The definitions which shall apply to these Terms and Conditions are set out in clause 20.


1.1   TDL warrants to the Client that:-


1.1.1   its Services will be provided with reasonable skill and care and in accordance with the UKAS medical laboratory accreditation standard (ISO 15189); and


1.1.2   the people providing the Services will be suitably skilled and experienced.


1.2   As part of its Services TDL will, on request, arrange for collection of Samples from locations within London (being for these purposes the area within the M25 motorway). Such collection service is included within the price of the Test unless otherwise notified. Collection of Samples from locations outside the M25 is by special arrangement, and may incur an additional charge. Where collection by TDL has not been requested and agreed, the Client will be responsible, at its own cost, for the transport of Samples to TDL.


1.3   The Client acknowledges that, except as expressly provided in this Agreement, TDL gives no warranties or representations to the Client (whether express or implied) in respect of the Services. In particular, whilst every effort is made to achieve the turn-around times quoted by TDL for the conduct of Tests, no warranty or guarantee is given that such turn-around times will be achieved in any particular instance.


1.4   The Client shall notify TDL in writing of any clinical information relevant to the Services and provide TDL with such other information as TDL may reasonably be expected to require concerning the Samples supplied by the Client and the persons from whom they were taken to enable TDL to conduct the Tests and to report thereon. The Client shall ensure that all Samples and Pathology Request Forms are labelled with the patient’s given name, surname, date of birth, and date and time of collection, and that any high risk samples are clearly labelled and packed separately from other Samples.   


1.5   TDL will accept no responsibility for any error or defect in a Test or the report thereon consequent upon any inaccuracies in or omissions from the information supplied by the Client nor for any consequences of such errors or defects, and the Client shall indemnify and hold harmless TDL and the members of the TDL Group and their respective directors, officers, employees and agents, in respect of all liabilities, costs, claims, loss, damage, demands, action and expenses (to include any settlements or ex-gratia payments and reasonable legal and expert costs and expenses) arising directly or indirectly from any breach of clause 1.4.   


1.6   Upon completion of a Test the Sample relating thereto may be destroyed or disposed of by TDL unless otherwise agreed.



2.1   The fees payable by the Client for the conduct of the Services shall, unless otherwise agreed in writing, be the prices specified in TDL’s Laboratory Guide for the applicable Tests or other Services at the time those Tests or Services are requested.


2.2   As at the date of these Terms and Conditions VAT is not payable on TDL’s Services. If the Services subsequently become subject to VAT, this will be charged in addition at the applicable rate.


2.3   Invoices are normally issued on a monthly basis, but TDL reserves the right to issue them more frequently. Invoices are payable within 30 days of issue. At TDL’s option interest may be charged on late payment at the statutory rate prescribed from time to time by regulations under the Late Payments of Commercial Debts (Interest) Act 1998. Invoices paid from outside the UK must be paid by either direct bank transfer or by cheque drawn on a UK branch. All payments shall be made in pounds sterling.



3.1   TDL agrees that it will hold and maintain the confidence of:


3.1.1   all information of a confidential nature which is received by TDL from the Client or its patients in connection with the Services; and


3.1.2   all Test results, invoices and other information of a confidential nature issued by TDL to the Client or its patients in connection with the Services, and, save with the Client’s consent or as otherwise permitted under this Agreement, will not disclose such information other than to its professional staff, independent consultants and/or persons to whom it has delegated the performance of the Tests and who require the information for such purpose, and provided that where TDL has been provided with the details of a patient’s private medical insurance in connection with the Services, it shall be entitled to assume (and the Client so warrants) that both the Client and the patient consent to the disclosure of information relating to that patient to the insurer concerned.


3.2   The restrictions in clause 3.1 shall not apply to information which: (i) was in TDL’s possession prior to disclosure by the Client; or (ii) is now or hereafter comes into the public domain other than by default of TDL; or (iii) was lawfully received by TDL from a third party acting in good faith having a right of further disclosure; or (iv) is required by law to be disclosed by TDL; or (v) which is required by a regulatory or accreditation body to be disclosed to it for the purpose of regulating or accrediting TDL.



