Terms of Use

1. Preamble and Acceptance of Terms

These Terms and Conditions of Use ("Terms") govern access to and use of the EasyRefert software platform, made available in SaaS (Software as a Service) mode by ITLand S.r.l., with registered office at Via Pietro Castellino, 179 - 80131 Napoli (NA), VAT Number IT09130391213 (hereinafter "Provider" or "Controller").

Access to and use of the platform are subject to full acceptance of these Terms. By using the EasyRefert service, the user declares that they:

• Have read, understood and fully accepted these Terms and Conditions of Use
• Have reviewed the Privacy Policy and the Cookie Policy
• Are of legal age and have full legal capacity to enter into binding contracts
• Act in compliance with applicable regulations, in particular Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003 regarding the processing of health data

If you do not accept these terms, you must not access or use the service.

2. Definitions

For the purposes of these Terms, the following definitions apply:

• "Platform" or "Service": the EasyRefert software platform, including all its functionalities, accessible via web
• "User": any natural or legal person who accesses and uses the EasyRefert platform
• "Customer" or "Healthcare Facility": the entity, company or professional who enters into a subscription contract with the Provider
• "Account": the personal area reserved for the User, protected by access credentials
• "Health Data": personal data relating to the physical or mental health of a natural person, pursuant to Article 4, paragraph 15 of the GDPR
• "Reports": medical documents containing diagnoses, interpretations of diagnostic examinations and clinical conclusions
• "DICOM Images": diagnostic images in Digital Imaging and Communications in Medicine format
• "Data Controller": the Healthcare Facility that determines the purposes and means of processing patients' health data
• "Data Processor": ITLand S.r.l., which processes health data on behalf of the Controller pursuant to Article 28 GDPR

3. Service Description

EasyRefert is a cloud SaaS (Software as a Service) platform specifically designed for digital management of medical reports, diagnostic images and healthcare documentation by healthcare facilities, medical professionals, diagnostic centers and analysis laboratories.

3.1 Main Features

The service includes the following features:

• Medical Report Management: creation, modification, archiving and consultation of medical reports in digital format with electronic signature
• DICOM Viewer: viewing and manipulation of diagnostic images in DICOM format (CT, MRI, X-rays, ultrasounds) with annotation and measurement tools
• Patient Management: patient registry, clinical history, appointment and booking management
• PDF Generation: automatic export of reports in PDF format with customizable templates
• Messaging System: encrypted internal communications between healthcare operators
• Secure Archiving: encrypted storage compliant with security standards for health data
• Automatic Backups: redundant daily backups to ensure service continuity
• User and Permission Management: granular access control based on roles (RBAC)
• Audit Logs: complete traceability of all access and operations on health data
• Ecomed Integration: data import from legacy Ecomed systems

3.2 Nature of the Service

EasyRefert is a technological support tool for medical and diagnostic activities. The service does not in any way replace the clinical judgment of the healthcare professional nor their professional responsibilities.

The Provider exclusively provides the technological infrastructure and software tools. The responsibility for the accuracy, completeness and correctness of medical content entered into the platform (reports, diagnoses, clinical interpretations) lies exclusively with the medical User who drafts them.

4. Registration, Account and Access Credentials

4.1 Registration Requirements

To access and use the EasyRefert platform, it is necessary to:

• Be of legal age (minimum age 18 years) and have full legal capacity to act
• Provide accurate, complete and truthful information during registration
• Possess the necessary professional qualifications to process health data (enrollment in professional orders, healthcare authorizations, etc.) if applicable
• Fully accept these Terms, the Privacy Policy and the Cookie Policy

4.2 Credential Security

The user is required to:

• Keep confidential their access credentials (username, password, any two-factor authentication tokens)
• Not share credentials with third parties, colleagues or other healthcare operators
• Use complex passwords compliant with the platform's security requirements
• Enable two-factor authentication (2FA) when available and recommended
• Immediately notify the Provider in case of suspected unauthorized use of the account or security breach

4.3 Account Responsibility

The user is solely responsible for all activities, operations and content generated through their account. Any access made with the user's credentials is presumed to be made by the user themselves, unless proven otherwise with documented evidence of a security breach promptly reported.

