BRITISH COLUMBIA DATA PROCESSING AGREEMENT

This Data Processing Agreement (“Agreement“), forms part of the SAAS SERVICES ORDER AGREEMENT, (hereinafter referred to as the “Principal Agreement“) between Fairtility Ltd. (hereinafter referred as the “Fairtility“) acting on its own behalf and the legal entity that has entered into the Principal Agreement with Fairtility for the provision of Fairtility’s Services (hereinafter referred as the “Customer“) acting on its own behalf.

The terms used in this Agreement shall have the meanings set forth in this Agreement. Capitalized terms not otherwise defined herein, shall take the meaning ascribed to them by PIPA. The terms of this Agreement will apply only to the extent that they are required under PIPA. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.

 

1.      Definitions

In this Agreement, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

“Personal Information” means any information about an identifiable individual, as defined under PIPA, including but not limited to health-related information. In the context of this Agreement, this term shall pertain to personal information provided by or on behalf of the Customer as part of the Services.

“De-identified Data” means data derived from Personal Information that has undergone the de-identification process outlined in Annex 2 of this Agreement.

“Subcontractor” means any subcontractor (including any third party) appointed by Fairtility to process Customer Personal Information on behalf of the Customer.

“PIPA” means the British Columbia Personal Information Protection Act, and any associated regulations or amendments in force from time to time.

“Services” means the services to be supplied by Fairtility to the Customer pursuant to the Principal Agreement.

“Processing means any operation performed on Personal Information, including collection, use, storage, disclosure, or disposal.

“Personal Information Breach” means a breach of security that results in the unauthorized access, use, disclosure, or destruction of personal information under PIPA.

2.      Roles of the Parties

In the course of providing the Services to the Customer pursuant to the Principal Agreement, Fairtility shall process Personal Information on behalf of the Customer as per the terms of this Agreement. The Parties hereby acknowledge and agree that, in relation to the processing of Personal Information, the Customer shall be deemed the “Organization” under PIPA, that determines the purposes and means of Processing the Personal Information, and Fairtility shall be deemed the “Service Provider”.

The Parties agree to comply with PIPA in relation to the processing of Personal Information.

3.      Customer Obligations

The Customer represents and warrants that it has obtained all necessary consents, permissions, authorizations, or other valid legal bases under PIPA to allow for the lawful collection, processing, and transfer of Personal Information to Fairtility (or any subcontractors) in accordance with this Agreement and the Principal Agreement.

4.      Customer’s Processing Instructions

Customer hereby instructs Fairtility to process Personal Information for the purpose of providing the Services as described in the Principal Agreement. Fairtility shall process Personal Information only pursuant to Customer’s lawful documented instructions, including the Principal Agreement and other instructions communicated in writing directly to Fairtility and in accordance with the Description of Processing, attached hereto as Annex 2.

Fairtility may also process Personal Information where required by applicable laws to which Fairtility is subject, in which case Fairtility shall inform Customer of that legal requirement before the relevant processing of that Personal Information, unless prohibited from doing so by law.

Notwithstanding anything to the contrary in this Agreement or the above processing instructions, Customer hereby authorizes Fairtility to process De-identified Data derived from Personal Information for Fairtility’s legitimate business purposes, which may include among others product development, AI model training, statistical analysis, research and regulatory submissions. The Parties acknowledge that De-identified Data will continue to be treated as Personal Information under PIPA as long as Fairtility retains any mapping key, lookup table, or other information that permits potential re-identification. Upon permanent deletion of the hashing key, De-identified Data shall become non-identifiable information no longer subject to PIPA. Customer represents and warrants that its privacy notices and consents to individuals include disclosure that such data may be further used by Fairtility for its own legitimate business purposes.

 

5.      Reliability and Non–Disclosure

Fairtility shall take reasonable steps to ensure the reliability of any employee, agent or subcontractor who may have access to the Personal Information, ensuring in each case that access is strictly limited to those individuals who require access to the relevant Personal Information.