4.1   The Client warrants and represents that it will:


4.1.1   comply with all relevant laws, regulations and guidelines applicable to the jurisdiction in which it is situated (including any applicable data protection laws) for the collection of the Samples being referred for Tests and their shipment to TDL (which may include conduct of the tests and shipment outside of the EEA);


4.1.2   obtain all consents and permissions required (whether by law (including under the Data Protection Legislation), good medical practice or otherwise) in order to permit the conduct of the Tests on the Samples and the use of the Protected Data as contemplated in these Terms and Conditions (provided that, without prejudice to the foregoing obligation, the Client agrees to use any consent forms specified by TDL);


4.1.3   provide to TDL confirmation that it has complied with all relevant laws applicable to the jurisdiction in which it is situated (including any applicable data protection laws) for the collection of the Samples which they are referring for the Tests and their shipment to TDL and where necessary on to an overseas testing laboratory;


4.1.4   shall indemnify and hold harmless TDL and the members of the TDL Group and their respective directors, officers, employees and agents, in respect of all liabilities, costs, claims, loss, damage, demands, action and expenses (to include any settlements or ex-gratia payments and reasonable legal and expert costs and expenses) arising directly or indirectly from any breach of this clause 4.1.


4.2   Subject at all times to clause 4.4 and whether or not TDL has been advised of the possibility of such loss, TDL shall not be liable in respect of the Services in contract, tort (including negligence) or otherwise howsoever arising for any claim, damage, loss or costs in respect of: (i) any direct loss of profit; (ii) any direct loss of anticipated savings; or (iii) any indirect or consequential loss or damage howsoever caused including without limitation, any indirect loss of profit, loss of anticipated profit including loss of profit on contracts, loss of the use of money, loss of anticipated savings, loss of business, loss of opportunity, loss of goodwill, loss of reputation; and/or loss of data.


4.3   To the extent not covered by any other limitations the maximum liability of TDL to the Client under or in connection with this Agreement, whether arising in contract (including under any indemnity), tort (including negligence), breach of statutory duty or otherwise, shall be £2,000,000 less any sums paid by TDL to any patient of the Client or other third party in satisfaction of a liability arising out of the same facts and circumstances.


4.4   The limitations and exclusions in these Terms and Conditions shall only apply where permitted under applicable law.



For the purposes of the Contracts (Rights of Third Parties) Act 1999 and notwithstanding any other provision of this Agreement these Terms and Conditions are not intended to, and do not, give any person who is not a party to it any right to enforce any of the provisions, except that any sub-contractor of TDL and the servants and agents of TDL and any such sub-contractor are third parties to these Terms and Conditions within the meaning of that Act and shall be entitled to enforce these Terms and Conditions accordingly.



If the performance of this Agreement or any obligation under(except for an obligation to pay) it is prevented, restricted or interfered with by reason of circumstances beyond the reasonable control of that party obliged to perform it (including, without limitation, flood, fire, storm, strike, lockout, sabotage, terrorist act, civil commotion and government intervention), the party so affected shall (upon giving prompt notice thereof to the other party) be excused from performance to the extent only of the prevention, restriction or interference, provided always that the party so affected shall use all reasonable endeavours to avoid or remove the causes of non-performance and shall continue performance as expeditiously as possible as soon as such causes have been removed.



7.1   Insofar as TDL processes Protected Data in providing the Services the parties agree that:


7.1.1    the Client shall be the Data Controller and TDL shall be the Data Processor of the Protected Data;


7.1.2    TDL shall process Protected Data in compliance with:


(a) the obligations of Data Processors under Data Protection Laws; and


(b) the terms of clauses 7 to 18 (inclusive).


7.2    The Client warrants, represents and undertakes, that:


7.2.1   in connection with the Protected Data it has complied and shall continue to comply in all respects with Data Protection Laws, including in terms of its collection, storage and processing (which shall include the Client providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects); and


7.2.2   all instructions given by it to TDL in respect of Personal Data shall at all times be in accordance with Data Protection Laws.



8.1   Insofar as TDL processes Protected Data on behalf of the Client, TDL:


8.1.1   unless required to do otherwise by Applicable Law, shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with the Client’s documented instructions as set out in the request for Services pursuant to the Terms & Conditions and in the Annex(the Processing Instructions);


8.1.2   if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify the Client of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest); and


8.1.3   shall promptly inform the Client if TDL becomes aware of a Processing Instruction that, in TDL’s opinion, infringes Data Protection Laws, provided that:


(a) this shall be without prejudice to clauses 7.2; and


(b) to the maximum extent permitted by Applicable Law, TDL shall have no liability howsoever arising (whether in contract (including any indemnity), tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities (including any Data Protection Losses) arising from or in connection with any processing in accordance with the Client’s Processing Instructions following the Client’s receipt of any notice pursuant to this clause 8.1.3.