The Provider cannot be held responsible for losses, damages or unauthorized access resulting from the user's failure to protect credentials.

4.4 Account Suspension and Closure

The Provider reserves the right to suspend or close the user's account in case of:

• Violation of these Terms
• Providing false or fraudulent information during registration
• Non-payment of amounts due
• Use of the service for unlawful or unauthorized purposes
• Compromise of platform security

5. User Obligations and Responsibilities

5.1 Lawful Use of the Service

The user undertakes to use the platform exclusively for lawful purposes and in compliance with applicable regulations, in particular:

• Healthcare regulations: compliance with national and regional healthcare laws
• Professional ethics: compliance with the ethical codes of professional orders of affiliation
• GDPR and privacy: processing of health data in compliance with Regulation (EU) 2016/679
• Intellectual property: respect for third-party intellectual property rights
• IT security: compliance with platform security policies

5.2 Specific Prohibitions

The following are expressly prohibited:

• Attempting to access data, accounts or features for which one does not have authorization
• Compromising, damaging or interfering with the normal operation of the platform
• Performing reverse engineering, decompilation or disassembly of the software
• Using bots, scrapers, crawlers or unauthorized automated systems
• Uploading unlawful, defamatory, obscene content or content infringing third-party rights
• Transmitting viruses, malware or malicious code
• Overloading the infrastructure with excessive requests (DOS/DDOS)
• Using the service for fraudulent or deceptive activities
• Reselling, sublicensing or transferring access to the service to unauthorized third parties

5.3 Data Accuracy and Medical Responsibility

The user is exclusively responsible for the accuracy, completeness and correctness of data and medical content entered into the platform, including but not limited to:

• Medical reports, diagnoses and clinical interpretations
• Patient medical history and clinical records
• Prescriptions and therapeutic indications
• Annotations on DICOM images

The Provider does not exercise any editorial control over content generated by users and cannot be held responsible for errors, omissions or inaccuracies in medical content.

5.4 Update of Contact Information

The user undertakes to keep their contact information (email, telephone, address) updated to ensure proper receipt of important communications related to the service, including security communications, contractual changes and payment deadlines.

6. Data Protection and GDPR Compliance

6.1 Roles and Responsibilities in Data Processing

Regarding the processing of patients' health data managed through the EasyRefert platform:

6.2 Data Processing Agreement (DPA)

The relationship between the Data Controller (Healthcare Facility) and the Data Processor (Provider) is governed by a Data Processing Agreement (DPA) compliant with Article 28 GDPR, which regulates:

• Subject matter and duration of processing
• Nature and purpose of processing
• Types of personal data and categories of data subjects
• Obligations and rights of the Controller
• Security measures implemented by the Processor
• Authorized sub-processors
• Procedures for managing data breaches
• Assistance to the Controller in exercising data subjects' rights

6.3 Obligations of the Controller (Healthcare Facility)

The Healthcare Facility using the service, as Data Controller, is required to:

• Obtain explicit consent from patients (Article 9, paragraph 2, letter a GDPR) or identify another lawful legal basis for processing health data
• Provide patients with adequate privacy information compliant with Articles 13-14 GDPR
• Ensure the exercise of data subjects' rights (access, rectification, erasure, portability, etc.)
• Conduct a Data Protection Impact Assessment (DPIA) pursuant to Article 35 GDPR (mandatory for large-scale health data processing)
• Maintain the Record of Processing Activities pursuant to Article 30 GDPR
• Appoint a Data Protection Officer (DPO) if required by Article 37 GDPR
• Notify the Privacy Authority of any data breaches within 72 hours of discovery (Article 33 GDPR)

6.4 Security Measures Implemented by the Processor

ITLand S.r.l., as Data Processor, ensures the implementation of the following technical and organizational security measures:

• End-to-end encryption: AES-256 encryption of data at rest and TLS 1.3 for data in transit
• Access control: multi-factor authentication (MFA), role-based permission management (RBAC)
• Audit logs: complete traceability of all access and operations on health data
• Encrypted backups: automatic daily backups with redundant storage in geographically separated data centers
• Vulnerability management: periodic vulnerability scans and timely patch management
• Staff training: mandatory training on privacy and IT security matters
• Incident response procedures: data breach management plan

6.5 Privacy Policy and Provider's Data Processing

For detailed information on the processing of personal data carried out by ITLand S.r.l. (navigation data, user account, contractual data), please refer to the complete Privacy Policy.

