


The type of Personal Data being Processed


Names and contact details of (i) Client, where the Client is an individual, and/or (ii) employees of the Client, as appropriate;


Patient’s name, address, date of birth, contact details, clinical and other information relevant to the Services provided in the Test Request Form and as set out below;


ROCA ID if known (a ROCA ID only being assigned during a patient’s first test;

Risk status (high risk or normal risk);

Menopausal status (post-menopausal or pre-menopausal);

Date and time that the blood sample was taken.


The categories of Data Subjects Clients, where these are living individuals, and or their employees; and Patients