9.1   In relation to the processing of the Protected Data, TDL shall implement and maintain, at its cost and expense, the Technical and Organisational Measures.


9.2   Any additional technical and organisational measures shall be at the Client’s cost and expense.



10.1   TDL shall not engage any Sub-Processor for carrying out any processing activities in respect of the Protected Data that TDL processes on behalf of the Client without the Client’s written authorisation of that specific Sub-Processor (such authorisation not to be unreasonably withheld, conditioned or delayed) provided that the Client hereby authorises the appointment of the Authorised Sub-Processors.


10.2   TDL shall:


10.2.1   prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing materially the same obligations as clauses 7 to 18 (inclusive), that is enforceable by TDL;


10.2.2   ensure each such Sub-Processor complies with all such obligations; and


10.2.3   remain fully liable for all the acts and omissions of each Sub-Processor as if they were its own.


10.3   TDL shall ensure that all persons authorised by it (or by any Sub-Processor) to process Protected Data are subject to a binding obligation to keep the Protected Data confidential (except where disclosure is required in accordance with Applicable Law, in which case TDL shall, where practicable and not prohibited by Applicable Law, notify the Client of any such requirement before such disclosure).



11.1   Taking into account the nature of the processing TDL shall, at its cost and expense implement and maintain reasonable measures to assist the Client to respond to the Data Subject Requests relating to the Protected Data.


11.2   TDL shall refer all Data Subject Requests it receives to the Client promptly, and in any event within five Business Days of receipt of the request.


11.3    TDL shall provide such reasonable assistance as the Client reasonably requires (taking into account the nature of processing and the information available to TDL) to the Client in ensuring compliance with the Client’s obligations under Data Protection Laws with respect to:


11.3.1   security of processing;


11.3.2   data protection impact assessments (as such term is defined in Data Protection Laws);


11.3.3   prior consultation with a Supervisory Authority regarding high risk processing; and


11.3.4   notifications to the Supervisory Authority and/or communications to Data Subjects by the Client in response to any Personal Data Breach, provided the Client shall pay TDL’s charges for providing the assistance in this clause 11.3, such charges to be calculated on a time and materials basis at TDL’s applicable daily or hourly rates in force from time to time.



12.1   The Client agrees that TDL may transfer Protected Data to countries outside the European Economic Area (EEA) for the purpose of providing the Services, provided all transfers by TDL of Protected Data to such recipients are in accordance with such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time. The provisions of clauses 7 to 18 (inclusive) shall constitute the Client’s instructions with respect to transfers in accordance with clause 8.1.



13.1   TDL shall maintain, in accordance with Data Protection Laws binding on TDL, written records of all categories of processing activities carried out on behalf of the Client.


13.2   TDL shall, in accordance with Data Protection Laws, make available to the Client such information as is reasonably necessary to demonstrate TDL’s compliance with its obligations under clauses 7 to 15 (inclusive) and with the obligations of each party under Article 28 of the GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Client (or another auditor mandated by the Client) for this purpose, subject to the Client:


13.2.1   giving TDL reasonable prior notice of such information request, audit and/or inspection being required by the Client;


13.2.2   ensuring that all information obtained or generated by the Client or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the Supervisory Authority or as otherwise required by Applicable Law);


13.2.3   ensuring that such audit or inspection is undertaken during normal business hours, with minimal disruption to TDL’s business, the Sub-Processors’ business and the business of other customers of TDL; and


13.2.4   paying TDL’s reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits.



14.1   In respect of any Personal Data Breach involving Protected Data that TDL processes on behalf of the Client, TDL shall, without undue delay:


14.1.1   notify the Client of the Personal Data Breach; and


14.1.2   provide the Client with details of the Personal Data Breach.


15.1   Subject to clause 16, TDL shall, at the Client’s written request, either delete or return all the Protected Data to the Client in such form as the Client reasonably requests within a reasonable time after the end of the provision of the relevant Services related to processing; and delete existing copies (unless storage of any data is required by Applicable Law and, if so, TDL shall inform the Client of any such requirement).


16.1   TDL may retain and submit to Public Health England or another Health Authority in the United Kingdom such extracts from the Protected Data as are required for the purposes of a Public Health Programme operated by that Health Authority (Public Health Data).