Fairtility must ensure that all individuals which have a duty to process Personal Information:

a)      Are informed of the confidential nature of the Personal Information and are aware of Fairtility’s obligations under this Agreement and the Principal Agreement in relation to the Personal Information;

b)      Have undertaken appropriate training in relation to data protection;

c)      Are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; and

d)      Are subject to user authentication and login processes when accessing the Personal Information in accordance with this Agreement, the Principal Agreement and PIPA.

 

6.      Personal Information Security

Fairtility shall implement appropriate safeguards to protect Personal Information from unauthorised access, loss or theft. Details of Fairtility’s security measures are outlined in Annex 1.

7.      Subcontractors

Fairtility may engage subcontractors to process Personal Information, provided that:

a)      Fairtility ensures that the subcontractor is bound by written obligations substantially equivalent to those imposed on Fairtility under this Agreement;

b)      The subcontractor implements adequate safeguards to protect Personal Information in compliance with PIPA; and

c)      Fairtility remains fully liable to Customer for the acts and omissions of any subcontractor engaged in the processing of Personal Information.

Fairtility will provide a list of subcontractors involved in processing Personal Information upon request by the Customer. Fairtility shall notify Customer of any intended changes concerning the addition or replacement of subcontractors, giving Customer an opportunity to object within a reasonable timeframe before the change takes effect

Fairtility shall not respond to any direct requests from individuals regarding their Personal Information unless explicitly authorized to do so by Customer.

8.      Reasonable Assistance

Fairtility shall provide reasonable assistance to Customer in fulfilling its obligations under PIPA, including:

a)      Transparency & Compliance Support

  • Providing Customer with relevant information regarding Fairtility’s processing activities, security measures, and data transfer safeguards to enable Customer to meet its transparency obligations, including responding to inquiries from regulatory authorities or affected individuals.
  • Assisting Customer in providing clear and accurate privacy notices regarding the collection, use, and international transfer of Personal Information processed under this Agreement.
  • Assisting Customer in managing risks associated with cross-border data transfers and privacy obligations under PIPA.

b)      Data Subject Rights Support

  • Assisting Customer in responding to data subject requests under PIPA, including requests for access, correction, withdrawal of consent, and data portability, where applicable.
  • Promptly notifying Customer of any such requests received directly and not responding to the request unless instructed to do so by Customer, except where required by law.

c)      Regulatory Inquiries & Audits

  • Providing reasonable cooperation in the event of a regulatory inquiry, investigation, or audit related to Personal Information processed under this Agreement, to the extent required under PIPA or other applicable laws.
  • Making available relevant records and documentation necessary to demonstrate compliance with this Agreement and PIPA.

Fairtility may charge reasonable fees for assistance that requires substantial resources, provided that any such fees are agreed upon in advance in writing by both Parties.

 

9.      Personal Information Breach

In the event of a Personal Information Breach, Fairtility shall:

(a) Notify Customer promptly upon discovering the breach;

(b) Provide detailed information about the nature, cause, and potential impact of the breach, including:

(i) The date and time the breach was discovered;

(ii) The Personal Information affected;

(iii) Actions taken to contain the breach and mitigate risks;

(c) Take reasonable steps to cooperate with Customer to assess the breach, mitigate any harm, and fulfill reporting obligations under PIPA.

In the event of a Personal Information Breach, Fairtility shall not inform any third party without first obtaining the Customer’s prior written consent, unless notification is required by applicable law to which Fairtility is subject, in which case Fairtility shall, to the extent permitted by such law, inform the Customer of that legal requirement and provide a copy of the proposed notification.