7. Intellectual Property and License to Use

7.1 Provider's Intellectual Property Rights

All intellectual property rights relating to the EasyRefert platform, including but not limited to:

• Software source code and application architecture
• Graphical interface, design, layout and user experience
• Trademarks, logos, trade name "EasyRefert" and related designations
• Technical documentation, user manuals and training materials
• Proprietary algorithms, processes and methodologies

are the exclusive property of ITLand S.r.l. or its licensors, and are protected by Italian and international laws on copyright, patents, trademarks and intellectual property.

7.2 License Granted to the User

ITLand S.r.l. grants the user a limited, non-exclusive, non-transferable and revocable license to access and use the EasyRefert platform exclusively for the purposes provided by these Terms and in compliance with the limitations established by the subscription plan.

The license does not authorize the user to:

• Copy, reproduce or duplicate the software or parts thereof
• Modify, adapt, translate or create derivative works from the software
• Distribute, sell, sublicense, rent or transfer the software to third parties
• Perform reverse engineering, decompilation or disassembly of the source code
• Remove, obscure or alter copyright notices, trademarks or other proprietary indications
• Use the "EasyRefert" trademark or other Provider trademarks without express written authorization
• Create competing software or services based on EasyRefert

7.3 Ownership of User-Generated Content

Content generated and entered by the user into the platform (medical reports, clinical notes, uploaded images, annotations, etc.) remains the exclusive property of the user or the Healthcare Facility.

The user grants ITLand S.r.l. a limited license to host, archive, process and display such content exclusively for the operation of the service and to fulfill contractual obligations. ITLand S.r.l. claims no ownership rights to medical content generated by users.

7.4 Feedback and Suggestions

Any feedback, suggestions, ideas or improvement proposals communicated by the user to the Provider may be freely used by ITLand S.r.l. to improve the service, without any obligation of compensation or recognition to the user.

8. Subscription Plans, Prices and Payments

8.1 Subscription Plans

EasyRefert is offered according to different subscription plans (monthly, annual or customized) with variable features and limits. Plan details, included features and prices are available on the official website or upon request at support@itland.it.

8.2 Payment Methods

Payments must be made according to the deadlines and methods indicated in the chosen subscription plan. Accepted payment methods include:

• Credit/debit card
• SEPA bank transfer
• Direct debit (for recurring subscriptions)

All prices are exclusive of VAT, which will be applied according to current rates.

8.3 Automatic Renewal

Recurring fee subscriptions (monthly or annual) are automatically renewed at expiry, unless notice of termination is communicated with at least 30 days' notice before the expiry date.

The Provider will send an email reminder before automatic renewal.

8.4 Non-Payment and Service Suspension

In case of non-payment of amounts due within established deadlines:

• The Provider will send a payment reminder via email and PEC
• After 15 days from the reminder without regularization, the service may be suspended
• During suspension, access to the platform will be disabled but data will be retained for an additional 90 days
• After 90 days from suspension without regularization, the contract will be terminated and data may be permanently deleted

8.5 Price Changes

ITLand S.r.l. reserves the right to modify price lists with at least 60 days' notice via email communication. Price changes will apply to the first renewal following the communication.

The user has the right to withdraw from the contract within 30 days of the price increase communication, without penalties.

8.6 Refunds

Payments made for subscriptions are non-refundable, except as provided by law or in case of serious breach by the Provider of their contractual obligations.

In case of early termination of the contract by the user, no proportional refund is provided for the unused period.

9. Service Availability and Service Level Agreement (SLA)

9.1 Uptime and Availability

ITLand S.r.l. is committed to ensuring maximum availability of the platform, with an uptime target of 99.5% on a monthly basis (calculated excluding scheduled maintenance windows).

However, 100% uptime is not guaranteed. The service may be temporarily unavailable due to:

• Scheduled maintenance: communicated with at least 48 hours' notice, preferably during nighttime hours or weekends
• Emergency maintenance: to resolve critical security or operational issues
• Force majeure events: power outages, natural disasters, cyber attacks, infrastructure failures of third-party providers
• Connectivity issues: network malfunctions not attributable to the Provider

9.2 Monitoring and Notifications

The Provider continuously monitors the platform status and is committed to promptly notifying users in case of significant service interruptions via email and, if available, public status page.