16.2   TDL may retain such copies of the Protected Data and such records of processing in connection with the Services (the Processing Records) as TDL requires to maintain its accreditation with UKAS and as required by the Royal College of Pathologists (in accordance with its retention and storage of pathological records and specimens guidelines).


16.3   The parties acknowledge and agree that TDL processes the Processing Records and the Public Health Data on its own behalf and shall be responsible for the Processing Records and the Public Health Data as a Data Controller. TDL shall ensure that its processing of the Processing Records and the Public Health Data is in accordance with the Data Protection Laws subject to the terms of this Agreement.


17.1   TDL shall indemnify and keep indemnified the Client in respect of all Data Protection Losses suffered or incurred by, or awarded against the Client arising from or in connection with any:


17.1.1   non-compliance by TDL with the Data Protection Laws (in so far as these impose obligations on Data Processors);


17.1.2   any processing of Protected Data carried out by TDL outside the Processing Instructions; or


17.1.3   breach by TDL of any of its obligations under clauses 7 to 18 (inclusive),


              except to the extent set out in clause 17.3 or 8.1.3(b).


17.2   The Client shall indemnify and keep indemnified TDL in respect of all Data Protection Losses suffered or incurred by, or awarded against, TDL and any Sub-Processor arising from or in connection with any:


17.2.1   non-compliance by the Client with the Data Protection Laws;


17.2.2   processing carried out by TDL or any Sub-Processor pursuant to any Processing Instruction that infringes any Data Protection Law; or


17.2.3   breach by the Client of any of its obligations under clauses 7 to 18 (inclusive),


              except to the extent set out in clause 17.3.


17.3   A party shall not be liable for Data Protection Losses (howsoever arising, whether in contract (including any indemnity), tort (including negligence) or otherwise) to the extent that such Data Protection Losses (or the circumstances giving rise to them) are contributed to or caused by any breach of clauses 7 to 18 (inclusive) by the other party.


17.4   If a party receives a compensation claim from a person relating to processing of Protected Data, it shall promptly provide the other party with notice and full details of such claim. The party with conduct of the action shall:


17.4.1   make no admission of liability nor agree to any settlement or compromise of the relevant claim without the prior written consent of the other party (which shall not be unreasonably withheld or delayed); and


17.4.2   consult fully with the other party in relation to any such action, but the terms of any settlement or compromise of the claim will be exclusively the decision of the party that is responsible for paying the compensation.


17.5   The parties agree that the Client shall not be entitled to claim back from TDL any part of any compensation paid by the Client in respect of such damage to the extent that the Client is liable to indemnify TDL in accordance with clause 17.2.


17.6   This clause 17 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contrary, except:


17.6.1   to the extent not permitted by Applicable Law (including Data Protection Laws); and


17.6.2   that it does not affect the liability of either party to any Data Subject.




18.1   This clause and clauses 7 to 17 (inclusive) shall survive termination (for any reason) or expiry of the Services and continue:


18.1.1   indefinitely in the case of clauses 16 and 17; and

18.1.2   until 2 months following the earlier of the termination or expiry of the Services in the case clauses 7 to 16 (inclusive),
provided always that any termination or expiry of clauses 7 to 16 (inclusive) shall be without prejudice to any accrued rights or remedies of either party under any such clauses at the time of such termination or expiry.




19.1   Dispute resolution

19.1.1   If any dispute arises relating to this Agreement or any breach or alleged breach of this Agreement, the parties shall make a good faith effort to resolve such dispute without recourse to legal proceedings. If, notwithstanding such good faith efforts, the dispute is not resolved either party may submit the dispute to the jurisdiction of the English Court.

19.1.2   Except to the extent clearly prevented by the area of dispute, the parties will continue to perform their respective obligations under this Agreement while such dispute is being resolved.

19.2   Variation
Any amendments to this Agreement shall not be effective unless in writing and signed by an authorised signatory on behalf of each of the parties. The terms of this Agreement may be varied by agreement of the parties but without the consent of any third party whether or not the rights of such third party are affected by such variation. The Client shall not unreasonably withhold, delay or condition its agreement to any variation to this Agreement requested by TDL in order to ensure the Services and TDL (and each Sub-Processor) can comply with any change in Applicable Laws.

19.3   Rights and waiver
All rights granted to either of the parties shall be cumulative and not exhaustive of any rights and remedies provided by law. The failure of either party to enforce (or delay in enforcing) at any time for any period any one or more of the terms of this Agreement shall not be a waiver of such term or of the right of such party at any time subsequently to enforce all the terms of this Agreement.