10.     Destruction or Return of Personal Information

Upon request from Customer and/or upon expiration or termination of the Principal Agreement, within ninety (90) calendar days of receipt of the request or expiration or termination of the Principal Agreement, Fairtility will securely destroy or, if directed in writing by Customer, return and not retain, all or any Personal Information in its possession or control. Fairtility may temporarily retain one copy made for backup purposes in the ordinary course of business, provided that such an archive copy will be subject to the ongoing obligations contained herein and shall be destroyed upon the normal expiration of backup files in accordance with Fairtility’s backup procedures. Fairtility shall provide any such returned Personal Information in the format and media reasonably specified by Customer, together with information sufficient for Customer to interpret such information. Upon request, Fairtility will certify in writing that it has destroyed the Personal Information.

If any law, regulation, or government or regulatory authority requires Fairtility to retain any Personal Information that Fairtility would otherwise be required to return or destroy, Fairtility will notify Customer in writing of such retention requirement, to the extent legally permitted. In such an event, Fairtility shall retain such data in compliance with all applicable data protection laws, including PIPA.

Notwithstanding the foregoing, Fairtility may retain and use anonymized data derived from Personal Information for as long as it is necessary for Fairtility’s internal legitimate business purposes at its own discretion, provided that: (i) Fairtility ensures that such data does not in any way identify and cannot be reasonably associated with a particular individual; (ii) Fairtility implements appropriate technical and organizational measures to safeguard the anonymization process and prevent any reasonably potential re-identification; and, (iii) Fairtility maintains and uses such data without attempting to re-identify it.

11.    Audit rights

Fairtility shall make available to the Customer, upon request, all information necessary to demonstrate compliance with this Agreement and allow for, and contribute to audits, including inspections by the Customer or another auditor mandated by the Customer of any premises where the Processing of Personal Information takes place.  Fairtility shall permit the Customer or another auditor mandated by the Customer to inspect and audit in order that the Customer may satisfy itself that the provisions of this Agreement are being complied with.  Fairtility shall provide cooperation to the Customer with respect to any such audit. Audits will take place during normal business hours and will not unreasonably interfere with or damage Fairtility’s business activities and information and network systems. Any audit performed by Customer or another auditor mandated by the Customer shall be subject to Fairtility’s confidentially obligations and shall not be more frequent than annually, unless a Personal Information Breach occurs or there is a reasonably suspected material breach of PIPA or this Agreement by Fairtility. Customer shall bear the costs and expenses of audits, unless they are conducted as a result of a Personal Information Breach.

 

12.    International Transfers of Personal Information

Customer acknowledges that the provision of Fairtility’s Services involves the processing and storage of Personal Information outside of British Columbia. Fairtility may transfer or store Personal Information outside of British Columbia only as authorized under this Agreement.

Fairtility shall disclose, at Customer’s request, the countries outside Canada in which Personal Information may be stored or accessed, as required under PIPA.

Fairtility may transfer or store Personal Information outside of British Columbia only if:

a) The transfer is covered by adequate safeguards to ensure compliance with PIPA, including contractual, technical, and organizational measures to protect Personal Information in accordance with industry standards;

b) Customer has determined that appropriate safeguards are in place to protect the Personal Information.

Fairtility shall promptly inform Customer if it becomes aware that a jurisdiction’s laws or practices no longer ensure adequate protection of Personal Information, and the Parties shall work together in good faith to implement necessary measures to ensure continued compliance with PIPA.

 

13.   General Terms

Subject to this section, the Parties agree that this Agreement shall terminate automatically upon termination of the Principal Agreement or expiry or termination of all service contracts entered into by Fairtility with the Customer, pursuant to the Principal Agreement, whichever is later.

Any obligation imposed on Fairtility under this Agreement in relation to the Processing of Personal Information shall survive any termination or expiration of this Agreement.

This Agreement shall be governed by the governing law and jurisdiction provisions set forth in the Principal Agreement. With regard to the subject matter of this Agreement, in the event of inconsistencies between the provisions of this Agreement and any other agreements between the Parties, including but not limited to the Principal Agreement, the provisions of this Agreement shall prevail with regard to the Personal Information shared between the Parties.