9.3 Backup and Disaster Recovery

ITLand S.r.l. performs automatic daily backups of all data stored on the platform, with redundant storage in geographically separated data centers.

In case of serious incident, a Disaster Recovery plan is in place to restore service as quickly as possible (Recovery Time Objective - RTO: 24 hours; Recovery Point Objective - RPO: 24 hours).

9.4 Limitations and Disclaimers

The Provider does not guarantee that the service will always be available, error-free, bug-free or interruption-free. The user accepts that use of the service is at their own risk.

10. Limitation of Liability and Disclaimers

10.1 "As Is" Provision

The EasyRefert platform is provided "as is" and "as available", without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose or non-infringement of third-party rights.

10.2 Exclusion of Medical Liability

EasyRefert is a technological tool supporting medical and diagnostic activities. It does not in any way replace clinical judgment, professional competence or the physician's responsibility.

ITLand S.r.l. is not responsible for:

• Diagnostic or therapeutic errors made by medical users
• Inaccuracies, omissions or errors in reports drafted through the platform
• Clinical decisions based on incorrect information entered by users
• Damages to patients resulting from improper or negligent use of the platform by users
• Violations of healthcare or ethical regulations by users

Professional responsibility for diagnoses, prescriptions and medical treatments remains exclusively with the healthcare professional who performs them.

10.3 Limitation of Compensable Damages

In any case, the overall liability of ITLand S.r.l. to the user, on any grounds (contractual, extra-contractual, for fault or negligence), is limited to the amount actually paid by the user in the last 12 months preceding the event that caused the damage.

10.4 Exclusion of Indirect Damages

ITLand S.r.l. shall in no case be liable for:

• Indirect, incidental, consequential or punitive damages
• Loss of profits, revenues, data, business opportunities or reputation
• Interruption of professional activity
• Costs of procuring substitute services

even if ITLand S.r.l. was advised of the possibility of such damages.

10.5 Liability for Third-Party Content

The platform may contain links or integrations with third-party services (e.g., Google Analytics, payment services). ITLand S.r.l. is not responsible for the content, policies or practices of such third-party services.

10.6 Duty to Mitigate Damages

The user is required to mitigate damages resulting from service malfunctions, for example by making local backups of critical data and preparing alternative procedures to ensure operational continuity.

11. Duration, Termination and Contract Cessation

11.1 Contract Duration

The contract has a duration corresponding to the chosen subscription plan (monthly, annual or other agreed periodicity) and is automatically renewed at expiry, unless notice of termination is given.

11.2 User Withdrawal

The user may withdraw from the contract at any time, with effect from the expiry date of the current subscription, by communicating notice with at least 30 days' notice through:

• Email to support@itland.it
• PEC to info@pec.itland.it
• Registered mail with return receipt to Via Pietro Castellino, 179 - 80131 Napoli (NA)

No refund of the subscription fee for the unused period is provided.

11.3 Termination for User's Breach

ITLand S.r.l. may terminate the contract with immediate effect, upon written notice, in case of:

• Non-payment of subscription fees for more than 30 days from the due date
• Serious or repeated violation of these Terms
• Fraudulent, illegal or abusive use of the platform
• Compromise of platform security or other users' data
• Insolvency, bankruptcy or other insolvency proceedings against the user

11.4 Termination for Provider's Breach

The user may terminate the contract for serious breach by the Provider, for example in case of:

• Service interruption exceeding 30 consecutive days (except for force majeure)
• Serious violation of security measures with loss or compromise of data
• Failure to comply with Data Processor obligations pursuant to GDPR

Termination must be communicated in writing with granting of a 30-day period for resolving the problem, except for non-remediable breaches.

11.5 Data Export upon Cessation

In case of contract termination for any reason:

• The user has the right to export all their data (reports, DICOM images, patient registry, etc.) in standard and interoperable formats
• The export period is 30 days from the termination date
• After this period, ITLand S.r.l. will proceed with permanent and irreversible deletion of all user data, except for retention obligations provided by law
• Deletion will be carried out securely, making data unrecoverable

11.6 Survival of Clauses

Clauses relating to intellectual property, limitation of liability, confidentiality, applicable law and jurisdiction survive contract termination.