19.4   Severability
If any provision of this Agreement is or becomes invalid, illegal or unenforceable in any respect under any law, the validity, legality and enforceability of the remaining provisions will not be in any way affected.

19.5   Assignment
TDL may assign or sub-contract the performance of this Agreement (in whole or in part) or any one or more of the Tests to be performed hereunder to suitably accredited laboratories including those listed in the Laboratory Guide. The Client may not assign this Agreement or any of its rights or obligations hereunder without the prior approval of TDL.


19.6   Relationship of the parties
It is acknowledged and agreed that TDL and the Client are independent contractors and nothing in this Agreement shall create or be construed as creating a partnership or a relationship of agent and principal between the parties. The Client acknowledges and agrees that, in requesting Services from TDL, it is not acting as agent for any patient or patients to which the Services relate.

19.7   Notices
All notices given under this Agreement shall be in writing and shall be delivered by hand or sent by prepaid first class post or by prepaid first class recorded delivery or by facsimile transmission, provided that a hard copy of any notice transmitted by facsimile is posted within 24 hours of such transmission. All notices shall be delivered at or sent, in the case of TDL, to The Halo Building, 1 Mabledon Place, London WC1H 9AX, fax number 020 7307 7374 and, in the case of the Client to the address and/or fax number specified in the Pathology Request Form submitted by the Client (or such other address as that party shall notify in writing to the other for this purpose). A notice sent by post shall be deemed to be served at 9.00 am on the second business day following the date of posting; a notice sent by facsimile transmission shall (subject to posting of a hard copy as provided above) be deemed to have been served at the time it is transmitted if transmitted within business hours (9.00 am to 6.00 pm) on a business day or, if transmitted outside such business hours on a business day or on a day which is not a business day as soon thereafter as such business hours commence.

19.8   Entire agreement
These Terms and Conditions and the documents referred to in them contain the entire Agreement in respect of its subject matter. Each party acknowledges that it has not entered into the Agreement in reliance on, and shall have no remedies in respect of, any representation or warranty that is not expressly set out in these Terms and Conditions except in the case of fraudulent misrepresentation.

19.9   Governing law
This Agreement and any dispute arising out of or in connection with it (including non-contractual disputes and claims) shall be governed by and construed in accordance with English law and each of the parties submits to the exclusive jurisdiction of the English Courts.




20.1 In these Terms and Conditions and the Annex:-

‘this Agreement’ means the contract between TDL and the Client for the supply of the Services, incorporating these Terms and Conditions.

‘Annex’ means the annex to the Terms and Conditions,

‘Applicable Law’ means as applicable and binding on the Client, TDL and/or the Services:

a) any law, statute, regulation, byelaw or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of;

b) the common law and laws of equity as applicable to the parties from time to time;

c) any binding court order, judgment or decree; or

d) any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business;

‘Authorised Sub-Processors’ means:

a) Health Service Laboratories LLP and any other member of the TDL Group which provides the applicable Test or Service;

b) accredited specialist centres for onward referral of esoteric assays as identified in the TDL Laboratory Guide;

c) persons who provide information technology services that TDL uses in the course of providing the Services; and

d) any Sub-Processor referred to in the Annex.

‘Client’ means the person or organisation requesting Services from TDL and for whom TDL has agreed to provide the Services.

‘Data Controller’ and ‘Data Processor’ have the meanings given to those terms (or to the terms ‘controller’ and ‘processor’ respectively) in Data Protection Laws;

‘Data Protection Laws’ means the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and/or any corresponding or equivalent national laws or regulations, the Data Protection Act 2018, and any Applicable Laws replacing, amending, extending, re-enacting or consolidating that legislation from time to time and any subordinate legislation made under that legislation.

‘Data Protection Losses’ means costs (including legal costs), claims, demands, actions, settlements, interest, charges, procedures, expenses, losses and damages, including (to the extent permitted by Applicable Law) administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Supervisory Authority, compensation which is ordered by a Supervisory Authority to be paid to a Data Subject, and the reasonable costs of compliance with investigations by a Supervisory Authority.

‘Data Subject’ and ‘Personal Data’ have the meaning given to those terms in Data Protection Laws;

‘Data Subject Request’ means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;

‘Group’ in respect of any undertaking, means such undertaking and its group undertakings (‘undertaking’ and ‘group undertaking’ having the meanings given in the Companies Act 2006).