Should any provision of this Agreement be invalid or unenforceable, then the remainder of this Agreement shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

This Agreement forms an integral part of the Principal Agreement between the Parties and is effective and binding upon execution of the Principal Agreement.

 

ANNEX 1:  ORGANISATIONAL AND TECHNICAL MEASURES

  1. Organizational security measures

Security Management

  1. Security policy and procedures: Fairtility to document a security policy with regard to the processing of Personal Information.
  2. Roles and responsibilities:
    1. Roles and responsibilities related to the processing of Personal Information to be clearly defined and allocated in accordance with the security policy.
    2. During internal re-organizations or terminations and change of employment, revocation of rights and responsibilities with respective hand-over procedures is clearly defined.
  3. Access Control Policy: Specific access control rights are allocated to each role involved in the processing of Personal Information, following the need-to-know principle.
  4. Resource/asset management: Fairtility has a register of the IT resources used for the processing of Personal Information (hardware, software, and network). A specific person is assigned the task of maintaining and updating the register (e.g. IT officer).
  5. Change management: Fairtility makes sure that all changes to the IT system are registered and monitored by a specific person (e.g. IT or security officer). Regular monitoring of this process takes place.

Incident response and business continuity

  1. Incidents handling / Personal Information breaches:
    1. An incident response plan with detailed procedures is defined to ensure effective and orderly response to incidents pertaining Personal Information.
    2. Fairtility will report without undue delay to Customer any security incident that has resulted in a loss, misuse or unauthorized acquisition of any Personal Information.
  2. Business continuity: Fairtility establishes the main procedures and controls to be followed in order to ensure the required level of continuity and availability of the IT system processing Personal Information (in the event of an incident/Personal Information breach).

 

Human resources

  1. Confidentiality of personnel: Fairtility ensures that all employees understand their responsibilities and obligations related to the processing of Personal Information. Roles and responsibilities are clearly communicated during the pre-employment and/or induction process.
  2. Training: Fairtility ensures that all employees are adequately informed about the security controls of the IT system that relate to their everyday work. Employees involved in the processing of Personal Information are also properly informed about relevant data protection requirements and legal obligations through regular awareness campaigns.
  3. Technical security measures


Access control and authentication

  1. An access control system applicable to all users accessing the IT system is implemented. The system allows creating, approving, reviewing and deleting user accounts.
  2. The use of common user accounts is avoided. In cases where this is necessary, it is ensured that all users of the common account have the same roles and responsibilities.
  3. When granting access or assigning user roles, the “need-to-know principle” shall be observed in order to limit the number of users having access to Personal Information only to those who require it for achieving Fairtility’s processing purposes.
  4. Where authentication mechanisms are based on passwords, Fairtility requires the password to be at least eight characters long and conform to very strong password control parameters including length, character complexity, and non-repeatability.
  5. The authentication credentials (such as user ID and password) shall never be transmitted unprotected over the network.

Logging and monitoring: Log files are activated for each system/application used for the processing of Personal Information. They include all types of access to data (view, modification, deletion).

Security of data at rest

  1. Server/Database security
    1. Database and applications servers are configured to run using a separate account, with minimum OS privileges to function correctly.
    2. Database and applications servers only process the Personal Information that are actually needed to process in order to achieve its processing purposes.
  2. Workstation security:
    1. Users are not able to deactivate or bypass security settings.
    2. Anti-virus applications and detection signatures is configured on a regular basis.
  • Users don’t have privileges to install or deactivate unauthorized software applications.
  1. The system has session time-outs when the user has not been active for a certain time period.
  2. Critical security updates released by the operating system developer is installed regularly.

Network/Communication security:

  1. Whenever access is performed through the Internet, communication is encrypted through cryptographic protocols.
  2. Traffic to and from the IT system is monitored and controlled through Firewalls and Intrusion Detection Systems.

Data Back-ups:

  1. Backup and data restore procedures are defined, documented and clearly linked to roles and responsibilities.
  2. Backups are given an appropriate level of physical and environmental protection consistent with the standards applied on the originating data.
  3. Execution of backups is monitored to ensure completeness.