12. Changes to Terms and Conditions of Use

ITLand S.r.l. reserves the right to modify, update or supplement these Terms at any time to adapt them to:

• Regulatory or legislative changes
• Evolution of service functionalities
• Operational or security needs
• User experience improvements

12.1 Communication of Changes

Changes to the Terms will be communicated to users with at least 30 days' notice through:

• Email to the address registered in the account
• Notification within the platform
• Publication of the updated version on the website with indication of the effective date

12.2 Acceptance of Changes

Continued use of the platform after the changes take effect constitutes acceptance of the new Terms.

If the user does not accept the changes, they may withdraw from the contract within 30 days of the communication, with immediate effect and without penalties, exporting their data before termination.

13. Applicable Law and Jurisdiction

13.1 Applicable Law

These Terms and Conditions of Use and the contractual relationship between ITLand S.r.l. and the user are governed by Italian law, excluding the Vienna Convention on the International Sale of Goods.

13.2 Jurisdiction

For any dispute arising from these Terms or relating to the EasyRefert service, the Court of Naples shall have exclusive jurisdiction.

The mandatory jurisdiction of the consumer's court pursuant to Article 66-bis of Legislative Decree 206/2005 (Consumer Code) remains unaffected, where the user acts as a consumer.

13.3 Alternative Dispute Resolution (ADR)

Before resorting to judicial authority, the parties undertake to attempt an amicable resolution of the dispute through direct negotiation. In case of failure to reach an agreement within 30 days, the parties may resort to mediation or arbitration procedures, where applicable.

13.4 ODR Platform for Consumers

Users acting as consumers may access the European online dispute resolution platform (ODR) available at: https://ec.europa.eu/consumers/odr

14. Miscellaneous Provisions

14.1 Partial Invalidity

Should one or more clauses of these Terms be declared null or invalid by a competent authority, the remaining clauses shall remain fully effective and binding. The null clauses shall be replaced with valid clauses that reflect as closely as possible the original intention of the parties.

14.2 Waiver

Failure or delayed enforcement by ITLand S.r.l. of a right or clause of these Terms does not constitute a waiver of such right or clause, nor does it preclude future exercise thereof.

14.3 Entire Agreement

These Terms, together with the Privacy Policy, Cookie Policy and any technical attachments, constitute the entire agreement between the user and ITLand S.r.l. relating to the use of the EasyRefert platform, and supersede any prior agreement, understanding or communication, written or oral.

14.4 Assignment of Contract

The user may not assign, transfer or sublicense these Terms or the rights arising from the contract without the prior written consent of ITLand S.r.l..

ITLand S.r.l. may assign the contract in case of business reorganization, merger, acquisition or sale of a business unit, upon notification to the user.

14.5 Notices and Communications

All official communications between the parties must be sent in writing through:

• Email to registered addresses
• PEC (for legally valid communications)
• Registered mail with return receipt

Communications are deemed received:

• Ordinary email: at the time of delivery to the recipient's mailbox (proof of sending)
• PEC: at the time of generation of the delivery receipt
• Registered mail: on the date of signature of the return receipt

14.6 Force Majeure

Neither party shall be held liable for breaches or delays resulting from force majeure events beyond their reasonable control, including but not limited to:

• Natural disasters (earthquakes, floods, fires, etc.)
• Wars, terrorist acts, riots, civil unrest
• National-scale power or telecommunications interruptions
• Cyber attacks of particular severity (cyberwar, massive DDOS)
• Acts of public authorities (lockdowns, requisitions, etc.)
• Pandemics and health emergencies

In case of force majeure, the affected party must promptly notify the other party and endeavor to restore service as quickly as possible.

14.7 Languages

These Terms are drafted in Italian. In case of translation into other languages, the Italian version shall prevail in case of interpretive discrepancies.

15. Contact and Information

For any questions, requests for clarification or assistance relating to these Terms and Conditions of Use, you can contact:

By using the EasyRefert platform, you declare that you have read, understood and accepted these Terms and Conditions of Use.
We invite you to keep a copy of this document for future reference.