INDEPENDENT CONTRACTOR AGREEMENT FOR HEALTH CARE PROVIDERS ("CONTRACTOR AGREEMENT")

INTRODUCTION

These Terms are the only terms or conditions which apply to contracts between BBLHD Ltd. or its Affiliates, as applicable (“we”/ “us”/ " 32Co" / "32Co" / “32 Stories” / “32S”), and You (“Provider”, “Customer”).
You accept and are bound by all of the terms and conditions that are set forth in this Contractor Agreement by either clicking through this Contractor Agreement or by logging in to the 32Co website. These terms and conditions (these “Terms”) apply to the purchase and sale of 32co products and services, including sales made through our websites https://www.32co.com, and / or any other web domain, app, system or software owned by 32Co or its Affiliates (the “Website”).
These Terms apply to all aspects of the relationship between 32Co and Customer from the time that Customer first accesses 32Co’s Website, whether to partake in learning & development, to place an order for Products or Services ("Customer Orders"), or to provide patient information for the purpose of placing such orders, or to obtain access to 32Co branding, vendor appliances or marketing materials
These Terms are subject to change without prior written notice at any time, in 32Co’s sole discretion. The latest version of these terms will be posted on the Website, and You should review these Terms prior to purchasing any Product or Services.
You may not order or obtain products or services from 32Co if You (a) do not agree to these Terms, or (b) to the extent You are purchasing products or services from 32Co’s Website, are prohibited from accessing or using the site or any of the Website’s contents, products or services by applicable law.
In consideration of the mutual promises herein contained, the Parties agree as follows, and Provider accepts and agrees to all of the terms and conditions set forth herein by indicating electronically his or her acceptance:

Schedule No.1 (UNITED STATES)

The Parties have entered into a written agreement ("Contractor Agreement") under which the each of the Parties regularly receives, uses and/or discloses Protected Health Information ("PHI") in its performance of the services described in the Contractor Agreement. This Schedule No.1 is subject  to the Contractor Agreement and sets forth the obligations and agreements of the Parties relating to compliance with the Standards for Privacy of Individually Identifiable Health Information ("the Privacy Regulation"), 45 C.F.R. Parts 160 and 164, and the Security Regulations(45 C.F.R. Parts 160, 162, and 164), promulgated under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health ("HITECH"),and various statutes governing personally-identifiable information ("PII") and PHI. This Schedule No.1 applies to all PHI and PII created or received by 32Co from Provider or from another person or entity on behalf of Provider, and also all PHI and PII received by Provider from 32Co or from another person or entity on behalf of 32Co and governs how such PHI may be used or disclosed.

PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION ("PHI").

Schedule No. 2 (UNITED KINGDOM)

The Parties have entered into a written agreement ("Contractor Agreement") under which the each of the Parties regularly receives, uses and/or discloses Protected Health Information in its performance of the services described in the Contractor Agreement. 
This Schedule No.2 is subject to the Contractor Agreement and sets forth 32Co’s provision of services to Customer where such services require 32Co to process European Union Personal Data on behalf of Customer. (capitalized terms used and not defined herein have the meanings given to them in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”)).
Appendix 1

to the EU Standard Contractual Clauses

This Appendix forms part of the EU Standard Contractual Clauses.

The Member States may complete or specify according to their national procedures, any additional necessary information to be contained in the Appendix.

Data Exporter. The data exporter is Customer, as defined by the Schedule to which these EU Standard Contractual Clauses are attached.

Data Importer. The data importer is 32Co, a provider of orthodontics products and services.

Data Subjects. The personal data transferred concern the categories of data subjects defined in Section i.d of the Schedule to which these EU Standard Contractual Clauses are attached.

Categories of Data. The personal data transferred concern the categories of data defined in Section i.d of the Schedule to which these EU Standard Contractual Clauses are attached.

Special Categories of Data (if appropriate). The personal data transferred concern the special categories of data defined in Section i.d of the Schedule to which these EU Standard Contractual Clauses are attached.

Processing Operations. The personal data transferred will be subject to the following basic processing activities (please specify): The processing operations are defined in Section i.d of the Schedule to which these EU Standard Contractual Clauses are attached.

Appendix 2

to the EU Standard Contractual Clauses

This Appendix forms part of the EU Standard Contractual Clauses.

Description of the technical and organisational security measures implemented by the data importer in accordance with EU Standard Contractual Clauses xiii(d) and xiv(c):

The technical and organizational security measures implemented by the data importer include Internet standard 128 bit encryption, managed firewall protocols, and qualified, secured credential access to data storage systems. The data exporter also trains all employees on general commerce data security measures