Mobile/Portable devices:

  1. Mobile and portable device management procedures are defined and documented establishing clear rules for their proper use.
  2. Mobile devices that are allowed to access the information system is pre-registered and pre-authorized.

Application lifecycle security: During the development lifecycle, best practice, state of the art and well acknowledged secure development practices or standards is followed.

Data deletion/disposal:

  1. Software-based overwriting will be performed on media prior to their disposal. In cases where this is not possible (CD’s, DVD’s, etc.) physical destruction will be performed.
  2. Shredding of paper and portable media used to store Personal Information is carried out.

Physical security: The physical perimeter of the IT system infrastructure is not accessible by non-authorized personnel. Appropriate technical measures (e.g. intrusion detection system, chip-card operated turnstile, single-person security entry system, locking system) or organizational measures (e.g., security guard) shall be set in place to protect security areas and their access points against entry by unauthorized persons.

 

 

ANNEX 2: DETAILS OF THE DATA PROCESSING

 

2. Patients: Fertility treatment patients at the Customer’s clinic who are the subject of data processing.

3. Clinic Staff: IVF clinic staff at the Customer’s clinic (relevant to customers using CHLOE KPI™’s optional individual staff KPI feature).

 

The categories of data subjects to whom the personal data relates 1. Authorized Users of Fairtility’s Platform and Services: Individuals designated by the Customer to use Fairtility’s web-based platform on their behalf, such as embryologists and other IVF clinic staff.
The types of personal data Platform User Data:

1.      Account Data: Usernames, business email address.

2.      Technical and Usage Data: Logs of user activities on Fairtility’s platform, including access logs, IP addresses, and device and browser information.

3.      Support and Communication Logs: Information from interactions with customer support such as support tickets.

Pseudonymized Patient Data:

1.      Embryo and Oocyte Images and Videos

2.      Patient Metadata and Related Clinical Information: Collected automatically through the clinics’ Time Lapse Incubator (TLI) devices or provided by the Customer, including but not limited to:

·        Fertility Treatment Clinical Data: clinic name/ID, country, TLI (device) ID, slide ID, patient ID, well ID, image/video ID, treatment ID, cycle ID, other IDs used by the clinic, date of treatment, date of fertilization, date of oocyte retrieval, date of transfer.

·        age of the patient (by month and year), age of the oocyte, age of the ovum donor (by month and year), where applicable.

·        Insemination and Embryo Details.

·        Clinical and Diagnostic Data: pseudonymous clinical information, medical results and demographics as provided by the Customer.

3.      Embryo and Oocyte AI Insights: data produced through Fairtility’s Services, including, but not limited to, AI-based predictions and insights, embryo and oocyte ranks, scores, and status.

4.      Additional Pseudonymized Patient Data: Any other pseudonymized patient data provided by Customer, as required for the Services.

Optional Data:

1.      Patient Direct Identifiers: For clarification, the processing of any/all of the following data optional, and is not enabled unless actively requested by the Customer:

a.      Name: First and last name, stored by default only in abbreviated form (first name and first letter of last name), or stored in full form per Customer’s active request;

b.      E-mail address.

2.      Clinic Staff KPI Data: (relevant to customers using CHLOE KPI™’s optional individual staff KPI feature)

a.      Name and role;

b.      Clinic Activity Logs: logs of clinic activity, such as date, time and activity details (e.g. “embryologist performing insemination”);

c.      Performance Insights: Analytical insights regarding staff member operations (e.g. performance rates regarding fertilization).
The nature and purpose of the processing Platform User Data is processed for the following purposes:

  1. Platform Access and Account Management: Processing personal data to create, manage, and secure platform user accounts, including setting up login credentials, authenticating user identity, and ensuring secure access to the Fairtility platform.
  2. Platform Performance and User Analytics: Processing user data to generate insights and reports on platform performance, user engagement, and behaviour patterns to support continuous improvement of services.
  3. Customer Support and Troubleshooting: Processing necessary to provide timely customer support, technical assistance, and troubleshooting to resolve platform-related issues.
  4. Security and Fraud Prevention: Monitoring and processing data to identify, prevent, and mitigate fraudulent activities, unauthorized access, and security risks to protect user accounts and platform integrity.