‘Health Authority’ means (i) a department of the UK government or of a devolved administration, (ii) an executive agency of such department, or (iii) a body exercising statutory functions in relation to public health in the UK or any part of the UK;

‘Laboratory Guide’ means TDL’s Laboratory Guide current at the time the applicable Services are requested, as supplied to the Client or, if not so supplied, available on request from TDL.

‘Pathology Request Form’ means the standard form provided by TDL to the Client for the Client to use to request Tests, as updated by TDL from time to time.

‘Personal Data’ has the meaning given to that term in Data Protection Laws;

‘Personal Data Breach’ means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

‘Processing’ has the meanings given to that term in Data Protection Laws (and related terms such as process have corresponding meanings);

‘Processing Instructions’ has the meaning given to that term in paragraph 8.1.1;

‘Protected Data’ means Personal Data received by TDL from or on behalf of the Client in connection with the performance of the Services;

‘Public Health Programme’ means a programme administered by a Health Authority to monitor or analyse health data for the purpose of public health or for statistical, scientific or research purposes in the public interest.

‘Sample’ means a sample provided by the Client to TDL for investigation.

‘Services’ means the conduct of the Tests specified in the Pathology Request Form submitted by the Client and accepted by TDL, and/or such other services as TDL has agreed to supply to the Client.

‘Sub-Processor’ means another Data Processor engaged by TDL for carrying out processing activities in respect of the Protected Data on behalf of the Client;

‘Supervisory Authority’ means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws.

‘TDL’ means The Doctors Laboratory Limited or such other member of the TDL Group as has agreed to provide the Services.

‘TDL Group’ means The Doctors Laboratory Limited and its Group and Health Service Laboratories LLP and its Group.

‘Test’ means a laboratory test agreed to be carried out by TDL on a Sample supplied by the Client.

‘Technical and Organisational Measures’ means, taking into account the state of the art, the cost of implementation and the nature, scope, context and purpose of the processing the Protected Data as well as the risk of varying likelihood and severity of the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure for the Protected Data a level of security appropriate to the risk, including any special measures set out in the Annex.

‘UKAS’ means the United Kingdom Accreditation Service, or any successor to it.

20.2 References to the singular include the plural and vice versa.

20.3 Clause headings and paragraph headings are for ease of reference only and are not part of these Terms and Conditions for the purpose of construction.

20.4 References to paragraphs are to paragraphs of the Annex.

20.5 The word ‘including’ shall be read as ‘including but not limited to’.




1   Subject matter and nature of processing


1.1         The subject matter and nature of TDL’s processing of the Protected Data are:


1.1.1     pathology samples and test results for the purpose of providing clinical pathology services;


1.1.2     information about clinicians who order pathology tests, for the purposes of reporting the test results to the Client;


1.1.3     information about a patient’s health insurance for the purposes of administering payment for the Services; and


1.1.4     billing information for a patient where the Client has asked TDL to direct TDL’s invoice to the patient.


2   Duration of processing


2.1   The duration of the processing is the time necessary to carry out the Services.


3   Types of personal data


3.1   The Protected Data comprise the following types of personal data:


3.1.1   Name


3.1.2   Gender


3.1.3   Age


3.1.4   Address


3.1.5   Types of pathology tests conducted


3.1.6   Results of pathology tests


3.1.7   Health insurance policy details


3.1.8   Billing information


3.1.9   The types of data referred to in the TDL Laboratory Guide


4   Categories of data subjects


4.1         The Protected Data concerns patients in respect of whom TDL conducts pathology tests, and clinicians who request pathology tests.


5   Reporting pathology test results


5.1         TDL shall report Test results using the method selected by the Client from the range of options offered by TDL or, if no method is selected by the Client, using a method that complies with TDL’s obligations under clause 9 and is notified by TDL to the Client from time to time.


6   Fee to patient


6.1         Where the Client selects the ‘fee to patient’ option in a Pathology Request Form, the Client instructs TDL to seek payment from the patient of the fees owed by the Client in respect of that test. The Client confirms that the patient has agreed with the Client to pay those fees to TDL for the Client. The Client instructs TDL to recover the fees by invoicing the patient using the personal data provided by the Client. The Client instructs TDL on the Client’s behalf to appoint debt collectors to recover the fees from the patient if the patient does not pay the invoice by the date payment falls due. The Client authorises TDL to appoint those debt collectors as Sub-Processors in accordance with clauses 7 to 18 (inclusive).