 

 

Clinic Staff KPI Data is processed for the following purposes (relevant to customers using CHLOE KPI™’s optional individual staff KPI feature): to aggregate and analyze individual staff activities in order to generate analytical insights into clinic and staff member operations. The ultimate purpose for using such data (e.g. quality control, benchmarks, staff appraisal), is determined solely by the customer.

Patient Direct Identifiers (to the extent enabled by Customer) are processed for the following purposes:

  1. Identification and Usability: The patient’s name is processed to ensure that Platform Users can accurately associate data and insights with the correct patient, thereby minimizing errors and enhancing platform usability. To uphold data minimization principles and promote privacy, this name is displayed in abbreviated form unless otherwise specified by the Customer.
  2. Secure Data Sharing with Patient: The patient’s email address is processed to enable Platform Users to share Patient Data securely with the patient via the Platform’s data-sharing feature.

Pseudonymized Patient Data is processed for the following purposes:

  1. Providing the Core Services: collection, storage and analysis of data through Fairtility’s artificial intelligence tools, to deliver embryo and oocyte quality assessments and other fertility-related insights and predictions as outlined in the Principal Agreement.
  2. Providing KPI Services: In addition, for customers using CHLOE KPI™, data will be aggregated and analysed for the generation of Key Performance Indicators (“KPIs”), intended to provide health care professionals with analytical insights into their lab and clinic operational performance, as outlined in the Principal Agreement.
  3. De-identification for Fairtility’s Legitimate Business Purposes: Pseudonymized Patient Data undergoes an additional de-identification process, as outlined below, after which such data is used for Fairtility’s legitimate business purposes, including without limitation product development and improvement (e.g., data annotation for machine learning and artificial intelligence model training) and regulatory submissions.

De-identification Process (“De-identified Data”):

De-identified Data is Patient Data that undergoes a de-identification process which involves the following steps:

a.      Full removal of direct identifiers (name and email address, to the extent Customer chose to share such data).

 

b.      One-way hashing of pseudonymous patient identifiers used by the clinic to ensure irreversibility, including the hashing of: Slide ID; Patient ID; Well ID; Device ID; Clinic name/ID; Image/video name; Treatment ID; Cycle ID and any other internal ID that may be used by the clinic.

 

c.      Rounding down to full years of the date-based data points to further protect privacy, such as:

·        Patient age

·        Oocyte age

·        Treatment date

·        Oocyte retrieval date

·        Fertilization date

·        Transfer date

Safeguards Applied to De-identified Data

  1. Secure Data Storage: De-identified Data will be stored and accessed within a dedicated, fully secured environment to ensure data isolation and protection.
  2. Hash Key Security: Mapping Key Security: Any mapping keys, lookup tables, or other re-identification information used to link hashed values back to original identifiers will be safeguarded using industry-standard security measures to prevent unauthorized access.
  3. 3. Irreversible Hashing: Hashing functions used in the de-identification process are strictly one-way and cannot be reversed. However, the De-identified Data will continue to be treated as Personal Information under PIPA for so long as Fairtility retains any mapping key or lookup table that could reasonably enable re-identification of the data.
  4. Non-Identifiable Data Points: Inherently non-identifiable data points, such as fertilization type, country-level location, and hours post-insemination, will remain unchanged to preserve data utility without compromising privacy.
  5. Restricted Data Usage: Following the de-identification process, De-identified Data will be used solely for Fairtility’s legitimate business purposes.
  6. Key Deletion Upon Contract Termination: Upon contract termination, the one-way hashing key will be permanently deleted.